Bugfix: only bootstrap AuthConfigs in scope

guicassolato · guicassolato · commit 611a22a13a21 · 2022-08-29T20:39:39.000+02:00
The AuthConfig reconciler, when bootstrapping the index of AuthConfigs, was not taking the label selectors into account when selecting the list of resources to reconcile, causing hosts out os scope to the added to the index. This changes makes sure the label selectors are used when selecting the resources.
diff --git a/controllers/auth_config_controller.go b/controllers/auth_config_controller.go
@@ -624,7 +624,11 @@ func (r *AuthConfigReconciler) bootstrapIndex(ctx context.Context) error {
 	}
 
 	authConfigList := api.AuthConfigList{}
-	if err := r.List(ctx, &authConfigList); err != nil {
+	listOptions := []client.ListOption{}
+	if r.LabelSelector != nil {
+		listOptions = append(listOptions, client.MatchingLabelsSelector{Selector: r.LabelSelector})
+	}
+	if err := r.List(ctx, &authConfigList, listOptions...); err != nil {
 		return err
 	}
 
diff --git a/controllers/auth_config_controller_test.go b/controllers/auth_config_controller_test.go
@@ -318,12 +318,12 @@ func TestEmptyAuthConfigIdentitiesDefaultsToAnonymousAccess(t *testing.T) {
 	assert.Equal(t, len(config.IdentityConfigs), 1)
 }
 
-func TestEmptyIndex(t *testing.T) {
+func TestBootstrapIndex(t *testing.T) {
 	mockController := gomock.NewController(t)
 	defer mockController.Finish()
 	indexMock := mock_index.NewMockIndex(mockController)
 
-	authConfig := newTestAuthConfig(map[string]string{})
+	authConfig := newTestAuthConfig(map[string]string{"scope": "in"})
 	authConfig.Status.Summary = api.Summary{
 		Ready:                    true,
 		HostsReady:               authConfig.Spec.Hosts,
@@ -334,11 +334,25 @@ func TestEmptyIndex(t *testing.T) {
 		NumResponseItems:         int64(len(authConfig.Spec.Response)),
 		FestivalWristbandEnabled: false,
 	}
+
+	authConfigOutOfScope := newTestAuthConfig(map[string]string{"scope": "out"})
+	authConfigOutOfScope.Status.Summary = api.Summary{
+		Ready:                    true,
+		HostsReady:               authConfig.Spec.Hosts,
+		NumHostsReady:            fmt.Sprintf("%d/%d", len(authConfig.Spec.Hosts), len(authConfig.Spec.Hosts)),
+		NumIdentitySources:       int64(len(authConfig.Spec.Identity)),
+		NumMetadataSources:       int64(len(authConfig.Spec.Metadata)),
+		NumAuthorizationPolicies: int64(len(authConfig.Spec.Authorization)),
+		NumResponseItems:         int64(len(authConfig.Spec.Response)),
+		FestivalWristbandEnabled: false,
+	}
+
 	authConfigName := types.NamespacedName{Name: authConfig.Name, Namespace: authConfig.Namespace}
 	resourceId := authConfigName.String()
 	secret := newTestOAuthClientSecret()
 	client := newTestK8sClient(&authConfig, &secret)
 	reconciler := newTestAuthConfigReconciler(client, indexMock)
+	reconciler.LabelSelector = ToLabelSelector("scope=in")
 
 	indexMock.EXPECT().Empty().Return(true)
 	indexMock.EXPECT().FindKeys(resourceId).Return([]string{}).AnyTimes()

Original file line number	Diff line number	Diff line change
`@@ -624,7 +624,11 @@ func (r *AuthConfigReconciler) bootstrapIndex(ctx context.Context) error {`
`624`	`624`	`}`
`625`	`625`
`626`	`626`	`authConfigList := api.AuthConfigList{}`
`627`		`- if err := r.List(ctx, &authConfigList); err != nil {`
	`627`	`+ listOptions := []client.ListOption{}`
	`628`	`+ if r.LabelSelector != nil {`
	`629`	`+ listOptions = append(listOptions, client.MatchingLabelsSelector{Selector: r.LabelSelector})`
	`630`	`+ }`
	`631`	`+ if err := r.List(ctx, &authConfigList, listOptions...); err != nil {`
`628`	`632`	`return err`
`629`	`633`	`}`
`630`	`634`