Skip to content

Commit ee2ea8f

Browse files
mprahlopenshift-merge-bot[bot]
mprahl
authored and
openshift-merge-bot[bot]
committed
Update go-template-utils for better permission handling
This will stop the RetryWatcher if the service account used for templates no longer has access to watch a resource. Signed-off-by: mprahl <[email protected]>
1 parent 166702f commit ee2ea8f

12 files changed

+189
-172
lines changed

controllers/common/handler.go

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111
"sigs.k8s.io/controller-runtime/pkg/event"
1212
"sigs.k8s.io/controller-runtime/pkg/handler"
1313
"sigs.k8s.io/controller-runtime/pkg/predicate"
14+
"sigs.k8s.io/controller-runtime/pkg/reconcile"
1415
)
1516

1617
var _ handler.EventHandler = &EnqueueRequestsFromMapFunc{}
@@ -24,34 +25,34 @@ type EnqueueRequestsFromMapFunc struct {
2425

2526
// Create implements EventHandler
2627
func (e *EnqueueRequestsFromMapFunc) Create(ctx context.Context, evt event.CreateEvent,
27-
q workqueue.RateLimitingInterface,
28+
q workqueue.TypedRateLimitingInterface[reconcile.Request],
2829
) {
2930
e.mapAndEnqueue(ctx, q, evt.Object)
3031
}
3132

3233
// Update implements EventHandler
3334
func (e *EnqueueRequestsFromMapFunc) Update(ctx context.Context, evt event.UpdateEvent,
34-
q workqueue.RateLimitingInterface,
35+
q workqueue.TypedRateLimitingInterface[reconcile.Request],
3536
) {
3637
e.mapAndEnqueue(ctx, q, evt.ObjectNew)
3738
}
3839

3940
// Delete implements EventHandler
4041
func (e *EnqueueRequestsFromMapFunc) Delete(ctx context.Context, evt event.DeleteEvent,
41-
q workqueue.RateLimitingInterface,
42+
q workqueue.TypedRateLimitingInterface[reconcile.Request],
4243
) {
4344
e.mapAndEnqueue(ctx, q, evt.Object)
4445
}
4546

4647
// Generic implements EventHandler
4748
func (e *EnqueueRequestsFromMapFunc) Generic(ctx context.Context, evt event.GenericEvent,
48-
q workqueue.RateLimitingInterface,
49+
q workqueue.TypedRateLimitingInterface[reconcile.Request],
4950
) {
5051
e.mapAndEnqueue(ctx, q, evt.Object)
5152
}
5253

53-
func (e *EnqueueRequestsFromMapFunc) mapAndEnqueue(ctx context.Context, q workqueue.RateLimitingInterface,
54-
object client.Object,
54+
func (e *EnqueueRequestsFromMapFunc) mapAndEnqueue(
55+
ctx context.Context, q workqueue.TypedRateLimitingInterface[reconcile.Request], object client.Object,
5556
) {
5657
for _, req := range e.ToRequests(ctx, object) {
5758
q.Add(req)

controllers/common/policyset_handler.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ func mapPolicySetToRequests(object client.Object) []reconcile.Request {
4343

4444
// Create implements EventHandler
4545
func (e *EnqueueRequestsFromPolicySet) Create(_ context.Context, evt event.CreateEvent,
46-
q workqueue.RateLimitingInterface,
46+
q workqueue.TypedRateLimitingInterface[reconcile.Request],
4747
) {
4848
for _, policy := range mapPolicySetToRequests(evt.Object) {
4949
q.Add(policy)
@@ -53,7 +53,7 @@ func (e *EnqueueRequestsFromPolicySet) Create(_ context.Context, evt event.Creat
5353
// Update implements EventHandler
5454
// Enqueues the diff between the new and old policy sets in the UpdateEvent
5555
func (e *EnqueueRequestsFromPolicySet) Update(_ context.Context, evt event.UpdateEvent,
56-
q workqueue.RateLimitingInterface,
56+
q workqueue.TypedRateLimitingInterface[reconcile.Request],
5757
) {
5858
//nolint:forcetypeassert
5959
newPolicySet := evt.ObjectNew.(*policiesv1beta1.PolicySet)
@@ -97,7 +97,7 @@ func (e *EnqueueRequestsFromPolicySet) Update(_ context.Context, evt event.Updat
9797

9898
// Delete implements EventHandler
9999
func (e *EnqueueRequestsFromPolicySet) Delete(_ context.Context, evt event.DeleteEvent,
100-
q workqueue.RateLimitingInterface,
100+
q workqueue.TypedRateLimitingInterface[reconcile.Request],
101101
) {
102102
for _, policy := range mapPolicySetToRequests(evt.Object) {
103103
q.Add(policy)
@@ -106,7 +106,7 @@ func (e *EnqueueRequestsFromPolicySet) Delete(_ context.Context, evt event.Delet
106106

107107
// Generic implements EventHandler
108108
func (e *EnqueueRequestsFromPolicySet) Generic(_ context.Context, evt event.GenericEvent,
109-
q workqueue.RateLimitingInterface,
109+
q workqueue.TypedRateLimitingInterface[reconcile.Request],
110110
) {
111111
for _, policy := range mapPolicySetToRequests(evt.Object) {
112112
q.Add(policy)

controllers/complianceeventsapi/complianceeventsapi_controller.go

Lines changed: 12 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ type ComplianceServerCtx struct {
7272
// A read lock should be used when the DB is accessed.
7373
Lock sync.RWMutex
7474
DB *sql.DB
75-
Queue workqueue.Interface
75+
Queue workqueue.TypedInterface[types.NamespacedName]
7676
needsMigration bool
7777
// Required to run a migration after the database connection changed or the feature was enabled.
7878
connectionURL string
@@ -103,7 +103,7 @@ func NewComplianceServerCtx(dbConnectionURL string, clusterID string) (*Complian
103103

104104
return &ComplianceServerCtx{
105105
Lock: sync.RWMutex{},
106-
Queue: workqueue.New(),
106+
Queue: workqueue.NewTyped[types.NamespacedName](),
107107
connectionURL: dbConnectionURL,
108108
DB: db,
109109
ClusterID: clusterID,
@@ -293,20 +293,17 @@ func MonitorDatabaseConnection(
293293
for complianceServerCtx.Queue.Len() > 0 {
294294
request, shutdown := complianceServerCtx.Queue.Get()
295295

296-
switch v := request.(type) {
297-
case types.NamespacedName:
298-
reconcileRequests <- event.GenericEvent{
299-
Object: &common.GuttedObject{
300-
TypeMeta: metav1.TypeMeta{
301-
APIVersion: policyv1.GroupVersion.String(),
302-
Kind: "Policy",
303-
},
304-
ObjectMeta: metav1.ObjectMeta{
305-
Name: v.Name,
306-
Namespace: v.Namespace,
307-
},
296+
reconcileRequests <- event.GenericEvent{
297+
Object: &common.GuttedObject{
298+
TypeMeta: metav1.TypeMeta{
299+
APIVersion: policyv1.GroupVersion.String(),
300+
Kind: "Policy",
308301
},
309-
}
302+
ObjectMeta: metav1.ObjectMeta{
303+
Name: request.Name,
304+
Namespace: request.Namespace,
305+
},
306+
},
310307
}
311308

312309
complianceServerCtx.Queue.Done(request)

controllers/propagator/replicatedpolicy_controller.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,7 @@ func (r *ReplicatedPolicyReconciler) Reconcile(ctx context.Context, request ctrl
338338

339339
// Retry template errors due to permission issues. This isn't ideal, but there's no good event driven way to
340340
// be notified when the permissions are given to the service account.
341-
if k8serrors.IsForbidden(tmplErr) {
341+
if k8serrors.IsForbidden(tmplErr) || k8serrors.IsUnauthorized(tmplErr) {
342342
returnErr = tmplErr
343343
}
344344

controllers/propagator/replicatedpolicy_setup.go

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ import (
1010
"sigs.k8s.io/controller-runtime/pkg/builder"
1111
"sigs.k8s.io/controller-runtime/pkg/controller"
1212
"sigs.k8s.io/controller-runtime/pkg/event"
13-
"sigs.k8s.io/controller-runtime/pkg/handler"
1413
"sigs.k8s.io/controller-runtime/pkg/predicate"
1514
"sigs.k8s.io/controller-runtime/pkg/source"
1615

@@ -33,10 +32,10 @@ func (r *ReplicatedPolicyReconciler) SetupWithManager(
3332
For(
3433
&policiesv1.Policy{},
3534
builder.WithPredicates(replicatedPolicyPredicates(r.ResourceVersions))).
36-
WatchesRawSource(dependenciesSource, &handler.EnqueueRequestForObject{}).
37-
WatchesRawSource(updateSrc, &handler.EnqueueRequestForObject{}).
38-
WatchesRawSource(templateSrc, &handler.EnqueueRequestForObject{}).
39-
WatchesRawSource(saTemplateSrc, &handler.EnqueueRequestForObject{}).
35+
WatchesRawSource(dependenciesSource).
36+
WatchesRawSource(updateSrc).
37+
WatchesRawSource(templateSrc).
38+
WatchesRawSource(saTemplateSrc).
4039
Watches(
4140
&clusterv1beta1.PlacementDecision{},
4241
HandlerForDecision(mgr.GetClient()),

controllers/propagator/replicatepolicy_pb_eventHandler.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,14 +27,14 @@ type handlerForBinding struct {
2727

2828
// Create implements EventHandler.
2929
func (e *handlerForBinding) Create(ctx context.Context,
30-
evt event.CreateEvent, q workqueue.RateLimitingInterface,
30+
evt event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
3131
) {
3232
e.mapAndEnqueue(ctx, q, evt.Object)
3333
}
3434

3535
// Update implements EventHandler. Update only targeted(modified) objects
3636
func (e *handlerForBinding) Update(ctx context.Context,
37-
evt event.UpdateEvent, q workqueue.RateLimitingInterface,
37+
evt event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
3838
) {
3939
log.V(1).Info("Detect placementBinding and update targeted replicated-policies")
4040
//nolint:forcetypeassert
@@ -73,20 +73,20 @@ func (e *handlerForBinding) Update(ctx context.Context,
7373

7474
// Delete implements EventHandler.
7575
func (e *handlerForBinding) Delete(ctx context.Context,
76-
evt event.DeleteEvent, q workqueue.RateLimitingInterface,
76+
evt event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
7777
) {
7878
e.mapAndEnqueue(ctx, q, evt.Object)
7979
}
8080

8181
// Generic implements EventHandler.
8282
func (e *handlerForBinding) Generic(ctx context.Context,
83-
evt event.GenericEvent, q workqueue.RateLimitingInterface,
83+
evt event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
8484
) {
8585
e.mapAndEnqueue(ctx, q, evt.Object)
8686
}
8787

8888
func (e *handlerForBinding) mapAndEnqueue(ctx context.Context,
89-
q workqueue.RateLimitingInterface, obj client.Object,
89+
q workqueue.TypedRateLimitingInterface[reconcile.Request], obj client.Object,
9090
) {
9191
pBinding := obj.(*policiesv1.PlacementBinding)
9292
reqs := e.getMappedReplicatedPolicy(ctx, pBinding)

controllers/propagator/replicatepolicy_pd_eventHandler.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,14 +29,14 @@ type handlerForDecision struct {
2929

3030
// Create implements EventHandler.
3131
func (e *handlerForDecision) Create(ctx context.Context,
32-
evt event.CreateEvent, q workqueue.RateLimitingInterface,
32+
evt event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
3333
) {
3434
e.mapAndEnqueue(ctx, q, evt.Object)
3535
}
3636

3737
// Update implements EventHandler. Update only targeted(modified) objects
3838
func (e *handlerForDecision) Update(ctx context.Context,
39-
evt event.UpdateEvent, q workqueue.RateLimitingInterface,
39+
evt event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
4040
) {
4141
log.V(1).Info("Detect placementDecision and update targeted replicated-policies")
4242
//nolint:forcetypeassert
@@ -80,20 +80,20 @@ func (e *handlerForDecision) Update(ctx context.Context,
8080

8181
// Delete implements EventHandler.
8282
func (e *handlerForDecision) Delete(ctx context.Context,
83-
evt event.DeleteEvent, q workqueue.RateLimitingInterface,
83+
evt event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
8484
) {
8585
e.mapAndEnqueue(ctx, q, evt.Object)
8686
}
8787

8888
// Generic implements EventHandler.
8989
func (e *handlerForDecision) Generic(ctx context.Context,
90-
evt event.GenericEvent, q workqueue.RateLimitingInterface,
90+
evt event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
9191
) {
9292
e.mapAndEnqueue(ctx, q, evt.Object)
9393
}
9494

9595
func (e *handlerForDecision) mapAndEnqueue(ctx context.Context,
96-
q workqueue.RateLimitingInterface, obj client.Object,
96+
q workqueue.TypedRateLimitingInterface[reconcile.Request], obj client.Object,
9797
) {
9898
pDecision := obj.(*clusterv1beta1.PlacementDecision)
9999
reqs := e.getMappedReplicatedPolicy(ctx, pDecision)

controllers/propagator/replicatepolicy_pr_eventHandler.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -30,14 +30,14 @@ type handlerForRule struct {
3030

3131
// Create implements EventHandler.
3232
func (e *handlerForRule) Create(ctx context.Context,
33-
evt event.CreateEvent, q workqueue.RateLimitingInterface,
33+
evt event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
3434
) {
3535
e.mapAndEnqueue(ctx, q, evt.Object)
3636
}
3737

3838
// Update implements EventHandler. Update only targeted(modified) objects
3939
func (e *handlerForRule) Update(ctx context.Context,
40-
evt event.UpdateEvent, q workqueue.RateLimitingInterface,
40+
evt event.UpdateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
4141
) {
4242
log.Info("Detect placementDecision and update targeted replicated-policies")
4343
//nolint:forcetypeassert
@@ -76,20 +76,20 @@ func (e *handlerForRule) Update(ctx context.Context,
7676

7777
// Delete implements EventHandler.
7878
func (e *handlerForRule) Delete(ctx context.Context,
79-
evt event.DeleteEvent, q workqueue.RateLimitingInterface,
79+
evt event.DeleteEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
8080
) {
8181
e.mapAndEnqueue(ctx, q, evt.Object)
8282
}
8383

8484
// Generic implements EventHandler.
8585
func (e *handlerForRule) Generic(ctx context.Context,
86-
evt event.GenericEvent, q workqueue.RateLimitingInterface,
86+
evt event.GenericEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request],
8787
) {
8888
e.mapAndEnqueue(ctx, q, evt.Object)
8989
}
9090

9191
func (e *handlerForRule) mapAndEnqueue(ctx context.Context,
92-
q workqueue.RateLimitingInterface, obj client.Object,
92+
q workqueue.TypedRateLimitingInterface[reconcile.Request], obj client.Object,
9393
) {
9494
pRule := obj.(*appsv1.PlacementRule)
9595
reqs := e.getMappedReplicatedPolicy(ctx, pRule)

controllers/propagator/template_utils.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ import (
2525
"k8s.io/client-go/rest"
2626
"sigs.k8s.io/controller-runtime/pkg/client"
2727
"sigs.k8s.io/controller-runtime/pkg/event"
28+
"sigs.k8s.io/controller-runtime/pkg/reconcile"
2829
"sigs.k8s.io/controller-runtime/pkg/source"
2930

3031
policiesv1 "open-cluster-management.io/governance-policy-propagator/api/v1"
@@ -120,7 +121,7 @@ func NewTemplateResolvers(
120121
mgrClient client.Client,
121122
defaultTemplateResolver *templates.TemplateResolver,
122123
replicatedPolicyUpdates chan event.GenericEvent,
123-
) (*TemplateResolvers, *source.Channel) {
124+
) (*TemplateResolvers, source.TypedSource[reconcile.Request]) {
124125
dynamicWatcherReconciler, dynamicWatcherSource := k8sdepwatches.NewControllerRuntimeSource()
125126

126127
return &TemplateResolvers{

0 commit comments

Comments
 (0)