Support multinamespace informer filtering

tektoncd · Jul 2, 2024 · d736054 · d736054
1 parent 4929c41
commit d736054
Show file tree

Hide file tree

Showing 7 changed files with 361 additions and 88 deletions.
diff --git a/cmd/controller/main.go b/cmd/controller/main.go
@@ -15,6 +15,9 @@ package main
 
 import (
 	"flag"
+	"fmt"
+	"regexp"
+	"strings"
 
 	"github.com/tektoncd/chains/pkg/reconciler/pipelinerun"
 	"github.com/tektoncd/chains/pkg/reconciler/taskrun"
@@ -41,7 +44,18 @@ import (
 
 func main() {
 	flag.IntVar(&controller.DefaultThreadsPerController, "threads-per-controller", controller.DefaultThreadsPerController, "Threads (goroutines) to create per controller")
-	namespace := flag.String("namespace", "", "Namespace to restrict informer to. Optional, defaults to all namespaces.")
+	namespaceList := flag.String("namespaces", "", "Comma-separated list of namespaces to restrict informer to. Optional, if empty defaults to all namespaces.")
+	flag.Parse()
+
+	var namespaces []string
+	if *namespaceList != "" {
+		// Remove any whitespace from the namespaces string
+		space := regexp.MustCompile(`\s+`)
+		namespaces = strings.Split(space.ReplaceAllString(*namespaceList, ""), ",")
+		fmt.Printf("controller is scopped to the following namespaces: %s\n", namespaces)
+	} else {
+		namespaces = nil // Default to all namespaces if the list is empty
+	}
 
 	// This also calls flag.Parse().
 	cfg := injection.ParseAndGetRESTConfigOrDie()
@@ -57,8 +71,7 @@ func main() {
 	cfg.QPS = 2 * cfg.QPS
 	cfg.Burst = 2 * cfg.Burst
 
-	flag.Parse()
-	ctx := injection.WithNamespaceScope(signals.NewContext(), *namespace)
+	ctx := injection.WithNamespaceScope(signals.NewContext(), "")
 
-	sharedmain.MainWithConfig(ctx, "watcher", cfg, taskrun.NewController, pipelinerun.NewController)
+	sharedmain.MainWithConfig(ctx, "watcher", cfg, taskrun.NewNamespacesScoppedController(namespaces), pipelinerun.NewNamespacesScoppedController(namespaces))
 }
diff --git a/pkg/reconciler/filter.go b/pkg/reconciler/filter.go
@@ -0,0 +1,80 @@
+/*
+Copyright 2024 The Tekton Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package reconciler
+
+import (
+	v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
+	"knative.dev/pkg/controller"
+)
+
+// PipelineRunInformerFilterFunc returns a filter function
+// for PipelineRuns ensuring PipelineRuns are filtered by list of namespaces membership
+func PipelineRunInformerFilterFunc(namespaces []string) func(obj interface{}) bool {
+	return func(obj interface{}) bool {
+		// Namespace filter
+		if len(namespaces) == 0 {
+			return true
+		}
+		if pr, ok := obj.(*v1.PipelineRun); ok {
+			for _, ns := range namespaces {
+				if pr.Namespace == ns {
+					return true
+				}
+			}
+		}
+		return false
+	}
+}
+
+// TaskRunInformerFilterFunc returns a filter function
+// for TaskRuns ensuring TaskRuns are filtered by list of namespaces membership
+func TaskRunInformerFilterFunc(namespaces []string) func(obj interface{}) bool {
+	return func(obj interface{}) bool {
+		// Namespace filter
+		if len(namespaces) == 0 {
+			return true
+		}
+		if tr, ok := obj.(*v1.TaskRun); ok {
+			for _, ns := range namespaces {
+				if tr.Namespace == ns {
+					return true
+				}
+			}
+		}
+		return false
+	}
+}
+
+// TaskRunInformerFilterFuncWithOwnership returns a filter function
+// for TaskRuns ensuring Ownership by a PipelineRun and filtered by list of namespaces membership and
+func TaskRunInformerFilterFuncWithOwnership(namespaces []string) func(obj interface{}) bool {
+	return func(obj interface{}) bool {
+		// Ownership filter
+		if !controller.FilterController(&v1.PipelineRun{})(obj) {
+			return false
+		}
+		// Namespace filter
+		if len(namespaces) == 0 {
+			return true
+		}
+		if tr, ok := obj.(*v1.TaskRun); ok {
+			for _, ns := range namespaces {
+				if tr.Namespace == ns {
+					return true
+				}
+			}
+		}
+		return false
+	}
+}
diff --git a/pkg/reconciler/filter_test.go b/pkg/reconciler/filter_test.go
@@ -0,0 +1,161 @@
+package reconciler
+
+import (
+	"testing"
+
+	v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// TestPipelineRunInformerFilterFunc tests the PipelineRunInformerFilterFunc
+// nolint
+func TestPipelineRunInformerFilterFunc(t *testing.T) {
+	tests := []struct {
+		name       string
+		namespaces []string
+		obj        interface{}
+		expected   bool
+	}{
+		{
+			name:       "Empty namespaces, should match",
+			namespaces: []string{},
+			obj:        &v1.PipelineRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   true,
+		},
+		{
+			name:       "Matching namespace",
+			namespaces: []string{"default", "test"},
+			obj:        &v1.PipelineRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   true,
+		},
+		{
+			name:       "Non-matching namespace",
+			namespaces: []string{"test"},
+			obj:        &v1.PipelineRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   false,
+		},
+		{
+			name:       "Non PipelineRun object",
+			namespaces: []string{"default"},
+			obj:        &v1.TaskRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			filterFunc := PipelineRunInformerFilterFunc(tt.namespaces)
+			result := filterFunc(tt.obj)
+			if result != tt.expected {
+				t.Errorf("Reconciler.PipelineRunInformerFilterFunc() result = %v, wanted %v", result, tt.expected)
+			}
+		})
+	}
+}
+
+// TestTaskRunInformerFilterFunc tests the TaskRunInformerFilterFunc
+// nolint
+func TestTaskRunInformerFilterFunc(t *testing.T) {
+	tests := []struct {
+		name       string
+		namespaces []string
+		obj        interface{}
+		expected   bool
+	}{
+		{
+			name:       "Empty namespaces, should match",
+			namespaces: []string{},
+			obj:        &v1.TaskRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   true,
+		},
+		{
+			name:       "Matching namespace",
+			namespaces: []string{"default", "test"},
+			obj:        &v1.TaskRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   true,
+		},
+		{
+			name:       "Non-matching namespace",
+			namespaces: []string{"test"},
+			obj:        &v1.TaskRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   false,
+		},
+		{
+			name:       "Non TaskRun object",
+			namespaces: []string{"default"},
+			obj:        &v1.PipelineRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			filterFunc := TaskRunInformerFilterFunc(tt.namespaces)
+			result := filterFunc(tt.obj)
+			if result != tt.expected {
+				t.Errorf("Reconciler.TaskRunInformerFilterFunc() result = %v, wanted %v", result, tt.expected)
+			}
+		})
+	}
+}
+
+// TestTaskRunInformerFilterFuncWithOwnership tests the TaskRunInformerFilterFuncWithOwnership
+func TestTaskRunInformerFilterFuncWithOwnership(t *testing.T) {
+	boolValue := true
+	tests := []struct {
+		name       string
+		namespaces []string
+		obj        interface{}
+		expected   bool
+	}{
+		{
+			name:       "Empty namespaces and ownership, should match",
+			namespaces: []string{},
+			obj: &v1.TaskRun{ObjectMeta: metav1.ObjectMeta{
+				Namespace: "default",
+				OwnerReferences: []metav1.OwnerReference{
+					{APIVersion: "tekton.dev/v1", Kind: "PipelineRun", Controller: &boolValue},
+				},
+			}},
+			expected: true,
+		},
+		{
+			name:       "Matching namespace and ownership",
+			namespaces: []string{"default", "test"},
+			obj: &v1.TaskRun{ObjectMeta: metav1.ObjectMeta{
+				Namespace: "default",
+				OwnerReferences: []metav1.OwnerReference{
+					{APIVersion: "tekton.dev/v1", Kind: "PipelineRun", Controller: &boolValue},
+				},
+			}},
+			expected: true,
+		},
+		{
+			name:       "Non-matching namespace and ownership",
+			namespaces: []string{"test"},
+			obj: &v1.TaskRun{ObjectMeta: metav1.ObjectMeta{
+				Namespace: "default",
+				OwnerReferences: []metav1.OwnerReference{
+					{APIVersion: "tekton.dev/v1", Kind: "PipelineRun", Controller: &boolValue},
+				},
+			}},
+			expected: false,
+		},
+		{
+			name:       "No ownership",
+			namespaces: []string{"default"},
+			obj:        &v1.TaskRun{ObjectMeta: metav1.ObjectMeta{Namespace: "default"}},
+			expected:   false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			filterFunc := TaskRunInformerFilterFuncWithOwnership(tt.namespaces)
+			result := filterFunc(tt.obj)
+			if result != tt.expected {
+				t.Errorf("Reconciler.TaskRunInformerFilterFuncWithOwnership() result = %v, wanted %v", result, tt.expected)
+			}
+		})
+	}
+}