Move genevalogging operator controller files into separate .confs wit…

…h goembed (Azure#3276)
mbarnes · Nov 10, 2023 · 19d053d · 19d053d
1 parent d0c6db7
commit 19d053d
Show file tree

Hide file tree

Showing 4 changed files with 178 additions and 97 deletions.
diff --git a/pkg/operator/controllers/genevalogging/const.go b/pkg/operator/controllers/genevalogging/const.go
@@ -3,109 +3,19 @@ package genevalogging
 // Copyright (c) Microsoft Corporation.
 // Licensed under the Apache License 2.0.
 
+import _ "embed"
+
 const (
 	kubeNamespace          = "openshift-azure-logging"
 	kubeServiceAccount     = "system:serviceaccount:" + kubeNamespace + ":geneva"
 	certificatesSecretName = "certificates"
 
 	GenevaCertName = "gcscert.pem"
 	GenevaKeyName  = "gcskey.pem"
+)
 
-	parsersConf = `
-[PARSER]
-	Name audit
-	Format json
-	Time_Key stageTimestamp
-	Time_Format %Y-%m-%dT%H:%M:%S.%L
-
-[PARSER]
-	Name containerpath
-	Format regex
-	Regex ^/var/log/containers/(?<POD>[^_]+)_(?<NAMESPACE>[^_]+)_(?<CONTAINER>.+)-(?<CONTAINER_ID>[0-9a-f]{64})\.log$
-
-[PARSER]
-	Name crio
-	Format regex
-	Regex ^(?<TIMESTAMP>[^ ]+) [^ ]+ [^ ]+ (?<MESSAGE>.*)$
-	Time_Key TIMESTAMP
-	Time_Format %Y-%m-%dT%H:%M:%S.%L
-`
-
-	fluentConf = `
-[SERVICE]
-	Parsers_File /etc/td-agent-bit/parsers.conf
-
-[INPUT]
-	Name systemd
-	Tag journald
-	DB /var/lib/fluent/journald
-
-[INPUT]
-	Name tail
-	Tag containers
-	Path /var/log/containers/*
-	Path_Key path
-	DB /var/lib/fluent/containers
-	Parser crio
-
-[INPUT]
-	Name tail
-	Tag audit
-	Path /var/log/kube-apiserver/audit.log
-	Path_Key path
-	DB /var/lib/fluent/audit
-	Parser audit
-
-[FILTER]
-	Name modify
-	Match journald
-	Remove_wildcard _
-	Remove TIMESTAMP
-	Remove SYSLOG_FACILITY
-
-[FILTER]
-	Name parser
-	Match containers
-	Key_Name path
-	Parser containerpath
-	Reserve_Data true
-
-[FILTER]
-	Name grep
-	Match containers
-	Regex NAMESPACE ^(?:default|kube-.*|openshift|(?!openshift-(logging|gitops|user-workload-monitoring|adp|distributed-tracing|cnv|serverless|pipelines|nfd))(openshift-.*))$
-
-[FILTER]
-	Name nest
-	Match audit
-	Operation lift
-	Nested_under user
-	Add_prefix user_
-
-[FILTER]
-	Name nest
-	Match audit
-	Operation lift
-	Nested_under impersonatedUser
-	Add_prefix impersonatedUser_
-
-[FILTER]
-	Name nest
-	Match audit
-	Operation lift
-	Nested_under responseStatus
-	Add_prefix responseStatus_
-
-[FILTER]
-	Name nest
-	Match audit
-	Operation lift
-	Nested_under objectRef
-	Add_prefix objectRef_
+//go:embed staticfiles/fluent.conf
+var fluentConf string
 
-[OUTPUT]
-	Name forward
-	Match *
-	Port 24224
-`
-)
+//go:embed staticfiles/parsers.conf
+var parsersConf string
diff --git a/pkg/operator/controllers/genevalogging/genevalogging_test.go b/pkg/operator/controllers/genevalogging/genevalogging_test.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/go-test/deep"
@@ -17,6 +18,7 @@ import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	ctrlfake "sigs.k8s.io/controller-runtime/pkg/client/fake"
@@ -248,3 +250,80 @@ func TestGenevaLoggingDaemonset(t *testing.T) {
 		})
 	}
 }
+
+func TestGenevaConfigMapResources(t *testing.T) {
+	tests := []struct {
+		name          string
+		request       ctrl.Request
+		operatorFlags arov1alpha1.OperatorFlags
+		validate      func([]runtime.Object) []error
+	}{
+		{
+			name: "enabled",
+			operatorFlags: arov1alpha1.OperatorFlags{
+				controllerEnabled: "true",
+			},
+			validate: func(r []runtime.Object) (errs []error) {
+				maps := make(map[string]*corev1.ConfigMap)
+				for _, i := range r {
+					if d, ok := i.(*corev1.ConfigMap); ok {
+						maps[d.Name] = d
+					}
+				}
+
+				c, ok := maps["fluent-config"]
+				if !ok {
+					errs = append(errs, errors.New("missing fluent-config"))
+				} else {
+					fConf := c.Data["fluent.conf"]
+					pConf := c.Data["parsers.conf"]
+
+					if !strings.Contains(fConf, "[INPUT]") {
+						errs = append(errs, errors.New("incorrect fluent-config fluent.conf"))
+					}
+
+					if !strings.Contains(pConf, "[PARSER]") {
+						errs = append(errs, errors.New("incorrect fluent-config parser.conf"))
+					}
+				}
+
+				return
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			instance := &arov1alpha1.Cluster{
+				ObjectMeta: metav1.ObjectMeta{Name: "cluster"},
+				Status:     arov1alpha1.ClusterStatus{Conditions: []operatorv1.OperatorCondition{}},
+				Spec: arov1alpha1.ClusterSpec{
+					ResourceID:    testdatabase.GetResourcePath("00000000-0000-0000-0000-000000000000", "testcluster"),
+					OperatorFlags: tt.operatorFlags,
+					ACRDomain:     "acrDomain",
+				},
+			}
+
+			scc := &securityv1.SecurityContextConstraints{
+				ObjectMeta: metav1.ObjectMeta{Name: "privileged"},
+			}
+
+			r := &Reconciler{
+				AROController: base.AROController{
+					Log:    logrus.NewEntry(logrus.StandardLogger()),
+					Client: ctrlfake.NewClientBuilder().WithObjects(instance, scc).Build(),
+					Name:   ControllerName,
+				},
+			}
+
+			out, err := r.resources(context.Background(), instance, []byte{}, []byte{})
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			errs := tt.validate(out)
+			for _, err := range errs {
+				t.Error(err)
+			}
+		})
+	}
+}
diff --git a/pkg/operator/controllers/genevalogging/staticfiles/fluent.conf b/pkg/operator/controllers/genevalogging/staticfiles/fluent.conf
@@ -0,0 +1,75 @@
+[SERVICE]
+	Parsers_File /etc/td-agent-bit/parsers.conf
+
+[INPUT]
+	Name systemd
+	Tag journald
+	DB /var/lib/fluent/journald
+
+[INPUT]
+	Name tail
+	Tag containers
+	Path /var/log/containers/*
+	Path_Key path
+	DB /var/lib/fluent/containers
+	Parser crio
+
+[INPUT]
+	Name tail
+	Tag audit
+	Path /var/log/kube-apiserver/audit.log
+	Path_Key path
+	DB /var/lib/fluent/audit
+	Parser audit
+
+[FILTER]
+	Name modify
+	Match journald
+	Remove_wildcard _
+	Remove TIMESTAMP
+	Remove SYSLOG_FACILITY
+
+[FILTER]
+	Name parser
+	Match containers
+	Key_Name path
+	Parser containerpath
+	Reserve_Data true
+
+[FILTER]
+	Name grep
+	Match containers
+	Regex NAMESPACE ^(?:default|kube-.*|openshift|(?!openshift-(logging|gitops|user-workload-monitoring|adp|distributed-tracing|cnv|serverless|pipelines|nfd))(openshift-.*))$
+
+[FILTER]
+	Name nest
+	Match audit
+	Operation lift
+	Nested_under user
+	Add_prefix user_
+
+[FILTER]
+	Name nest
+	Match audit
+	Operation lift
+	Nested_under impersonatedUser
+	Add_prefix impersonatedUser_
+
+[FILTER]
+	Name nest
+	Match audit
+	Operation lift
+	Nested_under responseStatus
+	Add_prefix responseStatus_
+
+[FILTER]
+	Name nest
+	Match audit
+	Operation lift
+	Nested_under objectRef
+	Add_prefix objectRef_
+
+[OUTPUT]
+	Name forward
+	Match *
+	Port 24224
diff --git a/pkg/operator/controllers/genevalogging/staticfiles/parsers.conf b/pkg/operator/controllers/genevalogging/staticfiles/parsers.conf
@@ -0,0 +1,17 @@
+[PARSER]
+	Name audit
+	Format json
+	Time_Key stageTimestamp
+	Time_Format %Y-%m-%dT%H:%M:%S.%L
+
+[PARSER]
+	Name containerpath
+	Format regex
+	Regex ^/var/log/containers/(?<POD>[^_]+)_(?<NAMESPACE>[^_]+)_(?<CONTAINER>.+)-(?<CONTAINER_ID>[0-9a-f]{64})\.log$
+
+[PARSER]
+	Name crio
+	Format regex
+	Regex ^(?<TIMESTAMP>[^ ]+) [^ ]+ [^ ]+ (?<MESSAGE>.*)$
+	Time_Key TIMESTAMP
+	Time_Format %Y-%m-%dT%H:%M:%S.%L