github.com/argoproj/argo-cd/v2@v2.10.5/util/settings/resources_filter.go (about)

     1  package settings
     2  
     3  // The core exclusion list are K8s resources that we assume will never be managed by operators,
     4  // and are never child objects of managed resources that need to be presented in the resource tree.
     5  // This list contains high volume and  high churn metadata objects which we exclude for performance
     6  // reasons, reducing connections and load to the K8s API servers of managed clusters.
     7  var coreExcludedResources = []FilteredResource{
     8  	{APIGroups: []string{"events.k8s.io", "metrics.k8s.io"}},
     9  	{APIGroups: []string{""}, Kinds: []string{"Event"}},
    10  	{APIGroups: []string{"coordination.k8s.io"}, Kinds: []string{"Lease"}},
    11  }
    12  
    13  type ResourcesFilter struct {
    14  	// ResourceExclusions holds the api groups, kinds per cluster to exclude from Argo CD's watch
    15  	ResourceExclusions []FilteredResource
    16  	// ResourceInclusions holds the only api groups, kinds per cluster that Argo CD will watch
    17  	ResourceInclusions []FilteredResource
    18  }
    19  
    20  func (rf *ResourcesFilter) getExcludedResources() []FilteredResource {
    21  	return append(coreExcludedResources, rf.ResourceExclusions...)
    22  }
    23  
    24  func (rf *ResourcesFilter) checkResourcePresence(apiGroup, kind, cluster string, filteredResources []FilteredResource) bool {
    25  
    26  	for _, includedResource := range filteredResources {
    27  		if includedResource.Match(apiGroup, kind, cluster) {
    28  			return true
    29  		}
    30  	}
    31  
    32  	return false
    33  }
    34  
    35  func (rf *ResourcesFilter) isIncludedResource(apiGroup, kind, cluster string) bool {
    36  	return rf.checkResourcePresence(apiGroup, kind, cluster, rf.ResourceInclusions)
    37  }
    38  
    39  func (rf *ResourcesFilter) isExcludedResource(apiGroup, kind, cluster string) bool {
    40  	return rf.checkResourcePresence(apiGroup, kind, cluster, rf.getExcludedResources())
    41  }
    42  
    43  // Behavior of this function is as follows:
    44  // +-------------+-------------+-------------+
    45  // |  Inclusions |  Exclusions |    Result   |
    46  // +-------------+-------------+-------------+
    47  // |    Empty    |    Empty    |   Allowed   |
    48  // +-------------+-------------+-------------+
    49  // |   Present   |    Empty    |   Allowed   |
    50  // +-------------+-------------+-------------+
    51  // | Not Present |    Empty    | Not Allowed |
    52  // +-------------+-------------+-------------+
    53  // |    Empty    |   Present   | Not Allowed |
    54  // +-------------+-------------+-------------+
    55  // |    Empty    | Not Present |   Allowed   |
    56  // +-------------+-------------+-------------+
    57  // |   Present   | Not Present |   Allowed   |
    58  // +-------------+-------------+-------------+
    59  // | Not Present |   Present   | Not Allowed |
    60  // +-------------+-------------+-------------+
    61  // | Not Present | Not Present | Not Allowed |
    62  // +-------------+-------------+-------------+
    63  // |   Present   |   Present   | Not Allowed |
    64  // +-------------+-------------+-------------+
    65  func (rf *ResourcesFilter) IsExcludedResource(apiGroup, kind, cluster string) bool {
    66  	// if excluded, do not allow
    67  	if rf.isExcludedResource(apiGroup, kind, cluster) {
    68  		return true
    69  	}
    70  
    71  	// if included, do allow
    72  	if rf.isIncludedResource(apiGroup, kind, cluster) {
    73  		return false
    74  	}
    75  
    76  	// if inclusion rules defined for cluster, default is not allow
    77  	for _, includedResource := range rf.ResourceInclusions {
    78  		if includedResource.MatchCluster(cluster) {
    79  			return true
    80  		}
    81  	}
    82  
    83  	// if no inclusion rules defined for cluster, default is allow
    84  	return false
    85  }