fix for Flux plugin requires an additional config getter #3560

chart/kubeapps/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 1.10.0
 - name: postgresql
   repository: https://charts.bitnami.com/bitnami
-  version: 10.12.2
+  version: 10.12.3
 - name: redis
   repository: https://charts.bitnami.com/bitnami
   version: 15.4.1
-digest: sha256:624869c765621f51da8446d0c472aa997710be01033badac8feea3dbb130e23e
-generated: "2021-10-07T08:55:54.569891292Z"
+digest: sha256:9efa553aecdfbf8e3199446831ac2492d718ec6cf07380f924ae9fead8243c38
+generated: "2021-10-10T22:58:07.960326-07:00"

cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/cache.go

@@ -56,7 +56,9 @@ type cacheValueDeleter func(string, map[string]interface{}) (bool, error)
 // TODO (gfichtenholt) rename this to just Config when caching is separated out into core server
 // and/or caching-rleated code is moved into a separate package?
 type cacheConfig struct {
-	gvr          schema.GroupVersionResource
+	gvr schema.GroupVersionResource
+	// this clientGetter is for running out-of-request interactions with the Kubernetes API server,
+	// such as watching for resource changes
 	clientGetter clientGetter
 	// 'onAdd' and 'onModify' hooks are called when a new or modified object comes about and
 	// allows the plug-in to return information about WHETHER OR NOT and WHAT is to be stored
@@ -114,22 +116,18 @@ func newCacheWithRedisClient(config cacheConfig, redisCli *redis.Client, waitGro
 
 	if redisCli == nil {
 		return nil, status.Errorf(codes.FailedPrecondition, "server not configured with redis Client")
-	}
-
-	if config.clientGetter == nil {
-		return nil, status.Errorf(codes.FailedPrecondition, "server not configured with configGetter")
-	}
-
-	if config.onAdd == nil || config.onModify == nil || config.onDelete == nil || config.onGet == nil {
+	} else if config.clientGetter == nil {
+		return nil, status.Errorf(codes.FailedPrecondition, "server not configured with clientGetter")
+	} else if config.onAdd == nil || config.onModify == nil || config.onDelete == nil || config.onGet == nil {
 		return nil, status.Errorf(codes.FailedPrecondition, "server not configured with expected cache hooks")
 	}
 
 	// sanity check that the redis client is connected
-	pong, err := redisCli.Ping(redisCli.Context()).Result()
-	if err != nil {
+	if pong, err := redisCli.Ping(redisCli.Context()).Result(); err != nil {
 		return nil, err
+	} else {
+		log.Infof("[PING] -> [%s]", pong)
 	}
-	log.Infof("[PING] -> [%s]", pong)
 
 	c := NamespacedResourceWatcherCache{
 		config:                  config,
@@ -138,7 +136,7 @@ func newCacheWithRedisClient(config cacheConfig, redisCli *redis.Client, waitGro
 	}
 
 	// sanity check that the specified GVR is a valid registered CRD
-	if err = c.isGvrValid(); err != nil {
+	if err := c.isGvrValid(); err != nil {
 		return nil, err
 	}
 

cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go

@@ -32,7 +32,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
@@ -185,14 +184,10 @@ func kubeDeleteHelmRepository(t *testing.T, name, namespace string) error {
 	return nil
 }
 
-func kubeForceDeleteHelmRelease(t *testing.T, name, namespace string) error {
-	t.Logf("+kubeForceDeleteHelmRelease(%s,%s)", name, namespace)
+func kubeDeleteHelmRelease(t *testing.T, name, namespace string) error {
+	t.Logf("+kubeDeleteHelmRelease(%s,%s)", name, namespace)
 	if ifc, err := kubeGetHelmReleaseResourceInterface(namespace); err != nil {
 		return err
-		// remove finalizer on HelmRelease cuz sometimes it gets stuck indefinitely
-	} else if _, err = ifc.Patch(context.TODO(), name, types.JSONPatchType,
-		[]byte("[ { \"op\": \"remove\", \"path\": \"/metadata/finalizers\" } ]"), metav1.PatchOptions{}); err != nil {
-		return err
 	} else if err = ifc.Delete(context.TODO(), name, metav1.DeleteOptions{}); err != nil {
 		return err
 	}
@@ -228,7 +223,7 @@ func kubeGetPodNames(t *testing.T, namespace string) (names []string, err error)
 // will create a service account with cluster-admin privs and return the associated
 // Bearer token (base64-encoded)
 func kubeCreateAdminServiceAccount(t *testing.T, name, namespace string) (string, error) {
-	t.Logf("+kubeCreateServiceAccount(%s,%s)", name, namespace)
+	t.Logf("+kubeCreateAdminServiceAccount(%s,%s)", name, namespace)
 	typedClient, err := kubeGetTypedClient()
 	if err != nil {
 		return "", err
@@ -256,7 +251,7 @@ func kubeCreateAdminServiceAccount(t *testing.T, name, namespace string) (string
 			secretName = svcAccount.Secrets[0].Name
 			break
 		}
-		t.Logf("Waiting 1s for service account [%s] secret...", name)
+		t.Logf("Waiting 1s for service account [%s] secret to be set up... [%d/%d]", name, i+1, 10)
 		time.Sleep(1 * time.Second)
 	}
 	if secretName == "" {

cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release.go

@@ -214,7 +214,13 @@ func (s *Server) installedPkgSummaryFromRelease(unstructuredRelease map[string]i
 func (s *Server) installedPackageDetail(ctx context.Context, name types.NamespacedName) (*corev1.InstalledPackageDetail, error) {
 	unstructuredRelease, err := s.getReleaseInCluster(ctx, name)
 	if err != nil {
-		return nil, status.Errorf(codes.NotFound, "Unable to find Helm release %q due to: %v", name, err)
+		if errors.IsNotFound(err) {
+			return nil, status.Errorf(codes.NotFound, "%q", err)
+		} else if errors.IsForbidden(err) || errors.IsUnauthorized(err) {
+			return nil, status.Errorf(codes.Unauthenticated, "unable to get release due to %v", err)
+		} else {
+			return nil, status.Errorf(codes.Internal, "%q", err)
+		}
 	}
 
 	log.V(4).Infof("installedPackageDetail:\n[%s]", prettyPrintMap(unstructuredRelease.Object))
@@ -367,7 +373,11 @@ func (s *Server) newRelease(ctx context.Context, packageRef *corev1.AvailablePac
 	}
 	newRelease, err := resourceIfc.Create(ctx, fluxHelmRelease, metav1.CreateOptions{})
 	if err != nil {
-		return nil, err
+		if errors.IsForbidden(err) || errors.IsUnauthorized(err) {
+			return nil, status.Errorf(codes.Unauthenticated, "Unable to create release due to %v", err)
+		} else {
+			return nil, err
+		}
 	}
 
 	name, err := namespacedName(newRelease.Object)
@@ -391,6 +401,8 @@ func (s *Server) updateRelease(ctx context.Context, packageRef *corev1.Installed
 	if err != nil {
 		if errors.IsNotFound(err) {
 			return nil, status.Errorf(codes.NotFound, "%q", err)
+		} else if errors.IsForbidden(err) || errors.IsUnauthorized(err) {
+			return nil, status.Errorf(codes.Unauthenticated, "Unable to ase due to %v", err)
 		} else {
 			return nil, status.Errorf(codes.Internal, "%q", err)
 		}
@@ -452,7 +464,11 @@ func (s *Server) updateRelease(ctx context.Context, packageRef *corev1.Installed
 	// replace the object in k8s with a new desired state
 	unstructuredRel, err = ifc.Update(ctx, unstructuredRel, metav1.UpdateOptions{})
 	if err != nil {
-		return nil, err
+		if errors.IsForbidden(err) || errors.IsUnauthorized(err) {
+			return nil, status.Errorf(codes.Unauthenticated, "Unable to update release due to %v", err)
+		} else {
+			return nil, err
+		}
 	}
 
 	log.V(4).Infof("Updated release: %s", prettyPrintMap(unstructuredRel.Object))
@@ -475,6 +491,8 @@ func (s *Server) deleteRelease(ctx context.Context, packageRef *corev1.Installed
 	if err = ifc.Delete(ctx, packageRef.Identifier, metav1.DeleteOptions{}); err != nil {
 		if errors.IsNotFound(err) {
 			return status.Errorf(codes.NotFound, "%q", err)
+		} else if errors.IsForbidden(err) || errors.IsUnauthorized(err) {
+			return status.Errorf(codes.Unauthenticated, "Unable to delete release due to %v", err)
 		} else {
 			return status.Errorf(codes.Internal, "%q", err)
 		}