Check gateway and kubestash in resource service handler (#329)

Signed-off-by: Tamal Saha <[email protected]>

cmd/objectfinder-tester/main.go

@@ -23,18 +23,23 @@ import (
 
 	"kubeops.dev/ui-server/pkg/apiserver"
 	"kubeops.dev/ui-server/pkg/graph"
+	"kubeops.dev/ui-server/pkg/registry/core/resourceservice"
 	"kubeops.dev/ui-server/pkg/registry/identity/selfsubjectnamespaceaccessreview"
 
 	authorization "k8s.io/api/authorization/v1"
 	kerr "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/apis/meta/internalversion"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/endpoints/request"
+	apirequest "k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
+	rbacauthz "kmodules.xyz/authorizer/apiserver"
+	clustermeta "kmodules.xyz/client-go/cluster"
 	"kmodules.xyz/resource-metadata/apis/identity/v1alpha1"
 	rsapi "kmodules.xyz/resource-metadata/apis/meta/v1alpha1"
 	"kmodules.xyz/resource-metadata/hub/resourcedescriptors"
@@ -316,7 +321,7 @@ func findServiceMonitorForPrometheus() error {
 	return nil
 }
 
-func main() {
+func main_34() {
 	//_, kc, err := NewClient()
 	//if err != nil {
 	//	panic(err)
@@ -381,3 +386,61 @@ func findForPostgres() error {
 	fmt.Printf("%+v\n", result)
 	return nil
 }
+
+func main() {
+	kc, rtc, err := NewClient()
+	if err != nil {
+		panic(err)
+	}
+
+	cid, err := clustermeta.ClusterUID(rtc)
+	if err != nil {
+		panic(err)
+	}
+
+	rbacAuthorizer := rbacauthz.New(rtc)
+
+	s := resourceservice.NewStorage(rtc, kc.Discovery(), cid, rbacAuthorizer)
+
+	ctx := context.TODO()
+	ctx = apirequest.WithNamespace(ctx, "ace")
+	ctx = apirequest.WithUser(ctx, &user.DefaultInfo{
+		Name:   "system:admin",
+		Groups: []string{"system:masters", "system:authenticated"},
+	})
+
+	result, err := s.Get(ctx, "ace-db~Postgres.kubedb.com", &metav1.GetOptions{})
+	if err != nil {
+		panic(err)
+	}
+	fmt.Printf("%+v\n", result)
+}
+
+func main_List_ResourceService() {
+	kc, rtc, err := NewClient()
+	if err != nil {
+		panic(err)
+	}
+
+	cid, err := clustermeta.ClusterUID(rtc)
+	if err != nil {
+		panic(err)
+	}
+
+	rbacAuthorizer := rbacauthz.New(rtc)
+
+	s := resourceservice.NewStorage(rtc, kc.Discovery(), cid, rbacAuthorizer)
+
+	ctx := context.TODO()
+	ctx = apirequest.WithNamespace(ctx, "ace")
+	ctx = apirequest.WithUser(ctx, &user.DefaultInfo{
+		Name:   "system:admin",
+		Groups: []string{"system:masters", "system:authenticated"},
+	})
+
+	result, err := s.List(ctx, &internalversion.ListOptions{})
+	if err != nil {
+		panic(err)
+	}
+	fmt.Printf("%+v\n", result)
+}

go.mod

@@ -23,6 +23,7 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
 	github.com/zeebo/xxh3 v1.0.2
+	go.bytebuilders.dev/catalog v0.0.7
 	go.bytebuilders.dev/license-verifier v0.14.1
 	go.openviz.dev/apimachinery v0.0.7
 	golang.org/x/sync v0.7.0
@@ -48,9 +49,9 @@ require (
 	kmodules.xyz/custom-resources v0.30.0
 	kmodules.xyz/go-containerregistry v0.0.12
 	kmodules.xyz/monitoring-agent-api v0.29.0
-	kmodules.xyz/resource-metadata v0.18.13-0.20240829025444-b72d620479e5
-	kmodules.xyz/resource-metrics v0.30.2
-	kmodules.xyz/resource-metrics/utils v0.30.1
+	kmodules.xyz/resource-metadata v0.18.13-0.20240829103836-604e102fc093
+	kmodules.xyz/resource-metrics v0.30.3
+	kmodules.xyz/resource-metrics/utils v0.30.3
 	kmodules.xyz/sets v0.29.0
 	kubeops.dev/falco-ui-server v0.0.4
 	kubeops.dev/scanner v0.0.18
@@ -155,6 +156,7 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
+	github.com/onsi/gomega v1.34.1 // indirect
 	github.com/open-policy-agent/frameworks/constraint v0.0.0-20240802234259-aa99306df54e // indirect
 	github.com/open-policy-agent/opa v0.67.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
@@ -232,7 +234,8 @@ require (
 	k8s.io/component-helpers v0.29.0 // indirect
 	k8s.io/kms v0.30.3 // indirect
 	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
-	kmodules.xyz/offshoot-api v0.29.4 // indirect
+	kmodules.xyz/offshoot-api v0.30.0 // indirect
+	kubevault.dev/apimachinery v0.18.3 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.16.0 // indirect

go.sum

@@ -545,6 +545,8 @@ github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
 github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
 github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
 github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
+go.bytebuilders.dev/catalog v0.0.7 h1:RY2H7L9CoG779oCZjlZkU+f7FNSRSD2m4mdvLvuK2qA=
+go.bytebuilders.dev/catalog v0.0.7/go.mod h1:zKCfHWFNHEaZV6BWC8vo6CYBwPDQsl3IIXW1P9Q62QA=
 go.bytebuilders.dev/license-verifier v0.14.1 h1:Pk0a4NKgRjMt6eBZATHwLmPUuTQL00kQB3AQoxhCsUE=
 go.bytebuilders.dev/license-verifier v0.14.1/go.mod h1:GB9XTSQUcllJ4AVq29TdJI6yRjoI86HGz0XMqq9nLwY=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@@ -918,14 +920,14 @@ kmodules.xyz/go-containerregistry v0.0.12 h1:Tl32QGmSqRVm9PUEb/f3dgDeu9zW5fVzt3q
 kmodules.xyz/go-containerregistry v0.0.12/go.mod h1:KgeNg0hDsgeda+qc0NzWk0iVRdF0+ZIg/oRzGoYh78I=
 kmodules.xyz/monitoring-agent-api v0.29.0 h1:gpFl6OZrlMLb/ySMHdREI9EwGtnJ91oZBn9H1UFRwB4=
 kmodules.xyz/monitoring-agent-api v0.29.0/go.mod h1:iNbvaMTgVFOI5q2LJtGK91j4Dmjv4ZRiRdasGmWLKQI=
-kmodules.xyz/offshoot-api v0.29.4 h1:WQV2BIUIoVKKiqZNmZ4gAy367jEdwBhEl3dFCLZM1qA=
-kmodules.xyz/offshoot-api v0.29.4/go.mod h1:e+NQ0s4gW/YTPWBWEfdISZcmk+tlTq8IjvP5SLdqvko=
-kmodules.xyz/resource-metadata v0.18.13-0.20240829025444-b72d620479e5 h1:ouRNFYD+gHWGJaY8JSJqbN7uMMRIYkLvUOhHb6RH/WQ=
-kmodules.xyz/resource-metadata v0.18.13-0.20240829025444-b72d620479e5/go.mod h1:VvUjfIzmM08SZ9ssZKhduzSrggKjY93ES2Bk+/m04hs=
-kmodules.xyz/resource-metrics v0.30.2 h1:EGJapJa7Sh2ePc/WyHziLVh9xtuh4vWPBoSGxVZ8uC8=
-kmodules.xyz/resource-metrics v0.30.2/go.mod h1:UYcQQLN+3o8rNPQJwJa2D9bt5ihJCeo5bCDuQ4O3MPY=
-kmodules.xyz/resource-metrics/utils v0.30.1 h1:iRnAKNMMdAi7QYjMQrK9W3vNMhSC21RWNx9yS3qlpTA=
-kmodules.xyz/resource-metrics/utils v0.30.1/go.mod h1:FvRK+7qmKsA7RQCMAraejVSS3y39DK1s1/zq/rKg970=
+kmodules.xyz/offshoot-api v0.30.0 h1:dq9F93pu4Q8rL9oTcCk+vGGy8vpS7RNt0GSwx7Bvhec=
+kmodules.xyz/offshoot-api v0.30.0/go.mod h1:o9VoA3ImZMDBp3lpLb8+kc2d/KBxioRwCpaKDfLIyDw=
+kmodules.xyz/resource-metadata v0.18.13-0.20240829103836-604e102fc093 h1:OJiR1UbizOYQruXOIjrsRt+TEhLji/ynT8Pon94QZK4=
+kmodules.xyz/resource-metadata v0.18.13-0.20240829103836-604e102fc093/go.mod h1:VvUjfIzmM08SZ9ssZKhduzSrggKjY93ES2Bk+/m04hs=
+kmodules.xyz/resource-metrics v0.30.3 h1:x5sdhDL2lTCor82nn/hZjIlY3RzkD4JzITfk+1zAJko=
+kmodules.xyz/resource-metrics v0.30.3/go.mod h1:UYcQQLN+3o8rNPQJwJa2D9bt5ihJCeo5bCDuQ4O3MPY=
+kmodules.xyz/resource-metrics/utils v0.30.3 h1:M997admKMRAeT76RroOJmfi9deHfFpXieMt0yjrIiRY=
+kmodules.xyz/resource-metrics/utils v0.30.3/go.mod h1:9Zl9Ih7pvhmRjHtkjJYh1BSZKysIaDY+aewMM1qZCpw=
 kmodules.xyz/sets v0.29.0 h1:ZX/qOECzUob95JhhRtngJElHSlJ1UNNdwK4hTEy+nl0=
 kmodules.xyz/sets v0.29.0/go.mod h1:1oi3fR9c3SWywEjBLlHC8BBMCSz0b1/W+EofKmBoj3g=
 kubeops.dev/falco-ui-server v0.0.4 h1:47kA+B4pJTgru3P60ng9eC+c3TP8Gcq61c91FB3ZoBQ=
@@ -934,6 +936,8 @@ kubeops.dev/scanner v0.0.18 h1:j00BXav9dFH3ucqoROjfbXTdpKWpy7tL3RynWxkLXU4=
 kubeops.dev/scanner v0.0.18/go.mod h1:uyhpFCDysphXUMIWytSyyv0LjY+49z2jfuC3rK0HFTA=
 kubepack.dev/lib-helm v0.29.10 h1:DxqVpid7Ez+lp/jRHO6b1kqBEdAb+AdkYCGcsZVJd6A=
 kubepack.dev/lib-helm v0.29.10/go.mod h1:vrVvhzbL/SNRuS5FTn53bnpLAWoNta31ETCeaOczAcM=
+kubevault.dev/apimachinery v0.18.3 h1:Bq180AGBYnRXXNWbJ6Zg82+8/3M1Y8WYPez32uTry8I=
+kubevault.dev/apimachinery v0.18.3/go.mod h1:b9uUVFx3a3ThDziL2J2O4xQL+muY1/pGavAhDdJC99E=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4=

pkg/registry/core/resourceservice/storage.go

@@ -28,6 +28,7 @@ import (
 	"kubeops.dev/ui-server/pkg/shared"
 
 	"github.com/pkg/errors"
+	catalogapi "go.bytebuilders.dev/catalog/api/v1alpha1"
 	core "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -385,9 +386,47 @@ func (r *Storage) toGenericResourceService(item unstructured.Unstructured, apiTy
 			genres.Spec.Facilities.Exposed.Usage = rscoreapi.FacilityUnused
 		}
 	}
+	if apiType.Group == "kubedb.com" && genres.Spec.Facilities.Exposed.Usage == rscoreapi.FacilityUnused {
+		rid, objs, err := graph.ExecQuery(r.kc, oid, sharedapi.ResourceLocator{
+			Ref: metav1.GroupKind{
+				Group: "catalog.appscode.com",
+				Kind:  apiType.Kind + "Binding",
+			},
+			Query: sharedapi.ResourceQuery{
+				Type:    sharedapi.GraphQLQuery,
+				ByLabel: kmapi.EdgeLabelExposedBy,
+			},
+		})
+		if err == nil {
+			var isExposed bool
+			var refs []kmapi.ObjectReference
+			for _, obj := range objs {
+				var binding catalogapi.GenericBinding
+				if err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.UnstructuredContent(), &binding); err != nil {
+					return nil, err
+				}
+				if binding.Status.Gateway != nil &&
+					(binding.Status.Gateway.Hostname != "" || binding.Status.Gateway.IP != "") {
+					isExposed = true
+					refs = append(refs, kmapi.ObjectReference{
+						Namespace: binding.Status.Gateway.Namespace,
+						Name:      binding.Status.Gateway.Name,
+					})
+					break
+				}
+			}
+			if isExposed {
+				genres.Spec.Facilities.Exposed.Usage = rscoreapi.FacilityUsed
+				genres.Spec.Facilities.Exposed.Resource = rid
+				genres.Spec.Facilities.Exposed.Refs = refs
+			}
+		} else if !meta.IsNoMatchError(err) {
+			return nil, err
+		}
+	}
 	{
 		yes, err := resourcemetrics.UsesTLS(content)
-		if err != nil {
+		if err != nil && !errors.Is(err, api.ErrMissingRefObject) {
 			return nil, err
 		}
 		if yes {
@@ -416,14 +455,31 @@ func (r *Storage) toGenericResourceService(item unstructured.Unstructured, apiTy
 		       }`,
 			},
 		})
-		if err == nil {
-			if len(refs) > 0 {
-				genres.Spec.Facilities.Backup.Usage = rscoreapi.FacilityUsed
-				genres.Spec.Facilities.Backup.Resource = rid
-				genres.Spec.Facilities.Backup.Refs = refs
-			} else {
-				genres.Spec.Facilities.Backup.Usage = rscoreapi.FacilityUnused
-			}
+		if len(refs) > 0 {
+			genres.Spec.Facilities.Backup.Usage = rscoreapi.FacilityUsed
+			genres.Spec.Facilities.Backup.Resource = rid
+			genres.Spec.Facilities.Backup.Refs = refs
+		} else if err != nil && !meta.IsNoMatchError(err) {
+			return nil, err
+		}
+	}
+	if genres.Spec.Facilities.Backup.Usage == rscoreapi.FacilityUnknown {
+		rid, refs, err := graph.ExecRawQuery(r.kc, oid, sharedapi.ResourceLocator{
+			Ref: metav1.GroupKind{
+				Group: "core.kubestash.com",
+				Kind:  "BackupConfiguration",
+			},
+			Query: sharedapi.ResourceQuery{
+				Type:    sharedapi.GraphQLQuery,
+				ByLabel: kmapi.EdgeLabelBackupVia,
+			},
+		})
+		if len(refs) > 0 {
+			genres.Spec.Facilities.Backup.Usage = rscoreapi.FacilityUsed
+			genres.Spec.Facilities.Backup.Resource = rid
+			genres.Spec.Facilities.Backup.Refs = refs
+		} else if err == nil {
+			genres.Spec.Facilities.Backup.Usage = rscoreapi.FacilityUnused
 		} else if !meta.IsNoMatchError(err) {
 			return nil, err
 		}
@@ -448,13 +504,11 @@ func (r *Storage) toGenericResourceService(item unstructured.Unstructured, apiTy
 		         }`,
 			},
 		})
-		if err == nil {
-			if len(refs) > 0 {
-				genres.Spec.Facilities.Monitoring.Usage = rscoreapi.FacilityUsed
-				genres.Spec.Facilities.Monitoring.Resource = rid
-				genres.Spec.Facilities.Monitoring.Refs = refs
-			}
-		} else if !meta.IsNoMatchError(err) {
+		if len(refs) > 0 {
+			genres.Spec.Facilities.Monitoring.Usage = rscoreapi.FacilityUsed
+			genres.Spec.Facilities.Monitoring.Resource = rid
+			genres.Spec.Facilities.Monitoring.Refs = refs
+		} else if err != nil && !meta.IsNoMatchError(err) {
 			return nil, err
 		}
 
@@ -478,14 +532,12 @@ func (r *Storage) toGenericResourceService(item unstructured.Unstructured, apiTy
 		         }`,
 				},
 			})
-			if err == nil {
-				if len(refs) > 0 {
-					genres.Spec.Facilities.Monitoring.Usage = rscoreapi.FacilityUsed
-					genres.Spec.Facilities.Monitoring.Resource = rid
-					genres.Spec.Facilities.Monitoring.Refs = refs
-				} else {
-					genres.Spec.Facilities.Monitoring.Usage = rscoreapi.FacilityUnused
-				}
+			if len(refs) > 0 {
+				genres.Spec.Facilities.Monitoring.Usage = rscoreapi.FacilityUsed
+				genres.Spec.Facilities.Monitoring.Resource = rid
+				genres.Spec.Facilities.Monitoring.Refs = refs
+			} else if err == nil {
+				genres.Spec.Facilities.Monitoring.Usage = rscoreapi.FacilityUnused
 			} else if !meta.IsNoMatchError(err) {
 				return nil, err
 			}