Merge pull request #3863 from monopole/simplifyGvk

Simplify gvk, speed up cluster-scoped checks.
kubernetes-sigs · May 3, 2021 · 8ee308d · 8ee308d
2 parents 3c3c97f + 6608472
commit 8ee308d
Show file tree

Hide file tree

Showing 20 changed files with 165 additions and 333 deletions.
diff --git a/api/filters/fieldspec/fieldspec.go b/api/filters/fieldspec/fieldspec.go
@@ -11,6 +11,7 @@ import (
 	"sigs.k8s.io/kustomize/api/internal/utils"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/errors"
+	"sigs.k8s.io/kustomize/kyaml/resid"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 )
 
@@ -45,8 +46,8 @@ type Filter struct {
 
 func (fltr Filter) Filter(obj *yaml.RNode) (*yaml.RNode, error) {
 	// check if the FieldSpec applies to the object
-	if match, err := isMatchGVK(fltr.FieldSpec, obj); !match || err != nil {
-		return obj, errors.Wrap(err)
+	if match := isMatchGVK(fltr.FieldSpec, obj); !match {
+		return obj, nil
 	}
 	fltr.path = utils.PathSplitter(fltr.FieldSpec.Path)
 	err := fltr.filter(obj)
@@ -158,28 +159,24 @@ func isSequenceField(name string) (string, bool) {
 }
 
 // isMatchGVK returns true if the fs.GVK matches the obj GVK.
-func isMatchGVK(fs types.FieldSpec, obj *yaml.RNode) (bool, error) {
-	meta, err := obj.GetMeta()
-	if err != nil {
-		return false, err
-	}
-	if fs.Kind != "" && fs.Kind != meta.Kind {
+func isMatchGVK(fs types.FieldSpec, obj *yaml.RNode) bool {
+	if kind := obj.GetKind(); fs.Kind != "" && fs.Kind != kind {
 		// kind doesn't match
-		return false, err
+		return false
 	}
 
 	// parse the group and version from the apiVersion field
-	group, version := parseGV(meta.APIVersion)
+	group, version := resid.ParseGroupVersion(obj.GetApiVersion())
 
 	if fs.Group != "" && fs.Group != group {
 		// group doesn't match
-		return false, nil
+		return false
 	}
 
 	if fs.Version != "" && fs.Version != version {
 		// version doesn't match
-		return false, nil
+		return false
 	}
 
-	return true, nil
+	return true
 }
diff --git a/api/filters/fieldspec/fieldspec_test.go b/api/filters/fieldspec/fieldspec_test.go
@@ -46,10 +46,11 @@ xxx:
 		"empty path": {
 			fieldSpec: `
 group: foo
+version: v1
 kind: Bar
 `,
 			input: `
-apiVersion: foo
+apiVersion: foo/v1
 kind: Bar
 xxx:
 `,
@@ -59,7 +60,7 @@ kind: Bar
 xxx:
 `,
 			error: `considering field '' of object
-apiVersion: foo
+apiVersion: foo/v1
 kind: Bar
 xxx:
 : cannot set or create an empty field name`,
@@ -195,11 +196,14 @@ kind: Bar
 			input: `
 a:
   b: c
+`,
+			expected: `
+a:
+  b: c
 `,
 			filter: fieldspec.Filter{
 				SetValue: filtersutil.SetScalar("e"),
 			},
-			error: "missing Resource metadata",
 		},
 
 		"miss-match-type": {

diff --git a/api/filters/fieldspec/gvk.go b/api/filters/fieldspec/gvk.go
diff --git a/api/filters/fieldspec/gvk_test.go b/api/filters/fieldspec/gvk_test.go
diff --git a/api/filters/nameref/nameref.go b/api/filters/nameref/nameref.go
@@ -257,8 +257,7 @@ func previousIdSelectedByGvk(gvk *resid.Gvk) sieveFunc {
 
 // If the we are updating a 'roleRef/name' field, the 'apiGroup' and 'kind'
 // fields in the same 'roleRef' map must be considered.
-// If either object is cluster-scoped (!IsNamespaceableKind), there
-// can be a referral.
+// If either object is cluster-scoped, there can be a referral.
 // E.g. a RoleBinding (which exists in a namespace) can refer
 // to a ClusterRole (cluster-scoped) object.
 // https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
@@ -285,12 +284,12 @@ func prefixSuffixEquals(other resource.ResCtx) sieveFunc {
 
 func (f Filter) sameCurrentNamespaceAsReferrer() sieveFunc {
 	referrerCurId := f.Referrer.CurId()
-	if !referrerCurId.IsNamespaceableKind() {
+	if referrerCurId.IsClusterScoped() {
 		// If the referrer is cluster-scoped, let anything through.
 		return acceptAll
 	}
 	return func(r *resource.Resource) bool {
-		if !r.CurId().IsNamespaceableKind() {
+		if r.CurId().IsClusterScoped() {
 			// Allow cluster-scoped through.
 			return true
 		}

diff --git a/api/filters/namespace/namespace.go b/api/filters/namespace/namespace.go
@@ -4,11 +4,11 @@
 package namespace
 
 import (
-	"sigs.k8s.io/kustomize/api/filters/fieldspec"
 	"sigs.k8s.io/kustomize/api/filters/filtersutil"
 	"sigs.k8s.io/kustomize/api/filters/fsslice"
 	"sigs.k8s.io/kustomize/api/types"
 	"sigs.k8s.io/kustomize/kyaml/kio"
+	"sigs.k8s.io/kustomize/kyaml/resid"
 	"sigs.k8s.io/kustomize/kyaml/yaml"
 )
 
@@ -54,16 +54,11 @@ func (ns Filter) run(node *yaml.RNode) (*yaml.RNode, error) {
 // hacks applies the namespace transforms that are hardcoded rather
 // than specified through FieldSpecs.
 func (ns Filter) hacks(obj *yaml.RNode) error {
-	meta, err := obj.GetMeta()
-	if err != nil {
+	gvk := resid.GvkFromNode(obj)
+	if err := ns.metaNamespaceHack(obj, gvk); err != nil {
 		return err
 	}
-
-	if err := ns.metaNamespaceHack(obj, meta); err != nil {
-		return err
-	}
-
-	return ns.roleBindingHack(obj, meta)
+	return ns.roleBindingHack(obj, gvk)
 }
 
 // metaNamespaceHack is a hack for implementing the namespace transform
@@ -74,9 +69,8 @@ func (ns Filter) hacks(obj *yaml.RNode) error {
 // This hack should be updated to allow individual resources to specify
 // if they are cluster scoped through either an annotation on the resources,
 // or through inlined OpenAPI on the resource as a YAML comment.
-func (ns Filter) metaNamespaceHack(obj *yaml.RNode, meta yaml.ResourceMeta) error {
-	gvk := fieldspec.GetGVK(meta)
-	if !gvk.IsNamespaceableKind() {
+func (ns Filter) metaNamespaceHack(obj *yaml.RNode, gvk resid.Gvk) error {
+	if gvk.IsClusterScoped() {
 		return nil
 	}
 	f := fsslice.Filter{
@@ -104,8 +98,8 @@ func (ns Filter) metaNamespaceHack(obj *yaml.RNode, meta yaml.ResourceMeta) erro
 //   ...
 // - name: "something-else" # this will not have the namespace set
 //   ...
-func (ns Filter) roleBindingHack(obj *yaml.RNode, meta yaml.ResourceMeta) error {
-	if meta.Kind != roleBindingKind && meta.Kind != clusterRoleBindingKind {
+func (ns Filter) roleBindingHack(obj *yaml.RNode, gvk resid.Gvk) error {
+	if gvk.Kind != roleBindingKind && gvk.Kind != clusterRoleBindingKind {
 		return nil
 	}