feat(k8s): dynamic account config (#3824)

* feat(k8s): dynamic account config

implement credential synchronization for kubernetes accounts. defines
`CredentialsInitializerSynchronizable` on the
`KubernetesV*ProviderConfig` classes. Each of these classes is
responsible for handling accounts for each provider version.

* feat(k8s): detemine if account has changed

* refactor(k8s): rename provider config classes

renames provider config classes to synchronizable since there is no
longer an `@Configuration` annotation.

* refactor(k8s): add file hash signature

adds a `kubeconfigFileHash` property which enables us to determine if
the file contents of the kubeconfig file changed even if the path hasn't
changed. this kind of change warrants an account refresh becuase the
credentials used by the account may have possibly changed.

* refactor(k8s): defer to computedOmitKinds

previously, we were modifying omitKinds when an account was initialized.
this caused calls to `equals` to fail because they didn't match
configured omitKinds. this change defers to `omitKindsComputed` so that
checking new and existing credentials is accurate according to how the
account it configured. this allows us to only initialize modified or new
accounts rather than every credential.

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/config/KubernetesConfigurationProperties.groovy

@@ -20,6 +20,7 @@ import com.netflix.spinnaker.clouddriver.kubernetes.v2.description.KubernetesSpi
 import com.netflix.spinnaker.clouddriver.security.ProviderVersion
 import com.netflix.spinnaker.fiat.model.resources.Permissions
 import groovy.transform.ToString
+import lombok.EqualsAndHashCode
 
 @ToString(includeNames = true)
 class KubernetesConfigurationProperties {
@@ -66,12 +67,17 @@ class KubernetesConfigurationProperties {
 }
 
 @ToString(includeNames = true)
+@EqualsAndHashCode
 class LinkedDockerRegistryConfiguration {
+  @EqualsAndHashCode.Include
   String accountName
+
+  @EqualsAndHashCode.Include
   List<String> namespaces
 }
 
 @ToString(includeNames = true)
+@EqualsAndHashCode
 class CustomKubernetesResource {
   String kubernetesKind
   String spinnakerKind = KubernetesSpinnakerKindMap.SpinnakerKind.UNCLASSIFIED.toString()
@@ -81,6 +87,7 @@ class CustomKubernetesResource {
 }
 
 @ToString(includeNames = true)
+@EqualsAndHashCode
 class KubernetesCachingPolicy {
   String kubernetesKind
   int maxEntriesPerAgent

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubeconfigFileHasher.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright 2019 Armory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License")
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.netflix.spinnaker.clouddriver.kubernetes.security;
+
+import com.google.common.hash.Hashing;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class KubeconfigFileHasher {
+
+  public static String hashKubeconfigFile(String filepath) {
+    try {
+      byte[] contents = Files.readAllBytes(Paths.get(filepath));
+      return Hashing.sha256().hashBytes(contents).toString();
+    } catch (Exception e) {
+      log.warn("failed to hash kubeconfig file at {}: {}", filepath, e);
+      return "";
+    }
+  }
+}

clouddriver-kubernetes/src/main/groovy/com/netflix/spinnaker/clouddriver/kubernetes/security/KubernetesNamedAccountCredentials.java

@@ -16,6 +16,8 @@
 
 package com.netflix.spinnaker.clouddriver.kubernetes.security;
 
+import static lombok.EqualsAndHashCode.Include;
+
 import com.netflix.spectator.api.Registry;
 import com.netflix.spinnaker.clouddriver.data.ConfigFileService;
 import com.netflix.spinnaker.clouddriver.kubernetes.KubernetesCloudProvider;
@@ -30,30 +32,39 @@
 import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository;
 import com.netflix.spinnaker.clouddriver.security.ProviderVersion;
 import com.netflix.spinnaker.fiat.model.resources.Permissions;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Optional;
+import java.util.*;
+import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Component;
 
 @Getter
+@EqualsAndHashCode(onlyExplicitlyIncluded = true)
 public class KubernetesNamedAccountCredentials<C extends KubernetesCredentials>
     implements AccountCredentials<C> {
   private final String cloudProvider = "kubernetes";
-  private final String name;
-  private final ProviderVersion providerVersion;
-  private final String environment;
-  private final String accountType;
-  private final String skin;
-  private final int cacheThreads;
-  private final C credentials;
-  private final List<String> requiredGroupMembership;
-  private final Permissions permissions;
-  private final Long cacheIntervalSeconds;
+
+  @Include private final String name;
+
+  @Include private final ProviderVersion providerVersion;
+
+  @Include private final String environment;
+
+  @Include private final String accountType;
+
+  @Include private final String skin;
+
+  @Include private final int cacheThreads;
+
+  @Include private final C credentials;
+
+  @Include private final List<String> requiredGroupMembership;
+
+  @Include private final Permissions permissions;
+
+  @Include private final Long cacheIntervalSeconds;
+
   private final KubernetesSpinnakerKindMap kubernetesSpinnakerKindMap;
 
   public KubernetesNamedAccountCredentials(