Merge branch 'main' into feature/align-fields-with-provisioner

kyma-project · Sep 16, 2024 · b196889 · b196889
2 parents 2d3b77a + e67a6d3
commit b196889
Show file tree

Hide file tree

Showing 6 changed files with 87 additions and 12 deletions.
diff --git a/hack/runtime-migrator/main.go b/hack/runtime-migrator/main.go
@@ -206,15 +206,14 @@ func createRuntime(ctx context.Context, shoot v1beta1.Shoot, cfg migrator.Config
 				},
 				Provider: v1.Provider{
 					Type:    shoot.Spec.Provider.Type,
-					Workers: shoot.Spec.Provider.Workers,
+					Workers: adjustWorkersConfig(shoot.Spec.Provider.Workers),
 				},
 				Networking: v1.Networking{
 					Type:     shoot.Spec.Networking.Type,
 					Pods:     *shoot.Spec.Networking.Pods,
 					Nodes:    *shoot.Spec.Networking.Nodes,
 					Services: *shoot.Spec.Networking.Services,
 				},
-				ControlPlane: getControlPlane(shoot),
 			},
 			Security: v1.Security{
 				Administrators: subjects,
@@ -235,9 +234,28 @@ func createRuntime(ctx context.Context, shoot v1beta1.Shoot, cfg migrator.Config
 			Conditions: nil, // deliberately left nil by our migrator to show that controller has not picked it yet
 		},
 	}
+
+	controlPlane := getControlPlane(shoot)
+	if controlPlane != nil {
+		runtime.Spec.Shoot.ControlPlane = controlPlane
+	}
+
 	return runtime, nil
 }
 
+// The goal of this function is to make the migrator output equal to the shoot created by the converter
+// As a result we can automatically verify the correctness of the migrator output
+func adjustWorkersConfig(workers []v1beta1.Worker) []v1beta1.Worker {
+	// We need to set the following fields to nil, as they are not set by the KIM converter
+	for i := 0; i < len(workers); i++ {
+		workers[i].Machine.Architecture = nil
+		workers[i].SystemComponents = nil
+		workers[i].CRI = nil
+	}
+
+	return workers
+}
+
 func getOidcConfig(shoot v1beta1.Shoot) v1beta1.OIDCConfig {
 	var oidcConfig = v1beta1.OIDCConfig{
 		CABundle:             nil, // deliberately left empty

diff --git a/internal/auditlogging/auditlogging.go b/internal/auditlogging/auditlogging.go
@@ -147,9 +147,14 @@ func ApplyAuditLogConfig(shoot *gardener.Shoot, auditConfigFromFile map[string]m
 	}
 
 	changedExt, err := configureExtension(shoot, tenant)
+
+	if err != nil {
+		return false, err
+	}
+
 	changedSec := configureSecret(shoot, tenant)
 
-	return changedExt || changedSec, err
+	return changedExt || changedSec, nil
 }
 
 func configureExtension(shoot *gardener.Shoot, config AuditLogData) (changed bool, err error) {

diff --git a/internal/controller/runtime/fsm/runtime_fsm_configure_auditlog.go b/internal/controller/runtime/fsm/runtime_fsm_configure_auditlog.go
@@ -2,10 +2,12 @@ package fsm
 
 import (
 	"context"
+	"strconv"
 
 	imv1 "github.com/kyma-project/infrastructure-manager/api/v1"
 	"github.com/kyma-project/infrastructure-manager/internal/auditlogging"
 	"github.com/pkg/errors"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	ctrl "sigs.k8s.io/controller-runtime"
 )
 
@@ -14,7 +16,7 @@ func sFnConfigureAuditLog(ctx context.Context, m *fsm, s *systemState) (stateFn,
 
 	wasAuditLogEnabled, err := m.AuditLogging.Enable(ctx, s.shoot)
 
-	if wasAuditLogEnabled {
+	if wasAuditLogEnabled && err == nil {
 		m.log.Info("Audit Log configured for shoot: " + s.shoot.Name)
 		s.instance.UpdateStatePending(
 			imv1.ConditionTypeAuditLogConfigured,
@@ -26,34 +28,46 @@ func sFnConfigureAuditLog(ctx context.Context, m *fsm, s *systemState) (stateFn,
 		return updateStatusAndRequeueAfter(gardenerRequeueDuration)
 	}
 
+	auditLogMandatoryString := strconv.FormatBool(m.RCCfg.AuditLogMandatory)
+
 	if err != nil { //nolint:nestif
+		if k8serrors.IsConflict(err) {
+			m.log.Error(err, "Conflict while updating Shoot object after applying Audit Log configuration, retrying")
+			s.instance.UpdateStatePending(
+				imv1.ConditionTypeAuditLogConfigured,
+				imv1.ConditionReasonAuditLogError,
+				"True",
+				err.Error(),
+			)
+			return updateStatusAndRequeue()
+		}
 		errorMessage := err.Error()
 		if errors.Is(err, auditlogging.ErrMissingMapping) {
 			if m.RCCfg.AuditLogMandatory {
-				m.log.Error(err, "Failed to configure Audit Log, missing region mapping for this shoot", "AuditLogMandatory", m.RCCfg.AuditLogMandatory, "providerType", s.shoot.Spec.Provider.Type, "region", s.shoot.Spec.Region)
+				m.log.Error(err, "AuditLogMandatory", auditLogMandatoryString, "providerType", s.shoot.Spec.Provider.Type, "region", s.shoot.Spec.Region)
 				s.instance.UpdateStatePending(
 					imv1.ConditionTypeAuditLogConfigured,
 					imv1.ConditionReasonAuditLogMissingRegionMapping,
 					"False",
 					errorMessage,
 				)
 			} else {
-				m.log.Info(errorMessage, "Audit Log was not configured, missing region mapping for this shoot.", "AuditLogMandatory", m.RCCfg.AuditLogMandatory, "providerType", s.shoot.Spec.Provider.Type, "region", s.shoot.Spec.Region)
+				m.log.Info(errorMessage, "AuditLogMandatory", auditLogMandatoryString, "providerType", s.shoot.Spec.Provider.Type, "region", s.shoot.Spec.Region)
 				s.instance.UpdateStateReady(
 					imv1.ConditionTypeAuditLogConfigured,
 					imv1.ConditionReasonAuditLogMissingRegionMapping,
 					"Missing region mapping for this shoot. Audit Log is not mandatory. Skipping configuration")
 			}
 		} else {
 			if m.RCCfg.AuditLogMandatory {
-				m.log.Error(err, "Failed to configure Audit Log", "AuditLogMandatory", m.RCCfg.AuditLogMandatory)
+				m.log.Error(err, "AuditLogMandatory", auditLogMandatoryString)
 				s.instance.UpdateStatePending(
 					imv1.ConditionTypeAuditLogConfigured,
 					imv1.ConditionReasonAuditLogError,
 					"False",
 					errorMessage)
 			} else {
-				m.log.Info(errorMessage, "AuditLogMandatory", m.RCCfg.AuditLogMandatory)
+				m.log.Info(errorMessage, "AuditLogMandatory", auditLogMandatoryString)
 				s.instance.UpdateStateReady(
 					imv1.ConditionTypeAuditLogConfigured,
 					imv1.ConditionReasonAuditLogError,

diff --git a/internal/controller/runtime/fsm/runtime_fsm_configure_auditlog_test.go b/internal/controller/runtime/fsm/runtime_fsm_configure_auditlog_test.go
@@ -2,15 +2,16 @@ package fsm
 
 import (
 	"context"
-	"github.com/kyma-project/infrastructure-manager/internal/auditlogging"
 	"testing"
 
 	gardener "github.com/gardener/gardener/pkg/apis/core/v1beta1"
 	v1 "github.com/kyma-project/infrastructure-manager/api/v1"
+	"github.com/kyma-project/infrastructure-manager/internal/auditlogging"
 	"github.com/kyma-project/infrastructure-manager/internal/auditlogging/mocks"
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -236,6 +237,43 @@ func TestAuditLogState(t *testing.T) {
 		assert.Equal(t, v1.RuntimeStateReady, string(systemState.instance.Status.State))
 		assert.Equal(t, expectedRuntimeConditions, systemState.instance.Status.Conditions)
 	})
+
+	t.Run("Should requeue in case of Kubernetes object conflict error during update of Shoot object and set status on Runtime CR", func(t *testing.T) {
+		// given
+		ctx := context.Background()
+		auditLog := &mocks.AuditLogging{}
+		shoot := shootForTest()
+		instance := runtimeForTest()
+		systemState := &systemState{
+			instance: instance,
+			shoot:    shoot,
+		}
+		expectedRuntimeConditions := []metav1.Condition{
+			{
+				Type:    string(v1.ConditionTypeAuditLogConfigured),
+				Status:  "True",
+				Reason:  string(v1.ConditionReasonAuditLogError),
+				Message: k8serrors.NewConflict(gardener.Resource("shoots"), shoot.Name, errors.New("k8s conflict on update error")).Error(),
+			},
+		}
+
+		fsm := &fsm{AuditLogging: auditLog}
+		fsm.RCCfg.AuditLogMandatory = true
+
+		auditLog.On("Enable", ctx, shoot).Return(false, k8serrors.NewConflict(gardener.Resource("shoots"), shoot.Name, errors.New("k8s conflict on update error"))).Once()
+
+		// when
+		stateFn, _, _ := sFnConfigureAuditLog(ctx, fsm, systemState)
+
+		// set the time to its zero value for comparison purposes
+		systemState.instance.Status.Conditions[0].LastTransitionTime = metav1.Time{}
+
+		// then
+		auditLog.AssertExpectations(t)
+		require.Contains(t, stateFn.name(), "sFnUpdateStatus")
+		assert.Equal(t, v1.RuntimeStatePending, string(systemState.instance.Status.State))
+		assert.Equal(t, expectedRuntimeConditions, systemState.instance.Status.Conditions)
+	})
 }
 
 func shootForTest() *gardener.Shoot {

diff --git a/internal/controller/runtime/fsm/runtime_fsm_waiting_for_shoot_reconcile.go b/internal/controller/runtime/fsm/runtime_fsm_waiting_for_shoot_reconcile.go
@@ -47,9 +47,9 @@ func sFnWaitForShootReconcile(_ context.Context, m *fsm, s *systemState) (stateF
 		return ensureStatusConditionIsSetAndContinue(
 			&s.instance,
 			imv1.ConditionTypeRuntimeProvisioned,
-			imv1.ConditionReasonAuditLogConfigured,
+			imv1.ConditionReasonConfigurationCompleted,
 			"Runtime processing completed successfully",
-			sFnConfigureAuditLog)
+			sFnApplyClusterRoleBindings)
 	}
 
 	m.log.Info("Update did not processed, exiting with no retry")

diff --git a/internal/controller/runtime/runtime_controller_test.go b/internal/controller/runtime/runtime_controller_test.go
@@ -157,7 +157,7 @@ var _ = Describe("Runtime Controller", func() {
 					return false
 				}
 
-				if !runtime.IsConditionSet(imv1.ConditionTypeRuntimeProvisioned, imv1.ConditionReasonAuditLogConfigured) {
+				if !runtime.IsConditionSet(imv1.ConditionTypeRuntimeProvisioned, imv1.ConditionReasonConfigurationCompleted) {
 					return false
 				}