CNS-3271 - Allow monitor to send Custom resource instances to the bac…

…kend (#188)

* Extend monitor role to be able to read the CR

* Populate ClusterID in the dataplane configmap for usage by components

cbcontainers/state/common/common_test.go

@@ -26,6 +26,8 @@ const (
 )
 
 func compareEnvVars(t *testing.T, expected map[string]coreV1.EnvVar, actual []coreV1.EnvVar) {
+	require.Equal(t, len(expected), len(actual), "expected and actual env vars should have equal length")
+
 	for _, envVar := range actual {
 		expectedEnvVar, ok := expected[envVar.Name]
 		require.True(t, ok)
@@ -89,6 +91,15 @@ func TestWithDataPlaneCommonConfig(t *testing.T) {
 				},
 			},
 		},
+		clusterIDVarName: {
+			Name: clusterIDVarName,
+			ValueFrom: &coreV1.EnvVarSource{
+				ConfigMapKeyRef: &coreV1.ConfigMapKeySelector{
+					LocalObjectReference: coreV1.LocalObjectReference{Name: DataPlaneConfigmapName},
+					Key:                  DataPlaneConfigmapClusterIDKey,
+				},
+			},
+		},
 		apiAdapterVarName: {
 			Name: apiAdapterVarName,
 			ValueFrom: &coreV1.EnvVarSource{

cbcontainers/state/common/dataplane_consts.go

@@ -23,6 +23,7 @@ const (
 
 	DataPlaneConfigmapAccountKey        = "Account"
 	DataPlaneConfigmapClusterKey        = "Cluster"
+	DataPlaneConfigmapClusterIDKey      = "ClusterID"
 	DataPlaneConfigmapAgentVersionKey   = "AgentVersion"
 	DataPlaneConfigmapApiSchemeKey      = "ApiScheme"
 	DataPlaneConfigmapApiHostKey        = "ApiHost"

cbcontainers/state/common/env_var.go

@@ -15,6 +15,7 @@ const (
 	eventGatewayPortVarName = "OCTARINE_MESSAGEPROXY_PORT"
 	accountVarName          = "OCTARINE_ACCOUNT"
 	clusterVarName          = "OCTARINE_DOMAIN"
+	clusterIDVarName        = "OCTARINE_CLUSTER_ID"
 	accessTokenVarName      = "OCTARINE_ACCESS_TOKEN"
 	apiSchemeVarName        = "OCTARINE_API_SCHEME"
 	apiHostVarName          = "OCTARINE_API_HOST"
@@ -168,6 +169,7 @@ func (b *EnvVarBuilder) WithCommonDataPlane(accessKeySecretName string) *EnvVarB
 	return b.WithEnvVarFromSecret(accessTokenVarName, accessKeySecretName, AccessTokenSecretKeyName).
 		WithEnvVarFromConfigmap(accountVarName, DataPlaneConfigmapAccountKey).
 		WithEnvVarFromConfigmap(clusterVarName, DataPlaneConfigmapClusterKey).
+		WithEnvVarFromConfigmap(clusterIDVarName, DataPlaneConfigmapClusterIDKey).
 		WithEnvVarFromConfigmap(apiSchemeVarName, DataPlaneConfigmapApiSchemeKey).
 		WithEnvVarFromConfigmap(apiHostVarName, DataPlaneConfigmapApiHostKey).
 		WithEnvVarFromConfigmap(apiPortVarName, DataPlaneConfigmapApiPortKey).

cbcontainers/state/components/cluster_configmap.go

@@ -15,11 +15,15 @@ import (
 type ConfigurationK8sObject struct {
 	// Namespace is the Namespace in which the ConfigMap will be created.
 	Namespace string
+
+	// ClusterID is the unique identifier generated by the current operator for the cluster
+	ClusterID string
 }
 
-func NewConfigurationK8sObject(namespace string) *ConfigurationK8sObject {
+func NewConfigurationK8sObject(namespace, clusterID string) *ConfigurationK8sObject {
 	return &ConfigurationK8sObject{
 		Namespace: namespace,
+		ClusterID: clusterID,
 	}
 }
 
@@ -38,6 +42,7 @@ func (obj *ConfigurationK8sObject) MutateK8sObject(k8sObject client.Object, agen
 	configMap.Data = map[string]string{
 		commonState.DataPlaneConfigmapAccountKey:            agentSpec.Account,
 		commonState.DataPlaneConfigmapClusterKey:            agentSpec.ClusterName,
+		commonState.DataPlaneConfigmapClusterIDKey:          obj.ClusterID,
 		commonState.DataPlaneConfigmapAgentVersionKey:       agentSpec.Version,
 		commonState.DataPlaneConfigmapDataplaneNamespaceKey: obj.Namespace,
 		commonState.DataPlaneConfigmapApiSchemeKey:          agentSpec.Gateways.ApiGateway.Scheme,

cbcontainers/state/state_applier.go

@@ -42,9 +42,15 @@ type StateApplier struct {
 	log                             logr.Logger
 }
 
-func NewStateApplier(apiReader client.Reader, agentComponentApplier AgentComponentApplier, k8sVersion, agentNamespace string, tlsSecretsValuesCreator components.TlsSecretsValuesCreator, log logr.Logger) *StateApplier {
+func NewStateApplier(
+	apiReader client.Reader,
+	agentComponentApplier AgentComponentApplier,
+	k8sVersion, agentNamespace, clusterID string,
+	tlsSecretsValuesCreator components.TlsSecretsValuesCreator,
+	log logr.Logger,
+) *StateApplier {
 	return &StateApplier{
-		desiredConfigMap:                components.NewConfigurationK8sObject(agentNamespace),
+		desiredConfigMap:                components.NewConfigurationK8sObject(agentNamespace, clusterID),
 		desiredRegistrySecret:           components.NewRegistrySecretK8sObject(agentNamespace),
 		desiredPriorityClass:            components.NewPriorityClassK8sObject(k8sVersion),
 		desiredMonitorDeployment:        components.NewMonitorDeploymentK8sObject(agentNamespace),

cbcontainers/state/state_applier_test.go

@@ -141,7 +141,7 @@ type K8sObjectDetails struct {
 	ObjectType reflect.Type
 }
 
-func testStateApplier(t *testing.T, setup StateApplierTestSetup, k8sVersion, namespace string) (bool, error) {
+func testStateApplier(t *testing.T, setup StateApplierTestSetup, k8sVersion, namespace, clusterID string) (bool, error) {
 	ctrl := gomock.NewController(t)
 	defer ctrl.Finish()
 
@@ -189,7 +189,7 @@ func testStateApplier(t *testing.T, setup StateApplierTestSetup, k8sVersion, nam
 
 	setup(mockObjects)
 
-	stateApplier := state.NewStateApplier(testUtilsMocks.NewMockReader(ctrl), mockObjects.componentApplier, k8sVersion, namespace, mockObjects.secretValuesCreator, logrTesting.NewTestLogger(t))
+	stateApplier := state.NewStateApplier(testUtilsMocks.NewMockReader(ctrl), mockObjects.componentApplier, k8sVersion, namespace, clusterID, mockObjects.secretValuesCreator, logrTesting.NewTestLogger(t))
 	return stateApplier.ApplyDesiredState(context.Background(), agentSpec, &models.RegistrySecretValues{}, nil)
 }
 
@@ -224,7 +224,7 @@ func getAppliedAndDeletedObjects(t *testing.T, k8sVersion, namespace string, set
 				deletedObjects = append(deletedObjects, K8sObjectDetails{Namespace: namespacedName.Namespace, Name: namespacedName.Name, ObjectType: objType})
 				return true, nil
 			}).AnyTimes()
-	}, k8sVersion, namespace)
+	}, k8sVersion, namespace, "")
 
 	return appliedObjects, deletedObjects, err
 }

config/rbac/dataplane/dataplane_roles.yaml

@@ -19,6 +19,20 @@ rules:
       - validatingwebhookconfigurations
     verbs:
       - list
+  - apiGroups:
+      - operator.containers.carbonblack.io
+    resources:
+      - cbcontainersagents
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - operator.containers.carbonblack.io
+    resources:
+      - cbcontainersagents/status
+    verbs:
+      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

main.go

@@ -159,7 +159,7 @@ func main() {
 		Namespace:           operatorNamespace,
 		AccessTokenProvider: operator.NewSecretAccessTokenProvider(mgr.GetClient()),
 		ClusterProcessor:    processors.NewAgentProcessor(cbContainersAgentLogger, processorGatewayCreator, operatorVersionProvider, clusterIdentifier),
-		StateApplier:        state.NewStateApplier(mgr.GetAPIReader(), agent_applyment.NewAgentComponent(applyment.NewComponentApplier(mgr.GetClient())), k8sVersion, operatorNamespace, certificatesUtils.NewCertificateCreator(), cbContainersAgentLogger),
+		StateApplier:        state.NewStateApplier(mgr.GetAPIReader(), agent_applyment.NewAgentComponent(applyment.NewComponentApplier(mgr.GetClient())), k8sVersion, operatorNamespace, clusterIdentifier, certificatesUtils.NewCertificateCreator(), cbContainersAgentLogger),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "CBContainersAgent")
 		os.Exit(1)