Merge branch 'master' into mock-access-context-manager

gemmahou · Feb 28, 2024 · f760580 · f760580
2 parents 7f40196 + bea1e19
commit f760580
Show file tree

Hide file tree

Showing 505 changed files with 173,661 additions and 2,499 deletions.
diff --git a/.github/license-lint-config.yml b/.github/license-lint-config.yml
@@ -0,0 +1,41 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+unrestricted_licenses:
+  - Apache-2.0
+  - MIT
+  - BSD-3-Clause
+  - BSD-2-Clause
+  - 0BSD
+
+reciprocal_licenses:
+  - MPL-2.0
+  - MPL-2.0-no-copyleft-exception
+
+allowlisted_modules:
+  # MIT: https://github.com/ghodss/yaml/blob/master/LICENSE
+  - github.com/ghodss/yaml
+  # BSD: https://github.com/gogo/protobuf/blob/master/LICENSE
+  - github.com/gogo/protobuf
+  # Apache 2.0
+  - github.com/spf13/cobra
+  # MIT: https://github.com/kubernetes-sigs/yaml/blob/master/LICENSE
+  - sigs.k8s.io/yaml
+  - github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp
+  # MIT: https://github.com/go-errors/errors/blob/master/LICENSE.MIT
+  - github.com/go-errors/errors
+  # Apache 2.0 for repo and third_party is BSD-3-Clause
+  - github.com/google/pprof
+  # Apache 2.0: https://github.com/apparentlymart/go-textseg/blob/5b41aa275ccaac4ccaa91729a8ee92e7eac9c728/LICENSE
+  - github.com/apparentlymart/go-textseg/v13
diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml
@@ -0,0 +1,50 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: license-lint
+on:
+  push:
+    paths:
+      - "go.mod"
+      - "go.sum"
+      - "vendor/**" # if we ever use vendor we can target the paths too
+  pull_request:
+    paths:
+      - "go.mod"
+      - "go.sum"
+      - "vendor/**" # if we ever use vendor we can target the paths too
+jobs:
+  license-lint:
+    name: "license-lint"
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    permissions:
+      contents: read
+    steps:
+      - name: Set up Go 1.21
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: license-lint
+        run: |
+          export GOPATH="$HOME/go"
+          PATH="$GOPATH/bin:$PATH"
+
+          go install istio.io/tools/cmd/[email protected]
+
+          license-lint --config ./.github/license-lint-config.yml 2>&1
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -0,0 +1,47 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: linter
+on:
+  push:
+    # should more or less match what we have in .golangci.yaml
+    paths-ignore:
+      - "third_party/**"
+      - "**.md"
+      - pkg/clients/generated
+  pull_request:
+    paths-ignore:
+      - "third_party/**"
+      - "**.md"
+      - pkg/clients/generated
+permissions: read-all
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-22.04
+    timeout-minutes: 7
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.5
+          cache: false # because of https://github.com/golangci/golangci-lint-action/issues/135
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
+        with:
+          version: v1.54.2 # should match the version in Makefile
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -0,0 +1,46 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+run:
+  timeout: 5m
+  skip-dirs:
+    - third_party
+    - pkg/clients/generated
+    - scripts # todo acpana unskip
+linters:
+  disable-all: true
+  enable:
+    - errcheck
+    - errorlint
+    # - exportloopref
+    # - forcetypeassert
+    # - gci
+    # - gocritic
+    # - goconst
+    # - godot
+    # - gofmt
+    # - gofumpt
+    # - goimports
+    # - gosec
+    # - gosimple
+    - govet
+    # - importas
+    # - ineffassign
+    # - misspell
+    - revive # replacement for golint
+    # - staticcheck
+    # - typecheck
+    # - unconvert
+    # - unused
+    # - whitespace
diff --git a/Makefile b/Makefile
@@ -20,6 +20,11 @@ RECORDER_IMG ?= gcr.io/${PROJECT_ID}/recorder:${SHORT_SHA}
 WEBHOOK_IMG ?= gcr.io/${PROJECT_ID}/webhook:${SHORT_SHA}
 DELETION_DEFENDER_IMG ?= gcr.io/${PROJECT_ID}/deletiondefender:${SHORT_SHA}
 UNMANAGED_DETECTOR_IMG ?= gcr.io/${PROJECT_ID}/unmanageddetector:${SHORT_SHA}
+# Detects the location of the user golangci-lint cache.
+GOLANGCI_LINT_CACHE := $(shell pwd)/.tmp/golangci-lint
+# When updating this, make sure to update the corresponding action in
+# ./github/workflows/lint.yaml
+GOLANGCI_LINT_VERSION := v1.54.2
 
 # Use Docker BuildKit when building images to allow usage of 'setcap' in
 # multi-stage builds (https://github.com/moby/moby/issues/38132)
@@ -90,7 +95,10 @@ fmt:
 
 .PHONY: lint
 lint:
-	for f in `find pkg cmd -name "*.go"`; do golint -set_exit_status $$f || exit $?; done
+	docker run --rm -v $(shell pwd):/app \
+		-v ${GOLANGCI_LINT_CACHE}:/root/.cache/golangci-lint \
+		-w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine \
+		golangci-lint run -v
 
 # Run go vet against code
 .PHONY: vet
@@ -203,7 +211,7 @@ ensure:
 
 # Should run all needed commands before any PR is sent out.
 .PHONY: ready-pr
-ready-pr: manifests resource-docs generate-go-client
+ready-pr: lint manifests resource-docs generate-go-client
 
 # Upgrades dcl dependencies
 .PHONY: upgrade-dcl

diff --git a/README.NewResourceFromTerraform.md b/README.NewResourceFromTerraform.md
@@ -174,6 +174,14 @@ ServiceMappings file. Add the `ResourceConfig` for your resource:
     similar resources, and the comments in
     [pkg/apis/core/v1alpha1/servicemapping_types.go](pkg/apis/core/v1alpha1/servicemapping_types.go).
 
+1.  If you are adding a resource that is already supported in v1alpha1, specify
+    the following fields
+    ([example](https://github.com/GoogleCloudPlatform/k8s-config-connector/blob/8ba13a0c1e0563e0e6f9a9f6eeb8a693f9c73acf/config/servicemappings/certificatemanager.yaml#L30-L31)):
+    1.  Set `v1alpha1ToV1beta1` to `true`.
+    1.  Set `storageVersion` to `v1alpha1`.
+
+1.  Ensure the `autoGenerated` field is unset.
+
 1.  Add `resourceID` if the resource has the resource ID. The value of
     `targetField` should be the field name of the user-specified resource ID
     field (value of `metadataMapping.name`) or the field name of the
@@ -283,10 +291,14 @@ ServiceMappings file. Add the `ResourceConfig` for your resource:
     - name: google_container_cluster
       kind: ContainerCluster
       ...
-      observedField:
+      observedFields:
         - master_auth.client_certificate
     ```
 
+    After you generated CRD following the next step, you might need to revisit this step.
+    Generally speaking, if a CRD status field is GCP API related (i.e. not a KCC status field),
+    you should add it to the `observedFields`.
+
 ## Generate the CRD
 
 1.  Run `make manifests`.

diff --git a/cmd/deletiondefender/main.go b/cmd/deletiondefender/main.go
@@ -95,7 +95,7 @@ func main() {
 
 	// Register the registration controller, which will dynamically create controllers for
 	// all our resources.
-	if err := registration.Add(mgr, nil, nil, nil, nil, registration.RegisterDeletionDefenderController); err != nil {
+	if err := registration.Add(mgr, nil, nil, nil, nil, registration.RegisterDeletionDefenderController, nil); err != nil {
 		log.Fatal(err, "error adding registration controller")
 	}
 

diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -26,6 +26,7 @@ import (
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/kccmanager"
 	controllermetrics "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/metrics"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/gcp/profiler"
+	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/krmtotf"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/logging"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/metrics"
@@ -143,6 +144,8 @@ func newManager(ctx context.Context, restCfg *rest.Config, scopedNamespace strin
 
 	controllersCfg.UserProjectOverride = userProjectOverride
 	controllersCfg.BillingProject = billingProject
+	// TODO(b/320784855): StateIntoSpecDefaultValue and StateIntoSpecUserOverride values should come from the flags.
+	controllersCfg.StateIntoSpecDefaultValue = k8s.StateIntoSpecDefaultValueV1Beta1
 	mgr, err := kccmanager.New(ctx, restCfg, controllersCfg)
 	if err != nil {
 		return nil, fmt.Errorf("error creating manager: %w", err)

diff --git a/cmd/recorder/main.go b/cmd/recorder/main.go
@@ -163,7 +163,7 @@ func forEach(c client.Client, gvk schema.GroupVersionKind, listOptions *client.L
 		list.SetGroupVersionKind(gvk)
 		err := c.List(context.Background(), &list, listOptions)
 		if err != nil {
-			return fmt.Errorf("error listing objects:%v", err)
+			return fmt.Errorf("error listing objects: %w", err)
 		}
 		for _, item := range list.Items {
 			if err := fn(item); err != nil {

diff --git a/cmd/unmanageddetector/main.go b/cmd/unmanageddetector/main.go
@@ -96,7 +96,7 @@ func main() {
 
 	// Register the registration controller, which will dynamically create
 	// controllers for all our resources.
-	if err := registration.Add(mgr, nil, nil, nil, nil, registration.RegisterUnmanagedDetectorController); err != nil {
+	if err := registration.Add(mgr, nil, nil, nil, nil, registration.RegisterUnmanagedDetectorController, nil); err != nil {
 		logging.Fatal(err, "error adding registration controller")
 	}