Merge branch 'GoogleCloudPlatform:master' into mockgcp_test_bigqueryd…

…atasetaccess

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_firestoredatabases.firestore.cnrm.cloud.google.com.yaml

@@ -89,7 +89,7 @@ spec:
                 properties:
                   external:
                     description: The `projectID` field of a project, when not managed
-                      by KCC.
+                      by Config Connector.
                     type: string
                   kind:
                     description: The kind of the Project resource; optional but must

dev/ci/periodics/e2e-service-cloudkms

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+cd ${REPO_ROOT}
+
+export ONLY_TEST_APIGROUP=kms.cnrm.cloud.google.com
+
+dev/ci/periodics/_create_project_and_run_e2e

dev/tasks/create-test-project

@@ -55,6 +55,7 @@ gcloud config set project "${GCP_PROJECT_ID}"
 gcloud services enable \
   compute.googleapis.com \
   dataflow.googleapis.com \
+  cloudkms.googleapis.com \
   logging.googleapis.com \
   monitoring.googleapis.com \
   redis.googleapis.com \

docs/releasenotes/release-1.122.md

@@ -1,26 +1,28 @@
 # v1.122.0
 
-** This version is not yet released; this document is gathering release notes for the future release **
+* Special shout-outs to @600lyy, @acpana, @anhdle-sso, @barney-s, @CyberHippo, @gemmahou, @haiyanmeng, @hankfreund, @himanikh, @jasonvigil, @jingyih, @justinsb, @maqiuyujoyce, @marko7460, @xiaoweim, @yuwenma, @ziyue-101 for their contributions to this release.
 
-* ...
+## Direct Cloud Reconciler:
 
-* Special shout-outs to ... for their
-  contributions to this release.
-TODO: list contributors with `git log v1.121.0... | grep Merge | grep from | awk '{print $6}' | cut -d '/' -f 1 | sort | uniq`
+* `RedisCluster` (v1alpha1)
+* `SQLInstance`
 
-## Resources promoted from alpha to beta:
+## New Resources:
 
-*When resources are promoted from alpha to beta, we (generally) ensure they follow our best practices: use of refs on fields where appropriate,
-output fields from GCP APIs are in `status.observedState.*`
+* Added support for `RedisCluster` (v1alpha1) resource.
 
-* `PlaceholderKind`
+## New Fields:
 
-## New Resources:
+* `ContainerCluster`
+  * The `spec.nodeConfig.taint` can be updated.
 
-* Added support for `PlaceholderKind` (v1beta1) resource.
+* `ContainerNodePool`
+  * The `spec.nodeConfig.taint` can be updated.
 
-## New Fields:
+* `SQLInstance`
+  * Add the `spec.cloneSource`.
+
+* `RunJob`
+  * Add the `spec.template.template.volumes[].cloudSqlInstance`
 
-* PlaceholderKind
-  * Added `spec.placeholder` field.
 

docs/releasenotes/release-1.123.md

@@ -0,0 +1,26 @@
+# v1.123.0
+
+** This version is not yet released; this document is gathering release notes for the future release **
+
+* ...
+
+* Special shout-outs to ... for their
+  contributions to this release.
+TODO: list contributors with `git log v1.122.0... | grep Merge | grep from | awk '{print $6}' | cut -d '/' -f 1 | sort | uniq`
+
+## Resources promoted from alpha to beta:
+
+*When resources are promoted from alpha to beta, we (generally) ensure they follow our best practices: use of refs on fields where appropriate,
+output fields from GCP APIs are in `status.observedState.*`
+
+* `PlaceholderKind`
+
+## New Resources:
+
+* Added support for `PlaceholderKind` (v1beta1) resource.
+
+## New Fields:
+
+* PlaceholderKind
+  * Added `spec.placeholder` field.
+

go.mod

@@ -26,6 +26,7 @@ require (
 	github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp v0.0.0-20240614222432-4bde5b345380
 	github.com/appscode/jsonpatch v0.0.0-20190108182946-7c0e3b262f30
 	github.com/blang/semver v3.5.1+incompatible
+	github.com/blang/semver/v4 v4.0.0
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/fatih/color v1.17.0
 	github.com/ghodss/yaml v1.0.0
@@ -97,7 +98,6 @@ require (
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect

mockgcp/mocksql/sqlinstance.go

@@ -95,13 +95,9 @@ func (s *sqlInstancesService) Insert(ctx context.Context, req *pb.SqlInstancesIn
 	fqn := name.String()
 	now := time.Now()
 
-	region := "us-central1"
-	zone := "us-central1-a"
-
 	obj := proto.Clone(req.GetBody()).(*pb.DatabaseInstance)
 	obj.Name = name.InstanceName
 	obj.Project = name.Project.ID
-	obj.Region = region
 
 	obj.SelfLink = fmt.Sprintf("https://sqladmin.googleapis.com/sql/v1beta4/projects/%s/instances/%s",
 		name.Project.ID, name.InstanceName)
@@ -112,8 +108,6 @@ func (s *sqlInstancesService) Insert(ctx context.Context, req *pb.SqlInstancesIn
 		return nil, err
 	}
 
-	obj.GceZone = zone
-
 	// By default, allocate a public IP for the instance.
 	shouldAllocatePublicIP := true
 	// By default, do not allocate a private IP for the instance.
@@ -172,7 +166,9 @@ func (s *sqlInstancesService) Insert(ctx context.Context, req *pb.SqlInstancesIn
 
 	obj.ServiceAccountEmailAddress = fmt.Sprintf("p%[email protected]", name.Project.Number)
 
-	populateDefaults(obj, zone)
+	populateDefaults(obj)
+
+	obj.GceZone = obj.Settings.LocationPreference.Zone
 
 	obj.Settings.SettingsVersion = wrapperspb.Int64(1)
 
@@ -510,7 +506,7 @@ func setDatabaseVersionDefaults(obj *pb.DatabaseInstance) error {
 	return nil
 }
 
-func populateDefaults(obj *pb.DatabaseInstance, zone string) {
+func populateDefaults(obj *pb.DatabaseInstance) {
 	if obj.InstanceType == pb.SqlInstanceType_SQL_INSTANCE_TYPE_UNSPECIFIED {
 		obj.InstanceType = pb.SqlInstanceType_CLOUD_SQL_INSTANCE
 	}
@@ -575,13 +571,12 @@ func populateDefaults(obj *pb.DatabaseInstance, zone string) {
 		}
 	}
 
-	locationPreference := settings.LocationPreference
-	if locationPreference == nil {
-		locationPreference = &pb.LocationPreference{}
-		settings.LocationPreference = locationPreference
+	if settings.LocationPreference == nil {
+		settings.LocationPreference = &pb.LocationPreference{
+			Kind: "sql#locationPreference",
+			Zone: obj.Region + "-a",
+		}
 	}
-	locationPreference.Kind = "sql#locationPreference"
-	locationPreference.Zone = zone
 
 	backupConfiguration := settings.BackupConfiguration
 	if backupConfiguration == nil {
@@ -739,7 +734,7 @@ func (s *sqlInstancesService) Update(ctx context.Context, req *pb.SqlInstancesUp
 	obj.State = existing.State
 	obj.UpgradableDatabaseVersions = existing.UpgradableDatabaseVersions
 
-	populateDefaults(obj, existing.GetSettings().GetLocationPreference().GetZone())
+	populateDefaults(obj)
 
 	obj.Settings.SettingsVersion = wrapperspb.Int64(existing.GetSettings().GetSettingsVersion().GetValue() + 1)
 

operator/scripts/update-kcc-manifest/main.go

@@ -23,13 +23,15 @@ import (
 	"os"
 	"path"
 	"regexp"
+	"sort"
 	"strings"
 
 	"sigs.k8s.io/kubebuilder-declarative-pattern/pkg/patterns/addon/pkg/loaders"
 
 	"github.com/GoogleCloudPlatform/k8s-config-connector/operator/pkg/k8s"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/operator/pkg/test/util/paths"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/operator/scripts/utils"
+	"github.com/blang/semver/v4"
 )
 
 const (
@@ -233,7 +235,7 @@ func main() {
 	}
 	log.Printf("successfully updated the version annotation in %v for autopilot kustomization\n", kustomizationFilePath)
 
-	//remove the stale manifest
+	//Update the stable version
 	r := loaders.NewFSRepository(path.Join(operatorSrcRoot, loaders.FlagChannel))
 	channel, err := r.LoadChannel(ctx, k8s.StableChannel)
 	if err != nil {
@@ -243,10 +245,11 @@ func main() {
 	if err != nil {
 		log.Fatal(fmt.Errorf("error resolving the current version: %w", err))
 	}
-	if currentVersion.Version == version {
-		log.Printf("the current KCC version is the same as the latest version %v\n", version)
-		return
-	}
+	/*
+		if currentVersion.Version == version {
+			log.Printf("the current KCC version is the same as the latest version %v\n", version)
+			return
+		}*/
 	stableFilePath := path.Join(operatorSrcRoot, "channels", "stable")
 	b, err = ioutil.ReadFile(stableFilePath)
 	if err != nil {
@@ -268,16 +271,89 @@ func main() {
 		log.Fatalf("error updating file %v", stableFilePath)
 	}
 
-	staleManifestDir := path.Join(operatorSrcRoot, "channels", "packages", "configconnector", currentVersion.Version)
-	log.Printf("removing stale manifest %v", staleManifestDir)
-	if err := os.RemoveAll(staleManifestDir); err != nil {
-		log.Fatal(fmt.Errorf("error deleting dir %v: %w", staleManifestDir, err))
+	channelDir := path.Join(operatorSrcRoot, "channels", "packages", "configconnector")
+	if err := dropStalePackages(channelDir); err != nil {
+		log.Fatalf("drop stale packages: %s", err)
+	}
+	autoPilotChannelDir := path.Join(operatorSrcRoot, "autopilot-channels", "packages", "configconnector")
+	if err := dropStalePackages(autoPilotChannelDir); err != nil {
+		log.Fatalf("drop stale packages: %s", err)
+	}
+}
+
+func dropStalePackages(pacakgesPath string) error {
+	dirEntries, _ := os.ReadDir(pacakgesPath)
+
+	totalReleases := Releases{}
+	for _, entry := range dirEntries {
+		if entry.IsDir() {
+			totalReleases = append(totalReleases, entry.Name())
+		} else {
+			log.Printf("found unknown file %s under %s\n", entry.Name(), pacakgesPath)
+		}
+	}
+
+	// Support the latest 3 minor versions with their latest patch
+	supported := totalReleases.StablePatchAtTopMinor(3)
+
+	// Drop older versions
+	for _, r := range totalReleases {
+		shouldKeep := false
+		for _, s := range supported {
+			if r == s {
+				shouldKeep = true
+				break
+			}
+		}
+		if shouldKeep {
+			continue
+		}
+		staleManifestDir := path.Join(pacakgesPath, r)
+		log.Printf("removing stale manifest %v", staleManifestDir)
+		if err := os.RemoveAll(staleManifestDir); err != nil {
+			log.Fatal(fmt.Errorf("error deleting dir %v: %w", staleManifestDir, err))
+		}
+	}
+	return nil
+}
+
+type Releases []string
+
+type minor int
+
+type patches []int
+
+// StablePatchAtTopMinor returns the latest `n` semver2 Minor releases with their latest semver2 Patch.
+// For example, if the total releases are 1.121.2, 1.121.1, 1.121.0, 1.120.1, 1.120.0, 1.119.3, 1.119.2, 1.119.1, 1.119.0, 1.118.0, and n is 3, the top 3 stable versions are 1.121.2, 1.120.1, 1.119.3
+func (r Releases) StablePatchAtTopMinor(n int) []string {
+	minorPatchesMap := map[minor]patches{}
+	totalMinors := []int{}
+	for _, release := range r {
+		v, err := semver.ParseTolerant(release)
+		if err != nil {
+			log.Printf("skipping unknown package version %q", release)
+		}
+		m := minor(v.Minor)
+		if _, ok := minorPatchesMap[m]; ok {
+			minorPatchesMap[m] = append(minorPatchesMap[m], int(v.Patch))
+		} else {
+			totalMinors = append(totalMinors, int(m))
+			minorPatchesMap[m] = patches{int(v.Patch)}
+		}
+	}
+	sort.Sort(sort.IntSlice(totalMinors))
+	if len(totalMinors) > n {
+		totalMinors = totalMinors[len(totalMinors)-n:]
 	}
-	staleManifestDir = path.Join(operatorSrcRoot, "autopilot-channels", "packages", "configconnector", currentVersion.Version)
-	log.Printf("removing stale manifest %v", staleManifestDir)
-	if err := os.RemoveAll(staleManifestDir); err != nil {
-		log.Fatal(fmt.Errorf("error deleting dir %v: %w", staleManifestDir, err))
+	supportedVersions := []string{}
+	for _, m := range totalMinors {
+		patches := minorPatchesMap[minor(m)]
+		sort.Sort(sort.IntSlice(patches))
+		v := semver.Version{Major: 1, Minor: uint64(m), Patch: uint64(patches[len(patches)-1])}
+		supportedVersions = append(supportedVersions, v.String())
 	}
+	return supportedVersions
+
 }
 
 func kustomizeBuild(operatorSrcRoot string) {

pkg/controller/direct/directbase/directbase_controller.go

@@ -222,7 +222,9 @@ func (r *reconcileContext) doReconcile(ctx context.Context, u *unstructured.Unst
 
 		// add finalizers for deletion defender to make sure we don't delete cloud provider resources when uninstalling
 		if u.GetDeletionTimestamp().IsZero() {
-			k8s.EnsureFinalizers(u, k8s.ControllerFinalizerName, k8s.DeletionDefenderFinalizerName)
+			if err := r.ensureFinalizers(ctx, u); err != nil {
+				return false, nil
+			}
 		}
 
 		return false, nil
@@ -282,7 +284,9 @@ func (r *reconcileContext) doReconcile(ctx context.Context, u *unstructured.Unst
 		return false, r.handleDeleted(ctx, u)
 	}
 
-	k8s.EnsureFinalizers(u, k8s.ControllerFinalizerName, k8s.DeletionDefenderFinalizerName)
+	if err := r.ensureFinalizers(ctx, u); err != nil {
+		return false, err
+	}
 
 	// set the etag to an empty string, since IAMPolicy is the authoritative intent, KCC wants to overwrite the underlying policy regardless
 	//policy.Spec.Etag = ""
@@ -312,6 +316,21 @@ func (r *reconcileContext) doReconcile(ctx context.Context, u *unstructured.Unst
 	return false, nil
 }
 
+// ensureFinalizers will apply our finalizers to the object if they are not present.
+// We update the kube-apiserver immediately if any changes are needed.
+func (r *reconcileContext) ensureFinalizers(ctx context.Context, u *unstructured.Unstructured) error {
+	if k8s.EnsureFinalizers(u, k8s.ControllerFinalizerName, k8s.DeletionDefenderFinalizerName) {
+		// No change
+		return nil
+	}
+
+	if err := r.Reconciler.Client.Update(ctx, u); err != nil {
+		return fmt.Errorf("updating finalizers: %w", err)
+	}
+
+	return nil
+}
+
 func (r *reconcileContext) handleUpToDate(ctx context.Context, u *unstructured.Unstructured) error {
 	resource, err := toK8sResource(u)
 	if err != nil {

pkg/controller/direct/firestore/firestoredatabase_mappings.go

@@ -26,10 +26,10 @@ func FirestoreDatabaseObservedState_FromProto(mapCtx *direct.MapContext, in *pb.
 	}
 	out := &krm.FirestoreDatabaseObservedState{}
 	out.Uid = direct.LazyPtr(in.GetUid())
-	out.CreateTime = direct.ToOpenAPIDateTime(in.GetCreateTime())
-	out.UpdateTime = direct.ToOpenAPIDateTime(in.GetUpdateTime())
+	out.CreateTime = direct.StringTimestamp_FromProto(mapCtx, in.GetCreateTime())
+	out.UpdateTime = direct.StringTimestamp_FromProto(mapCtx, in.GetUpdateTime())
 	out.VersionRetentionPeriod = direct.Duration_FromProto(mapCtx, in.GetVersionRetentionPeriod())
-	out.EarliestVersionTime = direct.ToOpenAPIDateTime(in.GetEarliestVersionTime())
+	out.EarliestVersionTime = direct.StringTimestamp_FromProto(mapCtx, in.GetEarliestVersionTime())
 	out.KeyPrefix = direct.LazyPtr(in.GetKeyPrefix())
 	out.Etag = direct.LazyPtr(in.GetEtag())
 	return out