Update deps

Signed-off-by: Tamal Saha <[email protected]>

go.mod

@@ -42,7 +42,7 @@ require (
 	k8s.io/kube-state-metrics/v2 v2.7.0
 	kmodules.xyz/apiversion v0.2.0
 	kmodules.xyz/authorizer v0.25.1
-	kmodules.xyz/client-go v0.25.35-0.20230925195212-e59241c267b5
+	kmodules.xyz/client-go v0.25.37
 	kmodules.xyz/custom-resources v0.25.2
 	kmodules.xyz/go-containerregistry v0.0.11
 	kmodules.xyz/monitoring-agent-api v0.25.3

go.sum

@@ -2118,8 +2118,8 @@ kmodules.xyz/apiversion v0.2.0 h1:vAQYqZFm4xu4pbB1cAdHbFEPES6EQkcR4wc06xdTOWk=
 kmodules.xyz/apiversion v0.2.0/go.mod h1:oPX8g8LvlPdPX3Yc5YvCzJHQnw3YF/X4/jdW0b1am80=
 kmodules.xyz/authorizer v0.25.1 h1:W19AtlPD2A1+Q4UqDmNCJKfX9bKIgj+J6bQmkYwsHwY=
 kmodules.xyz/authorizer v0.25.1/go.mod h1:hKAbHpRkbxZJjc+cMTUiyxQxp7amKUVDiN145IrpnhA=
-kmodules.xyz/client-go v0.25.35-0.20230925195212-e59241c267b5 h1:PsfOUk8Dl0e3n2ctl097E2u8xzL5XpvG8bSPg6m2yKo=
-kmodules.xyz/client-go v0.25.35-0.20230925195212-e59241c267b5/go.mod h1:YfMtano/sAxZqhoxtLKjvclWtNQQIa6PmkVaooo+VuI=
+kmodules.xyz/client-go v0.25.37 h1:/pKNG5ktBxGPtbTD1SIyAksLgZi1tqAPDJj9AwDkV8o=
+kmodules.xyz/client-go v0.25.37/go.mod h1:YfMtano/sAxZqhoxtLKjvclWtNQQIa6PmkVaooo+VuI=
 kmodules.xyz/crd-schema-fuzz v0.25.0 h1:c5ZxNRqJak1bkGhECmyrKpzKGThFMB4088Kynyvngbc=
 kmodules.xyz/custom-resources v0.25.2 h1:+PJgUZvbbSgyNT7EX9gUZ3PIzY2LAW03TDW8cevvXqo=
 kmodules.xyz/custom-resources v0.25.2/go.mod h1:b9XjjKQMZ6KrLHXKqQz7YwV3M3BK8Hwi4KEwu5RadCo=

vendor/kmodules.xyz/client-go/api/v1/cluster.go

@@ -53,7 +53,9 @@ type ClusterManager int
 
 const (
 	ClusterManagerACE ClusterManager = 1 << iota
-	ClusterManagerOCM
+	ClusterManagerOCMHub
+	ClusterManagerOCMSpoke
+	ClusterManagerOCMMulticlusterControlplane
 	ClusterManagerRancher
 	ClusterManagerOpenShift
 )
@@ -62,8 +64,16 @@ func (cm ClusterManager) ManagedByACE() bool {
 	return cm&ClusterManagerACE == ClusterManagerACE
 }
 
-func (cm ClusterManager) ManagedByOCM() bool {
-	return cm&ClusterManagerOCM == ClusterManagerOCM
+func (cm ClusterManager) ManagedByOCMHub() bool {
+	return cm&ClusterManagerOCMHub == ClusterManagerOCMHub
+}
+
+func (cm ClusterManager) ManagedByOCMSpoke() bool {
+	return cm&ClusterManagerOCMSpoke == ClusterManagerOCMSpoke
+}
+
+func (cm ClusterManager) ManagedByOCMMulticlusterControlplane() bool {
+	return cm&ClusterManagerOCMMulticlusterControlplane == ClusterManagerOCMMulticlusterControlplane
 }
 
 func (cm ClusterManager) ManagedByRancher() bool {
@@ -79,8 +89,14 @@ func (cm ClusterManager) Strings() []string {
 	if cm.ManagedByACE() {
 		out = append(out, "ACE")
 	}
-	if cm.ManagedByOCM() {
-		out = append(out, "OCM")
+	if cm.ManagedByOCMHub() {
+		out = append(out, "OCMHub")
+	}
+	if cm.ManagedByOCMSpoke() {
+		out = append(out, "OCMSpoke")
+	}
+	if cm.ManagedByOCMMulticlusterControlplane() {
+		out = append(out, "OCMMulticlusterControlplane")
 	}
 	if cm.ManagedByRancher() {
 		out = append(out, "Rancher")

vendor/kmodules.xyz/client-go/client/sa-token.go

@@ -0,0 +1,115 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"context"
+	"time"
+
+	core_util "kmodules.xyz/client-go/core/v1"
+	meta_util "kmodules.xyz/client-go/meta"
+
+	"github.com/pkg/errors"
+	core "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	utilrand "k8s.io/apimachinery/pkg/util/rand"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/klog/v2"
+	kutil "kmodules.xyz/client-go"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#token-controller
+func getServiceAccountTokenSecret(kc client.Client, sa client.ObjectKey) (*core.Secret, error) {
+	var list core.SecretList
+	err := kc.List(context.TODO(), &list, client.InNamespace(sa.Namespace))
+	if err != nil {
+		return nil, err
+	}
+	if len(list.Items) == 0 {
+		return nil, errors.New("token secret still haven't created yet")
+	}
+	for _, s := range list.Items {
+		if s.Type == core.SecretTypeServiceAccountToken &&
+			s.Annotations[core.ServiceAccountNameKey] == sa.Name {
+
+			_, caFound := s.Data["ca.crt"]
+			_, tokenFound := s.Data["token"]
+			if caFound && tokenFound {
+				return &s, nil
+			}
+		}
+	}
+	return nil, errors.New("token secret is not ready yet")
+}
+
+const (
+	RetryTimeout = 10 * time.Second
+)
+
+func tryGetServiceAccountTokenSecret(kc client.Client, sa client.ObjectKey) (secret *core.Secret, err error) {
+	err = wait.PollImmediate(kutil.RetryInterval, RetryTimeout, func() (bool, error) {
+		var e2 error
+		secret, e2 = getServiceAccountTokenSecret(kc, sa)
+		if e2 == nil {
+			return true, nil
+		}
+		klog.V(5).Infof("trying to get token secret for service account %s", sa)
+		return false, nil
+	})
+	return
+}
+
+func GetServiceAccountTokenSecret(kc client.Client, sa client.ObjectKey) (*core.Secret, error) {
+	secret, err := tryGetServiceAccountTokenSecret(kc, sa)
+	if err == nil {
+		klog.V(5).Infof("secret found for ServiceAccount %s", sa)
+		return secret, nil
+	}
+
+	var saObj core.ServiceAccount
+	err = kc.Get(context.TODO(), sa, &saObj)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed to get ServiceAccount %s", sa)
+	}
+
+	secretName := sa.Name + "-token-" + utilrand.String(6)
+	secret = &core.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      secretName,
+			Namespace: sa.Namespace,
+		},
+	}
+	vt, err := CreateOrPatch(context.TODO(), kc, secret, func(obj client.Object, createOp bool) client.Object {
+		in := obj.(*core.Secret)
+
+		in.Type = core.SecretTypeServiceAccountToken
+		ref := metav1.NewControllerRef(&saObj, core.SchemeGroupVersion.WithKind("ServiceAccount"))
+		core_util.EnsureOwnerReference(in, ref)
+		in.Annotations = meta_util.OverwriteKeys(in.Annotations, map[string]string{
+			core.ServiceAccountNameKey: sa.Name,
+		})
+
+		return in
+	})
+	if err != nil {
+		return nil, err
+	}
+	klog.Infof("%s Secret %s/%s", vt, secret.Namespace, secret.Name)
+
+	return tryGetServiceAccountTokenSecret(kc, sa)
+}

vendor/kmodules.xyz/client-go/cluster/lib.go

@@ -121,8 +121,14 @@ func DetectClusterManager(kc client.Client) kmapi.ClusterManager {
 	if IsACEManaged(kc) {
 		result |= kmapi.ClusterManagerACE
 	}
-	if IsOpenClusterManaged(kc.RESTMapper()) {
-		result |= kmapi.ClusterManagerOCM
+	if IsOpenClusterHub(kc.RESTMapper()) {
+		result |= kmapi.ClusterManagerOCMHub
+	}
+	if IsOpenClusterSpoke(kc.RESTMapper()) {
+		result |= kmapi.ClusterManagerOCMSpoke
+	}
+	if IsOpenClusterMulticlusterControlplane(kc.RESTMapper()) {
+		result |= kmapi.ClusterManagerOCMMulticlusterControlplane
 	}
 	if IsRancherManaged(kc.RESTMapper()) {
 		result |= kmapi.ClusterManagerRancher

vendor/kmodules.xyz/client-go/cluster/ocm.go

@@ -21,13 +21,17 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
-func IsOpenClusterManaged(mapper meta.RESTMapper) bool {
+func IsOpenClusterHub(mapper meta.RESTMapper) bool {
 	if _, err := mapper.RESTMappings(schema.GroupKind{
 		Group: "cluster.open-cluster-management.io",
 		Kind:  "ManagedCluster",
 	}); err == nil {
 		return true
 	}
+	return false
+}
+
+func IsOpenClusterSpoke(mapper meta.RESTMapper) bool {
 	if _, err := mapper.RESTMappings(schema.GroupKind{
 		Group: "work.open-cluster-management.io",
 		Kind:  "AppliedManifestWork",
@@ -36,3 +40,14 @@ func IsOpenClusterManaged(mapper meta.RESTMapper) bool {
 	}
 	return false
 }
+
+func IsOpenClusterMulticlusterControlplane(mapper meta.RESTMapper) bool {
+	var missingDeployment bool
+	if _, err := mapper.RESTMappings(schema.GroupKind{
+		Group: "apps",
+		Kind:  "Deployment",
+	}); meta.IsNoMatchError(err) {
+		missingDeployment = true
+	}
+	return IsOpenClusterHub(mapper) && missingDeployment
+}

vendor/kmodules.xyz/client-go/core/v1/configmap.go

@@ -0,0 +1,101 @@
+/*
+Copyright AppsCode Inc. and Contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+	core "k8s.io/api/core/v1"
+	kerr "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/strategicpatch"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/klog/v2"
+	kutil "kmodules.xyz/client-go"
+)
+
+func CreateOrPatchConfigMap(ctx context.Context, c kubernetes.Interface, meta metav1.ObjectMeta, transform func(*core.ConfigMap) *core.ConfigMap, opts metav1.PatchOptions) (*core.ConfigMap, kutil.VerbType, error) {
+	cur, err := c.CoreV1().ConfigMaps(meta.Namespace).Get(ctx, meta.Name, metav1.GetOptions{})
+	if kerr.IsNotFound(err) {
+		klog.V(3).Infof("Creating ConfigMap %s/%s.", meta.Namespace, meta.Name)
+		out, err := c.CoreV1().ConfigMaps(meta.Namespace).Create(ctx, transform(&core.ConfigMap{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "ConfigMap",
+				APIVersion: core.SchemeGroupVersion.String(),
+			},
+			ObjectMeta: meta,
+		}), metav1.CreateOptions{
+			DryRun:       opts.DryRun,
+			FieldManager: opts.FieldManager,
+		})
+		return out, kutil.VerbCreated, err
+	} else if err != nil {
+		return nil, kutil.VerbUnchanged, err
+	}
+	return PatchConfigMap(ctx, c, cur, transform, opts)
+}
+
+func PatchConfigMap(ctx context.Context, c kubernetes.Interface, cur *core.ConfigMap, transform func(*core.ConfigMap) *core.ConfigMap, opts metav1.PatchOptions) (*core.ConfigMap, kutil.VerbType, error) {
+	return PatchConfigMapObject(ctx, c, cur, transform(cur.DeepCopy()), opts)
+}
+
+func PatchConfigMapObject(ctx context.Context, c kubernetes.Interface, cur, mod *core.ConfigMap, opts metav1.PatchOptions) (*core.ConfigMap, kutil.VerbType, error) {
+	curJson, err := json.Marshal(cur)
+	if err != nil {
+		return nil, kutil.VerbUnchanged, err
+	}
+
+	modJson, err := json.Marshal(mod)
+	if err != nil {
+		return nil, kutil.VerbUnchanged, err
+	}
+
+	patch, err := strategicpatch.CreateTwoWayMergePatch(curJson, modJson, core.ConfigMap{})
+	if err != nil {
+		return nil, kutil.VerbUnchanged, err
+	}
+	if len(patch) == 0 || string(patch) == "{}" {
+		return cur, kutil.VerbUnchanged, nil
+	}
+	klog.V(3).Infof("Patching ConfigMap %s/%s with %s", cur.Namespace, cur.Name, string(patch))
+	out, err := c.CoreV1().ConfigMaps(cur.Namespace).Patch(ctx, cur.Name, types.StrategicMergePatchType, patch, opts)
+	return out, kutil.VerbPatched, err
+}
+
+func TryUpdateConfigMap(ctx context.Context, c kubernetes.Interface, meta metav1.ObjectMeta, transform func(*core.ConfigMap) *core.ConfigMap, opts metav1.UpdateOptions) (result *core.ConfigMap, err error) {
+	attempt := 0
+	err = wait.PollImmediate(kutil.RetryInterval, kutil.RetryTimeout, func() (bool, error) {
+		attempt++
+		cur, e2 := c.CoreV1().ConfigMaps(meta.Namespace).Get(ctx, meta.Name, metav1.GetOptions{})
+		if kerr.IsNotFound(e2) {
+			return false, e2
+		} else if e2 == nil {
+			result, e2 = c.CoreV1().ConfigMaps(cur.Namespace).Update(ctx, transform(cur.DeepCopy()), opts)
+			return e2 == nil, nil
+		}
+		klog.Errorf("Attempt %d failed to update ConfigMap %s/%s due to %v.", attempt, cur.Namespace, cur.Name, e2)
+		return false, nil
+	})
+
+	if err != nil {
+		err = errors.Errorf("failed to update ConfigMap %s/%s after %d attempts due to %v", meta.Namespace, meta.Name, attempt, err)
+	}
+	return
+}