refactor: consolidate common controller code
This commit is contained in:
@@ -29,7 +29,6 @@ import (
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/kubernetes/scheme"
|
||||
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
@@ -38,6 +37,7 @@ import (
|
||||
"k8s.io/client-go/util/workqueue"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
"gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/internal/baseController"
|
||||
v1alpha1 "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/apis/application/v1alpha1"
|
||||
clientset "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned"
|
||||
operatorscheme "gitea.t000-n.de/t.behrendt/authentik-kubernetes-operator/pkg/generated/clientset/versioned/scheme"
|
||||
@@ -61,16 +61,14 @@ const (
|
||||
DeleteAuthentikApplicationFinalizer = "application.t000-n.de/delete-authentik-application"
|
||||
)
|
||||
|
||||
type Controller struct {
|
||||
type ApplicationController struct {
|
||||
kubeclientset kubernetes.Interface
|
||||
applicationClientset clientset.Interface
|
||||
authentik *authentikapi.APIClient
|
||||
|
||||
applicationListener listers.ApplicationLister
|
||||
applicationSynced cache.InformerSynced
|
||||
|
||||
workqueue workqueue.TypedRateLimitingInterface[cache.ObjectName]
|
||||
recorder record.EventRecorder
|
||||
controller *baseController.Controller
|
||||
}
|
||||
|
||||
func NewController(
|
||||
@@ -79,7 +77,7 @@ func NewController(
|
||||
applicationClientset clientset.Interface,
|
||||
authentik *authentikapi.APIClient,
|
||||
applicationInformer informers.ApplicationInformer,
|
||||
) *Controller {
|
||||
) *ApplicationController {
|
||||
logger := klog.FromContext(ctx)
|
||||
|
||||
utilruntime.Must(operatorscheme.AddToScheme(scheme.Scheme))
|
||||
@@ -94,75 +92,36 @@ func NewController(
|
||||
&workqueue.TypedBucketRateLimiter[cache.ObjectName]{Limiter: rate.NewLimiter(rate.Limit(50), 300)},
|
||||
)
|
||||
|
||||
c := &Controller{
|
||||
c := &ApplicationController{
|
||||
kubeclientset: kubeclientset,
|
||||
applicationClientset: applicationClientset,
|
||||
authentik: authentik,
|
||||
applicationListener: applicationInformer.Lister(),
|
||||
applicationSynced: applicationInformer.Informer().HasSynced,
|
||||
workqueue: workqueue.NewTypedRateLimitingQueue(ratelimiter),
|
||||
recorder: recorder,
|
||||
}
|
||||
c.controller = baseController.NewController(
|
||||
ctx,
|
||||
workqueue.NewTypedRateLimitingQueue(ratelimiter),
|
||||
recorder,
|
||||
applicationInformer.Informer().HasSynced,
|
||||
c.syncHandler,
|
||||
)
|
||||
|
||||
logger.Info("Setting up event handlers")
|
||||
applicationInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
|
||||
AddFunc: c.enqueueApplication,
|
||||
AddFunc: c.controller.Enqueue,
|
||||
UpdateFunc: func(_, newObj interface{}) {
|
||||
c.enqueueApplication(newObj)
|
||||
c.controller.Enqueue(newObj)
|
||||
},
|
||||
})
|
||||
|
||||
return c
|
||||
}
|
||||
|
||||
func (c *Controller) Run(ctx context.Context, workers int) error {
|
||||
defer utilruntime.HandleCrash()
|
||||
defer c.workqueue.ShutDown()
|
||||
logger := klog.FromContext(ctx)
|
||||
|
||||
logger.Info("Starting Application controller")
|
||||
|
||||
logger.Info("Waiting for informer caches to sync")
|
||||
if ok := cache.WaitForCacheSync(ctx.Done(), c.applicationSynced); !ok {
|
||||
return fmt.Errorf("failed to wait for caches to sync")
|
||||
}
|
||||
|
||||
logger.Info("Starting workers", "count", workers)
|
||||
for i := 0; i < workers; i++ {
|
||||
go wait.UntilWithContext(ctx, c.runWorker, time.Second)
|
||||
}
|
||||
|
||||
logger.Info("Started workers")
|
||||
<-ctx.Done()
|
||||
logger.Info("Shutting down workers")
|
||||
return nil
|
||||
func (c *ApplicationController) Run(ctx context.Context, workers int) error {
|
||||
return c.controller.Run(ctx, workers)
|
||||
}
|
||||
|
||||
func (c *Controller) runWorker(ctx context.Context) {
|
||||
for c.processNextWorkItem(ctx) {
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Controller) processNextWorkItem(ctx context.Context) bool {
|
||||
objRef, shutdown := c.workqueue.Get()
|
||||
logger := klog.FromContext(ctx)
|
||||
if shutdown {
|
||||
return false
|
||||
}
|
||||
defer c.workqueue.Done(objRef)
|
||||
|
||||
err := c.syncHandler(ctx, objRef)
|
||||
if err == nil {
|
||||
c.workqueue.Forget(objRef)
|
||||
logger.Info("Successfully synced", "objectName", objRef)
|
||||
return true
|
||||
}
|
||||
utilruntime.HandleErrorWithContext(ctx, err, "Error syncing; requeuing for later retry", "objectReference", objRef)
|
||||
c.workqueue.AddRateLimited(objRef)
|
||||
return true
|
||||
}
|
||||
|
||||
func (c *Controller) syncHandler(ctx context.Context, objectRef cache.ObjectName) error {
|
||||
func (c *ApplicationController) syncHandler(ctx context.Context, objectRef cache.ObjectName) error {
|
||||
logger := klog.LoggerWithValues(klog.FromContext(ctx), "objectRef", objectRef)
|
||||
|
||||
app, err := c.applicationListener.Applications(objectRef.Namespace).Get(objectRef.Name)
|
||||
@@ -195,12 +154,12 @@ func (c *Controller) syncHandler(ctx context.Context, objectRef cache.ObjectName
|
||||
return c.reconcileUpdate(ctx, app)
|
||||
}
|
||||
|
||||
func (c *Controller) ensureFinalizers(ctx context.Context, app *v1alpha1.Application) error {
|
||||
func (c *ApplicationController) ensureFinalizers(ctx context.Context, app *v1alpha1.Application) error {
|
||||
app.ObjectMeta.Finalizers = append(app.ObjectMeta.Finalizers, DeleteAuthentikApplicationFinalizer)
|
||||
return c.updateApplication(ctx, app)
|
||||
}
|
||||
|
||||
func (c *Controller) reconcileDelete(ctx context.Context, app *v1alpha1.Application) error {
|
||||
func (c *ApplicationController) reconcileDelete(ctx context.Context, app *v1alpha1.Application) error {
|
||||
r, err := c.authentik.CoreApi.CoreApplicationsDestroy(ctx, app.Spec.Slug).Execute()
|
||||
if err != nil {
|
||||
// This handles an edge-case, where when the Application on Authentik has already been deleted, but the finalizer is still present. We just remove the finalizer and return.
|
||||
@@ -213,7 +172,7 @@ func (c *Controller) reconcileDelete(ctx context.Context, app *v1alpha1.Applicat
|
||||
return c.updateApplication(ctx, app)
|
||||
}
|
||||
|
||||
func (c *Controller) reconcileUpdate(ctx context.Context, app *v1alpha1.Application) error {
|
||||
func (c *ApplicationController) reconcileUpdate(ctx context.Context, app *v1alpha1.Application) error {
|
||||
_, r, err := c.authentik.CoreApi.CoreApplicationsRetrieve(ctx, app.Spec.Slug).Execute()
|
||||
if err != nil {
|
||||
if r != nil && r.StatusCode == http.StatusNotFound {
|
||||
@@ -239,7 +198,7 @@ func (c *Controller) reconcileUpdate(ctx context.Context, app *v1alpha1.Applicat
|
||||
return c.updateApplicationStatus(ctx, app)
|
||||
}
|
||||
|
||||
func (c *Controller) reconcileCreate(ctx context.Context, app *v1alpha1.Application) error {
|
||||
func (c *ApplicationController) reconcileCreate(ctx context.Context, app *v1alpha1.Application) error {
|
||||
applicationRequest := &authentikapi.ApplicationRequest{
|
||||
Name: app.Spec.Name,
|
||||
Slug: app.Spec.Slug,
|
||||
@@ -254,23 +213,14 @@ func (c *Controller) reconcileCreate(ctx context.Context, app *v1alpha1.Applicat
|
||||
return c.updateApplicationStatus(ctx, app)
|
||||
}
|
||||
|
||||
func (c *Controller) enqueueApplication(obj interface{}) {
|
||||
objectRef, err := cache.ObjectToName(obj)
|
||||
if err != nil {
|
||||
utilruntime.HandleError(err)
|
||||
return
|
||||
}
|
||||
c.workqueue.Add(objectRef)
|
||||
}
|
||||
|
||||
func (c *Controller) updateApplicationStatus(ctx context.Context, app *v1alpha1.Application) error {
|
||||
func (c *ApplicationController) updateApplicationStatus(ctx context.Context, app *v1alpha1.Application) error {
|
||||
appCopy := app.DeepCopy()
|
||||
_, err := c.applicationClientset.ApplicationV1alpha1().Applications(appCopy.Namespace).UpdateStatus(ctx, appCopy, metav1.UpdateOptions{FieldManager: FieldManager})
|
||||
return err
|
||||
}
|
||||
|
||||
// Update metadata, spec, etc. of the Application object.
|
||||
func (c *Controller) updateApplication(ctx context.Context, app *v1alpha1.Application) error {
|
||||
func (c *ApplicationController) updateApplication(ctx context.Context, app *v1alpha1.Application) error {
|
||||
appCopy := app.DeepCopy()
|
||||
_, err := c.applicationClientset.ApplicationV1alpha1().Applications(appCopy.Namespace).Update(ctx, appCopy, metav1.UpdateOptions{FieldManager: FieldManager})
|
||||
if err != nil {
|
||||
|
||||
@@ -198,6 +198,34 @@ func TestController_syncHandler_notFound(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestController_syncHandler_delete_usesSlugNotPK(t *testing.T) {
|
||||
now := metav1.Now()
|
||||
app := testApplication()
|
||||
app.Status.PK = "not-a-number"
|
||||
app.DeletionTimestamp = &now
|
||||
app.Finalizers = []string{DeleteAuthentikApplicationFinalizer}
|
||||
|
||||
var destroySlug string
|
||||
server := newAuthentikTestServer(t, authentikTestHandlers{
|
||||
applicationDestroy: func(w http.ResponseWriter, r *http.Request) {
|
||||
destroySlug = strings.TrimSuffix(strings.TrimPrefix(r.URL.Path, "/api/v3/core/applications/"), "/")
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
},
|
||||
})
|
||||
t.Cleanup(server.Close)
|
||||
|
||||
ctrl, ctx, cancel := newTestController(t, app, server.URL)
|
||||
t.Cleanup(cancel)
|
||||
|
||||
err := ctrl.syncHandler(ctx, cache.ObjectName{Namespace: app.Namespace, Name: app.Name})
|
||||
if err != nil {
|
||||
t.Fatalf("syncHandler() error = %v", err)
|
||||
}
|
||||
if destroySlug != app.Spec.Slug {
|
||||
t.Fatalf("destroy slug = %q, want %q (delete must use spec.slug, not status.pk)", destroySlug, app.Spec.Slug)
|
||||
}
|
||||
}
|
||||
|
||||
// --- test helpers ---
|
||||
|
||||
func testApplication() *v1alpha1.Application {
|
||||
@@ -218,7 +246,7 @@ func testApplication() *v1alpha1.Application {
|
||||
}
|
||||
}
|
||||
|
||||
func newTestController(t *testing.T, app *v1alpha1.Application, authentikURL string) (*Controller, context.Context, context.CancelFunc) {
|
||||
func newTestController(t *testing.T, app *v1alpha1.Application, authentikURL string) (*ApplicationController, context.Context, context.CancelFunc) {
|
||||
t.Helper()
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
ctrl, _, stop := newTestControllerWithContext(t, ctx, app, authentikURL)
|
||||
@@ -228,7 +256,7 @@ func newTestController(t *testing.T, app *v1alpha1.Application, authentikURL str
|
||||
}
|
||||
}
|
||||
|
||||
func newTestControllerWithContext(t *testing.T, ctx context.Context, app *v1alpha1.Application, authentikURL string) (*Controller, context.Context, func()) {
|
||||
func newTestControllerWithContext(t *testing.T, ctx context.Context, app *v1alpha1.Application, authentikURL string) (*ApplicationController, context.Context, func()) {
|
||||
t.Helper()
|
||||
|
||||
authentikClient := newAuthentikAPIClientForTest(t, authentikURL)
|
||||
@@ -336,7 +364,7 @@ func writeJSON(t *testing.T, w http.ResponseWriter, status int, body any) {
|
||||
}
|
||||
}
|
||||
|
||||
func getApplication(t *testing.T, ctrl *Controller, namespace, name string) *v1alpha1.Application {
|
||||
func getApplication(t *testing.T, ctrl *ApplicationController, namespace, name string) *v1alpha1.Application {
|
||||
t.Helper()
|
||||
|
||||
got, err := ctrl.applicationClientset.ApplicationV1alpha1().Applications(namespace).Get(
|
||||
|
||||
Reference in New Issue
Block a user