diff --git a/manifests/03-deployment.yaml b/manifests/03-deployment.yaml index 0ba6ad3b16..555aa707cd 100644 --- a/manifests/03-deployment.yaml +++ b/manifests/03-deployment.yaml @@ -81,7 +81,7 @@ spec: resources: requests: cpu: 10m - memory: 150Mi + memory: 20Mi terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/configmaps/trusted-ca-bundle diff --git a/pkg/apis/cloudcredential/v1/codec.go b/pkg/apis/cloudcredential/v1/codec.go index 3c96b0b5d7..47f4793ca8 100644 --- a/pkg/apis/cloudcredential/v1/codec.go +++ b/pkg/apis/cloudcredential/v1/codec.go @@ -22,12 +22,23 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" ) -// NewScheme creates a new Scheme -func NewScheme() (*runtime.Scheme, error) { - s := runtime.NewScheme() - return s, SchemeBuilder.AddToScheme(s) +var scheme = runtime.NewScheme() +var codecFactory = serializer.NewCodecFactory(scheme) +var encoder runtime.Encoder = nil +var Codec *ProviderCodec = nil + +func init() { + utilruntime.Must(Install(scheme)) + var err error + encoder, err = newEncoder(&codecFactory) + utilruntime.Must(err) + Codec = &ProviderCodec{ + encoder: encoder, + decoder: codecFactory.UniversalDecoder(SchemeGroupVersion), + } } // ProviderCodec is a runtime codec for providers. @@ -37,24 +48,6 @@ type ProviderCodec struct { decoder runtime.Decoder } -// NewCodec creates a serializer/deserializer for the provider configuration -func NewCodec() (*ProviderCodec, error) { - scheme, err := NewScheme() - if err != nil { - return nil, err - } - codecFactory := serializer.NewCodecFactory(scheme) - encoder, err := newEncoder(&codecFactory) - if err != nil { - return nil, err - } - codec := ProviderCodec{ - encoder: encoder, - decoder: codecFactory.UniversalDecoder(SchemeGroupVersion), - } - return &codec, nil -} - // EncodeProvider serializes an object to the provider spec. func (codec *ProviderCodec) EncodeProviderSpec(in runtime.Object) (*runtime.RawExtension, error) { var buf bytes.Buffer diff --git a/pkg/aws/actuator/actuator.go b/pkg/aws/actuator/actuator.go index 34e95c9a6b..c00be845c9 100644 --- a/pkg/aws/actuator/actuator.go +++ b/pkg/aws/actuator/actuator.go @@ -72,7 +72,6 @@ type AWSActuator struct { Client client.Client RootCredClient client.Client LiveClient client.Client - Codec *minterv1.ProviderCodec AWSClientBuilder func(accessKeyID, secretAccessKey []byte, c client.Client) (ccaws.Client, error) Scheme *runtime.Scheme AWSSecurityTokenServiceGateEnabled bool @@ -80,14 +79,7 @@ type AWSActuator struct { // NewAWSActuator creates a new AWSActuator. func NewAWSActuator(client, rootCredClient, liveClient client.Client, scheme *runtime.Scheme, awsSecurityTokenServiceGateEnabled bool) (*AWSActuator, error) { - codec, err := minterv1.NewCodec() - if err != nil { - log.WithError(err).Error("error creating AWS codec") - return nil, fmt.Errorf("error creating AWS codec: %v", err) - } - return &AWSActuator{ - Codec: codec, Client: client, LiveClient: liveClient, RootCredClient: rootCredClient, @@ -183,12 +175,12 @@ func (a *AWSActuator) needsUpdate(ctx context.Context, cr *minterv1.CredentialsR return true, nil } - awsSpec, err := DecodeProviderSpec(a.Codec, cr) + awsSpec, err := DecodeProviderSpec(minterv1.Codec, cr) if err != nil { return true, err } - awsStatus, err := DecodeProviderStatus(a.Codec, cr) + awsStatus, err := DecodeProviderStatus(minterv1.Codec, cr) if err != nil { return true, fmt.Errorf("unable to decode ProviderStatus: %v", err) } @@ -354,7 +346,7 @@ func (a *AWSActuator) sync(ctx context.Context, cr *minterv1.CredentialsRequest) logger.Infof("stsDetected: %v", stsDetected) if stsFeatureGateEnabled && stsDetected { logger.Debug("actuator detected STS enabled cluster, enabling STS secret brokering for CredentialsRequests providing an IAM Role ARN") - awsSTSIAMRoleARN, err := awsSTSIAMRoleARN(a.Codec, cr) + awsSTSIAMRoleARN, err := awsSTSIAMRoleARN(minterv1.Codec, cr) if err != nil { return err } @@ -501,7 +493,7 @@ func (a *AWSActuator) syncPassthrough(ctx context.Context, cr *minterv1.Credenti } } - awsSpec, err := DecodeProviderSpec(a.Codec, cr) + awsSpec, err := DecodeProviderSpec(minterv1.Codec, cr) if err != nil { msg := "error decoding AWS ProviderSpec" logger.WithError(err).Error(msg) @@ -547,12 +539,12 @@ func (a *AWSActuator) syncPassthrough(ctx context.Context, cr *minterv1.Credenti func (a *AWSActuator) syncMint(ctx context.Context, cr *minterv1.CredentialsRequest, logger log.FieldLogger) error { var err error - awsSpec, err := DecodeProviderSpec(a.Codec, cr) + awsSpec, err := DecodeProviderSpec(minterv1.Codec, cr) if err != nil { return err } - awsStatus, err := DecodeProviderStatus(a.Codec, cr) + awsStatus, err := DecodeProviderStatus(minterv1.Codec, cr) if err != nil { return err } @@ -769,7 +761,7 @@ func userHasExpectedTags(logger log.FieldLogger, user *iam.User, infraName, clus func (a *AWSActuator) updateProviderStatus(ctx context.Context, logger log.FieldLogger, cr *minterv1.CredentialsRequest, awsStatus *minterv1.AWSProviderStatus) error { var err error - cr.Status.ProviderStatus, err = a.Codec.EncodeProviderStatus(awsStatus) + cr.Status.ProviderStatus, err = minterv1.Codec.EncodeProviderStatus(awsStatus) if err != nil { logger.WithError(err).Error("error encoding provider status") return err @@ -795,7 +787,7 @@ func (a *AWSActuator) Delete(ctx context.Context, cr *minterv1.CredentialsReques logger := a.getLogger(cr) logger.Debug("running Delete") var err error - awsStatus, err := DecodeProviderStatus(a.Codec, cr) + awsStatus, err := DecodeProviderStatus(minterv1.Codec, cr) if err != nil { return err } @@ -993,7 +985,7 @@ func (a *AWSActuator) buildReadAWSClient(cr *minterv1.CredentialsRequest) (minte // the root client. // and if our RO user is not yet live, we should just fall back to using the root user // if possible. - awsStatus, err := DecodeProviderStatus(a.Codec, cr) + awsStatus, err := DecodeProviderStatus(minterv1.Codec, cr) if err != nil { return nil, err } @@ -1373,12 +1365,8 @@ func (a *AWSActuator) loadClusterUUID(logger log.FieldLogger) (configv1.ClusterI } func isAWSCredentials(providerSpec *runtime.RawExtension) (bool, error) { - codec, err := minterv1.NewCodec() - if err != nil { - return false, err - } unknown := runtime.Unknown{} - err = codec.DecodeProviderSpec(providerSpec, &unknown) + err := minterv1.Codec.DecodeProviderSpec(providerSpec, &unknown) if err != nil { return false, err } diff --git a/pkg/aws/actuator/actuator_test.go b/pkg/aws/actuator/actuator_test.go index f8d38c5df3..56ddbfa513 100644 --- a/pkg/aws/actuator/actuator_test.go +++ b/pkg/aws/actuator/actuator_test.go @@ -76,11 +76,6 @@ func (a *awsClientBuilderRecorder) ClientBuilder(accessKeyID, secretAccessKey [] func TestCredentialsFetching(t *testing.T) { util.SetupScheme(scheme.Scheme) - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("failed to set up codec for tests: %v", err) - } - tests := []struct { name string existing []runtime.Object @@ -210,7 +205,6 @@ func TestCredentialsFetching(t *testing.T) { a := &AWSActuator{ Client: fakeClient, RootCredClient: fakeAdminClient, - Codec: codec, AWSClientBuilder: clientRecorder.ClientBuilder, } @@ -291,11 +285,6 @@ func TestGenerateUserName(t *testing.T) { func TestUpgradeable(t *testing.T) { util.SetupScheme(scheme.Scheme) - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("failed to set up codec for tests: %v", err) - } - tests := []struct { name string mode operatorv1.CloudCredentialsMode @@ -370,7 +359,6 @@ func TestUpgradeable(t *testing.T) { a := &AWSActuator{ RootCredClient: fakeClient, - Codec: codec, } cond := a.Upgradeable(test.mode) @@ -583,11 +571,6 @@ func (a *testAWSError) Error() string { func TestDetectSTS(t *testing.T) { schemeutils.SetupScheme(scheme.Scheme) - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("failed to set up codec for tests: %v", err) - } - tests := []struct { name string existing []runtime.Object @@ -604,7 +587,8 @@ func TestDetectSTS(t *testing.T) { }, CredentialsRequest: func() *minterv1.CredentialsRequest { cr := testCredentialsRequest() - cr.Spec.ProviderSpec, err = testAWSProviderConfig(codec, "") + var err error + cr.Spec.ProviderSpec, err = testAWSProviderConfig("") if err != nil { t.Log(err) t.FailNow() @@ -622,7 +606,8 @@ func TestDetectSTS(t *testing.T) { }, CredentialsRequest: func() *minterv1.CredentialsRequest { cr := testCredentialsRequest() - cr.Spec.ProviderSpec, err = testAWSProviderConfig(codec, "") + var err error + cr.Spec.ProviderSpec, err = testAWSProviderConfig("") if err != nil { t.Log(err) t.FailNow() @@ -641,7 +626,8 @@ func TestDetectSTS(t *testing.T) { }, CredentialsRequest: func() *minterv1.CredentialsRequest { cr := testCredentialsRequest() - cr.Spec.ProviderSpec, err = testAWSProviderConfig(codec, "cloud-token") + var err error + cr.Spec.ProviderSpec, err = testAWSProviderConfig("cloud-token") if err != nil { t.FailNow() } @@ -667,7 +653,6 @@ func TestDetectSTS(t *testing.T) { a := &AWSActuator{ Client: fakeClient, RootCredClient: fakeAdminClient, - Codec: codec, AWSSecurityTokenServiceGateEnabled: test.stsEnabled, } test.wantErr(t, a.sync(context.Background(), test.CredentialsRequest), fmt.Sprintf("sync(%v)", test.CredentialsRequest)) @@ -675,7 +660,7 @@ func TestDetectSTS(t *testing.T) { } } -func testAWSProviderConfig(codec *minterv1.ProviderCodec, awsSTSIAMRoleARN string) (*runtime.RawExtension, error) { +func testAWSProviderConfig(awsSTSIAMRoleARN string) (*runtime.RawExtension, error) { providerSpec := minterv1.AWSProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AWSProviderSpec", @@ -695,7 +680,7 @@ func testAWSProviderConfig(codec *minterv1.ProviderCodec, awsSTSIAMRoleARN strin if awsSTSIAMRoleARN != "" { providerSpec.STSIAMRoleARN = awsSTSIAMRoleARN } - awsProvSpec, err := codec.EncodeProviderSpec(&providerSpec) + awsProvSpec, err := minterv1.Codec.EncodeProviderSpec(&providerSpec) return awsProvSpec, err } diff --git a/pkg/aws/utils.go b/pkg/aws/utils.go index 2d9ec5dd4d..10c1deca3f 100644 --- a/pkg/aws/utils.go +++ b/pkg/aws/utils.go @@ -249,18 +249,13 @@ func readCredentialRequest(cr []byte) (*minterv1.CredentialsRequest, error) { func getCredentialRequestStatements(crBytes []byte) ([]minterv1.StatementEntry, error) { statementList := []minterv1.StatementEntry{} - awsCodec, err := minterv1.NewCodec() - if err != nil { - return statementList, fmt.Errorf("error creating credentialrequest codec: %v", err) - } - cr, err := readCredentialRequest(crBytes) if err != nil { return statementList, err } awsSpec := minterv1.AWSProviderSpec{} - err = awsCodec.DecodeProviderSpec(cr.Spec.ProviderSpec, &awsSpec) + err = minterv1.Codec.DecodeProviderSpec(cr.Spec.ProviderSpec, &awsSpec) if err != nil { return statementList, fmt.Errorf("error decoding spec.ProviderSpec: %v", err) } diff --git a/pkg/azure/actuator.go b/pkg/azure/actuator.go index 42f1651994..801445554e 100644 --- a/pkg/azure/actuator.go +++ b/pkg/azure/actuator.go @@ -46,7 +46,6 @@ var _ actuatoriface.Actuator = (*Actuator)(nil) // Actuator implements the CredentialsRequest Actuator interface to create credentials for Azure. type Actuator struct { client *clientWrapper - codec *minterv1.ProviderCodec credentialMinterBuilder credentialMinterBuilder } @@ -55,28 +54,20 @@ func (a *Actuator) STSFeatureGateEnabled() bool { } func NewActuator(c, rootCredClient client.Client, cloudName configv1.AzureCloudEnvironment) (*Actuator, error) { - codec, err := minterv1.NewCodec() - if err != nil { - log.WithError(err).Error("error creating Azure codec") - return nil, fmt.Errorf("error creating Azure codec: %v", err) - } - client := newClientWrapper(c, rootCredClient) return &Actuator{ client: client, - codec: codec, credentialMinterBuilder: func(logger log.FieldLogger, clientID, clientSecret, tenantID, subscriptionID string) (*AzureCredentialsMinter, error) { return NewAzureCredentialsMinter(logger, clientID, clientSecret, cloudName, tenantID, subscriptionID) }, }, nil } -func NewFakeActuator(c, rootCredClient client.Client, codec *minterv1.ProviderCodec, +func NewFakeActuator(c, rootCredClient client.Client, credentialMinterBuilder credentialMinterBuilder, ) *Actuator { return &Actuator{ client: newClientWrapper(c, rootCredClient), - codec: codec, credentialMinterBuilder: credentialMinterBuilder, } } @@ -96,12 +87,9 @@ func (a *Actuator) IsValidMode() error { } func isAzureCredentials(providerSpec *runtime.RawExtension) (bool, error) { - codec, err := minterv1.NewCodec() - if err != nil { - return false, err - } + var err error unknown := runtime.Unknown{} - err = codec.DecodeProviderSpec(providerSpec, &unknown) + err = minterv1.Codec.DecodeProviderSpec(providerSpec, &unknown) if err != nil { return false, err } @@ -152,7 +140,7 @@ func (a *Actuator) needsUpdate(ctx context.Context, cr *minterv1.CredentialsRequ } // If we still have lingering App Registration info, we should try to clean it up if possible - azureStatus, err := decodeProviderStatus(a.codec, cr) + azureStatus, err := decodeProviderStatus(minterv1.Codec, cr) if err != nil { return true, err } @@ -189,7 +177,7 @@ func (a *Actuator) Delete(ctx context.Context, cr *minterv1.CredentialsRequest) return err } - azureStatus, err := decodeProviderStatus(a.codec, cr) + azureStatus, err := decodeProviderStatus(minterv1.Codec, cr) if err != nil { return err } @@ -308,7 +296,7 @@ func decodeProviderSpec(codec *minterv1.ProviderCodec, cr *minterv1.CredentialsR func (a *Actuator) updateProviderStatus(ctx context.Context, logger log.FieldLogger, cr *minterv1.CredentialsRequest, azureStatus *minterv1.AzureProviderStatus) error { var err error - cr.Status.ProviderStatus, err = a.codec.EncodeProviderStatus(azureStatus) + cr.Status.ProviderStatus, err = minterv1.Codec.EncodeProviderStatus(azureStatus) if err != nil { logger.WithError(err).Error("error encoding provider status") return err @@ -343,7 +331,7 @@ func (a *Actuator) syncPassthrough(ctx context.Context, cr *minterv1.Credentials } func (a *Actuator) cleanupAfterPassthroughPivot(ctx context.Context, cr *minterv1.CredentialsRequest, cloudCredsSecret *corev1.Secret, logger log.FieldLogger) error { - azureStatus, err := decodeProviderStatus(a.codec, cr) + azureStatus, err := decodeProviderStatus(minterv1.Codec, cr) if err != nil { return err } diff --git a/pkg/azure/actuator_test.go b/pkg/azure/actuator_test.go index 24773fff47..7d1274ac7e 100644 --- a/pkg/azure/actuator_test.go +++ b/pkg/azure/actuator_test.go @@ -153,18 +153,15 @@ var ( ) func TestDecodeToUnknown(t *testing.T) { - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("failed to create codec %#v", err) - } + var err error var raw *runtime.RawExtension aps := minterv1.AzureProviderSpec{} - raw, err = codec.EncodeProviderSpec(&aps) + raw, err = minterv1.Codec.EncodeProviderSpec(&aps) if err != nil { t.Fatalf("failed to encode codec %#v", err) } unknown := runtime.Unknown{} - err = codec.DecodeProviderStatus(raw, &unknown) + err = minterv1.Codec.DecodeProviderStatus(raw, &unknown) if err != nil { t.Fatalf("should be able to decode to Unknown %#v", err) } @@ -180,13 +177,9 @@ func getCredRequest(t *testing.T, c client.Client) *minterv1.CredentialsRequest } func getProviderStatus(t *testing.T, cr *minterv1.CredentialsRequest) minterv1.AzureProviderStatus { - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("error creating Azure codec: %v", err) - } azStatus := minterv1.AzureProviderStatus{} - assert.NoError(t, codec.DecodeProviderStatus(cr.Status.ProviderStatus, &azStatus)) + assert.NoError(t, minterv1.Codec.DecodeProviderStatus(cr.Status.ProviderStatus, &azStatus)) return azStatus } @@ -200,11 +193,6 @@ func TestActuator(t *testing.T) { t.Fatal(err) } - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("error creating Azure codec: %v", err) - } - tests := []struct { name string existing []runtime.Object @@ -271,7 +259,7 @@ func TestActuator(t *testing.T) { AppID: testAppRegID, SecretLastResourceVersion: "oldVersion", } - encodedStatus, err := codec.EncodeProviderStatus(rawStatus) + encodedStatus, err := minterv1.Codec.EncodeProviderStatus(rawStatus) require.NoError(t, err, "error encoding status") cr.Status.ProviderStatus = encodedStatus @@ -349,7 +337,7 @@ func TestActuator(t *testing.T) { AppID: testAppRegID, // SecretLastResourceVersion: "oldVersion", } - encodedStatus, err := codec.EncodeProviderStatus(rawStatus) + encodedStatus, err := minterv1.Codec.EncodeProviderStatus(rawStatus) require.NoError(t, err, "error encoding status") cr.Status.ProviderStatus = encodedStatus @@ -431,7 +419,7 @@ func TestActuator(t *testing.T) { ServicePrincipalName: testAppRegName, AppID: testAppRegID, } - encodedStatus, err := codec.EncodeProviderStatus(rawStatus) + encodedStatus, err := minterv1.Codec.EncodeProviderStatus(rawStatus) require.NoError(t, err, "error encoding status") cr.Status.ProviderStatus = encodedStatus @@ -506,7 +494,6 @@ func TestActuator(t *testing.T) { actuator := azure.NewFakeActuator( fakeClient, fakeAdminClient, - codec, func(logger log.FieldLogger, clientID, clientSecret, tenantID, subscriptionID string) (*azure.AzureCredentialsMinter, error) { return azure.NewFakeAzureCredentialsMinter(logger, clientID, @@ -562,12 +549,7 @@ func generateDisplayName() string { } func testCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("error creating Azure codec: %v", err) - } - - rawObj, err := codec.EncodeProviderSpec(azureSpec) + rawObj, err := minterv1.Codec.EncodeProviderSpec(azureSpec) if err != nil { t.Fatalf("error decoding provider v1 spec: %v", err) } diff --git a/pkg/azure/request.go b/pkg/azure/request.go index 54f73f1df1..840e118767 100644 --- a/pkg/azure/request.go +++ b/pkg/azure/request.go @@ -25,19 +25,14 @@ type request struct { } func newRequest(cr *minterv1.CredentialsRequest) (*request, error) { - codec, err := minterv1.NewCodec() - if err != nil { - return nil, err - } - status := minterv1.AzureProviderStatus{} - err = codec.DecodeProviderStatus(cr.Status.ProviderStatus, &status) + err := minterv1.Codec.DecodeProviderStatus(cr.Status.ProviderStatus, &status) if err != nil { return nil, err } spec := minterv1.AzureProviderSpec{} - err = codec.DecodeProviderSpec(cr.Spec.ProviderSpec, &spec) + err = minterv1.Codec.DecodeProviderSpec(cr.Spec.ProviderSpec, &spec) if err != nil { return nil, err } diff --git a/pkg/cmd/operator/cmd.go b/pkg/cmd/operator/cmd.go index be2edb6879..64fcef22e5 100644 --- a/pkg/cmd/operator/cmd.go +++ b/pkg/cmd/operator/cmd.go @@ -186,13 +186,13 @@ func NewOperator() *cobra.Command { Cache: cache.Options{ ByObject: objectSelectors, }, + PprofBindAddress: ":6060", }) if err != nil { log.WithError(err).Fatal("unable to set up overall controller manager") } rootMgr, err := manager.New(cfg, manager.Options{ - MetricsBindAddress: ":2113", Cache: cache.Options{ ByObject: map[client.Object]cache.ByObject{ &corev1.Secret{}: { diff --git a/pkg/cmd/provisioning/alibabacloud/create-ram-users.go b/pkg/cmd/provisioning/alibabacloud/create-ram-users.go index 25afc3a31e..9f4d15a079 100644 --- a/pkg/cmd/provisioning/alibabacloud/create-ram-users.go +++ b/pkg/cmd/provisioning/alibabacloud/create-ram-users.go @@ -240,13 +240,8 @@ func createUserAndAttachPolicy(client alibabacloud.Client, name, targetDir strin policyName := generatePolicyName(fmt.Sprintf("%s-%s-%s-policy", name, credReq.Spec.SecretRef.Namespace, credReq.Spec.SecretRef.Name)) // Decode Alibaba CloudProviderSpec - codec, err := credreqv1.NewCodec() - if err != nil { - return errors.Wrap(err, "Failed to create credReq codec") - } - alibabaProviderSpec := credreqv1.AlibabaCloudProviderSpec{} - if err := codec.DecodeProviderSpec(credReq.Spec.ProviderSpec, &alibabaProviderSpec); err != nil { + if err := credreqv1.Codec.DecodeProviderSpec(credReq.Spec.ProviderSpec, &alibabaProviderSpec); err != nil { return errors.Wrap(err, "Failed to decode the provider spec") } diff --git a/pkg/cmd/provisioning/aws/create-iam-roles.go b/pkg/cmd/provisioning/aws/create-iam-roles.go index 5c68bf5ae0..901f1780b9 100644 --- a/pkg/cmd/provisioning/aws/create-iam-roles.go +++ b/pkg/cmd/provisioning/aws/create-iam-roles.go @@ -89,13 +89,8 @@ func createRole(awsClient aws.Client, name string, credReq *credreqv1.Credential roleName := fmt.Sprintf("%s-%s-%s", name, credReq.Spec.SecretRef.Namespace, credReq.Spec.SecretRef.Name) // Decode AWSProviderSpec - codec, err := credreqv1.NewCodec() - if err != nil { - return "", errors.Wrap(err, "Failed to create credReq codec") - } - awsProviderSpec := credreqv1.AWSProviderSpec{} - if err := codec.DecodeProviderSpec(credReq.Spec.ProviderSpec, &awsProviderSpec); err != nil { + if err := credreqv1.Codec.DecodeProviderSpec(credReq.Spec.ProviderSpec, &awsProviderSpec); err != nil { return "", errors.Wrap(err, "Failed to decode the provider spec") } diff --git a/pkg/cmd/provisioning/azure/create_managed_identities.go b/pkg/cmd/provisioning/azure/create_managed_identities.go index 45825e7a1a..7d246b3b2f 100644 --- a/pkg/cmd/provisioning/azure/create_managed_identities.go +++ b/pkg/cmd/provisioning/azure/create_managed_identities.go @@ -14,7 +14,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - armauthorization "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi" credreqv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1" @@ -82,11 +82,7 @@ func createManagedIdentity(client *azureclients.AzureClientWrapper, name, resour // Decode CredentialsRequest.Spec.ProviderSpec.RoleBindings from Azure CredentialsRequest crProviderSpec := &credreqv1.AzureProviderSpec{} if credentialsRequest.Spec.ProviderSpec != nil { - codec, err := credreqv1.NewCodec() - if err != nil { - return err - } - err = codec.DecodeProviderSpec(credentialsRequest.Spec.ProviderSpec, crProviderSpec) + err := credreqv1.Codec.DecodeProviderSpec(credentialsRequest.Spec.ProviderSpec, crProviderSpec) if err != nil { return fmt.Errorf("error decoding provider spec from CredentialsRequest: %w", err) } diff --git a/pkg/cmd/provisioning/gcp/create_service_accounts.go b/pkg/cmd/provisioning/gcp/create_service_accounts.go index b5f9396a48..9eae4a3779 100644 --- a/pkg/cmd/provisioning/gcp/create_service_accounts.go +++ b/pkg/cmd/provisioning/gcp/create_service_accounts.go @@ -141,13 +141,8 @@ func createServiceAccount(ctx context.Context, client gcp.Client, name string, c } // Decode GCPProviderSpec - codec, err := credreqv1.NewCodec() - if err != nil { - return "", errors.Wrap(err, "Failed to create credReq codec") - } - gcpProviderSpec := credreqv1.GCPProviderSpec{} - if err := codec.DecodeProviderSpec(credReq.Spec.ProviderSpec, &gcpProviderSpec); err != nil { + if err := credreqv1.Codec.DecodeProviderSpec(credReq.Spec.ProviderSpec, &gcpProviderSpec); err != nil { return "", errors.Wrap(err, "Failed to decode the provider spec") } diff --git a/pkg/cmd/provisioning/ibmcloud/service_id.go b/pkg/cmd/provisioning/ibmcloud/service_id.go index 32714e2d11..24ebb969f9 100644 --- a/pkg/cmd/provisioning/ibmcloud/service_id.go +++ b/pkg/cmd/provisioning/ibmcloud/service_id.go @@ -80,17 +80,12 @@ func (s *ServiceID) List() ([]iamidentityv1.ServiceID, error) { } func (s *ServiceID) Validate() error { - codec, err := credreqv1.NewCodec() - if err != nil { - return errors.Wrap(err, "Failed to create credReq codec") - } - if s.cr.Spec.ProviderSpec == nil { return fmt.Errorf("Spec.ProviderSpec is empty in %s credentials request", s.cr.Name) } var unknown runtime.Unknown - err = codec.DecodeProviderSpec(s.cr.Spec.ProviderSpec, &unknown) + err := credreqv1.Codec.DecodeProviderSpec(s.cr.Spec.ProviderSpec, &unknown) if err != nil { return errors.Wrapf(err, "failed to DecodeProviderSpec") } @@ -275,12 +270,8 @@ func (s *ServiceID) createPolicy(policy *credreqv1.AccessPolicy) error { } func (s *ServiceID) extractPolicies() (policies []credreqv1.AccessPolicy, returnErr error) { - codec, returnErr := credreqv1.NewCodec() - if returnErr != nil { - return nil, errors.Wrap(returnErr, "Failed to create credReq codec") - } var unknown runtime.Unknown - returnErr = codec.DecodeProviderSpec(s.cr.Spec.ProviderSpec, &unknown) + returnErr = credreqv1.Codec.DecodeProviderSpec(s.cr.Spec.ProviderSpec, &unknown) if returnErr != nil { return nil, returnErr } @@ -288,13 +279,13 @@ func (s *ServiceID) extractPolicies() (policies []credreqv1.AccessPolicy, return switch unknown.Kind { case reflect.TypeOf(credreqv1.IBMCloudProviderSpec{}).Name(): ibmcloudProviderSpec := &credreqv1.IBMCloudProviderSpec{} - if err := codec.DecodeProviderSpec(s.cr.Spec.ProviderSpec, ibmcloudProviderSpec); err != nil { + if err := credreqv1.Codec.DecodeProviderSpec(s.cr.Spec.ProviderSpec, ibmcloudProviderSpec); err != nil { return nil, errors.Wrap(err, "Failed to decode the provider spec") } policies = ibmcloudProviderSpec.Policies case reflect.TypeOf(credreqv1.IBMCloudPowerVSProviderSpec{}).Name(): ibmCloudPowerVSProviderSpec := &credreqv1.IBMCloudPowerVSProviderSpec{} - if err := codec.DecodeProviderSpec(s.cr.Spec.ProviderSpec, ibmCloudPowerVSProviderSpec); err != nil { + if err := credreqv1.Codec.DecodeProviderSpec(s.cr.Spec.ProviderSpec, ibmCloudPowerVSProviderSpec); err != nil { return nil, errors.Wrap(err, "Failed to decode the provider spec") } policies = ibmCloudPowerVSProviderSpec.Policies diff --git a/pkg/cmd/provisioning/nutanix/create_shared_secrets.go b/pkg/cmd/provisioning/nutanix/create_shared_secrets.go index e3328ebf60..faa8799727 100644 --- a/pkg/cmd/provisioning/nutanix/create_shared_secrets.go +++ b/pkg/cmd/provisioning/nutanix/create_shared_secrets.go @@ -173,13 +173,8 @@ func writeCredReqSecret(cr *credreqv1.CredentialsRequest, targetDir string, cred func processCredReq(cr *credreqv1.CredentialsRequest, targetDir string, creds *kubernetes.NutanixCredentials) error { // Decode NutanixProviderSpec - codec, err := credreqv1.NewCodec() - if err != nil { - return errors.Wrap(err, "Failed to create credReq codec") - } - nutanixProviderSpec := credreqv1.NutanixProviderSpec{} - if err := codec.DecodeProviderSpec(cr.Spec.ProviderSpec, &nutanixProviderSpec); err != nil { + if err := credreqv1.Codec.DecodeProviderSpec(cr.Spec.ProviderSpec, &nutanixProviderSpec); err != nil { return errors.Wrap(err, "Failed to decode the provider spec") } diff --git a/pkg/gcp/actuator/actuator.go b/pkg/gcp/actuator/actuator.go index 29429f13fc..236f228282 100644 --- a/pkg/gcp/actuator/actuator.go +++ b/pkg/gcp/actuator/actuator.go @@ -62,7 +62,6 @@ type Actuator struct { ProjectName string Client client.Client RootCredClient client.Client - Codec *minterv1.ProviderCodec GCPClientBuilder func(string, []byte) (ccgcp.Client, error) } @@ -72,17 +71,10 @@ func (a *Actuator) STSFeatureGateEnabled() bool { // NewActuator initializes and returns a new Actuator for GCP. func NewActuator(c, rootCredClient client.Client, projectName string) (*Actuator, error) { - codec, err := minterv1.NewCodec() - if err != nil { - log.WithError(err).Error("error creating GCP codec") - return nil, fmt.Errorf("error creating GCP codec: %v", err) - } - return &Actuator{ ProjectName: projectName, Client: c, RootCredClient: rootCredClient, - Codec: codec, GCPClientBuilder: ccgcp.NewClientFromJSON, }, nil } @@ -100,7 +92,7 @@ func (a *Actuator) Delete(ctx context.Context, cr *minterv1.CredentialsRequest) logger := a.getLogger(cr) logger.Debug("running Delete") - gcpStatus, err := decodeProviderStatus(a.Codec, cr) + gcpStatus, err := decodeProviderStatus(minterv1.Codec, cr) if err != nil { return err } @@ -264,7 +256,7 @@ func (a *Actuator) syncPassthrough(ctx context.Context, cr *minterv1.Credentials return err } - provSpec, err := decodeProviderSpec(a.Codec, cr) + provSpec, err := decodeProviderSpec(minterv1.Codec, cr) if err != nil { return err } @@ -307,12 +299,12 @@ func (a *Actuator) syncPassthrough(ctx context.Context, cr *minterv1.Credentials // syncMint handles both create and update idempotently. func (a *Actuator) syncMint(ctx context.Context, cr *minterv1.CredentialsRequest, infraName string, logger log.FieldLogger) error { - gcpSpec, err := decodeProviderSpec(a.Codec, cr) + gcpSpec, err := decodeProviderSpec(minterv1.Codec, cr) if err != nil { return err } - gcpStatus, err := decodeProviderStatus(a.Codec, cr) + gcpStatus, err := decodeProviderStatus(minterv1.Codec, cr) if err != nil { return err } @@ -480,12 +472,12 @@ func (a *Actuator) syncMint(ctx context.Context, cr *minterv1.CredentialsRequest func (a *Actuator) needsUpdate(ctx context.Context, cr *minterv1.CredentialsRequest) (bool, bool, error) { logger := a.getLogger(cr) - gcpSpec, err := decodeProviderSpec(a.Codec, cr) + gcpSpec, err := decodeProviderSpec(minterv1.Codec, cr) if err != nil { return true, false, fmt.Errorf("unable to decode ProviderSpec: %v", err) } - gcpStatus, err := decodeProviderStatus(a.Codec, cr) + gcpStatus, err := decodeProviderStatus(minterv1.Codec, cr) if err != nil { return true, false, fmt.Errorf("unable to decode ProviderStatus: %v", err) } @@ -635,7 +627,7 @@ func (a *Actuator) buildReadGCPClient(cr *minterv1.CredentialsRequest) (ccgcp.Cl // Test if the read-only client is working, if any error here we will fall back to using // the root client. - gcpStatus, err := decodeProviderStatus(a.Codec, cr) + gcpStatus, err := decodeProviderStatus(minterv1.Codec, cr) if err != nil { return nil, err } @@ -662,7 +654,7 @@ func (a *Actuator) buildRootGCPClient(cr *minterv1.CredentialsRequest) (ccgcp.Cl func (a *Actuator) updateProviderStatus(ctx context.Context, logger log.FieldLogger, cr *minterv1.CredentialsRequest, gcpStatus *minterv1.GCPProviderStatus) error { var err error - cr.Status.ProviderStatus, err = a.Codec.EncodeProviderStatus(gcpStatus) + cr.Status.ProviderStatus, err = minterv1.Codec.EncodeProviderStatus(gcpStatus) if err != nil { logger.WithError(err).Error("error encoding provider status") return err @@ -722,12 +714,8 @@ func isSecretAnnotated(secret *corev1.Secret) bool { } func isGCPCredentials(providerSpec *runtime.RawExtension) (bool, error) { - codec, err := minterv1.NewCodec() - if err != nil { - return false, err - } unknown := runtime.Unknown{} - err = codec.DecodeProviderSpec(providerSpec, &unknown) + err := minterv1.Codec.DecodeProviderSpec(providerSpec, &unknown) if err != nil { return false, err } diff --git a/pkg/kubevirt/actuator_test.go b/pkg/kubevirt/actuator_test.go index 18546ebc3f..98a7ebe77d 100644 --- a/pkg/kubevirt/actuator_test.go +++ b/pkg/kubevirt/actuator_test.go @@ -73,18 +73,14 @@ var ( ) func TestDecodeToUnknown(t *testing.T) { - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("failed to create codec %#v", err) - } var raw *runtime.RawExtension aps := minterv1.KubevirtProviderSpec{} - raw, err = codec.EncodeProviderSpec(&aps) + raw, err := minterv1.Codec.EncodeProviderSpec(&aps) if err != nil { t.Fatalf("failed to encode codec %#v", err) } unknown := runtime.Unknown{} - err = codec.DecodeProviderStatus(raw, &unknown) + err = minterv1.Codec.DecodeProviderStatus(raw, &unknown) if err != nil { t.Fatalf("should be able to decode to Unknown %#v", err) } @@ -358,12 +354,7 @@ func existingObjectsAfterCreate(t *testing.T) []runtime.Object { } func testCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { - codec, err := minterv1.NewCodec() - if err != nil { - t.Fatalf("error creating Kubevirt codec: %v", err) - } - - rawObj, err := codec.EncodeProviderSpec(kubevirtSpec) + rawObj, err := minterv1.Codec.EncodeProviderSpec(kubevirtSpec) if err != nil { t.Fatalf("error decoding provider v1 spec: %v", err) } diff --git a/pkg/openstack/actuator.go b/pkg/openstack/actuator.go index 53909f3663..0dbf79dffc 100644 --- a/pkg/openstack/actuator.go +++ b/pkg/openstack/actuator.go @@ -40,7 +40,6 @@ import ( type OpenStackActuator struct { Client client.Client RootCredClient client.Client - Codec *minterv1.ProviderCodec } func (a *OpenStackActuator) STSFeatureGateEnabled() bool { @@ -49,14 +48,7 @@ func (a *OpenStackActuator) STSFeatureGateEnabled() bool { // NewOpenStackActuator creates a new OpenStack actuator. func NewOpenStackActuator(client, rootCredClient client.Client) (*OpenStackActuator, error) { - codec, err := minterv1.NewCodec() - if err != nil { - log.WithError(err).Error("error creating OpenStack codec") - return nil, fmt.Errorf("error creating OpenStack codec: %v", err) - } - return &OpenStackActuator{ - Codec: codec, Client: client, RootCredClient: rootCredClient, }, nil diff --git a/pkg/operator/cleanup/cleanup_controller_test.go b/pkg/operator/cleanup/cleanup_controller_test.go index 504d87053c..0838b6cde6 100644 --- a/pkg/operator/cleanup/cleanup_controller_test.go +++ b/pkg/operator/cleanup/cleanup_controller_test.go @@ -234,14 +234,7 @@ func createTestNamespace(namespace string) *corev1.Namespace { func testStaleCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { cr := testPassthroughCredentialsRequest(t) - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - - awsStatus, err := codec.EncodeProviderStatus( + awsStatus, err := minterv1.Codec.EncodeProviderStatus( &minterv1.AWSProviderStatus{ User: testAWSUser, }) @@ -256,13 +249,7 @@ func testStaleCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { } func testPassthroughCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - awsProvSpec, err := codec.EncodeProviderSpec( + awsProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.AWSProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AWSProviderSpec", diff --git a/pkg/operator/credentialsrequest/credentialsrequest_controller_azure_test.go b/pkg/operator/credentialsrequest/credentialsrequest_controller_azure_test.go index 567dfafb45..ef98fc1015 100644 --- a/pkg/operator/credentialsrequest/credentialsrequest_controller_azure_test.go +++ b/pkg/operator/credentialsrequest/credentialsrequest_controller_azure_test.go @@ -78,13 +78,6 @@ func init() { func TestCredentialsRequestAzureReconcile(t *testing.T) { schemeutils.SetupScheme(scheme.Scheme) - codec, err := minterv1.NewCodec() - if err != nil { - fmt.Printf("error creating codec: %v", err) - t.FailNow() - return - } - tests := []struct { name string existing []runtime.Object @@ -215,7 +208,6 @@ func TestCredentialsRequestAzureReconcile(t *testing.T) { azureActuator := azureactuator.NewFakeActuator( fakeClient, fakeAdminClient, - codec, func(logger log.FieldLogger, clientID, clientSecret, tenantID, subscriptionID string) (*azureactuator.AzureCredentialsMinter, error) { return azureactuator.NewFakeAzureCredentialsMinter(logger, clientID, @@ -289,14 +281,7 @@ func testAzureCredentialsRequestWithOrphanedCloudResource(t *testing.T) *minterv } func testAzureCredentialsRequestNeedingCleanup(t *testing.T) *minterv1.CredentialsRequest { cr := testAzureCredentialsRequest(t) - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - - azureProviderStatus, err := codec.EncodeProviderStatus( + azureProviderStatus, err := minterv1.Codec.EncodeProviderStatus( &minterv1.AzureProviderStatus{ TypeMeta: metav1.TypeMeta{ Kind: "AzureProviderStatus", @@ -319,14 +304,7 @@ func testAzureCredentialsRequestNeedingCleanup(t *testing.T) *minterv1.Credentia } func testAzureCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - - azureProviderSpec, err := codec.EncodeProviderSpec( + azureProviderSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.AzureProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AzureProviderSpec", diff --git a/pkg/operator/credentialsrequest/credentialsrequest_controller_gcp_test.go b/pkg/operator/credentialsrequest/credentialsrequest_controller_gcp_test.go index bbe9b328ff..46b34ddb90 100644 --- a/pkg/operator/credentialsrequest/credentialsrequest_controller_gcp_test.go +++ b/pkg/operator/credentialsrequest/credentialsrequest_controller_gcp_test.go @@ -92,13 +92,6 @@ func init() { func TestCredentialsRequestGCPReconcile(t *testing.T) { schemeutils.SetupScheme(scheme.Scheme) - codec, err := minterv1.NewCodec() - if err != nil { - fmt.Printf("error creating codec: %v", err) - t.FailNow() - return - } - tests := []struct { name string existing []runtime.Object @@ -580,7 +573,7 @@ func TestCredentialsRequestGCPReconcile(t *testing.T) { // already minted, last synced 2 hours ago func() *minterv1.CredentialsRequest { cr := testGCPCredentialsRequestWithPermissions(t) - gcpStatus, err := codec.EncodeProviderStatus( + gcpStatus, err := minterv1.Codec.EncodeProviderStatus( &minterv1.GCPProviderStatus{ TypeMeta: metav1.TypeMeta{ Kind: "GCPProviderSpec", @@ -941,7 +934,6 @@ func TestCredentialsRequestGCPReconcile(t *testing.T) { Actuator: &actuator.Actuator{ Client: fakeClient, RootCredClient: fakeAdminClient, - Codec: codec, GCPClientBuilder: func(name string, jsonAUTH []byte) (mintergcp.Client, error) { if string(jsonAUTH) == testRootGCPAuth { return mockRootGCPClient, nil @@ -1001,14 +993,7 @@ func TestCredentialsRequestGCPReconcile(t *testing.T) { func testGCPCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { cr := testGCPPassthroughCredentialsRequest(t) - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - - gcpStatus, err := codec.EncodeProviderStatus( + gcpStatus, err := minterv1.Codec.EncodeProviderStatus( &minterv1.GCPProviderStatus{ TypeMeta: metav1.TypeMeta{ Kind: "GCPProviderSpec", @@ -1043,14 +1028,7 @@ func testGCPCredentialsRequestWithDeletionTimestamp(t *testing.T) *minterv1.Cred func testGCPCredentialsRequestWithPermissionsWithDeletionTimestamp(t *testing.T) *minterv1.CredentialsRequest { cr := testGCPCredentialsRequestWithPermissions(t) - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - - gcpStatus, err := codec.EncodeProviderStatus( + gcpStatus, err := minterv1.Codec.EncodeProviderStatus( &minterv1.GCPProviderStatus{ TypeMeta: metav1.TypeMeta{ Kind: "GCPProviderSpec", @@ -1073,13 +1051,7 @@ func testGCPCredentialsRequestWithPermissionsWithDeletionTimestamp(t *testing.T) } func testGCPPassthroughCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - gcpProvSpec, err := codec.EncodeProviderSpec( + gcpProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.GCPProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "GCPProviderSpec", @@ -1134,13 +1106,7 @@ func testGCPCredsSecret(namespace, name, jsonAUTH string) *corev1.Secret { } func testGCPCredentialsRequestWithPermissions(t *testing.T) *minterv1.CredentialsRequest { - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - gcpProvSpec, err := codec.EncodeProviderSpec( + gcpProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.GCPProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "GCPProviderSpec", diff --git a/pkg/operator/credentialsrequest/credentialsrequest_controller_test.go b/pkg/operator/credentialsrequest/credentialsrequest_controller_test.go index e5109105f4..05043356a8 100644 --- a/pkg/operator/credentialsrequest/credentialsrequest_controller_test.go +++ b/pkg/operator/credentialsrequest/credentialsrequest_controller_test.go @@ -99,13 +99,6 @@ func TestCredentialsRequestReconcile(t *testing.T) { return nil } - codec, err := minterv1.NewCodec() - if err != nil { - fmt.Printf("error creating codec: %v", err) - t.FailNow() - return - } - tests := []struct { name string existing []runtime.Object @@ -1220,7 +1213,7 @@ func TestCredentialsRequestReconcile(t *testing.T) { testOperatorConfig(""), func() *minterv1.CredentialsRequest { cr := testCredentialsRequest(t) - awsProvSpec, err := codec.EncodeProviderSpec( + awsProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.AWSProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AWSProviderSpec", @@ -1288,7 +1281,7 @@ func TestCredentialsRequestReconcile(t *testing.T) { testOperatorConfig(""), func() *minterv1.CredentialsRequest { cr := testCredentialsRequest(t) - awsProvSpec, err := codec.EncodeProviderSpec( + awsProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.AWSProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AWSProviderSpec", @@ -1314,7 +1307,7 @@ func TestCredentialsRequestReconcile(t *testing.T) { cr.Spec.ProviderSpec = awsProvSpec - awsStatus, err := codec.EncodeProviderStatus( + awsStatus, err := minterv1.Codec.EncodeProviderStatus( &minterv1.AWSProviderStatus{ User: testAWSUser, Policy: testAWSUser + "-policy", @@ -1456,7 +1449,6 @@ func TestCredentialsRequestReconcile(t *testing.T) { Actuator: &actuator.AWSActuator{ Client: fakeClient, RootCredClient: fakeAdminClient, - Codec: codec, Scheme: scheme.Scheme, AWSClientBuilder: func(accessKeyID, secretAccessKey []byte, c client.Client) (minteraws.Client, error) { if string(accessKeyID) == testRootAWSAccessKeyID { @@ -1471,7 +1463,7 @@ func TestCredentialsRequestReconcile(t *testing.T) { platformType: configv1.AWSPlatformType, } - _, err = rcr.Reconcile(context.TODO(), reconcile.Request{ + _, err := rcr.Reconcile(context.TODO(), reconcile.Request{ NamespacedName: types.NamespacedName{ Name: testCRName, Namespace: testNamespace, @@ -1581,13 +1573,7 @@ func testPassthroughCredentialsRequestWithLastSyncResourceVersion(t *testing.T, // passthrough credentialsrequest objects have no awsStatus func testPassthroughCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - awsProvSpec, err := codec.EncodeProviderSpec( + awsProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.AWSProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AWSProviderSpec", @@ -1629,14 +1615,7 @@ func testPassthroughCredentialsRequest(t *testing.T) *minterv1.CredentialsReques func testCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { cr := testPassthroughCredentialsRequest(t) - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - - awsStatus, err := codec.EncodeProviderStatus( + awsStatus, err := minterv1.Codec.EncodeProviderStatus( &minterv1.AWSProviderStatus{ User: testAWSUser, }) diff --git a/pkg/operator/credentialsrequest/credentialsrequest_controller_vsphere_test.go b/pkg/operator/credentialsrequest/credentialsrequest_controller_vsphere_test.go index 21f7c49b78..6dc919bf02 100644 --- a/pkg/operator/credentialsrequest/credentialsrequest_controller_vsphere_test.go +++ b/pkg/operator/credentialsrequest/credentialsrequest_controller_vsphere_test.go @@ -18,7 +18,6 @@ package credentialsrequest import ( "context" - "fmt" "testing" "github.com/golang/mock/gomock" @@ -59,13 +58,6 @@ func init() { func TestCredentialsRequestVSphereReconcile(t *testing.T) { schemeutils.SetupScheme(scheme.Scheme) - codec, err := minterv1.NewCodec() - if err != nil { - fmt.Printf("error creating codec: %v", err) - t.FailNow() - return - } - tests := []struct { name string existing []runtime.Object @@ -202,7 +194,6 @@ func TestCredentialsRequestVSphereReconcile(t *testing.T) { Actuator: &actuator.VSphereActuator{ Client: fakeClient, RootCredClient: fakeAdminClient, - Codec: codec, }, platformType: configv1.VSpherePlatformType, } @@ -260,14 +251,7 @@ func testVSphereCredentialsRequestWithDeletionTimestamp(t *testing.T) *minterv1. } func testVSphereCredentialsRequest(t *testing.T) *minterv1.CredentialsRequest { - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - return nil - } - - vsphereProvSpec, err := codec.EncodeProviderSpec( + vsphereProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.VSphereProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "VSphereProviderSpec", diff --git a/pkg/operator/credentialsrequest/status_test.go b/pkg/operator/credentialsrequest/status_test.go index b1cf564b2d..41628ddfb5 100644 --- a/pkg/operator/credentialsrequest/status_test.go +++ b/pkg/operator/credentialsrequest/status_test.go @@ -25,7 +25,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes/scheme" @@ -47,25 +47,20 @@ var ( func TestClusterOperatorStatus(t *testing.T) { schemeutils.SetupScheme(scheme.Scheme) - codec, err := minterv1.NewCodec() - if err != nil { - t.Logf("error creating new codec: %v", err) - t.FailNow() - } - - defaultAWSProviderConfig, err = testAWSProviderConfig(codec) + var err error + defaultAWSProviderConfig, err = testAWSProviderConfig() if err != nil { t.Logf("error creating test AWS ProviderConfig: %v", err) t.FailNow() } - defaultAzureProviderConfig, err = testAzureProviderConfig(codec) + defaultAzureProviderConfig, err = testAzureProviderConfig() if err != nil { t.Logf("error creating test Azure ProviderConfig: %v", err) t.FailNow() } - defaultGCPProviderConfig, err = testGCPProviderConfig(codec) + defaultGCPProviderConfig, err = testGCPProviderConfig() if err != nil { t.Logf("error creating test GCP ProviderConfig: %v", err) t.FailNow() @@ -262,8 +257,8 @@ func testCredentialsRequestWithStatus(name string, provisioned bool, conditions } } -func testAWSProviderConfig(codec *minterv1.ProviderCodec) (*runtime.RawExtension, error) { - awsProvSpec, err := codec.EncodeProviderSpec( +func testAWSProviderConfig() (*runtime.RawExtension, error) { + awsProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.AWSProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AWSProviderSpec", @@ -284,8 +279,8 @@ func testAWSProviderConfig(codec *minterv1.ProviderCodec) (*runtime.RawExtension return awsProvSpec, err } -func testGCPProviderConfig(codec *minterv1.ProviderCodec) (*runtime.RawExtension, error) { - gcpProvSpec, err := codec.EncodeProviderSpec( +func testGCPProviderConfig() (*runtime.RawExtension, error) { + gcpProvSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.GCPProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "GCPProviderSpec", @@ -298,8 +293,8 @@ func testGCPProviderConfig(codec *minterv1.ProviderCodec) (*runtime.RawExtension return gcpProvSpec, err } -func testAzureProviderConfig(codec *minterv1.ProviderCodec) (*runtime.RawExtension, error) { - azureProviderSpec, err := codec.EncodeProviderSpec( +func testAzureProviderConfig() (*runtime.RawExtension, error) { + azureProviderSpec, err := minterv1.Codec.EncodeProviderSpec( &minterv1.AzureProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AzureProviderSpec", diff --git a/pkg/operator/metrics/metrics_test.go b/pkg/operator/metrics/metrics_test.go index 90fa7e7812..c375d0808a 100644 --- a/pkg/operator/metrics/metrics_test.go +++ b/pkg/operator/metrics/metrics_test.go @@ -22,8 +22,6 @@ import ( ) var ( - codec *credreqv1.ProviderCodec - missingTargetNamespaceCond = credreqv1.CredentialsRequestCondition{ Type: credreqv1.MissingTargetNamespace, Status: corev1.ConditionTrue, @@ -51,12 +49,6 @@ var ( ) func TestSecretGetter(t *testing.T) { - var err error - codec, err = credreqv1.NewCodec() - if err != nil { - t.Fatalf("failed to create codec: %v", err) - } - configv1.AddToScheme(scheme.Scheme) logger := log.WithField("controller", "metricscontrollertest") @@ -135,12 +127,6 @@ func TestSecretGetter(t *testing.T) { } func TestCredentialsRequests(t *testing.T) { - var err error - codec, err = credreqv1.NewCodec() - if err != nil { - t.Fatalf("failed to create codec: %v", err) - } - credreqv1.AddToScheme(scheme.Scheme) configv1.AddToScheme(scheme.Scheme) @@ -381,7 +367,7 @@ func testAWSCredRequest(name string) credreqv1.CredentialsRequest { Spec: credreqv1.CredentialsRequestSpec{}, } - awsProviderSpec, err := codec.EncodeProviderSpec( + awsProviderSpec, err := credreqv1.Codec.EncodeProviderSpec( &credreqv1.AWSProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "AWSProviderSpec", @@ -396,7 +382,7 @@ func testAWSCredRequest(name string) credreqv1.CredentialsRequest { } func testGCPCredRequest(name string) credreqv1.CredentialsRequest { - gcpProviderSpec, err := codec.EncodeProviderSpec( + gcpProviderSpec, err := credreqv1.Codec.EncodeProviderSpec( &credreqv1.GCPProviderSpec{ TypeMeta: metav1.TypeMeta{ Kind: "GCPProviderSpec", diff --git a/pkg/operator/utils/utils.go b/pkg/operator/utils/utils.go index 076ea4d181..605c1481ab 100644 --- a/pkg/operator/utils/utils.go +++ b/pkg/operator/utils/utils.go @@ -146,12 +146,8 @@ func GetAuth(ctx context.Context, c client.Client) (*configv1.Authentication, er // GetCredentialsRequestCloudType decodes a Spec.ProviderSpec and returns the kind // field. func GetCredentialsRequestCloudType(providerSpec *runtime.RawExtension) (string, error) { - codec, err := minterv1.NewCodec() - if err != nil { - return "", err - } unknown := runtime.Unknown{} - err = codec.DecodeProviderSpec(providerSpec, &unknown) + err := minterv1.Codec.DecodeProviderSpec(providerSpec, &unknown) if err != nil { return "", err } diff --git a/pkg/ovirt/actuator.go b/pkg/ovirt/actuator.go index 3aaa29dd39..4ef04c6c64 100644 --- a/pkg/ovirt/actuator.go +++ b/pkg/ovirt/actuator.go @@ -51,7 +51,6 @@ const ( type OvirtActuator struct { Client client.Client RootCredClient client.Client - Codec *minterv1.ProviderCodec } func (a *OvirtActuator) GetFeatureGates(ctx context.Context) (featuregates.FeatureGate, error) { @@ -72,14 +71,7 @@ type OvirtCreds struct { // NewActuator creates a new Ovirt actuator. func NewActuator(client, rootCredClient client.Client) (*OvirtActuator, error) { - codec, err := minterv1.NewCodec() - if err != nil { - log.WithError(err).Error("error creating Ovirt codec") - return nil, fmt.Errorf("error creating Ovirt codec: %v", err) - } - return &OvirtActuator{ - Codec: codec, Client: client, RootCredClient: rootCredClient, }, nil diff --git a/pkg/vsphere/actuator/actuator.go b/pkg/vsphere/actuator/actuator.go index d8047c52c3..08afaab67f 100644 --- a/pkg/vsphere/actuator/actuator.go +++ b/pkg/vsphere/actuator/actuator.go @@ -55,14 +55,7 @@ func (a *VSphereActuator) STSFeatureGateEnabled() bool { // NewVSphereActuator creates a new VSphereActuator. func NewVSphereActuator(client, rootCredClient client.Client) (*VSphereActuator, error) { - codec, err := minterv1.NewCodec() - if err != nil { - log.WithError(err).Error("error creating AWS codec") - return nil, fmt.Errorf("error creating AWS codec: %v", err) - } - return &VSphereActuator{ - Codec: codec, Client: client, RootCredClient: rootCredClient, }, nil @@ -364,12 +357,8 @@ func isSecretAnnotated(secret *corev1.Secret) bool { } func isVSphereCredentials(providerSpec *runtime.RawExtension) (bool, error) { - codec, err := minterv1.NewCodec() - if err != nil { - return false, err - } unknown := runtime.Unknown{} - err = codec.DecodeProviderSpec(providerSpec, &unknown) + err := minterv1.Codec.DecodeProviderSpec(providerSpec, &unknown) if err != nil { return false, err } diff --git a/test/e2e/aws/sts/actutator_e2e_test.go b/test/e2e/aws/sts/actutator_e2e_test.go index 78f9f8bed8..24d82bd4b8 100644 --- a/test/e2e/aws/sts/actutator_e2e_test.go +++ b/test/e2e/aws/sts/actutator_e2e_test.go @@ -5,6 +5,10 @@ package sts import ( "context" + "os" + "testing" + "time" + minterv1 "github.com/openshift/cloud-credential-operator/pkg/apis/cloudcredential/v1" "github.com/openshift/cloud-credential-operator/pkg/util" corev1 "k8s.io/api/core/v1" @@ -12,15 +16,12 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/kubernetes/scheme" "k8s.io/klog/v2" - "os" "sigs.k8s.io/e2e-framework/klient/conf" "sigs.k8s.io/e2e-framework/klient/k8s/resources" "sigs.k8s.io/e2e-framework/pkg/env" "sigs.k8s.io/e2e-framework/pkg/envconf" "sigs.k8s.io/e2e-framework/pkg/envfuncs" "sigs.k8s.io/e2e-framework/pkg/features" - "testing" - "time" ) var testenv env.Environment @@ -109,8 +110,7 @@ func newCredentialsRequest() *minterv1.CredentialsRequest { STSIAMRoleARN: "arn:aws:iam::269733383069:oidc-provider/newstscluster-oidc.s3.us-east-1.amazonaws.com", } - var codec, _ = minterv1.NewCodec() - var ProviderSpec, _ = codec.EncodeProviderSpec(in.DeepCopyObject()) + var ProviderSpec, _ = minterv1.Codec.EncodeProviderSpec(in.DeepCopyObject()) var CredentialsRequestTemplate = &minterv1.CredentialsRequest{ ObjectMeta: metav1.ObjectMeta{ Name: name,