Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

Commit

Permalink
Fix multiple namespace filtering issues
Browse files Browse the repository at this point in the history
* Rename `getAllowedNamespaces()` to `getAllowedAndExistingNamespaces()`
* Remove redundant namespace check
* Check for namespace existence when syncing
  • Loading branch information
Alfonso Acosta committed Mar 26, 2019
1 parent 92db72a commit 0696022
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 16 deletions.
2 changes: 1 addition & 1 deletion cluster/kubernetes/images.go
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ func mergeCredentials(log func(...interface{}) error,
func (c *Cluster) ImagesToFetch() registry.ImageCreds {
allImageCreds := make(registry.ImageCreds)

namespaces, err := c.getAllowedNamespaces()
namespaces, err := c.getAllowedAndExistingNamespaces()
if err != nil {
c.logger.Log("err", errors.Wrap(err, "getting namespaces"))
return allImageCreds
Expand Down
10 changes: 5 additions & 5 deletions cluster/kubernetes/kubernetes.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ func (c *Cluster) SomeWorkloads(ids []flux.ResourceID) (res []cluster.Workload,
// AllWorkloads returns all workloads in allowed namespaces matching the criteria; that is, in
// the namespace (or any namespace if that argument is empty)
func (c *Cluster) AllWorkloads(namespace string) (res []cluster.Workload, err error) {
namespaces, err := c.getAllowedNamespaces()
namespaces, err := c.getAllowedAndExistingNamespaces()
if err != nil {
return nil, errors.Wrap(err, "getting namespaces")
}
Expand Down Expand Up @@ -217,7 +217,7 @@ func (c *Cluster) Ping() error {
func (c *Cluster) Export() ([]byte, error) {
var config bytes.Buffer

namespaces, err := c.getAllowedNamespaces()
namespaces, err := c.getAllowedAndExistingNamespaces()
if err != nil {
return nil, errors.Wrap(err, "getting namespaces")
}
Expand Down Expand Up @@ -266,11 +266,11 @@ func (c *Cluster) PublicSSHKey(regenerate bool) (ssh.PublicKey, error) {
return publicKey, nil
}

// getAllowedNamespaces returns a list of namespaces that the Flux instance is expected
// to have access to and can look for resources inside of.
// getAllowedAndExistingNamespaces returns a list of existing namespaces that
// the Flux instance is expected to have access to and can look for resources inside of.
// It returns a list of all namespaces unless an explicit list of allowed namespaces
// has been set on the Cluster instance.
func (c *Cluster) getAllowedNamespaces() ([]apiv1.Namespace, error) {
func (c *Cluster) getAllowedAndExistingNamespaces() ([]apiv1.Namespace, error) {
if len(c.allowedNamespaces) > 0 {
nsList := []apiv1.Namespace{}
for _, name := range c.allowedNamespaces {
Expand Down
2 changes: 1 addition & 1 deletion cluster/kubernetes/kubernetes_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ func testGetAllowedNamespaces(t *testing.T, namespace []string, expected []strin
client := ExtendedClient{coreClient: clientset}
c := NewCluster(client, nil, nil, log.NewNopLogger(), namespace, []string{})

namespaces, err := c.getAllowedNamespaces()
namespaces, err := c.getAllowedAndExistingNamespaces()
if err != nil {
t.Errorf("The error should be nil, not: %s", err)
}
Expand Down
18 changes: 9 additions & 9 deletions cluster/kubernetes/sync.go
Original file line number Diff line number Diff line change
Expand Up @@ -257,8 +257,8 @@ func (c *Cluster) getAllowedResourcesBySelector(selector string) (map[string]*ku

func (c *Cluster) listAllowedResources(
namespaced bool, gvr schema.GroupVersionResource, options meta_v1.ListOptions) ([]unstructured.Unstructured, error) {
if !namespaced || len(c.allowedNamespaces) == 0 {
// The resource is not namespaced or all the namespaces are allowed
if !namespaced {
// The resource is not namespaced
resourceClient := c.client.dynamicClient.Resource(gvr)
data, err := resourceClient.List(options)
if err != nil {
Expand All @@ -268,9 +268,13 @@ func (c *Cluster) listAllowedResources(
}

// List resources only from the allowed namespaces
namespaces, err := c.getAllowedAndExistingNamespaces()
if err != nil {
return nil, err
}
var result []unstructured.Unstructured
for _, ns := range c.allowedNamespaces {
data, err := c.client.dynamicClient.Resource(gvr).Namespace(ns).List(options)
for _, ns := range namespaces {
data, err := c.client.dynamicClient.Resource(gvr).Namespace(ns.Name).List(options)
if err != nil {
return result, err
}
Expand All @@ -286,11 +290,7 @@ func (c *Cluster) getAllowedGCMarkedResourcesInSyncSet(syncSetName string) (map[
}
allowedSyncSetGCMarkedResources := map[string]*kuberesource{}
for resID, kres := range allGCMarkedResources {
// Discard disallowed resources
if !c.IsAllowedResource(kres.ResourceID()) {
continue
}
// Discard resources out of the Sync Set
// Discard resources whose mark doesn't match their resource ID
if kres.GetGCMark() != makeGCMark(syncSetName, resID) {
continue
}
Expand Down

0 comments on commit 0696022

Please sign in to comment.