Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

s/whitelist/allowlist #940

Merged
merged 2 commits into from
Dec 11, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
## next

# 3.4.0

- Use `prune-allowlist` instead of `prune-whitelist` for 1.26+ clusters. Clusters running 1.25 or less will continue to use `--prune-whitelist`. [#940](https://github.com/Shopify/krane/pull/940)

## 3.3.0

*Enhancements*
Expand Down
4 changes: 2 additions & 2 deletions lib/krane/deploy_task.rb
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ def predeploy_sequence
Hash[before_crs + crs + after_crs]
end

def prune_whitelist
def prune_allowlist
cluster_resource_discoverer.prunable_resources(namespaced: true)
end

Expand Down Expand Up @@ -192,7 +192,7 @@ def run!(verify_result: true, prune: true)

def resource_deployer
@resource_deployer ||= Krane::ResourceDeployer.new(task_config: @task_config,
prune_whitelist: prune_whitelist, global_timeout: @global_timeout,
prune_allowlist: prune_allowlist, global_timeout: @global_timeout,
selector: @selector, statsd_tags: statsd_tags, current_sha: @current_sha)
end

Expand Down
4 changes: 2 additions & 2 deletions lib/krane/global_deploy_task.rb
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ def run!(verify_result: true, prune: true)

def deploy!(resources, verify_result, prune)
resource_deployer = ResourceDeployer.new(task_config: @task_config,
prune_whitelist: prune_whitelist, global_timeout: @global_timeout,
prune_allowlist: prune_allowlist, global_timeout: @global_timeout,
selector: @selector, statsd_tags: statsd_tags)
resource_deployer.deploy!(resources, verify_result, prune)
end
Expand Down Expand Up @@ -194,7 +194,7 @@ def kubectl
@kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true)
end

def prune_whitelist
def prune_allowlist
cluster_resource_discoverer.prunable_resources(namespaced: false)
end

Expand Down
9 changes: 9 additions & 0 deletions lib/krane/kubectl.rb
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ class Kubectl
DEFAULT_TIMEOUT = 15
MAX_RETRY_DELAY = 16
SERVER_DRY_RUN_MIN_VERSION = "1.13"
ALLOW_LIST_MIN_VERSION = "1.26"

class ResourceNotFoundError < StandardError; end

Expand Down Expand Up @@ -112,6 +113,14 @@ def dry_run_flag
"--dry-run=server"
end

def allowlist_flag
if client_version >= Gem::Version.new(ALLOW_LIST_MIN_VERSION)
"--prune-allowlist"
else
"--prune-whitelist"
end
end

private

def build_command_from_options(args, use_namespace, use_context, output)
Expand Down
11 changes: 6 additions & 5 deletions lib/krane/resource_deployer.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ class ResourceDeployer
delegate :logger, to: :@task_config
attr_reader :statsd_tags

def initialize(task_config:, prune_whitelist:, global_timeout:, current_sha: nil, selector:, statsd_tags:)
def initialize(task_config:, prune_allowlist:, global_timeout:, current_sha: nil, selector:, statsd_tags:)
@task_config = task_config
@prune_whitelist = prune_whitelist
@prune_allowlist = prune_allowlist
@global_timeout = global_timeout
@current_sha = current_sha
@selector = selector
Expand Down Expand Up @@ -102,7 +102,7 @@ def deploy_resources(resources, prune: false, verify:, record_summary: true)
# Apply can be done in one large batch, the rest have to be done individually
applyables, individuals = resources.partition { |r| r.deploy_method == :apply }
# Prunable resources should also applied so that they can be pruned
pruneable_types = @prune_whitelist.map { |t| t.split("/").last }
pruneable_types = @prune_allowlist.map { |t| t.split("/").last }
applyables += individuals.select { |r| pruneable_types.include?(r.type) && !r.deploy_method_override }

individuals.each do |individual_resource|
Expand Down Expand Up @@ -147,14 +147,15 @@ def apply_all(resources, prune, dry_run: false)
r.deploy_started_at = Time.now.utc unless dry_run
end
command.push("-f", tmp_dir)
if prune && @prune_whitelist.present?
if prune && @prune_allowlist.present?
command.push("--prune")
if @selector
command.push("--selector", @selector.to_s)
else
command.push("--all")
end
@prune_whitelist.each { |type| command.push("--prune-whitelist=#{type}") }
allow_list_flag = kubectl.allowlist_flag
@prune_allowlist.each { |type| command.push("#{allow_list_flag}=#{type}") }
end

command.push(kubectl.dry_run_flag) if dry_run
Expand Down
2 changes: 1 addition & 1 deletion lib/krane/version.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# frozen_string_literal: true
module Krane
VERSION = "3.3.0"
VERSION = "3.4.0"
end
17 changes: 9 additions & 8 deletions test/unit/krane/resource_deployer_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,22 @@

class ResourceDeployerTest < Krane::TestCase
def test_deploy_prune_builds_whitelist
whitelist_kind = "fake_kind"
allowlist_kind = "fake_kind"
resource = build_mock_resource
Krane::Kubectl.any_instance.expects(:client_version).returns(Gem::Version.new("1.26"))
Krane::Kubectl.any_instance.expects(:run).with do |*args|
args.include?("--prune-whitelist=#{whitelist_kind}")
args.include?("--prune-allowlist=#{allowlist_kind}")
end.returns(["", "", stub(success?: true)])
resource_deployer(kubectl_times: 0, prune_whitelist: [whitelist_kind]).deploy!([resource], false, true)
resource_deployer(kubectl_times: 0, prune_allowlist: [allowlist_kind]).deploy!([resource], false, true)
end

def test_deploy_no_prune_doesnt_prune
whitelist_kind = "fake_kind"
allowlist_kind = "fake_kind"
resource = build_mock_resource
Krane::Kubectl.any_instance.expects(:run).with do |*args|
!args.include?("--prune-whitelist=#{whitelist_kind}")
!args.include?("--prune-allowlist=#{allowlist_kind}")
end.returns(["", "", stub(success?: true)])
resource_deployer(kubectl_times: 0, prune_whitelist: [whitelist_kind]).deploy!([resource], false, false)
resource_deployer(kubectl_times: 0, prune_allowlist: [allowlist_kind]).deploy!([resource], false, false)
end

def test_deploy_verify_false_message
Expand Down Expand Up @@ -84,13 +85,13 @@ def test_predeploy_priority_resources_respects_empty_pre_deploy_list

private

def resource_deployer(kubectl_times: 1, prune_whitelist: [])
def resource_deployer(kubectl_times: 1, prune_allowlist: [])
unless kubectl_times == 0
runless = build_runless_kubectl
Krane::Kubectl.expects(:new).returns(runless).times(kubectl_times)
end
@deployer = Krane::ResourceDeployer.new(current_sha: 'test-sha',
statsd_tags: [], task_config: task_config, prune_whitelist: prune_whitelist,
statsd_tags: [], task_config: task_config, prune_allowlist: prune_allowlist,
global_timeout: 1, selector: nil)
end

Expand Down