func New(kubeClient client.Interface, resyncPeriod controller.ResyncPeriodFunc, threshold int) *GCController {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof)
eventBroadcaster.StartRecordingToSink(kubeClient.Events(""))
gcc := &GCController{
kubeClient: kubeClient,
podControl: controller.RealPodControl{
Recorder: eventBroadcaster.NewRecorder(api.EventSource{Component: "pod-garbage-collector"}),
KubeClient: kubeClient,
},
threshold: threshold,
}
terminatedSelector := compileTerminatedPodSelector()
gcc.podStore.Store, gcc.podStoreSyncer = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return gcc.kubeClient.Pods(api.NamespaceAll).List(labels.Everything(), terminatedSelector)
},
WatchFunc: func(rv string) (watch.Interface, error) {
return gcc.kubeClient.Pods(api.NamespaceAll).Watch(labels.Everything(), terminatedSelector, rv)
},
},
&api.Pod{},
resyncPeriod(),
framework.ResourceEventHandlerFuncs{},
)
return gcc
}
func NewJobController(kubeClient client.Interface) *JobController {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof)
eventBroadcaster.StartRecordingToSink(kubeClient.Events(""))
jm := &JobController{
kubeClient: kubeClient,
podControl: controller.RealPodControl{
KubeClient: kubeClient,
Recorder: eventBroadcaster.NewRecorder(api.EventSource{Component: "job"}),
},
expectations: controller.NewControllerExpectations(),
queue: workqueue.New(),
}
jm.jobStore.Store, jm.jobController = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return jm.kubeClient.Experimental().Jobs(api.NamespaceAll).List(labels.Everything(), fields.Everything())
},
WatchFunc: func(rv string) (watch.Interface, error) {
return jm.kubeClient.Experimental().Jobs(api.NamespaceAll).Watch(labels.Everything(), fields.Everything(), rv)
},
},
&experimental.Job{},
replicationcontroller.FullControllerResyncPeriod,
framework.ResourceEventHandlerFuncs{
AddFunc: jm.enqueueController,
UpdateFunc: func(old, cur interface{}) {
if job := cur.(*experimental.Job); !isJobFinished(job) {
jm.enqueueController(job)
}
},
DeleteFunc: jm.enqueueController,
},
)
jm.podStore.Store, jm.podController = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return jm.kubeClient.Pods(api.NamespaceAll).List(labels.Everything(), fields.Everything())
},
WatchFunc: func(rv string) (watch.Interface, error) {
return jm.kubeClient.Pods(api.NamespaceAll).Watch(labels.Everything(), fields.Everything(), rv)
},
},
&api.Pod{},
replicationcontroller.PodRelistPeriod,
framework.ResourceEventHandlerFuncs{
AddFunc: jm.addPod,
UpdateFunc: jm.updatePod,
DeleteFunc: jm.deletePod,
},
)
jm.updateHandler = jm.updateJobStatus
jm.syncHandler = jm.syncJob
jm.podStoreSynced = jm.podController.HasSynced
return jm
}
func NewImportController(isNamespacer client.ImageStreamsNamespacer, ismNamespacer client.ImageStreamMappingsNamespacer, parallelImports int, resyncInterval time.Duration) *ImportController {
c := &ImportController{
streams: isNamespacer,
mappings: ismNamespacer,
numParallelImports: parallelImports,
work: make(chan *api.ImageStream, 20*parallelImports),
workingSet: sets.String{},
}
_, c.imageStreamController = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return c.streams.ImageStreams(kapi.NamespaceAll).List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return c.streams.ImageStreams(kapi.NamespaceAll).Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
},
&api.ImageStream{},
resyncInterval,
framework.ResourceEventHandlerFuncs{
AddFunc: c.imageStreamAdded,
UpdateFunc: c.imageStreamUpdated,
},
)
return c
}
func (oi *OsdnRegistryInterface) GetServices() ([]osdnapi.Service, error) {
kNsList, err := oi.kClient.Namespaces().List(labels.Everything(), fields.Everything())
if err != nil {
return nil, err
}
oServList := make([]osdnapi.Service, 0)
for _, ns := range kNsList.Items {
kServList, err := oi.kClient.Services(ns.Name).List(labels.Everything())
if err != nil {
return nil, err
}
// convert kube ServiceList into []osdnapi.Service
for _, kService := range kServList.Items {
if kService.Spec.ClusterIP == "None" {
continue
}
for i := range kService.Spec.Ports {
oService := osdnapi.Service{
Name: kService.ObjectMeta.Name,
Namespace: ns.Name,
IP: kService.Spec.ClusterIP,
Protocol: osdnapi.ServiceProtocol(kService.Spec.Ports[i].Protocol),
Port: uint(kService.Spec.Ports[i].Port),
}
oServList = append(oServList, oService)
}
}
}
return oServList, nil
}
func (oi *OsdnRegistryInterface) WatchNamespaces(receiver chan *osdnapi.NamespaceEvent, stop chan bool) error {
nsEventQueue := oscache.NewEventQueue(cache.MetaNamespaceKeyFunc)
listWatch := &cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return oi.kClient.Namespaces().List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return oi.kClient.Namespaces().Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
}
cache.NewReflector(listWatch, &kapi.Namespace{}, nsEventQueue, 4*time.Minute).Run()
for {
eventType, obj, err := nsEventQueue.Pop()
if err != nil {
return err
}
switch eventType {
case watch.Added:
// we should ignore the modified event because status updates cause unnecessary noise
// the only time we would care about modified would be if the node changes its IP address
// and hence all nodes need to update their vtep entries for the respective subnet
// create nodeEvent
ns := obj.(*kapi.Namespace)
receiver <- &osdnapi.NamespaceEvent{Type: osdnapi.Added, Name: ns.ObjectMeta.Name}
case watch.Deleted:
// TODO: There is a chance that a Delete event will not get triggered.
// Need to use a periodic sync loop that lists and compares.
ns := obj.(*kapi.Namespace)
receiver <- &osdnapi.NamespaceEvent{Type: osdnapi.Deleted, Name: ns.ObjectMeta.Name}
}
}
}
func TestWouldWorkOn(t *testing.T) {
fakeLabels := labels.NewFakeApplicator()
fakeLabels.SetLabel(labels.RC, "abc-123", "color", "red")
fakeLabels.SetLabel(labels.RC, "def-456", "color", "blue")
f := &Farm{
labeler: fakeLabels,
rcSelector: klabels.Everything().Add("color", klabels.EqualsOperator, []string{"red"}),
}
workOn, err := f.shouldWorkOn(rc_fields.ID("abc-123"))
Assert(t).IsNil(err, "should not have erred on abc-123")
Assert(t).IsTrue(workOn, "should have worked on abc-123, but didn't")
dontWorkOn, err := f.shouldWorkOn(rc_fields.ID("def-456"))
Assert(t).IsNil(err, "should not have erred on def-456")
Assert(t).IsFalse(dontWorkOn, "should not have worked on def-456, but did")
dontWorkOn, err = f.shouldWorkOn(rc_fields.ID("987-cba"))
Assert(t).IsNil(err, "should not have erred on 987-cba")
Assert(t).IsFalse(dontWorkOn, "should not have worked on 987-cba, but did")
f.rcSelector = klabels.Everything()
workOn, err = f.shouldWorkOn(rc_fields.ID("def-456"))
Assert(t).IsNil(err, "should not have erred on def-456")
Assert(t).IsTrue(workOn, "should have worked on def-456, but didn't")
}
func RunProjectCache(c client.Interface, defaultNodeSelector string) {
if pcache != nil {
return
}
store := cache.NewStore(cache.MetaNamespaceKeyFunc)
reflector := cache.NewReflector(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return c.Namespaces().List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return c.Namespaces().Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
},
&kapi.Namespace{},
store,
0,
)
reflector.Run()
pcache = &ProjectCache{
Client: c,
Store: store,
DefaultNodeSelector: defaultNodeSelector,
}
}
func New(kubeClient client.Interface, resyncPeriod controller.ResyncPeriodFunc, threshold int) *GCController {
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartLogging(glog.Infof)
eventBroadcaster.StartRecordingToSink(kubeClient.Events(""))
gcc := &GCController{
kubeClient: kubeClient,
threshold: threshold,
deletePod: func(namespace, name string) error {
return kubeClient.Pods(namespace).Delete(name, api.NewDeleteOptions(0))
},
}
terminatedSelector := compileTerminatedPodSelector()
gcc.podStore.Store, gcc.podStoreSyncer = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return gcc.kubeClient.Pods(api.NamespaceAll).List(labels.Everything(), terminatedSelector)
},
WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
return gcc.kubeClient.Pods(api.NamespaceAll).Watch(labels.Everything(), terminatedSelector, options)
},
},
&api.Pod{},
resyncPeriod(),
framework.ResourceEventHandlerFuncs{},
)
return gcc
}
// Stop on a reaper is actually used for deletion. In this case, we'll delete referencing clusterroleclusterBindings
// then delete the clusterrole.
func (r *ClusterRoleReaper) Stop(namespace, name string, timeout time.Duration, gracePeriod *kapi.DeleteOptions) (string, error) {
clusterBindings, err := r.clusterBindingClient.ClusterRoleBindings().List(labels.Everything(), fields.Everything())
if err != nil {
return "", err
}
for _, clusterBinding := range clusterBindings.Items {
if clusterBinding.RoleRef.Name == name {
if err := r.clusterBindingClient.ClusterRoleBindings().Delete(clusterBinding.Name); err != nil && !kerrors.IsNotFound(err) {
glog.Infof("Cannot delete clusterrolebinding/%s: %v", clusterBinding.Name, err)
}
}
}
namespacedBindings, err := r.bindingClient.RoleBindings(kapi.NamespaceNone).List(labels.Everything(), fields.Everything())
if err != nil {
return "", err
}
for _, namespacedBinding := range namespacedBindings.Items {
if namespacedBinding.RoleRef.Namespace == kapi.NamespaceNone && namespacedBinding.RoleRef.Name == name {
if err := r.bindingClient.RoleBindings(namespacedBinding.Namespace).Delete(namespacedBinding.Name); err != nil && !kerrors.IsNotFound(err) {
glog.Infof("Cannot delete rolebinding/%s in %s: %v", namespacedBinding.Name, namespacedBinding.Namespace, err)
}
}
}
if err := r.roleClient.ClusterRoles().Delete(name); err != nil && !kerrors.IsNotFound(err) {
return "", err
}
return "", nil
}
func equalPodClusters() (*PodCluster, *PodCluster) {
a := &PodCluster{
ID: "abc123",
PodID: "carrot",
Name: "production",
AvailabilityZone: "east",
Annotations: map[string]interface{}{
"key1": "value",
"key2": 2,
},
PodSelector: labels.Everything().Add("environment", labels.EqualsOperator, []string{"fancy"}),
}
b := &PodCluster{
ID: "abc123",
PodID: "carrot",
Name: "production",
AvailabilityZone: "east",
Annotations: map[string]interface{}{
"key1": "value",
"key2": 2,
},
PodSelector: labels.Everything().Add("environment", labels.EqualsOperator, []string{"fancy"}),
}
return a, b
}
// In order to process services deleted while controller is down, fill the queue on startup
func (e *NetworkController) startUp() {
svcList, err := e.client.Services(api.NamespaceAll).List(labels.Everything(), fields.Everything())
if err != nil {
glog.Errorf("Unable to list services: %v", err)
return
}
for _, svc := range svcList.Items {
if svc.Spec.Type == api.ServiceTypeNetworkProvider {
key, err := keyFunc(svc)
if err != nil {
glog.Errorf("Unable to get key for svc %s", svc.Name)
continue
}
e.queue.Add(key)
}
}
endpointList, err := e.client.Endpoints(api.NamespaceAll).List(labels.Everything(), fields.Everything())
if err != nil {
glog.Errorf("Unable to list endpoints: %v", err)
return
}
for _, ep := range endpointList.Items {
e.addEndpoint(&ep)
}
}
// NewNamespaceController creates a new NamespaceController
func NewNamespaceController(kubeClient client.Interface, resyncPeriod time.Duration) *NamespaceController {
_, controller := framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return kubeClient.Namespaces().List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return kubeClient.Namespaces().Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
},
&api.Namespace{},
resyncPeriod,
framework.ResourceEventHandlerFuncs{
AddFunc: func(obj interface{}) {
namespace := obj.(*api.Namespace)
err := syncNamespace(kubeClient, *namespace)
if err != nil {
glog.Error(err)
}
},
UpdateFunc: func(oldObj, newObj interface{}) {
namespace := newObj.(*api.Namespace)
err := syncNamespace(kubeClient, *namespace)
if err != nil {
glog.Error(err)
}
},
},
)
return &NamespaceController{
controller: controller,
}
}
// NewNamespaceController creates a new NamespaceController
func NewNamespaceController(kubeClient client.Interface, experimentalMode bool, resyncPeriod time.Duration) *NamespaceController {
var controller *framework.Controller
_, controller = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return kubeClient.Namespaces().List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return kubeClient.Namespaces().Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
},
&api.Namespace{},
resyncPeriod,
framework.ResourceEventHandlerFuncs{
AddFunc: func(obj interface{}) {
namespace := obj.(*api.Namespace)
if err := syncNamespace(kubeClient, experimentalMode, *namespace); err != nil {
if estimate, ok := err.(*contentRemainingError); ok {
go func() {
// Estimate is the aggregate total of TerminationGracePeriodSeconds, which defaults to 30s
// for pods. However, most processes will terminate faster - within a few seconds, probably
// with a peak within 5-10s. So this division is a heuristic that avoids waiting the full
// duration when in many cases things complete more quickly. The extra second added is to
// ensure we never wait 0 seconds.
t := estimate.Estimate/2 + 1
glog.V(4).Infof("Content remaining in namespace %s, waiting %d seconds", namespace.Name, t)
time.Sleep(time.Duration(t) * time.Second)
if err := controller.Requeue(namespace); err != nil {
util.HandleError(err)
}
}()
return
}
util.HandleError(err)
}
},
UpdateFunc: func(oldObj, newObj interface{}) {
namespace := newObj.(*api.Namespace)
if err := syncNamespace(kubeClient, experimentalMode, *namespace); err != nil {
if estimate, ok := err.(*contentRemainingError); ok {
go func() {
t := estimate.Estimate/2 + 1
glog.V(4).Infof("Content remaining in namespace %s, waiting %d seconds", namespace.Name, t)
time.Sleep(time.Duration(t) * time.Second)
if err := controller.Requeue(namespace); err != nil {
util.HandleError(err)
}
}()
return
}
util.HandleError(err)
}
},
},
)
return &NamespaceController{
controller: controller,
}
}
// TestGetNodeAddresses verifies that proper results are returned
// when requesting node addresses.
func TestGetNodeAddresses(t *testing.T) {
master, _, assert := setUp(t)
// Fail case (no addresses associated with nodes)
nodes, _ := master.nodeRegistry.ListNodes(api.NewDefaultContext(), labels.Everything(), fields.Everything(), nil)
addrs, err := master.getNodeAddresses()
assert.Error(err, "getNodeAddresses should have caused an error as there are no addresses.")
assert.Equal([]string(nil), addrs)
// Pass case with External type IP
nodes, _ = master.nodeRegistry.ListNodes(api.NewDefaultContext(), labels.Everything(), fields.Everything(), nil)
for index := range nodes.Items {
nodes.Items[index].Status.Addresses = []api.NodeAddress{{Type: api.NodeExternalIP, Address: "127.0.0.1"}}
}
addrs, err = master.getNodeAddresses()
assert.NoError(err, "getNodeAddresses should not have returned an error.")
assert.Equal([]string{"127.0.0.1", "127.0.0.1"}, addrs)
// Pass case with LegacyHost type IP
nodes, _ = master.nodeRegistry.ListNodes(api.NewDefaultContext(), labels.Everything(), fields.Everything(), nil)
for index := range nodes.Items {
nodes.Items[index].Status.Addresses = []api.NodeAddress{{Type: api.NodeLegacyHostIP, Address: "127.0.0.2"}}
}
addrs, err = master.getNodeAddresses()
assert.NoError(err, "getNodeAddresses failback should not have returned an error.")
assert.Equal([]string{"127.0.0.2", "127.0.0.2"}, addrs)
}
// This test is identical to the quit test, except that it does not explicitly quit
// the first result. This is to test that one misbehaving client cannot interrupt
// the flow of messages to all other clients
func TestIgnoreIndividualWatch(t *testing.T) {
alterAggregationTime(time.Millisecond)
fakeKV := &fakeLabelStore{fakeLabeledPods(), nil}
aggreg := NewConsulAggregator(POD, fakeKV, logging.DefaultLogger, metrics.NewRegistry())
go aggreg.Aggregate()
defer aggreg.Quit()
quitCh1 := make(chan struct{})
_ = aggreg.Watch(labels.Everything().Add("color", labels.EqualsOperator, []string{"green"}), quitCh1)
quitCh2 := make(chan struct{})
labeledChannel2 := aggreg.Watch(labels.Everything().Add("deployment", labels.EqualsOperator, []string{"production"}), quitCh2)
Assert(t).AreEqual(int64(2), aggreg.metWatchCount.Value(), "should currently have two watchers")
// iterate twice to show that we are not waiting on other now-closed channels
for i := 0; i < 2; i++ {
select {
case <-time.After(time.Second):
t.Fatalf("Should not have taken a second to get results on iteration %v", i)
case labeled, ok := <-labeledChannel2:
Assert(t).IsTrue(ok, "should have been okay")
Assert(t).AreEqual(1, len(labeled), "Should have one result with a production deployment")
Assert(t).AreEqual("maroono", labeled[0].ID, "Should have received maroono as the one production deployment")
}
}
Assert(t).AreEqual(aggreg.metWatchSendMiss.Value(), int64(1), "should have missed exactly one watch send")
}
func NewReadOnlyClusterPolicyBindingCache(registry clusterbindingregistry.WatchingRegistry) *readOnlyClusterPolicyBindingCache {
ctx := kapi.WithNamespace(kapi.NewContext(), kapi.NamespaceAll)
indexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{"namespace": cache.MetaNamespaceIndexFunc})
reflector := cache.NewReflector(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return registry.ListClusterPolicyBindings(ctx, labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return registry.WatchClusterPolicyBindings(ctx, labels.Everything(), fields.Everything(), resourceVersion)
},
},
&authorizationapi.ClusterPolicyBinding{},
indexer,
2*time.Minute,
)
return &readOnlyClusterPolicyBindingCache{
registry: registry,
indexer: indexer,
reflector: reflector,
keyFunc: cache.MetaNamespaceKeyFunc,
}
}
func (a *DefaultRuleResolver) GetRoleBindings(ctx kapi.Context) ([]authorizationinterfaces.RoleBinding, error) {
namespace := kapi.NamespaceValue(ctx)
if len(namespace) == 0 {
policyBindingList, err := a.clusterBindingLister.ListClusterPolicyBindings(ctx, labels.Everything(), fields.Everything())
if err != nil {
return nil, err
}
ret := make([]authorizationinterfaces.RoleBinding, 0, len(policyBindingList.Items))
for _, policyBinding := range policyBindingList.Items {
for _, value := range policyBinding.RoleBindings {
ret = append(ret, authorizationinterfaces.NewClusterRoleBindingAdapter(value))
}
}
return ret, nil
}
policyBindingList, err := a.bindingLister.ListPolicyBindings(ctx, labels.Everything(), fields.Everything())
if err != nil {
return nil, err
}
ret := make([]authorizationinterfaces.RoleBinding, 0, len(policyBindingList.Items))
for _, policyBinding := range policyBindingList.Items {
for _, value := range policyBinding.RoleBindings {
ret = append(ret, authorizationinterfaces.NewLocalRoleBindingAdapter(value))
}
}
return ret, nil
}
// Create creates an ImportController.
func (f *ImportControllerFactory) Create() controller.RunnableController {
lw := &cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return f.Client.ImageStreams(kapi.NamespaceAll).List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return f.Client.ImageStreams(kapi.NamespaceAll).Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
}
q := cache.NewFIFO(cache.MetaNamespaceKeyFunc)
cache.NewReflector(lw, &api.ImageStream{}, q, 2*time.Minute).Run()
c := &ImportController{
streams: f.Client,
mappings: f.Client,
}
return &controller.RetryController{
Queue: q,
RetryManager: controller.NewQueueRetryManager(
q,
cache.MetaNamespaceKeyFunc,
func(obj interface{}, err error, retries controller.Retry) bool {
util.HandleError(err)
return retries.Count < 5
},
kutil.NewTokenBucketRateLimiter(1, 10),
),
Handle: func(obj interface{}) error {
r := obj.(*api.ImageStream)
return c.Next(r)
},
}
}
func runBuildConfigChangeControllerTest(t *testing.T, clusterAdminClient *client.Client, clusterAdminKubeClient *kclient.Client) {
config := configChangeBuildConfig()
created, err := clusterAdminClient.BuildConfigs(testutil.Namespace()).Create(config)
if err != nil {
t.Fatalf("Couldn't create BuildConfig: %v", err)
}
watch, err := clusterAdminClient.Builds(testutil.Namespace()).Watch(labels.Everything(), fields.Everything(), created.ResourceVersion)
if err != nil {
t.Fatalf("Couldn't subscribe to Builds %v", err)
}
defer watch.Stop()
watch2, err := clusterAdminClient.BuildConfigs(testutil.Namespace()).Watch(labels.Everything(), fields.Everything(), created.ResourceVersion)
if err != nil {
t.Fatalf("Couldn't subscribe to BuildConfigs %v", err)
}
defer watch2.Stop()
// wait for initial build event
event := waitForWatch(t, "config change initial build added", watch)
if e, a := watchapi.Added, event.Type; e != a {
t.Fatalf("expected watch event type %s, got %s", e, a)
}
event = waitForWatch(t, "config change config updated", watch2)
if e, a := watchapi.Modified, event.Type; e != a {
t.Fatalf("expected watch event type %s, got %s", e, a)
}
if bc := event.Object.(*buildapi.BuildConfig); bc.Status.LastVersion == 0 {
t.Fatalf("expected build config lastversion to be greater than zero after build")
}
}
func newWatcher(kr *kregistry) (registry.Watcher, error) {
svi := kr.client.Services(api.NamespaceAll)
services, err := svi.List(labels.Everything(), fields.Everything())
if err != nil {
return nil, err
}
watch, err := svi.Watch(labels.Everything(), fields.Everything(), services.ResourceVersion)
if err != nil {
return nil, err
}
w := &watcher{
registry: kr,
watcher: watch,
}
go func() {
for event := range watch.ResultChan() {
w.update(event)
}
}()
return w, nil
}
func TestSetLabels(t *testing.T) {
c := &consulApplicator{
kv: &fakeLabelStore{data: map[string][]byte{}},
logger: logging.DefaultLogger,
}
Assert(t).IsNil(c.SetLabel(POD, "object", "label", "value"), "should have had nil error when setting label")
matches, err := c.GetMatches(labels.Everything().Add("label", labels.EqualsOperator, []string{"value"}), POD, false)
Assert(t).IsNil(err, "should have had nil error fetching positive matches")
Assert(t).AreEqual(len(matches), 1, "should have had exactly one positive match")
labelsToSet := map[string]string{
"label1": "value1",
"label2": "value2",
}
Assert(t).IsNil(c.SetLabels(POD, "object", labelsToSet), "should not have erred setting multiple labels")
sel := labels.Everything().
Add("label", labels.EqualsOperator, []string{"value"}).
Add("label1", labels.EqualsOperator, []string{"value1"}).
Add("label2", labels.EqualsOperator, []string{"value2"})
matches, err = c.GetMatches(sel, POD, false)
Assert(t).IsNil(err, "should have had nil error fetching positive matches")
Assert(t).AreEqual(len(matches), 1, "should have had exactly one positive match")
}
func TestNewClient(t *testing.T) {
o := NewObjects(api.Scheme, api.Scheme)
if err := AddObjectsFromPath("../../../../examples/guestbook/frontend-service.yaml", o, api.Scheme); err != nil {
t.Fatal(err)
}
client := &Fake{}
client.AddReactor("*", "*", ObjectReaction(o, testapi.Default.RESTMapper()))
list, err := client.Services("test").List(labels.Everything(), fields.Everything(), unversioned.ListOptions{})
if err != nil {
t.Fatal(err)
}
if len(list.Items) != 1 {
t.Fatalf("unexpected list %#v", list)
}
// When list is invoked a second time, the same results are returned.
list, err = client.Services("test").List(labels.Everything(), fields.Everything(), unversioned.ListOptions{})
if err != nil {
t.Fatal(err)
}
if len(list.Items) != 1 {
t.Fatalf("unexpected list %#v", list)
}
t.Logf("list: %#v", list)
}
func verifyResult(c *client.Client, podName string, ns string, oldNotScheduled int) {
allPods, err := c.Pods(api.NamespaceAll).List(labels.Everything(), fields.Everything())
expectNoError(err)
scheduledPods, notScheduledPods := getPodsScheduled(allPods)
schedEvents, err := c.Events(ns).List(
labels.Everything(),
fields.Set{
"involvedObject.kind": "Pod",
"involvedObject.name": podName,
"involvedObject.namespace": ns,
"source": "scheduler",
"reason": "FailedScheduling",
}.AsSelector())
expectNoError(err)
printed := false
printOnce := func(msg string) string {
if !printed {
printed = true
return msg
} else {
return ""
}
}
Expect(len(notScheduledPods)).To(Equal(1+oldNotScheduled), printOnce(fmt.Sprintf("Not scheduled Pods: %#v", notScheduledPods)))
Expect(schedEvents.Items).ToNot(BeEmpty(), printOnce(fmt.Sprintf("Scheduled Pods: %#v", scheduledPods)))
}
// NewDockercfgController returns a new *DockercfgController.
func NewDockercfgController(cl client.Interface, options DockercfgControllerOptions) *DockercfgController {
e := &DockercfgController{
client: cl,
}
_, e.serviceAccountController = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return e.client.ServiceAccounts(api.NamespaceAll).List(labels.Everything(), fields.Everything())
},
WatchFunc: func(rv string) (watch.Interface, error) {
return e.client.ServiceAccounts(api.NamespaceAll).Watch(labels.Everything(), fields.Everything(), rv)
},
},
&api.ServiceAccount{},
options.Resync,
framework.ResourceEventHandlerFuncs{
AddFunc: e.serviceAccountAdded,
UpdateFunc: e.serviceAccountUpdated,
},
)
e.dockerURL = options.DefaultDockerURL
return e
}
// Create creates a DeploymentConfigChangeController.
func (factory *DeploymentConfigChangeControllerFactory) Create() controller.RunnableController {
deploymentConfigLW := &deployutil.ListWatcherImpl{
ListFunc: func() (runtime.Object, error) {
return factory.Client.DeploymentConfigs(kapi.NamespaceAll).List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return factory.Client.DeploymentConfigs(kapi.NamespaceAll).Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
}
queue := cache.NewFIFO(cache.MetaNamespaceKeyFunc)
cache.NewReflector(deploymentConfigLW, &deployapi.DeploymentConfig{}, queue, 2*time.Minute).Run()
eventBroadcaster := record.NewBroadcaster()
eventBroadcaster.StartRecordingToSink(factory.KubeClient.Events(""))
changeController := &DeploymentConfigChangeController{
changeStrategy: &changeStrategyImpl{
getDeploymentFunc: func(namespace, name string) (*kapi.ReplicationController, error) {
return factory.KubeClient.ReplicationControllers(namespace).Get(name)
},
generateDeploymentConfigFunc: func(namespace, name string) (*deployapi.DeploymentConfig, error) {
return factory.Client.DeploymentConfigs(namespace).Generate(name)
},
updateDeploymentConfigFunc: func(namespace string, config *deployapi.DeploymentConfig) (*deployapi.DeploymentConfig, error) {
return factory.Client.DeploymentConfigs(namespace).Update(config)
},
},
decodeConfig: func(deployment *kapi.ReplicationController) (*deployapi.DeploymentConfig, error) {
return deployutil.DecodeDeploymentConfig(deployment, factory.Codec)
},
recorder: eventBroadcaster.NewRecorder(kapi.EventSource{Component: "deployer"}),
}
return &controller.RetryController{
Queue: queue,
RetryManager: controller.NewQueueRetryManager(
queue,
cache.MetaNamespaceKeyFunc,
func(obj interface{}, err error, retries controller.Retry) bool {
kutil.HandleError(err)
if _, isFatal := err.(fatalError); isFatal {
return false
}
if retries.Count > 0 {
return false
}
return true
},
kutil.NewTokenBucketRateLimiter(1, 10),
),
Handle: func(obj interface{}) error {
config := obj.(*deployapi.DeploymentConfig)
return changeController.Handle(config)
},
}
}
// GetReplicationControllerList returns a list of all Replication Controllers in the cluster.
func GetReplicationControllerList(client *client.Client) (*ReplicationControllerList, error) {
log.Printf("Getting list of all replication controllers in the cluster")
listEverything := api.ListOptions{
LabelSelector: labels.Everything(),
FieldSelector: fields.Everything(),
}
replicationControllers, err := client.ReplicationControllers(api.NamespaceAll).List(listEverything)
if err != nil {
return nil, err
}
services, err := client.Services(api.NamespaceAll).List(listEverything)
if err != nil {
return nil, err
}
pods, err := client.Pods(api.NamespaceAll).List(listEverything)
if err != nil {
return nil, err
}
eventsList, err := client.Events(api.NamespaceAll).List(api.ListOptions{
LabelSelector: labels.Everything(),
FieldSelector: fields.Everything(),
})
if err != nil {
return nil, err
}
// Anonymous callback function to get pods warnings.
// Function fulfils GetPodsEventWarningsFunc type contract.
// Based on list of api pods returns list of pod related warning events
getPodsEventWarningsFn := func(pods []api.Pod) []Event {
return GetPodsEventWarnings(eventsList, pods)
}
// Anonymous callback function to get nodes by their names.
getNodeFn := func(nodeName string) (*api.Node, error) {
return client.Nodes().Get(nodeName)
}
result, err := getReplicationControllerList(replicationControllers.Items, services.Items,
pods.Items, getPodsEventWarningsFn, getNodeFn)
if err != nil {
return nil, err
}
return result, nil
}
// Complete converts string representations of field and label selectors to their parsed equivalent, or
// returns an error.
func (o *RouterSelection) Complete() error {
if len(o.HostnameTemplate) == 0 && o.OverrideHostname {
return fmt.Errorf("--override-hostname requires that --hostname-template be specified")
}
if len(o.LabelSelector) > 0 {
s, err := labels.Parse(o.LabelSelector)
if err != nil {
return fmt.Errorf("label selector is not valid: %v", err)
}
o.Labels = s
} else {
o.Labels = labels.Everything()
}
if len(o.FieldSelector) > 0 {
s, err := fields.ParseSelector(o.FieldSelector)
if err != nil {
return fmt.Errorf("field selector is not valid: %v", err)
}
o.Fields = s
} else {
o.Fields = fields.Everything()
}
if len(o.ProjectLabelSelector) > 0 {
if len(o.Namespace) > 0 {
return fmt.Errorf("only one of --project-labels and --namespace may be used")
}
if len(o.NamespaceLabelSelector) > 0 {
return fmt.Errorf("only one of --namespace-labels and --project-labels may be used")
}
if o.ProjectLabelSelector == "*" {
o.ProjectLabels = labels.Everything()
} else {
s, err := labels.Parse(o.ProjectLabelSelector)
if err != nil {
return fmt.Errorf("--project-labels selector is not valid: %v", err)
}
o.ProjectLabels = s
}
}
if len(o.NamespaceLabelSelector) > 0 {
if len(o.Namespace) > 0 {
return fmt.Errorf("only one of --namespace-labels and --namespace may be used")
}
s, err := labels.Parse(o.NamespaceLabelSelector)
if err != nil {
return fmt.Errorf("--namespace-labels selector is not valid: %v", err)
}
o.NamespaceLabels = s
}
return nil
}
func doServiceAccountAPIRequests(t *testing.T, c *client.Client, ns string, authenticated bool, canRead bool, canWrite bool) {
testSecret := &api.Secret{
ObjectMeta: api.ObjectMeta{Name: "testSecret"},
Data: map[string][]byte{"test": []byte("data")},
}
readOps := []testOperation{
func() error {
_, err := c.Secrets(ns).List(labels.Everything(), fields.Everything(), unversioned.ListOptions{})
return err
},
func() error {
_, err := c.Pods(ns).List(labels.Everything(), fields.Everything(), unversioned.ListOptions{})
return err
},
}
writeOps := []testOperation{
func() error { _, err := c.Secrets(ns).Create(testSecret); return err },
func() error { return c.Secrets(ns).Delete(testSecret.Name) },
}
for _, op := range readOps {
err := op()
unauthorizedError := errors.IsUnauthorized(err)
forbiddenError := errors.IsForbidden(err)
switch {
case !authenticated && !unauthorizedError:
t.Fatalf("expected unauthorized error, got %v", err)
case authenticated && unauthorizedError:
t.Fatalf("unexpected unauthorized error: %v", err)
case authenticated && canRead && forbiddenError:
t.Fatalf("unexpected forbidden error: %v", err)
case authenticated && !canRead && !forbiddenError:
t.Fatalf("expected forbidden error, got: %v", err)
}
}
for _, op := range writeOps {
err := op()
unauthorizedError := errors.IsUnauthorized(err)
forbiddenError := errors.IsForbidden(err)
switch {
case !authenticated && !unauthorizedError:
t.Fatalf("expected unauthorized error, got %v", err)
case authenticated && unauthorizedError:
t.Fatalf("unexpected unauthorized error: %v", err)
case authenticated && canWrite && forbiddenError:
t.Fatalf("unexpected forbidden error: %v", err)
case authenticated && !canWrite && !forbiddenError:
t.Fatalf("expected forbidden error, got: %v", err)
}
}
}
// NewPersistentVolumeProvisionerController creates a new PersistentVolumeProvisionerController
func NewPersistentVolumeProvisionerController(client controllerClient, syncPeriod time.Duration, plugins []volume.VolumePlugin, provisioner volume.ProvisionableVolumePlugin, cloud cloudprovider.Interface) (*PersistentVolumeProvisionerController, error) {
controller := &PersistentVolumeProvisionerController{
client: client,
cloud: cloud,
provisioner: provisioner,
}
if err := controller.pluginMgr.InitPlugins(plugins, controller); err != nil {
return nil, fmt.Errorf("Could not initialize volume plugins for PersistentVolumeProvisionerController: %+v", err)
}
glog.V(5).Infof("Initializing provisioner: %s", controller.provisioner.Name())
controller.provisioner.Init(controller)
controller.volumeStore, controller.volumeController = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return client.ListPersistentVolumes(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVesion string) (watch.Interface, error) {
return client.WatchPersistentVolumes(labels.Everything(), fields.Everything(), resourceVesion)
},
},
&api.PersistentVolume{},
syncPeriod,
framework.ResourceEventHandlerFuncs{
AddFunc: controller.handleAddVolume,
UpdateFunc: controller.handleUpdateVolume,
// delete handler not needed in this controller.
// volume deletion is handled by the recycler controller
},
)
controller.claimStore, controller.claimController = framework.NewInformer(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return client.ListPersistentVolumeClaims(api.NamespaceAll, labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return client.WatchPersistentVolumeClaims(api.NamespaceAll, labels.Everything(), fields.Everything(), resourceVersion)
},
},
&api.PersistentVolumeClaim{},
syncPeriod,
framework.ResourceEventHandlerFuncs{
AddFunc: controller.handleAddClaim,
UpdateFunc: controller.handleUpdateClaim,
// delete handler not needed.
// normal recycling applies when a claim is deleted.
// recycling is handled by the binding controller.
},
)
return controller, nil
}
func TestBootstrapPolicyAuthenticatedUsersAgainstOpenshiftNamespace(t *testing.T) {
_, clusterAdminKubeConfig, err := testutil.StartTestMaster()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
clusterAdminClientConfig, err := testutil.GetClusterAdminClientConfig(clusterAdminKubeConfig)
if err != nil {
t.Errorf("unexpected error: %v", err)
}
valerieClientConfig := *clusterAdminClientConfig
valerieClientConfig.Username = ""
valerieClientConfig.Password = ""
valerieClientConfig.BearerToken = ""
valerieClientConfig.CertFile = ""
valerieClientConfig.KeyFile = ""
valerieClientConfig.CertData = nil
valerieClientConfig.KeyData = nil
accessToken, err := tokencmd.RequestToken(&valerieClientConfig, nil, "valerie", "security!")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
valerieClientConfig.BearerToken = accessToken
valerieOpenshiftClient, err := client.New(&valerieClientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
openshiftSharedResourcesNamespace := "openshift"
if _, err := valerieOpenshiftClient.Templates(openshiftSharedResourcesNamespace).List(labels.Everything(), fields.Everything()); err != nil {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.Templates(kapi.NamespaceDefault).List(labels.Everything(), fields.Everything()); err == nil || !kapierror.IsForbidden(err) {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.ImageStreams(openshiftSharedResourcesNamespace).List(labels.Everything(), fields.Everything()); err != nil {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.ImageStreams(kapi.NamespaceDefault).List(labels.Everything(), fields.Everything()); err == nil || !kapierror.IsForbidden(err) {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.ImageStreamTags(openshiftSharedResourcesNamespace).Get("name", "tag"); !kapierror.IsNotFound(err) {
t.Errorf("unexpected error: %v", err)
}
if _, err := valerieOpenshiftClient.ImageStreamTags(kapi.NamespaceDefault).Get("name", "tag"); err == nil || !kapierror.IsForbidden(err) {
t.Errorf("unexpected error: %v", err)
}
}