Skip to content

Commit

Permalink
chore: remove everything related obsolete global plugins
Browse files Browse the repository at this point in the history
  • Loading branch information
@programmer04
programmer04 committed Sep 27, 2023
1 parent 88651c8 commit c495d03
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 327 deletions.
67 changes: 0 additions & 67 deletions internal/dataplane/kongstate/kongstate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,76 +389,9 @@ func buildPlugins(
plugins = append(plugins, plugin)
}
}

globalPlugins, err := globalPlugins(log, s)
if err != nil {
log.WithError(err).Error("failed to fetch global plugins")
}
// global plugins have no instance_name transform as they can only be applied once
plugins = append(plugins, globalPlugins...)

return plugins
}

func globalPlugins(log logrus.FieldLogger, s store.Storer) ([]Plugin, error) {
// removed as of 0.10.0
// only retrieved now to warn users
globalPlugins, err := s.ListGlobalKongPlugins()
if err != nil {
return nil, fmt.Errorf("error listing global KongPlugins: %w", err)
}
if len(globalPlugins) > 0 {
log.Warning("global KongPlugins found. These are no longer applied and",
" must be replaced with KongClusterPlugins.",
" Please run \"kubectl get kongplugin -l global=true --all-namespaces\" to list existing plugins")
}
res := make(map[string]Plugin)
var duplicates []string // keep track of duplicate
// TODO respect the oldest CRD
// Current behavior is to skip creating the plugin but in case
// of duplicate plugin definitions, we should respect the oldest one
// This is important since if a user comes in to k8s and creates a new
// CRD, the user now deleted an older plugin

globalClusterPlugins, err := s.ListGlobalKongClusterPlugins()
if err != nil {
return nil, fmt.Errorf("error listing global KongClusterPlugins: %w", err)
}
for i := 0; i < len(globalClusterPlugins); i++ {
k8sPlugin := *globalClusterPlugins[i]
pluginName := k8sPlugin.PluginName
// empty pluginName skip it
if pluginName == "" {
log.WithFields(logrus.Fields{
"kongclusterplugin_name": k8sPlugin.Name,
}).Errorf("invalid KongClusterPlugin: empty plugin property")
continue
}
if _, ok := res[pluginName]; ok {
log.Error("multiple KongPlugin definitions found with"+
" 'global' label for '", pluginName,
"', the plugin will not be applied")
duplicates = append(duplicates, pluginName)
continue
}
if plugin, err := kongPluginFromK8SClusterPlugin(s, k8sPlugin); err == nil {
res[pluginName] = plugin
} else {
log.WithFields(logrus.Fields{
"kongclusterplugin_name": k8sPlugin.Name,
}).WithError(err).Error("failed to generate configuration from KongClusterPlugin")
}
}
for _, plugin := range duplicates {
delete(res, plugin)
}
var plugins []Plugin
for _, p := range res {
plugins = append(plugins, p)
}
return plugins, nil
}

func (ks *KongState) FillPlugins(
log logrus.FieldLogger,
s store.Storer,
Expand Down
164 changes: 8 additions & 156 deletions internal/dataplane/parser/parser_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,47 +36,6 @@ import (
"github.com/kong/kubernetes-ingress-controller/v2/test/helpers/certificate"
)

func TestGlobalPlugin(t *testing.T) {
assert := assert.New(t)
t.Run("global plugins are processed correctly", func(t *testing.T) {
store, err := store.NewFakeStore(store.FakeObjects{
KongClusterPlugins: []*kongv1.KongClusterPlugin{
{
ObjectMeta: metav1.ObjectMeta{
Name: "bar-plugin",
Labels: map[string]string{
"global": "true",
},
Annotations: map[string]string{
annotations.IngressClassKey: annotations.DefaultIngressClass,
},
},
Protocols: kongv1.StringsToKongProtocols([]string{"http"}),
PluginName: "basic-auth",
Config: apiextensionsv1.JSON{
Raw: []byte(`{"foo1": "bar1"}`),
},
},
},
})
require.NoError(t, err)
p := mustNewParser(t, store)
result := p.BuildKongConfig()
require.Empty(t, result.TranslationFailures)
state := result.KongState
require.NotNil(t, state)
assert.Equal(1, len(state.Plugins),
"expected one plugin to be rendered")

sort.SliceStable(state.Plugins, func(i, j int) bool {
return strings.Compare(*state.Plugins[i].Name, *state.Plugins[j].Name) > 0
})

assert.Equal("basic-auth", *state.Plugins[0].Name)
assert.Equal(kong.Configuration{"foo1": "bar1"}, state.Plugins[0].Config)
})
}

func TestSecretConfigurationPlugin(t *testing.T) {
jwtPluginConfig := `{"run_on_preflight": false}` // JSON
basicAuthPluginConfig := "hide_credentials: true" // YAML
Expand Down Expand Up @@ -182,30 +141,7 @@ func TestSecretConfigurationPlugin(t *testing.T) {
objects.KongClusterPlugins = []*kongv1.KongClusterPlugin{
{
ObjectMeta: metav1.ObjectMeta{
Name: "global-bar-plugin",
Labels: map[string]string{
"global": "true",
},
Annotations: map[string]string{
annotations.IngressClassKey: annotations.DefaultIngressClass,
},
},
Protocols: kongv1.StringsToKongProtocols([]string{"http"}),
PluginName: "basic-auth",
ConfigFrom: &kongv1.NamespacedConfigSource{
SecretValue: kongv1.NamespacedSecretValueFromSource{
Key: "basic-auth-config",
Secret: "conf-secret",
Namespace: "default",
},
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "global-broken-bar-plugin",
Labels: map[string]string{
"global": "true",
},
Name: "broken-bar-plugin",
Annotations: map[string]string{
// explicitly none, this should not get rendered
},
Expand Down Expand Up @@ -256,8 +192,7 @@ func TestSecretConfigurationPlugin(t *testing.T) {
require.NoError(t, err)
state := result.KongState
require.NotNil(t, state)
assert.Equal(3, len(state.Plugins),
"expected three plugins to be rendered")
require.Len(t, state.Plugins, 2)

sort.SliceStable(state.Plugins, func(i, j int) bool {
return strings.Compare(*state.Plugins[i].Name,
Expand All @@ -269,32 +204,13 @@ func TestSecretConfigurationPlugin(t *testing.T) {

assert.Equal("basic-auth", *state.Plugins[1].Name)
assert.Equal(kong.Configuration{"hide_credentials": true},
state.Plugins[2].Config)
assert.Equal("basic-auth", *state.Plugins[2].Name)
assert.Equal(kong.Configuration{"hide_credentials": true},
state.Plugins[2].Config)
state.Plugins[1].Config)
})

t.Run("plugins with missing secrets or keys are not constructed",
func(t *testing.T) {
objects := stock
objects.KongPlugins = []*kongv1.KongPlugin{
{
ObjectMeta: metav1.ObjectMeta{
Name: "global-foo-plugin",
Namespace: "default",
Labels: map[string]string{
"global": "true",
},
},
PluginName: "jwt",
ConfigFrom: &kongv1.ConfigSource{
SecretValue: kongv1.SecretValueFromSource{
Key: "missing-key",
Secret: "conf-secret",
},
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "foo-plugin",
Expand All @@ -310,23 +226,6 @@ func TestSecretConfigurationPlugin(t *testing.T) {
},
}
objects.KongClusterPlugins = []*kongv1.KongClusterPlugin{
{
ObjectMeta: metav1.ObjectMeta{
Name: "global-bar-plugin",
Labels: map[string]string{
"global": "true",
},
},
Protocols: kongv1.StringsToKongProtocols([]string{"http"}),
PluginName: "basic-auth",
ConfigFrom: &kongv1.NamespacedConfigSource{
SecretValue: kongv1.NamespacedSecretValueFromSource{
Key: "basic-auth-config",
Secret: "missing-secret",
Namespace: "default",
},
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "bar-plugin",
Expand Down Expand Up @@ -363,33 +262,13 @@ func TestSecretConfigurationPlugin(t *testing.T) {
require.NoError(t, err)
state := result.KongState
require.NotNil(t, state)
assert.Equal(0, len(state.Plugins),
"expected no plugins to be rendered")
require.Len(t, state.Plugins, 0)
})

t.Run("plugins with both config and configFrom are not constructed",
func(t *testing.T) {
objects := stock
objects.KongPlugins = []*kongv1.KongPlugin{
{
ObjectMeta: metav1.ObjectMeta{
Name: "global-foo-plugin",
Namespace: "default",
Labels: map[string]string{
"global": "true",
},
},
PluginName: "jwt",
Config: apiextensionsv1.JSON{
Raw: []byte(`{"fake": true}`),
},
ConfigFrom: &kongv1.ConfigSource{
SecretValue: kongv1.SecretValueFromSource{
Key: "jwt-config",
Secret: "conf-secret",
},
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "foo-plugin",
Expand All @@ -408,26 +287,6 @@ func TestSecretConfigurationPlugin(t *testing.T) {
},
}
objects.KongClusterPlugins = []*kongv1.KongClusterPlugin{
{
ObjectMeta: metav1.ObjectMeta{
Name: "global-bar-plugin",
Labels: map[string]string{
"global": "true",
},
},
Protocols: kongv1.StringsToKongProtocols([]string{"http"}),
PluginName: "basic-auth",
Config: apiextensionsv1.JSON{
Raw: []byte(`{"fake": true}`),
},
ConfigFrom: &kongv1.NamespacedConfigSource{
SecretValue: kongv1.NamespacedSecretValueFromSource{
Key: "basic-auth-config",
Secret: "conf-secret",
Namespace: "default",
},
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "bar-plugin",
Expand Down Expand Up @@ -538,11 +397,8 @@ func TestSecretConfigurationPlugin(t *testing.T) {
objects.KongPlugins = []*kongv1.KongPlugin{
{
ObjectMeta: metav1.ObjectMeta{
Name: "global-foo-plugin",
Name: "foo-plugin",
Namespace: "default",
Labels: map[string]string{
"global": "true",
},
},
PluginName: "jwt",
ConfigFrom: &kongv1.ConfigSource{
Expand All @@ -554,7 +410,7 @@ func TestSecretConfigurationPlugin(t *testing.T) {
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "foo-plugin",
Name: "bar-plugin",
Namespace: "default",
},
PluginName: "jwt",
Expand All @@ -569,10 +425,7 @@ func TestSecretConfigurationPlugin(t *testing.T) {
objects.KongClusterPlugins = []*kongv1.KongClusterPlugin{
{
ObjectMeta: metav1.ObjectMeta{
Name: "global-bar-plugin",
Labels: map[string]string{
"global": "true",
},
Name: "foo-plugin",
},
Protocols: kongv1.StringsToKongProtocols([]string{"http"}),
PluginName: "basic-auth",
Expand Down Expand Up @@ -619,8 +472,7 @@ func TestSecretConfigurationPlugin(t *testing.T) {
require.Empty(t, result.TranslationFailures)
state := result.KongState
require.NotNil(t, state)
assert.Equal(0, len(state.Plugins),
"expected no plugins to be rendered")
require.Empty(t, state.Plugins)
})
}

Expand Down
Loading

0 comments on commit c495d03

Please sign in to comment.