Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: store original policy name in metadata #9615

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions apiserver/cmd/apiserver/server/run_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,11 @@ func RunServer(opts *CalicoServerOptions, server *apiserver.ProjectCalicoServer)
server.CalicoResourceLister.WaitForCacheSync(ctx.Done())
server.SharedInformerFactory.WaitForCacheSync(ctx.Done())

err := migratePolicyNames()
if err != nil {
klog.Infof("Error updating tier names: %v", err)
}

if opts.PrintSwagger {
if err := server.GenericAPIServer.AddPostStartHook("swagger-printer",
func(context genericapiserver.PostStartHookContext) error {
Expand Down
56 changes: 56 additions & 0 deletions apiserver/cmd/apiserver/server/tier_upgrade.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package server

import (
"context"
"strings"

"k8s.io/klog/v2"

client "github.com/projectcalico/calico/libcalico-go/lib/clientv3"
"github.com/projectcalico/calico/libcalico-go/lib/options"
)

func migratePolicyNames() error {
klog.Infof("Migrating policy names")
calicoClient, err := client.NewFromEnv()
if err != nil {
return err
}

networkPolicies, err := calicoClient.NetworkPolicies().List(context.Background(), options.ListOptions{})
if err != nil {
return err
}
for _, policy := range networkPolicies.Items {
policy.Name = updateName(policy.Name)
_, err = calicoClient.NetworkPolicies().Update(context.Background(), &policy, options.SetOptions{})
if err != nil {
return err
}
}

globalNetworkPolicies, err := calicoClient.GlobalNetworkPolicies().List(context.Background(), options.ListOptions{})
if err != nil {
return err
}
for _, policy := range globalNetworkPolicies.Items {
policy.Name = updateName(policy.Name)
_, err = calicoClient.GlobalNetworkPolicies().Update(context.Background(), &policy, options.SetOptions{})
if err != nil {
return err
}
}

return nil
}

func updateName(name string) string {
if strings.HasPrefix(name, "default.") {
name = strings.TrimPrefix(name, "default.")
}
return name
}

func updateNeeded() bool {
return true
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ package networkpolicy
import (
"context"

calico "github.com/projectcalico/api/pkg/apis/projectcalico/v3"
"k8s.io/apimachinery/pkg/api/meta"
metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand All @@ -28,6 +27,8 @@ import (
genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
"k8s.io/apiserver/pkg/registry/rest"

calico "github.com/projectcalico/api/pkg/apis/projectcalico/v3"

"github.com/projectcalico/calico/apiserver/pkg/rbac"
"github.com/projectcalico/calico/apiserver/pkg/registry/projectcalico/authorizer"
"github.com/projectcalico/calico/apiserver/pkg/registry/projectcalico/server"
Expand Down
26 changes: 0 additions & 26 deletions apiserver/pkg/registry/projectcalico/networkpolicy/strategy.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ package networkpolicy
import (
"context"
"fmt"
"strings"

calico "github.com/projectcalico/api/pkg/apis/projectcalico/v3"
"k8s.io/apimachinery/pkg/fields"
Expand All @@ -43,34 +42,9 @@ func (policyStrategy) NamespaceScoped() bool {
}

func (policyStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
obj.(*calico.NetworkPolicy).Name = canonicalizePolicyName(obj)
}

func (policyStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
obj.(*calico.NetworkPolicy).Name = canonicalizePolicyName(old)
}

func canonicalizePolicyName(obj runtime.Object) string {
// Policies without a tier prepended to their name should have the tier prepended.
// It's possible for a user to send a policy with one of two name formats:
//
// - "tier.policy"
// - "policy"
//
// The logic below handles canonicalizing the name to the former.
tier := "default"
if oldPolicy, ok := obj.(*calico.NetworkPolicy); ok && oldPolicy.Spec.Tier != "" {
tier = oldPolicy.Spec.Tier
}

policy := obj.(*calico.NetworkPolicy)
if len(strings.Split(policy.Name, ".")) == 1 {
// Tier is not included in the name - add it.
return tier + "." + policy.Name
}

// Name already includes the tier.
return policy.Name
}

func (policyStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
Expand Down
13 changes: 12 additions & 1 deletion libcalico-go/lib/backend/k8s/resources/resources.go
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,15 @@ func ConvertCalicoResourceToK8sResource(resIn Resource) (Resource, error) {
romCopy.ResourceVersion = ""
romCopy.UID = ""

labels := rom.GetLabels()
if labels != nil {
if _, ok := labels["projectcalico.org/metadata-name"]; ok {
romCopy.Name = labels["projectcalico.org/metadata-name"]
delete(labels, "projectcalico.org/metadata-name")
romCopy.SetLabels(labels)
}
}

// Any projectcalico.org/v3 owners need to be translated to their equivalent crd.projectcalico.org/v1 representations.
// They will be converted back on read.
var err error
Expand Down Expand Up @@ -293,7 +302,9 @@ func ConvertK8sResourceToCalicoResource(res Resource) error {

// Manually write in the data not stored in the annotations: Name, Namespace, ResourceVersion,
// so that they do not get overwritten.
meta.Name = rom.GetName()
if meta.Name == "" {
meta.Name = rom.GetName()
}
meta.Namespace = rom.GetNamespace()
meta.ResourceVersion = rom.GetResourceVersion()
meta.UID = rom.GetUID()
Expand Down
22 changes: 21 additions & 1 deletion libcalico-go/lib/clientv3/networkpolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,11 @@ package clientv3
import (
"context"

apiv3 "github.com/projectcalico/api/pkg/apis/projectcalico/v3"
errors2 "github.com/juju/errors"
log "github.com/sirupsen/logrus"

apiv3 "github.com/projectcalico/api/pkg/apis/projectcalico/v3"

"github.com/projectcalico/calico/libcalico-go/lib/names"
"github.com/projectcalico/calico/libcalico-go/lib/options"
validator "github.com/projectcalico/calico/libcalico-go/lib/validator/v3"
Expand All @@ -44,6 +46,8 @@ type networkPolicies struct {
// Create takes the representation of a NetworkPolicy and creates it. Returns the stored
// representation of the NetworkPolicy, and an error, if there is any.
func (r networkPolicies) Create(ctx context.Context, res *apiv3.NetworkPolicy, opts options.SetOptions) (*apiv3.NetworkPolicy, error) {
storeOriginalName(res)

// Before creating the policy, check that the tier exists.
tier := names.TierOrDefault(res.Spec.Tier)
if _, err := r.client.resources.Get(ctx, options.GetOptions{}, apiv3.KindTier, noNamespace, tier); err != nil {
Expand Down Expand Up @@ -91,6 +95,8 @@ func (r networkPolicies) Create(ctx context.Context, res *apiv3.NetworkPolicy, o
// Update takes the representation of a NetworkPolicy and updates it. Returns the stored
// representation of the NetworkPolicy, and an error, if there is any.
func (r networkPolicies) Update(ctx context.Context, res *apiv3.NetworkPolicy, opts options.SetOptions) (*apiv3.NetworkPolicy, error) {
storeOriginalName(res)

if res != nil {
// Since we're about to default some fields, take a (shallow) copy of the input data
// before we do so.
Expand Down Expand Up @@ -147,6 +153,10 @@ func (r networkPolicies) Get(ctx context.Context, namespace, name string, opts o
backendPolicyName := names.TieredPolicyName(name)
out, err := r.client.resources.Get(ctx, opts, apiv3.KindNetworkPolicy, namespace, backendPolicyName)
if out != nil {
if name != out.GetObjectMeta().GetName() {
// If the name is different, we need to return a not found error.
return nil, errors2.NotFoundf("%s \"%s\" not found", apiv3.KindNetworkPolicy, name)
}
// Add the tier labels if necessary
out.GetObjectMeta().SetLabels(defaultTierLabelIfMissing(out.GetObjectMeta().GetLabels()))
// Fill in the tier information from the policy name if we find it missing.
Expand Down Expand Up @@ -205,3 +215,13 @@ func (r networkPolicies) Watch(ctx context.Context, opts options.ListOptions) (w

return r.client.resources.Watch(ctx, opts, apiv3.KindNetworkPolicy, &policyConverter{})
}

func storeOriginalName(res *apiv3.NetworkPolicy) {
originalName := res.GetObjectMeta().GetName()
labels := res.GetObjectMeta().GetLabels()
if labels == nil {
labels = map[string]string{}
}
labels["projectcalico.org/metadata-name"] = originalName
res.GetObjectMeta().SetLabels(labels)
}
Loading