зеркало из https://github.com/Azure/ARO-RP.git
fix lint and go test issue
This commit is contained in:
Jeff Yuan
Родитель
878d9e5169
Коммит
16f6d48ad6
2
go.mod
2
go.mod
|
|
@ -77,7 +77,6 @@ require (
|
|||
sigs.k8s.io/cluster-api-provider-azure v1.2.1
|
||||
sigs.k8s.io/controller-runtime v0.12.3
|
||||
sigs.k8s.io/controller-tools v0.9.0
|
||||
sigs.k8s.io/yaml v1.3.0
|
||||
)
|
||||
|
||||
require (
|
||||
|
|
@ -360,6 +359,7 @@ require (
|
|||
sigs.k8s.io/kustomize/api v0.11.4 // indirect
|
||||
sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
|
||||
sigs.k8s.io/yaml v1.3.0 // indirect
|
||||
)
|
||||
|
||||
exclude (
|
||||
|
|
|
|||
|
|
@ -12,4 +12,4 @@ spec:
|
|||
parameters:
|
||||
labels:
|
||||
- key: "machine.openshift.io/cluster-api-machine-role"
|
||||
denyRegex: "master"
|
||||
denyRegex: "master"
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ metadata:
|
|||
name: arodenylabels
|
||||
annotations:
|
||||
description: >-
|
||||
Prevents changes in resources that contain specified labels, with values
|
||||
Prevents changes in resources that contain specified labels, with values
|
||||
optionally matching a provided regular expression.
|
||||
spec:
|
||||
crd:
|
||||
|
|
|
|||
|
|
@ -166,7 +166,6 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
|
|||
|
||||
// start a ticker to re-enforce gatekeeper policies periodically
|
||||
r.startTicker(ctx, instance)
|
||||
|
||||
} else if strings.EqualFold(managed, "false") {
|
||||
if r.gkPolicyTemplate != nil {
|
||||
// stop the gatekeeper policies re-enforce ticker
|
||||
|
|
@ -193,7 +192,6 @@ func (r *Reconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.
|
|||
|
||||
// SetupWithManager setup our manager
|
||||
func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
|
||||
|
||||
pullSecretPredicate := predicate.NewPredicateFuncs(func(o client.Object) bool {
|
||||
return (o.GetName() == pullSecretName.Name && o.GetNamespace() == pullSecretName.Namespace)
|
||||
})
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import (
|
|||
)
|
||||
|
||||
func (r *Reconciler) getPolicyConfig(ctx context.Context, na string) (string, string, error) {
|
||||
|
||||
parts := strings.Split(na, ".")
|
||||
if len(parts) < 1 {
|
||||
return "", "", errors.New("unrecognised name: " + na)
|
||||
|
|
|
|||
|
|
@ -108,4 +108,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -47,4 +47,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -501,4 +501,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -433,4 +433,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -447,4 +447,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -70,4 +70,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -69,4 +69,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -68,4 +68,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -306,4 +306,4 @@ status:
|
|||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
storedVersions: []
|
||||
|
|
|
|||
|
|
@ -164,4 +164,4 @@ rules:
|
|||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
- use
|
||||
|
|
|
|||
|
|
@ -106,4 +106,4 @@ spec:
|
|||
- name: cert
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: gatekeeper-webhook-server-cert
|
||||
secretName: gatekeeper-webhook-server-cert
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ webhooks:
|
|||
name: gatekeeper-webhook-service
|
||||
namespace: {{.Namespace}}
|
||||
path: /v1/mutate
|
||||
failurePolicy: Ignore
|
||||
matchPolicy: Exact
|
||||
name: mutation.gatekeeper.sh
|
||||
failurePolicy: {{.MutatingWebhookFailurePolicy}}
|
||||
|
|
@ -32,4 +31,4 @@ webhooks:
|
|||
resources:
|
||||
- '*'
|
||||
sideEffects: None
|
||||
timeoutSeconds: {{.MutatingWebhookTimeout}}
|
||||
timeoutSeconds: {{.MutatingWebhookTimeout}}
|
||||
|
|
|
|||
|
|
@ -11,4 +11,4 @@ spec:
|
|||
matchLabels:
|
||||
control-plane: controller-manager
|
||||
gatekeeper.sh/operation: webhook
|
||||
gatekeeper.sh/system: "yes"
|
||||
gatekeeper.sh/system: "yes"
|
||||
|
|
|
|||
|
|
@ -29,4 +29,4 @@ spec:
|
|||
- projected
|
||||
- secret
|
||||
- downwardAPI
|
||||
- emptyDir
|
||||
- emptyDir
|
||||
|
|
|
|||
|
|
@ -33,4 +33,4 @@ rules:
|
|||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
- use
|
||||
|
|
|
|||
|
|
@ -12,4 +12,4 @@ roleRef:
|
|||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: gatekeeper-admin
|
||||
namespace: {{.Namespace}}
|
||||
namespace: {{.Namespace}}
|
||||
|
|
|
|||
|
|
@ -13,4 +13,4 @@ spec:
|
|||
selector:
|
||||
control-plane: controller-manager
|
||||
gatekeeper.sh/operation: webhook
|
||||
gatekeeper.sh/system: "yes"
|
||||
gatekeeper.sh/system: "yes"
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ webhooks:
|
|||
name: gatekeeper-webhook-service
|
||||
namespace: {{.Namespace}}
|
||||
path: /v1/admit
|
||||
failurePolicy: Ignore
|
||||
matchPolicy: Exact
|
||||
name: validation.gatekeeper.sh
|
||||
failurePolicy: {{.ValidatingWebhookFailurePolicy}}
|
||||
|
|
@ -42,7 +41,7 @@ webhooks:
|
|||
name: gatekeeper-webhook-service
|
||||
namespace: {{.Namespace}}
|
||||
path: /v1/admitlabel
|
||||
failurePolicy: Fail
|
||||
failurePolicy: {{.ValidatingWebhookFailurePolicy}}
|
||||
matchPolicy: Exact
|
||||
name: check-ignore-label.gatekeeper.sh
|
||||
rules:
|
||||
|
|
@ -56,4 +55,4 @@ webhooks:
|
|||
resources:
|
||||
- namespaces
|
||||
sideEffects: None
|
||||
timeoutSeconds: {{.ValidatingWebhookTimeout}}
|
||||
timeoutSeconds: {{.ValidatingWebhookTimeout}}
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ func TestDeployDelete(t *testing.T) {
|
|||
|
||||
k8scli := fake.NewSimpleClientset()
|
||||
dh := mock_dynamichelper.NewMockInterface(controller)
|
||||
dh.EXPECT().EnsureDeleted(gomock.Any(), "Deployment", "openshift-managed-upgrade-operator", "managed-upgrade-operator").Return(nil)
|
||||
dh.EXPECT().EnsureDeletedGVR(gomock.Any(), "Deployment.apps", "openshift-managed-upgrade-operator", "managed-upgrade-operator", gomock.Any()).Return(nil)
|
||||
|
||||
deployer := NewDeployer(k8scli, dh, staticFiles, "staticresources")
|
||||
err := deployer.Remove(context.Background(), config.MUODeploymentConfig{})
|
||||
|
|
@ -103,14 +103,14 @@ func TestDeployDeleteFailure(t *testing.T) {
|
|||
|
||||
k8scli := fake.NewSimpleClientset()
|
||||
dh := mock_dynamichelper.NewMockInterface(controller)
|
||||
dh.EXPECT().EnsureDeleted(gomock.Any(), "Deployment", "openshift-managed-upgrade-operator", "managed-upgrade-operator").Return(errors.New("fail"))
|
||||
dh.EXPECT().EnsureDeletedGVR(gomock.Any(), "Deployment.apps", "openshift-managed-upgrade-operator", "managed-upgrade-operator", gomock.Any()).Return(errors.New("fail"))
|
||||
|
||||
deployer := NewDeployer(k8scli, dh, staticFiles, "staticresources")
|
||||
err := deployer.Remove(context.Background(), config.MUODeploymentConfig{})
|
||||
if err == nil {
|
||||
t.Error(err)
|
||||
}
|
||||
if err.Error() != "error removing deployment:\nfail" {
|
||||
if err.Error() != "error removing resource:\nfail" {
|
||||
t.Error(err)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -77,7 +77,6 @@ func New(log *logrus.Entry, restconfig *rest.Config) (Interface, error) {
|
|||
}
|
||||
|
||||
func (dh *dynamicHelper) resolve(groupKind, optionalVersion string) (*schema.GroupVersionResource, error) {
|
||||
|
||||
gvr, err := dh.Resolve(groupKind, optionalVersion)
|
||||
if err == nil {
|
||||
return gvr, err
|
||||
|
|
@ -137,7 +136,6 @@ func (dh *dynamicHelper) Ensure(ctx context.Context, objs ...kruntime.Object) er
|
|||
}
|
||||
|
||||
func (dh *dynamicHelper) ensureUnstructuredObj(ctx context.Context, o *UnstructuredObj) error {
|
||||
|
||||
gvr, err := dh.resolve(o.obj.GroupVersionKind().GroupKind().String(), o.obj.GroupVersionKind().Version)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -167,7 +165,7 @@ func (dh *dynamicHelper) ensureUnstructuredObj(ctx context.Context, o *Unstructu
|
|||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
if strings.ToLower(enOld) == strings.ToLower(enNew) {
|
||||
if strings.EqualFold(enOld, enNew) {
|
||||
// currently EnforcementAction is the only part that may change in an update
|
||||
return nil
|
||||
}
|
||||
|
|
@ -205,7 +203,6 @@ func GetEnforcementAction(obj *unstructured.Unstructured) (string, error) {
|
|||
}
|
||||
|
||||
func (dh *dynamicHelper) deleteUnstructuredObj(ctx context.Context, groupKind, namespace, name string) error {
|
||||
|
||||
gvr, err := dh.resolve(groupKind, "")
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -456,10 +453,9 @@ func mergeGK(old, new kruntime.Object) (kruntime.Object, bool, string, error) {
|
|||
// 2. Do fix-ups on a per-Kind basis.
|
||||
changed := false
|
||||
switch new.(type) {
|
||||
|
||||
case *appsv1.Deployment:
|
||||
new, expect := new.(*appsv1.Deployment), expect.(*appsv1.Deployment)
|
||||
for i, _ := range expect.Spec.Template.Spec.Containers {
|
||||
for i := range expect.Spec.Template.Spec.Containers {
|
||||
ec := expect.Spec.Template.Spec.Containers[i]
|
||||
nc := new.Spec.Template.Spec.Containers[i]
|
||||
if ec.Image != nc.Image {
|
||||
|
|
@ -478,7 +474,7 @@ func mergeGK(old, new kruntime.Object) (kruntime.Object, bool, string, error) {
|
|||
}
|
||||
case *admissionregistrationv1.ValidatingWebhookConfiguration:
|
||||
new, expect := new.(*admissionregistrationv1.ValidatingWebhookConfiguration), expect.(*admissionregistrationv1.ValidatingWebhookConfiguration)
|
||||
for i, _ := range expect.Webhooks {
|
||||
for i := range expect.Webhooks {
|
||||
if *expect.Webhooks[i].FailurePolicy != *new.Webhooks[i].FailurePolicy {
|
||||
logrus.Printf("\x1b[%dm guardrails::mergeGK FailurePolicy changed %s->%s\x1b[0m", 31, *expect.Webhooks[i].FailurePolicy, *new.Webhooks[i].FailurePolicy)
|
||||
expect.Webhooks[i].FailurePolicy = new.Webhooks[i].FailurePolicy
|
||||
|
|
@ -492,7 +488,7 @@ func mergeGK(old, new kruntime.Object) (kruntime.Object, bool, string, error) {
|
|||
}
|
||||
case *admissionregistrationv1.MutatingWebhookConfiguration:
|
||||
new, expect := new.(*admissionregistrationv1.MutatingWebhookConfiguration), expect.(*admissionregistrationv1.MutatingWebhookConfiguration)
|
||||
for i, _ := range expect.Webhooks {
|
||||
for i := range expect.Webhooks {
|
||||
if *expect.Webhooks[i].FailurePolicy != *new.Webhooks[i].FailurePolicy {
|
||||
logrus.Printf("\x1b[%dm guardrails::mergeGK FailurePolicy changed %s->%s\x1b[0m", 31, *expect.Webhooks[i].FailurePolicy, *new.Webhooks[i].FailurePolicy)
|
||||
expect.Webhooks[i].FailurePolicy = new.Webhooks[i].FailurePolicy
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import (
|
|||
|
||||
"github.com/Azure/go-autorest/autorest/to"
|
||||
mcv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1"
|
||||
"github.com/sirupsen/logrus"
|
||||
appsv1 "k8s.io/api/apps/v1"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
extensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
|
|
@ -69,6 +70,7 @@ func TestEsureDeleted(t *testing.T) {
|
|||
dh := &dynamicHelper{
|
||||
GVRResolver: mockGVRResolver,
|
||||
restcli: mockRestCLI,
|
||||
log: logrus.NewEntry(logrus.StandardLogger()),
|
||||
}
|
||||
|
||||
err := dh.EnsureDeleted(ctx, "configmap", "test-ns-1", "test-name-1")
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@ package dynamichelper
|
|||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/ghodss/yaml"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
kruntime "k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"sigs.k8s.io/yaml"
|
||||
)
|
||||
|
||||
type UnstructuredObj struct {
|
||||
|
|
@ -56,8 +56,5 @@ func (o *UnstructuredObj) DecodeUnstructured(data []byte) error {
|
|||
}
|
||||
|
||||
func isKindUnstructured(groupKind string) bool {
|
||||
if strings.HasSuffix(groupKind, ".constraints.gatekeeper.sh") {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
return strings.HasSuffix(groupKind, ".constraints.gatekeeper.sh")
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче