Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support typeless kubernetes resources when generating manifests #931

Merged
merged 4 commits into from
Aug 26, 2024
Merged

Support typeless kubernetes resources when generating manifests #931

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
875f369
Support typeless kubernetes resources when generating manifests
xpie Aug 22, 2024
0a1cbd8
cleanup code-checking problems
xpie Aug 22, 2024
2f3fe6d
fix missing assertion
xpie Aug 23, 2024
58a49c8
Refactor AddClusterRolesDecorator for more understandable
xpie Aug 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 70 additions & 7 deletions ...loyment/src/main/java/io/quarkiverse/operatorsdk/deployment/AddClusterRolesDecorator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,20 @@
package io.quarkiverse.operatorsdk.deployment;

import java.util.Collection;
import java.util.Map;
import java.util.*;

import org.jetbrains.annotations.NotNull;

import io.dekorate.kubernetes.decorator.ResourceProvidingDecorator;
import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.kubernetes.api.model.KubernetesListBuilder;
import io.fabric8.kubernetes.api.model.rbac.ClusterRole;
import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder;
import io.fabric8.kubernetes.api.model.rbac.PolicyRule;
import io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder;
import io.javaoperatorsdk.operator.api.reconciler.dependent.Deleter;
import io.javaoperatorsdk.operator.processing.dependent.Creator;
import io.javaoperatorsdk.operator.processing.dependent.Updater;
import io.javaoperatorsdk.operator.processing.dependent.kubernetes.GenericKubernetesDependentResource;
import io.quarkiverse.operatorsdk.annotations.RBACVerbs;
import io.quarkiverse.operatorsdk.runtime.DependentResourceSpecMetadata;
import io.quarkiverse.operatorsdk.runtime.QuarkusControllerConfiguration;
Expand Down Expand Up @@ -78,15 +81,33 @@ public static ClusterRole createClusterRole(QuarkusControllerConfiguration<?> cr
.addToRules(rule.build());

final Map<String, DependentResourceSpecMetadata<?, ?, ?>> dependentsMetadata = cri.getDependentsMetadata();
Set<PolicyRule> collectedRules = new LinkedHashSet<>();
dependentsMetadata.forEach((name, spec) -> {
final var dependentResourceClass = spec.getDependentResourceClass();
final var associatedResourceClass = spec.getDependentType();

// only process Kubernetes dependents
if (HasMetadata.class.isAssignableFrom(associatedResourceClass)) {
String resourceGroup = HasMetadata.getGroup(associatedResourceClass);
String resourcePlural = HasMetadata.getPlural(associatedResourceClass);

if (GenericKubernetesDependentResource.class.isAssignableFrom(dependentResourceClass)) {
try {
// Only applied class with non-parameter constructor
if (Arrays.stream(dependentResourceClass.getConstructors()).anyMatch(i -> i.getParameterCount() == 0)) {
@SuppressWarnings("rawtypes")
GenericKubernetesDependentResource genericKubernetesResource = (GenericKubernetesDependentResource) dependentResourceClass
.getConstructor().newInstance();
resourceGroup = genericKubernetesResource.getGroupVersionKind().getGroup();
resourcePlural = "*";
}
} catch (Exception e) {
throw new RuntimeException(e);
}
}
final var dependentRule = new PolicyRuleBuilder()
.addToApiGroups(HasMetadata.getGroup(associatedResourceClass))
.addToResources(HasMetadata.getPlural(associatedResourceClass))
.addToApiGroups(resourceGroup)
.addToResources(resourcePlural)
.addToVerbs(RBACVerbs.READ_VERBS);
if (Updater.class.isAssignableFrom(dependentResourceClass)) {
dependentRule.addToVerbs(RBACVerbs.UPDATE_VERBS);
Expand All @@ -100,17 +121,59 @@ public static ClusterRole createClusterRole(QuarkusControllerConfiguration<?> cr
dependentRule.addToVerbs(RBACVerbs.PATCH);
}
}
clusterRoleBuilder.addToRules(dependentRule.build());
collectedRules.add(dependentRule.build());
}

});

// add additional RBAC rules
clusterRoleBuilder.addAllToRules(cri.getAdditionalRBACRules());
collectedRules.addAll(cri.getAdditionalRBACRules());
Set<PolicyRule> normalizedRules = getNormalizedRules(collectedRules);
clusterRoleBuilder.addToRules(normalizedRules.toArray(PolicyRule[]::new));

return clusterRoleBuilder.build();
}

@NotNull
private static Set<PolicyRule> getNormalizedRules(Set<PolicyRule> collectedRules) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add tests for this method and maybe add more comments about what it's doing?

Set<PolicyRule> normalizedRules = new LinkedHashSet<>();
collectedRules.stream()
.map(i -> new PolicyRule(i.getApiGroups(), i.getNonResourceURLs(), i.getResourceNames(), i.getResources(),
i.getVerbs()) {

@Override
public boolean equals(Object o) {
if (o == null)
return false;
if (o instanceof PolicyRule) {
if (Objects.equals(
this.getApiGroups().stream().sorted().toList(),
((PolicyRule) o).getApiGroups().stream().sorted().toList())) {
return Objects.equals(
getResources().stream().sorted().toList(),
((PolicyRule) o).getResources().stream().sorted().toList());
}
}
return false;
}

@Override
public int hashCode() {
// equals method called only with same hashCode
return 0;
}
}).forEach(i -> {
if (!normalizedRules.add(i)) {
normalizedRules.stream().filter(j -> Objects.equals(j, i)).findAny().ifPresent(r -> {
Set<String> verbs1 = new LinkedHashSet<>(r.getVerbs());
Set<String> verbs2 = new LinkedHashSet<>(i.getVerbs());
verbs1.addAll(verbs2);
r.setVerbs(verbs1.stream().toList());
});
}
});
return normalizedRules;
}

public static String getClusterRoleName(String controller) {
return controller + "-cluster-role";
}
Expand Down
17 changes: 5 additions & 12 deletions core/deployment/src/test/java/io/quarkiverse/operatorsdk/test/OperatorSDKTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,17 +28,7 @@
import io.quarkiverse.operatorsdk.annotations.RBACVerbs;
import io.quarkiverse.operatorsdk.deployment.AddClusterRolesDecorator;
import io.quarkiverse.operatorsdk.deployment.AddRoleBindingsDecorator;
import io.quarkiverse.operatorsdk.test.sources.CRUDConfigMap;
import io.quarkiverse.operatorsdk.test.sources.CreateOnlyService;
import io.quarkiverse.operatorsdk.test.sources.Foo;
import io.quarkiverse.operatorsdk.test.sources.NonKubeResource;
import io.quarkiverse.operatorsdk.test.sources.ReadOnlySecret;
import io.quarkiverse.operatorsdk.test.sources.SimpleCR;
import io.quarkiverse.operatorsdk.test.sources.SimpleReconciler;
import io.quarkiverse.operatorsdk.test.sources.SimpleSpec;
import io.quarkiverse.operatorsdk.test.sources.SimpleStatus;
import io.quarkiverse.operatorsdk.test.sources.TestCR;
import io.quarkiverse.operatorsdk.test.sources.TestReconciler;
import io.quarkiverse.operatorsdk.test.sources.*;
import io.quarkus.test.ProdBuildResults;
import io.quarkus.test.ProdModeTestResults;
import io.quarkus.test.QuarkusProdModeTest;
Expand All @@ -53,6 +43,7 @@ public class OperatorSDKTest {
.withApplicationRoot((jar) -> jar
.addClasses(TestReconciler.class, TestCR.class, CRUDConfigMap.class, ReadOnlySecret.class,
CreateOnlyService.class, NonKubeResource.class, Foo.class,
TypelessKubeResource.class, TypelessAnotherKubeResource.class,
SimpleReconciler.class, SimpleCR.class, SimpleSpec.class, SimpleStatus.class));

@ProdBuildResults
Expand All @@ -79,7 +70,7 @@ public void shouldCreateRolesAndRoleBindings() throws IOException {
.map(ClusterRole.class::cast)
.forEach(cr -> {
final var rules = cr.getRules();
assertEquals(5, rules.size());
assertEquals(6, rules.size());
assertTrue(rules.stream()
.filter(rule -> rule.getApiGroups().equals(List.of(HasMetadata.getGroup(TestCR.class))))
.anyMatch(rule -> {
Expand Down Expand Up @@ -108,6 +99,8 @@ public void shouldCreateRolesAndRoleBindings() throws IOException {
.filter(rule -> rule.getResources().equals(List.of(RBACRule.ALL)))
.anyMatch(rule -> rule.getVerbs().equals(List.of(UPDATE))
&& rule.getApiGroups().equals(List.of(RBACRule.ALL))));
rules.stream().filter(rule -> rule.getApiGroups().equals(List.of(TypelessKubeResource.GROUP)))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is missing an assertion.

.anyMatch(rule -> rule.getResources().equals(List.of("*")));
});

// check that we have a role binding for TestReconciler and that it uses the operator-level specified namespace
Expand Down
4 changes: 3 additions & 1 deletion core/deployment/src/test/java/io/quarkiverse/operatorsdk/test/sources/TestReconciler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@
@Dependent(type = CRUDConfigMap.class),
@Dependent(type = ReadOnlySecret.class),
@Dependent(type = CreateOnlyService.class),
@Dependent(type = NonKubeResource.class)
@Dependent(type = NonKubeResource.class),
@Dependent(type = TypelessKubeResource.class),
@Dependent(type = TypelessAnotherKubeResource.class)
})
@RBACRule(verbs = RBACVerbs.UPDATE, apiGroups = RBACRule.ALL, resources = RBACRule.ALL)
public class TestReconciler implements Reconciler<TestCR> {
Expand Down
18 changes: 18 additions & 0 deletions ...nt/src/test/java/io/quarkiverse/operatorsdk/test/sources/TypelessAnotherKubeResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package io.quarkiverse.operatorsdk.test.sources;

import io.javaoperatorsdk.operator.api.reconciler.dependent.Deleter;
import io.javaoperatorsdk.operator.processing.GroupVersionKind;
import io.javaoperatorsdk.operator.processing.dependent.kubernetes.GenericKubernetesDependentResource;

public class TypelessAnotherKubeResource extends GenericKubernetesDependentResource<TestCR> implements Deleter<TestCR> {

public static final String GROUP = "crd.josdk.quarkiverse.io";
public static final String KIND = "typelessAnother";
public static final String VERSION = "v1";
private static final GroupVersionKind GVK = new GroupVersionKind(GROUP, VERSION, KIND);

public TypelessAnotherKubeResource() {
super(GVK);
}

}
17 changes: 17 additions & 0 deletions ...eployment/src/test/java/io/quarkiverse/operatorsdk/test/sources/TypelessKubeResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package io.quarkiverse.operatorsdk.test.sources;

import io.javaoperatorsdk.operator.processing.GroupVersionKind;
import io.javaoperatorsdk.operator.processing.dependent.kubernetes.GenericKubernetesDependentResource;

public class TypelessKubeResource extends GenericKubernetesDependentResource<TestCR> {

public static final String GROUP = "crd.josdk.quarkiverse.io";
public static final String KIND = "typeless";
public static final String VERSION = "v1";
private static final GroupVersionKind GVK = new GroupVersionKind(GROUP, VERSION, KIND);

public TypelessKubeResource() {
super(GVK);
}

}