Skip to content

Commit aac9596

Browse files
alex-bezekalex-bezek
authored
Make the driver seed function respect the watch namespace filter (#771)
1 parent 6a86b39 commit aac9596

File tree

3 files changed

+79
-17
lines changed

3 files changed

+79
-17
lines changed

cmd/api-manager.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -539,7 +539,11 @@ func getK8sResourceDriver(ctx context.Context, mgr manager.Manager, options apiM
539539
d.WithNgrokMetadata(customMetadata)
540540
}
541541

542-
if err := d.Seed(ctx, mgr.GetAPIReader()); err != nil {
542+
var seedOpts []client.ListOption
543+
if options.ingressWatchNamespace != "" {
544+
seedOpts = append(seedOpts, client.InNamespace(options.ingressWatchNamespace))
545+
}
546+
if err := d.Seed(ctx, mgr.GetAPIReader(), seedOpts...); err != nil {
543547
return nil, fmt.Errorf("unable to seed cache store: %w", err)
544548
}
545549

pkg/managerdriver/driver.go

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -194,31 +194,31 @@ func (d *Driver) setNgrokMetadataOwner(owner string, customNgrokMetadata map[str
194194
return string(jsonString), nil
195195
}
196196

197-
func listObjectsForType(ctx context.Context, client client.Reader, v interface{}) ([]client.Object, error) {
197+
func listObjectsForType(ctx context.Context, client client.Reader, v interface{}, listOpts ...client.ListOption) ([]client.Object, error) {
198198
switch v.(type) {
199199

200200
// ----------------------------------------------------------------------------
201201
// Kubernetes Core API Support
202202
// ----------------------------------------------------------------------------
203203
case *corev1.Service:
204204
services := &corev1.ServiceList{}
205-
err := client.List(ctx, services)
205+
err := client.List(ctx, services, listOpts...)
206206
return util.ToClientObjects(services.Items), err
207207
case *corev1.Secret:
208208
secrets := &corev1.SecretList{}
209-
err := client.List(ctx, secrets)
209+
err := client.List(ctx, secrets, listOpts...)
210210
return util.ToClientObjects(secrets.Items), err
211211
case *corev1.ConfigMap:
212212
configmaps := &corev1.ConfigMapList{}
213-
err := client.List(ctx, configmaps)
213+
err := client.List(ctx, configmaps, listOpts...)
214214
return util.ToClientObjects(configmaps.Items), err
215215
case *corev1.Namespace:
216216
namespaces := &corev1.NamespaceList{}
217217
err := client.List(ctx, namespaces)
218218
return util.ToClientObjects(namespaces.Items), err
219219
case *netv1.Ingress:
220220
ingresses := &netv1.IngressList{}
221-
err := client.List(ctx, ingresses)
221+
err := client.List(ctx, ingresses, listOpts...)
222222
return util.ToClientObjects(ingresses.Items), err
223223
case *netv1.IngressClass:
224224
ingressClasses := &netv1.IngressClassList{}
@@ -234,43 +234,43 @@ func listObjectsForType(ctx context.Context, client client.Reader, v interface{}
234234
return util.ToClientObjects(gatewayClasses.Items), err
235235
case *gatewayv1.Gateway:
236236
gateways := &gatewayv1.GatewayList{}
237-
err := client.List(ctx, gateways)
237+
err := client.List(ctx, gateways, listOpts...)
238238
return util.ToClientObjects(gateways.Items), err
239239
case *gatewayv1.HTTPRoute:
240240
httproutes := &gatewayv1.HTTPRouteList{}
241-
err := client.List(ctx, httproutes)
241+
err := client.List(ctx, httproutes, listOpts...)
242242
return util.ToClientObjects(httproutes.Items), err
243243
case *gatewayv1alpha2.TCPRoute:
244244
tcpRoutes := &gatewayv1alpha2.TCPRouteList{}
245-
err := client.List(ctx, tcpRoutes)
245+
err := client.List(ctx, tcpRoutes, listOpts...)
246246
return util.ToClientObjects(tcpRoutes.Items), err
247247
case *gatewayv1alpha2.TLSRoute:
248248
tlsRoutes := &gatewayv1alpha2.TLSRouteList{}
249-
err := client.List(ctx, tlsRoutes)
249+
err := client.List(ctx, tlsRoutes, listOpts...)
250250
return util.ToClientObjects(tlsRoutes.Items), err
251251
case *gatewayv1beta1.ReferenceGrant:
252252
referenceGrants := &gatewayv1beta1.ReferenceGrantList{}
253-
err := client.List(ctx, referenceGrants)
253+
err := client.List(ctx, referenceGrants, listOpts...)
254254
return util.ToClientObjects(referenceGrants.Items), err
255255

256256
// ----------------------------------------------------------------------------
257257
// Ngrok API Support
258258
// ----------------------------------------------------------------------------
259259
case *ingressv1alpha1.Domain:
260260
domains := &ingressv1alpha1.DomainList{}
261-
err := client.List(ctx, domains)
261+
err := client.List(ctx, domains, listOpts...)
262262
return util.ToClientObjects(domains.Items), err
263263
case *ngrokv1alpha1.NgrokTrafficPolicy:
264264
policies := &ngrokv1alpha1.NgrokTrafficPolicyList{}
265-
err := client.List(ctx, policies)
265+
err := client.List(ctx, policies, listOpts...)
266266
return util.ToClientObjects(policies.Items), err
267267
case *ngrokv1alpha1.AgentEndpoint:
268268
agentEndpoints := &ngrokv1alpha1.AgentEndpointList{}
269-
err := client.List(ctx, agentEndpoints)
269+
err := client.List(ctx, agentEndpoints, listOpts...)
270270
return util.ToClientObjects(agentEndpoints.Items), err
271271
case *ngrokv1alpha1.CloudEndpoint:
272272
cloudEndpoints := &ngrokv1alpha1.CloudEndpointList{}
273-
err := client.List(ctx, cloudEndpoints)
273+
err := client.List(ctx, cloudEndpoints, listOpts...)
274274
return util.ToClientObjects(cloudEndpoints.Items), err
275275
}
276276
return nil, fmt.Errorf("unsupported type %T", v)
@@ -298,7 +298,7 @@ func listObjectsForType(ctx context.Context, client client.Reader, v interface{}
298298
// - AgentEndpoints
299299
// - CloudEndpoints
300300
// When the sync method becomes a background process, this likely won't be needed anymore
301-
func (d *Driver) Seed(ctx context.Context, c client.Reader) error {
301+
func (d *Driver) Seed(ctx context.Context, c client.Reader, listOpts ...client.ListOption) error {
302302
typesToSeed := []interface{}{
303303
&netv1.Ingress{},
304304
&netv1.IngressClass{},
@@ -331,7 +331,7 @@ func (d *Driver) Seed(ctx context.Context, c client.Reader) error {
331331
}
332332

333333
for _, v := range typesToSeed {
334-
objects, err := listObjectsForType(ctx, c, v)
334+
objects, err := listObjectsForType(ctx, c, v, listOpts...)
335335
if err != nil {
336336
return err
337337
}

pkg/managerdriver/driver_test.go

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,64 @@ var _ = Describe("Driver", func() {
8787
Expect(foundObj).To(Equal(obj))
8888
}
8989
})
90+
It("Should not seed namespace-scoped resources from outside the watched namespace", func() {
91+
watchedNS := "watched-ns"
92+
otherNS := "other-ns"
93+
94+
// Resources in the watched namespace
95+
watchedIngress := testutils.NewTestIngressV1("ingress-watched", watchedNS)
96+
watchedDomain := testutils.NewDomainV1("watched.example.com", watchedNS)
97+
watchedService := testutils.NewTestServiceV1("svc-watched", watchedNS)
98+
99+
// Resources in another namespace (should be excluded when namespace-scoped)
100+
otherIngress := testutils.NewTestIngressV1("ingress-other", otherNS)
101+
otherDomain := testutils.NewDomainV1("other.example.com", otherNS)
102+
otherService := testutils.NewTestServiceV1("svc-other", otherNS)
103+
104+
// Cluster-scoped resources (should always be included)
105+
ic := testutils.NewTestIngressClass("ngrok-class", true, true)
106+
107+
allObjs := []runtime.Object{
108+
watchedIngress, watchedDomain, watchedService,
109+
otherIngress, otherDomain, otherService,
110+
ic,
111+
}
112+
113+
c := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(allObjs...).Build()
114+
err := driver.Seed(GinkgoT().Context(), c, client.InNamespace(watchedNS))
115+
Expect(err).ToNot(HaveOccurred())
116+
117+
// Watched namespace resources should be in the store
118+
_, found, err := driver.store.Get(watchedIngress)
119+
Expect(err).ToNot(HaveOccurred())
120+
Expect(found).To(BeTrue(), "watched ingress should be in store")
121+
122+
_, found, err = driver.store.Get(watchedDomain)
123+
Expect(err).ToNot(HaveOccurred())
124+
Expect(found).To(BeTrue(), "watched domain should be in store")
125+
126+
_, found, err = driver.store.Get(watchedService)
127+
Expect(err).ToNot(HaveOccurred())
128+
Expect(found).To(BeTrue(), "watched service should be in store")
129+
130+
// Other namespace resources should NOT be in the store
131+
_, found, err = driver.store.Get(otherIngress)
132+
Expect(err).ToNot(HaveOccurred())
133+
Expect(found).To(BeFalse(), "other-ns ingress should NOT be in store")
134+
135+
_, found, err = driver.store.Get(otherDomain)
136+
Expect(err).ToNot(HaveOccurred())
137+
Expect(found).To(BeFalse(), "other-ns domain should NOT be in store")
138+
139+
_, found, err = driver.store.Get(otherService)
140+
Expect(err).ToNot(HaveOccurred())
141+
Expect(found).To(BeFalse(), "other-ns service should NOT be in store")
142+
143+
// Cluster-scoped resources should still be in the store
144+
_, found, err = driver.store.Get(ic)
145+
Expect(err).ToNot(HaveOccurred())
146+
Expect(found).To(BeTrue(), "cluster-scoped IngressClass should be in store")
147+
})
90148
})
91149

92150
Describe("DeleteIngress", func() {

0 commit comments

Comments
 (0)