Skip to content

Commit 1444332

Browse files
committed
KUBE-997: add policy per feature
1 parent c286003 commit 1444332

6 files changed

Lines changed: 172 additions & 5 deletions

castai/data_source_gke.go

Lines changed: 58 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,37 @@ import (
1010
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
1111
)
1212

13+
const (
14+
// GKEPoliciesResourceName is the name of the resource
15+
GKEPoliciesResourceName = "policy"
16+
// GKELoadBalancersNetworkEndpointGroupPoliciesResourceName is the name of the resource
17+
GKELoadBalancersNetworkEndpointGroupPoliciesResourceName = "castai_gke_load_balancers_network_endpoint_group_policies"
18+
// GKELoadBalancersTargetBackendPoolsPoliciesResourceName is the name of the resource
19+
GKELoadBalancersTargetBackendPoolsPoliciesResourceName = "castai_gke_load_balancers_target_backend_pools_policies"
20+
// GKELoadBalancersUnmanagedInstanceGroupsPoliciesResourceName is the name of the resource
21+
GKELoadBalancersUnmanagedInstanceGroupsPoliciesResourceName = "castai_gke_load_balancers_unmanaged_instance_groups_policies"
22+
)
23+
1324
func dataSourceGKEPolicies() *schema.Resource {
1425
return &schema.Resource{
1526
ReadContext: dataSourceGKEPoliciesRead,
1627
Schema: map[string]*schema.Schema{
17-
"policy": {
28+
GKEPoliciesResourceName: {
29+
Type: schema.TypeList,
30+
Computed: true,
31+
Elem: &schema.Schema{Type: schema.TypeString},
32+
},
33+
GKELoadBalancersNetworkEndpointGroupPoliciesResourceName: {
34+
Type: schema.TypeList,
35+
Computed: true,
36+
Elem: &schema.Schema{Type: schema.TypeString},
37+
},
38+
GKELoadBalancersTargetBackendPoolsPoliciesResourceName: {
39+
Type: schema.TypeList,
40+
Computed: true,
41+
Elem: &schema.Schema{Type: schema.TypeString},
42+
},
43+
GKELoadBalancersUnmanagedInstanceGroupsPoliciesResourceName: {
1844
Type: schema.TypeList,
1945
Computed: true,
2046
Elem: &schema.Schema{Type: schema.TypeString},
@@ -26,7 +52,37 @@ func dataSourceGKEPolicies() *schema.Resource {
2652
func dataSourceGKEPoliciesRead(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
2753
policies, _ := gke.GetUserPolicy()
2854
data.SetId("gke")
29-
if err := data.Set("policy", policies); err != nil {
55+
if err := data.Set(GKEPoliciesResourceName, policies); err != nil {
56+
return diag.FromErr(fmt.Errorf("setting gke policy: %w", err))
57+
}
58+
59+
return nil
60+
}
61+
62+
func dataSourceGKELoadBalancersNetworkEndpointGroupPoliciesRead(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
63+
policies, _ := gke.GetLoadBalancersNetworkEndpointGroupPolicy()
64+
data.SetId("gke")
65+
if err := data.Set(GKELoadBalancersNetworkEndpointGroupPoliciesResourceName, policies); err != nil {
66+
return diag.FromErr(fmt.Errorf("setting gke policy: %w", err))
67+
}
68+
69+
return nil
70+
}
71+
72+
func dataSourceGKELoadBalancersTargetBackendPoolsPoliciesRead(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
73+
policies, _ := gke.GetLoadBalancersTargetBackendPoolsPolicy()
74+
data.SetId("gke")
75+
if err := data.Set(GKELoadBalancersTargetBackendPoolsPoliciesResourceName, policies); err != nil {
76+
return diag.FromErr(fmt.Errorf("setting gke policy: %w", err))
77+
}
78+
79+
return nil
80+
}
81+
82+
func dataSourceGKELoadBalancersUnmanagedInstanceGroupsPoliciesRead(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
83+
policies, _ := gke.GetLoadBalancersUnmanagedInstanceGroupsPolicy()
84+
data.SetId("gke")
85+
if err := data.Set(GKELoadBalancersUnmanagedInstanceGroupsPoliciesResourceName, policies); err != nil {
3086
return diag.FromErr(fmt.Errorf("setting gke policy: %w", err))
3187
}
3288

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
{
2+
"Policies": [
3+
"compute.networkEndpointGroups.get",
4+
"compute.networkEndpointGroups.list",
5+
"compute.networkEndpointGroups.attachNetworkEndpoints",
6+
"compute.networkEndpointGroups.detachNetworkEndpoints"
7+
]
8+
}
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
{
2+
"Policies": [
3+
"compute.targetPools.get",
4+
"compute.targetPools.addInstance",
5+
"compute.targetPools.removeInstance",
6+
"compute.instances.use"
7+
]
8+
}
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
{
2+
"Policies": [
3+
"compute.instanceGroups.update",
4+
"compute.instances.use"
5+
]
6+
}

castai/policies/gke/policy.go

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,15 @@ import (
88
var (
99
//go:embed iam-policy.json
1010
Policy []byte
11+
12+
//go:embed loadBalancers-networkEndpointGroup.json
13+
LoadBalancersNetworkEndpointGroup []byte
14+
15+
//go:embed loadBalancers-targetBackendPools.json
16+
LoadBalancersTargetBackendPools []byte
17+
18+
//go:embed loadBalancers-unmanagedInstanceGroups.json
19+
LoadBalancersUnmanagedInstanceGroups []byte
1120
)
1221

1322
type pols struct {
@@ -23,3 +32,33 @@ func GetUserPolicy() ([]string, error) {
2332

2433
return p.Policies, nil
2534
}
35+
36+
func GetLoadBalancersNetworkEndpointGroupPolicy() ([]string, error) {
37+
var p pols
38+
err := json.Unmarshal(LoadBalancersNetworkEndpointGroup, &p)
39+
if err != nil {
40+
return nil, err
41+
}
42+
43+
return p.Policies, nil
44+
}
45+
46+
func GetLoadBalancersTargetBackendPoolsPolicy() ([]string, error) {
47+
var p pols
48+
err := json.Unmarshal(LoadBalancersTargetBackendPools, &p)
49+
if err != nil {
50+
return nil, err
51+
}
52+
53+
return p.Policies, nil
54+
}
55+
56+
func GetLoadBalancersUnmanagedInstanceGroupsPolicy() ([]string, error) {
57+
var p pols
58+
err := json.Unmarshal(LoadBalancersUnmanagedInstanceGroups, &p)
59+
if err != nil {
60+
return nil, err
61+
}
62+
63+
return p.Policies, nil
64+
}

castai/policies/gke/policy_test.go

Lines changed: 53 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package gke
22

33
import (
4+
"github.com/stretchr/testify/require"
45
"testing"
56
)
67

@@ -14,12 +15,61 @@ func TestPolicies(t *testing.T) {
1415
t.Fatalf("couldn't generate user policy")
1516
}
1617

17-
clustersGet := "container.clusters.get"
18-
zonesGet := "serviceusage.services.list"
18+
wantClustersGet := "container.clusters.get"
19+
wantZonesGet := "serviceusage.services.list"
1920

20-
if !contains(userpolicy, clustersGet) || !contains(userpolicy, zonesGet) {
21+
if !contains(userpolicy, wantClustersGet) || !contains(userpolicy, wantZonesGet) {
2122
t.Fatalf("generated User policy document does not contain required policies")
2223
}
24+
require.Equal(t, 37, len(userpolicy))
25+
})
26+
t.Run("LoadBalancersNetworkEndpointGroup policy", func(t *testing.T) {
27+
lbNegPolicy, err := GetLoadBalancersNetworkEndpointGroupPolicy()
28+
if err != nil {
29+
t.Error(err)
30+
}
31+
if lbNegPolicy == nil {
32+
t.Fatalf("couldn't generate LoadBalancersNetworkEndpointGroup policy")
33+
}
34+
35+
want := "compute.networkEndpointGroups.get"
36+
37+
if !contains(lbNegPolicy, want) {
38+
t.Fatalf("generated LoadBalancersNetworkEndpointGroup policy document does not contain required policies")
39+
}
40+
require.Equal(t, 4, len(lbNegPolicy))
41+
})
42+
t.Run("LoadBalancersTargetBackendPools policy", func(t *testing.T) {
43+
lbTbpPolicy, err := GetLoadBalancersTargetBackendPoolsPolicy()
44+
if err != nil {
45+
t.Error(err)
46+
}
47+
if lbTbpPolicy == nil {
48+
t.Fatalf("couldn't generate LoadBalancersTargetBackendPools policy")
49+
}
50+
51+
want := "compute.targetPools.get"
52+
53+
if !contains(lbTbpPolicy, want) {
54+
t.Fatalf("generated LoadBalancersTargetBackendPools policy document does not contain required policies")
55+
}
56+
require.Equal(t, 4, len(lbTbpPolicy))
57+
})
58+
t.Run("LoadBalancersUnmanagedInstanceGroups policy", func(t *testing.T) {
59+
lbUigPolicy, err := GetLoadBalancersUnmanagedInstanceGroupsPolicy()
60+
if err != nil {
61+
t.Error(err)
62+
}
63+
if lbUigPolicy == nil {
64+
t.Fatalf("couldn't generate LoadBalancersUnmanagedInstanceGroups policy")
65+
}
66+
67+
want := "compute.instanceGroups.update"
68+
69+
if !contains(lbUigPolicy, want) {
70+
t.Fatalf("generated LoadBalancersUnmanagedInstanceGroups policy document does not contain required policies")
71+
}
72+
require.Equal(t, 2, len(lbUigPolicy))
2373
})
2474
}
2575

0 commit comments

Comments
 (0)