Optimize dynamic webhook update process for RI

api/v1/resourcesinterceptor_types.go

@@ -155,15 +155,15 @@ type LastBypassedObjectState struct {
 	LastBypassedObject JsonGVRN `json:"lastBypassObject,omitempty"`
 }
 
-type LastInterceptedObjectState struct {
+type LastObservedObjectState struct {
 	// +optional
-	LastInterceptedObjectTime metav1.Time `json:"lastInterceptedObjectTime,omitempty"`
+	LastObservedObjectTime metav1.Time `json:"lastObservedObjectTime,omitempty"`
 
 	// +optional
-	LastInterceptedObjectUserInfo authenticationv1.UserInfo `json:"lastInterceptedObjectUserInfo,omitempty"`
+	LastObservedObjectUserInfo authenticationv1.UserInfo `json:"lastObservedObjectUserInfo,omitempty"`
 
 	// +optional
-	LastInterceptedObject JsonGVRN `json:"lastInterceptedObject,omitempty"`
+	LastObservedObject JsonGVRN `json:"lastObservedObject,omitempty"`
 }
 
 type LastPushedObjectState struct {
@@ -189,21 +189,21 @@ type LastPushedObjectState struct {
 	LastPushedObjectStatus string `json:"lastPushedObjectState,omitempty"`
 }
 
-// type PushedObjectStatus string
-
-// const (
-// 	Pushed         PushedObjectStatus = "Resource correctly pushed"
-// 	PushNotAllowed PushedObjectStatus = "Error: Push permission is not allowed on this git repository for this user"
-// 	NetworkError   PushedObjectStatus = "Error: A network error occured"
-// )
-
 // ResourcesInterceptorStatus defines the observed state of ResourcesInterceptor
 type ResourcesInterceptorStatus struct {
+
+	// +listType=map
+	// +listMapKey=type
+	// +patchStrategy=merge
+	// +patchMergeKey=type
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
+
 	// +optional
 	LastBypassedObjectState LastBypassedObjectState `json:"lastBypassedObjectState,omitempty"`
 
 	// +optional
-	LastInterceptedObjectState LastInterceptedObjectState `json:"lastInterceptedObjectState,omitempty"`
+	LastObservedObjectState LastObservedObjectState `json:"lastObservedObjectState,omitempty"`
 
 	// +optional
 	LastPushedObjectState LastPushedObjectState `json:"lastPushedObjectState,omitempty"`

config/crd/bases/kgio.dams.kgio_resourcesinterceptors.yaml

@@ -285,6 +285,78 @@ spec:
             description: ResourcesInterceptorStatus defines the observed state of
               ResourcesInterceptor
             properties:
+              conditions:
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
               lastBypassedObjectState:
                 properties:
                   lastBypassObject:
@@ -337,9 +409,9 @@ spec:
                         type: string
                     type: object
                 type: object
-              lastInterceptedObjectState:
+              lastObservedObjectState:
                 properties:
-                  lastInterceptedObject:
+                  lastObservedObject:
                     properties:
                       group:
                         type: string
@@ -355,10 +427,10 @@ spec:
                     - resource
                     - version
                     type: object
-                  lastInterceptedObjectTime:
+                  lastObservedObjectTime:
                     format: date-time
                     type: string
-                  lastInterceptedObjectUserInfo:
+                  lastObservedObjectUserInfo:
                     description: |-
                       UserInfo holds the information about the user needed to implement the
                       user.Info interface.

internal/controller/resourcesinterceptor_controller.go

@@ -160,10 +160,12 @@ func (r *ResourcesInterceptorReconciler) Reconcile(ctx context.Context, req ctrl
 			found.Webhooks = currentWebhookCopy
 		}
 
-		err = r.Update(ctx, found)
-		if err != nil {
-			r.Recorder.Event(&resourcesInterceptor, "Warning", "WebhookNotUpdated", "The webhook exists but has not been updated")
-			return reconcile.Result{}, err
+		if len(found.Webhooks) != len(currentWebhookCopy) {
+			err = r.Update(ctx, found)
+			if err != nil {
+				r.Recorder.Event(&resourcesInterceptor, "Warning", "WebhookNotUpdated", "The webhook exists but has not been updated")
+				return reconcile.Result{}, err
+			}
 		}
 	} else {
 		// Create a new webhook if not found -> if it is the first RI to be created

internal/controller/webhook_request_checker.go

@@ -485,12 +485,12 @@ func (wrc *WebhookRequestChecker) updateStatus(kind string, details wrcDetails)
 		}
 		wrc.resourcesInterceptor.Status.LastBypassedObjectState = *lastBypassedObjectState
 	case "LastInterceptedObjectState":
-		lastInterceptedObjectState := &kgiov1.LastInterceptedObjectState{
-			LastInterceptedObjectTime:     v1.Now(),
-			LastInterceptedObjectUserInfo: wrc.admReview.Request.UserInfo,
-			LastInterceptedObject:         *gvrn,
+		lastObservedObjectState := &kgiov1.LastObservedObjectState{
+			LastObservedObjectTime:     v1.Now(),
+			LastObservedObjectUserInfo: wrc.admReview.Request.UserInfo,
+			LastObservedObject:         *gvrn,
 		}
-		wrc.resourcesInterceptor.Status.LastInterceptedObjectState = *lastInterceptedObjectState
+		wrc.resourcesInterceptor.Status.LastObservedObjectState = *lastObservedObjectState
 	case "LastPushedObjectState":
 		lastPushedObjectState := &kgiov1.LastPushedObjectState{
 			LastPushedObjectTime:          v1.Now(),