From 25ab764c0d410807aebfd7266d7fe7a00bc4506a Mon Sep 17 00:00:00 2001 From: Vishal Choudhary Date: Wed, 5 Jun 2024 14:02:59 +0530 Subject: [PATCH] fix: reduce database calls on policy updates (#136) * fix: reduce database calls on policy updates Signed-off-by: Vishal Choudhary * fix: lint Signed-off-by: Vishal Choudhary --------- Signed-off-by: Vishal Choudhary Signed-off-by: Zach Stone --- Dockerfile | 13 +++++++++++++ pkg/api/cephr.go | 45 +++++++++++++++++---------------------------- pkg/api/cpolr.go | 45 +++++++++++++++++---------------------------- pkg/api/ephr.go | 46 ++++++++++++++++++---------------------------- pkg/api/install.go | 17 +++++++++++++++++ pkg/api/polr.go | 46 ++++++++++++++++++---------------------------- 6 files changed, 100 insertions(+), 112 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..efc3336 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,13 @@ +ARG ARCH +FROM golang:1.21.5 as build + +WORKDIR / +COPY . ./ + +RUN GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -ldflags="-w -s" -o reports-server ./main.go + +FROM gcr.io/distroless/static:nonroot +WORKDIR / +COPY --from=build reports-server reports-server +USER 65534 +ENTRYPOINT ["/reports-server"] diff --git a/pkg/api/cephr.go b/pkg/api/cephr.go index 0dad9f6..8658064 100644 --- a/pkg/api/cephr.go +++ b/pkg/api/cephr.go @@ -133,11 +133,18 @@ func (c *cephrStore) Create(ctx context.Context, obj runtime.Object, createValid func (c *cephrStore) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { isDryRun := slices.Contains(options.DryRun, "All") + oldObj, err := c.getCephr(name) + if err != nil && !forceAllowCreate { + return nil, false, err + } + + updatedObject, err := objInfo.UpdatedObject(ctx, oldObj) + if err != nil && !forceAllowCreate { + return nil, false, err + } + cephr := updatedObject.(*reportsv1.ClusterEphemeralReport) if forceAllowCreate { - oldObj, _ := c.getCephr(name) - updatedObject, _ := objInfo.UpdatedObject(ctx, oldObj) - cephr := updatedObject.(*reportsv1.ClusterEphemeralReport) - if err := c.updateCephr(cephr, true); err != nil { + if err := c.updateCephr(cephr, oldObj); err != nil { klog.ErrorS(err, "failed to update resource") } if err := c.broadcaster.Action(watch.Added, updatedObject); err != nil { @@ -146,15 +153,6 @@ func (c *cephrStore) Update(ctx context.Context, name string, objInfo rest.Updat return updatedObject, true, nil } - oldObj, err := c.getCephr(name) - if err != nil { - return nil, false, err - } - - updatedObject, err := objInfo.UpdatedObject(ctx, oldObj) - if err != nil { - return nil, false, err - } err = updateValidation(ctx, updatedObject, oldObj) if err != nil { switch options.FieldValidation { @@ -176,7 +174,7 @@ func (c *cephrStore) Update(ctx context.Context, name string, objInfo rest.Updat klog.Infof("updating cluster ephemeral reports name=%s", cephr.Name) if !isDryRun { - if err := c.updateCephr(cephr, false); err != nil { + if err := c.updateCephr(cephr, oldObj); err != nil { return nil, false, errors.NewBadRequest(fmt.Sprintf("cannot create cluster ephemeral report: %s", err.Error())) } if err := c.broadcaster.Action(watch.Modified, updatedObject); err != nil { @@ -312,21 +310,12 @@ func (c *cephrStore) createCephr(report *reportsv1.ClusterEphemeralReport) error return c.store.ClusterEphemeralReports().Create(context.TODO(), *report) } -func (c *cephrStore) updateCephr(report *reportsv1.ClusterEphemeralReport, force bool) error { - if !force { - oldReport, err := c.getCephr(report.GetName()) - if err != nil { - return errorpkg.Wrapf(err, "old cluster ephemeral report not found") - } - oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64) - if err != nil { - return errorpkg.Wrapf(err, "could not parse resource version") - } - - report.ResourceVersion = fmt.Sprint(oldRV + 1) - } else { - report.ResourceVersion = "1" +func (c *cephrStore) updateCephr(report *reportsv1.ClusterEphemeralReport, oldReport *reportsv1.ClusterEphemeralReport) error { + oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64) + if err != nil { + return errorpkg.Wrapf(err, "could not parse resource version") } + report.ResourceVersion = fmt.Sprint(oldRV + 1) return c.store.ClusterEphemeralReports().Update(context.TODO(), *report) } diff --git a/pkg/api/cpolr.go b/pkg/api/cpolr.go index 22b319d..88e08aa 100644 --- a/pkg/api/cpolr.go +++ b/pkg/api/cpolr.go @@ -133,11 +133,18 @@ func (c *cpolrStore) Create(ctx context.Context, obj runtime.Object, createValid func (c *cpolrStore) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) { isDryRun := slices.Contains(options.DryRun, "All") + oldObj, err := c.getCpolr(name) + if err != nil && !forceAllowCreate { + return nil, false, err + } + + updatedObject, err := objInfo.UpdatedObject(ctx, oldObj) + if err != nil && !forceAllowCreate { + return nil, false, err + } + cpolr := updatedObject.(*v1alpha2.ClusterPolicyReport) if forceAllowCreate { - oldObj, _ := c.getCpolr(name) - updatedObject, _ := objInfo.UpdatedObject(ctx, oldObj) - cpolr := updatedObject.(*v1alpha2.ClusterPolicyReport) - if err := c.updateCpolr(cpolr, true); err != nil { + if err := c.updateCpolr(cpolr, oldObj); err != nil { klog.ErrorS(err, "failed to update resource") } if err := c.broadcaster.Action(watch.Added, updatedObject); err != nil { @@ -146,15 +153,6 @@ func (c *cpolrStore) Update(ctx context.Context, name string, objInfo rest.Updat return updatedObject, true, nil } - oldObj, err := c.getCpolr(name) - if err != nil { - return nil, false, err - } - - updatedObject, err := objInfo.UpdatedObject(ctx, oldObj) - if err != nil { - return nil, false, err - } err = updateValidation(ctx, updatedObject, oldObj) if err != nil { switch options.FieldValidation { @@ -176,7 +174,7 @@ func (c *cpolrStore) Update(ctx context.Context, name string, objInfo rest.Updat klog.Infof("updating cluster policy report name=%s", cpolr.Name) if !isDryRun { - if err := c.updateCpolr(cpolr, false); err != nil { + if err := c.updateCpolr(cpolr, oldObj); err != nil { return nil, false, errors.NewBadRequest(fmt.Sprintf("cannot create cluster policy report: %s", err.Error())) } if err := c.broadcaster.Action(watch.Modified, updatedObject); err != nil { @@ -312,21 +310,12 @@ func (c *cpolrStore) createCpolr(report *v1alpha2.ClusterPolicyReport) error { return c.store.ClusterPolicyReports().Create(context.TODO(), *report) } -func (c *cpolrStore) updateCpolr(report *v1alpha2.ClusterPolicyReport, force bool) error { - if !force { - oldReport, err := c.getCpolr(report.GetName()) - if err != nil { - return errorpkg.Wrapf(err, "old cluster policy report not found") - } - oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64) - if err != nil { - return errorpkg.Wrapf(err, "could not parse resource version") - } - - report.ResourceVersion = fmt.Sprint(oldRV + 1) - } else { - report.ResourceVersion = "1" +func (c *cpolrStore) updateCpolr(report *v1alpha2.ClusterPolicyReport, oldReport *v1alpha2.ClusterPolicyReport) error { + oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64) + if err != nil { + return errorpkg.Wrapf(err, "could not parse resource version") } + report.ResourceVersion = fmt.Sprint(oldRV + 1) return c.store.ClusterPolicyReports().Update(context.TODO(), *report) } diff --git a/pkg/api/ephr.go b/pkg/api/ephr.go index 6d58a49..a4f40f5 100644 --- a/pkg/api/ephr.go +++ b/pkg/api/ephr.go @@ -146,11 +146,19 @@ func (p *ephrStore) Update(ctx context.Context, name string, objInfo rest.Update isDryRun := slices.Contains(options.DryRun, "All") namespace := genericapirequest.NamespaceValue(ctx) + oldObj, err := p.getEphr(name, namespace) + if err != nil && !forceAllowCreate { + return nil, false, err + } + + updatedObject, err := objInfo.UpdatedObject(ctx, oldObj) + if err != nil && !forceAllowCreate { + return nil, false, err + } + ephr := updatedObject.(*reportsv1.EphemeralReport) + if forceAllowCreate { - oldObj, _ := p.getEphr(name, namespace) - updatedObject, _ := objInfo.UpdatedObject(ctx, oldObj) - ephr := updatedObject.(*reportsv1.EphemeralReport) - if err := p.updateEphr(ephr, true); err != nil { + if err := p.updateEphr(ephr, oldObj); err != nil { klog.ErrorS(err, "failed to update resource") } if err := p.broadcaster.Action(watch.Added, updatedObject); err != nil { @@ -159,15 +167,6 @@ func (p *ephrStore) Update(ctx context.Context, name string, objInfo rest.Update return updatedObject, true, nil } - oldObj, err := p.getEphr(name, namespace) - if err != nil { - return nil, false, err - } - - updatedObject, err := objInfo.UpdatedObject(ctx, oldObj) - if err != nil { - return nil, false, err - } err = updateValidation(ctx, updatedObject, oldObj) if err != nil { switch options.FieldValidation { @@ -193,7 +192,7 @@ func (p *ephrStore) Update(ctx context.Context, name string, objInfo rest.Update klog.Infof("updating ephemeral reports name=%s namespace=%s", ephr.Name, ephr.Namespace) if !isDryRun { - err := p.updateEphr(ephr, false) + err := p.updateEphr(ephr, oldObj) if err != nil { return nil, false, errors.NewBadRequest(fmt.Sprintf("cannot create ephemeral report: %s", err.Error())) } @@ -333,21 +332,12 @@ func (p *ephrStore) createEphr(report *reportsv1.EphemeralReport) error { return p.store.EphemeralReports().Create(context.TODO(), *report) } -func (p *ephrStore) updateEphr(report *reportsv1.EphemeralReport, force bool) error { - if !force { - oldReport, err := p.getEphr(report.GetName(), report.Namespace) - if err != nil { - return errorpkg.Wrapf(err, "old ephemeral report not found") - } - oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64) - if err != nil { - return errorpkg.Wrapf(err, "could not parse resource version") - } - - report.ResourceVersion = fmt.Sprint(oldRV + 1) - } else { - report.ResourceVersion = "1" +func (p *ephrStore) updateEphr(report *reportsv1.EphemeralReport, oldReport *reportsv1.EphemeralReport) error { + oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64) + if err != nil { + return errorpkg.Wrapf(err, "could not parse resource version") } + report.ResourceVersion = fmt.Sprint(oldRV + 1) return p.store.EphemeralReports().Update(context.TODO(), *report) } diff --git a/pkg/api/install.go b/pkg/api/install.go index 8fd8628..71a3f24 100644 --- a/pkg/api/install.go +++ b/pkg/api/install.go @@ -35,6 +35,7 @@ var ( ) func init() { + utilruntime.Must(installWgPolicyTypesInternal(Scheme)) utilruntime.Must(v1alpha2.AddToScheme(Scheme)) utilruntime.Must(Scheme.SetVersionPriority(v1alpha2.SchemeGroupVersion)) metav1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) @@ -91,3 +92,19 @@ func Install(store storage.Interface, server *genericapiserver.GenericAPIServer) return nil } + +func installWgPolicyTypesInternal(s *runtime.Scheme) error { + schemeGroupVersion := schema.GroupVersion{Group: "wgpolicyk8s.io", Version: runtime.APIVersionInternal} + addKnownTypes := func(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(schemeGroupVersion, + &v1alpha2.ClusterPolicyReport{}, + &v1alpha2.PolicyReport{}, + &v1alpha2.ClusterPolicyReportList{}, + &v1alpha2.PolicyReportList{}, + ) + return nil + } + schemeBuilder := runtime.NewSchemeBuilder(addKnownTypes) + utilruntime.Must(schemeBuilder.AddToScheme(s)) + return nil +} diff --git a/pkg/api/polr.go b/pkg/api/polr.go index fa896e0..b6ae03a 100644 --- a/pkg/api/polr.go +++ b/pkg/api/polr.go @@ -146,11 +146,19 @@ func (p *polrStore) Update(ctx context.Context, name string, objInfo rest.Update isDryRun := slices.Contains(options.DryRun, "All") namespace := genericapirequest.NamespaceValue(ctx) + oldObj, err := p.getPolr(name, namespace) + if err != nil && !forceAllowCreate { + return nil, false, err + } + + updatedObject, err := objInfo.UpdatedObject(ctx, oldObj) + if err != nil && !forceAllowCreate { + return nil, false, err + } + polr := updatedObject.(*v1alpha2.PolicyReport) + if forceAllowCreate { - oldObj, _ := p.getPolr(name, namespace) - updatedObject, _ := objInfo.UpdatedObject(ctx, oldObj) - polr := updatedObject.(*v1alpha2.PolicyReport) - if err := p.updatePolr(polr, true); err != nil { + if err := p.updatePolr(polr, oldObj); err != nil { klog.ErrorS(err, "failed to update resource") } if err := p.broadcaster.Action(watch.Added, updatedObject); err != nil { @@ -159,15 +167,6 @@ func (p *polrStore) Update(ctx context.Context, name string, objInfo rest.Update return updatedObject, true, nil } - oldObj, err := p.getPolr(name, namespace) - if err != nil { - return nil, false, err - } - - updatedObject, err := objInfo.UpdatedObject(ctx, oldObj) - if err != nil { - return nil, false, err - } err = updateValidation(ctx, updatedObject, oldObj) if err != nil { switch options.FieldValidation { @@ -193,7 +192,7 @@ func (p *polrStore) Update(ctx context.Context, name string, objInfo rest.Update klog.Infof("updating policy reports name=%s namespace=%s", polr.Name, polr.Namespace) if !isDryRun { - err := p.updatePolr(polr, false) + err := p.updatePolr(polr, oldObj) if err != nil { return nil, false, errors.NewBadRequest(fmt.Sprintf("cannot create policy report: %s", err.Error())) } @@ -333,21 +332,12 @@ func (p *polrStore) createPolr(report *v1alpha2.PolicyReport) error { return p.store.PolicyReports().Create(context.TODO(), *report) } -func (p *polrStore) updatePolr(report *v1alpha2.PolicyReport, force bool) error { - if !force { - oldReport, err := p.getPolr(report.GetName(), report.Namespace) - if err != nil { - return errorpkg.Wrapf(err, "old policy report not found") - } - oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64) - if err != nil { - return errorpkg.Wrapf(err, "could not parse resource version") - } - - report.ResourceVersion = fmt.Sprint(oldRV + 1) - } else { - report.ResourceVersion = "1" +func (p *polrStore) updatePolr(report *v1alpha2.PolicyReport, oldReport *v1alpha2.PolicyReport) error { + oldRV, err := strconv.ParseInt(oldReport.ResourceVersion, 10, 64) + if err != nil { + return errorpkg.Wrapf(err, "could not parse resource version") } + report.ResourceVersion = fmt.Sprint(oldRV + 1) return p.store.PolicyReports().Update(context.TODO(), *report) }