Skip to content

Commit

Permalink
feat: only report allowed resources
Browse files Browse the repository at this point in the history
  • Loading branch information
dmaizel committed Jan 7, 2025
1 parent a8acb40 commit 34df7c2
Show file tree
Hide file tree
Showing 2 changed files with 88 additions and 0 deletions.
8 changes: 8 additions & 0 deletions event_reporter/reporter/application_event_reporter.go
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,10 @@ func (s *applicationEventReporter) processResource(
reportedEntityParentApp *ReportedEntityParentApp,
argoTrackingMetadata *ArgoTrackingMetadata,
) error {
if !isAllowedResource(rs) {
return nil
}

metricsEventType := metrics.MetricResourceEventType
if utils.IsApp(rs) {
metricsEventType = metrics.MetricChildAppEventType
Expand All @@ -363,6 +367,10 @@ func (s *applicationEventReporter) processResource(
return nil
}

if rs.Kind == "ConfigMap" && !isAllowedConfigMap(*actualState.Manifest) {
return nil
}

parentApplicationToReport, revisionMetadataToReport := s.getAppForResourceReporting(rs, ctx, logCtx, reportedEntityParentApp.app, reportedEntityParentApp.revisionsMetadata)

var originalAppRevisionMetadata *utils.AppSyncRevisionsMetadata = nil
Expand Down
80 changes: 80 additions & 0 deletions event_reporter/reporter/resource_utils.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
package reporter

import (
"encoding/json"

appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
)

type ResourceTypeKey struct {
Group string
Kind string
}

var allowedResourceTypes = map[ResourceTypeKey]bool{
// Kubernetes core resources
{Group: appsv1.GroupName, Kind: "ReplicaSet"}: true,
{Group: appsv1.GroupName, Kind: "Deployment"}: true,
{Group: appsv1.GroupName, Kind: "StatefulSet"}: true,
{Group: corev1.GroupName, Kind: "Service"}: true,
{Group: corev1.GroupName, Kind: "ConfigMap"}: true,

// Argo CD resources
{Group: "argoproj.io", Kind: "Application"}: true,
{Group: "argoproj.io", Kind: "ApplicationSet"}: true,

// Argo Rollouts resources
{Group: "argoproj.io", Kind: "Rollout"}: true,
{Group: "argoproj.io", Kind: "AnalysisRun"}: true,

// Argo Workflows resources
{Group: "argoproj.io", Kind: "Workflow"}: true,
{Group: "argoproj.io", Kind: "WorkflowTemplate"}: true,
{Group: "argoproj.io", Kind: "ClusterWorkflowTemplate"}: true,

// Argo Events resources
{Group: "argoproj.io", Kind: "Sensor"}: true,

// Codefresh resources
{Group: "codefresh.io", Kind: "Product"}: true,
{Group: "codefresh.io", Kind: "PromotionFlow"}: true,
{Group: "codefresh.io", Kind: "PromotionPolicy"}: true,
{Group: "codefresh.io", Kind: "PromotionTemplate"}: true,
{Group: "codefresh.io", Kind: "RestrictedGitSource"}: true,
}

const (
CODEFRESH_IO_ENTITY = "codefresh_io_entity"
GIT_PAT_OBTAINER_NAME = "git-pat-obtainer-name"
CODEFRESH_CM_NAME = "codefresh-cm"
)

func isAllowedResource(rs appv1.ResourceStatus) bool {
gvk := rs.GroupVersionKind()
resourceKey := ResourceTypeKey{
Group: gvk.Group,
Kind: gvk.Kind,
}

return allowedResourceTypes[resourceKey]
}

func isAllowedConfigMap(manifest string) bool {
var u unstructured.Unstructured
if err := json.Unmarshal([]byte(manifest), &u); err != nil {
return false
}

// Check if it's the codefresh-cm
if u.GetName() == CODEFRESH_CM_NAME {
return true
}

// Check for the git-pat-obtainer label
labels := u.GetLabels()
return labels != nil && labels[CODEFRESH_IO_ENTITY] == GIT_PAT_OBTAINER_NAME
}

0 comments on commit 34df7c2

Please sign in to comment.