Home Esplora Aiuto
Accedi
logic855
/
helm-external-secrets
mirror da https://github.com/external-secrets/external-secrets
1
0
Forka 0
File Problemi 0 Wiki
Ramo (Branch): mj-pushsecret-generator-state
Rami (Branch) Tag
helm-external-s...
/
pkg
/
generator
/
statemanager
/
statemanager.go

statemanager.go 8.4 KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package statemanager
    16. 

  16. 

  17. import (
    18. 

  18. 	"context"
    19. 

  19. 	"errors"
    20. 

  20. 	"fmt"
    21. 

  21. 

  22. 	"github.com/google/uuid"
    23. 

  23. 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    24. 

  24. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    25. 

  25. 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
    26. 

  26. 	"k8s.io/apimachinery/pkg/runtime"
    27. 

  27. 	"sigs.k8s.io/controller-runtime/pkg/client"
    28. 

  28. 

  29. 	"github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
    30. 

  30. 	"github.com/external-secrets/external-secrets/apis/generators/v1alpha1"
    31. 

  31. 	"github.com/external-secrets/external-secrets/pkg/generator/gc"
    32. 

  32. 	"github.com/external-secrets/external-secrets/pkg/utils/resolvers"
    33. 

  33. )
    34. 

  34. 

  35. // Manager takes care of maintaining the state of the generators.
    36. 

  36. // It provides the ability to commit and rollback the state of the generators,
    37. 

  37. // which is needed when we have multiple generators that need to be created or
    38. 

  38. // other operations which can fail.
    39. 

  39. // The manager shall be used to modify the state of the generators on a given resource.
    40. 

  40. // The user can choose any key to store the state of the generator on the "latest" field.
    41. 

  41. // When state is moved to GC, manager will create a hash of the key and the generator state
    42. 

  42. // and store it in the "GC" field.
    43. 

  43. type Manager struct {
    44. 

  44. 	scheme        *runtime.Scheme
    45. 

  45. 	client        client.Client
    46. 

  46. 	namespace     string
    47. 

  47. 	resource      v1beta1.GeneratorStateManagingResource
    48. 

  48. 	internalState []QueueItem
    49. 

  49. }
    50. 

  50. 

  51. type QueueItem struct {
    52. 

  52. 	Rollback func() error
    53. 

  53. 	Commit   func() error
    54. 

  54. }
    55. 

  55. 

  56. func New(client client.Client, scheme *runtime.Scheme, namespace string,
    57. 

  57. 	resource v1beta1.GeneratorStateManagingResource) *Manager {
    58. 

  58. 	return &Manager{
    59. 

  59. 		scheme:    scheme,
    60. 

  60. 		client:    client,
    61. 

  61. 		namespace: namespace,
    62. 

  62. 		resource:  resource,
    63. 

  63. 	}
    64. 

  64. }
    65. 

  65. 

  66. // Rollback will rollback the enqueued operations.
    67. 

  67. func (m *Manager) Rollback() error {
    68. 

  68. 	var errs []error
    69. 

  69. 	for _, item := range m.internalState {
    70. 

  70. 		if err := item.Rollback(); err != nil {
    71. 

  71. 			errs = append(errs, err)
    72. 

  72. 		}
    73. 

  73. 	}
    74. 

  74. 	return errors.Join(errs...)
    75. 

  75. }
    76. 

  76. 

  77. // Commit will apply the enqueued changes to the state of the generators.
    78. 

  78. func (m *Manager) Commit() error {
    79. 

  79. 	var errs []error
    80. 

  80. 	for _, item := range m.internalState {
    81. 

  81. 		if err := item.Commit(); err != nil {
    82. 

  82. 			errs = append(errs, err)
    83. 

  83. 		}
    84. 

  84. 	}
    85. 

  85. 	return errors.Join(errs...)
    86. 

  86. }
    87. 

  87. 

  88. // EnqueueFlagLatestStateForGC will flag the latest state for garbage collection after Commit.
    89. 

  89. // It will be cleaned up later by the garbage collector.
    90. 

  90. func (m *Manager) EnqueueFlagLatestStateForGC(stateKey string) {
    91. 

  91. 	m.internalState = append(m.internalState, QueueItem{
    92. 

  92. 		Commit: func() error {
    93. 

  93. 			genState := m.resource.GetGeneratorState()
    94. 

  94. 			if genState.Latest == nil {
    95. 

  95. 				return nil
    96. 

  96. 			}
    97. 

  97. 			latest, ok := genState.Latest[stateKey]
    98. 

  98. 			if !ok {
    99. 

  99. 				return nil
    100. 

  100. 			}
    101. 

  101. 			gen, err := m.getGenerator(latest.Resource.Raw)
    102. 

  102. 			if err != nil {
    103. 

  103. 				return err
    104. 

  104. 			}
    105. 

  105. 			return m.moveStateToGC(latest.Resource, stateKey, gen, latest.State)
    106. 

  106. 		},
    107. 

  107. 	})
    108. 

  108. }
    109. 

  109. 

  110. func (m *Manager) getGenerator(resource []byte) (v1alpha1.Generator, error) {
    111. 

  111. 	us := &unstructured.Unstructured{}
    112. 

  112. 	if err := us.UnmarshalJSON(resource); err != nil {
    113. 

  113. 		return nil, fmt.Errorf("unable to unmarshal resource: %w", err)
    114. 

  114. 	}
    115. 

  115. 	ref := v1beta1.GeneratorRef{
    116. 

  116. 		APIVersion: us.GetAPIVersion(),
    117. 

  117. 		Kind:       us.GetKind(),
    118. 

  118. 		Name:       us.GetName(),
    119. 

  119. 	}
    120. 

  120. 	gen, _, err := resolvers.GeneratorRef(context.TODO(), m.client, m.scheme, m.namespace, &ref)
    121. 

  121. 	return gen, err
    122. 

  122. }
    123. 

  123. 

  124. // EnqueueMoveStateToGC will move the generator state to GC if Commit() is called.
    125. 

  125. func (m *Manager) EnqueueMoveStateToGC(resource *apiextensions.JSON, stateKey string, gen v1alpha1.Generator, state v1alpha1.GeneratorProviderState) {
    126. 

  126. 	m.internalState = append(m.internalState, QueueItem{
    127. 

  127. 		Commit: func() error {
    128. 

  128. 			return m.moveStateToGC(resource, stateKey, gen, state)
    129. 

  129. 		},
    130. 

  130. 	})
    131. 

  131. }
    132. 

  132. 

  133. // moveStateToGC moves the generator state to GC and enqueues it for cleanup.
    134. 

  134. func (m *Manager) moveStateToGC(resource *apiextensions.JSON, stateKey string, gen v1alpha1.Generator, state v1alpha1.GeneratorProviderState) error {
    135. 

  135. 	genState := m.resource.GetGeneratorState()
    136. 

  136. 	entry := gc.Entry{
    137. 

  137. 		Resource: resource,
    138. 

  138. 		Impl:     gen,
    139. 

  139. 		State:    state,
    140. 

  140. 	}
    141. 

  141. 	if err := gc.Enqueue(entry); err != nil {
    142. 

  142. 		return fmt.Errorf("unable to enqueue generator state for GC: %w", err)
    143. 

  143. 	}
    144. 

  144. 	if genState.GC == nil {
    145. 

  145. 		genState.GC = make(map[string]*v1beta1.GeneratorGCState)
    146. 

  146. 	}
    147. 

  147. 	genState.GC[gcGeneratorStateKey(entry, stateKey)] = &v1beta1.GeneratorGCState{
    148. 

  148. 		Resource:         resource,
    149. 

  149. 		State:            state,
    150. 

  150. 		FlaggedForGCTime: metav1.Now(),
    151. 

  151. 	}
    152. 

  152. 	return nil
    153. 

  153. }
    154. 

  154. 

  155. func gcGeneratorStateKey(entry gc.Entry, key string) string {
    156. 

  156. 	return fmt.Sprintf("[%s]-%s", key, entry.Key())
    157. 

  157. }
    158. 

  158. 

  159. // EnqueueSetLatest sets the latest state for the given key.
    160. 

  160. // It will commit the state on success or move the state to GC on failure.
    161. 

  161. func (m *Manager) EnqueueSetLatest(ctx context.Context, kubeClient client.Client, stateKey, namespace string, resource *apiextensions.JSON, gen v1alpha1.Generator, state v1alpha1.GeneratorProviderState) {
    162. 

  162. 	m.internalState = append(m.internalState, QueueItem{
    163. 

  163. 		// Store state at .Latest[<key>] on success
    164. 

  164. 		// or attempt to immediately delete the state on failure
    165. 

  165. 		Commit: func() error {
    166. 

  166. 			genState := m.resource.GetGeneratorState()
    167. 

  167. 			if genState.Latest == nil {
    168. 

  168. 				genState.Latest = make(map[string]*v1beta1.GeneratorResourceState)
    169. 

  169. 			}
    170. 

  170. 			genState.Latest[stateKey] = &v1beta1.GeneratorResourceState{
    171. 

  171. 				Resource: resource,
    172. 

  172. 				State:    state,
    173. 

  173. 			}
    174. 

  174. 			return nil
    175. 

  175. 		},
    176. 

  176. 		// Rollback by cleaning up the state.
    177. 

  177. 		// In case of failure, move the state to GC so it will be cleaned up later.
    178. 

  178. 		Rollback: func() error {
    179. 

  179. 			err := gen.Cleanup(ctx, resource, state, kubeClient, namespace)
    180. 

  180. 			if err == nil {
    181. 

  181. 				return nil
    182. 

  182. 			}
    183. 

  183. 			return m.moveStateToGC(resource, fmt.Sprintf("rollback-%s", uuid.New().String()), gen, state)
    184. 

  184. 		},
    185. 

  185. 	})
    186. 

  186. }
    187. 

  187. 

  188. // GetLatest returns the latest state for the given key.
    189. 

  189. func (m *Manager) GetLatest(key string) *apiextensions.JSON {
    190. 

  190. 	state := m.resource.GetGeneratorState()
    191. 

  191. 	if state.Latest == nil {
    192. 

  192. 		return nil
    193. 

  193. 	}
    194. 

  194. 	latest := state.Latest[key]
    195. 

  195. 	if latest == nil {
    196. 

  196. 		return nil
    197. 

  197. 	}
    198. 

  198. 	return latest.State
    199. 

  199. }
    200. 

  200. 

  201. // CleanupImmediate will cleanup the generator state immediately.
    202. 

  202. // This is useful when we want to cleanup the state immediately after deletion of the resource.
    203. 

  203. func (m *Manager) CleanupImmediate(ctx context.Context, resource v1beta1.GeneratorStateManagingResource, kubeClient client.Client, namespace string) error {
    204. 

  204. 	var errs []error
    205. 

  205. 	generatorState := resource.GetGeneratorState()
    206. 

  206. 	for _, gcState := range generatorState.GC {
    207. 

  207. 		gen, err := m.getGenerator(gcState.Resource.Raw)
    208. 

  208. 		if err != nil {
    209. 

  209. 			errs = append(errs, fmt.Errorf("unable to get generator: %w", err))
    210. 

  210. 			continue
    211. 

  211. 		}
    212. 

  212. 		err = gen.Cleanup(ctx, gcState.Resource, gcState.State, kubeClient, namespace)
    213. 

  213. 		if err != nil {
    214. 

  214. 			errs = append(errs, fmt.Errorf("failed to cleanup generator state: %w", err))
    215. 

  215. 		}
    216. 

  216. 	}
    217. 

  217. 	return errors.Join(errs...)
    218. 

  218. }
    219. 

  219. 

  220. // GarbageCollect will cleanup the generator state that is flagged for GC.
    221. 

  221. // It updates the generator state with the new GC state.
    222. 

  222. // If an error occurs during cleanup of a generator state,
    223. 

  223. // it will be aggregated and returned at the end but the cleanup will continue for the remaining generator states.
    224. 

  224. func (m *Manager) GarbageCollect(ctx context.Context, kubeClient client.Client, namespace string) error {
    225. 

  225. 	var errs []error
    226. 

  226. 	generatorState := m.resource.GetGeneratorState()
    227. 

  227. 	newGCState := make(map[string]*v1beta1.GeneratorGCState)
    228. 

  228. 	for idx, gcState := range generatorState.GC {
    229. 

  229. 		gen, err := m.getGenerator(gcState.Resource.Raw)
    230. 

  230. 		if err != nil {
    231. 

  231. 			errs = append(errs, fmt.Errorf("unable to get generator: %w", err))
    232. 

  232. 			continue
    233. 

  233. 		}
    234. 

  234. 		deleted, err := gc.Cleanup(ctx, gcState.FlaggedForGCTime.Time, gc.Entry{
    235. 

  235. 			Resource: gcState.Resource,
    236. 

  236. 			Impl:     gen,
    237. 

  237. 			State:    gcState.State,
    238. 

  238. 		}, kubeClient, namespace)
    239. 

  239. 		if err != nil {
    240. 

  240. 			errs = append(errs, fmt.Errorf("failed to cleanup generator state: %w", err))
    241. 

  241. 			continue
    242. 

  242. 		}
    243. 

  243. 		if !deleted {
    244. 

  244. 			newGCState[idx] = gcState
    245. 

  245. 		}
    246. 

  246. 	}
    247. 

  247. 	generatorState.GC = newGCState
    248. 

  248. 	m.resource.SetGeneratorState(*generatorState)
    249. 

  249. 	return errors.Join(errs...)
    250. 

  250. }
    251.