From 24434e89d4b3ae75f1ed2c6db6db84e376bfd909 Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Sun, 22 Aug 2021 01:15:36 +0000 Subject: [PATCH] vendor frameworks e35c157 Signed-off-by: Sertac Ozercan --- go.mod | 2 +- go.sum | 4 +- .../externaldata/externaldata_controller.go | 13 ++--- .../frameworks/constraint/deploy/crds.yaml | 3 ++ .../externaldata/v1alpha1/provider_types.go | 1 + .../pkg/apis/templates/yaml_constant.go | 54 +++++++++++++++++++ .../constraint/pkg/client/client.go | 2 - .../pkg/client/drivers/local/local.go | 2 +- .../constraint/pkg/externaldata/cache.go | 53 ++++++++++++++---- vendor/modules.txt | 4 +- 10 files changed, 110 insertions(+), 28 deletions(-) diff --git a/go.mod b/go.mod index edaa6f8947e..114475e5749 100644 --- a/go.mod +++ b/go.mod @@ -39,4 +39,4 @@ require ( sigs.k8s.io/yaml v1.2.0 ) -replace github.com/open-policy-agent/frameworks/constraint => github.com/sozercan/frameworks/constraint v0.0.0-20210818181827-bf04f25ec1e9 +replace github.com/open-policy-agent/frameworks/constraint => github.com/sozercan/frameworks/constraint v0.0.0-20210822004714-e35c15710b01 diff --git a/go.sum b/go.sum index 8737405b267..1a9f9a536e9 100644 --- a/go.sum +++ b/go.sum @@ -712,8 +712,8 @@ github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4k github.com/sonatard/noctx v0.0.1/go.mod h1:9D2D/EoULe8Yy2joDHJj7bv3sZoq9AaSb8B4lqBjiZI= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/go-diff v0.6.1/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs= -github.com/sozercan/frameworks/constraint v0.0.0-20210818181827-bf04f25ec1e9 h1:vOIs6ujmDVNq1+9v7AeJRYN70RjBA3Tat7kXOKYnv3I= -github.com/sozercan/frameworks/constraint v0.0.0-20210818181827-bf04f25ec1e9/go.mod h1:sxECOn2E9o4DIK6ttinq1frfiErxi0Z8oIgtz7VDVBc= +github.com/sozercan/frameworks/constraint v0.0.0-20210822004714-e35c15710b01 h1:Buj/I/FdzjuxERswWSkDKBWM1PKp7p7jpsAwzAMKY8U= +github.com/sozercan/frameworks/constraint v0.0.0-20210822004714-e35c15710b01/go.mod h1:sxECOn2E9o4DIK6ttinq1frfiErxi0Z8oIgtz7VDVBc= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc= diff --git a/pkg/controller/externaldata/externaldata_controller.go b/pkg/controller/externaldata/externaldata_controller.go index e3698fa70ee..f1c0bfa1d4d 100644 --- a/pkg/controller/externaldata/externaldata_controller.go +++ b/pkg/controller/externaldata/externaldata_controller.go @@ -122,22 +122,15 @@ func (r *Reconciler) Reconcile(ctx context.Context, request reconcile.Request) ( deleted = deleted || !provider.GetDeletionTimestamp().IsZero() tracker := r.tracker.For(gvkExternalData) - if err != nil { - log.Error(err, "Creating provider for resource failed", "resource", request.NamespacedName) - tracker.CancelExpect(provider) - return ctrl.Result{}, err - } if !deleted { if err := r.providerCache.Upsert(provider); err != nil { log.Error(err, "Upsert failed", "resource", request.NamespacedName) tracker.TryCancelExpect(provider) - } else { - tracker.Observe(provider) + return reconcile.Result{}, err } + tracker.Observe(provider) } else { - if err := r.providerCache.Remove(provider.Name); err != nil { - log.Error(err, "Remove failed", "resource", request.NamespacedName) - } + r.providerCache.Remove(provider.Name) tracker.CancelExpect(provider) } diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/deploy/crds.yaml b/vendor/github.com/open-policy-agent/frameworks/constraint/deploy/crds.yaml index 30e874b6a8c..2ca123d395d 100644 --- a/vendor/github.com/open-policy-agent/frameworks/constraint/deploy/crds.yaml +++ b/vendor/github.com/open-policy-agent/frameworks/constraint/deploy/crds.yaml @@ -339,6 +339,9 @@ spec: description: ProviderSpec defines the desired state of Provider properties: failurePolicy: + enum: + - Ignore + - Fail type: string maxRetry: type: integer diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1alpha1/provider_types.go b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1alpha1/provider_types.go index f30922c0cc0..81296727216 100644 --- a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1alpha1/provider_types.go +++ b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1alpha1/provider_types.go @@ -19,6 +19,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// +kubebuilder:validation:Enum=Ignore;Fail type FailurePolicy string const ( diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/yaml_constant.go b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/yaml_constant.go index eefd1b4dcb0..dd281f66d46 100644 --- a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/yaml_constant.go +++ b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/yaml_constant.go @@ -310,4 +310,58 @@ status: plural: "" conditions: [] storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: providers.externaldata.gatekeeper.sh +spec: + group: externaldata.gatekeeper.sh + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Provider is the Schema for the Provider API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of Provider + properties: + failurePolicy: + enum: + - Ignore + - Fail + type: string + maxRetry: + type: integer + proxyURL: + type: string + timeout: + type: integer + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] ` diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/client.go b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/client.go index 2bd31b7b9f7..caa1290e7c3 100644 --- a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/client.go +++ b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/client.go @@ -11,7 +11,6 @@ import ( "github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers" "github.com/open-policy-agent/frameworks/constraint/pkg/client/regolib" - "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" constraintlib "github.com/open-policy-agent/frameworks/constraint/pkg/core/constraints" "github.com/open-policy-agent/frameworks/constraint/pkg/core/templates" @@ -76,7 +75,6 @@ type Client struct { templates map[templateKey]*templateEntry constraints map[schema.GroupKind]map[string]*unstructured.Unstructured allowedDataFields []string - ProviderCache externaldata.ProviderCache } // createDataPath compiles the data destination: data.external.. diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/local.go b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/local.go index b1258a11b13..5d7257b3a89 100644 --- a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/local.go +++ b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers/local/local.go @@ -130,7 +130,7 @@ func (d *driver) Init(ctx context.Context) error { provider, err := d.providerCache.Get(providerName) if err != nil { - return nil, fmt.Errorf("unable to retrieve provider %v cache", providerName) + return nil, fmt.Errorf("unable to retrieve provider %v from cache", providerName) } req, err := http.NewRequest("GET", provider.Spec.ProxyURL, bytes.NewBuffer([]byte(body))) diff --git a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/externaldata/cache.go b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/externaldata/cache.go index f2cf7b2d594..b3c71638ad1 100644 --- a/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/externaldata/cache.go +++ b/vendor/github.com/open-policy-agent/frameworks/constraint/pkg/externaldata/cache.go @@ -2,6 +2,7 @@ package externaldata import ( "fmt" + "strings" "sync" "github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1alpha1" @@ -19,8 +20,12 @@ func NewCache() *ProviderCache { } func (c *ProviderCache) Get(key string) (v1alpha1.Provider, error) { + c.mux.RLock() + defer c.mux.RUnlock() + if v, ok := c.cache[key]; ok { - return v, nil + dc := *v.DeepCopy() + return dc, nil } return v1alpha1.Provider{}, fmt.Errorf("key is not found in provider cache") } @@ -29,23 +34,51 @@ func (c *ProviderCache) Upsert(provider *v1alpha1.Provider) error { c.mux.Lock() defer c.mux.Unlock() - c.cache[provider.GetName()] = v1alpha1.Provider{ - Spec: v1alpha1.ProviderSpec{ - ProxyURL: provider.Spec.ProxyURL, - FailurePolicy: provider.Spec.FailurePolicy, - Timeout: provider.Spec.Timeout, - MaxRetry: provider.Spec.MaxRetry, - }, + if !isValidName(provider.Name) { + return fmt.Errorf("provider name can not be empty. value %s", provider.Name) + } + if !isValidURL(provider.Spec.ProxyURL) { + return fmt.Errorf("invalid provider proxy url. value: %s", provider.Spec.ProxyURL) + } + if !isValidTimeout(provider.Spec.Timeout) { + return fmt.Errorf("provider timeout should be a positive integer. value: %d", provider.Spec.Timeout) + } + if !isValidFailurePolicy(string(provider.Spec.FailurePolicy)) { + return fmt.Errorf("provider failure policy should be either Ignore or Fail. value: %s", provider.Spec.FailurePolicy) } + c.cache[provider.GetName()] = *provider.DeepCopy() return nil } -func (c *ProviderCache) Remove(name string) error { +func (c *ProviderCache) Remove(name string) { c.mux.Lock() defer c.mux.Unlock() delete(c.cache, name) +} - return nil +func isValidName(name string) bool { + return len(name) != 0 +} + +func isValidURL(url string) bool { + if len(url) == 0 { + return false + } + if !strings.HasPrefix(url, "http://") && !strings.HasPrefix(url, "https://") { + return false + } + return true +} + +func isValidTimeout(timeout int) bool { + return timeout >= 0 +} + +func isValidFailurePolicy(policy string) bool { + if strings.EqualFold(policy, string(v1alpha1.Ignore)) || strings.EqualFold(policy, string(v1alpha1.Fail)) { + return true + } + return false } diff --git a/vendor/modules.txt b/vendor/modules.txt index f1fdc34fb3b..bc253f972ae 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -162,7 +162,7 @@ github.com/onsi/gomega/types # github.com/open-policy-agent/cert-controller v0.2.0 ## explicit github.com/open-policy-agent/cert-controller/pkg/rotator -# github.com/open-policy-agent/frameworks/constraint v0.0.0-20210701194838-1dbe2618668d => github.com/sozercan/frameworks/constraint v0.0.0-20210818181827-bf04f25ec1e9 +# github.com/open-policy-agent/frameworks/constraint v0.0.0-20210701194838-1dbe2618668d => github.com/sozercan/frameworks/constraint v0.0.0-20210822004714-e35c15710b01 ## explicit github.com/open-policy-agent/frameworks/constraint/deploy github.com/open-policy-agent/frameworks/constraint/pkg/apis @@ -747,4 +747,4 @@ sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.2.0 ## explicit sigs.k8s.io/yaml -# github.com/open-policy-agent/frameworks/constraint => github.com/sozercan/frameworks/constraint v0.0.0-20210818181827-bf04f25ec1e9 +# github.com/open-policy-agent/frameworks/constraint => github.com/sozercan/frameworks/constraint v0.0.0-20210822004714-e35c15710b01