Skip to content

Commit

Permalink
option to exclude CRDs from multi-instance/namespace inheritance
Browse files Browse the repository at this point in the history
  • Loading branch information
wr0ngway committed Jan 20, 2022
1 parent 464b848 commit 217639a
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 10 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ Parameterize the helm install with `--set *` or `--values yourConfig.yaml` to co
| projectMappings.root.key_selector | A regexp to limit the keys acted against (client-side). Supplies any named matches for template evaluation | string | "" | no |
| projectMappings.root.tag | The version tag used when querying for parameters | string | `none` | no |
| projectMappings.root.skip | Skips the generation of resources for the selected projects | flag | false | no |
| projectMappings.root.suppress_namespace_inheritance | Prevents the CRD from the primary namespace from being [inherited by secondary namespaces](#multi-instance-config) | flag | false | no |
| projectMappings.root.log_level | Sets the kubetruth logging level while handling the selected projects | enum(debug, info, warn, error, fatal) | `as set by cli` | no |
| projectMappings.root.included_projects | Include the parameters from other projects into the selected ones. This can be recursive in a depth first fashion, so if A imports B and B imports C, then A will get B's and C's parameters. For key conflicts, if A includes B and B includes C, then the precendence is A overrides B overrides C. If A includes \[B, C], then the precendence is A overrides C overrides B. | list | [] | no |
| projectMappings.root.context | Additional variables made available to the resource templates. Can also be templates | map | [default](helm/kubetruth/values.yaml#L93-L129) | no |
Expand Down
3 changes: 3 additions & 0 deletions helm/helmv2/templates/projectmapping.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ spec:
skip:
type: boolean
description: Skips the generation of resources for the selected projects. Useful for excluding projects that should only be included into others.
suppress_namespace_inheritance:
type: boolean
description: Prevents the CRD from the primary namespace from being inherited by secondary namespaces
log_level:
type: string
description: The level of logging to use
Expand Down
3 changes: 3 additions & 0 deletions helm/kubetruth/crds/projectmapping.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ spec:
skip:
type: boolean
description: Skips the generation of resources for the selected projects
suppress_namespace_inheritance:
type: boolean
description: Prevents the CRD from the primary namespace from being inherited by secondary namespaces
log_level:
type: string
description: The level of logging to use
Expand Down
2 changes: 2 additions & 0 deletions lib/kubetruth/config.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ class DuplicateSelection < Kubetruth::Error; end
:environment,
:tag,
:skip,
:suppress_namespace_inheritance,
:log_level,
:included_projects,
:context,
Expand Down Expand Up @@ -58,6 +59,7 @@ def templates
environment: 'default',
tag: nil,
skip: false,
suppress_namespace_inheritance: false,
log_level: nil,
included_projects: [],
context: {},
Expand Down
2 changes: 2 additions & 0 deletions lib/kubetruth/etl.rb
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ def load_config
yield kubeapi.namespace, primary_config if block_given?
end

primary_mappings.delete_if {|k, v| v[:suppress_namespace_inheritance] }

mappings_by_ns.each do |namespace, ns_mappings|
async(annotation: "Secondary Config: #{namespace}") do
secondary_mappings = primary_mappings.deep_merge(ns_mappings)
Expand Down
45 changes: 35 additions & 10 deletions spec/kubetruth/etl_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -168,9 +168,9 @@ class ForceExit < Exception; end
expect(@kubeapi).to receive(:get_project_mappings).and_return(
{
"primary-ns" => {
"myroot" => Config::DEFAULT_SPEC.merge(scope: "root", name: "myroot"),
"override1" => Config::DEFAULT_SPEC.merge(scope: "override", name: "override1"),
"override2" => Config::DEFAULT_SPEC.merge(scope: "override", name: "override2")
"myroot" => {scope: "root", name: "myroot"},
"override1" => {scope: "override", name: "override1"},
"override2" => {scope: "override", name: "override2"}
}
})
configs = etl.load_config
Expand All @@ -185,12 +185,12 @@ class ForceExit < Exception; end
expect(@kubeapi).to receive(:get_project_mappings).and_return(
{
"primary-ns" => {
"myroot" => Config::DEFAULT_SPEC.merge(scope: "root", name: "myroot"),
"override1" => Config::DEFAULT_SPEC.merge(scope: "override", name: "override1")
"myroot" => {scope: "root", name: "myroot", project_selector: "primary"},
"override1" => {scope: "override", name: "override1"}
},
"other-ns" => {
"myroot" => Config::DEFAULT_SPEC.merge(scope: "root", name: "myroot", environment: "otherenv"),
"override1" => Config::DEFAULT_SPEC.merge(scope: "override", name: "override1")
"myroot" => {scope: "root", name: "myroot", environment: "otherenv"},
"override1" => {scope: "override", name: "override1"}
}
})
configs = etl.load_config
Expand All @@ -200,22 +200,47 @@ class ForceExit < Exception; end
expect(configs.first.override_specs.collect(&:name)).to eq(["override1"])
expect(configs.last).to be_an_instance_of(Kubetruth::Config)
expect(configs.last.root_spec.name).to eq("myroot")
expect(configs.last.root_spec.project_selector.source).to eq("primary")
expect(configs.last.root_spec.environment).to eq("otherenv")
expect(configs.last.override_specs.collect(&:name)).to eq(["override1"])
end

it "excludes suppressed config for multiple instances" do
allow(@kubeapi).to receive(:namespace).and_return("primary-ns")
expect(@kubeapi).to receive(:get_project_mappings).and_return(
{
"primary-ns" => {
"myroot" => {scope: "root", name: "myroot", project_selector: "primary", suppress_namespace_inheritance: true},
"override1" => {scope: "override", name: "override1", suppress_namespace_inheritance: true}
},
"other-ns" => {
"myroot" => {scope: "root", name: "myroot", environment: "otherenv"},
}
})
configs = etl.load_config
expect(configs.size).to eq(2)
expect(configs.first).to be_an_instance_of(Kubetruth::Config)
expect(configs.first.root_spec.name).to eq("myroot")
expect(configs.first.override_specs.collect(&:name)).to eq(["override1"])
expect(configs.last).to be_an_instance_of(Kubetruth::Config)
expect(configs.last.root_spec.name).to eq("myroot")
expect(configs.last.root_spec.environment).to eq("otherenv")
expect(configs.last.root_spec.project_selector).to_not eq("primary")
expect(configs.last.override_specs).to eq([])
end

it "yields config for multiple instances" do
allow(@kubeapi).to receive(:namespace).and_return("primary-ns")
expect(@kubeapi).to receive(:get_project_mappings).and_return(
{
"primary-ns" => {
"myroot" => Config::DEFAULT_SPEC.merge(scope: "root", name: "myroot"),
"myroot" => {cope: "root", name: "myroot"},
},
"other-ns" => {
"myroot" => Config::DEFAULT_SPEC.merge(scope: "root", name: "myroot", environment: "otherenv"),
"myroot" => {scope: "root", name: "myroot", environment: "otherenv"},
},
"yetanother-ns" => {
"myroot" => Config::DEFAULT_SPEC.merge(scope: "root", name: "myroot", environment: "env3"),
"myroot" => {scope: "root", name: "myroot", environment: "env3"},
}
})

Expand Down

0 comments on commit 217639a

Please sign in to comment.