Implementing Capsule Tenant ownership predicate for Namespace Controller (#13)

* Implementing Capsule OwnerRef predicate * Sorting imports
2026-03-04 02:30:23 +00:00 · 2020-07-28 11:45:39 +02:00
parent 66969e334c
commit fef3607ecf
8 changed files with 49 additions and 13 deletions
--- a/pkg/controller/namespace/namespace_controller.go
+++ b/pkg/controller/namespace/namespace_controller.go
@@ -15,20 +15,24 @@ package namespace

 import (
 	"context"
+	"sort"
+
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/retry"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
+	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	"sigs.k8s.io/controller-runtime/pkg/source"
-	"sort"

 	"github.com/clastix/capsule/pkg/apis/capsule/v1alpha1"
 )
@@ -47,6 +51,15 @@ func newReconciler(mgr manager.Manager) reconcile.Reconciler {
 	}
 }

+func getCapsuleReference(refs []v1.OwnerReference) (ok bool, reference *v1.OwnerReference) {
+	for _, r := range refs {
+		if r.APIVersion == v1alpha1.SchemeGroupVersion.String() {
+			return true, r.DeepCopy()
+		}
+	}
+	return false, nil
+}
+
 // add adds a new Controller to mgr with r as the reconcile.Reconciler
 func add(mgr manager.Manager, r reconcile.Reconciler) error {
 	// Create a new controller
@@ -56,7 +69,24 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
 	}

 	// Watch for changes to primary resource Namespace
-	err = c.Watch(&source.Kind{Type: &corev1.Namespace{}}, &handler.EnqueueRequestForObject{})
+	err = c.Watch(&source.Kind{Type: &corev1.Namespace{}}, &handler.EnqueueRequestForObject{}, predicate.Funcs{
+		CreateFunc: func(event event.CreateEvent) (ok bool) {
+			ok, _ = getCapsuleReference(event.Meta.GetOwnerReferences())
+			return
+		},
+		DeleteFunc: func(deleteEvent event.DeleteEvent) (ok bool) {
+			ok, _ = getCapsuleReference(deleteEvent.Meta.GetOwnerReferences())
+			return
+		},
+		UpdateFunc: func(updateEvent event.UpdateEvent) (ok bool) {
+			ok, _ = getCapsuleReference(updateEvent.MetaNew.GetOwnerReferences())
+			return
+		},
+		GenericFunc: func(genericEvent event.GenericEvent) (ok bool) {
+			ok, _ = getCapsuleReference(genericEvent.Meta.GetOwnerReferences())
+			return
+		},
+	})
 	if err != nil {
 		return err
 	}
@@ -129,13 +159,9 @@ func (r *ReconcileNamespace) Reconcile(request reconcile.Request) (res reconcile
 		return reconcile.Result{}, err
 	}

-	// Skipping NS non referenced to a Tenant
-	if len(ns.OwnerReferences) == 0 {
-		return reconcile.Result{}, nil
-	}
-
+	_, or := getCapsuleReference(ns.OwnerReferences)
 	t := &v1alpha1.Tenant{}
-	if err := r.client.Get(context.TODO(), types.NamespacedName{Name: ns.OwnerReferences[0].Name}, t); err != nil {
+	if err := r.client.Get(context.TODO(), types.NamespacedName{Name: or.Name}, t); err != nil {
 		// Error reading the object - requeue the request.
 		return reconcile.Result{}, err
 	}
--- a/pkg/controller/secret/reconciler.go
+++ b/pkg/controller/secret/reconciler.go
@@ -16,16 +16,17 @@ package secret
 import (
 	"context"
 	"fmt"
-	"k8s.io/apimachinery/pkg/types"

-	"github.com/clastix/capsule/pkg/cert"
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+	"github.com/clastix/capsule/pkg/cert"
 )

 type secretReconciliationFunc func(reconciler *ReconcileSecret, request reconcile.Request) (reconcile.Result, error)
--- a/pkg/indexer/indexer.go
+++ b/pkg/indexer/indexer.go
@@ -15,6 +15,7 @@ package indexer

 import (
 	"context"
+
 	"k8s.io/apimachinery/pkg/runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
--- a/pkg/webhook/network_policies/validating.go
+++ b/pkg/webhook/network_policies/validating.go
@@ -15,7 +15,6 @@ package network_policies

 import (
 	"context"
-	"github.com/clastix/capsule/pkg/webhook/utils"
 	"net/http"

 	"k8s.io/api/admission/v1beta1"
@@ -27,6 +26,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"

 	"github.com/clastix/capsule/pkg/apis/capsule/v1alpha1"
+	"github.com/clastix/capsule/pkg/webhook/utils"
 )

 func Add(mgr manager.Manager) error {
--- a/pkg/webhook/owner_reference/patching.go
+++ b/pkg/webhook/owner_reference/patching.go
@@ -16,7 +16,6 @@ package owner_reference
 import (
 	"context"
 	"encoding/json"
-	"github.com/clastix/capsule/pkg/webhook/utils"
 	"net/http"

 	corev1 "k8s.io/api/core/v1"
@@ -30,6 +29,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"

 	"github.com/clastix/capsule/pkg/apis/capsule/v1alpha1"
+	"github.com/clastix/capsule/pkg/webhook/utils"
 )

 func Add(mgr manager.Manager) error {
--- a/pkg/webhook/webhook.go
+++ b/pkg/webhook/webhook.go
@@ -15,6 +15,7 @@ package webhook

 import (
 	"io/ioutil"
+
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 )