diff --git a/go.mod b/go.mod index f31001d60e..6848c1b7cf 100644 --- a/go.mod +++ b/go.mod @@ -127,3 +127,5 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) + +replace github.com/openshift/library-go => github.com/vrutkovs/library-go v0.0.0-20250805095042-0c1ebca29e89 diff --git a/go.sum b/go.sum index 634606327a..85663b5780 100644 --- a/go.sum +++ b/go.sum @@ -166,8 +166,6 @@ github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+S github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee h1:tOtrrxfDEW8hK3eEsHqxsXurq/D6LcINGfprkQC3hqY= github.com/openshift/client-go v0.0.0-20250710075018-396b36f983ee/go.mod h1:zhRiYyNMk89llof2qEuGPWPD+joQPhCRUc2IK0SB510= -github.com/openshift/library-go v0.0.0-20250729191057-91376e1b394e h1:xYT+P++PSc9G+Y47pIcU9fm8IDV/tg6tMi3i+0m23pU= -github.com/openshift/library-go v0.0.0-20250729191057-91376e1b394e/go.mod h1:tptKNust9MdRI0p90DoBSPHIrBa9oh+Rok59tF0vT8c= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -215,6 +213,8 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= +github.com/vrutkovs/library-go v0.0.0-20250805095042-0c1ebca29e89 h1:ALQ38TUZDbGnMkSxwcxBtZz8n+iwIwfysagz7kuCsSw= +github.com/vrutkovs/library-go v0.0.0-20250805095042-0c1ebca29e89/go.mod h1:tptKNust9MdRI0p90DoBSPHIrBa9oh+Rok59tF0vT8c= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510 h1:S2dVYn90KE98chqDkyE9Z4N61UnQd+KOfgp5Iu53llk= diff --git a/pkg/operator/starter.go b/pkg/operator/starter.go index a0c1828f7e..87ba325cc2 100644 --- a/pkg/operator/starter.go +++ b/pkg/operator/starter.go @@ -443,6 +443,7 @@ func RunOperator(ctx context.Context, controllerContext *controllercmd.Controlle kubeClient, configInformers, kubeInformersForNamespaces.InformersFor(operatorclient.TargetNamespace), + kubeInformersForNamespaces.ConfigMapLister().ConfigMaps(operatorclient.TargetNamespace), controllerContext.EventRecorder, ) diff --git a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go index 318bf2e522..bad5e4ecd6 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/apiserver/controller/auditpolicy/auditpolicy_controller.go @@ -2,6 +2,7 @@ package auditpolicy import ( "context" + "reflect" "time" applyoperatorv1 "github.com/openshift/client-go/operator/applyconfigurations/operator/v1" @@ -17,10 +18,12 @@ import ( "github.com/openshift/library-go/pkg/operator/resource/resourceapply" "github.com/openshift/library-go/pkg/operator/v1helpers" v1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" kubeinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" + corev1listers "k8s.io/client-go/listers/core/v1" "sigs.k8s.io/yaml" ) @@ -28,6 +31,7 @@ type auditPolicyController struct { controllerInstanceName string apiserverConfigLister configv1listers.APIServerLister kubeClient kubernetes.Interface + configMapLister corev1listers.ConfigMapNamespaceLister operatorClient v1helpers.OperatorClient targetNamespace, targetConfigMapName string } @@ -41,7 +45,8 @@ func NewAuditPolicyController( operatorClient v1helpers.OperatorClient, kubeClient kubernetes.Interface, configInformers configinformers.SharedInformerFactory, - kubeInformersForTargetNamesace kubeinformers.SharedInformerFactory, + kubeInformersForTargetNamespace kubeinformers.SharedInformerFactory, + configMapLister corev1listers.ConfigMapNamespaceLister, eventRecorder events.Recorder, ) factory.Controller { c := &auditPolicyController{ @@ -49,15 +54,25 @@ func NewAuditPolicyController( operatorClient: operatorClient, apiserverConfigLister: configInformers.Config().V1().APIServers().Lister(), kubeClient: kubeClient, + configMapLister: configMapLister, targetNamespace: targetNamespace, targetConfigMapName: targetConfigMapName, } - return factory.New().WithSync(c.sync).WithControllerInstanceName(c.controllerInstanceName).ResyncEvery(1*time.Minute).WithInformers( - configInformers.Config().V1().APIServers().Informer(), - kubeInformersForTargetNamesace.Core().V1().ConfigMaps().Informer(), - operatorClient.Informer(), - ).ToController( + return factory.New(). + WithSync(c.sync). + WithControllerInstanceName(c.controllerInstanceName). + ResyncEvery(1*time.Minute). + WithFilteredEventsInformers(func(obj interface{}) bool { + if cm, ok := obj.(*v1.ConfigMap); ok { + return cm.Namespace == targetNamespace && cm.Name == targetConfigMapName + } + return true + }, + configInformers.Config().V1().APIServers().Informer(), + kubeInformersForTargetNamespace.Core().V1().ConfigMaps().Informer(), + operatorClient.Informer(), + ).ToController( "auditPolicyController", // don't change what is passed here unless you also remove the old FooDegraded condition eventRecorder.WithComponentSuffix("audit-policy-controller"), ) @@ -120,7 +135,7 @@ func (c *auditPolicyController) syncAuditPolicy(ctx context.Context, config conf return err } - cm := &v1.ConfigMap{ + desiredConfigMap := &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Namespace: c.targetNamespace, Name: c.targetConfigMapName, @@ -129,7 +144,17 @@ func (c *auditPolicyController) syncAuditPolicy(ctx context.Context, config conf "policy.yaml": string(bs), }, } + actualConfigMap, err := c.configMapLister.Get(c.targetConfigMapName) + if !apierrors.IsNotFound(err) { + if err != nil { + return err + } + actualPolicy, ok := actualConfigMap.Data["policy.yaml"] + if ok && reflect.DeepEqual(actualPolicy, string(bs)) { + return nil + } + } - _, _, err = resourceapply.ApplyConfigMap(ctx, c.kubeClient.CoreV1(), recorder, cm) + _, _, err = resourceapply.ApplyConfigMap(ctx, c.kubeClient.CoreV1(), recorder, desiredConfigMap) return err } diff --git a/vendor/modules.txt b/vendor/modules.txt index 62a271b5bc..cacaed594b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -346,7 +346,7 @@ github.com/openshift/client-go/security/informers/externalversions/internalinter github.com/openshift/client-go/security/informers/externalversions/security github.com/openshift/client-go/security/informers/externalversions/security/v1 github.com/openshift/client-go/security/listers/security/v1 -# github.com/openshift/library-go v0.0.0-20250729191057-91376e1b394e +# github.com/openshift/library-go v0.0.0-20250729191057-91376e1b394e => github.com/vrutkovs/library-go v0.0.0-20250805095042-0c1ebca29e89 ## explicit; go 1.24.0 github.com/openshift/library-go/pkg/apiserver/jsonpatch github.com/openshift/library-go/pkg/assets @@ -1587,3 +1587,4 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml sigs.k8s.io/yaml/goyaml.v2 +# github.com/openshift/library-go => github.com/vrutkovs/library-go v0.0.0-20250805095042-0c1ebca29e89