Skip to content

Commit

Permalink
Merge branch 'main' into ver/authz-crd
Browse files Browse the repository at this point in the history
  • Loading branch information
@olix0r
olix0r committed Mar 28, 2022
2 parents 1baa3bf + 00954d7 commit d2dcf4e
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 61 deletions.
25 changes: 14 additions & 11 deletions .github/workflows/policy_controller.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ jobs:
strategy:
matrix:
component:
- cli-bin
- controller
- policy-controller
- proxy
Expand Down Expand Up @@ -162,6 +163,8 @@ jobs:
name: Policy controller integration
runs-on: ubuntu-20.04
timeout-minutes: 20
env:
LINKERD_DOCKER_REGISTRY: ghcr.io/linkerd
steps:
- name: Checkout code
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
Expand Down Expand Up @@ -218,17 +221,17 @@ jobs:
echo retrying...
done
# Build the CLI and install Linkerd.
- uses: actions/setup-go@f6164bd8c8acb4a71fb2791a8b6c4024ff038dab
with:
go-version: '1.17'
- name: Build the Linkerd CLI
run: bin/linkerd version --short --client
- run: bin/linkerd check --pre --wait=1m
- run: bin/linkerd install | kubectl apply -f -
env:
LINKERD_DOCKER_REGISTRY: ghcr.io/linkerd
- run: bin/linkerd check --wait=1m
# Install the Linkerd CLI from a docker image
- name: Install the Linkerd CLI
run: |
tag="$(CI_FORCE_CLEAN=1 bin/root-tag)"
docker load <image-archives/cli-bin.tar
container_id=$(docker create "ghcr.io/linkerd/cli-bin:$tag")
docker cp "$container_id":/out/linkerd-linux-amd64 /usr/local/bin/linkerd
docker rm "$container_id"
- run: linkerd check --pre --wait=1m
- run: linkerd install | kubectl apply -f -
- run: linkerd check --wait=1m

# Run the tests.
- run: cargo test -p linkerd-policy-test --frozen
16 changes: 8 additions & 8 deletions Cargo.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,9 @@ dependencies = [

[[package]]
name = "async-trait"
version = "0.1.52"
version = "0.1.53"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "061a7acccaa286c011ddc30970520b98fa40e00c9d644633fb26b5fc63a265e3"
checksum = "ed6aa3524a2dfcf9fe180c51eae2b58738348d819517ceadf95789c51fff7600"
dependencies = [
"proc-macro2",
"quote",
Expand Down Expand Up @@ -1115,9 +1115,9 @@ checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a"

[[package]]
name = "native-tls"
version = "0.2.8"
version = "0.2.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48ba9f7719b5a0f42f338907614285fb5fd70e53858141f69898a1fb7203b24d"
checksum = "09bf6f32a3afefd0b587ee42ed19acd945c6d1f3b5424040f50b2f24ab16be77"
dependencies = [
"lazy_static",
"libc",
Expand Down Expand Up @@ -1406,9 +1406,9 @@ dependencies = [

[[package]]
name = "quote"
version = "1.0.16"
version = "1.0.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b4af2ec4714533fcdf07e886f17025ace8b997b9ce51204ee69b6da831c3da57"
checksum = "632d02bff7f874a36f33ea8bb416cd484b90cc66c1194b1a1110d067a7013f58"
dependencies = [
"proc-macro2",
]
Expand Down Expand Up @@ -1445,9 +1445,9 @@ dependencies = [

[[package]]
name = "redox_syscall"
version = "0.2.11"
version = "0.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8380fe0152551244f0747b1bf41737e0f8a74f97a14ccefd1148187271634f3c"
checksum = "8ae183fc1b06c149f0c1793e1eb447c8b04bfe46d48e9e48bfb8d2d7ed64ecf0"
dependencies = [
"bitflags",
]
Expand Down
36 changes: 17 additions & 19 deletions policy-test/src/curl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ impl Runner {
runner
}

/// Creates a configmap that prevents curl pods from executing.
pub async fn create_lock(&self) {
create(
&self.client,
Expand All @@ -43,6 +44,7 @@ impl Runner {
.await;
}

/// Deletes the lock configmap, allowing curl pods to execute.
pub async fn delete_lock(&self) {
tracing::trace!(ns = %self.namespace, "Deleting curl-lock");
kube::Api::<k8s::api::core::v1::ConfigMap>::namespaced(
Expand All @@ -58,10 +60,10 @@ impl Runner {
/// Runs a [`k8s::Pod`] that runs curl against the provided target URL.
///
/// The pod:
/// - has the `linkerd.io/inject` annotation set, based on he
/// - has the `linkerd.io/inject` annotation set, based on the
/// `linkerd_inject` parameter;
/// - runs under the service account `curl`;
/// - does not actually execute curl until the `curl-lock` configmmap is not
/// - does not actually execute curl until the `curl-lock` configmap is not
/// present
pub async fn run(&self, name: &str, target_url: &str, inject: LinkerdInject) -> Running {
create(
Expand Down Expand Up @@ -190,28 +192,24 @@ impl Running {
&self.name
}

/// Waits for the pod to have an IP address and returns it.
pub async fn ip(&self) -> std::net::IpAddr {
super::await_pod_ip(&self.client, &self.namespace, &self.name).await
}

/// Waits for the curl container to complete and returns its exit code.
pub async fn exit_code(self) -> i32 {
fn get_exit_code(pod: &k8s::Pod) -> Option<i32> {
if let Some(status) = &pod.status {
if let Some(containers) = &status.container_statuses {
for c in containers.iter() {
if c.name == "curl" {
if let Some(state) = &c.state {
if let Some(terminated) = &state.terminated {
tracing::debug!(ns = %pod.namespace().unwrap(), pod = %pod.name(), "Curl exited");
return Some(terminated.exit_code);
}
}
}
}
}
}
tracing::debug!(ns = %pod.namespace().unwrap(), pod = %pod.name(), "Curl has not exited");
None
let c = pod
.status
.as_ref()?
.container_statuses
.as_ref()?
.iter()
.find(|c| c.name == "curl")?;
let code = c.state.as_ref()?.terminated.as_ref()?.exit_code;
tracing::debug!(ns = %pod.namespace().unwrap(), pod = %pod.name(), %code, "Curl exited");
Some(code)
}

tracing::debug!(ns = %self.namespace, pod = %self.name, "Waiting for exit code");
Expand All @@ -224,7 +222,7 @@ impl Running {
match time::timeout(time::Duration::from_secs(60), finished).await {
Ok(Ok(())) => {}
Ok(Err(error)) => panic!("Failed to wait for exit code: {}: {}", self.name, error),
Err(_timeout) => panic!("Timeout waiting for exit odec: {}", self.name),
Err(_timeout) => panic!("Timeout waiting for exit code: {}", self.name),
};

let curl_pod = api.get(&self.name).await.expect("pod must exist");
Expand Down
4 changes: 2 additions & 2 deletions web/app/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"@lingui/cli": "3.13.2",
"babel-core": "^7.0.0-bridge.0",
"babel-jest": "^27.5.1",
"babel-loader": "^8.2.3",
"babel-loader": "^8.2.4",
"babel-plugin-import": "^1.13.3",
"babel-plugin-macros": "^3.1.0",
"babel-plugin-transform-react-remove-prop-types": "0.4.24",
Expand All @@ -59,7 +59,7 @@
"css-loader": "^6.7.1",
"enzyme": "3.11.0",
"enzyme-adapter-react-16": "^1.15.6",
"eslint": "^8.11.0",
"eslint": "^8.12.0",
"eslint-config-airbnb": "^19.0.4",
"eslint-plugin-import": "^2.25.4",
"eslint-plugin-jsx-a11y": "^6.5.1",
Expand Down
33 changes: 12 additions & 21 deletions web/app/yarn.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2333,13 +2333,13 @@ babel-jest@^27.5.1:
graceful-fs "^4.2.9"
slash "^3.0.0"

babel-loader@^8.2.3:
version "8.2.3"
resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-8.2.3.tgz#8986b40f1a64cacfcb4b8429320085ef68b1342d"
integrity sha512-n4Zeta8NC3QAsuyiizu0GkmRcQ6clkV9WFUnUf1iXP//IeSKbWjofW3UHyZVwlOB4y039YQKefawyTn64Zwbuw==
babel-loader@^8.2.4:
version "8.2.4"
resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-8.2.4.tgz#95f5023c791b2e9e2ca6f67b0984f39c82ff384b"
integrity sha512-8dytA3gcvPPPv4Grjhnt8b5IIiTcq/zeXOPk4iTYI0SVXcsmuGg7JtBRDp8S9X+gJfhQ8ektjXZlDu1Bb33U8A==
dependencies:
find-cache-dir "^3.3.1"
loader-utils "^1.4.0"
loader-utils "^2.0.0"
make-dir "^3.1.0"
schema-utils "^2.6.5"

Expand Down Expand Up @@ -3792,10 +3792,10 @@ eslint-webpack-plugin@^3.1.1:
normalize-path "^3.0.0"
schema-utils "^3.1.1"

eslint@^8.11.0:
version "8.11.0"
resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.11.0.tgz#88b91cfba1356fc10bb9eb592958457dfe09fb37"
integrity sha512-/KRpd9mIRg2raGxHRGwW9ZywYNAClZrHjdueHcrVDuO3a6bj83eoTirCCk0M0yPwOjWYKHwRVRid+xK4F/GHgA==
eslint@^8.12.0:
version "8.12.0"
resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.12.0.tgz#c7a5bd1cfa09079aae64c9076c07eada66a46e8e"
integrity sha512-it1oBL9alZg1S8UycLm5YDMAkIhtH6FtAzuZs6YvoGVldWjbS08BkAdb/ymP9LlAyq8koANu32U7Ib/w+UNh8Q==
dependencies:
"@eslint/eslintrc" "^1.2.1"
"@humanwhocodes/config-array" "^0.9.2"
Expand Down Expand Up @@ -5634,15 +5634,6 @@ loader-runner@^4.2.0:
resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-4.2.0.tgz#d7022380d66d14c5fb1d496b89864ebcfd478384"
integrity sha512-92+huvxMvYlMzMt0iIOukcwYBFpkYJdpl2xsZ7LrlayO7E8SOv+JJUEK17B/dJIHAOLMfh2dZZ/Y18WgmGtYNw==

loader-utils@^1.4.0:
version "1.4.0"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-1.4.0.tgz#c579b5e34cb34b1a74edc6c1fb36bfa371d5a613"
integrity sha512-qH0WSMBtn/oHuwjy/NucEgbx5dbxxnxup9s4PVXJUDHZBQY+s0NWA9rJf53RBnQZxfch7euUui7hpoAPvALZdA==
dependencies:
big.js "^5.2.2"
emojis-list "^3.0.0"
json5 "^1.0.1"

loader-utils@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.0.tgz#e4cace5b816d425a166b5f097e10cd12b36064b0"
Expand Down Expand Up @@ -5896,9 +5887,9 @@ minimatch@^3.0.4, minimatch@^3.1.2:
brace-expansion "^1.1.7"

minimist@>=1.2.5, minimist@^1.2.0, minimist@^1.2.5:
version "1.2.5"
resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
version "1.2.6"
resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==

mkdirp@^0.5.5:
version "0.5.5"
Expand Down

0 comments on commit d2dcf4e

Please sign in to comment.