Skip to content

Commit

Permalink
Move dedicated intents- and credentials- related parts of IAM agents …
Browse files Browse the repository at this point in the history
…out of shared and into operators (#395)
  • Loading branch information
amitlicht authored Apr 9, 2024
1 parent a63ad86 commit db239af
Show file tree
Hide file tree
Showing 28 changed files with 403 additions and 660 deletions.
156 changes: 0 additions & 156 deletions src/operator/controllers/intents_reconcilers/aws_reconciler.go

This file was deleted.

1 change: 0 additions & 1 deletion src/operator/controllers/intents_reconcilers/generate.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,3 @@ package intents_reconcilers
//go:generate go run go.uber.org/mock/mockgen@v0.2.0 -destination=./mocks/mock_istio_manager.go -package=intentsreconcilersmocks -source=../istiopolicy/policy_manager.go PolicyManager
//go:generate go run go.uber.org/mock/mockgen@v0.2.0 -destination=./mocks/mock_service_resolver.go -package=intentsreconcilersmocks -source=../../../shared/serviceidresolver/serviceidresolver.go ServiceResolver
//go:generate go run go.uber.org/mock/mockgen@v0.2.0 -destination=./mocks/mock_external_netpol_handler.go -package=intentsreconcilersmocks github.com/otterize/intents-operator/src/operator/controllers/intents_reconcilers/networkpolicy ExternalNetpolHandler
//go:generate go run go.uber.org/mock/mockgen@v0.2.0 -destination=./mocks/mock_policy_agent.go -package=intentsreconcilersmocks -source=./iam_reconciler.go IAMPolicyAgent
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
package intents_reconcilers
package iam

import (
"context"
otterizev1alpha3 "github.com/otterize/intents-operator/src/operator/api/v1alpha3"
"github.com/otterize/intents-operator/src/operator/controllers/intents_reconcilers/consts"
"github.com/otterize/intents-operator/src/operator/controllers/intents_reconcilers/iam/iampolicyagents"
"github.com/otterize/intents-operator/src/shared/errors"
"github.com/otterize/intents-operator/src/shared/injectablerecorder"
"github.com/otterize/intents-operator/src/shared/serviceidresolver"
Expand All @@ -17,32 +18,25 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"
)

type IAMPolicyAgent interface {
IntentType() otterizev1alpha3.IntentType
AppliesOnPod(pod *corev1.Pod) bool
AddRolePolicyFromIntents(ctx context.Context, namespace string, accountName string, intentsServiceName string, intents []otterizev1alpha3.Intent) error
DeleteRolePolicyFromIntents(ctx context.Context, intents otterizev1alpha3.ClientIntents) error
}

type IAMIntentsReconciler struct {
client.Client
Scheme *runtime.Scheme
injectablerecorder.InjectableRecorder
serviceIdResolver serviceidresolver.ServiceResolver
agents []IAMPolicyAgent
agent iampolicyagents.IAMPolicyAgent
}

func NewIAMIntentsReconciler(
client client.Client,
scheme *runtime.Scheme,
serviceIdResolver serviceidresolver.ServiceResolver,
agents []IAMPolicyAgent,
agent iampolicyagents.IAMPolicyAgent,
) *IAMIntentsReconciler {
return &IAMIntentsReconciler{
Client: client,
Scheme: scheme,
serviceIdResolver: serviceIdResolver,
agents: agents,
agent: agent,
}
}

Expand All @@ -62,11 +56,9 @@ func (r *IAMIntentsReconciler) Reconcile(ctx context.Context, req reconcile.Requ
if intents.DeletionTimestamp != nil {
logger.Debug("Intents deleted, deleting IAM role policy for this service")

for _, agent := range r.agents {
err := agent.DeleteRolePolicyFromIntents(ctx, intents)
if err != nil {
return ctrl.Result{}, errors.Wrap(err)
}
err := r.agent.DeleteRolePolicyFromIntents(ctx, intents)
if err != nil {
return ctrl.Result{}, errors.Wrap(err)
}

return ctrl.Result{}, nil
Expand All @@ -90,20 +82,14 @@ func (r *IAMIntentsReconciler) Reconcile(ctx context.Context, req reconcile.Requ
return ctrl.Result{}, errors.Wrap(err)
}

if pod.Labels == nil {
return ctrl.Result{}, nil
}

for _, agent := range r.agents {
if err := r.applyTypedIAMIntents(ctx, pod, intents, agent); err != nil {
return ctrl.Result{}, errors.Wrap(err)
}
if err := r.applyTypedIAMIntents(ctx, pod, intents, r.agent); err != nil {
return ctrl.Result{}, errors.Wrap(err)
}

return ctrl.Result{}, nil
}

func (r *IAMIntentsReconciler) applyTypedIAMIntents(ctx context.Context, pod corev1.Pod, intents otterizev1alpha3.ClientIntents, agent IAMPolicyAgent) error {
func (r *IAMIntentsReconciler) applyTypedIAMIntents(ctx context.Context, pod corev1.Pod, intents otterizev1alpha3.ClientIntents, agent iampolicyagents.IAMPolicyAgent) error {
if !agent.AppliesOnPod(&pod) {
return nil
}
Expand Down
Loading

0 comments on commit db239af

Please sign in to comment.