[ws-manager-mk2] Scrub status fields, add vscode launch.json (#18595)

* [ws-manager-mk2] Scrub status fields, add vscode launch.json

* Fix scrubber panic on unexported pointer

Author: WVerlaek

components/scrubber/scrubber.go

@@ -32,7 +32,7 @@ Example:
 		Example
 	}
 
-	func (TrustedExample) isTrustedValue() {}
+	func (TrustedExample) IsTrustedValue() {}
 
 	func scrubExample(e *Example) *TrustedExample {
 		return &TrustedExample{
@@ -249,6 +249,9 @@ var (
 
 // Pointer implements reflectwalk.PointerValueWalker
 func (s *structScrubber) Pointer(val reflect.Value) error {
+	if !val.CanInterface() {
+		return nil
+	}
 	value := val.Interface()
 	if _, ok := value.(TrustedValue); ok {
 		return reflectwalk.SkipEntry

components/scrubber/scrubber_test.go

@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
 )
 
 func TestValue(t *testing.T) {
@@ -67,6 +68,11 @@ type TrustedStructToTest struct {
 	StructToTest
 }
 
+type UnexportedStructToTest struct {
+	Exported      string
+	unexportedPtr *string
+}
+
 func (TrustedStructToTest) IsTrustedValue() {}
 
 func scrubStructToTestAsTrustedValue(v *StructToTest) TrustedValue {
@@ -92,6 +98,7 @@ func TestStruct(t *testing.T) {
 		Name        string
 		Struct      any
 		Expectation Expectation
+		CmpOpts     []cmp.Option
 	}{
 		{
 			Name: "basic happy path",
@@ -193,6 +200,20 @@ func TestStruct(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name: "contains unexported pointers",
+			Struct: UnexportedStructToTest{
+				Exported:      "foo",
+				unexportedPtr: nil,
+			},
+			Expectation: Expectation{
+				Result: UnexportedStructToTest{
+					Exported:      "foo",
+					unexportedPtr: nil,
+				},
+			},
+			CmpOpts: []cmp.Option{cmpopts.IgnoreUnexported(UnexportedStructToTest{})},
+		},
 	}
 
 	for _, test := range tests {
@@ -206,7 +227,7 @@ func TestStruct(t *testing.T) {
 				act.Result = test.Struct
 			}
 
-			if diff := cmp.Diff(test.Expectation, act); diff != "" {
+			if diff := cmp.Diff(test.Expectation, act, test.CmpOpts...); diff != "" {
 				t.Errorf("Struct() mismatch (-want +got):\n%s", diff)
 			}
 		})

components/ws-manager-api/go/crd/v1/workspace_types.go

@@ -154,7 +154,7 @@ type PortSpec struct {
 type WorkspaceStatus struct {
 	PodStarts  int    `json:"podStarts"`
 	URL        string `json:"url,omitempty"`
-	OwnerToken string `json:"ownerToken,omitempty"`
+	OwnerToken string `json:"ownerToken,omitempty" scrub:"redact"`
 
 	// +kubebuilder:default=Unknown
 	Phase WorkspacePhase `json:"phase,omitempty"`

components/ws-manager-mk2/.vscode/launch.json

@@ -0,0 +1,13 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Launch Package",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceRoot}/main.go",
+            "args": ["--config", "example-config.json"]
+        }
+    ]
+}

components/ws-manager-mk2/controllers/workspace_controller.go

@@ -28,6 +28,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	wsk8s "github.com/gitpod-io/gitpod/common-go/kubernetes"
+	"github.com/gitpod-io/gitpod/components/scrubber"
 	"github.com/gitpod-io/gitpod/ws-manager-mk2/pkg/maintenance"
 	config "github.com/gitpod-io/gitpod/ws-manager/api/config"
 	workspacev1 "github.com/gitpod-io/gitpod/ws-manager/api/crd/v1"
@@ -133,11 +134,18 @@ func (r *WorkspaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 	r.updateMetrics(ctx, &workspace)
 	r.emitPhaseEvents(ctx, &workspace, oldStatus)
 
-	var podStatus *corev1.PodStatus
+	var scrubbedPodStatus *corev1.PodStatus
 	if len(workspacePods.Items) > 0 {
-		podStatus = &workspacePods.Items[0].Status
+		scrubbedPodStatus = workspacePods.Items[0].Status.DeepCopy()
+		if err = scrubber.Default.Struct(scrubbedPodStatus); err != nil {
+			log.Error(err, "failed to scrub pod status")
+		}
+	}
+	scrubbedStatus := workspace.Status.DeepCopy()
+	if err = scrubber.Default.Struct(scrubbedStatus); err != nil {
+		log.Error(err, "failed to scrub workspace status")
 	}
-	log.Info("updating workspace status", "status", workspace.Status, "podStatus", podStatus)
+	log.Info("updating workspace status", "status", scrubbedStatus, "podStatus", scrubbedPodStatus)
 	err = r.Status().Update(ctx, &workspace)
 	if err != nil {
 		return errorResultLogConflict(log, fmt.Errorf("failed to update workspace status: %w", err))

components/ws-manager-mk2/example-config.json

@@ -2,22 +2,8 @@
   "manager": {
     "namespace": "staging-cw-io-limit-hack",
     "schedulerName": "",
+    "secretsNamespace": "workspace-secrets",
     "seccompProfile": "localhost/workspace_default_cw-ws-manager-mk2.1.json",
-    "container": {
-      "workspace": {
-        "image": "OVERWRITTEN-IN-REQUEST",
-        "requests": {
-          "cpu": "1",
-          "memory": "2Gi",
-          "ephemeral-storage": ""
-        },
-        "limits": {
-          "cpu": "",
-          "memory": "",
-          "ephemeral-storage": ""
-        }
-      }
-    },
     "timeouts": {
       "startup": "1h0m0s",
       "initialization": "30m0s",
@@ -32,7 +18,6 @@
     "initProbe": {
       "timeout": "1s"
     },
-    "podTemplate": {},
     "urlTemplate": "https://{{ .Prefix }}.ws.foo.com",
     "portUrlTemplate": "https://{{ .WorkspacePort }}-{{ .Prefix }}.ws.foo.com",
     "workspaceHostPath": "/var/gitpod/workspaces",
@@ -57,22 +42,15 @@
       "gcloud": {
         "credentialsFile": "",
         "region": "",
-        "projectId": "",
-        "parallelUpload": 0,
-        "maximumBackupCount": 0
+        "projectId": ""
       },
       "minio": {
         "endpoint": "minio.default.svc.cluster.local:9000",
         "accessKey": "6BYlUKCJraAbBy5U35A4",
         "accessKeyFile": "",
         "secretKey": "ClclNAidlUwP2ESwEsXt",
         "secretKeyFile": "",
-        "region": "local",
-        "parallelUpload": 6
-      },
-      "backupTrail": {
-        "enabled": true,
-        "maxLength": 3
+        "region": "local"
       },
       "blobQuota": 5368709120
     }
@@ -90,4 +68,4 @@
   "prometheus": {
     "addr": "127.0.0.1:9500"
   }
-}
+}

components/ws-manager-mk2/ws-manager-mk2.code-workspace

@@ -2,9 +2,9 @@
     "folders": [
        { "path": "../common-go" },
        { "path": "../ws-daemon" },
-       { "path": "../ws-manager" },
        { "path": "../ws-manager-api" },
        { "path": "../ws-manager-mk2" },
+       { "path": "../scrubber" },
        { "path": "../server" },
        { "path": "../../test" },
        { "path": "../../dev/gpctl" },