Merge pull request #28 from kcp-dev/sync-tests

🌱 Add first tests for the syncing logic

Author: kcp-ci-bot

hack/ci/run-e2e-tests.sh

@@ -80,6 +80,7 @@ export AGENT_BINARY="$(realpath _build/api-syncagent)"
 
 # time to run the tests
 echodate "Running e2e tests…"
-(set -x; go test -tags e2e -timeout 2h -v ./test/e2e/...)
+WHAT="${WHAT:-./test/e2e/...}"
+(set -x; go test -tags e2e -timeout 2h -v $WHAT)
 
 echodate "Done. :-)"

internal/controller/apiexport/controller.go

@@ -139,6 +139,11 @@ func (r *Reconciler) reconcile(ctx context.Context) error {
 	for _, pubResource := range filteredPubResources {
 		arsList.Insert(pubResource.Status.ResourceSchemaName)
 
+		// to evaluate the namespace filter, the agent needs to fetch the namespace
+		if filter := pubResource.Spec.Filter; filter != nil && filter.Namespace != nil {
+			claimedResources.Insert("namespaces")
+		}
+
 		for _, rr := range pubResource.Spec.Related {
 			resource, err := mapper.ResourceFor(schema.GroupVersionResource{
 				Resource: rr.Kind,

internal/controller/sync/controller.go

@@ -33,7 +33,10 @@ import (
 	kcpcore "github.com/kcp-dev/kcp/sdk/apis/core"
 	kcpdevcorev1alpha1 "github.com/kcp-dev/kcp/sdk/apis/core/v1alpha1"
 
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
 	ctrlruntimeclient "sigs.k8s.io/controller-runtime/pkg/client"
@@ -165,6 +168,27 @@ func (r *Reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 		return reconcile.Result{}, nil
 	}
 
+	// if there is a namespace, get it if a namespace filter is also configured
+	var namespace *corev1.Namespace
+	if filter := r.pubRes.Spec.Filter; filter != nil && filter.Namespace != nil && remoteObj.GetNamespace() != "" {
+		namespace = &corev1.Namespace{}
+		key := types.NamespacedName{Name: remoteObj.GetNamespace()}
+
+		if err := r.vwClient.Get(wsCtx, key, namespace); err != nil {
+			return reconcile.Result{}, fmt.Errorf("failed to retrieve remote object's namespace: %w", err)
+		}
+	}
+
+	// apply filtering rules to scope down the number of objects we sync
+	include, err := r.objectMatchesFilter(remoteObj, namespace)
+	if err != nil {
+		return reconcile.Result{}, fmt.Errorf("failed to apply filtering rules: %w", err)
+	}
+
+	if !include {
+		return reconcile.Result{}, nil
+	}
+
 	syncContext := sync.NewContext(ctx, wsCtx)
 
 	// if desired, fetch the cluster path as well (some downstream service providers might make use of it,
@@ -193,3 +217,34 @@ func (r *Reconciler) Reconcile(ctx context.Context, request reconcile.Request) (
 
 	return result, nil
 }
+
+func (r *Reconciler) objectMatchesFilter(remoteObj *unstructured.Unstructured, namespace *corev1.Namespace) (bool, error) {
+	if r.pubRes.Spec.Filter == nil {
+		return true, nil
+	}
+
+	objMatches, err := r.matchesFilter(remoteObj, r.pubRes.Spec.Filter.Resource)
+	if err != nil || !objMatches {
+		return false, err
+	}
+
+	nsMatches, err := r.matchesFilter(namespace, r.pubRes.Spec.Filter.Namespace)
+	if err != nil || !nsMatches {
+		return false, err
+	}
+
+	return true, nil
+}
+
+func (r *Reconciler) matchesFilter(obj metav1.Object, selector *metav1.LabelSelector) (bool, error) {
+	if selector == nil {
+		return true, nil
+	}
+
+	s, err := metav1.LabelSelectorAsSelector(selector)
+	if err != nil {
+		return false, err
+	}
+
+	return s.Matches(labels.Set(obj.GetLabels())), nil
+}

internal/sync/object_syncer.go

@@ -349,6 +349,10 @@ func (s *objectSyncer) ensureNamespace(ctx context.Context, log *zap.SugaredLogg
 		return nil
 	}
 
+	// Use a get-then-create approach to benefit from having a cache; otherwise if we always
+	// send a create request, we're needlessly spamming the kube apiserver. Yes, this approach
+	// is a race condition and we have to check for AlreadyExists later down the line, but that
+	// only occurs on cold caches. During normal operations this should be more efficient.
 	ns := &corev1.Namespace{}
 	if err := client.Get(ctx, types.NamespacedName{Name: namespace}, ns); ctrlruntimeclient.IgnoreNotFound(err) != nil {
 		return fmt.Errorf("failed to check: %w", err)
@@ -358,7 +362,7 @@ func (s *objectSyncer) ensureNamespace(ctx context.Context, log *zap.SugaredLogg
 		ns.Name = namespace
 
 		log.Debugw("Creating namespace…", "namespace", namespace)
-		if err := client.Create(ctx, ns); err != nil {
+		if err := client.Create(ctx, ns); err != nil && !apierrors.IsAlreadyExists(err) {
 			return fmt.Errorf("failed to create: %w", err)
 		}
 	}