Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add EventPolicy Reconciler #8024

Merged
merged 6 commits into from
Jun 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions cmd/controller/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ import (
"knative.dev/eventing/pkg/apis/sinks"
"knative.dev/eventing/pkg/auth"
"knative.dev/eventing/pkg/eventingtls"
"knative.dev/eventing/pkg/reconciler/eventpolicy"
"knative.dev/eventing/pkg/reconciler/jobsink"

"knative.dev/eventing/pkg/reconciler/apiserversource"
Expand Down Expand Up @@ -93,6 +94,7 @@ func main() {

// Eventing
eventtype.NewController,
eventpolicy.NewController,

// Flows
parallel.NewController,
Expand Down
44 changes: 33 additions & 11 deletions pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
Copyright 2020 The Knative Authors
Copyright 2024 The Knative Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand All @@ -20,10 +20,12 @@ import (
"knative.dev/pkg/apis"
)

var eventPolicyCondSet = apis.NewLivingConditionSet()
var eventPolicyCondSet = apis.NewLivingConditionSet(EventPolicyConditionAuthenticationEnabled, EventPolicyConditionSubjectsResolved)

const (
EventPolicyConditionReady = apis.ConditionReady
EventPolicyConditionReady = apis.ConditionReady
EventPolicyConditionAuthenticationEnabled apis.ConditionType = "AuthenticationEnabled"
EventPolicyConditionSubjectsResolved apis.ConditionType = "SubjectsResolved"
)

// GetConditionSet retrieves the condition set for this resource. Implements the KRShaped interface.
Expand All @@ -32,21 +34,41 @@ func (*EventPolicy) GetConditionSet() apis.ConditionSet {
}

// GetCondition returns the condition currently associated with the given type, or nil.
func (et *EventPolicyStatus) GetCondition(t apis.ConditionType) *apis.Condition {
return eventPolicyCondSet.Manage(et).GetCondition(t)
func (ep *EventPolicyStatus) GetCondition(t apis.ConditionType) *apis.Condition {
return eventPolicyCondSet.Manage(ep).GetCondition(t)
creydr marked this conversation as resolved.
Show resolved Hide resolved
}

// IsReady returns true if the resource is ready overall.
func (et *EventPolicyStatus) IsReady() bool {
return et.GetTopLevelCondition().IsTrue()
func (ep *EventPolicyStatus) IsReady() bool {
return ep.GetTopLevelCondition().IsTrue()
}

// GetTopLevelCondition returns the top level Condition.
func (et *EventPolicyStatus) GetTopLevelCondition() *apis.Condition {
return eventPolicyCondSet.Manage(et).GetTopLevelCondition()
func (ep *EventPolicyStatus) GetTopLevelCondition() *apis.Condition {
return eventPolicyCondSet.Manage(ep).GetTopLevelCondition()
}

// InitializeConditions sets relevant unset conditions to Unknown state.
func (et *EventPolicyStatus) InitializeConditions() {
eventPolicyCondSet.Manage(et).InitializeConditions()
func (ep *EventPolicyStatus) InitializeConditions() {
eventPolicyCondSet.Manage(ep).InitializeConditions()
}

// MarkOIDCAuthenticationEnabled sets EventPolicyConditionAuthenticationEnabled condition to true.
func (ep *EventPolicyStatus) MarkOIDCAuthenticationEnabled() {
eventPolicyCondSet.Manage(ep).MarkTrue(EventPolicyConditionAuthenticationEnabled)
}

// MarkOIDCAuthenticationDisabled sets EventPolicyConditionAuthenticationEnabled condition to false.
func (ep *EventPolicyStatus) MarkOIDCAuthenticationDisabled(reason, messageFormat string, messageA ...interface{}) {
eventPolicyCondSet.Manage(ep).MarkFalse(EventPolicyConditionAuthenticationEnabled, reason, messageFormat, messageA...)
}

// MarkSubjectsResolved sets EventPolicyConditionSubjectsResolved condition to true.
func (ep *EventPolicyStatus) MarkSubjectsResolvedSucceeded() {
eventPolicyCondSet.Manage(ep).MarkTrue(EventPolicyConditionSubjectsResolved)
}

// MarkSubjectsNotResolved sets EventPolicyConditionSubjectsResolved condition to false.
func (ep *EventPolicyStatus) MarkSubjectsResolvedFailed(reason, messageFormat string, messageA ...interface{}) {
eventPolicyCondSet.Manage(ep).MarkFalse(EventPolicyConditionSubjectsResolved, reason, messageFormat, messageA...)
}
121 changes: 110 additions & 11 deletions pkg/apis/eventing/v1alpha1/eventpolicy_lifecycle_test.go
creydr marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,12 @@ func TestEventPolicyGetConditionSet(t *testing.T) {
func TestEventPolicyGetCondition(t *testing.T) {
tests := []struct {
name string
ets *EventPolicyStatus
eps *EventPolicyStatus
condQuery apis.ConditionType
want *apis.Condition
}{{
name: "single condition",
ets: &EventPolicyStatus{
eps: &EventPolicyStatus{
Status: duckv1.Status{
Conditions: []apis.Condition{
eventPolicyConditionReady,
Expand All @@ -67,7 +67,7 @@ func TestEventPolicyGetCondition(t *testing.T) {

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
got := test.ets.GetCondition(test.condQuery)
got := test.eps.GetCondition(test.condQuery)
if diff := cmp.Diff(test.want, got); diff != "" {
t.Error("unexpected condition (-want, +got) =", diff)
}
Expand All @@ -78,18 +78,27 @@ func TestEventPolicyGetCondition(t *testing.T) {
func TestEventPolicyInitializeConditions(t *testing.T) {
tests := []struct {
name string
ets *EventPolicyStatus
eps *EventPolicyStatus
want *EventPolicyStatus
}{
{
name: "empty",
ets: &EventPolicyStatus{},
eps: &EventPolicyStatus{},
want: &EventPolicyStatus{
Status: duckv1.Status{
Conditions: []apis.Condition{{
Type: EventPolicyConditionReady,
Status: corev1.ConditionUnknown,
},
Conditions: []apis.Condition{
{
Type: EventPolicyConditionAuthenticationEnabled,
Status: corev1.ConditionUnknown,
},
{
Type: EventPolicyConditionReady,
Status: corev1.ConditionUnknown,
},
{
Type: EventPolicyConditionSubjectsResolved,
Status: corev1.ConditionUnknown,
},
},
},
},
Expand All @@ -98,10 +107,100 @@ func TestEventPolicyInitializeConditions(t *testing.T) {

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
test.ets.InitializeConditions()
if diff := cmp.Diff(test.want, test.ets, ignoreAllButTypeAndStatus); diff != "" {
test.eps.InitializeConditions()
if diff := cmp.Diff(test.want, test.eps, ignoreAllButTypeAndStatus); diff != "" {
t.Error("unexpected conditions (-want, +got) =", diff)
}
})
}
}

func TestEventPolicyReadyCondition(t *testing.T) {
tests := []struct {
name string
eps *EventPolicyStatus
markOIDCAuthenticationEnabled bool
markSubjectsResolvedSucceeded bool
wantReady bool
}{
{
name: "Initially everything is Unknown, Auth&SubjectsResolved marked as true, EP should become Ready",
eps: &EventPolicyStatus{
Status: duckv1.Status{
Conditions: []apis.Condition{
{Type: EventPolicyConditionReady, Status: corev1.ConditionUnknown},
{Type: EventPolicyConditionAuthenticationEnabled, Status: corev1.ConditionUnknown},
{Type: EventPolicyConditionSubjectsResolved, Status: corev1.ConditionUnknown},
},
},
},
markOIDCAuthenticationEnabled: true,
markSubjectsResolvedSucceeded: true,
wantReady: true,
},
{
name: "Initially everything is True, Auth&SubjectsResolved stay true, EP should stay Ready",
eps: &EventPolicyStatus{
Status: duckv1.Status{
Conditions: []apis.Condition{
{Type: EventPolicyConditionReady, Status: corev1.ConditionTrue},
{Type: EventPolicyConditionAuthenticationEnabled, Status: corev1.ConditionTrue},
{Type: EventPolicyConditionSubjectsResolved, Status: corev1.ConditionTrue},
},
},
},
markOIDCAuthenticationEnabled: true,
markSubjectsResolvedSucceeded: true,
wantReady: true,
},
{
name: "Initially everything is True, then AuthenticationEnabled marked as False, EP should become NotReady",
eps: &EventPolicyStatus{
Status: duckv1.Status{
Conditions: []apis.Condition{
{Type: EventPolicyConditionReady, Status: corev1.ConditionTrue},
{Type: EventPolicyConditionAuthenticationEnabled, Status: corev1.ConditionTrue},
{Type: EventPolicyConditionSubjectsResolved, Status: corev1.ConditionTrue},
},
},
},
markOIDCAuthenticationEnabled: false,
markSubjectsResolvedSucceeded: true,
wantReady: false,
},
{
name: "Initially everything is True, then SubjectsResolved marked as False, EP should become NotReady",
eps: &EventPolicyStatus{
Status: duckv1.Status{
Conditions: []apis.Condition{
{Type: EventPolicyConditionReady, Status: corev1.ConditionTrue},
{Type: EventPolicyConditionAuthenticationEnabled, Status: corev1.ConditionTrue},
{Type: EventPolicyConditionSubjectsResolved, Status: corev1.ConditionTrue},
},
},
},
markOIDCAuthenticationEnabled: true,
markSubjectsResolvedSucceeded: false,
wantReady: false,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
if test.markOIDCAuthenticationEnabled {
test.eps.MarkOIDCAuthenticationEnabled()
} else {
test.eps.MarkOIDCAuthenticationDisabled("OIDCAuthenticationDisabled", "")
}
if test.markSubjectsResolvedSucceeded {
test.eps.MarkSubjectsResolvedSucceeded()
} else {
test.eps.MarkSubjectsResolvedFailed("SubjectsNotResolved", "")
}
ep := EventPolicy{Status: *test.eps}
got := ep.GetConditionSet().Manage(test.eps).IsHappy()
if test.wantReady != got {
t.Errorf("unexpected readiness: want %v, got %v", test.wantReady, got)
}
})
}
}
4 changes: 2 additions & 2 deletions pkg/reconciler/channel/channel_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -400,7 +400,7 @@ func TestReconcile(t *testing.T) {
WithInMemoryChannelDLSUnknown(),
WithInMemoryChannelEventPoliciesReady()),
NewEventPolicy(unreadyEventPolicyName, testNS,
WithUnreadyEventPolicyCondition,
WithUnreadyEventPolicyCondition("", ""),
WithEventPolicyToRef(channelV1GVK, channelName),
),
NewEventPolicy(fmt.Sprintf("%s-%s", unreadyEventPolicyName, channelName), testNS,
Expand Down Expand Up @@ -453,7 +453,7 @@ func TestReconcile(t *testing.T) {
WithEventPolicyToRef(channelV1GVK, channelName),
),
NewEventPolicy(unreadyEventPolicyName, testNS,
WithUnreadyEventPolicyCondition,
WithUnreadyEventPolicyCondition("", ""),
WithEventPolicyToRef(channelV1GVK, channelName),
),
NewEventPolicy(fmt.Sprintf("%s-%s", readyEventPolicyName, channelName), testNS,
Expand Down
47 changes: 47 additions & 0 deletions pkg/reconciler/eventpolicy/controller.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/*
Copyright 2024 The Knative Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package eventpolicy

import (
"context"

eventpolicyinformer "knative.dev/eventing/pkg/client/injection/informers/eventing/v1alpha1/eventpolicy"
eventpolicyreconciler "knative.dev/eventing/pkg/client/injection/reconciler/eventing/v1alpha1/eventpolicy"
"knative.dev/pkg/configmap"
"knative.dev/pkg/controller"
"knative.dev/pkg/resolver"
)

// NewController initializes the controller and is called by the generated code
// Registers event handlers to enqueue events
func NewController(
ctx context.Context,
cmw configmap.Watcher,
) *controller.Impl {
// Access informers
eventPolicyInformer := eventpolicyinformer.Get(ctx)

r := &Reconciler{}
impl := eventpolicyreconciler.NewImpl(ctx, r)

r.authResolver = resolver.NewAuthenticatableResolverFromTracker(ctx, impl.Tracker)

// Set up event handlers
eventPolicyInformer.Informer().AddEventHandler(controller.HandleAll(impl.Enqueue))

return impl
}
39 changes: 39 additions & 0 deletions pkg/reconciler/eventpolicy/controller_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/*
Copyright 2024 The Knative Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package eventpolicy

import (
"testing"

"knative.dev/pkg/configmap"

. "knative.dev/pkg/reconciler/testing"

// Fake injection informers
_ "knative.dev/eventing/pkg/client/injection/informers/eventing/v1alpha1/eventpolicy/fake"
_ "knative.dev/pkg/client/injection/ducks/duck/v1/authstatus/fake"
)

func TestNew(t *testing.T) {
ctx, _ := SetupFakeContext(t)

c := NewController(ctx, configmap.NewStaticWatcher())

if c == nil {
t.Fatal("Expected NewController to return a non-nil value")
}
}
Loading
Loading