diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/caching/KubernetesCachingAgentDispatcher.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/caching/KubernetesCachingAgentDispatcher.java index 20a6903178b..b9d846aeeb4 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/caching/KubernetesCachingAgentDispatcher.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/caching/KubernetesCachingAgentDispatcher.java @@ -16,10 +16,11 @@ package com.netflix.spinnaker.clouddriver.kubernetes.caching; +import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials; import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials; import java.util.Collection; -public interface KubernetesCachingAgentDispatcher { - Collection buildAllCachingAgents( - KubernetesNamedAccountCredentials credentials); +public interface KubernetesCachingAgentDispatcher { + Collection> buildAllCachingAgents( + KubernetesNamedAccountCredentials credentials); } diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentialFactory.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentialFactory.java new file mode 100644 index 00000000000..cc695972e7d --- /dev/null +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentialFactory.java @@ -0,0 +1,56 @@ +/* + * Copyright 2019 Google, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License") + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.netflix.spinnaker.clouddriver.kubernetes.security; + +import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties; +import com.netflix.spinnaker.kork.configserver.ConfigFileService; +import org.apache.commons.lang3.StringUtils; + +public interface KubernetesCredentialFactory { + C build(KubernetesConfigurationProperties.ManagedAccount managedAccount); + + default void validateAccount(KubernetesConfigurationProperties.ManagedAccount managedAccount) { + if (StringUtils.isEmpty(managedAccount.getName())) { + throw new IllegalArgumentException("Account name for Kubernetes provider missing."); + } + + if (!managedAccount.getOmitNamespaces().isEmpty() + && !managedAccount.getNamespaces().isEmpty()) { + throw new IllegalArgumentException( + "At most one of 'namespaces' and 'omitNamespaces' can be specified"); + } + + if (!managedAccount.getOmitKinds().isEmpty() && !managedAccount.getKinds().isEmpty()) { + throw new IllegalArgumentException("At most one of 'kinds' and 'omitKinds' can be specified"); + } + } + + default String getKubeconfigFile( + ConfigFileService configFileService, + KubernetesConfigurationProperties.ManagedAccount managedAccount) { + if (StringUtils.isNotEmpty(managedAccount.getKubeconfigFile())) { + return configFileService.getLocalPath(managedAccount.getKubeconfigFile()); + } + + if (StringUtils.isNotEmpty(managedAccount.getKubeconfigContents())) { + return configFileService.getLocalPathForContents( + managedAccount.getKubeconfigContents(), managedAccount.getName()); + } + + return System.getProperty("user.home") + "/.kube/config"; + } +} diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentials.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentials.java index 379e5c156ad..0db0596559e 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentials.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesCredentials.java @@ -18,7 +18,10 @@ package com.netflix.spinnaker.clouddriver.kubernetes.security; import java.util.List; +import java.util.Map; public interface KubernetesCredentials { List getDeclaredNamespaces(); + + Map getSpinnakerKindMap(); } diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials.java index 48faece5c2d..4582168cc4c 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials.java @@ -18,31 +18,18 @@ import static lombok.EqualsAndHashCode.Include; -import com.netflix.spectator.api.Registry; -import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider; -import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties; -import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials; -import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.AccountResourcePropertyRegistry; -import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap; -import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKindRegistry; -import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesManifest; -import com.netflix.spinnaker.clouddriver.kubernetes.v2.op.job.KubectlJobExecutor; -import com.netflix.spinnaker.clouddriver.kubernetes.v2.security.KubernetesV2Credentials; -import com.netflix.spinnaker.clouddriver.names.NamerRegistry; +import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties.ManagedAccount; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; import com.netflix.spinnaker.clouddriver.security.ProviderVersion; import com.netflix.spinnaker.fiat.model.resources.Permissions; -import com.netflix.spinnaker.kork.configserver.ConfigFileService; import java.util.*; +import javax.annotation.ParametersAreNonnullByDefault; import lombok.EqualsAndHashCode; import lombok.Getter; -import lombok.RequiredArgsConstructor; -import org.apache.commons.lang3.StringUtils; -import org.springframework.stereotype.Component; @Getter @EqualsAndHashCode(onlyExplicitlyIncluded = true) +@ParametersAreNonnullByDefault public class KubernetesNamedAccountCredentials implements AccountCredentials { private final String cloudProvider = "kubernetes"; @@ -67,12 +54,8 @@ public class KubernetesNamedAccountCredentials @Include private final Long cacheIntervalSeconds; - private final KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap; - public KubernetesNamedAccountCredentials( - KubernetesConfigurationProperties.ManagedAccount managedAccount, - KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap, - CredentialFactory factory) { + ManagedAccount managedAccount, KubernetesCredentialFactory credentialFactory) { this.name = managedAccount.getName(); this.providerVersion = managedAccount.getProviderVersion(); this.environment = @@ -84,7 +67,6 @@ public KubernetesNamedAccountCredentials( .orElse(managedAccount.getProviderVersion().toString()); this.cacheThreads = managedAccount.getCacheThreads(); this.cacheIntervalSeconds = managedAccount.getCacheIntervalSeconds(); - this.kubernetesSpinnakerKindMap = kubernetesSpinnakerKindMap; Permissions permissions = managedAccount.getPermissions().build(); if (permissions.isRestricted()) { @@ -95,18 +77,7 @@ public KubernetesNamedAccountCredentials( this.requiredGroupMembership = Collections.unmodifiableList(managedAccount.getRequiredGroupMembership()); } - - switch (managedAccount.getProviderVersion()) { - case v1: - this.credentials = (C) factory.buildV1Credentials(managedAccount); - break; - case v2: - this.credentials = (C) factory.buildV2Credentials(managedAccount); - break; - default: - throw new IllegalArgumentException( - "Unknown provider type: " + managedAccount.getProviderVersion()); - } + this.credentials = credentialFactory.build(managedAccount); } public List getNamespaces() { @@ -114,101 +85,6 @@ public List getNamespaces() { } public Map getSpinnakerKindMap() { - if (kubernetesSpinnakerKindMap == null) { - return Collections.emptyMap(); - } - Map kindMap = - new HashMap<>(kubernetesSpinnakerKindMap.kubernetesToSpinnakerKindStringMap()); - C creds = getCredentials(); - if (creds instanceof KubernetesV2Credentials) { - ((KubernetesV2Credentials) creds) - .getCustomResources() - .forEach( - customResource -> - kindMap.put( - customResource.getKubernetesKind(), customResource.getSpinnakerKind())); - } - return kindMap; - } - - @Component - @RequiredArgsConstructor - public static class CredentialFactory { - private final String userAgent; - private final Registry spectatorRegistry; - private final NamerRegistry namerRegistry; - private final AccountCredentialsRepository accountCredentialsRepository; - private final KubectlJobExecutor jobExecutor; - private final ConfigFileService configFileService; - private final AccountResourcePropertyRegistry.Factory resourcePropertyRegistryFactory; - private final KubernetesKindRegistry.Factory kindRegistryFactory; - - KubernetesV1Credentials buildV1Credentials( - KubernetesConfigurationProperties.ManagedAccount managedAccount) { - validateAccount(managedAccount); - return new KubernetesV1Credentials( - managedAccount.getName(), - getKubeconfigFile(managedAccount), - managedAccount.getContext(), - managedAccount.getCluster(), - managedAccount.getUser(), - userAgent, - managedAccount.isServiceAccount(), - managedAccount.isConfigureImagePullSecrets(), - managedAccount.getNamespaces(), - managedAccount.getOmitNamespaces(), - managedAccount.getDockerRegistries(), - spectatorRegistry, - accountCredentialsRepository); - } - - KubernetesV2Credentials buildV2Credentials( - KubernetesConfigurationProperties.ManagedAccount managedAccount) { - validateAccount(managedAccount); - NamerRegistry.lookup() - .withProvider(KubernetesCloudProvider.ID) - .withAccount(managedAccount.getName()) - .setNamer( - KubernetesManifest.class, - namerRegistry.getNamingStrategy(managedAccount.getNamingStrategy())); - return new KubernetesV2Credentials( - spectatorRegistry, - jobExecutor, - managedAccount, - resourcePropertyRegistryFactory, - kindRegistryFactory.create(), - getKubeconfigFile(managedAccount)); - } - - private void validateAccount(KubernetesConfigurationProperties.ManagedAccount managedAccount) { - if (StringUtils.isEmpty(managedAccount.getName())) { - throw new IllegalArgumentException("Account name for Kubernetes provider missing."); - } - - if (!managedAccount.getOmitNamespaces().isEmpty() - && !managedAccount.getNamespaces().isEmpty()) { - throw new IllegalArgumentException( - "At most one of 'namespaces' and 'omitNamespaces' can be specified"); - } - - if (!managedAccount.getOmitKinds().isEmpty() && !managedAccount.getKinds().isEmpty()) { - throw new IllegalArgumentException( - "At most one of 'kinds' and 'omitKinds' can be specified"); - } - } - - private String getKubeconfigFile( - KubernetesConfigurationProperties.ManagedAccount managedAccount) { - if (StringUtils.isNotEmpty(managedAccount.getKubeconfigFile())) { - return configFileService.getLocalPath(managedAccount.getKubeconfigFile()); - } - - if (StringUtils.isNotEmpty(managedAccount.getKubeconfigContents())) { - return configFileService.getLocalPathForContents( - managedAccount.getKubeconfigContents(), managedAccount.getName()); - } - - return System.getProperty("user.home") + "/.kube/config"; - } + return credentials.getSpinnakerKindMap(); } } diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/KubernetesV1ProviderSynchronizable.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/KubernetesV1ProviderSynchronizable.java index 53abf49c7c0..6d9a22669f6 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/KubernetesV1ProviderSynchronizable.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/KubernetesV1ProviderSynchronizable.java @@ -24,6 +24,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties; import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials; import com.netflix.spinnaker.clouddriver.kubernetes.v1.provider.agent.KubernetesV1CachingAgentDispatcher; +import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap; import com.netflix.spinnaker.clouddriver.security.AccountCredentials; import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; @@ -44,7 +45,7 @@ public class KubernetesV1ProviderSynchronizable implements CredentialsInitialize private AccountCredentialsRepository accountCredentialsRepository; private KubernetesV1CachingAgentDispatcher kubernetesV1CachingAgentDispatcher; private KubernetesConfigurationProperties kubernetesConfigurationProperties; - private KubernetesNamedAccountCredentials.CredentialFactory credentialFactory; + private KubernetesV1Credentials.Factory credentialFactory; private KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap; private CatsModule catsModule; @@ -53,7 +54,7 @@ public KubernetesV1ProviderSynchronizable( AccountCredentialsRepository accountCredentialsRepository, KubernetesV1CachingAgentDispatcher kubernetesV1CachingAgentDispatcher, KubernetesConfigurationProperties kubernetesConfigurationProperties, - KubernetesNamedAccountCredentials.CredentialFactory credentialFactory, + KubernetesV1Credentials.Factory credentialFactory, KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap, CatsModule catsModule) { this.kubernetesV1Provider = kubernetesV1Provider; @@ -98,15 +99,14 @@ private Set synchronizeAccountCredentials() { List changedAccounts = new ArrayList<>(); Set newAndChangedAccounts = new HashSet<>(); - deletedAccounts.stream().forEach(accountCredentialsRepository::delete); + deletedAccounts.forEach(accountCredentialsRepository::delete); kubernetesConfigurationProperties.getAccounts().stream() .filter(a -> ProviderVersion.v1.equals(a.getProviderVersion())) .forEach( managedAccount -> { KubernetesNamedAccountCredentials credentials = - new KubernetesNamedAccountCredentials( - managedAccount, kubernetesSpinnakerKindMap, credentialFactory); + new KubernetesNamedAccountCredentials<>(managedAccount, credentialFactory); AccountCredentials existingCredentials = accountCredentialsRepository.getOne(managedAccount.getName()); diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1Credentials.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1Credentials.java index f62317adb30..f506c0c31a5 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1Credentials.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1Credentials.java @@ -23,12 +23,16 @@ import com.google.common.collect.Lists; import com.netflix.spectator.api.Registry; import com.netflix.spinnaker.clouddriver.docker.registry.security.DockerRegistryNamedAccountCredentials; +import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties; import com.netflix.spinnaker.clouddriver.kubernetes.config.LinkedDockerRegistryConfiguration; import com.netflix.spinnaker.clouddriver.kubernetes.security.KubeconfigFileHasher; +import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentialFactory; import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials; import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesApiAdaptor; import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesClientApiAdapter; +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap; import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; +import com.netflix.spinnaker.kork.configserver.ConfigFileService; import io.fabric8.kubernetes.api.model.Namespace; import io.fabric8.kubernetes.api.model.NamespaceBuilder; import io.fabric8.kubernetes.api.model.Secret; @@ -39,8 +43,10 @@ import javax.validation.ConstraintViolationException; import lombok.Data; import lombok.EqualsAndHashCode; +import lombok.RequiredArgsConstructor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; @EqualsAndHashCode(onlyExplicitlyIncluded = true) @Data @@ -66,7 +72,9 @@ public class KubernetesV1Credentials implements KubernetesCredentials { @Include private final String kubeconfigFileHash; - public KubernetesV1Credentials( + private KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap; + + private KubernetesV1Credentials( String name, String kubeconfigFile, String context, @@ -79,7 +87,8 @@ public KubernetesV1Credentials( List omitNamespaces, List dockerRegistries, Registry spectatorRegistry, - AccountCredentialsRepository accountCredentialsRepository) { + AccountCredentialsRepository accountCredentialsRepository, + KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap) { this.kubeconfigFile = kubeconfigFile; if (dockerRegistries == null || dockerRegistries.size() == 0) { @@ -106,6 +115,7 @@ public KubernetesV1Credentials( this.repository = accountCredentialsRepository; this.LOG = LoggerFactory.getLogger(KubernetesV1Credentials.class); this.configureImagePullSecrets = configureImagePullSecrets; + this.kubernetesSpinnakerKindMap = kubernetesSpinnakerKindMap; configureDockerRegistries(); } @@ -115,7 +125,8 @@ protected KubernetesV1Credentials( List namespaces, List omitNamespaces, List dockerRegistries, - AccountCredentialsRepository repository) { + AccountCredentialsRepository repository, + KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap) { this.apiAdaptor = apiAdaptor; this.namespaces = namespaces != null ? namespaces : new ArrayList<>(); this.omitNamespaces = omitNamespaces != null ? omitNamespaces : new ArrayList<>(); @@ -125,6 +136,7 @@ protected KubernetesV1Credentials( this.configureImagePullSecrets = true; this.kubeconfigFile = ""; this.kubeconfigFileHash = ""; + this.kubernetesSpinnakerKindMap = kubernetesSpinnakerKindMap; configureDockerRegistries(); } @@ -174,6 +186,11 @@ public List getDeclaredNamespaces() { } } + @Override + public Map getSpinnakerKindMap() { + return kubernetesSpinnakerKindMap.kubernetesToSpinnakerKindStringMap(); + } + private void reconfigureRegistries(List allNamespaces) { List affectedNamespaces = new ArrayList<>(allNamespaces); if (!configureImagePullSecrets) { @@ -307,4 +324,34 @@ public Boolean isRegisteredImagePullSecret(String secret, String namespace) { } return secrets.contains(secret); } + + @Component + @RequiredArgsConstructor + public static class Factory implements KubernetesCredentialFactory { + private final String userAgent; + private final Registry spectatorRegistry; + private final AccountCredentialsRepository accountCredentialsRepository; + private final ConfigFileService configFileService; + private final KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap; + + public KubernetesV1Credentials build( + KubernetesConfigurationProperties.ManagedAccount managedAccount) { + validateAccount(managedAccount); + return new KubernetesV1Credentials( + managedAccount.getName(), + getKubeconfigFile(configFileService, managedAccount), + managedAccount.getContext(), + managedAccount.getCluster(), + managedAccount.getUser(), + userAgent, + managedAccount.isServiceAccount(), + managedAccount.isConfigureImagePullSecrets(), + managedAccount.getNamespaces(), + managedAccount.getOmitNamespaces(), + managedAccount.getDockerRegistries(), + spectatorRegistry, + accountCredentialsRepository, + kubernetesSpinnakerKindMap); + } + } } diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/KubernetesV2ProviderSynchronizable.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/KubernetesV2ProviderSynchronizable.java index ed77d94d53f..194ea60277d 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/KubernetesV2ProviderSynchronizable.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/KubernetesV2ProviderSynchronizable.java @@ -25,6 +25,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials; import com.netflix.spinnaker.clouddriver.kubernetes.v2.caching.agent.KubernetesV2CachingAgentDispatcher; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap; +import com.netflix.spinnaker.clouddriver.kubernetes.v2.security.KubernetesV2Credentials; import com.netflix.spinnaker.clouddriver.security.*; import java.util.ArrayList; import java.util.HashSet; @@ -43,7 +44,7 @@ public class KubernetesV2ProviderSynchronizable implements CredentialsInitialize private final AccountCredentialsRepository accountCredentialsRepository; private final KubernetesV2CachingAgentDispatcher kubernetesV2CachingAgentDispatcher; private final KubernetesConfigurationProperties kubernetesConfigurationProperties; - private final KubernetesNamedAccountCredentials.CredentialFactory credentialFactory; + private final KubernetesV2Credentials.Factory credentialFactory; private final KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap; private final CatsModule catsModule; @@ -52,7 +53,7 @@ public KubernetesV2ProviderSynchronizable( AccountCredentialsRepository accountCredentialsRepository, KubernetesV2CachingAgentDispatcher kubernetesV2CachingAgentDispatcher, KubernetesConfigurationProperties kubernetesConfigurationProperties, - KubernetesNamedAccountCredentials.CredentialFactory credentialFactory, + KubernetesV2Credentials.Factory credentialFactory, KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap, CatsModule catsModule) { this.kubernetesV2Provider = kubernetesV2Provider; @@ -74,12 +75,13 @@ public void synchronize() { Set newAndChangedAccounts = synchronizeAccountCredentials(); // we only want to initialize caching agents for new or updated accounts - Set allAccounts = + Set> allAccounts = ProviderUtils.buildThreadSafeSetOfAccounts( accountCredentialsRepository, KubernetesNamedAccountCredentials.class, ProviderVersion.v2) .stream() + .map(c -> (KubernetesNamedAccountCredentials) c) .filter(account -> newAndChangedAccounts.contains(account.getName())) .collect(Collectors.toSet()); @@ -105,8 +107,7 @@ private Set synchronizeAccountCredentials() { .forEach( managedAccount -> { KubernetesNamedAccountCredentials credentials = - new KubernetesNamedAccountCredentials( - managedAccount, kubernetesSpinnakerKindMap, credentialFactory); + new KubernetesNamedAccountCredentials<>(managedAccount, credentialFactory); AccountCredentials existingCredentials = accountCredentialsRepository.getOne(managedAccount.getName()); @@ -148,10 +149,11 @@ private List getDeletedAccountNames() { .collect(Collectors.toList()); } - private void synchronizeKubernetesV2Provider(Set allAccounts) { + private void synchronizeKubernetesV2Provider( + Set> allAccounts) { try { - for (KubernetesNamedAccountCredentials credentials : allAccounts) { + for (KubernetesNamedAccountCredentials credentials : allAccounts) { List newlyAddedAgents = kubernetesV2CachingAgentDispatcher.buildAllCachingAgents(credentials).stream() .map(c -> (Agent) c) diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/agent/KubernetesV2CachingAgentDispatcher.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/agent/KubernetesV2CachingAgentDispatcher.java index d3f4a6bfdd6..c38e54e9383 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/agent/KubernetesV2CachingAgentDispatcher.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/agent/KubernetesV2CachingAgentDispatcher.java @@ -39,7 +39,8 @@ @Component @Slf4j -public class KubernetesV2CachingAgentDispatcher implements KubernetesCachingAgentDispatcher { +public class KubernetesV2CachingAgentDispatcher + implements KubernetesCachingAgentDispatcher { private final ObjectMapper objectMapper; private final Registry registry; @@ -50,10 +51,10 @@ public KubernetesV2CachingAgentDispatcher(ObjectMapper objectMapper, Registry re } @Override - public Collection buildAllCachingAgents( - KubernetesNamedAccountCredentials credentials) { - KubernetesV2Credentials v2Credentials = (KubernetesV2Credentials) credentials.getCredentials(); - List result = new ArrayList<>(); + public Collection> buildAllCachingAgents( + KubernetesNamedAccountCredentials credentials) { + KubernetesV2Credentials v2Credentials = credentials.getCredentials(); + List> result = new ArrayList<>(); Long agentInterval = Optional.ofNullable(credentials.getCacheIntervalSeconds()) .map(TimeUnit.SECONDS::toMillis) @@ -77,7 +78,7 @@ public Collection buildAllCachingAgents( credentials.getCacheThreads(), agentInterval)) .filter(Objects::nonNull) - .forEach(c -> result.add((KubernetesCachingAgent) c))); + .forEach(result::add)); IntStream.range(0, credentials.getCacheThreads()) .forEach( diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2Credentials.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2Credentials.java index 859e477e3b8..5b0438fa91f 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2Credentials.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2Credentials.java @@ -28,16 +28,19 @@ import com.google.common.collect.ImmutableSet; import com.netflix.spectator.api.Clock; import com.netflix.spectator.api.Registry; +import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider; import com.netflix.spinnaker.clouddriver.kubernetes.config.CustomKubernetesResource; import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesCachingPolicy; import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties; import com.netflix.spinnaker.clouddriver.kubernetes.security.KubeconfigFileHasher; +import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentialFactory; import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.AccountResourcePropertyRegistry; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.JsonPatch; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesPatchOptions; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesPodMetric; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesResourceProperties; +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.ResourcePropertyRegistry; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesApiGroup; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKind; @@ -46,6 +49,8 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesManifest; import com.netflix.spinnaker.clouddriver.kubernetes.v2.op.job.KubectlJobExecutor; import com.netflix.spinnaker.clouddriver.kubernetes.v2.op.job.KubectlJobExecutor.KubectlException; +import com.netflix.spinnaker.clouddriver.names.NamerRegistry; +import com.netflix.spinnaker.kork.configserver.ConfigFileService; import io.kubernetes.client.models.V1DeleteOptions; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -60,8 +65,10 @@ import javax.annotation.Nonnull; import lombok.EqualsAndHashCode; import lombok.Getter; +import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Component; @Slf4j @EqualsAndHashCode(onlyExplicitlyIncluded = true) @@ -121,14 +128,16 @@ public class KubernetesV2Credentials implements KubernetesCredentials { private final Supplier> liveCrdSupplier; @Getter private final ResourcePropertyRegistry resourcePropertyRegistry; @Getter private final KubernetesKindRegistry kindRegistry; + private final KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap; private final PermissionValidator permissionValidator; - public KubernetesV2Credentials( + private KubernetesV2Credentials( Registry registry, KubectlJobExecutor jobExecutor, KubernetesConfigurationProperties.ManagedAccount managedAccount, AccountResourcePropertyRegistry.Factory resourcePropertyRegistryFactory, KubernetesKindRegistry kindRegistry, + KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap, String kubeconfigFile) { this.registry = registry; this.clock = registry.clock(); @@ -166,6 +175,7 @@ public KubernetesV2Credentials( managedAccount.getCustomResources().stream() .map(cr -> KubernetesResourceProperties.fromCustomResource(cr, kindRegistry)) .collect(ImmutableList.toImmutableList())); + this.kubernetesSpinnakerKindMap = kubernetesSpinnakerKindMap; this.kubectlExecutable = managedAccount.getKubectlExecutable(); this.kubectlRequestTimeoutSeconds = managedAccount.getKubectlRequestTimeoutSeconds(); @@ -393,6 +403,17 @@ public boolean isMetricsEnabled() { return metrics && permissionValidator.isMetricsReadable(); } + @Override + public Map getSpinnakerKindMap() { + Map kindMap = + new HashMap<>(kubernetesSpinnakerKindMap.kubernetesToSpinnakerKindStringMap()); + getCustomResources() + .forEach( + customResource -> + kindMap.put(customResource.getKubernetesKind(), customResource.getSpinnakerKind())); + return kindMap; + } + public KubernetesManifest get(KubernetesKind kind, String namespace, String name) { return runAndRecordMetrics( "get", kind, namespace, () -> jobExecutor.get(this, kind, namespace, name)); @@ -698,4 +719,35 @@ boolean isMetricsReadable() { return metricsReadable.get(); } } + + @Component + @RequiredArgsConstructor + public static class Factory implements KubernetesCredentialFactory { + private final Registry spectatorRegistry; + private final NamerRegistry namerRegistry; + private final KubectlJobExecutor jobExecutor; + private final ConfigFileService configFileService; + private final AccountResourcePropertyRegistry.Factory resourcePropertyRegistryFactory; + private final KubernetesKindRegistry.Factory kindRegistryFactory; + private final KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap; + + public KubernetesV2Credentials build( + KubernetesConfigurationProperties.ManagedAccount managedAccount) { + validateAccount(managedAccount); + NamerRegistry.lookup() + .withProvider(KubernetesCloudProvider.ID) + .withAccount(managedAccount.getName()) + .setNamer( + KubernetesManifest.class, + namerRegistry.getNamingStrategy(managedAccount.getNamingStrategy())); + return new KubernetesV2Credentials( + spectatorRegistry, + jobExecutor, + managedAccount, + resourcePropertyRegistryFactory, + kindRegistryFactory.create(), + kubernetesSpinnakerKindMap, + getKubeconfigFile(configFileService, managedAccount)); + } + } } diff --git a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/config/KubernetesConfiguration.java b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/config/KubernetesConfiguration.java index da9125cec69..544bb9d17be 100644 --- a/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/config/KubernetesConfiguration.java +++ b/clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/config/KubernetesConfiguration.java @@ -19,17 +19,18 @@ import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider; import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties; import com.netflix.spinnaker.clouddriver.kubernetes.health.KubernetesHealthIndicator; -import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials; import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.KubernetesUtil; import com.netflix.spinnaker.clouddriver.kubernetes.v1.provider.KubernetesV1Provider; import com.netflix.spinnaker.clouddriver.kubernetes.v1.provider.KubernetesV1ProviderSynchronizable; import com.netflix.spinnaker.clouddriver.kubernetes.v1.provider.agent.KubernetesV1CachingAgentDispatcher; +import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials; import com.netflix.spinnaker.clouddriver.kubernetes.v2.caching.KubernetesV2Provider; import com.netflix.spinnaker.clouddriver.kubernetes.v2.caching.KubernetesV2ProviderSynchronizable; import com.netflix.spinnaker.clouddriver.kubernetes.v2.caching.agent.KubernetesV2CachingAgentDispatcher; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.GlobalKubernetesKindRegistry; import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKindProperties; +import com.netflix.spinnaker.clouddriver.kubernetes.v2.security.KubernetesV2Credentials; import com.netflix.spinnaker.clouddriver.security.AccountCredentialsProvider; import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository; import java.util.Collections; @@ -88,7 +89,7 @@ public KubernetesV2ProviderSynchronizable kubernetesV2ProviderSynchronizable( AccountCredentialsRepository accountCredentialsRepository, KubernetesV2CachingAgentDispatcher kubernetesV2CachingAgentDispatcher, KubernetesConfigurationProperties kubernetesConfigurationProperties, - KubernetesNamedAccountCredentials.CredentialFactory credentialFactory, + KubernetesV2Credentials.Factory credentialFactory, KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap, CatsModule catsModule) { return new KubernetesV2ProviderSynchronizable( @@ -107,7 +108,7 @@ public KubernetesV1ProviderSynchronizable kubernetesV1ProviderSynchronizable( AccountCredentialsRepository accountCredentialsRepository, KubernetesV1CachingAgentDispatcher kubernetesV1CachingAgentDispatcher, KubernetesConfigurationProperties kubernetesConfigurationProperties, - KubernetesNamedAccountCredentials.CredentialFactory credentialFactory, + KubernetesV1Credentials.Factory credentialFactory, KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap, CatsModule catsModule) { return new KubernetesV1ProviderSynchronizable( diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentialsSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentialsSpec.groovy index 3bbadad5d4c..616c67f9186 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentialsSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentialsSpec.groovy @@ -24,8 +24,8 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpi import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKindRegistry import com.netflix.spinnaker.clouddriver.kubernetes.v2.names.KubernetesManifestNamer import com.netflix.spinnaker.clouddriver.kubernetes.v2.op.job.KubectlJobExecutor +import com.netflix.spinnaker.clouddriver.kubernetes.v2.security.KubernetesV2Credentials import com.netflix.spinnaker.clouddriver.names.NamerRegistry -import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.ProviderVersion import com.netflix.spinnaker.fiat.model.Authorization import com.netflix.spinnaker.kork.configserver.ConfigFileService @@ -34,22 +34,20 @@ import spock.lang.Specification import java.nio.file.Files class KubernetesNamedAccountCredentialsSpec extends Specification { - - KubernetesSpinnakerKindMap kindMap = new KubernetesSpinnakerKindMap([]) - AccountCredentialsRepository accountCredentialsRepository = Mock(AccountCredentialsRepository) + KubernetesSpinnakerKindMap kindMap = new KubernetesSpinnakerKindMap(Collections.emptyList()) NamerRegistry namerRegistry = new NamerRegistry([new KubernetesManifestNamer()]) ConfigFileService configFileService = new ConfigFileService() AccountResourcePropertyRegistry.Factory resourcePropertyRegistryFactory = Mock(AccountResourcePropertyRegistry.Factory) KubernetesKindRegistry.Factory kindRegistryFactory = Mock(KubernetesKindRegistry.Factory) - KubernetesNamedAccountCredentials.CredentialFactory credentialFactory = new KubernetesNamedAccountCredentials.CredentialFactory( - "userAgent", + KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap = new KubernetesSpinnakerKindMap(Collections.emptyList()) + KubernetesV2Credentials.Factory credentialFactory = new KubernetesV2Credentials.Factory( new NoopRegistry(), namerRegistry, - accountCredentialsRepository, Mock(KubectlJobExecutor), configFileService, resourcePropertyRegistryFactory, - kindRegistryFactory + kindRegistryFactory, + kubernetesSpinnakerKindMap ) @@ -77,8 +75,8 @@ class KubernetesNamedAccountCredentialsSpec extends Specification { when: - def account1 = new KubernetesNamedAccountCredentials(account1Def, kindMap, credentialFactory) - def account2 = new KubernetesNamedAccountCredentials(account2Def, kindMap, credentialFactory) + def account1 = new KubernetesNamedAccountCredentials(account1Def, credentialFactory) + def account2 = new KubernetesNamedAccountCredentials(account2Def, credentialFactory) then: account1.equals(account2) diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/loadbalancer/UpsertKubernetesLoadBalancerAtomicOperationSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/loadbalancer/UpsertKubernetesLoadBalancerAtomicOperationSpec.groovy index 7c927b53dc8..2890f7d1016 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/loadbalancer/UpsertKubernetesLoadBalancerAtomicOperationSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/loadbalancer/UpsertKubernetesLoadBalancerAtomicOperationSpec.groovy @@ -25,6 +25,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.loadba import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.loadbalancer.KubernetesNamedServicePort import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import io.fabric8.kubernetes.api.model.ObjectMeta import io.fabric8.kubernetes.api.model.Service @@ -68,7 +69,7 @@ class UpsertKubernetesLoadBalancerAtomicOperationSpec extends Specification { dockerRegistry = Mock(LinkedDockerRegistryConfiguration) dockerRegistries = [dockerRegistry] accountCredentialsRepositoryMock = Mock(AccountCredentialsRepository) - credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], [], accountCredentialsRepositoryMock) + credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], [], accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) namedAccountCredentials = Mock(KubernetesNamedAccountCredentials) { getCredentials() >> credentials } diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/securitygroup/UpsertKubernetesV1SecurityGroupAtomicOperationSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/securitygroup/UpsertKubernetesV1SecurityGroupAtomicOperationSpec.groovy index 832bfdacd89..a625a00fa29 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/securitygroup/UpsertKubernetesV1SecurityGroupAtomicOperationSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/securitygroup/UpsertKubernetesV1SecurityGroupAtomicOperationSpec.groovy @@ -25,6 +25,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesApiAdaptor import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.securitygroup.KubernetesIngressTlS import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.securitygroup.KubernetesSecurityGroupDescription import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import io.fabric8.kubernetes.api.model.extensions.Ingress import io.fabric8.kubernetes.api.model.extensions.IngressTLS @@ -60,7 +61,7 @@ class UpsertKubernetesV1SecurityGroupAtomicOperationSpec extends Specification { dockerRegistry = Mock(LinkedDockerRegistryConfiguration) dockerRegistries = [dockerRegistry] accountCredentialsRepositoryMock = Mock(AccountCredentialsRepository) - credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], [], accountCredentialsRepositoryMock) + credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], [], accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) namedAccountCredentials = Mock(KubernetesNamedAccountCredentials) { getCredentials() >> credentials } diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/servergroup/CloneKubernetesAtomicOperationSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/servergroup/CloneKubernetesAtomicOperationSpec.groovy index e3da0f79d86..78dacc2336f 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/servergroup/CloneKubernetesAtomicOperationSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/servergroup/CloneKubernetesAtomicOperationSpec.groovy @@ -27,6 +27,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.server import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.servergroup.KubernetesResourceDescription import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import io.fabric8.kubernetes.api.model.* import spock.lang.Specification @@ -112,7 +113,7 @@ class CloneKubernetesAtomicOperationSpec extends Specification { accountCredentialsRepositoryMock = Mock(AccountCredentialsRepository) dockerRegistry = Mock(LinkedDockerRegistryConfiguration) dockerRegistries = [dockerRegistry] - credentials = new KubernetesV1Credentials(apiMock, [], [], [], accountCredentialsRepositoryMock) + credentials = new KubernetesV1Credentials(apiMock, [], [], [], accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) namedAccountCredentials = Mock(KubernetesNamedAccountCredentials) { getCredentials() >> credentials } diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/servergroup/DeployKubernetesAtomicOperationSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/servergroup/DeployKubernetesAtomicOperationSpec.groovy index 228a863e775..18b86849b67 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/servergroup/DeployKubernetesAtomicOperationSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/ops/servergroup/DeployKubernetesAtomicOperationSpec.groovy @@ -28,6 +28,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.server import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.exception.KubernetesResourceNotFoundException import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import io.fabric8.kubernetes.api.model.* import io.fabric8.kubernetes.api.model.apps.ReplicaSet @@ -132,7 +133,7 @@ class DeployKubernetesAtomicOperationSpec extends Specification { dockerRegistry = Mock(LinkedDockerRegistryConfiguration) dockerRegistries = [dockerRegistry] - credentials = new KubernetesV1Credentials(apiMock, [NAMESPACE], [], DOCKER_REGISTRY_ACCOUNTS, accountCredentialsRepositoryMock,) + credentials = new KubernetesV1Credentials(apiMock, [NAMESPACE], [], DOCKER_REGISTRY_ACCOUNTS, accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) namedAccountCredentials = Mock(KubernetesNamedAccountCredentials) { getCredentials() >> credentials } diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/StandardKubernetesAttributeValidatorSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/StandardKubernetesAttributeValidatorSpec.groovy index 6ca4b2e0663..c8d9639a945 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/StandardKubernetesAttributeValidatorSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/StandardKubernetesAttributeValidatorSpec.groovy @@ -21,6 +21,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesApiAdaptor import com.netflix.spinnaker.clouddriver.kubernetes.config.LinkedDockerRegistryConfiguration import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.DefaultAccountCredentialsProvider import com.netflix.spinnaker.clouddriver.security.MapBackedAccountCredentialsRepository @@ -59,7 +60,7 @@ class StandardKubernetesAttributeValidatorSpec extends Specification { }) }) - credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], DOCKER_REGISTRY_ACCOUNTS, accountCredentialsRepositoryMock) + credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], DOCKER_REGISTRY_ACCOUNTS, accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) def namedAccountCredentials =Mock(KubernetesNamedAccountCredentials) { getName() >> ACCOUNT_NAME getCredentials() >> credentials diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/loadbalancer/UpsertKubernetesLoadBalancerAtomicOperationValidatorSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/loadbalancer/UpsertKubernetesLoadBalancerAtomicOperationValidatorSpec.groovy index 8c305e05c5c..7aea614f0ea 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/loadbalancer/UpsertKubernetesLoadBalancerAtomicOperationValidatorSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/loadbalancer/UpsertKubernetesLoadBalancerAtomicOperationValidatorSpec.groovy @@ -24,6 +24,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.loadba import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.validators.StandardKubernetesAttributeValidator import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.DefaultAccountCredentialsProvider import com.netflix.spinnaker.clouddriver.security.MapBackedAccountCredentialsRepository @@ -68,7 +69,7 @@ class UpsertKubernetesLoadBalancerAtomicOperationValidatorSpec extends Specifica spectatorRegistry = new DefaultRegistry() dockerRegistry = Mock(LinkedDockerRegistryConfiguration) dockerRegistries = [dockerRegistry] - credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], [], accountCredentialsRepositoryMock) + credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], [], accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) namedAccountCredentials = Mock(KubernetesNamedAccountCredentials) { getName() >> VALID_ACCOUNT getCredentials() >> credentials diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/servergroup/CloneKubernetesAtomicOperationValidatorSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/servergroup/CloneKubernetesAtomicOperationValidatorSpec.groovy index 0dbbf30c19e..622fd4adaf1 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/servergroup/CloneKubernetesAtomicOperationValidatorSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/servergroup/CloneKubernetesAtomicOperationValidatorSpec.groovy @@ -27,6 +27,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.server import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.validators.StandardKubernetesAttributeValidator import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.DefaultAccountCredentialsProvider import com.netflix.spinnaker.clouddriver.security.MapBackedAccountCredentialsRepository @@ -91,7 +92,7 @@ class CloneKubernetesAtomicOperationValidatorSpec extends Specification { }) }) - def credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], DOCKER_REGISTRY_ACCOUNTS, accountCredentialsRepositoryMock) + def credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], DOCKER_REGISTRY_ACCOUNTS, accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) def namedAccountCredentials = Mock(KubernetesNamedAccountCredentials) { getName() >> VALID_ACCOUNT getCredentials() >> credentials diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/servergroup/DeployKubernetesAtomicOperationValidatorSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/servergroup/DeployKubernetesAtomicOperationValidatorSpec.groovy index 31900fc5f4e..521386eaba0 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/servergroup/DeployKubernetesAtomicOperationValidatorSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/deploy/validators/servergroup/DeployKubernetesAtomicOperationValidatorSpec.groovy @@ -26,6 +26,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.description.server import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.validators.StandardKubernetesAttributeValidator import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.DefaultAccountCredentialsProvider import com.netflix.spinnaker.clouddriver.security.MapBackedAccountCredentialsRepository @@ -97,7 +98,7 @@ class DeployKubernetesAtomicOperationValidatorSpec extends Specification { }) }) - def credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], DOCKER_REGISTRY_ACCOUNTS, accountCredentialsRepositoryMock) + def credentials = new KubernetesV1Credentials(apiMock, NAMESPACES, [], DOCKER_REGISTRY_ACCOUNTS, accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) def namedAccountCredentials = Mock(KubernetesNamedAccountCredentials) { getName() >> VALID_ACCOUNT getCredentials() >> credentials diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/KubernetesV1ProviderSynchronizableSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/KubernetesV1ProviderSynchronizableSpec.groovy index c8718d5d752..822b5f1ca15 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/KubernetesV1ProviderSynchronizableSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/KubernetesV1ProviderSynchronizableSpec.groovy @@ -41,18 +41,14 @@ class KubernetesV1ProviderSynchronizableSpec extends Specification { KubernetesV1Provider v1Provider = Mock(KubernetesV1Provider) AccountCredentialsRepository accountCredentialsRepository = Mock(AccountCredentialsRepository) KubernetesV1CachingAgentDispatcher agentDispatcher = Mock(KubernetesV1CachingAgentDispatcher) - NamerRegistry namerRegistry = Mock(NamerRegistry) ConfigFileService configFileService = new ConfigFileService() - KubernetesNamedAccountCredentials.CredentialFactory credentialFactory = new KubernetesNamedAccountCredentials.CredentialFactory( + KubernetesV1Credentials.Factory credentialFactory = new KubernetesV1Credentials.Factory( "userAgent", new NoopRegistry(), - namerRegistry, accountCredentialsRepository, - Mock(KubectlJobExecutor), configFileService, - null, - null + new KubernetesSpinnakerKindMap(Collections.emptyList()) ) def synchronizeAccounts(KubernetesConfigurationProperties configurationProperties) { @@ -62,7 +58,7 @@ class KubernetesV1ProviderSynchronizableSpec extends Specification { agentDispatcher, configurationProperties, credentialFactory, - new KubernetesSpinnakerKindMap([]), + new KubernetesSpinnakerKindMap(Collections.emptyList()), catsModule ) diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesLoadBalancerCachingAgentSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesLoadBalancerCachingAgentSpec.groovy index 3fb8a4e393e..6101d203e10 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesLoadBalancerCachingAgentSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesLoadBalancerCachingAgentSpec.groovy @@ -24,6 +24,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesApiAdaptor import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import spock.lang.Specification import spock.lang.Unroll @@ -48,7 +49,7 @@ class KubernetesLoadBalancerCachingAgentSpec extends Specification { def accountCredentialsRepositoryMock = Mock(AccountCredentialsRepository) - kubernetesCredentials = new KubernetesV1Credentials(apiMock, [], [], [], accountCredentialsRepositoryMock) + kubernetesCredentials = new KubernetesV1Credentials(apiMock, [], [], [], accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) def namedCrededentialsMock = Mock(KubernetesNamedAccountCredentials) namedCrededentialsMock.getCredentials() >> kubernetesCredentials diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesServerGroupCachingAgentSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesServerGroupCachingAgentSpec.groovy index bf15ef6b077..edd90e05b81 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesServerGroupCachingAgentSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesServerGroupCachingAgentSpec.groovy @@ -26,6 +26,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v1.deploy.KubernetesUtil import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials import com.netflix.spinnaker.clouddriver.kubernetes.v1.caching.Keys import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import io.fabric8.kubernetes.api.model.ObjectMeta import io.fabric8.kubernetes.api.model.PodList @@ -67,7 +68,7 @@ class KubernetesServerGroupCachingAgentSpec extends Specification { def accountCredentialsRepositoryMock = Mock(AccountCredentialsRepository) - kubernetesCredentials = new KubernetesV1Credentials(apiMock, [], [], [], accountCredentialsRepositoryMock) + kubernetesCredentials = new KubernetesV1Credentials(apiMock, [], [], [], accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) def namedCrededentialsMock = Mock(KubernetesNamedAccountCredentials) namedCrededentialsMock.getCredentials() >> kubernetesCredentials diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesV1SecurityGroupCachingAgentSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesV1SecurityGroupCachingAgentSpec.groovy index 1eb71d72695..ee45c6b2eb5 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesV1SecurityGroupCachingAgentSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/provider/agent/KubernetesV1SecurityGroupCachingAgentSpec.groovy @@ -24,6 +24,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesApiAdaptor import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesNamedAccountCredentials import com.netflix.spinnaker.clouddriver.kubernetes.v1.security.KubernetesV1Credentials +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import spock.lang.Specification import spock.lang.Unroll @@ -48,7 +49,7 @@ class KubernetesV1SecurityGroupCachingAgentSpec extends Specification { def accountCredentialsRepositoryMock = Mock(AccountCredentialsRepository) - kubernetesCredentials = new KubernetesV1Credentials(apiMock, [], [], [], accountCredentialsRepositoryMock) + kubernetesCredentials = new KubernetesV1Credentials(apiMock, [], [], [], accountCredentialsRepositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) def namedCrededentialsMock = Mock(KubernetesNamedAccountCredentials) namedCrededentialsMock.getCredentials() >> kubernetesCredentials diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1CredentialsSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1CredentialsSpec.groovy index 6b1492f3f40..f2ec74e5aae 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1CredentialsSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1CredentialsSpec.groovy @@ -20,6 +20,7 @@ package com.netflix.spinnaker.clouddriver.kubernetes.v1.security import com.netflix.spinnaker.clouddriver.docker.registry.security.DockerRegistryNamedAccountCredentials import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesApiAdaptor import com.netflix.spinnaker.clouddriver.kubernetes.config.LinkedDockerRegistryConfiguration +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import spock.lang.Specification @@ -61,7 +62,7 @@ class KubernetesV1CredentialsSpec extends Specification { repositoryMock.getOne(ACCOUNT1) >> registryAccountMock when: - def result = new KubernetesV1Credentials(adaptorMock, NAMESPACES1, [], REGISTRIES1, repositoryMock) + def result = new KubernetesV1Credentials(adaptorMock, NAMESPACES1, [], REGISTRIES1, repositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) then: result.getDeclaredNamespaces() == NAMESPACES1 @@ -78,7 +79,7 @@ class KubernetesV1CredentialsSpec extends Specification { repositoryMock.getOne(ACCOUNT1) >> registryAccountMock when: - def result = new KubernetesV1Credentials(adaptorMock, null, [], REGISTRIES2, repositoryMock) + def result = new KubernetesV1Credentials(adaptorMock, null, [], REGISTRIES2, repositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) then: result.getDeclaredNamespaces() == NAMESPACES2 @@ -95,7 +96,7 @@ class KubernetesV1CredentialsSpec extends Specification { repositoryMock.getOne(ACCOUNT1) >> registryAccountMock when: - def result = new KubernetesV1Credentials(adaptorMock, null, NAMESPACES2, REGISTRIES2, repositoryMock) + def result = new KubernetesV1Credentials(adaptorMock, null, NAMESPACES2, REGISTRIES2, repositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) then: result.getDeclaredNamespaces() == [] @@ -112,7 +113,7 @@ class KubernetesV1CredentialsSpec extends Specification { repositoryMock.getOne(ACCOUNT1) >> registryAccountMock when: - def result = new KubernetesV1Credentials(adaptorMock, null, [], REGISTRIES1, repositoryMock) + def result = new KubernetesV1Credentials(adaptorMock, null, [], REGISTRIES1, repositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())) then: result.getDeclaredNamespaces() == NAMESPACES2 @@ -130,7 +131,7 @@ class KubernetesV1CredentialsSpec extends Specification { repositoryMock.getOne(ACCOUNT1) >> registryAccountMock when: - def namespaces = new KubernetesV1Credentials(adaptorMock, null, [], REGISTRIES1, repositoryMock).getDeclaredNamespaces() + def namespaces = new KubernetesV1Credentials(adaptorMock, null, [], REGISTRIES1, repositoryMock, new KubernetesSpinnakerKindMap(Collections.emptyList())).getDeclaredNamespaces() then: namespaces == [] diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/KubernetesV2ProviderSynchronizableSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/KubernetesV2ProviderSynchronizableSpec.groovy index 71496544ef9..aa4e6bc4279 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/KubernetesV2ProviderSynchronizableSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/caching/KubernetesV2ProviderSynchronizableSpec.groovy @@ -32,28 +32,29 @@ import com.netflix.spinnaker.clouddriver.security.AccountCredentials import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository import com.netflix.spinnaker.clouddriver.security.ProviderVersion import com.netflix.spinnaker.kork.configserver.ConfigFileService +import groovy.transform.CompileStatic import spock.lang.Specification class KubernetesV2ProviderSynchronizableSpec extends Specification { CatsModule catsModule = Mock(CatsModule) AccountCredentialsRepository accountCredentialsRepository = Mock(AccountCredentialsRepository) - NamerRegistry namerRegistry = Mock(NamerRegistry) + NamerRegistry namerRegistry = new NamerRegistry([new KubernetesManifestNamer()]) ConfigFileService configFileService = Mock(ConfigFileService) KubernetesV2Provider kubernetesV2Provider = new KubernetesV2Provider() KubernetesV2CachingAgentDispatcher agentDispatcher = Mock(KubernetesV2CachingAgentDispatcher) AccountResourcePropertyRegistry.Factory resourcePropertyRegistryFactory = Mock(AccountResourcePropertyRegistry.Factory) KubernetesKindRegistry.Factory kindRegistryFactory = Mock(KubernetesKindRegistry.Factory) + KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap = new KubernetesSpinnakerKindMap(Collections.emptyList()) - KubernetesNamedAccountCredentials.CredentialFactory credentialFactory = new KubernetesNamedAccountCredentials.CredentialFactory( - "userAgent", + KubernetesV2Credentials.Factory credentialFactory = new KubernetesV2Credentials.Factory( new NoopRegistry(), namerRegistry, - accountCredentialsRepository, Mock(KubectlJobExecutor), configFileService, resourcePropertyRegistryFactory, - kindRegistryFactory + kindRegistryFactory, + kubernetesSpinnakerKindMap ) def synchronizeAccounts(KubernetesConfigurationProperties configurationProperties) { @@ -63,7 +64,7 @@ class KubernetesV2ProviderSynchronizableSpec extends Specification { agentDispatcher, configurationProperties, credentialFactory, - new KubernetesSpinnakerKindMap([]), + new KubernetesSpinnakerKindMap(Collections.emptyList()), catsModule ) @@ -101,7 +102,6 @@ class KubernetesV2ProviderSynchronizableSpec extends Specification { 1 * accountCredentialsRepository.save("test-account", _ as KubernetesNamedAccountCredentials) >> { _, creds -> credentials = creds } - 1 * namerRegistry.getNamingStrategy("kubernetesAnnotations") >> Mock(KubernetesManifestNamer) credentials.getName() == "test-account" credentials.getProviderVersion() == ProviderVersion.v2 diff --git a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2CredentialsSpec.groovy b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2CredentialsSpec.groovy index bd978d884bc..315da1148b6 100644 --- a/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2CredentialsSpec.groovy +++ b/clouddriver-kubernetes/src/test/groovy/com/netflix/spinnaker/clouddriver/kubernetes/v2/security/KubernetesV2CredentialsSpec.groovy @@ -16,16 +16,19 @@ package com.netflix.spinnaker.clouddriver.kubernetes.v2.security +import com.netflix.spectator.api.NoopRegistry import com.netflix.spectator.api.Registry import com.netflix.spinnaker.clouddriver.kubernetes.config.KubernetesConfigurationProperties import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.AccountResourcePropertyRegistry -import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.ResourcePropertyRegistry +import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpinnakerKindMap import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.GlobalKubernetesKindRegistry -import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesApiGroup import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKind import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKindProperties import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.manifest.KubernetesKindRegistry +import com.netflix.spinnaker.clouddriver.kubernetes.v2.names.KubernetesManifestNamer import com.netflix.spinnaker.clouddriver.kubernetes.v2.op.job.KubectlJobExecutor +import com.netflix.spinnaker.clouddriver.names.NamerRegistry +import com.netflix.spinnaker.kork.configserver.ConfigFileService import spock.lang.Specification class KubernetesV2CredentialsSpec extends Specification { @@ -36,20 +39,29 @@ class KubernetesV2CredentialsSpec extends Specification { KubernetesKindRegistry.Factory kindRegistryFactory = new KubernetesKindRegistry.Factory( new GlobalKubernetesKindRegistry(KubernetesKindProperties.getGlobalKindProperties()) ) + NamerRegistry namerRegistry = new NamerRegistry([new KubernetesManifestNamer()]) + ConfigFileService configFileService = new ConfigFileService() + KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap = new KubernetesSpinnakerKindMap(Collections.emptyList()) + + KubernetesV2Credentials.Factory credentialFactory = new KubernetesV2Credentials.Factory( + new NoopRegistry(), + namerRegistry, + kubectlJobExecutor, + configFileService, + resourcePropertyRegistryFactory, + kindRegistryFactory, + kubernetesSpinnakerKindMap + ) - private buildCredentials(KubernetesConfigurationProperties.ManagedAccount managedAccount) { - return new KubernetesV2Credentials(registry, kubectlJobExecutor, managedAccount, resourcePropertyRegistryFactory, kindRegistryFactory.create(), null) - } void "Built-in Kubernetes kinds are considered valid by default"() { when: - KubernetesV2Credentials credentials = buildCredentials( - new KubernetesConfigurationProperties.ManagedAccount( + KubernetesV2Credentials credentials = credentialFactory.build(new KubernetesConfigurationProperties.ManagedAccount( + name: "k8s", namespaces: [NAMESPACE], checkPermissionsOnStartup: false, - ) - ) + )) then: credentials.isValidKind(KubernetesKind.DEPLOYMENT) == true @@ -58,13 +70,12 @@ class KubernetesV2CredentialsSpec extends Specification { void "Built-in Kubernetes kinds are considered valid by default when kinds is empty"() { when: - KubernetesV2Credentials credentials = buildCredentials( - new KubernetesConfigurationProperties.ManagedAccount( + KubernetesV2Credentials credentials = credentialFactory.build(new KubernetesConfigurationProperties.ManagedAccount( + name: "k8s", namespaces: [NAMESPACE], checkPermissionsOnStartup: false, kinds: [] - ) - ) + )) then: credentials.isValidKind(KubernetesKind.DEPLOYMENT) == true @@ -73,13 +84,12 @@ class KubernetesV2CredentialsSpec extends Specification { void "Only explicitly listed kinds are valid when kinds is not empty"() { when: - KubernetesV2Credentials credentials = buildCredentials( - new KubernetesConfigurationProperties.ManagedAccount( + KubernetesV2Credentials credentials = credentialFactory.build(new KubernetesConfigurationProperties.ManagedAccount( + name: "k8s", namespaces: [NAMESPACE], checkPermissionsOnStartup: false, kinds: ["deployment"] - ) - ) + )) then: credentials.isValidKind(KubernetesKind.DEPLOYMENT) == true @@ -88,13 +98,12 @@ class KubernetesV2CredentialsSpec extends Specification { void "Explicitly omitted kinds are not valid"() { when: - KubernetesV2Credentials credentials = buildCredentials( - new KubernetesConfigurationProperties.ManagedAccount( + KubernetesV2Credentials credentials = credentialFactory.build(new KubernetesConfigurationProperties.ManagedAccount( + name: "k8s", namespaces: [NAMESPACE], checkPermissionsOnStartup: false, omitKinds: ["deployment"] - ) - ) + )) then: credentials.isValidKind(KubernetesKind.DEPLOYMENT) == false @@ -103,12 +112,11 @@ class KubernetesV2CredentialsSpec extends Specification { void "Kinds that are not readable are considered invalid"() { given: - KubernetesV2Credentials credentials = buildCredentials( - new KubernetesConfigurationProperties.ManagedAccount( + KubernetesV2Credentials credentials = credentialFactory.build(new KubernetesConfigurationProperties.ManagedAccount( + name: "k8s", namespaces: [NAMESPACE], checkPermissionsOnStartup: true, - ) - ) + )) kubectlJobExecutor.list(_ as KubernetesV2Credentials, [KubernetesKind.DEPLOYMENT], NAMESPACE, _ as KubernetesSelectorList) >> { throw new KubectlJobExecutor.KubectlException("Error", new Exception()) } @@ -123,13 +131,12 @@ class KubernetesV2CredentialsSpec extends Specification { void "Metrics are properly set on the account when not checking permissions"() { given: - KubernetesV2Credentials credentials = buildCredentials( - new KubernetesConfigurationProperties.ManagedAccount( + KubernetesV2Credentials credentials = credentialFactory.build(new KubernetesConfigurationProperties.ManagedAccount( + name: "k8s", namespaces: [NAMESPACE], checkPermissionsOnStartup: false, metrics: metrics - ) - ) + )) expect: credentials.isMetricsEnabled() == metrics @@ -140,13 +147,12 @@ class KubernetesV2CredentialsSpec extends Specification { void "Metrics are properly enabled when readable"() { given: - KubernetesV2Credentials credentials = buildCredentials( - new KubernetesConfigurationProperties.ManagedAccount( + KubernetesV2Credentials credentials = credentialFactory.build(new KubernetesConfigurationProperties.ManagedAccount( + name: "k8s", namespaces: [NAMESPACE], checkPermissionsOnStartup: true, metrics: true - ) - ) + )) kubectlJobExecutor.topPod(_ as KubernetesV2Credentials, NAMESPACE, _) >> Collections.emptyList() expect: @@ -155,13 +161,12 @@ class KubernetesV2CredentialsSpec extends Specification { void "Metrics are properly disabled when not readable"() { given: - KubernetesV2Credentials credentials = buildCredentials( - new KubernetesConfigurationProperties.ManagedAccount( + KubernetesV2Credentials credentials = credentialFactory.build(new KubernetesConfigurationProperties.ManagedAccount( + name: "k8s", namespaces: [NAMESPACE], checkPermissionsOnStartup: true, metrics: true - ) - ) + )) kubectlJobExecutor.topPod(_ as KubernetesV2Credentials, NAMESPACE, _) >> { throw new KubectlJobExecutor.KubectlException("Error", new Exception()) }