feat: SSA based dependent resource matching and create/update

Author: csviri

caffeine-bounded-cache-support/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <artifactId>java-operator-sdk</artifactId>
     <groupId>io.javaoperatorsdk</groupId>
-    <version>4.3.6-SNAPSHOT</version>
+    <version>4.4.0-SNAPSHOT</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
 

cm.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test1
+  namespace: default
+  ownerReferences:
+    - apiVersion: v1
+      kind: ConfigMap
+      name: kube-root-ca.crt
+      uid: 1ef74cb4-dbbd-45ef-9caf-aa76186594ea
+data:
+  key1: "val1"
+#  key2: "val2"
+

cm2.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test1
+  namespace: default
+data:
+  key3: "val3"
+
+

micrometer-support/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <artifactId>java-operator-sdk</artifactId>
     <groupId>io.javaoperatorsdk</groupId>
-    <version>4.3.6-SNAPSHOT</version>
+    <version>4.4.0-SNAPSHOT</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
 

micrometer-support/src/test/java/io/javaoperatorsdk/operator/monitoring/micrometer/AbstractMicrometerMetricsTestFixture.java

@@ -3,15 +3,12 @@
 import java.util.HashSet;
 import java.util.Set;
 
-import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.extension.RegisterExtension;
 
 import io.fabric8.kubernetes.api.model.ConfigMap;
 import io.fabric8.kubernetes.api.model.ConfigMapBuilder;
-import io.javaoperatorsdk.operator.api.config.ConfigurationServiceProvider;
 import io.javaoperatorsdk.operator.api.reconciler.*;
 import io.javaoperatorsdk.operator.junit.LocallyRunOperatorExtension;
 import io.javaoperatorsdk.operator.processing.event.ResourceID;
@@ -23,26 +20,21 @@
 
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
 public abstract class AbstractMicrometerMetricsTestFixture {
-  @RegisterExtension
-  LocallyRunOperatorExtension operator =
-      LocallyRunOperatorExtension.builder().withReconciler(new MetricsCleaningTestReconciler())
-          .build();
 
   protected final TestSimpleMeterRegistry registry = new TestSimpleMeterRegistry();
   protected final MicrometerMetrics metrics = getMetrics();
   protected static final String testResourceName = "micrometer-metrics-cr";
 
-  protected abstract MicrometerMetrics getMetrics();
 
-  @BeforeAll
-  void setup() {
-    ConfigurationServiceProvider.overrideCurrent(overrider -> overrider.withMetrics(metrics));
-  }
+  @RegisterExtension
+  LocallyRunOperatorExtension operator =
+      LocallyRunOperatorExtension.builder()
+          .withConfigurationService(overrider -> overrider.withMetrics(metrics))
+          .withReconciler(new MetricsCleaningTestReconciler())
+          .build();
 
-  @AfterAll
-  void reset() {
-    ConfigurationServiceProvider.reset();
-  }
+
+  protected abstract MicrometerMetrics getMetrics();
 
   @Test
   void properlyHandlesResourceDeletion() throws Exception {

operator-framework-bom/pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>io.javaoperatorsdk</groupId>
     <artifactId>operator-framework-bom</artifactId>
-    <version>4.3.6-SNAPSHOT</version>
+    <version>4.4.0-SNAPSHOT</version>
     <name>Operator SDK - Bill of Materials</name>
     <packaging>pom</packaging>
     <description>Java SDK for implementing Kubernetes operators</description>

operator-framework-core/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>io.javaoperatorsdk</groupId>
     <artifactId>java-operator-sdk</artifactId>
-    <version>4.3.6-SNAPSHOT</version>
+    <version>4.4.0-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

operator-framework-core/src/main/java/io/javaoperatorsdk/operator/ControllerManager.java

@@ -22,6 +22,12 @@ class ControllerManager {
   @SuppressWarnings("rawtypes")
   private final Map<String, Controller> controllers = new HashMap<>();
   private boolean started = false;
+  private final ExecutorServiceManager executorServiceManager;
+
+  public ControllerManager(ExecutorServiceManager executorServiceManager) {
+    this.executorServiceManager = executorServiceManager;
+  }
+
 
   public synchronized void shouldStart() {
     if (started) {
@@ -33,15 +39,15 @@ public synchronized void shouldStart() {
   }
 
   public synchronized void start(boolean startEventProcessor) {
-    ExecutorServiceManager.boundedExecuteAndWaitForAllToComplete(controllers().stream(), c -> {
+    executorServiceManager.boundedExecuteAndWaitForAllToComplete(controllers().stream(), c -> {
       c.start(startEventProcessor);
       return null;
     }, c -> "Controller Starter for: " + c.getConfiguration().getName());
     started = true;
   }
 
   public synchronized void stop() {
-    ExecutorServiceManager.boundedExecuteAndWaitForAllToComplete(controllers().stream(), c -> {
+    executorServiceManager.boundedExecuteAndWaitForAllToComplete(controllers().stream(), c -> {
       log.debug("closing {}", c);
       c.stop();
       return null;
@@ -50,7 +56,7 @@ public synchronized void stop() {
   }
 
   public synchronized void startEventProcessing() {
-    ExecutorServiceManager.boundedExecuteAndWaitForAllToComplete(controllers().stream(), c -> {
+    executorServiceManager.boundedExecuteAndWaitForAllToComplete(controllers().stream(), c -> {
       c.startEventProcessing();
       return null;
     }, c -> "Event processor starter for: " + c.getConfiguration().getName());

operator-framework-core/src/main/java/io/javaoperatorsdk/operator/LeaderElectionManager.java

@@ -7,15 +7,15 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import io.fabric8.kubernetes.api.model.authorization.v1.*;
+import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReview;
+import io.fabric8.kubernetes.api.model.authorization.v1.SelfSubjectRulesReviewSpecBuilder;
 import io.fabric8.kubernetes.client.KubernetesClient;
 import io.fabric8.kubernetes.client.extended.leaderelection.LeaderCallbacks;
 import io.fabric8.kubernetes.client.extended.leaderelection.LeaderElectionConfig;
 import io.fabric8.kubernetes.client.extended.leaderelection.LeaderElector;
 import io.fabric8.kubernetes.client.extended.leaderelection.LeaderElectorBuilder;
 import io.fabric8.kubernetes.client.extended.leaderelection.resourcelock.LeaseLock;
-import io.javaoperatorsdk.operator.api.config.ConfigurationServiceProvider;
-import io.javaoperatorsdk.operator.api.config.ExecutorServiceManager;
+import io.javaoperatorsdk.operator.api.config.ConfigurationService;
 import io.javaoperatorsdk.operator.api.config.LeaderElectionConfiguration;
 
 public class LeaderElectionManager {
@@ -24,51 +24,58 @@ public class LeaderElectionManager {
 
   public static final String NO_PERMISSION_TO_LEASE_RESOURCE_MESSAGE =
       "No permission to lease resource.";
+  public static final String UNIVERSAL_VERB = "*";
+  public static final String COORDINATION_GROUP = "coordination.k8s.io";
+  public static final String LEASES_RESOURCE = "leases";
 
   private LeaderElector leaderElector = null;
   private final ControllerManager controllerManager;
   private String identity;
   private CompletableFuture<?> leaderElectionFuture;
-  private KubernetesClient client;
-  private String leaseName;
+  private KubernetesClient kubernetesClient;
+  private final ConfigurationService configurationService;
   private String leaseNamespace;
 
-  public LeaderElectionManager(ControllerManager controllerManager) {
+  public LeaderElectionManager(KubernetesClient kubernetesClient,
+      ControllerManager controllerManager,
+      ConfigurationService configurationService) {
+    this.kubernetesClient = kubernetesClient;
     this.controllerManager = controllerManager;
+    this.configurationService = configurationService;
   }
 
-  public void init(LeaderElectionConfiguration config, KubernetesClient client) {
-    this.client = client;
+  public boolean isLeaderElectionEnabled() {
+    return configurationService.getLeaderElectionConfiguration().isPresent();
+  }
+
+  private void init(LeaderElectionConfiguration config) {
     this.identity = identity(config);
-    this.leaseName = config.getLeaseName();
     leaseNamespace =
         config.getLeaseNamespace().orElseGet(
-            () -> ConfigurationServiceProvider.instance().getClientConfiguration().getNamespace());
+            () -> configurationService.getClientConfiguration().getNamespace());
     if (leaseNamespace == null) {
       final var message =
           "Lease namespace is not set and cannot be inferred. Leader election cannot continue.";
       log.error(message);
       throw new IllegalArgumentException(message);
     }
-    final var lock = new LeaseLock(leaseNamespace, leaseName, identity);
+    final var lock = new LeaseLock(leaseNamespace, config.getLeaseName(), identity);
     // releaseOnCancel is not used in the underlying implementation
-    leaderElector =
-        new LeaderElectorBuilder(
-            client, ExecutorServiceManager.instance().executorService())
-            .withConfig(new LeaderElectionConfig(
+    leaderElector = new LeaderElectorBuilder(
+        kubernetesClient, configurationService.getExecutorServiceManager().cachingExecutorService())
+        .withConfig(
+            new LeaderElectionConfig(
                 lock,
                 config.getLeaseDuration(),
                 config.getRenewDeadline(),
                 config.getRetryPeriod(),
                 leaderCallbacks(),
                 true,
                 config.getLeaseName()))
-            .build();
+        .build();
   }
 
-  public boolean isLeaderElectionEnabled() {
-    return leaderElector != null;
-  }
+
 
   private LeaderCallbacks leaderCallbacks() {
     return new LeaderCallbacks(
@@ -99,6 +106,7 @@ private String identity(LeaderElectionConfiguration config) {
 
   public void start() {
     if (isLeaderElectionEnabled()) {
+      init(configurationService.getLeaderElectionConfiguration().orElseThrow());
       checkLeaseAccess();
       leaderElectionFuture = leaderElector.start();
     }
@@ -114,12 +122,12 @@ private void checkLeaseAccess() {
     var verbs = Arrays.asList("create", "update", "get");
     SelfSubjectRulesReview review = new SelfSubjectRulesReview();
     review.setSpec(new SelfSubjectRulesReviewSpecBuilder().withNamespace(leaseNamespace).build());
-    var reviewResult = client.resource(review).create();
+    var reviewResult = kubernetesClient.resource(review).create();
     log.debug("SelfSubjectRulesReview result: {}", reviewResult);
     var foundRule = reviewResult.getStatus().getResourceRules().stream()
-        .filter(rule -> rule.getApiGroups().contains("coordination.k8s.io")
-            && rule.getResources().contains("leases")
-            && (rule.getVerbs().containsAll(verbs)) || rule.getVerbs().contains("*"))
+        .filter(rule -> rule.getApiGroups().contains(COORDINATION_GROUP)
+            && rule.getResources().contains(LEASES_RESOURCE)
+            && (rule.getVerbs().containsAll(verbs)) || rule.getVerbs().contains(UNIVERSAL_VERB))
         .findAny();
     if (foundRule.isEmpty()) {
       throw new OperatorException(NO_PERMISSION_TO_LEASE_RESOURCE_MESSAGE +