2020-09-16 14:19:51 +00:00
|
|
|
// Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
2020-09-14 15:42:42 +00:00
|
|
|
|
2020-10-30 19:02:21 +00:00
|
|
|
// Package webhookcachecleaner implements a controller for garbage collecting webhook authenticators from an authenticator cache.
|
2020-09-14 15:42:42 +00:00
|
|
|
package webhookcachecleaner
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
|
|
"github.com/go-logr/logr"
|
|
|
|
|
"k8s.io/apimachinery/pkg/labels"
|
|
|
|
|
"k8s.io/klog/v2"
|
|
|
|
|
|
2020-10-30 16:03:25 +00:00
|
|
|
auth1alpha1 "go.pinniped.dev/generated/1.19/apis/concierge/authentication/v1alpha1"
|
2020-10-30 20:09:14 +00:00
|
|
|
authinformers "go.pinniped.dev/generated/1.19/client/concierge/informers/externalversions/authentication/v1alpha1"
|
2020-09-18 19:56:24 +00:00
|
|
|
pinnipedcontroller "go.pinniped.dev/internal/controller"
|
2020-10-30 19:02:21 +00:00
|
|
|
"go.pinniped.dev/internal/controller/authenticator/authncache"
|
2020-09-18 19:56:24 +00:00
|
|
|
"go.pinniped.dev/internal/controllerlib"
|
2020-09-14 15:42:42 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// New instantiates a new controllerlib.Controller which will garbage collect webhooks from the provided Cache.
|
2020-10-30 19:02:21 +00:00
|
|
|
func New(cache *authncache.Cache, webhooks authinformers.WebhookAuthenticatorInformer, log logr.Logger) controllerlib.Controller {
|
2020-09-14 15:42:42 +00:00
|
|
|
return controllerlib.New(
|
|
|
|
|
controllerlib.Config{
|
|
|
|
|
Name: "webhookcachecleaner-controller",
|
|
|
|
|
Syncer: &controller{
|
2020-10-30 19:02:21 +00:00
|
|
|
cache: cache,
|
|
|
|
|
webhooks: webhooks,
|
|
|
|
|
log: log.WithName("webhookcachecleaner-controller"),
|
2020-09-14 15:42:42 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
controllerlib.WithInformer(
|
2020-10-30 19:02:21 +00:00
|
|
|
webhooks,
|
2020-10-17 00:51:40 +00:00
|
|
|
pinnipedcontroller.MatchAnythingFilter(),
|
2020-09-14 15:42:42 +00:00
|
|
|
controllerlib.InformerOption{},
|
|
|
|
|
),
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type controller struct {
|
2020-10-30 19:02:21 +00:00
|
|
|
cache *authncache.Cache
|
|
|
|
|
webhooks authinformers.WebhookAuthenticatorInformer
|
|
|
|
|
log logr.Logger
|
2020-09-14 15:42:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Sync implements controllerlib.Syncer.
|
2020-10-17 00:51:40 +00:00
|
|
|
func (c *controller) Sync(_ controllerlib.Context) error {
|
2020-10-30 19:02:21 +00:00
|
|
|
webhooks, err := c.webhooks.Lister().List(labels.Everything())
|
2020-09-14 15:42:42 +00:00
|
|
|
if err != nil {
|
2020-10-30 16:39:26 +00:00
|
|
|
return fmt.Errorf("failed to list WebhookAuthenticators: %w", err)
|
2020-09-14 15:42:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Index the current webhooks by key.
|
2020-10-30 16:39:26 +00:00
|
|
|
webhooksByKey := map[controllerlib.Key]*auth1alpha1.WebhookAuthenticator{}
|
2020-09-14 15:42:42 +00:00
|
|
|
for _, webhook := range webhooks {
|
|
|
|
|
key := controllerlib.Key{Namespace: webhook.Namespace, Name: webhook.Name}
|
|
|
|
|
webhooksByKey[key] = webhook
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete any entries from the cache which are no longer in the cluster.
|
|
|
|
|
for _, key := range c.cache.Keys() {
|
2020-10-30 16:39:26 +00:00
|
|
|
if key.APIGroup != auth1alpha1.SchemeGroupVersion.Group || key.Kind != "WebhookAuthenticator" {
|
2020-09-21 16:37:54 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if _, exists := webhooksByKey[controllerlib.Key{Namespace: key.Namespace, Name: key.Name}]; !exists {
|
2020-10-30 19:02:21 +00:00
|
|
|
c.log.WithValues("webhook", klog.KRef(key.Namespace, key.Name)).Info("deleting webhook authenticator from cache")
|
2020-09-14 15:42:42 +00:00
|
|
|
c.cache.Delete(key)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
