From b88bdb90f67d503c515e75c139662ce5beacba7c Mon Sep 17 00:00:00 2001
From: RoyUP9 <87927115+RoyUP9@users.noreply.github.com>
Date: Thu, 6 Jan 2022 12:04:58 +0200
Subject: [PATCH] Fixed standalone config, small refactor (#589)

---
 agent/pkg/controllers/config_controller.go | 12 ++++++++----
 agent/pkg/routes/config_routes.go          |  2 ++
 cli/cmd/install.go                         |  9 +++++++++
 cli/cmd/installRunner.go                   |  4 ----
 cli/cmd/tapRunner.go                       |  1 -
 cli/resources/createResources.go           | 20 ++++++++++++--------
 shared/kubernetes/consts.go                |  4 ++--
 7 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/agent/pkg/controllers/config_controller.go b/agent/pkg/controllers/config_controller.go
index 11c931bb8..bd7b0cc96 100644
--- a/agent/pkg/controllers/config_controller.go
+++ b/agent/pkg/controllers/config_controller.go
@@ -50,7 +50,9 @@ func PostTapConfig(c *gin.Context) {
 		c.JSON(http.StatusInternalServerError, err)
 		return
 	}
+
 	ctx, cancel := context.WithCancel(context.Background())
+
 	if _, err := startMizuTapperSyncer(ctx, kubernetesProvider, tappedNamespaces, *podRegex, []string{}, tapApi.TrafficFilteringOptions{}, false); err != nil {
 		c.JSON(http.StatusInternalServerError, err)
 		cancel()
@@ -69,25 +71,27 @@ func GetTapConfig(c *gin.Context) {
 		c.JSON(http.StatusInternalServerError, err)
 		return
 	}
+
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
+
 	namespaces, err := kubernetesProvider.ListAllNamespaces(ctx)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, err)
 		return
 	}
 
+	tappedNamespaces := make(map[string]bool)
 	for _, namespace := range namespaces {
 		if namespace.Name == config.Config.MizuResourcesNamespace {
 			continue
 		}
 
-		if _, ok := globalTapConfig.TappedNamespaces[namespace.Name]; !ok {
-			globalTapConfig.TappedNamespaces[namespace.Name] = false
-		}
+		tappedNamespaces[namespace.Name] = globalTapConfig.TappedNamespaces[namespace.Name]
 	}
 
-	c.JSON(http.StatusOK, globalTapConfig)
+	tapConfig := models.TapConfig{TappedNamespaces: tappedNamespaces}
+	c.JSON(http.StatusOK, tapConfig)
 }
 
 func startMizuTapperSyncer(ctx context.Context, provider *kubernetes.Provider, targetNamespaces []string, podFilterRegex regexp.Regexp, ignoredUserAgents []string, mizuApiFilteringOptions tapApi.TrafficFilteringOptions, istio bool) (*kubernetes.MizuTapperSyncer, error) {
diff --git a/agent/pkg/routes/config_routes.go b/agent/pkg/routes/config_routes.go
index 5a8c3c94b..c13c191e0 100644
--- a/agent/pkg/routes/config_routes.go
+++ b/agent/pkg/routes/config_routes.go
@@ -3,10 +3,12 @@ package routes
 import (
 	"github.com/gin-gonic/gin"
 	"mizuserver/pkg/controllers"
+	"mizuserver/pkg/middlewares"
 )
 
 func ConfigRoutes(ginApp *gin.Engine) {
 	routeGroup := ginApp.Group("/config")
+	routeGroup.Use(middlewares.RequiresAuth())
 
 	routeGroup.POST("/tapConfig", controllers.PostTapConfig)
 	routeGroup.GET("/tapConfig", controllers.GetTapConfig)
diff --git a/cli/cmd/install.go b/cli/cmd/install.go
index dfca9bf1a..e17b1258b 100644
--- a/cli/cmd/install.go
+++ b/cli/cmd/install.go
@@ -1,7 +1,9 @@
 package cmd
 
 import (
+	"fmt"
 	"github.com/spf13/cobra"
+	"github.com/up9inc/mizu/cli/config"
 	"github.com/up9inc/mizu/cli/telemetry"
 )
 
@@ -13,6 +15,13 @@ var installCmd = &cobra.Command{
 		runMizuInstall()
 		return nil
 	},
+	PreRunE: func(cmd *cobra.Command, args []string) error {
+		if config.Config.IsNsRestrictedMode() {
+			return fmt.Errorf("install is not supported in restricted namespace mode")
+		}
+
+		return nil
+	},
 }
 
 func init() {
diff --git a/cli/cmd/installRunner.go b/cli/cmd/installRunner.go
index 9c5108bd3..7167f36b4 100644
--- a/cli/cmd/installRunner.go
+++ b/cli/cmd/installRunner.go
@@ -22,10 +22,6 @@ func runMizuInstall() {
 		return
 	}
 
-	if config.Config.IsNsRestrictedMode() {
-		logger.Log.Error("install is not supported in restricted namespace mode")
-	}
-
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel() // cancel will be called when this function exits
 
diff --git a/cli/cmd/tapRunner.go b/cli/cmd/tapRunner.go
index 5cc51556c..d23a775ea 100644
--- a/cli/cmd/tapRunner.go
+++ b/cli/cmd/tapRunner.go
@@ -125,7 +125,6 @@ func RunMizuTap() {
 
 	logger.Log.Infof("Waiting for Mizu Agent to start...")
 	if state.mizuServiceAccountExists, err = resources.CreateTapMizuResources(ctx, kubernetesProvider, serializedValidationRules, serializedContract, serializedMizuConfig, config.Config.IsNsRestrictedMode(), config.Config.MizuResourcesNamespace, config.Config.AgentImage, getSyncEntriesConfig(), config.Config.Tap.MaxEntriesDBSizeBytes(), config.Config.Tap.ApiServerResources, config.Config.ImagePullPolicy(), config.Config.LogLevel()); err != nil {
-		logger.Log.Errorf("error %v", err)
 		var statusError *k8serrors.StatusError
 		if errors.As(err, &statusError) {
 			if statusError.ErrStatus.Reason == metav1.StatusReasonAlreadyExists {
diff --git a/cli/resources/createResources.go b/cli/resources/createResources.go
index ce238a9ea..0e3b7c2dd 100644
--- a/cli/resources/createResources.go
+++ b/cli/resources/createResources.go
@@ -66,25 +66,29 @@ func CreateTapMizuResources(ctx context.Context, kubernetesProvider *kubernetes.
 }
 
 func CreateInstallMizuResources(ctx context.Context, kubernetesProvider *kubernetes.Provider, serializedValidationRules string, serializedContract string, serializedMizuConfig string, isNsRestrictedMode bool, mizuResourcesNamespace string, agentImage string, syncEntriesConfig *shared.SyncEntriesConfig, maxEntriesDBSizeBytes int64, apiServerResources shared.Resources, imagePullPolicy core.PullPolicy, logLevel logging.Level, noPersistentVolumeClaim bool) error {
-	if !isNsRestrictedMode {
-		if err := createMizuNamespace(ctx, kubernetesProvider, mizuResourcesNamespace); err != nil {
-			return err
-		}
+	if err := createMizuNamespace(ctx, kubernetesProvider, mizuResourcesNamespace); err != nil {
+		return err
 	}
+	logger.Log.Infof("namespace/%v created", mizuResourcesNamespace)
 
 	if err := createMizuConfigmap(ctx, kubernetesProvider, serializedValidationRules, serializedContract, serializedMizuConfig, mizuResourcesNamespace); err != nil {
 		return err
 	}
-	logger.Log.Infof("Created config map")
+	logger.Log.Infof("configmap/%v created", kubernetes.ConfigMapName)
 
 	_, err := createRBACIfNecessary(ctx, kubernetesProvider, isNsRestrictedMode, mizuResourcesNamespace, []string{"pods", "services", "endpoints", "namespaces"})
 	if err != nil {
 		return err
 	}
+	logger.Log.Infof("serviceaccount/%v created", kubernetes.ServiceAccountName)
+	logger.Log.Infof("clusterrole.rbac.authorization.k8s.io/%v created", kubernetes.ClusterRoleName)
+	logger.Log.Infof("clusterrolebinding.rbac.authorization.k8s.io/%v created", kubernetes.ClusterRoleBindingName)
+
 	if err := kubernetesProvider.CreateDaemonsetRBAC(ctx, mizuResourcesNamespace, kubernetes.ServiceAccountName, kubernetes.DaemonRoleName, kubernetes.DaemonRoleBindingName, mizu.RBACVersion); err != nil {
 		return err
 	}
-	logger.Log.Infof("Created RBAC")
+	logger.Log.Infof("role.rbac.authorization.k8s.io/%v created", kubernetes.DaemonRoleName)
+	logger.Log.Infof("rolebinding.rbac.authorization.k8s.io/%v created", kubernetes.DaemonRoleBindingName)
 
 	serviceAccountName := kubernetes.ServiceAccountName
 	opts := &kubernetes.ApiServerOptions{
@@ -103,13 +107,13 @@ func CreateInstallMizuResources(ctx context.Context, kubernetesProvider *kuberne
 	if err := createMizuApiServerDeployment(ctx, kubernetesProvider, opts, noPersistentVolumeClaim); err != nil {
 		return err
 	}
-	logger.Log.Infof("Created Api Server deployment")
+	logger.Log.Infof("deployment.apps/%v created", kubernetes.ApiServerPodName)
 
 	_, err = kubernetesProvider.CreateService(ctx, mizuResourcesNamespace, kubernetes.ApiServerPodName, kubernetes.ApiServerPodName)
 	if err != nil {
 		return err
 	}
-	logger.Log.Infof("Created Api Server service")
+	logger.Log.Infof("service/%v created",  kubernetes.ApiServerPodName)
 
 	return nil
 }
diff --git a/shared/kubernetes/consts.go b/shared/kubernetes/consts.go
index de84d5714..449bb5c6d 100644
--- a/shared/kubernetes/consts.go
+++ b/shared/kubernetes/consts.go
@@ -4,9 +4,9 @@ const (
 	MizuResourcesPrefix        = "mizu-"
 	ApiServerPodName           = MizuResourcesPrefix + "api-server"
 	ClusterRoleBindingName     = MizuResourcesPrefix + "cluster-role-binding"
-	DaemonRoleBindingName      = MizuResourcesPrefix + "cluster-role-binding-daemon"
+	DaemonRoleBindingName      = MizuResourcesPrefix + "role-binding-daemon"
 	ClusterRoleName            = MizuResourcesPrefix + "cluster-role"
-	DaemonRoleName             = MizuResourcesPrefix + "cluster-role-daemon"
+	DaemonRoleName             = MizuResourcesPrefix + "role-daemon"
 	K8sAllNamespaces           = ""
 	RoleBindingName            = MizuResourcesPrefix + "role-binding"
 	RoleName                   = MizuResourcesPrefix + "role"