From 376f5c474c3acb5b9fc37b26f2598274697779ca Mon Sep 17 00:00:00 2001 From: AWS Controllers for Kubernetes Bot <82905295+ack-bot@users.noreply.github.com> Date: Thu, 15 Jun 2023 12:58:46 -0600 Subject: [PATCH] Update to ACK runtime `v0.26.0`, code-generator `v0.26.1` (#64) Co-authored-by: ci-robot --- apis/v1alpha1/ack-generate-metadata.yaml | 6 +- cmd/controller/main.go | 9 +- config/controller/deployment.yaml | 3 + config/controller/kustomization.yaml | 2 +- go.mod | 2 +- go.sum | 4 +- helm/Chart.yaml | 4 +- helm/templates/NOTES.txt | 2 +- helm/templates/_helpers.tpl | 2 +- helm/templates/deployment.yaml | 3 + helm/values.schema.json | 3 + helm/values.yaml | 8 +- pkg/resource/broker/references.go | 130 +++++++++++++---------- pkg/resource/broker/resource.go | 2 +- 14 files changed, 109 insertions(+), 71 deletions(-) diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index 2d74e2e..075a0ac 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,8 +1,8 @@ ack_generate_info: - build_date: "2023-03-22T22:09:13Z" - build_hash: fa24753ea8b657d8815ae3eac7accd0958f5f9fb + build_date: "2023-05-15T22:59:25Z" + build_hash: 8f3ba427974fd6e769926778d54834eaee3b81a3 go_version: go1.19 - version: v0.25.0 + version: v0.26.1 api_directory_checksum: 4f7fb701a99ba2779fc1f32a9038e16d190b07ff api_version: v1alpha1 aws_sdk_go_version: v1.44.93 diff --git a/cmd/controller/main.go b/cmd/controller/main.go index 9b11010..2abb93c 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -28,6 +28,7 @@ import ( svcsdk "github.com/aws/aws-sdk-go/service/mq" flag "github.com/spf13/pflag" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" clientgoscheme "k8s.io/client-go/kubernetes/scheme" ctrlrt "sigs.k8s.io/controller-runtime" ctrlrtmetrics "sigs.k8s.io/controller-runtime/pkg/metrics" @@ -62,7 +63,13 @@ func main() { flag.Parse() ackCfg.SetupLogger() - if err := ackCfg.Validate(); err != nil { + managerFactories := svcresource.GetManagerFactories() + resourceGVKs := make([]schema.GroupVersionKind, 0, len(managerFactories)) + for _, mf := range managerFactories { + resourceGVKs = append(resourceGVKs, mf.ResourceDescriptor().GroupVersionKind()) + } + + if err := ackCfg.Validate(ackcfg.WithGVKs(resourceGVKs)); err != nil { setupLog.Error( err, "Unable to create controller manager", "aws.service", awsServiceAlias, diff --git a/config/controller/deployment.yaml b/config/controller/deployment.yaml index 74f1d2b..72c2513 100644 --- a/config/controller/deployment.yaml +++ b/config/controller/deployment.yaml @@ -73,6 +73,9 @@ spec: capabilities: drop: - ALL + securityContext: + seccompProfile: + type: RuntimeDefault terminationGracePeriodSeconds: 10 serviceAccountName: ack-mq-controller hostIPC: false diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index 29fc088..1edc9d0 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/mq-controller - newTag: v0.0.27 + newTag: 0.0.28 diff --git a/go.mod b/go.mod index 95e3719..208afac 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/aws-controllers-k8s/ec2-controller v0.0.21 - github.com/aws-controllers-k8s/runtime v0.25.0 + github.com/aws-controllers-k8s/runtime v0.26.0 github.com/aws/aws-sdk-go v1.44.93 github.com/go-logr/logr v1.2.3 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index ad00d70..e303afa 100644 --- a/go.sum +++ b/go.sum @@ -40,8 +40,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/aws-controllers-k8s/ec2-controller v0.0.21 h1:5O7/9aED2Tl9OT0TL2rWrc1Ix5V1UxYEgDKAhvFhPJQ= github.com/aws-controllers-k8s/ec2-controller v0.0.21/go.mod h1:OMsmJeJ3iQZ1sJgs3hqnjBRnJ3hmTzJUO38W5rxnB5M= -github.com/aws-controllers-k8s/runtime v0.25.0 h1:6SYa8qmbw+Yil5/LodF7LmIGxBhpjz4QEIvNjpeRuoc= -github.com/aws-controllers-k8s/runtime v0.25.0/go.mod h1:jizDzKikL09cueIuA9ZxoZ+4pfn5U7oKW5s/ZAqOA6E= +github.com/aws-controllers-k8s/runtime v0.26.0 h1:XKqygFzHSBtM74Ov9IroZbyCVeYei9Eskp4aKbJ2SFw= +github.com/aws-controllers-k8s/runtime v0.26.0/go.mod h1:jizDzKikL09cueIuA9ZxoZ+4pfn5U7oKW5s/ZAqOA6E= github.com/aws/aws-sdk-go v1.44.93 h1:hAgd9fuaptBatSft27/5eBMdcA8+cIMqo96/tZ6rKl8= github.com/aws/aws-sdk-go v1.44.93/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= diff --git a/helm/Chart.yaml b/helm/Chart.yaml index afcdf88..e082a40 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: mq-chart description: A Helm chart for the ACK service controller for Amazon MQ (MQ) -version: v0.0.27 -appVersion: v0.0.27 +version: 0.0.28 +appVersion: 0.0.28 home: https://github.com/aws-controllers-k8s/mq-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index 2970381..f9132d6 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/mq-controller:v0.0.27". +This chart deploys "public.ecr.aws/aws-controllers-k8s/mq-controller:0.0.28". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 973704c..391d5de 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -33,7 +33,7 @@ If release name contains chart name it will be used as a full name. {{- define "watch-namespace" -}} {{- if eq .Values.installScope "namespace" -}} -{{- .Release.Namespace -}} +{{ .Values.watchNamespace | default .Release.Namespace }} {{- end -}} {{- end -}} diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index b3c0ede..7504a61 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -116,6 +116,9 @@ spec: capabilities: drop: - ALL + securityContext: + seccompProfile: + type: RuntimeDefault terminationGracePeriodSeconds: 10 nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} {{ if .Values.deployment.tolerations -}} diff --git a/helm/values.schema.json b/helm/values.schema.json index d5a8d35..79fd18c 100644 --- a/helm/values.schema.json +++ b/helm/values.schema.json @@ -196,6 +196,9 @@ "type": "string", "enum": ["cluster", "namespace"] }, + "watchNamespace": { + "type": "string" + }, "resourceTags": { "type": "array", "items": { diff --git a/helm/values.yaml b/helm/values.yaml index 148c075..fba278b 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/mq-controller - tag: v0.0.27 + tag: 0.0.28 pullPolicy: IfNotPresent pullSecrets: [] @@ -31,7 +31,7 @@ deployment: # If "installScope: cluster" then these labels will be applied to ClusterRole role: - labels: {} + labels: {} metrics: service: @@ -72,6 +72,10 @@ log: # cluster wide. installScope: cluster +# Set the value of the "namespace" to be watched by the controller +# This value is only used when the `installScope` is set to "namespace". If left empty, the default value is the release namespace for the chart. +watchNamespace: "" + resourceTags: # Configures the ACK service controller to always set key/value pairs tags on # resources that it manages. diff --git a/pkg/resource/broker/references.go b/pkg/resource/broker/references.go index 44562fd..7007009 100644 --- a/pkg/resource/broker/references.go +++ b/pkg/resource/broker/references.go @@ -25,7 +25,6 @@ import ( ec2apitypes "github.com/aws-controllers-k8s/ec2-controller/apis/v1alpha1" ackv1alpha1 "github.com/aws-controllers-k8s/runtime/apis/core/v1alpha1" - ackcondition "github.com/aws-controllers-k8s/runtime/pkg/condition" ackerr "github.com/aws-controllers-k8s/runtime/pkg/errors" acktypes "github.com/aws-controllers-k8s/runtime/pkg/types" @@ -38,83 +37,99 @@ import ( // +kubebuilder:rbac:groups=ec2.services.k8s.aws,resources=subnets,verbs=get;list // +kubebuilder:rbac:groups=ec2.services.k8s.aws,resources=subnets/status,verbs=get;list +// ClearResolvedReferences removes any reference values that were made +// concrete in the spec. It returns a copy of the input AWSResource which +// contains the original *Ref values, but none of their respective concrete +// values. +func (rm *resourceManager) ClearResolvedReferences(res acktypes.AWSResource) acktypes.AWSResource { + ko := rm.concreteResource(res).ko.DeepCopy() + + if len(ko.Spec.SecurityGroupRefs) > 0 { + ko.Spec.SecurityGroups = nil + } + + if len(ko.Spec.SubnetRefs) > 0 { + ko.Spec.SubnetIDs = nil + } + + return &resource{ko} +} + // ResolveReferences finds if there are any Reference field(s) present -// inside AWSResource passed in the parameter and attempts to resolve -// those reference field(s) into target field(s). -// It returns an AWSResource with resolved reference(s), and an error if the -// passed AWSResource's reference field(s) cannot be resolved. -// This method also adds/updates the ConditionTypeReferencesResolved for the -// AWSResource. +// inside AWSResource passed in the parameter and attempts to resolve those +// reference field(s) into their respective target field(s). It returns a +// copy of the input AWSResource with resolved reference(s), a boolean which +// is set to true if the resource contains any references (regardless of if +// they are resolved successfully) and an error if the passed AWSResource's +// reference field(s) could not be resolved. func (rm *resourceManager) ResolveReferences( ctx context.Context, apiReader client.Reader, res acktypes.AWSResource, -) (acktypes.AWSResource, error) { +) (acktypes.AWSResource, bool, error) { namespace := res.MetaObject().GetNamespace() - ko := rm.concreteResource(res).ko.DeepCopy() + ko := rm.concreteResource(res).ko + + resourceHasReferences := false err := validateReferenceFields(ko) - if err == nil { - err = resolveReferenceForSecurityGroups(ctx, apiReader, namespace, ko) - } - if err == nil { - err = resolveReferenceForSubnetIDs(ctx, apiReader, namespace, ko) + if fieldHasReferences, err := rm.resolveReferenceForSecurityGroups(ctx, apiReader, namespace, ko); err != nil { + return &resource{ko}, (resourceHasReferences || fieldHasReferences), err + } else { + resourceHasReferences = resourceHasReferences || fieldHasReferences } - // If there was an error while resolving any reference, reset all the - // resolved values so that they do not get persisted inside etcd - if err != nil { - ko = rm.concreteResource(res).ko.DeepCopy() + if fieldHasReferences, err := rm.resolveReferenceForSubnetIDs(ctx, apiReader, namespace, ko); err != nil { + return &resource{ko}, (resourceHasReferences || fieldHasReferences), err + } else { + resourceHasReferences = resourceHasReferences || fieldHasReferences } - if hasNonNilReferences(ko) { - return ackcondition.WithReferencesResolvedCondition(&resource{ko}, err) - } - return &resource{ko}, err + + return &resource{ko}, resourceHasReferences, err } // validateReferenceFields validates the reference field and corresponding // identifier field. func validateReferenceFields(ko *svcapitypes.Broker) error { - if ko.Spec.SecurityGroupRefs != nil && ko.Spec.SecurityGroups != nil { + + if len(ko.Spec.SecurityGroupRefs) > 0 && len(ko.Spec.SecurityGroups) > 0 { return ackerr.ResourceReferenceAndIDNotSupportedFor("SecurityGroups", "SecurityGroupRefs") } - if ko.Spec.SubnetRefs != nil && ko.Spec.SubnetIDs != nil { + + if len(ko.Spec.SubnetRefs) > 0 && len(ko.Spec.SubnetIDs) > 0 { return ackerr.ResourceReferenceAndIDNotSupportedFor("SubnetIDs", "SubnetRefs") } return nil } -// hasNonNilReferences returns true if resource contains a reference to another -// resource -func hasNonNilReferences(ko *svcapitypes.Broker) bool { - return false || (ko.Spec.SecurityGroupRefs != nil) || (ko.Spec.SubnetRefs != nil) -} - // resolveReferenceForSecurityGroups reads the resource referenced // from SecurityGroupRefs field and sets the SecurityGroups -// from referenced resource -func resolveReferenceForSecurityGroups( +// from referenced resource. Returns a boolean indicating whether a reference +// contains references, or an error +func (rm *resourceManager) resolveReferenceForSecurityGroups( ctx context.Context, apiReader client.Reader, namespace string, ko *svcapitypes.Broker, -) error { - if len(ko.Spec.SecurityGroupRefs) > 0 { - resolved0 := []*string{} - for _, iter0 := range ko.Spec.SecurityGroupRefs { - arr := iter0.From - if arr == nil || arr.Name == nil || *arr.Name == "" { - return fmt.Errorf("provided resource reference is nil or empty: SecurityGroupRefs") +) (hasReferences bool, err error) { + for _, f0iter := range ko.Spec.SecurityGroupRefs { + if f0iter != nil && f0iter.From != nil { + hasReferences = true + arr := f0iter.From + if arr.Name == nil || *arr.Name == "" { + return hasReferences, fmt.Errorf("provided resource reference is nil or empty: SecurityGroupRefs") } obj := &ec2apitypes.SecurityGroup{} if err := getReferencedResourceState_SecurityGroup(ctx, apiReader, obj, *arr.Name, namespace); err != nil { - return err + return hasReferences, err + } + if ko.Spec.SecurityGroups == nil { + ko.Spec.SecurityGroups = make([]*string, 0, 1) } - resolved0 = append(resolved0, (*string)(obj.Status.ID)) + ko.Spec.SecurityGroups = append(ko.Spec.SecurityGroups, (*string)(obj.Status.ID)) } - ko.Spec.SecurityGroups = resolved0 } - return nil + return hasReferences, nil } // getReferencedResourceState_SecurityGroup looks up whether a referenced resource @@ -170,30 +185,33 @@ func getReferencedResourceState_SecurityGroup( // resolveReferenceForSubnetIDs reads the resource referenced // from SubnetRefs field and sets the SubnetIDs -// from referenced resource -func resolveReferenceForSubnetIDs( +// from referenced resource. Returns a boolean indicating whether a reference +// contains references, or an error +func (rm *resourceManager) resolveReferenceForSubnetIDs( ctx context.Context, apiReader client.Reader, namespace string, ko *svcapitypes.Broker, -) error { - if len(ko.Spec.SubnetRefs) > 0 { - resolved0 := []*string{} - for _, iter0 := range ko.Spec.SubnetRefs { - arr := iter0.From - if arr == nil || arr.Name == nil || *arr.Name == "" { - return fmt.Errorf("provided resource reference is nil or empty: SubnetRefs") +) (hasReferences bool, err error) { + for _, f0iter := range ko.Spec.SubnetRefs { + if f0iter != nil && f0iter.From != nil { + hasReferences = true + arr := f0iter.From + if arr.Name == nil || *arr.Name == "" { + return hasReferences, fmt.Errorf("provided resource reference is nil or empty: SubnetRefs") } obj := &ec2apitypes.Subnet{} if err := getReferencedResourceState_Subnet(ctx, apiReader, obj, *arr.Name, namespace); err != nil { - return err + return hasReferences, err + } + if ko.Spec.SubnetIDs == nil { + ko.Spec.SubnetIDs = make([]*string, 0, 1) } - resolved0 = append(resolved0, (*string)(obj.Status.SubnetID)) + ko.Spec.SubnetIDs = append(ko.Spec.SubnetIDs, (*string)(obj.Status.SubnetID)) } - ko.Spec.SubnetIDs = resolved0 } - return nil + return hasReferences, nil } // getReferencedResourceState_Subnet looks up whether a referenced resource diff --git a/pkg/resource/broker/resource.go b/pkg/resource/broker/resource.go index 1ef9990..186d0c9 100644 --- a/pkg/resource/broker/resource.go +++ b/pkg/resource/broker/resource.go @@ -45,7 +45,7 @@ func (r *resource) Identifiers() acktypes.AWSResourceIdentifiers { } // IsBeingDeleted returns true if the Kubernetes resource has a non-zero -// deletion timestemp +// deletion timestamp func (r *resource) IsBeingDeleted() bool { return !r.ko.DeletionTimestamp.IsZero() }