Merge branch 'oidcconfig_no_longer_required' into oidc-fullblown

api/v1/runtime_types.go

@@ -167,7 +167,7 @@ type Kubernetes struct {
 }
 
 type APIServer struct {
-	OidcConfig           gardener.OIDCConfig    `json:"oidcConfig"`
+	OidcConfig           gardener.OIDCConfig    `json:"oidcConfig,omitempty"`
 	AdditionalOidcConfig *[]gardener.OIDCConfig `json:"additionalOidcConfig,omitempty"`
 }
 

config/crd/bases/infrastructuremanager.kyma-project.io_runtimes.yaml

@@ -279,8 +279,6 @@ spec:
                                   the value '-'.
                                 type: string
                             type: object
-                        required:
-                        - oidcConfig
                         type: object
                       version:
                         type: string

hack/shoot-comparator/cmd/comparator/directories.go

@@ -2,10 +2,11 @@ package comparator
 
 import (
 	"fmt"
-	"github.com/kyma-project/infrastructure-manager/tools/shoot-comparator/internal/directories"
-	"github.com/spf13/cobra"
 	"log/slog"
 	"time"
+
+	"github.com/kyma-project/infrastructure-manager/tools/shoot-comparator/internal/directories"
+	"github.com/spf13/cobra"
 )
 
 func init() {

hack/shoot-comparator/cmd/comparator/files.go

@@ -2,6 +2,7 @@ package comparator
 
 import (
 	"fmt"
+
 	"github.com/kyma-project/infrastructure-manager/tools/shoot-comparator/internal/files"
 	"github.com/spf13/cobra"
 )

hack/shoot-comparator/internal/directories/comparator.go

@@ -1,11 +1,12 @@
 package directories
 
 import (
-	"github.com/kyma-project/infrastructure-manager/tools/shoot-comparator/internal/files"
 	"os"
 	"path"
 	"slices"
 	"time"
+
+	"github.com/kyma-project/infrastructure-manager/tools/shoot-comparator/internal/files"
 )
 
 type Result struct {

hack/shoot-comparator/internal/directories/comparator_test.go

@@ -1,16 +1,16 @@
 package directories
 
 import (
-	"github.com/gardener/gardener/pkg/apis/core/v1beta1"
-	"gopkg.in/yaml.v3"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"os"
 	"path"
 	"testing"
 	"time"
 
+	"github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"gopkg.in/yaml.v3"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const onlyLeftFilename = "onlyLeftFile.yaml"

hack/shoot-comparator/internal/files/comparator.go

@@ -1,9 +1,10 @@
 package files
 
 import (
+	"os"
+
 	"github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	"github.com/kyma-project/infrastructure-manager/tools/shoot-comparator/pkg/shoot"
-	"os"
 	"sigs.k8s.io/yaml"
 )
 

hack/shoot-comparator/pkg/shoot/extensionmatcher.go

@@ -2,12 +2,13 @@ package shoot
 
 import (
 	"fmt"
-	"github.com/gardener/gardener/pkg/apis/core/v1beta1"
-	"github.com/onsi/gomega"
-	"github.com/onsi/gomega/types"
 	"reflect"
 	"sort"
 	"strings"
+
+	"github.com/gardener/gardener/pkg/apis/core/v1beta1"
+	"github.com/onsi/gomega"
+	"github.com/onsi/gomega/types"
 )
 
 type ExtensionMatcher struct {

hack/shoot-comparator/pkg/shoot/extensionmatcher_test.go

@@ -2,6 +2,7 @@ package shoot
 
 import (
 	"fmt"
+
 	"github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	. "github.com/onsi/ginkgo/v2" //nolint:revive
 	. "github.com/onsi/gomega"    //nolint:revive

internal/controller/runtime/fsm/runtime_fsm_configure_auditlog.go

@@ -14,9 +14,9 @@ import (
 func sFnConfigureAuditLog(ctx context.Context, m *fsm, s *systemState) (stateFn, *ctrl.Result, error) {
 	m.log.Info("Configure Audit Log state")
 
-	wasAuditLogEnabled, err := m.AuditLogging.Enable(ctx, s.shoot)
+	shootNeedsToBeReconciled, err := m.AuditLogging.Enable(ctx, s.shoot)
 
-	if wasAuditLogEnabled && err == nil {
+	if shootNeedsToBeReconciled && err == nil {
 		m.log.Info("Audit Log configured for shoot: " + s.shoot.Name)
 		s.instance.UpdateStatePending(
 			imv1.ConditionTypeAuditLogConfigured,
@@ -28,59 +28,73 @@ func sFnConfigureAuditLog(ctx context.Context, m *fsm, s *systemState) (stateFn,
 		return updateStatusAndRequeueAfter(gardenerRequeueDuration)
 	}
 
-	auditLogMandatoryString := strconv.FormatBool(m.RCCfg.AuditLogMandatory)
+	if err == nil {
+		s.instance.UpdateStateReady(
+			imv1.ConditionTypeAuditLogConfigured,
+			imv1.ConditionReasonAuditLogConfigured,
+			"Audit Log state completed successfully",
+		)
+
+		return updateStatusAndStop()
+	}
 
-	if err != nil { //nolint:nestif
-		if k8serrors.IsConflict(err) {
-			m.log.Error(err, "Conflict while updating Shoot object after applying Audit Log configuration, retrying")
+	return handleError(err, m, s)
+}
+
+func handleError(err error, m *fsm, s *systemState) (stateFn, *ctrl.Result, error) {
+	setStateForAuditLogError := func(reason imv1.RuntimeConditionReason, pendingMsg string, readyMsg string) {
+		if m.RCCfg.AuditLogMandatory {
 			s.instance.UpdateStatePending(
 				imv1.ConditionTypeAuditLogConfigured,
-				imv1.ConditionReasonAuditLogError,
-				"True",
-				err.Error(),
+				reason,
+				"False",
+				pendingMsg,
 			)
-			return updateStatusAndRequeue()
+		} else {
+			s.instance.UpdateStateReady(
+				imv1.ConditionTypeAuditLogConfigured,
+				reason,
+				readyMsg)
 		}
-		errorMessage := err.Error()
-		if errors.Is(err, auditlogging.ErrMissingMapping) {
-			if m.RCCfg.AuditLogMandatory {
-				m.log.Error(err, "AuditLogMandatory", auditLogMandatoryString, "providerType", s.shoot.Spec.Provider.Type, "region", s.shoot.Spec.Region)
-				s.instance.UpdateStatePending(
-					imv1.ConditionTypeAuditLogConfigured,
-					imv1.ConditionReasonAuditLogMissingRegionMapping,
-					"False",
-					errorMessage,
-				)
-			} else {
-				m.log.Info(errorMessage, "AuditLogMandatory", auditLogMandatoryString, "providerType", s.shoot.Spec.Provider.Type, "region", s.shoot.Spec.Region)
-				s.instance.UpdateStateReady(
-					imv1.ConditionTypeAuditLogConfigured,
-					imv1.ConditionReasonAuditLogMissingRegionMapping,
-					"Missing region mapping for this shoot. Audit Log is not mandatory. Skipping configuration")
-			}
+	}
+
+	logError := func(err error, keysAndValues ...any) {
+		if m.RCCfg.AuditLogMandatory {
+			m.log.Error(nil, err.Error(), keysAndValues...)
 		} else {
-			if m.RCCfg.AuditLogMandatory {
-				m.log.Error(err, "AuditLogMandatory", auditLogMandatoryString)
-				s.instance.UpdateStatePending(
-					imv1.ConditionTypeAuditLogConfigured,
-					imv1.ConditionReasonAuditLogError,
-					"False",
-					errorMessage)
-			} else {
-				m.log.Info(errorMessage, "AuditLogMandatory", auditLogMandatoryString)
-				s.instance.UpdateStateReady(
-					imv1.ConditionTypeAuditLogConfigured,
-					imv1.ConditionReasonAuditLogError,
-					"Configuration of Audit Log is not mandatory, error for context: "+errorMessage)
-			}
+			m.log.Info(err.Error(), keysAndValues...)
 		}
-	} else {
-		s.instance.UpdateStateReady(
+	}
+
+	if k8serrors.IsConflict(err) {
+		m.log.Error(err, "Conflict while updating Shoot object after applying Audit Log configuration, retrying")
+		s.instance.UpdateStatePending(
 			imv1.ConditionTypeAuditLogConfigured,
-			imv1.ConditionReasonAuditLogConfigured,
-			"Audit Log state completed successfully",
+			imv1.ConditionReasonAuditLogError,
+			"True",
+			err.Error(),
 		)
+
+		return updateStatusAndRequeue()
+	}
+
+	auditLogMandatoryString := strconv.FormatBool(m.RCCfg.AuditLogMandatory)
+
+	if errors.Is(err, auditlogging.ErrMissingMapping) {
+		pendingStatusMsg := err.Error()
+		readyStatusMsg := "Missing region mapping for this shoot. Audit Log is not mandatory. Skipping configuration"
+		setStateForAuditLogError(imv1.ConditionReasonAuditLogMissingRegionMapping, pendingStatusMsg, readyStatusMsg)
+
+		logError(err, "AuditLogMandatory", auditLogMandatoryString, "providerType", s.shoot.Spec.Provider.Type, "region", s.shoot.Spec.Region)
+
+		return updateStatusAndStop()
 	}
 
+	pendingStatusMsg := err.Error()
+	readyStatusMsg := "Configuration of Audit Log is not mandatory, error for context: " + err.Error()
+	setStateForAuditLogError(imv1.ConditionReasonAuditLogError, pendingStatusMsg, readyStatusMsg)
+
+	logError(err, "AuditLogMandatory", auditLogMandatoryString)
+
 	return updateStatusAndStop()
 }

internal/controller/runtime/fsm/runtime_fsm_create_shoot_dry_run.go

@@ -2,7 +2,6 @@ package fsm
 
 import (
 	"context"
-	"fmt"
 
 	imv1 "github.com/kyma-project/infrastructure-manager/api/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -16,7 +15,7 @@ func sFnCreateShootDryRun(_ context.Context, m *fsm, s *systemState) (stateFn, *
 		m.log.Error(err, "Failed to convert Runtime instance to shoot object [dry-run]")
 		return updateStatePendingWithErrorAndStop(
 			&s.instance,
-			imv1.ConditionTypeRuntimeProvisioned,
+			imv1.ConditionTypeRuntimeProvisionedDryRun,
 			imv1.ConditionReasonConversionError,
 			"Runtime conversion error")
 	}
@@ -28,13 +27,9 @@ func sFnCreateShootDryRun(_ context.Context, m *fsm, s *systemState) (stateFn, *
 		"Runtime processing completed successfully [dry-run]")
 
 	// stop machine if persistence not enabled
-	if m.PVCPath == "" {
-		return updateStatusAndStop()
+	if m.PVCPath != "" {
+		return switchState(sFnDumpShootSpec)
 	}
 
-	path := fmt.Sprintf("%s/%s-%s.yaml", m.PVCPath, s.shoot.Namespace, s.shoot.Name)
-	if err := persist(path, s.shoot, m.writerProvider); err != nil {
-		return updateStatusAndStopWithError(err)
-	}
 	return updateStatusAndStop()
 }

internal/controller/runtime/fsm/runtime_fsm_initialise.go

@@ -16,28 +16,47 @@ func sFnInitialize(ctx context.Context, m *fsm, s *systemState) (stateFn, *ctrl.
 	instanceIsNotBeingDeleted := s.instance.GetDeletionTimestamp().IsZero()
 	instanceHasFinalizer := controllerutil.ContainsFinalizer(&s.instance, m.Finalizer)
 	provisioningCondition := meta.FindStatusCondition(s.instance.Status.Conditions, string(imv1.ConditionTypeRuntimeProvisioned))
+	dryRunProvisioningCondition := meta.FindStatusCondition(s.instance.Status.Conditions, string(imv1.ConditionTypeRuntimeProvisionedDryRun))
 	dryRunMode := s.instance.IsControlledByProvisioner()
 
 	if instanceIsNotBeingDeleted && !instanceHasFinalizer {
 		return addFinalizerAndRequeue(ctx, m, s)
 	}
 
-	if instanceIsNotBeingDeleted && s.shoot == nil && provisioningCondition == nil {
+	if instanceIsNotBeingDeleted && s.shoot == nil && provisioningCondition == nil && dryRunProvisioningCondition == nil {
 		m.log.Info("Update Runtime state to Pending - initialised")
+
+		getConditionType := func() imv1.RuntimeConditionType {
+			if dryRunMode {
+				return imv1.ConditionTypeRuntimeProvisionedDryRun
+			}
+			return imv1.ConditionTypeRuntimeProvisioned
+		}
+
 		s.instance.UpdateStatePending(
-			imv1.ConditionTypeRuntimeProvisioned,
+			getConditionType(),
 			imv1.ConditionReasonInitialized,
 			"Unknown",
 			"Runtime initialized",
 		)
 		return updateStatusAndRequeue()
 	}
 
-	if instanceIsNotBeingDeleted && s.shoot == nil {
-		m.log.Info("Gardener shoot does not exist, creating new one")
+	shootNeedsToBeCreated := func() bool {
+		if dryRunMode {
+			return instanceIsNotBeingDeleted && dryRunProvisioningCondition != nil &&
+				dryRunProvisioningCondition.Status != "True"
+		}
+
+		return instanceIsNotBeingDeleted && s.shoot == nil
+	}
+
+	if shootNeedsToBeCreated() {
 		if !dryRunMode {
 			return switchState(sFnCreateShoot)
 		}
+
+		m.log.Info("Gardener shoot does not exist, creating new one")
 		return switchState(sFnCreateShootDryRun)
 	}
 
@@ -55,7 +74,7 @@ func sFnInitialize(ctx context.Context, m *fsm, s *systemState) (stateFn, *ctrl.
 		return removeFinalizerAndStop(ctx, m, s) // resource cleanup completed
 	}
 
-	m.log.Info("noting to reconcile, stopping sfm")
+	m.log.Info("noting to reconcile, stopping fsm")
 	return stop()
 }