reconcile: determine drift in cluster

This allows `DetermineReleaseState` to determine if the cluster state has drifted from the manifest defined in the Helm storage. This allows the atomic reconciler to determine if an upgrade should happen based on the configuration of the `HelmRelease`. If drift detection is `enabled` (or set to `warn`), it will report drift via the controller logs and a Kubernetes Event. In addition, when correction is enabled, it will instruct to perform a Helm upgrade to correct the drift. To summarize the detected drift in a compact message, summarize utilities have been introduced to the `diff` package. Signed-off-by: Hidde Beydals <hidde@hhh.computer>
fluxcd · Nov 24, 2023 · dec780d · dec780d
1 parent dd9d3c0
commit dec780d
Show file tree

Hide file tree

Showing 6 changed files with 670 additions and 14 deletions.
diff --git a/internal/diff/summarize.go b/internal/diff/summarize.go
@@ -0,0 +1,164 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package diff
+
+import (
+	"fmt"
+	"strings"
+
+	extjsondiff "github.com/wI2L/jsondiff"
+
+	"github.com/fluxcd/pkg/ssa/jsondiff"
+)
+
+// DefaultDiffTypes is the default set of jsondiff.DiffType types to include in
+// summaries.
+var DefaultDiffTypes = []jsondiff.DiffType{
+	jsondiff.DiffTypeCreate,
+	jsondiff.DiffTypeUpdate,
+	jsondiff.DiffTypeExclude,
+}
+
+// SummarizeDiffSet returns a summary of the given DiffSet, including only
+// the given jsondiff.DiffType types. If no types are given, the
+// DefaultDiffTypes set is used.
+//
+// The summary is a string with one line per Diff, in the format:
+// `Kind/namespace/name: <summary>`
+//
+// Where summary is one of:
+//
+//   - unchanged
+//   - removed
+//   - excluded
+//   - changed (x added, y changed, z removed)
+//
+// For example:
+//
+//	Deployment/default/hello-world: changed (1 added, 1 changed, 1 removed)
+//	Deployment/default/hello-world2: removed
+//	Deployment/default/hello-world3: excluded
+//	Deployment/default/hello-world4: unchanged
+func SummarizeDiffSet(set jsondiff.DiffSet, include ...jsondiff.DiffType) string {
+	if include == nil {
+		include = DefaultDiffTypes
+	}
+
+	var summary strings.Builder
+	for _, diff := range set {
+		if diff == nil || !typeInSlice(diff.Type, include) {
+			continue
+		}
+
+		switch diff.Type {
+		case jsondiff.DiffTypeNone:
+			writeResourceName(diff, &summary)
+			summary.WriteString(" unchanged\n")
+		case jsondiff.DiffTypeCreate:
+			writeResourceName(diff, &summary)
+			summary.WriteString(" removed\n")
+		case jsondiff.DiffTypeExclude:
+			writeResourceName(diff, &summary)
+			summary.WriteString(" excluded\n")
+		case jsondiff.DiffTypeUpdate:
+			writeResourceName(diff, &summary)
+			added, changed, removed := summarizeUpdate(diff)
+			summary.WriteString(fmt.Sprintf(" changed (%d additions, %d changes, %d removals)\n", added, changed, removed))
+		}
+	}
+	return strings.TrimSpace(summary.String())
+}
+
+// SummarizeDiffSetBrief returns a brief summary of the given DiffSet.
+//
+// The summary is a string in the format:
+//
+//	removed: x, changed: y, excluded: z, unchanged: w
+//
+// For example:
+//
+//	removed: 1, changed: 3, excluded: 1, unchanged: 2
+func SummarizeDiffSetBrief(set jsondiff.DiffSet, include ...jsondiff.DiffType) string {
+	var removed, changed, excluded, unchanged int
+	for _, diff := range set {
+		switch diff.Type {
+		case jsondiff.DiffTypeCreate:
+			removed++
+		case jsondiff.DiffTypeUpdate:
+			changed++
+		case jsondiff.DiffTypeExclude:
+			excluded++
+		case jsondiff.DiffTypeNone:
+			unchanged++
+		}
+	}
+
+	if include == nil {
+		include = DefaultDiffTypes
+	}
+
+	var summary strings.Builder
+	for _, t := range include {
+		switch t {
+		case jsondiff.DiffTypeCreate:
+			summary.WriteString(fmt.Sprintf("removed: %d, ", removed))
+		case jsondiff.DiffTypeUpdate:
+			summary.WriteString(fmt.Sprintf("changed: %d, ", changed))
+		case jsondiff.DiffTypeExclude:
+			summary.WriteString(fmt.Sprintf("excluded: %d, ", excluded))
+		case jsondiff.DiffTypeNone:
+			summary.WriteString(fmt.Sprintf("unchanged: %d, ", unchanged))
+		}
+	}
+	return strings.TrimSuffix(summary.String(), ", ")
+}
+
+// writeResourceName writes the resource name in the format
+// `kind/namespace/name` to the given strings.Builder.
+func writeResourceName(diff *jsondiff.Diff, summary *strings.Builder) {
+	summary.WriteString(diff.GroupVersionKind.Kind)
+	summary.WriteString("/")
+	summary.WriteString(diff.Namespace)
+	summary.WriteString("/")
+	summary.WriteString(diff.Name)
+}
+
+// SummarizeUpdate returns the number of added, changed and removed fields
+// in the given update patch.
+func summarizeUpdate(diff *jsondiff.Diff) (added, changed, removed int) {
+	for _, p := range diff.Patch {
+		switch p.Type {
+		case extjsondiff.OperationAdd:
+			added++
+		case extjsondiff.OperationReplace:
+			changed++
+		case extjsondiff.OperationRemove:
+			removed++
+		}
+	}
+	return
+}
+
+// typeInSlice returns true if the given jsondiff.DiffType is in the slice.
+func typeInSlice(t jsondiff.DiffType, slice []jsondiff.DiffType) bool {
+	for _, s := range slice {
+		if t == s {
+			return true
+		}
+	}
+	return false
+}
diff --git a/internal/diff/summarize_test.go b/internal/diff/summarize_test.go
@@ -0,0 +1,190 @@
+/*
+Copyright 2023 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package diff
+
+import (
+	"testing"
+
+	extjsondiff "github.com/wI2L/jsondiff"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
+	"github.com/fluxcd/pkg/ssa/jsondiff"
+)
+
+func TestSummarizeDiffSet(t *testing.T) {
+	diffSet := jsondiff.DiffSet{
+		&jsondiff.Diff{
+			GroupVersionKind: schema.GroupVersionKind{
+				Kind: "ConfigMap",
+			},
+			Namespace: "namespace-1",
+			Name:      "config",
+			Type:      jsondiff.DiffTypeNone,
+		},
+		&jsondiff.Diff{
+			GroupVersionKind: schema.GroupVersionKind{
+				Kind: "Secret",
+			},
+			Namespace: "namespace-x",
+			Name:      "naughty",
+			Type:      jsondiff.DiffTypeCreate,
+		},
+		&jsondiff.Diff{
+			GroupVersionKind: schema.GroupVersionKind{
+				Kind: "StatefulSet",
+			},
+			Namespace: "default",
+			Name:      "hello-world",
+			Type:      jsondiff.DiffTypeExclude,
+		},
+		&jsondiff.Diff{
+			GroupVersionKind: schema.GroupVersionKind{
+				Kind: "Deployment",
+			},
+			Namespace: "tenant-y",
+			Name:      "touched-me",
+			Type:      jsondiff.DiffTypeUpdate,
+			Patch: extjsondiff.Patch{
+				{Type: extjsondiff.OperationAdd},
+				{Type: extjsondiff.OperationReplace},
+				{Type: extjsondiff.OperationReplace},
+				{Type: extjsondiff.OperationReplace},
+				{Type: extjsondiff.OperationRemove},
+				{Type: extjsondiff.OperationRemove},
+			},
+		},
+	}
+
+	tests := []struct {
+		name    string
+		include []jsondiff.DiffType
+		want    string
+	}{
+		{
+			name:    "default",
+			include: nil,
+			want: `Secret/namespace-x/naughty removed
+StatefulSet/default/hello-world excluded
+Deployment/tenant-y/touched-me changed (1 additions, 3 changes, 2 removals)`,
+		},
+		{
+			name: "include unchanged",
+			include: []jsondiff.DiffType{
+				jsondiff.DiffTypeNone,
+			},
+			want: "ConfigMap/namespace-1/config unchanged",
+		},
+		{
+			name: "include removed",
+			include: []jsondiff.DiffType{
+				jsondiff.DiffTypeCreate,
+			},
+			want: "Secret/namespace-x/naughty removed",
+		},
+		{
+			name: "include excluded",
+			include: []jsondiff.DiffType{
+				jsondiff.DiffTypeExclude,
+			},
+			want: "StatefulSet/default/hello-world excluded",
+		},
+		{
+			name: "include changed",
+			include: []jsondiff.DiffType{
+				jsondiff.DiffTypeUpdate,
+			},
+			want: "Deployment/tenant-y/touched-me changed (1 additions, 3 changes, 2 removals)",
+		},
+		{
+			name: "include multiple types",
+			include: []jsondiff.DiffType{
+				jsondiff.DiffTypeNone,
+				jsondiff.DiffTypeUpdate,
+			},
+			want: `ConfigMap/namespace-1/config unchanged
+Deployment/tenant-y/touched-me changed (1 additions, 3 changes, 2 removals)`,
+		},
+		{
+			name:    "empty set",
+			include: []jsondiff.DiffType{},
+			want:    "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := SummarizeDiffSet(diffSet, tt.include...)
+			if got != tt.want {
+				t.Errorf("SummarizeDiffSet() =\n\n%v\n\nwant\n\n%v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestSummarizeDiffSetBrief(t *testing.T) {
+	diffSet := jsondiff.DiffSet{
+		&jsondiff.Diff{Type: jsondiff.DiffTypeCreate},
+		&jsondiff.Diff{Type: jsondiff.DiffTypeUpdate},
+		&jsondiff.Diff{Type: jsondiff.DiffTypeExclude},
+		&jsondiff.Diff{Type: jsondiff.DiffTypeNone},
+		&jsondiff.Diff{Type: jsondiff.DiffTypeNone},
+	}
+
+	tests := []struct {
+		name    string
+		include []jsondiff.DiffType
+		want    string
+	}{
+		{
+			name:    "default include",
+			include: nil,
+			want:    "removed: 1, changed: 1, excluded: 1",
+		},
+		{
+			name: "include create and update",
+			include: []jsondiff.DiffType{
+				jsondiff.DiffTypeCreate,
+				jsondiff.DiffTypeUpdate,
+			},
+			want: "removed: 1, changed: 1",
+		},
+		{
+			name: "include all types",
+			include: []jsondiff.DiffType{
+				jsondiff.DiffTypeCreate,
+				jsondiff.DiffTypeUpdate,
+				jsondiff.DiffTypeExclude,
+				jsondiff.DiffTypeNone,
+			},
+			want: "removed: 1, changed: 1, excluded: 1, unchanged: 2",
+		},
+		{
+			name:    "include none",
+			include: []jsondiff.DiffType{},
+			want:    "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := SummarizeDiffSetBrief(diffSet, tt.include...)
+			if got != tt.want {
+				t.Errorf("SummarizeDiffSetBrief() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}