diff --git a/cmd/main.go b/cmd/main.go index 88ce1aa78..bf7879208 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -277,14 +277,6 @@ func main() { } } - if err = (&controller.CredentialReconciler{ - SystemNamespace: currentNamespace, - Client: mgr.GetClient(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Credential") - os.Exit(1) - } - if err = (&controller.ManagementBackupReconciler{ Client: mgr.GetClient(), SystemNamespace: currentNamespace, diff --git a/config/dev/adopted-credentials.yaml b/config/dev/adopted-credentials.yaml index c145dab9c..81c157b92 100644 --- a/config/dev/adopted-credentials.yaml +++ b/config/dev/adopted-credentials.yaml @@ -5,6 +5,8 @@ kind: Secret metadata: name: adopted-cluster-kubeconf namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" type: Opaque --- apiVersion: k0rdent.mirantis.com/v1alpha1 @@ -12,6 +14,8 @@ kind: Credential metadata: name: adopted-cluster-cred namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" spec: description: Adopted Credentials identityRef: diff --git a/config/dev/aks-credentials.yaml b/config/dev/aks-credentials.yaml index 92646abc8..c2bc70863 100644 --- a/config/dev/aks-credentials.yaml +++ b/config/dev/aks-credentials.yaml @@ -4,6 +4,8 @@ kind: Secret metadata: name: azure-aks-credential namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" stringData: AZURE_CLIENT_ID: "${AZURE_CLIENT_ID}" AZURE_CLIENT_SECRET: "${AZURE_CLIENT_SECRET}" @@ -16,6 +18,8 @@ kind: Credential metadata: name: azure-aks-credential namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" spec: description: Azure AKS credentials identityRef: diff --git a/config/dev/aws-credentials.yaml b/config/dev/aws-credentials.yaml index d681d2e8c..efca3cc70 100644 --- a/config/dev/aws-credentials.yaml +++ b/config/dev/aws-credentials.yaml @@ -4,6 +4,8 @@ kind: AWSClusterStaticIdentity metadata: name: aws-cluster-identity namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" spec: secretRef: aws-cluster-identity-secret allowedNamespaces: @@ -15,6 +17,8 @@ kind: Secret metadata: name: aws-cluster-identity-secret namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" type: Opaque stringData: AccessKeyID: ${AWS_ACCESS_KEY_ID} @@ -26,6 +30,8 @@ kind: Credential metadata: name: aws-cluster-identity-cred namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" spec: description: AWS credentials identityRef: diff --git a/config/dev/azure-credentials.yaml b/config/dev/azure-credentials.yaml index c86b9013b..0741b83d4 100644 --- a/config/dev/azure-credentials.yaml +++ b/config/dev/azure-credentials.yaml @@ -4,6 +4,7 @@ kind: AzureClusterIdentity metadata: labels: clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + k0rdent.mirantis.com/component: "kcm" name: azure-cluster-identity namespace: ${NAMESPACE} spec: @@ -20,6 +21,8 @@ kind: Secret metadata: name: azure-cluster-identity-secret namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" stringData: clientSecret: "${AZURE_CLIENT_SECRET}" type: Opaque @@ -29,6 +32,8 @@ kind: Credential metadata: name: azure-cluster-identity-cred namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" spec: description: Azure credentials identityRef: @@ -42,6 +47,8 @@ kind: ConfigMap metadata: name: azure-cluster-identity-resource-template namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" annotations: projectsveltos.io/template: "true" data: diff --git a/config/dev/openstack-credentials.yaml b/config/dev/openstack-credentials.yaml index 4c5274639..4f5a6b357 100644 --- a/config/dev/openstack-credentials.yaml +++ b/config/dev/openstack-credentials.yaml @@ -4,6 +4,8 @@ kind: Secret metadata: name: openstack-cloud-config namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" stringData: clouds.yaml: | clouds: @@ -22,6 +24,8 @@ kind: Credential metadata: name: openstack-cluster-identity-cred namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" spec: description: OpenStack credentials identityRef: @@ -35,6 +39,8 @@ kind: ConfigMap metadata: name: openstack-cloud-config-resource-template namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" annotations: projectsveltos.io/template: "true" data: diff --git a/config/dev/vsphere-credentials.yaml b/config/dev/vsphere-credentials.yaml index 5ef32250c..4368b00a9 100644 --- a/config/dev/vsphere-credentials.yaml +++ b/config/dev/vsphere-credentials.yaml @@ -4,6 +4,8 @@ kind: VSphereClusterIdentity metadata: name: vsphere-cluster-identity namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" spec: secretName: vsphere-cluster-identity-secret allowedNamespaces: @@ -15,6 +17,8 @@ kind: Secret metadata: name: vsphere-cluster-identity-secret namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" stringData: username: ${VSPHERE_USER} password: ${VSPHERE_PASSWORD} @@ -24,6 +28,8 @@ kind: Credential metadata: name: vsphere-cluster-identity-cred namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" spec: description: vSphere credentials identityRef: @@ -37,6 +43,8 @@ kind: ConfigMap metadata: name: vsphere-cluster-identity-resource-template namespace: ${NAMESPACE} + labels: + k0rdent.mirantis.com/component: "kcm" annotations: projectsveltos.io/template: "true" data: diff --git a/go.mod b/go.mod index 3fcf62a3b..c63174518 100644 --- a/go.mod +++ b/go.mod @@ -30,18 +30,12 @@ require ( k8s.io/utils v0.0.0-20241210054802-24370beab758 sigs.k8s.io/cluster-api v1.9.3 sigs.k8s.io/cluster-api-operator v0.15.1 - sigs.k8s.io/cluster-api-provider-azure v1.17.2 - sigs.k8s.io/cluster-api-provider-vsphere v1.12.0 sigs.k8s.io/controller-runtime v0.19.4 ) require ( dario.cat/mergo v1.0.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/BurntSushi/toml v1.4.0 // indirect @@ -145,6 +139,7 @@ require ( github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.60.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect + github.com/redis/go-redis/v9 v9.6.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rubenv/sql-migrate v1.7.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect @@ -165,6 +160,7 @@ require ( github.com/zeebo/blake3 v0.2.4 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect go.opentelemetry.io/otel v1.32.0 // indirect + go.opentelemetry.io/otel/exporters/prometheus v0.46.0 // indirect go.opentelemetry.io/otel/metric v1.32.0 // indirect go.opentelemetry.io/otel/sdk v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.32.0 // indirect @@ -172,7 +168,6 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect - golang.org/x/mod v0.22.0 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sync v0.10.0 // indirect diff --git a/go.sum b/go.sum index 4ae08b59e..456843199 100644 --- a/go.sum +++ b/go.sum @@ -6,27 +6,10 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= -github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 h1:LkHbJbgF3YyvC53aqYGR+wWQDn2Rdp9AQdGndf9QvY4= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0/go.mod h1:QyiQdW4f4/BIfB8ZutZ2s+28RAgfa/pT+zS++ZHyM1I= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= -github.com/Azure/azure-service-operator/v2 v2.8.0 h1:BcyB8LvRmtgVIIUaXwWIJz5eHvknyno0qq5LkDuvM/s= -github.com/Azure/azure-service-operator/v2 v2.8.0/go.mod h1:ezbJS56PcORFFqLV8XZmM9xZ12m6aGAkg353fQhWD/8= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= @@ -57,8 +40,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= -github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -204,8 +185,6 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= -github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -261,7 +240,7 @@ github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFO github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= +github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru/arc/v2 v2.0.5 h1:l2zaLDubNhW4XO3LnliVj0GXO3+/CGNJAg1dcN2Fpfw= github.com/hashicorp/golang-lru/arc/v2 v2.0.5/go.mod h1:ny6zBSQZi2JxIeYcv7kt2sH2PXJtirBN7RDhRpxPkxU= github.com/hashicorp/golang-lru/v2 v2.0.5 h1:wW7h1TG88eUIJ2i69gaE3uNVtEPIagzhGvHgwfx2Vm4= @@ -376,8 +355,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+v github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= -github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= -github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -685,10 +662,6 @@ sigs.k8s.io/cluster-api v1.9.3 h1:lKWbrXzyNmJh++IcX54ZbAmnO7tZ2wKgds7WvskpiXY= sigs.k8s.io/cluster-api v1.9.3/go.mod h1:5iojv38PSvOd4cxqu08Un5TQmy2yBkd3+0U7R/e+msk= sigs.k8s.io/cluster-api-operator v0.15.1 h1:oGEqNE7c1Ieqwso/DwjRVD2b/7wFXIjEKAodlwsO6/Q= sigs.k8s.io/cluster-api-operator v0.15.1/go.mod h1:0yvW+1BLHcE5/gQfWSin1L4Gj+8wa9y7+vVTXOhUnSg= -sigs.k8s.io/cluster-api-provider-azure v1.17.2 h1:uS9ggE/bryI0hiOWHBa56nYHkWmsPZW3bzYeAddL4vM= -sigs.k8s.io/cluster-api-provider-azure v1.17.2/go.mod h1:ohdf0TYutOn5vKsXpNVeZUVfUSNIwNhfF6wDjbiqPI0= -sigs.k8s.io/cluster-api-provider-vsphere v1.12.0 h1:9ze+1JSdLAGiLklsnORvj/vs2XpR9jyVmkT0Dwo1nuc= -sigs.k8s.io/cluster-api-provider-vsphere v1.12.0/go.mod h1:2y9fsZQ3qjT1kL6IXiOUVcyV0n8DLBQGvyPnId9xRzk= sigs.k8s.io/controller-runtime v0.19.4 h1:SUmheabttt0nx8uJtoII4oIP27BVVvAKFvdvGFwV/Qo= sigs.k8s.io/controller-runtime v0.19.4/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= diff --git a/internal/controller/backup/collect_test.go b/internal/controller/backup/collect_test.go index c4403916e..317e312da 100644 --- a/internal/controller/backup/collect_test.go +++ b/internal/controller/backup/collect_test.go @@ -125,27 +125,18 @@ func Test_sortDedup(t *testing.T) { { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "control-plane-k0smotron"}, }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-azure"}, - }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "bootstrap-k0smotron"}, }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "control-plane-k0smotron"}, }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-azure"}, - }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "bootstrap-k0smotron"}, }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "control-plane-k0smotron"}, }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-vsphere"}, - }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-internal"}, }, @@ -158,18 +149,12 @@ func Test_sortDedup(t *testing.T) { { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "control-plane-k0smotron"}, }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-openstack"}, - }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "bootstrap-k0smotron"}, }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "control-plane-k0smotron"}, }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-vsphere"}, - }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "bootstrap-k0smotron"}, }, @@ -179,9 +164,6 @@ func Test_sortDedup(t *testing.T) { { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-aws"}, }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-azure"}, - }, }, expected: []*metav1.LabelSelector{ { @@ -199,18 +181,9 @@ func Test_sortDedup(t *testing.T) { { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-aws"}, }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-azure"}, - }, { MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-internal"}, }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-openstack"}, - }, - { - MatchLabels: map[string]string{"cluster.x-k8s.io/provider": "infrastructure-vsphere"}, - }, { MatchLabels: map[string]string{"controller.cert-manager.io/fao": "true"}, }, diff --git a/internal/controller/credential_controller.go b/internal/controller/credential_controller.go deleted file mode 100644 index 99027fae9..000000000 --- a/internal/controller/credential_controller.go +++ /dev/null @@ -1,277 +0,0 @@ -// Copyright 2024 -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - "errors" - "fmt" - "time" - - corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - apimeta "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - capz "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" - capv "sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - - kcm "github.com/K0rdent/kcm/api/v1alpha1" - "github.com/K0rdent/kcm/internal/utils" -) - -// CredentialReconciler reconciles a Credential object -type CredentialReconciler struct { - client.Client - SystemNamespace string - syncPeriod time.Duration -} - -func (r *CredentialReconciler) Reconcile(ctx context.Context, req ctrl.Request) (_ ctrl.Result, err error) { - l := ctrl.LoggerFrom(ctx) - l.Info("Credential reconcile start") - - cred := &kcm.Credential{} - if err := r.Client.Get(ctx, req.NamespacedName, cred); err != nil { - return ctrl.Result{}, client.IgnoreNotFound(err) - } - - if err := utils.AddKCMComponentLabel(ctx, r.Client, cred); err != nil { - l.Error(err, "adding component label") - return ctrl.Result{}, err - } - - defer func() { - err = errors.Join(err, r.updateStatus(ctx, cred)) - }() - - clIdty := &unstructured.Unstructured{} - clIdty.SetAPIVersion(cred.Spec.IdentityRef.APIVersion) - clIdty.SetKind(cred.Spec.IdentityRef.Kind) - clIdty.SetName(cred.Spec.IdentityRef.Name) - clIdty.SetNamespace(cred.Spec.IdentityRef.Namespace) - - if err := r.Client.Get(ctx, client.ObjectKey{ - Name: cred.Spec.IdentityRef.Name, - Namespace: cred.Spec.IdentityRef.Namespace, - }, clIdty); err != nil { - errMsg := fmt.Sprintf("Failed to get ClusterIdentity %s: %s", cred.Spec.IdentityRef.Name, err) - if apierrors.IsNotFound(err) { - errMsg = fmt.Sprintf("ClusterIdentity %s not found", cred.Spec.IdentityRef.Name) - } - - apimeta.SetStatusCondition(cred.GetConditions(), metav1.Condition{ - Type: kcm.CredentialReadyCondition, - Status: metav1.ConditionFalse, - Reason: kcm.FailedReason, - Message: errMsg, - }) - - return ctrl.Result{}, err - } - - if err := utils.AddKCMComponentLabel(ctx, r.Client, clIdty); err != nil { - l.Error(err, "adding component label to the ClusterIdentity") - return ctrl.Result{}, err - } - - if err := r.updateIdentityReferencedSecret(ctx, cred.Spec.IdentityRef); err != nil { - l.Error(err, "adding component label to the Secret from the Identity Reference") - return ctrl.Result{}, err - } - - apimeta.SetStatusCondition(cred.GetConditions(), metav1.Condition{ - Type: kcm.CredentialReadyCondition, - Status: metav1.ConditionTrue, - Reason: kcm.SucceededReason, - Message: "Credential is ready", - }) - - return ctrl.Result{RequeueAfter: r.syncPeriod}, nil -} - -func (r *CredentialReconciler) updateStatus(ctx context.Context, cred *kcm.Credential) error { - cred.Status.Ready = false - for _, cond := range cred.Status.Conditions { - if cond.Type == kcm.CredentialReadyCondition && cond.Status == metav1.ConditionTrue { - cred.Status.Ready = true - break - } - } - - if err := r.Client.Status().Update(ctx, cred); err != nil { - return fmt.Errorf("failed to update Credential %s/%s status: %w", cred.Namespace, cred.Name, err) - } - - return nil -} - -// updateIdentityReferencedSecret updates referenced *Identity Secret with the component label. -// The component label on such Secret is required for a proper management backup. -func (r *CredentialReconciler) updateIdentityReferencedSecret(ctx context.Context, idRef *corev1.ObjectReference) error { - // avoid "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2" dependency - const ( - awsClusterControllerIdentityKind = "AWSClusterControllerIdentity" - awsClusterStaticIdentityKind = "AWSClusterStaticIdentity" - awsClusterRoleIdentityKind = "AWSClusterRoleIdentity" - ) - - switch idRef.Kind { - case awsClusterControllerIdentityKind: // no secret refs - return nil - case awsClusterRoleIdentityKind: - return r.updateAWSSecretFromClusterRoleIdentity(ctx, idRef) - case awsClusterStaticIdentityKind: - return r.updateAWSSecretFromClusterStaticIdentity(ctx, idRef) - case capz.AzureClusterIdentityKind: - return r.updateAzureSecretFromClusterIdentity(ctx, idRef) - case string(capv.VSphereClusterIdentityKind): - return r.updateVsphereSecretFromClusterIdentity(ctx, idRef) - } - - return nil -} - -func (r *CredentialReconciler) updateAzureSecretFromClusterIdentity(ctx context.Context, reference *corev1.ObjectReference) error { - azureClusterIdentity := new(capz.AzureClusterIdentity) - if err := r.Client.Get(ctx, client.ObjectKey{ - Name: reference.Name, - Namespace: reference.Namespace, - }, azureClusterIdentity); err != nil { - return fmt.Errorf("failed to get AzureClusterIdentity %s/%s: %w", reference.Namespace, reference.Name, err) - } - - return updateSecret(ctx, r.Client, - client.ObjectKey{ - Name: azureClusterIdentity.Spec.ClientSecret.Name, - Namespace: azureClusterIdentity.Spec.ClientSecret.Namespace, - }, - azureClusterIdentity, - ) -} - -func (r *CredentialReconciler) updateVsphereSecretFromClusterIdentity(ctx context.Context, reference *corev1.ObjectReference) error { - vsphereClusterIdentity := new(capv.VSphereClusterIdentity) - if err := r.Client.Get(ctx, client.ObjectKey{Name: reference.Name}, vsphereClusterIdentity); err != nil { // cluster-scoped - return fmt.Errorf("failed to get VSphereClusterIdentity %s: %w", reference.Name, err) - } - - return updateSecret(ctx, r.Client, - client.ObjectKey{Name: vsphereClusterIdentity.Spec.SecretName, Namespace: r.SystemNamespace}, - vsphereClusterIdentity, - ) -} - -func (r *CredentialReconciler) updateAWSSecretFromClusterRoleIdentity(ctx context.Context, initialReference *corev1.ObjectReference) error { - const ( - awsClusterControllerIdentityKind = "AWSClusterControllerIdentity" - awsClusterStaticIdentityKind = "AWSClusterStaticIdentity" - ) - - kind, name := initialReference.Kind, initialReference.Name - - const limitRefs = 3 // consider an error if more nested refs - for range limitRefs { - clRoleIdentity := new(unstructured.Unstructured) - clRoleIdentity.SetAPIVersion(initialReference.APIVersion) - - clRoleIdentity.SetKind(kind) - clRoleIdentity.SetName(name) - - if err := r.Client.Get(ctx, client.ObjectKey{Name: name}, clRoleIdentity); err != nil { // cluster-scoped - return fmt.Errorf("failed to get %s identity reference: %w", kind, err) - } - - srcIdentityRefKind, ok, err := unstructured.NestedString(clRoleIdentity.Object, "spec", "sourceIdentityRef", "kind") - if err != nil { - return fmt.Errorf("failed to extract .spec.sourceIdentityRef.kind from %s %s: %w", clRoleIdentity.GetKind(), clRoleIdentity.GetName(), err) - } - if !ok { - return nil // sanity - } - - srcIdentityRefName, ok, err := unstructured.NestedString(clRoleIdentity.Object, "spec", "sourceIdentityRef", "name") - if err != nil { - return fmt.Errorf("failed to extract .spec.sourceIdentityRef.name from %s %s", clRoleIdentity.GetKind(), clRoleIdentity.GetName()) - } - if !ok { - return nil // sanity - } - - kind, name = srcIdentityRefKind, srcIdentityRefName - - switch srcIdentityRefKind { - case awsClusterControllerIdentityKind: // no secret refs - return nil - case awsClusterStaticIdentityKind: - newReference := &corev1.ObjectReference{ - APIVersion: initialReference.APIVersion, - Kind: kind, - Name: name, - } - return r.updateAWSSecretFromClusterStaticIdentity(ctx, newReference) - } - // nested refs case, continue - } - - return fmt.Errorf("failed to determine the secrets data from the %s %s identity reference", initialReference.Kind, initialReference.Name) -} - -func (r *CredentialReconciler) updateAWSSecretFromClusterStaticIdentity(ctx context.Context, reference *corev1.ObjectReference) error { - clStaticIdentity := new(unstructured.Unstructured) - clStaticIdentity.SetAPIVersion(reference.APIVersion) - clStaticIdentity.SetKind(reference.Kind) - clStaticIdentity.SetName(reference.Name) - - if err := r.Client.Get(ctx, client.ObjectKey{Name: reference.Name}, clStaticIdentity); err != nil { // cluster-scoped - return fmt.Errorf("failed to get %s identity reference: %w", reference.Kind, err) - } - - secretName, ok, err := unstructured.NestedString(clStaticIdentity.Object, "spec", "secretRef") - if err != nil { - return fmt.Errorf("failed to extract .spec.secretRef from %s %s", clStaticIdentity.GetKind(), clStaticIdentity.GetName()) - } - if !ok { - return nil // nothing to do - } - - return updateSecret(ctx, r.Client, - client.ObjectKey{Name: secretName, Namespace: r.SystemNamespace}, - clStaticIdentity, - ) -} - -func updateSecret(ctx context.Context, cl client.Client, secretKey client.ObjectKey, identity client.Object) error { - secret := new(corev1.Secret) - if err := cl.Get(ctx, secretKey, secret); err != nil { - return fmt.Errorf("failed to get Secret %s referenced in %s %s: %w", secretKey, identity.GetObjectKind().GroupVersionKind().Kind, client.ObjectKeyFromObject(identity), err) - } - - if err := utils.AddKCMComponentLabel(ctx, cl, secret); err != nil { - return fmt.Errorf("failed to add component label: %w", err) - } - return nil -} - -// SetupWithManager sets up the controller with the Manager. -func (r *CredentialReconciler) SetupWithManager(mgr ctrl.Manager) error { - r.syncPeriod = 15 * time.Minute - - return ctrl.NewControllerManagedBy(mgr). - For(&kcm.Credential{}). - Complete(r) -}