From 2ec8aea7e79d7d784b14376f448fa69b7927f87a Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 22:55:19 -0700 Subject: [PATCH 01/13] Fix validation in agent chart --- charts/fleet-agent/templates/validate.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/fleet-agent/templates/validate.yaml b/charts/fleet-agent/templates/validate.yaml index 3fd26e1078..d53ff1c508 100644 --- a/charts/fleet-agent/templates/validate.yaml +++ b/charts/fleet-agent/templates/validate.yaml @@ -1,11 +1,11 @@ {{if ne .Release.Namespace .Values.internal.systemNamespace }} -{{ fail "This chart must be installed in the namespace fleet-system as the release name fleet-agent" }} +{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }} {{end}} {{if ne .Release.Name .Values.internal.managedReleaseName }} -{{ fail "This chart must be installed in the namespace fleet-system as the release name fleet-agent" }} +{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }} {{end}} -{{if not .apiServerURL }} +{{if not .Values.apiServerURL }} {{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }} {{end}} From 9588ca33084be407f75d14acc681ce4d5b817c12 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 22:58:15 -0700 Subject: [PATCH 02/13] Don't ratelimit the client --- modules/agent/pkg/controllers/controllers.go | 7 +++++-- pkg/controllers/controllers.go | 2 ++ pkg/helmdeployer/impersonate.go | 2 ++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/agent/pkg/controllers/controllers.go b/modules/agent/pkg/controllers/controllers.go index c54895e7a6..2e87dabd28 100644 --- a/modules/agent/pkg/controllers/controllers.go +++ b/modules/agent/pkg/controllers/controllers.go @@ -4,9 +4,8 @@ import ( "context" "time" - "github.com/rancher/fleet/modules/agent/pkg/controllers/cluster" - "github.com/rancher/fleet/modules/agent/pkg/controllers/bundledeployment" + "github.com/rancher/fleet/modules/agent/pkg/controllers/cluster" "github.com/rancher/fleet/modules/agent/pkg/controllers/secret" "github.com/rancher/fleet/modules/agent/pkg/deployer" "github.com/rancher/fleet/modules/agent/pkg/trigger" @@ -22,6 +21,7 @@ import ( "github.com/rancher/wrangler/pkg/generated/controllers/rbac" rbaccontrollers "github.com/rancher/wrangler/pkg/generated/controllers/rbac/v1" "github.com/rancher/wrangler/pkg/leader" + "github.com/rancher/wrangler/pkg/ratelimit" "github.com/rancher/wrangler/pkg/start" "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/meta" @@ -175,6 +175,9 @@ func newContext(fleetNamespace, agentNamespace, clusterNamespace, clusterName st return nil, err } + client = rest.CopyConfig(client) + client.RateLimiter = ratelimit.None + k8s, err := kubernetes.NewForConfig(client) if err != nil { return nil, err diff --git a/pkg/controllers/controllers.go b/pkg/controllers/controllers.go index d90ee98872..e43fba17f2 100644 --- a/pkg/controllers/controllers.go +++ b/pkg/controllers/controllers.go @@ -29,6 +29,7 @@ import ( "github.com/rancher/wrangler/pkg/generated/controllers/rbac" rbaccontrollers "github.com/rancher/wrangler/pkg/generated/controllers/rbac/v1" "github.com/rancher/wrangler/pkg/leader" + "github.com/rancher/wrangler/pkg/ratelimit" "github.com/rancher/wrangler/pkg/start" "github.com/sirupsen/logrus" corev1 "k8s.io/api/core/v1" @@ -217,6 +218,7 @@ func newContext(cfg clientcmd.ClientConfig) (*appContext, error) { if err != nil { return nil, err } + client.RateLimiter = ratelimit.None core, err := core.NewFactoryFromConfig(client) if err != nil { diff --git a/pkg/helmdeployer/impersonate.go b/pkg/helmdeployer/impersonate.go index 398fb142c9..c19ecaf361 100644 --- a/pkg/helmdeployer/impersonate.go +++ b/pkg/helmdeployer/impersonate.go @@ -3,6 +3,7 @@ package helmdeployer import ( "fmt" + "github.com/rancher/wrangler/pkg/ratelimit" apierror "k8s.io/apimachinery/pkg/api/errors" "k8s.io/cli-runtime/pkg/genericclioptions" "k8s.io/client-go/rest" @@ -39,6 +40,7 @@ func newImpersonatingGetter(namespace, name string, getter genericclioptions.RES if err != nil { return nil, err } + restConfig.RateLimiter = ratelimit.None return &impersonatingGetter{ RESTClientGetter: getter, From f318d2668409594da7bef831917d5b678b85930b Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:01:09 -0700 Subject: [PATCH 03/13] Enhanced status on various types --- pkg/apis/fleet.cattle.io/v1alpha1/bundle.go | 12 +++++ pkg/apis/fleet.cattle.io/v1alpha1/git.go | 12 +++-- pkg/apis/fleet.cattle.io/v1alpha1/target.go | 2 + pkg/controllers/clustergroup/controller.go | 46 +++++++++++++++---- pkg/controllers/controllers.go | 2 +- pkg/controllers/display/displaycontrollers.go | 36 ++++++++++++++- pkg/controllers/git/git.go | 29 +++++++++++- pkg/crd/crds.go | 2 +- 8 files changed, 122 insertions(+), 19 deletions(-) diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/bundle.go b/pkg/apis/fleet.cattle.io/v1alpha1/bundle.go index e3f30c6a32..df0bfdf1f3 100644 --- a/pkg/apis/fleet.cattle.io/v1alpha1/bundle.go +++ b/pkg/apis/fleet.cattle.io/v1alpha1/bundle.go @@ -19,6 +19,16 @@ var ( OutOfSync BundleState = "OutOfSync" Pending BundleState = "Pending" Modified BundleState = "Modified" + + StateRank = map[BundleState]int{ + ErrApplied: 7, + NotApplied: 6, + Modified: 5, + OutOfSync: 4, + Pending: 3, + NotReady: 2, + Ready: 1, + } ) type BundleState string @@ -141,6 +151,7 @@ type BundleStatus struct { type BundleDisplay struct { ReadyClusters string `json:"readyClusters,omitempty"` + State string `json:"state,omitempty"` } type PartitionStatus struct { @@ -192,6 +203,7 @@ type BundleDeploymentStatus struct { type BundleDeploymentDisplay struct { Deployed string `json:"deployed,omitempty"` Monitored string `json:"monitored,omitempty"` + State string `json:"state,omitempty"` } type NonReadyStatus struct { diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/git.go b/pkg/apis/fleet.cattle.io/v1alpha1/git.go index 1d4b17d0ea..2912573b36 100644 --- a/pkg/apis/fleet.cattle.io/v1alpha1/git.go +++ b/pkg/apis/fleet.cattle.io/v1alpha1/git.go @@ -50,12 +50,14 @@ type GitTarget struct { } type GitRepoStatus struct { - Commit string `json:"commit,omitempty"` - Summary BundleSummary `json:"summary,omitempty"` - Display GitRepoDisplay `json:"display,omitempty"` - Conditions []genericcondition.GenericCondition `json:"conditions,omitempty"` + ObservedGeneration int64 `json:"observedGeneration"` + Commit string `json:"commit,omitempty"` + Summary BundleSummary `json:"summary,omitempty"` + Display GitRepoDisplay `json:"display,omitempty"` + Conditions []genericcondition.GenericCondition `json:"conditions,omitempty"` } type GitRepoDisplay struct { - ReadyBundles string `json:"readyBundles,omitempty"` + ReadyBundleDeployments string `json:"readyBundleDeployments,omitempty"` + State string `json:"state,omitempty"` } diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/target.go b/pkg/apis/fleet.cattle.io/v1alpha1/target.go index 9188a40bc7..56e7b73481 100644 --- a/pkg/apis/fleet.cattle.io/v1alpha1/target.go +++ b/pkg/apis/fleet.cattle.io/v1alpha1/target.go @@ -45,6 +45,7 @@ type ClusterGroupStatus struct { type ClusterGroupDisplay struct { ReadyClusters string `json:"readyClusters,omitempty"` ReadyBundles string `json:"readyBundles,omitempty"` + State string `json:"state,omitempty"` } // +genclient @@ -78,6 +79,7 @@ type ClusterDisplay struct { ReadyBundles string `json:"readyBundles,omitempty"` ReadyNodes string `json:"readyNodes,omitempty"` SampleNode string `json:"sampleNode,omitempty"` + State string `json:"state,omitempty"` } type AgentStatus struct { diff --git a/pkg/controllers/clustergroup/controller.go b/pkg/controllers/clustergroup/controller.go index 4306b78463..70eb1015c1 100644 --- a/pkg/controllers/clustergroup/controller.go +++ b/pkg/controllers/clustergroup/controller.go @@ -7,13 +7,16 @@ import ( fleet "github.com/rancher/fleet/pkg/apis/fleet.cattle.io/v1alpha1" fleetcontrollers "github.com/rancher/fleet/pkg/generated/controllers/fleet.cattle.io/v1alpha1" "github.com/rancher/fleet/pkg/summary" + "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" ) type handler struct { - clusterGroups fleetcontrollers.ClusterGroupCache - clusterCache fleetcontrollers.ClusterCache - clusters fleetcontrollers.ClusterController + clusterGroupsCache fleetcontrollers.ClusterGroupCache + clusterGroups fleetcontrollers.ClusterGroupController + clusterCache fleetcontrollers.ClusterCache + clusters fleetcontrollers.ClusterController } func Register(ctx context.Context, @@ -21,9 +24,10 @@ func Register(ctx context.Context, clusterGroups fleetcontrollers.ClusterGroupController) { h := &handler{ - clusterGroups: clusterGroups.Cache(), - clusterCache: clusters.Cache(), - clusters: clusters, + clusterGroupsCache: clusterGroups.Cache(), + clusterGroups: clusterGroups, + clusterCache: clusters.Cache(), + clusters: clusters, } fleetcontrollers.RegisterClusterGroupStatusHandler(ctx, @@ -31,6 +35,34 @@ func Register(ctx context.Context, "Processed", "cluster-group", h.OnClusterGroup) + clusters.OnChange(ctx, "cluster-group-trigger", h.OnClusterChange) +} + +func (h *handler) OnClusterChange(key string, cluster *fleet.Cluster) (*fleet.Cluster, error) { + if cluster == nil || len(cluster.Labels) == 0 { + return cluster, nil + } + + cgs, err := h.clusterGroupsCache.List(cluster.Namespace, labels.Everything()) + if err != nil { + return nil, err + } + + for _, cg := range cgs { + if cg.Spec.Selector == nil { + continue + } + sel, err := metav1.LabelSelectorAsSelector(cg.Spec.Selector) + if err != nil { + logrus.Errorf("invalid selector on clustergroup %s/%s: %v", cg.Namespace, cg.Name, err) + continue + } + if sel.Matches(labels.Set(cluster.Labels)) { + h.clusterGroups.Enqueue(cg.Namespace, cg.Name) + } + } + + return cluster, nil } func (h *handler) OnClusterGroup(clusterGroup *fleet.ClusterGroup, status fleet.ClusterGroupStatus) (fleet.ClusterGroupStatus, error) { @@ -57,8 +89,6 @@ func (h *handler) OnClusterGroup(clusterGroup *fleet.ClusterGroup, status fleet. }) for _, cluster := range clusters { - h.clusters.Enqueue(cluster.Namespace, cluster.Name) - summary.Increment(&status.Summary, cluster.Status.Summary) status.ClusterCount++ if !summary.IsReady(cluster.Status.Summary) { diff --git a/pkg/controllers/controllers.go b/pkg/controllers/controllers.go index e43fba17f2..6163c18eeb 100644 --- a/pkg/controllers/controllers.go +++ b/pkg/controllers/controllers.go @@ -182,7 +182,7 @@ func Register(ctx context.Context, systemNamespace string, cfg clientcmd.ClientC appCtx.Core.ConfigMap(), appCtx.Core.ServiceAccount()), appCtx.GitJob.GitJob(), - appCtx.BundleDeployment().Cache(), + appCtx.BundleDeployment(), appCtx.GitRepo()) bootstrap.Register(ctx, diff --git a/pkg/controllers/display/displaycontrollers.go b/pkg/controllers/display/displaycontrollers.go index 31efb72e09..c65d769579 100644 --- a/pkg/controllers/display/displaycontrollers.go +++ b/pkg/controllers/display/displaycontrollers.go @@ -7,6 +7,7 @@ import ( fleet "github.com/rancher/fleet/pkg/apis/fleet.cattle.io/v1alpha1" fleetcontrollers "github.com/rancher/fleet/pkg/generated/controllers/fleet.cattle.io/v1alpha1" + "github.com/rancher/fleet/pkg/summary" "github.com/rancher/wrangler/pkg/genericcondition" ) @@ -32,6 +33,15 @@ func (h *handler) OnBundleChange(_ *fleet.Bundle, status fleet.BundleStatus) (fl status.Display.ReadyClusters = fmt.Sprintf("%d/%d", status.Summary.Ready, status.Summary.DesiredReady) + + var state fleet.BundleState + for _, nonReady := range status.Summary.NonReadyResources { + if fleet.StateRank[nonReady.State] > fleet.StateRank[state] { + state = nonReady.State + } + } + status.Display.State = string(state) + return status, nil } @@ -43,6 +53,18 @@ func (h *handler) OnClusterChange(cluster *fleet.Cluster, status fleet.ClusterSt cluster.Status.Agent.ReadyNodes, cluster.Status.Agent.NonReadyNodes+cluster.Status.Agent.ReadyNodes) status.Display.SampleNode = sampleNode(status) + + var state fleet.BundleState + for _, nonReady := range status.Summary.NonReadyResources { + if fleet.StateRank[nonReady.State] > fleet.StateRank[state] { + state = nonReady.State + } + } + + status.Display.State = string(state) + if status.AgentDeployed == nil || !*status.AgentDeployed { + status.Display.State = "ErrNoAgent" + } return status, nil } @@ -56,17 +78,26 @@ func (h *handler) OnClusterGroupChange(cluster *fleet.ClusterGroup, status fleet if len(cluster.Status.NonReadyClusters) > 0 { status.Display.ReadyClusters += " (" + strings.Join(cluster.Status.NonReadyClusters, ",") + ")" } + + var state fleet.BundleState + for _, nonReady := range status.Summary.NonReadyResources { + if fleet.StateRank[nonReady.State] > fleet.StateRank[state] { + state = nonReady.State + } + } + + status.Display.State = string(state) return status, nil } func (h *handler) OnRepoChange(gitrepo *fleet.GitRepo, status fleet.GitRepoStatus) (fleet.GitRepoStatus, error) { - status.Display.ReadyBundles = fmt.Sprintf("%d/%d", + status.Display.ReadyBundleDeployments = fmt.Sprintf("%d/%d", gitrepo.Status.Summary.Ready, gitrepo.Status.Summary.DesiredReady) return status, nil } -func (h *handler) OnBundleDeploymentChange(_ *fleet.BundleDeployment, status fleet.BundleDeploymentStatus) (fleet.BundleDeploymentStatus, error) { +func (h *handler) OnBundleDeploymentChange(bundleDeployment *fleet.BundleDeployment, status fleet.BundleDeploymentStatus) (fleet.BundleDeploymentStatus, error) { var ( deployed, monitored string ) @@ -83,6 +114,7 @@ func (h *handler) OnBundleDeploymentChange(_ *fleet.BundleDeployment, status fle status.Display = fleet.BundleDeploymentDisplay{ Deployed: deployed, Monitored: monitored, + State: string(summary.GetDeploymentState(bundleDeployment)), } return status, nil diff --git a/pkg/controllers/git/git.go b/pkg/controllers/git/git.go index bcad19532a..c3f295cea3 100644 --- a/pkg/controllers/git/git.go +++ b/pkg/controllers/git/git.go @@ -31,16 +31,31 @@ var ( func Register(ctx context.Context, apply apply.Apply, gitJobs v1.GitJobController, - bundleDeployments fleetcontrollers.BundleDeploymentCache, + bundleDeployments fleetcontrollers.BundleDeploymentController, gitRepos fleetcontrollers.GitRepoController) { h := &handler{ gitjobCache: gitJobs.Cache(), - bundleDeployments: bundleDeployments, + bundleDeployments: bundleDeployments.Cache(), } fleetcontrollers.RegisterGitRepoGeneratingHandler(ctx, gitRepos, apply, "", "gitjobs", h.OnChange, nil) relatedresource.Watch(ctx, "gitjobs", relatedresource.OwnerResolver(true, fleet.SchemeGroupVersion.String(), "GitRepo"), gitRepos, gitJobs) + relatedresource.Watch(ctx, "gitjobs", resolveGitRepo, gitRepos, bundleDeployments) +} + +func resolveGitRepo(namespace, name string, obj runtime.Object) ([]relatedresource.Key, error) { + if bundleDeployment, ok := obj.(*fleet.BundleDeployment); ok { + repo := bundleDeployment.Labels[RepoLabel] + ns := bundleDeployment.Labels["fleet.cattle.io/bundle-namespace"] + if repo != "" && ns != "" { + return []relatedresource.Key{{ + Namespace: ns, + Name: repo, + }}, nil + } + } + return nil, nil } type handler struct { @@ -94,6 +109,7 @@ func (h *handler) getConfig(repo *fleet.GitRepo) (*corev1.ConfigMap, error) { func (h *handler) OnChange(gitrepo *fleet.GitRepo, status fleet.GitRepoStatus) ([]runtime.Object, fleet.GitRepoStatus, error) { status.Conditions = nil + status.ObservedGeneration = gitrepo.Generation status, err := h.setBundleDeploymentStatus(gitrepo, status) if err != nil { @@ -256,12 +272,21 @@ func (h *handler) setBundleDeploymentStatus(gitrepo *fleet.GitRepo, status fleet return bundleDeployments[i].Name < bundleDeployments[j].Name }) + var maxState fleet.BundleState for _, app := range bundleDeployments { state := summary.GetDeploymentState(app) summary.IncrementState(&status.Summary, app.Name, state, summary.MessageFromDeployment(app)) status.Summary.DesiredReady++ + if fleet.StateRank[state] > fleet.StateRank[maxState] { + maxState = state + } + } + + if maxState == fleet.Ready { + maxState = "" } + status.Display.State = string(maxState) summary.SetReadyConditions(&status, "Bundle", status.Summary) return status, nil } diff --git a/pkg/crd/crds.go b/pkg/crd/crds.go index 1475474ae7..24109c739f 100644 --- a/pkg/crd/crds.go +++ b/pkg/crd/crds.go @@ -93,7 +93,7 @@ func List() []crd.CRD { WithCategories("fleet"). WithColumn("Repo", ".spec.repo"). WithColumn("Commit", ".status.commit"). - WithColumn("Bundles-Ready", ".status.display.readyBundles"). + WithColumn("BundleDeployments-Ready", ".status.display.readyBundleDeployments"). WithColumn("Status", ".status.conditions[?(@.type==\"Ready\")].message") }), newCRD(&fleet.ClusterRegistration{}, func(c crd.CRD) crd.CRD { From 4dae044cbf16196bbf565416af469da3540cf811 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:02:00 -0700 Subject: [PATCH 04/13] Don't duplicate default target and fix clustergroup matching by name --- modules/cli/apply/apply.go | 35 ++--------------------------------- pkg/bundle/read.go | 31 +++++++++++++++++++++++++++++++ pkg/match/cluster.go | 8 ++++---- 3 files changed, 37 insertions(+), 37 deletions(-) diff --git a/modules/cli/apply/apply.go b/modules/cli/apply/apply.go index c36b6677b0..79c3969029 100644 --- a/modules/cli/apply/apply.go +++ b/modules/cli/apply/apply.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "path/filepath" "regexp" @@ -82,42 +81,12 @@ func readBundle(ctx context.Context, name, baseDir string, opts *Options) (*bund return bundle.New(&bundleResource) } - b, err := bundle.Open(ctx, name, baseDir, opts.BundleFile, &bundle.Options{ + return bundle.Open(ctx, name, baseDir, opts.BundleFile, &bundle.Options{ Compress: opts.Compress, Labels: opts.Labels, ServiceAccount: opts.ServiceAccount, + TargetsFile: opts.TargetsFile, }) - if err != nil { - return nil, err - } - - return appendTargets(b, opts.TargetsFile) -} - -func appendTargets(b *bundle.Bundle, targetsFile string) (*bundle.Bundle, error) { - if targetsFile == "" { - return b, nil - } - - def := b.Definition.DeepCopy() - data, err := ioutil.ReadFile(targetsFile) - if err != nil { - return nil, err - } - - spec := &fleet.BundleSpec{} - if err := yaml.Unmarshal(data, spec); err != nil { - return nil, err - } - - for _, target := range spec.Targets { - def.Spec.Targets = append(def.Spec.Targets, target) - } - for _, targetRestriction := range spec.TargetRestrictions { - def.Spec.TargetRestrictions = append(def.Spec.TargetRestrictions, targetRestriction) - } - - return bundle.New(def) } func createName(name, baseDir string) string { diff --git a/pkg/bundle/read.go b/pkg/bundle/read.go index 9288c4b28c..7da72a8726 100644 --- a/pkg/bundle/read.go +++ b/pkg/bundle/read.go @@ -21,6 +21,7 @@ type Options struct { Compress bool Labels map[string]string ServiceAccount string + TargetsFile string } func Open(ctx context.Context, name, baseDir, file string, opts *Options) (*Bundle, error) { @@ -151,6 +152,11 @@ func read(ctx context.Context, name, baseDir string, bundleSpecReader io.Reader, def.Spec.ServiceAccount = opts.ServiceAccount } + def, err = appendTargets(def, opts.TargetsFile) + if err != nil { + return nil, err + } + if len(def.Spec.Targets) == 0 { def.Spec.Targets = []fleet.BundleTarget{ { @@ -163,6 +169,31 @@ func read(ctx context.Context, name, baseDir string, bundleSpecReader io.Reader, return New(def) } +func appendTargets(def *fleet.Bundle, targetsFile string) (*fleet.Bundle, error) { + if targetsFile == "" { + return def, nil + } + + data, err := ioutil.ReadFile(targetsFile) + if err != nil { + return nil, err + } + + spec := &fleet.BundleSpec{} + if err := yaml.Unmarshal(data, spec); err != nil { + return nil, err + } + + for _, target := range spec.Targets { + def.Spec.Targets = append(def.Spec.Targets, target) + } + for _, targetRestriction := range spec.TargetRestrictions { + def.Spec.TargetRestrictions = append(def.Spec.TargetRestrictions, targetRestriction) + } + + return def, nil +} + func assignOverlay(bundle *fleet.BundleSpec, overlays map[string][]fleet.BundleResource) { defined := map[string]bool{} for i := range bundle.Overlays { diff --git a/pkg/match/cluster.go b/pkg/match/cluster.go index 86179b5bb6..89400bef99 100644 --- a/pkg/match/cluster.go +++ b/pkg/match/cluster.go @@ -19,8 +19,8 @@ func NewClusterMatcher(clusterGroup string, clusterGroupSelector *metav1.LabelSe t := &ClusterMatcher{} if clusterGroup != "" { - t.criteria = append(t.criteria, func(clusterGroup string, clusterGroupLabels, clusterLabels map[string]string) bool { - return clusterGroup == clusterGroup + t.criteria = append(t.criteria, func(clusterGroupTest string, _, _ map[string]string) bool { + return clusterGroup == clusterGroupTest }) } @@ -29,7 +29,7 @@ func NewClusterMatcher(clusterGroup string, clusterGroupSelector *metav1.LabelSe if err != nil { return nil, err } - t.criteria = append(t.criteria, func(clusterGroup string, clusterGroupLabels, clusterLabels map[string]string) bool { + t.criteria = append(t.criteria, func(_ string, clusterGroupLabels, _ map[string]string) bool { return selector.Matches(labels.Set(clusterGroupLabels)) }) } @@ -39,7 +39,7 @@ func NewClusterMatcher(clusterGroup string, clusterGroupSelector *metav1.LabelSe if err != nil { return nil, err } - t.criteria = append(t.criteria, func(clusterGroup string, clusterGroupLabels, clusterLabels map[string]string) bool { + t.criteria = append(t.criteria, func(_ string, _, clusterLabels map[string]string) bool { return selector.Matches(labels.Set(clusterLabels)) }) } From 9d4fba0d0ef5c7d1bf6c7eaac4c423e37db172f2 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:02:14 -0700 Subject: [PATCH 05/13] Switch to cli-utils for kstatus --- pkg/kustomize/kstatus.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/kustomize/kstatus.go b/pkg/kustomize/kstatus.go index 9258a89ee3..d62040816b 100644 --- a/pkg/kustomize/kstatus.go +++ b/pkg/kustomize/kstatus.go @@ -4,7 +4,7 @@ import ( "github.com/rancher/wrangler/pkg/data" "github.com/rancher/wrangler/pkg/summary" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "sigs.k8s.io/kustomize/kstatus/status" + "sigs.k8s.io/cli-utils/pkg/kstatus/status" ) func init() { From b120c41612badc66a325a8d3002c33241c25759e Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:02:39 -0700 Subject: [PATCH 06/13] Fallback to bootstrap secret if agent secret is not valid --- modules/agent/pkg/register/register.go | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/modules/agent/pkg/register/register.go b/modules/agent/pkg/register/register.go index 62de02843e..24a2e49919 100644 --- a/modules/agent/pkg/register/register.go +++ b/modules/agent/pkg/register/register.go @@ -57,6 +57,14 @@ func Register(ctx context.Context, namespace, clusterID string, config *rest.Con } } +func runRegistration(ctx context.Context, k8s corecontrollers.Interface, namespace, clusterID string) (*corev1.Secret, error) { + secret, err := k8s.Secret().Get(namespace, BootstrapCredName, metav1.GetOptions{}) + if err != nil { + return nil, fmt.Errorf("looking up secret %s/%s: %w", namespace, BootstrapCredName, err) + } + return createClusterSecret(ctx, clusterID, k8s, secret) +} + func tryRegister(ctx context.Context, namespace, clusterID string, config *rest.Config) (*AgentInfo, error) { config = rest.CopyConfig(config) config.RateLimiter = ratelimit.None @@ -67,16 +75,17 @@ func tryRegister(ctx context.Context, namespace, clusterID string, config *rest. secret, err := k8s.Core().V1().Secret().Get(namespace, CredName, metav1.GetOptions{}) if apierrors.IsNotFound(err) { - secret, err = k8s.Core().V1().Secret().Get(namespace, BootstrapCredName, metav1.GetOptions{}) + secret, err = runRegistration(ctx, k8s.Core().V1(), namespace, clusterID) if err != nil { return nil, fmt.Errorf("looking up secret %s/%s: %w", namespace, BootstrapCredName, err) } - secret, err = createClusterSecret(ctx, clusterID, k8s.Core().V1(), secret) - if err != nil { - return nil, err - } } else if err != nil { return nil, err + } else if err := testClientConfig(ctx, secret.Data[Kubeconfig]); err != nil { + secret, err = runRegistration(ctx, k8s.Core().V1(), namespace, clusterID) + if err != nil { + return nil, fmt.Errorf("looking up secret %s/%s or %s/%s: %w", namespace, BootstrapCredName, namespace, CredName, err) + } } clientConfig, err := clientcmd.NewClientConfigFromBytes(secret.Data[Kubeconfig]) From 9e1c0716fe3b7a814b0425b9a2c2c1ebd2a5651a Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:02:59 -0700 Subject: [PATCH 07/13] Treat ttl <= 0 as infinite --- pkg/controllers/clusterregistrationtoken/handler.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/controllers/clusterregistrationtoken/handler.go b/pkg/controllers/clusterregistrationtoken/handler.go index b52c7db0b4..4661499f7f 100644 --- a/pkg/controllers/clusterregistrationtoken/handler.go +++ b/pkg/controllers/clusterregistrationtoken/handler.go @@ -183,6 +183,9 @@ func (h *handler) getValuesYAMLSecret(token *fleet.ClusterRegistrationToken, sec func (h *handler) deleteExpired(token *fleet.ClusterRegistrationToken) (bool, error) { ttl := token.Spec.TTLSeconds + if ttl <= 0 { + return false, nil + } expire := token.CreationTimestamp.Add(time.Second * time.Duration(ttl)) if time.Now().After(expire) { return true, h.clusterRegistrationTokens.Delete(token.Namespace, token.Name, nil) From 15f13773d81b6aaf3a6c5a8d6f701e9b1603ad7c Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:06:13 -0700 Subject: [PATCH 08/13] Make fleet-agent hidden in the catalog --- charts/fleet-agent/Chart.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/fleet-agent/Chart.yaml b/charts/fleet-agent/Chart.yaml index ad0a7a9fe7..f0493c7729 100644 --- a/charts/fleet-agent/Chart.yaml +++ b/charts/fleet-agent/Chart.yaml @@ -6,5 +6,6 @@ appVersion: 0.0.0 icon: https://charts.rancher.io/assets/logos/fleet.svg annotations: catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" catalog.cattle.io/namespace: fleet-system catalog.cattle.io/release-name: fleet-agent From 6ac65f8746cc949983e438962931e3ec30b64448 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:06:31 -0700 Subject: [PATCH 09/13] gitjobs v0.1.1 --- charts/fleet-crd/templates/gitjobs-crds.yaml | 19 +++++++++++++++++++ charts/fleet/charts/gitjob/Chart.yaml | 4 ++-- .../charts/gitjob/templates/clusterrole.yaml | 1 + charts/fleet/charts/gitjob/values.yaml | 2 +- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/charts/fleet-crd/templates/gitjobs-crds.yaml b/charts/fleet-crd/templates/gitjobs-crds.yaml index 7b409c05ac..49b1fc0f73 100644 --- a/charts/fleet-crd/templates/gitjobs-crds.yaml +++ b/charts/fleet-crd/templates/gitjobs-crds.yaml @@ -3,6 +3,22 @@ kind: CustomResourceDefinition metadata: name: gitjobs.gitjob.cattle.io spec: + additionalPrinterColumns: + - JSONPath: .spec.git.repo + name: REPO + type: string + - JSONPath: .spec.git.branch + name: BRANCH + type: string + - JSONPath: .status.commit + name: COMMIT + type: string + - JSONPath: .status.jobStatus + name: JOBSTATUS + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date group: gitjob.cattle.io names: kind: GitJob @@ -15,6 +31,9 @@ spec: properties: spec: properties: + forceUpdate: + nullable: true + type: string git: properties: branch: diff --git a/charts/fleet/charts/gitjob/Chart.yaml b/charts/fleet/charts/gitjob/Chart.yaml index 72d06b6a6c..e127e9617e 100644 --- a/charts/fleet/charts/gitjob/Chart.yaml +++ b/charts/fleet/charts/gitjob/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.1.0 +appVersion: 0.1.1 description: Controller that run jobs based on git events name: gitjob -version: 0.1.0 +version: 0.1.1 diff --git a/charts/fleet/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/charts/gitjob/templates/clusterrole.yaml index 75bbcd6009..b4280d0700 100644 --- a/charts/fleet/charts/gitjob/templates/clusterrole.yaml +++ b/charts/fleet/charts/gitjob/templates/clusterrole.yaml @@ -26,6 +26,7 @@ rules: - 'list' - 'get' - 'update' + - 'watch' - apiGroups: - "gitjob.cattle.io" resources: diff --git a/charts/fleet/charts/gitjob/values.yaml b/charts/fleet/charts/gitjob/values.yaml index 36595c12a2..9d1ba05a18 100644 --- a/charts/fleet/charts/gitjob/values.yaml +++ b/charts/fleet/charts/gitjob/values.yaml @@ -1,3 +1,3 @@ image: repository: rancher/gitjob - tag: v0.1.0 + tag: v0.1.1 From 5f5ef6574625018574872dd64a15dca827da7903 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:07:07 -0700 Subject: [PATCH 10/13] Update crd yaml --- charts/fleet-crd/templates/crds.yaml | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/charts/fleet-crd/templates/crds.yaml b/charts/fleet-crd/templates/crds.yaml index 57a32d3675..a07eb1c10d 100644 --- a/charts/fleet-crd/templates/crds.yaml +++ b/charts/fleet-crd/templates/crds.yaml @@ -375,6 +375,9 @@ spec: readyClusters: nullable: true type: string + state: + nullable: true + type: string type: object maxNew: type: integer @@ -589,6 +592,9 @@ spec: monitored: nullable: true type: string + state: + nullable: true + type: string type: object modifiedStatus: items: @@ -897,6 +903,9 @@ spec: readyClusters: nullable: true type: string + state: + nullable: true + type: string type: object nonReadyClusterCount: type: integer @@ -1056,6 +1065,9 @@ spec: sampleNode: nullable: true type: string + state: + nullable: true + type: string type: object namespace: nullable: true @@ -1156,8 +1168,8 @@ spec: - JSONPath: .status.commit name: Commit type: string - - JSONPath: .status.display.readyBundles - name: Bundles-Ready + - JSONPath: .status.display.readyBundleDeployments + name: BundleDeployments-Ready type: string - JSONPath: .status.conditions[?(@.type=="Ready")].message name: Status @@ -1297,10 +1309,15 @@ spec: type: array display: properties: - readyBundles: + readyBundleDeployments: + nullable: true + type: string + state: nullable: true type: string type: object + observedGeneration: + type: integer summary: properties: desiredReady: From 94c77ce08b9495e1d40c11f23ae75f0a3b748a5b Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 28 Aug 2020 23:08:45 -0700 Subject: [PATCH 11/13] Update vendor --- go.mod | 10 +++++----- go.sum | 23 ++++++++++++----------- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 6c399b7584..9aefb3d503 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.14 replace ( github.com/Azure/go-autorest => github.com/Azure/go-autorest v14.0.0+incompatible - helm.sh/helm/v3 => github.com/ibuildthecloud/helm/v3 v3.1.0-rc.1.0.20200811161532-4cb1fb31bcea + helm.sh/helm/v3 => github.com/ibuildthecloud/helm/v3 v3.1.0-rc.1.0.20200829031744-19e92760f498 ) require ( @@ -14,7 +14,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/rancher/gitjob v0.1.0 github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0 - github.com/rancher/wrangler v0.6.2-0.20200828043115-6943c5e1c9c7 + github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224 github.com/rancher/wrangler-cli v0.0.0-20200815040857-81c48cf8ab43 github.com/sirupsen/logrus v1.6.0 github.com/spf13/cobra v1.0.0 @@ -25,8 +25,8 @@ require ( k8s.io/cli-runtime v0.18.4 k8s.io/client-go v0.18.8 rsc.io/letsencrypt v0.0.3 // indirect - sigs.k8s.io/kustomize/api v0.3.3-0.20200328155553-20184e9835c7 - sigs.k8s.io/kustomize/kstatus v0.0.2 - sigs.k8s.io/kustomize/kyaml v0.4.0 + sigs.k8s.io/cli-utils v0.16.0 + sigs.k8s.io/kustomize/api v0.6.0 + sigs.k8s.io/kustomize/kyaml v0.7.1 sigs.k8s.io/yaml v1.2.0 ) diff --git a/go.sum b/go.sum index 6d4b7c585b..f11d4728c8 100644 --- a/go.sum +++ b/go.sum @@ -500,8 +500,8 @@ github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= -github.com/ibuildthecloud/helm/v3 v3.1.0-rc.1.0.20200811161532-4cb1fb31bcea h1:VjoVFmIcFFhgRnU8HccubxUTB6U3LO7RGOv4USfj5bc= -github.com/ibuildthecloud/helm/v3 v3.1.0-rc.1.0.20200811161532-4cb1fb31bcea/go.mod h1:cWRDbGk4EiIL0/+jN0GI8T7m96Cps81/ta1kcacl85g= +github.com/ibuildthecloud/helm/v3 v3.1.0-rc.1.0.20200829031744-19e92760f498 h1:AHg+S2PDyV4qfgPMmE5XQYdj5rtClWpX9JhV6n78uhI= +github.com/ibuildthecloud/helm/v3 v3.1.0-rc.1.0.20200829031744-19e92760f498/go.mod h1:cWRDbGk4EiIL0/+jN0GI8T7m96Cps81/ta1kcacl85g= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -755,6 +755,7 @@ github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= +github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d h1:K6eOUihrFLdZjZnA4XlRp864fmWXv9YTIk7VPLhRacA= github.com/qri-io/starlib v0.4.2-0.20200213133954-ff2e8cd5ef8d/go.mod h1:7DPO4domFU579Ga6E61sB9VFNaniPVwJP5C4bBCu3wA= github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= github.com/rancher/gitjob v0.1.0 h1:wHM4gqMccmQf5AvTXji4/wwYwNxfl82TVdkaKUhykHk= @@ -764,6 +765,8 @@ github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0/go.mod h1:OhBBBO1pBw github.com/rancher/wrangler v0.6.1/go.mod h1:L4HtjPeX8iqLgsxfJgz+JjKMcX2q3qbRXSeTlC/CSd4= github.com/rancher/wrangler v0.6.2-0.20200828043115-6943c5e1c9c7 h1:HXP9Rg3ijtwVaVCy8kaLLoSXEXm0mzxBenFnqi+Dh9A= github.com/rancher/wrangler v0.6.2-0.20200828043115-6943c5e1c9c7/go.mod h1:I7qe4DZNMOLKVa9ax7DJdBZ0XtKOppLF/dalhPX3vaE= +github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224 h1:NWYSyS1YiWJOB84xq0FcGDY8xQQwrfKoip2BjMSlu1g= +github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224/go.mod h1:I7qe4DZNMOLKVa9ax7DJdBZ0XtKOppLF/dalhPX3vaE= github.com/rancher/wrangler-cli v0.0.0-20200815040857-81c48cf8ab43 h1:+Bc9QnL9GuZiYxc3Mvm4n6EEjgI5TFQLDGjpRhQbkVk= github.com/rancher/wrangler-cli v0.0.0-20200815040857-81c48cf8ab43/go.mod h1:KxpGNhk/oVL6LCfyxESTD1sb8eXRlUxtkbNm06+7dZU= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= @@ -786,6 +789,7 @@ github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdh github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc= github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= @@ -839,6 +843,7 @@ github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3 github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= @@ -915,6 +920,7 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.starlark.net v0.0.0-20190528202925-30ae18b8564f/go.mod h1:c1/X6cHgvdXj6pUlmWKMkuqRnW4K8x2vwt6JAaaircg= +go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 h1:+FNtrFTmVw0YZGpBGX56XDee331t6JAXeK2bcyhLOOc= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v0.0.0-20181018215023-8dc6146f7569/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4= @@ -946,7 +952,6 @@ golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 h1:ACG4HJsFiNMf47Y4PeRoebLNy/2lXT9EtprMuTFWt1M= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -1050,7 +1055,6 @@ golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190911201528-7ad0cfa0b7b5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1190,7 +1194,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= @@ -1316,14 +1319,12 @@ sigs.k8s.io/cli-utils v0.16.0/go.mod h1:9Jqm9K2W6ShhCxsEuaz6HSRKKOXigPUx3ZfypGgx sigs.k8s.io/controller-runtime v0.4.0/go.mod h1:ApC79lpY3PHW9xj/w9pj+lYkLgwAAUZwfXkME1Lajns= sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0= sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU= -sigs.k8s.io/kustomize/api v0.3.3-0.20200328155553-20184e9835c7 h1:2xKoYcF8vUAY7QwVGAoDccTNPRtaMNLL0aCf4Op3Ofs= -sigs.k8s.io/kustomize/api v0.3.3-0.20200328155553-20184e9835c7/go.mod h1:4crE391uVAOFgkmaSgQ9w3CprZ6kwCNoL+Ft8II+C70= -sigs.k8s.io/kustomize/kstatus v0.0.2 h1:7GoHi/Vq7rIAS8AQONlfcdaCpVXY0HqzNhU5us7dToA= -sigs.k8s.io/kustomize/kstatus v0.0.2/go.mod h1:6qUKWLy4+yGExtjbs+fibz2tOBZG7413yx2NHyAzIU0= -sigs.k8s.io/kustomize/kyaml v0.1.1 h1:nGUNYINljZNmlAS8uoobUv/wx/s3Pg8dNxYo+W7uYh0= -sigs.k8s.io/kustomize/kyaml v0.1.1/go.mod h1:/NdPPfrperSCGjm55cwEro1loBVtbtVIXSb7FguK6uk= +sigs.k8s.io/kustomize/api v0.6.0 h1:Gj+MH9uEPh7tBHKCGGwA+fHgg9th55StaU+ZT05+8bY= +sigs.k8s.io/kustomize/api v0.6.0/go.mod h1:M7410E0ULUFQlxRskB//n5G0MPwGvs9HG6K8Sf8gw+M= sigs.k8s.io/kustomize/kyaml v0.4.0 h1:jMQrJOJmiUz5Y018ki0mXWpEreEXjvad1NRfXTdi9vU= sigs.k8s.io/kustomize/kyaml v0.4.0/go.mod h1:XJL84E6sOFeNrQ7CADiemc1B0EjIxHo3OhW4o1aJYNw= +sigs.k8s.io/kustomize/kyaml v0.7.1 h1:Ih6SJPvfKYfZaIFWUa2YAyg/0ZSTpA3LFjR/hv7+8ao= +sigs.k8s.io/kustomize/kyaml v0.7.1/go.mod h1:ne3F9JPhW2wrVaLslxBsEe6MQJQ9YK5rUutrdhBWXwI= sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff v0.0.0-20190817042607-6149e4549fca h1:6dsH6AYQWbyZmtttJNe8Gq1cXOeS1BdV3eW37zHilAQ= sigs.k8s.io/structured-merge-diff v0.0.0-20190817042607-6149e4549fca/go.mod h1:IIgPezJWb76P0hotTxzDbWsMYB8APh18qZnxkomBpxA= From fc0bc375bd03aa52460585ef50e28c40f6c262b3 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Sun, 30 Aug 2020 20:54:43 -0700 Subject: [PATCH 12/13] Add GitRepoRestriction --- pkg/apis/fleet.cattle.io/v1alpha1/git.go | 15 ++++ pkg/controllers/controllers.go | 1 + pkg/controllers/git/git.go | 105 +++++++++++++++++++++-- pkg/crd/crds.go | 5 ++ 4 files changed, 120 insertions(+), 6 deletions(-) diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/git.go b/pkg/apis/fleet.cattle.io/v1alpha1/git.go index 2912573b36..ac2df46ea8 100644 --- a/pkg/apis/fleet.cattle.io/v1alpha1/git.go +++ b/pkg/apis/fleet.cattle.io/v1alpha1/git.go @@ -61,3 +61,18 @@ type GitRepoDisplay struct { ReadyBundleDeployments string `json:"readyBundleDeployments,omitempty"` State string `json:"state,omitempty"` } + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type GitRepoRestriction struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + DefaultServiceAccount string `json:"defaultServiceAccount,omitempty"` + AllowedServiceAccounts []string `json:"allowedServiceAccounts,omitempty"` + AllowedRepoPatterns []string `json:"allowedRepoPatterns,omitempty"` + + DefaultClientSecretName string `json:"defaultClientSecretName,omitempty"` + AllowedClientSecretNames []string `json:"allowedClientSecretNames,omitempty"` +} diff --git a/pkg/controllers/controllers.go b/pkg/controllers/controllers.go index 6163c18eeb..3e61cb6ee9 100644 --- a/pkg/controllers/controllers.go +++ b/pkg/controllers/controllers.go @@ -183,6 +183,7 @@ func Register(ctx context.Context, systemNamespace string, cfg clientcmd.ClientC appCtx.Core.ServiceAccount()), appCtx.GitJob.GitJob(), appCtx.BundleDeployment(), + appCtx.GitRepoRestriction().Cache(), appCtx.GitRepo()) bootstrap.Register(ctx, diff --git a/pkg/controllers/git/git.go b/pkg/controllers/git/git.go index c3f295cea3..7be1ba6a64 100644 --- a/pkg/controllers/git/git.go +++ b/pkg/controllers/git/git.go @@ -3,6 +3,8 @@ package git import ( "context" "encoding/json" + "fmt" + "regexp" "sort" "time" @@ -32,13 +34,15 @@ func Register(ctx context.Context, apply apply.Apply, gitJobs v1.GitJobController, bundleDeployments fleetcontrollers.BundleDeploymentController, + gitRepoRestrictions fleetcontrollers.GitRepoRestrictionCache, gitRepos fleetcontrollers.GitRepoController) { h := &handler{ - gitjobCache: gitJobs.Cache(), - bundleDeployments: bundleDeployments.Cache(), + gitjobCache: gitJobs.Cache(), + bundleDeployments: bundleDeployments.Cache(), + gitRepoRestrictions: gitRepoRestrictions, } - fleetcontrollers.RegisterGitRepoGeneratingHandler(ctx, gitRepos, apply, "", "gitjobs", h.OnChange, nil) + fleetcontrollers.RegisterGitRepoGeneratingHandler(ctx, gitRepos, apply, "Accepted", "gitjobs", h.OnChange, nil) relatedresource.Watch(ctx, "gitjobs", relatedresource.OwnerResolver(true, fleet.SchemeGroupVersion.String(), "GitRepo"), gitRepos, gitJobs) relatedresource.Watch(ctx, "gitjobs", resolveGitRepo, gitRepos, bundleDeployments) @@ -59,8 +63,9 @@ func resolveGitRepo(namespace, name string, obj runtime.Object) ([]relatedresour } type handler struct { - gitjobCache v1.GitJobCache - bundleDeployments fleetcontrollers.BundleDeploymentCache + gitjobCache v1.GitJobCache + gitRepoRestrictions fleetcontrollers.GitRepoRestrictionCache + bundleDeployments fleetcontrollers.BundleDeploymentCache } func targetsOrDefault(targets []fleet.GitTarget) []fleet.GitTarget { @@ -107,11 +112,99 @@ func (h *handler) getConfig(repo *fleet.GitRepo) (*corev1.ConfigMap, error) { }, nil } +func (h *handler) authorizeAndAssignDefaults(gitrepo *fleet.GitRepo) (*fleet.GitRepo, error) { + restrictions, err := h.gitRepoRestrictions.List(gitrepo.Namespace, labels.Everything()) + if err != nil { + return nil, err + } + + if len(restrictions) == 0 { + return gitrepo, nil + } + + restriction := aggregate(restrictions) + gitrepo = gitrepo.DeepCopy() + + gitrepo.Spec.ServiceAccount, err = isAllowed(gitrepo.Spec.ServiceAccount, + restriction.DefaultServiceAccount, + restriction.AllowedServiceAccounts, + false) + if err != nil { + return nil, fmt.Errorf("disallowed serviceAcount %s: %w", gitrepo.Spec.ServiceAccount, err) + } + + gitrepo.Spec.Repo, err = isAllowed(gitrepo.Spec.Repo, + "", + restriction.AllowedRepoPatterns, + true) + if err != nil { + return nil, fmt.Errorf("disallowed repo %s: %w", gitrepo.Spec.ServiceAccount, err) + } + + gitrepo.Spec.ClientSecretName, err = isAllowed(gitrepo.Spec.ClientSecretName, + restriction.DefaultClientSecretName, + restriction.AllowedClientSecretNames, false) + if err != nil { + return nil, fmt.Errorf("disallowed clientSecretName %s: %w", gitrepo.Spec.ServiceAccount, err) + } + + return gitrepo, nil +} + +func isAllowed(currentValue, defaultValue string, allowedValues []string, pattern bool) (string, error) { + if currentValue == "" { + return defaultValue, nil + } + if len(allowedValues) == 0 { + return currentValue, nil + } + for _, allowedValue := range allowedValues { + if allowedValue == currentValue { + return currentValue, nil + } + if !pattern { + continue + } + p, err := regexp.Compile(allowedValue) + if err != nil { + return currentValue, err + } + if p.MatchString(allowedValue) { + return currentValue, nil + } + } + + return currentValue, fmt.Errorf("%s not in allowed set %v", currentValue, allowedValues) +} + +func aggregate(restrictions []*fleet.GitRepoRestriction) (result fleet.GitRepoRestriction) { + sort.Slice(restrictions, func(i, j int) bool { + return restrictions[i].Name < restrictions[j].Name + }) + for _, restriction := range restrictions { + if result.DefaultServiceAccount == "" { + result.DefaultServiceAccount = restriction.DefaultServiceAccount + } + if result.DefaultClientSecretName == "" { + result.DefaultClientSecretName = restriction.DefaultClientSecretName + } + result.AllowedServiceAccounts = append(result.AllowedServiceAccounts, restriction.AllowedServiceAccounts...) + result.AllowedClientSecretNames = append(result.AllowedClientSecretNames, restriction.AllowedClientSecretNames...) + result.AllowedRepoPatterns = append(result.AllowedRepoPatterns, restriction.AllowedRepoPatterns...) + } + return +} + func (h *handler) OnChange(gitrepo *fleet.GitRepo, status fleet.GitRepoStatus) ([]runtime.Object, fleet.GitRepoStatus, error) { + gitrepo, err := h.authorizeAndAssignDefaults(gitrepo) + if err != nil { + return nil, status, err + } + status.Conditions = nil status.ObservedGeneration = gitrepo.Generation - status, err := h.setBundleDeploymentStatus(gitrepo, status) + status, err = h.setBundleDeploymentStatus(gitrepo, status) if err != nil { return nil, status, err } diff --git a/pkg/crd/crds.go b/pkg/crd/crds.go index 24109c739f..81fbdcba98 100644 --- a/pkg/crd/crds.go +++ b/pkg/crd/crds.go @@ -101,6 +101,11 @@ func List() []crd.CRD { WithColumn("Cluster-Name", ".status.clusterName"). WithColumn("Labels", ".spec.clusterLabels") }), + newCRD(&fleet.GitRepoRestriction{}, func(c crd.CRD) crd.CRD { + return c. + WithColumn("Default-ServiceAccount", ".defaultServiceAccount"). + WithColumn("Allowed-ServiceAccounts", ".allowedServiceAccounts") + }), newCRD(&fleet.Content{}, func(c crd.CRD) crd.CRD { c.NonNamespace = true c.Status = false From b491f15268c0e4be819337a5c0c6fb263c167fc0 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Sun, 30 Aug 2020 20:54:54 -0700 Subject: [PATCH 13/13] Update generated code --- charts/fleet-crd/templates/crds.yaml | 54 ++++ .../v1alpha1/zz_generated_deepcopy.go | 74 +++++ .../v1alpha1/zz_generated_list_types.go | 17 ++ .../v1alpha1/zz_generated_register.go | 3 + .../v1alpha1/gitreporestriction.go | 256 ++++++++++++++++++ .../fleet.cattle.io/v1alpha1/interface.go | 4 + 6 files changed, 408 insertions(+) create mode 100644 pkg/generated/controllers/fleet.cattle.io/v1alpha1/gitreporestriction.go diff --git a/charts/fleet-crd/templates/crds.yaml b/charts/fleet-crd/templates/crds.yaml index a07eb1c10d..7628e90768 100644 --- a/charts/fleet-crd/templates/crds.yaml +++ b/charts/fleet-crd/templates/crds.yaml @@ -1413,6 +1413,60 @@ spec: served: true storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gitreporestrictions.fleet.cattle.io +spec: + additionalPrinterColumns: + - JSONPath: .defaultServiceAccount + name: Default-ServiceAccount + type: string + - JSONPath: .allowedServiceAccounts + name: Allowed-ServiceAccounts + type: string + group: fleet.cattle.io + names: + kind: GitRepoRestriction + plural: gitreporestrictions + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + allowedClientSecretNames: + items: + nullable: true + type: string + nullable: true + type: array + allowedRepoPatterns: + items: + nullable: true + type: string + nullable: true + type: array + allowedServiceAccounts: + items: + nullable: true + type: string + nullable: true + type: array + defaultClientSecretName: + nullable: true + type: string + defaultServiceAccount: + nullable: true + type: string + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_deepcopy.go b/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_deepcopy.go index 4da2ea3290..31dcc8805b 100644 --- a/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_deepcopy.go +++ b/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_deepcopy.go @@ -1142,6 +1142,80 @@ func (in *GitRepoList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GitRepoRestriction) DeepCopyInto(out *GitRepoRestriction) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.AllowedServiceAccounts != nil { + in, out := &in.AllowedServiceAccounts, &out.AllowedServiceAccounts + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.AllowedRepoPatterns != nil { + in, out := &in.AllowedRepoPatterns, &out.AllowedRepoPatterns + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.AllowedClientSecretNames != nil { + in, out := &in.AllowedClientSecretNames, &out.AllowedClientSecretNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRepoRestriction. +func (in *GitRepoRestriction) DeepCopy() *GitRepoRestriction { + if in == nil { + return nil + } + out := new(GitRepoRestriction) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GitRepoRestriction) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GitRepoRestrictionList) DeepCopyInto(out *GitRepoRestrictionList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]GitRepoRestriction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitRepoRestrictionList. +func (in *GitRepoRestrictionList) DeepCopy() *GitRepoRestrictionList { + if in == nil { + return nil + } + out := new(GitRepoRestrictionList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GitRepoRestrictionList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GitRepoSpec) DeepCopyInto(out *GitRepoSpec) { *out = *in diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_list_types.go b/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_list_types.go index f76047438e..c36eeb01b1 100644 --- a/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_list_types.go +++ b/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_list_types.go @@ -176,3 +176,20 @@ func NewGitRepo(namespace, name string, obj GitRepo) *GitRepo { obj.Namespace = namespace return &obj } + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// GitRepoRestrictionList is a list of GitRepoRestriction resources +type GitRepoRestrictionList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []GitRepoRestriction `json:"items"` +} + +func NewGitRepoRestriction(namespace, name string, obj GitRepoRestriction) *GitRepoRestriction { + obj.APIVersion, obj.Kind = SchemeGroupVersion.WithKind("GitRepoRestriction").ToAPIVersionAndKind() + obj.Name = name + obj.Namespace = namespace + return &obj +} diff --git a/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_register.go b/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_register.go index 54fb6ba026..a6417f9107 100644 --- a/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_register.go +++ b/pkg/apis/fleet.cattle.io/v1alpha1/zz_generated_register.go @@ -37,6 +37,7 @@ var ( ClusterRegistrationTokenResourceName = "clusterregistrationtokens" ContentResourceName = "contents" GitRepoResourceName = "gitrepos" + GitRepoRestrictionResourceName = "gitreporestrictions" ) // SchemeGroupVersion is group version used to register these objects @@ -78,6 +79,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ContentList{}, &GitRepo{}, &GitRepoList{}, + &GitRepoRestriction{}, + &GitRepoRestrictionList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/pkg/generated/controllers/fleet.cattle.io/v1alpha1/gitreporestriction.go b/pkg/generated/controllers/fleet.cattle.io/v1alpha1/gitreporestriction.go new file mode 100644 index 0000000000..a201e26828 --- /dev/null +++ b/pkg/generated/controllers/fleet.cattle.io/v1alpha1/gitreporestriction.go @@ -0,0 +1,256 @@ +/* +Copyright 2020 Rancher Labs, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by main. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "github.com/rancher/fleet/pkg/apis/fleet.cattle.io/v1alpha1" + "github.com/rancher/lasso/pkg/client" + "github.com/rancher/lasso/pkg/controller" + "github.com/rancher/wrangler/pkg/generic" + "k8s.io/apimachinery/pkg/api/equality" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/apimachinery/pkg/watch" + "k8s.io/client-go/tools/cache" +) + +type GitRepoRestrictionHandler func(string, *v1alpha1.GitRepoRestriction) (*v1alpha1.GitRepoRestriction, error) + +type GitRepoRestrictionController interface { + generic.ControllerMeta + GitRepoRestrictionClient + + OnChange(ctx context.Context, name string, sync GitRepoRestrictionHandler) + OnRemove(ctx context.Context, name string, sync GitRepoRestrictionHandler) + Enqueue(namespace, name string) + EnqueueAfter(namespace, name string, duration time.Duration) + + Cache() GitRepoRestrictionCache +} + +type GitRepoRestrictionClient interface { + Create(*v1alpha1.GitRepoRestriction) (*v1alpha1.GitRepoRestriction, error) + Update(*v1alpha1.GitRepoRestriction) (*v1alpha1.GitRepoRestriction, error) + + Delete(namespace, name string, options *metav1.DeleteOptions) error + Get(namespace, name string, options metav1.GetOptions) (*v1alpha1.GitRepoRestriction, error) + List(namespace string, opts metav1.ListOptions) (*v1alpha1.GitRepoRestrictionList, error) + Watch(namespace string, opts metav1.ListOptions) (watch.Interface, error) + Patch(namespace, name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.GitRepoRestriction, err error) +} + +type GitRepoRestrictionCache interface { + Get(namespace, name string) (*v1alpha1.GitRepoRestriction, error) + List(namespace string, selector labels.Selector) ([]*v1alpha1.GitRepoRestriction, error) + + AddIndexer(indexName string, indexer GitRepoRestrictionIndexer) + GetByIndex(indexName, key string) ([]*v1alpha1.GitRepoRestriction, error) +} + +type GitRepoRestrictionIndexer func(obj *v1alpha1.GitRepoRestriction) ([]string, error) + +type gitRepoRestrictionController struct { + controller controller.SharedController + client *client.Client + gvk schema.GroupVersionKind + groupResource schema.GroupResource +} + +func NewGitRepoRestrictionController(gvk schema.GroupVersionKind, resource string, namespaced bool, controller controller.SharedControllerFactory) GitRepoRestrictionController { + c := controller.ForResourceKind(gvk.GroupVersion().WithResource(resource), gvk.Kind, namespaced) + return &gitRepoRestrictionController{ + controller: c, + client: c.Client(), + gvk: gvk, + groupResource: schema.GroupResource{ + Group: gvk.Group, + Resource: resource, + }, + } +} + +func FromGitRepoRestrictionHandlerToHandler(sync GitRepoRestrictionHandler) generic.Handler { + return func(key string, obj runtime.Object) (ret runtime.Object, err error) { + var v *v1alpha1.GitRepoRestriction + if obj == nil { + v, err = sync(key, nil) + } else { + v, err = sync(key, obj.(*v1alpha1.GitRepoRestriction)) + } + if v == nil { + return nil, err + } + return v, err + } +} + +func (c *gitRepoRestrictionController) Updater() generic.Updater { + return func(obj runtime.Object) (runtime.Object, error) { + newObj, err := c.Update(obj.(*v1alpha1.GitRepoRestriction)) + if newObj == nil { + return nil, err + } + return newObj, err + } +} + +func UpdateGitRepoRestrictionDeepCopyOnChange(client GitRepoRestrictionClient, obj *v1alpha1.GitRepoRestriction, handler func(obj *v1alpha1.GitRepoRestriction) (*v1alpha1.GitRepoRestriction, error)) (*v1alpha1.GitRepoRestriction, error) { + if obj == nil { + return obj, nil + } + + copyObj := obj.DeepCopy() + newObj, err := handler(copyObj) + if newObj != nil { + copyObj = newObj + } + if obj.ResourceVersion == copyObj.ResourceVersion && !equality.Semantic.DeepEqual(obj, copyObj) { + return client.Update(copyObj) + } + + return copyObj, err +} + +func (c *gitRepoRestrictionController) AddGenericHandler(ctx context.Context, name string, handler generic.Handler) { + c.controller.RegisterHandler(ctx, name, controller.SharedControllerHandlerFunc(handler)) +} + +func (c *gitRepoRestrictionController) AddGenericRemoveHandler(ctx context.Context, name string, handler generic.Handler) { + c.AddGenericHandler(ctx, name, generic.NewRemoveHandler(name, c.Updater(), handler)) +} + +func (c *gitRepoRestrictionController) OnChange(ctx context.Context, name string, sync GitRepoRestrictionHandler) { + c.AddGenericHandler(ctx, name, FromGitRepoRestrictionHandlerToHandler(sync)) +} + +func (c *gitRepoRestrictionController) OnRemove(ctx context.Context, name string, sync GitRepoRestrictionHandler) { + c.AddGenericHandler(ctx, name, generic.NewRemoveHandler(name, c.Updater(), FromGitRepoRestrictionHandlerToHandler(sync))) +} + +func (c *gitRepoRestrictionController) Enqueue(namespace, name string) { + c.controller.Enqueue(namespace, name) +} + +func (c *gitRepoRestrictionController) EnqueueAfter(namespace, name string, duration time.Duration) { + c.controller.EnqueueAfter(namespace, name, duration) +} + +func (c *gitRepoRestrictionController) Informer() cache.SharedIndexInformer { + return c.controller.Informer() +} + +func (c *gitRepoRestrictionController) GroupVersionKind() schema.GroupVersionKind { + return c.gvk +} + +func (c *gitRepoRestrictionController) Cache() GitRepoRestrictionCache { + return &gitRepoRestrictionCache{ + indexer: c.Informer().GetIndexer(), + resource: c.groupResource, + } +} + +func (c *gitRepoRestrictionController) Create(obj *v1alpha1.GitRepoRestriction) (*v1alpha1.GitRepoRestriction, error) { + result := &v1alpha1.GitRepoRestriction{} + return result, c.client.Create(context.TODO(), obj.Namespace, obj, result, metav1.CreateOptions{}) +} + +func (c *gitRepoRestrictionController) Update(obj *v1alpha1.GitRepoRestriction) (*v1alpha1.GitRepoRestriction, error) { + result := &v1alpha1.GitRepoRestriction{} + return result, c.client.Update(context.TODO(), obj.Namespace, obj, result, metav1.UpdateOptions{}) +} + +func (c *gitRepoRestrictionController) Delete(namespace, name string, options *metav1.DeleteOptions) error { + if options == nil { + options = &metav1.DeleteOptions{} + } + return c.client.Delete(context.TODO(), namespace, name, *options) +} + +func (c *gitRepoRestrictionController) Get(namespace, name string, options metav1.GetOptions) (*v1alpha1.GitRepoRestriction, error) { + result := &v1alpha1.GitRepoRestriction{} + return result, c.client.Get(context.TODO(), namespace, name, result, options) +} + +func (c *gitRepoRestrictionController) List(namespace string, opts metav1.ListOptions) (*v1alpha1.GitRepoRestrictionList, error) { + result := &v1alpha1.GitRepoRestrictionList{} + return result, c.client.List(context.TODO(), namespace, result, opts) +} + +func (c *gitRepoRestrictionController) Watch(namespace string, opts metav1.ListOptions) (watch.Interface, error) { + return c.client.Watch(context.TODO(), namespace, opts) +} + +func (c *gitRepoRestrictionController) Patch(namespace, name string, pt types.PatchType, data []byte, subresources ...string) (*v1alpha1.GitRepoRestriction, error) { + result := &v1alpha1.GitRepoRestriction{} + return result, c.client.Patch(context.TODO(), namespace, name, pt, data, result, metav1.PatchOptions{}, subresources...) +} + +type gitRepoRestrictionCache struct { + indexer cache.Indexer + resource schema.GroupResource +} + +func (c *gitRepoRestrictionCache) Get(namespace, name string) (*v1alpha1.GitRepoRestriction, error) { + obj, exists, err := c.indexer.GetByKey(namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(c.resource, name) + } + return obj.(*v1alpha1.GitRepoRestriction), nil +} + +func (c *gitRepoRestrictionCache) List(namespace string, selector labels.Selector) (ret []*v1alpha1.GitRepoRestriction, err error) { + + err = cache.ListAllByNamespace(c.indexer, namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.GitRepoRestriction)) + }) + + return ret, err +} + +func (c *gitRepoRestrictionCache) AddIndexer(indexName string, indexer GitRepoRestrictionIndexer) { + utilruntime.Must(c.indexer.AddIndexers(map[string]cache.IndexFunc{ + indexName: func(obj interface{}) (strings []string, e error) { + return indexer(obj.(*v1alpha1.GitRepoRestriction)) + }, + })) +} + +func (c *gitRepoRestrictionCache) GetByIndex(indexName, key string) (result []*v1alpha1.GitRepoRestriction, err error) { + objs, err := c.indexer.ByIndex(indexName, key) + if err != nil { + return nil, err + } + result = make([]*v1alpha1.GitRepoRestriction, 0, len(objs)) + for _, obj := range objs { + result = append(result, obj.(*v1alpha1.GitRepoRestriction)) + } + return result, nil +} diff --git a/pkg/generated/controllers/fleet.cattle.io/v1alpha1/interface.go b/pkg/generated/controllers/fleet.cattle.io/v1alpha1/interface.go index cc2ea104d5..40f183a6e0 100644 --- a/pkg/generated/controllers/fleet.cattle.io/v1alpha1/interface.go +++ b/pkg/generated/controllers/fleet.cattle.io/v1alpha1/interface.go @@ -39,6 +39,7 @@ type Interface interface { ClusterRegistrationToken() ClusterRegistrationTokenController Content() ContentController GitRepo() GitRepoController + GitRepoRestriction() GitRepoRestrictionController } func New(controllerFactory controller.SharedControllerFactory) Interface { @@ -78,3 +79,6 @@ func (c *version) Content() ContentController { func (c *version) GitRepo() GitRepoController { return NewGitRepoController(schema.GroupVersionKind{Group: "fleet.cattle.io", Version: "v1alpha1", Kind: "GitRepo"}, "gitrepos", true, c.controllerFactory) } +func (c *version) GitRepoRestriction() GitRepoRestrictionController { + return NewGitRepoRestrictionController(schema.GroupVersionKind{Group: "fleet.cattle.io", Version: "v1alpha1", Kind: "GitRepoRestriction"}, "gitreporestrictions", true, c.controllerFactory) +}