open-cluster-management

mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-05-09 10:47:35 +00:00

Author	SHA1	Message	Date
OpenShift Cherrypick Robot	d9f825193c	🐛 fix: Propagate UserInfo.Extra field in ManifestWork webhook SAR (#1435 ) This commit fixes a security vulnerability where the ManifestWork validating webhook was not passing the UserInfo.Extra field when constructing SubjectAccessReview (SAR) requests. This omission could lead to authorization bypass when external authorization policies rely on Extra fields (e.g., OIDC claims, department attributes). The fix adds Extra field conversion logic consistent with the ManagedCluster webhook implementation and includes comprehensive test coverage to verify the Extra field is properly propagated. Fixes #1425 🤖 Assisted by Claude Code Signed-off-by: zhujian <jiazhu@redhat.com> Co-authored-by: zhujian <jiazhu@redhat.com>	2026-03-13 01:57:56 +00:00
Ben Perry	377ba25c26	✨ Workload conditions (#910 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 1m40s Post / coverage (push) Failing after 35m43s Post / images (amd64) (push) Failing after 8m36s Post / images (arm64) (push) Failing after 8m8s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Close stale issues and PRs / stale (push) Successful in 48s * Import OCM API changes for workload conditions Signed-off-by: Ben Perry <bhperry94@gmail.com> * Implement condition rule evaluator Signed-off-by: Ben Perry <bhperry94@gmail.com> * Evaluate manifest condition rules after apply Signed-off-by: Ben Perry <bhperry94@gmail.com> * note to self Signed-off-by: Ben Perry <bhperry94@gmail.com> * Cleanup Signed-off-by: Ben Perry <bhperry94@gmail.com> * Return config option if rules are set Signed-off-by: Ben Perry <bhperry94@gmail.com> * update api Signed-off-by: Ben Perry <bhperry94@gmail.com> * Always return an error to inform user about the state of their condition rule Signed-off-by: Ben Perry <bhperry94@gmail.com> * Condition rule errors should not result in retrying apply Signed-off-by: Ben Perry <bhperry94@gmail.com> * Test condition rule reconciliation Signed-off-by: Ben Perry <bhperry94@gmail.com> * Return condition status Unknown when an internal CEL error occurs Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update api Signed-off-by: Ben Perry <bhperry94@gmail.com> * Switch to common CEL lib Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update to simplified celExpressions format Signed-off-by: Ben Perry <bhperry94@gmail.com> * Formatting Signed-off-by: Ben Perry <bhperry94@gmail.com> * tidy Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update ocm api Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update sdk-go Signed-off-by: Ben Perry <bhperry94@gmail.com> * Switch to sdk-go ConditionLib Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update API Signed-off-by: Ben Perry <bhperry94@gmail.com> * Switch to WellKnownConditions with required Condition field Signed-off-by: Ben Perry <bhperry94@gmail.com> * Support CEL evaluation budget Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update sdk-go Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update API Signed-off-by: Ben Perry <bhperry94@gmail.com> * lint Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update go.mod Signed-off-by: Ben Perry <bhperry94@gmail.com> * Tests and comments Signed-off-by: Ben Perry <bhperry94@gmail.com> * Move condition reader to status controller for more frequent updates Signed-off-by: Ben Perry <bhperry94@gmail.com> * Ignore missing WellKnownCondition Signed-off-by: Ben Perry <bhperry94@gmail.com> * Fix test Signed-off-by: Ben Perry <bhperry94@gmail.com> * Update condition tests Signed-off-by: Ben Perry <bhperry94@gmail.com> --------- Signed-off-by: Ben Perry <bhperry94@gmail.com>	2025-06-11 15:47:35 +00:00
Jian Zhu	fb5ba3acaf	🐛 Use syncmap for the resource cache (#1023 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 1m33s Post / coverage (push) Failing after 32m30s Post / images (amd64) (push) Failing after 8m6s Post / images (arm64) (push) Failing after 7m35s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Close stale issues and PRs / stale (push) Successful in 43s * Use syncmap for the resource cache Signed-off-by: zhujian <jiazhu@redhat.com> * update unit tests Signed-off-by: zhujian <jiazhu@redhat.com> * fix unit test Signed-off-by: zhujian <jiazhu@redhat.com> * use sync.map directly Signed-off-by: zhujian <jiazhu@redhat.com> --------- Signed-off-by: zhujian <jiazhu@redhat.com>	2025-06-05 01:58:40 +00:00
ivanscai	e753bd6e81	add hub QPS/Burst to hub work client,for talking with hub cluster apiserver (#1012 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 1m7s Post / coverage (push) Failing after 27m40s Post / images (amd64) (push) Failing after 3m26s Post / images (arm64) (push) Failing after 2m55s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Close stale issues and PRs / stale (push) Successful in 36s Signed-off-by: caijing <caijing.cai@alibaba-inc.com>	2025-05-28 13:41:55 +00:00
Zhiwei Yin	e78a3a6d3d	add deletionPolicy for manifestworkReplicaset (#996 ) Some checks failed Post / coverage (push) Failing after 26m38s Post / images (amd64) (push) Failing after 3m24s Post / images (arm64) (push) Failing after 2m59s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Scorecard supply-chain security / Scorecard analysis (push) Failing after 1m13s Signed-off-by: Zhiwei Yin <zyin@redhat.com>	2025-05-28 01:12:21 +00:00
Jian Qiu	4eda44f2b9	Add jitter in requeue for status controller (#991 ) Some checks failed Post / coverage (push) Failing after 27m51s Post / images (amd64) (push) Failing after 3m27s Post / images (arm64) (push) Failing after 3m13s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Scorecard supply-chain security / Scorecard analysis (push) Failing after 1m9s Close stale issues and PRs / stale (push) Successful in 40s Instead of requeue all each resyncInterval, we requeue for each item separately with a jitter to avoud bursty request Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-05-14 07:09:27 +00:00
Ankit Kurmi	cd8827572e	feat: updated golang to v1.23.6 and related k8s.io packages (#870 ) Signed-off-by: Ankit152 <ankitkurmi152@gmail.com>	2025-04-09 07:46:27 +00:00
Wei Liu	0c5377c34b	upgrade go-sdk (#914 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2025-03-27 07:06:09 +00:00
Wei Liu	73150dea19	reduce unnecessary log (#890 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 4m14s Post / images (amd64) (push) Failing after 6m28s Post / images (arm64) (push) Failing after 5m18s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Post / coverage (push) Failing after 25m50s Close stale issues and PRs / stale (push) Successful in 7s Signed-off-by: Wei Liu <liuweixa@redhat.com>	2025-03-14 01:19:08 +00:00
Jian Qiu	453b775170	Bump api/sdk-go/addon-framework to v0.16 (#879 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-03-10 13:52:52 +00:00
Jian Qiu	741bf1c60f	Apply ownerref eventhough other field is ignored (#847 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-02-25 02:16:45 +00:00
Jian Qiu	2746226037	Regactor hub driver interface and remove approver (#846 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 1m27s Post / coverage (push) Failing after 8m0s Post / images (amd64) (push) Failing after 7m17s Post / images (arm64) (push) Failing after 5m47s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Close stale issues and PRs / stale (push) Successful in 34s Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-02-24 13:18:47 +00:00
Zhiwei Yin	568789fef4	refactor to use common HasFinalizer func (#830 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 2m33s Post / coverage (push) Failing after 26m11s Post / images (amd64) (push) Failing after 7m0s Post / images (arm64) (push) Failing after 6m47s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Close stale issues and PRs / stale (push) Successful in 28s Signed-off-by: Zhiwei Yin <zyin@redhat.com>	2025-02-13 02:48:46 +00:00
Jian Qiu	11896ccda1	Fix the issue that ownerref is not set with ignorefields (#794 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 45s Post / images (amd64) (push) Failing after 5m38s Post / images (arm64) (push) Failing after 5m35s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Post / coverage (push) Failing after 26m35s Close stale issues and PRs / stale (push) Successful in 25s Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-01-10 03:19:59 +00:00
Jian Qiu	2397c4e911	Add cache for applyUnstructured (#769 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 59s Post / images (amd64) (push) Failing after 14m29s Post / coverage (push) Failing after 26m17s Post / images (arm64) (push) Failing after 6m52s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Close stale issues and PRs / stale (push) Successful in 39s This could reduce the number of calls to the spoke cluster Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-01-08 15:46:53 +00:00
Yang Le	9af100f427	🐛 fix work agent performance issue (#785 ) Some checks failed Post / images (amd64) (push) Failing after 5m31s Post / images (arm64) (push) Failing after 5m31s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Post / coverage (push) Failing after 27m33s Scorecard supply-chain security / Scorecard analysis (push) Failing after 1m11s Signed-off-by: Yang Le <yangle@redhat.com>	2025-01-08 10:01:24 +00:00
Jian Qiu	037aa3ccfa	Ignore field should not be honored when creating the resource (#784 ) Some checks failed Scorecard supply-chain security / Scorecard analysis (push) Failing after 12m44s Post / images (amd64) (push) Failing after 8m35s Post / coverage (push) Failing after 26m36s Post / images (arm64) (push) Failing after 9m10s Post / image manifest (push) Has been skipped Post / trigger clusteradm e2e (push) Has been skipped Close stale issues and PRs / stale (push) Successful in 30s Signed-off-by: Jian Qiu <jqiu@redhat.com>	2025-01-03 06:09:48 +00:00
Jian Qiu	0897da69da	Implement ignoreFields in server side apply (#726 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-12-10 02:56:55 +00:00
Wei Liu	9ab61dfae8	update sdk-go to fix unstable test (#715 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2024-11-25 04:24:44 +00:00
Zhiwei Yin	fa3a30b36e	support wildcard in manifestConfigs (#703 ) Signed-off-by: Zhiwei Yin <zyin@redhat.com>	2024-11-21 06:56:46 +00:00
Jian Qiu	5911a7e920	🐛 Fix manifestwork and appliedmanifestwork unsync issue (#636 ) * Fix manifestwork and appliedmanifestwork unsync issue merge the two controller as reconcilers for one controller Signed-off-by: Jian Qiu <jqiu@redhat.com> * Add an integration test Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-11-11 01:59:35 +00:00
Rokibul Hasan	20a7b83c5c	Register ManifestWorkReplicaSet webhook when feature is enabled (#673 ) Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>	2024-10-28 01:51:01 +00:00
Jian Qiu	8678ede813	🐛 only read the first item when RawFeedbackJsonString is disabled (#613 ) * only read the first item when RawFeedbackJsonString is disabled This is to ensure the backward compatible when the feature gate is disabled Signed-off-by: Jian Qiu <jqiu@redhat.com> * Add a test for backward compatible Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-09-09 13:34:01 +00:00
Wei Liu	b6763a13c0	remove the creationTimestamp from metadata when using ssa apply manifests (#611 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2024-09-06 02:18:55 +00:00
Jian Qiu	c9161cef09	Set default user-agent for work to work-agent (#588 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-08-06 07:50:11 +00:00
Jian Qiu	8c1d286b11	✨ Refactor registration (#535 ) * Refactor registration Signed-off-by: Jian Qiu <jqiu@redhat.com> * Fix integration test Signed-off-by: Jian Qiu <jqiu@redhat.com> * Refactor cert controller to secret controller Signed-off-by: Jian Qiu <jqiu@redhat.com> * Update health check func Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-07-17 14:14:11 +00:00
Jian Qiu	2582ad922d	Update deps to 1.30 (#546 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-07-02 14:04:15 +00:00
Wei Liu	34fa5b55c4	upgrade sdk (#517 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2024-06-14 13:50:55 +00:00
Jian Zhu	4a329091aa	✨ Add well known status rule for daemonsets (#518 ) * Add well known status rule for daemonsets Signed-off-by: zhujian <jiazhu@redhat.com> * Add integration tests Signed-off-by: zhujian <jiazhu@redhat.com> --------- Signed-off-by: zhujian <jiazhu@redhat.com>	2024-06-14 01:58:08 +00:00
Jian Qiu	9b36e1102d	Readonly strategy (#494 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-06-07 07:39:59 +00:00
Wei Liu	61a74bb348	upgrade sdk-go (#498 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2024-06-06 07:36:33 +00:00
Rokibul Hasan	4e9859b0b6	🐛 Fix "log.SetLogger(...) was never called" in wrok-webhook (#489 ) * Fix "log.SetLogger(...) was never called" in wrok-webhook Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com> * Move logger to the beginning of the func Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com> * Run make fmt-imports Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com> --------- Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>	2024-06-03 01:48:52 +00:00
Chunlin Yang	4117a4b302	✨ upgrade sdk to support Kafka as a cloudevents driver (#460 ) * upgrade sdk to support Kafka as a cloudevents driver Signed-off-by: clyang82 <chuyang@redhat.com> * fix format issue Signed-off-by: clyang82 <chuyang@redhat.com> --------- Signed-off-by: clyang82 <chuyang@redhat.com>	2024-05-14 02:03:34 +00:00
Yang Le	4e2918120c	🌱 honor the settings of AppliedManifestWorkEvictionGracePeriod in Klusterlet API (#454 ) Signed-off-by: Yang Le <yangle@redhat.com>	2024-05-13 08:36:53 +00:00
Wei Liu	147f40c363	Revert "upgrade sdk to support Kafka (#436 )" (#446 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2024-04-26 07:16:17 +00:00
Wei Liu	0882f6d058	upgrade sdk to support Kafka (#436 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2024-04-25 04:23:21 +00:00
Morven Cao	7154863106	✨ support work driver config for cluster manager. (#381 ) * support work driver config for cluster manager. Signed-off-by: morvencao <lcao@redhat.com> * address comments. Signed-off-by: morvencao <lcao@redhat.com> --------- Signed-off-by: morvencao <lcao@redhat.com>	2024-04-24 08:33:13 +00:00
xuezhao	dee7f10633	Add default values for workloadsourcedriver and worksourceloadconfig. (#432 ) Signed-off-by: GitHub <noreply@github.com>	2024-04-22 01:53:15 +00:00
Jian Qiu	3a2250d974	Refactor NewUnstructured method (#418 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-04-11 12:01:07 +00:00
Wei Liu	b1b734aa7a	support cloudevents for manifestworkreplicaset (#352 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2024-03-06 13:17:22 +00:00
Jian Qiu	92d4f86837	Add a flag for work agent to set raw json length (#366 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-03-06 03:52:16 +00:00
Jian Qiu	6cfce8ce24	Revert apply func (#353 ) this part dep on library-go so remove from sdk-go Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-01-22 03:46:46 +00:00
Jian Qiu	bede3edd92	Switch to patcher in sdk-go (#349 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-01-22 02:04:49 +00:00
Wei Liu	889ebf2dee	Switch to sdk-go for cloudevents (#347 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2024-01-18 03:09:13 +00:00
Jian Qiu	1d42f4285e	Switch to sdk-go for helper functions (#346 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-01-17 14:28:54 +00:00
Jian Qiu	976019dd43	🐛 Requeue for rolling strategy in mwrs (#337 ) * Requeue for rolling strategy in mwrs Signed-off-by: Jian Qiu <jqiu@redhat.com> * Add more integration test for rolling Signed-off-by: Jian Qiu <jqiu@redhat.com> --------- Signed-off-by: Jian Qiu <jqiu@redhat.com>	2024-01-04 09:55:20 +00:00
Wei Liu	d2324b8581	supporting cloudevents for work agent (#321 ) Signed-off-by: Wei Liu <liuweixa@redhat.com>	2023-12-07 05:16:59 +00:00
Jian Qiu	f89d535ff3	skip namespace in resourceMeta for cluster scoped resource (#324 ) Signed-off-by: Jian Qiu <jqiu@redhat.com>	2023-11-29 07:31:31 +00:00
Mohamed ElSerngawy	615f5a4441	Update OCM APIs and apply Rollout strategy API changes (#310 ) Signed-off-by: melserngawy <melserng@redhat.com>	2023-11-16 02:36:16 +00:00
Mohamed ElSerngawy	35680c3ca3	✨ Implement ManifestWorkReplicaSet RollOut strategy (#259 ) * Implement rollout strategy Signed-off-by: melserngawy <melserng@redhat.com> * Update API and new logic Signed-off-by: melserngawy <melserng@redhat.com> --------- Signed-off-by: melserngawy <melserng@redhat.com>	2023-11-02 03:08:35 +00:00

1 2

75 Commits