Allow disabling cross-namespace event sources

Introduce the flag `--no-cross-namespace-refs` (defaults to false) for allowing cluster admins to disable cross-namespace event sources for alerts.

Signed-off-by: Stefan Prodan <[email protected]>

api/go.mod

@@ -4,7 +4,7 @@ go 1.17
 
 require (
 	github.com/fluxcd/pkg/apis/meta v0.10.2
-	k8s.io/apimachinery v0.23.0
+	k8s.io/apimachinery v0.23.1
 	sigs.k8s.io/controller-runtime v0.11.0
 )
 

api/go.sum

@@ -566,6 +566,7 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211215060638-4ddde0e984e9 h1:kmreh1vGI63l2FxOAYS3Yv6ATsi7lSTuwNSVbGfJV9I=
 golang.org/x/net v0.0.0-20211215060638-4ddde0e984e9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -893,8 +894,9 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 k8s.io/api v0.23.0 h1:WrL1gb73VSC8obi8cuYETJGXEoFNEh3LU0Pt+Sokgro=
 k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg=
 k8s.io/apiextensions-apiserver v0.23.0/go.mod h1:xIFAEEDlAZgpVBl/1VSjGDmLoXAWRG40+GsWhKhAxY4=
-k8s.io/apimachinery v0.23.0 h1:mIfWRMjBuMdolAWJ3Fd+aPTMv3X9z+waiARMpvvb0HQ=
 k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc=
+k8s.io/apimachinery v0.23.1 h1:sfBjlDFwj2onG0Ijx5C+SrAoeUscPrmghm7wHP+uXlo=
+k8s.io/apimachinery v0.23.1/go.mod h1:SADt2Kl8/sttJ62RRsi9MIV4o8f5S3coArm0Iu3fBno=
 k8s.io/apiserver v0.23.0/go.mod h1:Cec35u/9zAepDPPFyT+UMrgqOCjgJ5qtfVJDxjZYmt4=
 k8s.io/client-go v0.23.0/go.mod h1:hrDnpnK1mSr65lHHcUuIZIXDgEbzc7/683c6hyG4jTA=
 k8s.io/code-generator v0.23.0/go.mod h1:vQvOhDXhuzqiVfM/YHp+dmg10WDZCchJVObc9MvowsE=

controllers/event_handling_test.go

@@ -51,7 +51,7 @@ func TestEventHandler(t *testing.T) {
 		t.Fatalf("failed to create memory storage")
 	}
 
-	eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient)
+	eventServer := server.NewEventServer("127.0.0.1:56789", logf.Log, k8sClient, true)
 	stopCh := make(chan struct{})
 	go eventServer.ListenAndServe(stopCh, eventMdlw, store)
 
@@ -99,6 +99,15 @@ func TestEventHandler(t *testing.T) {
 					Name:      "hyacinth",
 					Namespace: namespace,
 				},
+				{
+					Kind: "Kustomization",
+					Name: "*",
+				},
+				{
+					Kind:      "Kustomization",
+					Name:      "*",
+					Namespace: "test",
+				},
 			},
 			ExclusionList: []string{
 				"doesnotoccur", // not intended to match
@@ -197,6 +206,28 @@ func TestEventHandler(t *testing.T) {
 				},
 				forwarded: false,
 			},
+			{
+				name: "forwards events when name wildcard is used",
+				modifyEventFunc: func(e events.Event) events.Event {
+					e.InvolvedObject.Kind = "Kustomization"
+					e.InvolvedObject.Name = "test"
+					e.InvolvedObject.Namespace = namespace
+					e.Message = "test"
+					return e
+				},
+				forwarded: true,
+			},
+			{
+				name: "drops events for cross-namespace sources",
+				modifyEventFunc: func(e events.Event) events.Event {
+					e.InvolvedObject.Kind = "Kustomization"
+					e.InvolvedObject.Name = "test"
+					e.InvolvedObject.Namespace = "test"
+					e.Message = "test"
+					return e
+				},
+				forwarded: false,
+			},
 		}
 
 		for _, tt := range tests {

controllers/suite_test.go

@@ -96,7 +96,7 @@ func TestMain(m *testing.M) {
 		panic(fmt.Sprintf("Failed to create restmapper: %v", restMapper))
 	}
 
-	poller := polling.NewStatusPoller(k8sClient, restMapper)
+	poller := polling.NewStatusPoller(k8sClient, restMapper, nil)
 	owner := ssa.Owner{
 		Field: "notification-controller",
 		Group: "notification-controller",

docs/spec/v1beta1/alert.md

@@ -102,6 +102,11 @@ spec:
 
 If you don't specify an event source namespace, the alert namespace will be used.
 
+> **Note** that on multi-tenant clusters, platform admins can disable cross-namespace references
+> with the `--no-cross-namespace-refs=true` flag. When this flag is set, alerts can only refer to
+> event sources in the same namespace as the alert object,
+> preventing tenants from subscribing to another tenant's events.
+
 You can add a summary to describe the impact of an event:
 
 ```yaml

go.mod

@@ -10,8 +10,8 @@ require (
 	github.com/containrrr/shoutrrr v0.4.4
 	github.com/fluxcd/notification-controller/api v0.20.1
 	github.com/fluxcd/pkg/apis/meta v0.11.0-rc.3
-	github.com/fluxcd/pkg/runtime v0.13.0-rc.6
-	github.com/fluxcd/pkg/ssa v0.9.0
+	github.com/fluxcd/pkg/runtime v0.13.0-rc.8
+	github.com/fluxcd/pkg/ssa v0.11.1
 	github.com/getsentry/sentry-go v0.11.0
 	github.com/go-logr/logr v1.2.2
 	github.com/google/go-github/v41 v41.0.0
@@ -27,11 +27,11 @@ require (
 	github.com/stretchr/testify v1.7.0
 	github.com/whilp/git-urls v1.0.0
 	github.com/xanzy/go-gitlab v0.54.3
-	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
-	k8s.io/api v0.23.0
-	k8s.io/apimachinery v0.23.0
-	k8s.io/client-go v0.23.0
-	sigs.k8s.io/cli-utils v0.26.1
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
+	k8s.io/api v0.23.1
+	k8s.io/apimachinery v0.23.1
+	k8s.io/client-go v0.23.1
+	sigs.k8s.io/cli-utils v0.27.0
 	sigs.k8s.io/controller-runtime v0.11.0
 )
 
@@ -69,7 +69,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.2.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
@@ -106,7 +106,6 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
-	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
@@ -126,6 +125,25 @@ require (
 	sigs.k8s.io/yaml v1.3.0
 )
 
+require (
+	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd // indirect
+	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
+	github.com/fluxcd/pkg/apis/acl v0.0.3 // indirect
+	github.com/google/btree v1.0.1 // indirect
+	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/kr/pretty v0.2.1 // indirect
+	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
+	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/moby/term v0.0.0-20210610120745-9d4ed1856297 // indirect
+	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
+	github.com/russross/blackfriday v1.5.2 // indirect
+	github.com/spf13/cobra v1.2.1 // indirect
+	k8s.io/kubectl v0.22.2 // indirect
+)
+
 // Fix for CVE-2020-29652: https://github.com/golang/crypto/commit/8b5274cf687fd9316b4108863654cc57385531e8
 // Fix for CVE-2021-43565: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083
 replace golang.org/x/crypto => golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3