Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add allowedPropagatingAPIs option for resource selection #638

Merged
merged 12 commits into from
Dec 21, 2023
Merged

feat: add allowedPropagatingAPIs option for resource selection #638

merged 12 commits into from
Dec 21, 2023

Conversation

vasudev-bongale
Copy link
Contributor

Changes

  • Add --allowed-propagating-apis option to hub-agent command.
  • Validate that --allowed-propagating-apis and --skipped-propagating-apis are mutually exclusive and cannot be specified together.
  • Refactor DisabledResourceConfig type into a generic ResourceConfig so that we can reuse it for both Allowed and Disabled resource configs. During initializing DisabledResourceConfig, fleet and built-in resources are configured.
  • Update change_detector to watch only the allowed resources if specified.
  • Update resource_selector to only select allowed resources if specified.
  • Add a util function with unit test to determine if a ResourceConfig is empty

Other changes

  • Add make help recipe for developers to list the available commands in the Makefile.

Fixes #633

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Verify that the options are mutually exclusive.

E1213 17:04:40.247238   91214 main.go:79] "invalid parameter" err="Options.AllowedPropagatingAPIs: Invalid value: \"policy/v1\": AllowedPropagatingAPIs and SkippedPropagatingAPIs are mutually exclusive"
exit status 1

Run hub-agent locally, its able to start with the right option value for --allowed-propagating-apis

❯ export POD_NAMESPACE=fleet-system
❯ go run ./cmd/hubagent/main.go --enable-v1alpha1-apis=false --enable-v1beta1-apis=true --allowed-propagating-apis=rbac.authorization.k8s.io/v1 --v=1
I1214 09:19:00.292904   85484 main.go:76] "flag:" name="add_dir_header" value="false"
I1214 09:19:00.293211   85484 main.go:76] "flag:" name="allowed-propagating-apis" value="rbac.authorization.k8s.io/v1"
Verify that the Allowed resources are being watched and informer is created 
I1214 09:19:11.823118   85484 change_dector.go:205] "Watching Allowed Resource" GVK="rbac.authorization.k8s.io/v1, Kind=ClusterRole"
I1214 09:19:11.823254   85484 change_dector.go:205] "Watching Allowed Resource" GVK="rbac.authorization.k8s.io/v1, Kind=Role"
I1214 09:19:11.823345   85484 change_dector.go:205] "Watching Allowed Resource" GVK="rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding"
I1214 09:19:11.823394   85484 change_dector.go:205] "Watching Allowed Resource" GVK="rbac.authorization.k8s.io/v1, Kind=RoleBinding"
I1214 09:19:11.826453   85484 informermanager.go:123] "Added an informer for a new resource" res={"GroupVersionKind":{"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRole"},"GroupVersionResource":{"Group":"rbac.authorization.k8s.io","Version":"v1","Resource":"clusterroles"},"IsClusterScoped":true}
I1214 09:19:11.826502   85484 informermanager.go:123] "Added an informer for a new resource" res={"GroupVersionKind":{"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"Role"},"GroupVersionResource":{"Group":"rbac.authorization.k8s.io","Version":"v1","Resource":"roles"},"IsClusterScoped":false}
I1214 09:19:11.826519   85484 informermanager.go:123] "Added an informer for a new resource" res={"GroupVersionKind":{"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"ClusterRoleBinding"},"GroupVersionResource":{"Group":"rbac.authorization.k8s.io","Version":"v1","Resource":"clusterrolebindings"},"IsClusterScoped":true}
I1214 09:19:11.826536   85484 informermanager.go:123] "Added an informer for a new resource" res={"GroupVersionKind":{"Group":"rbac.authorization.k8s.io","Version":"v1","Kind":"RoleBinding"},"GroupVersionResource":{"Group":"rbac.authorization.k8s.io","Version":"v1","Resource":"rolebindings"},"IsClusterScoped":false}
It selects the correct resources 
    - lastTransitionTime: "2023-12-14T03:54:43Z"
      message: Successfully applied resources
      observedGeneration: 1
      reason: ApplySucceeded
      status: "True"
      type: ResourceApplied
  selectedResources:
  - group: rbac.authorization.k8s.io
    kind: Role
    name: vbongale-test-lease-role
    namespace: vbongale-test-ns
    version: v1
  - kind: Namespace
    name: vbongale-test-ns
    version: v1

Running tool: /opt/homebrew/bin/go test -timeout 30s -run ^TestResourceConfigIsEmpty$ go.goms.io/fleet/pkg/utils
ok  	go.goms.io/fleet/pkg/utils
$ make help 

❯ make help

Usage:
  make <target>
  help             Display this help.
  lint-full        Run slower linters to detect possible issues
  fmt              Run go fmt against code.
  vet              Run go vet against code.
  test             Run tests.
  local-unit-test  Run tests.
  integration-test  Run tests.
  build            Build agent binaries.
  run-hubagent     Run a controllers from your host.
  run-memberagent  Run a controllers from your host.
  clean-bin        Remove all generated binaries

@vasudev-bongale vasudev-bongale force-pushed the vasudev-bongale/allowed-apis branch from 9958a07 to 82ae57c Compare December 14, 2023 10:26
zhiying-lin
zhiying-lin reviewed Dec 15, 2023
View reviewed changes
pkg/utils/apiresources.go Show resolved Hide resolved
pkg/utils/apiresources.go Outdated Show resolved Hide resolved
pkg/utils/apiresources.go Outdated Show resolved Hide resolved
pkg/utils/apiresources.go Outdated Show resolved Hide resolved
pkg/utils/apiresources.go Show resolved Hide resolved
cmd/hubagent/workload/setup.go Outdated Show resolved Hide resolved
pkg/controllers/clusterresourceplacement/resource_selector.go Outdated Show resolved Hide resolved
zhiying-lin
zhiying-lin reviewed Dec 19, 2023
View reviewed changes
cmd/hubagent/options/validation.go Outdated Show resolved Hide resolved
cmd/hubagent/options/options.go Show resolved Hide resolved
cmd/hubagent/workload/setup.go Show resolved Hide resolved
cmd/hubagent/workload/setup.go Show resolved Hide resolved
pkg/utils/apiresources.go Outdated Show resolved Hide resolved
pkg/utils/apiresources.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
zhiying-lin
zhiying-lin reviewed Dec 20, 2023
View reviewed changes
pkg/controllers/clusterresourceplacement/resource_selector.go Outdated Show resolved Hide resolved
pkg/utils/apiresources.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
pkg/utils/apiresources_test.go Outdated Show resolved Hide resolved
@zhiying-lin zhiying-lin merged commit 262ab57 into Azure:main Dec 21, 2023
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryanzhang-oss ryanzhang-oss ryanzhang-oss left review comments

@zhiying-lin zhiying-lin zhiying-lin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[feature] Add AllowedAPIs option for the resources propagated from the namespace
3 participants
@vasudev-bongale @zhiying-lin @ryanzhang-oss