revert approving own csr (#149)

internal/actions/csr/csr.go

@@ -317,8 +317,8 @@ func WatchCastAINodeCSRs(ctx context.Context, log logrus.FieldLogger, client kub
 			if csrResult == nil {
 				continue
 			}
-			// We are only interested in kubelet-bootstrap csr and our own service account csr.
-			if csrResult.RequestingUser != "kubelet-bootstrap" && csrResult.RequestingUser != "system:serviceaccount:castai-agent:castai-cluster-controller" {
+			// We are only interested in kubelet-bootstrap csr. SKIP own CSR due to the infinite loop of deleting->creating new->deleting.
+			if csrResult.RequestingUser != "kubelet-bootstrap" {
 				log.WithFields(logrus.Fields{
 					"csr":       name,
 					"node_name": csrResult.RequestingUser,

internal/actions/csr/svc_test.go

@@ -72,38 +72,6 @@ func TestCSRApprove(t *testing.T) {
 		r.Equal(csrResult.Status.Conditions[0].Type, certv1.CertificateApproved)
 	})
 
-	t.Run("approve v1 csr successfully which were created by controller", func(t *testing.T) {
-		r := require.New(t)
-		t.Parallel()
-
-		csrName := "node-csr-123"
-		userName := "system:serviceaccount:castai-agent:castai-cluster-controller"
-		client := fake.NewSimpleClientset(getCSR(csrName, userName))
-		s := NewApprovalManager(log, client)
-		watcher := watch.NewFake()
-		client.PrependWatchReactor("certificatesigningrequests", ktest.DefaultWatchReactor(watcher, nil))
-
-		ctx := context.Background()
-		var wg sync.WaitGroup
-		wg.Add(2)
-		go func() {
-			defer wg.Done()
-			s.Start(ctx)
-		}()
-		go func() {
-			defer wg.Done()
-			watcher.Add(getCSR(csrName, userName))
-			time.Sleep(100 * time.Millisecond)
-			s.Stop()
-		}()
-
-		wg.Wait()
-
-		csrResult, err := client.CertificatesV1().CertificateSigningRequests().Get(ctx, csrName, metav1.GetOptions{})
-		r.NoError(err)
-		r.Equal(csrResult.Status.Conditions[0].Type, certv1.CertificateApproved)
-	})
-
 	t.Run("not node csr do nothing", func(t *testing.T) {
 		r := require.New(t)
 		t.Parallel()