Merge pull request #113 from octarinesec/cluster-identifier

Add cluster indentifier

cbcontainers/communication/gateway/api_gateway.go

@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"strings"
 
 	"github.com/go-resty/resty/v2"
 	"github.com/vmware/cbcontainers-operator/cbcontainers/models"
@@ -90,17 +91,33 @@ func (gateway *ApiGateway) baseRequestWithRetries() *resty.Request {
 }
 
 func (gateway *ApiGateway) getResourcePathWithAccountPath(resourceName string) string {
-	return gateway.baseUrl(fmt.Sprintf("account/%s/%s", gateway.account, resourceName))
+	return gateway.baseUrl(fmt.Sprintf("management/%v", resourceName))
 }
 
-func (gateway *ApiGateway) RegisterCluster() error {
+func (gateway *ApiGateway) SplitToGroupAndMember() (string, string, error) {
+	parts := strings.Split(gateway.cluster, ":")
+	if len(parts) != 2 {
+		return "", "", fmt.Errorf("cluster name '%v' is not in group:member format with two parts", gateway.cluster)
+	}
+
+	return parts[0], parts[1], nil
+}
+func (gateway *ApiGateway) RegisterCluster(clusterIdentifier string) error {
 	url := gateway.getResourcePathWithAccountPath("clusters")
+
+	group, member, err := gateway.SplitToGroupAndMember()
+	if err != nil {
+		return err
+	}
+
 	resp, err := gateway.baseRequest().
 		SetBody(map[string]interface{}{
-			"name":           gateway.cluster,
+			"group":          group,
+			"member":         member,
 			"components":     gateway.agentComponents,
 			"labels":         gateway.clusterLabels,
 			"inbounddefault": "allow",
+			"identifier":     clusterIdentifier,
 		}).
 		Post(url)
 
@@ -114,7 +131,7 @@ func (gateway *ApiGateway) RegisterCluster() error {
 }
 
 func (gateway *ApiGateway) GetRegistrySecret() (*models.RegistrySecretValues, error) {
-	url := gateway.getResourcePathWithAccountPath("registrySecret")
+	url := gateway.getResourcePathWithAccountPath("registry_secret")
 
 	resp, err := gateway.baseRequest().
 		SetResult(&models.RegistrySecretValues{}).

cbcontainers/processors/agent_processor.go

@@ -11,7 +11,7 @@ import (
 )
 
 type APIGateway interface {
-	RegisterCluster() error
+	RegisterCluster(clusterIdentifier string) error
 	GetRegistrySecret() (*models.RegistrySecretValues, error)
 	GetCompatibilityMatrixEntryFor(operatorVersion string) (*models.OperatorCompatibility, error)
 }
@@ -34,14 +34,17 @@ type AgentProcessor struct {
 	lastProcessedObject *cbcontainersv1.CBContainersAgent
 
 	log logr.Logger
+
+	clusterIdentifier string
 }
 
-func NewAgentProcessor(log logr.Logger, clusterRegistrarCreator APIGatewayCreator, operatorVersionProvider OperatorVersionProvider) *AgentProcessor {
+func NewAgentProcessor(log logr.Logger, clusterRegistrarCreator APIGatewayCreator, operatorVersionProvider OperatorVersionProvider, clusterIdentifier string) *AgentProcessor {
 	return &AgentProcessor{
 		gatewayCreator:          clusterRegistrarCreator,
 		lastProcessedObject:     nil,
 		operatorVersionProvider: operatorVersionProvider,
 		log:                     log,
+		clusterIdentifier:       clusterIdentifier,
 	}
 }
 
@@ -88,7 +91,7 @@ func (processor *AgentProcessor) initializeIfNeeded(cbContainersCluster *cbconta
 	}
 
 	processor.log.Info("Calling register cluster")
-	if err := gateway.RegisterCluster(); err != nil {
+	if err := gateway.RegisterCluster(processor.clusterIdentifier); err != nil {
 		return err
 	}
 

cbcontainers/processors/agent_processor_test.go

@@ -27,6 +27,8 @@ var (
 	AccessToken = test_utils.RandomString()
 )
 
+const mockIdentifier string = "00000000-0000-0000-0000-000000000000"
+
 func testClusterProcessor(t *testing.T, setupAndAssert SetupAndAssertClusterProcessorTest) {
 	ctrl := gomock.NewController(t)
 	defer ctrl.Finish()
@@ -37,7 +39,7 @@ func testClusterProcessor(t *testing.T, setupAndAssert SetupAndAssertClusterProc
 		operatorVersionProviderMock: mocks.NewMockOperatorVersionProvider(ctrl),
 	}
 
-	processor := processors.NewAgentProcessor(logrTesting.NewTestLogger(t), mocksObjects.gatewayCreatorMock, mocksObjects.operatorVersionProviderMock)
+	processor := processors.NewAgentProcessor(logrTesting.NewTestLogger(t), mocksObjects.gatewayCreatorMock, mocksObjects.operatorVersionProviderMock, mockIdentifier)
 	setupAndAssert(mocksObjects, processor)
 }
 
@@ -46,7 +48,7 @@ func setupValidMocksCalls(testMocks *ClusterProcessorTestMocks, times int) {
 	testMocks.gatewayMock.EXPECT().GetRegistrySecret().DoAndReturn(func() (*models.RegistrySecretValues, error) {
 		return &models.RegistrySecretValues{Data: map[string][]byte{test_utils.RandomString(): {}}}, nil
 	}).Times(times)
-	testMocks.gatewayMock.EXPECT().RegisterCluster().Return(nil).Times(times)
+	testMocks.gatewayMock.EXPECT().RegisterCluster(mockIdentifier).Return(nil).Times(times)
 	// this will skip the compatibility check
 	// for all tests that do not explicitly test that
 	testMocks.operatorVersionProviderMock.EXPECT().GetOperatorVersion().Return("", operator.ErrNotSemVer).AnyTimes()
@@ -99,7 +101,7 @@ func TestProcessorReturnsErrorWhenCanNotRegisterCluster(t *testing.T) {
 		clusterCR := &cbcontainersv1.CBContainersAgent{Spec: cbcontainersv1.CBContainersAgentSpec{Account: test_utils.RandomString(), ClusterName: test_utils.RandomString()}}
 		testMocks.gatewayCreatorMock.EXPECT().CreateGateway(gomock.Any(), gomock.Any()).Return(testMocks.gatewayMock, nil)
 		testMocks.gatewayMock.EXPECT().GetRegistrySecret().Return(&models.RegistrySecretValues{}, nil)
-		testMocks.gatewayMock.EXPECT().RegisterCluster().Return(fmt.Errorf(""))
+		testMocks.gatewayMock.EXPECT().RegisterCluster(mockIdentifier).Return(fmt.Errorf(""))
 		_, err := processor.Process(clusterCR, AccessToken)
 		require.Error(t, err)
 	})
@@ -110,7 +112,7 @@ func TestProcessorReturnsErrorWhenOperatorVersionProviderReturnsUnknownError(t *
 		clusterCR := &cbcontainersv1.CBContainersAgent{Spec: cbcontainersv1.CBContainersAgentSpec{Account: test_utils.RandomString(), ClusterName: test_utils.RandomString()}}
 		testMocks.gatewayCreatorMock.EXPECT().CreateGateway(gomock.Any(), gomock.Any()).Return(testMocks.gatewayMock, nil)
 		testMocks.gatewayMock.EXPECT().GetRegistrySecret().Return(&models.RegistrySecretValues{}, nil)
-		testMocks.gatewayMock.EXPECT().RegisterCluster().Return(nil)
+		testMocks.gatewayMock.EXPECT().RegisterCluster(mockIdentifier).Return(nil)
 		testMocks.operatorVersionProviderMock.EXPECT().GetOperatorVersion().Return("", fmt.Errorf("intentional unknown error"))
 		_, err := processor.Process(clusterCR, AccessToken)
 		require.Error(t, err)
@@ -171,7 +173,7 @@ func TestCheckCompatibilityCompatibleVersions(t *testing.T) {
 				clusterCR := &cbcontainersv1.CBContainersAgent{Spec: cbcontainersv1.CBContainersAgentSpec{Version: "1.0.0", Account: test_utils.RandomString(), ClusterName: test_utils.RandomString()}}
 				testMocks.gatewayCreatorMock.EXPECT().CreateGateway(gomock.Any(), gomock.Any()).Return(testMocks.gatewayMock, nil)
 				testMocks.gatewayMock.EXPECT().GetRegistrySecret().Return(&models.RegistrySecretValues{}, nil)
-				testMocks.gatewayMock.EXPECT().RegisterCluster().Return(nil)
+				testMocks.gatewayMock.EXPECT().RegisterCluster(mockIdentifier).Return(nil)
 				testCase.setup(testMocks)
 
 				values, err := processor.Process(clusterCR, AccessToken)

config/rbac/role.yaml

@@ -41,6 +41,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
 - apiGroups:
   - ""
   resources:

controllers/cbcontainersagent_controller.go

@@ -47,9 +47,8 @@ type AgentProcessor interface {
 
 type CBContainersAgentController struct {
 	client.Client
-	Log    logr.Logger
-	Scheme *runtime.Scheme
-
+	Log              logr.Logger
+	Scheme           *runtime.Scheme
 	ClusterProcessor AgentProcessor
 	StateApplier     StateApplier
 	K8sVersion       string
@@ -80,6 +79,7 @@ func (r *CBContainersAgentController) getContainersAgentObject(ctx context.Conte
 // +kubebuilder:rbac:groups={apps,core},resources={deployments,services,daemonsets},verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources={validatingwebhookconfigurations,mutatingwebhookconfigurations},verbs=*
 // +kubebuilder:rbac:groups={core},resources={nodes},verbs=list
+// +kubebuilder:rbac:groups={core},resources={namespaces},verbs=get
 // +kubebuilder:rbac:groups={policy},resources={podsecuritypolicies},verbs=use,resourceNames={cbcontainers-manager-psp}
 
 func (r *CBContainersAgentController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {

main.go

@@ -20,12 +20,13 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"os"
-
 	"github.com/vmware/cbcontainers-operator/cbcontainers/state"
 	"github.com/vmware/cbcontainers-operator/cbcontainers/state/agent_applyment"
 	"github.com/vmware/cbcontainers-operator/cbcontainers/state/applyment"
 	"github.com/vmware/cbcontainers-operator/cbcontainers/state/operator"
+	"os"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
 	coreV1 "k8s.io/api/core/v1"
 
@@ -35,16 +36,14 @@ import (
 	// to ensure that exec-entrypoint and run can make use of them.
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
+	operatorcontainerscarbonblackiov1 "github.com/vmware/cbcontainers-operator/api/v1"
+	certificatesUtils "github.com/vmware/cbcontainers-operator/cbcontainers/utils/certificates"
+	"github.com/vmware/cbcontainers-operator/controllers"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
-
-	operatorcontainerscarbonblackiov1 "github.com/vmware/cbcontainers-operator/api/v1"
-	certificatesUtils "github.com/vmware/cbcontainers-operator/cbcontainers/utils/certificates"
-	"github.com/vmware/cbcontainers-operator/controllers"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -53,6 +52,8 @@ var (
 	setupLog = ctrl.Log.WithName("setup")
 )
 
+const NamespaceIdentifier = "default"
+
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 
@@ -91,9 +92,20 @@ func main() {
 		os.Exit(1)
 	}
 
+	setupLog.Info(fmt.Sprintf("Getting Cluster Identifier: %v uid", NamespaceIdentifier))
+	namespace := &coreV1.Namespace{}
+	apiReader := mgr.GetAPIReader()
+	if err = apiReader.Get(context.Background(), client.ObjectKey{Namespace: NamespaceIdentifier, Name: NamespaceIdentifier}, namespace); err != nil {
+		setupLog.Error(err, fmt.Sprintf("unable to get the %v namespace", NamespaceIdentifier))
+		os.Exit(1)
+	}
+	clusterIdentifier := string(namespace.UID)
+
+	setupLog.Info(fmt.Sprintf("Cluster Identifier: %v", clusterIdentifier))
+
 	setupLog.Info("Getting Nodes list")
 	nodesList := &coreV1.NodeList{}
-	if err := mgr.GetAPIReader().List(context.Background(), nodesList); err != nil || nodesList.Items == nil || len(nodesList.Items) < 1 {
+	if err := apiReader.List(context.Background(), nodesList); err != nil || nodesList.Items == nil || len(nodesList.Items) < 1 {
 		setupLog.Error(err, "couldn't get nodes list")
 		os.Exit(1)
 	}
@@ -106,7 +118,7 @@ func main() {
 		Log:              cbContainersAgentLogger,
 		Scheme:           mgr.GetScheme(),
 		K8sVersion:       k8sVersion,
-		ClusterProcessor: processors.NewAgentProcessor(cbContainersAgentLogger, processors.NewDefaultGatewayCreator(), operator.NewEnvVersionProvider()),
+		ClusterProcessor: processors.NewAgentProcessor(cbContainersAgentLogger, processors.NewDefaultGatewayCreator(), operator.NewEnvVersionProvider(), clusterIdentifier),
 		StateApplier:     state.NewStateApplier(agent_applyment.NewAgentComponent(applyment.NewComponentApplier(mgr.GetClient())), k8sVersion, certificatesUtils.NewCertificateCreator(), cbContainersAgentLogger),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "CBContainersAgent")