From b474ab276c5a71224a9b9a8425e7b6ade17d15aa Mon Sep 17 00:00:00 2001 From: Timothy Smith Date: Fri, 8 Dec 2023 13:20:52 -0500 Subject: [PATCH 1/2] s/whitelist/allowlist --- CHANGELOG.md | 4 ++++ README.md | 6 +++--- lib/krane/deploy_task.rb | 4 ++-- lib/krane/global_deploy_task.rb | 4 ++-- lib/krane/resource_deployer.rb | 10 +++++----- lib/krane/version.rb | 2 +- test/unit/krane/resource_deployer_test.rb | 12 ++++++------ 7 files changed, 23 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa4bc0b6e..0c0e91f4b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## next +# 3.4.0 + +- Use `prune-allowlist` instead of `prune-whitelist`. This change requires kubernetes 1.26 and higher. [#940](https://github.com/Shopify/krane/pull/940) + ## 3.3.0 *Enhancements* diff --git a/README.md b/README.md index 86016477c..6342100f7 100644 --- a/README.md +++ b/README.md @@ -89,9 +89,9 @@ Krane provides support for official upstream supported versions [Kubernetes](htt | 1.20 | No | 2.4.9 | | 1.21 | No | 2.4.9 | | 1.22 | No | 3.0.1 | -| 1.23 | Yes | -- | -| 1.24 | Yes | -- | -| 1.25 | No | -- | +| 1.23 | Yes | 3.3.0 | +| 1.24 | Yes | 3.3.0 | +| 1.25 | No | 3.3.0 | | 1.26 | Yes | -- | | 1.27 | Yes | -- | diff --git a/lib/krane/deploy_task.rb b/lib/krane/deploy_task.rb index 33dec99af..88e669208 100644 --- a/lib/krane/deploy_task.rb +++ b/lib/krane/deploy_task.rb @@ -77,7 +77,7 @@ def predeploy_sequence Hash[before_crs + crs + after_crs] end - def prune_whitelist + def prune_allowlist cluster_resource_discoverer.prunable_resources(namespaced: true) end @@ -192,7 +192,7 @@ def run!(verify_result: true, prune: true) def resource_deployer @resource_deployer ||= Krane::ResourceDeployer.new(task_config: @task_config, - prune_whitelist: prune_whitelist, global_timeout: @global_timeout, + prune_allowlist: prune_allowlist, global_timeout: @global_timeout, selector: @selector, statsd_tags: statsd_tags, current_sha: @current_sha) end diff --git a/lib/krane/global_deploy_task.rb b/lib/krane/global_deploy_task.rb index 559872424..34196aa1e 100644 --- a/lib/krane/global_deploy_task.rb +++ b/lib/krane/global_deploy_task.rb @@ -108,7 +108,7 @@ def run!(verify_result: true, prune: true) def deploy!(resources, verify_result, prune) resource_deployer = ResourceDeployer.new(task_config: @task_config, - prune_whitelist: prune_whitelist, global_timeout: @global_timeout, + prune_allowlist: prune_allowlist, global_timeout: @global_timeout, selector: @selector, statsd_tags: statsd_tags) resource_deployer.deploy!(resources, verify_result, prune) end @@ -194,7 +194,7 @@ def kubectl @kubectl ||= Kubectl.new(task_config: @task_config, log_failure_by_default: true) end - def prune_whitelist + def prune_allowlist cluster_resource_discoverer.prunable_resources(namespaced: false) end diff --git a/lib/krane/resource_deployer.rb b/lib/krane/resource_deployer.rb index b8d54ff96..f1032e908 100644 --- a/lib/krane/resource_deployer.rb +++ b/lib/krane/resource_deployer.rb @@ -11,9 +11,9 @@ class ResourceDeployer delegate :logger, to: :@task_config attr_reader :statsd_tags - def initialize(task_config:, prune_whitelist:, global_timeout:, current_sha: nil, selector:, statsd_tags:) + def initialize(task_config:, prune_allowlist:, global_timeout:, current_sha: nil, selector:, statsd_tags:) @task_config = task_config - @prune_whitelist = prune_whitelist + @prune_allowlist = prune_allowlist @global_timeout = global_timeout @current_sha = current_sha @selector = selector @@ -102,7 +102,7 @@ def deploy_resources(resources, prune: false, verify:, record_summary: true) # Apply can be done in one large batch, the rest have to be done individually applyables, individuals = resources.partition { |r| r.deploy_method == :apply } # Prunable resources should also applied so that they can be pruned - pruneable_types = @prune_whitelist.map { |t| t.split("/").last } + pruneable_types = @prune_allowlist.map { |t| t.split("/").last } applyables += individuals.select { |r| pruneable_types.include?(r.type) && !r.deploy_method_override } individuals.each do |individual_resource| @@ -147,14 +147,14 @@ def apply_all(resources, prune, dry_run: false) r.deploy_started_at = Time.now.utc unless dry_run end command.push("-f", tmp_dir) - if prune && @prune_whitelist.present? + if prune && @prune_allowlist.present? command.push("--prune") if @selector command.push("--selector", @selector.to_s) else command.push("--all") end - @prune_whitelist.each { |type| command.push("--prune-whitelist=#{type}") } + @prune_allowlist.each { |type| command.push("--prune-allowlist=#{type}") } end command.push(kubectl.dry_run_flag) if dry_run diff --git a/lib/krane/version.rb b/lib/krane/version.rb index 67f6325d7..cce4d769d 100644 --- a/lib/krane/version.rb +++ b/lib/krane/version.rb @@ -1,4 +1,4 @@ # frozen_string_literal: true module Krane - VERSION = "3.3.0" + VERSION = "3.4.0" end diff --git a/test/unit/krane/resource_deployer_test.rb b/test/unit/krane/resource_deployer_test.rb index 7c15e56c7..ff257a15b 100644 --- a/test/unit/krane/resource_deployer_test.rb +++ b/test/unit/krane/resource_deployer_test.rb @@ -7,18 +7,18 @@ def test_deploy_prune_builds_whitelist whitelist_kind = "fake_kind" resource = build_mock_resource Krane::Kubectl.any_instance.expects(:run).with do |*args| - args.include?("--prune-whitelist=#{whitelist_kind}") + args.include?("--prune-allowlist=#{whitelist_kind}") end.returns(["", "", stub(success?: true)]) - resource_deployer(kubectl_times: 0, prune_whitelist: [whitelist_kind]).deploy!([resource], false, true) + resource_deployer(kubectl_times: 0, prune_allowlist: [whitelist_kind]).deploy!([resource], false, true) end def test_deploy_no_prune_doesnt_prune whitelist_kind = "fake_kind" resource = build_mock_resource Krane::Kubectl.any_instance.expects(:run).with do |*args| - !args.include?("--prune-whitelist=#{whitelist_kind}") + !args.include?("--prune-allowlist=#{whitelist_kind}") end.returns(["", "", stub(success?: true)]) - resource_deployer(kubectl_times: 0, prune_whitelist: [whitelist_kind]).deploy!([resource], false, false) + resource_deployer(kubectl_times: 0, prune_allowlist: [whitelist_kind]).deploy!([resource], false, false) end def test_deploy_verify_false_message @@ -84,13 +84,13 @@ def test_predeploy_priority_resources_respects_empty_pre_deploy_list private - def resource_deployer(kubectl_times: 1, prune_whitelist: []) + def resource_deployer(kubectl_times: 1, prune_allowlist: []) unless kubectl_times == 0 runless = build_runless_kubectl Krane::Kubectl.expects(:new).returns(runless).times(kubectl_times) end @deployer = Krane::ResourceDeployer.new(current_sha: 'test-sha', - statsd_tags: [], task_config: task_config, prune_whitelist: prune_whitelist, + statsd_tags: [], task_config: task_config, prune_allowlist: prune_allowlist, global_timeout: 1, selector: nil) end From f442cb694b51256c2595cd34bc3dc545624703f9 Mon Sep 17 00:00:00 2001 From: Timothy Smith Date: Fri, 8 Dec 2023 13:48:41 -0500 Subject: [PATCH 2/2] Make transparently compatible with pre 1.26 client --- CHANGELOG.md | 2 +- README.md | 6 +++--- lib/krane/kubectl.rb | 9 +++++++++ lib/krane/resource_deployer.rb | 3 ++- test/unit/krane/resource_deployer_test.rb | 13 +++++++------ 5 files changed, 22 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c0e91f4b..f0da84f5a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ # 3.4.0 -- Use `prune-allowlist` instead of `prune-whitelist`. This change requires kubernetes 1.26 and higher. [#940](https://github.com/Shopify/krane/pull/940) +- Use `prune-allowlist` instead of `prune-whitelist` for 1.26+ clusters. Clusters running 1.25 or less will continue to use `--prune-whitelist`. [#940](https://github.com/Shopify/krane/pull/940) ## 3.3.0 diff --git a/README.md b/README.md index 6342100f7..86016477c 100644 --- a/README.md +++ b/README.md @@ -89,9 +89,9 @@ Krane provides support for official upstream supported versions [Kubernetes](htt | 1.20 | No | 2.4.9 | | 1.21 | No | 2.4.9 | | 1.22 | No | 3.0.1 | -| 1.23 | Yes | 3.3.0 | -| 1.24 | Yes | 3.3.0 | -| 1.25 | No | 3.3.0 | +| 1.23 | Yes | -- | +| 1.24 | Yes | -- | +| 1.25 | No | -- | | 1.26 | Yes | -- | | 1.27 | Yes | -- | diff --git a/lib/krane/kubectl.rb b/lib/krane/kubectl.rb index c2a8e461d..96d9b3946 100644 --- a/lib/krane/kubectl.rb +++ b/lib/krane/kubectl.rb @@ -12,6 +12,7 @@ class Kubectl DEFAULT_TIMEOUT = 15 MAX_RETRY_DELAY = 16 SERVER_DRY_RUN_MIN_VERSION = "1.13" + ALLOW_LIST_MIN_VERSION = "1.26" class ResourceNotFoundError < StandardError; end @@ -112,6 +113,14 @@ def dry_run_flag "--dry-run=server" end + def allowlist_flag + if client_version >= Gem::Version.new(ALLOW_LIST_MIN_VERSION) + "--prune-allowlist" + else + "--prune-whitelist" + end + end + private def build_command_from_options(args, use_namespace, use_context, output) diff --git a/lib/krane/resource_deployer.rb b/lib/krane/resource_deployer.rb index f1032e908..fe0cabe45 100644 --- a/lib/krane/resource_deployer.rb +++ b/lib/krane/resource_deployer.rb @@ -154,7 +154,8 @@ def apply_all(resources, prune, dry_run: false) else command.push("--all") end - @prune_allowlist.each { |type| command.push("--prune-allowlist=#{type}") } + allow_list_flag = kubectl.allowlist_flag + @prune_allowlist.each { |type| command.push("#{allow_list_flag}=#{type}") } end command.push(kubectl.dry_run_flag) if dry_run diff --git a/test/unit/krane/resource_deployer_test.rb b/test/unit/krane/resource_deployer_test.rb index ff257a15b..fe1f73dd3 100644 --- a/test/unit/krane/resource_deployer_test.rb +++ b/test/unit/krane/resource_deployer_test.rb @@ -4,21 +4,22 @@ class ResourceDeployerTest < Krane::TestCase def test_deploy_prune_builds_whitelist - whitelist_kind = "fake_kind" + allowlist_kind = "fake_kind" resource = build_mock_resource + Krane::Kubectl.any_instance.expects(:client_version).returns(Gem::Version.new("1.26")) Krane::Kubectl.any_instance.expects(:run).with do |*args| - args.include?("--prune-allowlist=#{whitelist_kind}") + args.include?("--prune-allowlist=#{allowlist_kind}") end.returns(["", "", stub(success?: true)]) - resource_deployer(kubectl_times: 0, prune_allowlist: [whitelist_kind]).deploy!([resource], false, true) + resource_deployer(kubectl_times: 0, prune_allowlist: [allowlist_kind]).deploy!([resource], false, true) end def test_deploy_no_prune_doesnt_prune - whitelist_kind = "fake_kind" + allowlist_kind = "fake_kind" resource = build_mock_resource Krane::Kubectl.any_instance.expects(:run).with do |*args| - !args.include?("--prune-allowlist=#{whitelist_kind}") + !args.include?("--prune-allowlist=#{allowlist_kind}") end.returns(["", "", stub(success?: true)]) - resource_deployer(kubectl_times: 0, prune_allowlist: [whitelist_kind]).deploy!([resource], false, false) + resource_deployer(kubectl_times: 0, prune_allowlist: [allowlist_kind]).deploy!([resource], false, false) end def test_deploy_verify_false_message