Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix for [Repository] refactor fluxv2 to use managed-by annotation instead of system flag #4871 #5714

Merged
merged 16 commits into from
Nov 29, 2022
Merged

fix for [Repository] refactor fluxv2 to use managed-by annotation instead of system flag #4871 #5714

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
4ea0e8f
incremental
gfichtenholt Nov 21, 2022
13a874e
incremental
gfichtenholt Nov 21, 2022
744149c
Merge branch 'main' into flux-incremental-4
gfichtenholt Nov 23, 2022
4ad1d60
incremental
gfichtenholt Nov 24, 2022
c3aa062
Merge branch 'main' into flux-incremental-4
gfichtenholt Nov 24, 2022
25419d6
incremental
gfichtenholt Nov 24, 2022
6c1e007
incremental
gfichtenholt Nov 24, 2022
b30a1c6
undo unintented change
gfichtenholt Nov 24, 2022
8495e0a
undo unintended change
gfichtenholt Nov 24, 2022
7a0f617
after upgrade buf and protoc gen
gfichtenholt Nov 24, 2022
388fa58
Merge branch 'main' into flux-incremental-4
gfichtenholt Nov 24, 2022
f5bfe7e
cleanup unintended changes
gfichtenholt Nov 29, 2022
64d1afc
dimitri's comments
gfichtenholt Nov 29, 2022
88c2888
dimitri comments #2
gfichtenholt Nov 29, 2022
1d13d7a
Merge branch 'main' into flux-incremental-4
gfichtenholt Nov 29, 2022
5da6372
fix integration tests
gfichtenholt Nov 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions chart/kubeapps/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -472,7 +472,6 @@ Once you have installed Kubeapps follow the [Getting Started Guide](https://gith
| `kubeappsapis.pluginConfig.kappController.packages.v1alpha1.defaultAllowDowngrades` | Default policy for allowing applications to be downgraded to previous versions | `false` |
| `kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace` | Default global packaging namespace | `kapp-controller-packaging-global` |
| `kubeappsapis.pluginConfig.flux.packages.v1alpha1.defaultUpgradePolicy` | Default upgrade policy generating version constraints | `none` |
| `kubeappsapis.pluginConfig.flux.packages.v1alpha1.userManagedSecrets` | Default policy for handling repository secrets, either managed by the user or by kubeapps-apis | `false` |
| `kubeappsapis.pluginConfig.flux.packages.v1alpha1.noCrossNamespaceRefs` | Enable this flag to disallow cross-namespace references, useful when running Flux on multi-tenant clusters | `false` |
| `kubeappsapis.pluginConfig.resources.packages.v1alpha1.trustedNamespaces.headerName` | Optional header name for trusted namespaces | `""` |
| `kubeappsapis.pluginConfig.resources.packages.v1alpha1.trustedNamespaces.headerPattern` | Optional header pattern for trusted namespaces | `""` |
Expand Down Expand Up @@ -1054,4 +1053,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
limitations under the License.
2 changes: 0 additions & 2 deletions chart/kubeapps/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1537,8 +1537,6 @@ kubeappsapis:
## @param kubeappsapis.pluginConfig.flux.packages.v1alpha1.defaultUpgradePolicy Default upgrade policy generating version constraints
## enum: [ "major", "minor", "patch", "none" ]
defaultUpgradePolicy: none
## @param kubeappsapis.pluginConfig.flux.packages.v1alpha1.userManagedSecrets Default policy for handling repository secrets, either managed by the user or by kubeapps-apis
userManagedSecrets: false
## @param kubeappsapis.pluginConfig.flux.packages.v1alpha1.noCrossNamespaceRefs Enable this flag to disallow cross-namespace references, useful when running Flux on multi-tenant clusters
noCrossNamespaceRefs: false
resources:
Expand Down
8 changes: 0 additions & 8 deletions cmd/kubeapps-apis/docs/kubeapps-apis.swagger.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4437,14 +4437,6 @@
],
"default": "PACKAGE_REPOSITORY_AUTH_TYPE_UNSPECIFIED"
},
"pluginsfluxv2packagesv1alpha1SetUserManagedSecretsResponse": {
"type": "object",
"properties": {
"value": {
"type": "boolean"
}
}
},
"protobufAny": {
"type": "object",
"properties": {
Expand Down
820 changes: 340 additions & 480 deletions cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1/fluxv2.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

422 changes: 181 additions & 241 deletions cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1/fluxv2.pb.gw.go
View file
Open in desktop

Large diffs are not rendered by default.

38 changes: 0 additions & 38 deletions cmd/kubeapps-apis/gen/plugins/fluxv2/packages/v1alpha1/fluxv2_grpc.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 1 addition & 5 deletions cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -782,8 +782,6 @@ func testKindClusterAvailablePackageEndpointsForOCIHelper(
}
}

setUserManagedSecretsAndCleanup(t, fluxPluginReposClient, true)

if err := kubeAddHelmRepositoryAndCleanup(
t, repoName, "oci", tc.registryUrl, secretName, 0); err != nil {
t.Fatal(err)
Expand Down Expand Up @@ -925,7 +923,7 @@ func testKindClusterAvailablePackageEndpointsForOCIHelper(
}

func TestKindClusterAvailablePackageEndpointsOCIRepo2Charts(t *testing.T) {
fluxPluginClient, fluxPluginReposClient, err := checkEnv(t)
fluxPluginClient, _, err := checkEnv(t)
if err != nil {
t.Fatal(err)
}
Expand Down Expand Up @@ -966,8 +964,6 @@ func TestKindClusterAvailablePackageEndpointsOCIRepo2Charts(t *testing.T) {
}
}

setUserManagedSecretsAndCleanup(t, fluxPluginReposClient, true)

if err := kubeAddHelmRepositoryAndCleanup(
t, repoName, "oci", tc.registryUrl, secretName, 0); err != nil {
t.Fatal(err)
Expand Down
31 changes: 1 addition & 30 deletions cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/common/utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ import (
"google.golang.org/grpc/status"
"helm.sh/helm/v3/pkg/getter"
apiv1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/wait"
Expand Down Expand Up @@ -95,7 +94,7 @@ func NewDefaultPluginConfig() *FluxPluginConfig {
VersionsInSummary: pkgutils.GetDefaultVersionsInSummary(),
TimeoutSeconds: int32(-1),
DefaultUpgradePolicy: pkgutils.UpgradePolicyNone,
UserManagedSecrets: false,
NoCrossNamespaceRefs: false,
}
}

Expand Down Expand Up @@ -132,28 +131,6 @@ func NamespacedName(obj ctrlclient.Object) (*types.NamespacedName, error) {
}
}

// "Local" in the sense of no namespace is specified
func NewLocalOpaqueSecret(ownerRepo types.NamespacedName) *apiv1.Secret {
return &apiv1.Secret{
ObjectMeta: metav1.ObjectMeta{
GenerateName: ownerRepo.Name + "-",
},
Type: apiv1.SecretTypeOpaque,
Data: map[string][]byte{},
}
}

// "Local" in the sense of no namespace is specified
func NewLocalDockerConfigJsonSecret(ownerRepo types.NamespacedName) *apiv1.Secret {
return &apiv1.Secret{
ObjectMeta: metav1.ObjectMeta{
GenerateName: ownerRepo.Name + "-",
},
Type: apiv1.SecretTypeDockerConfigJson,
Data: map[string][]byte{},
}
}

// ref: https://blog.trailofbits.com/2020/06/09/how-to-check-if-a-mutex-is-locked-in-go/
// I understand this is not really "kosher" in general for production usage,
// but in one specific case (cache populateWith() func) it's okay as a confidence test
Expand Down Expand Up @@ -449,10 +426,6 @@ type FluxPluginConfig struct {
VersionsInSummary pkgutils.VersionsInSummary
TimeoutSeconds int32
DefaultUpgradePolicy pkgutils.UpgradePolicy
// whether or not secrets are fully managed by user or kubeapps
// see comments in design spec under AddPackageRepository.
// false (i.e. kubeapps manages secrets) by default
UserManagedSecrets bool
// ref https://github.com/vmware-tanzu/kubeapps/issues/5541
NoCrossNamespaceRefs bool
}
Expand All @@ -477,7 +450,6 @@ func ParsePluginConfig(pluginConfigPath string) (*FluxPluginConfig, error) {
Packages struct {
V1alpha1 struct {
DefaultUpgradePolicy string `json:"defaultUpgradePolicy"`
UserManagedSecrets bool `json:"userManagedSecrets"`
NoCrossNamespaceRefs bool `json:"noCrossNamespaceRefs"`
} `json:"v1alpha1"`
} `json:"packages"`
Expand All @@ -504,7 +476,6 @@ func ParsePluginConfig(pluginConfigPath string) (*FluxPluginConfig, error) {
VersionsInSummary: config.Core.Packages.V1alpha1.VersionsInSummary,
TimeoutSeconds: config.Core.Packages.V1alpha1.TimeoutSeconds,
DefaultUpgradePolicy: defaultUpgradePolicy,
UserManagedSecrets: config.Flux.Packages.V1alpha1.UserManagedSecrets,
NoCrossNamespaceRefs: config.Flux.Packages.V1alpha1.NoCrossNamespaceRefs,
}, nil
}
Expand Down
71 changes: 71 additions & 0 deletions cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/global_vars_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1505,6 +1505,32 @@ var (
}
}

add_repo_req_30 = &corev1.AddPackageRepositoryRequest{
Name: "bar",
Context: &corev1.Context{Namespace: "foo"},
Type: "helm",
NamespaceScoped: true,
Url: "http://example.com",
Auth: &corev1.PackageRepositoryAuth{
Type: corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_BASIC_AUTH,
PackageRepoAuthOneOf: &corev1.PackageRepositoryAuth_UsernamePassword{
UsernamePassword: &corev1.UsernamePassword{
Username: "foo",
Password: "bar",
},
},
},
TlsConfig: &corev1.PackageRepositoryTlsConfig{
InsecureSkipVerify: false,
PackageRepoTlsConfigOneOf: &corev1.PackageRepositoryTlsConfig_SecretRef{
SecretRef: &corev1.SecretKeyReference{
Name: "secret-1",
Key: "caFile",
},
},
},
}

add_repo_expected_resp = &corev1.AddPackageRepositoryResponse{
PackageRepoRef: repoRef("bar", "foo"),
}
Expand Down Expand Up @@ -3117,6 +3143,7 @@ var (
Username: redactedString,
Password: redactedString,
Server: redactedString,
Email: redactedString,
},
},
},
Expand Down Expand Up @@ -3158,6 +3185,7 @@ var (
Username: redactedString,
Password: redactedString,
Server: redactedString,
Email: redactedString,
},
},
},
Expand Down Expand Up @@ -3447,6 +3475,49 @@ var (
}
}

update_repo_req_19 = &corev1.UpdatePackageRepositoryRequest{
PackageRepoRef: repoRefInReq("repo-1", "namespace-1"),
Url: "http://newurl.com",
Auth: &corev1.PackageRepositoryAuth{
Type: corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_BASIC_AUTH,
PackageRepoAuthOneOf: &corev1.PackageRepositoryAuth_UsernamePassword{
UsernamePassword: &corev1.UsernamePassword{
Username: "foo",
Password: "bar",
},
},
},
TlsConfig: &corev1.PackageRepositoryTlsConfig{
InsecureSkipVerify: false,
PackageRepoTlsConfigOneOf: &corev1.PackageRepositoryTlsConfig_SecretRef{
SecretRef: &corev1.SecretKeyReference{
Name: "secret-1",
Key: "caFile",
},
},
},
}

update_repo_req_20 = &corev1.UpdatePackageRepositoryRequest{
PackageRepoRef: repoRefInReq("repo-1", "namespace-1"),
Url: "http://newurl.com",
Auth: &corev1.PackageRepositoryAuth{
Type: corev1.PackageRepositoryAuth_PACKAGE_REPOSITORY_AUTH_TYPE_BASIC_AUTH,
PackageRepoAuthOneOf: &corev1.PackageRepositoryAuth_UsernamePassword{
UsernamePassword: &corev1.UsernamePassword{
Username: "foo",
Password: "bar",
},
},
},
}

update_repo_req_21 = &corev1.UpdatePackageRepositoryRequest{
PackageRepoRef: repoRefInReq("repo-1", "namespace-1"),
Url: "http://newurl.com",
Auth: secret_1_auth,
}

update_repo_resp_1 = &corev1.UpdatePackageRepositoryResponse{
PackageRepoRef: repoRef("repo-1", "namespace-1"),
}
Expand Down
7 changes: 5 additions & 2 deletions cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/integration_utils_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -824,8 +824,8 @@ func kubeCreateSecret(t *testing.T, secret *apiv1.Secret) error {
return err
}

func kubeSetSecretOwnerRef(t *testing.T, secretName types.NamespacedName, ownerRepo *sourcev1.HelmRepository) error {
t.Logf("+kubeSetSecretOwnerRef(%s, %s)", secretName, ownerRepo.Name)
func kubeSetKubeappsManagedSecretOwnerRef(t *testing.T, secretName types.NamespacedName, ownerRepo *sourcev1.HelmRepository) error {
t.Logf("+kubeSetKubeappsManagedSecretOwnerRef(%s, %s)", secretName, ownerRepo.Name)
typedClient, err := kubeGetTypedClient()
if err != nil {
return err
Expand All @@ -843,6 +843,9 @@ func kubeSetSecretOwnerRef(t *testing.T, secretName types.NamespacedName, ownerR
return err
}

// also sets managed-By annotation
setSecretManagedByKubeapps(secret)

secret.OwnerReferences = []metav1.OwnerReference{
*metav1.NewControllerRef(
ownerRepo,
Expand Down
2 changes: 0 additions & 2 deletions cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/release_integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1524,8 +1524,6 @@ func createAndWaitForHelmRelease(
}
}

setUserManagedSecretsAndCleanup(t, fluxPluginReposClient, true)

err := kubeAddHelmRepositoryAndCleanup(t, name, tc.repoType, tc.repoUrl, secretName, tc.repoInterval)
if err != nil {
t.Fatal(err)
Expand Down
Loading