mirror of https://github.com/k3s-io/k3s
663 lines
16 KiB
Go
663 lines
16 KiB
Go
// Copyright 2019 The Kubernetes Authors.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package resmap
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"reflect"
|
|
|
|
"github.com/pkg/errors"
|
|
"sigs.k8s.io/kustomize/api/resource"
|
|
"sigs.k8s.io/kustomize/api/types"
|
|
"sigs.k8s.io/kustomize/kyaml/kio"
|
|
"sigs.k8s.io/kustomize/kyaml/resid"
|
|
kyaml "sigs.k8s.io/kustomize/kyaml/yaml"
|
|
)
|
|
|
|
// resWrangler implements ResMap.
|
|
type resWrangler struct {
|
|
// Resource list maintained in load (append) order.
|
|
// This is important for transformers, which must
|
|
// be performed in a specific order, and for users
|
|
// who for whatever reasons wish the order they
|
|
// specify in kustomizations to be maintained and
|
|
// available as an option for final YAML rendering.
|
|
rList []*resource.Resource
|
|
}
|
|
|
|
func newOne() *resWrangler {
|
|
result := &resWrangler{}
|
|
result.Clear()
|
|
return result
|
|
}
|
|
|
|
// Clear implements ResMap.
|
|
func (m *resWrangler) Clear() {
|
|
m.rList = nil
|
|
}
|
|
|
|
// DropEmpties quickly drops empty resources.
|
|
// It doesn't use Append, which checks for Id collisions.
|
|
func (m *resWrangler) DropEmpties() {
|
|
var rList []*resource.Resource
|
|
for _, r := range m.rList {
|
|
if !r.IsNilOrEmpty() {
|
|
rList = append(rList, r)
|
|
}
|
|
}
|
|
m.rList = rList
|
|
}
|
|
|
|
// Size implements ResMap.
|
|
func (m *resWrangler) Size() int {
|
|
return len(m.rList)
|
|
}
|
|
|
|
func (m *resWrangler) indexOfResource(other *resource.Resource) int {
|
|
for i, r := range m.rList {
|
|
if r == other {
|
|
return i
|
|
}
|
|
}
|
|
return -1
|
|
}
|
|
|
|
// Resources implements ResMap.
|
|
func (m *resWrangler) Resources() []*resource.Resource {
|
|
tmp := make([]*resource.Resource, len(m.rList))
|
|
copy(tmp, m.rList)
|
|
return tmp
|
|
}
|
|
|
|
// Append implements ResMap.
|
|
func (m *resWrangler) Append(res *resource.Resource) error {
|
|
id := res.CurId()
|
|
if r := m.GetMatchingResourcesByCurrentId(id.Equals); len(r) > 0 {
|
|
return fmt.Errorf(
|
|
"may not add resource with an already registered id: %s", id)
|
|
}
|
|
m.append(res)
|
|
return nil
|
|
}
|
|
|
|
// append appends without performing an Id check
|
|
func (m *resWrangler) append(res *resource.Resource) {
|
|
m.rList = append(m.rList, res)
|
|
}
|
|
|
|
// Remove implements ResMap.
|
|
func (m *resWrangler) Remove(adios resid.ResId) error {
|
|
var rList []*resource.Resource
|
|
for _, r := range m.rList {
|
|
if r.CurId() != adios {
|
|
rList = append(rList, r)
|
|
}
|
|
}
|
|
if len(rList) != m.Size()-1 {
|
|
return fmt.Errorf("id %s not found in removal", adios)
|
|
}
|
|
m.rList = rList
|
|
return nil
|
|
}
|
|
|
|
// Replace implements ResMap.
|
|
func (m *resWrangler) Replace(res *resource.Resource) (int, error) {
|
|
id := res.CurId()
|
|
i, err := m.GetIndexOfCurrentId(id)
|
|
if err != nil {
|
|
return -1, errors.Wrap(err, "in Replace")
|
|
}
|
|
if i < 0 {
|
|
return -1, fmt.Errorf("cannot find resource with id %s to replace", id)
|
|
}
|
|
m.rList[i] = res
|
|
return i, nil
|
|
}
|
|
|
|
// AllIds implements ResMap.
|
|
func (m *resWrangler) AllIds() (ids []resid.ResId) {
|
|
ids = make([]resid.ResId, m.Size())
|
|
for i, r := range m.rList {
|
|
ids[i] = r.CurId()
|
|
}
|
|
return
|
|
}
|
|
|
|
// Debug implements ResMap.
|
|
func (m *resWrangler) Debug(title string) {
|
|
fmt.Println("--------------------------- " + title)
|
|
firstObj := true
|
|
for i, r := range m.rList {
|
|
if firstObj {
|
|
firstObj = false
|
|
} else {
|
|
fmt.Println("---")
|
|
}
|
|
fmt.Printf("# %d %s\n%s\n", i, r.OrgId(), r.String())
|
|
}
|
|
}
|
|
|
|
type IdMatcher func(resid.ResId) bool
|
|
|
|
// GetByIndex implements ResMap.
|
|
func (m *resWrangler) GetByIndex(i int) *resource.Resource {
|
|
if i < 0 || i >= m.Size() {
|
|
return nil
|
|
}
|
|
return m.rList[i]
|
|
}
|
|
|
|
// GetIndexOfCurrentId implements ResMap.
|
|
func (m *resWrangler) GetIndexOfCurrentId(id resid.ResId) (int, error) {
|
|
count := 0
|
|
result := -1
|
|
for i, r := range m.rList {
|
|
if id.Equals(r.CurId()) {
|
|
count++
|
|
result = i
|
|
}
|
|
}
|
|
if count > 1 {
|
|
return -1, fmt.Errorf("id matched %d resources", count)
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
type IdFromResource func(r *resource.Resource) resid.ResId
|
|
|
|
func GetCurrentId(r *resource.Resource) resid.ResId { return r.CurId() }
|
|
|
|
// GetMatchingResourcesByCurrentId implements ResMap.
|
|
func (m *resWrangler) GetMatchingResourcesByCurrentId(
|
|
matches IdMatcher) []*resource.Resource {
|
|
return m.filteredById(matches, GetCurrentId)
|
|
}
|
|
|
|
// GetMatchingResourcesByAnyId implements ResMap.
|
|
func (m *resWrangler) GetMatchingResourcesByAnyId(
|
|
matches IdMatcher) []*resource.Resource {
|
|
var result []*resource.Resource
|
|
for _, r := range m.rList {
|
|
for _, id := range append(r.PrevIds(), r.CurId()) {
|
|
if matches(id) {
|
|
result = append(result, r)
|
|
break
|
|
}
|
|
}
|
|
}
|
|
return result
|
|
}
|
|
|
|
func (m *resWrangler) filteredById(
|
|
matches IdMatcher, idGetter IdFromResource) []*resource.Resource {
|
|
var result []*resource.Resource
|
|
for _, r := range m.rList {
|
|
if matches(idGetter(r)) {
|
|
result = append(result, r)
|
|
}
|
|
}
|
|
return result
|
|
}
|
|
|
|
// GetByCurrentId implements ResMap.
|
|
func (m *resWrangler) GetByCurrentId(
|
|
id resid.ResId) (*resource.Resource, error) {
|
|
return demandOneMatch(m.GetMatchingResourcesByCurrentId, id, "Current")
|
|
}
|
|
|
|
// GetById implements ResMap.
|
|
func (m *resWrangler) GetById(
|
|
id resid.ResId) (*resource.Resource, error) {
|
|
r, err := demandOneMatch(m.GetMatchingResourcesByAnyId, id, "Id")
|
|
if err != nil {
|
|
return nil, fmt.Errorf(
|
|
"%s; failed to find unique target for patch %s",
|
|
err.Error(), id.GvknString())
|
|
}
|
|
return r, nil
|
|
}
|
|
|
|
type resFinder func(IdMatcher) []*resource.Resource
|
|
|
|
func demandOneMatch(
|
|
f resFinder, id resid.ResId, s string) (*resource.Resource, error) {
|
|
r := f(id.Equals)
|
|
if len(r) == 1 {
|
|
return r[0], nil
|
|
}
|
|
if len(r) > 1 {
|
|
return nil, fmt.Errorf("multiple matches for %s %s", s, id)
|
|
}
|
|
return nil, fmt.Errorf("no matches for %s %s", s, id)
|
|
}
|
|
|
|
// GroupedByCurrentNamespace implements ResMap.
|
|
func (m *resWrangler) GroupedByCurrentNamespace() map[string][]*resource.Resource {
|
|
items := m.groupedByCurrentNamespace()
|
|
delete(items, resid.TotallyNotANamespace)
|
|
return items
|
|
}
|
|
|
|
// ClusterScoped implements ResMap.
|
|
func (m *resWrangler) ClusterScoped() []*resource.Resource {
|
|
return m.groupedByCurrentNamespace()[resid.TotallyNotANamespace]
|
|
}
|
|
|
|
func (m *resWrangler) groupedByCurrentNamespace() map[string][]*resource.Resource {
|
|
byNamespace := make(map[string][]*resource.Resource)
|
|
for _, res := range m.rList {
|
|
namespace := res.CurId().EffectiveNamespace()
|
|
if _, found := byNamespace[namespace]; !found {
|
|
byNamespace[namespace] = []*resource.Resource{}
|
|
}
|
|
byNamespace[namespace] = append(byNamespace[namespace], res)
|
|
}
|
|
return byNamespace
|
|
}
|
|
|
|
// GroupedByOriginalNamespace implements ResMap.
|
|
func (m *resWrangler) GroupedByOriginalNamespace() map[string][]*resource.Resource {
|
|
items := m.groupedByOriginalNamespace()
|
|
delete(items, resid.TotallyNotANamespace)
|
|
return items
|
|
}
|
|
|
|
func (m *resWrangler) groupedByOriginalNamespace() map[string][]*resource.Resource {
|
|
byNamespace := make(map[string][]*resource.Resource)
|
|
for _, res := range m.rList {
|
|
namespace := res.OrgId().EffectiveNamespace()
|
|
if _, found := byNamespace[namespace]; !found {
|
|
byNamespace[namespace] = []*resource.Resource{}
|
|
}
|
|
byNamespace[namespace] = append(byNamespace[namespace], res)
|
|
}
|
|
return byNamespace
|
|
}
|
|
|
|
// AsYaml implements ResMap.
|
|
func (m *resWrangler) AsYaml() ([]byte, error) {
|
|
firstObj := true
|
|
var b []byte
|
|
buf := bytes.NewBuffer(b)
|
|
for _, res := range m.rList {
|
|
out, err := res.AsYAML()
|
|
if err != nil {
|
|
m, _ := res.Map()
|
|
return nil, errors.Wrapf(err, "%#v", m)
|
|
}
|
|
if firstObj {
|
|
firstObj = false
|
|
} else {
|
|
if _, err = buf.WriteString("---\n"); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
if _, err = buf.Write(out); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
return buf.Bytes(), nil
|
|
}
|
|
|
|
// ErrorIfNotEqualSets implements ResMap.
|
|
func (m *resWrangler) ErrorIfNotEqualSets(other ResMap) error {
|
|
m2, ok := other.(*resWrangler)
|
|
if !ok {
|
|
return fmt.Errorf("bad cast to resWrangler 1")
|
|
}
|
|
if m.Size() != m2.Size() {
|
|
return fmt.Errorf(
|
|
"lists have different number of entries: %#v doesn't equal %#v",
|
|
m.rList, m2.rList)
|
|
}
|
|
seen := make(map[int]bool)
|
|
for _, r1 := range m.rList {
|
|
id := r1.CurId()
|
|
others := m2.GetMatchingResourcesByCurrentId(id.Equals)
|
|
if len(others) == 0 {
|
|
return fmt.Errorf(
|
|
"id in self missing from other; id: %s", id)
|
|
}
|
|
if len(others) > 1 {
|
|
return fmt.Errorf(
|
|
"id in self matches %d in other; id: %s", len(others), id)
|
|
}
|
|
r2 := others[0]
|
|
if !reflect.DeepEqual(r1.RNode, r2.RNode) {
|
|
return fmt.Errorf(
|
|
"nodes unequal: \n -- %s,\n -- %s\n\n--\n%#v\n------\n%#v\n",
|
|
r1, r2, r1, r2)
|
|
}
|
|
seen[m2.indexOfResource(r2)] = true
|
|
}
|
|
if len(seen) != m.Size() {
|
|
return fmt.Errorf("counting problem %d != %d", len(seen), m.Size())
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ErrorIfNotEqualLists implements ResMap.
|
|
func (m *resWrangler) ErrorIfNotEqualLists(other ResMap) error {
|
|
m2, ok := other.(*resWrangler)
|
|
if !ok {
|
|
return fmt.Errorf("bad cast to resWrangler 2")
|
|
}
|
|
if m.Size() != m2.Size() {
|
|
return fmt.Errorf(
|
|
"lists have different number of entries: %#v doesn't equal %#v",
|
|
m.rList, m2.rList)
|
|
}
|
|
for i, r1 := range m.rList {
|
|
r2 := m2.rList[i]
|
|
if err := r1.ErrIfNotEquals(r2); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
type resCopier func(r *resource.Resource) *resource.Resource
|
|
|
|
// ShallowCopy implements ResMap.
|
|
func (m *resWrangler) ShallowCopy() ResMap {
|
|
return m.makeCopy(
|
|
func(r *resource.Resource) *resource.Resource {
|
|
return r
|
|
})
|
|
}
|
|
|
|
// DeepCopy implements ResMap.
|
|
func (m *resWrangler) DeepCopy() ResMap {
|
|
return m.makeCopy(
|
|
func(r *resource.Resource) *resource.Resource {
|
|
return r.DeepCopy()
|
|
})
|
|
}
|
|
|
|
// makeCopy copies the ResMap.
|
|
func (m *resWrangler) makeCopy(copier resCopier) ResMap {
|
|
result := &resWrangler{}
|
|
result.rList = make([]*resource.Resource, m.Size())
|
|
for i, r := range m.rList {
|
|
result.rList[i] = copier(r)
|
|
}
|
|
return result
|
|
}
|
|
|
|
// SubsetThatCouldBeReferencedByResource implements ResMap.
|
|
func (m *resWrangler) SubsetThatCouldBeReferencedByResource(
|
|
referrer *resource.Resource) ResMap {
|
|
referrerId := referrer.CurId()
|
|
if referrerId.IsClusterScoped() {
|
|
// A cluster scoped resource can refer to anything.
|
|
return m
|
|
}
|
|
result := newOne()
|
|
roleBindingNamespaces := getNamespacesForRoleBinding(referrer)
|
|
for _, possibleTarget := range m.rList {
|
|
id := possibleTarget.CurId()
|
|
if id.IsClusterScoped() {
|
|
// A cluster-scoped resource can be referred to by anything.
|
|
result.append(possibleTarget)
|
|
continue
|
|
}
|
|
if id.IsNsEquals(referrerId) {
|
|
// The two objects are in the same namespace.
|
|
result.append(possibleTarget)
|
|
continue
|
|
}
|
|
// The two objects are namespaced (not cluster-scoped), AND
|
|
// are in different namespaces.
|
|
// There's still a chance they can refer to each other.
|
|
if roleBindingNamespaces[possibleTarget.GetNamespace()] {
|
|
result.append(possibleTarget)
|
|
}
|
|
}
|
|
return result
|
|
}
|
|
|
|
// getNamespacesForRoleBinding returns referenced ServiceAccount namespaces
|
|
// if the resource is a RoleBinding
|
|
func getNamespacesForRoleBinding(r *resource.Resource) map[string]bool {
|
|
result := make(map[string]bool)
|
|
if r.GetKind() != "RoleBinding" {
|
|
return result
|
|
}
|
|
//nolint staticcheck
|
|
subjects, err := r.GetSlice("subjects")
|
|
if err != nil || subjects == nil {
|
|
return result
|
|
}
|
|
for _, s := range subjects {
|
|
subject := s.(map[string]interface{})
|
|
if ns, ok1 := subject["namespace"]; ok1 {
|
|
if kind, ok2 := subject["kind"]; ok2 {
|
|
if kind.(string) == "ServiceAccount" {
|
|
result[ns.(string)] = true
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return result
|
|
}
|
|
|
|
// AppendAll implements ResMap.
|
|
func (m *resWrangler) AppendAll(other ResMap) error {
|
|
if other == nil {
|
|
return nil
|
|
}
|
|
m2, ok := other.(*resWrangler)
|
|
if !ok {
|
|
return fmt.Errorf("bad cast to resWrangler 3")
|
|
}
|
|
return m.appendAll(m2.rList)
|
|
}
|
|
|
|
// appendAll appends all the resources, error on Id collision.
|
|
func (m *resWrangler) appendAll(list []*resource.Resource) error {
|
|
for _, res := range list {
|
|
if err := m.Append(res); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// AbsorbAll implements ResMap.
|
|
func (m *resWrangler) AbsorbAll(other ResMap) error {
|
|
if other == nil {
|
|
return nil
|
|
}
|
|
m2, ok := other.(*resWrangler)
|
|
if !ok {
|
|
return fmt.Errorf("bad cast to resWrangler 4")
|
|
}
|
|
for _, r := range m2.rList {
|
|
err := m.appendReplaceOrMerge(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (m *resWrangler) appendReplaceOrMerge(res *resource.Resource) error {
|
|
id := res.CurId()
|
|
matches := m.GetMatchingResourcesByAnyId(id.Equals)
|
|
switch len(matches) {
|
|
case 0:
|
|
switch res.Behavior() {
|
|
case types.BehaviorMerge, types.BehaviorReplace:
|
|
return fmt.Errorf(
|
|
"id %#v does not exist; cannot merge or replace", id)
|
|
default:
|
|
// presumably types.BehaviorCreate
|
|
return m.Append(res)
|
|
}
|
|
case 1:
|
|
old := matches[0]
|
|
if old == nil {
|
|
return fmt.Errorf("id lookup failure")
|
|
}
|
|
index := m.indexOfResource(old)
|
|
if index < 0 {
|
|
return fmt.Errorf("indexing problem")
|
|
}
|
|
switch res.Behavior() {
|
|
case types.BehaviorReplace:
|
|
res.CopyMergeMetaDataFieldsFrom(old)
|
|
case types.BehaviorMerge:
|
|
res.CopyMergeMetaDataFieldsFrom(old)
|
|
res.MergeDataMapFrom(old)
|
|
res.MergeBinaryDataMapFrom(old)
|
|
default:
|
|
return fmt.Errorf(
|
|
"id %#v exists; behavior must be merge or replace", id)
|
|
}
|
|
i, err := m.Replace(res)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if i != index {
|
|
return fmt.Errorf("unexpected target index in replacement")
|
|
}
|
|
return nil
|
|
default:
|
|
return fmt.Errorf(
|
|
"found multiple objects %v that could accept merge of %v",
|
|
matches, id)
|
|
}
|
|
}
|
|
|
|
// Select returns a list of resources that
|
|
// are selected by a Selector
|
|
func (m *resWrangler) Select(s types.Selector) ([]*resource.Resource, error) {
|
|
var result []*resource.Resource
|
|
sr, err := types.NewSelectorRegex(&s)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
for _, r := range m.rList {
|
|
curId := r.CurId()
|
|
orgId := r.OrgId()
|
|
|
|
// It first tries to match with the original namespace
|
|
// then matches with the current namespace
|
|
if !sr.MatchNamespace(orgId.EffectiveNamespace()) &&
|
|
!sr.MatchNamespace(curId.EffectiveNamespace()) {
|
|
continue
|
|
}
|
|
|
|
// It first tries to match with the original name
|
|
// then matches with the current name
|
|
if !sr.MatchName(orgId.Name) &&
|
|
!sr.MatchName(curId.Name) {
|
|
continue
|
|
}
|
|
|
|
// matches the GVK
|
|
if !sr.MatchGvk(r.GetGvk()) {
|
|
continue
|
|
}
|
|
|
|
// matches the label selector
|
|
matched, err := r.MatchesLabelSelector(s.LabelSelector)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !matched {
|
|
continue
|
|
}
|
|
|
|
// matches the annotation selector
|
|
matched, err = r.MatchesAnnotationSelector(s.AnnotationSelector)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if !matched {
|
|
continue
|
|
}
|
|
result = append(result, r)
|
|
}
|
|
return result, nil
|
|
}
|
|
|
|
// ToRNodeSlice returns a copy of the resources as RNodes.
|
|
func (m *resWrangler) ToRNodeSlice() []*kyaml.RNode {
|
|
result := make([]*kyaml.RNode, len(m.rList))
|
|
for i := range m.rList {
|
|
result[i] = m.rList[i].Copy()
|
|
}
|
|
return result
|
|
}
|
|
|
|
// ApplySmPatch applies the patch, and errors on Id collisions.
|
|
func (m *resWrangler) ApplySmPatch(
|
|
selectedSet *resource.IdSet, patch *resource.Resource) error {
|
|
var list []*resource.Resource
|
|
for _, res := range m.rList {
|
|
if selectedSet.Contains(res.CurId()) {
|
|
patchCopy := patch.DeepCopy()
|
|
patchCopy.CopyMergeMetaDataFieldsFrom(patch)
|
|
patchCopy.SetGvk(res.GetGvk())
|
|
patchCopy.SetKind(patch.GetKind())
|
|
if err := res.ApplySmPatch(patchCopy); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
if !res.IsNilOrEmpty() {
|
|
list = append(list, res)
|
|
}
|
|
}
|
|
m.Clear()
|
|
return m.appendAll(list)
|
|
}
|
|
|
|
func (m *resWrangler) RemoveBuildAnnotations() {
|
|
for _, r := range m.rList {
|
|
r.RemoveBuildAnnotations()
|
|
}
|
|
}
|
|
|
|
// ApplyFilter implements ResMap.
|
|
func (m *resWrangler) ApplyFilter(f kio.Filter) error {
|
|
reverseLookup := make(map[*kyaml.RNode]*resource.Resource, len(m.rList))
|
|
nodes := make([]*kyaml.RNode, len(m.rList))
|
|
for i, r := range m.rList {
|
|
ptr := &(r.RNode)
|
|
nodes[i] = ptr
|
|
reverseLookup[ptr] = r
|
|
}
|
|
// The filter can modify nodes, but also delete and create them.
|
|
// The filtered list might be smaller or larger than the nodes list.
|
|
filtered, err := f.Filter(nodes)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// Rebuild the resmap from the filtered RNodes.
|
|
var nRList []*resource.Resource
|
|
for _, rn := range filtered {
|
|
if rn.IsNilOrEmpty() {
|
|
// A node might make it through the filter as an object,
|
|
// but still be empty. Drop such entries.
|
|
continue
|
|
}
|
|
res, ok := reverseLookup[rn]
|
|
if !ok {
|
|
// A node was created; make a Resource to wrap it.
|
|
res = &resource.Resource{
|
|
RNode: *rn,
|
|
// Leave remaining fields empty.
|
|
// At at time of writing, seeking to eliminate those fields.
|
|
// Alternatively, could just return error on creation attempt
|
|
// until remaining fields eliminated.
|
|
}
|
|
}
|
|
nRList = append(nRList, res)
|
|
}
|
|
m.rList = nRList
|
|
return nil
|
|
}
|