Skip to content

Commit b4774da

Browse files
olamilekan000olamilekan000
committed
fix permission claim label not updated when selector changes
Signed-off-by: olalekan odukoya <[email protected]>
1 parent ed46a47 commit b4774da

File tree

1 file changed

+71
-1
lines changed

1 file changed

+71
-1
lines changed

pkg/reconciler/apis/permissionclaimlabel/permissionclaimlabel_reconcile.go

Lines changed: 71 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,8 +84,11 @@ func (c *controller) reconcile(ctx context.Context, apiBinding *apisv1alpha2.API
8484
}
8585

8686
appliedClaims := sets.New[string]()
87+
appliedClaimsMap := make(map[string]apisv1alpha2.ScopedPermissionClaim)
8788
for _, claim := range apiBinding.Status.AppliedPermissionClaims {
88-
appliedClaims.Insert(setKeyForClaim(claim.PermissionClaim))
89+
key := setKeyForClaim(claim.PermissionClaim)
90+
appliedClaims.Insert(key)
91+
appliedClaimsMap[key] = claim
8992
}
9093

9194
expectedClaims := exportedClaims.Intersection(acceptedClaims)
@@ -94,6 +97,20 @@ func (c *controller) reconcile(ctx context.Context, apiBinding *apisv1alpha2.API
9497
needToRemove := appliedClaims.Difference(acceptedClaims)
9598
allChanges := needToApply.Union(needToRemove)
9699

100+
for key := range expectedClaims {
101+
if acceptedClaims.Has(key) && appliedClaims.Has(key) {
102+
acceptedClaim := acceptedClaimsMap[key]
103+
appliedClaim := appliedClaimsMap[key]
104+
if !selectorsEqual(acceptedClaim.Selector, appliedClaim.Selector) {
105+
allChanges.Insert(key)
106+
107+
logger.V(4).Info("detected selector change for claim", "claim", key,
108+
"oldSelector", appliedClaim.Selector,
109+
"newSelector", acceptedClaim.Selector)
110+
}
111+
}
112+
}
113+
97114
logger.V(4).Info("claim set details",
98115
"expected", expectedClaims,
99116
"unexpected", unexpectedClaims,
@@ -289,3 +306,56 @@ func (c *controller) patchGenericObject(ctx context.Context, obj metav1.Object,
289306
}
290307
return nil
291308
}
309+
310+
func selectorsEqual(a, b apisv1alpha2.PermissionClaimSelector) bool {
311+
if a.MatchAll != b.MatchAll {
312+
return false
313+
}
314+
315+
if a.MatchAll && b.MatchAll {
316+
return true
317+
}
318+
319+
if len(a.MatchLabels) != len(b.MatchLabels) {
320+
return false
321+
}
322+
for k, v := range a.MatchLabels {
323+
if b.MatchLabels[k] != v {
324+
return false
325+
}
326+
}
327+
328+
if len(a.MatchExpressions) != len(b.MatchExpressions) {
329+
return false
330+
}
331+
aExprs := make(map[string]metav1.LabelSelectorRequirement)
332+
for _, expr := range a.MatchExpressions {
333+
key := fmt.Sprintf("%s:%s", expr.Key, string(expr.Operator))
334+
aExprs[key] = expr
335+
}
336+
for _, expr := range b.MatchExpressions {
337+
key := fmt.Sprintf("%s:%s", expr.Key, string(expr.Operator))
338+
if aExpr, ok := aExprs[key]; !ok {
339+
return false
340+
} else if !matchExpressionEqual(aExpr, expr) {
341+
return false
342+
}
343+
}
344+
345+
return true
346+
}
347+
348+
func matchExpressionEqual(a, b metav1.LabelSelectorRequirement) bool {
349+
if a.Key != b.Key {
350+
return false
351+
}
352+
if a.Operator != b.Operator {
353+
return false
354+
}
355+
if len(a.Values) != len(b.Values) {
356+
return false
357+
}
358+
aValues := sets.New(a.Values...)
359+
bValues := sets.New(b.Values...)
360+
return aValues.Equal(bValues)
361+
}

0 commit comments

Comments
 (0)