From dde7d36fde0ad10b9d1fb4e3894b267512c7c0fa Mon Sep 17 00:00:00 2001 From: Pierangelo Di Pilato Date: Wed, 28 Feb 2024 11:23:05 +0100 Subject: [PATCH] Detect trust bundles changes (#999) Signed-off-by: Pierangelo Di Pilato --- control-plane/pkg/core/config/utils.go | 17 +++++++---------- control-plane/pkg/reconciler/broker/broker.go | 16 +++++++++++----- control-plane/pkg/reconciler/channel/channel.go | 15 ++++++++++----- .../pkg/reconciler/consumer/consumer.go | 16 +++++++++++----- control-plane/pkg/reconciler/sink/kafka_sink.go | 16 +++++++++++----- 5 files changed, 50 insertions(+), 30 deletions(-) diff --git a/control-plane/pkg/core/config/utils.go b/control-plane/pkg/core/config/utils.go index 9507e0201a..331cfee442 100644 --- a/control-plane/pkg/core/config/utils.go +++ b/control-plane/pkg/core/config/utils.go @@ -21,7 +21,7 @@ import ( "crypto/x509" "fmt" "math" - "slices" + "sort" "github.com/rickb777/date/period" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -122,16 +122,13 @@ func TrustBundles(lister corev1listers.ConfigMapNamespaceLister) ([]string, erro } } } - slices.SortStableFunc(trustBundles, func(a, b string) int { - if a < b { - return -1 - } - if a == b { - return 0 - } - return 1 - }) + if len(trustBundles) == 0 { + return nil, nil + } + sort.SliceStable(trustBundles, func(i, j int) bool { + return trustBundles[i] < trustBundles[j] + }) return trustBundles, nil } diff --git a/control-plane/pkg/reconciler/broker/broker.go b/control-plane/pkg/reconciler/broker/broker.go index 787b125314..ce0fc4fedf 100644 --- a/control-plane/pkg/reconciler/broker/broker.go +++ b/control-plane/pkg/reconciler/broker/broker.go @@ -24,6 +24,7 @@ import ( "go.uber.org/zap" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -171,7 +172,8 @@ func (r *Reconciler) reconcileKind(ctx context.Context, broker *eventing.Broker) logger.Debug("Got contract data from config map", zap.Any(base.ContractLogKey, ct)) - if err := r.setTrustBundles(ct); err != nil { + trustBundlesChanged, err := r.setTrustBundles(ct) + if err != nil { return statusConditionManager.FailedToResolveConfig(err) } @@ -189,7 +191,7 @@ func (r *Reconciler) reconcileKind(ctx context.Context, broker *eventing.Broker) logger.Debug("Change detector", zap.Int("changed", changed)) - if changed == coreconfig.ResourceChanged { + if changed == coreconfig.ResourceChanged || trustBundlesChanged { // Resource changed, increment contract generation. coreconfig.IncrementContractGeneration(ct) @@ -714,11 +716,15 @@ func (r *Reconciler) getCaCerts() (*string, error) { return pointer.String(string(caCerts)), nil } -func (r *Reconciler) setTrustBundles(ct *contract.Contract) error { +func (r *Reconciler) setTrustBundles(ct *contract.Contract) (bool, error) { tb, err := coreconfig.TrustBundles(r.ConfigMapLister.ConfigMaps(r.SystemNamespace)) if err != nil { - return fmt.Errorf("failed to get trust bundles: %w", err) + return false, fmt.Errorf("failed to get trust bundles: %w", err) + } + changed := false + if !equality.Semantic.DeepEqual(tb, ct.TrustBundles) { + changed = true } ct.TrustBundles = tb - return nil + return changed, nil } diff --git a/control-plane/pkg/reconciler/channel/channel.go b/control-plane/pkg/reconciler/channel/channel.go index 580b3c522f..fe311f5a2d 100644 --- a/control-plane/pkg/reconciler/channel/channel.go +++ b/control-plane/pkg/reconciler/channel/channel.go @@ -233,7 +233,8 @@ func (r *Reconciler) reconcileKind(ctx context.Context, channel *messagingv1beta } logger.Debug("Got contract data from config map", zap.Any(base.ContractLogKey, ct)) - if err := r.setTrustBundles(ct); err != nil { + trustBundlesChanged, err := r.setTrustBundles(ct) + if err != nil { return statusConditionManager.FailedToResolveConfig(err) } @@ -253,7 +254,7 @@ func (r *Reconciler) reconcileKind(ctx context.Context, channel *messagingv1beta changed := coreconfig.AddOrUpdateResourceConfig(ct, channelResource, channelIndex, logger) logger.Debug("Change detector", zap.Int("changed", changed)) - if changed == coreconfig.ResourceChanged || subscribersChanged == coreconfig.EgressChanged { + if changed == coreconfig.ResourceChanged || subscribersChanged == coreconfig.EgressChanged || trustBundlesChanged { // Resource changed, increment contract generation. coreconfig.IncrementContractGeneration(ct) @@ -781,11 +782,15 @@ func findSubscriptionStatus(kc *messagingv1beta1.KafkaChannel, subUID types.UID) return nil } -func (r *Reconciler) setTrustBundles(ct *contract.Contract) error { +func (r *Reconciler) setTrustBundles(ct *contract.Contract) (bool, error) { tb, err := coreconfig.TrustBundles(r.ConfigMapLister.ConfigMaps(r.SystemNamespace)) if err != nil { - return fmt.Errorf("failed to get trust bundles: %w", err) + return false, fmt.Errorf("failed to get trust bundles: %w", err) + } + changed := false + if !equality.Semantic.DeepEqual(tb, ct.TrustBundles) { + changed = true } ct.TrustBundles = tb - return nil + return changed, nil } diff --git a/control-plane/pkg/reconciler/consumer/consumer.go b/control-plane/pkg/reconciler/consumer/consumer.go index 684ed5485e..88d46e20a7 100644 --- a/control-plane/pkg/reconciler/consumer/consumer.go +++ b/control-plane/pkg/reconciler/consumer/consumer.go @@ -22,6 +22,7 @@ import ( "go.uber.org/zap" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/client-go/kubernetes" corelisters "k8s.io/client-go/listers/core/v1" @@ -369,11 +370,12 @@ func (r *Reconciler) schedule(ctx context.Context, logger *zap.Logger, c *kafkai return false, fmt.Errorf("failed to get contract from ConfigMap %s/%s: %w", p.GetNamespace(), cmName, err) } - if err := r.setTrustBundles(ct); err != nil { + trustBundlesChanged, err := r.setTrustBundles(ct) + if err != nil { return false, fmt.Errorf("failed to set trust bundles: %w", err) } - if changed := mutatorFunc(logger, ct, c); changed == coreconfig.ResourceChanged { + if changed := mutatorFunc(logger, ct, c); changed == coreconfig.ResourceChanged || trustBundlesChanged { logger.Debug("Contract changed", zap.Int("changed", changed)) ct.IncrementGeneration() @@ -433,11 +435,15 @@ func FalseAnyStatus(*corev1.Pod) bool { return false } -func (r *Reconciler) setTrustBundles(ct *contract.Contract) error { +func (r *Reconciler) setTrustBundles(ct *contract.Contract) (bool, error) { tb, err := coreconfig.TrustBundles(r.TrustBundleConfigMapLister) if err != nil { - return fmt.Errorf("failed to get trust bundles: %w", err) + return false, fmt.Errorf("failed to get trust bundles: %w", err) + } + changed := false + if !equality.Semantic.DeepEqual(tb, ct.TrustBundles) { + changed = true } ct.TrustBundles = tb - return nil + return changed, nil } diff --git a/control-plane/pkg/reconciler/sink/kafka_sink.go b/control-plane/pkg/reconciler/sink/kafka_sink.go index 1f6019e489..a493dec21b 100644 --- a/control-plane/pkg/reconciler/sink/kafka_sink.go +++ b/control-plane/pkg/reconciler/sink/kafka_sink.go @@ -23,6 +23,7 @@ import ( "github.com/Shopify/sarama" "go.uber.org/zap" + "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/types" corelisters "k8s.io/client-go/listers/core/v1" "k8s.io/client-go/util/retry" @@ -173,7 +174,8 @@ func (r *Reconciler) reconcileKind(ctx context.Context, ks *eventing.KafkaSink) ct = &contract.Contract{} } - if err := r.setTrustBundles(ct); err != nil { + trustBundlesChanged, err := r.setTrustBundles(ct) + if err != nil { return statusConditionManager.FailedToResolveConfig(err) } @@ -214,7 +216,7 @@ func (r *Reconciler) reconcileKind(ctx context.Context, ks *eventing.KafkaSink) // Update contract data with the new sink configuration. changed := coreconfig.AddOrUpdateResourceConfig(ct, sinkConfig, sinkIndex, logger) - if changed == coreconfig.ResourceChanged { + if changed == coreconfig.ResourceChanged || trustBundlesChanged { // Resource changed, increment contract generation. coreconfig.IncrementContractGeneration(ct) // Update the configuration map with the new contract data. @@ -435,11 +437,15 @@ func (r *Reconciler) getCaCerts() (*string, error) { return pointer.String(string(caCerts)), nil } -func (r *Reconciler) setTrustBundles(ct *contract.Contract) error { +func (r *Reconciler) setTrustBundles(ct *contract.Contract) (bool, error) { tb, err := coreconfig.TrustBundles(r.ConfigMapLister.ConfigMaps(r.SystemNamespace)) if err != nil { - return fmt.Errorf("failed to get trust bundles: %w", err) + return false, fmt.Errorf("failed to get trust bundles: %w", err) + } + changed := false + if !equality.Semantic.DeepEqual(tb, ct.TrustBundles) { + changed = true } ct.TrustBundles = tb - return nil + return changed, nil }