Skip to content

Commit

Permalink
Detect trust bundles changes (#999)
Browse files Browse the repository at this point in the history
Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com>
  • Loading branch information
pierDipi committed Feb 28, 2024
1 parent ed42c15 commit dde7d36
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 30 deletions.
17 changes: 7 additions & 10 deletions control-plane/pkg/core/config/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
"crypto/x509"
"fmt"
"math"
"slices"
"sort"

"github.com/rickb777/date/period"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -122,16 +122,13 @@ func TrustBundles(lister corev1listers.ConfigMapNamespaceLister) ([]string, erro
}
}
}
slices.SortStableFunc(trustBundles, func(a, b string) int {
if a < b {
return -1
}
if a == b {
return 0
}
return 1
})
if len(trustBundles) == 0 {
return nil, nil
}

sort.SliceStable(trustBundles, func(i, j int) bool {
return trustBundles[i] < trustBundles[j]
})
return trustBundles, nil
}

Expand Down
16 changes: 11 additions & 5 deletions control-plane/pkg/reconciler/broker/broker.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (

"go.uber.org/zap"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/equality"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
Expand Down Expand Up @@ -171,7 +172,8 @@ func (r *Reconciler) reconcileKind(ctx context.Context, broker *eventing.Broker)

logger.Debug("Got contract data from config map", zap.Any(base.ContractLogKey, ct))

if err := r.setTrustBundles(ct); err != nil {
trustBundlesChanged, err := r.setTrustBundles(ct)
if err != nil {
return statusConditionManager.FailedToResolveConfig(err)
}

Expand All @@ -189,7 +191,7 @@ func (r *Reconciler) reconcileKind(ctx context.Context, broker *eventing.Broker)

logger.Debug("Change detector", zap.Int("changed", changed))

if changed == coreconfig.ResourceChanged {
if changed == coreconfig.ResourceChanged || trustBundlesChanged {
// Resource changed, increment contract generation.
coreconfig.IncrementContractGeneration(ct)

Expand Down Expand Up @@ -714,11 +716,15 @@ func (r *Reconciler) getCaCerts() (*string, error) {
return pointer.String(string(caCerts)), nil
}

func (r *Reconciler) setTrustBundles(ct *contract.Contract) error {
func (r *Reconciler) setTrustBundles(ct *contract.Contract) (bool, error) {
tb, err := coreconfig.TrustBundles(r.ConfigMapLister.ConfigMaps(r.SystemNamespace))
if err != nil {
return fmt.Errorf("failed to get trust bundles: %w", err)
return false, fmt.Errorf("failed to get trust bundles: %w", err)
}
changed := false
if !equality.Semantic.DeepEqual(tb, ct.TrustBundles) {
changed = true
}
ct.TrustBundles = tb
return nil
return changed, nil
}
15 changes: 10 additions & 5 deletions control-plane/pkg/reconciler/channel/channel.go
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,8 @@ func (r *Reconciler) reconcileKind(ctx context.Context, channel *messagingv1beta
}
logger.Debug("Got contract data from config map", zap.Any(base.ContractLogKey, ct))

if err := r.setTrustBundles(ct); err != nil {
trustBundlesChanged, err := r.setTrustBundles(ct)
if err != nil {
return statusConditionManager.FailedToResolveConfig(err)
}

Expand All @@ -253,7 +254,7 @@ func (r *Reconciler) reconcileKind(ctx context.Context, channel *messagingv1beta
changed := coreconfig.AddOrUpdateResourceConfig(ct, channelResource, channelIndex, logger)
logger.Debug("Change detector", zap.Int("changed", changed))

if changed == coreconfig.ResourceChanged || subscribersChanged == coreconfig.EgressChanged {
if changed == coreconfig.ResourceChanged || subscribersChanged == coreconfig.EgressChanged || trustBundlesChanged {
// Resource changed, increment contract generation.
coreconfig.IncrementContractGeneration(ct)

Expand Down Expand Up @@ -781,11 +782,15 @@ func findSubscriptionStatus(kc *messagingv1beta1.KafkaChannel, subUID types.UID)
return nil
}

func (r *Reconciler) setTrustBundles(ct *contract.Contract) error {
func (r *Reconciler) setTrustBundles(ct *contract.Contract) (bool, error) {
tb, err := coreconfig.TrustBundles(r.ConfigMapLister.ConfigMaps(r.SystemNamespace))
if err != nil {
return fmt.Errorf("failed to get trust bundles: %w", err)
return false, fmt.Errorf("failed to get trust bundles: %w", err)
}
changed := false
if !equality.Semantic.DeepEqual(tb, ct.TrustBundles) {
changed = true
}
ct.TrustBundles = tb
return nil
return changed, nil
}
16 changes: 11 additions & 5 deletions control-plane/pkg/reconciler/consumer/consumer.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (

"go.uber.org/zap"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/equality"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/client-go/kubernetes"
corelisters "k8s.io/client-go/listers/core/v1"
Expand Down Expand Up @@ -369,11 +370,12 @@ func (r *Reconciler) schedule(ctx context.Context, logger *zap.Logger, c *kafkai
return false, fmt.Errorf("failed to get contract from ConfigMap %s/%s: %w", p.GetNamespace(), cmName, err)
}

if err := r.setTrustBundles(ct); err != nil {
trustBundlesChanged, err := r.setTrustBundles(ct)
if err != nil {
return false, fmt.Errorf("failed to set trust bundles: %w", err)
}

if changed := mutatorFunc(logger, ct, c); changed == coreconfig.ResourceChanged {
if changed := mutatorFunc(logger, ct, c); changed == coreconfig.ResourceChanged || trustBundlesChanged {
logger.Debug("Contract changed", zap.Int("changed", changed))

ct.IncrementGeneration()
Expand Down Expand Up @@ -433,11 +435,15 @@ func FalseAnyStatus(*corev1.Pod) bool {
return false
}

func (r *Reconciler) setTrustBundles(ct *contract.Contract) error {
func (r *Reconciler) setTrustBundles(ct *contract.Contract) (bool, error) {
tb, err := coreconfig.TrustBundles(r.TrustBundleConfigMapLister)
if err != nil {
return fmt.Errorf("failed to get trust bundles: %w", err)
return false, fmt.Errorf("failed to get trust bundles: %w", err)
}
changed := false
if !equality.Semantic.DeepEqual(tb, ct.TrustBundles) {
changed = true
}
ct.TrustBundles = tb
return nil
return changed, nil
}
16 changes: 11 additions & 5 deletions control-plane/pkg/reconciler/sink/kafka_sink.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (

"github.com/Shopify/sarama"
"go.uber.org/zap"
"k8s.io/apimachinery/pkg/api/equality"
"k8s.io/apimachinery/pkg/types"
corelisters "k8s.io/client-go/listers/core/v1"
"k8s.io/client-go/util/retry"
Expand Down Expand Up @@ -173,7 +174,8 @@ func (r *Reconciler) reconcileKind(ctx context.Context, ks *eventing.KafkaSink)
ct = &contract.Contract{}
}

if err := r.setTrustBundles(ct); err != nil {
trustBundlesChanged, err := r.setTrustBundles(ct)
if err != nil {
return statusConditionManager.FailedToResolveConfig(err)
}

Expand Down Expand Up @@ -214,7 +216,7 @@ func (r *Reconciler) reconcileKind(ctx context.Context, ks *eventing.KafkaSink)
// Update contract data with the new sink configuration.
changed := coreconfig.AddOrUpdateResourceConfig(ct, sinkConfig, sinkIndex, logger)

if changed == coreconfig.ResourceChanged {
if changed == coreconfig.ResourceChanged || trustBundlesChanged {
// Resource changed, increment contract generation.
coreconfig.IncrementContractGeneration(ct)
// Update the configuration map with the new contract data.
Expand Down Expand Up @@ -435,11 +437,15 @@ func (r *Reconciler) getCaCerts() (*string, error) {
return pointer.String(string(caCerts)), nil
}

func (r *Reconciler) setTrustBundles(ct *contract.Contract) error {
func (r *Reconciler) setTrustBundles(ct *contract.Contract) (bool, error) {
tb, err := coreconfig.TrustBundles(r.ConfigMapLister.ConfigMaps(r.SystemNamespace))
if err != nil {
return fmt.Errorf("failed to get trust bundles: %w", err)
return false, fmt.Errorf("failed to get trust bundles: %w", err)
}
changed := false
if !equality.Semantic.DeepEqual(tb, ct.TrustBundles) {
changed = true
}
ct.TrustBundles = tb
return nil
return changed, nil
}

0 comments on commit dde7d36

Please sign in to comment.