diff --git a/main.go b/main.go index 238ae49dc2c..9bc7f04ff26 100644 --- a/main.go +++ b/main.go @@ -410,7 +410,6 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, sw *watch.Controlle cfArgs = append(cfArgs, constraintclient.Driver(k8sDriver)) } - // initialize OPA driver, err := rego.New(args...) if err != nil { setupLog.Error(err, "unable to set up Driver") @@ -478,7 +477,7 @@ func setupControllers(ctx context.Context, mgr ctrl.Manager, sw *watch.Controlle } opts := controller.Dependencies{ - Opa: client, + CFClient: client, WatchManger: wm, SyncEventsCh: events, CacheMgr: cm, diff --git a/pkg/controller/config/config_controller.go b/pkg/controller/config/config_controller.go index 4d3788d3222..59c2d9db3a4 100644 --- a/pkg/controller/config/config_controller.go +++ b/pkg/controller/config/config_controller.go @@ -19,15 +19,11 @@ import ( "context" "fmt" - constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client" - "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" configv1alpha1 "github.com/open-policy-agent/gatekeeper/v3/apis/config/v1alpha1" cm "github.com/open-policy-agent/gatekeeper/v3/pkg/cachemanager" "github.com/open-policy-agent/gatekeeper/v3/pkg/cachemanager/aggregator" "github.com/open-policy-agent/gatekeeper/v3/pkg/controller/config/process" - "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/keys" - "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/readiness" "github.com/open-policy-agent/gatekeeper/v3/pkg/watch" "k8s.io/apimachinery/pkg/api/errors" @@ -66,10 +62,6 @@ func (a *Adder) Add(mgr manager.Manager) error { return add(mgr, r) } -func (a *Adder) InjectOpa(_ *constraintclient.Client) {} - -func (a *Adder) InjectWatchManager(_ *watch.Manager) {} - func (a *Adder) InjectControllerSwitch(cs *watch.ControllerSwitch) { a.ControllerSwitch = cs } @@ -78,12 +70,6 @@ func (a *Adder) InjectTracker(t *readiness.Tracker) { a.Tracker = t } -func (a *Adder) InjectMutationSystem(mutationSystem *mutation.System) {} - -func (a *Adder) InjectExpansionSystem(expansionSystem *expansion.System) {} - -func (a *Adder) InjectProviderCache(providerCache *externaldata.ProviderCache) {} - func (a *Adder) InjectCacheManager(cm *cm.CacheManager) { a.CacheManager = cm } diff --git a/pkg/controller/config/config_controller_test.go b/pkg/controller/config/config_controller_test.go index 7e85c13f8ae..ce6538ac2dc 100644 --- a/pkg/controller/config/config_controller_test.go +++ b/pkg/controller/config/config_controller_test.go @@ -121,7 +121,7 @@ func TestReconcile(t *testing.T) { mgr, wm := setupManager(t) c := testclient.NewRetryClient(mgr.GetClient()) - opaClient := &fakes.FakeCfClient{} + dataClient := &fakes.FakeCfClient{} cs := watch.NewSwitch() tracker, err := readiness.SetupTracker(mgr, false, false, false) @@ -137,7 +137,7 @@ func TestReconcile(t *testing.T) { events) require.NoError(t, err) cacheManager, err := cachemanager.NewCacheManager(&cachemanager.Config{ - CfClient: opaClient, + CfClient: dataClient, SyncMetricsCache: syncMetricsCache, Tracker: tracker, ProcessExcluder: processExcluder, @@ -282,7 +282,7 @@ func TestReconcile(t *testing.T) { require.NoError(t, cacheManager.AddObject(ctx, fooPod)) // fooPod should be namespace excluded, hence not added to the cache - require.False(t, opaClient.Contains(map[fakes.CfDataKey]interface{}{{Gvk: fooPod.GroupVersionKind(), Key: "default"}: struct{}{}})) + require.False(t, dataClient.Contains(map[fakes.CfDataKey]interface{}{{Gvk: fooPod.GroupVersionKind(), Key: "default"}: struct{}{}})) cs.Stop() } @@ -401,20 +401,20 @@ func TestConfig_DeleteSyncResources(t *testing.T) { }, timeout).Should(gomega.BeTrue()) } -func setupController(ctx context.Context, mgr manager.Manager, wm *watch.Manager, tracker *readiness.Tracker, events chan event.GenericEvent, reader client.Reader, useFakeOpa bool) (cachemanager.CFDataClient, error) { - // initialize OPA - var opaClient cachemanager.CFDataClient - if useFakeOpa { - opaClient = &fakes.FakeCfClient{} +func setupController(ctx context.Context, mgr manager.Manager, wm *watch.Manager, tracker *readiness.Tracker, events chan event.GenericEvent, reader client.Reader, useFakeClient bool) (cachemanager.CFDataClient, error) { + // initialize constraint framework data client + var client cachemanager.CFDataClient + if useFakeClient { + client = &fakes.FakeCfClient{} } else { driver, err := rego.New(rego.Tracing(true)) if err != nil { return nil, fmt.Errorf("unable to set up Driver: %w", err) } - opaClient, err = constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) + client, err = constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) if err != nil { - return nil, fmt.Errorf("unable to set up OPA backend client: %w", err) + return nil, fmt.Errorf("unable to set up constraint framework data client: %w", err) } } @@ -430,7 +430,7 @@ func setupController(ctx context.Context, mgr manager.Manager, wm *watch.Manager return nil, fmt.Errorf("cannot create registrar: %w", err) } cacheManager, err := cachemanager.NewCacheManager(&cachemanager.Config{ - CfClient: opaClient, + CfClient: client, SyncMetricsCache: syncMetricsCache, Tracker: tracker, ProcessExcluder: processExcluder, @@ -461,10 +461,10 @@ func setupController(ctx context.Context, mgr manager.Manager, wm *watch.Manager if err != nil { return nil, fmt.Errorf("registering sync controller: %w", err) } - return opaClient, nil + return client, nil } -// Verify the Opa cache is populated based on the config resource. +// Verify the constraint framework cache is populated based on the config resource. func TestConfig_CacheContents(t *testing.T) { ctx, cancelFunc := context.WithCancel(context.Background()) defer cancelFunc() @@ -506,10 +506,10 @@ func TestConfig_CacheContents(t *testing.T) { require.NoError(t, err) events := make(chan event.GenericEvent, 1024) - opa, err := setupController(ctx, mgr, wm, tracker, events, c, true) + dataClient, err := setupController(ctx, mgr, wm, tracker, events, c, true) require.NoError(t, err, "failed to set up controller") - opaClient, ok := opa.(*fakes.FakeCfClient) + fakeClient, ok := dataClient.(*fakes.FakeCfClient) require.True(t, ok) testutils.StartManager(ctx, t, mgr) @@ -521,12 +521,12 @@ func TestConfig_CacheContents(t *testing.T) { expected := map[fakes.CfDataKey]interface{}{ {Gvk: nsGVK, Key: "default"}: nil, cmKey: nil, - // kube-system namespace is being excluded, it should not be in opa cache + // kube-system namespace is being excluded, it should not be in the cache } g.Eventually(func() bool { - return opaClient.Contains(expected) - }, 10*time.Second).Should(gomega.BeTrue(), "checking initial opa cache contents") - require.True(t, opaClient.HasGVK(nsGVK), "want opaClient.HasGVK(nsGVK) to be true but got false") + return fakeClient.Contains(expected) + }, 10*time.Second).Should(gomega.BeTrue(), "checking initial cache contents") + require.True(t, fakeClient.HasGVK(nsGVK), "want fakeClient.HasGVK(nsGVK) to be true but got false") // Reconfigure to drop the namespace watches config = configFor([]schema.GroupVersionKind{configMapGVK}) @@ -538,7 +538,7 @@ func TestConfig_CacheContents(t *testing.T) { // Expect namespaces to go away from cache g.Eventually(func() bool { - return opaClient.HasGVK(nsGVK) + return fakeClient.HasGVK(nsGVK) }, 10*time.Second).Should(gomega.BeFalse()) // Expect our configMap to return at some point @@ -547,25 +547,25 @@ func TestConfig_CacheContents(t *testing.T) { cmKey: nil, } g.Eventually(func() bool { - return opaClient.Contains(expected) + return fakeClient.Contains(expected) }, 10*time.Second).Should(gomega.BeTrue(), "waiting for ConfigMap to repopulate in cache") expected = map[fakes.CfDataKey]interface{}{ cm2Key: nil, } g.Eventually(func() bool { - return !opaClient.Contains(expected) - }, 10*time.Second).Should(gomega.BeTrue(), "kube-system namespace is excluded. kube-system/config-test-2 should not be in opa cache") + return !fakeClient.Contains(expected) + }, 10*time.Second).Should(gomega.BeTrue(), "kube-system namespace is excluded. kube-system/config-test-2 should not be in the cache") - // Delete the config resource - expect opa to empty out. - if opaClient.Len() == 0 { + // Delete the config resource - expect cache to empty out. + if fakeClient.Len() == 0 { t.Fatal("sanity") } require.NoError(t, c.Delete(ctx, config), "deleting Config resource") // The cache will be cleared out. g.Eventually(func() int { - return opaClient.Len() + return fakeClient.Len() }, 10*time.Second).Should(gomega.BeZero(), "waiting for cache to empty") } @@ -590,7 +590,7 @@ func TestConfig_Retries(t *testing.T) { mgr, wm := setupManager(t) c := testclient.NewRetryClient(mgr.GetClient()) - opaClient := &fakes.FakeCfClient{} + dataClient := &fakes.FakeCfClient{} cs := watch.NewSwitch() tracker, err := readiness.SetupTracker(mgr, false, false, false) if err != nil { @@ -606,7 +606,7 @@ func TestConfig_Retries(t *testing.T) { events) require.NoError(t, err) cacheManager, err := cachemanager.NewCacheManager(&cachemanager.Config{ - CfClient: opaClient, + CfClient: dataClient, SyncMetricsCache: syncMetricsCache, Tracker: tracker, ProcessExcluder: processExcluder, @@ -679,8 +679,8 @@ func TestConfig_Retries(t *testing.T) { cmKey: nil, } g.Eventually(func() bool { - return opaClient.Contains(expected) - }, 10*time.Second).Should(gomega.BeTrue(), "checking initial opa cache contents") + return dataClient.Contains(expected) + }, 10*time.Second).Should(gomega.BeTrue(), "checking initial cache contents") fi.SetFailures("ConfigMapList", 2) @@ -697,8 +697,8 @@ func TestConfig_Retries(t *testing.T) { // Despite the transient error, we expect the cache to eventually be repopulated. g.Eventually(func() bool { - return opaClient.Contains(expected) - }, 10*time.Second).Should(gomega.BeTrue(), "checking final opa cache contents") + return dataClient.Contains(expected) + }, 10*time.Second).Should(gomega.BeTrue(), "checking final cache contents") } // configFor returns a config resource that watches the requested set of resources. diff --git a/pkg/controller/constraint/constraint_controller.go b/pkg/controller/constraint/constraint_controller.go index 2ea080d8234..95443753d4d 100644 --- a/pkg/controller/constraint/constraint_controller.go +++ b/pkg/controller/constraint/constraint_controller.go @@ -27,10 +27,8 @@ import ( constraintstatusv1beta1 "github.com/open-policy-agent/gatekeeper/v3/apis/status/v1beta1" "github.com/open-policy-agent/gatekeeper/v3/pkg/controller/config/process" "github.com/open-policy-agent/gatekeeper/v3/pkg/controller/constraintstatus" - "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/logging" "github.com/open-policy-agent/gatekeeper/v3/pkg/metrics" - "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/operations" "github.com/open-policy-agent/gatekeeper/v3/pkg/readiness" "github.com/open-policy-agent/gatekeeper/v3/pkg/util" @@ -59,7 +57,7 @@ const ( ) type Adder struct { - Opa *constraintclient.Client + CFClient *constraintclient.Client ConstraintsCache *ConstraintsCache WatchManager *watch.Manager ControllerSwitch *watch.ControllerSwitch @@ -74,8 +72,8 @@ type Adder struct { IfWatching func(schema.GroupVersionKind, func() error) (bool, error) } -func (a *Adder) InjectOpa(o *constraintclient.Client) { - a.Opa = o +func (a *Adder) InjectCFClient(c *constraintclient.Client) { + a.CFClient = c } func (a *Adder) InjectWatchManager(w *watch.Manager) { @@ -90,10 +88,6 @@ func (a *Adder) InjectTracker(t *readiness.Tracker) { a.Tracker = t } -func (a *Adder) InjectMutationSystem(mutationSystem *mutation.System) {} - -func (a *Adder) InjectExpansionSystem(expansionSystem *expansion.System) {} - // Add creates a new Constraint Controller and adds it to the Manager. The Manager will set fields on the Controller // and Start it when the Manager is Started. func (a *Adder) Add(mgr manager.Manager) error { @@ -106,7 +100,7 @@ func (a *Adder) Add(mgr manager.Manager) error { return err } - r := newReconciler(mgr, a.Opa, a.ControllerSwitch, reporter, a.ConstraintsCache, a.Tracker) + r := newReconciler(mgr, a.CFClient, a.ControllerSwitch, reporter, a.ConstraintsCache, a.Tracker) if a.GetPod != nil { r.getPod = a.GetPod } @@ -129,7 +123,7 @@ type tags struct { // newReconciler returns a new reconcile.Reconciler. func newReconciler( mgr manager.Manager, - opa *constraintclient.Client, + cfClient *constraintclient.Client, cs *watch.ControllerSwitch, reporter StatsReporter, constraintsCache *ConstraintsCache, @@ -143,7 +137,7 @@ func newReconciler( cs: cs, scheme: mgr.GetScheme(), - opa: opa, + cfClient: cfClient, log: log, reporter: reporter, constraintsCache: constraintsCache, @@ -196,7 +190,7 @@ type ReconcileConstraint struct { cs *watch.ControllerSwitch scheme *runtime.Scheme - opa *constraintclient.Client + cfClient *constraintclient.Client log logr.Logger reporter StatsReporter constraintsCache *ConstraintsCache @@ -291,7 +285,7 @@ func (r *ReconcileConstraint) Reconcile(ctx context.Context, request reconcile.R status.Status.ConstraintUID = instance.GetUID() status.Status.ObservedGeneration = instance.GetGeneration() status.Status.Errors = nil - if c, err := r.opa.GetConstraint(instance); err != nil || !constraints.SemanticEqual(instance, c) { + if c, err := r.cfClient.GetConstraint(instance); err != nil || !constraints.SemanticEqual(instance, c) { if err := r.cacheConstraint(ctx, instance); err != nil { r.constraintsCache.addConstraintKey(constraintKey, tags{ enforcementAction: enforcementAction, @@ -320,7 +314,7 @@ func (r *ReconcileConstraint) Reconcile(ctx context.Context, request reconcile.R reportMetrics = true } else { r.log.Info("handling constraint delete", "instance", instance) - if _, err := r.opa.RemoveConstraint(ctx, instance); err != nil { + if _, err := r.cfClient.RemoveConstraint(ctx, instance); err != nil { if errors.Is(err, constraintclient.ErrMissingConstraint) { return reconcile.Result{}, err } @@ -414,9 +408,9 @@ func (r *ReconcileConstraint) cacheConstraint(ctx context.Context, instance *uns t := r.tracker.For(instance.GroupVersionKind()) obj := instance.DeepCopy() - // Remove the status field since we do not need it for OPA + // Remove the status field since we do not need it unstructured.RemoveNestedField(obj.Object, "status") - _, err := r.opa.AddConstraint(ctx, obj) + _, err := r.cfClient.AddConstraint(ctx, obj) if err != nil { t.TryCancelExpect(obj) return err diff --git a/pkg/controller/constraintstatus/constraintstatus_controller.go b/pkg/controller/constraintstatus/constraintstatus_controller.go index d044f2fc6f5..3095cccb95e 100644 --- a/pkg/controller/constraintstatus/constraintstatus_controller.go +++ b/pkg/controller/constraintstatus/constraintstatus_controller.go @@ -44,7 +44,7 @@ import ( var log = logf.Log.WithName("controller").WithValues(logging.Process, "constraint_status_controller") type Adder struct { - Opa *constraintclient.Client + CFClient *constraintclient.Client WatchManager *watch.Manager ControllerSwitch *watch.ControllerSwitch Events <-chan event.GenericEvent diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller.go b/pkg/controller/constrainttemplate/constrainttemplate_controller.go index c0438826958..a8c23c559c6 100644 --- a/pkg/controller/constrainttemplate/constrainttemplate_controller.go +++ b/pkg/controller/constrainttemplate/constrainttemplate_controller.go @@ -24,15 +24,12 @@ import ( "github.com/open-policy-agent/frameworks/constraint/pkg/apis/templates/v1beta1" constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client" "github.com/open-policy-agent/frameworks/constraint/pkg/core/templates" - "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" statusv1beta1 "github.com/open-policy-agent/gatekeeper/v3/apis/status/v1beta1" "github.com/open-policy-agent/gatekeeper/v3/pkg/controller/constraint" "github.com/open-policy-agent/gatekeeper/v3/pkg/controller/constraintstatus" "github.com/open-policy-agent/gatekeeper/v3/pkg/controller/constrainttemplatestatus" - "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/logging" "github.com/open-policy-agent/gatekeeper/v3/pkg/metrics" - "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/operations" "github.com/open-policy-agent/gatekeeper/v3/pkg/readiness" "github.com/open-policy-agent/gatekeeper/v3/pkg/util" @@ -69,7 +66,7 @@ var gvkConstraintTemplate = schema.GroupVersionKind{ } type Adder struct { - Opa *constraintclient.Client + CFClient *constraintclient.Client WatchManager *watch.Manager ControllerSwitch *watch.ControllerSwitch Tracker *readiness.Tracker @@ -84,15 +81,15 @@ func (a *Adder) Add(mgr manager.Manager) error { } // events will be used to receive events from dynamic watches registered events := make(chan event.GenericEvent, 1024) - r, err := newReconciler(mgr, a.Opa, a.WatchManager, a.ControllerSwitch, a.Tracker, events, events, a.GetPod) + r, err := newReconciler(mgr, a.CFClient, a.WatchManager, a.ControllerSwitch, a.Tracker, events, events, a.GetPod) if err != nil { return err } return add(mgr, r) } -func (a *Adder) InjectOpa(o *constraintclient.Client) { - a.Opa = o +func (a *Adder) InjectCFClient(c *constraintclient.Client) { + a.CFClient = c } func (a *Adder) InjectWatchManager(wm *watch.Manager) { @@ -111,17 +108,11 @@ func (a *Adder) InjectGetPod(getPod func(context.Context) (*corev1.Pod, error)) a.GetPod = getPod } -func (a *Adder) InjectMutationSystem(_ *mutation.System) {} - -func (a *Adder) InjectExpansionSystem(_ *expansion.System) {} - -func (a *Adder) InjectProviderCache(_ *externaldata.ProviderCache) {} - // newReconciler returns a new reconcile.Reconciler // cstrEvents is the channel from which constraint controller will receive the events // regEvents is the channel registered by Registrar to put the events in // cstrEvents and regEvents point to same event channel except for testing. -func newReconciler(mgr manager.Manager, opa *constraintclient.Client, wm *watch.Manager, cs *watch.ControllerSwitch, tracker *readiness.Tracker, cstrEvents <-chan event.GenericEvent, regEvents chan<- event.GenericEvent, getPod func(context.Context) (*corev1.Pod, error)) (*ReconcileConstraintTemplate, error) { +func newReconciler(mgr manager.Manager, cfClient *constraintclient.Client, wm *watch.Manager, cs *watch.ControllerSwitch, tracker *readiness.Tracker, cstrEvents <-chan event.GenericEvent, regEvents chan<- event.GenericEvent, getPod func(context.Context) (*corev1.Pod, error)) (*ReconcileConstraintTemplate, error) { // constraintsCache contains total number of constraints and shared mutex constraintsCache := constraint.NewConstraintsCache() @@ -136,7 +127,7 @@ func newReconciler(mgr manager.Manager, opa *constraintclient.Client, wm *watch. // via the registrar below. constraintAdder := constraint.Adder{ - Opa: opa, + CFClient: cfClient, ConstraintsCache: constraintsCache, WatchManager: wm, ControllerSwitch: cs, @@ -155,7 +146,7 @@ func newReconciler(mgr manager.Manager, opa *constraintclient.Client, wm *watch. // via the registrar below. statusEvents := make(chan event.GenericEvent, 1024) csAdder := constraintstatus.Adder{ - Opa: opa, + CFClient: cfClient, WatchManager: wm, ControllerSwitch: cs, Events: statusEvents, @@ -166,7 +157,7 @@ func newReconciler(mgr manager.Manager, opa *constraintclient.Client, wm *watch. } ctsAdder := constrainttemplatestatus.Adder{ - Opa: opa, + CfClient: cfClient, WatchManager: wm, ControllerSwitch: cs, } @@ -179,7 +170,7 @@ func newReconciler(mgr manager.Manager, opa *constraintclient.Client, wm *watch. reconciler := &ReconcileConstraintTemplate{ Client: mgr.GetClient(), scheme: mgr.GetScheme(), - opa: opa, + cfClient: cfClient, watcher: w, statusWatcher: statusW, cs: cs, @@ -242,7 +233,7 @@ type ReconcileConstraintTemplate struct { scheme *runtime.Scheme watcher *watch.Registrar statusWatcher *watch.Registrar - opa *constraintclient.Client + cfClient *constraintclient.Client cs *watch.ControllerSwitch metrics *reporter tracker *readiness.Tracker @@ -299,7 +290,7 @@ func (r *ReconcileConstraintTemplate) Reconcile(ctx context.Context, request rec ctRef := &templates.ConstraintTemplate{} ctRef.SetNamespace(request.Namespace) ctRef.SetName(request.Name) - ctUnversioned, err := r.opa.GetTemplate(ctRef) + ctUnversioned, err := r.cfClient.GetTemplate(ctRef) result := reconcile.Result{} if err != nil { logger.Info("missing constraint template in OPA cache, no deletion necessary") @@ -338,7 +329,7 @@ func (r *ReconcileConstraintTemplate) Reconcile(ctx context.Context, request rec return reconcile.Result{}, err } - unversionedProposedCRD, err := r.opa.CreateCRD(ctx, unversionedCT) + unversionedProposedCRD, err := r.cfClient.CreateCRD(ctx, unversionedCT) if err != nil { logger.Error(err, "CRD creation error") r.tracker.TryCancelTemplate(unversionedCT) // Don't track templates that failed compilation @@ -424,10 +415,10 @@ func (r *ReconcileConstraintTemplate) handleUpdate( logger.Info("loading code into OPA") beginCompile := time.Now() - // It's important that opa.AddTemplate() is called first. That way we can + // It's important that cfClient.AddTemplate() is called first. That way we can // rely on a template's existence in OPA to know whether a watch needs // to be removed - if _, err := r.opa.AddTemplate(ctx, unversionedCT); err != nil { + if _, err := r.cfClient.AddTemplate(ctx, unversionedCT); err != nil { if err := r.metrics.reportIngestDuration(ctx, metrics.ErrorStatus, time.Since(beginCompile)); err != nil { logger.Error(err, "failed to report constraint template ingestion duration") } @@ -496,7 +487,7 @@ func (r *ReconcileConstraintTemplate) handleDelete( // removing the template from the OPA cache must go last as we are relying // on that cache to derive the Kind to remove from the watch - if _, err := r.opa.RemoveTemplate(ctx, ct); err != nil { + if _, err := r.cfClient.RemoveTemplate(ctx, ct); err != nil { return reconcile.Result{}, err } return reconcile.Result{}, nil diff --git a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go index 89ef605b340..e9abc8dbd76 100644 --- a/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go +++ b/pkg/controller/constrainttemplate/constrainttemplate_controller_test.go @@ -113,15 +113,14 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - // initialize OPA driver, err := rego.New(rego.Tracing(true)) if err != nil { t.Fatalf("unable to set up Driver: %v", err) } - opaClient, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) + cfClient, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) if err != nil { - t.Fatalf("unable to set up OPA client: %s", err) + t.Fatalf("unable to set up constraint framework client: %s", err) } testutils.Setenv(t, "POD_NAME", "no-pod") @@ -139,7 +138,7 @@ func TestReconcile(t *testing.T) { // events will be used to receive events from dynamic watches registered events := make(chan event.GenericEvent, 1024) - rec, err := newReconciler(mgr, opaClient, wm, cs, tracker, events, events, func(context.Context) (*corev1.Pod, error) { return pod, nil }) + rec, err := newReconciler(mgr, cfClient, wm, cs, tracker, events, events, func(context.Context) (*corev1.Pod, error) { return pod, nil }) if err != nil { t.Fatal(err) } @@ -224,7 +223,7 @@ func TestReconcile(t *testing.T) { Name: "FooNamespace", Object: runtime.RawExtension{Object: ns}, } - resp, err := opaClient.Review(ctx, req) + resp, err := cfClient.Review(ctx, req) if err != nil { t.Fatal(err) } @@ -232,7 +231,7 @@ func TestReconcile(t *testing.T) { gotResults := resp.Results() if len(gotResults) != 1 { t.Log(resp.TraceDump()) - t.Log(opaClient.Dump(ctx)) + t.Log(cfClient.Dump(ctx)) t.Fatalf("want 1 result, got %v", gotResults) } }) @@ -418,7 +417,7 @@ func TestReconcile(t *testing.T) { Name: "FooNamespace", Object: runtime.RawExtension{Object: ns}, } - resp, err := opaClient.Review(ctx, req) + resp, err := cfClient.Review(ctx, req) if err != nil { t.Fatal(err) } @@ -426,7 +425,7 @@ func TestReconcile(t *testing.T) { gotResults := resp.Results() if len(resp.Results()) != 0 { t.Log(resp.TraceDump()) - t.Log(opaClient.Dump(ctx)) + t.Log(cfClient.Dump(ctx)) t.Fatalf("did not get 0 results: %v", gotResults) } @@ -439,13 +438,13 @@ func TestReconcile(t *testing.T) { err = retry.OnError(testutils.ConstantRetry, func(err error) bool { return true }, func() error { - resp, err := opaClient.Review(ctx, req) + resp, err := cfClient.Review(ctx, req) if err != nil { return err } if len(resp.Results()) != 0 { - dump, _ := opaClient.Dump(ctx) - return fmt.Errorf("Results not yet zero\nOPA DUMP:\n%s", dump) + dump, _ := cfClient.Dump(ctx) + return fmt.Errorf("Results not yet zero\nDUMP:\n%s", dump) } return nil }) @@ -536,15 +535,14 @@ violation[{"msg": "denied!"}] { t.Fatal(err) } - // initialize OPA driver, err := rego.New(rego.Tracing(true)) if err != nil { t.Fatalf("unable to set up Driver: %v", err) } - opaClient, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) + cfClient, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) if err != nil { - t.Fatalf("unable to set up OPA client: %s", err) + t.Fatalf("unable to set up constraint framework client: %s", err) } testutils.Setenv(t, "POD_NAME", "no-pod") @@ -557,7 +555,7 @@ violation[{"msg": "denied!"}] { // events will be used to receive events from dynamic watches registered events := make(chan event.GenericEvent, 1024) - rec, err := newReconciler(mgr, opaClient, wm, cs, tracker, events, nil, func(context.Context) (*corev1.Pod, error) { return pod, nil }) + rec, err := newReconciler(mgr, cfClient, wm, cs, tracker, events, nil, func(context.Context) (*corev1.Pod, error) { return pod, nil }) if err != nil { t.Fatal(err) } diff --git a/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go b/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go index 3dd22caa1f0..c1d44bf196b 100644 --- a/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go +++ b/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller.go @@ -44,7 +44,7 @@ import ( var log = logf.Log.WithName("controller").WithValues(logging.Process, "constraint_template_status_controller") type Adder struct { - Opa *constraintclient.Client + CfClient *constraintclient.Client WatchManager *watch.Manager ControllerSwitch *watch.ControllerSwitch } diff --git a/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller_test.go b/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller_test.go index 85fa4ddd7bd..58ac3be5d7b 100644 --- a/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller_test.go +++ b/pkg/controller/constrainttemplatestatus/constrainttemplatestatus_controller_test.go @@ -106,15 +106,14 @@ violation[{"msg": "denied!"}] { t.Fatalf("want createGatekeeperNamespace(mgr.GetConfig()) error = nil, got %v", err) } - // initialize OPA driver, err := rego.New(rego.Tracing(true)) if err != nil { t.Fatalf("unable to set up Driver: %v", err) } - opaClient, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) + cfClient, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) if err != nil { - t.Fatalf("unable to set up OPA client: %s", err) + t.Fatalf("unable to set up constraint framework client: %s", err) } testutils.Setenv(t, "POD_NAME", "no-pod") @@ -130,7 +129,7 @@ violation[{"msg": "denied!"}] { ) adder := constrainttemplate.Adder{ - Opa: opaClient, + CFClient: cfClient, WatchManager: wm, ControllerSwitch: cs, Tracker: tracker, diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 97f4b1760bc..3076b5fba02 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -47,13 +47,9 @@ import ( var debugUseFakePod = flag.Bool("debug-use-fake-pod", false, "Use a fake pod name so the Gatekeeper executable can be run outside of Kubernetes") type Injector interface { - InjectOpa(*constraintclient.Client) - InjectWatchManager(*watch.Manager) InjectControllerSwitch(*watch.ControllerSwitch) InjectTracker(tracker *readiness.Tracker) - InjectMutationSystem(mutationSystem *mutation.System) - InjectExpansionSystem(expansionSystem *expansion.System) - InjectProviderCache(providerCache *externaldata.ProviderCache) + Add(mgr manager.Manager) error } @@ -65,6 +61,26 @@ type PubsubInjector interface { InjectPubsubSystem(pubsubSystem *pubsub.System) } +type DataClientInjector interface { + InjectCFClient(*constraintclient.Client) +} + +type WatchManagerInjector interface { + InjectWatchManager(*watch.Manager) +} + +type MutationSystemInjector interface { + InjectMutationSystem(mutationSystem *mutation.System) +} + +type ExpansionSystemInjector interface { + InjectExpansionSystem(expansionSystem *expansion.System) +} + +type ProviderCacheInjector interface { + InjectProviderCache(providerCache *externaldata.ProviderCache) +} + type CacheManagerInjector interface { InjectCacheManager(cm *cm.CacheManager) } @@ -78,7 +94,7 @@ var AddToManagerFuncs []func(manager.Manager) error // Dependencies are dependencies that can be injected into controllers. type Dependencies struct { - Opa *constraintclient.Client + CFClient *constraintclient.Client WatchManger *watch.Manager ControllerSwitch *watch.ControllerSwitch Tracker *readiness.Tracker @@ -178,13 +194,24 @@ func AddToManager(m manager.Manager, deps *Dependencies) error { } for _, a := range Injectors { - a.InjectOpa(deps.Opa) - a.InjectWatchManager(deps.WatchManger) a.InjectControllerSwitch(deps.ControllerSwitch) a.InjectTracker(deps.Tracker) - a.InjectMutationSystem(deps.MutationSystem) - a.InjectExpansionSystem(deps.ExpansionSystem) - a.InjectProviderCache(deps.ProviderCache) + + if a2, ok := a.(DataClientInjector); ok { + a2.InjectCFClient(deps.CFClient) + } + if a2, ok := a.(WatchManagerInjector); ok { + a2.InjectWatchManager(deps.WatchManger) + } + if a2, ok := a.(MutationSystemInjector); ok { + a2.InjectMutationSystem(deps.MutationSystem) + } + if a2, ok := a.(ExpansionSystemInjector); ok { + a2.InjectExpansionSystem(deps.ExpansionSystem) + } + if a2, ok := a.(ProviderCacheInjector); ok { + a2.InjectProviderCache(deps.ProviderCache) + } if a2, ok := a.(GetPodInjector); ok { a2.InjectGetPod(deps.GetPod) } diff --git a/pkg/controller/expansion/expansion_controller.go b/pkg/controller/expansion/expansion_controller.go index c4aebfdc130..08b73ca2608 100644 --- a/pkg/controller/expansion/expansion_controller.go +++ b/pkg/controller/expansion/expansion_controller.go @@ -4,15 +4,12 @@ import ( "context" "fmt" - constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client" - "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" "github.com/open-policy-agent/gatekeeper/v3/apis/expansion/unversioned" expansionv1beta1 "github.com/open-policy-agent/gatekeeper/v3/apis/expansion/v1beta1" statusv1beta1 "github.com/open-policy-agent/gatekeeper/v3/apis/status/v1beta1" "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/logging" "github.com/open-policy-agent/gatekeeper/v3/pkg/metrics" - "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/readiness" "github.com/open-policy-agent/gatekeeper/v3/pkg/util" "github.com/open-policy-agent/gatekeeper/v3/pkg/watch" @@ -52,18 +49,12 @@ func (a *Adder) Add(mgr manager.Manager) error { return add(mgr, r) } -func (a *Adder) InjectOpa(_ *constraintclient.Client) {} - -func (a *Adder) InjectWatchManager(_ *watch.Manager) {} - func (a *Adder) InjectControllerSwitch(_ *watch.ControllerSwitch) {} func (a *Adder) InjectTracker(tracker *readiness.Tracker) { a.Tracker = tracker } -func (a *Adder) InjectMutationSystem(_ *mutation.System) {} - func (a *Adder) InjectExpansionSystem(expansionSystem *expansion.System) { a.ExpansionSystem = expansionSystem } @@ -72,8 +63,6 @@ func (a *Adder) InjectGetPod(getPod func(ctx context.Context) (*corev1.Pod, erro a.GetPod = getPod } -func (a *Adder) InjectProviderCache(_ *externaldata.ProviderCache) {} - type Reconciler struct { client.Client system *expansion.System diff --git a/pkg/controller/expansionstatus/expansionstatus_controller.go b/pkg/controller/expansionstatus/expansionstatus_controller.go index 8e51384821c..1cd19b67ea0 100644 --- a/pkg/controller/expansionstatus/expansionstatus_controller.go +++ b/pkg/controller/expansionstatus/expansionstatus_controller.go @@ -22,12 +22,10 @@ import ( "github.com/go-logr/logr" constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client" - "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" expansionv1beta1 "github.com/open-policy-agent/gatekeeper/v3/apis/expansion/v1beta1" "github.com/open-policy-agent/gatekeeper/v3/apis/status/v1beta1" "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/logging" - "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/readiness" "github.com/open-policy-agent/gatekeeper/v3/pkg/util" "github.com/open-policy-agent/gatekeeper/v3/pkg/watch" @@ -46,24 +44,14 @@ import ( var log = logf.Log.WithName("controller").WithValues(logging.Process, "expansion_template_status_controller") type Adder struct { - Opa *constraintclient.Client + CFClient *constraintclient.Client WatchManager *watch.Manager } -func (a *Adder) InjectOpa(o *constraintclient.Client) {} - -func (a *Adder) InjectWatchManager(w *watch.Manager) {} - func (a *Adder) InjectControllerSwitch(cs *watch.ControllerSwitch) {} func (a *Adder) InjectTracker(t *readiness.Tracker) {} -func (a *Adder) InjectMutationSystem(mutationSystem *mutation.System) {} - -func (a *Adder) InjectExpansionSystem(expansionSystem *expansion.System) {} - -func (a *Adder) InjectProviderCache(providerCache *externaldata.ProviderCache) {} - // Add creates a new Constraint Status Controller and adds it to the Manager. The Manager will set fields on the Controller // and Start it when the Manager is Started. func (a *Adder) Add(mgr manager.Manager) error { diff --git a/pkg/controller/externaldata/externaldata_controller.go b/pkg/controller/externaldata/externaldata_controller.go index b743f7a45d9..941965bd72b 100644 --- a/pkg/controller/externaldata/externaldata_controller.go +++ b/pkg/controller/externaldata/externaldata_controller.go @@ -7,10 +7,8 @@ import ( externaldatav1beta1 "github.com/open-policy-agent/frameworks/constraint/pkg/apis/externaldata/v1beta1" constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client" frameworksexternaldata "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" - "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/externaldata" "github.com/open-policy-agent/gatekeeper/v3/pkg/logging" - "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/readiness" "github.com/open-policy-agent/gatekeeper/v3/pkg/watch" "k8s.io/apimachinery/pkg/api/errors" @@ -38,23 +36,17 @@ var ( ) type Adder struct { - Opa *constraintclient.Client + CFClient *constraintclient.Client ProviderCache *frameworksexternaldata.ProviderCache Tracker *readiness.Tracker } -func (a *Adder) InjectOpa(o *constraintclient.Client) { - a.Opa = o +func (a *Adder) InjectCFClient(c *constraintclient.Client) { + a.CFClient = c } -func (a *Adder) InjectWatchManager(w *watch.Manager) {} - func (a *Adder) InjectControllerSwitch(cs *watch.ControllerSwitch) {} -func (a *Adder) InjectMutationSystem(mutationSystem *mutation.System) {} - -func (a *Adder) InjectExpansionSystem(expansionSystem *expansion.System) {} - func (a *Adder) InjectTracker(t *readiness.Tracker) { a.Tracker = t } @@ -66,23 +58,23 @@ func (a *Adder) InjectProviderCache(providerCache *frameworksexternaldata.Provid // Add creates a new ExternalData Controller and adds it to the Manager. The Manager will set fields on the Controller // and Start it when the Manager is Started. func (a *Adder) Add(mgr manager.Manager) error { - r := newReconciler(mgr, a.Opa, a.ProviderCache, a.Tracker) + r := newReconciler(mgr, a.CFClient, a.ProviderCache, a.Tracker) return add(mgr, r) } // Reconciler reconciles a ExternalData object. type Reconciler struct { client.Client - opa *constraintclient.Client + cfClient *constraintclient.Client providerCache *frameworksexternaldata.ProviderCache tracker *readiness.Tracker scheme *runtime.Scheme } // newReconciler returns a new reconcile.Reconciler. -func newReconciler(mgr manager.Manager, opa *constraintclient.Client, providerCache *frameworksexternaldata.ProviderCache, tracker *readiness.Tracker) *Reconciler { +func newReconciler(mgr manager.Manager, client *constraintclient.Client, providerCache *frameworksexternaldata.ProviderCache, tracker *readiness.Tracker) *Reconciler { r := &Reconciler{ - opa: opa, + cfClient: client, providerCache: providerCache, Client: mgr.GetClient(), scheme: mgr.GetScheme(), diff --git a/pkg/controller/externaldata/externaldata_controller_test.go b/pkg/controller/externaldata/externaldata_controller_test.go index c44b055f0d7..88e2a036b8b 100644 --- a/pkg/controller/externaldata/externaldata_controller_test.go +++ b/pkg/controller/externaldata/externaldata_controller_test.go @@ -79,16 +79,15 @@ func TestReconcile(t *testing.T) { *externaldata.ExternalDataEnabled = true pc := frameworksexternaldata.NewCache() - // initialize OPA args := []rego.Arg{rego.Tracing(false), rego.AddExternalDataProviderCache(pc)} driver, err := rego.New(args...) if err != nil { t.Fatalf("unable to set up Driver: %v", err) } - opa, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) + cfClient, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) if err != nil { - t.Fatalf("unable to set up OPA client: %s", err) + t.Fatalf("unable to set up constraint framework client: %s", err) } cs := watch.NewSwitch() @@ -97,7 +96,7 @@ func TestReconcile(t *testing.T) { t.Fatal(err) } - rec := newReconciler(mgr, opa, pc, tracker) + rec := newReconciler(mgr, cfClient, pc, tracker) recFn, requests := SetupTestReconcile(rec) err = add(mgr, recFn) diff --git a/pkg/controller/mutators/instances/mutator_controllers.go b/pkg/controller/mutators/instances/mutator_controllers.go index 44ff3488355..f790cd83d93 100644 --- a/pkg/controller/mutators/instances/mutator_controllers.go +++ b/pkg/controller/mutators/instances/mutator_controllers.go @@ -3,13 +3,10 @@ package instances import ( "context" - constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client" - "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" mutationsunversioned "github.com/open-policy-agent/gatekeeper/v3/apis/mutations/unversioned" mutationsv1 "github.com/open-policy-agent/gatekeeper/v3/apis/mutations/v1" "github.com/open-policy-agent/gatekeeper/v3/apis/mutations/v1alpha1" "github.com/open-policy-agent/gatekeeper/v3/pkg/controller/mutators/core" - "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation/mutators" "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation/types" @@ -132,10 +129,6 @@ func (a *Adder) Add(mgr manager.Manager) error { return assignMetadata.Add(mgr) } -func (a *Adder) InjectOpa(o *constraintclient.Client) {} - -func (a *Adder) InjectWatchManager(w *watch.Manager) {} - func (a *Adder) InjectControllerSwitch(cs *watch.ControllerSwitch) {} func (a *Adder) InjectTracker(t *readiness.Tracker) { @@ -149,7 +142,3 @@ func (a *Adder) InjectGetPod(getPod func(ctx context.Context) (*corev1.Pod, erro func (a *Adder) InjectMutationSystem(mutationSystem *mutation.System) { a.MutationSystem = mutationSystem } - -func (a *Adder) InjectExpansionSystem(expansionSystem *expansion.System) {} - -func (a *Adder) InjectProviderCache(providerCache *externaldata.ProviderCache) {} diff --git a/pkg/controller/mutatorstatus/mutatorstatus_controller.go b/pkg/controller/mutatorstatus/mutatorstatus_controller.go index 8b385c12b83..824cc097b2d 100644 --- a/pkg/controller/mutatorstatus/mutatorstatus_controller.go +++ b/pkg/controller/mutatorstatus/mutatorstatus_controller.go @@ -22,14 +22,10 @@ import ( "sort" "github.com/go-logr/logr" - constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client" - "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" mutationsv1 "github.com/open-policy-agent/gatekeeper/v3/apis/mutations/v1" mutationsv1alpha1 "github.com/open-policy-agent/gatekeeper/v3/apis/mutations/v1alpha1" "github.com/open-policy-agent/gatekeeper/v3/apis/status/v1beta1" - "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/logging" - "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/operations" "github.com/open-policy-agent/gatekeeper/v3/pkg/readiness" "github.com/open-policy-agent/gatekeeper/v3/pkg/util" @@ -54,20 +50,10 @@ type Adder struct { ControllerSwitch *watch.ControllerSwitch } -func (a *Adder) InjectOpa(o *constraintclient.Client) {} - -func (a *Adder) InjectWatchManager(w *watch.Manager) {} - func (a *Adder) InjectControllerSwitch(cs *watch.ControllerSwitch) {} func (a *Adder) InjectTracker(t *readiness.Tracker) {} -func (a *Adder) InjectMutationSystem(mutationSystem *mutation.System) {} - -func (a *Adder) InjectExpansionSystem(expansionSystem *expansion.System) {} - -func (a *Adder) InjectProviderCache(providerCache *externaldata.ProviderCache) {} - // Add creates a new Mutator Status Controller and adds it to the Manager. The Manager will set fields on the Controller // and Start it when the Manager is Started. func (a *Adder) Add(mgr manager.Manager) error { diff --git a/pkg/controller/pubsub/pubsub_config_controller.go b/pkg/controller/pubsub/pubsub_config_controller.go index 8fbaf0014ab..4b76a7ff3fd 100644 --- a/pkg/controller/pubsub/pubsub_config_controller.go +++ b/pkg/controller/pubsub/pubsub_config_controller.go @@ -6,11 +6,7 @@ import ( "flag" "fmt" - constraintclient "github.com/open-policy-agent/frameworks/constraint/pkg/client" - "github.com/open-policy-agent/frameworks/constraint/pkg/externaldata" - "github.com/open-policy-agent/gatekeeper/v3/pkg/expansion" "github.com/open-policy-agent/gatekeeper/v3/pkg/logging" - "github.com/open-policy-agent/gatekeeper/v3/pkg/mutation" "github.com/open-policy-agent/gatekeeper/v3/pkg/pubsub" "github.com/open-policy-agent/gatekeeper/v3/pkg/readiness" "github.com/open-policy-agent/gatekeeper/v3/pkg/util" @@ -49,20 +45,10 @@ func (a *Adder) Add(mgr manager.Manager) error { return add(mgr, r) } -func (a *Adder) InjectOpa(_ *constraintclient.Client) {} - -func (a *Adder) InjectWatchManager(_ *watch.Manager) {} - func (a *Adder) InjectControllerSwitch(_ *watch.ControllerSwitch) {} func (a *Adder) InjectTracker(_ *readiness.Tracker) {} -func (a *Adder) InjectMutationSystem(_ *mutation.System) {} - -func (a *Adder) InjectExpansionSystem(_ *expansion.System) {} - -func (a *Adder) InjectProviderCache(_ *externaldata.ProviderCache) {} - func (a *Adder) InjectPubsubSystem(pubsubSystem *pubsub.System) { a.PubsubSystem = pubsubSystem } diff --git a/pkg/readiness/ready_tracker_test.go b/pkg/readiness/ready_tracker_test.go index 3a14351c11c..a31e47d2f74 100644 --- a/pkg/readiness/ready_tracker_test.go +++ b/pkg/readiness/ready_tracker_test.go @@ -88,8 +88,7 @@ func setupManager(t *testing.T) (manager.Manager, *watch.Manager) { return mgr, wm } -func setupOpa(t *testing.T) *constraintclient.Client { - // initialize OPA +func setupDataClient(t *testing.T) *constraintclient.Client { driver, err := rego.New(rego.Tracing(false)) if err != nil { t.Fatalf("setting up Driver: %v", err) @@ -97,7 +96,7 @@ func setupOpa(t *testing.T) *constraintclient.Client { client, err := constraintclient.NewClient(constraintclient.Targets(&target.K8sValidationTarget{}), constraintclient.Driver(driver)) if err != nil { - t.Fatalf("setting up OPA client: %v", err) + t.Fatalf("setting up constraint framework client: %v", err) } return client } @@ -150,7 +149,7 @@ func setupController( // Setup all Controllers opts := controller.Dependencies{ - Opa: cfClient, + CFClient: cfClient, WatchManger: wm, ControllerSwitch: sw, Tracker: tracker, @@ -179,13 +178,13 @@ func Test_AssignMetadata(t *testing.T) { // Wire up the rest. mgr, wm := setupManager(t) - opaClient := setupOpa(t) + cfClient := setupDataClient(t) mutationSystem := mutation.NewSystem(mutation.SystemOpts{}) expansionSystem := expansion.NewSystem(mutationSystem) providerCache := frameworksexternaldata.NewCache() - if err := setupController(mgr, wm, opaClient, mutationSystem, expansionSystem, providerCache); err != nil { + if err := setupController(mgr, wm, cfClient, mutationSystem, expansionSystem, providerCache); err != nil { t.Fatalf("setupControllers: %v", err) } @@ -223,13 +222,13 @@ func Test_ModifySet(t *testing.T) { // Wire up the rest. mgr, wm := setupManager(t) - opaClient := setupOpa(t) + cfClient := setupDataClient(t) mutationSystem := mutation.NewSystem(mutation.SystemOpts{}) expansionSystem := expansion.NewSystem(mutationSystem) providerCache := frameworksexternaldata.NewCache() - if err := setupController(mgr, wm, opaClient, mutationSystem, expansionSystem, providerCache); err != nil { + if err := setupController(mgr, wm, cfClient, mutationSystem, expansionSystem, providerCache); err != nil { t.Fatalf("setupControllers: %v", err) } @@ -265,13 +264,13 @@ func Test_AssignImage(t *testing.T) { // Wire up the rest. mgr, wm := setupManager(t) - opaClient := setupOpa(t) + cfClient := setupDataClient(t) mutationSystem := mutation.NewSystem(mutation.SystemOpts{}) expansionSystem := expansion.NewSystem(mutationSystem) providerCache := frameworksexternaldata.NewCache() - if err := setupController(mgr, wm, opaClient, mutationSystem, expansionSystem, providerCache); err != nil { + if err := setupController(mgr, wm, cfClient, mutationSystem, expansionSystem, providerCache); err != nil { t.Fatalf("setupControllers: %v", err) } @@ -307,13 +306,13 @@ func Test_Assign(t *testing.T) { // Wire up the rest. mgr, wm := setupManager(t) - opaClient := setupOpa(t) + cfClient := setupDataClient(t) mutationSystem := mutation.NewSystem(mutation.SystemOpts{}) expansionSystem := expansion.NewSystem(mutationSystem) providerCache := frameworksexternaldata.NewCache() - if err := setupController(mgr, wm, opaClient, mutationSystem, expansionSystem, providerCache); err != nil { + if err := setupController(mgr, wm, cfClient, mutationSystem, expansionSystem, providerCache); err != nil { t.Fatalf("setupControllers: %v", err) } @@ -349,13 +348,13 @@ func Test_ExpansionTemplate(t *testing.T) { // Wire up the rest. mgr, wm := setupManager(t) - opaClient := setupOpa(t) + cfClient := setupDataClient(t) mutationSystem := mutation.NewSystem(mutation.SystemOpts{}) expansionSystem := expansion.NewSystem(mutationSystem) providerCache := frameworksexternaldata.NewCache() - if err := setupController(mgr, wm, opaClient, mutationSystem, expansionSystem, providerCache); err != nil { + if err := setupController(mgr, wm, cfClient, mutationSystem, expansionSystem, providerCache); err != nil { t.Fatalf("setupControllers: %v", err) } @@ -408,11 +407,11 @@ func Test_Provider(t *testing.T) { // Wire up the rest. mgr, wm := setupManager(t) - opaClient := setupOpa(t) + cfClient := setupDataClient(t) if err := setupController(mgr, wm, - opaClient, + cfClient, mutation.NewSystem(mutation.SystemOpts{}), nil, providerCache); err != nil { @@ -466,10 +465,10 @@ func Test_Tracker(t *testing.T) { // Wire up the rest. mgr, wm := setupManager(t) - opaClient := setupOpa(t) + cfClient := setupDataClient(t) providerCache := frameworksexternaldata.NewCache() - if err := setupController(mgr, wm, opaClient, mutation.NewSystem(mutation.SystemOpts{}), nil, providerCache); err != nil { + if err := setupController(mgr, wm, cfClient, mutation.NewSystem(mutation.SystemOpts{}), nil, providerCache); err != nil { t.Fatalf("setupControllers: %v", err) } @@ -490,20 +489,20 @@ func Test_Tracker(t *testing.T) { // Verify cache (tracks testdata fixtures) for _, ct := range testTemplates { - _, err := opaClient.GetTemplate(ct) + _, err := cfClient.GetTemplate(ct) if err != nil { t.Fatalf("checking cache for template: %v", err) } } for _, c := range testConstraints { - _, err := opaClient.GetConstraint(c) + _, err := cfClient.GetConstraint(c) if err != nil { t.Fatalf("checking cache for constraint: %v", err) } } - // TODO: Verify data if we add the corresponding API to opa.Client. + // TODO: Verify data if we add the corresponding API to cf.Client. // for _, d := range testData { - // _, err := opaClient.GetData(ctx, c) + // _, err := cfClient.GetData(ctx, c) // if err != nil { // t.Fatalf("checking cache for constraint: %v", err) // } @@ -517,13 +516,13 @@ func Test_Tracker(t *testing.T) { g.Eventually(func() (bool, error) { // Verify cache (tracks testdata/post fixtures) for _, ct := range postTemplates { - _, err := opaClient.GetTemplate(ct) + _, err := cfClient.GetTemplate(ct) if err != nil { return false, err } } for _, c := range postConstraints { - _, err := opaClient.GetConstraint(c) + _, err := cfClient.GetConstraint(c) if err != nil { return false, err } @@ -564,10 +563,10 @@ func Test_Tracker_UnregisteredCachedData(t *testing.T) { // Wire up the rest. mgr, wm := setupManager(t) - opaClient := setupOpa(t) + cfClient := setupDataClient(t) providerCache := frameworksexternaldata.NewCache() - if err := setupController(mgr, wm, opaClient, mutation.NewSystem(mutation.SystemOpts{}), nil, providerCache); err != nil { + if err := setupController(mgr, wm, cfClient, mutation.NewSystem(mutation.SystemOpts{}), nil, providerCache); err != nil { t.Fatalf("setupControllers: %v", err) }