Skip to content

Commit

Permalink
feat: update operator to use Authorino api v1beta3, switch to using u…
Browse files Browse the repository at this point in the history
…nstructured type for AuthConfig to avoid authorino golang dependecy issues
  • Loading branch information
dhirajsb committed Nov 22, 2024
1 parent 793c869 commit b7c8115
Show file tree
Hide file tree
Showing 8 changed files with 299 additions and 278 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ GOVULNCHECK_VERSION ?= v1.1.3

## Tool Versions
KUSTOMIZE_VERSION ?= v5.1.1
CONTROLLER_TOOLS_VERSION ?= v0.13.0
CONTROLLER_TOOLS_VERSION ?= v0.14.0

.PHONY: kustomize
kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
Expand Down
3 changes: 1 addition & 2 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ package main
import (
"context"
"flag"
authorino "github.com/kuadrant/authorino/api/v1beta2"
"github.com/opendatahub-io/model-registry-operator/internal/controller/config"
networking "istio.io/client-go/pkg/apis/networking/v1beta1"
security "istio.io/client-go/pkg/apis/security/v1beta1"
Expand Down Expand Up @@ -59,7 +58,7 @@ func init() {
utilruntime.Must(oapi.Install(scheme))
utilruntime.Must(oapiconfig.Install(scheme))
// authorino scheme
utilruntime.Must(authorino.AddToScheme(scheme))
//utilruntime.Must(authorino.AddToScheme(scheme))
// istio security scheme
utilruntime.Must(security.AddToScheme(scheme))
// istio networking scheme
Expand Down
489 changes: 255 additions & 234 deletions config/crd/bases/modelregistry.opendatahub.io_modelregistries.yaml

Large diffs are not rendered by default.

6 changes: 1 addition & 5 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ go 1.21

require (
github.com/banzaicloud/k8s-objectmatcher v1.8.0
github.com/evanphx/json-patch/v5 v5.6.0
github.com/go-logr/logr v1.4.1
github.com/kuadrant/authorino v0.17.1
github.com/onsi/ginkgo/v2 v2.16.0
github.com/onsi/gomega v1.31.1
github.com/openshift/api v0.0.0-20231116201359-a5824a0c15b6
Expand All @@ -31,7 +31,6 @@ require (
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
Expand Down Expand Up @@ -78,9 +77,6 @@ require (
github.com/spf13/pflag v1.0.5 // indirect
github.com/stoewer/go-strcase v1.2.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/tidwall/gjson v1.14.0 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.0 // indirect
go.etcd.io/etcd/api/v3 v3.5.10 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect
go.etcd.io/etcd/client/v3 v3.5.10 // indirect
Expand Down
15 changes: 2 additions & 13 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,6 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
Expand Down Expand Up @@ -149,8 +148,8 @@ github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI=
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8=
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
Expand Down Expand Up @@ -187,8 +186,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kuadrant/authorino v0.17.1 h1:NXcYLDGSpokDE5VwzqWuRI07ChUsRNVKJB85uzOf35k=
github.com/kuadrant/authorino v0.17.1/go.mod h1:al71fN0FX6c9Orrhk9GR4CtjtC+CD/lUHJCs7drlRNM=
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
Expand Down Expand Up @@ -278,12 +275,6 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
github.com/tidwall/gjson v1.14.0 h1:6aeJ0bzojgWLa82gDQHcx3S0Lr/O51I9bJ5nv6JFx5w=
github.com/tidwall/gjson v1.14.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
Expand Down Expand Up @@ -473,8 +464,6 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
istio.io/api v1.20.3-0.20240116015448-5563f7225778 h1:F+6gDkT2g1uPIVhu8HIykfKJrdQxJdCRNIvlsHRHXD4=
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: authorino.kuadrant.io/v1beta2
apiVersion: authorino.kuadrant.io/v1beta3
kind: AuthConfig
metadata:
name: {{.Name}}
Expand Down
27 changes: 17 additions & 10 deletions internal/controller/modelregistry_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,13 @@ import (
errors2 "errors"
"fmt"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/kubernetes"
"strings"
"text/template"

"github.com/banzaicloud/k8s-objectmatcher/patch"
"github.com/go-logr/logr"
authorino "github.com/kuadrant/authorino/api/v1beta2"
modelregistryv1alpha1 "github.com/opendatahub-io/model-registry-operator/api/v1alpha1"
"github.com/opendatahub-io/model-registry-operator/internal/controller/config"
routev1 "github.com/openshift/api/route/v1"
Expand Down Expand Up @@ -259,7 +259,7 @@ func (r *ModelRegistryReconciler) SetupWithManager(mgr ctrl.Manager) error {
}
if r.HasIstio {
if r.CreateAuthResources {
builder = builder.Owns(&authorino.AuthConfig{}).
builder = builder.Owns(CreateAuthConfig()).
Owns(&security.AuthorizationPolicy{})
}
builder = builder.Owns(&networking.DestinationRule{}).
Expand Down Expand Up @@ -481,8 +481,10 @@ func (r *ModelRegistryReconciler) deleteIstioConfig(ctx context.Context, params
return ResourceUpdated, err
}

authConfig := authorino.AuthConfig{ObjectMeta: objectMeta}
if err = r.Client.Delete(ctx, &authConfig); client.IgnoreNotFound(err) != nil {
authConfig := CreateAuthConfig()
authConfig.SetName(params.Name)
authConfig.SetNamespace(params.Namespace)
if err = r.Client.Delete(ctx, authConfig); client.IgnoreNotFound(err) != nil {
return ResourceUpdated, err
}
}
Expand Down Expand Up @@ -623,25 +625,30 @@ func (r *ModelRegistryReconciler) createOrUpdateAuthConfig(ctx context.Context,
}

result = ResourceUnchanged
var authConfig authorino.AuthConfig
if err = r.Apply(params, templateName, &authConfig); err != nil {
authConfig := CreateAuthConfig()
if err = r.Apply(params, templateName, authConfig); err != nil {
return result, err
}
if err = ctrl.SetControllerReference(registry, &authConfig, r.Scheme); err != nil {
if err = ctrl.SetControllerReference(registry, authConfig, r.Scheme); err != nil {
return result, err
}

// NOTE: AuthConfig CRD uses maps, which is not supported in k8s 3-way merge patch
// use an Unstructured current object to force it to use a json merge patch instead
current := unstructured.Unstructured{}
current.SetGroupVersionKind(authConfig.GroupVersionKind())
result, err = r.createOrUpdate(ctx, &current, &authConfig)
current := CreateAuthConfig()
result, err = r.createOrUpdate(ctx, current, authConfig)
if err != nil {
return result, err
}
return result, nil
}

func CreateAuthConfig() *unstructured.Unstructured {
authConfig := unstructured.Unstructured{}
authConfig.SetGroupVersionKind(schema.GroupVersionKind{Group: "authorino.kuadrant.io", Version: "v1beta3", Kind: "AuthConfig"})
return &authConfig
}

func (r *ModelRegistryReconciler) createOrUpdateAuthorizationPolicy(ctx context.Context, params *ModelRegistryParams,
registry *modelregistryv1alpha1.ModelRegistry, templateName string) (result OperationResult, err error) {
result = ResourceUnchanged
Expand Down
33 changes: 21 additions & 12 deletions internal/controller/modelregistry_controller_status.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (
"fmt"
"github.com/evanphx/json-patch/v5"
"github.com/go-logr/logr"
authorino "github.com/kuadrant/authorino/api/v1beta2"
modelregistryv1alpha1 "github.com/opendatahub-io/model-registry-operator/api/v1alpha1"
routev1 "github.com/openshift/api/route/v1"
"istio.io/client-go/pkg/apis/networking/v1beta1"
Expand All @@ -31,6 +30,7 @@ import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/json"
"regexp"
Expand Down Expand Up @@ -417,7 +417,7 @@ func (r *ModelRegistryReconciler) CheckDeploymentPods(ctx context.Context, name
}

func (r *ModelRegistryReconciler) CheckAuthConfigCondition(ctx context.Context, name types.NamespacedName, log logr.Logger, message string, available bool, reason string) (string, bool, string) {
authConfig := &authorino.AuthConfig{}
authConfig := CreateAuthConfig()
if err := r.Get(ctx, name, authConfig); err != nil {
log.Error(err, "Failed to get model registry Istio Authorino AuthConfig", "name", name)
message = fmt.Sprintf("Failed to find AuthConfig: %s", err.Error())
Expand All @@ -426,17 +426,26 @@ func (r *ModelRegistryReconciler) CheckAuthConfigCondition(ctx context.Context,

// check authconfig Ready condition
if available {
for _, c := range authConfig.Status.Conditions {
if c.Type == authorino.StatusConditionReady {
available = c.Status == corev1.ConditionTrue
if available {
reason = ReasonResourcesAvailable
message = "Istio resources are available"
} else {
reason = ReasonResourcesUnavailable
message = fmt.Sprintf("Istio AuthConfig is not ready: {reason: %s, message: %s}", c.Reason, c.Message)
conditions, _, _ := unstructured.NestedSlice(authConfig.Object, "status", "conditions")
for _, c := range conditions {
switch con := c.(type) {
case map[string]interface{}:

condType, _, _ := unstructured.NestedString(con, "type")
if condType == "Ready" {
status, _, _ := unstructured.NestedString(con, "status")
available = status == "True"
if available {
reason = ReasonResourcesAvailable
message = "Istio resources are available"
} else {
reason = ReasonResourcesUnavailable
condReason, _, _ := unstructured.NestedString(con, "reason")
condMessage, _, _ := unstructured.NestedString(con, "message")
message = fmt.Sprintf("Istio AuthConfig is not ready: {reason: %s, message: %s}", condReason, condMessage)
}
break
}
break
}
}
}
Expand Down

0 comments on commit b7c8115

Please sign in to comment.