From 41a63a82b47c9eec4133bc63922be08988432fbe Mon Sep 17 00:00:00 2001 From: Timothy Smith <31742287+timothysmith0609@users.noreply.github.com> Date: Mon, 11 Dec 2023 13:26:26 -0500 Subject: [PATCH] s/whitelist/allowlist (#940) * s/whitelist/allowlist * Make transparently compatible with pre 1.26 client --- CHANGELOG.md | 4 ++++ lib/krane/deploy_task.rb | 4 ++-- lib/krane/global_deploy_task.rb | 4 ++-- lib/krane/kubectl.rb | 9 +++++++++ lib/krane/resource_deployer.rb | 11 ++++++----- lib/krane/version.rb | 2 +- test/unit/krane/resource_deployer_test.rb | 17 +++++++++-------- 7 files changed, 33 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa4bc0b6e..f0da84f5a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## next +# 3.4.0 + +- Use `prune-allowlist` instead of `prune-whitelist` for 1.26+ clusters. Clusters running 1.25 or less will continue to use `--prune-whitelist`. [#940](https://github.com/Shopify/krane/pull/940) + ## 3.3.0 *Enhancements* diff --git a/lib/krane/deploy_task.rb b/lib/krane/deploy_task.rb index 33dec99af..88e669208 100644 --- a/lib/krane/deploy_task.rb +++ b/lib/krane/deploy_task.rb @@ -77,7 +77,7 @@ def predeploy_sequence Hash[before_crs + crs + after_crs] end - def prune_whitelist + def prune_allowlist cluster_resource_discoverer.prunable_resources(namespaced: true) end @@ -192,7 +192,7 @@ def run!(verify_result: true, prune: true) def resource_deployer @resource_deployer ||= Krane::ResourceDeployer.new(task_config: @task_config, - prune_whitelist: prune_whitelist, global_timeout: @global_timeout, + prune_allowlist: prune_allowlist, global_timeout: @global_timeout, selector: @selector, statsd_tags: statsd_tags, current_sha: @current_sha) end diff --git a/lib/krane/global_deploy_task.rb b/lib/krane/global_deploy_task.rb index 559872424..34196aa1e 100644 --- a/lib/krane/global_deploy_task.rb +++ b/lib/krane/global_deploy_task.rb @@ -108,7 +108,7 @@ def run!(verify_result: true, prune: true) def deploy!(resources, verify_result, prune) resource_deployer = ResourceDeployer.new(task_config: @task_config, - prune_whitelist: prune_whitelist, global_timeout: @global_timeout, + prune_allowlist: prune_allowlist, global_timeout: @global_timeout, selector: @selector, statsd_tags: statsd_tags) resource_deployer.deploy!(resources, verify_result, prune) end @@ -194,7 +194,7 @@ def kubectl @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true) end - def prune_whitelist + def prune_allowlist cluster_resource_discoverer.prunable_resources(namespaced: false) end diff --git a/lib/krane/kubectl.rb b/lib/krane/kubectl.rb index c2a8e461d..96d9b3946 100644 --- a/lib/krane/kubectl.rb +++ b/lib/krane/kubectl.rb @@ -12,6 +12,7 @@ class Kubectl DEFAULT_TIMEOUT = 15 MAX_RETRY_DELAY = 16 SERVER_DRY_RUN_MIN_VERSION = "1.13" + ALLOW_LIST_MIN_VERSION = "1.26" class ResourceNotFoundError < StandardError; end @@ -112,6 +113,14 @@ def dry_run_flag "--dry-run=server" end + def allowlist_flag + if client_version >= Gem::Version.new(ALLOW_LIST_MIN_VERSION) + "--prune-allowlist" + else + "--prune-whitelist" + end + end + private def build_command_from_options(args, use_namespace, use_context, output) diff --git a/lib/krane/resource_deployer.rb b/lib/krane/resource_deployer.rb index b8d54ff96..fe0cabe45 100644 --- a/lib/krane/resource_deployer.rb +++ b/lib/krane/resource_deployer.rb @@ -11,9 +11,9 @@ class ResourceDeployer delegate :logger, to: :@task_config attr_reader :statsd_tags - def initialize(task_config:, prune_whitelist:, global_timeout:, current_sha: nil, selector:, statsd_tags:) + def initialize(task_config:, prune_allowlist:, global_timeout:, current_sha: nil, selector:, statsd_tags:) @task_config = task_config - @prune_whitelist = prune_whitelist + @prune_allowlist = prune_allowlist @global_timeout = global_timeout @current_sha = current_sha @selector = selector @@ -102,7 +102,7 @@ def deploy_resources(resources, prune: false, verify:, record_summary: true) # Apply can be done in one large batch, the rest have to be done individually applyables, individuals = resources.partition { |r| r.deploy_method == :apply } # Prunable resources should also applied so that they can be pruned - pruneable_types = @prune_whitelist.map { |t| t.split("/").last } + pruneable_types = @prune_allowlist.map { |t| t.split("/").last } applyables += individuals.select { |r| pruneable_types.include?(r.type) && !r.deploy_method_override } individuals.each do |individual_resource| @@ -147,14 +147,15 @@ def apply_all(resources, prune, dry_run: false) r.deploy_started_at = Time.now.utc unless dry_run end command.push("-f", tmp_dir) - if prune && @prune_whitelist.present? + if prune && @prune_allowlist.present? command.push("--prune") if @selector command.push("--selector", @selector.to_s) else command.push("--all") end - @prune_whitelist.each { |type| command.push("--prune-whitelist=#{type}") } + allow_list_flag = kubectl.allowlist_flag + @prune_allowlist.each { |type| command.push("#{allow_list_flag}=#{type}") } end command.push(kubectl.dry_run_flag) if dry_run diff --git a/lib/krane/version.rb b/lib/krane/version.rb index 67f6325d7..cce4d769d 100644 --- a/lib/krane/version.rb +++ b/lib/krane/version.rb @@ -1,4 +1,4 @@ # frozen_string_literal: true module Krane - VERSION = "3.3.0" + VERSION = "3.4.0" end diff --git a/test/unit/krane/resource_deployer_test.rb b/test/unit/krane/resource_deployer_test.rb index 7c15e56c7..fe1f73dd3 100644 --- a/test/unit/krane/resource_deployer_test.rb +++ b/test/unit/krane/resource_deployer_test.rb @@ -4,21 +4,22 @@ class ResourceDeployerTest < Krane::TestCase def test_deploy_prune_builds_whitelist - whitelist_kind = "fake_kind" + allowlist_kind = "fake_kind" resource = build_mock_resource + Krane::Kubectl.any_instance.expects(:client_version).returns(Gem::Version.new("1.26")) Krane::Kubectl.any_instance.expects(:run).with do |*args| - args.include?("--prune-whitelist=#{whitelist_kind}") + args.include?("--prune-allowlist=#{allowlist_kind}") end.returns(["", "", stub(success?: true)]) - resource_deployer(kubectl_times: 0, prune_whitelist: [whitelist_kind]).deploy!([resource], false, true) + resource_deployer(kubectl_times: 0, prune_allowlist: [allowlist_kind]).deploy!([resource], false, true) end def test_deploy_no_prune_doesnt_prune - whitelist_kind = "fake_kind" + allowlist_kind = "fake_kind" resource = build_mock_resource Krane::Kubectl.any_instance.expects(:run).with do |*args| - !args.include?("--prune-whitelist=#{whitelist_kind}") + !args.include?("--prune-allowlist=#{allowlist_kind}") end.returns(["", "", stub(success?: true)]) - resource_deployer(kubectl_times: 0, prune_whitelist: [whitelist_kind]).deploy!([resource], false, false) + resource_deployer(kubectl_times: 0, prune_allowlist: [allowlist_kind]).deploy!([resource], false, false) end def test_deploy_verify_false_message @@ -84,13 +85,13 @@ def test_predeploy_priority_resources_respects_empty_pre_deploy_list private - def resource_deployer(kubectl_times: 1, prune_whitelist: []) + def resource_deployer(kubectl_times: 1, prune_allowlist: []) unless kubectl_times == 0 runless = build_runless_kubectl Krane::Kubectl.expects(:new).returns(runless).times(kubectl_times) end @deployer = Krane::ResourceDeployer.new(current_sha: 'test-sha', - statsd_tags: [], task_config: task_config, prune_whitelist: prune_whitelist, + statsd_tags: [], task_config: task_config, prune_allowlist: prune_allowlist, global_timeout: 1, selector: nil) end