fix: handles ns with recently removed annotation

maistra · Dec 6, 2023 · df13e8d · df13e8d
1 parent a33d84b
commit df13e8d
Show file tree

Hide file tree

Showing 4 changed files with 112 additions and 36 deletions.
diff --git a/controllers/predicates.go b/controllers/predicates.go
@@ -0,0 +1,45 @@
+package controllers
+
+import (
+	"regexp"
+
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
+)
+
+func MeshAwareNamespaces() predicate.Funcs {
+	filter := func(object client.Object) bool {
+		return !IsReservedNamespace(object.GetName()) && object.GetAnnotations()[AnnotationServiceMesh] != ""
+	}
+
+	return predicate.Funcs{
+		CreateFunc: func(createEvent event.CreateEvent) bool {
+			return filter(createEvent.Object)
+		},
+		UpdateFunc: func(updateEvent event.UpdateEvent) bool {
+			if annotationRemoved(updateEvent, AnnotationServiceMesh) {
+				// annotation has been just removed, handle it in reconcile
+				return true
+			}
+
+			return filter(updateEvent.ObjectNew)
+		},
+		DeleteFunc: func(deleteEvent event.DeleteEvent) bool {
+			return filter(deleteEvent.Object)
+		},
+		GenericFunc: func(genericEvent event.GenericEvent) bool {
+			return filter(genericEvent.Object)
+		},
+	}
+}
+
+func annotationRemoved(e event.UpdateEvent, annotation string) bool {
+	return e.ObjectOld.GetAnnotations()[annotation] != "" && e.ObjectNew.GetAnnotations()[annotation] == ""
+}
+
+var reservedNamespaceRegex = regexp.MustCompile(`^(openshift|istio-system)$|^(kube|openshift)-.*$`)
+
+func IsReservedNamespace(namepace string) bool {
+	return reservedNamespaceRegex.MatchString(namepace)
+}
diff --git a/controllers/predicates_unit_test.go b/controllers/predicates_unit_test.go
@@ -0,0 +1,64 @@
+package controllers_test
+
+import (
+	"github.com/opendatahub-io/odh-project-controller/controllers"
+	"github.com/opendatahub-io/odh-project-controller/test/labels"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/event"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Controller predicates functions", Label(labels.Unit), func() {
+
+	When("Checking namespace", func() {
+
+		It("should trigger update event when annotation has been removed", func() {
+			// given
+			meshAwareNamespaces := controllers.MeshAwareNamespaces()
+
+			// when
+			namespace := corev1.Namespace{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "ns-with-annotation-removed",
+				},
+			}
+			namespaceWithAnnotation := corev1.Namespace{}
+			namespace.DeepCopyInto(&namespaceWithAnnotation)
+			namespaceWithAnnotation.SetAnnotations(map[string]string{
+				controllers.AnnotationServiceMesh: "true",
+			})
+
+			annotationRemovedEvent := event.UpdateEvent{
+				ObjectOld: &namespaceWithAnnotation,
+				ObjectNew: &namespace,
+			}
+
+			// then
+			Expect(meshAwareNamespaces.UpdateFunc(annotationRemovedEvent)).To(BeTrue())
+		})
+
+		DescribeTable("it should not process reserved namespaces",
+			func(ns string, expected bool) {
+				Expect(controllers.IsReservedNamespace(ns)).To(Equal(expected))
+			},
+			Entry("kube-system is reserved namespace", "kube-system", true),
+			Entry("openshift-build is reserved namespace", "openshift-build", true),
+			Entry("kube-public is reserved namespace", "kube-public", true),
+			Entry("openshift-infra is reserved namespace", "openshift-infra", true),
+			Entry("kube-node-lease is reserved namespace", "kube-node-lease", true),
+			Entry("openshift is reserved namespace", "openshift", true),
+			Entry("istio-system is reserved namespace", "istio-system", true),
+			Entry("openshift-authentication is reserved namespace", "openshift-authentication", true),
+			Entry("openshift-apiserver is reserved namespace", "openshift-apiserver", true),
+			Entry("mynamespace is not reserved namespace", "mynamespace", false),
+			Entry("openshiftmynamespace is not reserved namespace", "openshiftmynamespace", false),
+			Entry("kubemynamespace is not reserved namespace", "kubemynamespace", false),
+			Entry("istio-system-openshift is not reserved namespace", "istio-system-openshift ", false),
+		)
+
+	})
+
+})
diff --git a/controllers/project_mesh_controller.go b/controllers/project_mesh_controller.go
@@ -2,7 +2,6 @@ package controllers
 
 import (
 	"context"
-	"regexp"
 
 	"github.com/go-logr/logr"
 	"github.com/pkg/errors"
@@ -14,7 +13,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/predicate"
 )
 
 // OpenshiftServiceMeshReconciler holds the controller configuration.
@@ -51,6 +49,8 @@ func (r *OpenshiftServiceMeshReconciler) Reconcile(ctx context.Context, req ctrl
 	}
 
 	if serviceMeshIsNotEnabled(namespace.ObjectMeta) {
+		//nolint:godox //reason https://github.com/maistra/odh-project-controller/issues/65
+		// TODO handle clean-up here
 		return ctrl.Result{}, nil
 	}
 
@@ -65,17 +65,7 @@ func (r *OpenshiftServiceMeshReconciler) Reconcile(ctx context.Context, req ctrl
 func (r *OpenshiftServiceMeshReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	//nolint:wrapcheck //reason there is no point in wrapping it
 	return ctrl.NewControllerManagedBy(mgr).
-		For(&v1.Namespace{}, builder.WithPredicates(predicate.NewPredicateFuncs(meshAwareNamespaces))).
+		For(&v1.Namespace{}, builder.WithPredicates(MeshAwareNamespaces())).
 		Owns(&maistrav1.ServiceMeshMember{}).
 		Complete(r)
 }
-
-func meshAwareNamespaces(object client.Object) bool {
-	return !IsReservedNamespace(object.GetName()) && object.GetAnnotations()[AnnotationServiceMesh] != ""
-}
-
-var reservedNamespaceRegex = regexp.MustCompile(`^(openshift|istio-system)$|^(kube|openshift)-.*$`)
-
-func IsReservedNamespace(namepace string) bool {
-	return reservedNamespaceRegex.MatchString(namepace)
-}
diff --git a/controllers/unit_test.go b/controllers/unit_test.go
@@ -26,27 +26,4 @@ var _ = Describe("Controller helper functions", Label(labels.Unit), func() {
 
 	})
 
-	When("Checking namespace", func() {
-
-		DescribeTable("it should not process reserved namespaces",
-			func(ns string, expected bool) {
-				Expect(controllers.IsReservedNamespace(ns)).To(Equal(expected))
-			},
-			Entry("kube-system is reserved namespace", "kube-system", true),
-			Entry("openshift-build is reserved namespace", "openshift-build", true),
-			Entry("kube-public is reserved namespace", "kube-public", true),
-			Entry("openshift-infra is reserved namespace", "openshift-infra", true),
-			Entry("kube-node-lease is reserved namespace", "kube-node-lease", true),
-			Entry("openshift is reserved namespace", "openshift", true),
-			Entry("istio-system is reserved namespace", "istio-system", true),
-			Entry("openshift-authentication is reserved namespace", "openshift-authentication", true),
-			Entry("openshift-apiserver is reserved namespace", "openshift-apiserver", true),
-			Entry("mynamespace is not reserved namespace", "mynamespace", false),
-			Entry("openshiftmynamespace is not reserved namespace", "openshiftmynamespace", false),
-			Entry("kubemynamespace is not reserved namespace", "kubemynamespace", false),
-			Entry("istio-system-openshift is not reserved namespace", "istio-system-openshift ", false),
-		)
-
-	})
-
 })