From 67cfb90060edd6926e0037f670cd3992412a9e54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Sep 2025 03:06:53 +0000 Subject: [PATCH] :seedling: Bump open-cluster-management.io/addon-framework Bumps the open-cluster-management-io group with 1 update: [open-cluster-management.io/addon-framework](https://github.com/open-cluster-management-io/addon-framework). Updates `open-cluster-management.io/addon-framework` from 1.0.1-0.20250916042555-c8a4fa748ce9 to 1.0.1 - [Release notes](https://github.com/open-cluster-management-io/addon-framework/releases) - [Commits](https://github.com/open-cluster-management-io/addon-framework/commits/v1.0.1) --- updated-dependencies: - dependency-name: open-cluster-management.io/addon-framework dependency-version: 1.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: open-cluster-management-io ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +- vendor/modules.txt | 4 +- .../pkg/addonfactory/addonfactory.go | 3 + .../pkg/addonfactory/helm_agentaddon.go | 3 +- .../pkg/addonfactory/trimcrds.go | 102 ++++++++++++++++++ .../pkg/addonmanager/addontesting/helpers.go | 8 +- .../pkg/addonmanager/base_manager.go | 71 +----------- .../controllers/addonconfig/controller.go | 10 +- .../controllers/agentdeploy/controller.go | 22 +--- .../agentdeploy/healthcheck_sync.go | 43 ++++---- .../controllers/certificate/csrapprove.go | 7 -- .../controllers/certificate/csrsign.go | 16 +-- .../controllers/cmaconfig/controller.go | 10 +- .../controllers/cmamanagedby/controller.go | 8 +- .../controllers/registration/controller.go | 35 ++---- .../pkg/addonmanager/interface.go | 3 +- .../pkg/addonmanager/manager.go | 12 +-- .../addon-framework/pkg/agent/inteface.go | 23 ++-- .../addon-framework/pkg/utils/addon.go | 37 ------- .../addon-framework/pkg/utils/addon_config.go | 2 +- .../addon-framework/pkg/utils/csr_helpers.go | 38 +++---- .../addon-framework/pkg/utils/helpers.go | 2 +- .../addon-framework/pkg/utils/probe_helper.go | 33 ++---- 24 files changed, 205 insertions(+), 293 deletions(-) delete mode 100644 vendor/open-cluster-management.io/addon-framework/pkg/utils/addon.go diff --git a/go.mod b/go.mod index 3c7b6d779..44fda9658 100644 --- a/go.mod +++ b/go.mod @@ -39,7 +39,7 @@ require ( k8s.io/kube-aggregator v0.33.4 k8s.io/kubectl v0.33.4 k8s.io/utils v0.0.0-20241210054802-24370beab758 - open-cluster-management.io/addon-framework v1.0.1-0.20250916042555-c8a4fa748ce9 + open-cluster-management.io/addon-framework v1.0.1 open-cluster-management.io/api v1.0.1-0.20250911094832-3b7c6bea0358 open-cluster-management.io/sdk-go v1.0.1-0.20250911065113-bff262df709b sigs.k8s.io/about-api v0.0.0-20250131010323-518069c31c03 diff --git a/go.sum b/go.sum index 03693b58d..49b4bc66b 100644 --- a/go.sum +++ b/go.sum @@ -561,8 +561,8 @@ k8s.io/kubectl v0.33.4 h1:nXEI6Vi+oB9hXxoAHyHisXolm/l1qutK3oZQMak4N98= k8s.io/kubectl v0.33.4/go.mod h1:Xe7P9X4DfILvKmlBsVqUtzktkI56lEj22SJW7cFy6nE= k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -open-cluster-management.io/addon-framework v1.0.1-0.20250916042555-c8a4fa748ce9 h1:x0InHHM8GqY0qGYGyJx8SG7qNIOtMGs7n4EwowLksGA= -open-cluster-management.io/addon-framework v1.0.1-0.20250916042555-c8a4fa748ce9/go.mod h1:IrMjmd3dLjJtrP2Aqa0Sf/3lDysJHa4j5lNQQ13NxVs= +open-cluster-management.io/addon-framework v1.0.1 h1:hWrA+PVN5/Sjk5sBiBcyimDt01/5Hi+BLDNhS1dWVl0= +open-cluster-management.io/addon-framework v1.0.1/go.mod h1:Gw9zRGvuNJJ3XhTYanIuA7FFFw0EjtoE74l5OBZCZf8= open-cluster-management.io/api v1.0.1-0.20250911094832-3b7c6bea0358 h1:IAaFH8HW+7G2I4htQJhVreD6KlQTwB+EkjPhuMthqoY= open-cluster-management.io/api v1.0.1-0.20250911094832-3b7c6bea0358/go.mod h1:lEc5Wkc9ON5ym/qAtIqNgrE7NW7IEOCOC611iQMlnKM= open-cluster-management.io/sdk-go v1.0.1-0.20250911065113-bff262df709b h1:tzgcM+yJJBgMwYYbjfzW4kL8p7bsHnScE5lS/69lksE= diff --git a/vendor/modules.txt b/vendor/modules.txt index 80949ba80..4e27c937f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1733,8 +1733,8 @@ k8s.io/utils/path k8s.io/utils/pointer k8s.io/utils/ptr k8s.io/utils/trace -# open-cluster-management.io/addon-framework v1.0.1-0.20250916042555-c8a4fa748ce9 -## explicit; go 1.24.0 +# open-cluster-management.io/addon-framework v1.0.1 +## explicit; go 1.23.6 open-cluster-management.io/addon-framework/pkg/addonfactory open-cluster-management.io/addon-framework/pkg/addonmanager open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/addonfactory.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/addonfactory.go index c2cf3e186..2bcad7db1 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/addonfactory.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/addonfactory.go @@ -5,6 +5,7 @@ import ( "fmt" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/kubernetes/scheme" @@ -49,6 +50,7 @@ func NewAgentAddonFactory(addonName string, fs embed.FS, dir string) *AgentAddon s := runtime.NewScheme() _ = scheme.AddToScheme(s) _ = apiextensionsv1.AddToScheme(s) + _ = apiextensionsv1beta1.AddToScheme(s) return &AgentAddonFactory{ fs: fs, @@ -72,6 +74,7 @@ func (f *AgentAddonFactory) WithScheme(s *runtime.Scheme) *AgentAddonFactory { f.scheme = s _ = scheme.AddToScheme(f.scheme) _ = apiextensionsv1.AddToScheme(f.scheme) + _ = apiextensionsv1beta1.AddToScheme(f.scheme) return f } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/helm_agentaddon.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/helm_agentaddon.go index a96a0c09a..cc133c2ed 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/helm_agentaddon.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/helm_agentaddon.go @@ -208,9 +208,8 @@ func (a *HelmAgentAddon) getValues( if err != nil { return nil, err } - cap := a.capabilities(cluster, addon) values, err := chartutil.ToRenderValues(a.chart, overrideValues, - releaseOptions, cap) + releaseOptions, a.capabilities(cluster, addon)) if err != nil { klog.Errorf("failed to render helm chart with values %v. err:%v", overrideValues, err) return values, err diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/trimcrds.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/trimcrds.go index a1dbe9426..20ff065c5 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/trimcrds.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonfactory/trimcrds.go @@ -2,6 +2,7 @@ package addonfactory import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apimachinery/pkg/runtime" ) @@ -12,6 +13,9 @@ func trimCRDDescription(objects []runtime.Object) []runtime.Object { case *apiextensionsv1.CustomResourceDefinition: trimCRDv1Description(object) rstObjects = append(rstObjects, object) + case *apiextensionsv1beta1.CustomResourceDefinition: + trimCRDv1beta1Description(object) + rstObjects = append(rstObjects, object) default: rstObjects = append(rstObjects, object) } @@ -118,3 +122,101 @@ func removeDescriptionV1(p *apiextensionsv1.JSONSchemaProps) { p.ExternalDocs.Description = "" } } + +// trimCRDv1beta1Description is to remove the description info in the versions of CRD spec +func trimCRDv1beta1Description(crd *apiextensionsv1beta1.CustomResourceDefinition) { + versions := crd.Spec.Versions + for i := range versions { + if versions[i].Schema != nil { + removeDescriptionV1beta1(versions[i].Schema.OpenAPIV3Schema) + } + } +} + +func removeDescriptionV1beta1(p *apiextensionsv1beta1.JSONSchemaProps) { + if p == nil { + return + } + + p.Description = "" + + if p.Items != nil { + removeDescriptionV1beta1(p.Items.Schema) + for i := range p.Items.JSONSchemas { + removeDescriptionV1beta1(&p.Items.JSONSchemas[i]) + } + } + + if len(p.AllOf) != 0 { + for i := range p.AllOf { + removeDescriptionV1beta1(&p.AllOf[i]) + } + } + + if len(p.OneOf) != 0 { + for i := range p.OneOf { + removeDescriptionV1beta1(&p.OneOf[i]) + } + } + + if len(p.AnyOf) != 0 { + for i := range p.AnyOf { + removeDescriptionV1beta1(&p.AnyOf[i]) + } + } + + if p.Not != nil { + removeDescriptionV1beta1(p.Not) + } + + if len(p.Properties) != 0 { + newProperties := map[string]apiextensionsv1beta1.JSONSchemaProps{} + for k := range p.Properties { + v := p.Properties[k] + removeDescriptionV1beta1(&v) + newProperties[k] = v + } + p.Properties = newProperties + } + + if len(p.PatternProperties) != 0 { + newProperties := map[string]apiextensionsv1beta1.JSONSchemaProps{} + for k := range p.PatternProperties { + v := p.PatternProperties[k] + removeDescriptionV1beta1(&v) + newProperties[k] = v + } + p.PatternProperties = newProperties + } + + if p.AdditionalProperties != nil { + removeDescriptionV1beta1(p.AdditionalProperties.Schema) + } + + if len(p.Dependencies) != 0 { + newDependencies := map[string]apiextensionsv1beta1.JSONSchemaPropsOrStringArray{} + for k, v := range p.Dependencies { + removeDescriptionV1beta1(v.Schema) + newDependencies[k] = v + } + p.Dependencies = newDependencies + } + + if p.AdditionalItems != nil { + removeDescriptionV1beta1(p.AdditionalItems.Schema) + } + + if len(p.Definitions) != 0 { + newDefinitions := map[string]apiextensionsv1beta1.JSONSchemaProps{} + for k := range p.Definitions { + v := p.Definitions[k] + removeDescriptionV1beta1(&v) + newDefinitions[k] = v + } + p.Definitions = newDefinitions + } + + if p.ExternalDocs != nil { + p.ExternalDocs.Description = "" + } +} diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting/helpers.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting/helpers.go index da53d619c..4ff588451 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting/helpers.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/addontesting/helpers.go @@ -21,19 +21,19 @@ import ( ) type FakeSyncContext struct { - queue workqueue.TypedRateLimitingInterface[string] + queue workqueue.RateLimitingInterface recorder events.Recorder } func NewFakeSyncContext(t *testing.T) *FakeSyncContext { return &FakeSyncContext{ - queue: workqueue.NewTypedRateLimitingQueue(workqueue.DefaultTypedControllerRateLimiter[string]()), + queue: workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()), recorder: NewTestingEventRecorder(t), } } -func (f FakeSyncContext) Queue() workqueue.TypedRateLimitingInterface[string] { return f.queue } -func (f FakeSyncContext) Recorder() events.Recorder { return f.recorder } +func (f FakeSyncContext) Queue() workqueue.RateLimitingInterface { return f.queue } +func (f FakeSyncContext) Recorder() events.Recorder { return f.recorder } func NewUnstructured(apiVersion, kind, namespace, name string) *unstructured.Unstructured { return &unstructured.Unstructured{ diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/base_manager.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/base_manager.go index 69a5c671f..a98b2a6fd 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/base_manager.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/base_manager.go @@ -26,47 +26,13 @@ import ( "open-cluster-management.io/sdk-go/pkg/basecontroller/factory" ) -// Option contains configuration options for BaseAddonManagerImpl. -type Option struct { - // TemplateBasedAddOn configures whether the manager is handling template-based addons. - // - true: all ManagedClusterAddOn controllers except "addon-config-controller" will only process addons - // when the referenced AddOnTemplate resources in their status.configReferences are properly set; - // the "addon-config-controller" is responsible for setting these values - // - false: process all addons without waiting for template configuration - // - // This prevents premature processing of template-based addons before their configurations - // are fully ready, avoiding unnecessary errors and retries. - // See https://github.com/open-cluster-management-io/ocm/issues/1181 for more context. - TemplateBasedAddOn bool -} - -// OptionFunc is a function that modifies Option. -type OptionFunc func(*Option) - -// WithTemplateMode returns an OptionFunc that sets the template mode. -func WithTemplateMode(enabled bool) OptionFunc { - return func(option *Option) { - option.TemplateBasedAddOn = enabled - } -} - -// WithOption returns an OptionFunc that applies the given Option struct. -func WithOption(opt *Option) OptionFunc { - return func(option *Option) { - if opt != nil { - *option = *opt - } - } -} - // BaseAddonManagerImpl is the base implementation of BaseAddonManager // that manages the addon agents and configs. type BaseAddonManagerImpl struct { - addonAgents map[string]agent.AgentAddon - addonConfigs map[schema.GroupVersionResource]bool - config *rest.Config - syncContexts []factory.SyncContext - templateBasedAddOn bool + addonAgents map[string]agent.AgentAddon + addonConfigs map[schema.GroupVersionResource]bool + config *rest.Config + syncContexts []factory.SyncContext } // NewBaseAddonManagerImpl creates a new BaseAddonManagerImpl instance with the given config. @@ -79,15 +45,6 @@ func NewBaseAddonManagerImpl(config *rest.Config) *BaseAddonManagerImpl { } } -// ApplyOptionFuncs applies OptionFunc functions to create and configure options. -func (a *BaseAddonManagerImpl) ApplyOptionFuncs(optionFuncs ...OptionFunc) { - option := &Option{} - for _, fn := range optionFuncs { - fn(option) - } - a.templateBasedAddOn = option.TemplateBasedAddOn -} - func (a *BaseAddonManagerImpl) GetConfig() *rest.Config { return a.config } @@ -120,13 +77,7 @@ func (a *BaseAddonManagerImpl) StartWithInformers(ctx context.Context, kubeInformers kubeinformers.SharedInformerFactory, addonInformers addoninformers.SharedInformerFactory, clusterInformers clusterv1informers.SharedInformerFactory, - dynamicInformers dynamicinformer.DynamicSharedInformerFactory, -) error { - // Determine the appropriate filter function based on templateBasedAddOn field - mcaFilterFunc := utils.AllowAllAddOns - if a.templateBasedAddOn { - mcaFilterFunc = utils.FilterTemplateBasedAddOns - } + dynamicInformers dynamicinformer.DynamicSharedInformerFactory) error { kubeClient, err := kubernetes.NewForConfig(a.config) if err != nil { @@ -156,7 +107,6 @@ func (a *BaseAddonManagerImpl) StartWithInformers(ctx context.Context, addonInformers.Addon().V1alpha1().ManagedClusterAddOns(), workInformers, a.addonAgents, - mcaFilterFunc, ) registrationController := registration.NewAddonRegistrationController( @@ -164,7 +114,6 @@ func (a *BaseAddonManagerImpl) StartWithInformers(ctx context.Context, clusterInformers.Cluster().V1().ManagedClusters(), addonInformers.Addon().V1alpha1().ManagedClusterAddOns(), a.addonAgents, - mcaFilterFunc, ) // This controller is used during migrating addons to be managed by addon-manager. @@ -179,13 +128,6 @@ func (a *BaseAddonManagerImpl) StartWithInformers(ctx context.Context, var addonConfigController, managementAddonConfigController factory.Controller if len(a.addonConfigs) != 0 { - // ManagedClusterAddOn filter is intentionally disabled for the addon-config-controller. - // This is because template-based addons require this controller to set the specHash in - // managedclusteraddon.status.configReferences for addontemplates. Without this, all other - // ManagedClusterAddOn controllers would wait indefinitely for the template configurations - // to be applied. - // Consider moving the logic of setting managedclusteraddon.status.configReferences - // for addontemplates to the ocm addon-manager. addonConfigController = addonconfig.NewAddonConfigController( addonClient, addonInformers.Addon().V1alpha1().ManagedClusterAddOns(), @@ -217,7 +159,6 @@ func (a *BaseAddonManagerImpl) StartWithInformers(ctx context.Context, nil, addonInformers.Addon().V1alpha1().ManagedClusterAddOns(), a.addonAgents, - mcaFilterFunc, ) csrSignController = certificate.NewCSRSignController( kubeClient, @@ -225,7 +166,6 @@ func (a *BaseAddonManagerImpl) StartWithInformers(ctx context.Context, kubeInformers.Certificates().V1().CertificateSigningRequests(), addonInformers.Addon().V1alpha1().ManagedClusterAddOns(), a.addonAgents, - mcaFilterFunc, ) } else if v1beta1Supported { csrApproveController = certificate.NewCSRApprovingController( @@ -235,7 +175,6 @@ func (a *BaseAddonManagerImpl) StartWithInformers(ctx context.Context, kubeInformers.Certificates().V1beta1().CertificateSigningRequests(), addonInformers.Addon().V1alpha1().ManagedClusterAddOns(), a.addonAgents, - mcaFilterFunc, ) } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/addonconfig/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/addonconfig/controller.go index e1e266d46..70c405602 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/addonconfig/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/addonconfig/controller.go @@ -35,8 +35,8 @@ type addonConfigController struct { addonLister addonlisterv1alpha1.ManagedClusterAddOnLister addonIndexer cache.Indexer configListers map[schema.GroupResource]dynamiclister.Lister - queue workqueue.TypedRateLimitingInterface[string] - cmaFilterFunc factory.EventFilterFunc + queue workqueue.RateLimitingInterface + addonFilterFunc factory.EventFilterFunc configGVRs map[schema.GroupVersionResource]bool clusterManagementAddonLister addonlisterv1alpha1.ClusterManagementAddOnLister } @@ -47,7 +47,7 @@ func NewAddonConfigController( clusterManagementAddonInformers addoninformerv1alpha1.ClusterManagementAddOnInformer, configInformerFactory dynamicinformer.DynamicSharedInformerFactory, configGVRs map[schema.GroupVersionResource]bool, - cmaFilterFunc factory.EventFilterFunc, + addonFilterFunc factory.EventFilterFunc, ) factory.Controller { syncCtx := factory.NewSyncContext(controllerName) @@ -57,7 +57,7 @@ func NewAddonConfigController( addonIndexer: addonInformers.Informer().GetIndexer(), configListers: map[schema.GroupResource]dynamiclister.Lister{}, queue: syncCtx.Queue(), - cmaFilterFunc: cmaFilterFunc, + addonFilterFunc: addonFilterFunc, configGVRs: configGVRs, clusterManagementAddonLister: clusterManagementAddonInformers.Lister(), } @@ -153,7 +153,7 @@ func (c *addonConfigController) sync(ctx context.Context, syncCtx factory.SyncCo return err } - if c.cmaFilterFunc != nil && !c.cmaFilterFunc(cma) { + if !c.addonFilterFunc(cma) { return nil } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/controller.go index 2047ef9ec..a7e58c711 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/controller.go @@ -32,7 +32,6 @@ import ( "open-cluster-management.io/addon-framework/pkg/addonmanager/constants" "open-cluster-management.io/addon-framework/pkg/agent" "open-cluster-management.io/addon-framework/pkg/index" - "open-cluster-management.io/addon-framework/pkg/utils" "open-cluster-management.io/sdk-go/pkg/basecontroller/factory" ) @@ -50,8 +49,7 @@ type addonDeployController struct { managedClusterAddonIndexer cache.Indexer workIndexer cache.Indexer agentAddons map[string]agent.AgentAddon - queue workqueue.TypedRateLimitingInterface[string] - mcaFilterFunc utils.ManagedClusterAddOnFilterFunc + queue workqueue.RateLimitingInterface } func NewAddonDeployController( @@ -61,7 +59,6 @@ func NewAddonDeployController( addonInformers addoninformerv1alpha1.ManagedClusterAddOnInformer, workInformers workinformers.ManifestWorkInformer, agentAddons map[string]agent.AgentAddon, - mcaFilterFunc utils.ManagedClusterAddOnFilterFunc, ) factory.Controller { syncCtx := factory.NewSyncContext(controllerName) @@ -77,7 +74,6 @@ func NewAddonDeployController( managedClusterAddonIndexer: addonInformers.Informer().GetIndexer(), workIndexer: workInformers.Informer().GetIndexer(), agentAddons: agentAddons, - mcaFilterFunc: mcaFilterFunc, } c.setClusterInformerHandler(clusterInformers) @@ -239,10 +235,6 @@ func (c *addonDeployController) sync(ctx context.Context, syncCtx factory.SyncCo return err } - if c.mcaFilterFunc != nil && !c.mcaFilterFunc(addon) { - return nil - } - // to deploy agents if there is RegistrationApplied condition. if meta.FindStatusCondition(addon.Status.Conditions, addonapiv1alpha1.ManagedClusterAddOnRegistrationApplied) == nil { return nil @@ -315,7 +307,7 @@ func (c *addonDeployController) sync(ctx context.Context, syncCtx factory.SyncCo } if err = c.updateAddon(ctx, addon, oldAddon); err != nil { - return fmt.Errorf("failed to update addon %s/%s: %w", addon.Namespace, addon.Name, err) + return err } return errorsutil.NewAggregate(errs) } @@ -325,10 +317,7 @@ func (c *addonDeployController) sync(ctx context.Context, syncCtx factory.SyncCo func (c *addonDeployController) updateAddon(ctx context.Context, new, old *addonapiv1alpha1.ManagedClusterAddOn) error { if !equality.Semantic.DeepEqual(new.GetFinalizers(), old.GetFinalizers()) { _, err := c.addonClient.AddonV1alpha1().ManagedClusterAddOns(new.Namespace).Update(ctx, new, metav1.UpdateOptions{}) - if err != nil { - return fmt.Errorf("failed to update addon finalizers: %w", err) - } - return nil + return err } addonPatcher := patcher.NewPatcher[ @@ -337,10 +326,7 @@ func (c *addonDeployController) updateAddon(ctx context.Context, new, old *addon addonapiv1alpha1.ManagedClusterAddOnStatus](c.addonClient.AddonV1alpha1().ManagedClusterAddOns(new.Namespace)) _, err := addonPatcher.PatchStatus(ctx, new, new.Status, old.Status) - if err != nil { - return fmt.Errorf("failed to update addon status: %w", err) - } - return nil + return err } func (c *addonDeployController) applyWork(ctx context.Context, appliedType string, diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/healthcheck_sync.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/healthcheck_sync.go index 6f265e9cd..aac2e0ca2 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/healthcheck_sync.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/agentdeploy/healthcheck_sync.go @@ -191,19 +191,6 @@ func (s *healthCheckSyncer) probeAddonStatusByWorks( for _, field := range probeFields { results := findResultsByIdentifier(field.ResourceIdentifier, manifestConditions) - // if no results are returned. it is possible that work agent has not returned the feedback value. - // mark condition to unknown - if len(results) == 0 { - meta.SetStatusCondition(&addon.Status.Conditions, metav1.Condition{ - Type: addonapiv1alpha1.ManagedClusterAddOnConditionAvailable, - Status: metav1.ConditionUnknown, - Reason: addonapiv1alpha1.AddonAvailableReasonNoProbeResult, - Message: fmt.Sprintf("Probe results are not returned for %s/%s: %s/%s", - field.ResourceIdentifier.Group, field.ResourceIdentifier.Resource, - field.ResourceIdentifier.Namespace, field.ResourceIdentifier.Name), - }) - return nil - } // healthCheck will be ignored if healthChecker is set if healthChecker != nil { @@ -223,6 +210,20 @@ func (s *healthCheckSyncer) probeAddonStatusByWorks( return nil } + // if no results are returned. it is possible that work agent has not returned the feedback value. + // mark condition to unknown + if len(results) == 0 { + meta.SetStatusCondition(&addon.Status.Conditions, metav1.Condition{ + Type: addonapiv1alpha1.ManagedClusterAddOnConditionAvailable, + Status: metav1.ConditionUnknown, + Reason: addonapiv1alpha1.AddonAvailableReasonNoProbeResult, + Message: fmt.Sprintf("Probe results are not returned for %s/%s: %s/%s", + field.ResourceIdentifier.Group, field.ResourceIdentifier.Resource, + field.ResourceIdentifier.Namespace, field.ResourceIdentifier.Name), + }) + return nil + } + for _, result := range results { err := healthCheck(result.ResourceIdentifier, result.FeedbackResult) if err != nil { @@ -274,11 +275,11 @@ func (s *healthCheckSyncer) analyzeWorkProber( } return nil, nil, nil, fmt.Errorf("work prober is not configured") case agent.HealthProberTypeDeploymentAvailability: - probeFields, heathChecker, err := s.analyzeDeploymentWorkProber(agentAddon, cluster, addon) - return probeFields, nil, heathChecker, err + probeFields, heathCheck, err := s.analyzeDeploymentWorkProber(agentAddon, cluster, addon) + return probeFields, heathCheck, nil, err case agent.HealthProberTypeWorkloadAvailability: - probeFields, heathChecker, err := s.analyzeWorkloadsWorkProber(agentAddon, cluster, addon) - return probeFields, nil, heathChecker, err + probeFields, heathCheck, err := s.analyzeWorkloadsWorkProber(agentAddon, cluster, addon) + return probeFields, heathCheck, nil, err default: return nil, nil, nil, fmt.Errorf("unsupported health prober type %s", agentAddon.GetAgentAddonOptions().HealthProber.Type) } @@ -288,7 +289,7 @@ func (s *healthCheckSyncer) analyzeDeploymentWorkProber( agentAddon agent.AgentAddon, cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, -) ([]agent.ProbeField, agent.AddonHealthCheckerFunc, error) { +) ([]agent.ProbeField, agent.AddonHealthCheckFunc, error) { probeFields := []agent.ProbeField{} manifests, err := agentAddon.Manifests(cluster, addon) @@ -309,14 +310,14 @@ func (s *healthCheckSyncer) analyzeDeploymentWorkProber( }) } - return probeFields, utils.DeploymentAvailabilityHealthChecker, nil + return probeFields, utils.DeploymentAvailabilityHealthCheck, nil } func (s *healthCheckSyncer) analyzeWorkloadsWorkProber( agentAddon agent.AgentAddon, cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, -) ([]agent.ProbeField, agent.AddonHealthCheckerFunc, error) { +) ([]agent.ProbeField, agent.AddonHealthCheckFunc, error) { probeFields := []agent.ProbeField{} manifests, err := agentAddon.Manifests(cluster, addon) @@ -343,7 +344,7 @@ func (s *healthCheckSyncer) analyzeWorkloadsWorkProber( }) } - return probeFields, utils.WorkloadAvailabilityHealthChecker, nil + return probeFields, utils.WorkloadAvailabilityHealthCheck, nil } func findResultsByIdentifier(identifier workapiv1.ResourceIdentifier, diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrapprove.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrapprove.go index a48805cb2..29372d041 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrapprove.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrapprove.go @@ -27,7 +27,6 @@ import ( clusterv1 "open-cluster-management.io/api/cluster/v1" "open-cluster-management.io/addon-framework/pkg/agent" - "open-cluster-management.io/addon-framework/pkg/utils" "open-cluster-management.io/sdk-go/pkg/basecontroller/factory" ) @@ -59,7 +58,6 @@ type csrApprovingController struct { managedClusterAddonLister addonlisterv1alpha1.ManagedClusterAddOnLister csrLister certificateslisters.CertificateSigningRequestLister csrListerBeta v1beta1certificateslisters.CertificateSigningRequestLister - mcaFilterFunc utils.ManagedClusterAddOnFilterFunc } // NewCSRApprovingController creates a new csr approving controller @@ -70,7 +68,6 @@ func NewCSRApprovingController( csrBetaInformer v1beta1certificatesinformers.CertificateSigningRequestInformer, addonInformers addoninformerv1alpha1.ManagedClusterAddOnInformer, agentAddons map[string]agent.AgentAddon, - mcaFilterFunc utils.ManagedClusterAddOnFilterFunc, ) factory.Controller { if (csrV1Informer != nil) == (csrBetaInformer != nil) { klog.Fatalf("V1 and V1beta1 CSR informer cannot be present or absent at the same time") @@ -80,7 +77,6 @@ func NewCSRApprovingController( agentAddons: agentAddons, managedClusterLister: clusterInformers.Lister(), managedClusterAddonLister: addonInformers.Lister(), - mcaFilterFunc: mcaFilterFunc, } var csrInformer cache.SharedIndexInformer if csrV1Informer != nil { @@ -166,9 +162,6 @@ func (c *csrApprovingController) sync(ctx context.Context, syncCtx factory.SyncC if err != nil { return err } - if c.mcaFilterFunc != nil && !c.mcaFilterFunc(managedClusterAddon) { - return nil - } if registrationOption.CSRApproveCheck == nil { klog.V(4).Infof("addon csr %q cannont be auto approved due to approve check not defined", csr.GetName()) diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrsign.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrsign.go index d3a65001b..e690e383f 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrsign.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/certificate/csrsign.go @@ -22,7 +22,6 @@ import ( clusterv1 "open-cluster-management.io/api/cluster/v1" "open-cluster-management.io/addon-framework/pkg/agent" - "open-cluster-management.io/addon-framework/pkg/utils" "open-cluster-management.io/sdk-go/pkg/basecontroller/factory" ) @@ -33,7 +32,6 @@ type csrSignController struct { managedClusterLister clusterlister.ManagedClusterLister managedClusterAddonLister addonlisterv1alpha1.ManagedClusterAddOnLister csrLister certificateslisters.CertificateSigningRequestLister - mcaFilterFunc utils.ManagedClusterAddOnFilterFunc } // NewCSRApprovingController creates a new csr approving controller @@ -43,7 +41,6 @@ func NewCSRSignController( csrInformer certificatesinformers.CertificateSigningRequestInformer, addonInformers addoninformerv1alpha1.ManagedClusterAddOnInformer, agentAddons map[string]agent.AgentAddon, - mcaFilterFunc utils.ManagedClusterAddOnFilterFunc, ) factory.Controller { c := &csrSignController{ kubeClient: kubeClient, @@ -51,7 +48,6 @@ func NewCSRSignController( managedClusterLister: clusterInformers.Lister(), managedClusterAddonLister: addonInformers.Lister(), csrLister: csrInformer.Lister(), - mcaFilterFunc: mcaFilterFunc, } return factory.New(). WithFilteredEventsInformersQueueKeysFunc( @@ -120,7 +116,7 @@ func (c *csrSignController) sync(ctx context.Context, syncCtx factory.SyncContex } // Get ManagedCluster - cluster, err := c.managedClusterLister.Get(clusterName) + _, err = c.managedClusterLister.Get(clusterName) if errors.IsNotFound(err) { return nil } @@ -128,25 +124,19 @@ func (c *csrSignController) sync(ctx context.Context, syncCtx factory.SyncContex return err } - addon, err := c.managedClusterAddonLister.ManagedClusterAddOns(clusterName).Get(addonName) + _, err = c.managedClusterAddonLister.ManagedClusterAddOns(clusterName).Get(addonName) if errors.IsNotFound(err) { return nil } if err != nil { return err } - if c.mcaFilterFunc != nil && !c.mcaFilterFunc(addon) { - return nil - } if registrationOption.CSRSign == nil { return nil } - csr.Status.Certificate, err = registrationOption.CSRSign(cluster, addon, csr) - if err != nil { - return fmt.Errorf("failed to sign addon csr %q: %v", csr.Name, err) - } + csr.Status.Certificate = registrationOption.CSRSign(csr) if len(csr.Status.Certificate) == 0 { return fmt.Errorf("invalid client certificate generated for addon csr %q", csr.Name) } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmaconfig/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmaconfig/controller.go index 3b64edeba..22072fa59 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmaconfig/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmaconfig/controller.go @@ -36,8 +36,8 @@ type cmaConfigController struct { clusterManagementAddonLister addonlisterv1alpha1.ClusterManagementAddOnLister clusterManagementAddonIndexer cache.Indexer configListers map[schema.GroupResource]dynamiclister.Lister - queue workqueue.TypedRateLimitingInterface[string] - cmaFilterFunc factory.EventFilterFunc + queue workqueue.RateLimitingInterface + addonFilterFunc factory.EventFilterFunc configGVRs map[schema.GroupVersionResource]bool addonPatcher patcher.Patcher[*addonapiv1alpha1.ClusterManagementAddOn, addonapiv1alpha1.ClusterManagementAddOnSpec, @@ -49,7 +49,7 @@ func NewCMAConfigController( clusterManagementAddonInformers addoninformerv1alpha1.ClusterManagementAddOnInformer, configInformerFactory dynamicinformer.DynamicSharedInformerFactory, configGVRs map[schema.GroupVersionResource]bool, - cmaFilterFunc factory.EventFilterFunc, + addonFilterFunc factory.EventFilterFunc, ) factory.Controller { syncCtx := factory.NewSyncContext(controllerName) @@ -59,7 +59,7 @@ func NewCMAConfigController( clusterManagementAddonIndexer: clusterManagementAddonInformers.Informer().GetIndexer(), configListers: map[schema.GroupResource]dynamiclister.Lister{}, queue: syncCtx.Queue(), - cmaFilterFunc: cmaFilterFunc, + addonFilterFunc: addonFilterFunc, configGVRs: configGVRs, addonPatcher: patcher.NewPatcher[*addonapiv1alpha1.ClusterManagementAddOn, addonapiv1alpha1.ClusterManagementAddOnSpec, @@ -145,7 +145,7 @@ func (c *cmaConfigController) sync(ctx context.Context, syncCtx factory.SyncCont return err } - if c.cmaFilterFunc != nil && !c.cmaFilterFunc(cma) { + if !c.addonFilterFunc(cma) { return nil } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmamanagedby/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmamanagedby/controller.go index 2869f996b..abd459676 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmamanagedby/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/cmamanagedby/controller.go @@ -29,7 +29,7 @@ type cmaManagedByController struct { addonClient addonv1alpha1client.Interface clusterManagementAddonLister addonlisterv1alpha1.ClusterManagementAddOnLister agentAddons map[string]agent.AgentAddon - cmaFilterFunc factory.EventFilterFunc + addonFilterFunc factory.EventFilterFunc addonPatcher patcher.Patcher[*addonapiv1alpha1.ClusterManagementAddOn, addonapiv1alpha1.ClusterManagementAddOnSpec, addonapiv1alpha1.ClusterManagementAddOnStatus] @@ -39,7 +39,7 @@ func NewCMAManagedByController( addonClient addonv1alpha1client.Interface, clusterManagementAddonInformers addoninformerv1alpha1.ClusterManagementAddOnInformer, agentAddons map[string]agent.AgentAddon, - cmaFilterFunc factory.EventFilterFunc, + addonFilterFunc factory.EventFilterFunc, ) factory.Controller { syncCtx := factory.NewSyncContext(controllerName) @@ -47,7 +47,7 @@ func NewCMAManagedByController( addonClient: addonClient, clusterManagementAddonLister: clusterManagementAddonInformers.Lister(), agentAddons: agentAddons, - cmaFilterFunc: cmaFilterFunc, + addonFilterFunc: addonFilterFunc, addonPatcher: patcher.NewPatcher[*addonapiv1alpha1.ClusterManagementAddOn, addonapiv1alpha1.ClusterManagementAddOnSpec, addonapiv1alpha1.ClusterManagementAddOnStatus](addonClient.AddonV1alpha1().ClusterManagementAddOns()), @@ -60,7 +60,7 @@ func NewCMAManagedByController( key, _ := cache.DeletionHandlingMetaNamespaceKeyFunc(obj) return []string{key} }, - c.cmaFilterFunc, clusterManagementAddonInformers.Informer()). + c.addonFilterFunc, clusterManagementAddonInformers.Informer()). WithSync(c.sync).ToController(controllerName) } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/registration/controller.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/registration/controller.go index 7d43089f9..b90fd2132 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/registration/controller.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/controllers/registration/controller.go @@ -29,7 +29,6 @@ type addonRegistrationController struct { managedClusterLister clusterlister.ManagedClusterLister managedClusterAddonLister addonlisterv1alpha1.ManagedClusterAddOnLister agentAddons map[string]agent.AgentAddon - mcaFilterFunc utils.ManagedClusterAddOnFilterFunc } func NewAddonRegistrationController( @@ -37,14 +36,12 @@ func NewAddonRegistrationController( clusterInformers clusterinformers.ManagedClusterInformer, addonInformers addoninformerv1alpha1.ManagedClusterAddOnInformer, agentAddons map[string]agent.AgentAddon, - mcaFilterFunc utils.ManagedClusterAddOnFilterFunc, ) factory.Controller { c := &addonRegistrationController{ addonClient: addonClient, managedClusterLister: clusterInformers.Lister(), managedClusterAddonLister: addonInformers.Lister(), agentAddons: agentAddons, - mcaFilterFunc: mcaFilterFunc, } return factory.New().WithFilteredEventsInformersQueueKeysFunc( @@ -97,10 +94,6 @@ func (c *addonRegistrationController) sync(ctx context.Context, syncCtx factory. return err } - if c.mcaFilterFunc != nil && !c.mcaFilterFunc(managedClusterAddon) { - return nil - } - managedClusterAddonCopy := managedClusterAddon.DeepCopy() // wait until the mca's ownerref is set. @@ -126,10 +119,7 @@ func (c *addonRegistrationController) sync(ctx context.Context, syncCtx factory. statusChanged, err := addonPatcher.PatchStatus(ctx, managedClusterAddonCopy, managedClusterAddonCopy.Status, managedClusterAddon.Status) if statusChanged { - if err != nil { - return fmt.Errorf("failed to patch status(supported configs) of managedclusteraddon: %w", err) - } - return nil + return err } // if supported configs not change, continue to patch condition RegistrationApplied, status.Registrations and status.Namespace @@ -142,10 +132,7 @@ func (c *addonRegistrationController) sync(ctx context.Context, syncCtx factory. Message: "Registration of the addon agent is configured", }) _, err = addonPatcher.PatchStatus(ctx, managedClusterAddonCopy, managedClusterAddonCopy.Status, managedClusterAddon.Status) - if err != nil { - return fmt.Errorf("failed to patch status condition(registrationOption nil) of managedclusteraddon: %w", err) - } - return nil + return err } if registrationOption.PermissionConfig != nil { @@ -159,7 +146,7 @@ func (c *addonRegistrationController) sync(ctx context.Context, syncCtx factory. }) if _, patchErr := addonPatcher.PatchStatus( ctx, managedClusterAddonCopy, managedClusterAddonCopy.Status, managedClusterAddon.Status); patchErr != nil { - return fmt.Errorf("failed to patch status condition (set permission for hub agent) of managedclusteraddon: %w", patchErr) + return patchErr } return err } @@ -173,16 +160,10 @@ func (c *addonRegistrationController) sync(ctx context.Context, syncCtx factory. Message: "Registration of the addon agent is configured", }) _, err = addonPatcher.PatchStatus(ctx, managedClusterAddonCopy, managedClusterAddonCopy.Status, managedClusterAddon.Status) - if err != nil { - return fmt.Errorf("failed to patch status condition(CSRConfigurations nil) of managedclusteraddon: %w", err) - } - return nil + return err } - configs, err := registrationOption.CSRConfigurations(managedCluster, managedClusterAddonCopy) - if err != nil { - return fmt.Errorf("failed to get csr configurations: %w", err) - } + configs := registrationOption.CSRConfigurations(managedCluster) managedClusterAddonCopy.Status.Registrations = configs var agentInstallNamespace string @@ -210,8 +191,6 @@ func (c *addonRegistrationController) sync(ctx context.Context, syncCtx factory. }) _, err = addonPatcher.PatchStatus(ctx, managedClusterAddonCopy, managedClusterAddonCopy.Status, managedClusterAddon.Status) - if err != nil { - return fmt.Errorf("failed to patch status condition(successfully configured) of managedclusteraddon: %w", err) - } - return nil + + return err } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/interface.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/interface.go index 6454f70a9..5598a7701 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/interface.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/interface.go @@ -29,8 +29,7 @@ type BaseAddonManager interface { kubeInformers kubeinformers.SharedInformerFactory, addonInformers addoninformers.SharedInformerFactory, clusterInformers clusterv1informers.SharedInformerFactory, - dynamicInformers dynamicinformer.DynamicSharedInformerFactory, - ) error + dynamicInformers dynamicinformer.DynamicSharedInformerFactory) error } // AddonManager is the interface based on BaseAddonManager to initialize a manager on hub diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/manager.go b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/manager.go index f698d80f2..8c0d3dd30 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/manager.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/addonmanager/manager.go @@ -122,8 +122,7 @@ func (a *addonManager) Start(ctx context.Context) error { return err } - err = a.StartWithInformers(ctx, workClient, workInformers.Work().V1().ManifestWorks(), kubeInformers, - addonInformers, clusterInformers, dynamicInformers) + err = a.StartWithInformers(ctx, workClient, workInformers.Work().V1().ManifestWorks(), kubeInformers, addonInformers, clusterInformers, dynamicInformers) if err != nil { return err } @@ -142,12 +141,3 @@ func New(config *rest.Config) (AddonManager, error) { NewBaseAddonManagerImpl(config), }, nil } - -// NewWithOptionFuncs returns a new Manager for creating addon agents with OptionFunc functions. -func NewWithOptionFuncs(config *rest.Config, optionFuncs ...OptionFunc) (AddonManager, error) { - manager := NewBaseAddonManagerImpl(config) - manager.ApplyOptionFuncs(optionFuncs...) - return &addonManager{ - manager, - }, nil -} diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/agent/inteface.go b/vendor/open-cluster-management.io/addon-framework/pkg/agent/inteface.go index 1e808e286..66d7f8f9a 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/agent/inteface.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/agent/inteface.go @@ -98,19 +98,12 @@ type AgentAddonOptions struct { ConfigCheckEnabled bool } -type CSRConfigurationsFunc func(cluster *clusterv1.ManagedCluster, - addon *addonapiv1alpha1.ManagedClusterAddOn) ([]addonapiv1alpha1.RegistrationConfig, error) +type CSRSignerFunc func(csr *certificatesv1.CertificateSigningRequest) []byte -type CSRSignerFunc func(cluster *clusterv1.ManagedCluster, - addon *addonapiv1alpha1.ManagedClusterAddOn, csr *certificatesv1.CertificateSigningRequest) ([]byte, error) - -type CSRApproveFunc func(cluster *clusterv1.ManagedCluster, - addon *addonapiv1alpha1.ManagedClusterAddOn, csr *certificatesv1.CertificateSigningRequest) bool +type CSRApproveFunc func(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, csr *certificatesv1.CertificateSigningRequest) bool type PermissionConfigFunc func(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error -type AgentInstallNamespaceFunc func(addon *addonapiv1alpha1.ManagedClusterAddOn) (string, error) - // RegistrationOption defines how agent is registered to the hub cluster. It needs to define: // 1. csr with what subject/signer should be created // 2. how csr is approved @@ -120,7 +113,7 @@ type RegistrationOption struct { // CSRConfigurations returns a list of csr configuration for the adddon agent in a managed cluster. // A csr will be created from the managed cluster for addon agent with each CSRConfiguration. // +required - CSRConfigurations CSRConfigurationsFunc + CSRConfigurations func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig // Namespace is the namespace where registraiton credential will be put on the managed cluster. It // will be overridden by installNamespace on ManagedClusterAddon spec if set @@ -132,7 +125,7 @@ type RegistrationOption struct { // Note: Set this very carefully. If this is set, the addon agent must be deployed in the same namespace, which // means when implementing Manifests function in AgentAddon interface, the namespace of the addon agent manifest // must be set to the same value returned by this function. - AgentInstallNamespace AgentInstallNamespaceFunc + AgentInstallNamespace func(addon *addonapiv1alpha1.ManagedClusterAddOn) (string, error) // CSRApproveCheck checks whether the addon agent registration should be approved by the hub. // Addon hub controller can implement this func to auto-approve all the CSRs. A better CSR check is @@ -185,7 +178,6 @@ type WorkHealthProber struct { // HealthCheck is deprecated and will be removed in the future. please use HealthChecker instead. // HealthCheck will be ignored if HealthChecker is set. // HealthCheck check status of the addon based on each probeField result. - // Deprecated: use HealthChecker instead. HealthCheck AddonHealthCheckFunc // HealthChecker check status of the addon based of all results of probeFields @@ -238,9 +230,8 @@ const ( HealthProberTypeWorkloadAvailability HealthProberType = "WorkloadAvailability" ) -func KubeClientSignerConfigurations(addonName, agentName string) CSRConfigurationsFunc { - return func(cluster *clusterv1.ManagedCluster, - addon *addonapiv1alpha1.ManagedClusterAddOn) ([]addonapiv1alpha1.RegistrationConfig, error) { +func KubeClientSignerConfigurations(addonName, agentName string) func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig { + return func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig { return []addonapiv1alpha1.RegistrationConfig{ { SignerName: certificatesv1.KubeAPIServerClientSignerName, @@ -249,7 +240,7 @@ func KubeClientSignerConfigurations(addonName, agentName string) CSRConfiguratio Groups: DefaultGroups(cluster.Name, addonName), }, }, - }, nil + } } } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/utils/addon.go b/vendor/open-cluster-management.io/addon-framework/pkg/utils/addon.go deleted file mode 100644 index f4ec0f323..000000000 --- a/vendor/open-cluster-management.io/addon-framework/pkg/utils/addon.go +++ /dev/null @@ -1,37 +0,0 @@ -package utils - -import ( - addonapiv1alpha1 "open-cluster-management.io/api/addon/v1alpha1" -) - -// ManagedClusterAddOnFilterFunc is a function type that filters ManagedClusterAddOn objects. -// It returns true if the ManagedClusterAddOn should be processed, false otherwise. -// This is used to selectively process only certain types of addons based on custom criteria. -type ManagedClusterAddOnFilterFunc func(mca *addonapiv1alpha1.ManagedClusterAddOn) bool - -// AllowAllAddOns is a filter function that accepts all ManagedClusterAddOn objects. -// This function always returns true, making it suitable as a no-op filter when -// no filtering is desired. -func AllowAllAddOns(mca *addonapiv1alpha1.ManagedClusterAddOn) bool { - return true -} - -// FilterTemplateBasedAddOns is a filter function that only accepts ManagedClusterAddOn -// objects that are based on AddOnTemplate resources. It checks the status.configReferences -// to determine if any configuration reference points to an addontemplates resource. -func FilterTemplateBasedAddOns(mca *addonapiv1alpha1.ManagedClusterAddOn) bool { - if mca == nil { - return false - } - - // Check if any of the config references is an addontemplates resource - for _, configRef := range mca.Status.ConfigReferences { - if configRef.Group == "addon.open-cluster-management.io" && configRef.Resource == "addontemplates" && - configRef.DesiredConfig != nil && len(configRef.DesiredConfig.SpecHash) > 0 { - return true - - } - } - - return false -} diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/utils/addon_config.go b/vendor/open-cluster-management.io/addon-framework/pkg/utils/addon_config.go index 654cd9c11..7b2157a67 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/utils/addon_config.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/utils/addon_config.go @@ -53,7 +53,7 @@ func AgentInstallNamespaceFromDeploymentConfigFunc( // so we can use the default namespace. // TODO: Find a way to distinguish between the above two cases if config == nil { - klog.V(4).InfoS("Addon deployment config is nil, return an empty string for agent install namespace", + klog.InfoS("Addon deployment config is nil, return an empty string for agent install namespace", "addonNamespace", addon.Namespace, "addonName", addon.Name) return "", nil } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/utils/csr_helpers.go b/vendor/open-cluster-management.io/addon-framework/pkg/utils/csr_helpers.go index bac3b2733..bc35dd12c 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/utils/csr_helpers.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/utils/csr_helpers.go @@ -19,45 +19,46 @@ import ( "k8s.io/klog/v2" addonapiv1alpha1 "open-cluster-management.io/api/addon/v1alpha1" clusterv1 "open-cluster-management.io/api/cluster/v1" - operatorapiv1 "open-cluster-management.io/api/operator/v1" "open-cluster-management.io/addon-framework/pkg/agent" ) -const defaultGRPCServiceAccount = "system:serviceaccount:open-cluster-management-hub:grpc-server-sa" - var serialNumberLimit = new(big.Int).Lsh(big.NewInt(1), 128) // DefaultSignerWithExpiry generates a signer func for addon agent to sign the csr using caKey and caData with expiry date. func DefaultSignerWithExpiry(caKey, caData []byte, duration time.Duration) agent.CSRSignerFunc { - return func(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, - csr *certificatesv1.CertificateSigningRequest) ([]byte, error) { + return func(csr *certificatesv1.CertificateSigningRequest) []byte { blockTlsCrt, _ := pem.Decode(caData) if blockTlsCrt == nil { - return nil, fmt.Errorf("failed to decode cert") + klog.Errorf("Failed to decode cert") + return nil } certs, err := x509.ParseCertificates(blockTlsCrt.Bytes) if err != nil { - return nil, fmt.Errorf("failed to parse cert: %v", err) + klog.Errorf("Failed to parse cert: %v", err) + return nil } blockTlsKey, _ := pem.Decode(caKey) if blockTlsKey == nil { - return nil, fmt.Errorf("failed to decode key") + klog.Errorf("Failed to decode key") + return nil } // For now only PKCS#1 is supported which assures the private key algorithm is RSA. // TODO: Compatibility w/ PKCS#8 key e.g. EC algorithm key, err := x509.ParsePKCS1PrivateKey(blockTlsKey.Bytes) if err != nil { - return nil, fmt.Errorf("failed to parse key: %v", err) + klog.Errorf("Failed to parse key: %v", err) + return nil } data, err := signCSR(csr, certs[0], key, duration) if err != nil { - return nil, fmt.Errorf("failed to sign csr: %v", err) + klog.Errorf("Failed to sign csr: %v", err) + return nil } - return data, nil + return data } } @@ -169,20 +170,13 @@ func DefaultCSRApprover(agentName string) agent.CSRApproveFunc { } // check user name - username := csr.Spec.Username - if csr.Spec.Username == defaultGRPCServiceAccount { - // the CSR username is the service account of gRPC server rather than the user of agent. - // use the CSRUsernameAnnotation that identifies the agent user who requested the CSR. - username = csr.Annotations[operatorapiv1.CSRUsernameAnnotation] - } - - if strings.HasPrefix(username, "system:open-cluster-management:"+cluster.Name) { + if strings.HasPrefix(csr.Spec.Username, "system:open-cluster-management:"+cluster.Name) { klog.Info("CSR approved") return true + } else { + klog.Info("CSR not approved due to illegal requester", "requester", csr.Spec.Username) + return false } - - klog.Info("CSR not approved due to illegal requester", "requester", csr.Spec.Username) - return false } } diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/utils/helpers.go b/vendor/open-cluster-management.io/addon-framework/pkg/utils/helpers.go index 6f7c82ddf..355546071 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/utils/helpers.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/utils/helpers.go @@ -9,7 +9,7 @@ import ( "reflect" "strings" - jsonpatch "github.com/evanphx/json-patch/v5" + jsonpatch "github.com/evanphx/json-patch" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" diff --git a/vendor/open-cluster-management.io/addon-framework/pkg/utils/probe_helper.go b/vendor/open-cluster-management.io/addon-framework/pkg/utils/probe_helper.go index 6c342c089..73c7c4a19 100644 --- a/vendor/open-cluster-management.io/addon-framework/pkg/utils/probe_helper.go +++ b/vendor/open-cluster-management.io/addon-framework/pkg/utils/probe_helper.go @@ -9,7 +9,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "open-cluster-management.io/addon-framework/pkg/agent" - addonapiv1alpha1 "open-cluster-management.io/api/addon/v1alpha1" + "open-cluster-management.io/api/addon/v1alpha1" clusterv1 "open-cluster-management.io/api/cluster/v1" workapiv1 "open-cluster-management.io/api/work/v1" ) @@ -32,8 +32,8 @@ func NewDeploymentProber(deployments ...types.NamespacedName) *agent.HealthProbe return &agent.HealthProber{ Type: agent.HealthProberTypeWork, WorkProber: &agent.WorkHealthProber{ - ProbeFields: probeFields, - HealthChecker: DeploymentAvailabilityHealthChecker, + ProbeFields: probeFields, + HealthCheck: DeploymentAvailabilityHealthCheck, }, } } @@ -59,7 +59,7 @@ func NewAllDeploymentsProber() *agent.HealthProber { Type: agent.HealthProberTypeWork, WorkProber: &agent.WorkHealthProber{ ProbeFields: probeFields, - HealthChecker: DeploymentAvailabilityHealthChecker, + HealthChecker: AllDeploymentsAvailabilityHealthCheck, }, } } @@ -84,43 +84,26 @@ func (d *DeploymentProber) ProbeFields() []agent.ProbeField { return probeFields } -// Deprecated: use DeploymentAvailabilityHealthChecker instead. func DeploymentAvailabilityHealthCheck(identifier workapiv1.ResourceIdentifier, result workapiv1.StatusFeedbackResult) error { - return checkWorkloadAvailabilityHealth(identifier, result) + return WorkloadAvailabilityHealthCheck(identifier, result) } -// Deprecated: use DeploymentAvailabilityHealthChecker instead. func AllDeploymentsAvailabilityHealthCheck(results []agent.FieldResult, - cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error { + cluster *clusterv1.ManagedCluster, addon *v1alpha1.ManagedClusterAddOn) error { if len(results) < 2 { return fmt.Errorf("all deployments are not available") } for _, result := range results { - if err := checkWorkloadAvailabilityHealth(result.ResourceIdentifier, result.FeedbackResult); err != nil { - return err - } - } - return nil -} - -func DeploymentAvailabilityHealthChecker(results []agent.FieldResult, - cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error { - return WorkloadAvailabilityHealthChecker(results, cluster, addon) -} - -func WorkloadAvailabilityHealthChecker(results []agent.FieldResult, - cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error { - for _, result := range results { - if err := checkWorkloadAvailabilityHealth(result.ResourceIdentifier, result.FeedbackResult); err != nil { + if err := WorkloadAvailabilityHealthCheck(result.ResourceIdentifier, result.FeedbackResult); err != nil { return err } } return nil } -func checkWorkloadAvailabilityHealth(identifier workapiv1.ResourceIdentifier, +func WorkloadAvailabilityHealthCheck(identifier workapiv1.ResourceIdentifier, result workapiv1.StatusFeedbackResult) error { // only support deployments and daemonsets for now if identifier.Resource != "deployments" && identifier.Resource != "daemonsets" {