Skip to content
This repository was archived by the owner on Apr 17, 2025. It is now read-only.

Initial change to check exclude resource propagation #73

Closed
wants to merge 1 commit into from
Closed

Initial change to check exclude resource propagation #73

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion internal/validators/hierarchy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,14 @@ import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/validation/field"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
"sigs.k8s.io/hierarchical-namespaces/internal/pkg/selectors"

api "sigs.k8s.io/hierarchical-namespaces/api/v1alpha2"
"sigs.k8s.io/hierarchical-namespaces/internal/config"
Expand Down Expand Up @@ -244,6 +247,26 @@ func (v *Hierarchy) getConflictingObjects(newParent, ns *forest.Namespace) []str
return conflicts
}

// shouldPropagateSource returns true if the object should be propagated by the HNC. The following
// objects are not propagated:
// - Objects of a type whose mode is set to "remove" in the HNCConfiguration singleton
// - Objects with nonempty finalizer list
// - Objects have a selector that doesn't match the destination namespace
// - Service Account token secrets
Comment on lines +252 to +255
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code is not actually checking for this, but it should. I think you're trying to duplicate this? Maybe you can move that function to internal/object so that it can be called from here?

func (v *Hierarchy) shouldPropagateSource(inst *unstructured.Unstructured, nsLabels labels.Set) bool {
//func (v *Hierarchy) shouldPropagateSource() bool {
//log2 := v.Log.WithValues("ns", inst.GetNamespace(), "nsLabels", nsLabels.String())
if ok, err := selectors.ShouldPropagate(inst, nsLabels); err != nil {
// log2.Info("Checking shouldPropagateSource false", "nsLabel", nsLabels.String())
return false
} else if !ok {
// log2.Info("Checking shouldPropagateSource false", "nsLabel", nsLabels.String())
return false
}
//log2.Info("Checking shouldPropagateSource true", "nsLabel", nsLabels.String())
return true
}

// getConflictingObjectsOfType returns a list of namespaced objects if there's
// any conflict between the new ancestors and the descendants.
func (v *Hierarchy) getConflictingObjectsOfType(gvk schema.GroupVersionKind, newParent, ns *forest.Namespace) []string {
Expand All @@ -254,7 +277,7 @@ func (v *Hierarchy) getConflictingObjectsOfType(gvk schema.GroupVersionKind, new
// 'shouldPropagateSource()' rules from the reconcilers/object.go. Only
// propagatable ancestor source would cause overwriting conflict.
for _, o := range newParent.GetAncestorSourceObjects(gvk, "") {
newAnsSrcObjs[o.GetName()] = true
newAnsSrcObjs[o.GetName()] = v.shouldPropagateSource(o, newParent.GetLabels())
}

// Look in the descendants to find if there's any conflict.
Expand Down