openservicemesh · nojnhuh · Jun 28, 2022 · Jun 23, 2022 · Jun 23, 2022 · Jun 27, 2022
@@ -198,7 +198,7 @@ func main() {
 
 	informerCollection, err := informers.NewInformerCollection(meshName, stop,
 		informers.WithKubeClient(kubeClient),
-		informers.WithConfigClient(configClient),
+		informers.WithConfigClient(configClient, osmMeshConfigName, osmNamespace),
 	)
 
 	if err != nil {

@@ -187,7 +187,7 @@ func main() {
 	informerCollection, err := informers.NewInformerCollection(meshName, stop,
 		informers.WithKubeClient(kubeClient),
 		informers.WithSMIClients(smiTrafficSplitClientSet, smiTrafficSpecClientSet, smiTrafficTargetClientSet),
-		informers.WithConfigClient(configClient),
+		informers.WithConfigClient(configClient, osmMeshConfigName, osmNamespace),
 		informers.WithPolicyClient(policyClient),
 	)
 	if err != nil {

@@ -183,7 +183,7 @@ func main() {
 	informerCollection, err := informers.NewInformerCollection(meshName, stop,
 		informers.WithKubeClient(kubeClient),
 		informers.WithSMIClients(smiTrafficSplitClientSet, smiTrafficSpecClientSet, smiTrafficTargetClientSet),
-		informers.WithConfigClient(configClient),
+		informers.WithConfigClient(configClient, osmMeshConfigName, osmNamespace),
 		informers.WithPolicyClient(policyClient),
 	)
 

@@ -48,7 +48,7 @@ func NewFakeMeshCatalog(kubeClient kubernetes.Interface, meshConfigClient config
 
 	osmNamespace := "-test-osm-namespace-"
 	osmMeshConfigName := "-test-osm-mesh-config-"
-	ic, err := informers.NewInformerCollection("osm", stop, informers.WithKubeClient(kubeClient), informers.WithConfigClient(meshConfigClient))
+	ic, err := informers.NewInformerCollection("osm", stop, informers.WithKubeClient(kubeClient), informers.WithConfigClient(meshConfigClient, osmMeshConfigName, osmNamespace))
 	if err != nil {
 		return nil
 	}

diff --git a/pkg/certificate/fake_manager.go b/pkg/certificate/fake_manager.go
@@ -100,6 +100,7 @@ func FakeCertManager() (*Manager, error) {
 		getCertValidityDuration,
 		nil,
 		1*time.Hour,
+		"",
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error creating fakeCertManager, err: %w", err)

@@ -17,14 +17,14 @@ import (
 )
 
 // NewManager creates a new CertificateManager with the passed MRCClient and options
-func NewManager(ctx context.Context, mrcClient MRCClient, getServiceCertValidityPeriod func() time.Duration, getIngressCertValidityDuration func() time.Duration, msgBroker *messaging.Broker, checkInterval time.Duration) (*Manager, error) {
+func NewManager(ctx context.Context, mrcClient MRCClient, getServiceCertValidityPeriod func() time.Duration, getIngressCertValidityDuration func() time.Duration, msgBroker *messaging.Broker, checkInterval time.Duration, ns string) (*Manager, error) {
 	m := &Manager{
 		serviceCertValidityDuration: getServiceCertValidityPeriod,
 		ingressCertValidityDuration: getIngressCertValidityDuration,
 		msgBroker:                   msgBroker,
 	}
 
-	err := m.start(ctx, mrcClient)
+	err := m.start(ctx, mrcClient, ns)
 	if err != nil {
 		return nil, err
 	}
@@ -49,7 +49,7 @@ func (m *Manager) startRotationTicker(ctx context.Context, checkInterval time.Du
 	}()
 }
 
-func (m *Manager) start(ctx context.Context, mrcClient MRCClient) error {
+func (m *Manager) start(ctx context.Context, mrcClient MRCClient, ns string) error {
 	// start a watch and we wait until the manager is initialized so that
 	// the caller gets a manager that's ready to be used
 	var once sync.Once
@@ -129,15 +129,23 @@ func (m *Manager) handleMRCEvent(mrcClient MRCClient, event MRCEvent) error {
 		c := &issuer{Issuer: client, ID: clientID, CertificateAuthority: ca}
 		switch {
 		case mrc.Status.State == constants.MRCStateActive:
+			m.mu.Lock()
 			m.signingIssuer = c
 			m.validatingIssuer = c
+			m.mu.Unlock()
 		case mrc.Status.State == constants.MRCStateIssuingRollback || mrc.Status.State == constants.MRCStateIssuingRollout:
+			m.mu.Lock()
 			m.signingIssuer = c
+			m.mu.Unlock()
 		case mrc.Status.State == constants.MRCStateValidatingRollback || mrc.Status.State == constants.MRCStateValidatingRollout:
-		case mrc.Status.State == constants.MRCStateValidatingRollback || mrc.Status.State == constants.MRCStateValidatingRollout:
+		case mrc.Status.State == constants.MRCStateIssuingRollback || mrc.Status.State == constants.MRCStateValidatingRollout:
-		case mrc.Status.State == constants.MRCStateValidatingRollback || mrc.Status.State == constants.MRCStateValidatingRollout:
+		case mrc.Status.State == constants.MRCStateIssuingRollback || mrc.Status.State == constants.MRCStateValidatingRollout:
+			m.mu.Lock()
 			m.validatingIssuer = c
+			m.mu.Unlock()
 		default:
+			m.mu.Lock()
 			m.signingIssuer = c
 			m.validatingIssuer = c
+			m.mu.Unlock()
 		}
 	case MRCEventUpdated:
 		// TODO

diff --git a/pkg/certificate/manager_test.go b/pkg/certificate/manager_test.go
@@ -83,7 +83,7 @@ func TestRotor(t *testing.T) {
 	stop := make(chan struct{})
 	defer close(stop)
 	msgBroker := messaging.NewBroker(stop)
-	certManager, err := NewManager(context.Background(), &fakeMRCClient{}, getServiceCertValidityPeriod, getIngressGatewayCertValidityPeriod, msgBroker, 5*time.Second)
+	certManager, err := NewManager(context.Background(), &fakeMRCClient{}, getServiceCertValidityPeriod, getIngressGatewayCertValidityPeriod, msgBroker, 5*time.Second, "")
 	require.NoError(err)
 
 	certA, err := certManager.IssueCertificate(cnPrefix, Service)

diff --git a/pkg/certificate/providers/config.go b/pkg/certificate/providers/config.go
@@ -100,7 +100,7 @@ func NewCertificateManager(ctx context.Context, kubeClient kubernetes.Interface,
 		mrcClient = c
 	}
 
-	return certificate.NewManager(ctx, mrcClient, cfg.GetServiceCertValidityPeriod, cfg.GetIngressGatewayCertValidityPeriod, msgBroker, checkInterval)
+	return certificate.NewManager(ctx, mrcClient, cfg.GetServiceCertValidityPeriod, cfg.GetIngressGatewayCertValidityPeriod, msgBroker, checkInterval, providerNamespace)
 }
 
 // GetCertIssuerForMRC returns a certificate.Issuer generated from the provided MRC.

@@ -139,7 +139,7 @@ func TestGetCertificateManager(t *testing.T) {
 				},
 			}),
 			informerCollectionFunc: func(tc testCase) (*informers.InformerCollection, error) {
-				ic, err := informers.NewInformerCollection("osm", nil, informers.WithKubeClient(tc.kubeClient), informers.WithConfigClient(tc.configClient))
+				ic, err := informers.NewInformerCollection("osm", nil, informers.WithKubeClient(tc.kubeClient), informers.WithConfigClient(tc.configClient, "", "osm-namespace"))
 				if err != nil {
 					return nil, err
 				}

@@ -3,6 +3,7 @@ package providers
 import (
 	"context"
 
+	"github.com/rs/zerolog/log"
 	"k8s.io/client-go/tools/cache"
 
 	"github.com/openservicemesh/osm/pkg/apis/config/v1alpha2"
@@ -45,6 +46,7 @@ func (m *MRCComposer) Watch(ctx context.Context) (<-chan certificate.MRCEvent, e
 	eventChan := make(chan certificate.MRCEvent)
 	m.informerCollection.AddEventHandler(informers.InformerKeyMeshRootCertificate, cache.ResourceEventHandlerFuncs{
 		AddFunc: func(obj interface{}) {
+			log.Debug().Msg("received MRC add event")
 			mrc := obj.(*v1alpha2.MeshRootCertificate)
 			eventChan <- certificate.MRCEvent{
 				Type: certificate.MRCEventAdded,
@@ -54,6 +56,7 @@ func (m *MRCComposer) Watch(ctx context.Context) (<-chan certificate.MRCEvent, e
 		// We don't really care about the previous version
 		// since the "state machine" of the MRC is well defined
 		UpdateFunc: func(_, newObj interface{}) {
+			log.Debug().Msg("received MRC update event")
 			mrc := newObj.(*v1alpha2.MeshRootCertificate)
 			eventChan <- certificate.MRCEvent{
 				Type: certificate.MRCEventUpdated,

diff --git a/pkg/certificate/providers/tresor/fake/fake.go b/pkg/certificate/providers/tresor/fake/fake.go
@@ -83,7 +83,7 @@ func NewFake(msgBroker *messaging.Broker, checkInterval time.Duration) *certific
 
 // NewFakeWithValidityDuration constructs a fake certificate manager with specified cert validity duration
 func NewFakeWithValidityDuration(getCertValidityDuration func() time.Duration, msgBroker *messaging.Broker, checkInterval time.Duration) *certificate.Manager {
-	tresorCertManager, err := certificate.NewManager(context.Background(), &fakeMRCClient{}, getCertValidityDuration, getCertValidityDuration, msgBroker, checkInterval)
+	tresorCertManager, err := certificate.NewManager(context.Background(), &fakeMRCClient{}, getCertValidityDuration, getCertValidityDuration, msgBroker, checkInterval, "")
 	if err != nil {
 		log.Error().Err(err).Msg("error encountered creating fake cert manager")
 		return nil

@@ -147,7 +147,7 @@ var (
 // MRCEventBroker describes any type that allows the caller to Watch() MRCEvents
 type MRCEventBroker interface {
 	// Watch allows the caller to subscribe to events surrounding
-	// MRCs that belong to this particular mesh. Watch returns a channel
-	// that emits events, and an error if the subscription goes awry.
+	// MRCs. Watch returns a channel that emits events, and
+	// an error if the subscription goes awry.
 	Watch(context.Context) (<-chan MRCEvent, error)
 }
@@ -24,7 +24,7 @@ func TestGetMeshConfig(t *testing.T) {
 	meshConfigClient := fakeConfig.NewSimpleClientset()
 	stop := make(chan struct{})
 
-	ic, err := informers.NewInformerCollection("osm", stop, informers.WithConfigClient(meshConfigClient))
+	ic, err := informers.NewInformerCollection("osm", stop, informers.WithConfigClient(meshConfigClient, osmMeshConfigName, osmNamespace))
 	a.Nil(err)
 
 	c := NewConfigurator(ic, osmNamespace, osmMeshConfigName, nil)

@@ -31,7 +31,7 @@ func TestCreateUpdateConfig(t *testing.T) {
 		meshConfigClientSet := testclient.NewSimpleClientset()
 		stop := make(chan struct{})
 
-		ic, err := informers.NewInformerCollection("osm", stop, informers.WithConfigClient(meshConfigClientSet))
+		ic, err := informers.NewInformerCollection("osm", stop, informers.WithConfigClient(meshConfigClientSet, osmMeshConfigName, osmNamespace))
 		tassert.Nil(t, err)
 
 		cfg := NewConfigurator(ic, osmNamespace, osmMeshConfigName, nil)
@@ -465,7 +465,7 @@ func TestCreateUpdateConfig(t *testing.T) {
 			stop := make(chan struct{})
 			defer close(stop)
 
-			ic, err := informers.NewInformerCollection("osm", stop, informers.WithConfigClient(meshConfigClientSet))
+			ic, err := informers.NewInformerCollection("osm", stop, informers.WithConfigClient(meshConfigClientSet, osmMeshConfigName, osmNamespace))
 			assert.Nil(err)
 
 			cfg := NewConfigurator(ic, osmNamespace, osmMeshConfigName, nil)

@@ -58,7 +58,7 @@ func TestNewResponse(t *testing.T) {
 	podID := uuid.New()
 
 	proxy := envoy.NewProxy(envoy.KindSidecar, podID, proxySvcAccount.ToServiceIdentity(), nil)
-	ic, err := informers.NewInformerCollection("osm", stop, informers.WithKubeClient(fakeKubeClient), informers.WithConfigClient(fakeConfigClient))
+	ic, err := informers.NewInformerCollection("osm", stop, informers.WithKubeClient(fakeKubeClient), informers.WithConfigClient(fakeConfigClient, "-the-mesh-config-name-", "-osm-namespace-"))
 	assert.Nil(err)
 
 	cfg := configurator.NewConfigurator(ic, "-osm-namespace-", "-the-mesh-config-name-", nil)

@@ -86,12 +86,16 @@ func WithSMIClients(smiTrafficSplitClient smiTrafficSplitClient.Interface, smiTr
 }
 
 // WithConfigClient sets the config client for the InformerCollection
-func WithConfigClient(configClient configClientset.Interface) InformerCollectionOption {
+func WithConfigClient(configClient configClientset.Interface, meshConfigName, osmNamespace string) InformerCollectionOption {
 	return func(ic *InformerCollection) {
-		informerFactory := configInformers.NewSharedInformerFactory(configClient, DefaultKubeEventResyncInterval)
+		listOption := configInformers.WithTweakListOptions(func(opt *metav1.ListOptions) {
+			opt.FieldSelector = fields.OneTermEqualSelector(metav1.ObjectNameField, meshConfigName).String()
+		})
+		meshConfiginformerFactory := configInformers.NewSharedInformerFactoryWithOptions(configClient, DefaultKubeEventResyncInterval, configInformers.WithNamespace(osmNamespace), listOption)
+		mrcInformerFactory := configInformers.NewSharedInformerFactoryWithOptions(configClient, DefaultKubeEventResyncInterval, configInformers.WithNamespace(osmNamespace))
 
-		ic.informers[InformerKeyMeshConfig] = informerFactory.Config().V1alpha2().MeshConfigs().Informer()
-		ic.informers[InformerKeyMeshRootCertificate] = informerFactory.Config().V1alpha2().MeshRootCertificates().Informer()
+		ic.informers[InformerKeyMeshConfig] = meshConfiginformerFactory.Config().V1alpha2().MeshConfigs().Informer()
+		ic.informers[InformerKeyMeshRootCertificate] = mrcInformerFactory.Config().V1alpha2().MeshRootCertificates().Informer()
 	}
 }
 

@@ -125,6 +125,7 @@ var _ = OSMDescribe("Test Retry Policy",
 
 					By("A request that will be retried NumRetries times then fail")
 					err = wait.Poll(time.Second*3, time.Second*30, func() (bool, error) {
+						defer GinkgoRecover()
 						result := Td.HTTPRequest(req)
 
 						stdout, stderr, err := Td.RunLocal(filepath.FromSlash("../../bin/osm"), "proxy", "get", "stats", clientPod.Name, "--namespace", client)
@@ -240,6 +241,7 @@ var _ = OSMDescribe("Test Retry Policy",
 
 					By("A request that will be retried 0 times and then fail")
 					err = wait.Poll(time.Second*3, time.Second*30, func() (bool, error) {
+						defer GinkgoRecover()
 						result := Td.HTTPRequest(req)
 
 						stdout, stderr, err := Td.RunLocal(filepath.FromSlash("../../bin/osm"), "proxy", "get", "stats", clientPod.Name, "--namespace", client)