Latest accounting api (#165)

metal-stack · Mar 29, 2021 · 4c91d7e · 4c91d7e
1 parent 9c00b72
commit 4c91d7e
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 9 deletions.
diff --git a/charts/internal/control-plane/templates/accounting-exporter.yaml b/charts/internal/control-plane/templates/accounting-exporter.yaml
@@ -79,6 +79,8 @@ spec:
           value: {{ .Values.accountingExporter.enrichments.tenant }}
         - name: KUBE_COUNTER_PROJECT_ID
           value: {{ .Values.accountingExporter.enrichments.projectID }}
+        - name: KUBE_COUNTER_PROJECT_NAME
+          value: {{ .Values.accountingExporter.enrichments.projectName }}
         - name: KUBE_COUNTER_CLUSTER_ID
           value: {{ .Values.accountingExporter.enrichments.clusterID }}
         - name: KUBE_COUNTER_CLUSTER_NAME

diff --git a/charts/internal/control-plane/values.yaml b/charts/internal/control-plane/values.yaml
@@ -42,7 +42,7 @@ authnWebhook:
 
   enabled: false
   port: 443
-  debug: true
+  debug: false
   tenant: some-tenant
   providerTenant: provider-tenant
   clusterName: cluster-name
@@ -57,6 +57,7 @@ accountingExporter:
   enabled: false
   enrichments:
     projectID: project-id
+    projectName: project-name
     partitionID: partition-id
     tenant: some-tenant
     clusterID: cluster-id

diff --git a/charts/internal/shoot-control-plane/templates/rbac-accounting-controller.yaml b/charts/internal/shoot-control-plane/templates/rbac-accounting-controller.yaml
@@ -8,6 +8,7 @@ rules:
 - apiGroups:
   - ""
   resources:
+  - namespaces
   - pods
   - persistentvolumes
   - persistentvolumeclaims

diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go
@@ -493,6 +493,11 @@ func (vp *valuesProvider) GetControlPlaneChartValues(
 		return nil, err
 	}
 
+	p, err := mclient.ProjectGet(infrastructureConfig.ProjectID)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not retrieve project from metal-api")
+	}
+
 	chartValues, err := getCCMChartValues(cpConfig, infrastructureConfig, infrastructure, cp, cluster, checksums, scaledDown, mclient, metalControlPlane, nws)
 	if err != nil {
 		return nil, err
@@ -505,12 +510,12 @@ func (vp *valuesProvider) GetControlPlaneChartValues(
 		hmacAuthType: "", // currently default is used
 		apiToken:     metalCredentials.MetalAPIKey,
 	}
-	authValues, err := getAuthNGroupRoleChartValues(cpConfig, cluster, vp.controllerConfig.Auth, ma)
+	authValues, err := getAuthNGroupRoleChartValues(cpConfig, cluster, vp.controllerConfig.Auth, p.Project, ma)
 	if err != nil {
 		return nil, err
 	}
 
-	accValues, err := getAccountingExporterChartValues(ctx, vp.client, vp.controllerConfig.AccountingExporter, cluster, infrastructureConfig, mclient)
+	accValues, err := getAccountingExporterChartValues(ctx, vp.client, vp.controllerConfig.AccountingExporter, cluster, infrastructureConfig, p.Project)
 	if err != nil {
 		return nil, err
 	}
@@ -1084,18 +1089,17 @@ type metalAccess struct {
 }
 
 // returns values for "authn-webhook" and "group-rolebinding-controller" that are thematically related
-func getAuthNGroupRoleChartValues(cpConfig *apismetal.ControlPlaneConfig, cluster *extensionscontroller.Cluster, config config.Auth, metalAccess metalAccess) (map[string]interface{}, error) {
+func getAuthNGroupRoleChartValues(cpConfig *apismetal.ControlPlaneConfig, cluster *extensionscontroller.Cluster, config config.Auth, p *models.V1ProjectResponse, metalAccess metalAccess) (map[string]interface{}, error) {
 
 	annotations := cluster.Shoot.GetAnnotations()
 	clusterName := annotations[tag.ClusterName]
-	tenant := annotations[tag.ClusterTenant]
 
 	ti := cpConfig.IAMConfig.IssuerConfig
 
 	values := map[string]interface{}{
 		"authnWebhook": map[string]interface{}{
 			"enabled":        config.Enabled,
-			"tenant":         tenant,
+			"tenant":         p.TenantID,
 			"providerTenant": config.ProviderTenant,
 			"clusterName":    clusterName,
 			"oidc": map[string]interface{}{
@@ -1119,13 +1123,12 @@ func getAuthNGroupRoleChartValues(cpConfig *apismetal.ControlPlaneConfig, cluste
 	return values, nil
 }
 
-func getAccountingExporterChartValues(ctx context.Context, client client.Client, accountingConfig config.AccountingExporterConfiguration, cluster *extensionscontroller.Cluster, infrastructure *apismetal.InfrastructureConfig, mclient *metalgo.Driver) (map[string]interface{}, error) {
+func getAccountingExporterChartValues(ctx context.Context, client client.Client, accountingConfig config.AccountingExporterConfiguration, cluster *extensionscontroller.Cluster, infrastructure *apismetal.InfrastructureConfig, p *models.V1ProjectResponse) (map[string]interface{}, error) {
 	annotations := cluster.Shoot.GetAnnotations()
 	partitionID := infrastructure.PartitionID
 	projectID := infrastructure.ProjectID
 	clusterID := cluster.Shoot.ObjectMeta.UID
 	clusterName := annotations[tag.ClusterName]
-	tenant := annotations[tag.ClusterTenant]
 
 	if accountingConfig.Enabled {
 		cp := &firewallv1.ClusterwideNetworkPolicy{
@@ -1171,8 +1174,9 @@ func getAccountingExporterChartValues(ctx context.Context, client client.Client,
 			},
 			"enrichments": map[string]interface{}{
 				"partitionID": partitionID,
-				"tenant":      tenant,
+				"tenant":      p.TenantID,
 				"projectID":   projectID,
+				"projectName": p.Name,
 				"clusterName": clusterName,
 				"clusterID":   clusterID,
 			},