Fix managedclustersetrolebinding issues

Signed-off-by: Rokibul Hasan <[email protected]>
kluster-manager · Oct 1, 2024 · eb37c41 · eb37c41
1 parent 8f4b6fc
commit eb37c41
Show file tree

Hide file tree

Showing 7 changed files with 258 additions and 3 deletions.
diff --git a/pkg/manager/agent-manifests/cluster-auth/templates/deployment.yaml b/pkg/manager/agent-manifests/cluster-auth/templates/deployment.yaml
@@ -32,8 +32,10 @@ spec:
       - name: agent
         securityContext:
           {{- toYaml .Values.image.securityContext | nindent 10 }}
-        image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
-        imagePullPolicy: {{ .Values.imagePullPolicy  }}
+{{/*        image: {{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}*/}}
+{{/*        imagePullPolicy: {{ .Values.imagePullPolicy  }}*/}}
+        image: rokibulhasan114/cluster-auth:role_linux_amd64
+        imagePullPolicy: Always
         args:
         - agent
         - --v={{ .Values.logLevel }}

diff --git a/pkg/manager/controller/authorization/managedclustersetrolebinding_controller.go b/pkg/manager/controller/authorization/managedclustersetrolebinding_controller.go
@@ -22,6 +22,7 @@ import (
 	authorizationv1alpha1 "github.com/kluster-manager/cluster-auth/apis/authorization/v1alpha1"
 	"github.com/kluster-manager/cluster-auth/pkg/common"
 
+	strmod "gomodules.xyz/x/strings"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -33,6 +34,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 )
@@ -99,8 +101,10 @@ func (r *ManagedClusterSetRoleBindingReconciler) Reconcile(ctx context.Context,
 		return reconcile.Result{}, err
 	}
 
+	clusterNameList := make([]string, 0, len(clusters.Items))
 	// create managedClusterRoleBinding for every cluster of this clusterSet
 	for _, cluster := range clusters.Items {
+		clusterNameList = append(clusterNameList, cluster.Name)
 		managedCRB := &authorizationv1alpha1.ManagedClusterRoleBinding{
 			ObjectMeta: metav1.ObjectMeta{
 				Name:      managedCSRB.Name + "-" + cluster.Name,
@@ -122,6 +126,22 @@ func (r *ManagedClusterSetRoleBindingReconciler) Reconcile(ctx context.Context,
 		}
 	}
 
+	managedCRBList := &authorizationv1alpha1.ManagedClusterRoleBindingList{}
+	err = r.List(ctx, managedCRBList, client.MatchingLabelsSelector{
+		Selector: labels.SelectorFromSet(managedCSRB.Labels),
+	})
+	if err != nil {
+		return reconcile.Result{}, err
+	}
+
+	for _, crb := range managedCRBList.Items {
+		if !strmod.Contains(clusterNameList, crb.Namespace) {
+			if err = r.Delete(ctx, &crb); err != nil {
+				return reconcile.Result{}, err
+			}
+		}
+	}
+
 	return reconcile.Result{}, nil
 }
 
@@ -152,9 +172,44 @@ func (r *ManagedClusterSetRoleBindingReconciler) deleteAssociatedResources(manag
 	return nil
 }
 
-// SetupWithManager sets up the controller with the Manager.
+func (r *ManagedClusterSetRoleBindingReconciler) mapManagedClusterSetToRoleBindings(ctx context.Context, obj client.Object) []reconcile.Request {
+	logger := log.FromContext(ctx)
+	managedClusterSet, ok := obj.(*clusterv1beta2.ManagedClusterSet)
+	if !ok {
+		return nil
+	}
+
+	logger.Info("ManagedClusterSet updated", "name", managedClusterSet.GetName())
+
+	managedCSRBList := &authorizationv1alpha1.ManagedClusterSetRoleBindingList{}
+	err := r.Client.List(ctx, managedCSRBList)
+	if err != nil {
+		logger.Error(err, "Failed to list ManagedClusterSetRoleBinding objects")
+		return nil
+	}
+
+	var requests []reconcile.Request
+	for _, managedCSRB := range managedCSRBList.Items {
+		if managedCSRB.ClusterSetRef.Name == managedClusterSet.GetName() {
+			// If it matches, enqueue a reconcile request for the ManagedClusterSetRoleBinding
+			requests = append(requests, reconcile.Request{
+				NamespacedName: types.NamespacedName{
+					Name: managedCSRB.Name,
+				},
+			})
+			logger.Info("Enqueuing request", "name", managedCSRB.Name)
+		}
+	}
+
+	return requests
+}
+
 func (r *ManagedClusterSetRoleBindingReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&authorizationv1alpha1.ManagedClusterSetRoleBinding{}).
+		Watches(
+			&clusterv1beta2.ManagedClusterSet{},
+			handler.EnqueueRequestsFromMapFunc(r.mapManagedClusterSetToRoleBindings),
+		).
 		Complete(r)
 }
diff --git a/vendor/gomodules.xyz/x/strings/fmt.go b/vendor/gomodules.xyz/x/strings/fmt.go
@@ -0,0 +1,60 @@
+package strings
+
+import (
+	"strings"
+)
+
+func Fmt(s string) string {
+	stripper := &Stripe{
+		Result: "",
+	}
+	stripper.Write(s)
+	return stripper.Result
+}
+
+// Striplines wraps an output stream, stripping runs of consecutive empty lines.
+// You must call Flush before the output stream will be complete.
+// Implements io.WriteCloser, Writer, Closer.
+type Stripe struct {
+	Result      string
+	lastLine    []byte
+	currentLine []byte
+}
+
+func (w *Stripe) Write(p string) (int, error) {
+	totalN := 0
+	s := string(p)
+	if !strings.Contains(s, "\n") {
+		w.currentLine = append(w.currentLine, p...)
+		return 0, nil
+	}
+	cur := string(append(w.currentLine, p...))
+	lastN := strings.LastIndex(cur, "\n")
+	s = cur[:lastN]
+	for _, line := range strings.Split(s, "\n") {
+		n, err := w.writeLn(line + "\n")
+		w.lastLine = []byte(line)
+		if err != nil {
+			return totalN, err
+		}
+		totalN += n
+	}
+	rem := cur[(lastN + 1):]
+	w.currentLine = []byte(rem)
+	return totalN, nil
+}
+
+// Close flushes the last of the output into the underlying writer.
+func (w *Stripe) Close() error {
+	_, err := w.writeLn(string(w.currentLine))
+	return err
+}
+
+func (w *Stripe) writeLn(line string) (n int, err error) {
+	if strings.TrimSpace(string(w.lastLine)) == "" && strings.TrimSpace(line) == "" {
+		return 0, nil
+	} else {
+		w.Result = w.Result + line
+		return len(line), nil
+	}
+}
diff --git a/vendor/gomodules.xyz/x/strings/optionals.go b/vendor/gomodules.xyz/x/strings/optionals.go
@@ -0,0 +1,14 @@
+package strings
+
+import "log"
+
+func VString(def string, args ...string) string {
+	v := def
+	if len(args) == 1 {
+		v = args[0]
+	} else if len(args) > 1 {
+		v = args[0]
+		log.Printf("Found more than 1 argument when expected 1 %v", args)
+	}
+	return v
+}
diff --git a/vendor/gomodules.xyz/x/strings/preconditions.go b/vendor/gomodules.xyz/x/strings/preconditions.go
@@ -0,0 +1,11 @@
+package strings
+
+import "strings"
+
+func Val(v string, def string) string {
+	trimmed := strings.TrimSpace(v)
+	if trimmed == "" {
+		return def
+	}
+	return trimmed
+}
diff --git a/vendor/gomodules.xyz/x/strings/strings.go b/vendor/gomodules.xyz/x/strings/strings.go
@@ -0,0 +1,112 @@
+package strings
+
+import (
+	"sort"
+	"strings"
+	"unicode/utf8"
+)
+
+// Benchmark 19246 ns/op.
+func Reverse(s string) string {
+	size := len(s)
+	buf := make([]byte, size)
+	for start := 0; start < size; {
+		r, n := utf8.DecodeRuneInString(s[start:])
+		start += n
+		utf8.EncodeRune(buf[size-start:], r)
+	}
+	return string(buf)
+}
+
+func PrefixFold(s, prefix string) bool {
+	return len(s) >= len(prefix) && strings.EqualFold(prefix, s[:len(prefix)])
+}
+
+func IsEmpty(s *string) bool {
+	return s == nil || *s == ""
+}
+
+func IsBothAlphaNum(a string) bool {
+	alpha := false
+	num := false
+	for _, c := range a {
+		if (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') {
+			alpha = true
+		} else if c >= '0' && c <= '9' {
+			num = true
+		}
+		if alpha && num {
+			return true
+		}
+	}
+	return false
+}
+
+func Contains(a []string, e string) bool {
+	for _, s := range a {
+		if s == e {
+			return true
+		}
+	}
+	return false
+}
+
+// Allowed char: [a-z0-9]([a-z0-9-]*[a-z0-9])?
+// Makes it safe as a subdomain
+func DomainForm(s string) string {
+	runes := make([]rune, len(s))
+	for i, r := range strings.ToLower(s) {
+		if (r >= '0' && r <= '9') || (r >= 'a' && r <= 'z') || (r == '-') || (r == '.') {
+			runes[i] = r
+		} else if r == '_' {
+			runes[i] = '-' // _ --> -
+		}
+	}
+	return strings.Trim(string(runes), "-")
+}
+
+func Filter(s []string, f func(string) bool) []string {
+	ret := make([]string, 0)
+	for _, elm := range s {
+		if !f(elm) {
+			ret = append(ret, elm)
+		}
+	}
+	return ret
+}
+
+func Join(a []*string, sep string) string {
+	b := make([]string, len(a))
+	for i, s := range a {
+		b[i] = *s
+	}
+	return strings.Join(b, sep)
+}
+
+func EqualSlice(a, b []string) bool {
+	if a == nil && b == nil {
+		return true
+	}
+
+	if a == nil || b == nil {
+		return false
+	}
+
+	if len(a) != len(b) {
+		return false
+	}
+
+	// Copy slices
+	aCopy := append([]string(nil), a...)
+	bCopy := append([]string(nil), b...)
+
+	sort.Strings(aCopy)
+	sort.Strings(bCopy)
+
+	for i := range aCopy {
+		if aCopy[i] != bCopy[i] {
+			return false
+		}
+	}
+	return true
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -313,6 +313,7 @@ gomodules.xyz/sets
 gomodules.xyz/wait
 # gomodules.xyz/x v0.0.17
 ## explicit; go 1.22.0
+gomodules.xyz/x/strings
 gomodules.xyz/x/version
 # google.golang.org/appengine v1.6.8
 ## explicit; go 1.11