Skip to content

Commit

Permalink
KIM Integration - add label indicating what drives provisioning (#961)
Browse files Browse the repository at this point in the history
* better logging

* setting label for viewOnly mode

* label for provisioner added and tested

* runtimes added to RBAC
  • Loading branch information
jaroslaw-pieszka authored Jul 30, 2024
1 parent a325c31 commit 1059dba
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 9 deletions.
7 changes: 7 additions & 0 deletions internal/process/provisioning/create_runtime_resource_step.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@ func (s *CreateRuntimeResourceStep) Run(operation internal.Operation, log logrus
}

if !s.kimConfig.IsEnabledForPlan(broker.PlanNamesMapping[operation.ProvisioningParameters.PlanID]) {
if !s.kimConfig.Enabled {
log.Infof("KIM is not enabled, skipping")
return operation, 0, nil
}
log.Infof("KIM is not enabled for plan %s, skipping", broker.PlanNamesMapping[operation.ProvisioningParameters.PlanID])
return operation, 0, nil
}
Expand Down Expand Up @@ -139,6 +143,9 @@ func (s *CreateRuntimeResourceStep) createLabelsForRuntime(operation internal.Op
"kyma-project.io/region": *operation.ProvisioningParameters.Parameters.Region,
"operator.kyma-project.io/kyma-name": kymaName,
}
if s.kimConfig.ViewOnly {
labels["kyma-project.io/controlled-by-provisioner"] = "true"
}
return labels
}

Expand Down
91 changes: 83 additions & 8 deletions internal/process/provisioning/create_runtime_resource_step_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,7 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_SingleZone_ActualCreation(t *tes
assert.Equal(t, runtime.Name, preOperation.RuntimeID)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabels(t, preOperation, runtime)
assertLabelsKIMDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
Expand Down Expand Up @@ -379,7 +379,7 @@ func TestCreateRuntimeResourceStep_Defaults_AWS_MultiZone_ActualCreation(t *test
assert.Equal(t, runtime.Name, preOperation.RuntimeID)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabels(t, preOperation, runtime)
assertLabelsKIMDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
Expand Down Expand Up @@ -431,7 +431,7 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ActualCreation(t
assert.Equal(t, preOperation.RuntimeID, runtime.Name)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabels(t, preOperation, runtime)
assertLabelsKIMDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
Expand All @@ -444,6 +444,58 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ActualCreation(t

}

func TestCreateRuntimeResourceStep_Defaults_Preview_SingleZone_ViewOnly_ActualCreation(t *testing.T) {
// given
log := logrus.New()
memoryStorage := storage.NewMemoryStorage()

err := imv1.AddToScheme(scheme.Scheme)

region := "eu-west-2"

instance := fixInstance()
err = memoryStorage.Instances().Insert(instance)
assert.NoError(t, err)

preOperation := fixOperationForCreateRuntimeResource(instance.InstanceID, fixture.FixProvisioningParametersWithDTO(operationID, broker.PreviewPlanID, fixProvisioningParametersDTOWithRegion(region)))
err = memoryStorage.Operations().InsertOperation(preOperation)
assert.NoError(t, err)

kimConfig := fixKimConfigProvisionerDriven("preview", false)

cli := getClientForTests(t)
inputConfig := input.Config{MultiZoneCluster: false}
step := NewCreateRuntimeResourceStep(memoryStorage.Operations(), memoryStorage.Instances(), cli, kimConfig, inputConfig, nil, false)

// when
entry := log.WithFields(logrus.Fields{"step": "TEST"})
_, repeat, err := step.Run(preOperation, entry)

// then
assert.NoError(t, err)
assert.Zero(t, repeat)

runtime := imv1.Runtime{}
err = cli.Get(context.Background(), client.ObjectKey{
Namespace: "kyma-system",
Name: preOperation.RuntimeID,
}, &runtime)
assert.NoError(t, err)
assert.Equal(t, preOperation.RuntimeID, runtime.Name)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabelsProvisionerDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
assert.Equal(t, "eu-west-2", runtime.Spec.Shoot.Region)
assert.Equal(t, "production", string(runtime.Spec.Shoot.Purpose))
assertWorkers(t, runtime.Spec.Shoot.Provider.Workers, "m6i.large", 20, 3, 1, 0, 1, []string{"eu-west-2a", "eu-west-2b", "eu-west-2c"})

_, err = memoryStorage.Instances().GetByID(preOperation.InstanceID)
assert.NoError(t, err)
}

func TestCreateRuntimeResourceStep_Defaults_Preview_MultiZone_ActualCreation(t *testing.T) {
// given
log := logrus.New()
Expand Down Expand Up @@ -484,7 +536,7 @@ func TestCreateRuntimeResourceStep_Defaults_Preview_MultiZone_ActualCreation(t *
assert.Equal(t, preOperation.RuntimeID, runtime.Name)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabels(t, preOperation, runtime)
assertLabelsKIMDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "aws", runtime.Spec.Shoot.Provider.Type)
Expand Down Expand Up @@ -537,7 +589,7 @@ func TestCreateRuntimeResourceStep_Defaults_Azure_SingleZone_ActualCreation(t *t
assert.Equal(t, preOperation.RuntimeID, runtime.Name)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabels(t, preOperation, runtime)
assertLabelsKIMDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "azure", runtime.Spec.Shoot.Provider.Type)
Expand Down Expand Up @@ -592,7 +644,7 @@ func TestCreateRuntimeResourceStep_Defaults_Azure_MultiZone_ActualCreation(t *te
assert.Equal(t, preOperation.RuntimeID, runtime.Name)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabels(t, preOperation, runtime)
assertLabelsKIMDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "azure", runtime.Spec.Shoot.Provider.Type)
Expand Down Expand Up @@ -647,7 +699,7 @@ func TestCreateRuntimeResourceStep_Defaults_GCP_SingleZone_ActualCreation(t *tes
assert.Equal(t, preOperation.RuntimeID, runtime.Name)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabels(t, preOperation, runtime)
assertLabelsKIMDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "gcp", runtime.Spec.Shoot.Provider.Type)
Expand Down Expand Up @@ -702,7 +754,7 @@ func TestCreateRuntimeResourceStep_Defaults_GCP_MultiZone_ActualCreation(t *test
assert.Equal(t, preOperation.RuntimeID, runtime.Name)
assert.Equal(t, "runtime-58f8c703-1756-48ab-9299-a847974d1fee", runtime.Labels["operator.kyma-project.io/kyma-name"])

assertLabels(t, preOperation, runtime)
assertLabelsKIMDriven(t, preOperation, runtime)
assertSecurity(t, runtime)

assert.Equal(t, "gcp", runtime.Spec.Shoot.Provider.Type)
Expand All @@ -722,6 +774,20 @@ func assertSecurity(t *testing.T, runtime imv1.Runtime) {
assert.Equal(t, runtime.Spec.Security.Networking.Filter.Egress, imv1.Egress(imv1.Egress{Enabled: false}))
}

func assertLabelsKIMDriven(t *testing.T, preOperation internal.Operation, runtime imv1.Runtime) {
assertLabels(t, preOperation, runtime)

provisionerDriven, ok := runtime.Labels["kyma-project.io/controlled-by-provisioner"]
assert.True(t, !ok || provisionerDriven == "false")
}

func assertLabelsProvisionerDriven(t *testing.T, preOperation internal.Operation, runtime imv1.Runtime) {
assertLabels(t, preOperation, runtime)

provisionerDriven, ok := runtime.Labels["kyma-project.io/controlled-by-provisioner"]
assert.True(t, ok && provisionerDriven == "true")
}

func assertLabels(t *testing.T, preOperation internal.Operation, runtime imv1.Runtime) {
assert.Equal(t, preOperation.InstanceID, runtime.Labels["kyma-project.io/instance-id"])
assert.Equal(t, preOperation.RuntimeID, runtime.Labels["kyma-project.io/runtime-id"])
Expand Down Expand Up @@ -800,6 +866,15 @@ func fixKimConfig(planName string, dryRun bool) kim.Config {
}
}

func fixKimConfigProvisionerDriven(planName string, dryRun bool) kim.Config {
return kim.Config{
Enabled: true,
Plans: []string{planName},
ViewOnly: true,
DryRun: dryRun,
}
}

func fixProvisionerParameters(cloudProvider internal.CloudProvider, region string) internal.ProvisioningParametersDTO {
return internal.ProvisioningParametersDTO{
Name: "cluster-test",
Expand Down
2 changes: 1 addition & 1 deletion resources/keb/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ rules:
resources: [ "kymas" ]
verbs: [ "*" ]
- apiGroups: [ "infrastructuremanager.kyma-project.io" ]
resources: [ "gardenerclusters" ]
resources: [ "gardenerclusters", "runtimes" ]
verbs: [ "*" ]

---
Expand Down

0 comments on commit 1059dba

Please sign in to comment.