chore: refacto + fix

carvel-dev · Jul 10, 2023 · 761f901 · 761f901
1 parent 5046f03
commit 761f901
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 60 deletions.
diff --git a/pkg/apis/secretgen2/v1alpha1/secret_export.go b/pkg/apis/secretgen2/v1alpha1/secret_export.go
@@ -88,7 +88,7 @@ func (e SecretExport) Validate() error {
 	var errs []error
 
 	toNses := e.StaticToNamespaces()
-	toSmf := e.Spec.ToSelectorMatchFields
+	toSmf := e.Spec.ToNamespacesSelector
 
 	if len(toNses) == 0 && len(toSmf) == 0 {
 		errs = append(errs, fmt.Errorf("Expected to have at least one non-empty to namespace or to namespace annotation"))

diff --git a/pkg/sharing/secret_exports.go b/pkg/sharing/secret_exports.go
@@ -106,6 +106,67 @@ type NamespacesMatcher struct {
 	Selectors []sg2v1alpha1.SelectorMatchField
 }
 
+func (nm NamespacesMatcher) MatchNamespace(matcher SecretMatcher, log logr.Logger, k8sReader K8sReader) bool {
+
+	selectors := nm.Selectors
+	nsName := matcher.ToNamespace
+	query := types.NamespacedName{
+		Name: nsName,
+	}
+	namespace := corev1.Namespace{}
+	err := k8sReader.Get(matcher.Ctx, query, &namespace)
+
+	jsonNsString, _ := json.Marshal(namespace)
+	var jsonNsObject interface{}
+	json.Unmarshal(jsonNsString, &jsonNsObject)
+
+	if err != nil {
+		log.Error(err, fmt.Sprintf("failed to get namespace %s", nsName))
+	}
+	for _, s := range selectors {
+		jp := jsonpath.New("jsonpath")
+
+		jsonPathKey := "{." + s.Key + "}"
+		err := jp.Parse(jsonPathKey)
+		if err != nil {
+			log.Error(err, fmt.Sprintf("invalid jsonpath: %s", jsonPathKey))
+			return false
+		}
+		var valueBuffer bytes.Buffer
+		err = jp.Execute(&valueBuffer, jsonNsObject)
+		value := valueBuffer.String()
+
+		switch s.Operator {
+		case sg2v1alpha1.SelectorOperatorIn:
+			found := false
+			for _, svalue := range s.Values {
+				if svalue == value {
+					found = true
+					break
+				}
+			}
+			if !found {
+				return false
+			}
+		case sg2v1alpha1.SelectorOperatorNotIn:
+			for _, svalue := range s.Values {
+				if svalue == value {
+					return false
+				}
+			}
+		case sg2v1alpha1.SelectorOperatorExists:
+			if value != "" {
+				return false
+			}
+		case sg2v1alpha1.SelectorOperatorDoesNotExist:
+			if value != "" {
+				return false
+			}
+		}
+	}
+	return true
+}
+
 // MatchedSecretsForImport filters secrets export cache by the given criteria.
 // Returned order (last in the array is most specific):
 //   - secret with highest weight? (default weight=0), or
@@ -165,7 +226,7 @@ func newExportedSecret(export *sg2v1alpha1.SecretExport, secret *corev1.Secret)
 		secret = secret.DeepCopy()
 	}
 
-	namespacesMatcher := NamespacesMatcher{Selectors: export.Spec.ToSelectorMatchFields}
+	namespacesMatcher := NamespacesMatcher{Selectors: export.Spec.ToNamespacesSelector}
 
 	return exportedSecret{export.DeepCopy(), secret, namespacesMatcher}
 }
@@ -204,69 +265,13 @@ func (es exportedSecret) Matches(matcher SecretMatcher, nsIsExcludedFromWildcard
 	}
 
 	namespacesMatcher := es.namespacesMatcher
-	selectors := namespacesMatcher.Selectors
 
 	if es.matchesNamespace(matcher.ToNamespace, nsIsExcludedFromWildcard) {
 		return true
 	}
 
-	if len(selectors) > 0 {
-		nsName := matcher.ToNamespace
-		query := types.NamespacedName{
-			Name: nsName,
-		}
-		namespace := corev1.Namespace{}
-		err := k8sReader.Get(matcher.Ctx, query, &namespace)
-
-		jsonNsString, _ := json.Marshal(namespace)
-		var jsonNsObject interface{}
-		json.Unmarshal(jsonNsString, &jsonNsObject)
-
-		if err != nil {
-			log.Error(err, fmt.Sprintf("failed to get namespace %s", nsName))
-		}
-		for _, s := range selectors {
-			jp := jsonpath.New("jsonpath")
-
-			jsonPathKey := "{." + s.Key + "}"
-			err := jp.Parse(jsonPathKey)
-			if err != nil {
-				log.Error(err, fmt.Sprintf("invalid jsonpath: %s", jsonPathKey))
-				return false
-			}
-			var valueBuffer bytes.Buffer
-			err = jp.Execute(&valueBuffer, jsonNsObject)
-			value := valueBuffer.String()
-
-			switch s.Operator {
-			case sg2v1alpha1.SelectorOperatorIn:
-				found := false
-				for _, svalue := range s.Values {
-					if svalue == value {
-						found = true
-						break
-					}
-				}
-				if !found {
-					return false
-				}
-			case sg2v1alpha1.SelectorOperatorNotIn:
-				for _, svalue := range s.Values {
-					if svalue == value {
-						return false
-					}
-				}
-			case sg2v1alpha1.SelectorOperatorExists:
-				if value != "" {
-					return false
-				}
-			case sg2v1alpha1.SelectorOperatorDoesNotExist:
-				if value != "" {
-					return false
-				}
-			}
-		}
-		return true
+	if len(namespacesMatcher.Selectors) > 0 {
+		return namespacesMatcher.MatchNamespace(matcher, log, k8sReader)
 	}
 
 	return false