[MESH-2164] - Adding readonly mode for rouitng policy following DR

istio-ecosystem · Sep 13, 2022 · 0cf2a1f · 0cf2a1f
1 parent 7e770d5
commit 0cf2a1f
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 2 deletions.
diff --git a/admiral/pkg/clusters/envoyfilter.go b/admiral/pkg/clusters/envoyfilter.go
@@ -28,7 +28,7 @@ func createOrUpdateEnvoyFilter(ctx context.Context, rc *RemoteController, routin
 
 	selectorLabelsSha, err := getSha1(workloadIdentityKey + common.GetRoutingPolicyEnv(routingPolicy))
 	if err != nil {
-		log.Error("error ocurred while computing workload labels sha1")
+		log.Error("error occurred while computing workload labels sha1")
 		return nil, err
 	}
 	if len(common.GetEnvoyFilterVersion()) == 0 {

diff --git a/admiral/pkg/clusters/types.go b/admiral/pkg/clusters/types.go
@@ -282,6 +282,10 @@ func (r *routingPolicyFilterCache) Put(identityEnvKey string, clusterId string,
 }
 
 func (r *routingPolicyFilterCache) Delete(identityEnvKey string) {
+	if CurrentAdmiralState.ReadOnly {
+		log.Infof(LogFormat, admiral.Delete, "routingpolicy", identityEnvKey, "", "skipping read-only mode")
+		return
+	}
 	if common.GetEnableRoutingPolicy() {
 		defer r.mutex.Unlock()
 		r.mutex.Lock()
@@ -292,6 +296,10 @@ func (r *routingPolicyFilterCache) Delete(identityEnvKey string) {
 	}
 }
 func (r RoutingPolicyHandler) Added(ctx context.Context, obj *v1.RoutingPolicy) {
+	if CurrentAdmiralState.ReadOnly {
+		log.Infof(LogFormat, admiral.Add, "routingpolicy", "", "", "skipping read-only mode")
+		return
+	}
 	if common.GetEnableRoutingPolicy() {
 		if common.ShouldIgnoreResource(obj.ObjectMeta) {
 			log.Infof(LogFormat, "success", "routingpolicy", obj.Name, "", "Ignored the RoutingPolicy because of the annotation")
@@ -334,6 +342,10 @@ func (r RoutingPolicyHandler) processroutingPolicy(ctx context.Context, dependen
 }
 
 func (r RoutingPolicyHandler) Updated(ctx context.Context, obj *v1.RoutingPolicy) {
+	if CurrentAdmiralState.ReadOnly {
+		log.Infof(LogFormat, admiral.Update, "routingpolicy", "", "", "skipping read-only mode")
+		return
+	}
 	if common.GetEnableRoutingPolicy() {
 		if common.ShouldIgnoreResource(obj.ObjectMeta) {
 			log.Infof(LogFormat, admiral.Update, "routingpolicy", obj.Name, "", "Ignored the RoutingPolicy because of the annotation")

diff --git a/admiral/pkg/clusters/types_test.go b/admiral/pkg/clusters/types_test.go
@@ -1,6 +1,7 @@
 package clusters
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"strings"
@@ -10,13 +11,14 @@ import (
 
 	"github.com/istio-ecosystem/admiral/admiral/pkg/apis/admiral/model"
 	istiofake "istio.io/client-go/pkg/clientset/versioned/fake"
-
+	"os"
 	argo "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	v1 "github.com/istio-ecosystem/admiral/admiral/pkg/apis/admiral/v1"
 	admiralFake "github.com/istio-ecosystem/admiral/admiral/pkg/client/clientset/versioned/fake"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/admiral"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/common"
+	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	v12 "k8s.io/api/apps/v1"
 	v13 "k8s.io/api/core/v1"
@@ -454,3 +456,84 @@ func TestRoutingPolicyHandler(t *testing.T) {
 	assert.Nil(t, registry.AdmiralCache.RoutingPolicyFilterCache.Get("bar3stage"))
 
 }
+
+func TestRoutingPolicyReadOnly(t *testing.T) {
+	p := common.AdmiralParams{
+		KubeconfigPath:             "testdata/fake.config",
+		LabelSet:                   &common.LabelSet{},
+		EnableSAN:                  true,
+		SANPrefix:                  "prefix",
+		HostnameSuffix:             "mesh",
+		SyncNamespace:              "ns",
+		CacheRefreshDuration:       time.Minute,
+		ClusterRegistriesNamespace: "default",
+		DependenciesNamespace:      "default",
+		SecretResolver:             "",
+		EnableRoutingPolicy:        true,
+		EnvoyFilterVersion:         "1.13",
+	}
+
+	p.LabelSet.WorkloadIdentityKey = "identity"
+	p.LabelSet.EnvKey = "admiral.io/env"
+	p.LabelSet.GlobalTrafficDeploymentLabel = "identity"
+
+	handler := RoutingPolicyHandler{}
+
+	testcases := []struct {
+		name      string
+		rp       *v1.RoutingPolicy
+		readOnly bool
+		doesError bool
+	}{
+		{
+			name: "Readonly test - Routing Policy",
+			rp: &v1.RoutingPolicy{
+
+			},
+			readOnly: true,
+			doesError: true,
+		},
+		{
+			name: "Readonly false test - Routing Policy",
+			rp: &v1.RoutingPolicy{
+
+			},
+			readOnly: false,
+			doesError: false,
+		},
+	}
+
+	ctx := context.Background()
+
+	for _, c := range testcases {
+		t.Run(c.name, func(t *testing.T) {
+			if c.readOnly {
+				CurrentAdmiralState.ReadOnly = true
+			}else{
+				CurrentAdmiralState.ReadOnly = false
+			}
+			var buf bytes.Buffer
+			log.SetOutput(&buf)
+			defer func() {
+				log.SetOutput(os.Stderr)
+			}()
+			// Add routing policy test
+			handler.Added(ctx, c.rp)
+			t.Log(buf.String())
+			val := strings.Contains(buf.String(),"skipping read-only mode")
+			assert.Equal(t, c.doesError,val)
+
+			// Update routing policy test
+			handler.Updated(ctx, c.rp)
+			t.Log(buf.String())
+			val = strings.Contains(buf.String(),"skipping read-only mode")
+			assert.Equal(t, c.doesError,val)
+
+			// Delete routing policy test
+			handler.Deleted(ctx, c.rp)
+			t.Log(buf.String())
+			val = strings.Contains(buf.String(),"skipping read-only mode")
+			assert.Equal(t, c.doesError,val)
+		})
+	}
+}