Fall back to fetch resources individually when bulk fetching fails

Cornelius Weig · Cornelius Weig · commit 28af3001627b · 2019-02-21T21:30:48.000+01:00
diff --git a/go.mod b/go.mod
@@ -6,6 +6,8 @@ require (
 	github.com/evanphx/json-patch v4.1.0+incompatible // indirect
 	github.com/gogo/protobuf v1.2.0 // indirect
 	github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c // indirect
+	github.com/google/go-github v17.0.0+incompatible
+	github.com/google/go-querystring v1.0.0 // indirect
 	github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf // indirect
 	github.com/googleapis/gnostic v0.2.0 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc // indirect
@@ -20,11 +22,11 @@ require (
 	github.com/spf13/cobra v0.0.3
 	github.com/spf13/viper v1.3.1
 	github.com/stretchr/testify v1.2.2
-	golang.org/x/net v0.0.0-20190213061140-3a22650c66bd // indirect
-        golang.org/x/oauth2 v0.0.0-20190212230446-3e8b2be13635
+	golang.org/x/oauth2 v0.0.0-20190212230446-3e8b2be13635
 	golang.org/x/time v0.0.0-20181108054448-85acf8d2951c // indirect
+	golang.org/x/tools v0.0.0-20190221180947-9c8c5aeafa05 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-        k8s.io/api v0.0.0-20181121191454-a61488babbd6
+	k8s.io/api v0.0.0-20181121191454-a61488babbd6
 	k8s.io/apimachinery v0.0.0-20190211022232-e355a776c090
 	k8s.io/cli-runtime v0.0.0-20190202014047-491c94071cfa
 	k8s.io/client-go v10.0.0+incompatible
diff --git a/go.sum b/go.sum
@@ -19,6 +19,10 @@ github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck=
 github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/googleapis/gnostic v0.2.0 h1:l6N3VoaVzTncYYW+9yOz2LJJammFZGBO13sqgEhpy9g=
@@ -79,6 +83,7 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd h1:HuTn7WObtcDo9uEEU7rEqL0jY
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/oauth2 v0.0.0-20190212230446-3e8b2be13635 h1:dOJmQysgY8iOBECuNp0vlKHWEtfiTnyjisEizRV3/4o=
 golang.org/x/oauth2 v0.0.0-20190212230446-3e8b2be13635/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -88,6 +93,8 @@ golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c h1:fqgJT0MGcGpPgpWU7VRdRjuArfcOvC4AoJmILihzhDg=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20190221180947-9c8c5aeafa05 h1:MM2xcv2CSTP6dY4aMDyU7S9F99BKMwzVAA/l5bF39J8=
+golang.org/x/tools v0.0.0-20190221180947-9c8c5aeafa05/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -22,15 +22,16 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
+	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	"k8s.io/cli-runtime/pkg/genericclioptions/resource"
-	authv1 "k8s.io/client-go/kubernetes/typed/authorization/v1"
 	"sort"
 	"strings"
+	"sync"
 )
 
 // groupResource contains the APIGroup and APIResource
@@ -39,53 +40,26 @@ type groupResource struct {
 	APIResource metav1.APIResource
 }
 
-// TODO rework client, so that it does not fail without cluster admin rights
 func GetAllServerResources(flags *genericclioptions.ConfigFlags) (runtime.Object, error) {
 	useCache := viper.GetBool(constants.FlagUseCache)
 	scope := viper.GetString(constants.FlagScope)
 
-	grs, err := FetchAvailableGroupResources(useCache, scope, flags)
+	grs, err := fetchAvailableGroupResources(useCache, scope, flags)
 	if err != nil {
 		return nil, errors.Wrap(err, "fetch available group resources")
 	}
 
-	resources := extractRelevantResourceNames(grs, viper.GetStringSlice(constants.FlagExclude))
+	resources := extractRelevantResources(grs, viper.GetStringSlice(constants.FlagExclude))
 
-	restConfig, _ := flags.ToRESTConfig()
-	authClient, _ := authv1.NewForConfig(restConfig)
-	allowed, err := CheckResourceAccessPar(authClient, resources)
-	if err != nil {
-		return nil, errors.Wrap(err, "check resource access")
+	response, err := fetchResourcesBulk(flags, resources...)
+	if err == nil {
+		return response, nil
 	}
 
-	allowedResourceTypes := ToResourceTypes(allowed)
-	logrus.Debugf("Resources to fetch: %s", allowedResourceTypes)
-
-	request := resource.NewBuilder(flags).
-		Unstructured().
-		SelectAllParam(true).
-		ResourceTypes(allowedResourceTypes...).
-		Latest()
-
-	if ns := viper.GetString(constants.FlagNamespace); ns != "" {
-		logrus.Debugf("Restricting to namespace %s", ns)
-		request.NamespaceParam(ns)
-	} else {
-		request.AllNamespaces(true)
-	}
-
-	response := request.Do()
-
-	if infos, err := response.Infos(); err != nil {
-		return nil, errors.Wrap(err, "request resources")
-	} else if len(infos) == 0 {
-		return nil, fmt.Errorf("No resources found")
-	}
-
-	return response.Object()
+	return fetchResourcesIncremental(flags, resources...)
 }
 
-func FetchAvailableGroupResources(cache bool, scope string, flags *genericclioptions.ConfigFlags) ([]groupResource, error) {
+func fetchAvailableGroupResources(cache bool, scope string, flags *genericclioptions.ConfigFlags) ([]groupResource, error) {
 	client, err := flags.ToDiscoveryClient()
 	if err != nil {
 		return nil, errors.Wrap(err, "discovery client")
@@ -105,7 +79,7 @@ func FetchAvailableGroupResources(cache bool, scope string, flags *genericcliopt
 		return nil, errors.Wrap(err, "get preferred resources")
 	}
 
-	grs := []groupResource{}
+	var grs []groupResource
 	for _, list := range resources {
 		if len(list.APIResources) == 0 {
 			continue
@@ -138,11 +112,11 @@ func FetchAvailableGroupResources(cache bool, scope string, flags *genericcliopt
 	return grs, nil
 }
 
-func extractRelevantResourceNames(grs []groupResource, exclusions []string) []groupResource {
+func extractRelevantResources(grs []groupResource, exclusions []string) []groupResource {
 	sort.Stable(sortableGroupResource(grs))
 	forbidden := sets.NewString(exclusions...)
 
-	result := []groupResource{}
+	var result []groupResource
 	for _, r := range grs {
 		name := r.fullName()
 		resourceIds := r.APIResource.ShortNames
@@ -157,6 +131,71 @@ func extractRelevantResourceNames(grs []groupResource, exclusions []string) []gr
 	return result
 }
 
+// Fetches all objects in bulk. This is much faster than incrementally but may fail due to missing rights
+func fetchResourcesBulk(flags *genericclioptions.ConfigFlags, resourceTypes ...groupResource) (runtime.Object, error) {
+	resourceNames := ToResourceTypes(resourceTypes)
+	logrus.Debugf("Resources to fetch: %s", resourceNames)
+
+	request := resource.NewBuilder(flags).
+		Unstructured().
+		SelectAllParam(true).
+		ResourceTypes(resourceNames...).
+		Latest()
+	if ns := viper.GetString(constants.FlagNamespace); ns != "" {
+		request.NamespaceParam(ns)
+	} else {
+		request.AllNamespaces(true)
+	}
+
+	return request.Do().Object()
+}
+
+// Fetches all objects of the given resources one-by-one. This can be used as a fallback when fetchResourcesBulk fails.
+func fetchResourcesIncremental(flags *genericclioptions.ConfigFlags, rs ...groupResource) (runtime.Object, error) {
+	logrus.Debug("Fetch resources incrementally")
+	group := sync.WaitGroup{}
+
+	objsChan := make(chan runtime.Object)
+	for _, r := range rs {
+		r := r
+		group.Add(1)
+		go func(sendObj chan<- runtime.Object) {
+			defer group.Done()
+			if o, e := fetchResourcesBulk(flags, r); e != nil {
+				logrus.Warnf("Cannot fetch: %s", e)
+			} else {
+				sendObj <- o
+			}
+		}(objsChan)
+	}
+
+	var objs []runtime.Object
+	go func(recvObj <-chan runtime.Object) {
+		for o := range recvObj {
+			objs = append(objs, o)
+		}
+	}(objsChan)
+
+	logrus.Debug("Wait for resource requests")
+	group.Wait()
+	logrus.Debug("Resource requests all done")
+	close(objsChan)
+
+	if len(objs) == 0 {
+		return nil, fmt.Errorf("Not authorized to list any resources. Try to narrow the scope with --namespace.")
+	}
+
+	return toV1List(objs), nil
+}
+
+func toV1List(objects []runtime.Object) runtime.Object {
+	var raw []runtime.RawExtension
+	for _, o := range objects {
+		raw = append(raw, runtime.RawExtension{Object: o})
+	}
+	return &v1.List{Items: raw}
+}
+
 func getResourceScope(scope string) (skipCluster, skipNamespace bool, err error) {
 	switch scope {
 	case "":
@@ -174,6 +213,7 @@ func getResourceScope(scope string) (skipCluster, skipNamespace bool, err error)
 	return
 }
 
+// Extracts the full name including APIGroup, e.g. 'deployment.apps'
 func (g groupResource) fullName() string {
 	if g.APIGroup == "" {
 		return g.APIResource.Name
@@ -184,7 +224,7 @@ func (g groupResource) fullName() string {
 type sortableGroupResource []groupResource
 
 func ToResourceTypes(in []groupResource) []string {
-	result := []string{}
+	var result []string
 	for _, r := range in {
 		result = append(result, r.fullName())
 	}
diff --git a/pkg/client/client_test.go b/pkg/client/client_test.go
@@ -74,8 +74,8 @@ func TestExtractRelevantResourceNames(t *testing.T) {
 				})
 			}
 
-			names := extractRelevantResourceNames(grs, test.exclude)
-			assert.Equal(t, test.expected, names)
+			names := extractRelevantResources(grs, test.exclude)
+			assert.Equal(t, test.expected, ToResourceTypes(names))
 		})
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -74,8 +74,8 @@ func TestExtractRelevantResourceNames(t *testing.T) {`
`74`	`74`	`})`
`75`	`75`	`}`
`76`	`76`
`77`		`- names := extractRelevantResourceNames(grs, test.exclude)`
`78`		`- assert.Equal(t, test.expected, names)`
	`77`	`+ names := extractRelevantResources(grs, test.exclude)`
	`78`	`+ assert.Equal(t, test.expected, ToResourceTypes(names))`
`79`	`79`	`})`
`80`	`80`	`}`
`81`	`81`	`}`