Project life-cycle updates

Author: derekwaynecarr

pkg/cmd/server/kubernetes/master.go

@@ -24,8 +24,7 @@ import (
 	latestschedulerapi "github.com/GoogleCloudPlatform/kubernetes/plugin/pkg/scheduler/api/latest"
 	"github.com/GoogleCloudPlatform/kubernetes/plugin/pkg/scheduler/factory"
 
-	// Namespace controller will be added
-	_ "github.com/GoogleCloudPlatform/kubernetes/pkg/namespace"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/namespace"
 )
 
 const (
@@ -83,6 +82,12 @@ func (c *MasterConfig) InstallAPI(container *restful.Container) []string {
 	}
 }
 
+func (c *MasterConfig) RunNamespaceController() {
+	namespaceController := namespace.NewNamespaceManager(c.KubeClient)
+	namespaceController.Run(1 * time.Minute)
+	glog.Infof("Started Kubernetes Namespace Manager")
+}
+
 // RunReplicationController starts the Kubernetes replication controller sync loop
 func (c *MasterConfig) RunReplicationController() {
 	controllerManager := controller.NewReplicationManager(c.KubeClient)

pkg/cmd/server/origin/master.go

@@ -75,7 +75,7 @@ import (
 	clientauthorizationregistry "github.com/openshift/origin/pkg/oauth/registry/clientauthorization"
 	oauthetcd "github.com/openshift/origin/pkg/oauth/registry/etcd"
 	projectcontroller "github.com/openshift/origin/pkg/project/controller"
-	projectregistry "github.com/openshift/origin/pkg/project/registry/project"
+	projectproxy "github.com/openshift/origin/pkg/project/registry/proxy"
 	routeallocationcontroller "github.com/openshift/origin/pkg/route/controller/allocation"
 	routeetcd "github.com/openshift/origin/pkg/route/registry/etcd"
 	routeregistry "github.com/openshift/origin/pkg/route/registry/route"
@@ -224,7 +224,7 @@ func (c *MasterConfig) InstallProtectedAPI(container *restful.Container) []strin
 
 		"routes": routeregistry.NewREST(routeEtcd, routeAllocator),
 
-		"projects": projectregistry.NewREST(kclient.Namespaces(), c.ProjectAuthorizationCache),
+		"projects": projectproxy.NewREST(kclient.Namespaces(), c.ProjectAuthorizationCache),
 
 		"users":                userStorage,
 		"identities":           identityStorage,

pkg/cmd/server/start/start_master.go

@@ -339,6 +339,7 @@ func StartMaster(openshiftMasterConfig *configapi.MasterConfig) error {
 		kubeConfig.RunEndpointController()
 		kubeConfig.RunMinionController()
 		kubeConfig.RunResourceQuotaManager()
+		kubeConfig.RunNamespaceController()
 
 	} else {
 		_, kubeConfig, err := configapi.GetKubeClient(openshiftMasterConfig.MasterClients.KubernetesKubeConfig)

pkg/project/api/types.go

@@ -11,8 +11,15 @@ type ProjectList struct {
 	Items []Project
 }
 
+// These are internal finalizer values to Origin
+const (
+	FinalizerProject kapi.FinalizerName = "openshift.com/project"
+)
+
 // ProjectSpec describes the attributes on a Project
 type ProjectSpec struct {
+	// Finalizers is an opaque list of values that must be empty to permanently remove object from storage
+	Finalizers []kapi.FinalizerName
 }
 
 // ProjectStatus is information about the current status of a Project

pkg/project/api/v1beta1/types.go

@@ -11,8 +11,15 @@ type ProjectList struct {
 	Items         []Project `json:"items"`
 }
 
+// These are internal finalizer values to Origin
+const (
+	FinalizerProject kapi.FinalizerName = "openshift.com/project"
+)
+
 // ProjectSpec describes the attributes on a Project
 type ProjectSpec struct {
+	// Finalizers is an opaque list of values that must be empty to permanently remove object from storage
+	Finalizers []kapi.FinalizerName `json:"finalizers,omitempty" description:"an opaque list of values that must be empty to permanently remove object from storage"`
 }
 
 // ProjectStatus is information about the current status of a Project

pkg/project/api/validation/validation.go

@@ -3,6 +3,7 @@ package validation
 import (
 	"strings"
 
+	kvalidation "github.com/GoogleCloudPlatform/kubernetes/pkg/api/validation"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/util/fielderrors"
 	"github.com/openshift/origin/pkg/project/api"
@@ -29,3 +30,12 @@ func ValidateProject(project *api.Project) fielderrors.ValidationErrorList {
 func validateNoNewLineOrTab(s string) bool {
 	return !(strings.Contains(s, "\n") || strings.Contains(s, "\t"))
 }
+
+// ValidateProjectUpdate tests to make sure a project update can be applied.  Modifies newProject with immutable fields.
+func ValidateProjectUpdate(newProject *api.Project, oldProject *api.Project) fielderrors.ValidationErrorList {
+	allErrs := fielderrors.ValidationErrorList{}
+	allErrs = append(allErrs, kvalidation.ValidateObjectMetaUpdate(&oldProject.ObjectMeta, &newProject.ObjectMeta).Prefix("metadata")...)
+	newProject.Spec.Finalizers = oldProject.Spec.Finalizers
+	newProject.Status = oldProject.Status
+	return allErrs
+}

pkg/project/controller/controller.go

@@ -5,7 +5,9 @@ import (
 	kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/fields"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/labels"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
 	osclient "github.com/openshift/origin/pkg/client"
+	"github.com/openshift/origin/pkg/project/api"
 )
 
 // NamespaceController is responsible for participating in Kubernetes Namespace termination
@@ -23,17 +25,61 @@ type fatalError string
 func (e fatalError) Error() string { return "fatal error handling namespace: " + string(e) }
 
 // Handle processes a namespace and deletes content in origin if its terminating
-func (c *NamespaceController) Handle(namespace *kapi.Namespace) error {
-	// ignore namespaces that are not terminating
+func (c *NamespaceController) Handle(namespace *kapi.Namespace) (err error) {
+	// if namespace is not terminating, ignore it
 	if namespace.Status.Phase != kapi.NamespaceTerminating {
 		return nil
 	}
 
-	deleteAllContent(c.Client, namespace.Name)
-	// TODO: finalize namespace (remove openshift.com/origin)
+	// if we already processed this namespace, ignore it
+	if finalized(namespace) {
+		return nil
+	}
+
+	// there may still be content for us to remove
+	err = deleteAllContent(c.Client, namespace.Name)
+	if err != nil {
+		return err
+	}
+
+	// we have removed content, so mark it finalized by us
+	err = finalize(c.KubeClient, namespace)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
+// finalized returns true if the spec.finalizers does not contain the project finalizer
+func finalized(namespace *kapi.Namespace) bool {
+	for i := range namespace.Spec.Finalizers {
+		if api.FinalizerProject == namespace.Spec.Finalizers[i] {
+			return false
+		}
+	}
+	return true
+}
+
+// finalize will finalize the namespace for kubernetes
+func finalize(kubeClient kclient.Interface, namespace *kapi.Namespace) error {
+	namespaceFinalize := kapi.Namespace{}
+	namespaceFinalize.ObjectMeta = namespace.ObjectMeta
+	namespaceFinalize.Spec = namespace.Spec
+	finalizerSet := util.NewStringSet()
+	for i := range namespace.Spec.Finalizers {
+		if namespace.Spec.Finalizers[i] != api.FinalizerProject {
+			finalizerSet.Insert(string(namespace.Spec.Finalizers[i]))
+		}
+	}
+	namespaceFinalize.Spec.Finalizers = make([]kapi.FinalizerName, 0, len(finalizerSet))
+	for _, value := range finalizerSet.List() {
+		namespaceFinalize.Spec.Finalizers = append(namespaceFinalize.Spec.Finalizers, kapi.FinalizerName(value))
+	}
+	_, err := kubeClient.Namespaces().Finalize(&namespaceFinalize)
+	return err
+}
+
 // deleteAllContent will purge all content in openshift in the specified namespace
 func deleteAllContent(client osclient.Interface, namespace string) (err error) {
 	err = deleteBuildConfigs(client, namespace)

pkg/project/controller/controller_test.go

@@ -3,11 +3,11 @@ package controller
 import (
 	"testing"
 
-	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
+	kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
-
 	osclient "github.com/openshift/origin/pkg/client"
+	"github.com/openshift/origin/pkg/project/api"
 )
 
 func TestSyncNamespaceThatIsTerminating(t *testing.T) {
@@ -17,18 +17,18 @@ func TestSyncNamespaceThatIsTerminating(t *testing.T) {
 		KubeClient: mockKubeClient,
 		Client:     mockOriginClient,
 	}
-	//now := util.Now()
-	testNamespace := &api.Namespace{
-		ObjectMeta: api.ObjectMeta{
-			Name:            "test",
-			ResourceVersion: "1",
-			//			DeletionTimestamp: &now,
+	now := util.Now()
+	testNamespace := &kapi.Namespace{
+		ObjectMeta: kapi.ObjectMeta{
+			Name:              "test",
+			ResourceVersion:   "1",
+			DeletionTimestamp: &now,
 		},
-		//		Spec: api.NamespaceSpec{
-		//			Finalizers: []api.FinalizerName{"kubernetes"},
-		//		},
-		Status: api.NamespaceStatus{
-			Phase: api.NamespaceTerminating,
+		Spec: kapi.NamespaceSpec{
+			Finalizers: []kapi.FinalizerName{kapi.FinalizerKubernetes, api.FinalizerProject},
+		},
+		Status: kapi.NamespaceStatus{
+			Phase: kapi.NamespaceTerminating,
 		},
 	}
 	err := nm.Handle(testNamespace)
@@ -67,18 +67,16 @@ func TestSyncNamespaceThatIsActive(t *testing.T) {
 		KubeClient: mockKubeClient,
 		Client:     mockOriginClient,
 	}
-	//now := util.Now()
-	testNamespace := &api.Namespace{
-		ObjectMeta: api.ObjectMeta{
+	testNamespace := &kapi.Namespace{
+		ObjectMeta: kapi.ObjectMeta{
 			Name:            "test",
 			ResourceVersion: "1",
-			//      DeletionTimestamp: &now,
 		},
-		//    Spec: api.NamespaceSpec{
-		//      Finalizers: []api.FinalizerName{"kubernetes"},
-		//    },
-		Status: api.NamespaceStatus{
-			Phase: api.NamespaceActive,
+		Spec: kapi.NamespaceSpec{
+			Finalizers: []kapi.FinalizerName{kapi.FinalizerKubernetes, api.FinalizerProject},
+		},
+		Status: kapi.NamespaceStatus{
+			Phase: kapi.NamespaceActive,
 		},
 	}
 	err := nm.Handle(testNamespace)

pkg/project/registry/project/rest.go renamed to pkg/project/registry/proxy/proxy.go

@@ -1,28 +1,40 @@
-package project
+package proxy
 
 import (
 	"fmt"
 
 	kapi "github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	kerrors "github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/rest"
 	kclient "github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/fields"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/labels"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/runtime"
 
 	"github.com/openshift/origin/pkg/project/api"
-	"github.com/openshift/origin/pkg/project/api/validation"
 	projectauth "github.com/openshift/origin/pkg/project/auth"
+	"github.com/openshift/origin/pkg/project/registry"
 )
 
 type REST struct {
+	// client can modify Kubernetes namespaces
 	client kclient.NamespaceInterface
+	// lister can enumerate project lists that enforce policy
 	lister projectauth.Lister
+	// Allows extended behavior during creation, required
+	createStrategy rest.RESTCreateStrategy
+	// Allows extended behavior during updates, required
+	updateStrategy rest.RESTUpdateStrategy
 }
 
 // NewREST returns a RESTStorage object that will work against Project resources
 func NewREST(client kclient.NamespaceInterface, lister projectauth.Lister) *REST {
-	return &REST{client: client, lister: lister}
+	return &REST{
+		client:         client,
+		lister:         lister,
+		createStrategy: registry.Strategy,
+		updateStrategy: registry.Strategy,
+	}
 }
 
 // New returns a new Project
@@ -41,7 +53,9 @@ func convertNamespace(namespace *kapi.Namespace) *api.Project {
 	return &api.Project{
 		ObjectMeta:  namespace.ObjectMeta,
 		DisplayName: displayName,
-		Spec:        api.ProjectSpec{},
+		Spec: api.ProjectSpec{
+			Finalizers: namespace.Spec.Finalizers,
+		},
 		Status: api.ProjectStatus{
 			Phase: namespace.Status.Phase,
 		},
@@ -52,6 +66,12 @@ func convertNamespace(namespace *kapi.Namespace) *api.Project {
 func convertProject(project *api.Project) *kapi.Namespace {
 	namespace := &kapi.Namespace{
 		ObjectMeta: project.ObjectMeta,
+		Spec: kapi.NamespaceSpec{
+			Finalizers: project.Spec.Finalizers,
+		},
+		Status: kapi.NamespaceStatus{
+			Phase: project.Status.Phase,
+		},
 	}
 	if namespace.Annotations == nil {
 		namespace.Annotations = map[string]string{}
@@ -98,7 +118,8 @@ func (s *REST) Create(ctx kapi.Context, obj runtime.Object) (runtime.Object, err
 		return nil, fmt.Errorf("not a project: %#v", obj)
 	}
 	kapi.FillObjectMetaSystemFields(ctx, &project.ObjectMeta)
-	if errs := validation.ValidateProject(project); len(errs) > 0 {
+	s.createStrategy.PrepareForCreate(obj)
+	if errs := s.createStrategy.Validate(ctx, obj); len(errs) > 0 {
 		return nil, kerrors.NewInvalid("project", project.Name, errs)
 	}
 	namespace, err := s.client.Create(convertProject(project))