diff --git a/api/v1beta2/reference_types.go b/api/v1beta2/reference_types.go index 50594f3..b3e484b 100644 --- a/api/v1beta2/reference_types.go +++ b/api/v1beta2/reference_types.go @@ -29,6 +29,7 @@ type CrossNamespaceObjectReference struct { Kind string `json:"kind,omitempty"` // Name of the referent. + // If multiple resources are targeted `*` may be set. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=53 // +required @@ -44,6 +45,7 @@ type CrossNamespaceObjectReference struct { // MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels // map is equivalent to an element of matchExpressions, whose key field is "key", the // operator is "In", and the values array contains only "value". The requirements are ANDed. + // MatchLabels requires the name to be set to `*`. // +optional MatchLabels map[string]string `json:"matchLabels,omitempty"` } diff --git a/config/crd/bases/notification.toolkit.fluxcd.io_alerts.yaml b/config/crd/bases/notification.toolkit.fluxcd.io_alerts.yaml index 1502aad..fbf395b 100644 --- a/config/crd/bases/notification.toolkit.fluxcd.io_alerts.yaml +++ b/config/crd/bases/notification.toolkit.fluxcd.io_alerts.yaml @@ -279,10 +279,11 @@ spec: {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements - are ANDed. + are ANDed. MatchLabels requires the name to be set to `*`. type: object name: - description: Name of the referent. + description: Name of the referent. If multiple resources are + targeted `*` may be set. maxLength: 53 minLength: 1 type: string diff --git a/config/crd/bases/notification.toolkit.fluxcd.io_receivers.yaml b/config/crd/bases/notification.toolkit.fluxcd.io_receivers.yaml index 4291168..021d188 100644 --- a/config/crd/bases/notification.toolkit.fluxcd.io_receivers.yaml +++ b/config/crd/bases/notification.toolkit.fluxcd.io_receivers.yaml @@ -288,10 +288,11 @@ spec: {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements - are ANDed. + are ANDed. MatchLabels requires the name to be set to `*`. type: object name: - description: Name of the referent. + description: Name of the referent. If multiple resources are + targeted `*` may be set. maxLength: 53 minLength: 1 type: string diff --git a/docs/api/notification.md b/docs/api/notification.md index cc2837b..f61bd76 100644 --- a/docs/api/notification.md +++ b/docs/api/notification.md @@ -741,7 +741,8 @@ string -

Name of the referent.

+

Name of the referent. +If multiple resources are targeted * may be set.

@@ -767,7 +768,8 @@ map[string]string (Optional)

MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the -operator is “In”, and the values array contains only “value”. The requirements are ANDed.

+operator is “In”, and the values array contains only “value”. The requirements are ANDed. +MatchLabels requires the name to be set to *.

diff --git a/docs/spec/v1beta2/receivers.md b/docs/spec/v1beta2/receivers.md index f7d6f65..16d558c 100644 --- a/docs/spec/v1beta2/receivers.md +++ b/docs/spec/v1beta2/receivers.md @@ -635,9 +635,35 @@ A resource entry contains the following fields: `GitRepository`, `Kustomization`, `HelmRelease`, `HelmChart`, `HelmRepository`, `ImageRepository`, `ImagePolicy`, `ImageUpdateAutomation` and `OCIRepository`. -- `name`: The Flux Custom Resource `.metadata.name`. +- `name`: The Flux Custom Resource `.metadata.name` or it can be set to '*' wildcard(when `matchLabels` is specified) - `namespace` (Optional): The Flux Custom Resource `.metadata.namespace`. When not specified, the Receiver's `.metadata.namespace` is used instead. +- `matchLabels` (Optional): Annotate Flux Custom Resources with specific labels. + The `name` field must be set to '*' when using `matchLabels` + +#### Annotate objects by name + +To annotate single Flux object, set the `kind`, `name` and `namespace`: + +```yaml +resources: + - apiVersion: image.toolkit.fluxcd.io/v1beta1 + kind: ImageRepository + name: podinfo +``` + +#### Annotate objects by label + +To annotate Flux objects of a particular kind with specific labels: + +```yaml +resources: + - apiVersion: image.toolkit.fluxcd.io/v1beta1 + kind: ImageRepository + name: "*" + matchLabels: + app: podinfo +``` **Note:** Cross-namespace references [can be disabled for security diff --git a/internal/server/receiver_handler_test.go b/internal/server/receiver_handler_test.go index c28436e..c134b04 100644 --- a/internal/server/receiver_handler_test.go +++ b/internal/server/receiver_handler_test.go @@ -23,13 +23,16 @@ import ( "crypto/sha256" "encoding/hex" "encoding/json" + "net/http" "net/http/httptest" "testing" "github.com/google/go-github/v41/github" + "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "github.com/fluxcd/pkg/apis/meta" @@ -38,21 +41,23 @@ import ( apiv1 "github.com/fluxcd/notification-controller/api/v1beta2" ) -func Test_validate(t *testing.T) { +func Test_handlePayload(t *testing.T) { type hashOpts struct { calculate bool header string } tests := []struct { - name string - hashOpts hashOpts - headers map[string]string - payload map[string]interface{} - receiver *apiv1.Receiver - receiverType string - secret *corev1.Secret - expectedErr bool + name string + hashOpts hashOpts + headers map[string]string + payload map[string]interface{} + receiver *apiv1.Receiver + receiverType string + secret *corev1.Secret + resources []client.Object + expectedResourcesAnnotated int + expectedResponseCode int }{ { name: "Generic receiver", @@ -66,6 +71,10 @@ func Test_validate(t *testing.T) { Name: "token", }, }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, }, secret: &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -75,7 +84,7 @@ func Test_validate(t *testing.T) { "token": []byte("token"), }, }, - expectedErr: false, + expectedResponseCode: http.StatusOK, }, { name: "gitlab receiver", @@ -89,6 +98,10 @@ func Test_validate(t *testing.T) { Name: "token", }, }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, }, headers: map[string]string{ "X-Gitlab-Token": "token", @@ -101,7 +114,7 @@ func Test_validate(t *testing.T) { "token": []byte("token"), }, }, - expectedErr: false, + expectedResponseCode: http.StatusOK, }, { name: "github receiver", @@ -115,6 +128,10 @@ func Test_validate(t *testing.T) { Name: "token", }, }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, }, hashOpts: hashOpts{ calculate: true, @@ -134,7 +151,7 @@ func Test_validate(t *testing.T) { "token": []byte("token"), }, }, - expectedErr: false, + expectedResponseCode: http.StatusOK, }, { name: "generic hmac receiver", @@ -148,6 +165,10 @@ func Test_validate(t *testing.T) { Name: "token", }, }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, }, hashOpts: hashOpts{ calculate: true, @@ -164,7 +185,7 @@ func Test_validate(t *testing.T) { "token": []byte("token"), }, }, - expectedErr: false, + expectedResponseCode: http.StatusOK, }, { name: "bitbucket receiver", @@ -179,6 +200,10 @@ func Test_validate(t *testing.T) { Name: "token", }, }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, }, hashOpts: hashOpts{ calculate: true, @@ -196,7 +221,7 @@ func Test_validate(t *testing.T) { "token": []byte("token"), }, }, - expectedErr: false, + expectedResponseCode: http.StatusOK, }, { name: "quay receiver", @@ -210,6 +235,10 @@ func Test_validate(t *testing.T) { Name: "token", }, }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, }, secret: &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -225,7 +254,7 @@ func Test_validate(t *testing.T) { "v0.0.1", }, }, - expectedErr: false, + expectedResponseCode: http.StatusOK, }, { name: "harbor receiver", @@ -239,6 +268,10 @@ func Test_validate(t *testing.T) { Name: "token", }, }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, }, secret: &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -251,7 +284,7 @@ func Test_validate(t *testing.T) { headers: map[string]string{ "Authorization": "token", }, - expectedErr: false, + expectedResponseCode: http.StatusOK, }, { name: "missing secret", @@ -265,8 +298,330 @@ func Test_validate(t *testing.T) { Name: "non-existing", }, }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, }, - expectedErr: true, + expectedResponseCode: http.StatusBadRequest, + }, + { + name: "no receiver configured", + expectedResponseCode: http.StatusNotFound, + }, + { + name: "not ready receiver is ignored", + receiver: &apiv1.Receiver{ + ObjectMeta: metav1.ObjectMeta{ + Name: "notready-receiver", + }, + Spec: apiv1.ReceiverSpec{}, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.StalledCondition, Status: metav1.ConditionFalse}}, + }, + }, + expectedResponseCode: http.StatusNotFound, + }, + { + name: "suspended receiver ignored", + receiver: &apiv1.Receiver{ + ObjectMeta: metav1.ObjectMeta{ + Name: "suspended-receiver", + }, + Spec: apiv1.ReceiverSpec{ + Suspend: true, + }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, + }, + expectedResponseCode: http.StatusNotFound, + }, + { + name: "missing apiVersion in resource", + receiver: &apiv1.Receiver{ + ObjectMeta: metav1.ObjectMeta{ + Name: "receiver", + }, + Spec: apiv1.ReceiverSpec{ + Type: apiv1.GenericReceiver, + SecretRef: meta.LocalObjectReference{ + Name: "token", + }, + Resources: []apiv1.CrossNamespaceObjectReference{ + { + Kind: apiv1.ReceiverKind, + MatchLabels: map[string]string{ + "label": "match", + }, + }, + }, + }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, + }, + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "token", + }, + Data: map[string][]byte{ + "token": []byte("token"), + }, + }, + expectedResponseCode: http.StatusBadRequest, + }, + { + name: "resource by name not found", + receiver: &apiv1.Receiver{ + ObjectMeta: metav1.ObjectMeta{ + Name: "receiver", + }, + Spec: apiv1.ReceiverSpec{ + Type: apiv1.GenericReceiver, + SecretRef: meta.LocalObjectReference{ + Name: "token", + }, + Resources: []apiv1.CrossNamespaceObjectReference{ + { + APIVersion: apiv1.GroupVersion.String(), + Kind: apiv1.ReceiverKind, + Name: "does-not-exists", + }, + }, + }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, + }, + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "token", + }, + Data: map[string][]byte{ + "token": []byte("token"), + }, + }, + expectedResponseCode: http.StatusBadRequest, + }, + { + name: "annotating resources by label match", + receiver: &apiv1.Receiver{ + ObjectMeta: metav1.ObjectMeta{ + Name: "receiver", + }, + Spec: apiv1.ReceiverSpec{ + Type: apiv1.GenericReceiver, + SecretRef: meta.LocalObjectReference{ + Name: "token", + }, + Resources: []apiv1.CrossNamespaceObjectReference{ + { + APIVersion: apiv1.GroupVersion.String(), + Kind: apiv1.ReceiverKind, + Name: "*", + MatchLabels: map[string]string{ + "label": "match", + }, + }, + }, + }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, + }, + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "token", + }, + Data: map[string][]byte{ + "token": []byte("token"), + }, + }, + resources: []client.Object{ + &apiv1.Receiver{ + TypeMeta: metav1.TypeMeta{ + Kind: apiv1.ReceiverKind, + APIVersion: apiv1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy-resource-2", + Labels: map[string]string{ + "label": "does-not-match", + }, + }, + }, + &apiv1.Receiver{ + TypeMeta: metav1.TypeMeta{ + Kind: apiv1.ReceiverKind, + APIVersion: apiv1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy-resource", + Labels: map[string]string{ + "label": "match", + }, + }, + }, + }, + expectedResourcesAnnotated: 1, + expectedResponseCode: http.StatusOK, + }, + { + name: "annotating resource by name", + receiver: &apiv1.Receiver{ + ObjectMeta: metav1.ObjectMeta{ + Name: "receiver", + }, + Spec: apiv1.ReceiverSpec{ + Type: apiv1.GenericReceiver, + SecretRef: meta.LocalObjectReference{ + Name: "token", + }, + Resources: []apiv1.CrossNamespaceObjectReference{ + { + APIVersion: apiv1.GroupVersion.String(), + Kind: apiv1.ReceiverKind, + Name: "dummy-resource", + }, + }, + }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, + }, + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "token", + }, + Data: map[string][]byte{ + "token": []byte("token"), + }, + }, + resources: []client.Object{ + &apiv1.Receiver{ + TypeMeta: metav1.TypeMeta{ + Kind: apiv1.ReceiverKind, + APIVersion: apiv1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy-resource-2", + }, + }, + &apiv1.Receiver{ + TypeMeta: metav1.TypeMeta{ + Kind: apiv1.ReceiverKind, + APIVersion: apiv1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy-resource", + }, + }, + }, + expectedResourcesAnnotated: 1, + expectedResponseCode: http.StatusOK, + }, + { + name: "annotating all resources if name is *", + receiver: &apiv1.Receiver{ + TypeMeta: metav1.TypeMeta{ + Kind: apiv1.ReceiverKind, + APIVersion: apiv1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "receiver", + }, + Spec: apiv1.ReceiverSpec{ + Type: apiv1.GenericReceiver, + SecretRef: meta.LocalObjectReference{ + Name: "token", + }, + Resources: []apiv1.CrossNamespaceObjectReference{ + { + APIVersion: apiv1.GroupVersion.String(), + Kind: apiv1.ReceiverKind, + Name: "*", + }, + }, + }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, + }, + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "token", + }, + Data: map[string][]byte{ + "token": []byte("token"), + }, + }, + expectedResponseCode: http.StatusBadRequest, + }, + { + name: "resource matchLabels is ignored if name is not *", + receiver: &apiv1.Receiver{ + ObjectMeta: metav1.ObjectMeta{ + Name: "receiver", + }, + Spec: apiv1.ReceiverSpec{ + Type: apiv1.GenericReceiver, + SecretRef: meta.LocalObjectReference{ + Name: "token", + }, + Resources: []apiv1.CrossNamespaceObjectReference{ + { + APIVersion: apiv1.GroupVersion.String(), + Kind: apiv1.ReceiverKind, + Name: "dummy-resource", + MatchLabels: map[string]string{ + "label": "match", + }, + }, + }, + }, + Status: apiv1.ReceiverStatus{ + WebhookPath: apiv1.ReceiverWebhookPath, + Conditions: []metav1.Condition{{Type: meta.ReadyCondition, Status: metav1.ConditionTrue}}, + }, + }, + secret: &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "token", + }, + Data: map[string][]byte{ + "token": []byte("token"), + }, + }, + resources: []client.Object{ + &apiv1.Receiver{ + TypeMeta: metav1.TypeMeta{ + Kind: apiv1.ReceiverKind, + APIVersion: apiv1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy-resource-2", + }, + }, + &apiv1.Receiver{ + TypeMeta: metav1.TypeMeta{ + Kind: apiv1.ReceiverKind, + APIVersion: apiv1.GroupVersion.String(), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "dummy-resource", + }, + }, + }, + expectedResourcesAnnotated: 1, + expectedResponseCode: http.StatusOK, }, } @@ -276,10 +631,17 @@ func Test_validate(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + g := gomega.NewGomegaWithT(t) builder := fake.NewClientBuilder() builder.WithScheme(scheme) - builder.WithObjects(tt.receiver) + + if tt.receiver != nil { + builder.WithObjects(tt.receiver) + } + + builder.WithObjects(tt.resources...) + if tt.secret != nil { builder.WithObjects(tt.secret) } @@ -295,7 +657,7 @@ func Test_validate(t *testing.T) { if err != nil { t.Errorf("error marshalling test payload: '%s'", err) } - req := httptest.NewRequest("POST", "/", bytes.NewBuffer(data)) + req := httptest.NewRequest("POST", "/hook/", bytes.NewBuffer(data)) for key, val := range tt.headers { req.Header.Set(key, val) } @@ -308,14 +670,22 @@ func Test_validate(t *testing.T) { req.Header.Set(tt.hashOpts.header, "sha256="+hex.EncodeToString(mac.Sum(nil))) } - err = s.validate(context.Background(), *tt.receiver, req) - if tt.expectedErr && err == nil { - t.Errorf("expected error but got %s", err) + rr := httptest.NewRecorder() + handler := s.handlePayload() + handler(rr, req) + g.Expect(rr.Result().StatusCode).To(gomega.Equal(tt.expectedResponseCode)) + + var allReceivers apiv1.ReceiverList + err = client.List(context.TODO(), &allReceivers) + + var annotatedResources int + for _, obj := range allReceivers.Items { + if _, ok := obj.GetAnnotations()[meta.ReconcileRequestAnnotation]; ok { + annotatedResources++ + } } - if !tt.expectedErr && err != nil { - t.Errorf("unexpected error: '%s'", err) - } + g.Expect(annotatedResources).To(gomega.Equal(tt.expectedResourcesAnnotated)) }) } } diff --git a/internal/server/receiver_handlers.go b/internal/server/receiver_handlers.go index 28ca40d..7ebc2cc 100644 --- a/internal/server/receiver_handlers.go +++ b/internal/server/receiver_handlers.go @@ -32,6 +32,7 @@ import ( "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" + "github.com/go-logr/logr" "github.com/google/go-github/v41/github" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -45,6 +46,7 @@ import ( // defaultFluxAPIVersions is a map of Flux API kinds to their API versions. var defaultFluxAPIVersions = map[string]string{ "Bucket": "source.toolkit.fluxcd.io/v1beta2", + "HelmChart": "source.toolkit.fluxcd.io/v1beta2", "HelmRepository": "source.toolkit.fluxcd.io/v1beta2", "GitRepository": "source.toolkit.fluxcd.io/v1beta2", "OCIRepository": "source.toolkit.fluxcd.io/v1beta2", @@ -94,13 +96,9 @@ func (s *ReceiverServer) handlePayload() func(w http.ResponseWriter, r *http.Req } for _, resource := range receiver.Spec.Resources { - if err := s.annotate(ctx, resource, receiver.Namespace); err != nil { - logger.Error(err, fmt.Sprintf("unable to annotate resource '%s/%s.%s'", - resource.Kind, resource.Name, resource.Namespace)) + if err := s.requestReconciliation(ctx, logger, resource, receiver.Namespace); err != nil { + logger.Error(err, "unable to process resource") withErrors = true - } else { - logger.Info(fmt.Sprintf("resource '%s/%s.%s' annotated", - resource.Kind, resource.Name, resource.Namespace)) } } } @@ -347,15 +345,12 @@ func (s *ReceiverServer) token(ctx context.Context, receiver apiv1.Receiver) (st return token, nil } -func (s *ReceiverServer) annotate(ctx context.Context, resource apiv1.CrossNamespaceObjectReference, defaultNamespace string) error { +// requestReconciliation requests reconciliation of all the resources matching the given CrossNamespaceObjectReference by annotating them accordingly. +func (s *ReceiverServer) requestReconciliation(ctx context.Context, logger logr.Logger, resource apiv1.CrossNamespaceObjectReference, defaultNamespace string) error { namespace := defaultNamespace if resource.Namespace != "" { namespace = resource.Namespace } - objectKey := client.ObjectKey{ - Namespace: namespace, - Name: resource.Name, - } apiVersion := resource.APIVersion if apiVersion == "" { @@ -367,6 +362,46 @@ func (s *ReceiverServer) annotate(ctx context.Context, resource apiv1.CrossNames group, version := getGroupVersion(apiVersion) + if resource.Name == "*" { + if resource.MatchLabels == nil { + return fmt.Errorf("matchLabels field not set when using wildcard '*' as name") + } + + logger.V(1).Info(fmt.Sprintf("annotate resources by matchLabel for kind '%s' in '%s'", + resource.Kind, namespace), "matchLabels", resource.MatchLabels) + + var resources metav1.PartialObjectMetadataList + resources.SetGroupVersionKind(schema.GroupVersionKind{ + Group: group, + Kind: resource.Kind, + Version: version, + }) + + if err := s.kubeClient.List(ctx, &resources, + client.InNamespace(namespace), + client.MatchingLabels(resource.MatchLabels), + ); err != nil { + return fmt.Errorf("failed listing resources in namespace %q by matching labels %q: %w", namespace, resource.MatchLabels, err) + } + + if len(resources.Items) == 0 { + noObjectsFoundErr := fmt.Errorf("no '%s' resources found with matching labels '%s' in '%s' namespace", resource.Kind, resource.MatchLabels, namespace) + logger.Error(noObjectsFoundErr, "error annotating resources") + return nil + } + + for _, resource := range resources.Items { + if err := s.annotate(ctx, &resource); err != nil { + return fmt.Errorf("failed to annotate resource: '%s/%s.%s': %w", resource.Kind, resource.Name, namespace, err) + } else { + logger.Info(fmt.Sprintf("resource '%s/%s.%s' annotated", + resource.Kind, resource.Name, namespace)) + } + } + + return nil + } + u := &metav1.PartialObjectMetadata{} u.SetGroupVersionKind(schema.GroupVersionKind{ Group: group, @@ -374,19 +409,42 @@ func (s *ReceiverServer) annotate(ctx context.Context, resource apiv1.CrossNames Version: version, }) + objectKey := client.ObjectKey{ + Namespace: namespace, + Name: resource.Name, + } + if err := s.kubeClient.Get(ctx, objectKey, u); err != nil { return fmt.Errorf("unable to read %s '%s' error: %w", resource.Kind, objectKey, err) } - patch := client.MergeFrom(u.DeepCopy()) - sourceAnnotations := u.GetAnnotations() + err := s.annotate(ctx, u) + if err != nil { + return fmt.Errorf("failed to annotate resource: '%s/%s.%s': %w", resource.Kind, resource.Name, namespace, err) + } else { + logger.Info(fmt.Sprintf("resource '%s/%s.%s' annotated", + resource.Kind, resource.Name, namespace)) + } + + return nil +} + +func (s *ReceiverServer) annotate(ctx context.Context, resource *metav1.PartialObjectMetadata) error { + patch := client.MergeFrom(resource.DeepCopy()) + sourceAnnotations := resource.GetAnnotations() + if sourceAnnotations == nil { sourceAnnotations = make(map[string]string) } + sourceAnnotations[meta.ReconcileRequestAnnotation] = metav1.Now().String() - u.SetAnnotations(sourceAnnotations) - if err := s.kubeClient.Patch(ctx, u, patch); err != nil { - return fmt.Errorf("unable to annotate %s '%s' error: %w", resource.Kind, objectKey, err) + resource.SetAnnotations(sourceAnnotations) + + if err := s.kubeClient.Patch(ctx, resource, patch); err != nil { + return fmt.Errorf("unable to annotate %s '%s' error: %w", resource.Kind, client.ObjectKey{ + Namespace: resource.Namespace, + Name: resource.Name, + }, err) } return nil