Merge pull request GoogleCloudPlatform#2664 from maqiuyujoyce/202409-…

…supportedgvks

Add GVKs supported by direct controllers to supportedgvks.All()

Makefile

@@ -70,7 +70,6 @@ manifests: generate
 	rm -rf config/crds/resources
 	rm -rf config/crds/tmp_resources
 	go build -o bin/generate-crds ./scripts/generate-crds && ./bin/generate-crds -output-dir=config/crds/tmp_resources
-	go run ./scripts/generate-cnrm-cluster-roles/main.go
 	# add kustomize patches on all CRDs
 	mkdir config/crds/resources
 	cp config/crds/kustomization.yaml kustomization.yaml
@@ -82,6 +81,10 @@ manifests: generate
 	# for direct controllers
 	dev/tasks/generate-crds
 
+	# Generating cnrm cluster roles is dependent on the existence of directory
+	# config/crds/resources with all the freshly generated CRDs.
+	go run ./scripts/generate-cnrm-cluster-roles/main.go
+
 # Format code
 .PHONY: fmt
 fmt:

config/installbundle/components/clusterroles/cnrm_admin.yaml

@@ -1159,3 +1159,15 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - workstations.cnrm.cloud.google.com
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete

config/installbundle/components/clusterroles/cnrm_viewer.yaml

@@ -774,3 +774,11 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - workstations.cnrm.cloud.google.com
+  resources:
+  - '*'
+  verbs:
+  - get
+  - list
+  - watch

pkg/apis/core/v1alpha1/servicemapping_types.go

@@ -54,7 +54,7 @@ type ResourceConfig struct {
 	// If unset, the default API version of the service mapping will be used.
 	Version *string `json:"version"`
 
-	// Direct tells if the ResourceConfig is for ConfigConnector directly managed resources.
+	// Direct tells if the ResourceConfig is for ConfigConnector directly managed resources.
 	// Directly managed resource does not use Terraform or DCL controller, and do not rely on any TF specified fields like `SkipImport`
 	// A direct ResourceConfig is used to generate the reference doc.
 	Direct bool `json:"direct"`

pkg/controller/direct/registry/registry.go

@@ -79,6 +79,7 @@ func AdapterForURL(ctx context.Context, url string) (directbase.Adapter, error)
 	}
 	return nil, nil
 }
+
 func Init(ctx context.Context, config *config.ControllerConfig) error {
 	for _, registration := range singleton.registrations {
 		model, err := registration.factory(ctx, config)

pkg/controller/mocktests/harness.go

@@ -133,7 +133,10 @@ func (h *Harness) WithObjects(initObjs ...*unstructured.Unstructured) {
 	if err != nil {
 		h.Fatalf("error getting new service mapping loader: %v", err)
 	}
-	supportedGVKs := supportedgvks.All(smLoader, dclmetadata.New())
+	supportedGVKs, err := supportedgvks.All(smLoader, dclmetadata.New())
+	if err != nil {
+		h.Fatalf("error loading all supported GVKs: %v", err)
+	}
 	for _, gvk := range supportedGVKs {
 		var resource string
 		switch gvk.Kind {

pkg/crd/crdgeneration/dcl2crdgeneration_test.go

@@ -1234,7 +1234,10 @@ func TestDCLSchemaToJSONSchema(t *testing.T) {
 	smLoader := servicemappingloader.NewFromServiceMappings(test.FakeServiceMappingsWithHierarchicalResources())
 	serviceMetadataLoader := dclmetadata.NewFromServiceList(testservicemetadataloader.FakeServiceMetadataWithHierarchicalResources())
 	dclSchemaLoader := testdclschemaloader.New(dclSchemaMap())
-	allSupportedGVKs := supportedgvks.All(smLoader, serviceMetadataLoader)
+	allSupportedGVKs, err := supportedgvks.All(smLoader, serviceMetadataLoader)
+	if err != nil {
+		t.Fatalf("error loading all supported GVKs: %v", err)
+	}
 	a := New(serviceMetadataLoader, dclSchemaLoader, allSupportedGVKs)
 	for _, tc := range tests {
 		tc := tc

pkg/gvks/gvks.go

@@ -14,6 +14,8 @@
 package gvks
 
 import (
+	"fmt"
+
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/metadata"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/gvks/externalonlygvks"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/gvks/supportedgvks"
@@ -23,18 +25,25 @@ import (
 
 // All returns GroupVersionKinds corresponding to GCP resources known to KCC,
 // including those unsupported by KCC but commonly referenced by KCC resources.
-func All(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader) []schema.GroupVersionKind {
-	gvks := supportedgvks.All(smLoader, serviceMetaLoader)
+func All(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader) ([]schema.GroupVersionKind, error) {
+	gvks, err := supportedgvks.All(smLoader, serviceMetaLoader)
+	if err != nil {
+		return gvks, fmt.Errorf("error loading all supported GVKs: %w", err)
+	}
 	gvks = append(gvks, externalonlygvks.All()...)
-	return gvks
+	return gvks, nil
 }
 
 func GVKForKind(kind string, smLoader *servicemappingloader.ServiceMappingLoader,
-	serviceMetaLoader metadata.ServiceMetadataLoader) (gvk schema.GroupVersionKind, found bool) {
-	for _, v := range All(smLoader, serviceMetaLoader) {
+	serviceMetaLoader metadata.ServiceMetadataLoader) (gvk schema.GroupVersionKind, found bool, err error) {
+	allGVKs, err := All(smLoader, serviceMetaLoader)
+	if err != nil {
+		return schema.GroupVersionKind{}, false, fmt.Errorf("error loading all supported GVKs: %w", err)
+	}
+	for _, v := range allGVKs {
 		if v.Kind == kind {
-			return v, true
+			return v, true, nil
 		}
 	}
-	return schema.GroupVersionKind{}, false
+	return schema.GroupVersionKind{}, false, nil
 }

pkg/gvks/supportedgvks/supportedgvks.go

@@ -15,7 +15,10 @@
 package supportedgvks
 
 import (
+	"fmt"
+
 	iamapi "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/iam/v1beta1"
+	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/crd/crdloader"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/metadata"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/krmtotf"
@@ -26,14 +29,36 @@ import (
 
 // All returns GroupVersionKinds corresponding to all the GCP resources
 // supported by KCC.
-func All(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader) []schema.GroupVersionKind {
+func All(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader) ([]schema.GroupVersionKind, error) {
+	return resourcesWithDirect(smLoader, serviceMetaLoader, true)
+}
+
+func AllWithoutDirect(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader) []schema.GroupVersionKind {
 	return resources(smLoader, serviceMetaLoader, true)
 }
 
 // ManualResources returns GroupVersionKinds for all the manually configured KCC
 // resources.
-func ManualResources(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader) []schema.GroupVersionKind {
-	return resources(smLoader, serviceMetaLoader, false)
+func ManualResources(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader) ([]schema.GroupVersionKind, error) {
+	return resourcesWithDirect(smLoader, serviceMetaLoader, false)
+}
+
+func resourcesWithDirect(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader, includesAutoGen bool) ([]schema.GroupVersionKind, error) {
+	gvks := resources(smLoader, serviceMetaLoader, includesAutoGen)
+
+	directGVKs, err := DirectResources()
+	if err != nil {
+		return nil, fmt.Errorf("error getting direct resource GVKs: %w", err)
+	}
+	for _, gvk := range gvks {
+		if _, ok := directGVKs[gvk]; ok {
+			delete(directGVKs, gvk)
+		}
+	}
+	for gvk, _ := range directGVKs {
+		gvks = append(gvks, gvk)
+	}
+	return gvks, nil
 }
 
 func resources(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaLoader metadata.ServiceMetadataLoader, includesAutoGen bool) []schema.GroupVersionKind {
@@ -42,6 +67,43 @@ func resources(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetaL
 	return gvks
 }
 
+func DirectResources() (map[schema.GroupVersionKind]bool, error) {
+	crds, err := crdloader.LoadCRDs()
+	if err != nil {
+		return nil, fmt.Errorf("error loading crds: %w", err)
+	}
+	handWrittenIAMTypes := make(map[schema.GroupVersionKind]bool)
+	directResources := make(map[schema.GroupVersionKind]bool)
+	for _, gvk := range BasedOnHandwrittenIAMTypes() {
+		handWrittenIAMTypes[gvk] = true
+	}
+	for _, crd := range crds {
+		if crd.ObjectMeta.Labels["cnrm.cloud.google.com/tf2crd"] == "true" {
+			continue
+		}
+		if crd.ObjectMeta.Labels["cnrm.cloud.google.com/dcl2crd"] == "true" {
+			continue
+		}
+		versions := crd.Spec.Versions
+		highestVersion := k8s.KCCAPIVersionV1Alpha1
+		for _, version := range versions {
+			if version.Name == k8s.KCCAPIVersionV1Beta1 {
+				highestVersion = k8s.KCCAPIVersionV1Beta1
+			}
+		}
+		gvk := schema.GroupVersionKind{
+			Group:   crd.Spec.Group,
+			Kind:    crd.Spec.Names.Kind,
+			Version: highestVersion,
+		}
+		if _, ok := handWrittenIAMTypes[gvk]; ok {
+			continue
+		}
+		directResources[gvk] = true
+	}
+	return directResources, nil
+}
+
 // AllDynamicTypes returns GroupVersionKinds generated from:
 // 1) Terraform schemas (with ServiceMappings metadata layer)
 // 2) DCL OpenAPI schemas

pkg/gvks/supportedgvks/supportedgvks_test.go

@@ -26,7 +26,10 @@ import (
 )
 
 func TestAllIncludesIAMResource(t *testing.T) {
-	allResources := supportedgvks.All(testservicemappingloader.New(t), dclmetadata.New())
+	allResources, err := supportedgvks.All(testservicemappingloader.New(t), dclmetadata.New())
+	if err != nil {
+		t.Fatalf("error loading all supported GVKs: %v", err)
+	}
 	iamResources := []schema.GroupVersionKind{
 		v1beta1.IAMAuditConfigGVK,
 		v1beta1.IAMPolicyGVK,

pkg/test/controller/reconciler/testreconciler.go

@@ -92,7 +92,7 @@ func NewTestReconciler(t *testing.T, mgr manager.Manager, provider *tfschema.Pro
 	smLoader := testservicemappingloader.New(t)
 	dclSchemaLoader, err := dclschemaloader.New()
 	if err != nil {
-		log.Fatalf("error creating a DCL schema loader: %v", err)
+		t.Fatalf("error creating a DCL schema loader: %v", err)
 	}
 	serviceMetaLoader := metadata.New()
 	dclConverter := conversion.New(dclSchemaLoader, serviceMetaLoader)
@@ -101,7 +101,7 @@ func NewTestReconciler(t *testing.T, mgr manager.Manager, provider *tfschema.Pro
 	if err := registry.Init(context.TODO(), &config.ControllerConfig{
 		HTTPClient: httpClient,
 	}); err != nil {
-		log.Fatalf("error intializing direct registry: %v", err)
+		t.Fatalf("error intializing direct registry: %v", err)
 	}
 
 	return &TestReconciler{

pkg/webhook/iam_defaulter.go

@@ -113,7 +113,10 @@ func defaultAPIVersionForIAMResourceRef(obj *unstructured.Unstructured,
 func apiVersionForKind(kind string,
 	smLoader *servicemappingloader.ServiceMappingLoader,
 	serviceMetadataLoader metadata.ServiceMetadataLoader) (string, error) {
-	gvk, ok := gvks.GVKForKind(kind, smLoader, serviceMetadataLoader)
+	gvk, ok, err := gvks.GVKForKind(kind, smLoader, serviceMetadataLoader)
+	if err != nil {
+		return "", fmt.Errorf("error finding a GroupVersionKind for kind '%v': %w", kind, err)
+	}
 	if !ok {
 		return "", fmt.Errorf("couldn't find a GroupVersionKind for kind '%v'", kind)
 	}

pkg/webhook/register.go

@@ -78,7 +78,10 @@ func GetCommonWebhookConfigs() ([]Config, error) {
 		return nil, fmt.Errorf("error getting new dcl schema loader: %w", err)
 	}
 	serviceMetadataLoader := metadata.New()
-	allGVKs := supportedgvks.All(smLoader, serviceMetadataLoader)
+	allGVKs, err := supportedgvks.All(smLoader, serviceMetadataLoader)
+	if err != nil {
+		return nil, fmt.Errorf("error loading all supported GVKs: %w", err)
+	}
 	allResourcesRules := getRulesFromResources(allGVKs)
 	dynamicResourcesRules := getRulesFromResources(supportedgvks.AllDynamicTypes(smLoader, serviceMetadataLoader))
 	handwrittenIamResourcesRules := getRulesFromResources(supportedgvks.BasedOnHandwrittenIAMTypes())

scripts/generate-cnrm-cluster-roles/main.go

@@ -48,8 +48,10 @@ func main() {
 		log.Fatalf("error getting new service mapping loader: %v", err)
 	}
 	serviceMetadataLoader := dclmetadata.New()
-	gvks := supportedgvks.All(smLoader, serviceMetadataLoader)
-
+	gvks, err := supportedgvks.All(smLoader, serviceMetadataLoader)
+	if err != nil {
+		log.Fatalf("error loading all supported GVKs: %v", err)
+	}
 	apis := make(map[string]bool)
 	for _, gvk := range gvks {
 		apis[gvk.Group] = true

scripts/generate-crds/main.go

@@ -163,7 +163,7 @@ func generateDCLBasedCRDs() []*apiextensions.CustomResourceDefinition {
 	if err != nil {
 		log.Fatalf("could not create service mapping loader: %v", err)
 	}
-	generator := crdgeneration.New(serviceMetadataLoader, schemaLoader, supportedgvks.All(smLoader, serviceMetadataLoader))
+	generator := crdgeneration.New(serviceMetadataLoader, schemaLoader, supportedgvks.AllWithoutDirect(smLoader, serviceMetadataLoader))
 	gvks := supportedgvks.BasedOnDCL(serviceMetadataLoader)
 	for _, gvk := range gvks {
 		s, err := dclschemaloader.GetDCLSchemaForGVK(gvk, serviceMetadataLoader, schemaLoader)