Merge pull request #3 from DocPlanner/feat/cross-namespaced-credentials-optional-vhost

feat: Add cross-namespace credentials & make vhost optional on regex

Author: achetronic

README.md

@@ -58,23 +58,30 @@ spec:
   # Configuration parameters to be able to connect with RabbitMQ
   rabbitConnection:
     url: "https://your-server.rmq.cloudamqp.com"
-    vhost: "shared"
     queue: "your-queue-here"
     useRegex: true
 
-    # Setting credentials is optional.
-    # ATTENTION: If set, BOT are required
+    # (Optional) Vhost can be set (or not) when searching queues using regex patterns,
+    # (Mandatory) Vhost is required for searches based on exact queue names.
+    vhost: "shared"
+
+    # (Optional) Credentials to authenticate against endpoint.
+    # If set, both are required
     credentials:
       username:
         secretRef:
           name: testing-secret
           key: RABBITMQ_USERNAME
+
+          # (Optional) Getting credentials from other namespace is possible too
+          # When namespace is not defined, the same where this WorkloadAction CR is running will be used
+          namespace: default
       password:
         secretRef:
           name: testing-secret
           key: RABBITMQ_PASSWORD
 
-  # Additional sources to get information from.
+  # (Optional) Additional sources to get information from.
   # This sources can be used on condition.value
   additionalSources:
     - apiVersion: apps/v1
@@ -83,10 +90,13 @@ spec:
       namespace: default
 
   # This is the condition that will trigger the execution of the action.
-  # The 'key' field admits dot notation, and it's covered by gjson
-  # Ref: https://github.com/tidwall/gjson
   condition:
+    # The 'key' field admits dot notation, and it's covered by gjson
+    # Ref: https://github.com/tidwall/gjson
     key: "test"
+
+    # Additional sources from 'additionalSources' field can be used here to craft complex values using the pattern:
+    # [index]{{ gjson }}
     value: "something"
 
   # Action to do with the workload when the condition is met

api/v1alpha1/workloadaction_types.go

@@ -23,11 +23,14 @@ import (
 
 // SecretKeyReferenceSpec represents a reference to a Secret resource in the same namespace
 type SecretKeyReferenceSpec struct {
+	// Namespace of the Secret.
+	Namespace string `json:"namespace,omitempty"`
+
 	// Name of the Secret.
 	Name string `json:"name"`
 
-	// Key in the Secret, when not specified an implementation-specific default key is used.
-	Key string `json:"key,omitempty"`
+	// Key in the Secret.
+	Key string `json:"key"`
 }
 
 // SynchronizationSpec defines the spec of the synchronization section of a WorkloadAction
@@ -49,7 +52,7 @@ type RabbitConnectionCredentialsSpec struct {
 // RabbitConnectionSpec represents the connection settings to connect with RabbitMQ admin API
 type RabbitConnectionSpec struct {
 	Url         string                          `json:"url"`
-	Vhost       string                          `json:"vhost"`
+	Vhost       string                          `json:"vhost,omitempty"`
 	Queue       string                          `json:"queue"`
 	UseRegex    bool                            `json:"useRegex,omitempty"`
 	Credentials RabbitConnectionCredentialsSpec `json:"credentials,omitempty"`

config/crd/bases/rabbit-stalker.docplanner.com_workloadactions.yaml

@@ -153,13 +153,16 @@ spec:
                               to a Secret resource in the same namespace
                             properties:
                               key:
-                                description: Key in the Secret, when not specified
-                                  an implementation-specific default key is used.
+                                description: Key in the Secret.
                                 type: string
                               name:
                                 description: Name of the Secret.
                                 type: string
+                              namespace:
+                                description: Namespace of the Secret.
+                                type: string
                             required:
+                            - key
                             - name
                             type: object
                         required:
@@ -174,13 +177,16 @@ spec:
                               to a Secret resource in the same namespace
                             properties:
                               key:
-                                description: Key in the Secret, when not specified
-                                  an implementation-specific default key is used.
+                                description: Key in the Secret.
                                 type: string
                               name:
                                 description: Name of the Secret.
                                 type: string
+                              namespace:
+                                description: Namespace of the Secret.
+                                type: string
                             required:
+                            - key
                             - name
                             type: object
                         required:
@@ -201,7 +207,6 @@ spec:
                 required:
                 - queue
                 - url
-                - vhost
                 type: object
               synchronization:
                 description: SynchronizationSpec defines the behavior of synchronization

config/samples/rabbit-stalker_v1alpha1_workloadaction.yaml

@@ -15,17 +15,24 @@ spec:
   # Configuration
   rabbitConnection:
     url: "https://your-server.rmq.cloudamqp.com"
-    vhost: "shared"
     queue: "your-queue-here"
     useRegex: true
 
+    # (Optional) Vhost can be set (or not) when searching queues using regex patterns,
+    # (Mandatory) Vhost is required for searches based on exact queue names.
+    vhost: "shared"
+
     # (Optional) Credentials to authenticate against endpoint.
     # If set, both are required
     credentials:
       username:
         secretRef:
           name: testing-secret
           key: RABBITMQ_USERNAME
+
+          # (Optional) Getting credentials from other namespace is possible too
+          # When namespace is not defined, the same where this WorkloadAction CR is running will be used
+          namespace: default
       password:
         secretRef:
           name: testing-secret
@@ -46,7 +53,7 @@ spec:
     key: |-
       consumer_details.#(channel_details.node==rabbit@fancy-monk-sample-01).channel_details.node
 
-    # Additional sources can be used here to craft complex values using the following pattern:
+    # Additional sources from 'additionalSources' field can be used here to craft complex values using the pattern:
     # [index]{{ gjson }}
     value: |-
       [0]{{ metadata.annotations.node }}

controllers/workloadaction_controller.go

@@ -19,7 +19,9 @@ package controllers
 import (
 	"context"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -126,7 +128,7 @@ func (r *WorkloadActionReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		return result, err
 	}
 	result = ctrl.Result{
-		Requeue:      true,
+		//Requeue:      true,
 		RequeueAfter: RequeueTime,
 	}
 
@@ -153,6 +155,6 @@ func (r *WorkloadActionReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 // SetupWithManager sets up the controller with the Manager.
 func (r *WorkloadActionReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
-		For(&rabbitstalkerv1alpha1.WorkloadAction{}).
+		For(&rabbitstalkerv1alpha1.WorkloadAction{}, builder.WithPredicates(predicate.GenerationChangedPredicate{})).
 		Complete(r)
 }

controllers/workloadaction_status.go

@@ -11,13 +11,17 @@ const (
 	// ConditionTypeWorkloadActionReady indicates that the WorkloadAction is ready to act or not
 	ConditionTypeWorkloadActionReady = "WorkloadActionReady"
 
+	// Workload not found
+	ConditionReasonWorkloadNotFound        = "WorkloadNotFound"
+	ConditionReasonWorkloadNotFoundMessage = "Workload resource was not found"
+
 	// Credentials not found
 	ConditionReasonCredentialsNotFound        = "CredentialsNotFound"
 	ConditionReasonCredentialsNotFoundMessage = "Credentials secret or key not found"
 
-	// Credentials not valid
-	//ConditionReasonCredentialsNotValid        = "CredentialsNotValid"
-	//ConditionReasonCredentialsNotValidMessage = "Credentials does not allow to authenticate"
+	// Required field not found
+	ConditionReasonRequiredFieldNotFound        = "RequiredFieldNotFound"
+	ConditionReasonRequiredFieldNotFoundMessage = "Required field not found. Is vhost set on literal queue name?"
 
 	// HTTPRequest failed
 	ConditionReasonUrlParsingFailed        = "UrlParsingFailed"
@@ -27,22 +31,22 @@ const (
 	ConditionReasonHttpResponseNotSuccessful        = "HttpRequestNotSuccessful"
 	ConditionReasonHttpResponseNotSuccessfulMessage = "Http request returned status code: %d"
 
+	// Queue not found
+	ConditionReasonQueueNotFound        = "QueueNotFound"
+	ConditionReasonQueueNotFoundMessage = "No queues were found with defined name"
+
+	// Condition value parsing failed
+	ConditionReasonConditionValueParsingFailed        = "ConditionValueParsingFailed"
+	ConditionReasonConditionValueParsingFailedMessage = "Condition value parsing process failed"
+
 	// HTTPResponse not valid
 	ConditionReasonHttpResponseNotValid        = "HttpResponseNotValid"
 	ConditionReasonHttpResponseNotValidMessage = "Response can not be parsed"
 
-	// Workload not found
-	ConditionReasonWorkloadNotFound        = "WorkloadNotFound"
-	ConditionReasonWorkloadNotFoundMessage = "Workload resource was not found"
-
 	// Action not valid
 	ConditionReasonInvalidAction        = "InvalidAction"
 	ConditionReasonInvalidActionMessage = "Action is invalid"
 
-	// Condition value parsing failed
-	ConditionReasonConditionValueParsingFailed        = "ConditionValueParsingFailed"
-	ConditionReasonConditionValueParsingFailedMessage = "Condition value parsing process failed"
-
 	// Action execution failed
 	ConditionReasonActionExecutionFailed        = "ActionExecutionFailed"
 	ConditionReasonActionExecutionFailedMessage = "Action failed during execution"