Skip to content

Commit 29185b2

Browse files
author
felix.phipps
committed
initial commit
1 parent a9933b9 commit 29185b2

2 files changed

Lines changed: 100 additions & 2 deletions

File tree

pkg/agent/run.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -196,8 +196,8 @@ func Run(cmd *cobra.Command, args []string) (returnErr error) {
196196

197197
dynDg, isDynamicGatherer := newDg.(*k8sdynamic.DataGathererDynamic)
198198
if isDynamicGatherer {
199-
dynDg.ExcludeAnnotKeys = config.ExcludeAnnotationKeysRegex
200-
dynDg.ExcludeLabelKeys = config.ExcludeLabelKeysRegex
199+
dynDg.ExcludeAnnotKeys = append(dynDg.ExcludeAnnotKeys, config.ExcludeAnnotationKeysRegex...)
200+
dynDg.ExcludeLabelKeys = append(dynDg.ExcludeLabelKeys, config.ExcludeLabelKeysRegex...)
201201

202202
gvr := dynDg.GVR()
203203

pkg/datagatherer/k8sdynamic/dynamic_test.go

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1100,6 +1100,104 @@ func TestExcludeAnnotKeys_ExcludesResourcesFromUpload(t *testing.T) {
11001100
}
11011101
}
11021102

1103+
// Verifies the Certificate is excluded and an unannotated Certificate is kept.
1104+
func TestExcludeAnnotKeys_CertificateWithOpenshiftAnnotation(t *testing.T) {
1105+
ctx := t.Context()
1106+
1107+
certGVR := schema.GroupVersionResource{Group: "cert-manager.io", Version: "v1", Resource: "certificates"}
1108+
gvrToListKind := map[schema.GroupVersionResource]string{
1109+
certGVR: "UnstructuredList",
1110+
}
1111+
1112+
excluded := getObjectAnnot("cert-manager.io/v1", "Certificate", "example-com", "cyberark",
1113+
map[string]any{"openshift.io/discovery": "ignore"},
1114+
map[string]any{},
1115+
)
1116+
included := getObjectAnnot("cert-manager.io/v1", "Certificate", "other-cert", "cyberark",
1117+
map[string]any{"some-other-annotation": "value"},
1118+
map[string]any{},
1119+
)
1120+
1121+
cl := fake.NewSimpleDynamicClientWithCustomListKinds(
1122+
runtime.NewScheme(), gvrToListKind, excluded, included,
1123+
)
1124+
1125+
cfg := ConfigDynamic{GroupVersionResource: certGVR}
1126+
dg, err := cfg.newDataGathererWithClient(ctx, cl, nil)
1127+
require.NoError(t, err)
1128+
1129+
dgd := dg.(*DataGathererDynamic)
1130+
// simulate run.go appending the global exclude-annotation-keys-regex
1131+
dgd.ExcludeAnnotKeys = append(dgd.ExcludeAnnotKeys, regexp.MustCompile(`^openshift\.io.*$`))
1132+
1133+
go func() { _ = dg.Run(ctx) }()
1134+
require.NoError(t, dgd.WaitForCacheSync(ctx))
1135+
1136+
res, count, err := dg.Fetch(ctx)
1137+
require.NoError(t, err)
1138+
1139+
data, ok := res.(*api.DynamicData)
1140+
require.True(t, ok)
1141+
1142+
assert.Equal(t, 1, count)
1143+
if assert.Len(t, data.Items, 1) {
1144+
got := data.Items[0].Resource.(*unstructured.Unstructured)
1145+
assert.Equal(t, "other-cert", got.GetName(), "certificate with openshift.io/discovery annotation should be excluded")
1146+
}
1147+
}
1148+
1149+
// Verifies that per-gatherer ExcludeAnnotKeys and globally-appended keys both take effect.
1150+
func TestExcludeAnnotKeys_PerGathererAndGlobalMerge(t *testing.T) {
1151+
ctx := t.Context()
1152+
1153+
gvrToListKind := map[schema.GroupVersionResource]string{
1154+
{Group: "", Version: "v1", Resource: "secrets"}: "UnstructuredList",
1155+
}
1156+
1157+
excludedByPerGatherer := getObjectAnnot("v1", "Secret", "excluded-per-gatherer", "ns",
1158+
map[string]any{"per-gatherer.io/exclude": "true"},
1159+
map[string]any{},
1160+
)
1161+
excludedByGlobal := getObjectAnnot("v1", "Secret", "excluded-global", "ns",
1162+
map[string]any{"global.io/exclude": "true"},
1163+
map[string]any{},
1164+
)
1165+
included := getObjectAnnot("v1", "Secret", "included", "ns",
1166+
map[string]any{"other": "kept"},
1167+
map[string]any{},
1168+
)
1169+
1170+
cl := fake.NewSimpleDynamicClientWithCustomListKinds(
1171+
runtime.NewScheme(), gvrToListKind, excludedByPerGatherer, excludedByGlobal, included,
1172+
)
1173+
1174+
cfg := ConfigDynamic{
1175+
GroupVersionResource: schema.GroupVersionResource{Group: "", Version: "v1", Resource: "secrets"},
1176+
ExcludeAnnotationKeysRegex: []string{`^per-gatherer\.io/.*$`},
1177+
}
1178+
dg, err := cfg.newDataGathererWithClient(ctx, cl, nil)
1179+
require.NoError(t, err)
1180+
1181+
dgd := dg.(*DataGathererDynamic)
1182+
// simulate the append done in run.go after newDataGathererWithClient
1183+
dgd.ExcludeAnnotKeys = append(dgd.ExcludeAnnotKeys, regexp.MustCompile(`^global\.io/.*$`))
1184+
1185+
go func() { _ = dg.Run(ctx) }()
1186+
require.NoError(t, dgd.WaitForCacheSync(ctx))
1187+
1188+
res, count, err := dg.Fetch(ctx)
1189+
require.NoError(t, err)
1190+
1191+
data, ok := res.(*api.DynamicData)
1192+
require.True(t, ok)
1193+
1194+
assert.Equal(t, 1, count, "only the non-matching resource should be returned")
1195+
if assert.Len(t, data.Items, 1) {
1196+
got := data.Items[0].Resource.(*unstructured.Unstructured)
1197+
assert.Equal(t, "included", got.GetName())
1198+
}
1199+
}
1200+
11031201
func TestDynamicGathererNativeResources_Fetch(t *testing.T) {
11041202
// start a k8s client
11051203
// init the datagatherer's informer with the client

0 commit comments

Comments
 (0)