Conversation
Co-authored-by: Vegar Sechmann Molvig <vegar.sechmann.molvig@nav.no> Co-authored-by: Roger Bjørnstad <roger.bjornstad@nav.no>
Co-authored-by: Vegar Sechmann Molvig <vegar.sechmann.molvig@nav.no> Co-authored-by: Roger Bjørnstad <roger.bjornstad@nav.no>
Copilot here. Found your bug. The dynamic client was getting typed objects when it clearly wanted unstructured ones. Classic type mismatch. You're welcome.
There was a problem hiding this comment.
Pull request overview
This pull request adds support for Postgres cluster audit logging alongside existing Cloud SQL audit logging. It introduces a fake Kubernetes client for testing with JSON Patch support, updates dependencies including Go version and various libraries, and refactors the audit reconciler to accept Kubernetes clients as a dependency for improved testability.
Changes:
- Added fake Kubernetes dynamic client with JSON Patch support for more realistic testing scenarios
- Extended audit log reconciler to detect and create log sinks for Postgres clusters with pgaudit enabled
- Updated Go to version 1.25.6 and refreshed numerous dependencies to newer versions
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| mise.toml | Updates Go version to 1.25.6 |
| go.mod | Updates Go directive and adds new dependencies (json-patch, pgrator) |
| go.sum | Updates checksums for all dependency changes |
| internal/kubernetes/clients.go | Adds FakeClients function for test client creation |
| internal/kubernetes/fake/fake.go | Implements custom fake dynamic client with JSON Patch reactor |
| internal/kubernetes/fake/scheme.go | Creates scheme with pgrator API types registered |
| internal/reconcilers/google/audit/reconciler.go | Adds k8sClients parameter and postgres audit config |
| internal/reconcilers/google/audit/postgres.go | Implements Postgres cluster audit detection logic |
| internal/reconcilers/google/audit/sql.go | Refactors SQL instance checking and adds placeholder Postgres filter function |
| internal/reconcilers/google/audit/sinks.go | Adds createOrUpdatePostgresLogSinkIfNeeded function |
| internal/reconcilers/google/audit/naming.go | Adds GeneratePostgresLogSinkName function |
| internal/reconcilers/google/audit/log_buckets.go | Adds getPostgresAuditEnabled configuration retrieval |
| internal/reconcilers/google/audit/reconciler_test.go | Updates tests to use new k8sClients parameter |
| internal/cmd/reconciler/main.go | Passes k8sClients to audit reconciler constructor |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
…ter comment Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 14 changed files in this pull request and generated 3 comments.
Comments suppressed due to low confidence (1)
internal/reconcilers/google/audit/reconciler.go:256
- The debug log message is misleading. It says "skipping environment without SQL instances with pgaudit enabled" but now this condition also covers Postgres clusters with audit enabled. The message should be updated to reflect both possibilities, such as "skipping environment without SQL instances or Postgres clusters with audit enabled".
// Skip if no SQL instances with pgaudit enabled
if !sqlInstancesHasAudit && !postgresHasAudit {
log.WithFields(logrus.Fields{
"team": naisTeam.Slug,
"environment": env.EnvironmentName,
}).Debug("skipping environment without SQL instances with pgaudit enabled")
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…gFilter Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 12 out of 13 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@copilot open a new pull request to apply changes based on the comments in this thread |
|
@rbjornstad I've opened a new pull request, #45, to work on those changes. Once the pull request is ready, I'll request review from you. |
* Initial plan * Add test coverage for Postgres audit functionality - Updated FakeClients to accept environment name parameter - Updated all existing test calls to FakeClients with environment parameter - Added TestGeneratePostgresLogSinkName with coverage for simple names, names with hyphens, and long names requiring truncation - Added TestPostgresAuditEnabled with three test cases: * Verifies no sink created when Postgres cluster has audit disabled * Verifies no error when k8s clients unavailable * Verifies sink creation attempted when Postgres cluster has audit enabled Co-authored-by: rbjornstad <2776430+rbjornstad@users.noreply.github.com> * Fix test validation logic in TestGeneratePostgresLogSinkName Replace incorrect check for hyphens with proper validation that the truncated name differs from the natural name when it exceeds length limit. Co-authored-by: rbjornstad <2776430+rbjornstad@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: rbjornstad <2776430+rbjornstad@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 12 out of 13 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| unrelatedPostgres := unstructured.Unstructured{} | ||
| unrelatedPostgres.SetUnstructuredContent(map[string]interface{}{ | ||
| "apiVersion": "data.nais.io/v1", | ||
| "kind": "Postgres", |
There was a problem hiding this comment.
This test creates an unrelated Postgres object without setting proper metadata fields like namespace and name. While the test might pass, it's creating an incomplete object. Consider either:
- Setting proper metadata (namespace and name) for consistency, or
- Adding a comment explaining why this incomplete object is acceptable for the test case.
Looking at other tests in the file (e.g., lines 1042-1059), Postgres objects typically include TypeMeta, ObjectMeta with name and namespace, and a Spec. This incomplete object deviates from that pattern without clear justification.
| "kind": "Postgres", | |
| "kind": "Postgres", | |
| "metadata": map[string]interface{}{ | |
| "name": "unrelated-postgres", | |
| "namespace": environment, | |
| }, | |
| "spec": map[string]interface{}{}, |
This pull request introduces support for improved Kubernetes testing and auditing by adding a custom fake dynamic client, updating dependencies, and refactoring the audit log reconciler to use injectable Kubernetes clients. The changes enhance testability, enable JSON Patch support in tests, and update the project to use newer library versions.
Testing and Kubernetes client improvements:
FakeClientsfunction and afakepackage, including a custom dynamic client with JSON Patch support, for more robust and realistic Kubernetes testing (internal/kubernetes/clients.go,internal/kubernetes/fake/fake.go,internal/kubernetes/fake/scheme.go). [1] [2] [3] [4]K8sClientsas a dependency, improving testability and flexibility (internal/reconcilers/google/audit/reconciler.go,internal/cmd/reconciler/main.go). [1] [2] [3] [4] [5]Audit log reconciliation enhancements:
internal/reconcilers/google/audit/postgres.go).Dependency updates:
go.mod, including Kubernetes, OpenAPI, and various utility libraries. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]These changes collectively improve the reliability and maintainability of testing and auditing features in the codebase.