github.com/argoproj/argo-cd/v3@v3.2.1/util/settings/resources_filter.go (about)

     1  package settings
     2  
     3  // The core exclusion list are K8s resources that we assume will never be managed by operators,
     4  // and are never child objects of managed resources that need to be presented in the resource tree.
     5  // This list contains high volume and  high churn metadata objects which we exclude for performance
     6  // reasons, reducing connections and load to the K8s API servers of managed clusters.
     7  var coreExcludedResources = []FilteredResource{
     8  	{APIGroups: []string{"events.k8s.io", "metrics.k8s.io"}},
     9  	{APIGroups: []string{""}, Kinds: []string{"Event"}},
    10  	{APIGroups: []string{"coordination.k8s.io"}, Kinds: []string{"Lease"}},
    11  }
    12  
    13  type ResourcesFilter struct {
    14  	// ResourceExclusions holds the api groups, kinds per cluster to exclude from Argo CD's watch
    15  	ResourceExclusions []FilteredResource
    16  	// ResourceInclusions holds the only api groups, kinds per cluster that Argo CD will watch
    17  	ResourceInclusions []FilteredResource
    18  }
    19  
    20  func (rf *ResourcesFilter) getExcludedResources() []FilteredResource {
    21  	return append(coreExcludedResources, rf.ResourceExclusions...)
    22  }
    23  
    24  func (rf *ResourcesFilter) checkResourcePresence(apiGroup, kind, cluster string, filteredResources []FilteredResource) bool {
    25  	for _, includedResource := range filteredResources {
    26  		if includedResource.Match(apiGroup, kind, cluster) {
    27  			return true
    28  		}
    29  	}
    30  
    31  	return false
    32  }
    33  
    34  func (rf *ResourcesFilter) isIncludedResource(apiGroup, kind, cluster string) bool {
    35  	return rf.checkResourcePresence(apiGroup, kind, cluster, rf.ResourceInclusions)
    36  }
    37  
    38  func (rf *ResourcesFilter) isExcludedResource(apiGroup, kind, cluster string) bool {
    39  	return rf.checkResourcePresence(apiGroup, kind, cluster, rf.getExcludedResources())
    40  }
    41  
    42  // Behavior of this function is as follows:
    43  // +-------------+-------------+-------------+
    44  // |  Inclusions |  Exclusions |    Result   |
    45  // +-------------+-------------+-------------+
    46  // |    Empty    |    Empty    |   Allowed   |
    47  // +-------------+-------------+-------------+
    48  // |   Present   |    Empty    |   Allowed   |
    49  // +-------------+-------------+-------------+
    50  // | Not Present |    Empty    | Not Allowed |
    51  // +-------------+-------------+-------------+
    52  // |    Empty    |   Present   | Not Allowed |
    53  // +-------------+-------------+-------------+
    54  // |    Empty    | Not Present |   Allowed   |
    55  // +-------------+-------------+-------------+
    56  // |   Present   | Not Present |   Allowed   |
    57  // +-------------+-------------+-------------+
    58  // | Not Present |   Present   | Not Allowed |
    59  // +-------------+-------------+-------------+
    60  // | Not Present | Not Present | Not Allowed |
    61  // +-------------+-------------+-------------+
    62  // |   Present   |   Present   | Not Allowed |
    63  // +-------------+-------------+-------------+
    64  func (rf *ResourcesFilter) IsExcludedResource(apiGroup, kind, cluster string) bool {
    65  	// if excluded, do not allow
    66  	if rf.isExcludedResource(apiGroup, kind, cluster) {
    67  		return true
    68  	}
    69  
    70  	// if included, do allow
    71  	if rf.isIncludedResource(apiGroup, kind, cluster) {
    72  		return false
    73  	}
    74  
    75  	// if inclusion rules defined for cluster, default is not allow
    76  	for _, includedResource := range rf.ResourceInclusions {
    77  		if includedResource.MatchCluster(cluster) {
    78  			return true
    79  		}
    80  	}
    81  
    82  	// if no inclusion rules defined for cluster, default is allow
    83  	return false
    84  }