From 619b69088caf0feb56b1c721bbe5357c010d818c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Fa=C3=9Fbender?= Date: Mon, 13 Sep 2021 10:25:57 +0200 Subject: [PATCH] add some logging --- go.mod | 1 + go.sum | 2 ++ internal/controller.go | 31 ++++++++++++++++++++++++++----- internal/mutation.go | 21 +++++++++++++++------ main.go | 14 +++++++++----- 5 files changed, 53 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 2c752c5..dcff621 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module opa-admission-controller go 1.16 require ( + github.com/buger/jsonparser v1.1.1 github.com/open-policy-agent/opa v0.31.0 go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.7.0 // indirect diff --git a/go.sum b/go.sum index c57243f..6ee6e7e 100644 --- a/go.sum +++ b/go.sum @@ -61,6 +61,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bytecodealliance/wasmtime-go v0.28.0 h1:JTWP482wkmR79O9T0JiIAllPqmNW5oP0v56v/FwCpaQ= github.com/bytecodealliance/wasmtime-go v0.28.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= diff --git a/internal/controller.go b/internal/controller.go index be776c3..1821f26 100644 --- a/internal/controller.go +++ b/internal/controller.go @@ -3,6 +3,7 @@ package internal import ( "encoding/json" "fmt" + "github.com/buger/jsonparser" "go.uber.org/zap" "io/ioutil" v1 "k8s.io/api/admission/v1" @@ -36,7 +37,27 @@ func (controller *Controller) HandleMutate(w http.ResponseWriter, r *http.Reques return } - patches, err := applyMutations(jsonMap, controller.Mutations) + kind, err := jsonparser.GetString(body, "request", "object", "kind") + if err != nil { + controller.replyInternalServerError(w, "Error retrieving kind", err) + return + } + + namespace, err := jsonparser.GetString(body, "request", "object", "metadata", "namespace") + if err != nil { + controller.replyInternalServerError(w, "Error retrieving namespace", err) + return + } + + name, err := jsonparser.GetString(body, "request", "object", "metadata", "name") + if err != nil { + controller.replyInternalServerError(w, "Error retrieving name", err) + return + } + + controller.Sugar.Infof("got a mutation request for kind=%s, namespace=%s, name=%s", kind, namespace, name) + + patches, err := controller.applyMutations(jsonMap, controller.Mutations) if err != nil { controller.replyInternalServerError(w, "Error applying mutations", err) return @@ -51,10 +72,10 @@ func (controller *Controller) HandleMutate(w http.ResponseWriter, r *http.Reques patchType := v1.PatchTypeJSONPatch //TODO Audit Annotations admissionResponse := v1.AdmissionResponse{ - UID: admissionReview.Request.UID, - Allowed: true, - PatchType: &patchType, - Patch: patchesJSON, + UID: admissionReview.Request.UID, + Allowed: true, + PatchType: &patchType, + Patch: patchesJSON, } admissionReview.Response = &admissionResponse diff --git a/internal/mutation.go b/internal/mutation.go index e4b23cd..64915d6 100644 --- a/internal/mutation.go +++ b/internal/mutation.go @@ -16,28 +16,37 @@ type Mutation struct { var runtimeEnv = generateEnvAst() -func applyMutations(input map[string]interface{}, mutations []Mutation) ([]map[string]interface{}, error) { +func (controller *Controller) applyMutations(input map[string]interface{}, mutations []Mutation) ([]map[string]interface{}, error) { patches := make([]map[string]interface{}, 0) for _, mutation := range mutations { - filterDoesMatch, err := checkFilter(input, mutation.Filter) + filterDoesMatch, err := controller.checkFilter(input, mutation.Filter) if err != nil { return patches, err } if !filterDoesMatch { continue } - p, err := generatePatches(input, mutation.Mutation) + controller.Sugar.Infof("mutation with id=%d matches the request, starting to generate patches", mutation.Id) + + generatedPatches, err := controller.generatePatches(input, mutation.Mutation) if err != nil { return patches, err } - patches = append(patches, p...) + controller.Sugar.Infof("generated %d patches for mutation with id=%d", len(generatedPatches), mutation.Id) + + for i, p := range generatedPatches { + controller.Sugar.Debugf("patch %d => %v", i, p) + } + + patches = append(patches, generatedPatches...) } + controller.Sugar.Infof("generated %d patches in total", len(patches)) return patches, nil } -func generatePatches(input map[string]interface{}, module string) ([]map[string]interface{}, error) { +func (controller *Controller) generatePatches(input map[string]interface{}, module string) ([]map[string]interface{}, error) { ret := make([]map[string]interface{}, 0) ctx := context.Background() @@ -63,7 +72,7 @@ func generatePatches(input map[string]interface{}, module string) ([]map[string] return ret, nil } -func checkFilter(input map[string]interface{}, module string) (bool, error) { +func (controller *Controller) checkFilter(input map[string]interface{}, module string) (bool, error) { ctx := context.Background() query, err := rego.New( rego.Module("example.rego", module), diff --git a/main.go b/main.go index e54e04b..72151f3 100644 --- a/main.go +++ b/main.go @@ -13,15 +13,19 @@ import ( ) func main() { - logger, _ := zap.NewProduction() - defer logger.Sync() // flushes buffer, if any - sugar := logger.Sugar() - port := flag.Int("port", 8443, "port") noSSL := flag.Bool("no-ssl", false, "don't use ssl") configFile := flag.String("config", "/config/config.yaml", "path to config file") + level := zap.LevelFlag("loglevel", zap.InfoLevel, "loglevel") flag.Parse() + config := zap.NewProductionConfig() + config.Level = zap.NewAtomicLevelAt(*level) + logger, _ := config.Build([]zap.Option{}...) + + defer logger.Sync() // flushes buffer, if any + sugar := logger.Sugar() + yamlFile, err := os.Open(*configFile) defer yamlFile.Close() if err != nil { @@ -33,7 +37,7 @@ func main() { mutations := make([]internal.Mutation, 0) err = yaml.Unmarshal(byteValue, &mutations) if err != nil { - sugar.Fatalf("Error unmarshalling config yaml %s",err) + sugar.Fatalf("Error unmarshalling config yaml %s", err) } controller := internal.Controller{Sugar: sugar, Mutations: mutations}