kyverno/pkg/policystatus/main.go

package policystatus

import (
	"encoding/json"
	"sync"
	"time"

	"github.com/golang/glog"

	"k8s.io/apimachinery/pkg/util/wait"

	"github.com/nirmata/kyverno/pkg/client/clientset/versioned"

	v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
)

// Policy status implementation works in the following way,
//Currently policy status maintains a cache of the status of
//each policy.
//Every x unit of time the status of policy is updated using
//the data from the cache.
//The sync exposes a listener which accepts a statusUpdater
//interface which dictates how the status should be updated.
//The status is updated by a worker that receives the interface
//on a channel.
//The worker then updates the current status using the methods
//exposed by the interface.
//Current implementation is designed to be threadsafe with optimised
//locking for each policy.

// statusUpdater defines a type to have a method which
//updates the given status
type statusUpdater interface {
	PolicyName() string
	UpdateStatus(status v1.PolicyStatus) v1.PolicyStatus
}

type policyStore interface {
	Get(policyName string) (*v1.ClusterPolicy, error)
}

type Listener chan statusUpdater

func (l Listener) Send(s statusUpdater) {
	l <- s
}

// Sync is the object which is used to initialize
//the policyStatus sync, can be considered the parent object
//since it contains access to all the persistant data present
//in this package.
type Sync struct {
	cache       *cache
	Listener    Listener
	client      *versioned.Clientset
	policyStore policyStore
}

type cache struct {
	dataMu     sync.RWMutex
	data       map[string]v1.PolicyStatus
	keyToMutex *keyToMutex
}

func NewSync(c *versioned.Clientset, p policyStore) *Sync {
	return &Sync{
		cache: &cache{
			dataMu:     sync.RWMutex{},
			data:       make(map[string]v1.PolicyStatus),
			keyToMutex: newKeyToMutex(),
		},
		client:      c,
		policyStore: p,
		Listener:    make(chan statusUpdater, 20),
	}
}

func (s *Sync) Run(workers int, stopCh <-chan struct{}) {
	for i := 0; i < workers; i++ {
		go s.updateStatusCache(stopCh)
	}

	wait.Until(s.updatePolicyStatus, 2*time.Second, stopCh)
	<-stopCh
}

// updateStatusCache is a worker which updates the current status
//using the statusUpdater interface
func (s *Sync) updateStatusCache(stopCh <-chan struct{}) {
	for {
		select {
		case statusUpdater := <-s.Listener:
			s.cache.keyToMutex.Get(statusUpdater.PolicyName()).Lock()

			s.cache.dataMu.RLock()
			status, exist := s.cache.data[statusUpdater.PolicyName()]
			s.cache.dataMu.RUnlock()
			if !exist {
				policy, _ := s.policyStore.Get(statusUpdater.PolicyName())
				if policy != nil {
					status = policy.Status
				}
			}

			updatedStatus := statusUpdater.UpdateStatus(status)

			s.cache.dataMu.Lock()
			s.cache.data[statusUpdater.PolicyName()] = updatedStatus
			s.cache.dataMu.Unlock()

			s.cache.keyToMutex.Get(statusUpdater.PolicyName()).Unlock()
			oldStatus, _ := json.Marshal(status)
			newStatus, _ := json.Marshal(updatedStatus)

			glog.V(4).Infof("\nupdated status of policy - %v\noldStatus:\n%v\nnewStatus:\n%v\n", statusUpdater.PolicyName(), string(oldStatus), string(newStatus))
		case <-stopCh:
			return
		}
	}
}

// updatePolicyStatus updates the status in the policy resource definition
//from the status cache, syncing them
func (s *Sync) updatePolicyStatus() {
	s.cache.dataMu.Lock()
	var nameToStatus = make(map[string]v1.PolicyStatus, len(s.cache.data))
	for k, v := range s.cache.data {
		nameToStatus[k] = v
	}
	s.cache.dataMu.Unlock()

	for policyName, status := range nameToStatus {
		policy, err := s.policyStore.Get(policyName)
		if err != nil {
			continue
		}
		policy.Status = status
		_, err = s.client.KyvernoV1().ClusterPolicies().UpdateStatus(policy)
		if err != nil {
			s.cache.dataMu.Lock()
			delete(s.cache.data, policyName)
			s.cache.dataMu.Unlock()
			glog.V(4).Info(err)
		}
	}
}
527 renamed package and send listner instead of entire sync object 2020-03-07 12:53:37 +05:30			`package policystatus`
527 save commit 2020-02-25 20:55:07 +05:30
			`import (`
527 added comments and added a log 2020-03-07 16:23:17 +05:30			`"encoding/json"`
527 save commit 2020-02-25 20:55:07 +05:30			`"sync"`
			`"time"`

			`"github.com/golang/glog"`

			`"k8s.io/apimachinery/pkg/util/wait"`

			`"github.com/nirmata/kyverno/pkg/client/clientset/versioned"`

			`v1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1"`
			`)`

527 added comments and added a log 2020-03-07 16:23:17 +05:30			`// Policy status implementation works in the following way,`
			`//Currently policy status maintains a cache of the status of`
			`//each policy.`
			`//Every x unit of time the status of policy is updated using`
			`//the data from the cache.`
			`//The sync exposes a listener which accepts a statusUpdater`
			`//interface which dictates how the status should be updated.`
			`//The status is updated by a worker that receives the interface`
			`//on a channel.`
			`//The worker then updates the current status using the methods`
			`//exposed by the interface.`
			`//Current implementation is designed to be threadsafe with optimised`
			`//locking for each policy.`

			`// statusUpdater defines a type to have a method which`
			`//updates the given status`
527 decoupling sender and reciever 2020-02-29 22:39:27 +05:30			`type statusUpdater interface {`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`PolicyName() string`
			`UpdateStatus(status v1.PolicyStatus) v1.PolicyStatus`
527 decoupling sender and reciever 2020-02-29 22:39:27 +05:30			`}`

			`type policyStore interface {`
			`Get(policyName string) (*v1.ClusterPolicy, error)`
			`}`

527 renamed package and send listner instead of entire sync object 2020-03-07 12:53:37 +05:30			`type Listener chan statusUpdater`

			`func (l Listener) Send(s statusUpdater) {`
			`l <- s`
			`}`

527 added comments and added a log 2020-03-07 16:23:17 +05:30			`// Sync is the object which is used to initialize`
			`//the policyStatus sync, can be considered the parent object`
			`//since it contains access to all the persistant data present`
			`//in this package.`
527 save commit 2020-02-25 20:55:07 +05:30			`type Sync struct {`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`cache *cache`
527 renamed package and send listner instead of entire sync object 2020-03-07 12:53:37 +05:30			`Listener Listener`
527 save commit 2020-02-25 20:55:07 +05:30			`client *versioned.Clientset`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`policyStore policyStore`
527 save commit 2020-02-25 20:55:07 +05:30			`}`

			`type cache struct {`
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`dataMu sync.RWMutex`
			`data map[string]v1.PolicyStatus`
			`keyToMutex *keyToMutex`
527 save commit 2020-02-25 20:55:07 +05:30			`}`

527 decoupling sender and reciever 2020-02-29 22:39:27 +05:30			`func NewSync(c versioned.Clientset, p policyStore) Sync {`
527 save commit 2020-02-25 20:55:07 +05:30			`return &Sync{`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`cache: &cache{`
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`dataMu: sync.RWMutex{},`
			`data: make(map[string]v1.PolicyStatus),`
			`keyToMutex: newKeyToMutex(),`
527 save commit 2020-02-25 20:55:07 +05:30			`},`
			`client: c,`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`policyStore: p,`
527 making status listner into a buffered channel instead of go routines 2020-03-04 13:35:49 +05:30			`Listener: make(chan statusUpdater, 20),`
527 save commit 2020-02-25 20:55:07 +05:30			`}`
			`}`

527 stopCh changes 2020-02-29 17:19:00 +05:30			`func (s *Sync) Run(workers int, stopCh <-chan struct{}) {`
527 ci fixes 2020-02-25 21:07:00 +05:30			`for i := 0; i < workers; i++ {`
527 stopCh changes 2020-02-29 17:19:00 +05:30			`go s.updateStatusCache(stopCh)`
527 ci fixes 2020-02-25 21:07:00 +05:30			`}`

527 stopCh changes 2020-02-29 17:19:00 +05:30			`wait.Until(s.updatePolicyStatus, 2*time.Second, stopCh)`
			`<-stopCh`
527 save commit 2020-02-25 20:55:07 +05:30			`}`

527 added comments and added a log 2020-03-07 16:23:17 +05:30			`// updateStatusCache is a worker which updates the current status`
			`//using the statusUpdater interface`
527 stopCh changes 2020-02-29 17:19:00 +05:30			`func (s *Sync) updateStatusCache(stopCh <-chan struct{}) {`
527 save commit 2020-02-25 20:55:07 +05:30			`for {`
			`select {`
527 decoupling sender and reciever 2020-02-29 22:39:27 +05:30			`case statusUpdater := <-s.Listener:`
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`s.cache.keyToMutex.Get(statusUpdater.PolicyName()).Lock()`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`s.cache.dataMu.RLock()`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`status, exist := s.cache.data[statusUpdater.PolicyName()]`
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`s.cache.dataMu.RUnlock()`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`if !exist {`
			`policy, _ := s.policyStore.Get(statusUpdater.PolicyName())`
			`if policy != nil {`
			`status = policy.Status`
			`}`
			`}`

527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`updatedStatus := statusUpdater.UpdateStatus(status)`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`s.cache.dataMu.Lock()`
			`s.cache.data[statusUpdater.PolicyName()] = updatedStatus`
			`s.cache.dataMu.Unlock()`

			`s.cache.keyToMutex.Get(statusUpdater.PolicyName()).Unlock()`
527 added comments and added a log 2020-03-07 16:23:17 +05:30			`oldStatus, _ := json.Marshal(status)`
			`newStatus, _ := json.Marshal(updatedStatus)`

			`glog.V(4).Infof("\nupdated status of policy - %v\noldStatus:\n%v\nnewStatus:\n%v\n", statusUpdater.PolicyName(), string(oldStatus), string(newStatus))`
527 stopCh changes 2020-02-29 17:19:00 +05:30			`case <-stopCh:`
527 save commit 2020-02-25 20:55:07 +05:30			`return`
			`}`
			`}`
			`}`

527 added comments and added a log 2020-03-07 16:23:17 +05:30			`// updatePolicyStatus updates the status in the policy resource definition`
			`//from the status cache, syncing them`
527 save commit 2020-02-25 20:55:07 +05:30			`func (s *Sync) updatePolicyStatus() {`
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`s.cache.dataMu.Lock()`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`var nameToStatus = make(map[string]v1.PolicyStatus, len(s.cache.data))`
			`for k, v := range s.cache.data {`
527 save commit 2020-02-25 20:55:07 +05:30			`nameToStatus[k] = v`
			`}`
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`s.cache.dataMu.Unlock()`
527 save commit 2020-02-25 20:55:07 +05:30
			`for policyName, status := range nameToStatus {`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`policy, err := s.policyStore.Get(policyName)`
527 save commit 2020-02-25 20:55:07 +05:30			`if err != nil {`
			`continue`
			`}`
			`policy.Status = status`
			`_, err = s.client.KyvernoV1().ClusterPolicies().UpdateStatus(policy)`
			`if err != nil {`
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`s.cache.dataMu.Lock()`
527 redesigned implementation so that package variables are not used across packages 2020-03-04 15:45:20 +05:30			`delete(s.cache.data, policyName)`
527 optimised lock implementation 2020-03-07 14:56:42 +05:30			`s.cache.dataMu.Unlock()`
527 save commit 2020-02-25 20:55:07 +05:30			`glog.V(4).Info(err)`
			`}`
			`}`
			`}`