CLOUDP-80014: Refactor Merging - Probes, Security Context & LifeCycle (#288)

Author: chatton

pkg/util/merge/merge.go

@@ -47,14 +47,10 @@ func Container(defaultContainer, overrideContainer corev1.Container) corev1.Cont
 	merged.Resources = ResourceRequirements(defaultContainer.Resources, overrideContainer.Resources)
 	merged.VolumeMounts = VolumeMounts(defaultContainer.VolumeMounts, overrideContainer.VolumeMounts)
 	merged.VolumeDevices = VolumeDevices(defaultContainer.VolumeDevices, overrideContainer.VolumeDevices)
-
-	// TODO: merge LivenessProbe
-
-	// TODO: merge ReadinessProve
-
-	// TODO: merge StartupProbe
-
-	// TODO: merge Lifecycle
+	merged.LivenessProbe = Probe(defaultContainer.LivenessProbe, overrideContainer.LivenessProbe)
+	merged.ReadinessProbe = Probe(defaultContainer.ReadinessProbe, overrideContainer.ReadinessProbe)
+	merged.StartupProbe = Probe(defaultContainer.StartupProbe, overrideContainer.StartupProbe)
+	merged.Lifecycle = LifeCycle(defaultContainer.Lifecycle, overrideContainer.Lifecycle)
 
 	if overrideContainer.TerminationMessagePath != "" {
 		merged.TerminationMessagePath = overrideContainer.TerminationMessagePath
@@ -68,7 +64,7 @@ func Container(defaultContainer, overrideContainer corev1.Container) corev1.Cont
 		merged.ImagePullPolicy = overrideContainer.ImagePullPolicy
 	}
 
-	// TODO: merge SecurityContext
+	merged.SecurityContext = SecurityContext(defaultContainer.SecurityContext, overrideContainer.SecurityContext)
 
 	if overrideContainer.Stdin {
 		merged.Stdin = overrideContainer.Stdin
@@ -85,6 +81,110 @@ func Container(defaultContainer, overrideContainer corev1.Container) corev1.Cont
 	return merged
 }
 
+// Probe merges the contents of two probes together.
+func Probe(original, override *corev1.Probe) *corev1.Probe {
+	if override == nil {
+		return original
+	}
+	if original == nil {
+		return override
+	}
+	merged := *original
+	if override.Handler.Exec != nil {
+		merged.Handler.Exec = override.Handler.Exec
+	}
+	if override.Handler.HTTPGet != nil {
+		merged.Handler.HTTPGet = override.Handler.HTTPGet
+	}
+	if override.Handler.TCPSocket != nil {
+		merged.Handler.TCPSocket = override.Handler.TCPSocket
+	}
+	if override.InitialDelaySeconds != 0 {
+		merged.InitialDelaySeconds = override.InitialDelaySeconds
+	}
+	if override.TimeoutSeconds != 0 {
+		merged.TimeoutSeconds = override.TimeoutSeconds
+	}
+	if override.PeriodSeconds != 0 {
+		merged.PeriodSeconds = override.PeriodSeconds
+	}
+
+	if override.SuccessThreshold != 0 {
+		merged.SuccessThreshold = override.SuccessThreshold
+	}
+
+	if override.FailureThreshold != 0 {
+		merged.FailureThreshold = override.FailureThreshold
+	}
+	return &merged
+}
+
+// LifeCycle merges two LifeCycles.
+func LifeCycle(original, override *corev1.Lifecycle) *corev1.Lifecycle {
+	if override == nil {
+		return original
+	}
+	if original == nil {
+		return override
+	}
+	merged := *original
+
+	if override.PostStart != nil {
+		merged.PostStart = override.PostStart
+	}
+	if override.PreStop != nil {
+		merged.PreStop = override.PreStop
+	}
+	return &merged
+}
+
+// SecurityContext merges two security contexts.
+func SecurityContext(original, override *corev1.SecurityContext) *corev1.SecurityContext {
+	if override == nil {
+		return original
+	}
+	if original == nil {
+		return override
+	}
+	merged := *original
+
+	if override.Capabilities != nil {
+		merged.Capabilities = override.Capabilities
+	}
+
+	if override.Privileged != nil {
+		merged.Privileged = override.Privileged
+	}
+
+	if override.SELinuxOptions != nil {
+		merged.SELinuxOptions = override.SELinuxOptions
+	}
+
+	if override.WindowsOptions != nil {
+		merged.WindowsOptions = override.WindowsOptions
+	}
+	if override.RunAsUser != nil {
+		merged.RunAsUser = override.RunAsUser
+	}
+	if override.RunAsGroup != nil {
+		merged.RunAsGroup = override.RunAsGroup
+	}
+	if override.RunAsNonRoot != nil {
+		merged.RunAsNonRoot = override.RunAsNonRoot
+	}
+	if override.ReadOnlyRootFilesystem != nil {
+		merged.ReadOnlyRootFilesystem = override.ReadOnlyRootFilesystem
+	}
+	if override.AllowPrivilegeEscalation != nil {
+		merged.AllowPrivilegeEscalation = override.AllowPrivilegeEscalation
+	}
+	if override.ProcMount != nil {
+		merged.ProcMount = override.ProcMount
+	}
+	return &merged
+}
+
+// VolumeDevices merges two slices of VolumeDevices by name.
 func VolumeDevices(original, override []corev1.VolumeDevice) []corev1.VolumeDevice {
 	mergedDevicesMap := map[string]corev1.VolumeDevice{}
 	originalDevicesMap := createVolumeDevicesMap(original)
@@ -258,6 +358,7 @@ func createContainerPortMap(containerPorts []corev1.ContainerPort) map[string]co
 	return containerPortMap
 }
 
+// VolumeMounts merges two slices of volume mounts by name.
 func VolumeMounts(original, override []corev1.VolumeMount) []corev1.VolumeMount {
 	mergedMountsMap := map[string]corev1.VolumeMount{}
 	originalMounts := createVolumeMountMap(original)

pkg/util/merge/merge_test.go

@@ -4,6 +4,8 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/mongodb/mongodb-kubernetes-operator/pkg/kube/probes"
+
 	"k8s.io/apimachinery/pkg/api/resource"
 
 	"github.com/mongodb/mongodb-kubernetes-operator/pkg/kube/container"
@@ -56,8 +58,6 @@ func TestMergeStringSlices(t *testing.T) {
 }
 
 func TestMergeContainer(t *testing.T) {
-	// TODO: Add additional fields as they are merged
-
 	defaultQuantity := resource.NewQuantity(int64(10), resource.DecimalExponent)
 
 	defaultContainer := container.New(
@@ -67,6 +67,16 @@ func TestMergeContainer(t *testing.T) {
 		container.WithImagePullPolicy(corev1.PullAlways),
 		container.WithWorkDir("default-work-dir"),
 		container.WithArgs([]string{"arg0", "arg1"}),
+		container.WithLivenessProbe(probes.Apply(
+			probes.WithInitialDelaySeconds(10),
+			probes.WithFailureThreshold(20),
+			probes.WithExecCommand([]string{"exec", "command", "liveness"}),
+		)),
+		container.WithReadinessProbe(probes.Apply(
+			probes.WithInitialDelaySeconds(20),
+			probes.WithFailureThreshold(30),
+			probes.WithExecCommand([]string{"exec", "command", "readiness"}),
+		)),
 		container.WithVolumeDevices([]corev1.VolumeDevice{
 			{
 				Name:       "name-0",
@@ -121,6 +131,15 @@ func TestMergeContainer(t *testing.T) {
 			container.WithImage("override-image"),
 			container.WithWorkDir("override-work-dir"),
 			container.WithArgs([]string{"arg3", "arg2"}),
+			container.WithLivenessProbe(probes.Apply(
+				probes.WithInitialDelaySeconds(15),
+				probes.WithExecCommand([]string{"exec", "command", "override"}),
+			)),
+			container.WithReadinessProbe(probes.Apply(
+				probes.WithInitialDelaySeconds(5),
+				probes.WithFailureThreshold(6),
+				probes.WithExecCommand([]string{"exec", "command", "readiness", "override"}),
+			)),
 			container.WithVolumeDevices([]corev1.VolumeDevice{
 				{
 					Name:       "name-0",
@@ -180,6 +199,24 @@ func TestMergeContainer(t *testing.T) {
 			assert.NotNil(t, mergedContainer.Env[1].ValueFrom)
 		})
 
+		t.Run("Probes are overridden", func(t *testing.T) {
+			t.Run("Liveness probe", func(t *testing.T) {
+				livenessProbe := mergedContainer.LivenessProbe
+
+				assert.NotNil(t, livenessProbe)
+				assert.Equal(t, int32(15), livenessProbe.InitialDelaySeconds, "value is specified in override and so should be used.")
+				assert.Equal(t, int32(20), livenessProbe.FailureThreshold, "value is not specified in override so the original should be used.")
+				assert.Equal(t, []string{"exec", "command", "override"}, livenessProbe.Exec.Command, "value is not specified in override so the original should be used.")
+			})
+			t.Run("Readiness probe", func(t *testing.T) {
+				readinessProbe := mergedContainer.ReadinessProbe
+				assert.NotNil(t, readinessProbe)
+				assert.Equal(t, int32(5), readinessProbe.InitialDelaySeconds, "value is specified in override and so should be used.")
+				assert.Equal(t, int32(6), readinessProbe.FailureThreshold, "value is not specified in override so the original should be used.")
+				assert.Equal(t, []string{"exec", "command", "readiness", "override"}, readinessProbe.Exec.Command, "value is not specified in override so the original should be used.")
+			})
+		})
+
 		t.Run("Volume Devices are overridden", func(t *testing.T) {
 			volumeDevices := mergedContainer.VolumeDevices
 			assert.Len(t, volumeDevices, 3)
@@ -242,6 +279,24 @@ func TestMergeContainer(t *testing.T) {
 			assert.Nil(t, mergedContainer.Env[1].ValueFrom)
 		})
 
+		t.Run("Probes are not overridden", func(t *testing.T) {
+			t.Run("Liveness probe", func(t *testing.T) {
+				livenessProbe := mergedContainer.LivenessProbe
+
+				assert.NotNil(t, livenessProbe)
+				assert.Equal(t, int32(10), livenessProbe.InitialDelaySeconds, "value is not specified in override so the original should be used.")
+				assert.Equal(t, int32(20), livenessProbe.FailureThreshold, "value is not specified in override so the original should be used.")
+				assert.Equal(t, []string{"exec", "command", "liveness"}, livenessProbe.Exec.Command, "value is not specified in override so the original should be used.")
+			})
+			t.Run("Readiness probe", func(t *testing.T) {
+				readinessProbe := mergedContainer.ReadinessProbe
+				assert.NotNil(t, readinessProbe)
+				assert.Equal(t, int32(20), readinessProbe.InitialDelaySeconds, "value is not specified in override so the original should be used.")
+				assert.Equal(t, int32(30), readinessProbe.FailureThreshold, "value is not specified in override so the original should be used.")
+				assert.Equal(t, []string{"exec", "command", "readiness"}, readinessProbe.Exec.Command, "value is not specified in override so the original should be used.")
+			})
+		})
+
 		t.Run("Volume Devices are not overridden", func(t *testing.T) {
 			volumeDevices := mergedContainer.VolumeDevices
 			assert.Len(t, volumeDevices, 2)
@@ -445,3 +500,39 @@ func TestContainerPortSlicesByName(t *testing.T) {
 	})
 
 }
+
+func TestMergeSecurityContext(t *testing.T) {
+	privileged := true
+	windowsRunAsUserName := "username"
+	runAsGroup := int64(4)
+	original := &corev1.SecurityContext{
+		Capabilities: nil,
+		Privileged:   &privileged,
+		WindowsOptions: &corev1.WindowsSecurityContextOptions{
+			RunAsUserName: &windowsRunAsUserName,
+		},
+		RunAsGroup: &runAsGroup,
+	}
+
+	runAsGroup = int64(6)
+	override := &corev1.SecurityContext{
+		Capabilities: &corev1.Capabilities{
+			Add: []corev1.Capability{
+				"123",
+				"456",
+			},
+		},
+		Privileged: &privileged,
+		WindowsOptions: &corev1.WindowsSecurityContextOptions{
+			RunAsUserName: &windowsRunAsUserName,
+		},
+		RunAsGroup: &runAsGroup,
+	}
+
+	merged := SecurityContext(original, override)
+
+	assert.Equal(t, int64(6), *merged.RunAsGroup)
+	assert.Equal(t, "username", *merged.WindowsOptions.RunAsUserName)
+	assert.Equal(t, override.Capabilities, merged.Capabilities)
+	assert.True(t, *override.Privileged)
+}