Global prune 2

lib/krane/cli/global_deploy_command.rb

@@ -14,6 +14,8 @@ class GlobalDeployCommand
                              desc: "Verify workloads correctly deployed" },
         "selector" => { type: :string, banner: "'label=value'", required: true,
                         desc: "Select workloads owned by selector(s)" },
+        "prune" => { type: :boolean, desc: "Enable deletion of resources that do not appear in the template dir",
+                     default: true },
       }
 
       def self.from_options(context, options)
@@ -35,7 +37,7 @@ def self.from_options(context, options)
 
           deploy.run!(
             verify_result: options["verify-result"],
-            prune: false,
+            prune: options[:prune],
           )
         end
       end

lib/krane/cluster_resource_discovery.rb

@@ -17,13 +17,38 @@ def crds
     end
 
     def global_resource_kinds
-      @globals ||= fetch_globals.map { |g| g["kind"] }
+      @globals ||= fetch_resources(only_globals: true).map { |g| g["kind"] }
+    end
+
+    def prunable_resources
+      api_versions = fetch_api_versions
+      fetch_resources.map do |resource|
+        next unless resource['verbs'].include?("delete")
+        version = api_versions.fetch(resource['apigroup'], ['v1']).last
+        [resource['apigroup'], version, resource['kind']].compact.join("/")
+      end.compact
     end
 
     private
 
-    def fetch_globals
-      raw, _, st = kubectl.run("api-resources", "--namespaced=false", output: "wide", attempts: 5,
+    def fetch_api_versions
+      raw, _, st = kubectl.run("api-versions", attempts: 5, use_namespace: false)
+      if st.success?
+        rows = raw.split("\n")
+        rows.each_with_object({}) do |group_version, hash|
+          group, version = group_version.split("/")
+          hash[group] ||= []
+          hash[group] << version
+        end
+      else
+        {}
+      end
+    end
+
+    def fetch_resources(only_globals: false)
+      command = %w(api-resources)
+      command << "--namespaced=false" if only_globals
+      raw, _, st = kubectl.run(*command, output: "wide", attempts: 5,
         use_namespace: false)
       if st.success?
         rows = raw.split("\n")
@@ -34,6 +59,7 @@ def fetch_globals
         fields = full_width_field_names.each_with_object({}) do |name, hash|
           start = cursor
           cursor = start + name.length
+          cursor = 0 if full_width_field_names.last == name.strip
           hash[name.strip] = [start, cursor - 1]
         end
         resources.map { |r| fields.map { |k, (s, e)| [k.strip, r[s..e].strip] }.to_h }

lib/krane/global_deploy_task.rb

@@ -103,7 +103,6 @@ def run!(verify_result: true, prune: true)
     private
 
     def deploy!(resources, verify_result, prune)
-      prune_whitelist = []
       resource_deployer = ResourceDeployer.new(task_config: @task_config,
         prune_whitelist: prune_whitelist, max_watch_seconds: @global_timeout,
         selector: @selector, statsd_tags: statsd_tags)
@@ -197,6 +196,13 @@ def kubeclient_builder
       @kubeclient_builder ||= KubeclientBuilder.new
     end
 
+    def prune_whitelist
+      black_list = %w(Namespace Node)
+      cluster_resource_discoverer.prunable_resources.select do |gvk|
+        global_kinds.any? { |g| gvk.include?(g) } && black_list.none? { |b| gvk.include?(b) }
+      end
+    end
+
     def check_initial_status(resources)
       cache = ResourceCache.new(@task_config)
       Concurrency.split_across_threads(resources) { |r| r.sync(cache) }

lib/krane/kubeclient_builder.rb

@@ -103,6 +103,14 @@ def build_storage_v1_kubeclient(context)
       )
     end
 
+    def build_scheduling_v1beta1_kubeclient(context)
+      build_kubeclient(
+        api_version: "v1beta1",
+        context: context,
+        endpoint_path: "/apis/scheduling.k8s.io"
+      )
+    end
+
     def validate_config_files
       errors = []
       if @kubeconfig_files.empty?

test/exe/global_deploy_test.rb

@@ -36,6 +36,11 @@ def test_deploy_parses_selector
     krane_global_deploy!(flags: "--selector #{selector}")
   end
 
+  def test_deploy_parses_prune
+    set_krane_global_deploy_expectations!(run_args: { prune: false })
+    krane_global_deploy!(flags: '--prune false')
+  end
+
   private
 
   def set_krane_global_deploy_expectations!(new_args: {}, run_args: {})
@@ -68,7 +73,7 @@ def default_options(new_args = {}, run_args = {})
       }.merge(new_args),
       run_args: {
         verify_result: true,
-        prune: false,
+        prune: true,
       }.merge(run_args),
     }
   end

test/fixtures/globals/priority_class.yml

@@ -0,0 +1,8 @@
+apiVersion: scheduling.k8s.io/v1beta1
+description: Used for testing global deploys and pruning.
+kind: PriorityClass
+metadata:
+  name: testing-priority-class
+  labels:
+    app: krane
+value: 20

test/helpers/fixture_deploy_helper.rb

@@ -46,7 +46,7 @@ def deploy_global_fixtures(set, subset: nil, **args)
     fixtures = load_fixtures(set, subset)
     raise "Cannot deploy empty template set" if fixtures.empty?
     args[:selector] ||= "test=#{@namespace}"
-    namespace_globals(fixtures)
+    namespace_globals(fixtures, args[:selector])
 
     yield fixtures if block_given?
 
@@ -104,7 +104,7 @@ def deploy_dirs_without_profiling(dirs, wait: true, allow_protected_ns: false, p
     )
   end
 
-  def global_deploy_dirs_without_profiling(dirs, verify_result: true, prune: false,
+  def global_deploy_dirs_without_profiling(dirs, clean_up: true, verify_result: true, prune: true,
     global_timeout: 300, selector:)
     deploy = Krane::GlobalDeployTask.new(
       context: KubeclientHelper::TEST_CONTEXT,
@@ -118,7 +118,7 @@ def global_deploy_dirs_without_profiling(dirs, verify_result: true, prune: false
       prune: prune
     )
   ensure
-    delete_globals(Array(dirs))
+    delete_globals(Array(dirs)) if clean_up
   end
 
   # Deploys all fixtures in the given directories via KubernetesDeploy::DeployTask
@@ -180,13 +180,15 @@ def build_kubectl(log_failure_by_default: true, timeout: '5s')
       log_failure_by_default: log_failure_by_default, default_timeout: timeout)
   end
 
-  def namespace_globals(fixtures)
+  def namespace_globals(fixtures, selector)
+    selector_key, selector_value = selector.split("=")
     fixtures.each do |_, kinds_map|
       kinds_map.each do |_, resources|
         resources.each do |resource|
           resource["metadata"]["name"] = (resource["metadata"]["name"] + @namespace)[0..63]
+          resource["metadata"]["name"] += "0" if resource["metadata"]["name"].end_with?("-")
           resource["metadata"]["labels"] ||= {}
-          resource["metadata"]["labels"]["test"] = @namespace
+          resource["metadata"]["labels"][selector_key] = selector_value
         end
       end
     end

test/helpers/kubeclient_helper.rb

@@ -52,6 +52,10 @@ def storage_v1_kubeclient
     @storage_v1_kubeclient ||= kubeclient_builder.build_storage_v1_kubeclient(TEST_CONTEXT)
   end
 
+  def scheduling_v1beta1_kubeclient
+    @scheduling_v1beta1_kubeclient ||= kubeclient_builder.build_scheduling_v1beta1_kubeclient(TEST_CONTEXT)
+  end
+
   def kubeclient_builder
     @kubeclient_builder ||= Krane::KubeclientBuilder.new
   end

test/integration-serial/serial_deploy_test.rb

@@ -603,6 +603,24 @@ def test_global_deploy_validation_catches_namespaced_cr
     wait_for_all_crd_deletion
   end
 
+  def test_global_deploy_prune_black_box_success
+    setup_template_dir("globals") do |target_dir|
+      flags = "-f #{target_dir} --selector app=krane"
+      out, err, status = krane_black_box("global-deploy", "#{KubeclientHelper::TEST_CONTEXT} #{flags}")
+      assert_empty(out)
+      assert_match("Success", err)
+      assert_predicate(status, :success?)
+
+      flags = "-f #{target_dir}/storage_classes.yml --selector app=krane"
+      out, err, status = krane_black_box("global-deploy", "#{KubeclientHelper::TEST_CONTEXT} #{flags}")
+      assert_empty(out)
+      assert_match("Pruned 1 resource and successfully deployed 1 resource", err)
+      assert_predicate(status, :success?)
+    end
+  ensure
+    build_kubectl.run("delete", "-f", fixture_path("globals"), use_namespace: false, log_failure: false)
+  end
+
   private
 
   def wait_for_all_crd_deletion

test/integration/global_deploy_test.rb

@@ -14,14 +14,17 @@ def test_global_deploy_task_success
       "Phase 2: Checking initial resource statuses",
       %r{StorageClass\/testing-storage-class[\w-]+\s+Not Found},
       "Phase 3: Deploying all resources",
-      %r{Deploying StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
+      "Deploying resources:",
+      %r{StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
+      %r{PriorityClass/testing-priority-class[\w-]+ \(timeout: 300s\)},
       "Don't know how to monitor resources of type StorageClass.",
       %r{Assuming StorageClass\/testing-storage-class[\w-]+ deployed successfully.},
-      %r{Successfully deployed in [\d.]+s: StorageClass\/testing-storage-class},
+      %r{Successfully deployed in [\d.]+s: PriorityClass/testing-priority-class[\w-]+, StorageClass\/testing-storage-},
       "Result: SUCCESS",
-      "Successfully deployed 1 resource",
+      "Successfully deployed 2 resource",
       "Successful resources",
       "StorageClass/testing-storage-class",
+      "PriorityClass/testing-priority-class",
     ])
   end
 
@@ -37,9 +40,9 @@ def test_global_deploy_task_success_timeout
       "Phase 2: Checking initial resource statuses",
       %r{StorageClass\/testing-storage-class[\w-]+\s+Not Found},
       "Phase 3: Deploying all resources",
-      %r{Deploying StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
+      "Deploying resources:",
       "Result: TIMED OUT",
-      "Timed out waiting for 1 resource to deploy",
+      "Timed out waiting for 2 resources to deploy",
       %r{StorageClass\/testing-storage-class[\w-]+: GLOBAL WATCH TIMEOUT \(0 seconds\)},
       "If you expected it to take longer than 0 seconds for your deploy to roll out, increase --max-watch-seconds.",
     ])
@@ -54,12 +57,16 @@ def test_global_deploy_task_success_verify_false
       "All required parameters and files are present",
       "Discovering resources:",
       "  - StorageClass/testing-storage-class",
+      "  - PriorityClass/testing-priority-class",
       "Phase 2: Checking initial resource statuses",
       %r{StorageClass\/testing-storage-class[\w-]+\s+Not Found},
+      %r{PriorityClass/testing-priority-class[\w-]+\s+Not Found},
       "Phase 3: Deploying all resources",
-      %r{Deploying StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
+      "Deploying resources:",
+      %r{StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
+      %r{PriorityClass/testing-priority-class[\w-]+ \(timeout: 300s\)},
       "Result: SUCCESS",
-      "Deployed 1 resource",
+      "Deployed 2 resource",
       "Deploy result verification is disabled for this deploy.",
       "This means the desired changes were communicated to Kubernetes, but the"\
       " deploy did not make sure they actually succeeded.",
@@ -77,7 +84,7 @@ def test_global_deploy_task_empty_selector_validation_failure
   end
 
   def test_global_deploy_task_success_selector
-    selector = "app=krane"
+    selector = "app=krane2"
     assert_deploy_success(deploy_global_fixtures('globals', selector: selector))
 
     assert_logs_match_all([
@@ -89,14 +96,17 @@ def test_global_deploy_task_success_selector
       "Phase 2: Checking initial resource statuses",
       %r{StorageClass\/testing-storage-class[\w-]+\s+Not Found},
       "Phase 3: Deploying all resources",
-      %r{Deploying StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
+      "Deploying resources:",
+      %r{PriorityClass/testing-priority-class[\w-]+ \(timeout: 300s\)},
+      %r{StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
       "Don't know how to monitor resources of type StorageClass.",
       %r{Assuming StorageClass\/testing-storage-class[\w-]+ deployed successfully.},
-      %r{Successfully deployed in [\d.]+s: StorageClass\/testing-storage-class},
+      /Successfully deployed in [\d.]+s/,
       "Result: SUCCESS",
-      "Successfully deployed 1 resource",
+      "Successfully deployed 2 resource",
       "Successful resources",
       "StorageClass/testing-storage-class",
+      "PriorityClass/testing-priority-class",
     ])
   end
 
@@ -116,4 +126,54 @@ def test_global_deploy_task_failure
       "Template validation failed",
     ])
   end
+
+  def test_global_deploy_prune_black_box_success
+    assert_deploy_success(deploy_global_fixtures('globals', clean_up: false, selector: 'test=prune1'))
+    reset_logger
+    assert_deploy_success(deploy_global_fixtures('globals', subset: 'storage_classes.yml', selector: 'test=prune1'))
+    assert_logs_match_all([
+      "Phase 1: Initializing deploy",
+      "Using resource selector test=prune1",
+      "All required parameters and files are present",
+      "Discovering resources:",
+      "  - StorageClass/testing-storage-class",
+      "Phase 2: Checking initial resource statuses",
+      %r{StorageClass\/testing-storage-class[\w-]+\s+Exists},
+      "Phase 3: Deploying all resources",
+      %r{Deploying StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
+      "Don't know how to monitor resources of type StorageClass.",
+      %r{Assuming StorageClass\/testing-storage-class[\w-]+ deployed successfully.},
+      %r{Successfully deployed in [\d.]+s: StorageClass\/testing-storage-class},
+      "Result: SUCCESS",
+      "Pruned 1 resource and successfully deployed 1 resource",
+      "Successful resources",
+      "StorageClass/testing-storage-class",
+    ])
+  end
+
+  def test_no_prune_global_deploy_black_box_success
+    assert_deploy_success(deploy_global_fixtures('globals', clean_up: false, selector: 'test=prune2'))
+    reset_logger
+    assert_deploy_success(deploy_global_fixtures('globals', subset: 'storage_classes.yml',
+      selector: "test=prune2", prune: false))
+    assert_logs_match_all([
+      "Phase 1: Initializing deploy",
+      "Using resource selector test=prune2",
+      "All required parameters and files are present",
+      "Discovering resources:",
+      "  - StorageClass/testing-storage-class",
+      "Phase 2: Checking initial resource statuses",
+      %r{StorageClass\/testing-storage-class[\w-]+\s+Exists},
+      "Phase 3: Deploying all resources",
+      %r{Deploying StorageClass\/testing-storage-class[\w-]+ \(timeout: 300s\)},
+      "Don't know how to monitor resources of type StorageClass.",
+      %r{Assuming StorageClass\/testing-storage-class[\w-]+ deployed successfully.},
+      %r{Successfully deployed in [\d.]+s: StorageClass\/testing-storage-class},
+      "Result: SUCCESS",
+      "Successfully deployed 1 resource",
+      "Successful resources",
+      "StorageClass/testing-storage-class",
+    ])
+    assert_deploy_success(deploy_global_fixtures('globals', selector: 'test=prune2'))
+  end
 end

test/unit/cluster_resource_discovery_test.rb

@@ -17,6 +17,15 @@ def test_global_resource_kinds_success
     end
   end
 
+  def test_prunable_resources
+    crd = mocked_cluster_resource_discovery(full_response)
+    kinds = crd.prunable_resources
+    assert_equal(kinds.length, 15)
+    %w(scheduling.k8s.io/v1/PriorityClass storage.k8s.io/v1/StorageClass).each do |kind|
+      assert_includes(kinds, kind)
+    end
+  end
+
   private
 
   def mocked_cluster_resource_discovery(response, success: true)