Merge pull request #1880 from deads2k/recorder

API-1835: require passive clock for event recorder to avoid accidents

Author: openshift-merge-bot[bot]

pkg/controller/controllercmd/builder.go

@@ -3,6 +3,7 @@ package controllercmd
 import (
 	"context"
 	"fmt"
+	"k8s.io/utils/clock"
 	"os"
 	"strings"
 	"sync"
@@ -40,6 +41,9 @@ type StartFunc func(context.Context, *ControllerContext) error
 type ControllerContext struct {
 	ComponentConfig *unstructured.Unstructured
 
+	// Clock is a potentially fake clock that must be used to run controllers.
+	Clock clock.Clock
+
 	// KubeConfig provides the REST config with no content type (it will default to JSON).
 	// Use this config for CR resources.
 	KubeConfig *rest.Config
@@ -71,6 +75,7 @@ type ControllerBuilder struct {
 	fileObserverReactorFn   func(file string, action fileobserver.ActionType) error
 	eventRecorderOptions    record.CorrelatorOptions
 	componentOwnerReference *corev1.ObjectReference
+	clock                   clock.Clock
 
 	startFunc          StartFunc
 	componentName      string
@@ -121,10 +126,11 @@ func (i infrastructureStatusTopologyDetector) DetectTopology(ctx context.Context
 var _ TopologyDetector = (*infrastructureStatusTopologyDetector)(nil)
 
 // NewController returns a builder struct for constructing the command you want to run
-func NewController(componentName string, startFunc StartFunc) *ControllerBuilder {
+func NewController(componentName string, startFunc StartFunc, clock clock.Clock) *ControllerBuilder {
 	return &ControllerBuilder{
 		startFunc:        startFunc,
 		componentName:    componentName,
+		clock:            clock,
 		observerInterval: defaultObserverInterval,
 		nonZeroExitFn: func(args ...interface{}) {
 			klog.Warning(args...)
@@ -266,7 +272,7 @@ func (b *ControllerBuilder) Run(ctx context.Context, config *unstructured.Unstru
 			klog.Warningf("unable to get owner reference (falling back to namespace): %v", err)
 		}
 	}
-	eventRecorder := events.NewKubeRecorderWithOptions(kubeClient.CoreV1().Events(namespace), b.eventRecorderOptions, b.componentName, controllerRef)
+	eventRecorder := events.NewKubeRecorderWithOptions(kubeClient.CoreV1().Events(namespace), b.eventRecorderOptions, b.componentName, controllerRef, b.clock)
 
 	utilruntime.PanicHandlers = append(utilruntime.PanicHandlers, func(c context.Context, r interface{}) {
 		eventRecorder.Warningf(fmt.Sprintf("%sPanic", strings.Title(b.componentName)), "Panic observed: %v", r)
@@ -336,6 +342,7 @@ func (b *ControllerBuilder) Run(ctx context.Context, config *unstructured.Unstru
 
 	controllerContext := &ControllerContext{
 		ComponentConfig:   config,
+		Clock:             b.clock,
 		KubeConfig:        clientConfig,
 		ProtoKubeConfig:   protoConfig,
 		EventRecorder:     eventRecorder,

pkg/controller/controllercmd/cmd.go

@@ -3,6 +3,7 @@ package controllercmd
 import (
 	"context"
 	"fmt"
+	"k8s.io/utils/clock"
 	"math/rand"
 	"os"
 	"path/filepath"
@@ -41,6 +42,7 @@ type ControllerCommandConfig struct {
 	componentName string
 	startFunc     StartFunc
 	version       version.Info
+	clock         clock.Clock
 
 	basicFlags *ControllerFlags
 
@@ -76,11 +78,12 @@ type ControllerCommandConfig struct {
 
 // NewControllerConfig returns a new ControllerCommandConfig which can be used to wire up all the boiler plate of a controller
 // TODO add more methods around wiring health checks and the like
-func NewControllerCommandConfig(componentName string, version version.Info, startFunc StartFunc) *ControllerCommandConfig {
+func NewControllerCommandConfig(componentName string, version version.Info, startFunc StartFunc, clock clock.Clock) *ControllerCommandConfig {
 	return &ControllerCommandConfig{
 		startFunc:     startFunc,
 		componentName: componentName,
 		version:       version,
+		clock:         clock,
 
 		basicFlags: NewControllerFlags(),
 
@@ -322,7 +325,7 @@ func (c *ControllerCommandConfig) StartController(ctx context.Context) error {
 	config.LeaderElection.RenewDeadline = c.RenewDeadline
 	config.LeaderElection.RetryPeriod = c.RetryPeriod
 
-	builder := NewController(c.componentName, c.startFunc).
+	builder := NewController(c.componentName, c.startFunc, c.clock).
 		WithKubeConfigFile(c.basicFlags.KubeConfigFile, nil).
 		WithComponentNamespace(c.basicFlags.Namespace).
 		WithLeaderElection(config.LeaderElection, c.basicFlags.Namespace, c.componentName+"-lock").

pkg/controller/factory/factory_test.go

@@ -3,6 +3,7 @@ package factory
 import (
 	"context"
 	"fmt"
+	clocktesting "k8s.io/utils/clock/testing"
 	"sync"
 	"testing"
 	"time"
@@ -108,7 +109,7 @@ func TestResyncController(t *testing.T) {
 		}
 		t.Logf("controller sync called (%d)", syncCallCount)
 		return nil
-	}).ToController("PeriodicController", events.NewInMemoryRecorder("periodic-controller"))
+	}).ToController("PeriodicController", events.NewInMemoryRecorder("periodic-controller", clocktesting.NewFakePassiveClock(time.Now())))
 
 	go controller.Run(ctx, 1)
 	time.Sleep(1 * time.Second) // Give controller time to start
@@ -155,7 +156,7 @@ func TestMultiWorkerControllerShutdown(t *testing.T) {
 		workersShutdownMutex.Unlock()
 
 		return nil
-	}).ToController("ShutdownController", events.NewInMemoryRecorder("shutdown-controller"))
+	}).ToController("ShutdownController", events.NewInMemoryRecorder("shutdown-controller", clocktesting.NewFakePassiveClock(time.Now())))
 
 	// wait for all workers to be busy, then signal shutdown
 	go func() {
@@ -192,7 +193,7 @@ func TestControllerWithInformer(t *testing.T) {
 			t.Errorf("expected queue key to be 'key', got %q", syncContext.QueueKey())
 		}
 		return nil
-	}).ToController("FakeController", events.NewInMemoryRecorder("fake-controller"))
+	}).ToController("FakeController", events.NewInMemoryRecorder("fake-controller", clocktesting.NewFakePassiveClock(time.Now())))
 
 	go controller.Run(ctx, 1)
 	time.Sleep(1 * time.Second) // Give controller time to start
@@ -214,7 +215,7 @@ func TestControllerScheduled(t *testing.T) {
 	controller := New().ResyncSchedule("@every 1s").WithSync(func(ctx context.Context, controllerContext SyncContext) error {
 		syncCalled <- struct{}{}
 		return nil
-	}).ToController("test", events.NewInMemoryRecorder("fake-controller"))
+	}).ToController("test", events.NewInMemoryRecorder("fake-controller", clocktesting.NewFakePassiveClock(time.Now())))
 
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -256,7 +257,7 @@ func TestControllerSyncAfterStart(t *testing.T) {
 	controller := New().ResyncEvery(10*time.Second).WithSync(func(ctx context.Context, controllerContext SyncContext) error {
 		close(syncCalled)
 		return nil
-	}).ToController("test", events.NewInMemoryRecorder("fake-controller"))
+	}).ToController("test", events.NewInMemoryRecorder("fake-controller", clocktesting.NewFakePassiveClock(time.Now())))
 
 	go controller.Run(context.TODO(), 1)
 	select {
@@ -294,7 +295,7 @@ func TestControllerWithQueueFunction(t *testing.T) {
 			t.Errorf("expected queue key to be 'test/test-secret', got %q", syncContext.QueueKey())
 		}
 		return nil
-	}).ToController("FakeController", events.NewInMemoryRecorder("fake-controller"))
+	}).ToController("FakeController", events.NewInMemoryRecorder("fake-controller", clocktesting.NewFakePassiveClock(time.Now())))
 
 	go controller.Run(ctx, 1)
 	time.Sleep(1 * time.Second) // Give controller time to start

pkg/operator/apiserver/controller/apiservice/apiservice_controller_test.go

@@ -3,6 +3,7 @@ package apiservice
 import (
 	"context"
 	"fmt"
+	clocktesting "k8s.io/utils/clock/testing"
 	"time"
 
 	"sort"
@@ -191,7 +192,7 @@ func TestAvailableStatus(t *testing.T) {
 				kubeAggregatorClient.PrependReactor("*", "apiservices", tc.apiServiceReactor)
 			}
 
-			eventRecorder := events.NewInMemoryRecorder("")
+			eventRecorder := events.NewInMemoryRecorder("", clocktesting.NewFakePassiveClock(time.Now()))
 			fakeOperatorClient := operatorv1helpers.NewFakeOperatorClient(&operatorv1.OperatorSpec{ManagementState: operatorv1.Managed}, &operatorv1.OperatorStatus{}, nil)
 			fakeAuthOperatorIndexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{})
 			{
@@ -281,7 +282,7 @@ func TestDisabledAPIService(t *testing.T) {
 		kubeAggregatorClient.PrependReactor("*", "apiservices", apiServiceReactor)
 	}
 
-	eventRecorder := events.NewInMemoryRecorder("")
+	eventRecorder := events.NewInMemoryRecorder("", clocktesting.NewFakePassiveClock(time.Now()))
 	fakeOperatorClient := operatorv1helpers.NewFakeOperatorClient(&operatorv1.OperatorSpec{ManagementState: operatorv1.Managed}, &operatorv1.OperatorStatus{}, nil)
 	fakeAuthOperatorIndexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{})
 	{

pkg/operator/apiserver/controller/workload/workload_test.go

@@ -3,6 +3,7 @@ package workload
 import (
 	"context"
 	"fmt"
+	clocktesting "k8s.io/utils/clock/testing"
 	"testing"
 	"time"
 
@@ -583,7 +584,7 @@ func TestUpdateOperatorStatus(t *testing.T) {
 				delegate:        delegate,
 			}
 
-			err := target.sync(context.TODO(), factory.NewSyncContext("workloadcontroller_test", events.NewInMemoryRecorder("workloadcontroller_test")))
+			err := target.sync(context.TODO(), factory.NewSyncContext("workloadcontroller_test", events.NewInMemoryRecorder("workloadcontroller_test", clocktesting.NewFakePassiveClock(time.Now()))))
 			if err != nil && len(scenario.errors) == 0 {
 				t.Fatal(err)
 			}

pkg/operator/certrotation/cabundle_test.go

@@ -7,6 +7,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"errors"
+	clocktesting "k8s.io/utils/clock/testing"
 	"math/big"
 	"os"
 	"strings"
@@ -225,7 +226,7 @@ func TestEnsureConfigMapCABundle(t *testing.T) {
 
 				Client:        client.CoreV1(),
 				Lister:        corev1listers.NewConfigMapLister(indexer),
-				EventRecorder: events.NewInMemoryRecorder("test"),
+				EventRecorder: events.NewInMemoryRecorder("test", clocktesting.NewFakePassiveClock(time.Now())),
 			}
 
 			newCA, err := test.caFn()

pkg/operator/certrotation/signer_test.go

@@ -2,6 +2,7 @@ package certrotation
 
 import (
 	"context"
+	clocktesting "k8s.io/utils/clock/testing"
 	"strings"
 	"testing"
 	"time"
@@ -158,7 +159,7 @@ func TestEnsureSigningCertKeyPair(t *testing.T) {
 				Refresh:       12 * time.Hour,
 				Client:        client.CoreV1(),
 				Lister:        corev1listers.NewSecretLister(indexer),
-				EventRecorder: events.NewInMemoryRecorder("test"),
+				EventRecorder: events.NewInMemoryRecorder("test", clocktesting.NewFakePassiveClock(time.Now())),
 				AdditionalAnnotations: AdditionalAnnotations{
 					JiraComponent: "test",
 				},

pkg/operator/certrotation/target_test.go

@@ -3,6 +3,7 @@ package certrotation
 import (
 	"context"
 	"crypto/x509/pkix"
+	clocktesting "k8s.io/utils/clock/testing"
 	"strings"
 	"testing"
 	"time"
@@ -250,7 +251,7 @@ func TestEnsureTargetCertKeyPair(t *testing.T) {
 
 				Client:        client.CoreV1(),
 				Lister:        corev1listers.NewSecretLister(indexer),
-				EventRecorder: events.NewInMemoryRecorder("test"),
+				EventRecorder: events.NewInMemoryRecorder("test", clocktesting.NewFakePassiveClock(time.Now())),
 				AdditionalAnnotations: AdditionalAnnotations{
 					JiraComponent: "test",
 				},
@@ -447,7 +448,7 @@ func TestEnsureTargetSignerCertKeyPair(t *testing.T) {
 
 				Client:        client.CoreV1(),
 				Lister:        corev1listers.NewSecretLister(indexer),
-				EventRecorder: events.NewInMemoryRecorder("test"),
+				EventRecorder: events.NewInMemoryRecorder("test", clocktesting.NewFakePassiveClock(time.Now())),
 			}
 
 			newCA, err := test.caFn()

pkg/operator/configobserver/apiserver/observe_audit_test.go

@@ -2,8 +2,10 @@ package apiserver
 
 import (
 	"fmt"
+	clocktesting "k8s.io/utils/clock/testing"
 	"strings"
 	"testing"
+	"time"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -151,7 +153,7 @@ func TestAuditObserver(t *testing.T) {
 			}
 
 			observer := NewAuditObserver(getter)
-			recorder := events.NewInMemoryRecorder(t.Name())
+			recorder := events.NewInMemoryRecorder(t.Name(), clocktesting.NewFakePassiveClock(time.Now()))
 			for i := 1; i <= 2; i++ {
 				gotConfig, errs := observer(listers, recorder, test.existingConfig)
 

pkg/operator/configobserver/apiserver/observe_cors_test.go

@@ -1,9 +1,11 @@
 package apiserver
 
 import (
+	clocktesting "k8s.io/utils/clock/testing"
 	"reflect"
 	"sort"
 	"testing"
+	"time"
 
 	configv1 "github.com/openshift/api/config/v1"
 	configlistersv1 "github.com/openshift/client-go/config/listers/config/v1"
@@ -72,9 +74,9 @@ func TestObserveAdditionalCORSAllowedOrigins(t *testing.T) {
 				var gotConfig map[string]interface{}
 				var errs []error
 				if useAPIServerArguments {
-					gotConfig, errs = ObserveAdditionalCORSAllowedOriginsToArguments(listers, events.NewInMemoryRecorder(t.Name()), tt.existingConfig)
+					gotConfig, errs = ObserveAdditionalCORSAllowedOriginsToArguments(listers, events.NewInMemoryRecorder(t.Name(), clocktesting.NewFakePassiveClock(time.Now())), tt.existingConfig)
 				} else {
-					gotConfig, errs = ObserveAdditionalCORSAllowedOrigins(listers, events.NewInMemoryRecorder(t.Name()), tt.existingConfig)
+					gotConfig, errs = ObserveAdditionalCORSAllowedOrigins(listers, events.NewInMemoryRecorder(t.Name(), clocktesting.NewFakePassiveClock(time.Now())), tt.existingConfig)
 				}
 				if len(errs) > 0 {
 					t.Errorf("expected no errors, got %v", errs)