Merge pull request #274 from stephanhorsthemke/prune-whitelist

k8s-ci-robot · web-flow · commit ae666b12ec6a · 2022-11-19T11:56:30.000-08:00
Prune whitelist
diff --git a/go.mod b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/google/go-cmp v0.5.8
 	github.com/prometheus/client_golang v1.12.2
 	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
-	golang.org/x/tools v0.1.12
+	golang.org/x/tools v0.3.0
 	k8s.io/api v0.25.0
 	k8s.io/apimachinery v0.25.4
 	k8s.io/cli-runtime v0.25.0
@@ -93,7 +93,7 @@ require (
 	github.com/xanzy/ssh-agent v0.2.1 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/mod v0.7.0 // indirect
 	golang.org/x/net v0.2.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
 	golang.org/x/sys v0.2.0 // indirect
diff --git a/go.sum b/go.sum
@@ -451,8 +451,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -654,8 +654,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.3.0 h1:SrNbZl6ECOS1qFzgTdQfWXZM9XBkiA6tkFrH9YSTPHM=
+golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/pkg/patterns/declarative/pkg/applier/direct.go b/pkg/patterns/declarative/pkg/applier/direct.go
@@ -6,6 +6,8 @@ import (
 	"os"
 	"strings"
 
+	"k8s.io/kubectl/pkg/util/prune"
+
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
@@ -76,8 +78,15 @@ func (d *DirectApplier) Apply(ctx context.Context, opt ApplierOptions) error {
 	b := d.inner.NewBuilder(opt)
 	f := d.inner.NewFactory(opt)
 
+	// TODO can we just reuse this
+	dynamicClient, err := f.DynamicClient()
+	if err != nil {
+		return err
+	}
+
 	if opt.Validate {
-		// This potentially causes redundant work, but validation isn't the common path
+		// validation likely makes redundant apiserver requests and is less optimized than the non-validation case,
+		// but validation isn't the common path
 
 		dynamicClient, err := f.DynamicClient()
 		if err != nil {
@@ -123,21 +132,41 @@ func (d *DirectApplier) Apply(ctx context.Context, opt ApplierOptions) error {
 		IOStreams:           ioStreams,
 		FieldManager:        "kubectl-client-side-apply",
 		ValidationDirective: metav1.FieldValidationStrict,
+		Mapper:              opt.RESTMapper,
+		DynamicClient:       dynamicClient,
 	}
+	// TODO this will add the print part at all times.
+	applyOpts.PostProcessorFn = applyOpts.PrintAndPrunePostProcessor()
 
+	whiteListResources := []string{}
 	for i, arg := range opt.ExtraArgs {
 		switch arg {
 		case "--force":
+			// TODO Does this do anything? It seems like opt (aka ApplierOptions) is not used anymore
 			opt.Force = true
 		case "--prune":
 			applyOpts.Prune = true
 		case "--selector":
 			applyOpts.Selector = opt.ExtraArgs[i+1]
+		case "--prune-whitelist":
+			whiteListResources = append(whiteListResources, opt.ExtraArgs[i+1])
 		default:
 			continue
 		}
 	}
 
+	if len(whiteListResources) > 0 {
+		rm, err := f.ToRESTMapper()
+		if err != nil {
+			return err
+		}
+		r, err := prune.ParseResources(rm, whiteListResources)
+		if err != nil {
+			return err
+		}
+		applyOpts.PruneResources = append(applyOpts.PruneResources, r...)
+	}
+
 	applyOpts.ForceConflicts = opt.Force
 	applyOpts.Namespace = opt.Namespace
 	applyOpts.SetObjects(infos)
@@ -147,7 +176,8 @@ func (d *DirectApplier) Apply(ctx context.Context, opt ApplierOptions) error {
 		return applyOpts.PrintFlags.ToPrinter()
 	}
 	applyOpts.DeleteOptions = &cmdDelete.DeleteOptions{
-		IOStreams: ioStreams,
+		IOStreams:         ioStreams,
+		CascadingStrategy: opt.CascadingStrategy,
 	}
 
 	if err := d.inner.Run(applyOpts); err != nil {
diff --git a/pkg/patterns/declarative/pkg/applier/direct_test.go b/pkg/patterns/declarative/pkg/applier/direct_test.go
@@ -152,26 +152,33 @@ metadata:
 				return nil
 			},
 		},
-		//		{
-		//			name:      "manifest with prune and prune-whitelist",
-		//			namespace: "",
-		//			manifest: `---
-		//apiVersion: v1
-		//kind: ServiceAccount
-		//metadata:
-		//  name: foo-operator
-		//  namespace: kube-system`,
-		//			args: []string{"--prune", "--prune-whitelist=hello-world"},
-		//			expectApplyOptions: &apply.ApplyOptions{
-		//				Prune: true,
-		//			},
-		//			expectCheckFunc: func(opt *apply.ApplyOptions) error {
-		//				if opt.Prune != true {
-		//					return fmt.Errorf("prune is not set")
-		//				}
-		//				return nil
-		//			},
-		//		},
+		{
+			name:      "manifest with prune, prune-whitelist and selector",
+			namespace: "",
+			manifest: `---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: foo-operator
+  namespace: kube-system`,
+			args: []string{"--prune", "--selector", "label=true", "--prune-whitelist", "core/v1/Namespace", "--prune-whitelist", "core/v1/Service"},
+			// TODO is this used somewhere?
+			expectApplyOptions: &apply.ApplyOptions{
+				Prune: true,
+			},
+			expectCheckFunc: func(opt *apply.ApplyOptions) error {
+				if opt.Prune != true {
+					return fmt.Errorf("prune is not set")
+				}
+				if len(opt.PruneResources) != 2 {
+					return fmt.Errorf("prune resources are not set correctly, found %s", opt.PruneResources)
+				}
+				if opt.Selector != "label=true" {
+					return fmt.Errorf("selector is not set as expected, found %s", opt.Selector)
+				}
+				return nil
+			},
+		},
 	}
 
 	for _, test := range tests {
diff --git a/pkg/patterns/declarative/pkg/applier/exec.go b/pkg/patterns/declarative/pkg/applier/exec.go
@@ -135,6 +135,7 @@ func (c *ExecKubectl) Apply(ctx context.Context, opt ApplierOptions) error {
 	if opt.Force {
 		args = append(args, "--force")
 	}
+
 	args = append(args, opt.ExtraArgs...)
 	args = append(args, "-f", "-")
 
diff --git a/pkg/patterns/declarative/pkg/applier/type.go b/pkg/patterns/declarative/pkg/applier/type.go
@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/rest"
 )
 
@@ -19,6 +20,11 @@ type ApplierOptions struct {
 	Namespace  string
 	Validate   bool
 
+	CascadingStrategy metav1.DeletionPropagation
+
+	PruneWhitelist []string
+	Prune          bool
+
 	// Force is set if we should "force" the apply.
 	// For server-side-apply, this corresponds to setting the force option, which ensures we take ownership
 	// even when another field manager owns a field.
diff --git a/pkg/patterns/declarative/reconciler.go b/pkg/patterns/declarative/reconciler.go
@@ -302,18 +302,20 @@ func (r *Reconciler) reconcileExists(ctx context.Context, name types.NamespacedN
 		}
 	}
 
-	applyOpt := applier.ApplierOptions{
+	applierOpt := applier.ApplierOptions{
 		RESTConfig: r.config,
 		RESTMapper: r.restMapper,
 		Namespace:  ns,
 		Manifest:   manifestStr,
 		Validate:   r.options.validate,
 		ExtraArgs:  extraArgs,
 		Force:      true,
+		// TODO Make this configurable
+		CascadingStrategy: "Foreground",
 	}
 
 	applier := r.options.applier
-	if err := applier.Apply(ctx, applyOpt); err != nil {
+	if err := applier.Apply(ctx, applierOpt); err != nil {
 		log.Error(err, "applying manifest")
 		return objects, fmt.Errorf("error applying manifest: %v", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -135,6 +135,7 @@ func (c *ExecKubectl) Apply(ctx context.Context, opt ApplierOptions) error {`
`135`	`135`	`if opt.Force {`
`136`	`136`	`args = append(args, "--force")`
`137`	`137`	`}`
	`138`	`+`
`138`	`139`	`args = append(args, opt.ExtraArgs...)`
`139`	`140`	`args = append(args, "-f", "-")`
`140`	`141`
Original file line number	Diff line number	Diff line change
`@@ -302,18 +302,20 @@ func (r *Reconciler) reconcileExists(ctx context.Context, name types.NamespacedN`
`302`	`302`	`}`
`303`	`303`	`}`
`304`	`304`
`305`		`- applyOpt := applier.ApplierOptions{`
	`305`	`+ applierOpt := applier.ApplierOptions{`
`306`	`306`	`RESTConfig: r.config,`
`307`	`307`	`RESTMapper: r.restMapper,`
`308`	`308`	`Namespace: ns,`
`309`	`309`	`Manifest: manifestStr,`
`310`	`310`	`Validate: r.options.validate,`
`311`	`311`	`ExtraArgs: extraArgs,`
`312`	`312`	`Force: true,`
	`313`	`+ // TODO Make this configurable`
	`314`	`+ CascadingStrategy: "Foreground",`
`313`	`315`	`}`
`314`	`316`
`315`	`317`	`applier := r.options.applier`
`316`		`- if err := applier.Apply(ctx, applyOpt); err != nil {`
	`318`	`+ if err := applier.Apply(ctx, applierOpt); err != nil {`
`317`	`319`	`log.Error(err, "applying manifest")`
`318`	`320`	`return objects, fmt.Errorf("error applying manifest: %v", err)`
`319`	`321`	`}`