fix review comments

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
open-policy-agent · Aug 20, 2021 · 343a919 · 343a919
1 parent bf04f25
commit 343a919
Show file tree

Hide file tree

Showing 8 changed files with 71 additions and 19 deletions.
diff --git a/constraint/config/crds/externaldata.gatekeeper.sh_providers.yaml b/constraint/config/crds/externaldata.gatekeeper.sh_providers.yaml
@@ -33,6 +33,9 @@ spec:
             description: ProviderSpec defines the desired state of Provider
             properties:
               failurePolicy:
+                enum:
+                - Ignore
+                - Fail
                 type: string
               maxRetry:
                 type: integer

diff --git a/constraint/config/kustomization.yaml b/constraint/config/kustomization.yaml
@@ -1,3 +1,3 @@
 resources:
 - crds/templates.gatekeeper.sh_constrainttemplates.yaml
-- crds/externaldata.gatekeeper.sh_providers.yaml
+- crds/externaldata.gatekeeper.sh_providers.yaml
diff --git a/constraint/deploy/crds.yaml b/constraint/deploy/crds.yaml
@@ -339,6 +339,9 @@ spec:
             description: ProviderSpec defines the desired state of Provider
             properties:
               failurePolicy:
+                enum:
+                - Ignore
+                - Fail
                 type: string
               maxRetry:
                 type: integer

diff --git a/constraint/pkg/apis/externaldata/v1alpha1/provider_types.go b/constraint/pkg/apis/externaldata/v1alpha1/provider_types.go
@@ -19,6 +19,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+// +kubebuilder:validation:Enum=Ignore;Fail
 type FailurePolicy string
 
 const (

diff --git a/constraint/pkg/apis/templates/yaml_constant.go b/constraint/pkg/apis/templates/yaml_constant.go
@@ -310,4 +310,58 @@ status:
     plural: ""
   conditions: []
   storedVersions: []
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
+  creationTimestamp: null
+  name: providers.externaldata.gatekeeper.sh
+spec:
+  group: externaldata.gatekeeper.sh
+  names:
+    kind: Provider
+    listKind: ProviderList
+    plural: providers
+    singular: provider
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Provider is the Schema for the Provider API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ProviderSpec defines the desired state of Provider
+            properties:
+              failurePolicy:
+                enum:
+                - Ignore
+                - Fail
+                type: string
+              maxRetry:
+                type: integer
+              proxyURL:
+                type: string
+              timeout:
+                type: integer
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
 `
diff --git a/constraint/pkg/client/client.go b/constraint/pkg/client/client.go
@@ -11,7 +11,6 @@ import (
 
 	"github.com/open-policy-agent/frameworks/constraint/pkg/client/drivers"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/client/regolib"
-	"github.com/open-policy-agent/frameworks/constraint/pkg/externaldata"
 
 	constraintlib "github.com/open-policy-agent/frameworks/constraint/pkg/core/constraints"
 	"github.com/open-policy-agent/frameworks/constraint/pkg/core/templates"
@@ -76,7 +75,6 @@ type Client struct {
 	templates         map[templateKey]*templateEntry
 	constraints       map[schema.GroupKind]map[string]*unstructured.Unstructured
 	allowedDataFields []string
-	ProviderCache     externaldata.ProviderCache
 }
 
 // createDataPath compiles the data destination: data.external.<target>.<path>

diff --git a/constraint/pkg/client/drivers/local/local.go b/constraint/pkg/client/drivers/local/local.go
@@ -130,7 +130,7 @@ func (d *driver) Init(ctx context.Context) error {
 
 				provider, err := d.providerCache.Get(providerName)
 				if err != nil {
-					return nil, fmt.Errorf("unable to retrieve provider %v cache", providerName)
+					return nil, fmt.Errorf("unable to retrieve provider %v from cache", providerName)
 				}
 
 				req, err := http.NewRequest("GET", provider.Spec.ProxyURL, bytes.NewBuffer([]byte(body)))

diff --git a/constraint/pkg/externaldata/cache.go b/constraint/pkg/externaldata/cache.go
@@ -19,33 +19,26 @@ func NewCache() *ProviderCache {
 }
 
 func (c *ProviderCache) Get(key string) (v1alpha1.Provider, error) {
+	c.mux.RLock()
+	defer c.mux.RUnlock()
+
 	if v, ok := c.cache[key]; ok {
-		return v, nil
+		dc := *v.DeepCopy()
+		return dc, nil
 	}
 	return v1alpha1.Provider{}, fmt.Errorf("key is not found in provider cache")
 }
 
-func (c *ProviderCache) Upsert(provider *v1alpha1.Provider) error {
+func (c *ProviderCache) Upsert(provider *v1alpha1.Provider) {
 	c.mux.Lock()
 	defer c.mux.Unlock()
 
-	c.cache[provider.GetName()] = v1alpha1.Provider{
-		Spec: v1alpha1.ProviderSpec{
-			ProxyURL:      provider.Spec.ProxyURL,
-			FailurePolicy: provider.Spec.FailurePolicy,
-			Timeout:       provider.Spec.Timeout,
-			MaxRetry:      provider.Spec.MaxRetry,
-		},
-	}
-
-	return nil
+	c.cache[provider.GetName()] = *provider.DeepCopy()
 }
 
-func (c *ProviderCache) Remove(name string) error {
+func (c *ProviderCache) Remove(name string) {
 	c.mux.Lock()
 	defer c.mux.Unlock()
 
 	delete(c.cache, name)
-
-	return nil
 }