Feature to exclude an identity via command line parameter #260 (#261)

admiral/cmd/admiral/cmd/root.go

@@ -4,17 +4,17 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"github.com/istio-ecosystem/admiral/admiral/pkg/apis/admiral/routes"
-	"github.com/istio-ecosystem/admiral/admiral/pkg/apis/admiral/server"
-	"github.com/istio-ecosystem/admiral/admiral/pkg/clusters"
-	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/common"
-	log "github.com/sirupsen/logrus"
 	"os"
 	"os/signal"
 	"sync"
 	"syscall"
 	"time"
 
+	"github.com/istio-ecosystem/admiral/admiral/pkg/apis/admiral/routes"
+	"github.com/istio-ecosystem/admiral/admiral/pkg/apis/admiral/server"
+	"github.com/istio-ecosystem/admiral/admiral/pkg/clusters"
+	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/common"
+	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
 
@@ -142,6 +142,8 @@ func GetRootCmd(args []string) *cobra.Command {
 		"The value of envoy filter is to add additional config to the filter config section")
 	rootCmd.PersistentFlags().BoolVar(&params.EnableRoutingPolicy, "enable_routing_policy", false,
 		"If Routing Policy feature needs to be enabled")
+	rootCmd.PersistentFlags().StringArrayVar(&params.ExcludedIdentityList, "excluded_identity_list", []string{},
+		"List of identities which should be excluded from getting processed")
 	return rootCmd
 }
 

admiral/pkg/clusters/handler.go

@@ -8,16 +8,15 @@ import (
 	"strings"
 	"time"
 
+	argo "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
+	"github.com/golang/protobuf/ptypes/duration"
+	"github.com/golang/protobuf/ptypes/wrappers"
+	"github.com/google/go-cmp/cmp"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/apis/admiral/model"
 	v1 "github.com/istio-ecosystem/admiral/admiral/pkg/apis/admiral/v1"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/admiral"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/common"
 	"github.com/istio-ecosystem/admiral/admiral/pkg/controller/util"
-
-	argo "github.com/argoproj/argo-rollouts/pkg/apis/rollouts/v1alpha1"
-	"github.com/golang/protobuf/ptypes/duration"
-	"github.com/golang/protobuf/ptypes/wrappers"
-	"github.com/google/go-cmp/cmp"
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/protobuf/testing/protocmp"
 	v1alpha32 "istio.io/api/networking/v1alpha3"

admiral/pkg/clusters/registry_test.go

@@ -3,6 +3,7 @@ package clusters
 import (
 	"context"
 	"strings"
+	"sync"
 	"testing"
 	"time"
 
@@ -23,10 +24,17 @@ import (
 	"k8s.io/client-go/tools/clientcmd"
 )
 
-func init() {
-	p := common.AdmiralParams{
+var registryTestSingleton sync.Once
+
+func admiralParamsForRegistryTests() common.AdmiralParams {
+	return common.AdmiralParams{
+		LabelSet: &common.LabelSet{
+			WorkloadIdentityKey:          "identity",
+			GlobalTrafficDeploymentLabel: "identity",
+			PriorityKey:                  "priority",
+			EnvKey:                       "admiral.io/env",
+		},
 		KubeconfigPath:             "testdata/fake.config",
-		LabelSet:                   &common.LabelSet{},
 		EnableSAN:                  true,
 		SANPrefix:                  "prefix",
 		HostnameSuffix:             "mesh",
@@ -40,34 +48,30 @@ func init() {
 		EnableRoutingPolicy:        true,
 		EnvoyFilterVersion:         "1.13",
 	}
+}
 
-	p.LabelSet.WorkloadIdentityKey = "identity"
-	p.LabelSet.GlobalTrafficDeploymentLabel = "identity"
-	p.LabelSet.PriorityKey = "priority"
-	p.LabelSet.EnvKey = "admiral.io/env"
-
-	common.InitializeConfig(p)
+func setupForRegistryTests() {
+	registryTestSingleton.Do(func() {
+		common.ResetSync()
+		common.InitializeConfig(admiralParamsForRegistryTests())
+	})
 }
 
 func TestDeleteCacheControllerThatDoesntExist(t *testing.T) {
-
+	setupForRegistryTests()
 	w := NewRemoteRegistry(nil, common.AdmiralParams{})
-
 	err := w.deleteCacheController("I don't exit")
-
 	if err != nil {
 		t.Fail()
 	}
 }
 
 func TestDeleteCacheController(t *testing.T) {
-
+	setupForRegistryTests()
 	w := NewRemoteRegistry(nil, common.AdmiralParams{})
-
 	r := rest.Config{
 		Host: "test.com",
 	}
-
 	cluster := "test.cluster"
 	w.createCacheController(&r, cluster, time.Second*time.Duration(300))
 	rc := w.GetRemoteController(cluster)
@@ -89,7 +93,7 @@ func TestDeleteCacheController(t *testing.T) {
 }
 
 func TestCopyServiceEntry(t *testing.T) {
-
+	setupForRegistryTests()
 	se := networking.ServiceEntry{
 		Hosts: []string{"test.com"},
 	}
@@ -102,7 +106,7 @@ func TestCopyServiceEntry(t *testing.T) {
 }
 
 func TestCopyEndpoint(t *testing.T) {
-
+	setupForRegistryTests()
 	se := networking.WorkloadEntry{
 		Address: "127.0.0.1",
 	}
@@ -116,6 +120,7 @@ func TestCopyEndpoint(t *testing.T) {
 }
 
 func TestCopySidecar(t *testing.T) {
+	setupForRegistryTests()
 	spec := networking.Sidecar{
 		WorkloadSelector: &networking.WorkloadSelector{
 			Labels: map[string]string{"TestLabel": "TestValue"},
@@ -202,9 +207,8 @@ func createMockRemoteController(f func(interface{})) (*RemoteController, error)
 }
 
 func TestCreateSecretController(t *testing.T) {
-
+	setupForRegistryTests()
 	err := createSecretController(context.Background(), NewRemoteRegistry(nil, common.AdmiralParams{}))
-
 	if err != nil {
 		t.Fail()
 	}
@@ -221,14 +225,12 @@ func TestCreateSecretController(t *testing.T) {
 }
 
 func TestInitAdmiral(t *testing.T) {
-
+	setupForRegistryTests()
 	p := common.AdmiralParams{
 		KubeconfigPath: "testdata/fake.config",
 		LabelSet:       &common.LabelSet{},
 	}
-
 	p.LabelSet.WorkloadIdentityKey = "overridden-key"
-
 	rr, err := InitAdmiral(context.Background(), p)
 
 	if err != nil {
@@ -244,6 +246,7 @@ func TestInitAdmiral(t *testing.T) {
 }
 
 func TestAdded(t *testing.T) {
+	setupForRegistryTests()
 	ctx := context.Background()
 	p := common.AdmiralParams{
 		KubeconfigPath: "testdata/fake.config",
@@ -279,6 +282,7 @@ func TestAdded(t *testing.T) {
 }
 
 func TestGetServiceForDeployment(t *testing.T) {
+	setupForRegistryTests()
 	baseRc, _ := createMockRemoteController(func(i interface{}) {
 		//res := i.(istio.Config)
 		//se, ok := res.Spec.(*v1alpha3.ServiceEntry)
@@ -364,6 +368,7 @@ func TestGetServiceForDeployment(t *testing.T) {
 }
 
 func TestUpdateCacheController(t *testing.T) {
+	setupForRegistryTests()
 	p := common.AdmiralParams{
 		KubeconfigPath: "testdata/fake.config",
 	}

admiral/pkg/clusters/serviceentry.go

@@ -99,7 +99,15 @@ func modifyServiceEntryForNewServiceOrPod(
 		if rc.RolloutController != nil {
 			rollout = rc.RolloutController.Cache.Get(sourceIdentity, env)
 		}
+		if deployment == nil && rollout == nil {
+			log.Infof("Neither deployment nor rollouts found for identity=%s in env=%s namespace=%s", sourceIdentity, env, namespace)
+			continue
+		}
 		if deployment != nil {
+			if len(remoteRegistry.ExcludedIdentityMap) > 0 && remoteRegistry.ExcludedIdentityMap[common.GetDeploymentGlobalIdentifier(deployment)] {
+				log.Infof(LogFormat, event, env, sourceIdentity, clusterId, "Processing skipped as identity is in the exclude list")
+				return nil
+			}
 			remoteRegistry.AdmiralCache.IdentityClusterCache.Put(sourceIdentity, rc.ClusterID, rc.ClusterID)
 			serviceInstance = getServiceForDeployment(rc, deployment)
 			if serviceInstance == nil {
@@ -112,6 +120,10 @@ func modifyServiceEntryForNewServiceOrPod(
 			sourceDeployments[rc.ClusterID] = deployment
 			createServiceEntryForDeployment(ctx, event, rc, remoteRegistry.AdmiralCache, localMeshPorts, deployment, serviceEntries)
 		} else if rollout != nil {
+			if len(remoteRegistry.ExcludedIdentityMap) > 0 && remoteRegistry.ExcludedIdentityMap[common.GetRolloutGlobalIdentifier(rollout)] {
+				log.Infof(LogFormat, event, env, sourceIdentity, clusterId, "Processing skipped as identity is in the exclude list")
+				return nil
+			}
 			remoteRegistry.AdmiralCache.IdentityClusterCache.Put(sourceIdentity, rc.ClusterID, rc.ClusterID)
 			weightedServices = getServiceForRollout(ctx, rc, rollout)
 			if len(weightedServices) == 0 {
@@ -367,8 +379,10 @@ func modifySidecarForLocalClusterCommunication(ctx context.Context, sidecarNames
 		return
 	}
 
-	sidecar, _ := sidecarConfig.IstioClient.NetworkingV1alpha3().Sidecars(sidecarNamespace).Get(ctx, common.GetWorkloadSidecarName(), v12.GetOptions{})
-
+	sidecar, err := sidecarConfig.IstioClient.NetworkingV1alpha3().Sidecars(sidecarNamespace).Get(ctx, common.GetWorkloadSidecarName(), v12.GetOptions{})
+	if err != nil {
+		return
+	}
 	if sidecar == nil || (sidecar.Spec.Egress == nil) {
 		return
 	}