Skip to content

*: use a global codec #576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 2 commits into from
Jul 20, 2023
Merged

*: use a global codec #576

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
98cec0c
cmd: add pprof endpoint
stevekuznetsov Jul 20, 2023
7a9354b
*: use a global codec
stevekuznetsov Jul 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion manifests/03-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ spec:
resources:
requests:
cpu: 10m
memory: 150Mi
memory: 20Mi
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/configmaps/trusted-ca-bundle
Expand Down
37 changes: 15 additions & 22 deletions pkg/apis/cloudcredential/v1/codec.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,23 @@ import (

"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
)

// NewScheme creates a new Scheme
func NewScheme() (*runtime.Scheme, error) {
s := runtime.NewScheme()
return s, SchemeBuilder.AddToScheme(s)
var scheme = runtime.NewScheme()
var codecFactory = serializer.NewCodecFactory(scheme)
var encoder runtime.Encoder = nil
var Codec *ProviderCodec = nil

func init() {
utilruntime.Must(Install(scheme))
var err error
encoder, err = newEncoder(&codecFactory)
utilruntime.Must(err)
Codec = &ProviderCodec{
encoder: encoder,
decoder: codecFactory.UniversalDecoder(SchemeGroupVersion),
}
}

// ProviderCodec is a runtime codec for providers.
Expand All @@ -37,24 +48,6 @@ type ProviderCodec struct {
decoder runtime.Decoder
}

// NewCodec creates a serializer/deserializer for the provider configuration
func NewCodec() (*ProviderCodec, error) {
scheme, err := NewScheme()
if err != nil {
return nil, err
}
codecFactory := serializer.NewCodecFactory(scheme)
encoder, err := newEncoder(&codecFactory)
if err != nil {
return nil, err
}
codec := ProviderCodec{
encoder: encoder,
decoder: codecFactory.UniversalDecoder(SchemeGroupVersion),
}
return &codec, nil
}

// EncodeProvider serializes an object to the provider spec.
func (codec *ProviderCodec) EncodeProviderSpec(in runtime.Object) (*runtime.RawExtension, error) {
var buf bytes.Buffer
Expand Down
32 changes: 10 additions & 22 deletions pkg/aws/actuator/actuator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,22 +72,14 @@ type AWSActuator struct {
Client client.Client
RootCredClient client.Client
LiveClient client.Client
Codec *minterv1.ProviderCodec
AWSClientBuilder func(accessKeyID, secretAccessKey []byte, c client.Client) (ccaws.Client, error)
Scheme *runtime.Scheme
AWSSecurityTokenServiceGateEnabled bool
}

// NewAWSActuator creates a new AWSActuator.
func NewAWSActuator(client, rootCredClient, liveClient client.Client, scheme *runtime.Scheme, awsSecurityTokenServiceGateEnabled bool) (*AWSActuator, error) {
codec, err := minterv1.NewCodec()
if err != nil {
log.WithError(err).Error("error creating AWS codec")
return nil, fmt.Errorf("error creating AWS codec: %v", err)
}

return &AWSActuator{
Codec: codec,
Client: client,
LiveClient: liveClient,
RootCredClient: rootCredClient,
Expand Down Expand Up @@ -183,12 +175,12 @@ func (a *AWSActuator) needsUpdate(ctx context.Context, cr *minterv1.CredentialsR
return true, nil
}

awsSpec, err := DecodeProviderSpec(a.Codec, cr)
awsSpec, err := DecodeProviderSpec(minterv1.Codec, cr)
if err != nil {
return true, err
}

awsStatus, err := DecodeProviderStatus(a.Codec, cr)
awsStatus, err := DecodeProviderStatus(minterv1.Codec, cr)
if err != nil {
return true, fmt.Errorf("unable to decode ProviderStatus: %v", err)
}
Expand Down Expand Up @@ -354,7 +346,7 @@ func (a *AWSActuator) sync(ctx context.Context, cr *minterv1.CredentialsRequest)
logger.Infof("stsDetected: %v", stsDetected)
if stsFeatureGateEnabled && stsDetected {
logger.Debug("actuator detected STS enabled cluster, enabling STS secret brokering for CredentialsRequests providing an IAM Role ARN")
awsSTSIAMRoleARN, err := awsSTSIAMRoleARN(a.Codec, cr)
awsSTSIAMRoleARN, err := awsSTSIAMRoleARN(minterv1.Codec, cr)
if err != nil {
return err
}
Expand Down Expand Up @@ -501,7 +493,7 @@ func (a *AWSActuator) syncPassthrough(ctx context.Context, cr *minterv1.Credenti
}
}

awsSpec, err := DecodeProviderSpec(a.Codec, cr)
awsSpec, err := DecodeProviderSpec(minterv1.Codec, cr)
if err != nil {
msg := "error decoding AWS ProviderSpec"
logger.WithError(err).Error(msg)
Expand Down Expand Up @@ -547,12 +539,12 @@ func (a *AWSActuator) syncPassthrough(ctx context.Context, cr *minterv1.Credenti
func (a *AWSActuator) syncMint(ctx context.Context, cr *minterv1.CredentialsRequest, logger log.FieldLogger) error {
var err error

awsSpec, err := DecodeProviderSpec(a.Codec, cr)
awsSpec, err := DecodeProviderSpec(minterv1.Codec, cr)
if err != nil {
return err
}

awsStatus, err := DecodeProviderStatus(a.Codec, cr)
awsStatus, err := DecodeProviderStatus(minterv1.Codec, cr)
if err != nil {
return err
}
Expand Down Expand Up @@ -769,7 +761,7 @@ func userHasExpectedTags(logger log.FieldLogger, user *iam.User, infraName, clus
func (a *AWSActuator) updateProviderStatus(ctx context.Context, logger log.FieldLogger, cr *minterv1.CredentialsRequest, awsStatus *minterv1.AWSProviderStatus) error {

var err error
cr.Status.ProviderStatus, err = a.Codec.EncodeProviderStatus(awsStatus)
cr.Status.ProviderStatus, err = minterv1.Codec.EncodeProviderStatus(awsStatus)
if err != nil {
logger.WithError(err).Error("error encoding provider status")
return err
Expand All @@ -795,7 +787,7 @@ func (a *AWSActuator) Delete(ctx context.Context, cr *minterv1.CredentialsReques
logger := a.getLogger(cr)
logger.Debug("running Delete")
var err error
awsStatus, err := DecodeProviderStatus(a.Codec, cr)
awsStatus, err := DecodeProviderStatus(minterv1.Codec, cr)
if err != nil {
return err
}
Expand Down Expand Up @@ -993,7 +985,7 @@ func (a *AWSActuator) buildReadAWSClient(cr *minterv1.CredentialsRequest) (minte
// the root client.
// and if our RO user is not yet live, we should just fall back to using the root user
// if possible.
awsStatus, err := DecodeProviderStatus(a.Codec, cr)
awsStatus, err := DecodeProviderStatus(minterv1.Codec, cr)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -1373,12 +1365,8 @@ func (a *AWSActuator) loadClusterUUID(logger log.FieldLogger) (configv1.ClusterI
}

func isAWSCredentials(providerSpec *runtime.RawExtension) (bool, error) {
codec, err := minterv1.NewCodec()
if err != nil {
return false, err
}
unknown := runtime.Unknown{}
err = codec.DecodeProviderSpec(providerSpec, &unknown)
err := minterv1.Codec.DecodeProviderSpec(providerSpec, &unknown)
if err != nil {
return false, err
}
Expand Down
31 changes: 8 additions & 23 deletions pkg/aws/actuator/actuator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,6 @@ func (a *awsClientBuilderRecorder) ClientBuilder(accessKeyID, secretAccessKey []
func TestCredentialsFetching(t *testing.T) {
util.SetupScheme(scheme.Scheme)

codec, err := minterv1.NewCodec()
if err != nil {
t.Fatalf("failed to set up codec for tests: %v", err)
}

tests := []struct {
name string
existing []runtime.Object
Expand Down Expand Up @@ -210,7 +205,6 @@ func TestCredentialsFetching(t *testing.T) {
a := &AWSActuator{
Client: fakeClient,
RootCredClient: fakeAdminClient,
Codec: codec,
AWSClientBuilder: clientRecorder.ClientBuilder,
}

Expand Down Expand Up @@ -291,11 +285,6 @@ func TestGenerateUserName(t *testing.T) {
func TestUpgradeable(t *testing.T) {
util.SetupScheme(scheme.Scheme)

codec, err := minterv1.NewCodec()
if err != nil {
t.Fatalf("failed to set up codec for tests: %v", err)
}

tests := []struct {
name string
mode operatorv1.CloudCredentialsMode
Expand Down Expand Up @@ -370,7 +359,6 @@ func TestUpgradeable(t *testing.T) {

a := &AWSActuator{
RootCredClient: fakeClient,
Codec: codec,
}

cond := a.Upgradeable(test.mode)
Expand Down Expand Up @@ -583,11 +571,6 @@ func (a *testAWSError) Error() string {
func TestDetectSTS(t *testing.T) {
schemeutils.SetupScheme(scheme.Scheme)

codec, err := minterv1.NewCodec()
if err != nil {
t.Fatalf("failed to set up codec for tests: %v", err)
}

tests := []struct {
name string
existing []runtime.Object
Expand All @@ -604,7 +587,8 @@ func TestDetectSTS(t *testing.T) {
},
CredentialsRequest: func() *minterv1.CredentialsRequest {
cr := testCredentialsRequest()
cr.Spec.ProviderSpec, err = testAWSProviderConfig(codec, "")
var err error
cr.Spec.ProviderSpec, err = testAWSProviderConfig("")
if err != nil {
t.Log(err)
t.FailNow()
Expand All @@ -622,7 +606,8 @@ func TestDetectSTS(t *testing.T) {
},
CredentialsRequest: func() *minterv1.CredentialsRequest {
cr := testCredentialsRequest()
cr.Spec.ProviderSpec, err = testAWSProviderConfig(codec, "")
var err error
cr.Spec.ProviderSpec, err = testAWSProviderConfig("")
if err != nil {
t.Log(err)
t.FailNow()
Expand All @@ -641,7 +626,8 @@ func TestDetectSTS(t *testing.T) {
},
CredentialsRequest: func() *minterv1.CredentialsRequest {
cr := testCredentialsRequest()
cr.Spec.ProviderSpec, err = testAWSProviderConfig(codec, "cloud-token")
var err error
cr.Spec.ProviderSpec, err = testAWSProviderConfig("cloud-token")
if err != nil {
t.FailNow()
}
Expand All @@ -667,15 +653,14 @@ func TestDetectSTS(t *testing.T) {
a := &AWSActuator{
Client: fakeClient,
RootCredClient: fakeAdminClient,
Codec: codec,
AWSSecurityTokenServiceGateEnabled: test.stsEnabled,
}
test.wantErr(t, a.sync(context.Background(), test.CredentialsRequest), fmt.Sprintf("sync(%v)", test.CredentialsRequest))
})
}
}

func testAWSProviderConfig(codec *minterv1.ProviderCodec, awsSTSIAMRoleARN string) (*runtime.RawExtension, error) {
func testAWSProviderConfig(awsSTSIAMRoleARN string) (*runtime.RawExtension, error) {
providerSpec := minterv1.AWSProviderSpec{
TypeMeta: metav1.TypeMeta{
Kind: "AWSProviderSpec",
Expand All @@ -695,7 +680,7 @@ func testAWSProviderConfig(codec *minterv1.ProviderCodec, awsSTSIAMRoleARN strin
if awsSTSIAMRoleARN != "" {
providerSpec.STSIAMRoleARN = awsSTSIAMRoleARN
}
awsProvSpec, err := codec.EncodeProviderSpec(&providerSpec)
awsProvSpec, err := minterv1.Codec.EncodeProviderSpec(&providerSpec)
return awsProvSpec, err
}

Expand Down
7 changes: 1 addition & 6 deletions pkg/aws/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -249,18 +249,13 @@ func readCredentialRequest(cr []byte) (*minterv1.CredentialsRequest, error) {
func getCredentialRequestStatements(crBytes []byte) ([]minterv1.StatementEntry, error) {
statementList := []minterv1.StatementEntry{}

awsCodec, err := minterv1.NewCodec()
if err != nil {
return statementList, fmt.Errorf("error creating credentialrequest codec: %v", err)
}

cr, err := readCredentialRequest(crBytes)
if err != nil {
return statementList, err
}

awsSpec := minterv1.AWSProviderSpec{}
err = awsCodec.DecodeProviderSpec(cr.Spec.ProviderSpec, &awsSpec)
err = minterv1.Codec.DecodeProviderSpec(cr.Spec.ProviderSpec, &awsSpec)
if err != nil {
return statementList, fmt.Errorf("error decoding spec.ProviderSpec: %v", err)
}
Expand Down
26 changes: 7 additions & 19 deletions pkg/azure/actuator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ var _ actuatoriface.Actuator = (*Actuator)(nil)
// Actuator implements the CredentialsRequest Actuator interface to create credentials for Azure.
type Actuator struct {
client *clientWrapper
codec *minterv1.ProviderCodec
credentialMinterBuilder credentialMinterBuilder
}

Expand All @@ -55,28 +54,20 @@ func (a *Actuator) STSFeatureGateEnabled() bool {
}

func NewActuator(c, rootCredClient client.Client, cloudName configv1.AzureCloudEnvironment) (*Actuator, error) {
codec, err := minterv1.NewCodec()
if err != nil {
log.WithError(err).Error("error creating Azure codec")
return nil, fmt.Errorf("error creating Azure codec: %v", err)
}

client := newClientWrapper(c, rootCredClient)
return &Actuator{
client: client,
codec: codec,
credentialMinterBuilder: func(logger log.FieldLogger, clientID, clientSecret, tenantID, subscriptionID string) (*AzureCredentialsMinter, error) {
return NewAzureCredentialsMinter(logger, clientID, clientSecret, cloudName, tenantID, subscriptionID)
},
}, nil
}

func NewFakeActuator(c, rootCredClient client.Client, codec *minterv1.ProviderCodec,
func NewFakeActuator(c, rootCredClient client.Client,
credentialMinterBuilder credentialMinterBuilder,
) *Actuator {
return &Actuator{
client: newClientWrapper(c, rootCredClient),
codec: codec,
credentialMinterBuilder: credentialMinterBuilder,
}
}
Expand All @@ -96,12 +87,9 @@ func (a *Actuator) IsValidMode() error {
}

func isAzureCredentials(providerSpec *runtime.RawExtension) (bool, error) {
codec, err := minterv1.NewCodec()
if err != nil {
return false, err
}
var err error
unknown := runtime.Unknown{}
err = codec.DecodeProviderSpec(providerSpec, &unknown)
err = minterv1.Codec.DecodeProviderSpec(providerSpec, &unknown)
if err != nil {
return false, err
}
Expand Down Expand Up @@ -152,7 +140,7 @@ func (a *Actuator) needsUpdate(ctx context.Context, cr *minterv1.CredentialsRequ
}

// If we still have lingering App Registration info, we should try to clean it up if possible
azureStatus, err := decodeProviderStatus(a.codec, cr)
azureStatus, err := decodeProviderStatus(minterv1.Codec, cr)
if err != nil {
return true, err
}
Expand Down Expand Up @@ -189,7 +177,7 @@ func (a *Actuator) Delete(ctx context.Context, cr *minterv1.CredentialsRequest)
return err
}

azureStatus, err := decodeProviderStatus(a.codec, cr)
azureStatus, err := decodeProviderStatus(minterv1.Codec, cr)
if err != nil {
return err
}
Expand Down Expand Up @@ -308,7 +296,7 @@ func decodeProviderSpec(codec *minterv1.ProviderCodec, cr *minterv1.CredentialsR

func (a *Actuator) updateProviderStatus(ctx context.Context, logger log.FieldLogger, cr *minterv1.CredentialsRequest, azureStatus *minterv1.AzureProviderStatus) error {
var err error
cr.Status.ProviderStatus, err = a.codec.EncodeProviderStatus(azureStatus)
cr.Status.ProviderStatus, err = minterv1.Codec.EncodeProviderStatus(azureStatus)
if err != nil {
logger.WithError(err).Error("error encoding provider status")
return err
Expand Down Expand Up @@ -343,7 +331,7 @@ func (a *Actuator) syncPassthrough(ctx context.Context, cr *minterv1.Credentials
}

func (a *Actuator) cleanupAfterPassthroughPivot(ctx context.Context, cr *minterv1.CredentialsRequest, cloudCredsSecret *corev1.Secret, logger log.FieldLogger) error {
azureStatus, err := decodeProviderStatus(a.codec, cr)
azureStatus, err := decodeProviderStatus(minterv1.Codec, cr)
if err != nil {
return err
}
Expand Down
Loading