Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #59 #70

Closed
wants to merge 2 commits into from
Closed

Fixes #59 #70

wants to merge 2 commits into from

Conversation

seungsoo-lee
Copy link
Collaborator

Description

Fixes #59

Does this PR introduce a breaking change?

Checklist

  • PR title follows the <type>: <description> convention
  • I use conventional commits in my commit messages
  • I have updated the documentation accordingly
  • I Keep It Small and Simple: The smaller the PR is, the easier it is to review and have it merged
  • I have performed a self-review of my code
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Additional information for reviewer

Mention if this PR is part of any design or a continuation of previous PRs

@anurag-rajawat
Copy link
Collaborator

Create SI and SIB

kubectl apply -f examples/namespaced/pkg-mgr-exec-si-sib.yaml

and during its creation I'm getting following error:

2024-02-22T15:23:06+05:30       INFO    SecurityIntent found    {"controller": "securityintent", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntent", "SecurityIntent": {"name":"pkg-mgr-execution"}, "namespace": "", "name": "pkg-mgr-execution", "reconcileID": "b40d0ac3-573c-455e-ad5a-6b48ad47d587", "SecurityIntent.Name": "pkg-mgr-execution"}
2024-02-22T15:23:06+05:30       INFO    SecurityIntentBinding found     {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "39b3f029-28a4-41e1-8e1d-c0778592b0ef", "SecurityIntentBinding.Name": "pkg-mgr-execution-binding", "SecurityIntentBinding.Namespace": "default"}
2024-02-22T15:23:06+05:30       INFO    Building NimbusPolicy   {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "39b3f029-28a4-41e1-8e1d-c0778592b0ef"}
2024-02-22T15:23:06+05:30       INFO    NimbusPolicy built successfully {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "39b3f029-28a4-41e1-8e1d-c0778592b0ef", "NimbusPolicy.Name": "pkg-mgr-execution-binding", "NimbusPolicy.Namespace": "default"}
2024-02-22T15:23:06+05:30       INFO    NimbusPolicy created    {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "39b3f029-28a4-41e1-8e1d-c0778592b0ef", "NimbusPolicy.Name": "pkg-mgr-execution-binding", "NimbusPolicy.Namespace": "default"}
2024-02-22T15:23:06+05:30       ERROR   Reconciler error        {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "39b3f029-28a4-41e1-8e1d-c0778592b0ef", "error": "Operation cannot be fulfilled on securityintentbindings.intent.security.nimbus.com \"pkg-mgr-execution-binding\": the object has been modified; please apply your changes to the latest version and try again"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:329
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227
2024-02-22T15:23:06+05:30       INFO    SecurityIntentBinding found     {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "6932a5ef-1ffe-4375-83dd-6050e36492ff", "SecurityIntentBinding.Name": "pkg-mgr-execution-binding", "SecurityIntentBinding.Namespace": "default"}
2024-02-22T15:23:06+05:30       INFO    Building NimbusPolicy   {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "6932a5ef-1ffe-4375-83dd-6050e36492ff"}
2024-02-22T15:23:06+05:30       INFO    NimbusPolicy built successfully {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "6932a5ef-1ffe-4375-83dd-6050e36492ff", "NimbusPolicy.Name": "pkg-mgr-execution-binding", "NimbusPolicy.Namespace": "default"}
2024-02-22T15:23:06+05:30       INFO    NimbusPolicy configured {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "6932a5ef-1ffe-4375-83dd-6050e36492ff", "NimbusPolicy.Name": "pkg-mgr-execution-binding", "NimbusPolicy.Namespace": "default"}

and while deletion:

kubectl delete -f examples/namespaced/pkg-mgr-exec-si-sib.yaml
2024-02-22T15:24:27+05:30       INFO    SecurityIntent not found. Ignoring since object must be deleted {"controller": "securityintent", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntent", "SecurityIntent": {"name":"pkg-mgr-execution"}, "namespace": "", "name": "pkg-mgr-execution", "reconcileID": "8b6e1a95-b94b-4490-ac16-3727de4db68a"}
2024-02-22T15:24:27+05:30       INFO    SecurityIntentBinding found     {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "73dfcaeb-905a-4536-8ff7-46f78c064712", "SecurityIntentBinding.Name": "pkg-mgr-execution-binding", "SecurityIntentBinding.Namespace": "default"}
2024-02-22T15:24:27+05:30       INFO    Building NimbusPolicy   {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "73dfcaeb-905a-4536-8ff7-46f78c064712"}
2024-02-22T15:24:27+05:30       ERROR   failed to build NimbusPolicy    {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "73dfcaeb-905a-4536-8ff7-46f78c064712", "error": "no SecurityIntents found in the cluster"}
github.com/5GSEC/nimbus/internal/controller.(*SecurityIntentBindingReconciler).updateNp
        /Users/anurag/workspace/nimbus/internal/controller/securityintentbinding_controller.go:181
github.com/5GSEC/nimbus/internal/controller.(*SecurityIntentBindingReconciler).createOrUpdateNp
        /Users/anurag/workspace/nimbus/internal/controller/securityintentbinding_controller.go:137
github.com/5GSEC/nimbus/internal/controller.(*SecurityIntentBindingReconciler).Reconcile
        /Users/anurag/workspace/nimbus/internal/controller/securityintentbinding_controller.go:58
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:119
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:316
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227
2024-02-22T15:24:27+05:30       ERROR   Reconciler error        {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "73dfcaeb-905a-4536-8ff7-46f78c064712", "error": "no SecurityIntents found in the cluster"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:329
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /Users/anurag/.local/share/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227
2024-02-22T15:24:27+05:30       INFO    SecurityIntentBinding not found. Ignoring since object must be deleted  {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "c73ec5af-6cc9-4534-8d3a-8328084931f8"}
2024-02-22T15:24:27+05:30       INFO    NimbusPolicy deleted due to SecurityIntentBinding deletion      {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "c73ec5af-6cc9-4534-8d3a-8328084931f8", "NimbusPolicy.Name": "pkg-mgr-execution-binding", "NimbusPolicy.Namespace": "default", "SecurityIntentBinding.Name": "pkg-mgr-execution-binding", "SecurityIntentBinding.Namespace": "default"}
2024-02-22T15:24:27+05:30       INFO    SecurityIntentBinding not found. Ignoring since object must be deleted  {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "87b25666-20f9-498d-ba3e-a523b02dae78"}
2024-02-22T15:24:27+05:30       INFO    NimbusPolicy deleted due to SecurityIntentBinding deletion      {"controller": "securityintentbinding", "controllerGroup": "intent.security.nimbus.com", "controllerKind": "SecurityIntentBinding", "SecurityIntentBinding": {"name":"pkg-mgr-execution-binding","namespace":"default"}, "namespace": "default", "name": "pkg-mgr-execution-binding", "reconcileID": "87b25666-20f9-498d-ba3e-a523b02dae78", "NimbusPolicy.Name": "pkg-mgr-execution-binding", "NimbusPolicy.Namespace": "default", "SecurityIntentBinding.Name": "pkg-mgr-execution-binding", "SecurityIntentBinding.Namespace": "default"}

@anurag-rajawat
Copy link
Collaborator

Please only fix the crash due to an invalid CEL expression. We have a dedicated issue to handle the SI deletion.

@b0m313 b0m313 deleted the fig_bug_2 branch March 12, 2024 06:01
@b0m313 b0m313 restored the fig_bug_2 branch March 12, 2024 06:01
@b0m313 b0m313 deleted the fig_bug_2 branch March 12, 2024 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anurag-rajawat anurag-rajawat Awaiting requested review from anurag-rajawat

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Core]: Nimbus crashes on updating CEL for the resource which is not present
3 participants
@seungsoo-lee @anurag-rajawat @b0m313