s/whitelist/allowlist (#940)

* s/whitelist/allowlist * Make transparently compatible with pre 1.26 client
Shopify · Dec 11, 2023 · 41a63a8 · 41a63a8
1 parent b87c0c0
commit 41a63a8
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 ## next
 
+# 3.4.0
+
+- Use `prune-allowlist` instead of `prune-whitelist` for 1.26+ clusters. Clusters running 1.25 or less will continue to use `--prune-whitelist`. [#940](https://github.com/Shopify/krane/pull/940)
+
 ## 3.3.0
 
 *Enhancements*

diff --git a/lib/krane/deploy_task.rb b/lib/krane/deploy_task.rb
@@ -77,7 +77,7 @@ def predeploy_sequence
       Hash[before_crs + crs + after_crs]
     end
 
-    def prune_whitelist
+    def prune_allowlist
       cluster_resource_discoverer.prunable_resources(namespaced: true)
     end
 
@@ -192,7 +192,7 @@ def run!(verify_result: true, prune: true)
 
     def resource_deployer
       @resource_deployer ||= Krane::ResourceDeployer.new(task_config: @task_config,
-        prune_whitelist: prune_whitelist, global_timeout: @global_timeout,
+        prune_allowlist: prune_allowlist, global_timeout: @global_timeout,
         selector: @selector, statsd_tags: statsd_tags, current_sha: @current_sha)
     end
 

diff --git a/lib/krane/global_deploy_task.rb b/lib/krane/global_deploy_task.rb
@@ -108,7 +108,7 @@ def run!(verify_result: true, prune: true)
 
     def deploy!(resources, verify_result, prune)
       resource_deployer = ResourceDeployer.new(task_config: @task_config,
-        prune_whitelist: prune_whitelist, global_timeout: @global_timeout,
+        prune_allowlist: prune_allowlist, global_timeout: @global_timeout,
         selector: @selector, statsd_tags: statsd_tags)
       resource_deployer.deploy!(resources, verify_result, prune)
     end
@@ -194,7 +194,7 @@ def kubectl
       @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
     end
 
-    def prune_whitelist
+    def prune_allowlist
       cluster_resource_discoverer.prunable_resources(namespaced: false)
     end
 

diff --git a/lib/krane/kubectl.rb b/lib/krane/kubectl.rb
@@ -12,6 +12,7 @@ class Kubectl
     DEFAULT_TIMEOUT = 15
     MAX_RETRY_DELAY = 16
     SERVER_DRY_RUN_MIN_VERSION = "1.13"
+    ALLOW_LIST_MIN_VERSION = "1.26"
 
     class ResourceNotFoundError < StandardError; end
 
@@ -112,6 +113,14 @@ def dry_run_flag
       "--dry-run=server"
     end
 
+    def allowlist_flag
+      if client_version >= Gem::Version.new(ALLOW_LIST_MIN_VERSION)
+        "--prune-allowlist"
+      else
+        "--prune-whitelist"
+      end
+    end
+
     private
 
     def build_command_from_options(args, use_namespace, use_context, output)

diff --git a/lib/krane/resource_deployer.rb b/lib/krane/resource_deployer.rb
@@ -11,9 +11,9 @@ class ResourceDeployer
     delegate :logger, to: :@task_config
     attr_reader :statsd_tags
 
-    def initialize(task_config:, prune_whitelist:, global_timeout:, current_sha: nil, selector:, statsd_tags:)
+    def initialize(task_config:, prune_allowlist:, global_timeout:, current_sha: nil, selector:, statsd_tags:)
       @task_config = task_config
-      @prune_whitelist = prune_whitelist
+      @prune_allowlist = prune_allowlist
       @global_timeout = global_timeout
       @current_sha = current_sha
       @selector = selector
@@ -102,7 +102,7 @@ def deploy_resources(resources, prune: false, verify:, record_summary: true)
       # Apply can be done in one large batch, the rest have to be done individually
       applyables, individuals = resources.partition { |r| r.deploy_method == :apply }
       # Prunable resources should also applied so that they can  be pruned
-      pruneable_types = @prune_whitelist.map { |t| t.split("/").last }
+      pruneable_types = @prune_allowlist.map { |t| t.split("/").last }
       applyables += individuals.select { |r| pruneable_types.include?(r.type) && !r.deploy_method_override }
 
       individuals.each do |individual_resource|
@@ -147,14 +147,15 @@ def apply_all(resources, prune, dry_run: false)
           r.deploy_started_at = Time.now.utc unless dry_run
         end
         command.push("-f", tmp_dir)
-        if prune && @prune_whitelist.present?
+        if prune && @prune_allowlist.present?
           command.push("--prune")
           if @selector
             command.push("--selector", @selector.to_s)
           else
             command.push("--all")
           end
-          @prune_whitelist.each { |type| command.push("--prune-whitelist=#{type}") }
+          allow_list_flag = kubectl.allowlist_flag
+          @prune_allowlist.each { |type| command.push("#{allow_list_flag}=#{type}") }
         end
 
         command.push(kubectl.dry_run_flag) if dry_run

diff --git a/lib/krane/version.rb b/lib/krane/version.rb
@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Krane
-  VERSION = "3.3.0"
+  VERSION = "3.4.0"
 end
diff --git a/test/unit/krane/resource_deployer_test.rb b/test/unit/krane/resource_deployer_test.rb
@@ -4,21 +4,22 @@
 
 class ResourceDeployerTest < Krane::TestCase
   def test_deploy_prune_builds_whitelist
-    whitelist_kind = "fake_kind"
+    allowlist_kind = "fake_kind"
     resource = build_mock_resource
+    Krane::Kubectl.any_instance.expects(:client_version).returns(Gem::Version.new("1.26"))
     Krane::Kubectl.any_instance.expects(:run).with do |*args|
-      args.include?("--prune-whitelist=#{whitelist_kind}")
+      args.include?("--prune-allowlist=#{allowlist_kind}")
     end.returns(["", "", stub(success?: true)])
-    resource_deployer(kubectl_times: 0, prune_whitelist: [whitelist_kind]).deploy!([resource], false, true)
+    resource_deployer(kubectl_times: 0, prune_allowlist: [allowlist_kind]).deploy!([resource], false, true)
   end
 
   def test_deploy_no_prune_doesnt_prune
-    whitelist_kind = "fake_kind"
+    allowlist_kind = "fake_kind"
     resource = build_mock_resource
     Krane::Kubectl.any_instance.expects(:run).with do |*args|
-      !args.include?("--prune-whitelist=#{whitelist_kind}")
+      !args.include?("--prune-allowlist=#{allowlist_kind}")
     end.returns(["", "", stub(success?: true)])
-    resource_deployer(kubectl_times: 0, prune_whitelist: [whitelist_kind]).deploy!([resource], false, false)
+    resource_deployer(kubectl_times: 0, prune_allowlist: [allowlist_kind]).deploy!([resource], false, false)
   end
 
   def test_deploy_verify_false_message
@@ -84,13 +85,13 @@ def test_predeploy_priority_resources_respects_empty_pre_deploy_list
 
   private
 
-  def resource_deployer(kubectl_times: 1, prune_whitelist: [])
+  def resource_deployer(kubectl_times: 1, prune_allowlist: [])
     unless kubectl_times == 0
       runless = build_runless_kubectl
       Krane::Kubectl.expects(:new).returns(runless).times(kubectl_times)
     end
     @deployer = Krane::ResourceDeployer.new(current_sha: 'test-sha',
-      statsd_tags: [], task_config: task_config, prune_whitelist: prune_whitelist,
+      statsd_tags: [], task_config: task_config, prune_allowlist: prune_allowlist,
       global_timeout: 1, selector: nil)
   end