Change fs to label selector (#9)

Gopkg.toml

@@ -32,7 +32,7 @@ required = [
 
 [[constraint]]
   name="sigs.k8s.io/controller-runtime"
-  revision="89c373a86c19b6e5fc8f7b0c49a671039b8188c9"
+  revision="8d94f663b1f552f74805cd8c44a1e03387f5a5d2"
 
 # All dependencies of Kubernetes from branch release-1.13 converted to override clauses. This include dependencies that
 # are not used in this project. See

charts/catalog/templates/rbac.yaml

@@ -38,9 +38,9 @@ items:
     verbs:     ["get","list","watch"]
   - apiGroups: ["servicecatalog.k8s.io"]
     resources: ["serviceinstances","servicebindings"]
-    verbs:     ["get","list","watch", "update"]
+    verbs:     ["get","list","watch", "update", "patch"]
   - apiGroups: ["servicecatalog.k8s.io"]
-    resources: ["clusterservicebrokers/status","clusterserviceclasses/status","clusterserviceplans/status","serviceinstances/status","serviceinstances/reference","servicebindings/status"]
+    resources: ["clusterservicebrokers/status","clusterserviceclasses/status","clusterserviceplans/status","serviceinstances/status","servicebindings/status"]
     verbs:     ["update"]
   {{- if not .Values.namespacedServiceBrokerDisabled }}
   - apiGroups: ["servicecatalog.k8s.io"]

charts/catalog/templates/webhook-deployment.yaml

@@ -28,6 +28,7 @@ spec:
 {{ toYaml .Values.webhook.annotations | indent 8 }}
       {{- end }}
     spec:
+      serviceAccountName: "{{ .Values.webhook.serviceAccount }}"
       containers:
       - name: svr
         image: {{ .Values.image }}

charts/catalog/templates/webhook-register.yaml

@@ -22,6 +22,58 @@ webhooks:
     apiGroups: ["servicecatalog.k8s.io"]
     apiVersions: ["v1beta1"]
     resources: ["clusterservicebrokers"]
+- name: mutating.clusterserviceclasses.servicecatalog.k8s.io
+  clientConfig:
+    caBundle: {{ b64enc $ca.Cert }}
+    service:
+      name: {{ template "fullname" . }}-webhook
+      namespace: "{{ .Release.Namespace }}"
+      path: "/mutating-clusterserviceclasses"
+  failurePolicy: Fail
+  rules:
+  - operations: [ "CREATE", "UPDATE" ]
+    apiGroups: ["servicecatalog.k8s.io"]
+    apiVersions: ["v1beta1"]
+    resources: ["clusterserviceclasses"]
+- name: mutating.serviceclasses.servicecatalog.k8s.io
+  clientConfig:
+    caBundle: {{ b64enc $ca.Cert }}
+    service:
+      name: {{ template "fullname" . }}-webhook
+      namespace: "{{ .Release.Namespace }}"
+      path: "/mutating-serviceclasses"
+  failurePolicy: Fail
+  rules:
+  - operations: [ "CREATE", "UPDATE" ]
+    apiGroups: ["servicecatalog.k8s.io"]
+    apiVersions: ["v1beta1"]
+    resources: ["serviceclasses"]
+- name: mutating.clusterserviceplans.servicecatalog.k8s.io
+  clientConfig:
+    caBundle: {{ b64enc $ca.Cert }}
+    service:
+      name: {{ template "fullname" . }}-webhook
+      namespace: "{{ .Release.Namespace }}"
+      path: "/mutating-clusterserviceplans"
+  failurePolicy: Fail
+  rules:
+  - operations: [ "CREATE", "UPDATE" ]
+    apiGroups: ["servicecatalog.k8s.io"]
+    apiVersions: ["v1beta1"]
+    resources: ["clusterserviceplans"]
+- name: mutating.serviceplans.servicecatalog.k8s.io
+  clientConfig:
+    caBundle: {{ b64enc $ca.Cert }}
+    service:
+      name: {{ template "fullname" . }}-webhook
+      namespace: "{{ .Release.Namespace }}"
+      path: "/mutating-serviceplans"
+  failurePolicy: Fail
+  rules:
+  - operations: [ "CREATE", "UPDATE" ]
+    apiGroups: ["servicecatalog.k8s.io"]
+    apiVersions: ["v1beta1"]
+    resources: ["serviceplans"]
 - name: mutating.servicebindings.servicecatalog.k8s.io
   clientConfig:
     caBundle: {{ b64enc $ca.Cert }}

charts/catalog/values.yaml

@@ -61,7 +61,7 @@ controllerManager:
   # Whether or not the controller supports a --broker-relist-interval flag. If this is
   # set to true, brokerRelistInterval will be used as the value for that flag
   brokerRelistIntervalActivated: true
-   # The maximum amount of time to back-off while polling an OSB API operation; format is a duration (`20m`, `1h`, etc)
+  # The maximum amount of time to back-off while polling an OSB API operation; format is a duration (`20m`, `1h`, etc)
   operationPollingMaximumBackoffDuration: 20m
   # The maximum amount of timeout to any request to the broker; format is a duration (`60s`, `3m`, etc)
   osbApiRequestTimeout: 60s

cmd/svcat/svcat_test.go

@@ -90,6 +90,9 @@ func TestGetSvcatWithNamespacedBrokerFeatureDisabled(t *testing.T) {
 				&v1beta1.ClusterServiceClass{
 					ObjectMeta: metav1.ObjectMeta{
 						Name: "my-cluster-class",
+						Labels: map[string]string{
+							v1beta1.GroupName + "/" + v1beta1.FilterSpecExternalName: "my-cluster-class",
+						},
 					},
 					Spec: v1beta1.ClusterServiceClassSpec{
 						CommonServiceClassSpec: v1beta1.CommonServiceClassSpec{
@@ -100,6 +103,9 @@ func TestGetSvcatWithNamespacedBrokerFeatureDisabled(t *testing.T) {
 				&v1beta1.ClusterServicePlan{
 					ObjectMeta: metav1.ObjectMeta{
 						Name: "my-cluster-plan",
+						Labels: map[string]string{
+							v1beta1.GroupName + "/" + v1beta1.FilterSpecExternalName: "my-cluster-plan",
+						},
 					},
 					Spec: v1beta1.ClusterServicePlanSpec{
 						CommonServicePlanSpec: v1beta1.CommonServicePlanSpec{
@@ -663,7 +669,9 @@ func apihandler(w http.ResponseWriter, r *http.Request) {
 		match = filepath.Join("core", coreMatch[1])
 	}
 
-	match = strings.Replace(match, "?", "_", -1) // windows doesn't allow '?' in filenames
+	match = strings.Replace(match, "?", "_", -1)   // windows doesn't allow '?' in filenames
+	match = strings.Replace(match, "%2F", "_", -1) // "/" is not allowed in filenames
+
 	relpath, err := url.PathUnescape(match)
 	if err != nil {
 		w.WriteHeader(500)

cmd/webhook/server/webhook.go

@@ -22,9 +22,14 @@ import (
 
 	scTypes "github.com/kubernetes-incubator/service-catalog/pkg/apis/servicecatalog/v1beta1"
 	csbmutation "github.com/kubernetes-incubator/service-catalog/pkg/webhook/servicecatalog/clusterservicebroker/mutation"
+	cscmutation "github.com/kubernetes-incubator/service-catalog/pkg/webhook/servicecatalog/clusterserviceclass/mutation"
+	cspmutation "github.com/kubernetes-incubator/service-catalog/pkg/webhook/servicecatalog/clusterserviceplan/mutation"
+
 	sbmutation "github.com/kubernetes-incubator/service-catalog/pkg/webhook/servicecatalog/servicebinding/mutation"
 	brmutation "github.com/kubernetes-incubator/service-catalog/pkg/webhook/servicecatalog/servicebroker/mutation"
+	scmutation "github.com/kubernetes-incubator/service-catalog/pkg/webhook/servicecatalog/serviceclass/mutation"
 	simutation "github.com/kubernetes-incubator/service-catalog/pkg/webhook/servicecatalog/serviceinstance/mutation"
+	spmutation "github.com/kubernetes-incubator/service-catalog/pkg/webhook/servicecatalog/serviceplan/mutation"
 
 	"github.com/pkg/errors"
 	"k8s.io/apiserver/pkg/server/healthz"
@@ -59,15 +64,20 @@ func run(opts *WebhookServerOptions, stopCh <-chan struct{}) error {
 
 	// setup webhook server
 	webhookSvr := &webhook.Server{
-		Port:    int32(opts.SecureServingOptions.BindPort),
+		Port:    opts.SecureServingOptions.BindPort,
 		CertDir: opts.SecureServingOptions.ServerCert.CertDirectory,
 	}
 
 	webhooks := map[string]admission.Handler{
 		"/mutating-clusterservicebrokers": &csbmutation.CreateUpdateHandler{},
-		"/mutating-servicebindings":       &sbmutation.CreateUpdateHandler{},
-		"/mutating-servicebrokers":        &brmutation.CreateUpdateHandler{},
-		"/mutating-serviceinstances":      &simutation.CreateUpdateHandler{},
+		"/mutating-clusterserviceclasses": &cscmutation.CreateUpdateHandler{},
+		"/mutating-clusterserviceplans":   &cspmutation.CreateUpdateHandler{},
+
+		"/mutating-servicebindings":  &sbmutation.CreateUpdateHandler{},
+		"/mutating-servicebrokers":   &brmutation.CreateUpdateHandler{},
+		"/mutating-serviceclasses":   &scmutation.CreateUpdateHandler{},
+		"/mutating-serviceinstances": &simutation.CreateUpdateHandler{},
+		"/mutating-serviceplans":     &spmutation.CreateUpdateHandler{},
 	}
 
 	for path, handler := range webhooks {

contrib/hack/crd/README.md

@@ -0,0 +1,127 @@
+## Cookbook for CRDs POC 
+
+Execute all commands from the cookbook in the `hack` directory.
+
+### Bootstrap local environment for testing
+
+1. In one shell execute:
+```bash
+./bin/bootstrap-testing-environment.sh
+```
+
+Under the hood this script is:
+- creating minikube
+- installing tiller
+- installing Service Catalog
+- installing Helm Broker
+- installing Binding Usage Controller
+- registering Helm Broker in Service Catalog with http://localhost:8081
+- exposing the Helm Broker to your localhost on port 8081, so your controller in step 2 can access all broker endpoints 
+
+2. When step one is finished then on the other shell execute:
+```bash
+./bin/run-controller.sh
+```
+
+**Now you are ready to go!**
+
+When you execute `svcat get classes`, then you should see:
+```bash
+          NAME           NAMESPACE                 DESCRIPTION
++----------------------+-----------+------------------------------------------+
+  azure-service-broker               Extends the Service Catalog with Azure
+                                     services
+  redis                              Redis by Helm Broker (Experimental)
+  gcp-service-broker                 Extends the Service Catalog with Google
+                                     Cloud Platform services
+``` 
+
+### Testing Scenario
+
+Follow these steps:
+
+1. Export the name of the Namespace.
+```bash
+export namespace="qa"
+```
+2. Create a Redis instance.
+```bash
+kubectl create -f assets/scenario/redis-instance-manual.yaml -n $namespace
+```
+3. Check if the Redis instance is already provisioned.
+```bash
+watch -n 1 "kubectl get serviceinstance/redis -n $namespace -o jsonpath='{ .status.conditions[0].reason }'"
+```
+4. Create Secrets for the Redis instance.
+```bash
+kubectl create -f assets/scenario/redis-instance-binding-manual.yaml -n $namespace
+```
+5. Create a deploy.
+```bash
+kubectl create -f assets/scenario/redis-client.yaml -n $namespace
+```
+6. Create a Binding Usage with **APP_** prefix.
+```bash
+kubectl create -f assets/scenario/service-binding-usage.yaml -n $namespace
+```
+7. Wait until the Pod is ready.
+```bash
+kubectl get po -l app=redis-client -n $namespace -o jsonpath='{ .items[*].status.conditions[?(@.type=="Ready")].status }'
+```
+8. Export the name of the Pod.
+```bash
+export POD_NAME=$(kubectl get po -l app=redis-client -n $namespace -o jsonpath='{ .items[*].metadata.name }')
+```
+9. Execute the `check-redis` script on the Pod.
+```bash
+kubectl exec ${POD_NAME} -n $namespace /check-redis.sh
+```
+
+The information and statistics about the Redis server appear.
+
+
+### Documentation
+
+- [Design of the Service Catalog](https://svc-cat.io/docs/design/)
+- [Service Catalog Developer Guide](https://svc-cat.io/docs/devguide/)
+- [Service Catalog Code & Documentation Standards](https://svc-cat.io/docs/code-standards/)
+
+
+### Old way of running controller locally
+
+#### Prerequisites
+
+Kyma installed on your cluster but without the ServiceCatalog.
+
+#### Steps
+
+1. Install ServiceCatalog chart
+```bash
+helm install --name catalog --namespace kyma-system  charts/catalog/ --wait
+```
+
+2. Register Helm Broker
+```bash
+kubectl apply -f ./assets/helm-broker.yaml
+```
+
+3. Export the name of the HelmBroker Pod.
+```bash
+export HB_POD_NAME=$(kubectl get po -l app=helm-broker -n kyma-system -o jsonpath='{ .items[*].metadata.name }')
+```
+
+4. Expose helm-broker service
+```bash
+kubectl port-forward -n kyma-system pod/${HB_POD_NAME} 8081:8080
+```
+
+5. Scale down controller manager 
+
+```bash
+kubectl -n kyma-system scale deploy --replicas=0 catalog-catalog-controller-manager
+```
+
+6. Run the Service Catalog controller-manager
+```bash
+./bin/run-controller.sh
+```

contrib/hack/crd/assets/helm-broker.yaml

@@ -0,0 +1,7 @@
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ClusterServiceBroker
+metadata:
+  name: helm-broker
+spec:
+  relistRequests: 1
+  url: http://localhost:8081/

contrib/hack/crd/assets/scenario/redis-client.yaml

@@ -0,0 +1,17 @@
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: redis-client
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: redis-client
+    spec:
+      containers:
+        - name: redis-client
+          image: "appregistry/redis:3.2.9-r2"
+          env:
+          - name: ALLOW_EMPTY_PASSWORD
+            value: "yes"

contrib/hack/crd/assets/scenario/redis-instance-binding-manual.yaml

@@ -0,0 +1,11 @@
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ServiceBinding
+metadata:
+  name: redis-instance-credential
+  finalizers:
+    - kubernetes-incubator/service-catalog
+spec:
+  externalID: fa1f93db-50e9-49ec-aa34-bdbafa2f1c46
+  secretName: redis-instance-credential 
+  instanceRef:
+    name: redis

contrib/hack/crd/assets/scenario/redis-instance-binding.yaml

@@ -0,0 +1,7 @@
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ServiceBinding
+metadata:
+  name: redis-instance-credential
+spec:
+  instanceRef:
+    name: redis

contrib/hack/crd/assets/scenario/redis-instance-manual.yaml

@@ -0,0 +1,10 @@
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ServiceInstance
+metadata:
+  name: redis
+  finalizers:
+    - kubernetes-incubator/service-catalog
+spec:
+  clusterServiceClassExternalName: redis
+  clusterServicePlanExternalName: micro
+  externalID: 98442e82-b509-48c3-89a4-9011896debf6

contrib/hack/crd/assets/scenario/redis-instance.yaml

@@ -0,0 +1,7 @@
+apiVersion: servicecatalog.k8s.io/v1beta1
+kind: ServiceInstance
+metadata:
+  name: redis
+spec:
+  clusterServiceClassExternalName: redis
+  clusterServicePlanExternalName: micro

contrib/hack/crd/assets/scenario/service-binding-usage.yaml

@@ -0,0 +1,11 @@
+apiVersion: servicecatalog.kyma-project.io/v1alpha1
+kind: ServiceBindingUsage
+metadata:
+ name: deploy-redis-client
+spec:
+ serviceBindingRef:
+   name: redis-instance-credential
+ usedBy:
+   kind: deployment
+   name: redis-client
+