Skip to content
This repository has been archived by the owner on Nov 20, 2021. It is now read-only.

Commit

Permalink
Add RBAC for infrastructureproviders, update machine-api to v1.0.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@ChrisRx
ChrisRx committed Oct 16, 2020
1 parent 0aa0b1d commit a7f0409
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 60 deletions.
9 changes: 9 additions & 0 deletions config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,15 @@ rules:
- get
- list
- watch
- apiGroups:
- machine.crit.sh
resources:
- infrastructureproviders
- infrastructureproviders/status
verbs:
- get
- list
- watch
- apiGroups:
- machine.crit.sh
resources:
Expand Down
116 changes: 67 additions & 49 deletions controllers/dockerinfrastructureprovider_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ import (
"context"
"encoding/json"

cinderapi "github.com/criticalstack/crit/cmd/cinder/api"
"github.com/criticalstack/machine-api/util"
"github.com/go-logr/logr"
"github.com/go-openapi/spec"
corev1 "k8s.io/api/core/v1"
Expand All @@ -36,8 +38,6 @@ import (
"github.com/criticalstack/machine-api-provider-docker/api/v1alpha1"
)

const OpenAPISchemaSecretName = "config-schema"

// DockerMachineReconciler reconciles a DockerMachine object
type DockerInfrastructureProviderReconciler struct {
client.Client
Expand All @@ -56,6 +56,70 @@ func (r *DockerInfrastructureProviderReconciler) SetupWithManager(mgr ctrl.Manag
Complete(r)
}

// +kubebuilder:rbac:groups=infrastructure.crit.sh,resources=dockerinfrastructureproviders,verbs=get;list;watch
// +kubebuilder:rbac:groups=infrastructure.crit.sh,resources=dockerinfrastructureproviders/status,verbs=create;update
// +kubebuilder:rbac:groups=machine.crit.sh,resources=infrastructureproviders;infrastructureproviders/status,verbs=get;list;watch
// +kubebuilder:rbac:groups=,resources=secrets,verbs=*

func (r *DockerInfrastructureProviderReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, reterr error) {
ctx := context.Background()
log := r.Log.WithValues("dockerinfrastructureprovider", req.NamespacedName)

ip := &v1alpha1.DockerInfrastructureProvider{}
if err := r.Get(ctx, req.NamespacedName, ip); err != nil {
if apierrors.IsNotFound(err) {
return ctrl.Result{}, nil
}
return ctrl.Result{}, err
}

ipOwner, err := util.GetOwnerInfrastructureProvider(ctx, r.Client, ip.ObjectMeta)
if err != nil {
return ctrl.Result{}, err
}
if ipOwner == nil {
log.Info("InfrastructureProvider Controller has not yet set OwnerRef")
return ctrl.Result{}, nil
}

log = log.WithValues("infrastructureprovider", ipOwner.Name)

s := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: OpenAPISchemaSecretName,
Namespace: ip.Namespace,
},
}
if err := r.Get(ctx, client.ObjectKey{Name: s.Name, Namespace: s.Namespace}, s); client.IgnoreNotFound(err) != nil {
return ctrl.Result{}, err
}

ip.Status.Ready = !s.GetCreationTimestamp().Time.IsZero() // ready if secret already exists
ip.Status.LastUpdated = metav1.Now()
defer func() {
if err := r.Status().Update(ctx, ip); err != nil {
log.Error(err, "failed to update provider status")
}
}()

b, err := json.Marshal(schema)
if err != nil {
return ctrl.Result{}, err
}

if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, s, func() error {
s.Data = map[string][]byte{"schema": b}
return controllerutil.SetControllerReference(ip, s, r.Scheme)
}); err != nil {
return ctrl.Result{}, err
}

ip.Status.Ready = true
return ctrl.Result{}, nil
}

const OpenAPISchemaSecretName = "config-schema"

var schema = spec.Schema{
SchemaProps: spec.SchemaProps{
Type: spec.StringOrArray{"object"},
Expand Down Expand Up @@ -96,7 +160,7 @@ var schema = spec.Schema{
SchemaProps: spec.SchemaProps{
Type: spec.StringOrArray{"string"},
Description: "container image to use",
Default: "criticalstack/cinder:v1.0.0-beta.10",
Default: cinderapi.DefaultNodeImage,
},
},
"containerName": {
Expand All @@ -121,49 +185,3 @@ var schema = spec.Schema{
Required: []string{"apiVersion", "kind"},
},
}

// +kubebuilder:rbac:groups=infrastructure.crit.sh,resources=dockerinfrastructureproviders,verbs=get;list;watch
// +kubebuilder:rbac:groups=infrastructure.crit.sh,resources=dockerinfrastructureproviders/status,verbs=create;update
// +kubebuilder:rbac:groups=,resources=secrets,verbs=*

func (r *DockerInfrastructureProviderReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, reterr error) {
ctx := context.Background()
log := r.Log.WithValues("dockerinfrastructureprovider", req.NamespacedName)

ip := &v1alpha1.DockerInfrastructureProvider{}
if err := r.Get(ctx, req.NamespacedName, ip); err != nil {
if apierrors.IsNotFound(err) {
return ctrl.Result{}, nil
}
return ctrl.Result{}, err
}

var s corev1.Secret
s.SetName(OpenAPISchemaSecretName)
s.SetNamespace(ip.Namespace)
if err := r.Get(ctx, client.ObjectKey{Name: s.Name, Namespace: s.Namespace}, &s); client.IgnoreNotFound(err) != nil {
return ctrl.Result{}, err
}

ip.Status.Ready = !s.GetCreationTimestamp().Time.IsZero() // ready if secret already exists
ip.Status.LastUpdated = metav1.Now()
defer func() {
if err := r.Status().Update(ctx, ip); err != nil {
log.Error(err, "failed to update provider status")
}
}()
b, err := json.Marshal(schema)
if err != nil {
return ctrl.Result{}, err
}

if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, &s, func() error {
s.Data = map[string][]byte{"schema": b}
return controllerutil.SetControllerReference(ip, &s, r.Scheme)
}); err != nil {
return ctrl.Result{}, err
}

ip.Status.Ready = true
return ctrl.Result{}, nil
}
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.14

require (
github.com/criticalstack/crit v1.0.3
github.com/criticalstack/machine-api v1.0.0
github.com/criticalstack/machine-api v1.0.1
github.com/go-logr/logr v0.1.0
github.com/go-openapi/spec v0.19.3
github.com/onsi/ginkgo v1.12.1
Expand Down
12 changes: 2 additions & 10 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,18 +84,11 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/criticalstack/crit v1.0.0-beta.4/go.mod h1:ULOKHjqXNtCGg4sH46kYxTBje0P9mgkpV8forMVxhGk=
github.com/criticalstack/crit v1.0.0-beta.8 h1:Eg3Rm42LVwXo77J1blDwSuhQVsjCGTfzC5sWUWfJy/8=
github.com/criticalstack/crit v1.0.0-beta.8/go.mod h1:ULOKHjqXNtCGg4sH46kYxTBje0P9mgkpV8forMVxhGk=
github.com/criticalstack/crit v1.0.3 h1:1I/xyXzazV3d9u2Bg/NguqYiArNLwAQWSkWSnBM0Sgw=
github.com/criticalstack/crit v1.0.3/go.mod h1:ULOKHjqXNtCGg4sH46kYxTBje0P9mgkpV8forMVxhGk=
github.com/criticalstack/e2d v0.4.14/go.mod h1:Bxbt5zWKhtA81n/YibGi8dlOdTVjNuBzy2zkbjJBf98=
github.com/criticalstack/machine-api v0.1.2 h1:jEwvqoFzKPwBLxqbxLh2eUJB0gTQGVaxHVdbzRW9YZc=
github.com/criticalstack/machine-api v0.1.2/go.mod h1:kZG0Nn4bvefSvXR5c59i8uZhsrFN8QCqlrTbWK1enGg=
github.com/criticalstack/machine-api v0.1.3 h1:KB/ZDSaADG7+BTrADJMpYrAHsJ8fuuhdbK25XWgUA18=
github.com/criticalstack/machine-api v0.1.3/go.mod h1:9q7YROKFl0NwEeO9wMY5IG7zWqBTYJ7331+JhAjxF6U=
github.com/criticalstack/machine-api v1.0.0 h1:tE7SlfmJT6tSOX0NVu/G5PIhWEjp9Sqte1zQwtbXkWQ=
github.com/criticalstack/machine-api v1.0.0/go.mod h1:yrAmVXEoPnjNKtB+zz3/Hslqk5ewOm9HOM52xbfeMtg=
github.com/criticalstack/machine-api v1.0.1 h1:6dXUYX+ZXNsDGI1xfWyvUXJ8rAMbliOVg0t5G3tbbkQ=
github.com/criticalstack/machine-api v1.0.1/go.mod h1:yrAmVXEoPnjNKtB+zz3/Hslqk5ewOm9HOM52xbfeMtg=
github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E=
github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand Down Expand Up @@ -747,7 +740,6 @@ k8s.io/metrics v0.18.2/go.mod h1:qga8E7QfYNR9Q89cSCAjinC9pTZ7yv1XSVGUB0vJypg=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
k8s.io/utils v0.0.0-20200229041039-0a110f9eb7ab/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
k8s.io/utils v0.0.0-20200414100711-2df71ebbae66/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
k8s.io/utils v0.0.0-20200619165400-6e3d28b6ed19 h1:7Nu2dTj82c6IaWvL7hImJzcXoTPz1MsSCH7r+0m6rfo=
k8s.io/utils v0.0.0-20200619165400-6e3d28b6ed19/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
Expand Down

0 comments on commit a7f0409

Please sign in to comment.