ContainerImage.Pinniped/internal/controller/logindiscovery/publisher.go

/*
Copyright 2020 VMware, Inc.
SPDX-License-Identifier: Apache-2.0
*/

package logindiscovery

import (
	"context"
	"encoding/base64"
	"fmt"

	k8serrors "k8s.io/apimachinery/pkg/api/errors"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	corev1informers "k8s.io/client-go/informers/core/v1"
	"k8s.io/client-go/tools/clientcmd"
	"k8s.io/klog/v2"

	"github.com/suzerain-io/controller-go"
	placeholderv1alpha1 "github.com/suzerain-io/placeholder-name-api/pkg/apis/placeholder/v1alpha1"
	placeholderclientset "github.com/suzerain-io/placeholder-name-client-go/pkg/generated/clientset/versioned"
	placeholderv1alpha1informers "github.com/suzerain-io/placeholder-name-client-go/pkg/generated/informers/externalversions/placeholder/v1alpha1"
)

const (
	clusterInfoName         = "cluster-info"
	clusterInfoNamespace    = "kube-public"
	clusterInfoConfigMapKey = "kubeconfig"

	configName = "placeholder-name-config"
)

type publisherController struct {
	namespace                    string
	placeholderClient            placeholderclientset.Interface
	configMapInformer            corev1informers.ConfigMapInformer
	loginDiscoveryConfigInformer placeholderv1alpha1informers.LoginDiscoveryConfigInformer
}

func NewPublisherController(
	namespace string,
	placeholderClient placeholderclientset.Interface,
	configMapInformer corev1informers.ConfigMapInformer,
	loginDiscoveryConfigInformer placeholderv1alpha1informers.LoginDiscoveryConfigInformer,
) controller.Controller {
	return controller.New(
		controller.Config{
			Name: "publisher-controller",
			Syncer: &publisherController{
				namespace:                    namespace,
				placeholderClient:            placeholderClient,
				configMapInformer:            configMapInformer,
				loginDiscoveryConfigInformer: loginDiscoveryConfigInformer,
			},
		},
		controller.WithInformer(
			configMapInformer,
			controller.FilterFuncs{}, // TODO fix this and write tests
			controller.InformerOption{},
		),
		controller.WithInformer(
			loginDiscoveryConfigInformer,
			controller.FilterFuncs{}, // TODO fix this and write tests
			controller.InformerOption{},
		),
	)
}

func (c *publisherController) Sync(ctx controller.Context) error {
	configMap, err := c.configMapInformer.
		Lister().
		ConfigMaps(clusterInfoNamespace).
		Get(clusterInfoName)
	notFound := k8serrors.IsNotFound(err)
	if err != nil && !notFound {
		return fmt.Errorf("failed to get %s configmap: %w", clusterInfoName, err)
	}
	if notFound {
		klog.InfoS(
			"could not find config map",
			"configmap",
			klog.KRef(clusterInfoNamespace, clusterInfoName),
		)
		return nil
	}

	kubeConfig, kubeConfigPresent := configMap.Data[clusterInfoConfigMapKey]
	if !kubeConfigPresent {
		klog.InfoS("could not find kubeconfig configmap key")
		return nil
	}

	config, _ := clientcmd.Load([]byte(kubeConfig))

	var certificateAuthorityData, server string
	for _, v := range config.Clusters {
		certificateAuthorityData = base64.StdEncoding.EncodeToString(v.CertificateAuthorityData)
		server = v.Server
		break
	}

	discoveryConfig := placeholderv1alpha1.LoginDiscoveryConfig{
		TypeMeta: metav1.TypeMeta{},
		ObjectMeta: metav1.ObjectMeta{
			Name:      configName,
			Namespace: c.namespace,
		},
		Spec: placeholderv1alpha1.LoginDiscoveryConfigSpec{
			Server:                   server,
			CertificateAuthorityData: certificateAuthorityData,
		},
	}
	if err := c.createOrUpdateLoginDiscoveryConfig(ctx.Context, &discoveryConfig); err != nil {
		return err
	}

	return nil
}

func (c *publisherController) createOrUpdateLoginDiscoveryConfig(
	ctx context.Context,
	discoveryConfig *placeholderv1alpha1.LoginDiscoveryConfig,
) error {
	existingDiscoveryConfig, err := c.loginDiscoveryConfigInformer.
		Lister().
		LoginDiscoveryConfigs(c.namespace).
		Get(discoveryConfig.Name)
	notFound := k8serrors.IsNotFound(err)
	if err != nil && !notFound {
		return fmt.Errorf("could not get logindiscoveryconfig: %w", err)
	}

	loginDiscoveryConfigs := c.placeholderClient.
		PlaceholderV1alpha1().
		LoginDiscoveryConfigs(c.namespace)
	if notFound {
		if _, err := loginDiscoveryConfigs.Create(
			ctx,
			discoveryConfig,
			metav1.CreateOptions{},
		); err != nil {
			return fmt.Errorf("could not create logindiscoveryconfig: %w", err)
		}
	} else if !equal(existingDiscoveryConfig, discoveryConfig) {
		// Update just the fields we care about.
		existingDiscoveryConfig.Spec.Server = discoveryConfig.Spec.Server
		existingDiscoveryConfig.Spec.CertificateAuthorityData = discoveryConfig.Spec.CertificateAuthorityData

		if _, err := loginDiscoveryConfigs.Update(
			ctx,
			existingDiscoveryConfig,
			metav1.UpdateOptions{},
		); err != nil {
			return fmt.Errorf("could not update logindiscoveryconfig: %w", err)
		}
	}

	return nil
}

func equal(a, b *placeholderv1alpha1.LoginDiscoveryConfig) bool {
	return a.Spec.Server == b.Spec.Server &&
		a.Spec.CertificateAuthorityData == b.Spec.CertificateAuthorityData
}
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`/*`
			`Copyright 2020 VMware, Inc.`
			`SPDX-License-Identifier: Apache-2.0`
			`*/`

			`package logindiscovery`

			`import (`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`"context"`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`"encoding/base64"`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`"fmt"`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`k8serrors "k8s.io/apimachinery/pkg/api/errors"`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`corev1informers "k8s.io/client-go/informers/core/v1"`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`"k8s.io/client-go/tools/clientcmd"`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`"k8s.io/klog/v2"`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00
			`"github.com/suzerain-io/controller-go"`
			`placeholderv1alpha1 "github.com/suzerain-io/placeholder-name-api/pkg/apis/placeholder/v1alpha1"`
			`placeholderclientset "github.com/suzerain-io/placeholder-name-client-go/pkg/generated/clientset/versioned"`
Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`placeholderv1alpha1informers "github.com/suzerain-io/placeholder-name-client-go/pkg/generated/informers/externalversions/placeholder/v1alpha1"`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`)`

			`const (`
			`clusterInfoName = "cluster-info"`
			`clusterInfoNamespace = "kube-public"`
			`clusterInfoConfigMapKey = "kubeconfig"`

			`configName = "placeholder-name-config"`
			`)`

			`type publisherController struct {`
Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`namespace string`
			`placeholderClient placeholderclientset.Interface`
			`configMapInformer corev1informers.ConfigMapInformer`
			`loginDiscoveryConfigInformer placeholderv1alpha1informers.LoginDiscoveryConfigInformer`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`}`

Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`func NewPublisherController(`
			`namespace string,`
			`placeholderClient placeholderclientset.Interface,`
			`configMapInformer corev1informers.ConfigMapInformer,`
			`loginDiscoveryConfigInformer placeholderv1alpha1informers.LoginDiscoveryConfigInformer,`
			`) controller.Controller {`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`return controller.New(`
			`controller.Config{`
			`Name: "publisher-controller",`
			`Syncer: &publisherController{`
Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`namespace: namespace,`
			`placeholderClient: placeholderClient,`
			`configMapInformer: configMapInformer,`
			`loginDiscoveryConfigInformer: loginDiscoveryConfigInformer,`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`},`
			`},`
Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`controller.WithInformer(`
			`configMapInformer,`
			`controller.FilterFuncs{}, // TODO fix this and write tests`
			`controller.InformerOption{},`
			`),`
			`controller.WithInformer(`
			`loginDiscoveryConfigInformer,`
			`controller.FilterFuncs{}, // TODO fix this and write tests`
			`controller.InformerOption{},`
			`),`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00			`)`
			`}`

			`func (c *publisherController) Sync(ctx controller.Context) error {`
Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`configMap, err := c.configMapInformer.`
			`Lister().`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`ConfigMaps(clusterInfoNamespace).`
Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`Get(clusterInfoName)`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`notFound := k8serrors.IsNotFound(err)`
			`if err != nil && !notFound {`
			`return fmt.Errorf("failed to get %s configmap: %w", clusterInfoName, err)`
More tests for the PublisherController - Also, don't repeat `spec.Parallel()` because, according to the docs for the spec package, "options are inherited by subgroups and subspecs" - Two tests are left pending to be filled in on the next commit 2020-07-30 01:18:42 +00:00			`}`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`if notFound {`
			`klog.InfoS(`
			`"could not find config map",`
			`"configmap",`
			`klog.KRef(clusterInfoNamespace, clusterInfoName),`
			`)`
			`return nil`
			`}`

More tests for the PublisherController - Also, don't repeat `spec.Parallel()` because, according to the docs for the spec package, "options are inherited by subgroups and subspecs" - Two tests are left pending to be filled in on the next commit 2020-07-30 01:18:42 +00:00			`kubeConfig, kubeConfigPresent := configMap.Data[clusterInfoConfigMapKey]`
			`if !kubeConfigPresent {`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`klog.InfoS("could not find kubeconfig configmap key")`
			`return nil`
More tests for the PublisherController - Also, don't repeat `spec.Parallel()` because, according to the docs for the spec package, "options are inherited by subgroups and subspecs" - Two tests are left pending to be filled in on the next commit 2020-07-30 01:18:42 +00:00			`}`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00
			`config, _ := clientcmd.Load([]byte(kubeConfig))`

			`var certificateAuthorityData, server string`
			`for _, v := range config.Clusters {`
			`certificateAuthorityData = base64.StdEncoding.EncodeToString(v.CertificateAuthorityData)`
			`server = v.Server`
			`break`
			`}`

			`discoveryConfig := placeholderv1alpha1.LoginDiscoveryConfig{`
			`TypeMeta: metav1.TypeMeta{},`
			`ObjectMeta: metav1.ObjectMeta{`
			`Name: configName,`
			`Namespace: c.namespace,`
			`},`
			`Spec: placeholderv1alpha1.LoginDiscoveryConfigSpec{`
			`Server: server,`
			`CertificateAuthorityData: certificateAuthorityData,`
			`},`
			`}`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`if err := c.createOrUpdateLoginDiscoveryConfig(ctx.Context, &discoveryConfig); err != nil {`
			`return err`
			`}`

			`return nil`
			`}`

			`func (c *publisherController) createOrUpdateLoginDiscoveryConfig(`
			`ctx context.Context,`
			`discoveryConfig *placeholderv1alpha1.LoginDiscoveryConfig,`
			`) error {`
Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`existingDiscoveryConfig, err := c.loginDiscoveryConfigInformer.`
			`Lister().`
			`LoginDiscoveryConfigs(c.namespace).`
			`Get(discoveryConfig.Name)`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`notFound := k8serrors.IsNotFound(err)`
			`if err != nil && !notFound {`
			`return fmt.Errorf("could not get logindiscoveryconfig: %w", err)`
			`}`

Make the PublisherController use informers Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 21:34:13 +00:00			`loginDiscoveryConfigs := c.placeholderClient.`
			`PlaceholderV1alpha1().`
			`LoginDiscoveryConfigs(c.namespace)`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00			`if notFound {`
			`if _, err := loginDiscoveryConfigs.Create(`
			`ctx,`
			`discoveryConfig,`
			`metav1.CreateOptions{},`
			`); err != nil {`
			`return fmt.Errorf("could not create logindiscoveryconfig: %w", err)`
			`}`
			`} else if !equal(existingDiscoveryConfig, discoveryConfig) {`
			`// Update just the fields we care about.`
			`existingDiscoveryConfig.Spec.Server = discoveryConfig.Spec.Server`
			`existingDiscoveryConfig.Spec.CertificateAuthorityData = discoveryConfig.Spec.CertificateAuthorityData`

			`if _, err := loginDiscoveryConfigs.Update(`
			`ctx,`
			`existingDiscoveryConfig,`
			`metav1.UpdateOptions{},`
			`); err != nil {`
			`return fmt.Errorf("could not update logindiscoveryconfig: %w", err)`
			`}`
			`}`
First commit of PublisherController - Also upgrade go-client and api dependencies, and add controller-go as a dependency Signed-off-by: Ryan Richard <richardry@vmware.com> 2020-07-30 00:22:25 +00:00
			`return nil`
			`}`
logindiscovery: add tests for conditional update and error cases - Also add some log lines for better observability of behavior. Signed-off-by: Andrew Keesler <akeesler@vmware.com> 2020-07-30 14:39:15 +00:00
			`func equal(a, b *placeholderv1alpha1.LoginDiscoveryConfig) bool {`
			`return a.Spec.Server == b.Spec.Server &&`
			`a.Spec.CertificateAuthorityData == b.Spec.CertificateAuthorityData`
			`}`