Support configuring externally managed network policy workloads, for …

…which Otterize Cloud will not suggest new ClientIntents (#505)
otterize · Nov 4, 2024 · d787cae · d787cae
1 parent cd23ce4
commit d787cae
Show file tree

Hide file tree

Showing 5 changed files with 245 additions and 49 deletions.
diff --git a/src/shared/operator_cloud_client/status_report.go b/src/shared/operator_cloud_client/status_report.go
@@ -7,7 +7,9 @@ import (
 	"github.com/otterize/intents-operator/src/shared/operatorconfig/enforcement"
 	"github.com/otterize/intents-operator/src/shared/otterizecloud/graphqlclient"
 	"github.com/otterize/intents-operator/src/shared/otterizecloud/otterizecloudclient"
+	"github.com/otterize/intents-operator/src/shared/serviceidresolver/serviceidentity"
 	"github.com/otterize/intents-operator/src/shared/telemetries/errorreporter"
+	"github.com/samber/lo"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
 	"time"
@@ -68,6 +70,7 @@ func getAllowExternalConfig() graphqlclient.AllowExternalTrafficPolicy {
 
 func uploadConfiguration(ctx context.Context, client CloudClient) {
 	ingressConfigIdentities := operatorconfig.GetIngressControllerServiceIdentities()
+	externallyManagedPolicyWorkloadIdentities := operatorconfig.GetExternallyManagedPoliciesServiceIdentities()
 	enforcementConfig := enforcement.GetConfig()
 	timeoutCtx, cancel := context.WithTimeout(ctx, viper.GetDuration(otterizecloudclient.CloudClientTimeoutKey))
 	defer cancel()
@@ -87,17 +90,21 @@ func uploadConfiguration(ctx context.Context, client CloudClient) {
 		AllowExternalTrafficPolicy:            getAllowExternalConfig(),
 	}
 
-	if len(ingressConfigIdentities) != 0 {
-		ingressControllerConfigInput := make([]graphqlclient.IngressControllerConfigInput, 0)
-		for _, identity := range ingressConfigIdentities {
-			ingressControllerConfigInput = append(ingressControllerConfigInput, graphqlclient.IngressControllerConfigInput{
-				Name:      identity.Name,
-				Namespace: identity.Namespace,
-				Kind:      identity.Kind,
-			})
+	configInput.IngressControllerConfig = lo.Map(ingressConfigIdentities, func(identity serviceidentity.ServiceIdentity, _ int) graphqlclient.IngressControllerConfigInput {
+		return graphqlclient.IngressControllerConfigInput{
+			Name:      identity.Name,
+			Namespace: identity.Namespace,
+			Kind:      identity.Kind,
 		}
-		configInput.IngressControllerConfig = ingressControllerConfigInput
-	}
+	})
+
+	configInput.ExternallyManagedPolicyWorkloads = lo.Map(externallyManagedPolicyWorkloadIdentities, func(identity serviceidentity.ServiceIdentity, _ int) graphqlclient.ExternallyManagedPolicyWorkloadInput {
+		return graphqlclient.ExternallyManagedPolicyWorkloadInput{
+			Name:      identity.Name,
+			Namespace: identity.Namespace,
+			Kind:      identity.Kind,
+		}
+	})
 
 	configInput.AwsALBLoadBalancerExemptionEnabled = viper.GetBool(operatorconfig.IngressControllerALBExemptKey)
 

diff --git a/src/shared/operatorconfig/config.go b/src/shared/operatorconfig/config.go
@@ -5,6 +5,7 @@ import (
 	"github.com/otterize/intents-operator/src/shared/operatorconfig/enforcement"
 	"github.com/otterize/intents-operator/src/shared/serviceidresolver/serviceidentity"
 	"github.com/otterize/intents-operator/src/shared/telemetries/telemetriesconfig"
+	"github.com/samber/lo"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
@@ -62,6 +63,7 @@ const (
 	IngressControllerConfigKey                = "ingressControllers"
 	SeparateNetpolsForIngressAndEgress        = "separate-netpols-for-ingress-and-egress"
 	SeparateNetpolsForIngressAndEgressDefault = false
+	ExternallyManagedPolicyWorkloadsKey       = "externallyManagedPolicyWorkloads"
 )
 
 func init() {
@@ -125,15 +127,35 @@ func GetIngressControllerServiceIdentities() []serviceidentity.ServiceIdentity {
 		logrus.WithError(err).Panic("Failed to unmarshal ingress controller config")
 	}
 
-	identities := make([]serviceidentity.ServiceIdentity, 0)
-	for _, controller := range controllers {
-		identities = append(identities, serviceidentity.ServiceIdentity{
+	return lo.Map(controllers, func(controller IngressControllerConfig, _ int) serviceidentity.ServiceIdentity {
+		return serviceidentity.ServiceIdentity{
 			Name:      controller.Name,
 			Namespace: controller.Namespace,
 			Kind:      controller.Kind,
-		})
+		}
+	})
+}
+
+type ExternallyManagedPolicyWorkload struct {
+	Name      string
+	Namespace string
+	Kind      string
+}
+
+func GetExternallyManagedPoliciesServiceIdentities() []serviceidentity.ServiceIdentity {
+	workloads := make([]ExternallyManagedPolicyWorkload, 0)
+	err := viper.UnmarshalKey(ExternallyManagedPolicyWorkloadsKey, &workloads)
+	if err != nil {
+		logrus.WithError(err).Panic("Failed to unmarshal externally managed policy workloads config")
 	}
-	return identities
+
+	return lo.Map(workloads, func(workload ExternallyManagedPolicyWorkload, _ int) serviceidentity.ServiceIdentity {
+		return serviceidentity.ServiceIdentity{
+			Name:      workload.Name,
+			Namespace: workload.Namespace,
+			Kind:      workload.Kind,
+		}
+	})
 }
 
 func InitCLIFlags() {

diff --git a/src/shared/otterizecloud/graphqlclient/generated.go b/src/shared/otterizecloud/graphqlclient/generated.go