chore: rebase and fork pkg for v0.8.2

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Author: aramase

cmd/secrets-store-csi-driver/main.go

@@ -25,6 +25,8 @@ import (
 	"strings"
 	"time"
 
+	"k8s.io/apimachinery/pkg/runtime/schema"
+
 	"sigs.k8s.io/secrets-store-csi-driver/pkg/cache"
 	"sigs.k8s.io/secrets-store-csi-driver/pkg/metrics"
 	"sigs.k8s.io/secrets-store-csi-driver/pkg/rotation"
@@ -110,18 +112,18 @@ func main() {
 
 	// this enables filtered watch of pods based on the node name
 	// only pods running on the same node as the csi driver will be cached
-	fieldSelectorByResource := map[string]string{
-		"pods": fields.OneTermEqualSelector("spec.nodeName", *nodeID).String(),
+	fieldSelectorByResource := map[schema.GroupResource]string{
+		{Group: "", Resource: "pods"}: fields.OneTermEqualSelector("spec.nodeName", *nodeID).String(),
 	}
 	// this enables filtered watch of secretproviderclasspodstatuses based on the internal node label
 	// internal.secrets-store.csi.k8s.io/node-name=<node name> added by csi driver
-	labelSelectorByResource := map[string]string{
-		"secretproviderclasspodstatuses": fmt.Sprintf("%s=%s", v1alpha1.InternalNodeLabel, *nodeID),
+	labelSelectorByResource := map[schema.GroupResource]string{
+		{Group: "", Resource: "secretproviderclasspodstatuses"}: fmt.Sprintf("%s=%s", v1alpha1.InternalNodeLabel, *nodeID),
 	}
 	// this enables filtered watch of secrets based on the label (secrets-store.csi.k8s.io/managed=true)
 	// added to the secrets created by the CSI driver
 	if *filteredWatchSecret {
-		labelSelectorByResource["secrets"] = fmt.Sprintf("%s=true", controllers.SecretManagedLabel)
+		labelSelectorByResource[schema.GroupResource{Group: "", Resource: "secrets"}] = fmt.Sprintf("%s=true", controllers.SecretManagedLabel)
 	}
 
 	mgr, err := ctrl.NewManager(cfg, ctrl.Options{

controllers/secretproviderclasspodstatus_controller.go

@@ -364,26 +364,23 @@ func (r *SecretProviderClassPodStatusReconciler) SetupWithManager(mgr ctrl.Manag
 func (r *SecretProviderClassPodStatusReconciler) belongsToNodePredicate() predicate.Funcs {
 	return predicate.Funcs{
 		UpdateFunc: func(e event.UpdateEvent) bool {
-			return r.processIfBelongsToNode(e.ObjectNew, e.MetaNew)
+			return r.processIfBelongsToNode(e.ObjectNew)
 		},
 		CreateFunc: func(e event.CreateEvent) bool {
-			return r.processIfBelongsToNode(e.Object, e.Meta)
+			return r.processIfBelongsToNode(e.Object)
 		},
 		DeleteFunc: func(e event.DeleteEvent) bool {
 			return false
 		},
 		GenericFunc: func(e event.GenericEvent) bool {
-			return r.processIfBelongsToNode(e.Object, e.Meta)
+			return r.processIfBelongsToNode(e.Object)
 		},
 	}
 }
 
 // processIfBelongsToNode determines if the secretproviderclasspodstatus belongs to the node based on the
 // internal.secrets-store.csi.k8s.io/node-name: <node name> label. If belongs to node, then the spcps is processed.
-func (r *SecretProviderClassPodStatusReconciler) processIfBelongsToNode(obj runtime.Object, objMeta metav1.Object) bool {
-	if _, ok := obj.(*v1alpha1.SecretProviderClassPodStatus); !ok {
-		return false
-	}
+func (r *SecretProviderClassPodStatusReconciler) processIfBelongsToNode(objMeta metav1.Object) bool {
 	node, ok := objMeta.GetLabels()[v1alpha1.InternalNodeLabel]
 	if !ok {
 		return false

pkg/cache/README.md

@@ -0,0 +1,7 @@
+# sigs.k8s.io/controller-runtime/pkg/cache
+
+The cache package has been forked from [`sigs.k8s.io/controller-runtime@a8c19c49e49cfba2aa486ff322cbe5222d6da533 (v0.8.2)`](https://github.com/kubernetes-sigs/controller-runtime/releases/tag/v0.8.2).
+
+This fork has been modified to add the ability to perform filtered `ListWatch` based on the field or label selectors.
+
+The original code for the cache package can be found at [https://github.com/kubernetes-sigs/controller-runtime/tree/v0.8.2/pkg/cache](https://github.com/kubernetes-sigs/controller-runtime/tree/v0.8.2/pkg/cache). We'll switch to using the default cache package in controller-runtime after this [Enable filtered list watches as watches](https://github.com/kubernetes-sigs/controller-runtime/issues/244) is implemented.

pkg/cache/cache.go

@@ -22,6 +22,7 @@ import (
 
 	"sigs.k8s.io/secrets-store-csi-driver/pkg/cache/internal"
 
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -31,15 +32,20 @@ import (
 
 var log = ctrl.Log.WithName("object-cache")
 
-var defaultResyncTime = 10 * time.Hour
-
 // Options are the optional arguments for creating a new InformersMap object
 type Options struct {
 	crcache.Options
-	FieldSelectorByResource map[string]string
-	LabelSelectorByResource map[string]string
+	// FieldSelectorByResource restricts the cache's ListWatch to the resources with desired field
+	// Default watches resources with any field
+	FieldSelectorByResource map[schema.GroupResource]string
+
+	// LabelSelectorByResource restricts the cache's ListWatch to the resources with desired label
+	// Default watches resources with any label
+	LabelSelectorByResource map[schema.GroupResource]string
 }
 
+var defaultResyncTime = 10 * time.Hour
+
 // New initializes and returns a new Cache.
 func New(config *rest.Config, opts Options) (crcache.Cache, error) {
 	opts, err := defaultOpts(config, opts)

pkg/cache/informer_cache.go

@@ -22,14 +22,15 @@ import (
 	"reflect"
 	"strings"
 
+	crcache "sigs.k8s.io/controller-runtime/pkg/cache"
+
 	"sigs.k8s.io/secrets-store-csi-driver/pkg/cache/internal"
 
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/tools/cache"
-	crcache "sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 )
@@ -53,7 +54,7 @@ type informerCache struct {
 }
 
 // Get implements Reader
-func (ip *informerCache) Get(ctx context.Context, key client.ObjectKey, out runtime.Object) error {
+func (ip *informerCache) Get(ctx context.Context, key client.ObjectKey, out client.Object) error {
 	gvk, err := apiutil.GVKForObject(out, ip.Scheme)
 	if err != nil {
 		return err
@@ -71,7 +72,7 @@ func (ip *informerCache) Get(ctx context.Context, key client.ObjectKey, out runt
 }
 
 // List implements Reader
-func (ip *informerCache) List(ctx context.Context, out runtime.Object, opts ...client.ListOption) error {
+func (ip *informerCache) List(ctx context.Context, out client.ObjectList, opts ...client.ListOption) error {
 
 	gvk, cacheTypeObj, err := ip.objectTypeForListObject(out)
 	if err != nil {
@@ -93,7 +94,7 @@ func (ip *informerCache) List(ctx context.Context, out runtime.Object, opts ...c
 // objectTypeForListObject tries to find the runtime.Object and associated GVK
 // for a single object corresponding to the passed-in list type. We need them
 // because they are used as cache map key.
-func (ip *informerCache) objectTypeForListObject(list runtime.Object) (*schema.GroupVersionKind, runtime.Object, error) {
+func (ip *informerCache) objectTypeForListObject(list client.ObjectList) (*schema.GroupVersionKind, runtime.Object, error) {
 	gvk, err := apiutil.GVKForObject(list, ip.Scheme)
 	if err != nil {
 		return nil, nil, err
@@ -148,7 +149,7 @@ func (ip *informerCache) GetInformerForKind(ctx context.Context, gvk schema.Grou
 }
 
 // GetInformer returns the informer for the obj
-func (ip *informerCache) GetInformer(ctx context.Context, obj runtime.Object) (crcache.Informer, error) {
+func (ip *informerCache) GetInformer(ctx context.Context, obj client.Object) (crcache.Informer, error) {
 	gvk, err := apiutil.GVKForObject(obj, ip.Scheme)
 	if err != nil {
 		return nil, err
@@ -172,7 +173,7 @@ func (ip *informerCache) NeedLeaderElection() bool {
 // to List. For one-to-one compatibility with "normal" field selectors, only return one value.
 // The values may be anything.  They will automatically be prefixed with the namespace of the
 // given object, if present.  The objects passed are guaranteed to be objects of the correct type.
-func (ip *informerCache) IndexField(ctx context.Context, obj runtime.Object, field string, extractValue client.IndexerFunc) error {
+func (ip *informerCache) IndexField(ctx context.Context, obj client.Object, field string, extractValue client.IndexerFunc) error {
 	informer, err := ip.GetInformer(ctx, obj)
 	if err != nil {
 		return err
@@ -183,7 +184,7 @@ func (ip *informerCache) IndexField(ctx context.Context, obj runtime.Object, fie
 func indexByField(indexer crcache.Informer, field string, extractor client.IndexerFunc) error {
 	indexFunc := func(objRaw interface{}) ([]string, error) {
 		// TODO(directxman12): check if this is the correct type?
-		obj, isObj := objRaw.(runtime.Object)
+		obj, isObj := objRaw.(client.Object)
 		if !isObj {
 			return nil, fmt.Errorf("object of type %T is not an Object", objRaw)
 		}

pkg/cache/internal/cache_reader.go

@@ -29,6 +29,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/selection"
 	"k8s.io/client-go/tools/cache"
+
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
@@ -42,10 +43,16 @@ type CacheReader struct {
 
 	// groupVersionKind is the group-version-kind of the resource.
 	groupVersionKind schema.GroupVersionKind
+
+	// scopeName is the scope of the resource (namespaced or cluster-scoped).
+	scopeName apimeta.RESTScopeName
 }
 
 // Get checks the indexer for the object and writes a copy of it if found
-func (c *CacheReader) Get(_ context.Context, key client.ObjectKey, out runtime.Object) error {
+func (c *CacheReader) Get(_ context.Context, key client.ObjectKey, out client.Object) error {
+	if c.scopeName == apimeta.RESTScopeNameRoot {
+		key.Namespace = ""
+	}
 	storeKey := objectKeyToStoreKey(key)
 
 	// Lookup the object from the indexer cache
@@ -87,7 +94,7 @@ func (c *CacheReader) Get(_ context.Context, key client.ObjectKey, out runtime.O
 }
 
 // List lists items out of the indexer and writes them to out
-func (c *CacheReader) List(_ context.Context, out runtime.Object, opts ...client.ListOption) error {
+func (c *CacheReader) List(_ context.Context, out client.ObjectList, opts ...client.ListOption) error {
 	var objs []interface{}
 	var err error
 

pkg/cache/internal/deleg_map.go

@@ -21,6 +21,7 @@ import (
 	"time"
 
 	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -31,10 +32,12 @@ import (
 // InformersMap create and caches Informers for (runtime.Object, schema.GroupVersionKind) pairs.
 // It uses a standard parameter codec constructed based on the given generated Scheme.
 type InformersMap struct {
-	// we abstract over the details of structured vs unstructured with the specificInformerMaps
+	// we abstract over the details of structured/unstructured/metadata with the specificInformerMaps
+	// TODO(directxman12): genericize this over different projections now that we have 3 different maps
 
 	structured   *specificInformersMap
 	unstructured *specificInformersMap
+	metadata     *specificInformersMap
 
 	// Scheme maps runtime.Objects to GroupVersionKinds
 	Scheme *runtime.Scheme
@@ -47,58 +50,72 @@ func NewInformersMap(config *rest.Config,
 	mapper meta.RESTMapper,
 	resync time.Duration,
 	namespace string,
-	fieldSelectorByResource, labelSelectorByResource map[string]string) *InformersMap {
+	fieldSelectorByResource, labelSelectorByResource map[schema.GroupResource]string) *InformersMap {
 
 	return &InformersMap{
 		structured:   newStructuredInformersMap(config, scheme, mapper, resync, namespace, fieldSelectorByResource, labelSelectorByResource),
 		unstructured: newUnstructuredInformersMap(config, scheme, mapper, resync, namespace, fieldSelectorByResource, labelSelectorByResource),
+		metadata:     newMetadataInformersMap(config, scheme, mapper, resync, namespace, fieldSelectorByResource, labelSelectorByResource),
 
 		Scheme: scheme,
 	}
 }
 
-// Start calls Run on each of the informers and sets started to true.  Blocks on the stop channel.
-func (m *InformersMap) Start(stop <-chan struct{}) error {
-	go m.structured.Start(stop)
-	go m.unstructured.Start(stop)
-	<-stop
+// Start calls Run on each of the informers and sets started to true.  Blocks on the context.
+func (m *InformersMap) Start(ctx context.Context) error {
+	go m.structured.Start(ctx)
+	go m.unstructured.Start(ctx)
+	go m.metadata.Start(ctx)
+	<-ctx.Done()
 	return nil
 }
 
 // WaitForCacheSync waits until all the caches have been started and synced.
-func (m *InformersMap) WaitForCacheSync(stop <-chan struct{}) bool {
+func (m *InformersMap) WaitForCacheSync(ctx context.Context) bool {
 	syncedFuncs := append([]cache.InformerSynced(nil), m.structured.HasSyncedFuncs()...)
 	syncedFuncs = append(syncedFuncs, m.unstructured.HasSyncedFuncs()...)
+	syncedFuncs = append(syncedFuncs, m.metadata.HasSyncedFuncs()...)
 
-	if !m.structured.waitForStarted(stop) {
+	if !m.structured.waitForStarted(ctx) {
 		return false
 	}
-	if !m.unstructured.waitForStarted(stop) {
+	if !m.unstructured.waitForStarted(ctx) {
 		return false
 	}
-	return cache.WaitForCacheSync(stop, syncedFuncs...)
+	if !m.metadata.waitForStarted(ctx) {
+		return false
+	}
+	return cache.WaitForCacheSync(ctx.Done(), syncedFuncs...)
 }
 
 // Get will create a new Informer and add it to the map of InformersMap if none exists.  Returns
 // the Informer from the map.
 func (m *InformersMap) Get(ctx context.Context, gvk schema.GroupVersionKind, obj runtime.Object) (bool, *MapEntry, error) {
-	_, isUnstructured := obj.(*unstructured.Unstructured)
-	_, isUnstructuredList := obj.(*unstructured.UnstructuredList)
-	isUnstructured = isUnstructured || isUnstructuredList
-
-	if isUnstructured {
+	switch obj.(type) {
+	case *unstructured.Unstructured:
+		return m.unstructured.Get(ctx, gvk, obj)
+	case *unstructured.UnstructuredList:
 		return m.unstructured.Get(ctx, gvk, obj)
+	case *metav1.PartialObjectMetadata:
+		return m.metadata.Get(ctx, gvk, obj)
+	case *metav1.PartialObjectMetadataList:
+		return m.metadata.Get(ctx, gvk, obj)
+	default:
+		return m.structured.Get(ctx, gvk, obj)
 	}
-
-	return m.structured.Get(ctx, gvk, obj)
 }
 
 // newStructuredInformersMap creates a new InformersMap for structured objects.
-func newStructuredInformersMap(config *rest.Config, scheme *runtime.Scheme, mapper meta.RESTMapper, resync time.Duration, namespace string, fieldSelectorByResource, labelSelectorByResource map[string]string) *specificInformersMap {
-	return newSpecificInformersMap(config, scheme, mapper, resync, namespace, fieldSelectorByResource, labelSelectorByResource, createStructuredListWatch)
+func newStructuredInformersMap(config *rest.Config, scheme *runtime.Scheme, mapper meta.RESTMapper, resync time.Duration, namespace string, fieldSelectorByResource, labelSelectorByResource map[schema.GroupResource]string) *specificInformersMap {
+	return newSpecificInformersMap(config, scheme, mapper, resync, namespace, createStructuredListWatch, fieldSelectorByResource, labelSelectorByResource)
 }
 
 // newUnstructuredInformersMap creates a new InformersMap for unstructured objects.
-func newUnstructuredInformersMap(config *rest.Config, scheme *runtime.Scheme, mapper meta.RESTMapper, resync time.Duration, namespace string, fieldSelectorByResource, labelSelectorByResource map[string]string) *specificInformersMap {
-	return newSpecificInformersMap(config, scheme, mapper, resync, namespace, fieldSelectorByResource, labelSelectorByResource, createUnstructuredListWatch)
+func newUnstructuredInformersMap(config *rest.Config, scheme *runtime.Scheme, mapper meta.RESTMapper, resync time.Duration, namespace string, fieldSelectorByResource, labelSelectorByResource map[schema.GroupResource]string) *specificInformersMap {
+	return newSpecificInformersMap(config, scheme, mapper, resync, namespace, createUnstructuredListWatch, fieldSelectorByResource, labelSelectorByResource)
+}
+
+// newMetadataInformersMap creates a new InformersMap for metadata-only objects.
+func newMetadataInformersMap(config *rest.Config, scheme *runtime.Scheme, mapper meta.RESTMapper, resync time.Duration, namespace string, fieldSelectorByResource, labelSelectorByResource map[schema.GroupResource]string) *specificInformersMap {
+	return newSpecificInformersMap(config, scheme, mapper, resync, namespace, createMetadataListWatch, fieldSelectorByResource, labelSelectorByResource)
 }