Documentation ¶
Index ¶
- Constants
- func CleanRepoCredOperation(ctx context.Context, dbRepoCred db.RepositoryCredentials, ...) error
- func DeleteManagedEnvironmentResources(ctx context.Context, managedEnvID string, managedEnvDB *db.ManagedEnvironment, ...) error
- func NormalizeGitURL(repo string) string
- func UpdateGitopsDeploymentRepositoryCredentialStatus(ctx context.Context, ...) (bool, error)
- type DefaultK8sClientFactory
- func (DefaultK8sClientFactory) BuildK8sClient(restConfig *rest.Config) (client.Client, error)
- func (DefaultK8sClientFactory) GetK8sClientForGitOpsEngineInstance(ctx context.Context, gitopsEngineInstance *db.GitopsEngineInstance) (client.Client, error)
- func (DefaultK8sClientFactory) GetK8sClientForServiceWorkspace() (client.Client, error)
- type SRLK8sClientFactory
- type SharedResourceEventLoop
- func (srEventLoop *SharedResourceEventLoop) GetGitopsEngineInstanceById(ctx context.Context, id string, workspaceClient client.Client, ...) (*db.GitopsEngineInstance, error)
- func (srEventLoop *SharedResourceEventLoop) GetOrCreateClusterUserByNamespaceUID(ctx context.Context, workspaceClient client.Client, ...) (*db.ClusterUser, bool, error)
- func (srEventLoop *SharedResourceEventLoop) ReconcileAppProjectRepositories(ctx context.Context, workspaceClient client.Client, ...) (bool, error)
- func (srEventLoop *SharedResourceEventLoop) ReconcileRepositoryCredential(ctx context.Context, workspaceClient client.Client, ...) (*db.RepositoryCredentials, error)
- func (srEventLoop *SharedResourceEventLoop) ReconcileSharedManagedEnv(ctx context.Context, workspaceClient client.Client, ...) (SharedResourceManagedEnvContainer, bool, error)
- type SharedResourceManagedEnvContainer
- type ValidateRepoURLAndCredentialsFunction
Constants ¶
const ( KubeconfigKey = "kubeconfig" UnableToCreateRestConfigError = "unable to create k8s client from restConfig from managed environment secret" )
Variables ¶
This section is empty.
Functions ¶
func CleanRepoCredOperation ¶
func CleanRepoCredOperation(ctx context.Context, dbRepoCred db.RepositoryCredentials, clusterUser db.ClusterUser, operationNS string, dbQueries db.DatabaseQueries, client client.Client, operationDBID string, l logr.Logger) error
func DeleteManagedEnvironmentResources ¶
func DeleteManagedEnvironmentResources(ctx context.Context, managedEnvID string, managedEnvDB *db.ManagedEnvironment, user db.ClusterUser, k8sClientFactory SRLK8sClientFactory, dbQueries db.DatabaseQueries, log logr.Logger) error
func NormalizeGitURL ¶
NormalizeGitURL normalizes a git URL for purposes of comparison, as well as preventing redundant local clones (by normalizing various forms of a URL to a consistent location).
func UpdateGitopsDeploymentRepositoryCredentialStatus ¶
func UpdateGitopsDeploymentRepositoryCredentialStatus(ctx context.Context, repositoryCredential *managedgitopsv1alpha1.GitOpsDeploymentRepositoryCredential, secret *corev1.Secret, validateRepoURL ValidateRepoURLAndCredentialsFunction, k8sClient client.Client, log logr.Logger) (bool, error)
Updates the given repository credential CR's status condition to match the given condition and additional checks. If there is an existing status condition with the exact same status, reason and message, no update is made in order to preserve the LastTransitionTime (see https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Condition.LastTransitionTime )
returns true if the RepositoryCredentials status is valid, false otherwise (for example, false if CR references a Secret that doesn't exist)
Types ¶
type DefaultK8sClientFactory ¶
type DefaultK8sClientFactory struct { }
DefaultK8sClientFactory should always be used, except when mocking for unit tests.
func (DefaultK8sClientFactory) BuildK8sClient ¶
func (DefaultK8sClientFactory) GetK8sClientForGitOpsEngineInstance ¶
func (DefaultK8sClientFactory) GetK8sClientForGitOpsEngineInstance(ctx context.Context, gitopsEngineInstance *db.GitopsEngineInstance) (client.Client, error)
func (DefaultK8sClientFactory) GetK8sClientForServiceWorkspace ¶
func (DefaultK8sClientFactory) GetK8sClientForServiceWorkspace() (client.Client, error)
type SRLK8sClientFactory ¶
type SRLK8sClientFactory interface { // Create a client.Client using the given restconfig BuildK8sClient(restConfig *rest.Config) (client.Client, error) // Create a client.Client which can access the cluster that Argo CD is on GetK8sClientForGitOpsEngineInstance(ctx context.Context, gitopsEngineInstance *db.GitopsEngineInstance) (client.Client, error) // Create a client.Client which can access the cluster where GitOps Service is running GetK8sClientForServiceWorkspace() (client.Client, error) }
SRLK8sClientFactory abstracts out the creation of client.Client, which allows mocking by unit tests.
type SharedResourceEventLoop ¶
type SharedResourceEventLoop struct {
// contains filtered or unexported fields
}
The goal of the shared resource event loop is to ensure that API-namespace-scoped resources are only created from a single thread, preventing concurrent goroutines from stepping on each others toes.
This ensures that:
- When multiple 'application event loop' goroutines are attempting to create workspace-scoped resources, that no duplicates are created (eg it shouldn't be possible to create multiple ClusterUsers for a single user, or multiple ManagedEnvironments for a single namespace)
- There are no race conditions on creation of namespace-scoped resources.
API-namespace-scoped resources are: - managedenv - clusteraccess - clusteruser - gitopsengineinstance - repositorycredential
Ultimately the goal of this file is to avoid this issue: - In the same moment of time, both these actions happen simultaneously:
- thread 1: creates (for example) a managed environment DB row for environment A, while processing a GitOpsDeployment targeting A
- thread 2: creates (for example) a managed environment DB row for environment A, while processing a different GitOpsDeployment targeting A
- But this is bad: the database now contains _two different_ managed environment database entries for the same environment A.
- Thus, without mutexes/locking, there is a race condition.
- However, the shared resource event loop prevents this issue, by ensuring that threads are never able to concurrently create API-namespace-scoped database resources at the same time.
func NewSharedResourceLoop ¶
func NewSharedResourceLoop() *SharedResourceEventLoop
NewSharedResourceLoop creates a new SharedResourceLoop, and starts the goroutine responsible for processing channel messages. See documentation at top of this file for details.
func NewSharedResourceLoopWithCustomFuncs ¶
func NewSharedResourceLoopWithCustomFuncs(validateRepoURLFunction ValidateRepoURLAndCredentialsFunction) *SharedResourceEventLoop
NewSharedResourceLoopWithCustomFuncs allows override of validation functions from NewSharedResourceLoop Note: This should only be called from unit tests
func (*SharedResourceEventLoop) GetGitopsEngineInstanceById ¶
func (*SharedResourceEventLoop) GetOrCreateClusterUserByNamespaceUID ¶
func (srEventLoop *SharedResourceEventLoop) GetOrCreateClusterUserByNamespaceUID(ctx context.Context, workspaceClient client.Client, workspaceNamespace corev1.Namespace, l logr.Logger) (*db.ClusterUser, bool, error)
The bool return value is 'true' if ClusterUser is created; 'false' if it already exists in DB or in case of failure.
func (*SharedResourceEventLoop) ReconcileAppProjectRepositories ¶
func (srEventLoop *SharedResourceEventLoop) ReconcileAppProjectRepositories(ctx context.Context, workspaceClient client.Client, workspaceNamespace corev1.Namespace, l logr.Logger) (bool, error)
ReconcileAppProjectRepositories ensures that the necessary AppProjectRepository database rows exists in the database, and that they are consistent with the GitOpsDeployment/GitOpsDeploymentRepositoryCredentials defined in the given Namespace.
parameters: - gitRepoURLUnnormalizedOfRequest is the repository URL defined in the GitOpDeployment or GitOpsDeploymentRepositoryCredential for which this function was invoked.
- this function will only process DB rows, or K8s resources that reference this specific Git repository URL (ignoring all others)
- If 'gitRepoURLUnnormalizedOfRequest' is empty (""), then all resources will be processed.
return value: - bool: true if one or more 'AppProject*' rows in the DB were updated, false otherwise. (If yes, ensure an Operation on the Application caused the AppProject CR to be regenerated) - error
func (*SharedResourceEventLoop) ReconcileRepositoryCredential ¶
func (srEventLoop *SharedResourceEventLoop) ReconcileRepositoryCredential(ctx context.Context, workspaceClient client.Client, workspaceNamespace corev1.Namespace, repositoryCredentialCRName string, k8sClientFactory SRLK8sClientFactory, l logr.Logger) (*db.RepositoryCredentials, error)
func (*SharedResourceEventLoop) ReconcileSharedManagedEnv ¶
func (srEventLoop *SharedResourceEventLoop) ReconcileSharedManagedEnv(ctx context.Context, workspaceClient client.Client, workspaceNamespace corev1.Namespace, managedEnvironmentCRName string, managedEnvironmentCRNamespace string, isWorkspaceTarget bool, k8sClientFactory SRLK8sClientFactory, l logr.Logger) (SharedResourceManagedEnvContainer, bool, error)
Ensure the user's workspace is configured, ensure a GitOpsEngineInstance exists that will target it, and ensure a cluster access exists the give the user permission to target them from the engine. Return values: - SharedResourceManagedEnvContainer: contains DB resources that were created/retrieved by the call - bool: whether or not the error param is a user error (see elsewhere for definition of user error) - error: whether an error occurred during reconciliation
type SharedResourceManagedEnvContainer ¶
type SharedResourceManagedEnvContainer struct {}
SharedResourceManagedEnvContainer is the return value of ReconcileSharedManagedEnv, and contains the resources that were created by the reconciliation.
type ValidateRepoURLAndCredentialsFunction ¶
ValidateRepoURLAndCredentialsFunction is a function signature primarily for 'validateRepositoryCredentials', but alternative functions can be provided by unit tests, in order to mock the Git repository validation.
var ( // DefaultValidateRepositoryCredentials refers to the default validation algorithm used everywhere (except unit tests) DefaultValidateRepositoryCredentials ValidateRepoURLAndCredentialsFunction = validateRepositoryCredentials )