Use OpenAPI V3 for client side SMP
Kubernetes-commit: 4f3b0b15182d80b02d7a7bd2c210c145b7552f82
This commit is contained in:
Jefftree
Kubernetes Publisher
parent
539f801f01
commit
8b0ab9a40e
|
|
@ -39,6 +39,8 @@ import (
|
|||
"k8s.io/cli-runtime/pkg/printers"
|
||||
"k8s.io/cli-runtime/pkg/resource"
|
||||
"k8s.io/client-go/dynamic"
|
||||
cachedopenapi "k8s.io/client-go/openapi/cached"
|
||||
"k8s.io/client-go/openapi3"
|
||||
"k8s.io/client-go/util/csaupgrade"
|
||||
"k8s.io/component-base/version"
|
||||
"k8s.io/klog/v2"
|
||||
|
|
@ -106,6 +108,7 @@ type ApplyOptions struct {
|
|||
Mapper meta.RESTMapper
|
||||
DynamicClient dynamic.Interface
|
||||
OpenAPISchema openapi.Resources
|
||||
OpenAPIV3Root openapi3.Root
|
||||
|
||||
Namespace string
|
||||
EnforceNamespace bool
|
||||
|
|
@ -283,6 +286,12 @@ func (flags *ApplyFlags) ToOptions(f cmdutil.Factory, cmd *cobra.Command, baseNa
|
|||
}
|
||||
|
||||
openAPISchema, _ := f.OpenAPISchema()
|
||||
var openAPIV3Root openapi3.Root
|
||||
openAPIV3Client, err := f.OpenAPIV3Client()
|
||||
if err == nil {
|
||||
cachedOpenAPIV3Client := cachedopenapi.NewClient(openAPIV3Client)
|
||||
openAPIV3Root = openapi3.NewRoot(cachedOpenAPIV3Client)
|
||||
}
|
||||
|
||||
validationDirective, err := cmdutil.GetValidationDirective(cmd)
|
||||
if err != nil {
|
||||
|
|
@ -361,6 +370,7 @@ func (flags *ApplyFlags) ToOptions(f cmdutil.Factory, cmd *cobra.Command, baseNa
|
|||
Mapper: mapper,
|
||||
DynamicClient: dynamicClient,
|
||||
OpenAPISchema: openAPISchema,
|
||||
OpenAPIV3Root: openAPIV3Root,
|
||||
|
||||
IOStreams: flags.IOStreams,
|
||||
|
||||
|
|
|
|||
|
|
@ -47,6 +47,8 @@ import (
|
|||
"k8s.io/cli-runtime/pkg/genericiooptions"
|
||||
"k8s.io/cli-runtime/pkg/resource"
|
||||
dynamicfakeclient "k8s.io/client-go/dynamic/fake"
|
||||
openapiclient "k8s.io/client-go/openapi"
|
||||
"k8s.io/client-go/openapi/openapitest"
|
||||
restclient "k8s.io/client-go/rest"
|
||||
"k8s.io/client-go/rest/fake"
|
||||
testing2 "k8s.io/client-go/testing"
|
||||
|
|
@ -64,11 +66,16 @@ import (
|
|||
|
||||
var (
|
||||
fakeSchema = sptest.Fake{Path: filepath.Join("..", "..", "..", "testdata", "openapi", "swagger.json")}
|
||||
fakeOpenAPIV3Legacy = sptest.OpenAPIV3Getter{Path: filepath.Join("..", "..", "..", "testdata", "openapi", "v3", "api", "v1.json")}
|
||||
fakeOpenAPIV3AppsV1 = sptest.OpenAPIV3Getter{Path: filepath.Join("..", "..", "..", "testdata", "openapi", "v3", "apis", "apps", "v1.json")}
|
||||
testingOpenAPISchemas = []testOpenAPISchema{AlwaysErrorsOpenAPISchema, FakeOpenAPISchema}
|
||||
AlwaysErrorsOpenAPISchema = testOpenAPISchema{
|
||||
OpenAPISchemaFn: func() (openapi.Resources, error) {
|
||||
return nil, errors.New("cannot get openapi spec")
|
||||
},
|
||||
OpenAPIV3ClientFunc: func() (openapiclient.Client, error) {
|
||||
return nil, errors.New("cannot get openapiv3 client")
|
||||
},
|
||||
}
|
||||
FakeOpenAPISchema = testOpenAPISchema{
|
||||
OpenAPISchemaFn: func() (openapi.Resources, error) {
|
||||
|
|
@ -78,12 +85,19 @@ var (
|
|||
}
|
||||
return openapi.NewOpenAPIData(s)
|
||||
},
|
||||
OpenAPIV3ClientFunc: func() (openapiclient.Client, error) {
|
||||
c := openapitest.NewFakeClient()
|
||||
c.PathsMap["api/v1"] = openapitest.FakeGroupVersion{GVSpec: fakeOpenAPIV3Legacy.SchemaBytesOrDie()}
|
||||
c.PathsMap["apis/apps/v1"] = openapitest.FakeGroupVersion{GVSpec: fakeOpenAPIV3AppsV1.SchemaBytesOrDie()}
|
||||
return c, nil
|
||||
},
|
||||
}
|
||||
codec = scheme.Codecs.LegacyCodec(scheme.Scheme.PrioritizedVersionsAllGroups()...)
|
||||
)
|
||||
|
||||
type testOpenAPISchema struct {
|
||||
OpenAPISchemaFn func() (openapi.Resources, error)
|
||||
OpenAPISchemaFn func() (openapi.Resources, error)
|
||||
OpenAPIV3ClientFunc func() (openapiclient.Client, error)
|
||||
}
|
||||
|
||||
func TestApplyExtraArgsFail(t *testing.T) {
|
||||
|
|
@ -684,6 +698,7 @@ func TestApplyObjectWithoutAnnotation(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
tf.OpenAPIV3ClientFunc = FakeOpenAPISchema.OpenAPIV3ClientFunc
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
cmd := NewCmdApply("kubectl", tf, ioStreams)
|
||||
|
|
@ -730,6 +745,7 @@ func TestApplyObject(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -778,6 +794,7 @@ func TestApplyPruneObjects(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -1014,6 +1031,7 @@ func TestApplyPruneObjectsWithAllowlist(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
for _, resource := range tc.currentResources {
|
||||
|
|
@ -1192,6 +1210,7 @@ func TestApplyCSAMigration(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = FakeOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = FakeOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -1280,6 +1299,7 @@ func TestApplyObjectOutput(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -1341,6 +1361,7 @@ func TestApplyRetry(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -1516,6 +1537,7 @@ func testApplyMultipleObjects(t *testing.T, asList bool) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -1611,6 +1633,7 @@ func TestApplyNULLPreservation(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -1673,6 +1696,7 @@ func TestUnstructuredApply(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -1737,6 +1761,7 @@ func TestUnstructuredIdempotentApply(t *testing.T) {
|
|||
}),
|
||||
}
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.ClientConfigVal = cmdtesting.DefaultClientConfig()
|
||||
|
||||
ioStreams, _, buf, errBuf := genericiooptions.NewTestIOStreams()
|
||||
|
|
@ -1979,6 +2004,7 @@ func TestForceApply(t *testing.T) {
|
|||
fakeDynamicClient := dynamicfakeclient.NewSimpleDynamicClient(scheme)
|
||||
tf.FakeDynamicClient = fakeDynamicClient
|
||||
tf.OpenAPISchemaFunc = testingOpenAPISchema.OpenAPISchemaFn
|
||||
tf.OpenAPIV3ClientFunc = testingOpenAPISchema.OpenAPIV3ClientFunc
|
||||
tf.Client = tf.UnstructuredClient
|
||||
tf.ClientConfigVal = &restclient.Config{}
|
||||
|
||||
|
|
@ -2830,6 +2856,7 @@ func TestApplyWithPruneV2(t *testing.T) {
|
|||
}
|
||||
|
||||
tf.Client = tf.UnstructuredClient
|
||||
tf.OpenAPIV3ClientFunc = FakeOpenAPISchema.OpenAPIV3ClientFunc
|
||||
|
||||
cmdtesting.WithAlphaEnvs([]cmdutil.FeatureGate{cmdutil.ApplySet}, t, func(t *testing.T) {
|
||||
manifests := []string{"manifest1", "manifest2"}
|
||||
|
|
@ -3104,6 +3131,7 @@ func TestApplyWithPruneV2Fail(t *testing.T) {
|
|||
}
|
||||
|
||||
tf.Client = tf.UnstructuredClient
|
||||
tf.OpenAPIV3ClientFunc = FakeOpenAPISchema.OpenAPIV3ClientFunc
|
||||
|
||||
testdirs := []string{"testdata/prune/simple"}
|
||||
for _, testdir := range testdirs {
|
||||
|
|
|
|||
|
|
@ -37,6 +37,9 @@ import (
|
|||
"k8s.io/apimachinery/pkg/util/strategicpatch"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/cli-runtime/pkg/resource"
|
||||
"k8s.io/client-go/openapi3"
|
||||
"k8s.io/klog/v2"
|
||||
"k8s.io/kube-openapi/pkg/validation/spec"
|
||||
cmdutil "k8s.io/kubectl/pkg/cmd/util"
|
||||
"k8s.io/kubectl/pkg/scheme"
|
||||
"k8s.io/kubectl/pkg/util"
|
||||
|
|
@ -50,6 +53,10 @@ const (
|
|||
backOffPeriod = 1 * time.Second
|
||||
// how many times we can retry before back off
|
||||
triesBeforeBackOff = 1
|
||||
// groupVersionKindExtensionKey is the key used to lookup the
|
||||
// GroupVersionKind value for an object definition from the
|
||||
// definition's "extensions" map.
|
||||
groupVersionKindExtensionKey = "x-kubernetes-group-version-kind"
|
||||
)
|
||||
|
||||
var createPatchErrFormat = "creating patch with:\noriginal:\n%s\nmodified:\n%s\ncurrent:\n%s\nfor:"
|
||||
|
|
@ -74,6 +81,7 @@ type Patcher struct {
|
|||
Retries int
|
||||
|
||||
OpenapiSchema openapi.Resources
|
||||
OpenAPIV3Root openapi3.Root
|
||||
}
|
||||
|
||||
func newPatcher(o *ApplyOptions, info *resource.Info, helper *resource.Helper) (*Patcher, error) {
|
||||
|
|
@ -92,6 +100,7 @@ func newPatcher(o *ApplyOptions, info *resource.Info, helper *resource.Helper) (
|
|||
Timeout: o.DeleteOptions.Timeout,
|
||||
GracePeriod: o.DeleteOptions.GracePeriod,
|
||||
OpenapiSchema: openapiSchema,
|
||||
OpenAPIV3Root: o.OpenAPIV3Root,
|
||||
Retries: maxPatchRetry,
|
||||
}, nil
|
||||
}
|
||||
|
|
@ -118,7 +127,35 @@ func (p *Patcher) patchSimple(obj runtime.Object, modified []byte, namespace, na
|
|||
var patchType types.PatchType
|
||||
var patch []byte
|
||||
|
||||
if p.OpenapiSchema != nil {
|
||||
if p.OpenAPIV3Root != nil {
|
||||
gvkSupported, err := p.gvkSupportsPatchOpenAPIV3(p.Mapping.GroupVersionKind)
|
||||
if err != nil {
|
||||
// Realistically this error logging is not needed (not present in V2),
|
||||
// but would help us in debugging if users encounter a problem
|
||||
// with OpenAPI V3 not present in V2.
|
||||
klog.V(5).Infof("warning: OpenAPI V3 path does not exist - group: %s, version %s, kind %s\n",
|
||||
p.Mapping.GroupVersionKind.Group, p.Mapping.GroupVersionKind.Version, p.Mapping.GroupVersionKind.Kind)
|
||||
} else {
|
||||
if gvkSupported {
|
||||
patch, err = p.buildStrategicMergePatchFromOpenAPIV3(original, modified, current)
|
||||
if err != nil {
|
||||
// Fall back to OpenAPI V2 if there is a problem
|
||||
// We should remove the fallback in the future,
|
||||
// but for the first release it might be beneficial
|
||||
// to fall back to OpenAPI V2 while logging the error
|
||||
// and seeing if we get any bug reports.
|
||||
fmt.Fprintf(errOut, "warning: error calculating patch from openapi v3 spec: %v\n", err)
|
||||
} else {
|
||||
patchType = types.StrategicMergePatchType
|
||||
}
|
||||
} else {
|
||||
klog.V(5).Infof("warning: OpenAPI V3 path does not support strategic merge patch - group: %s, version %s, kind %s\n",
|
||||
p.Mapping.GroupVersionKind.Group, p.Mapping.GroupVersionKind.Version, p.Mapping.GroupVersionKind.Kind)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if patch == nil && p.OpenapiSchema != nil {
|
||||
// if openapischema is used, we'll try to get required patch type for this GVK from Open API.
|
||||
// if it fails or could not find any patch type, fall back to baked-in patch type determination.
|
||||
if patchType, err = p.getPatchTypeFromOpenAPI(p.Mapping.GroupVersionKind); err == nil && patchType == types.StrategicMergePatchType {
|
||||
|
|
@ -182,6 +219,90 @@ func (p *Patcher) buildMergePatch(original, modified, current []byte) ([]byte, e
|
|||
return patch, nil
|
||||
}
|
||||
|
||||
// gvkSupportsPatchOpenAPIV3 checks if a particular GVK supports the patch operation.
|
||||
// It returns an error if the OpenAPI V3 could not be downloaded.
|
||||
func (p *Patcher) gvkSupportsPatchOpenAPIV3(gvk schema.GroupVersionKind) (bool, error) {
|
||||
gvSpec, err := p.OpenAPIV3Root.GVSpec(schema.GroupVersion{
|
||||
Group: p.Mapping.GroupVersionKind.Group,
|
||||
Version: p.Mapping.GroupVersionKind.Version,
|
||||
})
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if gvSpec == nil || gvSpec.Paths == nil || gvSpec.Paths.Paths == nil {
|
||||
return false, fmt.Errorf("gvk group: %s, version: %s, kind: %s does not exist for OpenAPI V3", gvk.Group, gvk.Version, gvk.Kind)
|
||||
}
|
||||
for _, path := range gvSpec.Paths.Paths {
|
||||
if path.Patch != nil {
|
||||
if gvkMatchesSingle(p.Mapping.GroupVersionKind, path.Patch.Extensions) {
|
||||
if path.Patch.RequestBody == nil || path.Patch.RequestBody.Content == nil {
|
||||
// GVK exists but does not support requestBody. Indication of malformed OpenAPI.
|
||||
return false, nil
|
||||
}
|
||||
if _, ok := path.Patch.RequestBody.Content["application/strategic-merge-patch+json"]; ok {
|
||||
return true, nil
|
||||
}
|
||||
// GVK exists but strategic-merge-patch is not supported. Likely to be a CRD or aggregated resource.
|
||||
return false, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
return false, nil
|
||||
}
|
||||
|
||||
func gvkMatchesArray(targetGVK schema.GroupVersionKind, ext spec.Extensions) bool {
|
||||
var gvkList []map[string]string
|
||||
err := ext.GetObject(groupVersionKindExtensionKey, &gvkList)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
for _, gvkMap := range gvkList {
|
||||
if gvkMap["group"] == targetGVK.Group &&
|
||||
gvkMap["version"] == targetGVK.Version &&
|
||||
gvkMap["kind"] == targetGVK.Kind {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func gvkMatchesSingle(targetGVK schema.GroupVersionKind, ext spec.Extensions) bool {
|
||||
var gvkMap map[string]string
|
||||
err := ext.GetObject(groupVersionKindExtensionKey, &gvkMap)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
return gvkMap["group"] == targetGVK.Group &&
|
||||
gvkMap["version"] == targetGVK.Version &&
|
||||
gvkMap["kind"] == targetGVK.Kind
|
||||
}
|
||||
|
||||
func (p *Patcher) buildStrategicMergePatchFromOpenAPIV3(original, modified, current []byte) ([]byte, error) {
|
||||
gvSpec, err := p.OpenAPIV3Root.GVSpec(schema.GroupVersion{
|
||||
Group: p.Mapping.GroupVersionKind.Group,
|
||||
Version: p.Mapping.GroupVersionKind.Version,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if gvSpec == nil || gvSpec.Components == nil {
|
||||
return nil, fmt.Errorf("OpenAPI V3 Components is nil")
|
||||
}
|
||||
for _, c := range gvSpec.Components.Schemas {
|
||||
if !gvkMatchesArray(p.Mapping.GroupVersionKind, c.Extensions) {
|
||||
continue
|
||||
}
|
||||
lookupPatchMeta := strategicpatch.PatchMetaFromOpenAPIV3{Schema: c, SchemaList: gvSpec.Components.Schemas}
|
||||
if openapiv3Patch, err := strategicpatch.CreateThreeWayMergePatch(original, modified, current, lookupPatchMeta, p.Overwrite); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
return openapiv3Patch, nil
|
||||
}
|
||||
|
||||
}
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// buildStrategicMergeFromOpenAPI builds patch from OpenAPI if it is enabled.
|
||||
// This is used for core types which is published in openapi.
|
||||
func (p *Patcher) buildStrategicMergeFromOpenAPI(original, modified, current []byte) ([]byte, error) {
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue