octarinesec · tomer-shefler · Jul 20, 2022 · Jun 27, 2022 · Jun 28, 2022 · Jun 30, 2022
diff --git a/Makefile b/Makefile
@@ -206,7 +206,7 @@ CONTROLLER_GEN_OLD ?= $(LOCALBINOLD)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
-KUSTOMIZE_VERSION ?= v3.8.7
+KUSTOMIZE_VERSION ?= v4.5.5
 CONTROLLER_TOOLS_VERSION ?= v0.9.0
 CONTROLLER_TOOLS_OLD_VERSION ?= v0.6.2
 

diff --git a/cbcontainers/communication/gateway/api_gateway.go b/cbcontainers/communication/gateway/api_gateway.go
@@ -93,14 +93,15 @@ func (gateway *ApiGateway) getResourcePathWithAccountPath(resourceName string) s
 	return gateway.baseUrl(fmt.Sprintf("account/%s/%s", gateway.account, resourceName))
 }
 
-func (gateway *ApiGateway) RegisterCluster() error {
+func (gateway *ApiGateway) RegisterCluster(clusterIdentifier string) error {
 	url := gateway.getResourcePathWithAccountPath("clusters")
 	resp, err := gateway.baseRequest().
 		SetBody(map[string]interface{}{
 			"name":           gateway.cluster,
 			"components":     gateway.agentComponents,
 			"labels":         gateway.clusterLabels,
 			"inbounddefault": "allow",
+			"identifier":     clusterIdentifier,
 		}).
 		Post(url)
 

diff --git a/cbcontainers/processors/agent_processor.go b/cbcontainers/processors/agent_processor.go
@@ -11,7 +11,7 @@ import (
 )
 
 type APIGateway interface {
-	RegisterCluster() error
+	RegisterCluster(clusterIdentifier string) error
 	GetRegistrySecret() (*models.RegistrySecretValues, error)
 	GetCompatibilityMatrixEntryFor(operatorVersion string) (*models.OperatorCompatibility, error)
 }
@@ -34,14 +34,17 @@ type AgentProcessor struct {
 	lastProcessedObject *cbcontainersv1.CBContainersAgent
 
 	log logr.Logger
+
+	clusterIdentifier string
 }
 
-func NewAgentProcessor(log logr.Logger, clusterRegistrarCreator APIGatewayCreator, operatorVersionProvider OperatorVersionProvider) *AgentProcessor {
+func NewAgentProcessor(log logr.Logger, clusterRegistrarCreator APIGatewayCreator, operatorVersionProvider OperatorVersionProvider, clusterIdentifier string) *AgentProcessor {
 	return &AgentProcessor{
 		gatewayCreator:          clusterRegistrarCreator,
 		lastProcessedObject:     nil,
 		operatorVersionProvider: operatorVersionProvider,
 		log:                     log,
+		clusterIdentifier:       clusterIdentifier,
 	}
 }
 
@@ -88,7 +91,7 @@ func (processor *AgentProcessor) initializeIfNeeded(cbContainersCluster *cbconta
 	}
 
 	processor.log.Info("Calling register cluster")
-	if err := gateway.RegisterCluster(); err != nil {
+	if err := gateway.RegisterCluster(processor.clusterIdentifier); err != nil {
 		return err
 	}
 

diff --git a/cbcontainers/processors/agent_processor_test.go b/cbcontainers/processors/agent_processor_test.go
@@ -27,6 +27,8 @@ var (
 	AccessToken = test_utils.RandomString()
 )
 
+const mockIdentifier string = "00000000-0000-0000-0000-000000000000"
+
 func testClusterProcessor(t *testing.T, setupAndAssert SetupAndAssertClusterProcessorTest) {
 	ctrl := gomock.NewController(t)
 	defer ctrl.Finish()
@@ -37,7 +39,7 @@ func testClusterProcessor(t *testing.T, setupAndAssert SetupAndAssertClusterProc
 		operatorVersionProviderMock: mocks.NewMockOperatorVersionProvider(ctrl),
 	}
 
-	processor := processors.NewAgentProcessor(logrTesting.NewTestLogger(t), mocksObjects.gatewayCreatorMock, mocksObjects.operatorVersionProviderMock)
+	processor := processors.NewAgentProcessor(logrTesting.NewTestLogger(t), mocksObjects.gatewayCreatorMock, mocksObjects.operatorVersionProviderMock, mockIdentifier)
 	setupAndAssert(mocksObjects, processor)
 }
 
@@ -46,7 +48,7 @@ func setupValidMocksCalls(testMocks *ClusterProcessorTestMocks, times int) {
 	testMocks.gatewayMock.EXPECT().GetRegistrySecret().DoAndReturn(func() (*models.RegistrySecretValues, error) {
 		return &models.RegistrySecretValues{Data: map[string][]byte{test_utils.RandomString(): {}}}, nil
 	}).Times(times)
-	testMocks.gatewayMock.EXPECT().RegisterCluster().Return(nil).Times(times)
+	testMocks.gatewayMock.EXPECT().RegisterCluster(mockIdentifier).Return(nil).Times(times)
 	// this will skip the compatibility check
 	// for all tests that do not explicitly test that
 	testMocks.operatorVersionProviderMock.EXPECT().GetOperatorVersion().Return("", operator.ErrNotSemVer).AnyTimes()
@@ -99,7 +101,7 @@ func TestProcessorReturnsErrorWhenCanNotRegisterCluster(t *testing.T) {
 		clusterCR := &cbcontainersv1.CBContainersAgent{Spec: cbcontainersv1.CBContainersAgentSpec{Account: test_utils.RandomString(), ClusterName: test_utils.RandomString()}}
 		testMocks.gatewayCreatorMock.EXPECT().CreateGateway(gomock.Any(), gomock.Any()).Return(testMocks.gatewayMock, nil)
 		testMocks.gatewayMock.EXPECT().GetRegistrySecret().Return(&models.RegistrySecretValues{}, nil)
-		testMocks.gatewayMock.EXPECT().RegisterCluster().Return(fmt.Errorf(""))
+		testMocks.gatewayMock.EXPECT().RegisterCluster(mockIdentifier).Return(fmt.Errorf(""))
 		_, err := processor.Process(clusterCR, AccessToken)
 		require.Error(t, err)
 	})
@@ -110,7 +112,7 @@ func TestProcessorReturnsErrorWhenOperatorVersionProviderReturnsUnknownError(t *
 		clusterCR := &cbcontainersv1.CBContainersAgent{Spec: cbcontainersv1.CBContainersAgentSpec{Account: test_utils.RandomString(), ClusterName: test_utils.RandomString()}}
 		testMocks.gatewayCreatorMock.EXPECT().CreateGateway(gomock.Any(), gomock.Any()).Return(testMocks.gatewayMock, nil)
 		testMocks.gatewayMock.EXPECT().GetRegistrySecret().Return(&models.RegistrySecretValues{}, nil)
-		testMocks.gatewayMock.EXPECT().RegisterCluster().Return(nil)
+		testMocks.gatewayMock.EXPECT().RegisterCluster(mockIdentifier).Return(nil)
 		testMocks.operatorVersionProviderMock.EXPECT().GetOperatorVersion().Return("", fmt.Errorf("intentional unknown error"))
 		_, err := processor.Process(clusterCR, AccessToken)
 		require.Error(t, err)
@@ -171,7 +173,7 @@ func TestCheckCompatibilityCompatibleVersions(t *testing.T) {
 				clusterCR := &cbcontainersv1.CBContainersAgent{Spec: cbcontainersv1.CBContainersAgentSpec{Version: "1.0.0", Account: test_utils.RandomString(), ClusterName: test_utils.RandomString()}}
 				testMocks.gatewayCreatorMock.EXPECT().CreateGateway(gomock.Any(), gomock.Any()).Return(testMocks.gatewayMock, nil)
 				testMocks.gatewayMock.EXPECT().GetRegistrySecret().Return(&models.RegistrySecretValues{}, nil)
-				testMocks.gatewayMock.EXPECT().RegisterCluster().Return(nil)
+				testMocks.gatewayMock.EXPECT().RegisterCluster(mockIdentifier).Return(nil)
 				testCase.setup(testMocks)
 
 				values, err := processor.Process(clusterCR, AccessToken)

diff --git a/cbcontainers/processors/mocks/mock_api_gateway.go b/cbcontainers/processors/mocks/mock_api_gateway.go
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -41,6 +41,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
 - apiGroups:
   - ""
   resources:

diff --git a/controllers/cbcontainersagent_controller.go b/controllers/cbcontainersagent_controller.go
@@ -47,9 +47,8 @@ type AgentProcessor interface {
 
 type CBContainersAgentController struct {
 	client.Client
-	Log    logr.Logger
-	Scheme *runtime.Scheme
-
+	Log              logr.Logger
+	Scheme           *runtime.Scheme
 	ClusterProcessor AgentProcessor
 	StateApplier     StateApplier
 	K8sVersion       string
@@ -80,6 +79,7 @@ func (r *CBContainersAgentController) getContainersAgentObject(ctx context.Conte
 // +kubebuilder:rbac:groups={apps,core},resources={deployments,services,daemonsets},verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources={validatingwebhookconfigurations,mutatingwebhookconfigurations},verbs=*
 // +kubebuilder:rbac:groups={core},resources={nodes},verbs=list
+// +kubebuilder:rbac:groups={core},resources={namespaces},verbs=get
 // +kubebuilder:rbac:groups={policy},resources={podsecuritypolicies},verbs=use,resourceNames={cbcontainers-manager-psp}
 
 func (r *CBContainersAgentController) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {

diff --git a/main.go b/main.go
@@ -20,12 +20,14 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"os"
-
 	"github.com/vmware/cbcontainers-operator/cbcontainers/state"
 	"github.com/vmware/cbcontainers-operator/cbcontainers/state/agent_applyment"
 	"github.com/vmware/cbcontainers-operator/cbcontainers/state/applyment"
 	"github.com/vmware/cbcontainers-operator/cbcontainers/state/operator"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"os"
 
 	coreV1 "k8s.io/api/core/v1"
 
@@ -39,20 +41,22 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
+
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
 	operatorcontainerscarbonblackiov1 "github.com/vmware/cbcontainers-operator/api/v1"
 	certificatesUtils "github.com/vmware/cbcontainers-operator/cbcontainers/utils/certificates"
 	"github.com/vmware/cbcontainers-operator/controllers"
-	// +kubebuilder:scaffold:imports
 )
 
 var (
 	scheme   = runtime.NewScheme()
 	setupLog = ctrl.Log.WithName("setup")
 )
 
+const NamespaceIdentifier = "kube-system"
+
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 
@@ -91,6 +95,28 @@ func main() {
 		os.Exit(1)
 	}
 
+	setupLog.Info(fmt.Sprintf("Getting Cluster Identifier: %v uid", NamespaceIdentifier))
+	config, err := rest.InClusterConfig()
+	if err != nil {
+		setupLog.Error(err, "unable to get the in cluster rest config")
+		os.Exit(1)
+	}
+	// creates the clientset
+	client, err := kubernetes.NewForConfig(config)
+	if err != nil {
+		setupLog.Error(err, "unable to create the client")
+		os.Exit(1)
+	}
+
+	kubeSystem, err := client.CoreV1().Namespaces().Get(context.TODO(), NamespaceIdentifier, metav1.GetOptions{})
+	if err != nil {
+		setupLog.Error(err, fmt.Sprintf("unable to get the %v namespace", NamespaceIdentifier))
+		os.Exit(1)
+	}
+	clusterIdentifier := string(kubeSystem.UID)
+
+	setupLog.Info(fmt.Sprintf("Cluster Identifier: %v", clusterIdentifier))
+
 	setupLog.Info("Getting Nodes list")
 	nodesList := &coreV1.NodeList{}
 	if err := mgr.GetAPIReader().List(context.Background(), nodesList); err != nil || nodesList.Items == nil || len(nodesList.Items) < 1 {
@@ -106,7 +132,7 @@ func main() {
 		Log:              cbContainersAgentLogger,
 		Scheme:           mgr.GetScheme(),
 		K8sVersion:       k8sVersion,
-		ClusterProcessor: processors.NewAgentProcessor(cbContainersAgentLogger, processors.NewDefaultGatewayCreator(), operator.NewEnvVersionProvider()),
+		ClusterProcessor: processors.NewAgentProcessor(cbContainersAgentLogger, processors.NewDefaultGatewayCreator(), operator.NewEnvVersionProvider(), clusterIdentifier),
 		StateApplier:     state.NewStateApplier(agent_applyment.NewAgentComponent(applyment.NewComponentApplier(mgr.GetClient())), k8sVersion, certificatesUtils.NewCertificateCreator(), cbContainersAgentLogger),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "CBContainersAgent")