Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Audit Log FSM state #344

Merged
merged 31 commits into from
Sep 2, 2024
Merged

Create Audit Log FSM state #344

merged 31 commits into from
Sep 2, 2024

Conversation

mvshao
Copy link
Contributor

@mvshao mvshao commented Aug 14, 2024
edited
Loading

Description

Changes proposed in this pull request:

  • a new state in state machine that is responsible for configuring Audit Logs on Shoot

Related issue(s)
#286

@kyma-bot kyma-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 14, 2024
@kyma-bot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@kyma-bot kyma-bot added cla: yes Indicates the PR's author has signed the CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 14, 2024
@mvshao mvshao mentioned this pull request Aug 14, 2024
Closed
@mvshao mvshao marked this pull request as ready for review August 19, 2024 07:55
@mvshao mvshao requested a review from a team as a code owner August 19, 2024 07:55
@kyma-bot kyma-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 23, 2024
akgalwas
akgalwas reviewed Aug 23, 2024
View reviewed changes
internal/controller/runtime/fsm/runtime_fsm_configure_auditlog.go Outdated
m.log.Info("Configure Audit Log state")

wasAuditLogEnabled, err := m.AuditLogging.Enable(ctx, s.shoot)
if err != nil && !wasAuditLogEnabled {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can replace if err != nil && !wasAuditLogEnabled with if err != nil .

@kyma-bot kyma-bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Aug 28, 2024
Disper
Disper reviewed Aug 30, 2024
View reviewed changes
internal/auditlogging/auditlogging.go Outdated Show resolved Hide resolved
internal/auditlogging/auditlogging.go Show resolved Hide resolved
api/v1/runtime_types.go
@@ -94,6 +94,9 @@ const (
ConditionReasonKubernetesAPIErr = RuntimeConditionReason("KubernetesErr")
ConditionReasonSerializationError = RuntimeConditionReason("SerializationErr")
ConditionReasonDeleted = RuntimeConditionReason("Deleted")

ConditionReasonAdministratorsConfigured = RuntimeConditionReason("AdministratorsConfigured")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't find the usage of it - was this addition intentional?

internal/auditlogging/auditlogging.go
return
}

if cfg.Kind == extensionKind &&
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about extracting this check to some separate method like
isExtensionModified to make this method shorter and possibly make the unit testing easier?

internal/controller/runtime/fsm/runtime_fsm_configure_auditlog.go Outdated
if wasAuditLogEnabled {
m.log.Info("Audit Log configured for shoot: " + s.shoot.Name)
s.instance.UpdateStateReady(
imv1.ConditionTypeRuntimeConfigured,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking if adding an additional ConditionType similar to ConditionTypeRuntimeKubeconfigReady wouldn't be beneficial. If there will be an issue with the cluster we could then quickly see if this might be connected to audit logs.

internal/controller/runtime/test_client_obj_tracker.go Outdated
}

func (t *CustomTracker) Delete(gvr schema.GroupVersionResource, ns, name string) error {
t.mu.Lock()
defer t.mu.Unlock()

if gvr.Resource == "shoots" {
if gvr.Resource == "shoots" { //nolint:goconst
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any downside of using a const here?

internal/controller/runtime/test_client_obj_tracker.go Outdated
t.mu.Lock()
defer t.mu.Unlock()

if gvr.Resource == "shoots" { //nolint:goconst
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any downside of using a const here?

internal/controller/runtime/test_client_obj_tracker.go Outdated
if t.callCnt < len(t.shootSequence) {
shoot := t.shootSequence[t.callCnt]
t.callCnt++
if gvr.Resource == "shoots" { //nolint:goconst
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any downside of using a const here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will change this to const

internal/controller/runtime/test_client_obj_tracker.go
func (t *CustomTracker) IsSequenceFullyUsed() bool {
return t.callCnt == len(t.shootSequence) && len(t.shootSequence) > 0
return (t.shootCallCnt == len(t.shootSequence) && len(t.shootSequence) > 0) && t.seedCallCnt == len(t.seedSequence)
}

func (t *CustomTracker) Get(gvr schema.GroupVersionResource, ns, name string) (runtime.Object, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you considered writing unit tests for this Get and getNextObject methods?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for hint, I will add those unit test

@mvshao mvshao changed the title [WiP] Create Audit Log FSM state Create Audit Log FSM state Sep 2, 2024
@kyma-bot kyma-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 2, 2024
@kyma-bot kyma-bot added the lgtm Looks good to me! label Sep 2, 2024
@mvshao
Copy link
Contributor Author

mvshao commented Sep 2, 2024

/cla-recheck

@kyma-bot kyma-bot merged commit 2cdd73a into kyma-project:main Sep 2, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akgalwas akgalwas akgalwas left review comments

@Disper Disper Disper approved these changes

Assignees

@Disper Disper

Labels
cla: yes Indicates the PR's author has signed the CLA. lgtm Looks good to me! size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mvshao @kyma-bot @Disper @akgalwas