-
Notifications
You must be signed in to change notification settings - Fork 590
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Dharmjit Singh <sdharmjit@vmware.com>
- Loading branch information
Dharmjit Singh
committed
Jun 24, 2024
1 parent
d4e647d
commit 5297b9f
Showing
9 changed files
with
341 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
/* | ||
Copyright 2024 The Knative Authors | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package eventpolicy | ||
|
||
import ( | ||
"context" | ||
|
||
eventpolicyinformer "knative.dev/eventing/pkg/client/injection/informers/eventing/v1alpha1/eventpolicy" | ||
eventpolicyreconciler "knative.dev/eventing/pkg/client/injection/reconciler/eventing/v1alpha1/eventpolicy" | ||
"knative.dev/pkg/configmap" | ||
"knative.dev/pkg/controller" | ||
"knative.dev/pkg/resolver" | ||
) | ||
|
||
// NewController initializes the controller and is called by the generated code | ||
// Registers event handlers to enqueue events | ||
func NewController( | ||
ctx context.Context, | ||
cmw configmap.Watcher, | ||
) *controller.Impl { | ||
// Access informers | ||
eventPolicyInformer := eventpolicyinformer.Get(ctx) | ||
|
||
r := &Reconciler{ | ||
eventPolicyLister: eventPolicyInformer.Lister(), | ||
} | ||
impl := eventpolicyreconciler.NewImpl(ctx, r) | ||
|
||
r.fromRefResolver = resolver.NewAuthenticatableResolverFromTracker(ctx, impl.Tracker) | ||
|
||
// Set up event handlers | ||
eventPolicyInformer.Informer().AddEventHandler(controller.HandleAll(impl.Enqueue)) | ||
|
||
return impl | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
/* | ||
Copyright 2024 The Knative Authors | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Check failure on line 8 in pkg/reconciler/eventpolicy/controller_test.go GitHub Actions / style / Golang / Boilerplate Check (go)
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package eventpolicy | ||
|
||
import ( | ||
"testing" | ||
|
||
"knative.dev/pkg/configmap" | ||
|
||
. "knative.dev/pkg/reconciler/testing" | ||
|
||
// Fake injection informers | ||
_ "knative.dev/eventing/pkg/client/injection/informers/eventing/v1alpha1/eventpolicy/fake" | ||
_ "knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake" | ||
) | ||
|
||
func TestNew(t *testing.T) { | ||
ctx, _ := SetupFakeContext(t) | ||
|
||
c := NewController(ctx, configmap.NewStaticWatcher()) | ||
|
||
if c == nil { | ||
t.Fatal("Expected NewController to return a non-nil value") | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
/* | ||
Copyright 2024 The Knative Authors | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package eventpolicy | ||
|
||
import ( | ||
"context" | ||
|
||
"go.uber.org/zap" | ||
"knative.dev/eventing/pkg/apis/eventing/v1alpha1" | ||
"knative.dev/eventing/pkg/auth" | ||
eventinglisters "knative.dev/eventing/pkg/client/listers/eventing/v1alpha1" | ||
"knative.dev/pkg/logging" | ||
pkgreconciler "knative.dev/pkg/reconciler" | ||
"knative.dev/pkg/resolver" | ||
) | ||
|
||
type Reconciler struct { | ||
eventPolicyLister eventinglisters.EventPolicyLister | ||
fromRefResolver *resolver.AuthenticatableResolver | ||
} | ||
|
||
// ReconcileKind implements Interface.ReconcileKind. | ||
// 1. Verify the Reference exists. | ||
func (r *Reconciler) ReconcileKind(ctx context.Context, ep *v1alpha1.EventPolicy) pkgreconciler.Event { | ||
logger := logging.FromContext(ctx) | ||
logger.Infow("Reconciling", zap.Any("EventPolicy", ep)) | ||
// We reconcile the status of the EventPolicy by looking at: | ||
// 1. All from[].refs have subjects | ||
serverAccts, err := auth.ResolveSubjects(r.fromRefResolver, ep) | ||
if err != nil { | ||
logger.Errorw("Error resolving from[].refs", zap.Error(err)) | ||
ep.GetConditionSet().Manage(ep.GetStatus()).MarkFalse(v1alpha1.EventPolicyConditionReady, "Error resolving from[].refs", "") | ||
} else { | ||
logger.Debug("All from[].refs resolved", zap.Error(err)) | ||
ep.GetConditionSet().Manage(ep.GetStatus()).MarkTrue(v1alpha1.EventPolicyConditionReady) | ||
} | ||
ep.Status.From = serverAccts | ||
logger.Debugw("Reconciled EventPolicy", zap.Any("EventPolicy", ep)) | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
/* | ||
Copyright 2024 The Knative Authors | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Check failure on line 8 in pkg/reconciler/eventpolicy/eventpolicy_test.go GitHub Actions / style / Golang / Boilerplate Check (go)
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package eventpolicy | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"testing" | ||
|
||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"k8s.io/apimachinery/pkg/types" | ||
clientgotesting "k8s.io/client-go/testing" | ||
sourcesv1 "knative.dev/eventing/pkg/apis/sources/v1" | ||
fakeeventingclient "knative.dev/eventing/pkg/client/injection/client/fake" | ||
"knative.dev/eventing/pkg/client/injection/reconciler/eventing/v1alpha1/eventpolicy" | ||
. "knative.dev/eventing/pkg/reconciler/testing/v1" | ||
duckv1authstatus "knative.dev/pkg/client/injection/ducks/duck/v1/authstatus" | ||
"knative.dev/pkg/configmap" | ||
"knative.dev/pkg/controller" | ||
logtesting "knative.dev/pkg/logging/testing" | ||
. "knative.dev/pkg/reconciler/testing" | ||
"knative.dev/pkg/resolver" | ||
"knative.dev/pkg/tracker" | ||
) | ||
|
||
const ( | ||
testNS = "test-namespace" | ||
eventPolicyName = "test-eventpolicy" | ||
pingSourceName = "test-pingsource" | ||
apiServerSourceName = "test-apiserversource" | ||
serviceAccountname = "test-sa" | ||
) | ||
|
||
var ( | ||
pingSourceWithServiceAccount = NewPingSource(pingSourceName, testNS, WithPingSourceOIDCServiceAccountName(serviceAccountname)) | ||
apiServerSourceWithServiceAccount = NewApiServerSource(apiServerSourceName, testNS, WithApiServerSourceOIDCServiceAccountName((serviceAccountname))) | ||
) | ||
|
||
func TestReconcile(t *testing.T) { | ||
table := TableTest{ | ||
{ | ||
Name: "bad workqueue key", | ||
// Make sure Reconcile handles bad keys. | ||
Key: "too/many/parts", | ||
}, | ||
{ | ||
Name: "subject not found, status set to NotReady", | ||
Key: testNS + "/" + eventPolicyName, | ||
Objects: []runtime.Object{ | ||
NewEventPolicy(eventPolicyName, testNS, | ||
WithInitEventPolicyConditions, | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("PingSource")), pingSourceName, testNS), | ||
), | ||
}, | ||
WantStatusUpdates: []clientgotesting.UpdateActionImpl{ | ||
{ | ||
Object: NewEventPolicy(eventPolicyName, testNS, | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("PingSource")), pingSourceName, testNS), | ||
WithUnreadyEventPolicyCondition), | ||
}, | ||
}, | ||
WantErr: false, | ||
}, | ||
{ | ||
Name: "subject found for pingsource, status set to Ready", | ||
Key: testNS + "/" + eventPolicyName, | ||
Objects: []runtime.Object{ | ||
pingSourceWithServiceAccount, | ||
NewEventPolicy(eventPolicyName, testNS, | ||
WithInitEventPolicyConditions, | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("PingSource")), pingSourceName, testNS)), | ||
}, | ||
WantStatusUpdates: []clientgotesting.UpdateActionImpl{ | ||
{ | ||
Object: NewEventPolicy(eventPolicyName, testNS, | ||
WithInitEventPolicyConditions, | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("PingSource")), pingSourceName, testNS), | ||
WithEventPolicyStatusFromSub([]string{fmt.Sprintf("system:serviceaccount:%s:%s", testNS, serviceAccountname)}), | ||
WithReadyEventPolicyCondition), | ||
}, | ||
}, | ||
WantErr: false, | ||
}, | ||
{ | ||
Name: "subject found for apiserversource, status set to Ready", | ||
Key: testNS + "/" + eventPolicyName, | ||
Objects: []runtime.Object{ | ||
apiServerSourceWithServiceAccount, | ||
NewEventPolicy(eventPolicyName, testNS, | ||
WithInitEventPolicyConditions, WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("APIServerSource")), apiServerSourceName, testNS)), | ||
}, | ||
WantStatusUpdates: []clientgotesting.UpdateActionImpl{ | ||
{ | ||
Object: NewEventPolicy(eventPolicyName, testNS, | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("APIServerSource")), apiServerSourceName, testNS), | ||
WithEventPolicyStatusFromSub([]string{fmt.Sprintf("system:serviceaccount:%s:%s", testNS, serviceAccountname)}), | ||
WithReadyEventPolicyCondition), | ||
}, | ||
}, | ||
WantErr: false, | ||
}, | ||
{ | ||
Name: "Multiple subjects found, status set to Ready", | ||
Key: testNS + "/" + eventPolicyName, | ||
Objects: []runtime.Object{ | ||
apiServerSourceWithServiceAccount, | ||
pingSourceWithServiceAccount, | ||
NewEventPolicy(eventPolicyName, testNS, | ||
WithInitEventPolicyConditions, | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("PingSource")), pingSourceName, testNS), | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("APIServerSource")), apiServerSourceName, testNS)), | ||
}, | ||
WantStatusUpdates: []clientgotesting.UpdateActionImpl{ | ||
{ | ||
Object: NewEventPolicy(eventPolicyName, testNS, | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("PingSource")), pingSourceName, testNS), | ||
WithEventPolicyFrom(v1.GroupVersionKind(sourcesv1.SchemeGroupVersion.WithKind("APIServerSource")), apiServerSourceName, testNS), | ||
WithEventPolicyStatusFromSub([]string{ | ||
fmt.Sprintf("system:serviceaccount:%s:%s", testNS, serviceAccountname), | ||
fmt.Sprintf("system:serviceaccount:%s:%s", testNS, serviceAccountname), | ||
}), | ||
WithReadyEventPolicyCondition), | ||
}, | ||
}, | ||
WantErr: false, | ||
}, | ||
} | ||
logger := logtesting.TestLogger(t) | ||
table.Test(t, MakeFactory(func(ctx context.Context, listers *Listers, cmw configmap.Watcher) controller.Reconciler { | ||
ctx = duckv1authstatus.WithDuck(ctx) | ||
r := &Reconciler{ | ||
fromRefResolver: resolver.NewAuthenticatableResolverFromTracker(ctx, tracker.New(func(types.NamespacedName) {}, 0))} | ||
return eventpolicy.NewReconciler(ctx, logger, | ||
fakeeventingclient.Get(ctx), listers.GetEventPolicyLister(), | ||
controller.GetEventRecorder(ctx), r) | ||
}, | ||
false, | ||
logger, | ||
)) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
30 changes: 30 additions & 0 deletions
30
vendor/knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake/fake.go
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters