Change GetOrganization to rely on the namespace (#1185)

* Change GetOrganization to rely on the namespace

* Rely on namespace label for organization

---------

Co-authored-by: Mohamed Chiheb <[email protected]>
Co-authored-by: QuentinBisson <[email protected]>

CHANGELOG.md

@@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Enable Opsgenie alerts for Shield.
 
+### Fixed
+
+- Change source for the organization label.
+
 ## [4.46.0] - 2023-08-21
 
 ### Added

files/templates/scrapeconfigs/_labelingschema.yaml

@@ -16,7 +16,7 @@
   replacement: [[ .ServicePriority | default "highest"]]
 # Add organization label.
 - target_label: organization
-  replacement: [[ .Organization | default "giantswarm" ]] 
+  replacement: [[ .Organization | default "giantswarm" ]]
 # Add customer label.
 - target_label: customer
   replacement: [[ .Customer ]]

pkg/nodecounter/nodecounter.go

@@ -33,7 +33,7 @@ func countMachineDeploymentClusterNodes(ctx context.Context, k8sClient k8sclient
 		client.MatchingLabels{
 			key.ClusterLabel: key.ClusterID(cluster),
 		},
-		client.InNamespace(key.OrganizationNamespace(cluster)),
+		client.InNamespace(cluster.GetNamespace()),
 	}
 
 	err := k8sClient.CtrlClient().List(ctx, &machinedeployments, opts...)
@@ -59,7 +59,7 @@ func countMachinePoolClusterNodes(ctx context.Context, k8sClient k8sclient.Inter
 		client.MatchingLabels{
 			key.ClusterLabel: key.ClusterID(cluster),
 		},
-		client.InNamespace(key.OrganizationNamespace(cluster)),
+		client.InNamespace(cluster.GetNamespace()),
 	}
 
 	err := k8sClient.CtrlClient().List(ctx, &machinepools, opts...)

pkg/organization/reader.go

@@ -0,0 +1,48 @@
+package organization
+
+import (
+	"context"
+	"errors"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+
+	"github.com/giantswarm/prometheus-meta-operator/v2/service/key"
+)
+
+const (
+	DefaultOrganization string = "giantswarm"
+	OrganizationLabel   string = "giantswarm.io/organization"
+)
+
+type Reader interface {
+	Read(ctx context.Context, cluster metav1.Object) (string, error)
+}
+
+type NamespaceReader struct {
+	client       kubernetes.Interface
+	installation string
+	provider     string
+}
+
+func NewNamespaceReader(client kubernetes.Interface, installation string, provider string) Reader {
+	return NamespaceReader{client, installation, provider}
+}
+
+func (r NamespaceReader) Read(ctx context.Context, cluster metav1.Object) (string, error) {
+	// Vintage MC
+	if key.IsManagementCluster(r.installation, cluster) && !key.IsCAPIManagementCluster(r.provider) {
+		return DefaultOrganization, nil
+	}
+
+	// For the rest, we extract the organization name from the namespace labels
+	namespace, err := r.client.CoreV1().Namespaces().Get(ctx, cluster.GetNamespace(), metav1.GetOptions{})
+	if err != nil {
+		return "", err
+	}
+
+	if organization, ok := namespace.Labels[OrganizationLabel]; ok {
+		return organization, nil
+	}
+	return "", errors.New("cluster namespace missing organization label")
+}

pkg/unittest/input/case-1-awsconfig.golden

@@ -3,7 +3,6 @@ kind: AWSConfig
 metadata:
   labels:
     "giantswarm.io/service-priority": "highest"
-    giantswarm.io/organization: my-organization
-    "release.giantswarm.io/version": 16.0.0
+    "release.giantswarm.io/version": "16.0.0"
   name: alice
   namespace: org-my-organization

pkg/unittest/input/case-2-azureconfig.golden

@@ -3,7 +3,6 @@ kind: AzureConfig
 metadata:
   labels:
     "giantswarm.io/service-priority": "medium"
-    giantswarm.io/organization: my-organization
-    "release.giantswarm.io/version": 18.0.0
+    "release.giantswarm.io/version": "18.0.0"
   name: foo
   namespace: org-my-organization

pkg/unittest/input/case-3-kvmconfig.golden

@@ -2,8 +2,7 @@ apiVersion: provider.giantswarm.io/v1alpha1
 kind: KVMConfig
 metadata:
   labels:
-    "giantswarm.io/service-priority": "lowest"
-    giantswarm.io/organization: my-organization
-    "release.giantswarm.io/version": 17.0.0
+    "giantswarm.io/service-priority": lowest
+    "release.giantswarm.io/version": "17.0.0"
   name: bar
   namespace: org-my-organization

pkg/unittest/input/case-4-control-plane.golden

@@ -2,8 +2,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: kubernetes
-  namespace: org-my-organization
-  labels:
-    giantswarm.io/organization: my-organization
+  namespace: default
 spec:
   clusterIP: 127.0.0.1

pkg/unittest/input/case-5-cluster-api-v1alpha3.golden

@@ -2,8 +2,7 @@ apiVersion: cluster.x-k8s.io/v1beta1
 kind: Cluster
 metadata:
   labels:
-    release.giantswarm.io/version: 18.0.0
-    giantswarm.io/organization: my-organization
+    "release.giantswarm.io/version": 18.0.0
   name: baz
   namespace: org-my-organization
 spec:

service/controller/managementcluster/resource.go

@@ -12,6 +12,7 @@ import (
 	promclient "github.com/prometheus-operator/prometheus-operator/pkg/client/versioned"
 	vpa_clientset "k8s.io/autoscaler/vertical-pod-autoscaler/pkg/client/clientset/versioned"
 
+	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/organization"
 	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/password"
 	"github.com/giantswarm/prometheus-meta-operator/v2/service/controller/resource/alerting/alertmanagerconfig"
 	"github.com/giantswarm/prometheus-meta-operator/v2/service/controller/resource/alerting/alertmanagerwiring"
@@ -209,11 +210,13 @@ func newResources(config resourcesConfig) ([]resource.Interface, error) {
 		}
 	}
 
+	organizationReader := organization.NewNamespaceReader(config.K8sClient.K8sClient(), config.Installation, config.Provider)
 	var scrapeConfigResource resource.Interface
 	{
 		c := scrapeconfigs.Config{
-			K8sClient: config.K8sClient,
-			Logger:    config.Logger,
+			K8sClient:          config.K8sClient,
+			Logger:             config.Logger,
+			OrganizationReader: organizationReader,
 
 			AdditionalScrapeConfigs: config.AdditionalScrapeConfigs,
 			Bastions:                config.Bastions,
@@ -309,8 +312,10 @@ func newResources(config resourcesConfig) ([]resource.Interface, error) {
 	var remoteWriteConfigResource resource.Interface
 	{
 		c := remotewriteconfig.Config{
-			K8sClient:    config.K8sClient,
-			Logger:       config.Logger,
+			K8sClient:          config.K8sClient,
+			Logger:             config.Logger,
+			OrganizationReader: organizationReader,
+
 			Customer:     config.Customer,
 			Installation: config.Installation,
 			Pipeline:     config.Pipeline,
@@ -346,8 +351,10 @@ func newResources(config resourcesConfig) ([]resource.Interface, error) {
 	var remoteWriteAPIEndpointConfigSecretResource resource.Interface
 	{
 		c := remotewriteapiendpointconfigsecret.Config{
-			K8sClient:    config.K8sClient,
-			Logger:       config.Logger,
+			K8sClient:          config.K8sClient,
+			Logger:             config.Logger,
+			OrganizationReader: organizationReader,
+
 			BaseDomain:   config.PrometheusBaseDomain,
 			Customer:     config.Customer,
 			Installation: config.Installation,

service/controller/resource/monitoring/remotewriteapiendpointconfigsecret/create.go

@@ -22,18 +22,18 @@ func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error {
 
 		// Get password from remote-write-secret
 		r.logger.Debugf(ctx, "looking up for secret remote write secret")
-		_, password, err := remotewriteconfiguration.GetUsernameAndPassword(r.k8sClient.K8sClient(), ctx, cluster, r.Installation, r.Provider)
+		_, password, err := remotewriteconfiguration.GetUsernameAndPassword(r.k8sClient.K8sClient(), ctx, cluster, r.installation, r.provider)
 		if err != nil {
 			r.logger.Errorf(ctx, err, "lookup for remote write secret failed")
 			return microerror.Mask(err)
 		}
 
-		name := key.RemoteWriteAPIEndpointConfigSecretName(cluster, r.Provider)
-		namespace := key.GetClusterAppsNamespace(cluster, r.Installation, r.Provider)
+		name := key.RemoteWriteAPIEndpointConfigSecretName(cluster, r.provider)
+		namespace := key.GetClusterAppsNamespace(cluster, r.installation, r.provider)
 		// Get the current secret if it exists.
 		current, err := r.k8sClient.K8sClient().CoreV1().Secrets(namespace).Get(ctx, name, metav1.GetOptions{})
 		if apierrors.IsNotFound(err) {
-			err = r.createSecret(ctx, cluster, name, namespace, password, r.Version)
+			err = r.createSecret(ctx, cluster, name, namespace, password, r.version)
 			if err != nil {
 				return microerror.Mask(err)
 			}
@@ -42,7 +42,7 @@ func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error {
 		}
 
 		if current != nil {
-			desired, err := r.desiredSecret(cluster, name, namespace, password, r.Version)
+			desired, err := r.desiredSecret(ctx, cluster, name, namespace, password, r.version)
 			if err != nil {
 				return microerror.Mask(err)
 			}

service/controller/resource/monitoring/remotewriteapiendpointconfigsecret/delete.go

@@ -19,8 +19,8 @@ func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error {
 			return microerror.Mask(err)
 		}
 
-		name := key.RemoteWriteAPIEndpointConfigSecretName(cluster, r.Provider)
-		namespace := key.GetClusterAppsNamespace(cluster, r.Installation, r.Provider)
+		name := key.RemoteWriteAPIEndpointConfigSecretName(cluster, r.provider)
+		namespace := key.GetClusterAppsNamespace(cluster, r.installation, r.provider)
 
 		_, err = r.k8sClient.K8sClient().CoreV1().Secrets(namespace).Get(ctx, name, metav1.GetOptions{})
 		if apierrors.IsNotFound(err) {

service/controller/resource/monitoring/remotewriteapiendpointconfigsecret/resource.go

@@ -10,6 +10,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/yaml"
 
+	"github.com/giantswarm/prometheus-meta-operator/v2/pkg/organization"
 	remotewriteconfiguration "github.com/giantswarm/prometheus-meta-operator/v2/pkg/remotewrite/configuration"
 	"github.com/giantswarm/prometheus-meta-operator/v2/service/key"
 )
@@ -19,8 +20,10 @@ const (
 )
 
 type Config struct {
-	K8sClient    k8sclient.Interface
-	Logger       micrologger.Logger
+	K8sClient          k8sclient.Interface
+	Logger             micrologger.Logger
+	OrganizationReader organization.Reader
+
 	BaseDomain   string
 	Customer     string
 	Installation string
@@ -32,17 +35,18 @@ type Config struct {
 }
 
 type Resource struct {
-	k8sClient k8sclient.Interface
-	logger    micrologger.Logger
-
-	BaseDomain   string
-	Customer     string
-	Installation string
-	InsecureCA   bool
-	Pipeline     string
-	Provider     string
-	Region       string
-	Version      string
+	k8sClient          k8sclient.Interface
+	logger             micrologger.Logger
+	organizationReader organization.Reader
+
+	baseDomain   string
+	customer     string
+	installation string
+	insecureCA   bool
+	pipeline     string
+	provider     string
+	region       string
+	version      string
 }
 
 func New(config Config) (*Resource, error) {
@@ -52,6 +56,9 @@ func New(config Config) (*Resource, error) {
 	if config.Logger == nil {
 		return nil, microerror.Maskf(invalidConfigError, "config.Logger must not be empty")
 	}
+	if config.OrganizationReader == nil {
+		return nil, microerror.Maskf(invalidConfigError, "config.OrganizationReader must not be empty")
+	}
 	if config.BaseDomain == "" {
 		return nil, microerror.Maskf(invalidConfigError, "config.BaseDomain must not be empty")
 	}
@@ -72,17 +79,18 @@ func New(config Config) (*Resource, error) {
 	}
 
 	r := &Resource{
-		k8sClient: config.K8sClient,
-		logger:    config.Logger,
-
-		BaseDomain:   config.BaseDomain,
-		Customer:     config.Customer,
-		Installation: config.Installation,
-		InsecureCA:   config.InsecureCA,
-		Pipeline:     config.Pipeline,
-		Provider:     config.Provider,
-		Region:       config.Region,
-		Version:      config.Version,
+		k8sClient:          config.K8sClient,
+		logger:             config.Logger,
+		organizationReader: config.OrganizationReader,
+
+		baseDomain:   config.BaseDomain,
+		customer:     config.Customer,
+		installation: config.Installation,
+		insecureCA:   config.InsecureCA,
+		pipeline:     config.Pipeline,
+		provider:     config.Provider,
+		region:       config.Region,
+		version:      config.Version,
 	}
 
 	return r, nil
@@ -92,20 +100,24 @@ func (r *Resource) Name() string {
 	return Name
 }
 
-func (r *Resource) desiredSecret(cluster metav1.Object, name string, namespace string, password string, version string) (*corev1.Secret, error) {
+func (r *Resource) desiredSecret(ctx context.Context, cluster metav1.Object, name string, namespace string, password string, version string) (*corev1.Secret, error) {
+	organization, err := r.organizationReader.Read(ctx, cluster)
+	if err != nil {
+		return nil, microerror.Mask(err)
+	}
 	globalConfig := remotewriteconfiguration.GlobalConfig{
 		RemoteWrite: []remotewriteconfiguration.RemoteWrite{
-			remotewriteconfiguration.DefaultRemoteWrite(key.ClusterID(cluster), r.BaseDomain, password, r.InsecureCA),
+			remotewriteconfiguration.DefaultRemoteWrite(key.ClusterID(cluster), r.baseDomain, password, r.insecureCA),
 		},
 		ExternalLabels: map[string]string{
 			key.ClusterIDKey:       key.ClusterID(cluster),
-			key.ClusterTypeKey:     key.ClusterType(r.Installation, cluster),
-			key.CustomerKey:        r.Customer,
-			key.InstallationKey:    r.Installation,
-			key.OrganizationKey:    key.GetOrganization(cluster),
-			key.PipelineKey:        r.Pipeline,
-			key.ProviderKey:        r.Provider,
-			key.RegionKey:          r.Region,
+			key.ClusterTypeKey:     key.ClusterType(r.installation, cluster),
+			key.CustomerKey:        r.customer,
+			key.InstallationKey:    r.installation,
+			key.OrganizationKey:    organization,
+			key.PipelineKey:        r.pipeline,
+			key.ProviderKey:        r.provider,
+			key.RegionKey:          r.region,
 			key.ServicePriorityKey: key.GetServicePriority(cluster),
 		},
 	}
@@ -136,7 +148,7 @@ func (r *Resource) desiredSecret(cluster metav1.Object, name string, namespace s
 }
 
 func (r *Resource) createSecret(ctx context.Context, cluster metav1.Object, name string, namespace string, password, version string) error {
-	secret, err := r.desiredSecret(cluster, name, namespace, password, version)
+	secret, err := r.desiredSecret(ctx, cluster, name, namespace, password, version)
 	if err != nil {
 		return microerror.Mask(err)
 	}

service/controller/resource/monitoring/remotewriteconfig/create.go

@@ -24,12 +24,12 @@ func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error {
 		}
 
 		name := key.RemoteWriteConfigName(cluster)
-		namespace := key.GetClusterAppsNamespace(cluster, r.Installation, r.Provider)
+		namespace := key.GetClusterAppsNamespace(cluster, r.installation, r.provider)
 
 		// Get the current configmap if it exists.
 		current, err := r.k8sClient.K8sClient().CoreV1().ConfigMaps(namespace).Get(ctx, name, metav1.GetOptions{})
 		if apierrors.IsNotFound(err) {
-			err = r.createConfigMap(ctx, cluster, name, namespace, r.Version)
+			err = r.createConfigMap(ctx, cluster, name, namespace, r.version)
 			if err != nil {
 				return microerror.Mask(err)
 			}
@@ -48,7 +48,7 @@ func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error {
 				return microerror.Mask(err)
 			}
 
-			desired, err := r.desiredConfigMap(cluster, name, namespace, r.Version, shards)
+			desired, err := r.desiredConfigMap(ctx, cluster, name, namespace, r.version, shards)
 			if err != nil {
 				return microerror.Mask(err)
 			}

service/controller/resource/monitoring/remotewriteconfig/delete.go

@@ -20,7 +20,7 @@ func (r *Resource) EnsureDeleted(ctx context.Context, obj interface{}) error {
 		}
 
 		name := key.RemoteWriteConfigName(cluster)
-		namespace := key.GetClusterAppsNamespace(cluster, r.Installation, r.Provider)
+		namespace := key.GetClusterAppsNamespace(cluster, r.installation, r.provider)
 
 		_, err = r.k8sClient.K8sClient().CoreV1().ConfigMaps(namespace).Get(ctx, name, metav1.GetOptions{})
 		if apierrors.IsNotFound(err) {