diff --git a/.github/.codecov.yml b/.github/.codecov.yml new file mode 100644 index 0000000000..c17bea84b0 --- /dev/null +++ b/.github/.codecov.yml @@ -0,0 +1,20 @@ +# To validate: +# cat codecov.yml | curl --data-binary @- https://codecov.io/validate + +codecov: + notify: + require_ci_to_pass: yes + +coverage: + status: + patch: false + + status: + project: + default: + target: auto + threshold: 1% + patch: + default: + enabled: no # disable patch since it is noisy and not correct + if_not_found: success \ No newline at end of file diff --git a/.github/actions/cleanup-files/action.yaml b/.github/actions/cleanup-files/action.yaml index d490cc086b..d466daf3a8 100644 --- a/.github/actions/cleanup-files/action.yaml +++ b/.github/actions/cleanup-files/action.yaml @@ -7,10 +7,16 @@ runs: - run: | lsblk -f + echo "removing some github actions pre-installed tools to save space" + sudo rm -rf /usr/share/dotnet + sudo rm -rf /opt/ghc + sudo rm -rf /opt/hostedtoolcache/CodeQL + sudo docker system prune --all --force + + echo "removing zarf sboms, packages, cache" sudo rm -rf zarf-sbom /tmp/zarf-* sudo env "PATH=$PATH" CI=true make delete-packages sudo build/zarf tools clear-cache - sudo docker system prune --all --force lsblk -f shell: bash diff --git a/.github/actions/debug-cluster/action.yaml b/.github/actions/debug-cluster/action.yaml new file mode 100644 index 0000000000..e1f457cd92 --- /dev/null +++ b/.github/actions/debug-cluster/action.yaml @@ -0,0 +1,22 @@ +name: debug-cluster +description: "Setup Go binary and caching" + +runs: + using: composite + steps: + - run: | + echo "***** Getting pods *****" + kubectl get pods -A + + echo "***** Getting pods yaml *****" + kubectl get pods -A -o yaml + + echo "***** Describing pods *****" + kubectl describe pods -A + + echo "***** Getting nodes *****" + kubectl get nodes -A + + echo "***** describing nodes *****" + kubectl describe nodes -A + shell: bash diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml index e8e052b640..92372d73b8 100644 --- a/.github/actions/install-tools/action.yaml +++ b/.github/actions/install-tools/action.yaml @@ -8,11 +8,4 @@ runs: - uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8 - - name: install grype - env: - # renovate: datasource=github-tags depName=anchore/grype versioning=semver - VERSION: v0.74.6 - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin $VERSION" - shell: bash - - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000000..7465f35a07 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,18 @@ +version: 2 +updates: + - package-ecosystem: gomod + directory: / + schedule: + interval: daily + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + - package-ecosystem: npm + directory: / + schedule: + interval: daily + - package-ecosystem: cargo + directory: / + schedule: + interval: daily diff --git a/.github/workflows/build-rust-injector.yml b/.github/workflows/build-rust-injector.yml index eb41af52c7..a302c1dfa0 100644 --- a/.github/workflows/build-rust-injector.yml +++ b/.github/workflows/build-rust-injector.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Repo" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install tools uses: ./.github/actions/install-tools @@ -34,7 +34,7 @@ jobs: shasum zarf-injector-arm64 >> checksums.txt - name: Auth with AWS - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.AWS_WRITE_ROLE }} role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }} diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index b83d5d3350..a03541314d 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -16,12 +16,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - name: Install commitlint run: npm install --save-dev @commitlint/{config-conventional,cli} diff --git a/.github/workflows/compare-cves.yml b/.github/workflows/compare-cves.yml deleted file mode 100644 index dce4118ba5..0000000000 --- a/.github/workflows/compare-cves.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Compare CVEs to main - -permissions: - contents: read - -on: - pull_request: - paths: - - "go.mod" - - "go.sum" - - "cargo.toml" - - "cargo.lock" - merge_group: - paths: - - "go.mod" - - "go.sum" - - "cargo.toml" - - "cargo.lock" - -jobs: - validate: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - ref: ${{ github.head_ref || github.ref_name }} - - - name: fetch main - run: git fetch origin main --depth 1 - - - name: Setup golang - uses: ./.github/actions/golang - - - name: Install tools - uses: ./.github/actions/install-tools - - - name: Check for CVEs in Dependencies - run: "hack/check-vulnerabilities.sh" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 8e12c590e0..ed74def218 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -6,10 +6,10 @@ permissions: contents: read jobs: - validate: + dependency-review: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Dependency Review - uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3 + uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml index f922e89dba..ca9bf97ca4 100644 --- a/.github/workflows/nightly-ecr.yml +++ b/.github/workflows/nightly-ecr.yml @@ -15,11 +15,11 @@ permissions: contents: read jobs: - validate: + ecr-nightly-test: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -28,7 +28,7 @@ jobs: run: make build-cli-linux-amd - name: Auth with AWS - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }} role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }} diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml index 1fe4f4ad7c..35b94721b9 100644 --- a/.github/workflows/nightly-eks.yml +++ b/.github/workflows/nightly-eks.yml @@ -23,11 +23,11 @@ concurrency: cancel-in-progress: true jobs: - validate: + eks-nightly-test: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -36,12 +36,12 @@ jobs: uses: ./.github/actions/packages - name: Auth with AWS - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }} role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }} aws-region: us-east-1 - role-duration-seconds: 3600 + role-duration-seconds: 7200 - name: Build the eks package run: ./build/zarf package create packages/distros/eks -o build --confirm @@ -57,6 +57,10 @@ jobs: - name: Run tests run: make test-e2e-with-cluster ARCH=amd64 + - name: show cluster logs + uses: ./.github/actions/debug-cluster + if: always() + - name: Teardown the cluster if: always() run: | diff --git a/.github/workflows/publish-application-packages.yml b/.github/workflows/publish-application-packages.yml index 59be8e3ff3..3944aa0abb 100644 --- a/.github/workflows/publish-application-packages.yml +++ b/.github/workflows/publish-application-packages.yml @@ -18,7 +18,7 @@ jobs: packages: write steps: - name: "Checkout Repo" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.event.inputs.branchName }} @@ -26,7 +26,7 @@ jobs: uses: defenseunicorns/setup-zarf@10e539efed02f75ec39eb8823e22a5c795f492ae #v1.0.1 - name: "Login to GHCR" - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: dummy diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f8e6e36604..f7f4b765c8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,14 +9,14 @@ on: - "v*" jobs: - build: + build-release: runs-on: ubuntu-latest permissions: packages: write steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 @@ -32,7 +32,7 @@ jobs: make build-cli-linux-arm - name: "Zarf Agent: Login to GHCR" - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: dummy @@ -63,7 +63,7 @@ jobs: - name: Publish Init Package as OCI and Skeleton run: | - make publish-init-package ARCH=amd64 REPOSITORY_URL=ghcr.io/zerf-dev/packages + make publish-init-package ARCH=amd64 REPOSITORY_URL=ghcr.io/zarf-dev/packages make publish-init-package ARCH=arm64 REPOSITORY_URL=ghcr.io/zarf-dev/packages # Create a CVE report based on this build @@ -72,24 +72,24 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ retention-days: 1 - validate: + validate-release: runs-on: ubuntu-latest - needs: build + needs: build-release steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -114,16 +114,16 @@ jobs: if: always() uses: ./.github/actions/save-logs - push: + create-release: runs-on: ubuntu-latest - needs: validate + needs: validate-release environment: release permissions: contents: write steps: # Checkout the repo and setup the tooling for this job - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 @@ -134,19 +134,11 @@ jobs: uses: ./.github/actions/install-tools - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ - # Set up AWS credentials for GoReleaser to upload backups of artifacts to S3 - - name: Set AWS Credentials - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 - with: - aws-access-key-id: ${{ secrets.AWS_GOV_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_GOV_SECRET_ACCESS_KEY }} - aws-region: us-gov-west-1 - - name: Make zarf executable and skip brew latest for pre-release tags run: | chmod +x build/zarf @@ -175,7 +167,7 @@ jobs: - name: Get Brew tap repo token id: brew-tap-token - uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0 + uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3 with: app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }} private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }} @@ -194,7 +186,7 @@ jobs: HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }} - name: Save CVE report - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: cve-report path: build/zarf-known-cves.csv diff --git a/.github/workflows/scan-codeql.yml b/.github/workflows/scan-codeql.yml index dd72737ab2..e5ab9bd6d8 100644 --- a/.github/workflows/scan-codeql.yml +++ b/.github/workflows/scan-codeql.yml @@ -30,7 +30,7 @@ on: - cron: "32 2 * * 5" jobs: - validate: + codeql-scan: runs-on: ubuntu-latest permissions: actions: read @@ -46,14 +46,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: languages: ${{ matrix.language }} config-file: ./.github/codeql.yaml @@ -62,6 +62,6 @@ jobs: run: make build-cli-linux-amd - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scan-cves.yml b/.github/workflows/scan-cves.yml deleted file mode 100644 index 2851849bf7..0000000000 --- a/.github/workflows/scan-cves.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Analyze CVEs - -permissions: - contents: read - -on: - schedule: - - cron: "0 10 * * *" - -jobs: - validate: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Setup golang - uses: ./.github/actions/golang - - - name: Install tools - uses: ./.github/actions/install-tools - - - name: Check for CVEs in Dependencies - run: "make test-cves" diff --git a/.github/workflows/scan-docs-and-schema.yml b/.github/workflows/scan-docs-and-schema.yml index 4d18ba393f..c4819b6525 100644 --- a/.github/workflows/scan-docs-and-schema.yml +++ b/.github/workflows/scan-docs-and-schema.yml @@ -7,11 +7,11 @@ permissions: contents: read jobs: - validate: + validate-docs-and-schema: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang diff --git a/.github/workflows/scan-lint.yml b/.github/workflows/scan-lint.yml index d72450d66e..95642fe5cc 100644 --- a/.github/workflows/scan-lint.yml +++ b/.github/workflows/scan-lint.yml @@ -7,10 +7,10 @@ permissions: contents: read jobs: - validate: + lint: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run golangci-lint - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 + uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index f98ea7bdd1..e4c9399538 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -22,12 +22,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -36,7 +36,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml index 1dd568bb26..48d2f795cf 100644 --- a/.github/workflows/test-bigbang.yml +++ b/.github/workflows/test-bigbang.yml @@ -30,11 +30,11 @@ concurrency: cancel-in-progress: true jobs: - build: + build-bigbang: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -46,7 +46,7 @@ jobs: build-examples: "false" - name: Login to Iron Bank - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} env: IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} @@ -63,21 +63,21 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ retention-days: 1 - validate: + validate-bigbang: runs-on: ubuntu-latest - needs: build + needs: build-bigbang steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -97,7 +97,7 @@ jobs: uses: ./.github/actions/k3d - name: Login to Iron Bank - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: ${{ env.IRON_BANK_ROBOT_USERNAME != '' }} env: IRON_BANK_ROBOT_USERNAME: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 7a689ba7c0..51faff752d 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -31,11 +31,11 @@ concurrency: jobs: # Build the binary and init package - build: + build-e2e: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -47,7 +47,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ @@ -55,13 +55,13 @@ jobs: validate-without-cluster: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -90,13 +90,13 @@ jobs: # Run the tests on k3d validate-k3d: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -119,6 +119,10 @@ jobs: run: | make test-e2e-with-cluster ARCH=amd64 + - name: get cluster info + uses: ./.github/actions/debug-cluster + if: always() + - name: Save logs if: always() uses: ./.github/actions/save-logs @@ -128,13 +132,13 @@ jobs: # Run the tests on k3s validate-k3s: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -166,13 +170,13 @@ jobs: # Run the tests on kind validate-kind: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -197,6 +201,10 @@ jobs: run: | make test-e2e-with-cluster ARCH=amd64 + - name: get cluster info + uses: ./.github/actions/debug-cluster + if: always() + - name: Save logs if: always() uses: ./.github/actions/save-logs @@ -206,13 +214,13 @@ jobs: # Run the tests on minikube validate-minikube: runs-on: ubuntu-latest - needs: build + needs: build-e2e steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ @@ -235,6 +243,10 @@ jobs: run: | make test-e2e-with-cluster ARCH=amd64 + - name: get cluster info + uses: ./.github/actions/debug-cluster + if: always() + - name: Save logs if: always() uses: ./.github/actions/save-logs diff --git a/.github/workflows/test-external.yml b/.github/workflows/test-external.yml index f288989c8f..8fcb4c5683 100644 --- a/.github/workflows/test-external.yml +++ b/.github/workflows/test-external.yml @@ -30,11 +30,11 @@ concurrency: cancel-in-progress: true jobs: - validate: + validate-external: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -48,9 +48,16 @@ jobs: - name: Setup k3d uses: ./.github/actions/k3d + - name: Cleanup files + uses: ./.github/actions/cleanup-files + - name: Run external service test run: make test-external + - name: get cluster info + uses: ./.github/actions/debug-cluster + if: always() + - name: Save logs if: always() uses: ./.github/actions/save-logs diff --git a/.github/workflows/test-site.yml b/.github/workflows/test-site.yml index af0a3baef9..f581379037 100644 --- a/.github/workflows/test-site.yml +++ b/.github/workflows/test-site.yml @@ -12,17 +12,17 @@ concurrency: cancel-in-progress: true jobs: - validate: + validate-site: runs-on: ubuntu-latest defaults: run: working-directory: ./site steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 - name: npm ci run: npm ci diff --git a/.github/workflows/test-unit.yml b/.github/workflows/test-unit.yml index 8ea2cc7bdb..4690674604 100644 --- a/.github/workflows/test-unit.yml +++ b/.github/workflows/test-unit.yml @@ -34,11 +34,11 @@ concurrency: cancel-in-progress: true jobs: - validate: + validate-unit: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -47,6 +47,6 @@ jobs: run: make test-unit - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml index 552d79e103..a3230eb6a7 100644 --- a/.github/workflows/test-upgrade.yml +++ b/.github/workflows/test-upgrade.yml @@ -30,11 +30,11 @@ concurrency: cancel-in-progress: true jobs: - build: + build-upgrade: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup golang uses: ./.github/actions/golang @@ -46,21 +46,21 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ retention-days: 1 - validate: + validate-upgrade: runs-on: ubuntu-latest - needs: build + needs: build-upgrade steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download build artifacts - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: build-artifacts path: build/ diff --git a/.github/workflows/test-windows.yml b/.github/workflows/test-windows.yml index 08b1a6e845..d9d9172a75 100644 --- a/.github/workflows/test-windows.yml +++ b/.github/workflows/test-windows.yml @@ -34,7 +34,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run Windows unit tests run: make test-unit @@ -44,7 +44,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Build Windows binary and zarf packages uses: ./.github/actions/packages diff --git a/.golangci.yaml b/.golangci.yaml index ab7cc77904..58aaa823f9 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -14,6 +14,8 @@ linters: - goimports - nolintlint - testifylint + - whitespace + - errorlint linters-settings: govet: enable-all: true @@ -56,6 +58,7 @@ linters-settings: testifylint: enable-all: true errcheck: + check-type-assertions: true exclude-functions: - (*github.com/spf13/cobra.Command).Help - (*github.com/spf13/cobra.Command).MarkFlagRequired diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 8af7ee7d5b..013fa21c9a 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -64,7 +64,7 @@ changelog: # NOTE: We are explicitly adding the init-packages that are built prior to GoReleaser stage in the GitHub Actions workflow release: github: - owner: defenseunicorns + owner: zarf-dev name: zarf prerelease: auto mode: append @@ -107,10 +107,3 @@ brews: commit_msg_template: "build(release): {{ .ProjectName }}@{{ .Tag }}" homepage: "https://zarf.dev/" description: "DevSecOps for Air Gap" - -# Upload artifact backups to s3 -blobs: - - provider: s3 - region: us-gov-west-1 - bucket: zarf-public - directory: "release/{{.Version}}" diff --git a/.grype.yaml b/.grype.yaml deleted file mode 100644 index 1ed8fe29e9..0000000000 --- a/.grype.yaml +++ /dev/null @@ -1,4 +0,0 @@ -ignore: - # From helm - This behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). - # https://helm.sh/blog/response-cve-2019-25210/ - - vulnerability: GHSA-jw44-4f3j-q396 diff --git a/adr/0025-logging.md b/adr/0025-logging.md new file mode 100644 index 0000000000..dbd8664c7c --- /dev/null +++ b/adr/0025-logging.md @@ -0,0 +1,235 @@ +# 25. Logging + +Date: 2024-06-06 + +## Status + +Proposed + +## Context + +Zarf is currently using an in-house built logging solution which in turn depends on pterm. This solution is used to output information to the end user who is using the Zarf CLI. This output is for the most part formatted with the purpose of CLI user experience. Logging function calls are done both in the CLI specific code as well as in the packages. The logging is implemented in such a way that different levels exist with different impacts and log destinations. A common pattern that is used is to call `message.Fatal` whenever an error occurs. This will output the message to STDERR while writing the actual error message to a debug log and exiting the program. Exiting the program in this manner makes unit testing difficult while also skipping proper context handling and skipping any clean-up that was intended to run before exiting the program. Some logging components like the progress bar and spinner are accessed through a shared global state that is not thread safe. The coupling to logging becomes complicated as disabling the progress bar is a challenge while multi threading these functions which access the global state resulting in complicated access patterns. + +## Decision + +I am proposing to completely refactor the logging functionality to follow a more standardized format using the newish slog interfaces. On top of that we would refactor the current internationalization by converting them to standardized errors. + +* Replace the message package with a slog interface. +* Replace the lang package with static errors. +* Remove any use of `message.Fatal` and instead return errors. +* Refactor use of `message.WarnErr` to either return error or to log the error. +* Refactor existing functions that print formatted outputs to defer the printing to the CLI. +* Define a new interface for spinner and progress bar that is passed in as a function parameter. + +The message package currently exports the following functions which should be replaced by its logr counterpart. + +| Function | Replacement | Comment | +| --- | --- | --- | +| ZarfCommand | Info | Just formats a slice as a command. | +| Command | Info | Outputs a command with a prefix and style. | +| Debug | Debug | | +| Debugf | Debug | | +| ErrorWebf | N/A | Not used anywhere. | +| Warn | Warn | | +| Warnf | Warn | | +| WarnErr | Warn | | +| WarnErrf | Warn | | +| Fatal | N/A | Should not be used. | +| Fatalf | N/A | Should not be used. | +| Info | Info | | +| Infof | Info | | +| Success | Info | Seems to be a info log with a checkmark prefix. | +| Successf | Info | Seems to be a info log with a checkmark prefix. | +| Question | ? | Open question how to resolve this. | +| Questionf | ? | Open question how to resolve this. | +| Note | Info | Should just be an info or maybe a debug log. | +| Notef | Info | Should just be an info or maybe a debug log. | +| Title | ? | Not sure how this should be replaced as it formats with separator. | +| HeaderInfof | ? | | +| HorizontalRule | ? | | +| JSONValue | N/A | Should be replaced with a marshal. | +| Paragraph | ? | | +| Paragraphn | ? | | +| PrintDiff | ? | | +| Table | ? | Need to come up with a good syntax for functions to return output that can print as a table. | +| ColorWrap | ? | Should this be used? | +| PrintConnectStringTable | N/A | This logic should not exist in the message package. | +| PrintCredentialTable | N/A | This logic should not exist in the message package. | +| PrintComponentCredential | N/A | This logic should not exist in the message package. | +| PrintCredentialUpdates | N/A | This logic should not exist in the message package. | +| Spinner | Interface | New Spinner interface. | +| ProgressBar | Interface | New progress bar interface. | + +The majority of simple logging changes should be possible with little signature changes. Replacing the existing output with a slog interface would allow other implementations to be used. A challenge initially may be the changes to table output formatting to make it work properly. This change will require some refactoring of existing code. A requirement for the changes is that they have to improve the UX for users looking at log files. As I understand the present day the spinners will cause a new line everytime they update, resulting in a lot of bloat. A goal should be to make sure that this does not happen in the future. + +Spinners and progress bars however are a bit more challenging. They need to be refactored so that they are no longer instantiated outside of the CLI code. They should instead be passed as a function parameter to each function that needs them. A good example of a project that solves the problem in a similar manner is Kind. In Kind they create a [status object from the logger](https://github.com/kubernetes-sigs/kind/blob/7799e72306db315ea4f4b1cac90ff68404da4f28/pkg/internal/cli/status.go#L39) which they then [pass to where it is needed](https://github.com/kubernetes-sigs/kind/blob/7799e72306db315ea4f4b1cac90ff68404da4f28/pkg/cluster/internal/create/create.go#L133). Doing so results in a single status object created which is reused where ever it is needed. A lot of inspiration can be take from how Kind deals with CLI output. While they use klog instead of slog there are a lot of similarities. They have for example a check if the output is in a terminal or not, and will disable the spinner accordingly. + +Here is a suggestion for how a thread safe spinner could be implemented with a shared logger. This also allows for parallel spinners and progress bars. + +```golang +package main + +import ( + "context" + "fmt" + "io" + "log/slog" + "os" + "sync" + "time" + + "github.com/pterm/pterm" +) + +func main() { + err := run() + if err != nil { + panic(err) + } +} + +func run() error { + h := NewPtermHandler(os.Stderr) + log := slog.New(h) + + log.Info("before") + + spinner := NewSpinner(log) + spinner.Update("Running some job") + log.Info("after") + time.Sleep(1 * time.Second) + spinner.Update("Doing some update") + + time.Sleep(2 * time.Second) + + spinner.Succeed() + + time.Sleep(2 * time.Second) + + return nil +} + +type PtermHandler struct { + printer *pterm.MultiPrinter + attrs []slog.Attr + group string +} + +func NewPtermHandler(w io.Writer) *PtermHandler { + printer, _ := pterm.DefaultMultiPrinter.WithWriter(w).Start() + return &PtermHandler{ + printer: printer, + } +} + +func (h *PtermHandler) Enabled(context.Context, slog.Level) bool { + return true +} + +func (h *PtermHandler) Handle(ctx context.Context, r slog.Record) error { + l := fmt.Sprintf("%s: %s\n", r.Level, r.Message) + _, err := h.printer.NewWriter().Write([]byte(l)) + return err +} + +func (h *PtermHandler) WithAttrs(attrs []slog.Attr) slog.Handler { + return &PtermHandler{ + printer: h.printer, + attrs: append(h.attrs, attrs...), + group: h.group, + } +} + +func (h *PtermHandler) WithGroup(name string) slog.Handler { + return &PtermHandler{ + printer: h.printer, + attrs: h.attrs, + group: name, + } +} + +type Spinner struct { + sequence []string + mx sync.Mutex + log *slog.Logger + printer *pterm.MultiPrinter + firstStatus string + status string + spinner *pterm.SpinnerPrinter +} + +func NewSpinner(log *slog.Logger) *Spinner { + h, ok := log.Handler().(*PtermHandler) + if !ok { + return &Spinner{ + log: log, + } + } + return &Spinner{ + sequence: []string{` ⠋ `, ` ⠙ `, ` ⠹ `, ` ⠸ `, ` ⠼ `, ` ⠴ `, ` ⠦ `, ` ⠧ `, ` ⠇ `, ` ⠏ `}, + log: log, + printer: h.printer, + } +} + +func (s *Spinner) Update(status string) { + s.mx.Lock() + defer s.mx.Unlock() + + // Do not update if status is the same. + if s.status == status { + return + } + if s.firstStatus == "" { + s.firstStatus = status + } + s.status = status + + // If no printer we log normally. + if s.printer == nil { + s.log.Info(status) + return + } + + // Create or update the spinner. + if s.spinner == nil { + spinner, _ := pterm.DefaultSpinner.WithWriter(s.printer.NewWriter()).WithSequence(s.sequence...).Start(status) + s.spinner = spinner + return + } + s.spinner.UpdateText(status) +} + +func (s *Spinner) Fail() { + s.mx.Lock() + defer s.mx.Lock() + + if s.printer == nil { + return + } + s.spinner.Fail(s.firstStatus) +} + +func (s *Spinner) Succeed() { + s.mx.Lock() + defer s.mx.Unlock() + + if s.printer == nil { + return + } + s.spinner.Success(s.firstStatus) +} +``` + +The work will most likely have to be split into a couple of steps. + +1. Remove any use of message fatal. +2. Refactor table printing functions. +3. Replace message logging with a structured logger. +4. Replace spinner and progress bars. + +## Consequences + +Refactoring the message package would make importing Zarf packages as a library simpler. It would also simplify any unit testing and debugging efforts by using predictable errors. Additionally it should allow us to enable parallel testing where we have disabled it currently. + +While not intended it may have some user facing change if we chose to change the format of the log output slightly. While that may not be the intention currently it may become so in the future. diff --git a/examples/kiwix/manifests/deployment.yaml b/examples/kiwix/manifests/deployment.yaml index e187c684e6..ba05eb767c 100644 --- a/examples/kiwix/manifests/deployment.yaml +++ b/examples/kiwix/manifests/deployment.yaml @@ -6,6 +6,8 @@ metadata: labels: app: kiwix-serve spec: + strategy: + type: Recreate selector: matchLabels: app: kiwix-serve diff --git a/examples/podinfo-flux/git/podinfo-kustomization.yaml b/examples/podinfo-flux/git/podinfo-kustomization.yaml index bc8d5d50ef..aa251f98ce 100644 --- a/examples/podinfo-flux/git/podinfo-kustomization.yaml +++ b/examples/podinfo-flux/git/podinfo-kustomization.yaml @@ -1,5 +1,5 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: podinfo-git diff --git a/examples/podinfo-flux/git/podinfo-source.yaml b/examples/podinfo-flux/git/podinfo-source.yaml index 3b6351955c..937ebb4e5e 100644 --- a/examples/podinfo-flux/git/podinfo-source.yaml +++ b/examples/podinfo-flux/git/podinfo-source.yaml @@ -1,5 +1,5 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: podinfo diff --git a/go.mod b/go.mod index d69363783f..4e4ef20ac3 100644 --- a/go.mod +++ b/go.mod @@ -2,9 +2,14 @@ module github.com/zarf-dev/zarf go 1.22.4 +replace github.com/zarf-dev/zarf/src/api => ./src/api + // TODO (@AABRO): Pending merge into github.com/gojsonschema/gojsonschema (https://github.com/gojsonschema/gojsonschema/pull/5) replace github.com/xeipuuv/gojsonschema => github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6 +// TODO once helm updates to use v25.0.6 we can delete this +replace github.com/docker/docker => github.com/docker/docker v25.0.6+incompatible + require ( github.com/AlecAivazis/survey/v2 v2.3.7 github.com/Masterminds/semver/v3 v3.2.1 @@ -18,14 +23,15 @@ require ( github.com/derailed/k9s v0.31.7 github.com/distribution/reference v0.5.0 github.com/fairwindsops/pluto/v5 v5.18.4 - github.com/fatih/color v1.16.0 - github.com/fluxcd/helm-controller/api v0.37.4 + github.com/fatih/color v1.17.0 + github.com/fluxcd/gitkit v0.6.0 + github.com/fluxcd/helm-controller/api v1.0.1 github.com/fluxcd/pkg/apis/meta v1.5.0 github.com/fluxcd/source-controller/api v1.3.0 github.com/go-git/go-git/v5 v5.11.0 - github.com/goccy/go-yaml v1.11.3 + github.com/goccy/go-yaml v1.12.0 github.com/gofrs/flock v0.8.1 - github.com/google/go-containerregistry v0.19.0 + github.com/google/go-containerregistry v0.20.1 github.com/gosuri/uitable v0.0.4 github.com/invopop/jsonschema v0.12.0 github.com/mholt/archiver/v3 v3.5.1 @@ -38,23 +44,24 @@ require ( github.com/sigstore/cosign/v2 v2.2.3 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1 - github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.1 - github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.1 + github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7 + github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.18.2 github.com/stretchr/testify v1.9.0 github.com/xeipuuv/gojsonschema v1.2.0 - golang.org/x/crypto v0.24.0 + github.com/zarf-dev/zarf/src/api v0.0.0-00010101000000-000000000000 + golang.org/x/crypto v0.25.0 golang.org/x/sync v0.7.0 golang.org/x/term v0.22.0 - helm.sh/helm/v3 v3.14.2 - k8s.io/api v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/component-base v0.30.0 + helm.sh/helm/v3 v3.15.3 + k8s.io/api v0.30.3 + k8s.io/apimachinery v0.30.3 + k8s.io/client-go v0.30.3 + k8s.io/component-base v0.30.3 k8s.io/klog/v2 v2.120.1 - k8s.io/kubectl v0.29.1 + k8s.io/kubectl v0.30.0 oras.land/oras-go/v2 v2.5.0 sigs.k8s.io/cli-utils v0.36.0 sigs.k8s.io/kustomize/api v0.16.0 @@ -64,7 +71,9 @@ require ( require ( github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-logr/logr v1.4.2 // indirect + github.com/gofrs/uuid v4.2.0+incompatible // indirect ) require ( @@ -72,11 +81,11 @@ require ( atomicgo.dev/keyboard v0.2.9 // indirect atomicgo.dev/schedule v0.1.0 // indirect cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.6.0 // indirect + cloud.google.com/go/auth v0.6.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.9 // indirect - cloud.google.com/go/kms v1.18.0 // indirect + cloud.google.com/go/kms v1.18.2 // indirect cloud.google.com/go/longrunning v0.5.7 // indirect cloud.google.com/go/storage v1.42.0 // indirect cuelabs.dev/go/oci/ociregistry v0.0.0-20231103182354-93e78c079a13 // indirect @@ -146,22 +155,22 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/atotto/clipboard v0.1.4 // indirect github.com/aws/aws-sdk-go v1.54.9 // indirect - github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect + github.com/aws/aws-sdk-go-v2 v1.27.2 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.18 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.18 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 // indirect github.com/aws/aws-sdk-go-v2/service/kms v1.27.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect - github.com/aws/smithy-go v1.19.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 // indirect + github.com/aws/smithy-go v1.20.2 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/bahlo/generic-list-go v0.2.0 // indirect @@ -177,7 +186,7 @@ require ( github.com/buildkite/go-pipeline v0.3.2 // indirect github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/charmbracelet/bubbles v0.16.1 // indirect @@ -198,7 +207,7 @@ require ( github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/containerd/ttrpc v1.2.2 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect - github.com/coreos/go-oidc/v3 v3.9.0 // indirect + github.com/coreos/go-oidc/v3 v3.11.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect @@ -213,16 +222,16 @@ require ( github.com/dimchansky/utfbom v1.1.1 // indirect github.com/docker/cli v26.0.0+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v24.0.9+incompatible // indirect + github.com/docker/docker v25.0.6+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.0 // indirect - github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/edsrzf/mmap-go v1.1.0 // indirect - github.com/elliotchance/orderedmap v1.5.1 // indirect + github.com/elliotchance/orderedmap v1.6.0 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/emicklei/proto v1.12.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect @@ -233,7 +242,7 @@ require ( github.com/felixge/fgprof v0.9.3 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.3.0 // indirect - github.com/fluxcd/pkg/apis/kustomize v1.3.0 // indirect + github.com/fluxcd/pkg/apis/kustomize v1.5.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/fvbommel/sortorder v1.1.0 // indirect github.com/gabriel-vasile/mimetype v1.4.3 // indirect @@ -244,7 +253,7 @@ require ( github.com/go-chi/chi v4.1.2+incompatible // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.5.0 // indirect + github.com/go-git/go-billy/v5 v5.5.0 github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect @@ -261,9 +270,9 @@ require ( github.com/go-openapi/validate v0.22.4 // indirect github.com/go-piv/piv-go v1.11.0 // indirect github.com/go-restruct/restruct v1.2.0-alpha // indirect - github.com/go-test/deep v1.1.0 // indirect + github.com/go-test/deep v1.1.1 // indirect github.com/gobwas/glob v0.2.3 // indirect - github.com/goccy/go-json v0.10.2 // indirect + github.com/goccy/go-json v0.10.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect @@ -301,7 +310,7 @@ require ( github.com/hashicorp/go-sockaddr v1.0.5 // indirect github.com/hashicorp/go-version v1.7.0 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect - github.com/hashicorp/vault/api v1.10.0 // indirect + github.com/hashicorp/vault/api v1.14.0 // indirect github.com/huandu/xstrings v1.4.0 // indirect github.com/iancoleman/strcase v0.3.0 // indirect github.com/imdario/mergo v0.3.16 // indirect @@ -309,7 +318,7 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect - github.com/jellydator/ttlcache/v3 v3.1.1 // indirect + github.com/jellydator/ttlcache/v3 v3.2.0 // indirect github.com/jinzhu/copier v0.4.0 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect @@ -330,7 +339,7 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect - github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect + github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/lithammer/dedent v1.1.0 // indirect @@ -348,7 +357,7 @@ require ( github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect - github.com/mikefarah/yq/v4 v4.43.1 + github.com/mikefarah/yq/v4 v4.44.2 github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect @@ -366,7 +375,6 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect - github.com/morikuni/aec v1.0.0 // indirect github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de // indirect github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 // indirect @@ -392,7 +400,7 @@ require ( github.com/pborman/indent v1.2.1 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.2.0 // indirect + github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pierrec/lz4/v4 v4.1.18 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect @@ -425,7 +433,7 @@ require ( github.com/shopspring/decimal v1.3.1 // indirect github.com/sigstore/fulcio v1.4.3 // indirect github.com/sigstore/rekor v1.3.4 // indirect - github.com/sigstore/sigstore v1.8.1 // indirect + github.com/sigstore/sigstore v1.8.7 // indirect github.com/sigstore/timestamp-authority v1.2.1 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.2.1 // indirect @@ -473,29 +481,28 @@ require ( go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect go.opentelemetry.io/otel v1.27.0 // indirect go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/sdk v1.26.0 // indirect + go.opentelemetry.io/otel/sdk v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.step.sm/crypto v0.42.1 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 // indirect + golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.26.0 // indirect + golang.org/x/net v0.27.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sys v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect - google.golang.org/api v0.186.0 // indirect + google.golang.org/api v0.187.0 // indirect google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/evanphx/json-patch.v5 v5.6.0 // indirect - gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect @@ -505,16 +512,16 @@ require ( gorm.io/gorm v1.25.5 // indirect k8s.io/apiextensions-apiserver v0.30.0 // indirect k8s.io/apiserver v0.30.0 // indirect - k8s.io/cli-runtime v0.29.1 // indirect - k8s.io/component-helpers v0.29.1 // indirect + k8s.io/cli-runtime v0.30.0 // indirect + k8s.io/component-helpers v0.30.0 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/metrics v0.29.1 // indirect + k8s.io/metrics v0.30.0 // indirect k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect modernc.org/libc v1.29.0 // indirect modernc.org/mathutil v1.6.0 // indirect modernc.org/memory v1.7.2 // indirect modernc.org/sqlite v1.28.0 // indirect - oras.land/oras-go v1.2.4 // indirect + oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/controller-runtime v0.18.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/kustomize/v5 v5.0.4-0.20230601165947-6ce0bf390ce3 // indirect diff --git a/go.sum b/go.sum index a0be8e7f61..4d6331b57f 100644 --- a/go.sum +++ b/go.sum @@ -55,8 +55,8 @@ cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjby cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= -cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= -cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= +cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= +cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= @@ -123,8 +123,8 @@ cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= cloud.google.com/go/iam v1.1.9 h1:oSkYLVtVme29uGYrOcKcvJRht7cHJpYD09GM9JaR0TE= cloud.google.com/go/iam v1.1.9/go.mod h1:Nt1eDWNYH9nGQg3d/mY7U1hvfGmsaG9o/kLGoLoLXjQ= -cloud.google.com/go/kms v1.18.0 h1:pqNdaVmZJFP+i8OVLocjfpdTWETTYa20FWOegSCdrRo= -cloud.google.com/go/kms v1.18.0/go.mod h1:DyRBeWD/pYBMeyiaXFa/DGNyxMDL3TslIKb8o/JkLkw= +cloud.google.com/go/kms v1.18.2 h1:EGgD0B9k9tOOkbPhYW1PHo2W0teamAUYMOUIcDRMfPk= +cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= @@ -265,8 +265,8 @@ github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M= github.com/CycloneDX/cyclonedx-go v0.8.0/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= -github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= +github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= +github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= @@ -425,41 +425,41 @@ github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX github.com/aws/aws-sdk-go v1.54.9 h1:e0Czh9AhrCVPuyaIUnibYmih3cYexJKlqlHSJ2eMKbI= github.com/aws/aws-sdk-go v1.54.9/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= -github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= -github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= -github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o= -github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4= -github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8= -github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y= +github.com/aws/aws-sdk-go-v2 v1.27.2 h1:pLsTXqX93rimAOZG2FIYraDQstZaaGVVN4tNw65v0h8= +github.com/aws/aws-sdk-go-v2 v1.27.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.18 h1:wFvAnwOKKe7QAyIxziwSKjmer9JBMH1vzIL6W+fYuKk= +github.com/aws/aws-sdk-go-v2/config v1.27.18/go.mod h1:0xz6cgdX55+kmppvPm2IaKzIXOheGJhAufacPJaXZ7c= +github.com/aws/aws-sdk-go-v2/credentials v1.17.18 h1:D/ALDWqK4JdY3OFgA2thcPO1c9aYTT5STS/CvnkqY1c= +github.com/aws/aws-sdk-go-v2/credentials v1.17.18/go.mod h1:JuitCWq+F5QGUrmMPsk945rop6bB57jdscu+Glozdnc= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 h1:dDgptDO9dxeFkXy+tEgVkzSClHZje/6JkPW5aZyEvrQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5/go.mod h1:gjvE2KBUgUQhcv89jqxrIxH9GaKs1JbZzWejj/DaHGA= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 h1:cy8ahBJuhtM8GTTSyOkfy6WVPV1IE+SS5/wfXUYuulw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9/go.mod h1:CZBXGLaJnEZI6EVNcPd7a6B5IC5cA/GkRWtu9fp3S6Y= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 h1:A4SYk07ef04+vxZToz9LWvAXl9LW0NClpPpMsi31cz0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9/go.mod h1:5jJcHuwDagxN+ErjQ3PU3ocf6Ylc/p9x+BLO/+X4iXw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 h1:y6LX9GUoEA3mO0qpFl1ZQHj1rFyPWVphlzebiSt2tKE= github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2/go.mod h1:Q0LcmaN/Qr8+4aSBrdrXXePqoX0eOuYpJLbYpilmWnA= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 h1:o4T+fKxA3gTMcluBNZZXE9DNaMkJuUL1O3mffCUjoJo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11/go.mod h1:84oZdJ+VjuJKs9v1UTC9NaodRZRseOXCTgku+vQJWR8= github.com/aws/aws-sdk-go-v2/service/kms v1.27.9 h1:W9PbZAZAEcelhhjb7KuwUtf+Lbc+i7ByYJRuWLlnxyQ= github.com/aws/aws-sdk-go-v2/service/kms v1.27.9/go.mod h1:2tFmR7fQnOdQlM2ZCEPpFnBIQD1U8wmXmduBgZbOag0= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 h1:gEYM2GSpr4YNWc6hCd5nod4+d4kd9vWIAWrmGuLdlMw= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.11/go.mod h1:gVvwPdPNYehHSP9Rs7q27U1EU+3Or2ZpXvzAYJNh63w= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 h1:iXjh3uaH3vsVcnyZX7MqCoCfcyxIrVE9iOQruRaWPrQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5/go.mod h1:5ZXesEuy/QcO0WUnt+4sDkxhdXRHTu2yG0uCSH8B6os= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 h1:M/1u4HBpwLuMtjlxuI2y6HoVLzF5e2mfxHCg7ZVMYmk= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.12/go.mod h1:kcfd+eTdEi/40FIbLq4Hif3XMXnl5b/+t/KTfLt9xIk= github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= -github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE= +github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= +github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= @@ -500,8 +500,8 @@ github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HV github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -570,8 +570,8 @@ github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtO github.com/containerd/ttrpc v1.2.2/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= -github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo= -github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= +github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= +github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -639,12 +639,12 @@ github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUy github.com/docker/cli v26.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= -github.com/docker/docker v24.0.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= +github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= @@ -662,8 +662,8 @@ github.com/edsrzf/mmap-go v1.1.0 h1:6EUwBLQ/Mcr1EYLE4Tn1VdW1A4ckqCQWZBw8Hr0kjpQ= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= -github.com/elliotchance/orderedmap v1.5.1 h1:G1X4PYlljzimbdQ3RXmtIZiQ9d6aRQ3sH1nzjq5mECE= -github.com/elliotchance/orderedmap v1.5.1/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= +github.com/elliotchance/orderedmap v1.6.0 h1:xjn+kbbKXeDq6v9RVE+WYwRbYfAZKvlWfcJNxM8pvEw= +github.com/elliotchance/orderedmap v1.6.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/proto v1.12.1 h1:6n/Z2pZAnBwuhU66Gs8160B8rrrYKo7h2F2sCOnNceE= @@ -698,20 +698,22 @@ github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwo github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/fatih/set v0.2.1 h1:nn2CaJyknWE/6txyUDGwysr3G5QC6xWB/PtVjPBbeaA= github.com/fatih/set v0.2.1/go.mod h1:+RKtMCH+favT2+3YecHGxcc0b4KyVWA1QWWJUs4E0CI= github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g= github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/fluxcd/helm-controller/api v0.37.4 h1:rkBMqYXexyf1s5BS8QpxGi691DsCi+yugIFCM5fNKLU= -github.com/fluxcd/helm-controller/api v0.37.4/go.mod h1:KFdP5Lbrc4Vv+Jt4xRj6UUo3qiwdBqBPl1xiiAnBe9c= +github.com/fluxcd/gitkit v0.6.0 h1:iNg5LTx6ePo+Pl0ZwqHTAkhbUHxGVSY3YCxCdw7VIFg= +github.com/fluxcd/gitkit v0.6.0/go.mod h1:svOHuKi0fO9HoawdK4HfHAJJseZDHHjk7I3ihnCIqNo= +github.com/fluxcd/helm-controller/api v1.0.1 h1:Gn9qEVuif6D5+gHmVwTEZkR4+nmLOcOhKx4Sw2gL2EA= +github.com/fluxcd/helm-controller/api v1.0.1/go.mod h1:/6AD5a2qjo/ttxVM8GR33syLZwqigta60DCLdy8GrME= github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2LcZi8A= github.com/fluxcd/pkg/apis/acl v0.3.0/go.mod h1:WVF9XjSMVBZuU+HTTiSebGAWMgM7IYexFLyVWbK9bNY= -github.com/fluxcd/pkg/apis/kustomize v1.3.0 h1:qvB46CfaOWcL1SyR2RiVWN/j7/035D0OtB1ltLN7rgI= -github.com/fluxcd/pkg/apis/kustomize v1.3.0/go.mod h1:PCXf5kktTzNav0aH2Ns3jsowqwmA9xTcsrEOoPzx/K8= +github.com/fluxcd/pkg/apis/kustomize v1.5.0 h1:ah4sfqccnio+/5Edz/tVz6LetFhiBoDzXAElj6fFCzU= +github.com/fluxcd/pkg/apis/kustomize v1.5.0/go.mod h1:nEzhnhHafhWOUUV8VMFLojUOH+HHDEsL75y54mt/c30= github.com/fluxcd/pkg/apis/meta v1.5.0 h1:/G82d2Az5D9op3F+wJUpD8jw/eTV0suM6P7+cSURoUM= github.com/fluxcd/pkg/apis/meta v1.5.0/go.mod h1:Y3u7JomuuKtr5fvP1Iji2/50FdRe5GcBug2jawNVkdM= github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdErCHtsi546HUt10= @@ -770,6 +772,8 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -813,8 +817,8 @@ github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7 github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-restruct/restruct v1.2.0-alpha h1:2Lp474S/9660+SJjpVxoKuWX09JsXHSrdV7Nv3/gkvc= github.com/go-restruct/restruct v1.2.0-alpha/go.mod h1:KqrpKpn4M8OLznErihXTGLlsXFGeLxHUrLRRI/1YjGk= -github.com/go-rod/rod v0.114.5 h1:1x6oqnslwFVuXJbJifgxspJUd3O4ntaGhRLHt+4Er9c= -github.com/go-rod/rod v0.114.5/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw= +github.com/go-rod/rod v0.116.1 h1:BDMZY3qm/14SmvHBV7DoFUhXeJ2MbUYgumQ88b+v2WE= +github.com/go-rod/rod v0.116.1/go.mod h1:3Ash9fYwznqz9S1uLQgQRStur4fCXjoxxGW+ym6TYjU= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= @@ -822,8 +826,8 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= -github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= -github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= +github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= +github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= @@ -832,15 +836,17 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/goccy/go-yaml v1.11.3 h1:B3W9IdWbvrUu2OYQGwvU1nZtvMQJPBKgBUuweJjLj6I= -github.com/goccy/go-yaml v1.11.3/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU= +github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= +github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= +github.com/goccy/go-yaml v1.12.0 h1:/1WHjnMsI1dlIBQutrvSMGZRQufVO3asrHfTwfACoPM= +github.com/goccy/go-yaml v1.12.0/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0= +github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -923,8 +929,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic= -github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= +github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0= +github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg= github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= @@ -1011,8 +1017,8 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWet github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 h1:RtRsiaGvWxcwd8y3BiRZxsylPT8hLWZ5SPcfI+3IDNk= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0/go.mod h1:TzP6duP4Py2pHLVPPQp42aoYI92+PCrVotyR5e8Vqlk= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b h1:wDUNC2eKiL35DbLvsDhiblTUXHxcOPwQSCzi7xpQUN4= github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b/go.mod h1:VzxiSdG6j1pi7rwGm/xYI5RbtpBgM8sARDXlvEvxlu0= github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= @@ -1077,8 +1083,8 @@ github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOn github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= -github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ= -github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= +github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= +github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u7lxST/RaJw+cv273q79D81Xbog= @@ -1109,8 +1115,8 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267/go.mod h1:h1nSAbGFqGVzn6Jyl1R/iCcBUHN4g+gW1u9CoBTrb9E= -github.com/jellydator/ttlcache/v3 v3.1.1 h1:RCgYJqo3jgvhl+fEWvjNW8thxGWsgxi+TPhRir1Y9y8= -github.com/jellydator/ttlcache/v3 v3.1.1/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4= +github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= +github.com/jellydator/ttlcache/v3 v3.2.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4= github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= @@ -1191,8 +1197,8 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= -github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s= -github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491/go.mod h1:o158RFmdEbYyIZmXAbrvmJWesbyxlLKee6X64VPVuOc= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= @@ -1265,13 +1271,13 @@ github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5/go.mod h1:v github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= -github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= -github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= +github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/mikefarah/yq/v4 v4.43.1 h1:1bCrQwVDhjGnPboQidy30hu6U2TCd8sUQTy1hKCHOGI= -github.com/mikefarah/yq/v4 v4.43.1/go.mod h1:jcSqtyUKbPWvwaa8cNw8Ej4rmPb3iWE8zYvpkTvM7oc= +github.com/mikefarah/yq/v4 v4.44.2 h1:J+ezWCDTg+SUs0jXdcE0HIPH1+rEr0Tbn9Y1SwiWtH0= +github.com/mikefarah/yq/v4 v4.44.2/go.mod h1:9bnz36uZJDEyxdIjRronBcqStS953k3y3DrSRXr4F/w= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= @@ -1347,8 +1353,9 @@ github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8Q github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ= github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= +github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= +github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0HHQM= @@ -1400,8 +1407,8 @@ github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -github.com/pelletier/go-toml/v2 v2.2.0 h1:QLgLl2yMN7N+ruc31VynXs1vhMZa7CeHHejIeBAsoHo= -github.com/pelletier/go-toml/v2 v2.2.0/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= +github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/petergtz/pegomock v2.9.0+incompatible h1:BKfb5XfkJfehe5T+O1xD4Zm26Sb9dnRj7tHxLYwUPiI= @@ -1542,16 +1549,16 @@ github.com/sigstore/fulcio v1.4.3 h1:9JcUCZjjVhRF9fmhVuz6i1RyhCc/EGCD7MOl+iqCJLQ github.com/sigstore/fulcio v1.4.3/go.mod h1:BQPWo7cfxmJwgaHlphUHUpFkp5+YxeJes82oo39m5og= github.com/sigstore/rekor v1.3.4 h1:RGIia1iOZU7fOiiP2UY/WFYhhp50S5aUm7YrM8aiA6E= github.com/sigstore/rekor v1.3.4/go.mod h1:1GubPVO2yO+K0m0wt/3SHFqnilr/hWbsjSOe7Vzxrlg= -github.com/sigstore/sigstore v1.8.1 h1:mAVposMb14oplk2h/bayPmIVdzbq2IhCgy4g6R0ZSjo= -github.com/sigstore/sigstore v1.8.1/go.mod h1:02SL1158BSj15bZyOFz7m+/nJzLZfFd9A8ab3Kz7w/E= +github.com/sigstore/sigstore v1.8.7 h1:L7/zKauHTg0d0Hukx7qlR4nifh6T6O6UIt9JBwAmTIg= +github.com/sigstore/sigstore v1.8.7/go.mod h1:MPiQ/NIV034Fc3Kk2IX9/XmBQdK60wfmpvgK9Z1UjRA= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1 h1:rEDdUefulkIQaMJyzLwtgPDLNXBIltBABiFYfb0YmgQ= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.1/go.mod h1:RCdYCc1IxCYWzh2IdzdA6Yf7JIY0cMRqH08fpQYechw= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1 h1:DvRWG99QGWZC5mp42SEde2Xke/Q384Idnj2da7yB+Mk= github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.1/go.mod h1:s13mo3a0UCQS3+PAUUZfvKe48sMDMsHk2GE1b2YfPcU= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.1 h1:lwdRsJv1UbBemuk7w5YfXAQilQxMoFevrzamdPbG0wY= -github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.1/go.mod h1:2OaSQ80EcdyVRSQ3T4d1lsc6Scopblsiq8U2AEk5K1A= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.1 h1:9Ki0qudKpc1FQdef7xHO2bkLyTuw+qNUpWRzjBEmF4c= -github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.1/go.mod h1:nhIgyu4YwwNgalIwTGsoAzam16jjAn3ADRSWKbWPwGI= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7 h1:zYg1XlbKpQkmE7FpWTkLuUn7RttLAq4FcZ1G9JcqhoY= +github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.7/go.mod h1:VmUsO1R4OHuyHBEgI4bbSUn0z2nojszrDMvlDxyX/dE= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7 h1:dbcB9VEddYrvK+y4rHeES5OZ/pMQuucfJ0qCNWQmnp0= +github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.7/go.mod h1:96MrPJBkHiAvqFyqviuYbwPAdbPCj8CR3V0RJ9bKjrE= github.com/sigstore/timestamp-authority v1.2.1 h1:j9RmqSAdvKgSofeltPO4x7d+1M3AXaROBzUJ+AA7L5Q= github.com/sigstore/timestamp-authority v1.2.1/go.mod h1:Ce+vWWEf0QaKLY2u6mpwEJbmYXEVeOfUk4fQ69kE6ck= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -1697,8 +1704,8 @@ github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ= github.com/ysmood/fetchup v0.2.3/go.mod h1:xhibcRKziSvol0H1/pj33dnKrYyI2ebIvz5cOOkYGns= github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ= github.com/ysmood/goob v0.4.0/go.mod h1:u6yx7ZhS4Exf2MwciFr6nIM8knHQIE22lFpWHnfql18= -github.com/ysmood/got v0.34.1 h1:IrV2uWLs45VXNvZqhJ6g2nIhY+pgIG1CUoOcqfXFl1s= -github.com/ysmood/got v0.34.1/go.mod h1:yddyjq/PmAf08RMLSwDjPyCvHvYed+WjHnQxpH851LM= +github.com/ysmood/got v0.40.0 h1:ZQk1B55zIvS7zflRrkGfPDrPG3d7+JOza1ZkNxcc74Q= +github.com/ysmood/got v0.40.0/go.mod h1:W7DdpuX6skL3NszLmAsC5hT7JAhuLZhByVzHTq874Qg= github.com/ysmood/gson v0.7.3 h1:QFkWbTH8MxyUTKPkVWAENJhxqdBa4lYTQWqZCiLG6kE= github.com/ysmood/gson v0.7.3/go.mod h1:3Kzs5zDl21g5F/BlLTNcuAGAYLKt2lV5G8D1zF3RNmg= github.com/ysmood/leakless v0.8.0 h1:BzLrVoiwxikpgEQR0Lk8NyBN5Cit2b1z+u0mgL4ZJak= @@ -1748,10 +1755,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0 h1:jd0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.44.0/go.mod h1:U707O40ee1FpQGyhvqnzmCJm1Wh6OX6GGBVn0E6Uyyk= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0 h1:bflGWrfYyuulcdxf14V6n9+CoQcu5SAAdHmDPAJnlps= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.44.0/go.mod h1:qcTO4xHAxZLaLxPd60TdE88rxtItPHgHWqOhOGRr0as= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I= go.opentelemetry.io/otel/exporters/prometheus v0.44.0 h1:08qeJgaPC0YEBu2PQMbqU3rogTlyzpjhCI2b58Yn00w= @@ -1762,15 +1769,15 @@ go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYf go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E= go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= -go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= -go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= +go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= go.opentelemetry.io/otel/sdk/metric v1.21.0 h1:smhI5oD714d6jHE6Tie36fPx4WDFIg+Y6RfAY4ICcR0= go.opentelemetry.io/otel/sdk/metric v1.21.0/go.mod h1:FJ8RAsoPGv/wYMgBdUJXOm+6pzFY3YdljnXtv1SBE8Q= go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.step.sm/crypto v0.42.1 h1:OmwHm3GJO8S4VGWL3k4+I+Q4P/F2s+j8msvTyGnh1Vg= @@ -1809,8 +1816,8 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1821,8 +1828,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231108232855-2478ac86f678 h1:mchzmB1XO2pMaKFRqk/+MV3mgGG96aqaPXaMifQU47w= -golang.org/x/exp v0.0.0-20231108232855-2478ac86f678/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= +golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1918,8 +1925,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2230,8 +2237,8 @@ google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= -google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug= -google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc= +google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= +google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2386,8 +2393,8 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2418,8 +2425,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/evanphx/json-patch.v5 v5.6.0 h1:BMT6KIwBD9CaU91PJCZIe46bDmBWa9ynTQgJIOpfQBk= gopkg.in/evanphx/json-patch.v5 v5.6.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= -gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -2449,8 +2454,8 @@ gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls= gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA= -helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424= +helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= +helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2458,30 +2463,30 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= +k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/cli-runtime v0.29.1 h1:By3WVOlEWYfyxhGko0f/IuAOLQcbBSMzwSaDren2JUs= -k8s.io/cli-runtime v0.29.1/go.mod h1:vjEY9slFp8j8UoMhV5AlO8uulX9xk6ogfIesHobyBDU= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= -k8s.io/component-helpers v0.29.1 h1:54MMEDu6xeJmMtAKztsPwu0kJKr4+jCUzaEIn2UXRoc= -k8s.io/component-helpers v0.29.1/go.mod h1:+I7xz4kfUgxWAPJIVKrqe4ml4rb9UGpazlOmhXYo+cY= +k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= +k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= +k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= +k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= +k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= +k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= +k8s.io/component-helpers v0.30.0 h1:xbJtNCfSM4SB/Tz5JqCKDZv4eT5LVi/AWQ1VOxhmStU= +k8s.io/component-helpers v0.30.0/go.mod h1:68HlSwXIumMKmCx8cZe1PoafQEYh581/sEpxMrkhmX4= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.29.1 h1:rWnW3hi/rEUvvg7jp4iYB68qW5un/urKbv7fu3Vj0/s= -k8s.io/kubectl v0.29.1/go.mod h1:SZzvLqtuOJYSvZzPZR9weSuP0wDQ+N37CENJf0FhDF4= -k8s.io/metrics v0.29.1 h1:qutc3aIPMCniMuEApuLaeYX47rdCn8eycVDx7R6wMlQ= -k8s.io/metrics v0.29.1/go.mod h1:JrbV2U71+v7d/9qb90UVKL8r0uJ6Z2Hy4V7mDm05cKs= +k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= +k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= +k8s.io/metrics v0.30.0 h1:tqB+T0GJY288KahaO3Eb41HaDVeLR18gBmyPo0R417s= +k8s.io/metrics v0.30.0/go.mod h1:nSDA8V19WHhCTBhRYuyzJT9yPJBxSpqbyrGCCQ4jPj4= k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= modernc.org/libc v1.29.0 h1:tTFRFq69YKCF2QyGNuRUQxKBm1uZZLubf6Cjh/pVHXs= @@ -2492,8 +2497,8 @@ modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E= modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E= modernc.org/sqlite v1.28.0 h1:Zx+LyDDmXczNnEQdvPuEfcFVA2ZPyaD7UCZDjef3BHQ= modernc.org/sqlite v1.28.0/go.mod h1:Qxpazz0zH8Z1xCFyi5GSL3FzbtZ3fvbjmywNogldEW0= -oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY= -oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324= +oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= +oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/hack/check-vulnerabilities.sh b/hack/check-vulnerabilities.sh deleted file mode 100755 index 903e59a01a..0000000000 --- a/hack/check-vulnerabilities.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -MAIN_BRANCH="main" -TARGET_BRANCH=$(git rev-parse --abbrev-ref HEAD) -echo "target branch is $TARGET_BRANCH" - -mkdir -p build - -git checkout $MAIN_BRANCH -go run main.go tools sbom scan . -o json --exclude './site' --exclude './examples' > build/main-syft.json - -git checkout $TARGET_BRANCH -cat build/main-syft.json | grype -o template -t hack/compare.tmpl > build/main.json -go run main.go tools sbom scan . -o json --exclude './site' --exclude './examples' | grype -o template -t hack/compare.tmpl > build/target.json - - -result=$(jq --slurp '.[0] - .[1]' build/target.json build/main.json | jq '[.[] | select(.severity != "Low" and .severity != "Medium")]') - -echo "CVEs on $MAIN_BRANCH are $(cat build/main.json | jq )" -echo "CVEs on $TARGET_BRANCH are $(cat build/target.json | jq)" - -if [[ "$result" == "[]" ]]; then - echo "no new vulnerabilities on $TARGET_BRANCH" - exit 0 -else - echo "new CVEs have been added with IDs $result" - exit 1 -fi diff --git a/main.go b/main.go index 70feb480f4..f424789b54 100644 --- a/main.go +++ b/main.go @@ -13,7 +13,7 @@ import ( "github.com/zarf-dev/zarf/src/cmd" "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/pkg/packager/lint" + "github.com/zarf-dev/zarf/src/pkg/lint" ) //go:embed cosign.pub diff --git a/packages/distros/eks/eks.yaml b/packages/distros/eks/eks.yaml index 530da71f8c..cf859f77a5 100644 --- a/packages/distros/eks/eks.yaml +++ b/packages/distros/eks/eks.yaml @@ -4,29 +4,27 @@ kind: ClusterConfig metadata: name: ###ZARF_VAR_EKS_CLUSTER_NAME### region: ###ZARF_VAR_EKS_CLUSTER_REGION### - version: "###ZARF_VAR_EKS_CLUSTER_VERSION###" tags: - PermissionsBoundary: "zarf_dev_base_policy" + PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###" iam: withOIDC: true - serviceRolePermissionsBoundary: "arn:aws:iam::173911864621:policy/zarf_dev_base_policy" + serviceRolePermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###" addons: - name: aws-ebs-csi-driver - version: "###ZARF_VAR_EBS_DRIVER_VERSION###" attachPolicyARNs: - arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy - permissionsBoundary: "arn:aws:iam::173911864621:policy/zarf_dev_base_policy" + permissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###" tags: - PermissionsBoundary: "zarf_dev_base_policy" + PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###" - name: vpc-cni attachPolicyARNs: - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy - permissionsBoundary: "arn:aws:iam::173911864621:policy/zarf_dev_base_policy" + permissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###" tags: - PermissionsBoundary: "zarf_dev_base_policy" + PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###" managedNodeGroups: - instanceType: ###ZARF_VAR_EKS_INSTANCE_TYPE### @@ -35,6 +33,6 @@ managedNodeGroups: maxSize: 6 spot: true tags: - PermissionsBoundary: "zarf_dev_base_policy" + PermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_TAG###" iam: - instanceRolePermissionsBoundary: "arn:aws:iam::173911864621:policy/zarf_dev_base_policy" + instanceRolePermissionsBoundary: "###ZARF_VAR_PERMISSIONS_BOUNDARY_ARN###" diff --git a/packages/distros/eks/zarf.yaml b/packages/distros/eks/zarf.yaml index 8172dfdf60..1fed3b20a1 100644 --- a/packages/distros/eks/zarf.yaml +++ b/packages/distros/eks/zarf.yaml @@ -17,13 +17,13 @@ variables: description: The AWS region to setup the cluster and associated networking default: us-east-1 - - name: EKS_CLUSTER_VERSION - description: The Kubernetes version to use for the cluster - default: "1.27" + - name: PERMISSIONS_BOUNDARY_ARN + description: The ARN of the IAM permissions boundary to apply to the cluster resources + default: arn:aws:iam::173911864621:policy/zarf_dev_base_policy - - name: EBS_DRIVER_VERSION - description: The AEBS driver version to use for the cluster (must be available on the K8s version) - default: "v1.21.0-eksbuild.1" + - name: PERMISSIONS_BOUNDARY_TAG + description: The tag to apply to the cluster resources to indicate the permissions boundary + default: zarf_dev_base_policy components: - name: load-eksctl diff --git a/renovate.json b/renovate.json index 91e8dd55b0..40b519c928 100644 --- a/renovate.json +++ b/renovate.json @@ -3,41 +3,14 @@ "config:base", "group:allNonMajor" ], - "ignoreDeps": [ - "sigs.k8s.io/kustomize/kyaml" - ], - "ignorePaths": [ - "**/node_modules/**", - "**/bower_components/**", - "**/vendor/**", - "**/__tests__/**", - "**/test/**", - "**/tests/**", - "**/__fixtures__/**" - ], "packageRules": [ { - "matchUpdateTypes": [ - "patch", - "pin", - "digest" - ], - "automerge": true, - "automergeType": "pr" - }, - { - "matchDepTypes": [ - "devDependencies" - ], - "automerge": true, - "automergeType": "pr" + "matchManagers": ["gomod","npm","github-actions", "cargo"], + "enabled": false } ], "platformAutomerge": true, "platformCommit": true, - "postUpdateOptions": [ - "gomodTidy" - ], "regexManagers": [ { "fileMatch": [ @@ -82,16 +55,6 @@ "https:\\/\\/github.com\\/(?[\\w\\/\\-\\.\\+\\%]+?)\\/releases\\/download\\/(?[\\w\\/\\-\\.\\+\\%]+?)\\/" ], "datasourceTemplate": "github-releases" - }, - { - "fileMatch": [ - "\\.*\\.ya?ml$" - ], - "matchStrings": [ - "# renovate: datasource=github-tags depName=anchore/grype versioning=semver\n\\s*VERSION: (?v[\\d.]+)" - ], - "datasourceTemplate": "github-tags", - "depNameTemplate": "anchore/grype" } ] } diff --git a/site/src/content/docs/commands/zarf_connect.md b/site/src/content/docs/commands/zarf_connect.md index 88f519d332..f0eb9b84ce 100644 --- a/site/src/content/docs/commands/zarf_connect.md +++ b/site/src/content/docs/commands/zarf_connect.md @@ -29,11 +29,11 @@ zarf connect { REGISTRY | GIT | connect-name } [flags] ``` --cli-only Disable browser auto-open -h, --help help for connect - --local-port int (Optional, autogenerated if not provided) Specify the local port to bind to. E.g. local-port=42000. Ignored if --name is unset. - --name string Specify the resource name. E.g. name=unicorns or name=unicorn-pod-7448499f4d-b5bk6. - --namespace string Specify the namespace. E.g. namespace=default. Ignored if --name is unset. (default "zarf") - --remote-port int Specify the remote port of the resource to bind to. E.g. remote-port=8080. Ignored if --name is unset. - --type string Specify the resource type. E.g. type=svc or type=pod. Ignored if --name is unset. (default "svc") + --local-port int (Optional, autogenerated if not provided) Specify the local port to bind to. E.g. local-port=42000. + --name string Specify the resource name. E.g. name=unicorns or name=unicorn-pod-7448499f4d-b5bk6. Ignored if connect-name is supplied. + --namespace string Specify the namespace. E.g. namespace=default. Ignored if connect-name is supplied. (default "zarf") + --remote-port int Specify the remote port of the resource to bind to. E.g. remote-port=8080. Ignored if connect-name is supplied. + --type string Specify the resource type. E.g. type=svc or type=pod. Ignored if connect-name is supplied. (default "svc") ``` ### Options inherited from parent commands diff --git a/site/src/content/docs/commands/zarf_tools_registry_ls.md b/site/src/content/docs/commands/zarf_tools_registry_ls.md index 262a676377..f7754e813f 100644 --- a/site/src/content/docs/commands/zarf_tools_registry_ls.md +++ b/site/src/content/docs/commands/zarf_tools_registry_ls.md @@ -31,7 +31,7 @@ $ zarf tools registry ls reg.example.com/stefanprodan/podinfo ``` --full-ref (Optional) if true, print the full image reference -h, --help help for ls - --omit-digest-tags (Optional), if true, omit digest tags (e.g., ':sha256-...') + -O, --omit-digest-tags (Optional), if true, omit digest tags (e.g., ':sha256-...') ``` ### Options inherited from parent commands diff --git a/site/src/content/docs/commands/zarf_tools_yq.md b/site/src/content/docs/commands/zarf_tools_yq.md index 1ab66ec79f..7e865330fa 100644 --- a/site/src/content/docs/commands/zarf_tools_yq.md +++ b/site/src/content/docs/commands/zarf_tools_yq.md @@ -84,6 +84,7 @@ zarf tools yq -P sample.json ### SEE ALSO * [zarf tools](/commands/zarf_tools/) - Collection of additional tools to make airgap easier +* [zarf tools yq completion](/commands/zarf_tools_yq_completion/) - Generate the autocompletion script for the specified shell * [zarf tools yq eval](/commands/zarf_tools_yq_eval/) - (default) Apply the expression to each document in each yaml file in sequence * [zarf tools yq eval-all](/commands/zarf_tools_yq_eval-all/) - Loads _all_ yaml documents of _all_ yaml files and runs expression once diff --git a/site/src/content/docs/commands/zarf_tools_yq_completion.md b/site/src/content/docs/commands/zarf_tools_yq_completion.md new file mode 100644 index 0000000000..c67ed20899 --- /dev/null +++ b/site/src/content/docs/commands/zarf_tools_yq_completion.md @@ -0,0 +1,103 @@ +--- +title: zarf tools yq completion +description: Zarf CLI command reference for zarf tools yq completion. +tableOfContents: false +--- + + + +## zarf tools yq completion + +Generate the autocompletion script for the specified shell + +### Synopsis + +To load completions: + +Bash: + +$ source <(yq completion bash) + +# To load completions for each session, execute once: +Linux: + $ yq completion bash > /etc/bash_completion.d/yq +MacOS: + $ yq completion bash > /usr/local/etc/bash_completion.d/yq + +Zsh: + +# If shell completion is not already enabled in your environment you will need +# to enable it. You can execute the following once: + +$ echo "autoload -U compinit; compinit" >> ~/.zshrc + +# To load completions for each session, execute once: +$ yq completion zsh > "${fpath[1]}/_yq" + +# You will need to start a new shell for this setup to take effect. + +Fish: + +$ yq completion fish | source + +# To load completions for each session, execute once: +$ yq completion fish > ~/.config/fish/completions/yq.fish + + +``` +zarf tools yq completion [bash|zsh|fish|powershell] +``` + +### Options + +``` + -h, --help help for completion +``` + +### Options inherited from parent commands + +``` + -C, --colors force print with colors + --csv-auto-parse parse CSV YAML/JSON values (default true) + --csv-separator char CSV Separator character (default ,) + -e, --exit-status set exit status if there are no matches or null or false is returned + --expression string forcibly set the expression argument. Useful when yq argument detection thinks your expression is a file. + --from-file string Load expression from specified file. + -f, --front-matter string (extract|process) first input as yaml front-matter. Extract will pull out the yaml content, process will run the expression against the yaml content, leaving the remaining data intact + --header-preprocess Slurp any header comments and separators before processing expression. (default true) + -I, --indent int sets indent level for output (default 2) + -i, --inplace update the file in place of first file given. + -p, --input-format string [auto|a|yaml|y|json|j|props|p|csv|c|tsv|t|xml|x|base64|uri|toml|lua|l] parse format for input. (default "auto") + --lua-globals output keys as top-level global variables + --lua-prefix string prefix (default "return ") + --lua-suffix string suffix (default ";\n") + --lua-unquoted output unquoted string keys (e.g. {foo="bar"}) + -M, --no-colors force print with no colors + -N, --no-doc Don't print document separators (---) + -0, --nul-output Use NUL char to separate values. If unwrap scalar is also set, fail if unwrapped scalar contains NUL char. + -n, --null-input Don't read input, simply evaluate the expression given. Useful for creating docs from scratch. + -o, --output-format string [auto|a|yaml|y|json|j|props|p|csv|c|tsv|t|xml|x|base64|uri|toml|shell|s|lua|l] output format type. (default "auto") + -P, --prettyPrint pretty print, shorthand for '... style = ""' + --properties-array-brackets use [x] in array paths (e.g. for SpringBoot) + --properties-separator string separator to use between keys and values (default " = ") + -s, --split-exp string print each result (or doc) into a file named (exp). [exp] argument must return a string. You can use $index in the expression as the result counter. + --split-exp-file string Use a file to specify the split-exp expression. + --string-interpolation Toggles strings interpolation of \(exp) (default true) + --tsv-auto-parse parse TSV YAML/JSON values (default true) + -r, --unwrapScalar unwrap scalar, print the value with no quotes, colors or comments. Defaults to true for yaml (default true) + -v, --verbose verbose mode + --xml-attribute-prefix string prefix for xml attributes (default "+@") + --xml-content-name string name for xml content (if no attribute name is present). (default "+content") + --xml-directive-name string name for xml directives (e.g. ) (default "+directive") + --xml-keep-namespace enables keeping namespace after parsing attributes (default true) + --xml-proc-inst-prefix string prefix for xml processing instructions (e.g. ) (default "+p_") + --xml-raw-token enables using RawToken method instead Token. Commonly disables namespace translations. See https://pkg.go.dev/encoding/xml#Decoder.RawToken for details. (default true) + --xml-skip-directives skip over directives (e.g. ) + --xml-skip-proc-inst skip over process instructions (e.g. ) + --xml-strict-mode enables strict parsing of XML. See https://pkg.go.dev/encoding/xml for more details. +``` + +### SEE ALSO + +* [zarf tools yq](/commands/zarf_tools_yq/) - yq is a lightweight and portable command-line data file processor. + diff --git a/src/api/go.mod b/src/api/go.mod new file mode 100644 index 0000000000..1351380609 --- /dev/null +++ b/src/api/go.mod @@ -0,0 +1,28 @@ +module github.com/zarf-dev/zarf/src/api + +go 1.22.4 + +replace github.com/zarf-dev/zarf => ../.. + +require ( + github.com/defenseunicorns/pkg/helpers/v2 v2.0.1 + github.com/invopop/jsonschema v0.12.0 + github.com/stretchr/testify v1.9.0 + github.com/zarf-dev/zarf v0.37.0 + k8s.io/apimachinery v0.30.3 +) + +require ( + github.com/bahlo/generic-list-go v0.2.0 // indirect + github.com/buger/jsonparser v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/otiai10/copy v1.14.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.22.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect + oras.land/oras-go/v2 v2.5.0 // indirect +) diff --git a/src/api/go.sum b/src/api/go.sum new file mode 100644 index 0000000000..3cd2d742fb --- /dev/null +++ b/src/api/go.sum @@ -0,0 +1,37 @@ +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/defenseunicorns/pkg/helpers/v2 v2.0.1 h1:j08rz9vhyD9Bs+yKiyQMY2tSSejXRMxTqEObZ5M1Wbk= +github.com/defenseunicorns/pkg/helpers/v2 v2.0.1/go.mod h1:u1PAqOICZyiGIVA2v28g55bQH1GiAt0Bc4U9/rnWQvQ= +github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI= +github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= +github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= +github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= +github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= +github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI= +k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c= +oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg= diff --git a/src/api/v1alpha1/component.go b/src/api/v1alpha1/component.go new file mode 100644 index 0000000000..bd798c82f6 --- /dev/null +++ b/src/api/v1alpha1/component.go @@ -0,0 +1,333 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package v1alpha1 holds the definition of the v1alpha1 Zarf Package +package v1alpha1 + +import ( + "github.com/invopop/jsonschema" + "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" + "github.com/zarf-dev/zarf/src/pkg/utils/exec" + "github.com/zarf-dev/zarf/src/pkg/variables" +) + +// ZarfComponent is the primary functional grouping of assets to deploy by Zarf. +type ZarfComponent struct { + // The name of the component. + Name string `json:"name" jsonschema:"pattern=^[a-z0-9][a-z0-9\\-]*$"` + + // Message to include during package deploy describing the purpose of this component. + Description string `json:"description,omitempty"` + + // Determines the default Y/N state for installing this component on package deploy. + Default bool `json:"default,omitempty"` + + // Do not prompt user to install this component. + Required *bool `json:"required,omitempty"` + + // Filter when this component is included in package creation or deployment. + Only ZarfComponentOnlyTarget `json:"only,omitempty"` + + // [Deprecated] Create a user selector field based on all components in the same group. This will be removed in Zarf v1.0.0. Consider using 'only.flavor' instead. + DeprecatedGroup string `json:"group,omitempty" jsonschema:"deprecated=true"` + + // [Deprecated] Specify a path to a public key to validate signed online resources. This will be removed in Zarf v1.0.0. + DeprecatedCosignKeyPath string `json:"cosignKeyPath,omitempty" jsonschema:"deprecated=true"` + + // Import a component from another Zarf package. + Import ZarfComponentImport `json:"import,omitempty"` + + // Kubernetes manifests to be included in a generated Helm chart on package deploy. + Manifests []ZarfManifest `json:"manifests,omitempty"` + + // Helm charts to install during package deploy. + Charts []ZarfChart `json:"charts,omitempty"` + + // Datasets to inject into a container in the target cluster. + DataInjections []ZarfDataInjection `json:"dataInjections,omitempty"` + + // Files or folders to place on disk during package deployment. + Files []ZarfFile `json:"files,omitempty"` + + // List of OCI images to include in the package. + Images []string `json:"images,omitempty"` + + // List of git repos to include in the package. + Repos []string `json:"repos,omitempty"` + + // Extend component functionality with additional features. + Extensions extensions.ZarfComponentExtensions `json:"extensions,omitempty"` + + // [Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0. + DeprecatedScripts DeprecatedZarfComponentScripts `json:"scripts,omitempty" jsonschema:"deprecated=true"` + + // Custom commands to run at various stages of a package lifecycle. + Actions ZarfComponentActions `json:"actions,omitempty"` +} + +// RequiresCluster returns if the component requires a cluster connection to deploy. +func (c ZarfComponent) RequiresCluster() bool { + hasImages := len(c.Images) > 0 + hasCharts := len(c.Charts) > 0 + hasManifests := len(c.Manifests) > 0 + hasRepos := len(c.Repos) > 0 + hasDataInjections := len(c.DataInjections) > 0 + + if hasImages || hasCharts || hasManifests || hasRepos || hasDataInjections { + return true + } + + return false +} + +// IsRequired returns if the component is required or not. +func (c ZarfComponent) IsRequired() bool { + if c.Required != nil { + return *c.Required + } + + return false +} + +// ZarfComponentOnlyTarget filters a component to only show it for a given local OS and cluster. +type ZarfComponentOnlyTarget struct { + // Only deploy component to specified OS. + LocalOS string `json:"localOS,omitempty" jsonschema:"enum=linux,enum=darwin,enum=windows"` + // Only deploy component to specified clusters. + Cluster ZarfComponentOnlyCluster `json:"cluster,omitempty"` + // Only include this component when a matching '--flavor' is specified on 'zarf package create'. + Flavor string `json:"flavor,omitempty"` +} + +// ZarfComponentOnlyCluster represents the architecture and K8s cluster distribution to filter on. +type ZarfComponentOnlyCluster struct { + // Only create and deploy to clusters of the given architecture. + Architecture string `json:"architecture,omitempty" jsonschema:"enum=amd64,enum=arm64"` + // A list of kubernetes distros this package works with (Reserved for future use). + Distros []string `json:"distros,omitempty" jsonschema:"example=k3s,example=eks"` +} + +// ZarfFile defines a file to deploy. +type ZarfFile struct { + // Local folder or file path or remote URL to pull into the package. + Source string `json:"source"` + // (files only) Optional SHA256 checksum of the file. + Shasum string `json:"shasum,omitempty"` + // The absolute or relative path where the file or folder should be copied to during package deploy. + Target string `json:"target"` + // (files only) Determines if the file should be made executable during package deploy. + Executable bool `json:"executable,omitempty"` + // List of symlinks to create during package deploy. + Symlinks []string `json:"symlinks,omitempty"` + // Local folder or file to be extracted from a 'source' archive. + ExtractPath string `json:"extractPath,omitempty"` +} + +// ZarfChart defines a helm chart to be deployed. +type ZarfChart struct { + // The name of the chart within Zarf; note that this must be unique and does not need to be the same as the name in the chart repo. + Name string `json:"name"` + // The version of the chart to deploy; for git-based charts this is also the tag of the git repo by default (when not using the '@' syntax for 'repos'). + Version string `json:"version,omitempty"` + // The URL of the OCI registry, chart repository, or git repo where the helm chart is stored. + URL string `json:"url,omitempty" jsonschema:"example=OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo,example=helm chart repo: https://stefanprodan.github.io/podinfo,example=git repo: https://github.com/stefanprodan/podinfo (note the '@' syntax for 'repos' is supported here too)"` + // The name of a chart within a Helm repository (defaults to the Zarf name of the chart). + RepoName string `json:"repoName,omitempty"` + // (git repo only) The sub directory to the chart within a git repo. + GitPath string `json:"gitPath,omitempty" jsonschema:"example=charts/your-chart"` + // The path to a local chart's folder or .tgz archive. + LocalPath string `json:"localPath,omitempty"` + // The namespace to deploy the chart to. + Namespace string `json:"namespace,omitempty"` + // The name of the Helm release to create (defaults to the Zarf name of the chart). + ReleaseName string `json:"releaseName,omitempty"` + // Whether to not wait for chart resources to be ready before continuing. + NoWait bool `json:"noWait,omitempty"` + // List of local values file paths or remote URLs to include in the package; these will be merged together when deployed. + ValuesFiles []string `json:"valuesFiles,omitempty"` + // [alpha] List of variables to set in the Helm chart. + Variables []ZarfChartVariable `json:"variables,omitempty"` +} + +// ZarfChartVariable represents a variable that can be set for a Helm chart overrides. +type ZarfChartVariable struct { + // The name of the variable. + Name string `json:"name" jsonschema:"pattern=^[A-Z0-9_]+$"` + // A brief description of what the variable controls. + Description string `json:"description"` + // The path within the Helm chart values where this variable applies. + Path string `json:"path"` +} + +// ZarfManifest defines raw manifests Zarf will deploy as a helm chart. +type ZarfManifest struct { + // A name to give this collection of manifests; this will become the name of the dynamically-created helm chart. + Name string `json:"name"` + // The namespace to deploy the manifests to. + Namespace string `json:"namespace,omitempty"` + // List of local K8s YAML files or remote URLs to deploy (in order). + Files []string `json:"files,omitempty"` + // Allow traversing directory above the current directory if needed for kustomization. + KustomizeAllowAnyDirectory bool `json:"kustomizeAllowAnyDirectory,omitempty"` + // List of local kustomization paths or remote URLs to include in the package. + Kustomizations []string `json:"kustomizations,omitempty"` + // Whether to not wait for manifest resources to be ready before continuing. + NoWait bool `json:"noWait,omitempty"` +} + +// DeprecatedZarfComponentScripts are scripts that run before or after a component is deployed. +type DeprecatedZarfComponentScripts struct { + // Show the output of the script during package deployment. + ShowOutput bool `json:"showOutput,omitempty"` + // Timeout in seconds for the script. + TimeoutSeconds int `json:"timeoutSeconds,omitempty"` + // Retry the script if it fails. + Retry bool `json:"retry,omitempty"` + // Scripts to run before the component is added during package create. + Prepare []string `json:"prepare,omitempty"` + // Scripts to run before the component is deployed. + Before []string `json:"before,omitempty"` + // Scripts to run after the component successfully deploys. + After []string `json:"after,omitempty"` +} + +// ZarfComponentActions are ActionSets that map to different zarf package operations. +type ZarfComponentActions struct { + // Actions to run during package creation. + OnCreate ZarfComponentActionSet `json:"onCreate,omitempty"` + // Actions to run during package deployment. + OnDeploy ZarfComponentActionSet `json:"onDeploy,omitempty"` + // Actions to run during package removal. + OnRemove ZarfComponentActionSet `json:"onRemove,omitempty"` +} + +// ZarfComponentActionSet is a set of actions to run during a zarf package operation. +type ZarfComponentActionSet struct { + // Default configuration for all actions in this set. + Defaults ZarfComponentActionDefaults `json:"defaults,omitempty"` + // Actions to run at the start of an operation. + Before []ZarfComponentAction `json:"before,omitempty"` + // Actions to run at the end of an operation. + After []ZarfComponentAction `json:"after,omitempty"` + // Actions to run if all operations succeed. + OnSuccess []ZarfComponentAction `json:"onSuccess,omitempty"` + // Actions to run if all operations fail. + OnFailure []ZarfComponentAction `json:"onFailure,omitempty"` +} + +// ZarfComponentActionDefaults sets the default configs for child actions. +type ZarfComponentActionDefaults struct { + // Hide the output of commands during execution (default false). + Mute bool `json:"mute,omitempty"` + // Default timeout in seconds for commands (default to 0, no timeout). + MaxTotalSeconds int `json:"maxTotalSeconds,omitempty"` + // Retry commands given number of times if they fail (default 0). + MaxRetries int `json:"maxRetries,omitempty"` + // Working directory for commands (default CWD). + Dir string `json:"dir,omitempty"` + // Additional environment variables for commands. + Env []string `json:"env,omitempty"` + // (cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems. + Shell exec.Shell `json:"shell,omitempty"` +} + +// ZarfComponentAction represents a single action to run during a zarf package operation. +type ZarfComponentAction struct { + // Hide the output of the command during package deployment (default false). + Mute *bool `json:"mute,omitempty"` + // Timeout in seconds for the command (default to 0, no timeout for cmd actions and 300, 5 minutes for wait actions). + MaxTotalSeconds *int `json:"maxTotalSeconds,omitempty"` + // Retry the command if it fails up to given number of times (default 0). + MaxRetries *int `json:"maxRetries,omitempty"` + // The working directory to run the command in (default is CWD). + Dir *string `json:"dir,omitempty"` + // Additional environment variables to set for the command. + Env []string `json:"env,omitempty"` + // The command to run. Must specify either cmd or wait for the action to do anything. + Cmd string `json:"cmd,omitempty"` + // (cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems. + Shell *exec.Shell `json:"shell,omitempty"` + // [Deprecated] (replaced by setVariables) (onDeploy/cmd only) The name of a variable to update with the output of the command. This variable will be available to all remaining actions and components in the package. This will be removed in Zarf v1.0.0. + DeprecatedSetVariable string `json:"setVariable,omitempty" jsonschema:"pattern=^[A-Z0-9_]+$"` + // (onDeploy/cmd only) An array of variables to update with the output of the command. These variables will be available to all remaining actions and components in the package. + SetVariables []variables.Variable `json:"setVariables,omitempty"` + // Description of the action to be displayed during package execution instead of the command. + Description string `json:"description,omitempty"` + // Wait for a condition to be met before continuing. Must specify either cmd or wait for the action. See the 'zarf tools wait-for' command for more info. + Wait *ZarfComponentActionWait `json:"wait,omitempty"` +} + +// ZarfComponentActionWait specifies a condition to wait for before continuing +type ZarfComponentActionWait struct { + // Wait for a condition to be met in the cluster before continuing. Only one of cluster or network can be specified. + Cluster *ZarfComponentActionWaitCluster `json:"cluster,omitempty"` + // Wait for a condition to be met on the network before continuing. Only one of cluster or network can be specified. + Network *ZarfComponentActionWaitNetwork `json:"network,omitempty"` +} + +// ZarfComponentActionWaitCluster specifies a condition to wait for before continuing +type ZarfComponentActionWaitCluster struct { + // The kind of resource to wait for. + Kind string `json:"kind" jsonschema:"example=Pod,example=Deployment"` + // The name of the resource or selector to wait for. + Name string `json:"name" jsonschema:"example=podinfo,example=app=podinfo"` + // The namespace of the resource to wait for. + Namespace string `json:"namespace,omitempty"` + // The condition or jsonpath state to wait for; defaults to exist, a special condition that will wait for the resource to exist. + Condition string `json:"condition,omitempty" jsonschema:"example=Ready,example=Available,'{.status.availableReplicas}'=23"` +} + +// ZarfComponentActionWaitNetwork specifies a condition to wait for before continuing +type ZarfComponentActionWaitNetwork struct { + // The protocol to wait for. + Protocol string `json:"protocol" jsonschema:"enum=tcp,enum=http,enum=https"` + // The address to wait for. + Address string `json:"address" jsonschema:"example=localhost:8080,example=1.1.1.1"` + // The HTTP status code to wait for if using http or https. + Code int `json:"code,omitempty" jsonschema:"example=200,example=404"` +} + +// ZarfContainerTarget defines the destination info for a ZarfData target +type ZarfContainerTarget struct { + // The namespace to target for data injection. + Namespace string `json:"namespace"` + // The K8s selector to target for data injection. + Selector string `json:"selector" jsonschema:"example=app=data-injection"` + // The container name to target for data injection. + Container string `json:"container"` + // The path within the container to copy the data into. + Path string `json:"path"` +} + +// ZarfDataInjection is a data-injection definition. +type ZarfDataInjection struct { + // Either a path to a local folder/file or a remote URL of a file to inject into the given target pod + container. + Source string `json:"source"` + // The target pod + container to inject the data into. + Target ZarfContainerTarget `json:"target"` + // Compress the data before transmitting using gzip. Note: this requires support for tar/gzip locally and in the target image. + Compress bool `json:"compress,omitempty"` +} + +// ZarfComponentImport structure for including imported Zarf components. +type ZarfComponentImport struct { + // The name of the component to import from the referenced zarf.yaml. + Name string `json:"name,omitempty"` + // The path to the directory containing the zarf.yaml to import. + Path string `json:"path,omitempty"` + // [beta] The URL to a Zarf package to import via OCI. + URL string `json:"url,omitempty" jsonschema:"pattern=^oci://.*$"` +} + +// JSONSchemaExtend extends the generated json schema during `zarf internal gen-config-schema` +func (ZarfComponentImport) JSONSchemaExtend(schema *jsonschema.Schema) { + path, _ := schema.Properties.Get("path") + url, _ := schema.Properties.Get("url") + + notSchema := &jsonschema.Schema{ + Pattern: ZarfPackageTemplatePrefix, + } + + path.Not = notSchema + url.Not = notSchema +} diff --git a/src/api/v1alpha1/extensions/bigbang.go b/src/api/v1alpha1/extensions/bigbang.go new file mode 100644 index 0000000000..af357d5990 --- /dev/null +++ b/src/api/v1alpha1/extensions/bigbang.go @@ -0,0 +1,19 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package extensions contains the types for all official extensions. +package extensions + +// BigBang holds the configuration for the Big Bang extension. +type BigBang struct { + // The version of Big Bang to use. + Version string `json:"version"` + // Override repo to pull Big Bang from instead of Repo One. + Repo string `json:"repo,omitempty"` + // The list of values files to pass to Big Bang; these will be merged together. + ValuesFiles []string `json:"valuesFiles,omitempty"` + // Whether to skip deploying flux; Defaults to false. + SkipFlux bool `json:"skipFlux,omitempty"` + // Optional paths to Flux kustomize strategic merge patch files. + FluxPatchFiles []string `json:"fluxPatchFiles,omitempty"` +} diff --git a/src/types/extensions/common.go b/src/api/v1alpha1/extensions/common.go similarity index 62% rename from src/types/extensions/common.go rename to src/api/v1alpha1/extensions/common.go index e84091e339..1df82730ab 100644 --- a/src/types/extensions/common.go +++ b/src/api/v1alpha1/extensions/common.go @@ -4,8 +4,8 @@ // Package extensions contains the types for all official extensions. package extensions -// ZarfComponentExtensions is a struct that contains all the official extensions +// ZarfComponentExtensions is a struct that contains all the official extensions. type ZarfComponentExtensions struct { - // Big Bang Configurations - BigBang *BigBang `json:"bigbang,omitempty" jsonschema:"description=Configurations for installing Big Bang and Flux in the cluster"` + // Configurations for installing Big Bang and Flux in the cluster. + BigBang *BigBang `json:"bigbang,omitempty"` } diff --git a/src/api/v1alpha1/package.go b/src/api/v1alpha1/package.go new file mode 100644 index 0000000000..2262bf3e82 --- /dev/null +++ b/src/api/v1alpha1/package.go @@ -0,0 +1,121 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package v1alpha1 holds the definition of the v1alpha1 Zarf Package +package v1alpha1 + +import ( + "github.com/zarf-dev/zarf/src/pkg/variables" +) + +// ZarfPackageKind is an enum of the different kinds of Zarf packages. +type ZarfPackageKind string + +const ( + // ZarfInitConfig is the kind of Zarf package used during `zarf init`. + ZarfInitConfig ZarfPackageKind = "ZarfInitConfig" + // ZarfPackageConfig is the default kind of Zarf package, primarily used during `zarf package`. + ZarfPackageConfig ZarfPackageKind = "ZarfPackageConfig" + ApiVersion string = "zarf.dev/v1alpha1" +) + +// ZarfPackage the top-level structure of a Zarf config file. +type ZarfPackage struct { + // The API version of the Zarf package. + ApiVersion string `json:"apiVersion,omitempty," jsonschema:"enum=zarf.dev/v1alpha1"` + // The kind of Zarf package. + Kind ZarfPackageKind `json:"kind" jsonschema:"enum=ZarfInitConfig,enum=ZarfPackageConfig,default=ZarfPackageConfig"` + // Package metadata. + Metadata ZarfMetadata `json:"metadata,omitempty"` + // Zarf-generated package build data. + Build ZarfBuildData `json:"build,omitempty"` + // List of components to deploy in this package. + Components []ZarfComponent `json:"components" jsonschema:"minItems=1"` + // Constant template values applied on deploy for K8s resources. + Constants []variables.Constant `json:"constants,omitempty"` + // Variable template values applied on deploy for K8s resources. + Variables []variables.InteractiveVariable `json:"variables,omitempty"` +} + +// IsInitConfig returns whether a Zarf package is an init config. +func (pkg ZarfPackage) IsInitConfig() bool { + return pkg.Kind == ZarfInitConfig +} + +// HasImages returns true if one of the components contains an image. +func (pkg ZarfPackage) HasImages() bool { + for _, component := range pkg.Components { + if len(component.Images) > 0 { + return true + } + } + return false +} + +// IsSBOMAble checks if a package has contents that an SBOM can be created on (i.e. images, files, or data injections). +func (pkg ZarfPackage) IsSBOMAble() bool { + for _, c := range pkg.Components { + if len(c.Images) > 0 || len(c.Files) > 0 || len(c.DataInjections) > 0 { + return true + } + } + return false +} + +// ZarfMetadata lists information about the current ZarfPackage. +type ZarfMetadata struct { + // Name to identify this Zarf package. + Name string `json:"name" jsonschema:"pattern=^[a-z0-9][a-z0-9\\-]*$"` + // Additional information about this package. + Description string `json:"description,omitempty"` + // Generic string set by a package author to track the package version (Note: ZarfInitConfigs will always be versioned to the CLIVersion they were created with). + Version string `json:"version,omitempty"` + // Link to package information when online. + URL string `json:"url,omitempty"` + // An image URL to embed in this package (Reserved for future use in Zarf UI). + Image string `json:"image,omitempty"` + // Disable compression of this package. + Uncompressed bool `json:"uncompressed,omitempty"` + // The target cluster architecture for this package. + Architecture string `json:"architecture,omitempty" jsonschema:"example=arm64,example=amd64"` + // Yaml OnLy Online (YOLO): True enables deploying a Zarf package without first running zarf init against the cluster. This is ideal for connected environments where you want to use existing VCS and container registries. + YOLO bool `json:"yolo,omitempty"` + // Comma-separated list of package authors (including contact info). + Authors string `json:"authors,omitempty" jsonschema:"example=Doug <hello@defenseunicorns.com>, Pepr <hello@defenseunicorns.com>"` + // Link to package documentation when online. + Documentation string `json:"documentation,omitempty"` + // Link to package source code when online. + Source string `json:"source,omitempty"` + // Name of the distributing entity, organization or individual. + Vendor string `json:"vendor,omitempty"` + // Checksum of a checksums.txt file that contains checksums all the layers within the package. + AggregateChecksum string `json:"aggregateChecksum,omitempty"` +} + +// ZarfBuildData is written during the packager.Create() operation to track details of the created package. +type ZarfBuildData struct { + // The machine name that created this package. + Terminal string `json:"terminal"` + // The username who created this package. + User string `json:"user"` + // The architecture this package was created on. + Architecture string `json:"architecture"` + // The timestamp when this package was created. + Timestamp string `json:"timestamp"` + // The version of Zarf used to build this package. + Version string `json:"version"` + // Any migrations that have been run on this package. + Migrations []string `json:"migrations,omitempty"` + // Any registry domains that were overridden on package create when pulling images. + RegistryOverrides map[string]string `json:"registryOverrides,omitempty"` + // Whether this package was created with differential components. + Differential bool `json:"differential,omitempty"` + // Version of a previously built package used as the basis for creating this differential package. + DifferentialPackageVersion string `json:"differentialPackageVersion,omitempty"` + // List of components that were not included in this package due to differential packaging. + DifferentialMissing []string `json:"differentialMissing,omitempty"` + // The minimum version of Zarf that does not have breaking package structure changes. + LastNonBreakingVersion string `json:"lastNonBreakingVersion,omitempty"` + // The flavor of Zarf used to build this package. + Flavor string `json:"flavor,omitempty"` +} diff --git a/src/api/v1alpha1/package_test.go b/src/api/v1alpha1/package_test.go new file mode 100644 index 0000000000..b23df834d8 --- /dev/null +++ b/src/api/v1alpha1/package_test.go @@ -0,0 +1,102 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package v1alpha1 holds the definition of the v1alpha1 Zarf Package +package v1alpha1 + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestZarfPackageIsInitPackage(t *testing.T) { + t.Parallel() + + pkg := ZarfPackage{ + Kind: ZarfInitConfig, + } + require.True(t, pkg.IsInitConfig()) + pkg = ZarfPackage{ + Kind: ZarfPackageConfig, + } + require.False(t, pkg.IsInitConfig()) +} + +func TestZarfPackageHasImages(t *testing.T) { + t.Parallel() + + pkg := ZarfPackage{ + Components: []ZarfComponent{ + { + Name: "without images", + }, + }, + } + require.False(t, pkg.HasImages()) + pkg = ZarfPackage{ + Components: []ZarfComponent{ + { + Name: "with images", + Images: []string{"docker.io/library/alpine:latest"}, + }, + }, + } + require.True(t, pkg.HasImages()) +} + +func TestZarfPackageIsSBOMable(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + images []string + files []ZarfFile + dataInjections []ZarfDataInjection + expected bool + }{ + { + name: "empty component", + expected: false, + }, + { + name: "only images", + images: []string{""}, + expected: true, + }, + { + name: "only files", + files: []ZarfFile{{}}, + expected: true, + }, + { + name: "only data injections", + dataInjections: []ZarfDataInjection{{}}, + expected: true, + }, + { + name: "all three set", + images: []string{""}, + files: []ZarfFile{{}}, + dataInjections: []ZarfDataInjection{{}}, + expected: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + pkg := ZarfPackage{ + Components: []ZarfComponent{ + { + Name: "without images", + Images: tt.images, + Files: tt.files, + DataInjections: tt.dataInjections, + }, + }, + } + require.Equal(t, tt.expected, pkg.IsSBOMAble()) + }) + } +} diff --git a/src/types/validate.go b/src/api/v1alpha1/validate.go similarity index 85% rename from src/types/validate.go rename to src/api/v1alpha1/validate.go index 4d39d36b23..391e0f000d 100644 --- a/src/types/validate.go +++ b/src/api/v1alpha1/validate.go @@ -1,23 +1,27 @@ // SPDX-License-Identifier: Apache-2.0 // SPDX-FileCopyrightText: 2021-Present The Zarf Authors -// Package types contains all the types used by Zarf. -package types +// Package v1alpha1 holds the definition of the v1alpha1 Zarf Package +package v1alpha1 import ( "errors" "fmt" "path/filepath" "regexp" - "slices" + "strings" "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/config/lang" + "k8s.io/apimachinery/pkg/util/validation" ) +// Zarf looks for these strings in zarf.yaml to make dynamic changes const ( - // ZarfMaxChartNameLength limits helm chart name size to account for K8s/helm limits and zarf prefix - ZarfMaxChartNameLength = 40 + ZarfPackageTemplatePrefix = "###ZARF_PKG_TMPL_" + ZarfPackageVariablePrefix = "###ZARF_PKG_VAR_" + ZarfPackageArch = "###ZARF_PKG_ARCH###" + ZarfComponentName = "###ZARF_COMPONENT_NAME###" ) var ( @@ -38,6 +42,12 @@ func SupportedOS() []string { return supportedOS } +const ( + // ZarfMaxChartNameLength limits helm chart name size to account for K8s/helm limits and zarf prefix + ZarfMaxChartNameLength = 40 + errChartReleaseNameEmpty = "release name empty, unable to fallback to chart name" +) + // Validate runs all validation checks on the package. func (pkg ZarfPackage) Validate() error { var err error @@ -45,20 +55,6 @@ func (pkg ZarfPackage) Validate() error { err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrInitNoYOLO)) } - if !IsLowercaseNumberHyphenNoStartHyphen(pkg.Metadata.Name) { - err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrPkgName, pkg.Metadata.Name)) - } - - if len(pkg.Components) == 0 { - err = errors.Join(err, fmt.Errorf("package must have at least 1 component")) - } - - for _, variable := range pkg.Variables { - if varErr := variable.Validate(); varErr != nil { - err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrVariable, varErr)) - } - } - for _, constant := range pkg.Constants { if varErr := constant.Validate(); varErr != nil { err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrConstant, varErr)) @@ -96,14 +92,6 @@ func (pkg ZarfPackage) Validate() error { } uniqueComponentNames[component.Name] = true - if !IsLowercaseNumberHyphenNoStartHyphen(component.Name) { - err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrComponentName, component.Name)) - } - - if !slices.Contains(supportedOS, component.Only.LocalOS) { - err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrComponentLocalOS, component.Name, component.Only.LocalOS, supportedOS)) - } - if component.IsRequired() { if component.Default { err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrComponentReqDefault, component.Name)) @@ -241,7 +229,6 @@ func (as ZarfComponentActionSet) Validate() error { if actionErr := action.Validate(); actionErr != nil { err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrAction, actionErr)) } - } } @@ -255,9 +242,6 @@ func (as ZarfComponentActionSet) Validate() error { // Validate runs all validation checks on an action. func (action ZarfComponentAction) Validate() error { var err error - for _, variable := range action.SetVariables { - err = errors.Join(err, variable.Validate()) - } if action.Wait != nil { // Validate only cmd or wait, not both @@ -279,14 +263,33 @@ func (action ZarfComponentAction) Validate() error { return err } +// validateReleaseName validates a release name against DNS 1035 spec, using chartName as fallback. +// https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#rfc-1035-label-names +func validateReleaseName(chartName, releaseName string) (err error) { + // Fallback to chartName if releaseName is empty + // NOTE: Similar fallback mechanism happens in src/internal/packager/helm/chart.go:InstallOrUpgradeChart + if releaseName == "" { + releaseName = chartName + } + + // Check if the final releaseName is empty and return an error if so + if releaseName == "" { + err = fmt.Errorf(errChartReleaseNameEmpty) + return + } + + // Validate the releaseName against DNS 1035 label spec + if errs := validation.IsDNS1035Label(releaseName); len(errs) > 0 { + err = fmt.Errorf("invalid release name '%s': %s", releaseName, strings.Join(errs, "; ")) + } + + return +} + // Validate runs all validation checks on a chart. func (chart ZarfChart) Validate() error { var err error - if chart.Name == "" { - err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrChartNameMissing)) - } - if len(chart.Name) > ZarfMaxChartNameLength { err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrChartName, chart.Name, ZarfMaxChartNameLength)) } @@ -308,6 +311,10 @@ func (chart ZarfChart) Validate() error { err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrChartVersion, chart.Name)) } + if nameErr := validateReleaseName(chart.Name, chart.ReleaseName); nameErr != nil { + err = errors.Join(err, nameErr) + } + return err } @@ -315,10 +322,6 @@ func (chart ZarfChart) Validate() error { func (manifest ZarfManifest) Validate() error { var err error - if manifest.Name == "" { - err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrManifestNameMissing)) - } - if len(manifest.Name) > ZarfMaxChartNameLength { err = errors.Join(err, fmt.Errorf(lang.PkgValidateErrManifestNameLength, manifest.Name, ZarfMaxChartNameLength)) } diff --git a/src/types/validate_test.go b/src/api/v1alpha1/validate_test.go similarity index 80% rename from src/types/validate_test.go rename to src/api/v1alpha1/validate_test.go index f283302675..de3f675c2e 100644 --- a/src/types/validate_test.go +++ b/src/api/v1alpha1/validate_test.go @@ -1,8 +1,8 @@ // SPDX-License-Identifier: Apache-2.0 // SPDX-FileCopyrightText: 2021-Present The Zarf Authors -// Package types contains all the types used by Zarf. -package types +// Package v1alpha1 holds the definition of the v1alpha1 Zarf Package +package v1alpha1 import ( "fmt" @@ -38,30 +38,16 @@ func TestZarfPackageValidate(t *testing.T) { }, expectedErrs: nil, }, - { - name: "no components", - pkg: ZarfPackage{ - Kind: ZarfPackageConfig, - Metadata: ZarfMetadata{ - Name: "empty-components", - }, - Components: []ZarfComponent{}, - }, - expectedErrs: []string{"package must have at least 1 component"}, - }, { name: "invalid package", pkg: ZarfPackage{ Kind: ZarfPackageConfig, Metadata: ZarfMetadata{ - Name: "-invalid-package", + Name: "invalid-package", }, Components: []ZarfComponent{ { - Name: "-invalid", - Only: ZarfComponentOnlyTarget{ - LocalOS: "unsupportedOS", - }, + Name: "invalid", Required: helpers.BoolPtr(true), Default: true, Charts: []ZarfChart{ @@ -95,15 +81,7 @@ func TestZarfPackageValidate(t *testing.T) { Name: "duplicate", }, }, - Variables: []variables.InteractiveVariable{ - { - Variable: variables.Variable{Name: "not_uppercase"}, - }, - }, Constants: []variables.Constant{ - { - Name: "not_uppercase", - }, { Name: "BAD", Pattern: "^good_val$", @@ -112,13 +90,8 @@ func TestZarfPackageValidate(t *testing.T) { }, }, expectedErrs: []string{ - fmt.Sprintf(lang.PkgValidateErrPkgName, "-invalid-package"), - fmt.Errorf(lang.PkgValidateErrVariable, fmt.Errorf(lang.PkgValidateMustBeUppercase, "not_uppercase")).Error(), - fmt.Errorf(lang.PkgValidateErrConstant, fmt.Errorf(lang.PkgValidateErrPkgConstantName, "not_uppercase")).Error(), fmt.Errorf(lang.PkgValidateErrConstant, fmt.Errorf(lang.PkgValidateErrPkgConstantPattern, "BAD", "^good_val$")).Error(), - fmt.Sprintf(lang.PkgValidateErrComponentName, "-invalid"), - fmt.Sprintf(lang.PkgValidateErrComponentLocalOS, "-invalid", "unsupportedOS", supportedOS), - fmt.Sprintf(lang.PkgValidateErrComponentReqDefault, "-invalid"), + fmt.Sprintf(lang.PkgValidateErrComponentReqDefault, "invalid"), fmt.Sprintf(lang.PkgValidateErrChartNameNotUnique, "chart1"), fmt.Sprintf(lang.PkgValidateErrManifestNameNotUnique, "manifest1"), fmt.Sprintf(lang.PkgValidateErrComponentReqGrouped, "required-in-group"), @@ -187,11 +160,6 @@ func TestValidateManifest(t *testing.T) { manifest: ZarfManifest{Name: "valid", Files: []string{"a-file"}}, expectedErrs: nil, }, - { - name: "empty name", - manifest: ZarfManifest{Name: "", Files: []string{"a-file"}}, - expectedErrs: []string{lang.PkgValidateErrManifestNameMissing}, - }, { name: "long name", manifest: ZarfManifest{Name: longName, Files: []string{"a-file"}}, @@ -218,24 +186,84 @@ func TestValidateManifest(t *testing.T) { } } +func TestValidateReleaseName(t *testing.T) { + tests := []struct { + name string + chartName string + releaseName string + expectError bool + errorSubstring string + }{ + { + name: "valid releaseName with hyphens", + chartName: "chart", + releaseName: "valid-release-hyphenated", + expectError: false, + }, + { + name: "valid releaseName with numbers", + chartName: "chart", + releaseName: "valid-0470", + expectError: false, + }, + { + name: "invalid releaseName with periods", + chartName: "chart", + releaseName: "namedwithperiods-a.b.c", + expectError: true, + errorSubstring: "invalid release name 'namedwithperiods-a.b.c'", + }, + { + name: "empty releaseName, valid chartName", + chartName: "valid-chart", + releaseName: "", + expectError: false, + }, + { + name: "empty releaseName and chartName", + chartName: "", + releaseName: "", + expectError: true, + errorSubstring: errChartReleaseNameEmpty, + }, + { + name: "empty releaseName, invalid chartName", + chartName: "invalid_chart!", + releaseName: "", + expectError: true, + errorSubstring: "invalid release name 'invalid_chart!'", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + err := validateReleaseName(tt.chartName, tt.releaseName) + if tt.expectError { + require.Error(t, err) + require.Contains(t, err.Error(), tt.errorSubstring) + } else { + require.NoError(t, err) + } + }) + } +} + func TestValidateChart(t *testing.T) { t.Parallel() longName := strings.Repeat("a", ZarfMaxChartNameLength+1) tests := []struct { + name string chart ZarfChart expectedErrs []string - name string + partialMatch bool }{ { name: "valid", - chart: ZarfChart{Name: "chart1", Namespace: "whatever", URL: "http://whatever", Version: "v1.0.0"}, + chart: ZarfChart{Name: "chart1", Namespace: "whatever", URL: "http://whatever", Version: "v1.0.0", ReleaseName: "this-is-valid"}, expectedErrs: nil, }, - { - name: "empty name", - chart: ZarfChart{Name: "", Namespace: "whatever", URL: "http://whatever", Version: "v1.0.0"}, - expectedErrs: []string{lang.PkgValidateErrChartNameMissing}, - }, { name: "long name", chart: ZarfChart{Name: longName, Namespace: "whatever", URL: "http://whatever", Version: "v1.0.0"}, @@ -244,7 +272,7 @@ func TestValidateChart(t *testing.T) { }, }, { - name: "no url or local path", + name: "no url, local path, version, or namespace", chart: ZarfChart{Name: "invalid"}, expectedErrs: []string{ fmt.Sprintf(lang.PkgValidateErrChartNamespaceMissing, "invalid"), @@ -259,6 +287,22 @@ func TestValidateChart(t *testing.T) { fmt.Sprintf(lang.PkgValidateErrChartURLOrPath, "invalid"), }, }, + { + name: "invalid releaseName", + chart: ZarfChart{ReleaseName: "namedwithperiods-0.47.0", Name: "releaseName", Namespace: "whatever", URL: "http://whatever", Version: "v1.0.0"}, + expectedErrs: []string{"invalid release name 'namedwithperiods-0.47.0'"}, + partialMatch: true, + }, + { + name: "missing releaseName fallsback to name", + chart: ZarfChart{Name: "chart3", Namespace: "namespace", URL: "http://whatever", Version: "v1.0.0"}, + expectedErrs: nil, + }, + { + name: "missing name and releaseName", + chart: ZarfChart{Namespace: "namespace", URL: "http://whatever", Version: "v1.0.0"}, + expectedErrs: []string{errChartReleaseNameEmpty}, + }, } for _, tt := range tests { tt := tt @@ -269,8 +313,16 @@ func TestValidateChart(t *testing.T) { require.NoError(t, err) return } - errs := strings.Split(err.Error(), "\n") - require.ElementsMatch(t, tt.expectedErrs, errs) + require.Error(t, err) + errString := err.Error() + if tt.partialMatch { + for _, expectedErr := range tt.expectedErrs { + require.Contains(t, errString, expectedErr) + } + } else { + errs := strings.Split(errString, "\n") + require.ElementsMatch(t, tt.expectedErrs, errs) + } }) } } diff --git a/src/cmd/common/viper.go b/src/cmd/common/viper.go index bbd0f64c0c..e161c22d00 100644 --- a/src/cmd/common/viper.go +++ b/src/cmd/common/viper.go @@ -5,6 +5,7 @@ package common import ( + "errors" "os" "strings" @@ -166,16 +167,15 @@ func printViperConfigUsed() { if !vInitialized { return } - - // Optional, so ignore file not found errors + var notFoundErr viper.ConfigFileNotFoundError + if errors.As(vConfigError, ¬FoundErr) { + return + } if vConfigError != nil { - // Config file not found; ignore - if _, ok := vConfigError.(viper.ConfigFileNotFoundError); !ok { - message.WarnErrf(vConfigError, lang.CmdViperErrLoadingConfigFile, vConfigError.Error()) - } - } else { - message.Notef(lang.CmdViperInfoUsingConfigFile, v.ConfigFileUsed()) + message.WarnErrf(vConfigError, lang.CmdViperErrLoadingConfigFile, vConfigError.Error()) + return } + message.Notef(lang.CmdViperInfoUsingConfigFile, v.ConfigFileUsed()) } func setDefaults() { diff --git a/src/cmd/connect.go b/src/cmd/connect.go index 26f012660e..8600d703a3 100644 --- a/src/cmd/connect.go +++ b/src/cmd/connect.go @@ -16,14 +16,9 @@ import ( ) var ( - connectResourceName string - connectNamespace string - connectResourceType string - connectLocalPort int - connectRemotePort int - cliOnly bool + cliOnly bool + zt cluster.TunnelInfo ) - var connectCmd = &cobra.Command{ Use: "connect { REGISTRY | GIT | connect-name }", Aliases: []string{"c"}, @@ -46,15 +41,24 @@ var connectCmd = &cobra.Command{ ctx := cmd.Context() var tunnel *cluster.Tunnel - if connectResourceName == "" { - tunnel, err = c.Connect(ctx, target) - } else { - zt := cluster.NewTunnelInfo(connectNamespace, connectResourceType, connectResourceName, "", connectLocalPort, connectRemotePort) + if target == "" { tunnel, err = c.ConnectTunnelInfo(ctx, zt) + } else { + var ti cluster.TunnelInfo + ti, err = c.NewTargetTunnelInfo(ctx, target) + if err != nil { + return fmt.Errorf("unable to create tunnel: %w", err) + } + if zt.LocalPort != 0 { + ti.LocalPort = zt.LocalPort + } + tunnel, err = c.ConnectTunnelInfo(ctx, ti) } + if err != nil { return fmt.Errorf("unable to connect to the service: %w", err) } + defer tunnel.Close() // Dump the tunnel URL to the console for other tools to use. @@ -64,11 +68,13 @@ var connectCmd = &cobra.Command{ spinner.Updatef(lang.CmdConnectEstablishedCLI, tunnel.FullURL()) } else { spinner.Updatef(lang.CmdConnectEstablishedWeb, tunnel.FullURL()) + if err := exec.LaunchURL(tunnel.FullURL()); err != nil { - message.Debug(err) + return err } } + // Wait for the interrupt signal or an error. select { case <-ctx.Done(): spinner.Successf(lang.CmdConnectTunnelClosed, tunnel.FullURL()) @@ -101,10 +107,10 @@ func init() { rootCmd.AddCommand(connectCmd) connectCmd.AddCommand(connectListCmd) - connectCmd.Flags().StringVar(&connectResourceName, "name", "", lang.CmdConnectFlagName) - connectCmd.Flags().StringVar(&connectNamespace, "namespace", cluster.ZarfNamespaceName, lang.CmdConnectFlagNamespace) - connectCmd.Flags().StringVar(&connectResourceType, "type", cluster.SvcResource, lang.CmdConnectFlagType) - connectCmd.Flags().IntVar(&connectLocalPort, "local-port", 0, lang.CmdConnectFlagLocalPort) - connectCmd.Flags().IntVar(&connectRemotePort, "remote-port", 0, lang.CmdConnectFlagRemotePort) + connectCmd.Flags().StringVar(&zt.ResourceName, "name", "", lang.CmdConnectFlagName) + connectCmd.Flags().StringVar(&zt.Namespace, "namespace", cluster.ZarfNamespaceName, lang.CmdConnectFlagNamespace) + connectCmd.Flags().StringVar(&zt.ResourceType, "type", cluster.SvcResource, lang.CmdConnectFlagType) + connectCmd.Flags().IntVar(&zt.LocalPort, "local-port", 0, lang.CmdConnectFlagLocalPort) + connectCmd.Flags().IntVar(&zt.RemotePort, "remote-port", 0, lang.CmdConnectFlagRemotePort) connectCmd.Flags().BoolVar(&cliOnly, "cli-only", false, lang.CmdConnectFlagCliOnly) } diff --git a/src/cmd/destroy.go b/src/cmd/destroy.go index 1e3d1bb646..1b71740aa3 100644 --- a/src/cmd/destroy.go +++ b/src/cmd/destroy.go @@ -44,7 +44,7 @@ var destroyCmd = &cobra.Command{ // the scripts to remove k3s, we will still try to remove a locally installed k3s cluster state, err := c.LoadZarfState(ctx) if err != nil { - message.WarnErr(err, lang.ErrLoadState) + message.WarnErr(err, err.Error()) } // If Zarf deployed the cluster, burn it all down diff --git a/src/cmd/dev.go b/src/cmd/dev.go index b10f2dde51..322b82fb84 100644 --- a/src/cmd/dev.go +++ b/src/cmd/dev.go @@ -22,6 +22,7 @@ import ( "github.com/zarf-dev/zarf/src/cmd/common" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" + "github.com/zarf-dev/zarf/src/pkg/lint" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager" "github.com/zarf-dev/zarf/src/pkg/transform" @@ -142,7 +143,7 @@ var devSha256SumCmd = &cobra.Command{ Aliases: []string{"s"}, Short: lang.CmdDevSha256sumShort, Args: cobra.ExactArgs(1), - RunE: func(_ *cobra.Command, args []string) error { + RunE: func(cmd *cobra.Command, args []string) error { hashErr := errors.New("unable to compute the SHA256SUM hash") fileName := args[0] @@ -169,7 +170,7 @@ var devSha256SumCmd = &cobra.Command{ } downloadPath := filepath.Join(tmp, fileBase) - err = utils.DownloadToFile(fileName, downloadPath, "") + err = utils.DownloadToFile(cmd.Context(), fileName, downloadPath, "") if err != nil { return errors.Join(hashErr, err) } @@ -269,6 +270,7 @@ var devLintCmd = &cobra.Command{ Short: lang.CmdDevLintShort, Long: lang.CmdDevLintLong, RunE: func(cmd *cobra.Command, args []string) error { + config.CommonOptions.Confirm = true pkgConfig.CreateOpts.BaseDir = common.SetBaseDirectory(args) v := common.GetViper() pkgConfig.CreateOpts.SetVariables = helpers.TransformAndMergeMap( @@ -280,7 +282,7 @@ var devLintCmd = &cobra.Command{ } defer pkgClient.ClearTempPaths() - return pkgClient.Lint(cmd.Context()) + return lint.Validate(cmd.Context(), pkgConfig.CreateOpts) }, } diff --git a/src/cmd/internal.go b/src/cmd/internal.go index 7ff0315356..d989d6ce0a 100644 --- a/src/cmd/internal.go +++ b/src/cmd/internal.go @@ -7,6 +7,7 @@ package cmd import ( "context" "encoding/json" + "errors" "fmt" "os" "path/filepath" @@ -17,10 +18,11 @@ import ( "github.com/spf13/cobra" "github.com/spf13/cobra/doc" "github.com/spf13/pflag" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/cmd/common" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/internal/agent" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/gitea" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/types" @@ -156,13 +158,31 @@ tableOfContents: false }, } +func addGoComments(reflector *jsonschema.Reflector) error { + addCommentErr := errors.New("this command must be called from the root of the Zarf repo") + + typePackagePath := filepath.Join("src", "api", "v1alpha1") + if err := reflector.AddGoComments("github.com/zarf-dev/zarf", typePackagePath); err != nil { + return fmt.Errorf("%w: %w", addCommentErr, err) + } + varPackagePath := filepath.Join("src", "pkg", "variables") + if err := reflector.AddGoComments("github.com/zarf-dev/zarf", varPackagePath); err != nil { + return fmt.Errorf("%w: %w", addCommentErr, err) + } + return nil +} + var genConfigSchemaCmd = &cobra.Command{ Use: "gen-config-schema", Aliases: []string{"gc"}, Short: lang.CmdInternalConfigSchemaShort, RunE: func(_ *cobra.Command, _ []string) error { reflector := jsonschema.Reflector(jsonschema.Reflector{ExpandedStruct: true}) - schema := reflector.Reflect(&types.ZarfPackage{}) + if err := addGoComments(&reflector); err != nil { + return err + } + + schema := reflector.Reflect(&v1alpha1.ZarfPackage{}) output, err := json.MarshalIndent(schema, "", " ") if err != nil { return fmt.Errorf("unable to generate the Zarf config schema: %w", err) @@ -174,7 +194,7 @@ var genConfigSchemaCmd = &cobra.Command{ type zarfTypes struct { DeployedPackage types.DeployedPackage - ZarfPackage types.ZarfPackage + ZarfPackage v1alpha1.ZarfPackage ZarfState types.ZarfState } @@ -183,7 +203,12 @@ var genTypesSchemaCmd = &cobra.Command{ Aliases: []string{"gt"}, Short: lang.CmdInternalTypesSchemaShort, RunE: func(_ *cobra.Command, _ []string) error { - schema := jsonschema.Reflect(&zarfTypes{}) + reflector := jsonschema.Reflector(jsonschema.Reflector{ExpandedStruct: true}) + if err := addGoComments(&reflector); err != nil { + return err + } + + schema := reflector.Reflect(&zarfTypes{}) output, err := json.MarshalIndent(schema, "", " ") if err != nil { return fmt.Errorf("unable to generate the JSON schema for the Zarf types DeployedPackage, ZarfPackage, and ZarfState: %w", err) @@ -204,14 +229,33 @@ var createReadOnlyGiteaUser = &cobra.Command{ if err != nil { return err } - // Load the state so we can get the credentials for the admin git user state, err := c.LoadZarfState(cmd.Context()) if err != nil { - message.WarnErr(err, lang.ErrLoadState) + return err } - // Create the non-admin user - if err = git.New(state.GitServer).CreateReadOnlyUser(cmd.Context()); err != nil { - message.WarnErr(err, lang.CmdInternalCreateReadOnlyGiteaUserErr) + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) + if err != nil { + return err + } + _, err = tunnel.Connect(cmd.Context()) + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnelURL, state.GitServer.PushUsername, state.GitServer.PushPassword) + if err != nil { + return err + } + err = tunnel.Wrap(func() error { + err = giteaClient.CreateReadOnlyUser(cmd.Context(), state.GitServer.PullUsername, state.GitServer.PullPassword) + if err != nil { + return err + } + return nil + }) + if err != nil { + return err } return nil }, @@ -228,22 +272,39 @@ var createPackageRegistryToken = &cobra.Command{ if err != nil { return err } - ctx := cmd.Context() state, err := c.LoadZarfState(ctx) if err != nil { - message.WarnErr(err, lang.ErrLoadState) + return err } // If we are setup to use an internal artifact server, create the artifact registry token - if state.ArtifactServer.InternalServer { - token, err := git.New(state.GitServer).CreatePackageRegistryToken(ctx) + if state.ArtifactServer.IsInternal() { + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) if err != nil { - message.WarnErr(err, lang.CmdInternalArtifactRegistryGiteaTokenErr) + return err + } + _, err = tunnel.Connect(cmd.Context()) + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnelURL, state.GitServer.PushUsername, state.GitServer.PushPassword) + if err != nil { + return err + } + err = tunnel.Wrap(func() error { + tokenSha1, err := giteaClient.CreatePackageRegistryToken(ctx) + if err != nil { + return fmt.Errorf("unable to create an artifact registry token for Gitea: %w", err) + } + state.ArtifactServer.PushToken = tokenSha1 + return nil + }) + if err != nil { + return err } - - state.ArtifactServer.PushToken = token.Sha1 - if err := c.SaveZarfState(ctx, state); err != nil { return err } @@ -256,16 +317,21 @@ var updateGiteaPVC = &cobra.Command{ Use: "update-gitea-pvc", Short: lang.CmdInternalUpdateGiteaPVCShort, Long: lang.CmdInternalUpdateGiteaPVCLong, - Run: func(cmd *cobra.Command, _ []string) { + RunE: func(cmd *cobra.Command, _ []string) error { ctx := cmd.Context() + pvcName := os.Getenv("ZARF_VAR_GIT_SERVER_EXISTING_PVC") + c, err := cluster.NewCluster() + if err != nil { + return err + } // There is a possibility that the pvc does not yet exist and Gitea helm chart should create it - helmShouldCreate, err := git.UpdateGiteaPVC(ctx, rollback) + helmShouldCreate, err := c.UpdateGiteaPVC(ctx, pvcName, rollback) if err != nil { message.WarnErr(err, lang.CmdInternalUpdateGiteaPVCErr) } - fmt.Print(helmShouldCreate) + return nil }, } diff --git a/src/cmd/tools/crane.go b/src/cmd/tools/crane.go index 4df8daebb3..dd76955339 100644 --- a/src/cmd/tools/crane.go +++ b/src/cmd/tools/crane.go @@ -176,7 +176,7 @@ func zarfCraneInternalWrapper(commandToWrap func(*[]crane.Option) *cobra.Command zarfState, err := c.LoadZarfState(ctx) if err != nil { - message.Warnf(lang.CmdToolsCraneConnectedButBadStateErr, err.Error()) + message.Warnf("could not get Zarf state from Kubernetes cluster, continuing without state information %s", err.Error()) return originalListFn(cmd, args) } diff --git a/src/cmd/tools/yq.go b/src/cmd/tools/yq.go index 85d72ab767..41839f568b 100644 --- a/src/cmd/tools/yq.go +++ b/src/cmd/tools/yq.go @@ -10,7 +10,6 @@ import ( ) func init() { - yqCmd := yq.New() yqCmd.Example = lang.CmdToolsYqExample yqCmd.Use = "yq" diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go index 3f97be20eb..7c6ba91e88 100644 --- a/src/cmd/tools/zarf.go +++ b/src/cmd/tools/zarf.go @@ -21,7 +21,7 @@ import ( "github.com/zarf-dev/zarf/src/cmd/common" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/gitea" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/template" "github.com/zarf-dev/zarf/src/pkg/cluster" @@ -148,14 +148,32 @@ var updateCredsCmd = &cobra.Command{ } // Update artifact token (if internal) - if slices.Contains(args, message.ArtifactKey) && newState.ArtifactServer.PushToken == "" && newState.ArtifactServer.InternalServer { - g := git.New(oldState.GitServer) - tokenResponse, err := g.CreatePackageRegistryToken(ctx) + if slices.Contains(args, message.ArtifactKey) && newState.ArtifactServer.PushToken == "" && newState.ArtifactServer.IsInternal() { + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) + if err != nil { + return err + } + _, err = tunnel.Connect(cmd.Context()) + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnelURL, oldState.GitServer.PushUsername, oldState.GitServer.PushPassword) + if err != nil { + return err + } + err = tunnel.Wrap(func() error { + tokenSha1, err := giteaClient.CreatePackageRegistryToken(ctx) + if err != nil { + return err + } + newState.ArtifactServer.PushToken = tokenSha1 + return nil + }) if err != nil { // Warn if we couldn't actually update the git server (it might not be installed and we should try to continue) message.Warnf(lang.CmdToolsUpdateCredsUnableCreateToken, err.Error()) - } else { - newState.ArtifactServer.PushToken = tokenResponse.Sha1 } } @@ -168,16 +186,39 @@ var updateCredsCmd = &cobra.Command{ // Update Zarf 'init' component Helm releases if present h := helm.NewClusterOnly(&types.PackagerConfig{}, template.GetZarfVariableConfig(), newState, c) - if slices.Contains(args, message.RegistryKey) && newState.RegistryInfo.InternalRegistry { + if slices.Contains(args, message.RegistryKey) && newState.RegistryInfo.IsInternal() { err = h.UpdateZarfRegistryValues(ctx) if err != nil { // Warn if we couldn't actually update the registry (it might not be installed and we should try to continue) message.Warnf(lang.CmdToolsUpdateCredsUnableUpdateRegistry, err.Error()) } } - if slices.Contains(args, message.GitKey) && newState.GitServer.InternalServer { - g := git.New(newState.GitServer) - err = g.UpdateZarfGiteaUsers(ctx, oldState) + if slices.Contains(args, message.GitKey) && newState.GitServer.IsInternal() { + tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) + if err != nil { + return err + } + _, err = tunnel.Connect(cmd.Context()) + if err != nil { + return err + } + defer tunnel.Close() + tunnelURL := tunnel.HTTPEndpoint() + giteaClient, err := gitea.NewClient(tunnelURL, oldState.GitServer.PushUsername, oldState.GitServer.PushPassword) + if err != nil { + return err + } + err = tunnel.Wrap(func() error { + err := giteaClient.UpdateGitUser(ctx, newState.GitServer.PullUsername, newState.GitServer.PullPassword) + if err != nil { + return err + } + err = giteaClient.UpdateGitUser(ctx, newState.GitServer.PushUsername, newState.GitServer.PushPassword) + if err != nil { + return err + } + return nil + }) if err != nil { // Warn if we couldn't actually update the git server (it might not be installed and we should try to continue) message.Warnf(lang.CmdToolsUpdateCredsUnableUpdateGit, err.Error()) diff --git a/src/config/config.go b/src/config/config.go index dc60ea2fd8..4a4001dce6 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -32,8 +32,6 @@ const ( // Zarf Constants for In-Cluster Services. const ( - ZarfArtifactTokenName = "zarf-artifact-registry-token" - ZarfImagePullSecretName = "private-registry" ZarfGitServerSecretName = "private-git-server" diff --git a/src/config/lang/english.go b/src/config/lang/english.go index 9b90c23b22..e4057e00bd 100644 --- a/src/config/lang/english.go +++ b/src/config/lang/english.go @@ -17,14 +17,12 @@ import ( // Debug messages will not be a part of the language strings since they are not intended to be user facing // Include sprintf formatting directives in the string if needed. const ( - ErrLoadState = "Failed to load the Zarf State from the cluster." ErrUnmarshal = "failed to unmarshal file: %w" ErrWritingFile = "failed to write file %s: %s" ErrDownloading = "failed to download %s: %s" ErrCreatingDir = "failed to create directory %s: %s" ErrRemoveFile = "failed to remove file %s: %s" ErrUnarchive = "failed to unarchive %s: %s" - ErrConfirmCancel = "confirm selection canceled: %s" ErrFileExtract = "failed to extract filename %s from archive %s: %s" ErrFileNameExtract = "failed to extract filename from URL %s: %s" ErrUnableToGenerateRandomSecret = "unable to generate a random secret" @@ -74,11 +72,11 @@ const ( // zarf connect list CmdConnectListShort = "Lists all available connection shortcuts" - CmdConnectFlagName = "Specify the resource name. E.g. name=unicorns or name=unicorn-pod-7448499f4d-b5bk6." - CmdConnectFlagNamespace = "Specify the namespace. E.g. namespace=default. Ignored if --name is unset." - CmdConnectFlagType = "Specify the resource type. E.g. type=svc or type=pod. Ignored if --name is unset." - CmdConnectFlagLocalPort = "(Optional, autogenerated if not provided) Specify the local port to bind to. E.g. local-port=42000. Ignored if --name is unset." - CmdConnectFlagRemotePort = "Specify the remote port of the resource to bind to. E.g. remote-port=8080. Ignored if --name is unset." + CmdConnectFlagName = "Specify the resource name. E.g. name=unicorns or name=unicorn-pod-7448499f4d-b5bk6. Ignored if connect-name is supplied." + CmdConnectFlagNamespace = "Specify the namespace. E.g. namespace=default. Ignored if connect-name is supplied." + CmdConnectFlagType = "Specify the resource type. E.g. type=svc or type=pod. Ignored if connect-name is supplied." + CmdConnectFlagLocalPort = "(Optional, autogenerated if not provided) Specify the local port to bind to. E.g. local-port=42000." + CmdConnectFlagRemotePort = "Specify the remote port of the resource to bind to. E.g. remote-port=8080. Ignored if connect-name is supplied." CmdConnectFlagCliOnly = "Disable browser auto-open" CmdConnectPreparingTunnel = "Preparing a tunnel to connect to %s" @@ -199,7 +197,6 @@ $ zarf init --artifact-push-password={PASSWORD} --artifact-push-username={USERNA CmdInternalArtifactRegistryGiteaTokenShort = "Creates an artifact registry token for Gitea" CmdInternalArtifactRegistryGiteaTokenLong = "Creates an artifact registry token in Gitea using the Gitea API. " + "This is called internally by the supported Gitea package component." - CmdInternalArtifactRegistryGiteaTokenErr = "Unable to create an artifact registry token for the Gitea service." CmdInternalUpdateGiteaPVCShort = "Updates an existing Gitea persistent volume claim" CmdInternalUpdateGiteaPVCLong = "Updates an existing Gitea persistent volume claim by assessing if claim is a custom user provided claim or default." + @@ -489,8 +486,6 @@ zarf tools yq e '.a.b = "cool"' -i file.yaml CmdToolsClearCacheSuccess = "Successfully cleared the cache from %s" CmdToolsClearCacheFlagCachePath = "Specify the location of the Zarf artifact cache (images and git repositories)" - CmdToolsCraneConnectedButBadStateErr = "Detected a K8s cluster but was unable to get Zarf state - continuing without state information: %s" - CmdToolsDownloadInitShort = "Downloads the init package for the current Zarf version into the specified directory" CmdToolsDownloadInitFlagOutputDirectory = "Specify a directory to place the init package in." @@ -608,10 +603,8 @@ const ( AgentErrBadRequest = "could not read request body: %s" AgentErrBindHandler = "Unable to bind the webhook handler" AgentErrCouldNotDeserializeReq = "could not deserialize request: %s" - AgentErrGetState = "failed to load zarf state: %w" AgentErrParsePod = "failed to parse pod: %w" AgentErrHostnameMatch = "failed to complete hostname matching: %w" - AgentErrImageSwap = "Unable to swap the host for (%s)" AgentErrInvalidMethod = "invalid method only POST requests are allowed" AgentErrInvalidOp = "invalid operation: %s" AgentErrInvalidType = "only content type 'application/json' is supported" @@ -630,19 +623,15 @@ const ( // Package validate const ( PkgValidateTemplateDeprecation = "Package template %q is using the deprecated syntax ###ZARF_PKG_VAR_%s###. This will be removed in Zarf v1.0.0. Please update to ###ZARF_PKG_TMPL_%s###." - PkgValidateMustBeUppercase = "variable name %q must be all uppercase and contain no special characters except _" PkgValidateErrAction = "invalid action: %w" PkgValidateErrActionCmdWait = "action %q cannot be both a command and wait action" PkgValidateErrActionClusterNetwork = "a single wait action must contain only one of cluster or network" PkgValidateErrChart = "invalid chart definition: %w" PkgValidateErrChartName = "chart %q exceed the maximum length of %d characters" - PkgValidateErrChartNameMissing = "chart must include a name" PkgValidateErrChartNameNotUnique = "chart name %q is not unique" PkgValidateErrChartNamespaceMissing = "chart %q must include a namespace" PkgValidateErrChartURLOrPath = "chart %q must have either a url or localPath" PkgValidateErrChartVersion = "chart %q must include a chart version" - PkgValidateErrComponentName = "component name %q must be all lowercase and contain no special characters except '-' and cannot start with a '-'" - PkgValidateErrComponentLocalOS = "component %q contains a localOS value that is not supported: %s (supported: %s)" PkgValidateErrComponentNameNotUnique = "component name %q is not unique" PkgValidateErrComponentReqDefault = "component %q cannot be both required and default" PkgValidateErrComponentReqGrouped = "component %q cannot be both required and grouped" @@ -654,11 +643,8 @@ const ( PkgValidateErrManifest = "invalid manifest definition: %w" PkgValidateErrManifestFileOrKustomize = "manifest %q must have at least one file or kustomization" PkgValidateErrManifestNameLength = "manifest %q exceed the maximum length of %d characters" - PkgValidateErrManifestNameMissing = "manifest must include a name" PkgValidateErrManifestNameNotUnique = "manifest name %q is not unique" - PkgValidateErrPkgConstantName = "constant name %q must be all uppercase and contain no special characters except _" PkgValidateErrPkgConstantPattern = "provided value for constant %q does not match pattern %q" - PkgValidateErrPkgName = "package name %q must be all lowercase and contain no special characters except '-' and cannot start with a '-'" PkgValidateErrVariable = "invalid package variable: %w" PkgValidateErrYOLONoArch = "cluster architecture not allowed in YOLO" PkgValidateErrYOLONoDistro = "cluster distros not allowed in YOLO" diff --git a/src/extensions/bigbang/bigbang.go b/src/extensions/bigbang/bigbang.go index ebe068f003..6b59d2a829 100644 --- a/src/extensions/bigbang/bigbang.go +++ b/src/extensions/bigbang/bigbang.go @@ -17,13 +17,13 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" fluxHelmCtrl "github.com/fluxcd/helm-controller/api/v2beta1" fluxSrcCtrl "github.com/fluxcd/source-controller/api/v1beta2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/variables" - "github.com/zarf-dev/zarf/src/types" - "github.com/zarf-dev/zarf/src/types/extensions" "helm.sh/helm/v3/pkg/chartutil" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -43,19 +43,19 @@ var tenMins = metav1.Duration{ // Run mutates a component that should deploy Big Bang to a set of manifests // that contain the flux deployment of Big Bang -func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c types.ZarfComponent) (types.ZarfComponent, error) { +func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c v1alpha1.ZarfComponent) (v1alpha1.ZarfComponent, error) { cfg := c.Extensions.BigBang - manifests := []types.ZarfManifest{} + manifests := []v1alpha1.ZarfManifest{} validVersionResponse, err := isValidVersion(cfg.Version) if err != nil { - return c, fmt.Errorf("invalid Big Bang version: %s, parsing issue %s", cfg.Version, err) + return c, fmt.Errorf("could not parse the Big Bang version %s: %w", cfg.Version, err) } // Make sure the version is valid. if !validVersionResponse { - return c, fmt.Errorf("invalid Big Bang version: %s, must be at least %s", cfg.Version, bbMinRequiredVersion) + return c, fmt.Errorf("Big Bang version %s must be at least %s", cfg.Version, bbMinRequiredVersion) } // Print the banner for Big Bang. @@ -86,7 +86,7 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type // Configure helm to pull down the Big Bang chart. helmCfg := helm.New( - types.ZarfChart{ + v1alpha1.ZarfChart{ Name: bb, Namespace: bb, URL: bbRepo, @@ -149,15 +149,15 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type // Add wait actions for each of the helm releases in generally the order they should be deployed. for _, hrNamespacedName := range namespacedHelmReleaseNames { hr := hrDependencies[hrNamespacedName] - action := types.ZarfComponentAction{ + action := v1alpha1.ZarfComponentAction{ Description: fmt.Sprintf("Big Bang Helm Release `%s` to be ready", hrNamespacedName), MaxTotalSeconds: &maxTotalSeconds, - Wait: &types.ZarfComponentActionWait{ - Cluster: &types.ZarfComponentActionWaitCluster{ - Kind: "HelmRelease", - Identifier: hr.Metadata.Name, - Namespace: hr.Metadata.Namespace, - Condition: "ready", + Wait: &v1alpha1.ZarfComponentActionWait{ + Cluster: &v1alpha1.ZarfComponentActionWaitCluster{ + Kind: "HelmRelease", + Name: hr.Metadata.Name, + Namespace: hr.Metadata.Namespace, + Condition: "ready", }, }, } @@ -168,10 +168,10 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type // https://repo1.dso.mil/big-bang/bigbang/-/blob/1.54.0/chart/templates/metrics-server/helmrelease.yaml if hr.Metadata.Name == "metrics-server" { action.Description = "K8s metric server to exist or be deployed by Big Bang" - action.Wait.Cluster = &types.ZarfComponentActionWaitCluster{ + action.Wait.Cluster = &v1alpha1.ZarfComponentActionWaitCluster{ Kind: "APIService", // https://github.com/kubernetes-sigs/metrics-server#compatibility-matrix - Identifier: "v1beta1.metrics.k8s.io", + Name: "v1beta1.metrics.k8s.io", } } @@ -195,13 +195,13 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type // Add onFailure actions with additional troubleshooting information. for _, cmd := range failureGeneral { - c.Actions.OnDeploy.OnFailure = append(c.Actions.OnDeploy.OnFailure, types.ZarfComponentAction{ + c.Actions.OnDeploy.OnFailure = append(c.Actions.OnDeploy.OnFailure, v1alpha1.ZarfComponentAction{ Cmd: fmt.Sprintf("./zarf tools kubectl %s", cmd), }) } for _, cmd := range failureDebug { - c.Actions.OnDeploy.OnFailure = append(c.Actions.OnDeploy.OnFailure, types.ZarfComponentAction{ + c.Actions.OnDeploy.OnFailure = append(c.Actions.OnDeploy.OnFailure, v1alpha1.ZarfComponentAction{ Mute: &t, Description: "Storing debug information to the log for troubleshooting.", Cmd: fmt.Sprintf("./zarf tools kubectl %s", cmd), @@ -209,7 +209,7 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type } // Add a pre-remove action to suspend the Big Bang HelmReleases to prevent reconciliation during removal. - c.Actions.OnRemove.Before = append(c.Actions.OnRemove.Before, types.ZarfComponentAction{ + c.Actions.OnRemove.Before = append(c.Actions.OnRemove.Before, v1alpha1.ZarfComponentAction{ Description: "Suspend Big Bang HelmReleases to prevent reconciliation during removal.", Cmd: `./zarf tools kubectl patch helmrelease -n bigbang bigbang --type=merge -p '{"spec":{"suspend":true}}'`, }) @@ -250,7 +250,7 @@ func Run(ctx context.Context, YOLO bool, tmpPaths *layout.ComponentPaths, c type } // Skeletonize mutates a component so that the valuesFiles can be contained inside a skeleton package -func Skeletonize(tmpPaths *layout.ComponentPaths, c types.ZarfComponent) (types.ZarfComponent, error) { +func Skeletonize(tmpPaths *layout.ComponentPaths, c v1alpha1.ZarfComponent) (v1alpha1.ZarfComponent, error) { for valuesIdx, valuesFile := range c.Extensions.BigBang.ValuesFiles { // Get the base file name for this file. baseName := filepath.Base(valuesFile) @@ -297,7 +297,7 @@ func Skeletonize(tmpPaths *layout.ComponentPaths, c types.ZarfComponent) (types. // Compose mutates a component so that its local paths are relative to the provided path // // additionally, it will merge any overrides -func Compose(c *types.ZarfComponent, override types.ZarfComponent, relativeTo string) { +func Compose(c *v1alpha1.ZarfComponent, override v1alpha1.ZarfComponent, relativeTo string) { // perform any overrides if override.Extensions.BigBang != nil { for valuesIdx, valuesFile := range override.Extensions.BigBang.ValuesFiles { @@ -453,9 +453,9 @@ func findBBResources(t string) (gitRepos map[string]string, helmReleaseDeps map[ } // addBigBangManifests creates the manifests component for deploying Big Bang. -func addBigBangManifests(YOLO bool, manifestDir string, cfg *extensions.BigBang) (types.ZarfManifest, error) { +func addBigBangManifests(YOLO bool, manifestDir string, cfg *extensions.BigBang) (v1alpha1.ZarfManifest, error) { // Create a manifest component that we add to the zarf package for bigbang. - manifest := types.ZarfManifest{ + manifest := v1alpha1.ZarfManifest{ Name: bb, Namespace: bb, } @@ -533,7 +533,7 @@ func findImagesforBBChartRepo(ctx context.Context, repo string, values chartutil spinner := message.NewProgressSpinner("Discovering images in %s", repo) defer spinner.Stop() - gitPath, err := helm.DownloadChartFromGitToTemp(ctx, repo, spinner) + gitPath, err := helm.DownloadChartFromGitToTemp(ctx, repo) if err != nil { return images, err } diff --git a/src/extensions/bigbang/flux.go b/src/extensions/bigbang/flux.go index d67097f26c..2acdee4f99 100644 --- a/src/extensions/bigbang/flux.go +++ b/src/extensions/bigbang/flux.go @@ -12,10 +12,10 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" fluxHelmCtrl "github.com/fluxcd/helm-controller/api/v2beta1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" "github.com/zarf-dev/zarf/src/internal/packager/kustomize" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" - "github.com/zarf-dev/zarf/src/types/extensions" "helm.sh/helm/v3/pkg/chartutil" v1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -43,7 +43,7 @@ func (h HelmReleaseDependency) Dependencies() []string { } // getFlux Creates a component to deploy Flux. -func getFlux(baseDir string, cfg *extensions.BigBang) (manifest types.ZarfManifest, images []string, err error) { +func getFlux(baseDir string, cfg *extensions.BigBang) (manifest v1alpha1.ZarfManifest, images []string, err error) { localPath := path.Join(baseDir, "bb-ext-flux.yaml") kustomizePath := path.Join(baseDir, "kustomization.yaml") @@ -72,7 +72,7 @@ func getFlux(baseDir string, cfg *extensions.BigBang) (manifest types.ZarfManife } // Add the flux.yaml file to the component manifests. - manifest = types.ZarfManifest{ + manifest = v1alpha1.ZarfManifest{ Name: "flux-system", Namespace: "flux-system", Files: []string{localPath}, @@ -120,7 +120,6 @@ func readFluxImages(localPath string) (images []string, err error) { for _, container := range pod.Containers { images = append(images, container.Image) } - } } diff --git a/src/extensions/bigbang/manifests.go b/src/extensions/bigbang/manifests.go index 3eb88bee6c..c10d81390a 100644 --- a/src/extensions/bigbang/manifests.go +++ b/src/extensions/bigbang/manifests.go @@ -13,7 +13,7 @@ import ( "github.com/Masterminds/semver/v3" fluxHelmCtrl "github.com/fluxcd/helm-controller/api/v2beta1" fluxSrcCtrl "github.com/fluxcd/source-controller/api/v1" - "github.com/zarf-dev/zarf/src/types/extensions" + "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -166,7 +166,7 @@ func manifestHelmRelease(values []fluxHelmCtrl.ValuesReference) fluxHelmCtrl.Hel }, Spec: fluxHelmCtrl.HelmReleaseSpec{ Timeout: &tenMins, - Chart: fluxHelmCtrl.HelmChartTemplate{ + Chart: &fluxHelmCtrl.HelmChartTemplate{ Spec: fluxHelmCtrl.HelmChartTemplateSpec{ Chart: "./chart", SourceRef: fluxHelmCtrl.CrossNamespaceObjectReference{ diff --git a/src/extensions/bigbang/test/bigbang_test.go b/src/extensions/bigbang/test/bigbang_test.go index 641ba566d1..f8bf1cd448 100644 --- a/src/extensions/bigbang/test/bigbang_test.go +++ b/src/extensions/bigbang/test/bigbang_test.go @@ -186,7 +186,10 @@ func getReleases() (latest, previous string, err error) { // Iterate over the tags returned by the API, and filter out tags that don't match the regular expression for _, tag := range data { - name := tag["name"].(string) + name, ok := tag["name"].(string) + if !ok { + return "", "", fmt.Errorf("name key is not of type string") + } if re.MatchString(name) { releases = append(releases, name) } diff --git a/src/internal/agent/hooks/argocd-application.go b/src/internal/agent/hooks/argocd-application.go index 8886ba2ff9..b234f29e84 100644 --- a/src/internal/agent/hooks/argocd-application.go +++ b/src/internal/agent/hooks/argocd-application.go @@ -62,7 +62,7 @@ func NewApplicationMutationHook(ctx context.Context, cluster *cluster.Cluster) o func mutateApplication(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (result *operations.Result, err error) { state, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } message.Debugf("Using the url of (%s) to mutate the ArgoCD Application", state.GitServer.Address) @@ -72,8 +72,6 @@ func mutateApplication(ctx context.Context, r *v1.AdmissionRequest, cluster *clu return nil, fmt.Errorf(lang.ErrUnmarshal, err) } - message.Debugf("Data %v", string(r.Object.Raw)) - patches := []operations.PatchOperation{} if app.Spec.Source != nil { diff --git a/src/internal/agent/hooks/argocd-repository.go b/src/internal/agent/hooks/argocd-repository.go index 2311b50511..1875772d05 100644 --- a/src/internal/agent/hooks/argocd-repository.go +++ b/src/internal/agent/hooks/argocd-repository.go @@ -54,7 +54,7 @@ func mutateRepositorySecret(ctx context.Context, r *v1.AdmissionRequest, cluster state, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } message.Infof("Using the url of (%s) to mutate the ArgoCD Repository Secret", state.GitServer.Address) diff --git a/src/internal/agent/hooks/flux-gitrepo.go b/src/internal/agent/hooks/flux-gitrepo.go index 079ee6a8e0..2fda2969bb 100644 --- a/src/internal/agent/hooks/flux-gitrepo.go +++ b/src/internal/agent/hooks/flux-gitrepo.go @@ -38,7 +38,6 @@ func NewGitRepositoryMutationHook(ctx context.Context, cluster *cluster.Cluster) // mutateGitRepoCreate mutates the git repository url to point to the repository URL defined in the ZarfState. func mutateGitRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (result *operations.Result, err error) { - var ( patches []operations.PatchOperation isPatched bool @@ -49,7 +48,7 @@ func mutateGitRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster state, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } message.Debugf("Using the url of (%s) to mutate the flux repository", state.GitServer.Address) diff --git a/src/internal/agent/hooks/flux-helmrepo.go b/src/internal/agent/hooks/flux-helmrepo.go index 90aab22f7a..a2fca0b9a4 100644 --- a/src/internal/agent/hooks/flux-helmrepo.go +++ b/src/internal/agent/hooks/flux-helmrepo.go @@ -36,7 +36,6 @@ func NewHelmRepositoryMutationHook(ctx context.Context, cluster *cluster.Cluster // mutateHelmRepo mutates the repository url to point to the repository URL defined in the ZarfState. func mutateHelmRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (*operations.Result, error) { - src := &flux.HelmRepository{} if err := json.Unmarshal(r.Object.Raw, &src); err != nil { return nil, fmt.Errorf(lang.ErrUnmarshal, err) @@ -57,7 +56,7 @@ func mutateHelmRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluste zarfState, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } // Get the registry service info if this is a NodePort service to use the internal kube-dns @@ -81,7 +80,7 @@ func mutateHelmRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluste message.Debugf("original HelmRepo URL of (%s) got mutated to (%s)", src.Spec.URL, patchedURL) - patches := populateHelmRepoPatchOperations(patchedURL, zarfState.RegistryInfo.InternalRegistry) + patches := populateHelmRepoPatchOperations(patchedURL, zarfState.RegistryInfo.IsInternal()) patches = append(patches, getLabelPatch(src.Labels)) diff --git a/src/internal/agent/hooks/flux-ocirepo.go b/src/internal/agent/hooks/flux-ocirepo.go index 045b315e3a..e8c3d21a0f 100644 --- a/src/internal/agent/hooks/flux-ocirepo.go +++ b/src/internal/agent/hooks/flux-ocirepo.go @@ -35,7 +35,6 @@ func NewOCIRepositoryMutationHook(ctx context.Context, cluster *cluster.Cluster) // mutateOCIRepo mutates the oci repository url to point to the repository URL defined in the ZarfState. func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (*operations.Result, error) { - src := &flux.OCIRepository{} if err := json.Unmarshal(r.Object.Raw, &src); err != nil { return nil, fmt.Errorf(lang.ErrUnmarshal, err) @@ -60,7 +59,7 @@ func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster zarfState, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } // Get the registry service info if this is a NodePort service to use the internal kube-dns @@ -100,7 +99,7 @@ func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster message.Debugf("original OCIRepo URL of (%s) got mutated to (%s)", src.Spec.URL, patchedURL) - patches := populateOCIRepoPatchOperations(patchedURL, zarfState.RegistryInfo.InternalRegistry, patchedRef) + patches := populateOCIRepoPatchOperations(patchedURL, zarfState.RegistryInfo.IsInternal(), patchedRef) patches = append(patches, getLabelPatch(src.Labels)) return &operations.Result{ diff --git a/src/internal/agent/hooks/pods.go b/src/internal/agent/hooks/pods.go index 60362785a5..86fae81e0f 100644 --- a/src/internal/agent/hooks/pods.go +++ b/src/internal/agent/hooks/pods.go @@ -13,7 +13,6 @@ import ( "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/internal/agent/operations" "github.com/zarf-dev/zarf/src/pkg/cluster" - "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/transform" v1 "k8s.io/api/admission/v1" @@ -62,7 +61,7 @@ func mutatePod(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Clu state, err := cluster.LoadZarfState(ctx) if err != nil { - return nil, fmt.Errorf(lang.AgentErrGetState, err) + return nil, err } registryURL := state.RegistryInfo.Address @@ -82,8 +81,7 @@ func mutatePod(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Clu path := fmt.Sprintf("/spec/initContainers/%d/image", idx) replacement, err := transform.ImageTransformHost(registryURL, container.Image) if err != nil { - message.Warnf(lang.AgentErrImageSwap, container.Image) - continue // Continue, because we might as well attempt to mutate the other containers for this pod + return nil, err } updatedAnnotations[getImageAnnotationKey(container.Name)] = container.Image patches = append(patches, operations.ReplacePatchOperation(path, replacement)) @@ -94,8 +92,7 @@ func mutatePod(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Clu path := fmt.Sprintf("/spec/ephemeralContainers/%d/image", idx) replacement, err := transform.ImageTransformHost(registryURL, container.Image) if err != nil { - message.Warnf(lang.AgentErrImageSwap, container.Image) - continue // Continue, because we might as well attempt to mutate the other containers for this pod + return nil, err } updatedAnnotations[getImageAnnotationKey(container.Name)] = container.Image patches = append(patches, operations.ReplacePatchOperation(path, replacement)) @@ -106,8 +103,7 @@ func mutatePod(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Clu path := fmt.Sprintf("/spec/containers/%d/image", idx) replacement, err := transform.ImageTransformHost(registryURL, container.Image) if err != nil { - message.Warnf(lang.AgentErrImageSwap, container.Image) - continue // Continue, because we might as well attempt to mutate the other containers for this pod + return nil, err } updatedAnnotations[getImageAnnotationKey(container.Name)] = container.Image patches = append(patches, operations.ReplacePatchOperation(path, replacement)) diff --git a/src/internal/agent/http/admission/handler.go b/src/internal/agent/http/admission/handler.go index 56589a7c73..4b4d69323b 100644 --- a/src/internal/agent/http/admission/handler.go +++ b/src/internal/agent/http/admission/handler.go @@ -117,9 +117,6 @@ func (h *Handler) Serve(hook operations.Hook) http.HandlerFunc { return } - message.Debug("PATCH: ", string(admissionResponse.Response.Patch)) - message.Debug("RESPONSE: ", string(jsonResponse)) - message.Infof(lang.AgentInfoWebhookAllowed, r.URL.Path, review.Request.Operation, result.Allowed) w.WriteHeader(http.StatusOK) //nolint: errcheck // ignore diff --git a/src/internal/agent/http/proxy.go b/src/internal/agent/http/proxy.go index 719ef17281..33709dfff7 100644 --- a/src/internal/agent/http/proxy.go +++ b/src/internal/agent/http/proxy.go @@ -146,22 +146,15 @@ func replaceBodyLinks(resp *http.Response) error { forwardedPrefix := fmt.Sprintf("%s%s%s", getTLSScheme(resp.Request.TLS), resp.Request.Header.Get("X-Forwarded-Host"), transform.NoTransform) targetPrefix := fmt.Sprintf("%s%s", getTLSScheme(resp.TLS), resp.Request.Host) - body, err := io.ReadAll(resp.Body) + b, err := io.ReadAll(resp.Body) if err != nil { return err } - err = resp.Body.Close() if err != nil { return err } - - bodyString := string(body) - message.Warnf("%s", bodyString) - - bodyString = strings.ReplaceAll(bodyString, targetPrefix, forwardedPrefix) - - message.Warnf("%s", bodyString) + bodyString := strings.ReplaceAll(string(b), targetPrefix, forwardedPrefix) // Setup the new reader, and correct the content length resp.Body = io.NopCloser(strings.NewReader(bodyString)) diff --git a/src/internal/agent/http/server.go b/src/internal/agent/http/server.go index b5953ee0e2..6a79aaa449 100644 --- a/src/internal/agent/http/server.go +++ b/src/internal/agent/http/server.go @@ -14,13 +14,10 @@ import ( "github.com/zarf-dev/zarf/src/internal/agent/hooks" "github.com/zarf-dev/zarf/src/internal/agent/http/admission" "github.com/zarf-dev/zarf/src/pkg/cluster" - "github.com/zarf-dev/zarf/src/pkg/message" ) // NewAdmissionServer creates a http.Server for the mutating webhook admission handler. func NewAdmissionServer(ctx context.Context, port string) (*http.Server, error) { - message.Debugf("http.NewAdmissionServer(%s)", port) - c, err := cluster.NewCluster() if err != nil { return nil, err @@ -56,8 +53,6 @@ func NewAdmissionServer(ctx context.Context, port string) (*http.Server, error) // NewProxyServer creates and returns an http proxy server. func NewProxyServer(port string) *http.Server { - message.Debugf("http.NewHTTPProxy(%s)", port) - mux := http.NewServeMux() mux.Handle("/healthz", healthz()) mux.Handle("/", ProxyHandler()) diff --git a/src/internal/agent/operations/hook.go b/src/internal/agent/operations/hook.go index 627ce58094..8c411adee7 100644 --- a/src/internal/agent/operations/hook.go +++ b/src/internal/agent/operations/hook.go @@ -8,7 +8,6 @@ import ( "fmt" "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/pkg/message" admission "k8s.io/api/admission/v1" ) @@ -32,8 +31,6 @@ type Hook struct { // Execute evaluates the request and try to execute the function for operation specified in the request. func (h *Hook) Execute(r *admission.AdmissionRequest) (*Result, error) { - message.Debugf("operations.Execute(*admission.AdmissionRequest) - %#v , %s/%s: %#v", r.Kind, r.Namespace, r.Name, r.Operation) - switch r.Operation { case admission.Create: return wrapperExecution(h.Create, r) diff --git a/src/internal/git/fallback.go b/src/internal/git/fallback.go new file mode 100644 index 0000000000..960747413a --- /dev/null +++ b/src/internal/git/fallback.go @@ -0,0 +1,58 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package git contains functions for interacting with git repositories. +package git + +import ( + "context" + "io" + + "github.com/go-git/go-git/v5/plumbing" + + "github.com/zarf-dev/zarf/src/pkg/utils/exec" +) + +// gitCloneFallback is a fallback if go-git fails to clone a repo. +func (r *Repository) gitCloneFallback(ctx context.Context, gitURL string, ref plumbing.ReferenceName, shallow bool) error { + // If we can't clone with go-git, fallback to the host clone + // Only support "all tags" due to the azure clone url format including a username + cloneArgs := []string{"clone", "--origin", onlineRemoteName, gitURL, r.path} + + // Don't clone all tags / refs if we're cloning a specific tag or branch. + if ref.IsTag() || ref.IsBranch() { + cloneArgs = append(cloneArgs, "--no-tags") + cloneArgs = append(cloneArgs, "-b", ref.Short()) + cloneArgs = append(cloneArgs, "--single-branch") + } + + // If this is a shallow clone set the depth to 1 + if shallow { + cloneArgs = append(cloneArgs, "--depth", "1") + } + + cloneExecConfig := exec.Config{ + Stdout: io.Discard, + Stderr: io.Discard, + } + _, _, err := exec.CmdWithContext(ctx, cloneExecConfig, "git", cloneArgs...) + if err != nil { + return err + } + + // If we're cloning the whole repo, we need to also fetch the other branches besides the default. + if ref == emptyRef { + fetchArgs := []string{"fetch", "--tags", "--update-head-ok", onlineRemoteName, "refs/*:refs/*"} + fetchExecConfig := exec.Config{ + Stdout: io.Discard, + Stderr: io.Discard, + Dir: r.path, + } + _, _, err := exec.CmdWithContext(ctx, fetchExecConfig, "git", fetchArgs...) + if err != nil { + return err + } + } + + return nil +} diff --git a/src/internal/git/git.go b/src/internal/git/git.go new file mode 100644 index 0000000000..506f2bea24 --- /dev/null +++ b/src/internal/git/git.go @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package git contains functions for interacting with git repositories. +package git + +import ( + "fmt" + "strings" + + "github.com/go-git/go-git/v5/plumbing" +) + +const onlineRemoteName = "online-upstream" +const offlineRemoteName = "offline-downstream" +const emptyRef = "" + +// ParseRef parses the provided ref into a ReferenceName if it's not a hash. +func ParseRef(r string) plumbing.ReferenceName { + // If not a full ref, assume it's a tag at this point. + if !plumbing.IsHash(r) && !strings.HasPrefix(r, "refs/") { + r = fmt.Sprintf("refs/tags/%s", r) + } + // Set the reference name to the provided ref. + return plumbing.ReferenceName(r) +} diff --git a/src/internal/git/git_test.go b/src/internal/git/git_test.go new file mode 100644 index 0000000000..640d8a8b43 --- /dev/null +++ b/src/internal/git/git_test.go @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package git + +import ( + "testing" + + "github.com/go-git/go-git/v5/plumbing" + "github.com/stretchr/testify/require" +) + +func TestParseRef(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + refPlain string + expectedRef plumbing.ReferenceName + }{ + { + name: "basic", + refPlain: "v1.0.0", + expectedRef: plumbing.ReferenceName("refs/tags/v1.0.0"), + }, + { + name: "basic", + refPlain: "refs/heads/branchname", + expectedRef: plumbing.ReferenceName("refs/heads/branchname"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + ref := ParseRef(tt.refPlain) + require.Equal(t, tt.expectedRef, ref) + }) + } +} diff --git a/src/internal/git/repository.go b/src/internal/git/repository.go new file mode 100644 index 0000000000..9d2b2d4918 --- /dev/null +++ b/src/internal/git/repository.go @@ -0,0 +1,271 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package git + +import ( + "context" + "errors" + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/go-git/go-git/v5/plumbing/transport/http" + + "github.com/zarf-dev/zarf/src/pkg/message" + "github.com/zarf-dev/zarf/src/pkg/transform" + "github.com/zarf-dev/zarf/src/pkg/utils" +) + +// Open opens an existing local repository at the given path. +func Open(rootPath, address string) (*Repository, error) { + repoFolder, err := transform.GitURLtoFolderName(address) + if err != nil { + return nil, fmt.Errorf("unable to parse git url %s: %w", address, err) + } + repoPath := filepath.Join(rootPath, repoFolder) + + // Check that this package is using the new repo format (if not fallback to the format from <= 0.24.x) + _, err = os.Stat(repoPath) + if err != nil && !os.IsNotExist(err) { + return nil, err + } + if os.IsNotExist(err) { + repoFolder, err = transform.GitURLtoRepoName(address) + if err != nil { + return nil, fmt.Errorf("unable to parse git url %s: %w", address, err) + } + repoPath = filepath.Join(rootPath, repoFolder) + } + + return &Repository{ + path: repoPath, + }, nil +} + +// Clone clones a git repository to the given local path. +func Clone(ctx context.Context, rootPath, address string, shallow bool) (*Repository, error) { + // Split the remote url and the zarf reference + gitURLNoRef, refPlain, err := transform.GitURLSplitRef(address) + if err != nil { + return nil, err + } + + // Parse the ref from the git URL. + var ref plumbing.ReferenceName + if refPlain != emptyRef { + ref = ParseRef(refPlain) + } + + // Construct a path unique to this git repo + repoFolder, err := transform.GitURLtoFolderName(address) + if err != nil { + return nil, err + } + + r := &Repository{ + path: filepath.Join(rootPath, repoFolder), + } + + // Clone the repository + cloneOpts := &git.CloneOptions{ + URL: gitURLNoRef, + RemoteName: onlineRemoteName, + } + if ref.IsTag() || ref.IsBranch() { + cloneOpts.Tags = git.NoTags + cloneOpts.ReferenceName = ref + cloneOpts.SingleBranch = true + } + if shallow { + cloneOpts.Depth = 1 + } + gitCred, err := utils.FindAuthForHost(gitURLNoRef) + if err != nil { + return nil, err + } + if gitCred != nil { + cloneOpts.Auth = &gitCred.Auth + } + repo, err := git.PlainCloneContext(ctx, r.path, false, cloneOpts) + if err != nil { + message.Notef("Falling back to host 'git', failed to clone the repo %q with Zarf: %s", gitURLNoRef, err.Error()) + err := r.gitCloneFallback(ctx, gitURLNoRef, ref, shallow) + if err != nil { + return nil, err + } + } + + // If we're cloning the whole repo, we need to also fetch the other branches besides the default. + if ref == emptyRef { + fetchOpts := &git.FetchOptions{ + RemoteName: onlineRemoteName, + RefSpecs: []config.RefSpec{"refs/*:refs/*"}, + Tags: git.AllTags, + } + if gitCred != nil { + fetchOpts.Auth = &gitCred.Auth + } + if err := repo.FetchContext(ctx, fetchOpts); err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) { + return nil, err + } + } + + // Optionally checkout ref + if ref != emptyRef && !ref.IsBranch() { + // Remove the "refs/tags/" prefix from the ref. + stripped := strings.TrimPrefix(refPlain, "refs/tags/") + // Use the plain ref as part of the branch name so it is unique and doesn't conflict with other refs. + alias := fmt.Sprintf("zarf-ref-%s", stripped) + trunkBranchName := plumbing.NewBranchReferenceName(alias) + // Checkout the ref as a branch. + err := r.checkoutRefAsBranch(stripped, trunkBranchName) + if err != nil { + return nil, err + } + } + + return r, nil +} + +// Repository manages a local git repository. +type Repository struct { + path string +} + +// Path returns the local path the repository is stored at. +func (r *Repository) Path() string { + return r.path +} + +// Push pushes the repository to the remote git server. +func (r *Repository) Push(ctx context.Context, address, username, password string) error { + repo, err := git.PlainOpen(r.path) + if err != nil { + return fmt.Errorf("not a valid git repo or unable to open: %w", err) + } + + // Configure new remote + remote, err := repo.Remote(onlineRemoteName) + if err != nil { + return fmt.Errorf("unable to find the git remote: %w", err) + } + if len(remote.Config().URLs) == 0 { + return fmt.Errorf("repository has zero remotes configured") + } + targetURL, err := transform.GitURL(address, remote.Config().URLs[0], username) + if err != nil { + return fmt.Errorf("unable to transform the git url: %w", err) + } + // Remove any preexisting offlineRemotes (happens when a retry is triggered) + err = repo.DeleteRemote(offlineRemoteName) + if err != nil && !errors.Is(err, git.ErrRemoteNotFound) { + return err + } + _, err = repo.CreateRemote(&config.RemoteConfig{ + Name: offlineRemoteName, + URLs: []string{targetURL.String()}, + }) + if err != nil { + return fmt.Errorf("failed to create offline remote: %w", err) + } + + // Push to new remote + gitCred := http.BasicAuth{ + Username: username, + Password: password, + } + + // Fetch remote offline refs in case of old update or if multiple refs are specified in one package + // Attempt the fetch, if it fails, log a warning and continue trying to push (might as well try..) + fetchOptions := &git.FetchOptions{ + RemoteName: offlineRemoteName, + Auth: &gitCred, + RefSpecs: []config.RefSpec{ + "refs/heads/*:refs/heads/*", + "refs/tags/*:refs/tags/*", + }, + } + err = repo.FetchContext(ctx, fetchOptions) + if errors.Is(err, transport.ErrRepositoryNotFound) { + message.Debugf("Repo not yet available offline, skipping fetch...") + } else if errors.Is(err, git.ErrForceNeeded) { + message.Debugf("Repo fetch requires force, skipping fetch...") + } else if errors.Is(err, git.NoErrAlreadyUpToDate) { + message.Debugf("Repo already up-to-date, skipping fetch...") + } else if err != nil { + return fmt.Errorf("unable to fetch the git repo prior to push: %w", err) + } + + // Push all heads and tags to the offline remote + err = repo.PushContext(ctx, &git.PushOptions{ + RemoteName: offlineRemoteName, + Auth: &gitCred, + // TODO: (@JEFFMCCOY) add the parsing for the `+` force prefix (see https://github.com/zarf-dev/zarf/issues/1410) + //Force: isForce, + // If a provided refspec doesn't push anything, it is just ignored + RefSpecs: []config.RefSpec{ + "refs/heads/*:refs/heads/*", + "refs/tags/*:refs/tags/*", + }, + }) + if errors.Is(err, git.NoErrAlreadyUpToDate) { + message.Debug("Repo already up-to-date") + } else if errors.Is(err, plumbing.ErrObjectNotFound) { + return fmt.Errorf("unable to push repo due to likely shallow clone: %s", err.Error()) + } else if err != nil { + return fmt.Errorf("unable to push repo to the gitops service: %s", err.Error()) + } + + return nil +} +func (r *Repository) checkoutRefAsBranch(ref string, branch plumbing.ReferenceName) error { + repo, err := git.PlainOpen(r.path) + if err != nil { + return fmt.Errorf("not a valid git repo or unable to open: %w", err) + } + + var hash plumbing.Hash + if plumbing.IsHash(ref) { + hash = plumbing.NewHash(ref) + } else { + tagRef, err := repo.Tag(ref) + if err != nil { + return fmt.Errorf("failed to locate tag %s in repository: %w", ref, err) + } + hash = tagRef.Hash() + } + + objRef, err := repo.Object(plumbing.AnyObject, hash) + if err != nil { + return fmt.Errorf("an error occurred when getting the repo's object reference: %w", err) + } + + var commitHash plumbing.Hash + switch objRef := objRef.(type) { + case *object.Tag: + commitHash = objRef.Target + case *object.Commit: + commitHash = objRef.Hash + default: + return fmt.Errorf("hash type %s not supported", objRef.Type().String()) + } + + checkoutOpts := &git.CheckoutOptions{ + Hash: commitHash, + Branch: branch, + Create: true, + Force: true, + } + tree, err := repo.Worktree() + if err != nil { + return fmt.Errorf("unable to load the git repo: %w", err) + } + return tree.Checkout(checkoutOpts) +} diff --git a/src/internal/git/repository_test.go b/src/internal/git/repository_test.go new file mode 100644 index 0000000000..7e75319eee --- /dev/null +++ b/src/internal/git/repository_test.go @@ -0,0 +1,85 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package git + +import ( + "fmt" + "net/http" + "net/http/httptest" + "path/filepath" + "testing" + + "github.com/fluxcd/gitkit" + "github.com/go-git/go-billy/v5/memfs" + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/storage/memory" + "github.com/stretchr/testify/require" + + "github.com/defenseunicorns/pkg/helpers/v2" + + "github.com/zarf-dev/zarf/src/test/testutil" +) + +func TestRepository(t *testing.T) { + t.Parallel() + ctx := testutil.TestContext(t) + + cfg := gitkit.Config{ + Dir: t.TempDir(), + AutoCreate: true, + } + gitSrv := gitkit.New(cfg) + err := gitSrv.Setup() + require.NoError(t, err) + srv := httptest.NewServer(http.HandlerFunc(gitSrv.ServeHTTP)) + t.Cleanup(func() { + srv.Close() + }) + + rootPath := t.TempDir() + repoName := "test" + repoAddress := fmt.Sprintf("%s/%s.git", srv.URL, repoName) + checksum := helpers.GetCRCHash(repoAddress) + expectedPath := fmt.Sprintf("%s-%d", repoName, checksum) + + storer := memory.NewStorage() + fs := memfs.New() + initRepo, err := git.Init(storer, fs) + require.NoError(t, err) + w, err := initRepo.Worktree() + require.NoError(t, err) + filePath := "test.txt" + newFile, err := fs.Create(filePath) + require.NoError(t, err) + _, err = newFile.Write([]byte("Hello World")) + require.NoError(t, err) + newFile.Close() + _, err = w.Add(filePath) + require.NoError(t, err) + _, err = w.Commit("Initial commit", &git.CommitOptions{ + Author: &object.Signature{ + Email: "example@example.com", + }, + }) + require.NoError(t, err) + _, err = initRepo.CreateRemote(&config.RemoteConfig{ + Name: "origin", + URLs: []string{repoAddress}, + }) + require.NoError(t, err) + err = initRepo.Push(&git.PushOptions{ + RemoteName: "origin", + }) + require.NoError(t, err) + + repo, err := Clone(ctx, rootPath, repoAddress, false) + require.NoError(t, err) + require.Equal(t, filepath.Join(rootPath, expectedPath), repo.Path()) + + repo, err = Open(rootPath, repoAddress) + require.NoError(t, err) + require.Equal(t, filepath.Join(rootPath, expectedPath), repo.Path()) +} diff --git a/src/internal/gitea/gitea.go b/src/internal/gitea/gitea.go new file mode 100644 index 0000000000..94244d03f1 --- /dev/null +++ b/src/internal/gitea/gitea.go @@ -0,0 +1,195 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package gitea contains Gitea client specific functionality. +package gitea + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "time" +) + +const artifactTokenName = "zarf-artifact-registry-token" + +// Client is a client that communicates with the Gitea API. +type Client struct { + httpClient *http.Client + endpoint *url.URL + username string + password string +} + +// NewClient creates and returns a new Gitea client. +func NewClient(endpoint, username, password string) (*Client, error) { + u, err := url.Parse(endpoint) + if err != nil { + return nil, err + } + transport := http.DefaultTransport.(*http.Transport).Clone() + transport.MaxIdleConnsPerHost = transport.MaxIdleConns + httpClient := &http.Client{ + Timeout: 10 * time.Second, + Transport: transport, + } + client := &Client{ + httpClient: httpClient, + endpoint: u, + username: username, + password: password, + } + return client, nil +} + +// DoRequest performs a request to the Gitea API at the given path. +func (g *Client) DoRequest(ctx context.Context, method string, path string, body []byte) ([]byte, int, error) { + u, err := g.endpoint.Parse(path) + if err != nil { + return nil, 0, err + } + req, err := http.NewRequestWithContext(ctx, method, u.String(), bytes.NewBuffer(body)) + if err != nil { + return nil, 0, err + } + req.SetBasicAuth(g.username, g.password) + req.Header.Add("accept", "application/json") + req.Header.Add("content-type", "application/json") + resp, err := g.httpClient.Do(req) + if err != nil { + return nil, 0, err + } + defer resp.Body.Close() + b, err := io.ReadAll(resp.Body) + if err != nil { + return nil, 0, err + } + return b, resp.StatusCode, nil +} + +// CreateReadOnlyUser creates a non-admin Zarf user. +func (g *Client) CreateReadOnlyUser(ctx context.Context, username, password string) error { + // Create the read only user + createUserData := map[string]interface{}{ + "username": username, + "password": password, + "email": "zarf-reader@localhost.local", + "must_change_password": false, + } + body, err := json.Marshal(createUserData) + if err != nil { + return err + } + _, statusCode, err := g.DoRequest(ctx, http.MethodPost, "/api/v1/admin/users", body) + if statusCode == 422 { + return nil + } + if err != nil { + return err + } + + // Make sure the user can't create their own repos or orgs + updateUserData := map[string]interface{}{ + "login_name": username, + "max_repo_creation": 0, + "allow_create_organization": false, + } + body, err = json.Marshal(updateUserData) + if err != nil { + return err + } + _, _, err = g.DoRequest(ctx, http.MethodPatch, fmt.Sprintf("/api/v1/admin/users/%s", username), body) + if err != nil { + return err + } + return nil +} + +// UpdateGitUser updates Zarf git server users. +func (g *Client) UpdateGitUser(ctx context.Context, username string, password string) error { + updateUserData := map[string]interface{}{ + "login_name": username, + "password": password, + } + body, err := json.Marshal(updateUserData) + if err != nil { + return err + } + _, _, err = g.DoRequest(ctx, http.MethodPatch, fmt.Sprintf("/api/v1/admin/users/%s", username), body) + if err != nil { + return err + } + return nil +} + +// CreatePackageRegistryToken creates or replaces an existing package registry token. +func (g *Client) CreatePackageRegistryToken(ctx context.Context) (string, error) { + // Determine if the package token already exists. + b, _, err := g.DoRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/users/%s/tokens", g.username), nil) + if err != nil { + return "", err + } + var tokens []map[string]interface{} + err = json.Unmarshal(b, &tokens) + if err != nil { + return "", err + } + hasPackageToken := false + for _, token := range tokens { + if token["name"] != artifactTokenName { + continue + } + hasPackageToken = true + break + } + + // Delete the token if it already exists. + if hasPackageToken { + _, _, err := g.DoRequest(ctx, http.MethodDelete, fmt.Sprintf("/api/v1/users/%s/tokens/%s", g.username, artifactTokenName), nil) + if err != nil { + return "", err + } + } + + // Create the new token. + createTokensData := map[string]interface{}{ + "name": artifactTokenName, + "scopes": []string{"read:user", "read:package", "write:package"}, + } + body, err := json.Marshal(createTokensData) + if err != nil { + return "", err + } + b, _, err = g.DoRequest(ctx, http.MethodPost, fmt.Sprintf("/api/v1/users/%s/tokens", g.username), body) + if err != nil { + return "", err + } + createTokenResponse := struct { + Sha1 string `json:"sha1"` + }{} + err = json.Unmarshal(b, &createTokenResponse) + if err != nil { + return "", err + } + return createTokenResponse.Sha1, nil +} + +// AddReadOnlyUserToRepository adds a read only user to a repository. +func (g *Client) AddReadOnlyUserToRepository(ctx context.Context, repo, username string) error { + addCollabData := map[string]string{ + "permission": "read", + } + body, err := json.Marshal(addCollabData) + if err != nil { + return err + } + _, _, err = g.DoRequest(ctx, http.MethodPut, fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s", g.username, repo, username), body) + if err != nil { + return err + } + return nil +} diff --git a/src/internal/gitea/gitea_test.go b/src/internal/gitea/gitea_test.go new file mode 100644 index 0000000000..984f6a7fae --- /dev/null +++ b/src/internal/gitea/gitea_test.go @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package gitea + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestNewClient(t *testing.T) { + t.Parallel() + + c, err := NewClient("https://example.com", "foo", "bar") + require.NoError(t, err) + require.Equal(t, "https", c.endpoint.Scheme) + require.Equal(t, "foo", c.username) + require.Equal(t, "bar", c.password) +} diff --git a/src/internal/packager/git/checkout.go b/src/internal/packager/git/checkout.go deleted file mode 100644 index 4441e48873..0000000000 --- a/src/internal/packager/git/checkout.go +++ /dev/null @@ -1,108 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "fmt" - - "github.com/go-git/go-git/v5" - "github.com/go-git/go-git/v5/plumbing" - "github.com/go-git/go-git/v5/plumbing/object" - "github.com/zarf-dev/zarf/src/pkg/message" -) - -// CheckoutTag performs a `git checkout` of the provided tag to a detached HEAD. -func (g *Git) CheckoutTag(tag string) error { - message.Debugf("git checkout tag %s", tag) - - options := &git.CheckoutOptions{ - Branch: ParseRef(tag), - } - return g.checkout(options) -} - -func (g *Git) checkoutRefAsBranch(ref string, branch plumbing.ReferenceName) error { - if plumbing.IsHash(ref) { - return g.checkoutHashAsBranch(plumbing.NewHash(ref), branch) - } - - return g.checkoutTagAsBranch(ref, branch) -} - -// checkoutTagAsBranch performs a `git checkout` of the provided tag but rather -// than checking out to a detached head, checks out to the provided branch ref -// It will delete the branch provided if it exists. -func (g *Git) checkoutTagAsBranch(tag string, branch plumbing.ReferenceName) error { - message.Debugf("git checkout tag %s on %s", tag, branch) - - repo, err := git.PlainOpen(g.GitPath) - if err != nil { - return fmt.Errorf("not a valid git repo or unable to open: %w", err) - } - - tagRef, err := repo.Tag(tag) - if err != nil { - return fmt.Errorf("failed to locate tag (%s) in repository: %w", tag, err) - } - - return g.checkoutHashAsBranch(tagRef.Hash(), branch) -} - -// checkoutHashAsBranch performs a `git checkout` of the commit hash associated -// with the provided hash -// It will delete the branch provided if it exists. -func (g *Git) checkoutHashAsBranch(hash plumbing.Hash, branch plumbing.ReferenceName) error { - message.Debugf("git checkout hash %s on %s", hash, branch) - - repo, err := git.PlainOpen(g.GitPath) - if err != nil { - return fmt.Errorf("not a valid git repo or unable to open: %w", err) - } - - objRef, err := repo.Object(plumbing.AnyObject, hash) - if err != nil { - return fmt.Errorf("an error occurred when getting the repo's object reference: %w", err) - } - - var commitHash plumbing.Hash - switch objRef := objRef.(type) { - case *object.Tag: - commitHash = objRef.Target - case *object.Commit: - commitHash = objRef.Hash - default: - // This shouldn't ever hit, but we should at least log it if someday it - // does get hit - message.Warnf("Checkout failed. Hash type %s not supported.", objRef.Type().String()) - return err - } - - options := &git.CheckoutOptions{ - Hash: commitHash, - Branch: branch, - Create: true, - Force: true, - } - return g.checkout(options) -} - -// checkout performs a `git checkout` on the path provided using the options provided -// It assumes the caller knows what to do and does not perform any safety checks. -func (g *Git) checkout(checkoutOptions *git.CheckoutOptions) error { - // Open the given repo - repo, err := git.PlainOpen(g.GitPath) - if err != nil { - return fmt.Errorf("not a valid git repo or unable to open: %w", err) - } - - // Get the working tree so we can change refs - tree, err := repo.Worktree() - if err != nil { - return fmt.Errorf("unable to load the git repo: %w", err) - } - - // Perform the checkout - return tree.Checkout(checkoutOptions) -} diff --git a/src/internal/packager/git/clone.go b/src/internal/packager/git/clone.go deleted file mode 100644 index 2f607670e7..0000000000 --- a/src/internal/packager/git/clone.go +++ /dev/null @@ -1,126 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "context" - "errors" - "strings" - - "github.com/go-git/go-git/v5" - goConfig "github.com/go-git/go-git/v5/config" - "github.com/go-git/go-git/v5/plumbing" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/pkg/utils/exec" -) - -// clone performs a `git clone` of a given repo. -func (g *Git) clone(ctx context.Context, gitURL string, ref plumbing.ReferenceName, shallow bool) error { - cloneOptions := &git.CloneOptions{ - URL: gitURL, - Progress: g.Spinner, - RemoteName: onlineRemoteName, - } - - // Don't clone all tags / refs if we're cloning a specific tag or branch. - if ref.IsTag() || ref.IsBranch() { - cloneOptions.Tags = git.NoTags - cloneOptions.ReferenceName = ref - cloneOptions.SingleBranch = true - } - - // If this is a shallow clone set the depth to 1 - if shallow { - cloneOptions.Depth = 1 - } - - // Setup git credentials if we have them, ignore if we don't. - gitCred, err := utils.FindAuthForHost(gitURL) - if err != nil { - return err - } - if gitCred != nil { - cloneOptions.Auth = &gitCred.Auth - } - - // Clone the given repo. - repo, err := git.PlainClone(g.GitPath, false, cloneOptions) - if err != nil { - message.Notef("Falling back to host 'git', failed to clone the repo %q with Zarf: %s", gitURL, err.Error()) - return g.gitCloneFallback(ctx, gitURL, ref, shallow) - } - - // If we're cloning the whole repo, we need to also fetch the other branches besides the default. - if ref == emptyRef { - fetchOpts := &git.FetchOptions{ - RemoteName: onlineRemoteName, - Progress: g.Spinner, - RefSpecs: []goConfig.RefSpec{"refs/*:refs/*"}, - Tags: git.AllTags, - } - - if gitCred != nil { - fetchOpts.Auth = &gitCred.Auth - } - - if err := repo.Fetch(fetchOpts); err != nil && !errors.Is(err, git.NoErrAlreadyUpToDate) { - return err - } - } - - return nil -} - -// gitCloneFallback is a fallback if go-git fails to clone a repo. -func (g *Git) gitCloneFallback(ctx context.Context, gitURL string, ref plumbing.ReferenceName, shallow bool) error { - // If we can't clone with go-git, fallback to the host clone - // Only support "all tags" due to the azure clone url format including a username - cloneArgs := []string{"clone", "--origin", onlineRemoteName, gitURL, g.GitPath} - - // Don't clone all tags / refs if we're cloning a specific tag or branch. - if ref.IsTag() || ref.IsBranch() { - cloneArgs = append(cloneArgs, "--no-tags") - cloneArgs = append(cloneArgs, "-b", ref.Short()) - cloneArgs = append(cloneArgs, "--single-branch") - } - - // If this is a shallow clone set the depth to 1 - if shallow { - cloneArgs = append(cloneArgs, "--depth", "1") - } - - cloneExecConfig := exec.Config{ - Stdout: g.Spinner, - Stderr: g.Spinner, - } - - message.Command("git %s", strings.Join(cloneArgs, " ")) - - _, _, err := exec.CmdWithContext(ctx, cloneExecConfig, "git", cloneArgs...) - if err != nil { - return err - } - - // If we're cloning the whole repo, we need to also fetch the other branches besides the default. - if ref == emptyRef { - fetchArgs := []string{"fetch", "--tags", "--update-head-ok", onlineRemoteName, "refs/*:refs/*"} - - fetchExecConfig := exec.Config{ - Stdout: g.Spinner, - Stderr: g.Spinner, - Dir: g.GitPath, - } - - message.Command("git %s", strings.Join(fetchArgs, " ")) - - _, _, err := exec.CmdWithContext(ctx, fetchExecConfig, "git", fetchArgs...) - if err != nil { - return err - } - } - - return nil -} diff --git a/src/internal/packager/git/common.go b/src/internal/packager/git/common.go deleted file mode 100644 index 6864d3dea5..0000000000 --- a/src/internal/packager/git/common.go +++ /dev/null @@ -1,54 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "fmt" - "strings" - - "github.com/go-git/go-git/v5/plumbing" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/types" -) - -// Git is the main struct for managing git repositories. -type Git struct { - // Server is the git server configuration. - Server types.GitServerInfo - // Spinner is an optional spinner to use for long running operations. - Spinner *message.Spinner - // Target working directory for the git repository. - GitPath string -} - -const onlineRemoteName = "online-upstream" -const offlineRemoteName = "offline-downstream" -const emptyRef = "" - -// New creates a new git instance with the provided server config. -func New(server types.GitServerInfo) *Git { - return &Git{ - Server: server, - } -} - -// NewWithSpinner creates a new git instance with the provided server config and spinner. -func NewWithSpinner(server types.GitServerInfo, spinner *message.Spinner) *Git { - return &Git{ - Server: server, - Spinner: spinner, - } -} - -// ParseRef parses the provided ref into a ReferenceName if it's not a hash. -func ParseRef(r string) plumbing.ReferenceName { - // If not a full ref, assume it's a tag at this point. - if !plumbing.IsHash(r) && !strings.HasPrefix(r, "refs/") { - r = fmt.Sprintf("refs/tags/%s", r) - } - - // Set the reference name to the provided ref. - return plumbing.ReferenceName(r) -} diff --git a/src/internal/packager/git/gitea.go b/src/internal/packager/git/gitea.go deleted file mode 100644 index a6c2f4b48a..0000000000 --- a/src/internal/packager/git/gitea.go +++ /dev/null @@ -1,333 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - netHttp "net/http" - "os" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/pkg/cluster" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/types" -) - -// CreateTokenResponse is the response given from creating a token in Gitea -type CreateTokenResponse struct { - ID int64 `json:"id"` - Name string `json:"name"` - Sha1 string `json:"sha1"` - TokenLastEight string `json:"token_last_eight"` -} - -// CreateReadOnlyUser uses the Gitea API to create a non-admin Zarf user. -func (g *Git) CreateReadOnlyUser(ctx context.Context) error { - message.Debugf("git.CreateReadOnlyUser()") - - c, err := cluster.NewCluster() - if err != nil { - return err - } - - // Establish a git tunnel to send the repo - tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) - if err != nil { - return err - } - _, err = tunnel.Connect(ctx) - if err != nil { - return err - } - defer tunnel.Close() - - tunnelURL := tunnel.HTTPEndpoint() - - // Create json representation of the create-user request body - createUserBody := map[string]interface{}{ - "username": g.Server.PullUsername, - "password": g.Server.PullPassword, - "email": "zarf-reader@localhost.local", - "must_change_password": false, - } - createUserData, err := json.Marshal(createUserBody) - if err != nil { - return err - } - - var out []byte - var statusCode int - - // Send API request to create the user - createUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users", tunnelURL) - createUserRequest, _ := netHttp.NewRequest("POST", createUserEndpoint, bytes.NewBuffer(createUserData)) - err = tunnel.Wrap(func() error { - out, statusCode, err = g.DoHTTPThings(createUserRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("POST %s:\n%s", createUserEndpoint, string(out)) - if err != nil { - if statusCode == 422 { - message.Debugf("Read-only git user already exists. Skipping...") - return nil - } - - return err - } - - // Make sure the user can't create their own repos or orgs - updateUserBody := map[string]interface{}{ - "login_name": g.Server.PullUsername, - "max_repo_creation": 0, - "allow_create_organization": false, - } - updateUserData, _ := json.Marshal(updateUserBody) - updateUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users/%s", tunnelURL, g.Server.PullUsername) - updateUserRequest, _ := netHttp.NewRequest("PATCH", updateUserEndpoint, bytes.NewBuffer(updateUserData)) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(updateUserRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("PATCH %s:\n%s", updateUserEndpoint, string(out)) - return err -} - -// UpdateZarfGiteaUsers updates Zarf gitea users -func (g *Git) UpdateZarfGiteaUsers(ctx context.Context, oldState *types.ZarfState) error { - - //Update git read only user password - err := g.UpdateGitUser(ctx, oldState.GitServer.PushPassword, g.Server.PullUsername, g.Server.PullPassword) - if err != nil { - return fmt.Errorf("unable to update gitea read only user password: %w", err) - } - - // Update Git admin password - err = g.UpdateGitUser(ctx, oldState.GitServer.PushPassword, g.Server.PushUsername, g.Server.PushPassword) - if err != nil { - return fmt.Errorf("unable to update gitea admin user password: %w", err) - } - return nil -} - -// UpdateGitUser updates Zarf git server users -func (g *Git) UpdateGitUser(ctx context.Context, oldAdminPass string, username string, userpass string) error { - message.Debugf("git.UpdateGitUser()") - - c, err := cluster.NewCluster() - if err != nil { - return err - } - // Establish a git tunnel to send the repo - tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) - if err != nil { - return err - } - _, err = tunnel.Connect(ctx) - if err != nil { - return err - } - defer tunnel.Close() - tunnelURL := tunnel.HTTPEndpoint() - - var out []byte - - // Update the existing user's password - updateUserBody := map[string]interface{}{ - "login_name": username, - "password": userpass, - } - updateUserData, _ := json.Marshal(updateUserBody) - updateUserEndpoint := fmt.Sprintf("%s/api/v1/admin/users/%s", tunnelURL, username) - updateUserRequest, _ := netHttp.NewRequest("PATCH", updateUserEndpoint, bytes.NewBuffer(updateUserData)) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(updateUserRequest, g.Server.PushUsername, oldAdminPass) - return err - }) - message.Debugf("PATCH %s:\n%s", updateUserEndpoint, string(out)) - return err -} - -// CreatePackageRegistryToken uses the Gitea API to create a package registry token. -func (g *Git) CreatePackageRegistryToken(ctx context.Context) (CreateTokenResponse, error) { - message.Debugf("git.CreatePackageRegistryToken()") - - c, err := cluster.NewCluster() - if err != nil { - return CreateTokenResponse{}, err - } - - // Establish a git tunnel to send the repo - tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) - if err != nil { - return CreateTokenResponse{}, err - } - _, err = tunnel.Connect(ctx) - if err != nil { - return CreateTokenResponse{}, err - } - defer tunnel.Close() - - tunnelURL := tunnel.Endpoint() - - var out []byte - - // Determine if the package token already exists - getTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens", tunnelURL, g.Server.PushUsername) - getTokensRequest, _ := netHttp.NewRequest("GET", getTokensEndpoint, nil) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(getTokensRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("GET %s:\n%s", getTokensEndpoint, string(out)) - if err != nil { - return CreateTokenResponse{}, err - } - - hasPackageToken := false - var tokens []map[string]interface{} - err = json.Unmarshal(out, &tokens) - if err != nil { - return CreateTokenResponse{}, err - } - - for _, token := range tokens { - if token["name"] == config.ZarfArtifactTokenName { - hasPackageToken = true - } - } - - if hasPackageToken { - // Delete the existing token to be replaced - deleteTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens/%s", tunnelURL, g.Server.PushUsername, config.ZarfArtifactTokenName) - deleteTokensRequest, _ := netHttp.NewRequest("DELETE", deleteTokensEndpoint, nil) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(deleteTokensRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("DELETE %s:\n%s", deleteTokensEndpoint, string(out)) - if err != nil { - return CreateTokenResponse{}, err - } - } - - createTokensEndpoint := fmt.Sprintf("http://%s/api/v1/users/%s/tokens", tunnelURL, g.Server.PushUsername) - createTokensBody := map[string]interface{}{ - "name": config.ZarfArtifactTokenName, - "scopes": []string{"read:user", "read:package", "write:package"}, - } - createTokensData, _ := json.Marshal(createTokensBody) - createTokensRequest, _ := netHttp.NewRequest("POST", createTokensEndpoint, bytes.NewBuffer(createTokensData)) - err = tunnel.Wrap(func() error { - out, _, err = g.DoHTTPThings(createTokensRequest, g.Server.PushUsername, g.Server.PushPassword) - return err - }) - message.Debugf("POST %s:\n%s", createTokensEndpoint, string(out)) - if err != nil { - return CreateTokenResponse{}, err - } - - createTokenResponse := CreateTokenResponse{} - err = json.Unmarshal(out, &createTokenResponse) - if err != nil { - return CreateTokenResponse{}, err - } - - return createTokenResponse, nil -} - -// UpdateGiteaPVC updates the existing Gitea persistent volume claim and tells Gitea whether to create or not. -func UpdateGiteaPVC(ctx context.Context, shouldRollBack bool) (string, error) { - c, err := cluster.NewCluster() - if err != nil { - return "false", err - } - - pvcName := os.Getenv("ZARF_VAR_GIT_SERVER_EXISTING_PVC") - - if shouldRollBack { - pvc, err := c.Clientset.CoreV1().PersistentVolumeClaims(cluster.ZarfNamespaceName).Get(ctx, pvcName, metav1.GetOptions{}) - if err != nil { - return "false", err - } - delete(pvc.Labels, "app.kubernetes.io/managed-by") - delete(pvc.Annotations, "meta.helm.sh/release-name") - delete(pvc.Annotations, "meta.helm.sh/release-namespace") - _, err = c.Clientset.CoreV1().PersistentVolumeClaims(cluster.ZarfNamespaceName).Update(ctx, pvc, metav1.UpdateOptions{}) - if err != nil { - return "false", err - } - return "false", nil - } - - if pvcName == "data-zarf-gitea-0" { - pvc, err := c.Clientset.CoreV1().PersistentVolumeClaims(cluster.ZarfNamespaceName).Get(ctx, pvcName, metav1.GetOptions{}) - if err != nil { - return "true", err - } - pvc.Labels["app.kubernetes.io/managed-by"] = "Helm" - pvc.Annotations["meta.helm.sh/release-name"] = "zarf-gitea" - pvc.Annotations["meta.helm.sh/release-namespace"] = "zarf" - _, err = c.Clientset.CoreV1().PersistentVolumeClaims(cluster.ZarfNamespaceName).Update(ctx, pvc, metav1.UpdateOptions{}) - if err != nil { - return "true", err - } - return "true", nil - } - - return "false", nil -} - -// DoHTTPThings adds http request boilerplate and perform the request, checking for a successful response. -func (g *Git) DoHTTPThings(request *netHttp.Request, username, secret string) ([]byte, int, error) { - message.Debugf("git.DoHttpThings()") - - // Prep the request with boilerplate - client := &netHttp.Client{Timeout: time.Second * 20} - request.SetBasicAuth(username, secret) - request.Header.Add("accept", "application/json") - request.Header.Add("Content-Type", "application/json") - - // Perform the request and get the response - response, err := client.Do(request) - if err != nil { - return []byte{}, 0, err - } - responseBody, _ := io.ReadAll(response.Body) - - // If we get a 'bad' status code we will have no error, create a useful one to return - if response.StatusCode < 200 || response.StatusCode >= 300 { - err = fmt.Errorf("got status code of %d during http request with body of: %s", response.StatusCode, string(responseBody)) - return []byte{}, response.StatusCode, err - } - - return responseBody, response.StatusCode, nil -} - -func (g *Git) addReadOnlyUserToRepo(tunnelURL, repo string) error { - message.Debugf("git.addReadOnlyUserToRepo()") - - // Add the readonly user to the repo - addCollabBody := map[string]string{ - "permission": "read", - } - addCollabData, err := json.Marshal(addCollabBody) - if err != nil { - return err - } - - // Send API request to add a user as a read-only collaborator to a repo - addCollabEndpoint := fmt.Sprintf("%s/api/v1/repos/%s/%s/collaborators/%s", tunnelURL, g.Server.PushUsername, repo, g.Server.PullUsername) - addCollabRequest, _ := netHttp.NewRequest("PUT", addCollabEndpoint, bytes.NewBuffer(addCollabData)) - out, _, err := g.DoHTTPThings(addCollabRequest, g.Server.PushUsername, g.Server.PushPassword) - message.Debugf("PUT %s:\n%s", addCollabEndpoint, string(out)) - return err -} diff --git a/src/internal/packager/git/pull.go b/src/internal/packager/git/pull.go deleted file mode 100644 index 5d9e6f1006..0000000000 --- a/src/internal/packager/git/pull.go +++ /dev/null @@ -1,81 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "context" - "fmt" - "path" - "strings" - - "github.com/go-git/go-git/v5/plumbing" - "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/pkg/transform" - "github.com/zarf-dev/zarf/src/pkg/utils" -) - -// DownloadRepoToTemp clones or updates a repo into a temp folder to perform ephemeral actions (i.e. process chart repos). -func (g *Git) DownloadRepoToTemp(ctx context.Context, gitURL string) error { - g.Spinner.Updatef("g.DownloadRepoToTemp(%s)", gitURL) - - path, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) - if err != nil { - return fmt.Errorf("unable to create tmpdir: %w", err) - } - - // If downloading to temp, set this as a shallow clone to only pull the exact - // gitURL w/ ref that was specified since we will throw away git history anyway - if err = g.Pull(ctx, gitURL, path, true); err != nil { - return fmt.Errorf("unable to pull the git repo at %s: %w", gitURL, err) - } - - return nil -} - -// Pull clones or updates a git repository into the target folder. -func (g *Git) Pull(ctx context.Context, gitURL, targetFolder string, shallow bool) error { - g.Spinner.Updatef("Processing git repo %s", gitURL) - - // Split the remote url and the zarf reference - gitURLNoRef, refPlain, err := transform.GitURLSplitRef(gitURL) - if err != nil { - return err - } - - var ref plumbing.ReferenceName - - // Parse the ref from the git URL. - if refPlain != emptyRef { - ref = ParseRef(refPlain) - } - - // Construct a path unique to this git repo - repoFolder, err := transform.GitURLtoFolderName(gitURL) - if err != nil { - return err - } - - g.GitPath = path.Join(targetFolder, repoFolder) - - // Clone the git repository. - err = g.clone(ctx, gitURLNoRef, ref, shallow) - if err != nil { - return fmt.Errorf("not a valid git repo or unable to clone (%s): %w", gitURL, err) - } - - if ref != emptyRef && !ref.IsBranch() { - // Remove the "refs/tags/" prefix from the ref. - stripped := strings.TrimPrefix(refPlain, "refs/tags/") - - // Use the plain ref as part of the branch name so it is unique and doesn't conflict with other refs. - alias := fmt.Sprintf("zarf-ref-%s", stripped) - trunkBranchName := plumbing.NewBranchReferenceName(alias) - - // Checkout the ref as a branch. - return g.checkoutRefAsBranch(stripped, trunkBranchName) - } - - return nil -} diff --git a/src/internal/packager/git/push.go b/src/internal/packager/git/push.go deleted file mode 100644 index 494ee40db6..0000000000 --- a/src/internal/packager/git/push.go +++ /dev/null @@ -1,166 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package git contains functions for interacting with git repositories. -package git - -import ( - "errors" - "fmt" - "os" - "path" - - "github.com/go-git/go-git/v5" - goConfig "github.com/go-git/go-git/v5/config" - "github.com/go-git/go-git/v5/plumbing" - "github.com/go-git/go-git/v5/plumbing/transport" - "github.com/go-git/go-git/v5/plumbing/transport/http" - "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/pkg/transform" -) - -// PushRepo pushes a git repository from the local path to the configured git server. -func (g *Git) PushRepo(srcURL, targetFolder string) error { - spinner := message.NewProgressSpinner("Processing git repo %s", srcURL) - defer spinner.Stop() - - // Setup git paths, including a unique name for the repo based on the hash of the git URL to avoid conflicts. - repoFolder, err := transform.GitURLtoFolderName(srcURL) - if err != nil { - return fmt.Errorf("unable to parse git url (%s): %w", srcURL, err) - } - repoPath := path.Join(targetFolder, repoFolder) - - // Check that this package is using the new repo format (if not fallback to the format from <= 0.24.x) - _, err = os.Stat(repoPath) - if os.IsNotExist(err) { - repoFolder, err = transform.GitURLtoRepoName(srcURL) - if err != nil { - return fmt.Errorf("unable to parse git url (%s): %w", srcURL, err) - } - repoPath = path.Join(targetFolder, repoFolder) - } - - g.GitPath = repoPath - - repo, err := g.prepRepoForPush() - if err != nil { - message.Warnf("error when prepping the repo for push.. %v", err) - return err - } - - if err := g.push(repo, spinner); err != nil { - return fmt.Errorf("failed to push the git repo %q: %w", repoFolder, err) - } - - // Add the read-only user to this repo - if g.Server.InternalServer { - // Get the upstream URL - remote, err := repo.Remote(onlineRemoteName) - if err != nil { - message.Warn("unable to get the information needed to add the read-only user to the repo") - return err - } - remoteURL := remote.Config().URLs[0] - repoName, err := transform.GitURLtoRepoName(remoteURL) - if err != nil { - message.Warnf("Unable to add the read-only user to the repo: %s\n", repoName) - return err - } - - err = g.addReadOnlyUserToRepo(g.Server.Address, repoName) - if err != nil { - message.Warnf("Unable to add the read-only user to the repo: %s\n", repoName) - return err - } - } - - spinner.Success() - return nil -} - -func (g *Git) prepRepoForPush() (*git.Repository, error) { - // Open the given repo - repo, err := git.PlainOpen(g.GitPath) - if err != nil { - return nil, fmt.Errorf("not a valid git repo or unable to open: %w", err) - } - - // Get the upstream URL - remote, err := repo.Remote(onlineRemoteName) - if err != nil { - return nil, fmt.Errorf("unable to find the git remote: %w", err) - } - - remoteURL := remote.Config().URLs[0] - targetURL, err := transform.GitURL(g.Server.Address, remoteURL, g.Server.PushUsername) - if err != nil { - return nil, fmt.Errorf("unable to transform the git url: %w", err) - } - message.Debugf("Rewrite git URL: %s -> %s", remoteURL, targetURL.String()) - // Remove any preexisting offlineRemotes (happens when a retry is triggered) - _ = repo.DeleteRemote(offlineRemoteName) - - _, err = repo.CreateRemote(&goConfig.RemoteConfig{ - Name: offlineRemoteName, - URLs: []string{targetURL.String()}, - }) - if err != nil { - return nil, fmt.Errorf("failed to create offline remote: %w", err) - } - - return repo, nil -} - -func (g *Git) push(repo *git.Repository, spinner *message.Spinner) error { - gitCred := http.BasicAuth{ - Username: g.Server.PushUsername, - Password: g.Server.PushPassword, - } - - // Fetch remote offline refs in case of old update or if multiple refs are specified in one package - fetchOptions := &git.FetchOptions{ - RemoteName: offlineRemoteName, - Auth: &gitCred, - RefSpecs: []goConfig.RefSpec{ - "refs/heads/*:refs/heads/*", - "refs/tags/*:refs/tags/*", - }, - } - - // Attempt the fetch, if it fails, log a warning and continue trying to push (might as well try..) - err := repo.Fetch(fetchOptions) - if errors.Is(err, transport.ErrRepositoryNotFound) { - message.Debugf("Repo not yet available offline, skipping fetch...") - } else if errors.Is(err, git.ErrForceNeeded) { - message.Debugf("Repo fetch requires force, skipping fetch...") - } else if errors.Is(err, git.NoErrAlreadyUpToDate) { - message.Debugf("Repo already up-to-date, skipping fetch...") - } else if err != nil { - return fmt.Errorf("unable to fetch the git repo prior to push: %w", err) - } - - // Push all heads and tags to the offline remote - err = repo.Push(&git.PushOptions{ - RemoteName: offlineRemoteName, - Auth: &gitCred, - Progress: spinner, - // TODO: (@JEFFMCCOY) add the parsing for the `+` force prefix (see https://github.com/zarf-dev/zarf/issues/1410) - //Force: isForce, - // If a provided refspec doesn't push anything, it is just ignored - RefSpecs: []goConfig.RefSpec{ - "refs/heads/*:refs/heads/*", - "refs/tags/*:refs/tags/*", - }, - }) - - if errors.Is(err, git.NoErrAlreadyUpToDate) { - message.Debug("Repo already up-to-date") - } else if errors.Is(err, plumbing.ErrObjectNotFound) { - return fmt.Errorf("unable to push repo due to likely shallow clone: %s", err.Error()) - } else if err != nil { - return fmt.Errorf("unable to push repo to the gitops service: %s", err.Error()) - } - - return nil -} diff --git a/src/internal/packager/helm/chart.go b/src/internal/packager/helm/chart.go index 0bd483df7f..26f81e1a9b 100644 --- a/src/internal/packager/helm/chart.go +++ b/src/internal/packager/helm/chart.go @@ -61,7 +61,6 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, histClient := action.NewHistory(h.actionConfig) tryHelm := func() error { var err error - var output *release.Release releases, histErr := histClient.Run(h.chart.ReleaseName) @@ -71,14 +70,14 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, // No prior release, try to install it. spinner.Updatef("Attempting chart installation") - output, err = h.installChart(postRender) + _, err = h.installChart(postRender) } else if histErr == nil && len(releases) > 0 { // Otherwise, there is a prior release so upgrade it. spinner.Updatef("Attempting chart upgrade") lastRelease := releases[len(releases)-1] - output, err = h.upgradeChart(lastRelease, postRender) + _, err = h.upgradeChart(lastRelease, postRender) } else { // 😭 things aren't working return fmt.Errorf("unable to verify the chart installation status: %w", histErr) @@ -88,7 +87,6 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, return err } - message.Debug(output.Info.Description) spinner.Success() return nil } @@ -128,7 +126,6 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, // TemplateChart generates a helm template from a given chart. func (h *Helm) TemplateChart(ctx context.Context) (manifest string, chartValues chartutil.Values, err error) { - message.Debugf("helm.TemplateChart()") spinner := message.NewProgressSpinner("Templating helm chart %s", h.chart.Name) defer spinner.Stop() @@ -152,7 +149,7 @@ func (h *Helm) TemplateChart(ctx context.Context) (manifest string, chartValues if h.kubeVersion != "" { parsedKubeVersion, err := chartutil.ParseKubeVersion(h.kubeVersion) if err != nil { - return "", nil, fmt.Errorf("invalid kube version '%s': %s", h.kubeVersion, err) + return "", nil, fmt.Errorf("invalid kube version %s: %w", h.kubeVersion, err) } client.KubeVersion = parsedKubeVersion } @@ -324,7 +321,6 @@ func (h *Helm) upgradeChart(lastRelease *release.Release, postRender *renderer) } func (h *Helm) rollbackChart(name string, version int) error { - message.Debugf("helm.rollbackChart(%s)", name) client := action.NewRollback(h.actionConfig) client.CleanupOnFail = true client.Force = true @@ -335,7 +331,6 @@ func (h *Helm) rollbackChart(name string, version int) error { } func (h *Helm) uninstallChart(name string) (*release.UninstallReleaseResponse, error) { - message.Debugf("helm.uninstallChart(%s)", name) client := action.NewUninstall(h.actionConfig) client.KeepHistory = false client.Wait = true @@ -344,7 +339,6 @@ func (h *Helm) uninstallChart(name string) (*release.UninstallReleaseResponse, e } func (h *Helm) loadChartData() (*chart.Chart, chartutil.Values, error) { - message.Debugf("helm.loadChartData()") var ( loadedChart *chart.Chart chartValues chartutil.Values @@ -398,13 +392,13 @@ func (h *Helm) migrateDeprecatedAPIs(latestRelease *release.Release) error { // parse to unstructured to have access to more data than just the name rawData := &unstructured.Unstructured{} if err := yaml.Unmarshal([]byte(resource.Content), rawData); err != nil { - return fmt.Errorf("failed to unmarshal manifest: %#v", err) + return fmt.Errorf("failed to unmarshal manifest: %w", err) } rawData, manifestModified, _ := handleDeprecations(rawData, *kubeGitVersion) manifestContent, err := yaml.Marshal(rawData) if err != nil { - return fmt.Errorf("failed to marshal raw manifest after deprecation check: %#v", err) + return fmt.Errorf("failed to marshal raw manifest after deprecation check: %w", err) } // If this is not a bad object, place it back into the manifest diff --git a/src/internal/packager/helm/common.go b/src/internal/packager/helm/common.go index e4dd729a19..8d20e84483 100644 --- a/src/internal/packager/helm/common.go +++ b/src/internal/packager/helm/common.go @@ -14,6 +14,7 @@ import ( "strconv" "time" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/pkg/message" @@ -26,7 +27,7 @@ import ( // Helm is a config object for working with helm charts. type Helm struct { - chart types.ZarfChart + chart v1alpha1.ZarfChart chartPath string valuesPath string @@ -50,7 +51,7 @@ type Helm struct { type Modifier func(*Helm) // New returns a new Helm config struct. -func New(chart types.ZarfChart, chartPath string, valuesPath string, mods ...Modifier) *Helm { +func New(chart v1alpha1.ZarfChart, chartPath string, valuesPath string, mods ...Modifier) *Helm { h := &Helm{ chart: chart, chartPath: chartPath, @@ -78,7 +79,7 @@ func NewClusterOnly(cfg *types.PackagerConfig, variableConfig *variables.Variabl } // NewFromZarfManifest generates a helm chart and config from a given Zarf manifest. -func NewFromZarfManifest(manifest types.ZarfManifest, manifestPath, packageName, componentName string, mods ...Modifier) (h *Helm, err error) { +func NewFromZarfManifest(manifest v1alpha1.ZarfManifest, manifestPath, packageName, componentName string, mods ...Modifier) (h *Helm, err error) { spinner := message.NewProgressSpinner("Starting helm chart generation %s", manifest.Name) defer spinner.Stop() @@ -115,7 +116,7 @@ func NewFromZarfManifest(manifest types.ZarfManifest, manifestPath, packageName, // Generate the struct to pass to InstallOrUpgradeChart(). h = &Helm{ - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: tmpChart.Metadata.Name, // Preserve the zarf prefix for chart names to match v0.22.x and earlier behavior. ReleaseName: fmt.Sprintf("zarf-%s", sha1ReleaseName), @@ -164,11 +165,11 @@ func WithVariableConfig(variableConfig *variables.VariableConfig) Modifier { } // StandardName generates a predictable full path for a helm chart for Zarf. -func StandardName(destination string, chart types.ZarfChart) string { +func StandardName(destination string, chart v1alpha1.ZarfChart) string { return filepath.Join(destination, chart.Name+"-"+chart.Version) } // StandardValuesName generates a predictable full path for the values file for a helm chart for zarf -func StandardValuesName(destination string, chart types.ZarfChart, idx int) string { +func StandardValuesName(destination string, chart v1alpha1.ZarfChart, idx int) string { return fmt.Sprintf("%s-%d", StandardName(destination, chart), idx) } diff --git a/src/internal/packager/helm/images.go b/src/internal/packager/helm/images.go index 390ce5c8be..b5399f2590 100644 --- a/src/internal/packager/helm/images.go +++ b/src/internal/packager/helm/images.go @@ -6,7 +6,6 @@ package helm import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/goccy/go-yaml" - "github.com/zarf-dev/zarf/src/pkg/message" "helm.sh/helm/v3/pkg/chart/loader" "helm.sh/helm/v3/pkg/chartutil" ) @@ -45,7 +44,6 @@ func FindAnnotatedImagesForChart(chartPath string, values chartutil.Values) (ima // Only include the image if the current values/condition specify it should be included if i.Condition != "" { value, err := values.PathValue(i.Condition) - message.Debugf("%#v - %#v - %#v\n", value, i.Condition, err) // We intentionally ignore the error here because the key could be missing from the values.yaml if err == nil && value == true { images = append(images, i.Image) diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index 9a514fc6a6..c316375acb 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -38,8 +38,6 @@ type renderer struct { } func (h *Helm) newRenderer(ctx context.Context) (*renderer, error) { - message.Debugf("helm.NewRenderer()") - rend := &renderer{ Helm: h, connectStrings: types.ConnectStrings{}, @@ -125,7 +123,6 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { return err } for name, namespace := range r.namespaces { - // Check to see if this namespace already exists var existingNamespace bool for _, serverNamespace := range namespaceList.Items { @@ -205,7 +202,6 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { if err != nil { message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) } - } } return nil @@ -226,7 +222,7 @@ func (r *renderer) editHelmResources(ctx context.Context, resources []releaseuti // parse to unstructured to have access to more data than just the name rawData := &unstructured.Unstructured{} if err := yaml.Unmarshal([]byte(resource.Content), rawData); err != nil { - return fmt.Errorf("failed to unmarshal manifest: %#v", err) + return fmt.Errorf("failed to unmarshal manifest: %w", err) } switch rawData.GetKind() { diff --git a/src/internal/packager/helm/repo.go b/src/internal/packager/helm/repo.go index 148a4176a4..24f3a7f4b0 100644 --- a/src/internal/packager/helm/repo.go +++ b/src/internal/packager/helm/repo.go @@ -6,6 +6,7 @@ package helm import ( "context" + "errors" "fmt" "os" "path/filepath" @@ -14,11 +15,10 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" "helm.sh/helm/v3/pkg/action" "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/cli" @@ -53,14 +53,13 @@ func (h *Helm) PackageChart(ctx context.Context, cosignKeyPath string) error { return fmt.Errorf("unable to pull the chart %q from git: %w", h.chart.Name, err) } } else { - err = h.DownloadPublishedChart(cosignKeyPath) + err = h.DownloadPublishedChart(ctx, cosignKeyPath) if err != nil { return fmt.Errorf("unable to download the published chart %q: %w", h.chart.Name, err) } } - } else { - err := h.PackageChartFromLocalFiles(cosignKeyPath) + err := h.PackageChartFromLocalFiles(ctx, cosignKeyPath) if err != nil { return fmt.Errorf("unable to package the %q chart: %w", h.chart.Name, err) } @@ -69,7 +68,7 @@ func (h *Helm) PackageChart(ctx context.Context, cosignKeyPath string) error { } // PackageChartFromLocalFiles creates a chart archive from a path to a chart on the host os. -func (h *Helm) PackageChartFromLocalFiles(cosignKeyPath string) error { +func (h *Helm) PackageChartFromLocalFiles(ctx context.Context, cosignKeyPath string) error { spinner := message.NewProgressSpinner("Processing helm chart %s:%s from %s", h.chart.Name, h.chart.Version, h.chart.LocalPath) defer spinner.Stop() @@ -103,7 +102,7 @@ func (h *Helm) PackageChartFromLocalFiles(cosignKeyPath string) error { } // Finalize the chart - err = h.finalizeChartPackage(saved, cosignKeyPath) + err = h.finalizeChartPackage(ctx, saved, cosignKeyPath) if err != nil { return err } @@ -119,7 +118,7 @@ func (h *Helm) PackageChartFromGit(ctx context.Context, cosignKeyPath string) er defer spinner.Stop() // Retrieve the repo containing the chart - gitPath, err := DownloadChartFromGitToTemp(ctx, h.chart.URL, spinner) + gitPath, err := DownloadChartFromGitToTemp(ctx, h.chart.URL) if err != nil { return err } @@ -127,11 +126,11 @@ func (h *Helm) PackageChartFromGit(ctx context.Context, cosignKeyPath string) er // Set the directory for the chart and package it h.chart.LocalPath = filepath.Join(gitPath, h.chart.GitPath) - return h.PackageChartFromLocalFiles(cosignKeyPath) + return h.PackageChartFromLocalFiles(ctx, cosignKeyPath) } // DownloadPublishedChart loads a specific chart version from a remote repo. -func (h *Helm) DownloadPublishedChart(cosignKeyPath string) error { +func (h *Helm) DownloadPublishedChart(ctx context.Context, cosignKeyPath string) error { spinner := message.NewProgressSpinner("Processing helm chart %s:%s from repo %s", h.chart.Name, h.chart.Version, h.chart.URL) defer spinner.Stop() @@ -222,7 +221,7 @@ func (h *Helm) DownloadPublishedChart(cosignKeyPath string) error { } // Finalize the chart - err = h.finalizeChartPackage(saved, cosignKeyPath) + err = h.finalizeChartPackage(ctx, saved, cosignKeyPath) if err != nil { return err } @@ -233,20 +232,19 @@ func (h *Helm) DownloadPublishedChart(cosignKeyPath string) error { } // DownloadChartFromGitToTemp downloads a chart from git into a temp directory -func DownloadChartFromGitToTemp(ctx context.Context, url string, spinner *message.Spinner) (string, error) { - // Create the Git configuration and download the repo - gitCfg := git.NewWithSpinner(types.GitServerInfo{}, spinner) - - // Download the git repo to a temporary directory - err := gitCfg.DownloadRepoToTemp(ctx, url) +func DownloadChartFromGitToTemp(ctx context.Context, url string) (string, error) { + path, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) if err != nil { - return "", fmt.Errorf("unable to download the git repo %s: %w", url, err) + return "", fmt.Errorf("unable to create tmpdir: %w", err) } - - return gitCfg.GitPath, nil + repository, err := git.Clone(ctx, path, url, true) + if err != nil { + return "", err + } + return repository.Path(), nil } -func (h *Helm) finalizeChartPackage(saved, cosignKeyPath string) error { +func (h *Helm) finalizeChartPackage(ctx context.Context, saved, cosignKeyPath string) error { // Ensure the name is consistent for deployments destinationTarball := StandardName(h.chartPath, h.chart) + ".tgz" err := os.Rename(saved, destinationTarball) @@ -254,19 +252,19 @@ func (h *Helm) finalizeChartPackage(saved, cosignKeyPath string) error { return fmt.Errorf("unable to save the final chart tarball: %w", err) } - err = h.packageValues(cosignKeyPath) + err = h.packageValues(ctx, cosignKeyPath) if err != nil { return fmt.Errorf("unable to process the values for the package: %w", err) } return nil } -func (h *Helm) packageValues(cosignKeyPath string) error { +func (h *Helm) packageValues(ctx context.Context, cosignKeyPath string) error { for valuesIdx, path := range h.chart.ValuesFiles { dst := StandardValuesName(h.valuesPath, h.chart, valuesIdx) if helpers.IsURL(path) { - if err := utils.DownloadToFile(path, dst, cosignKeyPath); err != nil { + if err := utils.DownloadToFile(ctx, path, dst, cosignKeyPath); err != nil { return fmt.Errorf(lang.ErrDownloading, path, err.Error()) } } else { @@ -308,18 +306,20 @@ func (h *Helm) buildChartDependencies() error { // Build the deps from the helm chart err = man.Build() - if e, ok := err.(downloader.ErrRepoNotFound); ok { + var notFoundErr *downloader.ErrRepoNotFound + if errors.As(err, ¬FoundErr) { // If we encounter a repo not found error point the user to `zarf tools helm repo add` - message.Warnf("%s. Please add the missing repo(s) via the following:", e.Error()) - for _, repository := range e.Repos { + message.Warnf("%s. Please add the missing repo(s) via the following:", notFoundErr.Error()) + for _, repository := range notFoundErr.Repos { message.ZarfCommand(fmt.Sprintf("tools helm repo add %s", repository)) } - } else if err != nil { - // Warn the user of any issues but don't fail - any actual issues will cause a fail during packaging (e.g. the charts we are building may exist already, we just can't get updates) + return err + } + if err != nil { message.ZarfCommand("tools helm dependency build --verify") message.Warnf("Unable to perform a rebuild of Helm dependencies: %s", err.Error()) + return err } - return nil } diff --git a/src/internal/packager/helm/zarf.go b/src/internal/packager/helm/zarf.go index 8706fe2711..9f72dce5a4 100644 --- a/src/internal/packager/helm/zarf.go +++ b/src/internal/packager/helm/zarf.go @@ -17,13 +17,13 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/internal/packager/template" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/variables" - "github.com/zarf-dev/zarf/src/types" ) // UpdateZarfRegistryValues updates the Zarf registry deployment with the new state values @@ -41,7 +41,7 @@ func (h *Helm) UpdateZarfRegistryValues(ctx context.Context) error { "htpasswd": fmt.Sprintf("%s\n%s", pushUser, pullUser), }, } - h.chart = types.ZarfChart{ + h.chart = v1alpha1.ZarfChart{ Namespace: "zarf", ReleaseName: "zarf-docker-registry", } @@ -99,7 +99,7 @@ func (h *Helm) UpdateZarfAgentValues(ctx context.Context) error { for _, release := range releases { // Update the Zarf Agent release with the new values if release.Chart.Name() == "raw-init-zarf-agent-zarf-agent" { - h.chart = types.ZarfChart{ + h.chart = v1alpha1.ZarfChart{ Namespace: "zarf", ReleaseName: release.Name, } diff --git a/src/internal/packager/images/push.go b/src/internal/packager/images/push.go index 08625ab385..0d0752f9fe 100644 --- a/src/internal/packager/images/push.go +++ b/src/internal/packager/images/push.go @@ -99,8 +99,6 @@ func Push(ctx context.Context, cfg PushConfig) error { return err } - message.Debugf("push %s -> %s)", refInfo.Reference, offlineNameCRC) - if err = pushImage(img, offlineNameCRC); err != nil { return err } diff --git a/src/internal/packager/template/template.go b/src/internal/packager/template/template.go index 70f7808cc2..645982865e 100644 --- a/src/internal/packager/template/template.go +++ b/src/internal/packager/template/template.go @@ -107,7 +107,7 @@ func GetZarfTemplates(componentName string, state *types.ZarfState) (templateMap // generateHtpasswd returns an htpasswd string for the current state's RegistryInfo. func generateHtpasswd(regInfo *types.RegistryInfo) (string, error) { // Only calculate this for internal registries to allow longer external passwords - if regInfo.InternalRegistry { + if regInfo.IsInternal() { pushUser, err := utils.GetHtpasswdString(regInfo.PushUsername, regInfo.PushPassword) if err != nil { return "", fmt.Errorf("error generating htpasswd string: %w", err) diff --git a/src/pkg/cluster/cluster.go b/src/pkg/cluster/cluster.go index b4eb28051b..801fd50173 100644 --- a/src/pkg/cluster/cluster.go +++ b/src/pkg/cluster/cluster.go @@ -93,7 +93,7 @@ func waitForHealthyCluster(ctx context.Context, client kubernetes.Interface) err // Make sure there is at least one running Node nodeList, err := client.CoreV1().Nodes().List(ctx, metav1.ListOptions{}) if err != nil || len(nodeList.Items) < 1 { - message.Debug("No nodes reporting healthy yet: %v\n", err) + message.Debugf("No nodes reporting healthy yet: %v\n", err) timer.Reset(waitDuration) continue } @@ -101,7 +101,7 @@ func waitForHealthyCluster(ctx context.Context, client kubernetes.Interface) err // Get the cluster pod list pods, err := client.CoreV1().Pods(corev1.NamespaceAll).List(ctx, metav1.ListOptions{}) if err != nil { - message.Debug("Could not get the pod list: %w", err) + message.Debugf("Could not get the pod list: %v", err) timer.Reset(waitDuration) continue } diff --git a/src/pkg/cluster/data.go b/src/pkg/cluster/data.go index cd46dbb28b..8f1687123a 100644 --- a/src/pkg/cluster/data.go +++ b/src/pkg/cluster/data.go @@ -21,17 +21,17 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/utils/exec" - "github.com/zarf-dev/zarf/src/types" ) // HandleDataInjection waits for the target pod(s) to come up and inject the data into them // todo: this currently requires kubectl but we should have enough k8s work to make this native now. -func (c *Cluster) HandleDataInjection(ctx context.Context, data types.ZarfDataInjection, componentPath *layout.ComponentPaths, dataIdx int) error { +func (c *Cluster) HandleDataInjection(ctx context.Context, data v1alpha1.ZarfDataInjection, componentPath *layout.ComponentPaths, dataIdx int) error { injectionCompletionMarker := filepath.Join(componentPath.DataInjections, config.GetDataInjectionMarker()) if err := os.WriteFile(injectionCompletionMarker, []byte("🦄"), helpers.ReadWriteUser); err != nil { return fmt.Errorf("unable to create the data injection completion marker: %w", err) @@ -197,7 +197,7 @@ func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interfac return nil, err } - message.Debug("Found %d pods for target %#v", len(podList.Items), target) + message.Debugf("Found %d pods for target %#v", len(podList.Items), target) var readyPods = []corev1.Pod{} @@ -207,7 +207,7 @@ func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interfac }) for _, pod := range podList.Items { - message.Debug("Testing pod %q", pod.Name) + message.Debugf("Testing pod %q", pod.Name) // If an include function is provided, only keep pods that return true if include != nil && !include(pod) { @@ -216,7 +216,7 @@ func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interfac // Handle container targeting if target.Container != "" { - message.Debug("Testing pod %q for container %q", pod.Name, target.Container) + message.Debugf("Testing pod %q for container %q", pod.Name, target.Container) // Check the status of initContainers for a running match for _, initContainer := range pod.Status.InitContainerStatuses { @@ -238,7 +238,7 @@ func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interfac } } else { status := pod.Status.Phase - message.Debug("Testing pod %q phase, want (%q) got (%q)", pod.Name, corev1.PodRunning, status) + message.Debugf("Testing pod %q phase, want (%q) got (%q)", pod.Name, corev1.PodRunning, status) // Regular status checking without a container if status == corev1.PodRunning { readyPods = append(readyPods, pod) diff --git a/src/pkg/cluster/injector_test.go b/src/pkg/cluster/injector_test.go index 07abc3bb6c..67dff422f2 100644 --- a/src/pkg/cluster/injector_test.go +++ b/src/pkg/cluster/injector_test.go @@ -34,7 +34,10 @@ func TestInjector(t *testing.T) { Watcher: pkgkubernetes.NewImmediateWatcher(status.CurrentStatus), } cs.PrependReactor("delete-collection", "configmaps", func(action k8stesting.Action) (bool, runtime.Object, error) { - delAction := action.(k8stesting.DeleteCollectionActionImpl) + delAction, ok := action.(k8stesting.DeleteCollectionActionImpl) + if !ok { + return false, nil, fmt.Errorf("action is not of type DeleteCollectionActionImpl") + } if delAction.GetListRestrictions().Labels.String() != "zarf-injector=payload" { return false, nil, nil } diff --git a/src/pkg/cluster/pvc.go b/src/pkg/cluster/pvc.go new file mode 100644 index 0000000000..21a0a45ecf --- /dev/null +++ b/src/pkg/cluster/pvc.go @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package cluster + +import ( + "context" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// UpdateGiteaPVC updates the existing Gitea persistent volume claim and tells Gitea whether to create or not. +func (c *Cluster) UpdateGiteaPVC(ctx context.Context, pvcName string, shouldRollBack bool) (string, error) { + if shouldRollBack { + pvc, err := c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Get(ctx, pvcName, metav1.GetOptions{}) + if err != nil { + return "false", err + } + delete(pvc.Labels, "app.kubernetes.io/managed-by") + delete(pvc.Annotations, "meta.helm.sh/release-name") + delete(pvc.Annotations, "meta.helm.sh/release-namespace") + _, err = c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Update(ctx, pvc, metav1.UpdateOptions{}) + if err != nil { + return "false", err + } + return "false", nil + } + + if pvcName == "data-zarf-gitea-0" { + pvc, err := c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Get(ctx, pvcName, metav1.GetOptions{}) + if err != nil { + return "true", err + } + pvc.Labels["app.kubernetes.io/managed-by"] = "Helm" + pvc.Annotations["meta.helm.sh/release-name"] = "zarf-gitea" + pvc.Annotations["meta.helm.sh/release-namespace"] = "zarf" + _, err = c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Update(ctx, pvc, metav1.UpdateOptions{}) + if err != nil { + return "true", err + } + return "true", nil + } + + return "false", nil +} diff --git a/src/pkg/cluster/pvc_test.go b/src/pkg/cluster/pvc_test.go new file mode 100644 index 0000000000..6c267d1500 --- /dev/null +++ b/src/pkg/cluster/pvc_test.go @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +package cluster + +import ( + "testing" + + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes/fake" + + "github.com/zarf-dev/zarf/src/test/testutil" +) + +func TestUpdateGiteaPVC(t *testing.T) { + t.Parallel() + + ctx := testutil.TestContext(t) + c := &Cluster{ + Clientset: fake.NewSimpleClientset(), + } + pvc := &corev1.PersistentVolumeClaim{ + ObjectMeta: metav1.ObjectMeta{ + Name: "data-zarf-gitea-0", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + } + _, err := c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Create(ctx, pvc, metav1.CreateOptions{}) + require.NoError(t, err) + + v, err := c.UpdateGiteaPVC(ctx, "foobar", false) + require.NoError(t, err) + require.Equal(t, "false", v) + + v, err = c.UpdateGiteaPVC(ctx, "foobar", true) + require.EqualError(t, err, "persistentvolumeclaims \"foobar\" not found") + require.Equal(t, "false", v) + + v, err = c.UpdateGiteaPVC(ctx, "data-zarf-gitea-0", true) + require.NoError(t, err) + require.Equal(t, "false", v) + + v, err = c.UpdateGiteaPVC(ctx, "data-zarf-gitea-0", false) + require.NoError(t, err) + require.Equal(t, "true", v) + pvc, err = c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Get(ctx, "data-zarf-gitea-0", metav1.GetOptions{}) + require.NoError(t, err) + require.Equal(t, "Helm", pvc.Labels["app.kubernetes.io/managed-by"]) + require.Equal(t, "zarf-gitea", pvc.Annotations["meta.helm.sh/release-name"]) + require.Equal(t, "zarf", pvc.Annotations["meta.helm.sh/release-namespace"]) + + v, err = c.UpdateGiteaPVC(ctx, "data-zarf-gitea-0", true) + require.NoError(t, err) + require.Equal(t, "false", v) + pvc, err = c.Clientset.CoreV1().PersistentVolumeClaims(ZarfNamespaceName).Get(ctx, "data-zarf-gitea-0", metav1.GetOptions{}) + require.NoError(t, err) + require.Empty(t, pvc.Labels["app.kubernetes.io/managed-by"]) + require.Empty(t, pvc.Labels["meta.helm.sh/release-name"]) + require.Empty(t, pvc.Labels["meta.helm.sh/release-namespace"]) +} diff --git a/src/pkg/cluster/secrets.go b/src/pkg/cluster/secrets.go index 3cdeabe826..43c3402b64 100644 --- a/src/pkg/cluster/secrets.go +++ b/src/pkg/cluster/secrets.go @@ -64,7 +64,7 @@ func (c *Cluster) GenerateRegistryPullCreds(ctx context.Context, namespace, name // Convert to JSON dockerConfigData, err := json.Marshal(dockerConfigJSON) if err != nil { - return nil, fmt.Errorf("Unable to marshal the .dockerconfigjson secret data for the image pull secret: %w", err) + return nil, fmt.Errorf("unable to marshal the .dockerconfigjson secret data for the image pull secret: %w", err) } secretDockerConfig := &corev1.Secret{ diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index bdc14e5989..7ce8a3fa6d 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -7,11 +7,11 @@ package cluster import ( "context" "encoding/json" + "errors" "fmt" "slices" "time" - "github.com/fatih/color" corev1 "k8s.io/api/core/v1" kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -35,15 +35,16 @@ const ( // InitZarfState initializes the Zarf state with the given temporary directory and init configs. func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitOptions) error { - var distro string - spinner := message.NewProgressSpinner("Gathering cluster state information") defer spinner.Stop() // Attempt to load an existing state prior to init. // NOTE: We are ignoring the error here because we don't really expect a state to exist yet. spinner.Updatef("Checking cluster for existing Zarf deployment") - state, _ := c.LoadZarfState(ctx) + state, err := c.LoadZarfState(ctx) + if err != nil && !kerrors.IsNotFound(err) { + return fmt.Errorf("failed to check for existing state: %w", err) + } // If state is nil, this is a new cluster. if state == nil { @@ -52,7 +53,7 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO if initOptions.ApplianceMode { // If the K3s component is being deployed, skip distro detection. - distro = DistroIsK3s + state.Distro = DistroIsK3s state.ZarfAppliance = true } else { // Otherwise, trying to detect the K8s distro type. @@ -67,16 +68,13 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO if err != nil { return err } - distro = detectDistro(nodeList.Items[0], namespaceList.Items) + state.Distro = detectDistro(nodeList.Items[0], namespaceList.Items) } - if distro != DistroIsUnknown { - spinner.Updatef("Detected K8s distro %s", distro) + if state.Distro != DistroIsUnknown { + spinner.Updatef("Detected K8s distro %s", state.Distro) } - // Defaults - state.Distro = distro - // Setup zarf agent PKI agentTLS, err := pki.GeneratePKI(config.ZarfAgentHost) if err != nil { @@ -100,8 +98,7 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO namespaceCopy := namespace _, err := c.Clientset.CoreV1().Namespaces().Update(ctx, &namespaceCopy, metav1.UpdateOptions{}) if err != nil { - // This is not a hard failure, but we should log it. - message.WarnErrf(err, "Unable to mark the namespace %s as ignored by Zarf Agent", namespace.Name) + return fmt.Errorf("unable to mark the namespace %s as ignored by Zarf Agent: %w", namespace.Name, err) } } @@ -210,13 +207,14 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO // LoadZarfState returns the current zarf/zarf-state secret data or an empty ZarfState. func (c *Cluster) LoadZarfState(ctx context.Context) (state *types.ZarfState, err error) { + stateErr := errors.New("failed to load the Zarf State from the cluster, has Zarf been initiated?") secret, err := c.Clientset.CoreV1().Secrets(ZarfNamespaceName).Get(ctx, ZarfStateSecretName, metav1.GetOptions{}) if err != nil { - return nil, fmt.Errorf("%w. %s", err, message.ColorWrap("Did you remember to zarf init?", color.Bold)) + return nil, fmt.Errorf("%w: %w", stateErr, err) } err = json.Unmarshal(secret.Data[ZarfStateDataKey], &state) if err != nil { - return nil, err + return nil, fmt.Errorf("%w: %w", stateErr, err) } c.debugPrintZarfState(state) return state, nil @@ -305,21 +303,14 @@ func MergeZarfState(oldState *types.ZarfState, initOptions types.ZarfInitOptions if slices.Contains(services, message.RegistryKey) { // TODO: Replace use of reflections with explicit setting newState.RegistryInfo = helpers.MergeNonZero(newState.RegistryInfo, initOptions.RegistryInfo) - // Set the state of the internal registry if it has changed - // TODO: Internal registry should be a function of the address and not a property. - if newState.RegistryInfo.Address == fmt.Sprintf("%s:%d", helpers.IPV4Localhost, newState.RegistryInfo.NodePort) { - newState.RegistryInfo.InternalRegistry = true - } else { - newState.RegistryInfo.InternalRegistry = false - } // Set the new passwords if they should be autogenerated - if newState.RegistryInfo.PushPassword == oldState.RegistryInfo.PushPassword && oldState.RegistryInfo.InternalRegistry { + if newState.RegistryInfo.PushPassword == oldState.RegistryInfo.PushPassword && oldState.RegistryInfo.IsInternal() { if newState.RegistryInfo.PushPassword, err = helpers.RandomString(types.ZarfGeneratedPasswordLen); err != nil { return nil, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } } - if newState.RegistryInfo.PullPassword == oldState.RegistryInfo.PullPassword && oldState.RegistryInfo.InternalRegistry { + if newState.RegistryInfo.PullPassword == oldState.RegistryInfo.PullPassword && oldState.RegistryInfo.IsInternal() { if newState.RegistryInfo.PullPassword, err = helpers.RandomString(types.ZarfGeneratedPasswordLen); err != nil { return nil, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } @@ -329,21 +320,13 @@ func MergeZarfState(oldState *types.ZarfState, initOptions types.ZarfInitOptions // TODO: Replace use of reflections with explicit setting newState.GitServer = helpers.MergeNonZero(newState.GitServer, initOptions.GitServer) - // Set the state of the internal git server if it has changed - // TODO: Internal server should be a function of the address and not a property. - if newState.GitServer.Address == types.ZarfInClusterGitServiceURL { - newState.GitServer.InternalServer = true - } else { - newState.GitServer.InternalServer = false - } - // Set the new passwords if they should be autogenerated - if newState.GitServer.PushPassword == oldState.GitServer.PushPassword && oldState.GitServer.InternalServer { + if newState.GitServer.PushPassword == oldState.GitServer.PushPassword && oldState.GitServer.IsInternal() { if newState.GitServer.PushPassword, err = helpers.RandomString(types.ZarfGeneratedPasswordLen); err != nil { return nil, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } } - if newState.GitServer.PullPassword == oldState.GitServer.PullPassword && oldState.GitServer.InternalServer { + if newState.GitServer.PullPassword == oldState.GitServer.PullPassword && oldState.GitServer.IsInternal() { if newState.GitServer.PullPassword, err = helpers.RandomString(types.ZarfGeneratedPasswordLen); err != nil { return nil, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } @@ -353,16 +336,8 @@ func MergeZarfState(oldState *types.ZarfState, initOptions types.ZarfInitOptions // TODO: Replace use of reflections with explicit setting newState.ArtifactServer = helpers.MergeNonZero(newState.ArtifactServer, initOptions.ArtifactServer) - // Set the state of the internal artifact server if it has changed - // TODO: Internal server should be a function of the address and not a property. - if newState.ArtifactServer.Address == types.ZarfInClusterArtifactServiceURL { - newState.ArtifactServer.InternalServer = true - } else { - newState.ArtifactServer.InternalServer = false - } - // Set an empty token if it should be autogenerated - if newState.ArtifactServer.PushToken == oldState.ArtifactServer.PushToken && oldState.ArtifactServer.InternalServer { + if newState.ArtifactServer.PushToken == oldState.ArtifactServer.PushToken && oldState.ArtifactServer.IsInternal() { newState.ArtifactServer.PushToken = "" } } diff --git a/src/pkg/cluster/state_test.go b/src/pkg/cluster/state_test.go index cf52d195dc..1575528f4a 100644 --- a/src/pkg/cluster/state_test.go +++ b/src/pkg/cluster/state_test.go @@ -6,6 +6,7 @@ package cluster import ( "context" + "encoding/json" "fmt" "testing" "time" @@ -23,6 +24,24 @@ import ( ) func TestInitZarfState(t *testing.T) { + emptyState := types.ZarfState{} + emptyStateData, err := json.Marshal(emptyState) + require.NoError(t, err) + + existingState := types.ZarfState{ + Distro: DistroIsK3d, + RegistryInfo: types.RegistryInfo{ + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", + NodePort: 1, + Secret: "secret", + }, + } + + existingStateData, err := json.Marshal(existingState) + require.NoError(t, err) + tests := []struct { name string initOpts types.ZarfInitOptions @@ -85,6 +104,34 @@ func TestInitZarfState(t *testing.T) { }, }, }, + { + name: "empty Zarf state exists", + nodes: []corev1.Node{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node", + }, + }, + }, + namespaces: []corev1.Namespace{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: ZarfNamespaceName, + }, + }, + }, + secrets: []corev1.Secret{ + { + ObjectMeta: metav1.ObjectMeta{ + Namespace: ZarfNamespaceName, + Name: ZarfStateSecretName, + }, + Data: map[string][]byte{ + ZarfStateDataKey: emptyStateData, + }, + }, + }, + }, { name: "Zarf state exists", nodes: []corev1.Node{ @@ -107,6 +154,9 @@ func TestInitZarfState(t *testing.T) { Namespace: ZarfNamespaceName, Name: ZarfStateSecretName, }, + Data: map[string][]byte{ + ZarfStateDataKey: existingStateData, + }, }, }, }, @@ -158,11 +208,15 @@ func TestInitZarfState(t *testing.T) { return } require.NoError(t, err) + state, err := cs.CoreV1().Secrets(ZarfNamespaceName).Get(ctx, ZarfStateSecretName, metav1.GetOptions{}) + require.NoError(t, err) + require.Equal(t, map[string]string{"app.kubernetes.io/managed-by": "zarf"}, state.Labels) + if tt.secrets != nil { + return + } zarfNs, err := cs.CoreV1().Namespaces().Get(ctx, ZarfNamespaceName, metav1.GetOptions{}) require.NoError(t, err) require.Equal(t, map[string]string{"app.kubernetes.io/managed-by": "zarf"}, zarfNs.Labels) - _, err = cs.CoreV1().Secrets(zarfNs.Name).Get(ctx, ZarfStateSecretName, metav1.GetOptions{}) - require.NoError(t, err) for _, ns := range tt.namespaces { if ns.Name == zarfNs.Name { continue @@ -199,59 +253,46 @@ func TestMergeZarfStateRegistry(t *testing.T) { { name: "internal server auto generate", oldRegistry: types.RegistryInfo{ - Address: fmt.Sprintf("%s:%d", helpers.IPV4Localhost, 1), - NodePort: 1, - InternalRegistry: true, + Address: fmt.Sprintf("%s:%d", helpers.IPV4Localhost, 1), + NodePort: 1, }, expectedRegistry: types.RegistryInfo{ - Address: fmt.Sprintf("%s:%d", helpers.IPV4Localhost, 1), - NodePort: 1, - InternalRegistry: true, + Address: fmt.Sprintf("%s:%d", helpers.IPV4Localhost, 1), + NodePort: 1, }, }, { - name: "external server", + name: "init options merged", oldRegistry: types.RegistryInfo{ - Address: "example.com", - InternalRegistry: false, - PushPassword: "push", - PullPassword: "pull", - }, - expectedRegistry: types.RegistryInfo{ - Address: "example.com", - InternalRegistry: false, - PushPassword: "push", - PullPassword: "pull", + PushUsername: "doesn't matter", + PullUsername: "doesn't matter", + Address: "doesn't matter", + NodePort: 0, + Secret: "doesn't matter", }, - }, - { - name: "init options merged", initRegistry: types.RegistryInfo{ - PushUsername: "push-user", - PullUsername: "pull-user", - Address: "address", - NodePort: 1, - InternalRegistry: false, - Secret: "secret", + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", + NodePort: 1, + Secret: "secret", }, expectedRegistry: types.RegistryInfo{ - PushUsername: "push-user", - PullUsername: "pull-user", - Address: "address", - NodePort: 1, - InternalRegistry: false, - Secret: "secret", + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", + NodePort: 1, + Secret: "secret", }, }, { name: "init options not merged", expectedRegistry: types.RegistryInfo{ - PushUsername: "", - PullUsername: "", - Address: "", - NodePort: 0, - InternalRegistry: false, - Secret: "", + PushUsername: "", + PullUsername: "", + Address: "", + NodePort: 0, + Secret: "", }, }, } @@ -269,7 +310,6 @@ func TestMergeZarfStateRegistry(t *testing.T) { require.Equal(t, tt.expectedRegistry.PullUsername, newState.RegistryInfo.PullUsername) require.Equal(t, tt.expectedRegistry.Address, newState.RegistryInfo.Address) require.Equal(t, tt.expectedRegistry.NodePort, newState.RegistryInfo.NodePort) - require.Equal(t, tt.expectedRegistry.InternalRegistry, newState.RegistryInfo.InternalRegistry) require.Equal(t, tt.expectedRegistry.Secret, newState.RegistryInfo.Secret) }) } @@ -286,12 +326,14 @@ func TestMergeZarfStateGit(t *testing.T) { expectedGitServer types.GitServerInfo }{ { - name: "username is unmodified", + name: "address and usernames are unmodified", oldGitServer: types.GitServerInfo{ + Address: "address", PushUsername: "push-user", PullUsername: "pull-user", }, expectedGitServer: types.GitServerInfo{ + Address: "address", PushUsername: "push-user", PullUsername: "pull-user", }, @@ -299,51 +341,36 @@ func TestMergeZarfStateGit(t *testing.T) { { name: "internal server auto generate", oldGitServer: types.GitServerInfo{ - Address: types.ZarfInClusterGitServiceURL, - InternalServer: true, + Address: types.ZarfInClusterGitServiceURL, }, expectedGitServer: types.GitServerInfo{ - Address: types.ZarfInClusterGitServiceURL, - InternalServer: true, + Address: types.ZarfInClusterGitServiceURL, }, }, { - name: "external server", + name: "init options merged", oldGitServer: types.GitServerInfo{ - Address: "example.com", - InternalServer: false, - PushPassword: "push", - PullPassword: "pull", + Address: "doesn't matter", + PushUsername: "doesn't matter", + PullUsername: "doesn't matter", }, - expectedGitServer: types.GitServerInfo{ - Address: "example.com", - InternalServer: false, - PushPassword: "push", - PullPassword: "pull", - }, - }, - { - name: "init options merged", initGitServer: types.GitServerInfo{ - PushUsername: "push-user", - PullUsername: "pull-user", - Address: "address", - InternalServer: false, + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", }, expectedGitServer: types.GitServerInfo{ - PushUsername: "push-user", - PullUsername: "pull-user", - Address: "address", - InternalServer: false, + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", }, }, { name: "empty init options not merged", expectedGitServer: types.GitServerInfo{ - PushUsername: "", - PullUsername: "", - Address: "", - InternalServer: false, + PushUsername: "", + PullUsername: "", + Address: "", }, }, } @@ -360,7 +387,6 @@ func TestMergeZarfStateGit(t *testing.T) { require.Equal(t, tt.expectedGitServer.PushUsername, newState.GitServer.PushUsername) require.Equal(t, tt.expectedGitServer.PullUsername, newState.GitServer.PullUsername) require.Equal(t, tt.expectedGitServer.Address, newState.GitServer.Address) - require.Equal(t, tt.expectedGitServer.InternalServer, newState.GitServer.InternalServer) }) } } @@ -386,14 +412,12 @@ func TestMergeZarfStateArtifact(t *testing.T) { { name: "old state is internal server auto generate push token", oldArtifactServer: types.ArtifactServerInfo{ - PushToken: "foobar", - Address: types.ZarfInClusterArtifactServiceURL, - InternalServer: true, + PushToken: "foobar", + Address: types.ZarfInClusterArtifactServiceURL, }, expectedArtifactServer: types.ArtifactServerInfo{ - PushToken: "", - Address: types.ZarfInClusterArtifactServiceURL, - InternalServer: true, + PushToken: "", + Address: types.ZarfInClusterArtifactServiceURL, }, }, { @@ -402,51 +426,38 @@ func TestMergeZarfStateArtifact(t *testing.T) { PushToken: "hello world", }, oldArtifactServer: types.ArtifactServerInfo{ - PushToken: "foobar", - Address: types.ZarfInClusterArtifactServiceURL, - InternalServer: false, + PushToken: "foobar", + Address: types.ZarfInClusterArtifactServiceURL, }, expectedArtifactServer: types.ArtifactServerInfo{ - PushToken: "hello world", - Address: types.ZarfInClusterArtifactServiceURL, - InternalServer: true, + PushToken: "hello world", + Address: types.ZarfInClusterArtifactServiceURL, }, }, { - name: "external server same push token", + name: "init options merged", oldArtifactServer: types.ArtifactServerInfo{ - PushToken: "foobar", - Address: "http://example.com", - InternalServer: false, - }, - expectedArtifactServer: types.ArtifactServerInfo{ - PushToken: "foobar", - Address: "http://example.com", - InternalServer: false, + PushUsername: "doesn't matter", + PushToken: "doesn't matter", + Address: "doesn't matter", }, - }, - { - name: "init options merged", initArtifactServer: types.ArtifactServerInfo{ - PushUsername: "user", - PushToken: "token", - Address: "address", - InternalServer: false, + PushUsername: "user", + PushToken: "token", + Address: "address", }, expectedArtifactServer: types.ArtifactServerInfo{ - PushUsername: "user", - PushToken: "token", - Address: "address", - InternalServer: false, + PushUsername: "user", + PushToken: "token", + Address: "address", }, }, { name: "empty init options not merged", expectedArtifactServer: types.ArtifactServerInfo{ - PushUsername: "", - PushToken: "", - Address: "", - InternalServer: false, + PushUsername: "", + PushToken: "", + Address: "", }, }, } diff --git a/src/pkg/cluster/tunnel.go b/src/pkg/cluster/tunnel.go index f0a1a660e0..61fd090546 100644 --- a/src/pkg/cluster/tunnel.go +++ b/src/pkg/cluster/tunnel.go @@ -47,26 +47,14 @@ const ( // TunnelInfo is a struct that contains the necessary info to create a new Tunnel type TunnelInfo struct { - localPort int - remotePort int - namespace string - resourceType string - resourceName string + LocalPort int + RemotePort int + Namespace string + ResourceType string + ResourceName string urlSuffix string } -// NewTunnelInfo returns a new TunnelInfo object for connecting to a cluster -func NewTunnelInfo(namespace, resourceType, resourceName, urlSuffix string, localPort, remotePort int) TunnelInfo { - return TunnelInfo{ - namespace: namespace, - resourceType: resourceType, - resourceName: resourceName, - urlSuffix: urlSuffix, - localPort: localPort, - remotePort: remotePort, - } -} - // ListConnections will return a list of all Zarf connect matches found in the cluster. func (c *Cluster) ListConnections(ctx context.Context) (types.ConnectStrings, error) { selector, err := metav1.LabelSelectorAsSelector(&metav1.LabelSelector{ @@ -93,44 +81,53 @@ func (c *Cluster) ListConnections(ctx context.Context) (types.ConnectStrings, er return connections, nil } -// Connect will establish a tunnel to the specified target. -func (c *Cluster) Connect(ctx context.Context, target string) (*Tunnel, error) { +// NewTargetTunnelInfo returns a new TunnelInfo object for the specified target. +func (c *Cluster) NewTargetTunnelInfo(ctx context.Context, target string) (TunnelInfo, error) { var err error zt := TunnelInfo{ - namespace: ZarfNamespaceName, - resourceType: SvcResource, + Namespace: ZarfNamespaceName, + ResourceType: SvcResource, } switch strings.ToUpper(target) { case ZarfRegistry: - zt.resourceName = ZarfRegistryName - zt.remotePort = ZarfRegistryPort + zt.ResourceName = ZarfRegistryName + zt.RemotePort = ZarfRegistryPort zt.urlSuffix = `/v2/_catalog` case ZarfGit: - zt.resourceName = ZarfGitServerName - zt.remotePort = ZarfGitServerPort + zt.ResourceName = ZarfGitServerName + zt.RemotePort = ZarfGitServerPort case ZarfInjector: - zt.resourceName = ZarfInjectorName - zt.remotePort = ZarfInjectorPort + zt.ResourceName = ZarfInjectorName + zt.RemotePort = ZarfInjectorPort default: if target != "" { if zt, err = c.checkForZarfConnectLabel(ctx, target); err != nil { - return nil, fmt.Errorf("problem looking for a zarf connect label in the cluster: %s", err.Error()) + return TunnelInfo{}, fmt.Errorf("problem looking for a zarf connect label in the cluster: %s", err.Error()) } } - if zt.resourceName == "" { - return nil, fmt.Errorf("missing resource name") + if zt.ResourceName == "" { + return TunnelInfo{}, fmt.Errorf("missing resource name") } - if zt.remotePort < 1 { - return nil, fmt.Errorf("missing remote port") + if zt.RemotePort < 1 { + return TunnelInfo{}, fmt.Errorf("missing remote port") } } + return zt, err +} + +// Connect will establish a tunnel to the specified target. +func (c *Cluster) Connect(ctx context.Context, target string) (*Tunnel, error) { + zt, err := c.NewTargetTunnelInfo(ctx, target) + if err != nil { + return nil, err + } return c.ConnectTunnelInfo(ctx, zt) } // ConnectTunnelInfo connects to the cluster with the provided TunnelInfo func (c *Cluster) ConnectTunnelInfo(ctx context.Context, zt TunnelInfo) (*Tunnel, error) { - tunnel, err := c.NewTunnel(zt.namespace, zt.resourceType, zt.resourceName, zt.urlSuffix, zt.localPort, zt.remotePort) + tunnel, err := c.NewTunnel(zt.Namespace, zt.ResourceType, zt.ResourceName, zt.urlSuffix, zt.LocalPort, zt.RemotePort) if err != nil { return nil, err } @@ -149,7 +146,7 @@ func (c *Cluster) ConnectToZarfRegistryEndpoint(ctx context.Context, registryInf var err error var tunnel *Tunnel - if registryInfo.InternalRegistry { + if registryInfo.IsInternal() { // Establish a registry tunnel to send the images to the zarf registry if tunnel, err = c.NewTunnel(ZarfNamespaceName, SvcResource, ZarfRegistryName, "", 0, ZarfRegistryPort); err != nil { return "", tunnel, err @@ -185,8 +182,6 @@ func (c *Cluster) checkForZarfConnectLabel(ctx context.Context, name string) (Tu var err error var zt TunnelInfo - message.Debugf("Looking for a Zarf Connect Label in the cluster") - selector, err := metav1.LabelSelectorAsSelector(&metav1.LabelSelector{ MatchLabels: map[string]string{ ZarfConnectLabelName: name, @@ -206,25 +201,25 @@ func (c *Cluster) checkForZarfConnectLabel(ctx context.Context, name string) (Tu svc := serviceList.Items[0] // Reset based on the matched params. - zt.resourceType = SvcResource - zt.resourceName = svc.Name - zt.namespace = svc.Namespace + zt.ResourceType = SvcResource + zt.ResourceName = svc.Name + zt.Namespace = svc.Namespace // Only support a service with a single port. - zt.remotePort = svc.Spec.Ports[0].TargetPort.IntValue() + zt.RemotePort = svc.Spec.Ports[0].TargetPort.IntValue() // if targetPort == 0, look for Port (which is required) - if zt.remotePort == 0 { + if zt.RemotePort == 0 { // TODO: Need a check for if container port is not found remotePort, err := c.findPodContainerPort(ctx, svc) if err != nil { return TunnelInfo{}, err } - zt.remotePort = remotePort + zt.RemotePort = remotePort } // Add the url suffix too. zt.urlSuffix = svc.Annotations[ZarfConnectAnnotationURL] - message.Debugf("tunnel connection match: %s/%s on port %d", svc.Namespace, svc.Name, zt.remotePort) + message.Debugf("tunnel connection match: %s/%s on port %d", svc.Namespace, svc.Name, zt.RemotePort) } else { return zt, fmt.Errorf("no matching services found for %s", name) } diff --git a/src/pkg/cluster/zarf.go b/src/pkg/cluster/zarf.go index 7320e4610b..6172e3fa78 100644 --- a/src/pkg/cluster/zarf.go +++ b/src/pkg/cluster/zarf.go @@ -17,6 +17,7 @@ import ( kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/types" @@ -54,14 +55,17 @@ func (c *Cluster) GetDeployedZarfPackages(ctx context.Context) ([]types.Deployed // GetDeployedPackage gets the metadata information about the package name provided (if it exists in the cluster). // We determine what packages have been deployed to the cluster by looking for specific secrets in the Zarf namespace. -func (c *Cluster) GetDeployedPackage(ctx context.Context, packageName string) (deployedPackage *types.DeployedPackage, err error) { - // Get the secret that describes the deployed package +func (c *Cluster) GetDeployedPackage(ctx context.Context, packageName string) (*types.DeployedPackage, error) { secret, err := c.Clientset.CoreV1().Secrets(ZarfNamespaceName).Get(ctx, config.ZarfPackagePrefix+packageName, metav1.GetOptions{}) if err != nil { - return deployedPackage, err + return nil, err } - - return deployedPackage, json.Unmarshal(secret.Data["data"], &deployedPackage) + deployedPackage := &types.DeployedPackage{} + err = json.Unmarshal(secret.Data["data"], deployedPackage) + if err != nil { + return nil, err + } + return deployedPackage, nil } // StripZarfLabelsAndSecretsFromNamespaces removes metadata and secrets from existing namespaces no longer manged by Zarf. @@ -104,8 +108,7 @@ func (c *Cluster) StripZarfLabelsAndSecretsFromNamespaces(ctx context.Context) { } // PackageSecretNeedsWait checks if a package component has a running webhook that needs to be waited on. -func (c *Cluster) PackageSecretNeedsWait(deployedPackage *types.DeployedPackage, component types.ZarfComponent, skipWebhooks bool) (needsWait bool, waitSeconds int, hookName string) { - +func (c *Cluster) PackageSecretNeedsWait(deployedPackage *types.DeployedPackage, component v1alpha1.ZarfComponent, skipWebhooks bool) (needsWait bool, waitSeconds int, hookName string) { // Skip checking webhook status when '--skip-webhooks' flag is provided and for YOLO packages if skipWebhooks || deployedPackage == nil || deployedPackage.Data.Metadata.YOLO { return false, 0, "" @@ -129,7 +132,7 @@ func (c *Cluster) PackageSecretNeedsWait(deployedPackage *types.DeployedPackage, } // RecordPackageDeploymentAndWait records the deployment of a package to the cluster and waits for any webhooks to complete. -func (c *Cluster) RecordPackageDeploymentAndWait(ctx context.Context, pkg types.ZarfPackage, components []types.DeployedComponent, connectStrings types.ConnectStrings, generation int, component types.ZarfComponent, skipWebhooks bool) (deployedPackage *types.DeployedPackage, err error) { +func (c *Cluster) RecordPackageDeploymentAndWait(ctx context.Context, pkg v1alpha1.ZarfPackage, components []types.DeployedComponent, connectStrings types.ConnectStrings, generation int, component v1alpha1.ZarfComponent, skipWebhooks bool) (deployedPackage *types.DeployedPackage, err error) { deployedPackage, err = c.RecordPackageDeployment(ctx, pkg, components, connectStrings, generation) if err != nil { return nil, err @@ -177,7 +180,7 @@ func (c *Cluster) RecordPackageDeploymentAndWait(ctx context.Context, pkg types. } // RecordPackageDeployment saves metadata about a package that has been deployed to the cluster. -func (c *Cluster) RecordPackageDeployment(ctx context.Context, pkg types.ZarfPackage, components []types.DeployedComponent, connectStrings types.ConnectStrings, generation int) (deployedPackage *types.DeployedPackage, err error) { +func (c *Cluster) RecordPackageDeployment(ctx context.Context, pkg v1alpha1.ZarfPackage, components []types.DeployedComponent, connectStrings types.ConnectStrings, generation int) (deployedPackage *types.DeployedPackage, err error) { packageName := pkg.Metadata.Name // Attempt to load information about webhooks for the package @@ -278,7 +281,7 @@ func (c *Cluster) DisableRegHPAScaleDown(ctx context.Context) error { } // GetInstalledChartsForComponent returns any installed Helm Charts for the provided package component. -func (c *Cluster) GetInstalledChartsForComponent(ctx context.Context, packageName string, component types.ZarfComponent) (installedCharts []types.InstalledChart, err error) { +func (c *Cluster) GetInstalledChartsForComponent(ctx context.Context, packageName string, component v1alpha1.ZarfComponent) (installedCharts []types.InstalledChart, err error) { deployedPackage, err := c.GetDeployedPackage(ctx, packageName) if err != nil { return installedCharts, err diff --git a/src/pkg/cluster/zarf_test.go b/src/pkg/cluster/zarf_test.go index f7e9b481ec..fe8b91d188 100644 --- a/src/pkg/cluster/zarf_test.go +++ b/src/pkg/cluster/zarf_test.go @@ -16,6 +16,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/types" ) @@ -27,7 +28,7 @@ func TestPackageSecretNeedsWait(t *testing.T) { type testCase struct { name string deployedPackage *types.DeployedPackage - component types.ZarfComponent + component v1alpha1.ZarfComponent skipWebhooks bool needsWait bool waitSeconds int @@ -43,7 +44,7 @@ func TestPackageSecretNeedsWait(t *testing.T) { testCases := []testCase{ { name: "NoWebhooks", - component: types.ZarfComponent{Name: componentName}, + component: v1alpha1.ZarfComponent{Name: componentName}, deployedPackage: &types.DeployedPackage{ Name: packageName, ComponentWebhooks: map[string]map[string]types.Webhook{}, @@ -54,7 +55,7 @@ func TestPackageSecretNeedsWait(t *testing.T) { }, { name: "WebhookRunning", - component: types.ZarfComponent{Name: componentName}, + component: v1alpha1.ZarfComponent{Name: componentName}, deployedPackage: &types.DeployedPackage{ Name: packageName, ComponentWebhooks: map[string]map[string]types.Webhook{ @@ -73,7 +74,7 @@ func TestPackageSecretNeedsWait(t *testing.T) { // Ensure we only wait on running webhooks for the provided component { name: "WebhookRunningOnDifferentComponent", - component: types.ZarfComponent{Name: componentName}, + component: v1alpha1.ZarfComponent{Name: componentName}, deployedPackage: &types.DeployedPackage{ Name: packageName, ComponentWebhooks: map[string]map[string]types.Webhook{ @@ -91,7 +92,7 @@ func TestPackageSecretNeedsWait(t *testing.T) { }, { name: "WebhookSucceeded", - component: types.ZarfComponent{Name: componentName}, + component: v1alpha1.ZarfComponent{Name: componentName}, deployedPackage: &types.DeployedPackage{ Name: packageName, ComponentWebhooks: map[string]map[string]types.Webhook{ @@ -108,7 +109,7 @@ func TestPackageSecretNeedsWait(t *testing.T) { }, { name: "WebhookFailed", - component: types.ZarfComponent{Name: componentName}, + component: v1alpha1.ZarfComponent{Name: componentName}, deployedPackage: &types.DeployedPackage{ Name: packageName, ComponentWebhooks: map[string]map[string]types.Webhook{ @@ -125,7 +126,7 @@ func TestPackageSecretNeedsWait(t *testing.T) { }, { name: "WebhookRemoving", - component: types.ZarfComponent{Name: componentName}, + component: v1alpha1.ZarfComponent{Name: componentName}, deployedPackage: &types.DeployedPackage{ Name: packageName, ComponentWebhooks: map[string]map[string]types.Webhook{ @@ -142,11 +143,11 @@ func TestPackageSecretNeedsWait(t *testing.T) { }, { name: "SkipWaitForYOLO", - component: types.ZarfComponent{Name: componentName}, + component: v1alpha1.ZarfComponent{Name: componentName}, deployedPackage: &types.DeployedPackage{ Name: packageName, - Data: types.ZarfPackage{ - Metadata: types.ZarfMetadata{ + Data: v1alpha1.ZarfPackage{ + Metadata: v1alpha1.ZarfMetadata{ YOLO: true, }, }, @@ -165,7 +166,7 @@ func TestPackageSecretNeedsWait(t *testing.T) { }, { name: "SkipWebhooksFlagUsed", - component: types.ZarfComponent{Name: componentName}, + component: v1alpha1.ZarfComponent{Name: componentName}, skipWebhooks: true, deployedPackage: &types.DeployedPackage{ Name: packageName, diff --git a/src/pkg/interactive/components.go b/src/pkg/interactive/components.go index f48db25043..719228cb5c 100644 --- a/src/pkg/interactive/components.go +++ b/src/pkg/interactive/components.go @@ -9,13 +9,13 @@ import ( "github.com/AlecAivazis/survey/v2" "github.com/pterm/pterm" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" ) // SelectOptionalComponent prompts to confirm optional components -func SelectOptionalComponent(component types.ZarfComponent) (confirm bool, err error) { +func SelectOptionalComponent(component v1alpha1.ZarfComponent) (confirm bool, err error) { message.HorizontalRule() displayComponent := component @@ -34,7 +34,7 @@ func SelectOptionalComponent(component types.ZarfComponent) (confirm bool, err e } // SelectChoiceGroup prompts to select component groups -func SelectChoiceGroup(componentGroup []types.ZarfComponent) (types.ZarfComponent, error) { +func SelectChoiceGroup(componentGroup []v1alpha1.ZarfComponent) (v1alpha1.ZarfComponent, error) { message.HorizontalRule() var chosen int diff --git a/src/pkg/interactive/prompt.go b/src/pkg/interactive/prompt.go index 759f520948..c22b05e449 100644 --- a/src/pkg/interactive/prompt.go +++ b/src/pkg/interactive/prompt.go @@ -24,7 +24,6 @@ func PromptSigPassword() ([]byte, error) { // PromptVariable prompts the user for a value for a variable func PromptVariable(variable variables.InteractiveVariable) (value string, err error) { - if variable.Description != "" { message.Question(variable.Description) } diff --git a/src/pkg/layout/component.go b/src/pkg/layout/component.go index f52e6bbe06..fee2d90082 100644 --- a/src/pkg/layout/component.go +++ b/src/pkg/layout/component.go @@ -12,8 +12,8 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/mholt/archiver/v3" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/types" ) // ComponentPaths contains paths for a component. @@ -38,14 +38,8 @@ type Components struct { // ErrNotLoaded is returned when a path is not loaded. var ErrNotLoaded = fmt.Errorf("not loaded") -// IsNotLoaded checks if an error is ErrNotLoaded. -func IsNotLoaded(err error) bool { - u, ok := err.(*fs.PathError) - return ok && u.Unwrap() == ErrNotLoaded -} - // Archive archives a component. -func (c *Components) Archive(component types.ZarfComponent, cleanupTemp bool) (err error) { +func (c *Components) Archive(component v1alpha1.ZarfComponent, cleanupTemp bool) (err error) { name := component.Name if _, ok := c.Dirs[name]; !ok { return &fs.PathError{ @@ -81,7 +75,7 @@ func (c *Components) Archive(component types.ZarfComponent, cleanupTemp bool) (e } // Unarchive unarchives a component. -func (c *Components) Unarchive(component types.ZarfComponent) (err error) { +func (c *Components) Unarchive(component v1alpha1.ZarfComponent) (err error) { name := component.Name tb, ok := c.Tarballs[name] if !ok { @@ -144,7 +138,7 @@ func (c *Components) Unarchive(component types.ZarfComponent) (err error) { } // Create creates a new component directory structure. -func (c *Components) Create(component types.ZarfComponent) (cp *ComponentPaths, err error) { +func (c *Components) Create(component v1alpha1.ZarfComponent) (cp *ComponentPaths, err error) { name := component.Name _, ok := c.Tarballs[name] diff --git a/src/pkg/layout/package.go b/src/pkg/layout/package.go index aef5e849d6..a38ec599a1 100644 --- a/src/pkg/layout/package.go +++ b/src/pkg/layout/package.go @@ -16,11 +16,11 @@ import ( "github.com/google/go-containerregistry/pkg/crane" "github.com/mholt/archiver/v3" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/interactive" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/deprecated" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" ) // PackagePaths is the default package layout. @@ -52,9 +52,9 @@ func New(baseDir string) *PackagePaths { // ReadZarfYAML reads a zarf.yaml file into memory, // checks if it's using the legacy layout, and migrates deprecated component configs. -func (pp *PackagePaths) ReadZarfYAML() (pkg types.ZarfPackage, warnings []string, err error) { +func (pp *PackagePaths) ReadZarfYAML() (pkg v1alpha1.ZarfPackage, warnings []string, err error) { if err := utils.ReadYaml(pp.ZarfYAML, &pkg); err != nil { - return types.ZarfPackage{}, nil, fmt.Errorf("unable to read zarf.yaml: %w", err) + return v1alpha1.ZarfPackage{}, nil, fmt.Errorf("unable to read zarf.yaml: %w", err) } if pp.IsLegacyLayout() { @@ -75,7 +75,7 @@ func (pp *PackagePaths) ReadZarfYAML() (pkg types.ZarfPackage, warnings []string // MigrateLegacy migrates a legacy package layout to the new layout. func (pp *PackagePaths) MigrateLegacy() (err error) { - var pkg types.ZarfPackage + var pkg v1alpha1.ZarfPackage base := pp.Base // legacy layout does not contain a checksums file, nor a signature diff --git a/src/pkg/lint/findings.go b/src/pkg/lint/findings.go new file mode 100644 index 0000000000..a8ad9b5eac --- /dev/null +++ b/src/pkg/lint/findings.go @@ -0,0 +1,115 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package lint contains functions for verifying zarf yaml files are valid +package lint + +import ( + "fmt" + "path/filepath" + + "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/fatih/color" + "github.com/zarf-dev/zarf/src/pkg/message" +) + +// PackageFinding is a struct that contains a finding about something wrong with a package +type PackageFinding struct { + // YqPath is the path to the key where the error originated from, this is sometimes empty in the case of a general error + YqPath string + Description string + // Item is the value of a key that is causing an error, for example a bad image name + Item string + // PackageNameOverride shows the name of the package that the error originated from + // If it is not set the base package will be used when displaying the error + PackageNameOverride string + // PackagePathOverride shows the path to the package that the error originated from + // If it is not set the base package will be used when displaying the error + PackagePathOverride string + Severity Severity +} + +// Severity is the type of finding +type Severity int + +// different severities of package errors +const ( + SevErr Severity = iota + 1 + SevWarn +) + +func (f PackageFinding) itemizedDescription() string { + if f.Item == "" { + return f.Description + } + return fmt.Sprintf("%s - %s", f.Description, f.Item) +} + +func colorWrapSev(s Severity) string { + if s == SevErr { + return message.ColorWrap("Error", color.FgRed) + } else if s == SevWarn { + return message.ColorWrap("Warning", color.FgYellow) + } + return "unknown" +} + +func filterLowerSeverity(findings []PackageFinding, severity Severity) []PackageFinding { + findings = helpers.RemoveMatches(findings, func(finding PackageFinding) bool { + return finding.Severity > severity + }) + return findings +} + +// PrintFindings prints the findings of the given severity in a table +func PrintFindings(findings []PackageFinding, severity Severity, baseDir string, packageName string) { + findings = filterLowerSeverity(findings, severity) + if len(findings) == 0 { + return + } + mapOfFindingsByPath := GroupFindingsByPath(findings, packageName) + + header := []string{"Type", "Path", "Message"} + + for _, findings := range mapOfFindingsByPath { + lintData := [][]string{} + for _, finding := range findings { + lintData = append(lintData, []string{ + colorWrapSev(finding.Severity), + message.ColorWrap(finding.YqPath, color.FgCyan), + finding.itemizedDescription(), + }) + } + var packagePathFromUser string + if helpers.IsOCIURL(findings[0].PackagePathOverride) { + packagePathFromUser = findings[0].PackagePathOverride + } else { + packagePathFromUser = filepath.Join(baseDir, findings[0].PackagePathOverride) + } + message.Notef("Linting package %q at %s", findings[0].PackageNameOverride, packagePathFromUser) + message.Table(header, lintData) + } +} + +// GroupFindingsByPath groups findings by their package path +func GroupFindingsByPath(findings []PackageFinding, packageName string) map[string][]PackageFinding { + for i := range findings { + if findings[i].PackageNameOverride == "" { + findings[i].PackageNameOverride = packageName + } + if findings[i].PackagePathOverride == "" { + findings[i].PackagePathOverride = "." + } + } + + mapOfFindingsByPath := make(map[string][]PackageFinding) + for _, finding := range findings { + mapOfFindingsByPath[finding.PackagePathOverride] = append(mapOfFindingsByPath[finding.PackagePathOverride], finding) + } + return mapOfFindingsByPath +} + +// HasSevOrHigher returns true if the findings contain a severity equal to or greater than the given severity +func HasSevOrHigher(findings []PackageFinding, severity Severity) bool { + return len(filterLowerSeverity(findings, severity)) > 0 +} diff --git a/src/pkg/lint/findings_test.go b/src/pkg/lint/findings_test.go new file mode 100644 index 0000000000..f3c09673c8 --- /dev/null +++ b/src/pkg/lint/findings_test.go @@ -0,0 +1,105 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package lint contains functions for verifying zarf yaml files are valid +package lint + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestGroupFindingsByPath(t *testing.T) { + t.Parallel() + tests := []struct { + name string + findings []PackageFinding + severity Severity + packageName string + want map[string][]PackageFinding + }{ + { + name: "same package multiple findings", + findings: []PackageFinding{ + {Severity: SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, + {Severity: SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, + }, + packageName: "testPackage", + want: map[string][]PackageFinding{ + "path": { + {Severity: SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, + {Severity: SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, + }, + }, + }, + { + name: "different packages single finding", + findings: []PackageFinding{ + {Severity: SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, + {Severity: SevErr, PackageNameOverride: "", PackagePathOverride: ""}, + }, + packageName: "testPackage", + want: map[string][]PackageFinding{ + "path": {{Severity: SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}}, + ".": {{Severity: SevErr, PackageNameOverride: "testPackage", PackagePathOverride: "."}}, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + require.Equal(t, tt.want, GroupFindingsByPath(tt.findings, tt.packageName)) + }) + } +} + +func TestHasSeverity(t *testing.T) { + t.Parallel() + tests := []struct { + name string + severity Severity + expected bool + findings []PackageFinding + }{ + { + name: "error severity present", + findings: []PackageFinding{ + { + Severity: SevErr, + }, + }, + severity: SevErr, + expected: true, + }, + { + name: "error severity not present", + findings: []PackageFinding{ + { + Severity: SevWarn, + }, + }, + severity: SevErr, + expected: false, + }, + { + name: "err and warning severity present", + findings: []PackageFinding{ + { + Severity: SevWarn, + }, + { + Severity: SevErr, + }, + }, + severity: SevErr, + expected: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + require.Equal(t, tt.expected, HasSevOrHigher(tt.findings, tt.severity)) + }) + } +} diff --git a/src/pkg/lint/lint.go b/src/pkg/lint/lint.go new file mode 100644 index 0000000000..9c0132f2e8 --- /dev/null +++ b/src/pkg/lint/lint.go @@ -0,0 +1,137 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package lint contains functions for verifying zarf yaml files are valid +package lint + +import ( + "context" + "errors" + "fmt" + "os" + + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/config" + "github.com/zarf-dev/zarf/src/config/lang" + "github.com/zarf-dev/zarf/src/pkg/layout" + "github.com/zarf-dev/zarf/src/pkg/message" + "github.com/zarf-dev/zarf/src/pkg/packager/composer" + "github.com/zarf-dev/zarf/src/pkg/utils" + "github.com/zarf-dev/zarf/src/types" +) + +// Validate lints the given Zarf package +func Validate(ctx context.Context, createOpts types.ZarfCreateOptions) error { + var findings []PackageFinding + if err := os.Chdir(createOpts.BaseDir); err != nil { + return fmt.Errorf("unable to access directory %q: %w", createOpts.BaseDir, err) + } + var pkg v1alpha1.ZarfPackage + if err := utils.ReadYaml(layout.ZarfYAML, &pkg); err != nil { + return err + } + + compFindings, err := lintComponents(ctx, pkg, createOpts) + if err != nil { + return err + } + findings = append(findings, compFindings...) + schemaFindings, err := ValidatePackageSchema() + if err != nil { + return err + } + findings = append(findings, schemaFindings...) + + if len(findings) == 0 { + message.Successf("0 findings for %q", pkg.Metadata.Name) + return nil + } + PrintFindings(findings, SevWarn, createOpts.BaseDir, pkg.Metadata.Name) + if HasSevOrHigher(findings, SevErr) { + return errors.New("errors during lint") + } + return nil +} + +func lintComponents(ctx context.Context, pkg v1alpha1.ZarfPackage, createOpts types.ZarfCreateOptions) ([]PackageFinding, error) { + var findings []PackageFinding + + for i, component := range pkg.Components { + arch := config.GetArch(pkg.Metadata.Architecture) + if !composer.CompatibleComponent(component, arch, createOpts.Flavor) { + continue + } + + chain, err := composer.NewImportChain(ctx, component, i, pkg.Metadata.Name, arch, createOpts.Flavor) + + if err != nil { + return nil, err + } + + node := chain.Head() + for node != nil { + component := node.ZarfComponent + compFindings, err := fillComponentTemplate(&component, createOpts) + if err != nil { + return nil, err + } + compFindings = append(compFindings, CheckComponentValues(component, node.Index())...) + for i := range compFindings { + compFindings[i].PackagePathOverride = node.ImportLocation() + compFindings[i].PackageNameOverride = node.OriginalPackageName() + } + findings = append(findings, compFindings...) + node = node.Next() + } + } + return findings, nil +} + +func fillComponentTemplate(c *v1alpha1.ZarfComponent, createOpts types.ZarfCreateOptions) ([]PackageFinding, error) { + var findings []PackageFinding + templateMap := map[string]string{} + + setVarsAndWarn := func(templatePrefix string, deprecated bool) error { + yamlTemplates, err := utils.FindYamlTemplates(c, templatePrefix, "###") + if err != nil { + return err + } + + var unSetTemplates bool + for key := range yamlTemplates { + if deprecated { + findings = append(findings, PackageFinding{ + Description: fmt.Sprintf(lang.PkgValidateTemplateDeprecation, key, key, key), + Severity: SevWarn, + }) + } + if _, present := createOpts.SetVariables[key]; !present { + unSetTemplates = true + } + } + if unSetTemplates { + findings = append(findings, PackageFinding{ + Description: lang.UnsetVarLintWarning, + Severity: SevWarn, + }) + } + for key, value := range createOpts.SetVariables { + templateMap[fmt.Sprintf("%s%s###", templatePrefix, key)] = value + } + return nil + } + + if err := setVarsAndWarn(v1alpha1.ZarfPackageTemplatePrefix, false); err != nil { + return nil, err + } + + // [DEPRECATION] Set the Package Variable syntax as well for backward compatibility + if err := setVarsAndWarn(v1alpha1.ZarfPackageVariablePrefix, true); err != nil { + return nil, err + } + + if err := utils.ReloadYamlTemplate(c, templateMap); err != nil { + return nil, err + } + return findings, nil +} diff --git a/src/pkg/lint/lint_test.go b/src/pkg/lint/lint_test.go new file mode 100644 index 0000000000..d6ad24ad82 --- /dev/null +++ b/src/pkg/lint/lint_test.go @@ -0,0 +1,72 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package lint contains functions for verifying zarf yaml files are valid +package lint + +import ( + "context" + "fmt" + "testing" + + "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/config/lang" + "github.com/zarf-dev/zarf/src/types" +) + +func TestLintComponents(t *testing.T) { + t.Run("Test composable components with bad path", func(t *testing.T) { + t.Parallel() + zarfPackage := v1alpha1.ZarfPackage{ + Components: []v1alpha1.ZarfComponent{ + { + Import: v1alpha1.ZarfComponentImport{Path: "bad-path"}, + }, + }, + Metadata: v1alpha1.ZarfMetadata{Name: "test-zarf-package"}, + } + + createOpts := types.ZarfCreateOptions{Flavor: "", BaseDir: "."} + _, err := lintComponents(context.Background(), zarfPackage, createOpts) + require.Error(t, err) + }) +} +func TestFillComponentTemplate(t *testing.T) { + createOpts := types.ZarfCreateOptions{ + SetVariables: map[string]string{ + "KEY1": "value1", + "KEY2": "value2", + }, + } + + component := v1alpha1.ZarfComponent{ + Images: []string{ + fmt.Sprintf("%s%s###", v1alpha1.ZarfPackageTemplatePrefix, "KEY1"), + fmt.Sprintf("%s%s###", v1alpha1.ZarfPackageVariablePrefix, "KEY2"), + fmt.Sprintf("%s%s###", v1alpha1.ZarfPackageTemplatePrefix, "KEY3"), + }, + } + + findings, err := fillComponentTemplate(&component, createOpts) + require.NoError(t, err) + expectedFindings := []PackageFinding{ + { + Severity: SevWarn, + Description: "There are templates that are not set and won't be evaluated during lint", + }, + { + Severity: SevWarn, + Description: fmt.Sprintf(lang.PkgValidateTemplateDeprecation, "KEY2", "KEY2", "KEY2"), + }, + } + expectedComponent := v1alpha1.ZarfComponent{ + Images: []string{ + "value1", + "value2", + fmt.Sprintf("%s%s###", v1alpha1.ZarfPackageTemplatePrefix, "KEY3"), + }, + } + require.ElementsMatch(t, expectedFindings, findings) + require.Equal(t, expectedComponent, component) +} diff --git a/src/pkg/lint/rules.go b/src/pkg/lint/rules.go new file mode 100644 index 0000000000..0be01cf687 --- /dev/null +++ b/src/pkg/lint/rules.go @@ -0,0 +1,108 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package lint contains functions for verifying zarf yaml files are valid +package lint + +import ( + "fmt" + "strings" + + "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/pkg/transform" +) + +func isPinnedImage(image string) (bool, error) { + transformedImage, err := transform.ParseImageRef(image) + if err != nil { + if strings.Contains(image, v1alpha1.ZarfPackageTemplatePrefix) || + strings.Contains(image, v1alpha1.ZarfPackageVariablePrefix) { + return true, nil + } + return false, err + } + if isCosignSignature(transformedImage.Tag) || isCosignAttestation(transformedImage.Tag) { + return true, nil + } + return (transformedImage.Digest != ""), err +} + +func isCosignSignature(image string) bool { + return strings.HasSuffix(image, ".sig") +} + +func isCosignAttestation(image string) bool { + return strings.HasSuffix(image, ".att") +} + +func isPinnedRepo(repo string) bool { + return (strings.Contains(repo, "@")) +} + +// CheckComponentValues runs lint rules validating values on component keys, should be run after templating +func CheckComponentValues(c v1alpha1.ZarfComponent, i int) []PackageFinding { + var findings []PackageFinding + findings = append(findings, checkForUnpinnedRepos(c, i)...) + findings = append(findings, checkForUnpinnedImages(c, i)...) + findings = append(findings, checkForUnpinnedFiles(c, i)...) + return findings +} + +func checkForUnpinnedRepos(c v1alpha1.ZarfComponent, i int) []PackageFinding { + var findings []PackageFinding + for j, repo := range c.Repos { + repoYqPath := fmt.Sprintf(".components.[%d].repos.[%d]", i, j) + if !isPinnedRepo(repo) { + findings = append(findings, PackageFinding{ + YqPath: repoYqPath, + Description: "Unpinned repository", + Item: repo, + Severity: SevWarn, + }) + } + } + return findings +} + +func checkForUnpinnedImages(c v1alpha1.ZarfComponent, i int) []PackageFinding { + var findings []PackageFinding + for j, image := range c.Images { + imageYqPath := fmt.Sprintf(".components.[%d].images.[%d]", i, j) + pinnedImage, err := isPinnedImage(image) + if err != nil { + findings = append(findings, PackageFinding{ + YqPath: imageYqPath, + Description: "Failed to parse image reference", + Item: image, + Severity: SevWarn, + }) + continue + } + if !pinnedImage { + findings = append(findings, PackageFinding{ + YqPath: imageYqPath, + Description: "Image not pinned with digest", + Item: image, + Severity: SevWarn, + }) + } + } + return findings +} + +func checkForUnpinnedFiles(c v1alpha1.ZarfComponent, i int) []PackageFinding { + var findings []PackageFinding + for j, file := range c.Files { + fileYqPath := fmt.Sprintf(".components.[%d].files.[%d]", i, j) + if file.Shasum == "" && helpers.IsURL(file.Source) { + findings = append(findings, PackageFinding{ + YqPath: fileYqPath, + Description: "No shasum for remote file", + Item: file.Source, + Severity: SevWarn, + }) + } + } + return findings +} diff --git a/src/pkg/lint/rules_test.go b/src/pkg/lint/rules_test.go new file mode 100644 index 0000000000..803dae9096 --- /dev/null +++ b/src/pkg/lint/rules_test.go @@ -0,0 +1,137 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package lint contains functions for verifying zarf yaml files are valid +package lint + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" +) + +func TestUnpinnedRepo(t *testing.T) { + t.Parallel() + unpinnedRepo := "https://github.com/zarf-dev/zarf-public-test.git" + component := v1alpha1.ZarfComponent{Repos: []string{ + unpinnedRepo, + "https://dev.azure.com/zarf-dev/zarf-public-test/_git/zarf-public-test@v0.0.1", + }} + findings := checkForUnpinnedRepos(component, 0) + expected := []PackageFinding{ + { + Item: unpinnedRepo, + Description: "Unpinned repository", + Severity: SevWarn, + YqPath: ".components.[0].repos.[0]", + }, + } + require.Equal(t, expected, findings) +} + +func TestUnpinnedImageWarning(t *testing.T) { + t.Parallel() + unpinnedImage := "registry.com:9001/whatever/image:1.0.0" + badImage := "badimage:badimage@@sha256:3fbc632167424a6d997e74f5" + cosignSignature := "ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.sig" + cosignAttestation := "ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.att" + component := v1alpha1.ZarfComponent{Images: []string{ + unpinnedImage, + "busybox:latest@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79", + badImage, + cosignSignature, + cosignAttestation, + }} + findings := checkForUnpinnedImages(component, 0) + expected := []PackageFinding{ + { + Item: unpinnedImage, + Description: "Image not pinned with digest", + Severity: SevWarn, + YqPath: ".components.[0].images.[0]", + }, + { + Item: badImage, + Description: "Failed to parse image reference", + Severity: SevWarn, + YqPath: ".components.[0].images.[2]", + }, + } + require.Equal(t, expected, findings) +} + +func TestUnpinnnedFileWarning(t *testing.T) { + t.Parallel() + fileURL := "http://example.com/file.zip" + localFile := "local.txt" + zarfFiles := []v1alpha1.ZarfFile{ + { + Source: fileURL, + }, + { + Source: localFile, + }, + { + Source: fileURL, + Shasum: "fake-shasum", + }, + } + component := v1alpha1.ZarfComponent{Files: zarfFiles} + findings := checkForUnpinnedFiles(component, 0) + expected := []PackageFinding{ + { + Item: fileURL, + Description: "No shasum for remote file", + Severity: SevWarn, + YqPath: ".components.[0].files.[0]", + }, + } + require.Equal(t, expected, findings) + require.Len(t, findings, 1) +} + +func TestIsImagePinned(t *testing.T) { + t.Parallel() + tests := []struct { + input string + expected bool + err error + }{ + { + input: "registry.com:8080/zarf-dev/whatever", + expected: false, + err: nil, + }, + { + input: "ghcr.io/zarf-dev/pepr/controller:v0.15.0", + expected: false, + err: nil, + }, + { + input: "busybox:latest@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79", + expected: true, + err: nil, + }, + { + input: "busybox:bad/image", + expected: false, + err: errors.New("invalid reference format"), + }, + { + input: "busybox:###ZARF_PKG_TMPL_BUSYBOX_IMAGE###", + expected: true, + err: nil, + }, + } + for _, tc := range tests { + t.Run(tc.input, func(t *testing.T) { + actual, err := isPinnedImage(tc.input) + if err != nil { + require.EqualError(t, err, tc.err.Error()) + } + require.Equal(t, tc.expected, actual) + }) + } +} diff --git a/src/pkg/lint/schema.go b/src/pkg/lint/schema.go new file mode 100644 index 0000000000..ae3e991863 --- /dev/null +++ b/src/pkg/lint/schema.go @@ -0,0 +1,79 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package lint contains functions for verifying zarf yaml files are valid +package lint + +import ( + "fmt" + "io/fs" + "regexp" + + "github.com/xeipuuv/gojsonschema" + "github.com/zarf-dev/zarf/src/pkg/layout" + "github.com/zarf-dev/zarf/src/pkg/utils" +) + +// ZarfSchema is exported so main.go can embed the schema file +var ZarfSchema fs.ReadFileFS + +// ValidatePackageSchema checks the Zarf package in the current directory against the Zarf schema +func ValidatePackageSchema() ([]PackageFinding, error) { + var untypedZarfPackage interface{} + if err := utils.ReadYaml(layout.ZarfYAML, &untypedZarfPackage); err != nil { + return nil, err + } + + jsonSchema, err := ZarfSchema.ReadFile("zarf.schema.json") + if err != nil { + return nil, err + } + + return getSchemaFindings(jsonSchema, untypedZarfPackage) +} + +func makeFieldPathYqCompat(field string) string { + if field == "(root)" { + return field + } + // \b is a metacharacter that will stop at the next non-word character (including .) + // https://regex101.com/r/pIRPk0/1 + re := regexp.MustCompile(`(\b\d+\b)`) + + wrappedField := re.ReplaceAllString(field, "[$1]") + + return fmt.Sprintf(".%s", wrappedField) +} + +func getSchemaFindings(jsonSchema []byte, obj interface{}) ([]PackageFinding, error) { + var findings []PackageFinding + schemaErrors, err := runSchema(jsonSchema, obj) + if err != nil { + return nil, err + } + + for _, schemaErr := range schemaErrors { + findings = append(findings, PackageFinding{ + YqPath: makeFieldPathYqCompat(schemaErr.Field()), + Description: schemaErr.Description(), + Severity: SevErr, + }) + } + + return findings, nil +} + +func runSchema(jsonSchema []byte, pkg interface{}) ([]gojsonschema.ResultError, error) { + schemaLoader := gojsonschema.NewBytesLoader(jsonSchema) + documentLoader := gojsonschema.NewGoLoader(pkg) + + result, err := gojsonschema.Validate(schemaLoader, documentLoader) + if err != nil { + return nil, err + } + + if !result.Valid() { + return result.Errors(), nil + } + return nil, nil +} diff --git a/src/pkg/lint/schema_test.go b/src/pkg/lint/schema_test.go new file mode 100644 index 0000000000..9e59dddcd4 --- /dev/null +++ b/src/pkg/lint/schema_test.go @@ -0,0 +1,210 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package lint contains functions for verifying zarf yaml files are valid +package lint + +import ( + "fmt" + "os" + "testing" + + goyaml "github.com/goccy/go-yaml" + "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/pkg/variables" +) + +func TestZarfSchema(t *testing.T) { + t.Parallel() + zarfSchema, err := os.ReadFile("../../../zarf.schema.json") + require.NoError(t, err) + + tests := []struct { + name string + pkg v1alpha1.ZarfPackage + expectedSchemaStrings []string + }{ + { + name: "valid package", + pkg: v1alpha1.ZarfPackage{ + ApiVersion: v1alpha1.ApiVersion, + Kind: v1alpha1.ZarfInitConfig, + Metadata: v1alpha1.ZarfMetadata{ + Name: "valid-name", + }, + Components: []v1alpha1.ZarfComponent{ + { + Name: "valid-comp", + }, + }, + }, + expectedSchemaStrings: nil, + }, + { + name: "no comp or kind", + pkg: v1alpha1.ZarfPackage{ + Metadata: v1alpha1.ZarfMetadata{ + Name: "no-comp-or-kind", + }, + Components: []v1alpha1.ZarfComponent{}, + }, + expectedSchemaStrings: []string{ + "kind: kind must be one of the following: \"ZarfInitConfig\", \"ZarfPackageConfig\"", + "components: Array must have at least 1 items", + }, + }, + { + name: "invalid package", + pkg: v1alpha1.ZarfPackage{ + ApiVersion: "bad-api-version/wrong", + Kind: v1alpha1.ZarfInitConfig, + Metadata: v1alpha1.ZarfMetadata{ + Name: "-invalid-name", + }, + Components: []v1alpha1.ZarfComponent{ + { + Name: "invalid-name", + Only: v1alpha1.ZarfComponentOnlyTarget{ + LocalOS: "unsupportedOS", + }, + Import: v1alpha1.ZarfComponentImport{ + Path: fmt.Sprintf("start%send", v1alpha1.ZarfPackageTemplatePrefix), + URL: fmt.Sprintf("oci://start%send", v1alpha1.ZarfPackageTemplatePrefix), + }, + }, + { + Name: "actions", + Actions: v1alpha1.ZarfComponentActions{ + OnCreate: v1alpha1.ZarfComponentActionSet{ + Before: []v1alpha1.ZarfComponentAction{ + { + Cmd: "echo 'invalid setVariable'", + SetVariables: []variables.Variable{{Name: "not_uppercase"}}, + }, + }, + }, + OnRemove: v1alpha1.ZarfComponentActionSet{ + OnSuccess: []v1alpha1.ZarfComponentAction{ + { + Cmd: "echo 'invalid setVariable'", + SetVariables: []variables.Variable{{Name: "not_uppercase"}}, + }, + }, + }, + }, + }, + }, + Variables: []variables.InteractiveVariable{ + { + Variable: variables.Variable{Name: "not_uppercase"}, + }, + }, + Constants: []variables.Constant{ + { + Name: "not_uppercase", + }, + }, + }, + expectedSchemaStrings: []string{ + "metadata.name: Does not match pattern '^[a-z0-9][a-z0-9\\-]*$'", + "variables.0.name: Does not match pattern '^[A-Z0-9_]+$'", + "constants.0.name: Does not match pattern '^[A-Z0-9_]+$'", + "components.0.only.localOS: components.0.only.localOS must be one of the following: \"linux\", \"darwin\", \"windows\"", + "components.1.actions.onCreate.before.0.setVariables.0.name: Does not match pattern '^[A-Z0-9_]+$'", + "components.1.actions.onRemove.onSuccess.0.setVariables.0.name: Does not match pattern '^[A-Z0-9_]+$'", + "components.0.import.path: Must not validate the schema (not)", + "components.0.import.url: Must not validate the schema (not)", + "apiVersion: apiVersion must be one of the following: \"zarf.dev/v1alpha1\"", + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + findings, err := runSchema(zarfSchema, tt.pkg) + require.NoError(t, err) + var schemaStrings []string + for _, schemaErr := range findings { + schemaStrings = append(schemaStrings, schemaErr.String()) + } + require.ElementsMatch(t, tt.expectedSchemaStrings, schemaStrings) + }) + } + + t.Run("validate schema fail with errors not possible from object", func(t *testing.T) { + t.Parallel() + // When we want to test the absence of a field, an incorrect type, or an extra field + // we can't do it through a struct since non pointer fields will have a zero value of their type + const badZarfPackage = ` +kind: ZarfInitConfig +extraField: whatever +metadata: + name: invalid + description: Testing bad yaml + +components: +- name: import-test + import: + path: 123123 + charts: + - noWait: true + manifests: + - namespace: no-name-for-manifest +` + var unmarshalledYaml interface{} + err := goyaml.Unmarshal([]byte(badZarfPackage), &unmarshalledYaml) + require.NoError(t, err) + schemaErrs, err := runSchema(zarfSchema, unmarshalledYaml) + require.NoError(t, err) + var schemaStrings []string + for _, schemaErr := range schemaErrs { + schemaStrings = append(schemaStrings, schemaErr.String()) + } + expectedSchemaStrings := []string{ + "(root): Additional property extraField is not allowed", + "components.0.import.path: Invalid type. Expected: string, given: integer", + "components.0.charts.0: name is required", + "components.0.manifests.0: name is required", + } + + require.ElementsMatch(t, expectedSchemaStrings, schemaStrings) + }) + + t.Run("test schema findings is created as expected", func(t *testing.T) { + t.Parallel() + findings, err := getSchemaFindings(zarfSchema, v1alpha1.ZarfPackage{ + Kind: v1alpha1.ZarfInitConfig, + Metadata: v1alpha1.ZarfMetadata{ + Name: "invalid", + }, + }) + require.NoError(t, err) + expected := []PackageFinding{ + { + Description: "Invalid type. Expected: array, given: null", + Severity: SevErr, + YqPath: ".components", + }, + } + require.ElementsMatch(t, expected, findings) + }) +} + +func TestYqCompat(t *testing.T) { + t.Parallel() + t.Run("Wrap standalone numbers in bracket", func(t *testing.T) { + t.Parallel() + input := "components12.12.import.path" + expected := ".components12.[12].import.path" + actual := makeFieldPathYqCompat(input) + require.Equal(t, expected, actual) + }) + + t.Run("root doesn't change", func(t *testing.T) { + t.Parallel() + input := "(root)" + actual := makeFieldPathYqCompat(input) + require.Equal(t, input, actual) + }) +} diff --git a/src/pkg/message/credentials.go b/src/pkg/message/credentials.go index 74b127a1c6..a0fc97537c 100644 --- a/src/pkg/message/credentials.go +++ b/src/pkg/message/credentials.go @@ -35,7 +35,7 @@ func PrintCredentialTable(state *types.ZarfState, componentsToDeploy []types.Dep } loginData := [][]string{} - if state.RegistryInfo.InternalRegistry { + if state.RegistryInfo.IsInternal() { loginData = append(loginData, []string{"Registry", state.RegistryInfo.PushUsername, state.RegistryInfo.PushPassword, "zarf connect registry", RegistryKey}, []string{"Registry (read-only)", state.RegistryInfo.PullUsername, state.RegistryInfo.PullPassword, "zarf connect registry", RegistryReadKey}, @@ -91,7 +91,6 @@ func PrintCredentialUpdates(oldState *types.ZarfState, newState *types.ZarfState } for _, service := range services { - HorizontalRule() switch service { diff --git a/src/pkg/packager/actions/actions.go b/src/pkg/packager/actions/actions.go index c92457675c..4fdf71fdd5 100644 --- a/src/pkg/packager/actions/actions.go +++ b/src/pkg/packager/actions/actions.go @@ -13,22 +13,22 @@ import ( "time" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/internal/packager/template" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/utils/exec" "github.com/zarf-dev/zarf/src/pkg/variables" - "github.com/zarf-dev/zarf/src/types" ) // Run runs all provided actions. -func Run(defaultCfg types.ZarfComponentActionDefaults, actions []types.ZarfComponentAction, variableConfig *variables.VariableConfig) error { +func Run(ctx context.Context, defaultCfg v1alpha1.ZarfComponentActionDefaults, actions []v1alpha1.ZarfComponentAction, variableConfig *variables.VariableConfig) error { if variableConfig == nil { variableConfig = template.GetZarfVariableConfig() } for _, a := range actions { - if err := runAction(defaultCfg, a, variableConfig); err != nil { + if err := runAction(ctx, defaultCfg, a, variableConfig); err != nil { return err } } @@ -36,10 +36,8 @@ func Run(defaultCfg types.ZarfComponentActionDefaults, actions []types.ZarfCompo } // Run commands that a component has provided. -func runAction(defaultCfg types.ZarfComponentActionDefaults, action types.ZarfComponentAction, variableConfig *variables.VariableConfig) error { +func runAction(ctx context.Context, defaultCfg v1alpha1.ZarfComponentActionDefaults, action v1alpha1.ZarfComponentAction, variableConfig *variables.VariableConfig) error { var ( - ctx context.Context - cancel context.CancelFunc cmdEscaped string out string err error @@ -56,7 +54,7 @@ func runAction(defaultCfg types.ZarfComponentActionDefaults, action types.ZarfCo } // Convert the wait to a command. - if cmd, err = convertWaitToCmd(*action.Wait, action.MaxTotalSeconds); err != nil { + if cmd, err = convertWaitToCmd(ctx, *action.Wait, action.MaxTotalSeconds); err != nil { return err } @@ -85,9 +83,9 @@ func runAction(defaultCfg types.ZarfComponentActionDefaults, action types.ZarfCo // Persist the spinner output so it doesn't get overwritten by the command output. spinner.EnablePreserveWrites() - actionDefaults := actionGetCfg(defaultCfg, action, variableConfig.GetAllTemplates()) + actionDefaults := actionGetCfg(ctx, defaultCfg, action, variableConfig.GetAllTemplates()) - if cmd, err = actionCmdMutation(cmd, actionDefaults.Shell); err != nil { + if cmd, err = actionCmdMutation(ctx, cmd, actionDefaults.Shell); err != nil { spinner.Errorf(err, "Error mutating command: %s", cmdEscaped) } @@ -97,7 +95,6 @@ func runAction(defaultCfg types.ZarfComponentActionDefaults, action types.ZarfCo // Keep trying until the max retries is reached. retryCmd: for remaining := actionDefaults.MaxRetries + 1; remaining > 0; remaining-- { - // Perform the action run. tryCmd := func(ctx context.Context) error { // Try running the command and continue the retry loop if it fails. @@ -111,7 +108,6 @@ retryCmd: for _, v := range action.SetVariables { variableConfig.SetVariable(v.Name, out, v.Sensitive, v.AutoIndent, v.Type) if err := variableConfig.CheckVariablePattern(v.Name, v.Pattern); err != nil { - message.WarnErr(err, err.Error()) return err } } @@ -130,7 +126,8 @@ retryCmd: // If no timeout is set, run the command and return or continue retrying. if actionDefaults.MaxTotalSeconds < 1 { spinner.Updatef("Waiting for \"%s\" (no timeout)", cmdEscaped) - if err := tryCmd(context.TODO()); err != nil { + //TODO (schristoff): Make it so tryCmd can take a normal ctx + if err := tryCmd(context.Background()); err != nil { continue retryCmd } @@ -146,7 +143,7 @@ retryCmd: // Otherwise, try running the command. default: - ctx, cancel = context.WithTimeout(context.Background(), duration) + ctx, cancel := context.WithTimeout(ctx, duration) defer cancel() if err := tryCmd(ctx); err != nil { continue retryCmd @@ -171,7 +168,7 @@ retryCmd: } // convertWaitToCmd will return the wait command if it exists, otherwise it will return the original command. -func convertWaitToCmd(wait types.ZarfComponentActionWait, timeout *int) (string, error) { +func convertWaitToCmd(_ context.Context, wait v1alpha1.ZarfComponentActionWait, timeout *int) (string, error) { // Build the timeout string. timeoutString := fmt.Sprintf("--timeout %ds", *timeout) @@ -185,7 +182,7 @@ func convertWaitToCmd(wait types.ZarfComponentActionWait, timeout *int) (string, // Build a call to the zarf tools wait-for command. return fmt.Sprintf("./zarf tools wait-for %s %s %s %s %s", - cluster.Kind, cluster.Identifier, cluster.Condition, ns, timeoutString), nil + cluster.Kind, cluster.Name, cluster.Condition, ns, timeoutString), nil } network := wait.Network @@ -207,7 +204,7 @@ func convertWaitToCmd(wait types.ZarfComponentActionWait, timeout *int) (string, } // Perform some basic string mutations to make commands more useful. -func actionCmdMutation(cmd string, shellPref exec.Shell) (string, error) { +func actionCmdMutation(_ context.Context, cmd string, shellPref exec.Shell) (string, error) { zarfCommand, err := utils.GetFinalExecutableCommand() if err != nil { return cmd, err @@ -238,7 +235,7 @@ func actionCmdMutation(cmd string, shellPref exec.Shell) (string, error) { } // Merge the ActionSet defaults with the action config. -func actionGetCfg(cfg types.ZarfComponentActionDefaults, a types.ZarfComponentAction, vars map[string]*variables.TextTemplate) types.ZarfComponentActionDefaults { +func actionGetCfg(_ context.Context, cfg v1alpha1.ZarfComponentActionDefaults, a v1alpha1.ZarfComponentAction, vars map[string]*variables.TextTemplate) v1alpha1.ZarfComponentActionDefaults { if a.Mute != nil { cfg.Mute = *a.Mute } @@ -277,7 +274,7 @@ func actionGetCfg(cfg types.ZarfComponentActionDefaults, a types.ZarfComponentAc return cfg } -func actionRun(ctx context.Context, cfg types.ZarfComponentActionDefaults, cmd string, shellPref exec.Shell, spinner *message.Spinner) (string, error) { +func actionRun(ctx context.Context, cfg v1alpha1.ZarfComponentActionDefaults, cmd string, shellPref exec.Shell, spinner *message.Spinner) (string, error) { shell, shellArgs := exec.GetOSShell(shellPref) message.Debugf("Running command in %s: %s", shell, cmd) diff --git a/src/pkg/packager/common.go b/src/pkg/packager/common.go index d790275d12..6a3ec004e7 100644 --- a/src/pkg/packager/common.go +++ b/src/pkg/packager/common.go @@ -38,7 +38,6 @@ type Packager struct { hpaModified bool connectStrings types.ConnectStrings source sources.PackageSource - generation int } // Modifier is a function that modifies the packager. @@ -107,25 +106,17 @@ func New(cfg *types.PackagerConfig, mods ...Modifier) (*Packager, error) { // If the temp directory is not set, set it to the default if pkgr.layout == nil { - if err = pkgr.setTempDirectory(config.CommonOptions.TempDirectory); err != nil { + dir, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) + if err != nil { return nil, fmt.Errorf("unable to create package temp paths: %w", err) } + message.Debug("Using temporary directory:", dir) + pkgr.layout = layout.New(dir) } return pkgr, nil } -// setTempDirectory sets the temp directory for the packager. -func (p *Packager) setTempDirectory(path string) error { - dir, err := utils.MakeTempDir(path) - if err != nil { - return fmt.Errorf("unable to create package temp paths: %w", err) - } - - p.layout = layout.New(dir) - return nil -} - // ClearTempPaths removes the temp directory and any files within it. func (p *Packager) ClearTempPaths() { // Remove the temp directory, but don't throw an error if it fails @@ -157,29 +148,12 @@ func (p *Packager) isConnectedToCluster() bool { return p.cluster != nil } -// hasImages returns whether the current package contains images -func (p *Packager) hasImages() bool { - for _, component := range p.cfg.Pkg.Components { - if len(component.Images) > 0 { - return true - } - } - return false -} - // attemptClusterChecks attempts to connect to the cluster and check for useful metadata and config mismatches. // NOTE: attemptClusterChecks should only return an error if there is a problem significant enough to halt a deployment, otherwise it should return nil and print a warning message. func (p *Packager) attemptClusterChecks(ctx context.Context) (err error) { - spinner := message.NewProgressSpinner("Gathering additional cluster information (if available)") defer spinner.Stop() - // Check if the package has already been deployed and get its generation - if existingDeployedPackage, _ := p.cluster.GetDeployedPackage(ctx, p.cfg.Pkg.Metadata.Name); existingDeployedPackage != nil { - // If this package has been deployed before, increment the package generation within the secret - p.generation = existingDeployedPackage.Generation + 1 - } - // Check the clusters architecture matches the package spec if err := p.validatePackageArchitecture(ctx); err != nil { if errors.Is(err, lang.ErrUnableToCheckArch) { @@ -206,7 +180,7 @@ func (p *Packager) attemptClusterChecks(ctx context.Context) (err error) { // validatePackageArchitecture validates that the package architecture matches the target cluster architecture. func (p *Packager) validatePackageArchitecture(ctx context.Context) error { // Ignore this check if we don't have a cluster connection, or the package contains no images - if !p.isConnectedToCluster() || !p.hasImages() { + if !p.isConnectedToCluster() || !p.cfg.Pkg.HasImages() { return nil } diff --git a/src/pkg/packager/common_test.go b/src/pkg/packager/common_test.go index ac47544515..d2f4a7aa7a 100644 --- a/src/pkg/packager/common_test.go +++ b/src/pkg/packager/common_test.go @@ -13,6 +13,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/types" @@ -83,9 +84,9 @@ func TestValidatePackageArchitecture(t *testing.T) { Clientset: cs, }, cfg: &types.PackagerConfig{ - Pkg: types.ZarfPackage{ - Metadata: types.ZarfMetadata{Architecture: tt.pkgArch}, - Components: []types.ZarfComponent{ + Pkg: v1alpha1.ZarfPackage{ + Metadata: v1alpha1.ZarfMetadata{Architecture: tt.pkgArch}, + Components: []v1alpha1.ZarfComponent{ { Images: tt.images, }, diff --git a/src/pkg/packager/composer/list.go b/src/pkg/packager/composer/list.go index 06f67ec816..8d5531b85e 100644 --- a/src/pkg/packager/composer/list.go +++ b/src/pkg/packager/composer/list.go @@ -11,18 +11,18 @@ import ( "strings" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/extensions/bigbang" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/packager/deprecated" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/variables" "github.com/zarf-dev/zarf/src/pkg/zoci" - "github.com/zarf-dev/zarf/src/types" ) // Node is a node in the import chain type Node struct { - types.ZarfComponent + v1alpha1.ZarfComponent index int @@ -71,8 +71,8 @@ func (n *Node) Prev() *Node { // otherwise the name of the component will be used func (n *Node) ImportName() string { name := n.ZarfComponent.Name - if n.Import.ComponentName != "" { - name = n.Import.ComponentName + if n.Import.Name != "" { + name = n.Import.Name } return name } @@ -95,7 +95,7 @@ func (ic *ImportChain) Tail() *Node { return ic.tail } -func (ic *ImportChain) append(c types.ZarfComponent, index int, originalPackageName string, +func (ic *ImportChain) append(c v1alpha1.ZarfComponent, index int, originalPackageName string, relativeToHead string, vars []variables.InteractiveVariable, consts []variables.Constant) { node := &Node{ ZarfComponent: c, @@ -120,7 +120,7 @@ func (ic *ImportChain) append(c types.ZarfComponent, index int, originalPackageN // NewImportChain creates a new import chain from a component // Returning the chain on error so we can have additional information to use during lint -func NewImportChain(ctx context.Context, head types.ZarfComponent, index int, originalPackageName, arch, flavor string) (*ImportChain, error) { +func NewImportChain(ctx context.Context, head v1alpha1.ZarfComponent, index int, originalPackageName, arch, flavor string) (*ImportChain, error) { ic := &ImportChain{} if arch == "" { return ic, fmt.Errorf("cannot build import chain: architecture must be provided") @@ -155,7 +155,7 @@ func NewImportChain(ctx context.Context, head types.ZarfComponent, index int, or return ic, fmt.Errorf("detected malformed import chain, cannot import local components from remote components") } - var pkg types.ZarfPackage + var pkg v1alpha1.ZarfPackage var relativeToHead string var importURL string @@ -193,7 +193,7 @@ func NewImportChain(ctx context.Context, head types.ZarfComponent, index int, or // 'found' and 'index' are parallel slices. Each element in found[x] corresponds to pkg[index[x]] // found[0] and pkg[index[0]] would be the same component for example - found := []types.ZarfComponent{} + found := []v1alpha1.ZarfComponent{} index := []int{} for i, component := range pkg.Components { if component.Name == name && CompatibleComponent(component, arch, flavor) { @@ -257,7 +257,7 @@ func (ic *ImportChain) String() string { } // Migrate performs migrations on the import chain -func (ic *ImportChain) Migrate(build types.ZarfBuildData) (warnings []string) { +func (ic *ImportChain) Migrate(build v1alpha1.ZarfBuildData) (warnings []string) { node := ic.head for node != nil { migrated, w := deprecated.MigrateComponent(build, node.ZarfComponent) @@ -274,7 +274,7 @@ func (ic *ImportChain) Migrate(build types.ZarfBuildData) (warnings []string) { // Compose merges the import chain into a single component // fixing paths, overriding metadata, etc -func (ic *ImportChain) Compose(ctx context.Context) (composed *types.ZarfComponent, err error) { +func (ic *ImportChain) Compose(ctx context.Context) (composed *v1alpha1.ZarfComponent, err error) { composed = &ic.tail.ZarfComponent if ic.tail.prev == nil { @@ -287,7 +287,7 @@ func (ic *ImportChain) Compose(ctx context.Context) (composed *types.ZarfCompone } // start with an empty component to compose into - composed = &types.ZarfComponent{} + composed = &v1alpha1.ZarfComponent{} // start overriding with the tail node node := ic.tail @@ -347,7 +347,7 @@ func (ic *ImportChain) MergeConstants(existing []variables.Constant) (merged []v } // CompatibleComponent determines if this component is compatible with the given create options -func CompatibleComponent(c types.ZarfComponent, arch, flavor string) bool { +func CompatibleComponent(c v1alpha1.ZarfComponent, arch, flavor string) bool { satisfiesArch := c.Only.Cluster.Architecture == "" || c.Only.Cluster.Architecture == arch satisfiesFlavor := c.Only.Flavor == "" || c.Only.Flavor == flavor return satisfiesArch && satisfiesFlavor diff --git a/src/pkg/packager/composer/list_test.go b/src/pkg/packager/composer/list_test.go index e720fdf57c..56e266738b 100644 --- a/src/pkg/packager/composer/list_test.go +++ b/src/pkg/packager/composer/list_test.go @@ -12,9 +12,9 @@ import ( "testing" "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/api/v1alpha1/extensions" "github.com/zarf-dev/zarf/src/pkg/variables" - "github.com/zarf-dev/zarf/src/types" - "github.com/zarf-dev/zarf/src/types/extensions" ) func TestNewImportChain(t *testing.T) { @@ -22,20 +22,20 @@ func TestNewImportChain(t *testing.T) { tests := []struct { name string - head types.ZarfComponent + head v1alpha1.ZarfComponent arch string flavor string expectedErr string }{ { name: "No Architecture", - head: types.ZarfComponent{}, + head: v1alpha1.ZarfComponent{}, expectedErr: "architecture must be provided", }, { name: "Circular Import", - head: types.ZarfComponent{ - Import: types.ZarfComponentImport{ + head: v1alpha1.ZarfComponent{ + Import: v1alpha1.ZarfComponentImport{ Path: ".", }, }, @@ -69,36 +69,36 @@ func TestCompose(t *testing.T) { tests := []struct { name string ic *ImportChain - expectedComposed types.ZarfComponent + expectedComposed v1alpha1.ZarfComponent }{ { name: "Single Component", - ic: createChainFromSlice(t, []types.ZarfComponent{ + ic: createChainFromSlice(t, []v1alpha1.ZarfComponent{ { Name: "no-import", }, }), - expectedComposed: types.ZarfComponent{ + expectedComposed: v1alpha1.ZarfComponent{ Name: "no-import", }, }, { name: "Multiple Components", - ic: createChainFromSlice(t, []types.ZarfComponent{ + ic: createChainFromSlice(t, []v1alpha1.ZarfComponent{ createDummyComponent(t, "hello", firstDirectory, "hello"), createDummyComponent(t, "world", secondDirectory, "world"), createDummyComponent(t, "today", "", "hello"), }), - expectedComposed: types.ZarfComponent{ + expectedComposed: v1alpha1.ZarfComponent{ Name: "import-hello", // Files should always be appended with corrected directories - Files: []types.ZarfFile{ + Files: []v1alpha1.ZarfFile{ {Source: fmt.Sprintf("%s%stoday.txt", finalDirectory, string(os.PathSeparator))}, {Source: fmt.Sprintf("%s%sworld.txt", firstDirectory, string(os.PathSeparator))}, {Source: "hello.txt"}, }, // Charts should be merged if names match and appended if not with corrected directories - Charts: []types.ZarfChart{ + Charts: []v1alpha1.ZarfChart{ { Name: "hello", LocalPath: fmt.Sprintf("%s%schart", finalDirectory, string(os.PathSeparator)), @@ -116,7 +116,7 @@ func TestCompose(t *testing.T) { }, }, // Manifests should be merged if names match and appended if not with corrected directories - Manifests: []types.ZarfManifest{ + Manifests: []v1alpha1.ZarfManifest{ { Name: "hello", Files: []string{ @@ -132,85 +132,85 @@ func TestCompose(t *testing.T) { }, }, // DataInjections should always be appended with corrected directories - DataInjections: []types.ZarfDataInjection{ + DataInjections: []v1alpha1.ZarfDataInjection{ {Source: fmt.Sprintf("%s%stoday", finalDirectory, string(os.PathSeparator))}, {Source: fmt.Sprintf("%s%sworld", firstDirectory, string(os.PathSeparator))}, {Source: "hello"}, }, - Actions: types.ZarfComponentActions{ + Actions: v1alpha1.ZarfComponentActions{ // OnCreate actions should be appended with corrected directories that properly handle default directories - OnCreate: types.ZarfComponentActionSet{ - Defaults: types.ZarfComponentActionDefaults{ + OnCreate: v1alpha1.ZarfComponentActionSet{ + Defaults: v1alpha1.ZarfComponentActionDefaults{ Dir: "hello-dc", }, - Before: []types.ZarfComponentAction{ + Before: []v1alpha1.ZarfComponentAction{ {Cmd: "today-bc", Dir: &finalDirectoryActionDefault}, {Cmd: "world-bc", Dir: &secondDirectoryActionDefault}, {Cmd: "hello-bc", Dir: &firstDirectoryActionDefault}, }, - After: []types.ZarfComponentAction{ + After: []v1alpha1.ZarfComponentAction{ {Cmd: "today-ac", Dir: &finalDirectoryActionDefault}, {Cmd: "world-ac", Dir: &secondDirectoryActionDefault}, {Cmd: "hello-ac", Dir: &firstDirectoryActionDefault}, }, - OnSuccess: []types.ZarfComponentAction{ + OnSuccess: []v1alpha1.ZarfComponentAction{ {Cmd: "today-sc", Dir: &finalDirectoryActionDefault}, {Cmd: "world-sc", Dir: &secondDirectoryActionDefault}, {Cmd: "hello-sc", Dir: &firstDirectoryActionDefault}, }, - OnFailure: []types.ZarfComponentAction{ + OnFailure: []v1alpha1.ZarfComponentAction{ {Cmd: "today-fc", Dir: &finalDirectoryActionDefault}, {Cmd: "world-fc", Dir: &secondDirectoryActionDefault}, {Cmd: "hello-fc", Dir: &firstDirectoryActionDefault}, }, }, // OnDeploy actions should be appended without corrected directories - OnDeploy: types.ZarfComponentActionSet{ - Defaults: types.ZarfComponentActionDefaults{ + OnDeploy: v1alpha1.ZarfComponentActionSet{ + Defaults: v1alpha1.ZarfComponentActionDefaults{ Dir: "hello-dd", }, - Before: []types.ZarfComponentAction{ + Before: []v1alpha1.ZarfComponentAction{ {Cmd: "today-bd"}, {Cmd: "world-bd"}, {Cmd: "hello-bd"}, }, - After: []types.ZarfComponentAction{ + After: []v1alpha1.ZarfComponentAction{ {Cmd: "today-ad"}, {Cmd: "world-ad"}, {Cmd: "hello-ad"}, }, - OnSuccess: []types.ZarfComponentAction{ + OnSuccess: []v1alpha1.ZarfComponentAction{ {Cmd: "today-sd"}, {Cmd: "world-sd"}, {Cmd: "hello-sd"}, }, - OnFailure: []types.ZarfComponentAction{ + OnFailure: []v1alpha1.ZarfComponentAction{ {Cmd: "today-fd"}, {Cmd: "world-fd"}, {Cmd: "hello-fd"}, }, }, // OnRemove actions should be appended without corrected directories - OnRemove: types.ZarfComponentActionSet{ - Defaults: types.ZarfComponentActionDefaults{ + OnRemove: v1alpha1.ZarfComponentActionSet{ + Defaults: v1alpha1.ZarfComponentActionDefaults{ Dir: "hello-dr", }, - Before: []types.ZarfComponentAction{ + Before: []v1alpha1.ZarfComponentAction{ {Cmd: "today-br"}, {Cmd: "world-br"}, {Cmd: "hello-br"}, }, - After: []types.ZarfComponentAction{ + After: []v1alpha1.ZarfComponentAction{ {Cmd: "today-ar"}, {Cmd: "world-ar"}, {Cmd: "hello-ar"}, }, - OnSuccess: []types.ZarfComponentAction{ + OnSuccess: []v1alpha1.ZarfComponentAction{ {Cmd: "today-sr"}, {Cmd: "world-sr"}, {Cmd: "hello-sr"}, }, - OnFailure: []types.ZarfComponentAction{ + OnFailure: []v1alpha1.ZarfComponentAction{ {Cmd: "today-fr"}, {Cmd: "world-fr"}, {Cmd: "hello-fr"}, @@ -424,7 +424,7 @@ func TestMerging(t *testing.T) { } } -func createChainFromSlice(t *testing.T, components []types.ZarfComponent) (ic *ImportChain) { +func createChainFromSlice(t *testing.T, components []v1alpha1.ZarfComponent) (ic *ImportChain) { t.Helper() ic = &ImportChain{} @@ -441,20 +441,20 @@ func createChainFromSlice(t *testing.T, components []types.ZarfComponent) (ic *I return ic } -func createDummyComponent(t *testing.T, name, importDir, subName string) types.ZarfComponent { +func createDummyComponent(t *testing.T, name, importDir, subName string) v1alpha1.ZarfComponent { t.Helper() - return types.ZarfComponent{ + return v1alpha1.ZarfComponent{ Name: fmt.Sprintf("import-%s", name), - Import: types.ZarfComponentImport{ + Import: v1alpha1.ZarfComponentImport{ Path: importDir, }, - Files: []types.ZarfFile{ + Files: []v1alpha1.ZarfFile{ { Source: fmt.Sprintf("%s.txt", name), }, }, - Charts: []types.ZarfChart{ + Charts: []v1alpha1.ZarfChart{ { Name: subName, LocalPath: "chart", @@ -463,7 +463,7 @@ func createDummyComponent(t *testing.T, name, importDir, subName string) types.Z }, }, }, - Manifests: []types.ZarfManifest{ + Manifests: []v1alpha1.ZarfManifest{ { Name: subName, Files: []string{ @@ -471,60 +471,60 @@ func createDummyComponent(t *testing.T, name, importDir, subName string) types.Z }, }, }, - DataInjections: []types.ZarfDataInjection{ + DataInjections: []v1alpha1.ZarfDataInjection{ { Source: name, }, }, - Actions: types.ZarfComponentActions{ - OnCreate: types.ZarfComponentActionSet{ - Defaults: types.ZarfComponentActionDefaults{ + Actions: v1alpha1.ZarfComponentActions{ + OnCreate: v1alpha1.ZarfComponentActionSet{ + Defaults: v1alpha1.ZarfComponentActionDefaults{ Dir: name + "-dc", }, - Before: []types.ZarfComponentAction{ + Before: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-bc"}, }, - After: []types.ZarfComponentAction{ + After: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-ac"}, }, - OnSuccess: []types.ZarfComponentAction{ + OnSuccess: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-sc"}, }, - OnFailure: []types.ZarfComponentAction{ + OnFailure: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-fc"}, }, }, - OnDeploy: types.ZarfComponentActionSet{ - Defaults: types.ZarfComponentActionDefaults{ + OnDeploy: v1alpha1.ZarfComponentActionSet{ + Defaults: v1alpha1.ZarfComponentActionDefaults{ Dir: name + "-dd", }, - Before: []types.ZarfComponentAction{ + Before: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-bd"}, }, - After: []types.ZarfComponentAction{ + After: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-ad"}, }, - OnSuccess: []types.ZarfComponentAction{ + OnSuccess: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-sd"}, }, - OnFailure: []types.ZarfComponentAction{ + OnFailure: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-fd"}, }, }, - OnRemove: types.ZarfComponentActionSet{ - Defaults: types.ZarfComponentActionDefaults{ + OnRemove: v1alpha1.ZarfComponentActionSet{ + Defaults: v1alpha1.ZarfComponentActionDefaults{ Dir: name + "-dr", }, - Before: []types.ZarfComponentAction{ + Before: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-br"}, }, - After: []types.ZarfComponentAction{ + After: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-ar"}, }, - OnSuccess: []types.ZarfComponentAction{ + OnSuccess: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-sr"}, }, - OnFailure: []types.ZarfComponentAction{ + OnFailure: []v1alpha1.ZarfComponentAction{ {Cmd: name + "-fr"}, }, }, diff --git a/src/pkg/packager/composer/oci.go b/src/pkg/packager/composer/oci.go index 129013d487..2541e45f32 100644 --- a/src/pkg/packager/composer/oci.go +++ b/src/pkg/packager/composer/oci.go @@ -104,7 +104,6 @@ func (ic *ImportChain) fetchOCISkeleton(ctx context.Context) error { if err != nil { return err } - } } diff --git a/src/pkg/packager/composer/override.go b/src/pkg/packager/composer/override.go index feb4b4b6f3..d5f96559cb 100644 --- a/src/pkg/packager/composer/override.go +++ b/src/pkg/packager/composer/override.go @@ -7,10 +7,10 @@ package composer import ( "fmt" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) -func overrideMetadata(c *types.ZarfComponent, override types.ZarfComponent) error { +func overrideMetadata(c *v1alpha1.ZarfComponent, override v1alpha1.ZarfComponent) error { c.Name = override.Name c.Default = override.Default c.Required = override.Required @@ -31,7 +31,7 @@ func overrideMetadata(c *types.ZarfComponent, override types.ZarfComponent) erro return nil } -func overrideDeprecated(c *types.ZarfComponent, override types.ZarfComponent) { +func overrideDeprecated(c *v1alpha1.ZarfComponent, override v1alpha1.ZarfComponent) { // Override cosign key path if it was provided. if override.DeprecatedCosignKeyPath != "" { c.DeprecatedCosignKeyPath = override.DeprecatedCosignKeyPath @@ -54,7 +54,7 @@ func overrideDeprecated(c *types.ZarfComponent, override types.ZarfComponent) { } } -func overrideActions(c *types.ZarfComponent, override types.ZarfComponent) { +func overrideActions(c *v1alpha1.ZarfComponent, override v1alpha1.ZarfComponent) { // Merge create actions. c.Actions.OnCreate.Defaults = override.Actions.OnCreate.Defaults c.Actions.OnCreate.Before = append(c.Actions.OnCreate.Before, override.Actions.OnCreate.Before...) @@ -77,7 +77,7 @@ func overrideActions(c *types.ZarfComponent, override types.ZarfComponent) { c.Actions.OnRemove.OnSuccess = append(c.Actions.OnRemove.OnSuccess, override.Actions.OnRemove.OnSuccess...) } -func overrideResources(c *types.ZarfComponent, override types.ZarfComponent) { +func overrideResources(c *v1alpha1.ZarfComponent, override v1alpha1.ZarfComponent) { c.DataInjections = append(c.DataInjections, override.DataInjections...) c.Files = append(c.Files, override.Files...) c.Images = append(c.Images, override.Images...) diff --git a/src/pkg/packager/composer/pathfixer.go b/src/pkg/packager/composer/pathfixer.go index f13537dfd9..b2372c7389 100644 --- a/src/pkg/packager/composer/pathfixer.go +++ b/src/pkg/packager/composer/pathfixer.go @@ -8,7 +8,7 @@ import ( "path/filepath" "github.com/defenseunicorns/pkg/helpers/v2" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) func makePathRelativeTo(path, relativeTo string) string { @@ -19,7 +19,7 @@ func makePathRelativeTo(path, relativeTo string) string { return filepath.Join(relativeTo, path) } -func fixPaths(child *types.ZarfComponent, relativeToHead string) { +func fixPaths(child *v1alpha1.ZarfComponent, relativeToHead string) { for fileIdx, file := range child.Files { composed := makePathRelativeTo(file.Source, relativeToHead) child.Files[fileIdx].Source = composed @@ -71,7 +71,7 @@ func fixPaths(child *types.ZarfComponent, relativeToHead string) { } // fixActionPaths takes a slice of actions and mutates the Dir to be relative to the head node -func fixActionPaths(actions []types.ZarfComponentAction, defaultDir, relativeToHead string) []types.ZarfComponentAction { +func fixActionPaths(actions []v1alpha1.ZarfComponentAction, defaultDir, relativeToHead string) []v1alpha1.ZarfComponentAction { for actionIdx, action := range actions { var composed string if action.Dir != nil { diff --git a/src/pkg/packager/creator/compose.go b/src/pkg/packager/creator/compose.go index 8844c0305f..fa63b218d6 100644 --- a/src/pkg/packager/creator/compose.go +++ b/src/pkg/packager/creator/compose.go @@ -7,14 +7,13 @@ package creator import ( "context" - "github.com/zarf-dev/zarf/src/pkg/message" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/packager/composer" - "github.com/zarf-dev/zarf/src/types" ) // ComposeComponents composes components and their dependencies into a single Zarf package using an import chain. -func ComposeComponents(ctx context.Context, pkg types.ZarfPackage, flavor string) (types.ZarfPackage, []string, error) { - components := []types.ZarfComponent{} +func ComposeComponents(ctx context.Context, pkg v1alpha1.ZarfPackage, flavor string) (v1alpha1.ZarfPackage, []string, error) { + components := []v1alpha1.ZarfComponent{} warnings := []string{} pkgVars := pkg.Variables @@ -35,9 +34,8 @@ func ComposeComponents(ctx context.Context, pkg types.ZarfPackage, flavor string // build the import chain chain, err := composer.NewImportChain(ctx, component, i, pkg.Metadata.Name, arch, flavor) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } - message.Debugf("%s", chain) // migrate any deprecated component configurations now warning := chain.Migrate(pkg.Build) @@ -46,7 +44,7 @@ func ComposeComponents(ctx context.Context, pkg types.ZarfPackage, flavor string // get the composed component composed, err := chain.Compose(ctx) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } components = append(components, *composed) diff --git a/src/pkg/packager/creator/compose_test.go b/src/pkg/packager/creator/compose_test.go index a4dd2fdf9e..711e9baf7b 100644 --- a/src/pkg/packager/creator/compose_test.go +++ b/src/pkg/packager/creator/compose_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) func TestComposeComponents(t *testing.T) { @@ -17,36 +17,36 @@ func TestComposeComponents(t *testing.T) { tests := []struct { name string - pkg types.ZarfPackage + pkg v1alpha1.ZarfPackage flavor string - expectedPkg types.ZarfPackage + expectedPkg v1alpha1.ZarfPackage expectedErr string }{ { name: "filter by architecture match", - pkg: types.ZarfPackage{ - Metadata: types.ZarfMetadata{Architecture: "amd64"}, - Components: []types.ZarfComponent{ + pkg: v1alpha1.ZarfPackage{ + Metadata: v1alpha1.ZarfMetadata{Architecture: "amd64"}, + Components: []v1alpha1.ZarfComponent{ { Name: "component1", - Only: types.ZarfComponentOnlyTarget{ - Cluster: types.ZarfComponentOnlyCluster{ + Only: v1alpha1.ZarfComponentOnlyTarget{ + Cluster: v1alpha1.ZarfComponentOnlyCluster{ Architecture: "amd64", }, }, }, { Name: "component2", - Only: types.ZarfComponentOnlyTarget{ - Cluster: types.ZarfComponentOnlyCluster{ + Only: v1alpha1.ZarfComponentOnlyTarget{ + Cluster: v1alpha1.ZarfComponentOnlyCluster{ Architecture: "amd64", }, }, }, }, }, - expectedPkg: types.ZarfPackage{ - Components: []types.ZarfComponent{ + expectedPkg: v1alpha1.ZarfPackage{ + Components: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component2"}, }, @@ -55,29 +55,29 @@ func TestComposeComponents(t *testing.T) { }, { name: "filter by architecture mismatch", - pkg: types.ZarfPackage{ - Metadata: types.ZarfMetadata{Architecture: "amd64"}, - Components: []types.ZarfComponent{ + pkg: v1alpha1.ZarfPackage{ + Metadata: v1alpha1.ZarfMetadata{Architecture: "amd64"}, + Components: []v1alpha1.ZarfComponent{ { Name: "component1", - Only: types.ZarfComponentOnlyTarget{ - Cluster: types.ZarfComponentOnlyCluster{ + Only: v1alpha1.ZarfComponentOnlyTarget{ + Cluster: v1alpha1.ZarfComponentOnlyCluster{ Architecture: "amd64", }, }, }, { Name: "component2", - Only: types.ZarfComponentOnlyTarget{ - Cluster: types.ZarfComponentOnlyCluster{ + Only: v1alpha1.ZarfComponentOnlyTarget{ + Cluster: v1alpha1.ZarfComponentOnlyCluster{ Architecture: "arm64", }, }, }, }, }, - expectedPkg: types.ZarfPackage{ - Components: []types.ZarfComponent{ + expectedPkg: v1alpha1.ZarfPackage{ + Components: []v1alpha1.ZarfComponent{ {Name: "component1"}, }, }, @@ -85,26 +85,26 @@ func TestComposeComponents(t *testing.T) { }, { name: "filter by flavor match", - pkg: types.ZarfPackage{ - Metadata: types.ZarfMetadata{Architecture: "amd64"}, - Components: []types.ZarfComponent{ + pkg: v1alpha1.ZarfPackage{ + Metadata: v1alpha1.ZarfMetadata{Architecture: "amd64"}, + Components: []v1alpha1.ZarfComponent{ { Name: "component1", - Only: types.ZarfComponentOnlyTarget{ + Only: v1alpha1.ZarfComponentOnlyTarget{ Flavor: "default", }, }, { Name: "component2", - Only: types.ZarfComponentOnlyTarget{ + Only: v1alpha1.ZarfComponentOnlyTarget{ Flavor: "default", }, }, }, }, flavor: "default", - expectedPkg: types.ZarfPackage{ - Components: []types.ZarfComponent{ + expectedPkg: v1alpha1.ZarfPackage{ + Components: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component2"}, }, @@ -113,26 +113,26 @@ func TestComposeComponents(t *testing.T) { }, { name: "filter by flavor mismatch", - pkg: types.ZarfPackage{ - Metadata: types.ZarfMetadata{Architecture: "amd64"}, - Components: []types.ZarfComponent{ + pkg: v1alpha1.ZarfPackage{ + Metadata: v1alpha1.ZarfMetadata{Architecture: "amd64"}, + Components: []v1alpha1.ZarfComponent{ { Name: "component1", - Only: types.ZarfComponentOnlyTarget{ + Only: v1alpha1.ZarfComponentOnlyTarget{ Flavor: "default", }, }, { Name: "component2", - Only: types.ZarfComponentOnlyTarget{ + Only: v1alpha1.ZarfComponentOnlyTarget{ Flavor: "special", }, }, }, }, flavor: "default", - expectedPkg: types.ZarfPackage{ - Components: []types.ZarfComponent{ + expectedPkg: v1alpha1.ZarfPackage{ + Components: []v1alpha1.ZarfComponent{ {Name: "component1"}, }, }, @@ -140,18 +140,18 @@ func TestComposeComponents(t *testing.T) { }, { name: "no architecture set error", - pkg: types.ZarfPackage{ - Components: []types.ZarfComponent{ + pkg: v1alpha1.ZarfPackage{ + Components: []v1alpha1.ZarfComponent{ { Name: "component1", - Only: types.ZarfComponentOnlyTarget{ + Only: v1alpha1.ZarfComponentOnlyTarget{ Flavor: "default", }, }, }, }, flavor: "default", - expectedPkg: types.ZarfPackage{}, + expectedPkg: v1alpha1.ZarfPackage{}, expectedErr: "cannot build import chain: architecture must be provided", }, } diff --git a/src/pkg/packager/creator/creator.go b/src/pkg/packager/creator/creator.go index 34e511458f..d136ee7d86 100644 --- a/src/pkg/packager/creator/creator.go +++ b/src/pkg/packager/creator/creator.go @@ -7,13 +7,13 @@ package creator import ( "context" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" - "github.com/zarf-dev/zarf/src/types" ) // Creator is an interface for creating Zarf packages. type Creator interface { - LoadPackageDefinition(ctx context.Context, src *layout.PackagePaths) (pkg types.ZarfPackage, warnings []string, err error) - Assemble(ctx context.Context, dst *layout.PackagePaths, components []types.ZarfComponent, arch string) error - Output(ctx context.Context, dst *layout.PackagePaths, pkg *types.ZarfPackage) error + LoadPackageDefinition(ctx context.Context, src *layout.PackagePaths) (pkg v1alpha1.ZarfPackage, warnings []string, err error) + Assemble(ctx context.Context, dst *layout.PackagePaths, components []v1alpha1.ZarfComponent, arch string) error + Output(ctx context.Context, dst *layout.PackagePaths, pkg *v1alpha1.ZarfPackage) error } diff --git a/src/pkg/packager/creator/creator_test.go b/src/pkg/packager/creator/creator_test.go index 1c2e3b7153..9312fe0a2c 100644 --- a/src/pkg/packager/creator/creator_test.go +++ b/src/pkg/packager/creator/creator_test.go @@ -6,16 +6,33 @@ package creator import ( "context" + "io/fs" + "os" "path/filepath" "testing" "github.com/stretchr/testify/require" "github.com/zarf-dev/zarf/src/pkg/layout" + "github.com/zarf-dev/zarf/src/pkg/lint" "github.com/zarf-dev/zarf/src/types" ) +type mockSchemaLoader struct { + b []byte +} + +func (m *mockSchemaLoader) ReadFile(_ string) ([]byte, error) { + return m.b, nil +} + +// Satisfy fs.ReadFileFS interface +func (m *mockSchemaLoader) Open(_ string) (fs.File, error) { + return nil, nil +} + func TestLoadPackageDefinition(t *testing.T) { - t.Parallel() + // TODO once creator is refactored to not expect to be in the same directory as the zarf.yaml file + // this test can be re-parallelized tests := []struct { name string testDir string @@ -31,7 +48,7 @@ func TestLoadPackageDefinition(t *testing.T) { { name: "invalid package definition", testDir: "invalid", - expectedErr: "package must have at least 1 component", + expectedErr: "found errors in schema", creator: NewPackageCreator(types.ZarfCreateOptions{}, ""), }, { @@ -43,17 +60,28 @@ func TestLoadPackageDefinition(t *testing.T) { { name: "invalid package definition", testDir: "invalid", - expectedErr: "package must have at least 1 component", + expectedErr: "found errors in schema", creator: NewSkeletonCreator(types.ZarfCreateOptions{}, types.ZarfPublishOptions{}), }, } + b, err := os.ReadFile("../../../../zarf.schema.json") + require.NoError(t, err) + lint.ZarfSchema = &mockSchemaLoader{b: b} for _, tt := range tests { tt := tt t.Run(tt.name, func(t *testing.T) { - t.Parallel() + cwd, err := os.Getwd() + require.NoError(t, err) + defer func() { + err = os.Chdir(cwd) + require.NoError(t, err) + }() + path := filepath.Join("testdata", tt.testDir) + err = os.Chdir(path) + require.NoError(t, err) - src := layout.New(filepath.Join("testdata", tt.testDir)) + src := layout.New(".") pkg, _, err := tt.creator.LoadPackageDefinition(context.Background(), src) if tt.expectedErr == "" { diff --git a/src/pkg/packager/creator/normal.go b/src/pkg/packager/creator/normal.go index 52baa708e4..79c58250c0 100644 --- a/src/pkg/packager/creator/normal.go +++ b/src/pkg/packager/creator/normal.go @@ -18,10 +18,11 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/defenseunicorns/pkg/oci" "github.com/mholt/archiver/v3" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/extensions/bigbang" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/images" "github.com/zarf-dev/zarf/src/internal/packager/kustomize" @@ -61,10 +62,10 @@ func NewPackageCreator(createOpts types.ZarfCreateOptions, cwd string) *PackageC } // LoadPackageDefinition loads and configures a zarf.yaml file during package create. -func (pc *PackageCreator) LoadPackageDefinition(ctx context.Context, src *layout.PackagePaths) (pkg types.ZarfPackage, warnings []string, err error) { +func (pc *PackageCreator) LoadPackageDefinition(ctx context.Context, src *layout.PackagePaths) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { pkg, warnings, err = src.ReadZarfYAML() if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } pkg.Metadata.Architecture = config.GetArch(pkg.Metadata.Architecture) @@ -72,15 +73,14 @@ func (pc *PackageCreator) LoadPackageDefinition(ctx context.Context, src *layout // Compose components into a single zarf.yaml file pkg, composeWarnings, err := ComposeComponents(ctx, pkg, pc.createOpts.Flavor) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } - warnings = append(warnings, composeWarnings...) // After components are composed, template the active package. pkg, templateWarnings, err := FillActiveTemplate(pkg, pc.createOpts.SetVariables) if err != nil { - return types.ZarfPackage{}, nil, fmt.Errorf("unable to fill values in template: %w", err) + return v1alpha1.ZarfPackage{}, nil, fmt.Errorf("unable to fill values in template: %w", err) } warnings = append(warnings, templateWarnings...) @@ -88,7 +88,7 @@ func (pc *PackageCreator) LoadPackageDefinition(ctx context.Context, src *layout // After templates are filled process any create extensions pkg.Components, err = pc.processExtensions(ctx, pkg.Components, src, pkg.Metadata.YOLO) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } // If we are creating a differential package, remove duplicate images and repos. @@ -97,37 +97,37 @@ func (pc *PackageCreator) LoadPackageDefinition(ctx context.Context, src *layout diffData, err := loadDifferentialData(ctx, pc.createOpts.DifferentialPackagePath) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } pkg.Build.DifferentialPackageVersion = diffData.DifferentialPackageVersion versionsMatch := diffData.DifferentialPackageVersion == pkg.Metadata.Version if versionsMatch { - return types.ZarfPackage{}, nil, errors.New(lang.PkgCreateErrDifferentialSameVersion) + return v1alpha1.ZarfPackage{}, nil, errors.New(lang.PkgCreateErrDifferentialSameVersion) } noVersionSet := diffData.DifferentialPackageVersion == "" || pkg.Metadata.Version == "" if noVersionSet { - return types.ZarfPackage{}, nil, errors.New(lang.PkgCreateErrDifferentialNoVersion) + return v1alpha1.ZarfPackage{}, nil, errors.New(lang.PkgCreateErrDifferentialNoVersion) } filter := filters.ByDifferentialData(diffData) pkg.Components, err = filter.Apply(pkg) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } } - if err := pkg.Validate(); err != nil { - return types.ZarfPackage{}, nil, err + if err := Validate(pkg, pc.createOpts.BaseDir); err != nil { + return v1alpha1.ZarfPackage{}, nil, err } return pkg, warnings, nil } // Assemble assembles all of the package assets into Zarf's tmp directory layout. -func (pc *PackageCreator) Assemble(ctx context.Context, dst *layout.PackagePaths, components []types.ZarfComponent, arch string) error { +func (pc *PackageCreator) Assemble(ctx context.Context, dst *layout.PackagePaths, components []v1alpha1.ZarfComponent, arch string) error { var imageList []transform.Image skipSBOMFlagUsed := pc.createOpts.SkipSBOM @@ -137,7 +137,7 @@ func (pc *PackageCreator) Assemble(ctx context.Context, dst *layout.PackagePaths onCreate := component.Actions.OnCreate onFailure := func() { - if err := actions.Run(onCreate.Defaults, onCreate.OnFailure, nil); err != nil { + if err := actions.Run(ctx, onCreate.Defaults, onCreate.OnFailure, nil); err != nil { message.Debugf("unable to run component failure action: %s", err.Error()) } } @@ -147,7 +147,7 @@ func (pc *PackageCreator) Assemble(ctx context.Context, dst *layout.PackagePaths return fmt.Errorf("unable to add component %q: %w", component.Name, err) } - if err := actions.Run(onCreate.Defaults, onCreate.OnSuccess, nil); err != nil { + if err := actions.Run(ctx, onCreate.Defaults, onCreate.OnSuccess, nil); err != nil { onFailure() return fmt.Errorf("unable to run component success action: %w", err) } @@ -236,7 +236,7 @@ func (pc *PackageCreator) Assemble(ctx context.Context, dst *layout.PackagePaths // // - writes the Zarf package as a tarball to a local directory, // or an OCI registry based on the --output flag -func (pc *PackageCreator) Output(ctx context.Context, dst *layout.PackagePaths, pkg *types.ZarfPackage) (err error) { +func (pc *PackageCreator) Output(ctx context.Context, dst *layout.PackagePaths, pkg *v1alpha1.ZarfPackage) (err error) { // Process the component directories into compressed tarballs // NOTE: This is purposefully being done after the SBOM cataloging for _, component := range pkg.Components { @@ -330,7 +330,7 @@ func (pc *PackageCreator) Output(ctx context.Context, dst *layout.PackagePaths, return nil } -func (pc *PackageCreator) processExtensions(ctx context.Context, components []types.ZarfComponent, layout *layout.PackagePaths, isYOLO bool) (processedComponents []types.ZarfComponent, err error) { +func (pc *PackageCreator) processExtensions(ctx context.Context, components []v1alpha1.ZarfComponent, layout *layout.PackagePaths, isYOLO bool) (processedComponents []v1alpha1.ZarfComponent, err error) { // Create component paths and process extensions for each component. for _, c := range components { componentPaths, err := layout.Components.Create(c) @@ -351,7 +351,7 @@ func (pc *PackageCreator) processExtensions(ctx context.Context, components []ty return processedComponents, nil } -func (pc *PackageCreator) addComponent(ctx context.Context, component types.ZarfComponent, dst *layout.PackagePaths) error { +func (pc *PackageCreator) addComponent(ctx context.Context, component v1alpha1.ZarfComponent, dst *layout.PackagePaths) error { message.HeaderInfof("📦 %s COMPONENT", strings.ToUpper(component.Name)) componentPaths, err := dst.Components.Create(component) @@ -360,7 +360,7 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component types.Zarf } onCreate := component.Actions.OnCreate - if err := actions.Run(onCreate.Defaults, onCreate.Before, nil); err != nil { + if err := actions.Run(ctx, onCreate.Defaults, onCreate.Before, nil); err != nil { return fmt.Errorf("unable to run component before action: %w", err) } @@ -373,8 +373,6 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component types.Zarf } for filesIdx, file := range component.Files { - message.Debugf("Loading %#v", file) - rel := filepath.Join(layout.FilesDir, strconv.Itoa(filesIdx), filepath.Base(file.Target)) dst := filepath.Join(componentPaths.Base, rel) destinationDir := filepath.Dir(dst) @@ -390,7 +388,7 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component types.Zarf compressedFile := filepath.Join(componentPaths.Temp, compressedFileName) // If the file is an archive, download it to the componentPath.Temp - if err := utils.DownloadToFile(file.Source, compressedFile, component.DeprecatedCosignKeyPath); err != nil { + if err := utils.DownloadToFile(ctx, file.Source, compressedFile, component.DeprecatedCosignKeyPath); err != nil { return fmt.Errorf(lang.ErrDownloading, file.Source, err.Error()) } @@ -399,7 +397,7 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component types.Zarf return fmt.Errorf(lang.ErrFileExtract, file.ExtractPath, compressedFileName, err.Error()) } } else { - if err := utils.DownloadToFile(file.Source, dst, component.DeprecatedCosignKeyPath); err != nil { + if err := utils.DownloadToFile(ctx, file.Source, dst, component.DeprecatedCosignKeyPath); err != nil { return fmt.Errorf(lang.ErrDownloading, file.Source, err.Error()) } } @@ -450,7 +448,7 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component types.Zarf dst := filepath.Join(componentPaths.Base, rel) if helpers.IsURL(data.Source) { - if err := utils.DownloadToFile(data.Source, dst, component.DeprecatedCosignKeyPath); err != nil { + if err := utils.DownloadToFile(ctx, data.Source, dst, component.DeprecatedCosignKeyPath); err != nil { return fmt.Errorf(lang.ErrDownloading, data.Source, err.Error()) } } else { @@ -483,7 +481,7 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component types.Zarf // Copy manifests without any processing. spinner.Updatef("Copying manifest %s", path) if helpers.IsURL(path) { - if err := utils.DownloadToFile(path, dst, component.DeprecatedCosignKeyPath); err != nil { + if err := utils.DownloadToFile(ctx, path, dst, component.DeprecatedCosignKeyPath); err != nil { return fmt.Errorf(lang.ErrDownloading, path, err.Error()) } } else { @@ -516,22 +514,22 @@ func (pc *PackageCreator) addComponent(ctx context.Context, component types.Zarf for _, url := range component.Repos { // Pull all the references if there is no `@` in the string. - gitCfg := git.NewWithSpinner(types.GitServerInfo{}, spinner) - if err := gitCfg.Pull(ctx, url, componentPaths.Repos, false); err != nil { + _, err := git.Clone(ctx, componentPaths.Repos, url, false) + if err != nil { return fmt.Errorf("unable to pull git repo %s: %w", url, err) } } spinner.Success() } - if err := actions.Run(onCreate.Defaults, onCreate.After, nil); err != nil { + if err := actions.Run(ctx, onCreate.Defaults, onCreate.After, nil); err != nil { return fmt.Errorf("unable to run component after action: %w", err) } return nil } -func (pc *PackageCreator) getFilesToSBOM(component types.ZarfComponent, dst *layout.PackagePaths) (*layout.ComponentSBOM, error) { +func (pc *PackageCreator) getFilesToSBOM(component v1alpha1.ZarfComponent, dst *layout.PackagePaths) (*layout.ComponentSBOM, error) { componentPaths, err := dst.Components.Create(component) if err != nil { return nil, err diff --git a/src/pkg/packager/creator/skeleton.go b/src/pkg/packager/creator/skeleton.go index 091874c84f..218830b75f 100644 --- a/src/pkg/packager/creator/skeleton.go +++ b/src/pkg/packager/creator/skeleton.go @@ -14,6 +14,7 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/mholt/archiver/v3" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/extensions/bigbang" @@ -43,10 +44,10 @@ func NewSkeletonCreator(createOpts types.ZarfCreateOptions, publishOpts types.Za } // LoadPackageDefinition loads and configure a zarf.yaml file when creating and publishing a skeleton package. -func (sc *SkeletonCreator) LoadPackageDefinition(ctx context.Context, src *layout.PackagePaths) (pkg types.ZarfPackage, warnings []string, err error) { +func (sc *SkeletonCreator) LoadPackageDefinition(ctx context.Context, src *layout.PackagePaths) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { pkg, warnings, err = src.ReadZarfYAML() if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } pkg.Metadata.Architecture = config.GetArch() @@ -54,7 +55,7 @@ func (sc *SkeletonCreator) LoadPackageDefinition(ctx context.Context, src *layou // Compose components into a single zarf.yaml file pkg, composeWarnings, err := ComposeComponents(ctx, pkg, sc.createOpts.Flavor) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } pkg.Metadata.Architecture = zoci.SkeletonArch @@ -63,15 +64,15 @@ func (sc *SkeletonCreator) LoadPackageDefinition(ctx context.Context, src *layou pkg.Components, err = sc.processExtensions(pkg.Components, src) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } for _, warning := range warnings { message.Warn(warning) } - if err := pkg.Validate(); err != nil { - return types.ZarfPackage{}, nil, err + if err := Validate(pkg, sc.createOpts.BaseDir); err != nil { + return v1alpha1.ZarfPackage{}, nil, err } return pkg, warnings, nil @@ -80,7 +81,7 @@ func (sc *SkeletonCreator) LoadPackageDefinition(ctx context.Context, src *layou // Assemble updates all components of the loaded Zarf package with necessary modifications for package assembly. // // It processes each component to ensure correct structure and resource locations. -func (sc *SkeletonCreator) Assemble(_ context.Context, dst *layout.PackagePaths, components []types.ZarfComponent, _ string) error { +func (sc *SkeletonCreator) Assemble(_ context.Context, dst *layout.PackagePaths, components []v1alpha1.ZarfComponent, _ string) error { for _, component := range components { c, err := sc.addComponent(component, dst) if err != nil { @@ -101,7 +102,7 @@ func (sc *SkeletonCreator) Assemble(_ context.Context, dst *layout.PackagePaths, // - writes the loaded zarf.yaml to disk // // - signs the package -func (sc *SkeletonCreator) Output(_ context.Context, dst *layout.PackagePaths, pkg *types.ZarfPackage) (err error) { +func (sc *SkeletonCreator) Output(_ context.Context, dst *layout.PackagePaths, pkg *v1alpha1.ZarfPackage) (err error) { for _, component := range pkg.Components { if err := dst.Components.Archive(component, false); err != nil { return err @@ -125,7 +126,7 @@ func (sc *SkeletonCreator) Output(_ context.Context, dst *layout.PackagePaths, p return dst.SignPackage(sc.publishOpts.SigningKeyPath, sc.publishOpts.SigningKeyPassword, !config.CommonOptions.Confirm) } -func (sc *SkeletonCreator) processExtensions(components []types.ZarfComponent, layout *layout.PackagePaths) (processedComponents []types.ZarfComponent, err error) { +func (sc *SkeletonCreator) processExtensions(components []v1alpha1.ZarfComponent, layout *layout.PackagePaths) (processedComponents []v1alpha1.ZarfComponent, err error) { // Create component paths and process extensions for each component. for _, c := range components { componentPaths, err := layout.Components.Create(c) @@ -146,7 +147,7 @@ func (sc *SkeletonCreator) processExtensions(components []types.ZarfComponent, l return processedComponents, nil } -func (sc *SkeletonCreator) addComponent(component types.ZarfComponent, dst *layout.PackagePaths) (updatedComponent *types.ZarfComponent, err error) { +func (sc *SkeletonCreator) addComponent(component v1alpha1.ZarfComponent, dst *layout.PackagePaths) (updatedComponent *v1alpha1.ZarfComponent, err error) { message.HeaderInfof("📦 %s COMPONENT", strings.ToUpper(component.Name)) updatedComponent = &component @@ -168,7 +169,7 @@ func (sc *SkeletonCreator) addComponent(component types.ZarfComponent, dst *layo // TODO: (@WSTARR) Shim the skeleton component's create action dirs to be empty. This prevents actions from failing by cd'ing into directories that will be flattened. updatedComponent.Actions.OnCreate.Defaults.Dir = "" - resetActions := func(actions []types.ZarfComponentAction) []types.ZarfComponentAction { + resetActions := func(actions []v1alpha1.ZarfComponentAction) []v1alpha1.ZarfComponentAction { for idx := range actions { actions[idx].Dir = nil } @@ -182,7 +183,6 @@ func (sc *SkeletonCreator) addComponent(component types.ZarfComponent, dst *layo // If any helm charts are defined, process them. for chartIdx, chart := range component.Charts { - if chart.LocalPath != "" { rel := filepath.Join(layout.ChartsDir, fmt.Sprintf("%s-%d", chart.Name, chartIdx)) dst := filepath.Join(componentPaths.Base, rel) @@ -210,8 +210,6 @@ func (sc *SkeletonCreator) addComponent(component types.ZarfComponent, dst *layo } for filesIdx, file := range component.Files { - message.Debugf("Loading %#v", file) - if helpers.IsURL(file.Source) { continue } diff --git a/src/pkg/packager/creator/template.go b/src/pkg/packager/creator/template.go index 5a06651c53..65d0d56c99 100644 --- a/src/pkg/packager/creator/template.go +++ b/src/pkg/packager/creator/template.go @@ -7,16 +7,16 @@ package creator import ( "fmt" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/pkg/interactive" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/variables" - "github.com/zarf-dev/zarf/src/types" ) // FillActiveTemplate merges user-specified variables into the configuration templates of a zarf.yaml. -func FillActiveTemplate(pkg types.ZarfPackage, setVariables map[string]string) (types.ZarfPackage, []string, error) { +func FillActiveTemplate(pkg v1alpha1.ZarfPackage, setVariables map[string]string) (v1alpha1.ZarfPackage, []string, error) { templateMap := map[string]string{} warnings := []string{} @@ -54,22 +54,22 @@ func FillActiveTemplate(pkg types.ZarfPackage, setVariables map[string]string) ( // update the component templates on the package if err := ReloadComponentTemplatesInPackage(&pkg); err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } - if err := promptAndSetTemplate(types.ZarfPackageTemplatePrefix, false); err != nil { - return types.ZarfPackage{}, nil, err + if err := promptAndSetTemplate(v1alpha1.ZarfPackageTemplatePrefix, false); err != nil { + return v1alpha1.ZarfPackage{}, nil, err } // [DEPRECATION] Set the Package Variable syntax as well for backward compatibility - if err := promptAndSetTemplate(types.ZarfPackageVariablePrefix, true); err != nil { - return types.ZarfPackage{}, nil, err + if err := promptAndSetTemplate(v1alpha1.ZarfPackageVariablePrefix, true); err != nil { + return v1alpha1.ZarfPackage{}, nil, err } // Add special variable for the current package architecture - templateMap[types.ZarfPackageArch] = pkg.Metadata.Architecture + templateMap[v1alpha1.ZarfPackageArch] = pkg.Metadata.Architecture if err := utils.ReloadYamlTemplate(&pkg, templateMap); err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } return pkg, warnings, nil @@ -77,9 +77,9 @@ func FillActiveTemplate(pkg types.ZarfPackage, setVariables map[string]string) ( // ReloadComponentTemplate appends ###ZARF_COMPONENT_NAME### for the component, assigns value, and reloads // Any instance of ###ZARF_COMPONENT_NAME### within a component will be replaced with that components name -func ReloadComponentTemplate(component *types.ZarfComponent) error { +func ReloadComponentTemplate(component *v1alpha1.ZarfComponent) error { mappings := map[string]string{} - mappings[types.ZarfComponentName] = component.Name + mappings[v1alpha1.ZarfComponentName] = component.Name err := utils.ReloadYamlTemplate(component, mappings) if err != nil { return err @@ -88,7 +88,7 @@ func ReloadComponentTemplate(component *types.ZarfComponent) error { } // ReloadComponentTemplatesInPackage appends ###ZARF_COMPONENT_NAME### for each component, assigns value, and reloads -func ReloadComponentTemplatesInPackage(zarfPackage *types.ZarfPackage) error { +func ReloadComponentTemplatesInPackage(zarfPackage *v1alpha1.ZarfPackage) error { // iterate through components to and find all ###ZARF_COMPONENT_NAME, assign to component Name and value for i := range zarfPackage.Components { if err := ReloadComponentTemplate(&zarfPackage.Components[i]); err != nil { diff --git a/src/pkg/packager/creator/utils.go b/src/pkg/packager/creator/utils.go index 5c3f962766..fdf1da49f6 100644 --- a/src/pkg/packager/creator/utils.go +++ b/src/pkg/packager/creator/utils.go @@ -5,17 +5,40 @@ package creator import ( + "fmt" "os" "runtime" "time" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" + "github.com/zarf-dev/zarf/src/pkg/lint" "github.com/zarf-dev/zarf/src/pkg/packager/deprecated" "github.com/zarf-dev/zarf/src/types" ) +// Validate errors if a package violates the schema or any runtime validations +// This must be run while in the parent directory of the zarf.yaml being validated +func Validate(pkg v1alpha1.ZarfPackage, baseDir string) error { + if err := pkg.Validate(); err != nil { + return fmt.Errorf("package validation failed: %w", err) + } + + findings, err := lint.ValidatePackageSchema() + if err != nil { + return fmt.Errorf("unable to check schema: %w", err) + } + + if lint.HasSevOrHigher(findings, lint.SevErr) { + lint.PrintFindings(findings, lint.SevErr, baseDir, pkg.Metadata.Name) + return fmt.Errorf("found errors in schema") + } + + return nil +} + // recordPackageMetadata records various package metadata during package create. -func recordPackageMetadata(pkg *types.ZarfPackage, createOpts types.ZarfCreateOptions) error { +func recordPackageMetadata(pkg *v1alpha1.ZarfPackage, createOpts types.ZarfCreateOptions) error { now := time.Now() // Just use $USER env variable to avoid CGO issue. // https://groups.google.com/g/golang-dev/c/ZFDDX3ZiJ84. diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 73aec8f006..86c2f43349 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -24,9 +24,10 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/git" + "github.com/zarf-dev/zarf/src/internal/gitea" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/images" "github.com/zarf-dev/zarf/src/internal/packager/template" @@ -128,28 +129,20 @@ func (p *Packager) Deploy(ctx context.Context) error { // Notify all the things about the successful deployment message.Successf("Zarf deployment complete") - p.printTablesForDeployment(ctx, deployedComponents) + err = p.printTablesForDeployment(ctx, deployedComponents) + if err != nil { + return err + } return nil } // deployComponents loops through a list of ZarfComponents and deploys them. func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []types.DeployedComponent, err error) { - // Check if this package has been deployed before and grab relevant information about already deployed components - if p.generation == 0 { - p.generation = 1 // If this is the first deployment, set the generation to 1 - } - // Process all the components we are deploying for _, component := range p.cfg.Pkg.Components { - - deployedComponent := types.DeployedComponent{ - Name: component.Name, - Status: types.ComponentStatusDeploying, - ObservedGeneration: p.generation, - } - - // If this component requires a cluster, connect to one + // Connect to cluster if a component requires it. + packageGeneration := 1 if component.RequiresCluster() { timeout := cluster.DefaultTimeout if p.cfg.Pkg.IsInitConfig() { @@ -158,8 +151,19 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t connectCtx, cancel := context.WithTimeout(ctx, timeout) defer cancel() if err := p.connectToCluster(connectCtx); err != nil { - return deployedComponents, fmt.Errorf("unable to connect to the Kubernetes cluster: %w", err) + return nil, fmt.Errorf("unable to connect to the Kubernetes cluster: %w", err) } + + // If this package has been deployed before, increment the package generation within the secret + if existingDeployedPackage, _ := p.cluster.GetDeployedPackage(ctx, p.cfg.Pkg.Metadata.Name); existingDeployedPackage != nil { + packageGeneration = existingDeployedPackage.Generation + 1 + } + } + + deployedComponent := types.DeployedComponent{ + Name: component.Name, + Status: types.ComponentStatusDeploying, + ObservedGeneration: packageGeneration, } // Ensure we don't overwrite any installedCharts data when updating the package secret @@ -175,7 +179,7 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t // Update the package secret to indicate that we are attempting to deploy this component if p.isConnectedToCluster() { - if _, err := p.cluster.RecordPackageDeploymentAndWait(ctx, p.cfg.Pkg, deployedComponents, p.connectStrings, p.generation, component, p.cfg.DeployOpts.SkipWebhooks); err != nil { + if _, err := p.cluster.RecordPackageDeploymentAndWait(ctx, p.cfg.Pkg, deployedComponents, p.connectStrings, packageGeneration, component, p.cfg.DeployOpts.SkipWebhooks); err != nil { message.Debugf("Unable to record package deployment for component %s: this will affect features like `zarf package remove`: %s", component.Name, err.Error()) } } @@ -192,7 +196,7 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t onDeploy := component.Actions.OnDeploy onFailure := func() { - if err := actions.Run(onDeploy.Defaults, onDeploy.OnFailure, p.variableConfig); err != nil { + if err := actions.Run(ctx, onDeploy.Defaults, onDeploy.OnFailure, p.variableConfig); err != nil { message.Debugf("unable to run component failure action: %s", err.Error()) } } @@ -203,7 +207,7 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t // Update the package secret to indicate that we failed to deploy this component deployedComponents[idx].Status = types.ComponentStatusFailed if p.isConnectedToCluster() { - if _, err := p.cluster.RecordPackageDeploymentAndWait(ctx, p.cfg.Pkg, deployedComponents, p.connectStrings, p.generation, component, p.cfg.DeployOpts.SkipWebhooks); err != nil { + if _, err := p.cluster.RecordPackageDeploymentAndWait(ctx, p.cfg.Pkg, deployedComponents, p.connectStrings, packageGeneration, component, p.cfg.DeployOpts.SkipWebhooks); err != nil { message.Debugf("Unable to record package deployment for component %q: this will affect features like `zarf package remove`: %s", component.Name, err.Error()) } } @@ -215,12 +219,12 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t deployedComponents[idx].InstalledCharts = charts deployedComponents[idx].Status = types.ComponentStatusSucceeded if p.isConnectedToCluster() { - if _, err := p.cluster.RecordPackageDeploymentAndWait(ctx, p.cfg.Pkg, deployedComponents, p.connectStrings, p.generation, component, p.cfg.DeployOpts.SkipWebhooks); err != nil { + if _, err := p.cluster.RecordPackageDeploymentAndWait(ctx, p.cfg.Pkg, deployedComponents, p.connectStrings, packageGeneration, component, p.cfg.DeployOpts.SkipWebhooks); err != nil { message.Debugf("Unable to record package deployment for component %q: this will affect features like `zarf package remove`: %s", component.Name, err.Error()) } } - if err := actions.Run(onDeploy.Defaults, onDeploy.OnSuccess, p.variableConfig); err != nil { + if err := actions.Run(ctx, onDeploy.Defaults, onDeploy.OnSuccess, p.variableConfig); err != nil { onFailure() return deployedComponents, fmt.Errorf("unable to run component success action: %w", err) } @@ -229,7 +233,7 @@ func (p *Packager) deployComponents(ctx context.Context) (deployedComponents []t return deployedComponents, nil } -func (p *Packager) deployInitComponent(ctx context.Context, component types.ZarfComponent) (charts []types.InstalledChart, err error) { +func (p *Packager) deployInitComponent(ctx context.Context, component v1alpha1.ZarfComponent) (charts []types.InstalledChart, err error) { hasExternalRegistry := p.cfg.InitOpts.RegistryInfo.Address != "" isSeedRegistry := component.Name == "zarf-seed-registry" isRegistry := component.Name == "zarf-registry" @@ -283,7 +287,7 @@ func (p *Packager) deployInitComponent(ctx context.Context, component types.Zarf } // Deploy a Zarf Component. -func (p *Packager) deployComponent(ctx context.Context, component types.ZarfComponent, noImgChecksum bool, noImgPush bool) (charts []types.InstalledChart, err error) { +func (p *Packager) deployComponent(ctx context.Context, component v1alpha1.ZarfComponent, noImgChecksum bool, noImgPush bool) (charts []types.InstalledChart, err error) { // Toggles for general deploy operations componentPath := p.layout.Components.Dirs[component.Name] @@ -308,7 +312,7 @@ func (p *Packager) deployComponent(ctx context.Context, component types.ZarfComp } // Disable the registry HPA scale down if we are deploying images and it is not already disabled - if hasImages && !p.hpaModified && p.state.RegistryInfo.InternalRegistry { + if hasImages && !p.hpaModified && p.state.RegistryInfo.IsInternal() { if err := p.cluster.DisableRegHPAScaleDown(ctx); err != nil { message.Debugf("unable to disable the registry HPA scale down: %s", err.Error()) } else { @@ -322,7 +326,7 @@ func (p *Packager) deployComponent(ctx context.Context, component types.ZarfComp return charts, err } - if err = actions.Run(onDeploy.Defaults, onDeploy.Before, p.variableConfig); err != nil { + if err = actions.Run(ctx, onDeploy.Defaults, onDeploy.Before, p.variableConfig); err != nil { return charts, fmt.Errorf("unable to run component before action: %w", err) } @@ -357,7 +361,7 @@ func (p *Packager) deployComponent(ctx context.Context, component types.ZarfComp } } - if err = actions.Run(onDeploy.Defaults, onDeploy.After, p.variableConfig); err != nil { + if err = actions.Run(ctx, onDeploy.Defaults, onDeploy.After, p.variableConfig); err != nil { return charts, fmt.Errorf("unable to run component after action: %w", err) } @@ -369,7 +373,7 @@ func (p *Packager) deployComponent(ctx context.Context, component types.ZarfComp } // Move files onto the host of the machine performing the deployment. -func (p *Packager) processComponentFiles(component types.ZarfComponent, pkgLocation string) error { +func (p *Packager) processComponentFiles(component v1alpha1.ZarfComponent, pkgLocation string) error { spinner := message.NewProgressSpinner("Copying %d files", len(component.Files)) defer spinner.Stop() @@ -405,7 +409,7 @@ func (p *Packager) processComponentFiles(component types.ZarfComponent, pkgLocat // Check if the file looks like a text file isText, err := helpers.IsTextFile(subFile) if err != nil { - message.Debugf("unable to determine if file %s is a text file: %s", subFile, err) + return err } // If the file is a text file, template it @@ -454,10 +458,15 @@ func (p *Packager) setupState(ctx context.Context) (err error) { defer spinner.Stop() state, err := p.cluster.LoadZarfState(ctx) - // Return on error if we are not in YOLO mode + // We ignore the error if in YOLO mode because Zarf should not be initiated. if err != nil && !p.cfg.Pkg.Metadata.YOLO { - return fmt.Errorf("%s %w", lang.ErrLoadState, err) - } else if state == nil && p.cfg.Pkg.Metadata.YOLO { + return err + } + // Only ignore state load error in yolo mode when secret could not be found. + if err != nil && !kerrors.IsNotFound(err) && p.cfg.Pkg.Metadata.YOLO { + return err + } + if state == nil && p.cfg.Pkg.Metadata.YOLO { state = &types.ZarfState{} // YOLO mode, so minimal state needed state.Distro = "YOLO" @@ -538,10 +547,14 @@ func (p *Packager) pushImagesToRegistry(ctx context.Context, componentImages []s // Push all of the components git repos to the configured git server. func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, repos []string) error { for _, repoURL := range repos { + repository, err := git.Open(reposPath, repoURL) + if err != nil { + return err + } + // Create an anonymous function to push the repo to the Zarf git server tryPush := func() error { - gitClient := git.New(p.state.GitServer) - namespace, name, port, err := serviceInfoFromServiceURL(gitClient.Server.Address) + namespace, name, port, err := serviceInfoFromServiceURL(p.state.GitServer.Address) // If this is a service (svcInfo is not nil), create a port-forward tunnel to that resource // TODO: Find a better way as ignoring the error is not a good solution to decide to port forward. @@ -554,23 +567,42 @@ func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, return err } } - tunnel, err := p.cluster.NewTunnel(namespace, cluster.SvcResource, name, "", 0, port) if err != nil { return err } - _, err = tunnel.Connect(ctx) if err != nil { return err } defer tunnel.Close() - gitClient.Server.Address = tunnel.HTTPEndpoint() - - return tunnel.Wrap(func() error { return gitClient.PushRepo(repoURL, reposPath) }) + giteaClient, err := gitea.NewClient(tunnel.HTTPEndpoint(), p.state.GitServer.PushUsername, p.state.GitServer.PushPassword) + if err != nil { + return err + } + return tunnel.Wrap(func() error { + err = repository.Push(ctx, tunnel.HTTPEndpoint(), p.state.GitServer.PushUsername, p.state.GitServer.PushPassword) + if err != nil { + return err + } + // Add the read-only user to this repo + repoName, err := transform.GitURLtoRepoName(repoURL) + if err != nil { + return err + } + err = giteaClient.AddReadOnlyUserToRepository(ctx, repoName, p.state.GitServer.PullUsername) + if err != nil { + return fmt.Errorf("unable to add the read only user to the repo %s: %w", repoName, err) + } + return nil + }) } - return gitClient.PushRepo(repoURL, reposPath) + err = repository.Push(ctx, p.state.GitServer.Address, p.state.GitServer.PushUsername, p.state.GitServer.PushPassword) + if err != nil { + return err + } + return nil } // Try repo push up to retry limit @@ -578,13 +610,12 @@ func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, return fmt.Errorf("unable to push repo %s to the Git Server: %w", repoURL, err) } } - return nil } // generateValuesOverrides creates a map containing overrides for chart values based on the chart and component // Specifically it merges DeployOpts.ValuesOverridesMap over Zarf `variables` for a given component/chart combination -func (p *Packager) generateValuesOverrides(chart types.ZarfChart, componentName string) (map[string]any, error) { +func (p *Packager) generateValuesOverrides(chart v1alpha1.ZarfChart, componentName string) (map[string]any, error) { valuesOverrides := make(map[string]any) chartOverrides := make(map[string]any) @@ -610,7 +641,7 @@ func (p *Packager) generateValuesOverrides(chart types.ZarfChart, componentName } // Install all Helm charts and raw k8s manifests into the k8s cluster. -func (p *Packager) installChartAndManifests(ctx context.Context, componentPaths *layout.ComponentPaths, component types.ZarfComponent) (installedCharts []types.InstalledChart, err error) { +func (p *Packager) installChartAndManifests(ctx context.Context, componentPaths *layout.ComponentPaths, component v1alpha1.ZarfComponent) (installedCharts []types.InstalledChart, err error) { for _, chart := range component.Charts { // Do not wait for the chart to be ready if data injections are present. if len(component.DataInjections) > 0 { @@ -715,22 +746,23 @@ func (p *Packager) installChartAndManifests(ctx context.Context, componentPaths return installedCharts, nil } -func (p *Packager) printTablesForDeployment(ctx context.Context, componentsToDeploy []types.DeployedComponent) { - +func (p *Packager) printTablesForDeployment(ctx context.Context, componentsToDeploy []types.DeployedComponent) error { // If not init config, print the application connection table if !p.cfg.Pkg.IsInitConfig() { message.PrintConnectStringTable(p.connectStrings) - } else { - if p.cluster != nil { - // Grab a fresh copy of the state (if we are able) to print the most up-to-date version of the creds - freshState, err := p.cluster.LoadZarfState(ctx) - if err != nil { - freshState = p.state - } - // otherwise, print the init config connection and passwords - message.PrintCredentialTable(freshState, componentsToDeploy) - } + return nil } + // Don't print if cluster is not configured + if p.cluster == nil { + return nil + } + // Grab a fresh copy of the state to print the most up-to-date version of the creds + latestState, err := p.cluster.LoadZarfState(ctx) + if err != nil { + return err + } + message.PrintCredentialTable(latestState, componentsToDeploy) + return nil } // ServiceInfoFromServiceURL takes a serviceURL and parses it to find the service info for connecting to the cluster. The string is expected to follow the following format: diff --git a/src/pkg/packager/deploy_test.go b/src/pkg/packager/deploy_test.go index 6e82cbcb10..d0802a4ac5 100644 --- a/src/pkg/packager/deploy_test.go +++ b/src/pkg/packager/deploy_test.go @@ -7,6 +7,7 @@ import ( "testing" "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/packager/sources" "github.com/zarf-dev/zarf/src/pkg/variables" "github.com/zarf-dev/zarf/src/types" @@ -17,7 +18,7 @@ func TestGenerateValuesOverrides(t *testing.T) { tests := []struct { name string - chart types.ZarfChart + chart v1alpha1.ZarfChart setVariables map[string]string deployOpts types.ZarfDeployOptions componentName string @@ -25,7 +26,7 @@ func TestGenerateValuesOverrides(t *testing.T) { }{ { name: "Empty inputs", - chart: types.ZarfChart{}, + chart: v1alpha1.ZarfChart{}, setVariables: map[string]string{}, deployOpts: types.ZarfDeployOptions{}, componentName: "", @@ -33,9 +34,9 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Single variable", - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: "test-chart", - Variables: []types.ZarfChartVariable{{Name: "TEST_VAR", Path: "testVar"}}, + Variables: []v1alpha1.ZarfChartVariable{{Name: "TEST_VAR", Path: "testVar"}}, }, setVariables: map[string]string{"TEST_VAR": "testValue"}, deployOpts: types.ZarfDeployOptions{}, @@ -44,9 +45,9 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Non-matching setVariable", - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: "test-chart", - Variables: []types.ZarfChartVariable{{Name: "EXPECTED_VAR", Path: "path.to.expectedVar"}}, + Variables: []v1alpha1.ZarfChartVariable{{Name: "EXPECTED_VAR", Path: "path.to.expectedVar"}}, }, setVariables: map[string]string{"UNEXPECTED_VAR": "unexpectedValue"}, deployOpts: types.ZarfDeployOptions{}, @@ -55,9 +56,9 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Nested 3 level setVariables", - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: "nested-chart", - Variables: []types.ZarfChartVariable{ + Variables: []v1alpha1.ZarfChartVariable{ {Name: "LEVEL1_LEVEL2_LEVEL3_VAR", Path: "level1.level2.level3Var"}, }, }, @@ -74,9 +75,9 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Multiple variables with nested and non-nested paths, distinct values", - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: "mixed-chart", - Variables: []types.ZarfChartVariable{ + Variables: []v1alpha1.ZarfChartVariable{ {Name: "NESTED_VAR_LEVEL2", Path: "nestedVar.level2"}, {Name: "SIMPLE_VAR", Path: "simpleVar"}, }, @@ -96,9 +97,9 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Values override test", - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: "test-chart", - Variables: []types.ZarfChartVariable{ + Variables: []v1alpha1.ZarfChartVariable{ {Name: "OVERRIDE_VAR", Path: "path"}, }, }, @@ -119,9 +120,9 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Missing variable in setVariables but present in ValuesOverridesMap", - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: "test-chart", - Variables: []types.ZarfChartVariable{ + Variables: []v1alpha1.ZarfChartVariable{ {Name: "MISSING_VAR", Path: "missingVarPath"}, }, }, @@ -142,9 +143,9 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Non-existent component or chart", - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: "actual-chart", - Variables: []types.ZarfChartVariable{{Name: "SOME_VAR", Path: "someVar"}}, + Variables: []v1alpha1.ZarfChartVariable{{Name: "SOME_VAR", Path: "someVar"}}, }, setVariables: map[string]string{"SOME_VAR": "value"}, deployOpts: types.ZarfDeployOptions{ @@ -161,7 +162,7 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Variable in setVariables but not in chartVariables", - chart: types.ZarfChart{Name: "orphan-chart"}, + chart: v1alpha1.ZarfChart{Name: "orphan-chart"}, setVariables: map[string]string{"ORPHAN_VAR": "orphanValue"}, deployOpts: types.ZarfDeployOptions{}, componentName: "orphan-component", @@ -169,9 +170,9 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Empty ValuesOverridesMap with non-empty setVariableMap and chartVariables", - chart: types.ZarfChart{ + chart: v1alpha1.ZarfChart{ Name: "chart-with-vars", - Variables: []types.ZarfChartVariable{ + Variables: []v1alpha1.ZarfChartVariable{ {Name: "VAR1", Path: "path.to.var1"}, {Name: "VAR2", Path: "path.to.var2"}, {Name: "VAR3", Path: "path.to3.var3"}, @@ -198,7 +199,7 @@ func TestGenerateValuesOverrides(t *testing.T) { }, { name: "Empty chartVariables and non-empty setVariableMap", - chart: types.ZarfChart{Name: "chart-with-vars"}, + chart: v1alpha1.ZarfChart{Name: "chart-with-vars"}, setVariables: map[string]string{ "VAR1": "value1", "VAR2": "value2", diff --git a/src/pkg/packager/deprecated/common.go b/src/pkg/packager/deprecated/common.go index e0dd708c27..578f8c4ff2 100644 --- a/src/pkg/packager/deprecated/common.go +++ b/src/pkg/packager/deprecated/common.go @@ -14,8 +14,8 @@ import ( "github.com/Masterminds/semver/v3" "github.com/pterm/pterm" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/types" ) // BreakingChange represents a breaking change that happened on a specified Zarf version. @@ -44,12 +44,12 @@ const ( // MigrateComponent runs all migrations on a component. // Build should be empty on package create, but include just in case someone copied a zarf.yaml from a zarf package. -func MigrateComponent(build types.ZarfBuildData, component types.ZarfComponent) (migratedComponent types.ZarfComponent, warnings []string) { +func MigrateComponent(build v1alpha1.ZarfBuildData, component v1alpha1.ZarfComponent) (migratedComponent v1alpha1.ZarfComponent, warnings []string) { migratedComponent = component // If the component has already been migrated, clear the deprecated scripts. if slices.Contains(build.Migrations, ScriptsToActionsMigrated) { - migratedComponent.DeprecatedScripts = types.DeprecatedZarfComponentScripts{} + migratedComponent.DeprecatedScripts = v1alpha1.DeprecatedZarfComponentScripts{} } else { // Otherwise, run the migration. var warning string diff --git a/src/pkg/packager/deprecated/pluralize-set-variable.go b/src/pkg/packager/deprecated/pluralize-set-variable.go index 44ea9c7f9c..04981f2790 100644 --- a/src/pkg/packager/deprecated/pluralize-set-variable.go +++ b/src/pkg/packager/deprecated/pluralize-set-variable.go @@ -7,14 +7,14 @@ package deprecated import ( "fmt" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/variables" - "github.com/zarf-dev/zarf/src/types" ) -func migrateSetVariableToSetVariables(c types.ZarfComponent) (types.ZarfComponent, string) { +func migrateSetVariableToSetVariables(c v1alpha1.ZarfComponent) (v1alpha1.ZarfComponent, string) { hasSetVariable := false - migrate := func(actions []types.ZarfComponentAction) []types.ZarfComponentAction { + migrate := func(actions []v1alpha1.ZarfComponentAction) []v1alpha1.ZarfComponentAction { for i := range actions { if actions[i].DeprecatedSetVariable != "" && len(actions[i].SetVariables) < 1 { hasSetVariable = true @@ -56,8 +56,8 @@ func migrateSetVariableToSetVariables(c types.ZarfComponent) (types.ZarfComponen return c, "" } -func clearSetVariables(c types.ZarfComponent) types.ZarfComponent { - clear := func(actions []types.ZarfComponentAction) []types.ZarfComponentAction { +func clearSetVariables(c v1alpha1.ZarfComponent) v1alpha1.ZarfComponent { + clear := func(actions []v1alpha1.ZarfComponentAction) []v1alpha1.ZarfComponentAction { for i := range actions { actions[i].DeprecatedSetVariable = "" } diff --git a/src/pkg/packager/deprecated/scripts-to-actions.go b/src/pkg/packager/deprecated/scripts-to-actions.go index f296e49ec3..02f92d0262 100644 --- a/src/pkg/packager/deprecated/scripts-to-actions.go +++ b/src/pkg/packager/deprecated/scripts-to-actions.go @@ -8,7 +8,7 @@ import ( "fmt" "math" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) // migrateScriptsToActions coverts the deprecated scripts to the new actions @@ -18,11 +18,11 @@ import ( // - Actions.*.OnSuccess // - Actions.*.OnFailure // - Actions.*.*.Env -func migrateScriptsToActions(c types.ZarfComponent) (types.ZarfComponent, string) { +func migrateScriptsToActions(c v1alpha1.ZarfComponent) (v1alpha1.ZarfComponent, string) { var hasScripts bool // Convert a script configs to action defaults. - defaults := types.ZarfComponentActionDefaults{ + defaults := v1alpha1.ZarfComponentActionDefaults{ // ShowOutput (default false) -> Mute (default false) Mute: !c.DeprecatedScripts.ShowOutput, // TimeoutSeconds -> MaxSeconds @@ -39,7 +39,7 @@ func migrateScriptsToActions(c types.ZarfComponent) (types.ZarfComponent, string hasScripts = true c.Actions.OnCreate.Defaults = defaults for _, s := range c.DeprecatedScripts.Prepare { - c.Actions.OnCreate.Before = append(c.Actions.OnCreate.Before, types.ZarfComponentAction{Cmd: s}) + c.Actions.OnCreate.Before = append(c.Actions.OnCreate.Before, v1alpha1.ZarfComponentAction{Cmd: s}) } } @@ -48,7 +48,7 @@ func migrateScriptsToActions(c types.ZarfComponent) (types.ZarfComponent, string hasScripts = true c.Actions.OnDeploy.Defaults = defaults for _, s := range c.DeprecatedScripts.Before { - c.Actions.OnDeploy.Before = append(c.Actions.OnDeploy.Before, types.ZarfComponentAction{Cmd: s}) + c.Actions.OnDeploy.Before = append(c.Actions.OnDeploy.Before, v1alpha1.ZarfComponentAction{Cmd: s}) } } @@ -57,7 +57,7 @@ func migrateScriptsToActions(c types.ZarfComponent) (types.ZarfComponent, string hasScripts = true c.Actions.OnDeploy.Defaults = defaults for _, s := range c.DeprecatedScripts.After { - c.Actions.OnDeploy.After = append(c.Actions.OnDeploy.After, types.ZarfComponentAction{Cmd: s}) + c.Actions.OnDeploy.After = append(c.Actions.OnDeploy.After, v1alpha1.ZarfComponentAction{Cmd: s}) } } diff --git a/src/pkg/packager/dev.go b/src/pkg/packager/dev.go index 4363c0b49a..1c1208be14 100644 --- a/src/pkg/packager/dev.go +++ b/src/pkg/packager/dev.go @@ -6,21 +6,16 @@ package packager import ( "context" - "errors" "fmt" "os" - "path/filepath" "runtime" "github.com/defenseunicorns/pkg/helpers/v2" - "github.com/fatih/color" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/creator" "github.com/zarf-dev/zarf/src/pkg/packager/filters" - "github.com/zarf-dev/zarf/src/pkg/packager/lint" - "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/types" ) @@ -58,8 +53,8 @@ func (p *Packager) DevDeploy(ctx context.Context) error { return err } - if err := p.cfg.Pkg.Validate(); err != nil { - return fmt.Errorf("unable to validate package: %w", err) + if err := creator.Validate(p.cfg.Pkg, p.cfg.CreateOpts.BaseDir); err != nil { + return fmt.Errorf("package validation failed: %w", err) } if err := p.populatePackageVariableConfig(); err != nil { @@ -110,69 +105,3 @@ func (p *Packager) DevDeploy(ctx context.Context) error { // cd back return os.Chdir(cwd) } - -// Lint ensures a package is valid & follows suggested conventions -func (p *Packager) Lint(ctx context.Context) error { - if err := os.Chdir(p.cfg.CreateOpts.BaseDir); err != nil { - return fmt.Errorf("unable to access directory %q: %w", p.cfg.CreateOpts.BaseDir, err) - } - - if err := utils.ReadYaml(layout.ZarfYAML, &p.cfg.Pkg); err != nil { - return err - } - - findings, err := lint.Validate(ctx, p.cfg.Pkg, p.cfg.CreateOpts) - if err != nil { - return fmt.Errorf("linting failed: %w", err) - } - - if len(findings) == 0 { - message.Successf("0 findings for %q", p.cfg.Pkg.Metadata.Name) - return nil - } - - mapOfFindingsByPath := lint.GroupFindingsByPath(findings, types.SevWarn, p.cfg.Pkg.Metadata.Name) - - header := []string{"Type", "Path", "Message"} - - for _, findings := range mapOfFindingsByPath { - lintData := [][]string{} - for _, finding := range findings { - lintData = append(lintData, []string{ - colorWrapSev(finding.Severity), - message.ColorWrap(finding.YqPath, color.FgCyan), - itemizedDescription(finding.Description, finding.Item), - }) - } - var packagePathFromUser string - if helpers.IsOCIURL(findings[0].PackagePathOverride) { - packagePathFromUser = findings[0].PackagePathOverride - } else { - packagePathFromUser = filepath.Join(p.cfg.CreateOpts.BaseDir, findings[0].PackagePathOverride) - } - message.Notef("Linting package %q at %s", findings[0].PackageNameOverride, packagePathFromUser) - message.Table(header, lintData) - } - - if lint.HasSeverity(findings, types.SevErr) { - return errors.New("errors during lint") - } - - return nil -} - -func itemizedDescription(description string, item string) string { - if item == "" { - return description - } - return fmt.Sprintf("%s - %s", description, item) -} - -func colorWrapSev(s types.Severity) string { - if s == types.SevErr { - return message.ColorWrap("Error", color.FgRed) - } else if s == types.SevWarn { - return message.ColorWrap("Warning", color.FgYellow) - } - return "unknown" -} diff --git a/src/pkg/packager/filters/deploy.go b/src/pkg/packager/filters/deploy.go index 40555fb9a2..4b562d1c92 100644 --- a/src/pkg/packager/filters/deploy.go +++ b/src/pkg/packager/filters/deploy.go @@ -11,8 +11,8 @@ import ( "github.com/agnivade/levenshtein" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/interactive" - "github.com/zarf-dev/zarf/src/types" ) // ForDeploy creates a new deployment filter. @@ -40,9 +40,9 @@ var ( ) // Apply applies the filter. -func (f *deploymentFilter) Apply(pkg types.ZarfPackage) ([]types.ZarfComponent, error) { - var selectedComponents []types.ZarfComponent - groupedComponents := map[string][]types.ZarfComponent{} +func (f *deploymentFilter) Apply(pkg v1alpha1.ZarfPackage) ([]v1alpha1.ZarfComponent, error) { + var selectedComponents []v1alpha1.ZarfComponent + groupedComponents := map[string][]v1alpha1.ZarfComponent{} orderedComponentGroups := []string{} // Group the components by Name and Group while maintaining order @@ -66,8 +66,8 @@ func (f *deploymentFilter) Apply(pkg types.ZarfPackage) ([]types.ZarfComponent, // NOTE: This does not use forIncludedComponents as it takes group, default and required status into account. for _, groupKey := range orderedComponentGroups { - var groupDefault *types.ZarfComponent - var groupSelected *types.ZarfComponent + var groupDefault *v1alpha1.ZarfComponent + var groupSelected *v1alpha1.ZarfComponent for _, component := range groupedComponents[groupKey] { // Ensure we have a local version of the component to point to (otherwise the pointer might change on us) diff --git a/src/pkg/packager/filters/deploy_test.go b/src/pkg/packager/filters/deploy_test.go index 5b31a2269e..f9899de228 100644 --- a/src/pkg/packager/filters/deploy_test.go +++ b/src/pkg/packager/filters/deploy_test.go @@ -11,11 +11,11 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) -func componentFromQuery(t *testing.T, q string) types.ZarfComponent { - c := types.ZarfComponent{ +func componentFromQuery(t *testing.T, q string) v1alpha1.ZarfComponent { + c := v1alpha1.ZarfComponent{ Name: q, } @@ -48,8 +48,8 @@ func componentFromQuery(t *testing.T, q string) types.ZarfComponent { return c } -func componentMatrix(_ *testing.T) []types.ZarfComponent { - var components []types.ZarfComponent +func componentMatrix(_ *testing.T) []v1alpha1.ZarfComponent { + var components []v1alpha1.ZarfComponent defaultValues := []bool{true, false} requiredValues := []interface{}{nil, true, false} @@ -92,7 +92,7 @@ func componentMatrix(_ *testing.T) []types.ZarfComponent { } } - c := types.ZarfComponent{ + c := v1alpha1.ZarfComponent{ Name: name.String(), Default: defaultValue, DeprecatedGroup: groupValue, @@ -111,24 +111,23 @@ func componentMatrix(_ *testing.T) []types.ZarfComponent { } func TestDeployFilter_Apply(t *testing.T) { - possibilities := componentMatrix(t) tests := map[string]struct { - pkg types.ZarfPackage + pkg v1alpha1.ZarfPackage optionalComponents string - want []types.ZarfComponent + want []v1alpha1.ZarfComponent expectedErr error }{ "Test when version is less than v0.33.0 w/ no optional components selected": { - pkg: types.ZarfPackage{ - Build: types.ZarfBuildData{ + pkg: v1alpha1.ZarfPackage{ + Build: v1alpha1.ZarfBuildData{ Version: "v0.32.0", }, Components: possibilities, }, optionalComponents: "", - want: []types.ZarfComponent{ + want: []v1alpha1.ZarfComponent{ componentFromQuery(t, "required= && default=true"), componentFromQuery(t, "required=true && default=true"), componentFromQuery(t, "required=false && default=true"), @@ -138,14 +137,14 @@ func TestDeployFilter_Apply(t *testing.T) { }, }, "Test when version is less than v0.33.0 w/ some optional components selected": { - pkg: types.ZarfPackage{ - Build: types.ZarfBuildData{ + pkg: v1alpha1.ZarfPackage{ + Build: v1alpha1.ZarfBuildData{ Version: "v0.32.0", }, Components: possibilities, }, optionalComponents: strings.Join([]string{"required=false", "required= && group=bar && idx=5 && default=false", "-required=true"}, ","), - want: []types.ZarfComponent{ + want: []v1alpha1.ZarfComponent{ componentFromQuery(t, "required= && default=true"), componentFromQuery(t, "required=true && default=true"), componentFromQuery(t, "required=false && default=true"), @@ -158,11 +157,11 @@ func TestDeployFilter_Apply(t *testing.T) { }, }, "Test failing when group has no default and no selection was made": { - pkg: types.ZarfPackage{ - Build: types.ZarfBuildData{ + pkg: v1alpha1.ZarfPackage{ + Build: v1alpha1.ZarfBuildData{ Version: "v0.32.0", }, - Components: []types.ZarfComponent{ + Components: []v1alpha1.ZarfComponent{ componentFromQuery(t, "group=foo && default=false"), componentFromQuery(t, "group=foo && default=false"), }, @@ -171,11 +170,11 @@ func TestDeployFilter_Apply(t *testing.T) { expectedErr: ErrNoDefaultOrSelection, }, "Test failing when multiple are selected from the same group": { - pkg: types.ZarfPackage{ - Build: types.ZarfBuildData{ + pkg: v1alpha1.ZarfPackage{ + Build: v1alpha1.ZarfBuildData{ Version: "v0.32.0", }, - Components: []types.ZarfComponent{ + Components: []v1alpha1.ZarfComponent{ componentFromQuery(t, "group=foo && default=true"), componentFromQuery(t, "group=foo && default=false"), }, @@ -184,8 +183,8 @@ func TestDeployFilter_Apply(t *testing.T) { expectedErr: ErrMultipleSameGroup, }, "Test failing when no components are found that match the query": { - pkg: types.ZarfPackage{ - Build: types.ZarfBuildData{ + pkg: v1alpha1.ZarfPackage{ + Build: v1alpha1.ZarfBuildData{ Version: "v0.32.0", }, Components: possibilities, diff --git a/src/pkg/packager/filters/diff.go b/src/pkg/packager/filters/diff.go index bbba9ab789..2ae56e7a45 100644 --- a/src/pkg/packager/filters/diff.go +++ b/src/pkg/packager/filters/diff.go @@ -7,7 +7,8 @@ import ( "fmt" "github.com/go-git/go-git/v5/plumbing" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/api/v1alpha1" + "github.com/zarf-dev/zarf/src/internal/git" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/types" ) @@ -23,8 +24,8 @@ type differentialDataFilter struct { diffData *types.DifferentialData } -func (f *differentialDataFilter) Apply(pkg types.ZarfPackage) ([]types.ZarfComponent, error) { - diffComponents := []types.ZarfComponent{} +func (f *differentialDataFilter) Apply(pkg v1alpha1.ZarfPackage) ([]v1alpha1.ZarfComponent, error) { + diffComponents := []v1alpha1.ZarfComponent{} for _, component := range pkg.Components { filteredImages := []string{} for _, img := range component.Images { diff --git a/src/pkg/packager/filters/diff_test.go b/src/pkg/packager/filters/diff_test.go index 0b279b8f08..ce89629159 100644 --- a/src/pkg/packager/filters/diff_test.go +++ b/src/pkg/packager/filters/diff_test.go @@ -7,12 +7,13 @@ import ( "testing" "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/types" ) func TestCopyFilter(t *testing.T) { - pkg := types.ZarfPackage{ - Components: []types.ZarfComponent{ + pkg := v1alpha1.ZarfPackage{ + Components: []v1alpha1.ZarfComponent{ { Images: []string{ "example.com/include-image-tag:latest", diff --git a/src/pkg/packager/filters/empty.go b/src/pkg/packager/filters/empty.go index af4eb09663..4729adc509 100644 --- a/src/pkg/packager/filters/empty.go +++ b/src/pkg/packager/filters/empty.go @@ -4,7 +4,7 @@ // Package filters contains core implementations of the ComponentFilterStrategy interface. package filters -import "github.com/zarf-dev/zarf/src/types" +import "github.com/zarf-dev/zarf/src/api/v1alpha1" // Empty returns a filter that does nothing. func Empty() ComponentFilterStrategy { @@ -15,6 +15,6 @@ func Empty() ComponentFilterStrategy { type emptyFilter struct{} // Apply returns the components unchanged. -func (f *emptyFilter) Apply(pkg types.ZarfPackage) ([]types.ZarfComponent, error) { +func (f *emptyFilter) Apply(pkg v1alpha1.ZarfPackage) ([]v1alpha1.ZarfComponent, error) { return pkg.Components, nil } diff --git a/src/pkg/packager/filters/empty_test.go b/src/pkg/packager/filters/empty_test.go index 8d55fd70ad..2b74597723 100644 --- a/src/pkg/packager/filters/empty_test.go +++ b/src/pkg/packager/filters/empty_test.go @@ -8,11 +8,11 @@ import ( "testing" "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) func TestEmptyFilter_Apply(t *testing.T) { - components := []types.ZarfComponent{ + components := []v1alpha1.ZarfComponent{ { Name: "component1", }, @@ -20,7 +20,7 @@ func TestEmptyFilter_Apply(t *testing.T) { Name: "component2", }, } - pkg := types.ZarfPackage{ + pkg := v1alpha1.ZarfPackage{ Components: components, } filter := Empty() diff --git a/src/pkg/packager/filters/os.go b/src/pkg/packager/filters/os.go index 845c0cb400..2bc7dffa2e 100644 --- a/src/pkg/packager/filters/os.go +++ b/src/pkg/packager/filters/os.go @@ -7,7 +7,7 @@ package filters import ( "errors" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) // ByLocalOS creates a new filter that filters components based on local (runtime) OS. @@ -24,12 +24,12 @@ type localOSFilter struct { var ErrLocalOSRequired = errors.New("localOS is required") // Apply applies the filter. -func (f *localOSFilter) Apply(pkg types.ZarfPackage) ([]types.ZarfComponent, error) { +func (f *localOSFilter) Apply(pkg v1alpha1.ZarfPackage) ([]v1alpha1.ZarfComponent, error) { if f.localOS == "" { return nil, ErrLocalOSRequired } - filtered := []types.ZarfComponent{} + filtered := []v1alpha1.ZarfComponent{} for _, component := range pkg.Components { if component.Only.LocalOS == "" || component.Only.LocalOS == f.localOS { filtered = append(filtered, component) diff --git a/src/pkg/packager/filters/os_test.go b/src/pkg/packager/filters/os_test.go index 4dcc4b5279..fb81d1355a 100644 --- a/src/pkg/packager/filters/os_test.go +++ b/src/pkg/packager/filters/os_test.go @@ -8,21 +8,20 @@ import ( "testing" "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) func TestLocalOSFilter(t *testing.T) { - - pkg := types.ZarfPackage{} - for _, os := range types.SupportedOS() { - pkg.Components = append(pkg.Components, types.ZarfComponent{ - Only: types.ZarfComponentOnlyTarget{ + pkg := v1alpha1.ZarfPackage{} + for _, os := range v1alpha1.SupportedOS() { + pkg.Components = append(pkg.Components, v1alpha1.ZarfComponent{ + Only: v1alpha1.ZarfComponentOnlyTarget{ LocalOS: os, }, }) } - for _, os := range types.SupportedOS() { + for _, os := range v1alpha1.SupportedOS() { filter := ByLocalOS(os) result, err := filter.Apply(pkg) if os == "" { diff --git a/src/pkg/packager/filters/select.go b/src/pkg/packager/filters/select.go index 35694f580f..fafc8c64fa 100644 --- a/src/pkg/packager/filters/select.go +++ b/src/pkg/packager/filters/select.go @@ -6,7 +6,7 @@ package filters import ( "github.com/defenseunicorns/pkg/helpers/v2" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) // BySelectState creates a new simple included filter. @@ -24,9 +24,9 @@ type selectStateFilter struct { } // Apply applies the filter. -func (f *selectStateFilter) Apply(pkg types.ZarfPackage) ([]types.ZarfComponent, error) { +func (f *selectStateFilter) Apply(pkg v1alpha1.ZarfPackage) ([]v1alpha1.ZarfComponent, error) { isPartial := len(f.requestedComponents) > 0 && f.requestedComponents[0] != "" - result := []types.ZarfComponent{} + result := []v1alpha1.ZarfComponent{} for _, component := range pkg.Components { selectState := included if isPartial { diff --git a/src/pkg/packager/filters/select_test.go b/src/pkg/packager/filters/select_test.go index b4d4ac9289..a384ce56e8 100644 --- a/src/pkg/packager/filters/select_test.go +++ b/src/pkg/packager/filters/select_test.go @@ -8,26 +8,26 @@ import ( "testing" "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) func Test_selectStateFilter_Apply(t *testing.T) { tests := []struct { name string requestedComponents string - components []types.ZarfComponent - expectedResult []types.ZarfComponent + components []v1alpha1.ZarfComponent + expectedResult []v1alpha1.ZarfComponent expectedError error }{ { name: "Test when requestedComponents is empty", requestedComponents: "", - components: []types.ZarfComponent{ + components: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component2"}, {Name: "component3"}, }, - expectedResult: []types.ZarfComponent{ + expectedResult: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component2"}, {Name: "component3"}, @@ -37,12 +37,12 @@ func Test_selectStateFilter_Apply(t *testing.T) { { name: "Test when requestedComponents contains a valid component name", requestedComponents: "component2", - components: []types.ZarfComponent{ + components: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component2"}, {Name: "component3"}, }, - expectedResult: []types.ZarfComponent{ + expectedResult: []v1alpha1.ZarfComponent{ {Name: "component2"}, }, expectedError: nil, @@ -50,12 +50,12 @@ func Test_selectStateFilter_Apply(t *testing.T) { { name: "Test when requestedComponents contains an excluded component name", requestedComponents: "comp*, -component2", - components: []types.ZarfComponent{ + components: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component2"}, {Name: "component3"}, }, - expectedResult: []types.ZarfComponent{ + expectedResult: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component3"}, }, @@ -64,12 +64,12 @@ func Test_selectStateFilter_Apply(t *testing.T) { { name: "Test when requestedComponents contains a glob pattern", requestedComponents: "comp*", - components: []types.ZarfComponent{ + components: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component2"}, {Name: "other"}, }, - expectedResult: []types.ZarfComponent{ + expectedResult: []v1alpha1.ZarfComponent{ {Name: "component1"}, {Name: "component2"}, }, @@ -81,7 +81,7 @@ func Test_selectStateFilter_Apply(t *testing.T) { t.Run(tc.name, func(t *testing.T) { filter := BySelectState(tc.requestedComponents) - result, err := filter.Apply(types.ZarfPackage{ + result, err := filter.Apply(v1alpha1.ZarfPackage{ Components: tc.components, }) diff --git a/src/pkg/packager/filters/strat.go b/src/pkg/packager/filters/strat.go index 1411ae3c5f..b63f39bd42 100644 --- a/src/pkg/packager/filters/strat.go +++ b/src/pkg/packager/filters/strat.go @@ -7,12 +7,12 @@ package filters import ( "fmt" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) // ComponentFilterStrategy is a strategy interface for filtering components. type ComponentFilterStrategy interface { - Apply(types.ZarfPackage) ([]types.ZarfComponent, error) + Apply(v1alpha1.ZarfPackage) ([]v1alpha1.ZarfComponent, error) } // comboFilter is a filter that applies a sequence of filters. @@ -21,7 +21,7 @@ type comboFilter struct { } // Apply applies the filter. -func (f *comboFilter) Apply(pkg types.ZarfPackage) ([]types.ZarfComponent, error) { +func (f *comboFilter) Apply(pkg v1alpha1.ZarfPackage) ([]v1alpha1.ZarfComponent, error) { result := pkg for _, filter := range f.filters { diff --git a/src/pkg/packager/filters/strat_test.go b/src/pkg/packager/filters/strat_test.go index 12f7dad86e..69c39beff9 100644 --- a/src/pkg/packager/filters/strat_test.go +++ b/src/pkg/packager/filters/strat_test.go @@ -8,7 +8,7 @@ import ( "testing" "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" ) func TestCombine(t *testing.T) { @@ -18,8 +18,8 @@ func TestCombine(t *testing.T) { combo := Combine(f1, f2, f3) - pkg := types.ZarfPackage{ - Components: []types.ZarfComponent{ + pkg := v1alpha1.ZarfPackage{ + Components: []v1alpha1.ZarfComponent{ { Name: "foo", }, @@ -35,7 +35,7 @@ func TestCombine(t *testing.T) { }, } - expected := []types.ZarfComponent{ + expected := []v1alpha1.ZarfComponent{ { Name: "bar", }, @@ -50,7 +50,7 @@ func TestCombine(t *testing.T) { // Test error propagation combo = Combine(f1, f2, ForDeploy("group with no default", false)) - pkg.Components = append(pkg.Components, types.ZarfComponent{ + pkg.Components = append(pkg.Components, v1alpha1.ZarfComponent{ Name: "group with no default", DeprecatedGroup: "g1", }) diff --git a/src/pkg/packager/generate.go b/src/pkg/packager/generate.go index d1fc593033..cc3393dbb5 100644 --- a/src/pkg/packager/generate.go +++ b/src/pkg/packager/generate.go @@ -13,10 +13,10 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" goyaml "github.com/goccy/go-yaml" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/types" ) // Generate generates a Zarf package definition. @@ -36,10 +36,10 @@ func (p *Packager) Generate(ctx context.Context) (err error) { } } - generatedComponent := types.ZarfComponent{ + generatedComponent := v1alpha1.ZarfComponent{ Name: p.cfg.GenerateOpts.Name, Required: helpers.BoolPtr(true), - Charts: []types.ZarfChart{ + Charts: []v1alpha1.ZarfChart{ { Name: p.cfg.GenerateOpts.Name, Version: p.cfg.GenerateOpts.Version, @@ -50,14 +50,14 @@ func (p *Packager) Generate(ctx context.Context) (err error) { }, } - p.cfg.Pkg = types.ZarfPackage{ - Kind: types.ZarfPackageConfig, - Metadata: types.ZarfMetadata{ + p.cfg.Pkg = v1alpha1.ZarfPackage{ + Kind: v1alpha1.ZarfPackageConfig, + Metadata: v1alpha1.ZarfMetadata{ Name: p.cfg.GenerateOpts.Name, Version: p.cfg.GenerateOpts.Version, Description: "auto-generated using `zarf dev generate`", }, - Components: []types.ZarfComponent{ + Components: []v1alpha1.ZarfComponent{ generatedComponent, }, } diff --git a/src/pkg/packager/lint/findings.go b/src/pkg/packager/lint/findings.go deleted file mode 100644 index 8b48bdea78..0000000000 --- a/src/pkg/packager/lint/findings.go +++ /dev/null @@ -1,41 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package lint contains functions for verifying zarf yaml files are valid -package lint - -import ( - "github.com/defenseunicorns/pkg/helpers/v2" - "github.com/zarf-dev/zarf/src/types" -) - -// GroupFindingsByPath groups findings by their package path -func GroupFindingsByPath(findings []types.PackageFinding, severity types.Severity, packageName string) map[string][]types.PackageFinding { - findings = helpers.RemoveMatches(findings, func(finding types.PackageFinding) bool { - return finding.Severity > severity - }) - for i := range findings { - if findings[i].PackageNameOverride == "" { - findings[i].PackageNameOverride = packageName - } - if findings[i].PackagePathOverride == "" { - findings[i].PackagePathOverride = "." - } - } - - mapOfFindingsByPath := make(map[string][]types.PackageFinding) - for _, finding := range findings { - mapOfFindingsByPath[finding.PackagePathOverride] = append(mapOfFindingsByPath[finding.PackagePathOverride], finding) - } - return mapOfFindingsByPath -} - -// HasSeverity returns true if the findings contain a severity equal to or greater than the given severity -func HasSeverity(findings []types.PackageFinding, severity types.Severity) bool { - for _, finding := range findings { - if finding.Severity <= severity { - return true - } - } - return false -} diff --git a/src/pkg/packager/lint/findings_test.go b/src/pkg/packager/lint/findings_test.go deleted file mode 100644 index 522135eb96..0000000000 --- a/src/pkg/packager/lint/findings_test.go +++ /dev/null @@ -1,122 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package lint contains functions for verifying zarf yaml files are valid -package lint - -import ( - "testing" - - "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/types" -) - -func TestGroupFindingsByPath(t *testing.T) { - t.Parallel() - tests := []struct { - name string - findings []types.PackageFinding - severity types.Severity - packageName string - want map[string][]types.PackageFinding - }{ - { - name: "same package multiple findings", - findings: []types.PackageFinding{ - {Severity: types.SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, - {Severity: types.SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, - }, - severity: types.SevWarn, - packageName: "testPackage", - want: map[string][]types.PackageFinding{ - "path": { - {Severity: types.SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, - {Severity: types.SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, - }, - }, - }, - { - name: "different packages single finding", - findings: []types.PackageFinding{ - {Severity: types.SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}, - {Severity: types.SevErr, PackageNameOverride: "", PackagePathOverride: ""}, - }, - severity: types.SevWarn, - packageName: "testPackage", - want: map[string][]types.PackageFinding{ - "path": {{Severity: types.SevWarn, PackageNameOverride: "import", PackagePathOverride: "path"}}, - ".": {{Severity: types.SevErr, PackageNameOverride: "testPackage", PackagePathOverride: "."}}, - }, - }, - { - name: "Multiple findings, mixed severity", - findings: []types.PackageFinding{ - {Severity: types.SevWarn, PackageNameOverride: "", PackagePathOverride: ""}, - {Severity: types.SevErr, PackageNameOverride: "", PackagePathOverride: ""}, - }, - severity: types.SevErr, - packageName: "testPackage", - want: map[string][]types.PackageFinding{ - ".": {{Severity: types.SevErr, PackageNameOverride: "testPackage", PackagePathOverride: "."}}, - }, - }, - } - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - require.Equal(t, tt.want, GroupFindingsByPath(tt.findings, tt.severity, tt.packageName)) - }) - } -} - -func TestHasSeverity(t *testing.T) { - t.Parallel() - tests := []struct { - name string - severity types.Severity - expected bool - findings []types.PackageFinding - }{ - { - name: "error severity present", - findings: []types.PackageFinding{ - { - Severity: types.SevErr, - }, - }, - severity: types.SevErr, - expected: true, - }, - { - name: "error severity not present", - findings: []types.PackageFinding{ - { - Severity: types.SevWarn, - }, - }, - severity: types.SevErr, - expected: false, - }, - { - name: "err and warning severity present", - findings: []types.PackageFinding{ - { - Severity: types.SevWarn, - }, - { - Severity: types.SevErr, - }, - }, - severity: types.SevErr, - expected: true, - }, - } - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - require.Equal(t, tt.expected, HasSeverity(tt.findings, tt.severity)) - }) - } -} diff --git a/src/pkg/packager/lint/lint.go b/src/pkg/packager/lint/lint.go deleted file mode 100644 index 34ab432fe0..0000000000 --- a/src/pkg/packager/lint/lint.go +++ /dev/null @@ -1,278 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package lint contains functions for verifying zarf yaml files are valid -package lint - -import ( - "context" - "fmt" - "io/fs" - "regexp" - "strings" - - "github.com/defenseunicorns/pkg/helpers/v2" - "github.com/xeipuuv/gojsonschema" - "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/config/lang" - "github.com/zarf-dev/zarf/src/pkg/layout" - "github.com/zarf-dev/zarf/src/pkg/packager/composer" - "github.com/zarf-dev/zarf/src/pkg/packager/creator" - "github.com/zarf-dev/zarf/src/pkg/transform" - "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" -) - -// ZarfSchema is exported so main.go can embed the schema file -var ZarfSchema fs.ReadFileFS - -// Validate the given Zarf package. The Zarf package should not already be composed when sent to this function. -func Validate(ctx context.Context, pkg types.ZarfPackage, createOpts types.ZarfCreateOptions) ([]types.PackageFinding, error) { - var findings []types.PackageFinding - compFindings, err := lintComponents(ctx, pkg, createOpts) - if err != nil { - return nil, err - } - findings = append(findings, compFindings...) - - jsonSchema, err := ZarfSchema.ReadFile("zarf.schema.json") - if err != nil { - return nil, err - } - - var untypedZarfPackage interface{} - if err := utils.ReadYaml(layout.ZarfYAML, &untypedZarfPackage); err != nil { - return nil, err - } - - schemaFindings, err := validateSchema(jsonSchema, untypedZarfPackage) - if err != nil { - return nil, err - } - findings = append(findings, schemaFindings...) - - return findings, nil -} - -func lintComponents(ctx context.Context, pkg types.ZarfPackage, createOpts types.ZarfCreateOptions) ([]types.PackageFinding, error) { - var findings []types.PackageFinding - - for i, component := range pkg.Components { - arch := config.GetArch(pkg.Metadata.Architecture) - if !composer.CompatibleComponent(component, arch, createOpts.Flavor) { - continue - } - - chain, err := composer.NewImportChain(ctx, component, i, pkg.Metadata.Name, arch, createOpts.Flavor) - if err != nil { - return nil, err - } - - node := chain.Head() - for node != nil { - component := node.ZarfComponent - compFindings := fillComponentTemplate(&component, &createOpts) - compFindings = append(compFindings, checkComponent(component, node.Index())...) - for i := range compFindings { - compFindings[i].PackagePathOverride = node.ImportLocation() - compFindings[i].PackageNameOverride = node.OriginalPackageName() - } - findings = append(findings, compFindings...) - node = node.Next() - } - } - return findings, nil -} - -func fillComponentTemplate(c *types.ZarfComponent, createOpts *types.ZarfCreateOptions) []types.PackageFinding { - var findings []types.PackageFinding - err := creator.ReloadComponentTemplate(c) - if err != nil { - findings = append(findings, types.PackageFinding{ - Description: err.Error(), - Severity: types.SevWarn, - }) - } - templateMap := map[string]string{} - - setVarsAndWarn := func(templatePrefix string, deprecated bool) { - yamlTemplates, err := utils.FindYamlTemplates(c, templatePrefix, "###") - if err != nil { - findings = append(findings, types.PackageFinding{ - Description: err.Error(), - Severity: types.SevWarn, - }) - } - - for key := range yamlTemplates { - if deprecated { - findings = append(findings, types.PackageFinding{ - Description: fmt.Sprintf(lang.PkgValidateTemplateDeprecation, key, key, key), - Severity: types.SevWarn, - }) - } - _, present := createOpts.SetVariables[key] - if !present { - findings = append(findings, types.PackageFinding{ - Description: lang.UnsetVarLintWarning, - Severity: types.SevWarn, - }) - } - } - for key, value := range createOpts.SetVariables { - templateMap[fmt.Sprintf("%s%s###", templatePrefix, key)] = value - } - } - - setVarsAndWarn(types.ZarfPackageTemplatePrefix, false) - - // [DEPRECATION] Set the Package Variable syntax as well for backward compatibility - setVarsAndWarn(types.ZarfPackageVariablePrefix, true) - - //nolint: errcheck // This error should bubble up - utils.ReloadYamlTemplate(c, templateMap) - return findings -} - -func isPinnedImage(image string) (bool, error) { - transformedImage, err := transform.ParseImageRef(image) - if err != nil { - if strings.Contains(image, types.ZarfPackageTemplatePrefix) || - strings.Contains(image, types.ZarfPackageVariablePrefix) { - return true, nil - } - return false, err - } - if isCosignSignature(transformedImage.Tag) || isCosignAttestation(transformedImage.Tag) { - return true, nil - } - return (transformedImage.Digest != ""), err -} - -func isCosignSignature(image string) bool { - return strings.HasSuffix(image, ".sig") -} - -func isCosignAttestation(image string) bool { - return strings.HasSuffix(image, ".att") -} - -func isPinnedRepo(repo string) bool { - return (strings.Contains(repo, "@")) -} - -// checkComponent runs lint rules against a component -func checkComponent(c types.ZarfComponent, i int) []types.PackageFinding { - var findings []types.PackageFinding - findings = append(findings, checkForUnpinnedRepos(c, i)...) - findings = append(findings, checkForUnpinnedImages(c, i)...) - findings = append(findings, checkForUnpinnedFiles(c, i)...) - return findings -} - -func checkForUnpinnedRepos(c types.ZarfComponent, i int) []types.PackageFinding { - var findings []types.PackageFinding - for j, repo := range c.Repos { - repoYqPath := fmt.Sprintf(".components.[%d].repos.[%d]", i, j) - if !isPinnedRepo(repo) { - findings = append(findings, types.PackageFinding{ - YqPath: repoYqPath, - Description: "Unpinned repository", - Item: repo, - Severity: types.SevWarn, - }) - } - } - return findings -} - -func checkForUnpinnedImages(c types.ZarfComponent, i int) []types.PackageFinding { - var findings []types.PackageFinding - for j, image := range c.Images { - imageYqPath := fmt.Sprintf(".components.[%d].images.[%d]", i, j) - pinnedImage, err := isPinnedImage(image) - if err != nil { - findings = append(findings, types.PackageFinding{ - YqPath: imageYqPath, - Description: "Failed to parse image reference", - Item: image, - Severity: types.SevWarn, - }) - continue - } - if !pinnedImage { - findings = append(findings, types.PackageFinding{ - YqPath: imageYqPath, - Description: "Image not pinned with digest", - Item: image, - Severity: types.SevWarn, - }) - } - } - return findings -} - -func checkForUnpinnedFiles(c types.ZarfComponent, i int) []types.PackageFinding { - var findings []types.PackageFinding - for j, file := range c.Files { - fileYqPath := fmt.Sprintf(".components.[%d].files.[%d]", i, j) - if file.Shasum == "" && helpers.IsURL(file.Source) { - findings = append(findings, types.PackageFinding{ - YqPath: fileYqPath, - Description: "No shasum for remote file", - Item: file.Source, - Severity: types.SevWarn, - }) - } - } - return findings -} - -func makeFieldPathYqCompat(field string) string { - if field == "(root)" { - return field - } - // \b is a metacharacter that will stop at the next non-word character (including .) - // https://regex101.com/r/pIRPk0/1 - re := regexp.MustCompile(`(\b\d+\b)`) - - wrappedField := re.ReplaceAllString(field, "[$1]") - - return fmt.Sprintf(".%s", wrappedField) -} - -func validateSchema(jsonSchema []byte, untypedZarfPackage interface{}) ([]types.PackageFinding, error) { - var findings []types.PackageFinding - - schemaErrors, err := runSchema(jsonSchema, untypedZarfPackage) - if err != nil { - return nil, err - } - - if len(schemaErrors) != 0 { - for _, schemaErr := range schemaErrors { - findings = append(findings, types.PackageFinding{ - YqPath: makeFieldPathYqCompat(schemaErr.Field()), - Description: schemaErr.Description(), - Severity: types.SevErr, - }) - } - } - - return findings, err -} - -func runSchema(jsonSchema []byte, pkg interface{}) ([]gojsonschema.ResultError, error) { - schemaLoader := gojsonschema.NewBytesLoader(jsonSchema) - documentLoader := gojsonschema.NewGoLoader(pkg) - - result, err := gojsonschema.Validate(schemaLoader, documentLoader) - if err != nil { - return nil, err - } - - if !result.Valid() { - return result.Errors(), nil - } - return nil, nil -} diff --git a/src/pkg/packager/lint/lint_test.go b/src/pkg/packager/lint/lint_test.go deleted file mode 100644 index 213c0938d2..0000000000 --- a/src/pkg/packager/lint/lint_test.go +++ /dev/null @@ -1,361 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package lint contains functions for verifying zarf yaml files are valid -package lint - -import ( - "context" - "errors" - "fmt" - "os" - "testing" - - goyaml "github.com/goccy/go-yaml" - "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/pkg/variables" - "github.com/zarf-dev/zarf/src/types" -) - -func TestZarfSchema(t *testing.T) { - t.Parallel() - zarfSchema, err := os.ReadFile("../../../../zarf.schema.json") - require.NoError(t, err) - - tests := []struct { - name string - pkg types.ZarfPackage - expectedSchemaStrings []string - }{ - { - name: "valid package", - pkg: types.ZarfPackage{ - Kind: types.ZarfInitConfig, - Metadata: types.ZarfMetadata{ - Name: "valid-name", - }, - Components: []types.ZarfComponent{ - { - Name: "valid-comp", - }, - }, - }, - expectedSchemaStrings: nil, - }, - { - name: "no comp or kind", - pkg: types.ZarfPackage{ - Metadata: types.ZarfMetadata{ - Name: "no-comp-or-kind", - }, - Components: []types.ZarfComponent{}, - }, - expectedSchemaStrings: []string{ - "kind: kind must be one of the following: \"ZarfInitConfig\", \"ZarfPackageConfig\"", - "components: Array must have at least 1 items", - }, - }, - { - name: "invalid package", - pkg: types.ZarfPackage{ - Kind: types.ZarfInitConfig, - Metadata: types.ZarfMetadata{ - Name: "-invalid-name", - }, - Components: []types.ZarfComponent{ - { - Name: "invalid-name", - Only: types.ZarfComponentOnlyTarget{ - LocalOS: "unsupportedOS", - }, - Import: types.ZarfComponentImport{ - Path: fmt.Sprintf("start%send", types.ZarfPackageTemplatePrefix), - URL: fmt.Sprintf("oci://start%send", types.ZarfPackageTemplatePrefix), - }, - }, - { - Name: "actions", - Actions: types.ZarfComponentActions{ - OnCreate: types.ZarfComponentActionSet{ - Before: []types.ZarfComponentAction{ - { - Cmd: "echo 'invalid setVariable'", - SetVariables: []variables.Variable{{Name: "not_uppercase"}}, - }, - }, - }, - OnRemove: types.ZarfComponentActionSet{ - OnSuccess: []types.ZarfComponentAction{ - { - Cmd: "echo 'invalid setVariable'", - SetVariables: []variables.Variable{{Name: "not_uppercase"}}, - }, - }, - }, - }, - }, - }, - Variables: []variables.InteractiveVariable{ - { - Variable: variables.Variable{Name: "not_uppercase"}, - }, - }, - Constants: []variables.Constant{ - { - Name: "not_uppercase", - }, - }, - }, - expectedSchemaStrings: []string{ - "metadata.name: Does not match pattern '^[a-z0-9][a-z0-9\\-]*$'", - "variables.0.name: Does not match pattern '^[A-Z0-9_]+$'", - "constants.0.name: Does not match pattern '^[A-Z0-9_]+$'", - "components.0.only.localOS: components.0.only.localOS must be one of the following: \"linux\", \"darwin\", \"windows\"", - "components.1.actions.onCreate.before.0.setVariables.0.name: Does not match pattern '^[A-Z0-9_]+$'", - "components.1.actions.onRemove.onSuccess.0.setVariables.0.name: Does not match pattern '^[A-Z0-9_]+$'", - "components.0.import.path: Must not validate the schema (not)", - "components.0.import.url: Must not validate the schema (not)", - }, - }, - } - for _, tt := range tests { - tt := tt - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - findings, err := runSchema(zarfSchema, tt.pkg) - require.NoError(t, err) - var schemaStrings []string - for _, schemaErr := range findings { - schemaStrings = append(schemaStrings, schemaErr.String()) - } - require.ElementsMatch(t, tt.expectedSchemaStrings, schemaStrings) - }) - } - - t.Run("validate schema fail with errors not possible from object", func(t *testing.T) { - t.Parallel() - // When we want to test the absence of a field, an incorrect type, or an extra field - // we can't do it through a struct since non pointer fields will have a zero value of their type - const badZarfPackage = ` -kind: ZarfInitConfig -extraField: whatever -metadata: - name: invalid - description: Testing bad yaml - -components: -- name: import-test - import: - path: 123123 - charts: - - noWait: true - manifests: - - namespace: no-name-for-manifest -` - var unmarshalledYaml interface{} - err := goyaml.Unmarshal([]byte(badZarfPackage), &unmarshalledYaml) - require.NoError(t, err) - schemaErrs, err := runSchema(zarfSchema, unmarshalledYaml) - require.NoError(t, err) - var schemaStrings []string - for _, schemaErr := range schemaErrs { - schemaStrings = append(schemaStrings, schemaErr.String()) - } - expectedSchemaStrings := []string{ - "(root): Additional property extraField is not allowed", - "components.0.import.path: Invalid type. Expected: string, given: integer", - "components.0.charts.0: name is required", - "components.0.manifests.0: name is required", - } - - require.ElementsMatch(t, expectedSchemaStrings, schemaStrings) - }) - - t.Run("test schema findings is created as expected", func(t *testing.T) { - t.Parallel() - findings, err := validateSchema(zarfSchema, types.ZarfPackage{ - Kind: types.ZarfInitConfig, - Metadata: types.ZarfMetadata{ - Name: "invalid", - }, - }) - require.NoError(t, err) - expected := []types.PackageFinding{ - { - Description: "Invalid type. Expected: array, given: null", - Severity: types.SevErr, - YqPath: ".components", - }, - } - require.ElementsMatch(t, expected, findings) - }) -} - -func TestValidateComponent(t *testing.T) { - t.Parallel() - - t.Run("Unpinnned repo warning", func(t *testing.T) { - t.Parallel() - unpinnedRepo := "https://github.com/zarf-dev/zarf-public-test.git" - component := types.ZarfComponent{Repos: []string{ - unpinnedRepo, - "https://dev.azure.com/defenseunicorns/zarf-public-test/_git/zarf-public-test@v0.0.1", - }} - findings := checkForUnpinnedRepos(component, 0) - expected := []types.PackageFinding{ - { - Item: unpinnedRepo, - Description: "Unpinned repository", - Severity: types.SevWarn, - YqPath: ".components.[0].repos.[0]", - }, - } - require.Equal(t, expected, findings) - }) - - t.Run("Unpinnned image warning", func(t *testing.T) { - t.Parallel() - unpinnedImage := "registry.com:9001/whatever/image:1.0.0" - badImage := "badimage:badimage@@sha256:3fbc632167424a6d997e74f5" - cosignSignature := "ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.sig" - cosignAttestation := "ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.att" - component := types.ZarfComponent{Images: []string{ - unpinnedImage, - "busybox:latest@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79", - badImage, - cosignSignature, - cosignAttestation, - }} - findings := checkForUnpinnedImages(component, 0) - expected := []types.PackageFinding{ - { - Item: unpinnedImage, - Description: "Image not pinned with digest", - Severity: types.SevWarn, - YqPath: ".components.[0].images.[0]", - }, - { - Item: badImage, - Description: "Failed to parse image reference", - Severity: types.SevWarn, - YqPath: ".components.[0].images.[2]", - }, - } - require.Equal(t, expected, findings) - }) - - t.Run("Unpinnned file warning", func(t *testing.T) { - t.Parallel() - fileURL := "http://example.com/file.zip" - localFile := "local.txt" - zarfFiles := []types.ZarfFile{ - { - Source: fileURL, - }, - { - Source: localFile, - }, - { - Source: fileURL, - Shasum: "fake-shasum", - }, - } - component := types.ZarfComponent{Files: zarfFiles} - findings := checkForUnpinnedFiles(component, 0) - expectedErr := []types.PackageFinding{ - { - Item: fileURL, - Description: "No shasum for remote file", - Severity: types.SevWarn, - YqPath: ".components.[0].files.[0]", - }, - } - require.Equal(t, expectedErr, findings) - require.Len(t, findings, 1) - }) - - t.Run("Wrap standalone numbers in bracket", func(t *testing.T) { - t.Parallel() - input := "components12.12.import.path" - expected := ".components12.[12].import.path" - actual := makeFieldPathYqCompat(input) - require.Equal(t, expected, actual) - }) - - t.Run("root doesn't change", func(t *testing.T) { - t.Parallel() - input := "(root)" - actual := makeFieldPathYqCompat(input) - require.Equal(t, input, actual) - }) - - t.Run("Test composable components with bad path", func(t *testing.T) { - t.Parallel() - zarfPackage := types.ZarfPackage{ - Components: []types.ZarfComponent{ - { - Import: types.ZarfComponentImport{Path: "bad-path"}, - }, - }, - Metadata: types.ZarfMetadata{Name: "test-zarf-package"}, - } - - createOpts := types.ZarfCreateOptions{Flavor: "", BaseDir: "."} - _, err := lintComponents(context.Background(), zarfPackage, createOpts) - require.Error(t, err) - }) - - t.Run("isImagePinned", func(t *testing.T) { - t.Parallel() - tests := []struct { - input string - expected bool - err error - }{ - { - input: "registry.com:8080/defenseunicorns/whatever", - expected: false, - err: nil, - }, - { - input: "ghcr.io/defenseunicorns/pepr/controller:v0.15.0", - expected: false, - err: nil, - }, - { - input: "busybox:latest@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79", - expected: true, - err: nil, - }, - { - input: "busybox:bad/image", - expected: false, - err: errors.New("invalid reference format"), - }, - { - input: "busybox:###ZARF_PKG_TMPL_BUSYBOX_IMAGE###", - expected: true, - err: nil, - }, - { - input: "ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.sig", - expected: true, - err: nil, - }, - { - input: "ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.att", - expected: true, - err: nil, - }, - } - for _, tc := range tests { - t.Run(tc.input, func(t *testing.T) { - actual, err := isPinnedImage(tc.input) - if err != nil { - require.EqualError(t, err, tc.err.Error()) - } - require.Equal(t, tc.expected, actual) - }) - } - }) -} diff --git a/src/pkg/packager/mirror.go b/src/pkg/packager/mirror.go index 9cafe38f58..9e61604144 100644 --- a/src/pkg/packager/mirror.go +++ b/src/pkg/packager/mirror.go @@ -10,6 +10,7 @@ import ( "runtime" "strings" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/filters" @@ -54,7 +55,7 @@ func (p *Packager) Mirror(ctx context.Context) error { } // mirrorComponent mirrors a Zarf Component. -func (p *Packager) mirrorComponent(ctx context.Context, component types.ZarfComponent) error { +func (p *Packager) mirrorComponent(ctx context.Context, component v1alpha1.ZarfComponent) error { componentPaths := p.layout.Components.Dirs[component.Name] // All components now require a name diff --git a/src/pkg/packager/prepare.go b/src/pkg/packager/prepare.go index 2b888c3966..d007e862bd 100644 --- a/src/pkg/packager/prepare.go +++ b/src/pkg/packager/prepare.go @@ -17,6 +17,7 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/google/go-containerregistry/pkg/crane" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/internal/packager/images" @@ -118,7 +119,6 @@ func (p *Packager) findImages(ctx context.Context) (imgMap map[string][]string, } for _, component := range p.cfg.Pkg.Components { - if len(component.Charts)+len(component.Manifests)+len(component.Repos) < 1 { // Skip if it doesn't have what we need continue @@ -137,7 +137,7 @@ func (p *Packager) findImages(ctx context.Context) (imgMap map[string][]string, repoHelmChartPath = strings.TrimPrefix(repoHelmChartPath, "/") // If a repo helm chart path is specified, - component.Charts = append(component.Charts, types.ZarfChart{ + component.Charts = append(component.Charts, v1alpha1.ZarfChart{ Name: repo, URL: matches[0], Version: matches[1], @@ -163,7 +163,6 @@ func (p *Packager) findImages(ctx context.Context) (imgMap map[string][]string, } for _, chart := range component.Charts { - helmCfg := helm.New( chart, componentPaths.Charts, @@ -233,7 +232,7 @@ func (p *Packager) findImages(ctx context.Context) (imgMap map[string][]string, if helpers.IsURL(f) { mname := fmt.Sprintf("manifest-%s-%d.yaml", manifest.Name, idx) destination := filepath.Join(componentPaths.Manifests, mname) - if err := utils.DownloadToFile(f, destination, component.DeprecatedCosignKeyPath); err != nil { + if err := utils.DownloadToFile(ctx, f, destination, component.DeprecatedCosignKeyPath); err != nil { return nil, fmt.Errorf(lang.ErrDownloading, f, err.Error()) } f = destination @@ -257,8 +256,7 @@ func (p *Packager) findImages(ctx context.Context) (imgMap map[string][]string, } // Break the manifest into separate resources - contentString := string(contents) - message.Debugf("%s", contentString) + // TODO: Do not dogsled error yamls, _ := utils.SplitYAML(contents) resources = append(resources, yamls...) diff --git a/src/pkg/packager/publish.go b/src/pkg/packager/publish.go index bf664f2739..94fdee63c2 100644 --- a/src/pkg/packager/publish.go +++ b/src/pkg/packager/publish.go @@ -13,6 +13,7 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/defenseunicorns/pkg/oci" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" @@ -21,7 +22,6 @@ import ( "github.com/zarf-dev/zarf/src/pkg/packager/sources" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/zoci" - "github.com/zarf-dev/zarf/src/types" ) // Publish publishes the package to a registry @@ -107,13 +107,13 @@ func (p *Packager) Publish(ctx context.Context) (err error) { } if p.cfg.CreateOpts.IsSkeleton { message.Title("How to import components from this skeleton:", "") - ex := []types.ZarfComponent{} + ex := []v1alpha1.ZarfComponent{} for _, c := range p.cfg.Pkg.Components { - ex = append(ex, types.ZarfComponent{ + ex = append(ex, v1alpha1.ZarfComponent{ Name: fmt.Sprintf("import-%s", c.Name), - Import: types.ZarfComponentImport{ - ComponentName: c.Name, - URL: helpers.OCIURLPrefix + remote.Repo().Reference.String(), + Import: v1alpha1.ZarfComponentImport{ + Name: c.Name, + URL: helpers.OCIURLPrefix + remote.Repo().Reference.String(), }, }) } diff --git a/src/pkg/packager/remove.go b/src/pkg/packager/remove.go index dbfbf7d690..4edcdd5b05 100644 --- a/src/pkg/packager/remove.go +++ b/src/pkg/packager/remove.go @@ -18,6 +18,7 @@ import ( kerrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/internal/packager/helm" "github.com/zarf-dev/zarf/src/pkg/cluster" @@ -163,18 +164,18 @@ func (p *Packager) updatePackageSecret(ctx context.Context, deployedPackage type func (p *Packager) removeComponent(ctx context.Context, deployedPackage *types.DeployedPackage, deployedComponent types.DeployedComponent, spinner *message.Spinner) (*types.DeployedPackage, error) { components := deployedPackage.Data.Components - c := helpers.Find(components, func(t types.ZarfComponent) bool { + c := helpers.Find(components, func(t v1alpha1.ZarfComponent) bool { return t.Name == deployedComponent.Name }) onRemove := c.Actions.OnRemove onFailure := func() { - if err := actions.Run(onRemove.Defaults, onRemove.OnFailure, nil); err != nil { + if err := actions.Run(ctx, onRemove.Defaults, onRemove.OnFailure, nil); err != nil { message.Debugf("Unable to run the failure action: %s", err) } } - if err := actions.Run(onRemove.Defaults, onRemove.Before, nil); err != nil { + if err := actions.Run(ctx, onRemove.Defaults, onRemove.Before, nil); err != nil { onFailure() return nil, fmt.Errorf("unable to run the before action for component (%s): %w", c.Name, err) } @@ -206,12 +207,12 @@ func (p *Packager) removeComponent(ctx context.Context, deployedPackage *types.D } } - if err := actions.Run(onRemove.Defaults, onRemove.After, nil); err != nil { + if err := actions.Run(ctx, onRemove.Defaults, onRemove.After, nil); err != nil { onFailure() return deployedPackage, fmt.Errorf("unable to run the after action: %w", err) } - if err := actions.Run(onRemove.Defaults, onRemove.OnSuccess, nil); err != nil { + if err := actions.Run(ctx, onRemove.Defaults, onRemove.OnSuccess, nil); err != nil { onFailure() return deployedPackage, fmt.Errorf("unable to run the success action: %w", err) } diff --git a/src/pkg/packager/sources/cluster.go b/src/pkg/packager/sources/cluster.go index bd671120e8..ea45b254dd 100644 --- a/src/pkg/packager/sources/cluster.go +++ b/src/pkg/packager/sources/cluster.go @@ -9,6 +9,7 @@ import ( "fmt" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/packager/filters" @@ -23,7 +24,7 @@ var ( // NewClusterSource creates a new cluster source. func NewClusterSource(pkgOpts *types.ZarfPackageOptions) (PackageSource, error) { - if !types.IsLowercaseNumberHyphenNoStartHyphen(pkgOpts.PackageSource) { + if !v1alpha1.IsLowercaseNumberHyphenNoStartHyphen(pkgOpts.PackageSource) { return nil, fmt.Errorf("invalid package name %q", pkgOpts.PackageSource) } @@ -46,8 +47,8 @@ type ClusterSource struct { // LoadPackage loads a package from a cluster. // // This is not implemented. -func (s *ClusterSource) LoadPackage(_ context.Context, _ *layout.PackagePaths, _ filters.ComponentFilterStrategy, _ bool) (types.ZarfPackage, []string, error) { - return types.ZarfPackage{}, nil, fmt.Errorf("not implemented") +func (s *ClusterSource) LoadPackage(_ context.Context, _ *layout.PackagePaths, _ filters.ComponentFilterStrategy, _ bool) (v1alpha1.ZarfPackage, []string, error) { + return v1alpha1.ZarfPackage{}, nil, fmt.Errorf("not implemented") } // Collect collects a package from a cluster. @@ -58,14 +59,14 @@ func (s *ClusterSource) Collect(_ context.Context, _ string) (string, error) { } // LoadPackageMetadata loads package metadata from a cluster. -func (s *ClusterSource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, _ bool, _ bool) (types.ZarfPackage, []string, error) { +func (s *ClusterSource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, _ bool, _ bool) (v1alpha1.ZarfPackage, []string, error) { dpkg, err := s.GetDeployedPackage(ctx, s.PackageSource) if err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } if err := utils.WriteYaml(dst.ZarfYAML, dpkg.Data, helpers.ReadUser); err != nil { - return types.ZarfPackage{}, nil, err + return v1alpha1.ZarfPackage{}, nil, err } return dpkg.Data, nil, nil diff --git a/src/pkg/packager/sources/new.go b/src/pkg/packager/sources/new.go index 9018632085..65d0af6762 100644 --- a/src/pkg/packager/sources/new.go +++ b/src/pkg/packager/sources/new.go @@ -12,9 +12,9 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/defenseunicorns/pkg/oci" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" - "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/filters" "github.com/zarf-dev/zarf/src/pkg/zoci" "github.com/zarf-dev/zarf/src/types" @@ -31,10 +31,10 @@ import ( // `sources.ValidatePackageSignature` and `sources.ValidatePackageIntegrity` can be leveraged for this purpose. type PackageSource interface { // LoadPackage loads a package from a source. - LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg types.ZarfPackage, warnings []string, err error) + LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) // LoadPackageMetadata loads a package's metadata from a source. - LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg types.ZarfPackage, warnings []string, err error) + LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) // Collect relocates a package from its source to a tarball in a given destination directory. Collect(ctx context.Context, destinationDirectory string) (tarball string, err error) @@ -85,7 +85,5 @@ func New(pkgOpts *types.ZarfPackageOptions) (PackageSource, error) { return nil, fmt.Errorf("could not identify source type for %q", pkgSrc) } - message.Debugf("Using %T for %q", source, pkgSrc) - return source, nil } diff --git a/src/pkg/packager/sources/new_test.go b/src/pkg/packager/sources/new_test.go index a1a495b3ca..9ae3147168 100644 --- a/src/pkg/packager/sources/new_test.go +++ b/src/pkg/packager/sources/new_test.go @@ -17,6 +17,7 @@ import ( "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/packager/filters" "github.com/zarf-dev/zarf/src/types" @@ -117,7 +118,7 @@ func TestPackageSource(t *testing.T) { b, err := os.ReadFile("./testdata/expected-pkg.json") require.NoError(t, err) - expectedPkg := types.ZarfPackage{} + expectedPkg := v1alpha1.ZarfPackage{} err = json.Unmarshal(b, &expectedPkg) require.NoError(t, err) diff --git a/src/pkg/packager/sources/oci.go b/src/pkg/packager/sources/oci.go index 99a98137fc..8bf6d6d1a6 100644 --- a/src/pkg/packager/sources/oci.go +++ b/src/pkg/packager/sources/oci.go @@ -13,6 +13,7 @@ import ( "strings" "github.com/mholt/archiver/v3" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" @@ -34,9 +35,7 @@ type OCISource struct { } // LoadPackage loads a package from an OCI registry. -func (s *OCISource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg types.ZarfPackage, warnings []string, err error) { - message.Debugf("Loading package from %q", s.PackageSource) - +func (s *OCISource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { pkg, err = s.FetchZarfYAML(ctx) if err != nil { return pkg, nil, err @@ -80,7 +79,7 @@ func (s *OCISource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, f spinner.Success() - if err := ValidatePackageSignature(dst, s.PublicKeyPath); err != nil { + if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { return pkg, nil, err } } @@ -88,7 +87,7 @@ func (s *OCISource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, f if unarchiveAll { for _, component := range pkg.Components { if err := dst.Components.Unarchive(component); err != nil { - if layout.IsNotLoaded(err) { + if errors.Is(err, layout.ErrNotLoaded) { _, err := dst.Components.Create(component) if err != nil { return pkg, nil, err @@ -110,7 +109,7 @@ func (s *OCISource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, f } // LoadPackageMetadata loads a package's metadata from an OCI registry. -func (s *OCISource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg types.ZarfPackage, warnings []string, err error) { +func (s *OCISource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { toPull := zoci.PackageAlwaysPull if wantSBOM { toPull = append(toPull, layout.SBOMTar) @@ -142,7 +141,7 @@ func (s *OCISource) LoadPackageMetadata(ctx context.Context, dst *layout.Package spinner.Success() } - if err := ValidatePackageSignature(dst, s.PublicKeyPath); err != nil { + if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { if errors.Is(err, ErrPkgSigButNoKey) && skipValidation { message.Warn("The package was signed but no public key was provided, skipping signature validation") } else { @@ -176,7 +175,7 @@ func (s *OCISource) Collect(ctx context.Context, dir string) (string, error) { loaded := layout.New(tmp) loaded.SetFromLayers(fetched) - var pkg types.ZarfPackage + var pkg v1alpha1.ZarfPackage if err := utils.ReadYaml(loaded.ZarfYAML, &pkg); err != nil { return "", err diff --git a/src/pkg/packager/sources/split.go b/src/pkg/packager/sources/split.go index 473aa0008a..f4f97a25a6 100644 --- a/src/pkg/packager/sources/split.go +++ b/src/pkg/packager/sources/split.go @@ -15,6 +15,7 @@ import ( "strings" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/filters" @@ -36,7 +37,7 @@ func (s *SplitTarballSource) Collect(_ context.Context, dir string) (string, err pattern := strings.Replace(s.PackageSource, ".part000", ".part*", 1) fileList, err := filepath.Glob(pattern) if err != nil { - return "", fmt.Errorf("unable to find split tarball files: %s", err) + return "", fmt.Errorf("unable to find split tarball files: %w", err) } // Ensure the files are in order so they are appended in the correct order @@ -46,7 +47,7 @@ func (s *SplitTarballSource) Collect(_ context.Context, dir string) (string, err // Create the new package pkgFile, err := os.Create(reassembled) if err != nil { - return "", fmt.Errorf("unable to create new package file: %s", err) + return "", fmt.Errorf("unable to create new package file: %w", err) } defer pkgFile.Close() @@ -110,7 +111,7 @@ func (s *SplitTarballSource) Collect(_ context.Context, dir string) (string, err } // LoadPackage loads a package from a split tarball. -func (s *SplitTarballSource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg types.ZarfPackage, warnings []string, err error) { +func (s *SplitTarballSource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { tb, err := s.Collect(ctx, filepath.Dir(s.PackageSource)) if err != nil { return pkg, nil, err @@ -128,7 +129,7 @@ func (s *SplitTarballSource) LoadPackage(ctx context.Context, dst *layout.Packag } // LoadPackageMetadata loads a package's metadata from a split tarball. -func (s *SplitTarballSource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg types.ZarfPackage, warnings []string, err error) { +func (s *SplitTarballSource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { tb, err := s.Collect(ctx, filepath.Dir(s.PackageSource)) if err != nil { return pkg, nil, err diff --git a/src/pkg/packager/sources/tarball.go b/src/pkg/packager/sources/tarball.go index b99253c0a5..db1b2ed01a 100644 --- a/src/pkg/packager/sources/tarball.go +++ b/src/pkg/packager/sources/tarball.go @@ -15,6 +15,7 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/mholt/archiver/v3" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/filters" @@ -33,7 +34,7 @@ type TarballSource struct { } // LoadPackage loads a package from a tarball. -func (s *TarballSource) LoadPackage(_ context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg types.ZarfPackage, warnings []string, err error) { +func (s *TarballSource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { spinner := message.NewProgressSpinner("Loading package from %q", s.PackageSource) defer spinner.Stop() @@ -106,7 +107,7 @@ func (s *TarballSource) LoadPackage(_ context.Context, dst *layout.PackagePaths, spinner.Success() - if err := ValidatePackageSignature(dst, s.PublicKeyPath); err != nil { + if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { return pkg, nil, err } } @@ -114,7 +115,7 @@ func (s *TarballSource) LoadPackage(_ context.Context, dst *layout.PackagePaths, if unarchiveAll { for _, component := range pkg.Components { if err := dst.Components.Unarchive(component); err != nil { - if layout.IsNotLoaded(err) { + if errors.Is(err, layout.ErrNotLoaded) { _, err := dst.Components.Create(component) if err != nil { return pkg, nil, err @@ -138,7 +139,7 @@ func (s *TarballSource) LoadPackage(_ context.Context, dst *layout.PackagePaths, } // LoadPackageMetadata loads a package's metadata from a tarball. -func (s *TarballSource) LoadPackageMetadata(_ context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg types.ZarfPackage, warnings []string, err error) { +func (s *TarballSource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { if s.Shasum != "" { if err := helpers.SHAsMatch(s.PackageSource, s.Shasum); err != nil { return pkg, nil, err @@ -184,7 +185,7 @@ func (s *TarballSource) LoadPackageMetadata(_ context.Context, dst *layout.Packa spinner.Success() } - if err := ValidatePackageSignature(dst, s.PublicKeyPath); err != nil { + if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { if errors.Is(err, ErrPkgSigButNoKey) && skipValidation { message.Warn("The package was signed but no public key was provided, skipping signature validation") } else { diff --git a/src/pkg/packager/sources/url.go b/src/pkg/packager/sources/url.go index 02fc785d81..dd4aa05ff5 100644 --- a/src/pkg/packager/sources/url.go +++ b/src/pkg/packager/sources/url.go @@ -12,6 +12,7 @@ import ( "strings" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/packager/filters" @@ -30,7 +31,7 @@ type URLSource struct { } // Collect downloads a package from the source URL. -func (s *URLSource) Collect(_ context.Context, dir string) (string, error) { +func (s *URLSource) Collect(ctx context.Context, dir string) (string, error) { if !config.CommonOptions.Insecure && s.Shasum == "" && !strings.HasPrefix(s.PackageSource, helpers.SGETURLPrefix) { return "", fmt.Errorf("remote package provided without a shasum, use --insecure to ignore, or provide one w/ --shasum") } @@ -43,7 +44,7 @@ func (s *URLSource) Collect(_ context.Context, dir string) (string, error) { dstTarball := filepath.Join(dir, "zarf-package-url-unknown") - if err := utils.DownloadToFile(packageURL, dstTarball, s.SGetKeyPath); err != nil { + if err := utils.DownloadToFile(ctx, packageURL, dstTarball, s.SGetKeyPath); err != nil { return "", err } @@ -51,7 +52,7 @@ func (s *URLSource) Collect(_ context.Context, dir string) (string, error) { } // LoadPackage loads a package from an http, https or sget URL. -func (s *URLSource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg types.ZarfPackage, warnings []string, err error) { +func (s *URLSource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { tmp, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) if err != nil { return pkg, nil, err @@ -75,7 +76,7 @@ func (s *URLSource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, f } // LoadPackageMetadata loads a package's metadata from an http, https or sget URL. -func (s *URLSource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg types.ZarfPackage, warnings []string, err error) { +func (s *URLSource) LoadPackageMetadata(ctx context.Context, dst *layout.PackagePaths, wantSBOM bool, skipValidation bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { tmp, err := utils.MakeTempDir(config.CommonOptions.TempDirectory) if err != nil { return pkg, nil, err diff --git a/src/pkg/packager/sources/utils.go b/src/pkg/packager/sources/utils.go index bb2e3227d9..0e3f455c55 100644 --- a/src/pkg/packager/sources/utils.go +++ b/src/pkg/packager/sources/utils.go @@ -14,10 +14,10 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" goyaml "github.com/goccy/go-yaml" "github.com/mholt/archiver/v3" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/zoci" - "github.com/zarf-dev/zarf/src/types" ) // GetValidPackageExtensions returns the valid package extensions. @@ -79,7 +79,7 @@ func identifyUnknownTarball(path string) (string, error) { // RenameFromMetadata renames a tarball based on its metadata. func RenameFromMetadata(path string) (string, error) { - var pkg types.ZarfPackage + var pkg v1alpha1.ZarfPackage ext := filepath.Ext(path) if ext == "" { @@ -123,7 +123,7 @@ func RenameFromMetadata(path string) (string, error) { } // NameFromMetadata generates a name from a package's metadata. -func NameFromMetadata(pkg *types.ZarfPackage, isSkeleton bool) string { +func NameFromMetadata(pkg *v1alpha1.ZarfPackage, isSkeleton bool) string { var name string arch := config.GetArch(pkg.Metadata.Architecture, pkg.Build.Architecture) @@ -133,9 +133,9 @@ func NameFromMetadata(pkg *types.ZarfPackage, isSkeleton bool) string { } switch pkg.Kind { - case types.ZarfInitConfig: + case v1alpha1.ZarfInitConfig: name = fmt.Sprintf("zarf-init-%s", arch) - case types.ZarfPackageConfig: + case v1alpha1.ZarfPackageConfig: name = fmt.Sprintf("zarf-package-%s-%s", pkg.Metadata.Name, arch) default: name = fmt.Sprintf("zarf-%s-%s", strings.ToLower(string(pkg.Kind)), arch) diff --git a/src/pkg/packager/sources/validate.go b/src/pkg/packager/sources/validate.go index 427d05708a..1c7914ea69 100644 --- a/src/pkg/packager/sources/validate.go +++ b/src/pkg/packager/sources/validate.go @@ -6,6 +6,7 @@ package sources import ( "bufio" + "context" "errors" "fmt" "io/fs" @@ -28,7 +29,7 @@ var ( ) // ValidatePackageSignature validates the signature of a package -func ValidatePackageSignature(paths *layout.PackagePaths, publicKeyPath string) error { +func ValidatePackageSignature(ctx context.Context, paths *layout.PackagePaths, publicKeyPath string) error { // If the insecure flag was provided ignore the signature validation if config.CommonOptions.Insecure { return nil @@ -52,7 +53,7 @@ func ValidatePackageSignature(paths *layout.PackagePaths, publicKeyPath string) } // Validate the signature with the key we were provided - if err := utils.CosignVerifyBlob(paths.ZarfYAML, paths.Signature, publicKeyPath); err != nil { + if err := utils.CosignVerifyBlob(ctx, paths.ZarfYAML, paths.Signature, publicKeyPath); err != nil { return fmt.Errorf("package signature did not match the provided key: %w", err) } diff --git a/src/pkg/utils/bytes.go b/src/pkg/utils/bytes.go index 032cc65334..7dd159b91f 100644 --- a/src/pkg/utils/bytes.go +++ b/src/pkg/utils/bytes.go @@ -60,7 +60,6 @@ func ByteFormat(inputNum float64, precision int) string { // RenderProgressBarForLocalDirWrite creates a progress bar that continuously tracks the progress of writing files to a local directory and all of its subdirectories. // NOTE: This function runs infinitely until either completeChan or errChan is triggered, this function should be run in a goroutine while a different thread/process is writing to the directory. func RenderProgressBarForLocalDirWrite(filepath string, expectedTotal int64, completeChan chan error, updateText string, successText string) { - // Create a progress bar title := fmt.Sprintf("%s (%s of %s)", updateText, ByteFormat(float64(0), 2), ByteFormat(float64(expectedTotal), 2)) progressBar := message.NewProgressBar(expectedTotal, title) diff --git a/src/pkg/utils/cosign.go b/src/pkg/utils/cosign.go index ae8e553cda..eb16d6159f 100644 --- a/src/pkg/utils/cosign.go +++ b/src/pkg/utils/cosign.go @@ -179,7 +179,7 @@ func Sget(ctx context.Context, image, key string, out io.Writer) error { } // CosignVerifyBlob verifies the zarf.yaml.sig was signed with the key provided by the flag -func CosignVerifyBlob(blobRef string, sigRef string, keyPath string) error { +func CosignVerifyBlob(ctx context.Context, blobRef string, sigRef string, keyPath string) error { keyOptions := options.KeyOpts{KeyRef: keyPath} cmd := &verify.VerifyBlobCmd{ KeyOpts: keyOptions, @@ -188,7 +188,7 @@ func CosignVerifyBlob(blobRef string, sigRef string, keyPath string) error { Offline: true, IgnoreTlog: true, } - err := cmd.Exec(context.TODO(), blobRef) + err := cmd.Exec(ctx, blobRef) if err == nil { message.Successf("Package signature validated!") } diff --git a/src/pkg/utils/exec/exec.go b/src/pkg/utils/exec/exec.go index a3957edd31..4ac90b6a92 100644 --- a/src/pkg/utils/exec/exec.go +++ b/src/pkg/utils/exec/exec.go @@ -42,12 +42,12 @@ func PrintCfg() Config { // Cmd executes a given command with given config. func Cmd(command string, args ...string) (string, string, error) { - return CmdWithContext(context.TODO(), Config{}, command, args...) + return CmdWithContext(context.Background(), Config{}, command, args...) } // CmdWithPrint executes a given command with given config and prints the command. func CmdWithPrint(command string, args ...string) error { - _, _, err := CmdWithContext(context.TODO(), PrintCfg(), command, args...) + _, _, err := CmdWithContext(context.Background(), PrintCfg(), command, args...) return err } diff --git a/src/pkg/utils/image.go b/src/pkg/utils/image.go index 828fea84ad..3756a759e1 100644 --- a/src/pkg/utils/image.go +++ b/src/pkg/utils/image.go @@ -35,7 +35,6 @@ func LoadOCIImage(imgPath string, refInfo transform.Image) (v1.Image, error) { if manifest.Annotations[ocispec.AnnotationBaseImageName] == refInfo.Reference || // A backwards compatibility shim for older Zarf versions that would leave docker.io off of image annotations (manifest.Annotations[ocispec.AnnotationBaseImageName] == refInfo.Path+refInfo.TagOrDigest && refInfo.Host == "docker.io") { - // This is the image we are looking for, load it and then return return layoutPath.Image(manifest.Digest) } diff --git a/src/pkg/utils/io.go b/src/pkg/utils/io.go index 06885d623a..7edee56422 100755 --- a/src/pkg/utils/io.go +++ b/src/pkg/utils/io.go @@ -11,7 +11,6 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/config" - "github.com/zarf-dev/zarf/src/pkg/message" ) const ( @@ -25,14 +24,10 @@ func MakeTempDir(basePath string) (string, error) { return "", err } } - tmp, err := os.MkdirTemp(basePath, tmpPathPrefix) if err != nil { return "", err } - - message.Debug("Using temporary directory:", tmp) - return tmp, nil } diff --git a/src/pkg/utils/network.go b/src/pkg/utils/network.go index e17c086161..be0b80a2ed 100644 --- a/src/pkg/utils/network.go +++ b/src/pkg/utils/network.go @@ -39,8 +39,7 @@ func parseChecksum(src string) (string, string, error) { } // DownloadToFile downloads a given URL to the target filepath (including the cosign key if necessary). -func DownloadToFile(src string, dst string, cosignKeyPath string) (err error) { - message.Debugf("Downloading %s to %s", src, dst) +func DownloadToFile(ctx context.Context, src string, dst string, cosignKeyPath string) (err error) { // check if the parsed URL has a checksum // if so, remove it and use the checksum to validate the file src, checksum, err := parseChecksum(src) @@ -66,7 +65,7 @@ func DownloadToFile(src string, dst string, cosignKeyPath string) (err error) { } // If the source url starts with the sget protocol use that, otherwise do a typical GET call if parsed.Scheme == helpers.SGETURLScheme { - err = Sget(context.TODO(), src, cosignKeyPath, file) + err = Sget(ctx, src, cosignKeyPath, file) if err != nil { return fmt.Errorf("unable to download file with sget: %s: %w", src, err) } diff --git a/src/pkg/utils/network_test.go b/src/pkg/utils/network_test.go index d2357f907d..02e308f170 100644 --- a/src/pkg/utils/network_test.go +++ b/src/pkg/utils/network_test.go @@ -13,6 +13,8 @@ import ( "strings" "testing" + "github.com/zarf-dev/zarf/src/test/testutil" + "github.com/stretchr/testify/require" "github.com/defenseunicorns/pkg/helpers/v2" @@ -136,7 +138,7 @@ func TestDownloadToFile(t *testing.T) { } fmt.Println(src) dst := filepath.Join(t.TempDir(), tt.fileName) - err := DownloadToFile(src, dst, "") + err := DownloadToFile(testutil.TestContext(t), src, dst, "") if tt.expectedErr != "" { require.ErrorContains(t, err, tt.expectedErr) return diff --git a/src/pkg/utils/wait.go b/src/pkg/utils/wait.go index fd2d7f1422..a6727d9e35 100644 --- a/src/pkg/utils/wait.go +++ b/src/pkg/utils/wait.go @@ -153,10 +153,8 @@ func waitForNetworkEndpoint(resource, name, condition string, timeout time.Durat select { case <-expired: return errors.New("wait timed out") - default: switch resource { - case "http", "https": // Handle HTTP and HTTPS endpoints. url := fmt.Sprintf("%s://%s", resource, name) @@ -191,7 +189,6 @@ func waitForNetworkEndpoint(resource, name, condition string, timeout time.Durat message.Debug(err) continue } - default: // Fallback to any generic protocol using net.Dial conn, err := net.Dial(resource, name) diff --git a/src/pkg/utils/yaml.go b/src/pkg/utils/yaml.go index 5f86202970..f3fdaa53b7 100644 --- a/src/pkg/utils/yaml.go +++ b/src/pkg/utils/yaml.go @@ -8,6 +8,7 @@ package utils import ( "bytes" + "errors" "fmt" "io" "io/fs" @@ -196,7 +197,7 @@ func SplitYAML(yamlData []byte) ([]*unstructured.Unstructured, error) { for _, yml := range ymls { u := &unstructured.Unstructured{} if err := k8syaml.Unmarshal([]byte(yml), u); err != nil { - return objs, fmt.Errorf("failed to unmarshal manifest: %#v", err) + return objs, fmt.Errorf("failed to unmarshal manifest: %w", err) } objs = append(objs, u) } @@ -216,10 +217,10 @@ func SplitYAMLToString(yamlData []byte) ([]string, error) { for { ext := runtime.RawExtension{} if err := d.Decode(&ext); err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { break } - return objs, fmt.Errorf("failed to unmarshal manifest: %#v", err) + return objs, fmt.Errorf("failed to unmarshal manifest: %w", err) } ext.Raw = bytes.TrimSpace(ext.Raw) if len(ext.Raw) == 0 || bytes.Equal(ext.Raw, []byte("null")) { diff --git a/src/pkg/variables/types.go b/src/pkg/variables/types.go index 3fb8d18d80..6b3be2863b 100644 --- a/src/pkg/variables/types.go +++ b/src/pkg/variables/types.go @@ -29,52 +29,52 @@ var ( // Variable represents a variable that has a value set programmatically type Variable struct { - Name string `json:"name" jsonschema:"description=The name to be used for the variable,pattern=^[A-Z0-9_]+$"` - Sensitive bool `json:"sensitive,omitempty" jsonschema:"description=Whether to mark this variable as sensitive to not print it in the log"` - AutoIndent bool `json:"autoIndent,omitempty" jsonschema:"description=Whether to automatically indent the variable's value (if multiline) when templating. Based on the number of chars before the start of ###ZARF_VAR_."` - Pattern string `json:"pattern,omitempty" jsonschema:"description=An optional regex pattern that a variable value must match before a package deployment can continue."` - Type VariableType `json:"type,omitempty" jsonschema:"description=Changes the handling of a variable to load contents differently (i.e. from a file rather than as a raw variable - templated files should be kept below 1 MiB),enum=raw,enum=file"` + // The name to be used for the variable + Name string `json:"name" jsonschema:"pattern=^[A-Z0-9_]+$"` + // Whether to mark this variable as sensitive to not print it in the log + Sensitive bool `json:"sensitive,omitempty"` + // Whether to automatically indent the variable's value (if multiline) when templating. Based on the number of chars before the start of ###ZARF_VAR_. + AutoIndent bool `json:"autoIndent,omitempty"` + // An optional regex pattern that a variable value must match before a package deployment can continue. + Pattern string `json:"pattern,omitempty"` + // Changes the handling of a variable to load contents differently (i.e. from a file rather than as a raw variable - templated files should be kept below 1 MiB) + Type VariableType `json:"type,omitempty" jsonschema:"enum=raw,enum=file"` } // InteractiveVariable is a variable that can be used to prompt a user for more information type InteractiveVariable struct { - Variable `json:",inline"` - Description string `json:"description,omitempty" jsonschema:"description=A description of the variable to be used when prompting the user a value"` - Default string `json:"default,omitempty" jsonschema:"description=The default value to use for the variable"` - Prompt bool `json:"prompt,omitempty" jsonschema:"description=Whether to prompt the user for input for this variable"` + Variable `json:",inline"` + // A description of the variable to be used when prompting the user a value + Description string `json:"description,omitempty"` + // The default value to use for the variable + Default string `json:"default,omitempty"` + // Whether to prompt the user for input for this variable + Prompt bool `json:"prompt,omitempty"` } // Constant are constants that can be used to dynamically template K8s resources or run in actions. type Constant struct { - Name string `json:"name" jsonschema:"description=The name to be used for the constant,pattern=^[A-Z0-9_]+$"` - Value string `json:"value" jsonschema:"description=The value to set for the constant during deploy"` - // Include a description that will only be displayed during package create/deploy confirm prompts - Description string `json:"description,omitempty" jsonschema:"description=A description of the constant to explain its purpose on package create or deploy confirmation prompts"` - AutoIndent bool `json:"autoIndent,omitempty" jsonschema:"description=Whether to automatically indent the variable's value (if multiline) when templating. Based on the number of chars before the start of ###ZARF_CONST_."` - Pattern string `json:"pattern,omitempty" jsonschema:"description=An optional regex pattern that a constant value must match before a package can be created."` + // The name to be used for the constant + Name string `json:"name" jsonschema:"pattern=^[A-Z0-9_]+$"` + // The value to set for the constant during deploy + Value string `json:"value"` + // A description of the constant to explain its purpose on package create or deploy confirmation prompts + Description string `json:"description,omitempty"` + // Whether to automatically indent the variable's value (if multiline) when templating. Based on the number of chars before the start of ###ZARF_CONST_. + AutoIndent bool `json:"autoIndent,omitempty"` + // An optional regex pattern that a constant value must match before a package can be created. + Pattern string `json:"pattern,omitempty"` } // SetVariable tracks internal variables that have been set during this run of Zarf type SetVariable struct { Variable `json:",inline"` - Value string `json:"value" jsonschema:"description=The value the variable is currently set with"` -} - -// Validate runs all validation checks on a package variable. -func (v Variable) Validate() error { - if !IsUppercaseNumberUnderscore(v.Name) { - return fmt.Errorf(lang.PkgValidateMustBeUppercase, v.Name) - } - return nil + // The value the variable is currently set with + Value string `json:"value"` } // Validate runs all validation checks on a package constant. func (c Constant) Validate() error { - // ensure the constant name is only capitals and underscores - if !IsUppercaseNumberUnderscore(c.Name) { - return fmt.Errorf(lang.PkgValidateErrPkgConstantName, c.Name) - } - if !regexp.MustCompile(c.Pattern).MatchString(c.Value) { return fmt.Errorf(lang.PkgValidateErrPkgConstantPattern, c.Name, c.Pattern) } diff --git a/src/pkg/zoci/copier.go b/src/pkg/zoci/copier.go index 74c8636a74..f1564bfaed 100644 --- a/src/pkg/zoci/copier.go +++ b/src/pkg/zoci/copier.go @@ -17,7 +17,6 @@ import ( // CopyPackage copies a zarf package from one OCI registry to another func CopyPackage(ctx context.Context, src *Remote, dst *Remote, concurrency int) error { - srcManifest, err := src.FetchRoot(ctx) if err != nil { return err diff --git a/src/pkg/zoci/fetch.go b/src/pkg/zoci/fetch.go index 3a2d04bb9f..923e3d7c24 100644 --- a/src/pkg/zoci/fetch.go +++ b/src/pkg/zoci/fetch.go @@ -9,17 +9,17 @@ import ( "github.com/defenseunicorns/pkg/oci" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" - "github.com/zarf-dev/zarf/src/types" ) // FetchZarfYAML fetches the zarf.yaml file from the remote repository. -func (r *Remote) FetchZarfYAML(ctx context.Context) (pkg types.ZarfPackage, err error) { +func (r *Remote) FetchZarfYAML(ctx context.Context) (pkg v1alpha1.ZarfPackage, err error) { manifest, err := r.FetchRoot(ctx) if err != nil { return pkg, err } - return oci.FetchYAMLFile[types.ZarfPackage](ctx, r.FetchLayer, manifest, layout.ZarfYAML) + return oci.FetchYAMLFile[v1alpha1.ZarfPackage](ctx, r.FetchLayer, manifest, layout.ZarfYAML) } // FetchImagesIndex fetches the images/index.json file from the remote repository. diff --git a/src/pkg/zoci/pull.go b/src/pkg/zoci/pull.go index c74e66588d..9fd76e9ccc 100644 --- a/src/pkg/zoci/pull.go +++ b/src/pkg/zoci/pull.go @@ -12,10 +12,10 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/defenseunicorns/pkg/oci" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" "oras.land/oras-go/v2/content/file" ) @@ -76,7 +76,7 @@ func (r *Remote) PullPackage(ctx context.Context, destinationDir string, concurr // LayersFromRequestedComponents returns the descriptors for the given components from the root manifest. // // It also retrieves the descriptors for all image layers that are required by the components. -func (r *Remote) LayersFromRequestedComponents(ctx context.Context, requestedComponents []types.ZarfComponent) (layers []ocispec.Descriptor, err error) { +func (r *Remote) LayersFromRequestedComponents(ctx context.Context, requestedComponents []v1alpha1.ZarfComponent) (layers []ocispec.Descriptor, err error) { root, err := r.FetchRoot(ctx) if err != nil { return nil, err @@ -89,7 +89,7 @@ func (r *Remote) LayersFromRequestedComponents(ctx context.Context, requestedCom tarballFormat := "%s.tar" images := map[string]bool{} for _, rc := range requestedComponents { - component := helpers.Find(pkg.Components, func(component types.ZarfComponent) bool { + component := helpers.Find(pkg.Components, func(component v1alpha1.ZarfComponent) bool { return component.Name == rc.Name }) if component.Name == "" { diff --git a/src/pkg/zoci/push.go b/src/pkg/zoci/push.go index 63a80b425f..e080e80f99 100644 --- a/src/pkg/zoci/push.go +++ b/src/pkg/zoci/push.go @@ -11,15 +11,15 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/defenseunicorns/pkg/oci" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/message" - "github.com/zarf-dev/zarf/src/types" "oras.land/oras-go/v2" "oras.land/oras-go/v2/content/file" ) // PublishPackage publishes the zarf package to the remote repository. -func (r *Remote) PublishPackage(ctx context.Context, pkg *types.ZarfPackage, paths *layout.PackagePaths, concurrency int) error { +func (r *Remote) PublishPackage(ctx context.Context, pkg *v1alpha1.ZarfPackage, paths *layout.PackagePaths, concurrency int) error { src, err := file.New(paths.Base) if err != nil { return err @@ -88,7 +88,7 @@ func (r *Remote) PublishPackage(ctx context.Context, pkg *types.ZarfPackage, pat return nil } -func annotationsFromMetadata(metadata *types.ZarfMetadata) map[string]string { +func annotationsFromMetadata(metadata *v1alpha1.ZarfMetadata) map[string]string { annotations := map[string]string{ ocispec.AnnotationTitle: metadata.Name, ocispec.AnnotationDescription: metadata.Description, diff --git a/src/pkg/zoci/utils.go b/src/pkg/zoci/utils.go index e9ac1f57e3..5679754449 100644 --- a/src/pkg/zoci/utils.go +++ b/src/pkg/zoci/utils.go @@ -10,12 +10,12 @@ import ( "strings" "github.com/defenseunicorns/pkg/helpers/v2" - "github.com/zarf-dev/zarf/src/types" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "oras.land/oras-go/v2/registry" ) // ReferenceFromMetadata returns a reference for the given metadata. -func ReferenceFromMetadata(registryLocation string, metadata *types.ZarfMetadata, build *types.ZarfBuildData) (string, error) { +func ReferenceFromMetadata(registryLocation string, metadata *v1alpha1.ZarfMetadata, build *v1alpha1.ZarfBuildData) (string, error) { ver := metadata.Version if len(ver) == 0 { return "", errors.New("version is required for publishing") diff --git a/src/test/e2e/00_use_cli_test.go b/src/test/e2e/00_use_cli_test.go index ff8a07106b..b663d58454 100644 --- a/src/test/e2e/00_use_cli_test.go +++ b/src/test/e2e/00_use_cli_test.go @@ -143,6 +143,7 @@ func TestUseCLI(t *testing.T) { require.Greater(t, len(files), 1) }) + // TODO: Refactor test as it depends on debug log output for validation. t.Run("zarf package inspect with tmpdir", func(t *testing.T) { t.Parallel() path := fmt.Sprintf("build/zarf-package-component-actions-%s.tar.zst", e2e.Arch) @@ -152,6 +153,7 @@ func TestUseCLI(t *testing.T) { require.NoError(t, err, stdOut, stdErr) }) + // TODO: Refactor test as it depends on debug log output for validation. t.Run("zarf package deploy with tmpdir", func(t *testing.T) { t.Parallel() tmpdir := t.TempDir() diff --git a/src/test/e2e/02_component_actions_test.go b/src/test/e2e/02_component_actions_test.go index 94f9d997db..8ef710ee90 100644 --- a/src/test/e2e/02_component_actions_test.go +++ b/src/test/e2e/02_component_actions_test.go @@ -88,7 +88,6 @@ func TestComponentActions(t *testing.T) { stdOut, stdErr, err = e2e.Zarf(t, "package", "deploy", path, "--components=on-deploy-with-variable", "--confirm") require.NoError(t, err, stdOut, stdErr) require.Contains(t, stdErr, "the dog says ruff") - }) t.Run("action on-deploy-with-dynamic-variable", func(t *testing.T) { @@ -100,7 +99,6 @@ func TestComponentActions(t *testing.T) { require.Contains(t, stdErr, "the dog says ruff") require.Contains(t, stdErr, "the snake says hiss") require.Contains(t, stdErr, "with a TF_VAR, the snake also says hiss") - }) t.Run("action on-deploy-with-env-var", func(t *testing.T) { diff --git a/src/test/e2e/04_create_templating_test.go b/src/test/e2e/04_create_templating_test.go index d69839547b..a93f23027d 100644 --- a/src/test/e2e/04_create_templating_test.go +++ b/src/test/e2e/04_create_templating_test.go @@ -21,15 +21,14 @@ func TestCreateTemplating(t *testing.T) { decompressPath := filepath.Join(tmpdir, ".package-decompressed") sbomPath := filepath.Join(tmpdir, ".sbom-location") - pkgName := fmt.Sprintf("zarf-package-variables-%s.tar.zst", e2e.Arch) + pkgName := fmt.Sprintf("zarf-package-templating-%s.tar.zst", e2e.Arch) // Test that not specifying a package variable results in an error - _, stdErr, _ := e2e.Zarf(t, "package", "create", "examples/variables", "--confirm") - expectedOutString := "variable 'NGINX_VERSION' must be '--set' when using the '--confirm' flag" - require.Contains(t, stdErr, "", expectedOutString) + _, _, err := e2e.Zarf(t, "package", "create", "src/test/packages/04-templating", "--confirm") + require.Error(t, err) // Test a simple package variable example with `--set` (will fail to pull an image if this is not set correctly) - stdOut, stdErr, err := e2e.Zarf(t, "package", "create", "examples/variables", "--set", "NGINX_VERSION=1.23.3", "--confirm") + stdOut, stdErr, err := e2e.Zarf(t, "package", "create", "src/test/packages/04-templating", "--set", "PODINFO_VERSION=6.4.0", "--confirm") require.NoError(t, err, stdOut, stdErr) stdOut, stdErr, err = e2e.Zarf(t, "t", "archiver", "decompress", pkgName, decompressPath, "--unarchive-all") @@ -38,7 +37,7 @@ func TestCreateTemplating(t *testing.T) { // Check that the constant in the zarf.yaml is replaced correctly builtConfig, err := os.ReadFile(decompressPath + "/zarf.yaml") require.NoError(t, err) - require.Contains(t, string(builtConfig), "name: NGINX_VERSION\n value: 1.23.3") + require.Contains(t, string(builtConfig), "name: PODINFO_VERSION\n value: 6.4.0") // Test that files and file folders template and handle SBOMs correctly stdOut, stdErr, err = e2e.Zarf(t, "package", "create", "src/test/packages/04-file-folders-templating-sbom/", "--sbom-out", sbomPath, "--confirm") diff --git a/src/test/e2e/05_tarball_test.go b/src/test/e2e/05_tarball_test.go index cac1a07582..a9af583002 100644 --- a/src/test/e2e/05_tarball_test.go +++ b/src/test/e2e/05_tarball_test.go @@ -13,6 +13,7 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/types" @@ -93,7 +94,7 @@ func TestReproducibleTarballs(t *testing.T) { stdOut, stdErr, err = e2e.Zarf(t, "tools", "archiver", "decompress", tb, unpack1) require.NoError(t, err, stdOut, stdErr) - var pkg1 types.ZarfPackage + var pkg1 v1alpha1.ZarfPackage err = utils.ReadYaml(filepath.Join(unpack1, layout.ZarfYAML), &pkg1) require.NoError(t, err) @@ -105,7 +106,7 @@ func TestReproducibleTarballs(t *testing.T) { stdOut, stdErr, err = e2e.Zarf(t, "tools", "archiver", "decompress", tb, unpack2) require.NoError(t, err, stdOut, stdErr) - var pkg2 types.ZarfPackage + var pkg2 v1alpha1.ZarfPackage err = utils.ReadYaml(filepath.Join(unpack2, layout.ZarfYAML), &pkg2) require.NoError(t, err) diff --git a/src/test/e2e/08_create_differential_test.go b/src/test/e2e/08_create_differential_test.go index 97aaf40de2..59e298c22d 100644 --- a/src/test/e2e/08_create_differential_test.go +++ b/src/test/e2e/08_create_differential_test.go @@ -11,10 +11,10 @@ import ( "github.com/mholt/archiver/v3" "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" ) // TestCreateDifferential creates several differential packages and ensures the reference package images and repos are not included in the new package. @@ -47,7 +47,7 @@ func TestCreateDifferential(t *testing.T) { require.NoError(t, err, "unable to extract zarf.yaml from the differential git package") // Load the extracted zarf.yaml specification - var differentialZarfConfig types.ZarfPackage + var differentialZarfConfig v1alpha1.ZarfPackage err = utils.ReadYaml(filepath.Join(tmpdir, layout.ZarfYAML), &differentialZarfConfig) require.NoError(t, err, "unable to read zarf.yaml from the differential git package") diff --git a/src/test/e2e/12_lint_test.go b/src/test/e2e/12_lint_test.go index 3fabfa631d..7985f05b04 100644 --- a/src/test/e2e/12_lint_test.go +++ b/src/test/e2e/12_lint_test.go @@ -55,7 +55,5 @@ func TestLint(t *testing.T) { // Check reported filepaths require.Contains(t, strippedStderr, "Linting package \"dos-games\" at oci://🦄/dos-games:1.0.0") require.Contains(t, strippedStderr, fmt.Sprintf("Linting package \"lint\" at %s", testPackagePath)) - }) - } diff --git a/src/test/e2e/13_find_images_test.go b/src/test/e2e/13_find_images_test.go index a161ed15f6..39f6691b16 100644 --- a/src/test/e2e/13_find_images_test.go +++ b/src/test/e2e/13_find_images_test.go @@ -48,20 +48,22 @@ func TestFindImages(t *testing.T) { t.Run("zarf dev find-images with helm or manifest vars", func(t *testing.T) { t.Parallel() - registry := "coolregistry.gov" + registry := "zarf.dev" agentTag := "test" - stdOut, _, err := e2e.Zarf(t, "prepare", "find-images", ".", "--registry-url", registry, "--create-set", fmt.Sprintf("agent_image_tag=%s", agentTag)) + stdOut, _, err := e2e.Zarf(t, "dev", "find-images", ".", "--registry-url", registry, "--create-set", fmt.Sprintf("agent_image_tag=%s", agentTag), "--skip-cosign") + require.NoError(t, err) internalRegistryImage := fmt.Sprintf("%s/%s:%s", registry, "zarf-dev/zarf/agent", agentTag) - require.Contains(t, stdOut, internalRegistryImage, "registry image should be found with registry url") - require.Contains(t, stdOut, "busybox:latest", "Busybox image should be found as long as helm chart doesn't error") + require.Contains(t, stdOut, internalRegistryImage) + // busybox image is in git init package + require.Contains(t, stdOut, "busybox:latest") - path := filepath.Join("src", "test", "packages", "00-find-images-with-vars") - stdOut, _, err = e2e.Zarf(t, "prepare", "find-images", path, "--deploy-set", "BUSYBOX_IMAGE=busybox:earliest") + path := filepath.Join("src", "test", "packages", "13-find-images-with-vars") + stdOut, _, err = e2e.Zarf(t, "dev", "find-images", path, "--deploy-set", "PODINFO_IMAGE=zarf.dev/podinfo:latest", "--skip-cosign") require.NoError(t, err) - require.Contains(t, stdOut, "nginx:latest", "Manifests aren't interpreting vars") - require.Contains(t, stdOut, "busybox:earliest", "Values files aren't interpreting vars") + require.Contains(t, stdOut, "ghcr.io/zarf-dev/zarf/agent:v0.36.1") + require.Contains(t, stdOut, "zarf.dev/podinfo:latest") }) t.Run("zarf test find images --why w/ helm chart success", func(t *testing.T) { @@ -85,7 +87,5 @@ func TestFindImages(t *testing.T) { require.Contains(t, stdOut, "component: httpd-local") require.Contains(t, stdOut, "manifest: simple-httpd-deployment") require.Contains(t, stdOut, "image: httpd:alpine3.18") - }) - } diff --git a/src/test/e2e/13_zarf_package_generate_test.go b/src/test/e2e/13_zarf_package_generate_test.go index 9d73747210..e1249ff8dc 100644 --- a/src/test/e2e/13_zarf_package_generate_test.go +++ b/src/test/e2e/13_zarf_package_generate_test.go @@ -9,9 +9,9 @@ import ( "testing" "github.com/stretchr/testify/require" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" ) func TestZarfDevGenerate(t *testing.T) { @@ -27,7 +27,7 @@ func TestZarfDevGenerate(t *testing.T) { stdOut, stdErr, err := e2e.Zarf(t, "dev", "generate", "podinfo", "--url", url, "--version", version, "--gitPath", gitPath, "--output-directory", tmpDir) require.NoError(t, err, stdOut, stdErr) - zarfPackage := types.ZarfPackage{} + zarfPackage := v1alpha1.ZarfPackage{} packageLocation := filepath.Join(tmpDir, layout.ZarfYAML) err = utils.ReadYaml(packageLocation, &zarfPackage) require.NoError(t, err) diff --git a/src/test/e2e/14_create_sha_index_test.go b/src/test/e2e/14_create_sha_index_test.go index eb2849975a..40b198738b 100644 --- a/src/test/e2e/14_create_sha_index_test.go +++ b/src/test/e2e/14_create_sha_index_test.go @@ -37,5 +37,4 @@ func TestCreateIndexShaErrors(t *testing.T) { require.Contains(t, stderr, tc.expectedImageInStderr) }) } - } diff --git a/src/test/e2e/22_git_and_gitops_test.go b/src/test/e2e/22_git_and_gitops_test.go index 363d5be1df..901137125b 100644 --- a/src/test/e2e/22_git_and_gitops_test.go +++ b/src/test/e2e/22_git_and_gitops_test.go @@ -14,7 +14,7 @@ import ( "testing" "github.com/stretchr/testify/require" - "github.com/zarf-dev/zarf/src/internal/packager/git" + "github.com/zarf-dev/zarf/src/internal/gitea" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/types" ) @@ -71,22 +71,23 @@ func testGitServerReadOnly(ctx context.Context, t *testing.T, gitURL string) { require.NoError(t, err) // Init the state variable - zarfState, err := c.LoadZarfState(ctx) + state, err := c.LoadZarfState(ctx) require.NoError(t, err) - - gitCfg := git.New(zarfState.GitServer) + giteaClient, err := gitea.NewClient(gitURL, types.ZarfGitReadUser, state.GitServer.PullPassword) + require.NoError(t, err) + repoName := "zarf-public-test-2363058019" // Get the repo as the readonly user - repoName := "zarf-public-test-2363058019" - getRepoRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s", gitURL, zarfState.GitServer.PushUsername, repoName), nil) - getRepoResponseBody, _, err := gitCfg.DoHTTPThings(getRepoRequest, types.ZarfGitReadUser, zarfState.GitServer.PullPassword) + b, statusCode, err := giteaClient.DoRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/repos/%s/%s", state.GitServer.PushUsername, repoName), nil) require.NoError(t, err) + require.Equal(t, http.StatusOK, statusCode) // Make sure the only permissions are pull (read) var bodyMap map[string]interface{} - err = json.Unmarshal(getRepoResponseBody, &bodyMap) + err = json.Unmarshal(b, &bodyMap) require.NoError(t, err) - permissionsMap := bodyMap["permissions"].(map[string]interface{}) + permissionsMap, ok := bodyMap["permissions"].(map[string]interface{}) + require.True(t, ok, "permissions key is not of right type") require.False(t, permissionsMap["admin"].(bool)) require.False(t, permissionsMap["push"].(bool)) require.True(t, permissionsMap["pull"].(bool)) @@ -99,30 +100,29 @@ func testGitServerTagAndHash(ctx context.Context, t *testing.T, gitURL string) { require.NoError(t, err) // Init the state variable - zarfState, err := c.LoadZarfState(ctx) + state, err := c.LoadZarfState(ctx) require.NoError(t, err, "Failed to load Zarf state") + giteaClient, err := gitea.NewClient(gitURL, types.ZarfGitReadUser, state.GitServer.PullPassword) + require.NoError(t, err) repoName := "zarf-public-test-2363058019" - gitCfg := git.New(zarfState.GitServer) - - // Get the Zarf repo tag + // Make sure the pushed tag exists repoTag := "v0.0.1" - getRepoTagsRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s/tags/%s", gitURL, types.ZarfGitPushUser, repoName, repoTag), nil) - getRepoTagsResponseBody, _, err := gitCfg.DoHTTPThings(getRepoTagsRequest, types.ZarfGitReadUser, zarfState.GitServer.PullPassword) + b, statusCode, err := giteaClient.DoRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/repos/%s/%s/tags/%s", types.ZarfGitPushUser, repoName, repoTag), nil) require.NoError(t, err) - - // Make sure the pushed tag exists + require.Equal(t, http.StatusOK, statusCode) var tagMap map[string]interface{} - err = json.Unmarshal(getRepoTagsResponseBody, &tagMap) + err = json.Unmarshal(b, &tagMap) require.NoError(t, err) require.Equal(t, repoTag, tagMap["name"]) // Get the Zarf repo commit repoHash := "01a23218923f24194133b5eb11268cf8d73ff1bb" - getRepoCommitsRequest, _ := http.NewRequest("GET", fmt.Sprintf("%s/api/v1/repos/%s/%s/git/commits/%s", gitURL, types.ZarfGitPushUser, repoName, repoHash), nil) - getRepoCommitsResponseBody, _, err := gitCfg.DoHTTPThings(getRepoCommitsRequest, types.ZarfGitReadUser, zarfState.GitServer.PullPassword) + b, statusCode, err = giteaClient.DoRequest(ctx, http.MethodGet, fmt.Sprintf("/api/v1/repos/%s/%s/git/commits/%s", types.ZarfGitPushUser, repoName, repoHash), nil) + require.NoError(t, err) + require.Equal(t, http.StatusOK, statusCode) require.NoError(t, err) - require.Contains(t, string(getRepoCommitsResponseBody), repoHash) + require.Contains(t, string(b), repoHash) } func waitFluxPodInfoDeployment(t *testing.T) { diff --git a/src/test/e2e/50_oci_publish_deploy_test.go b/src/test/e2e/50_oci_publish_deploy_test.go index f72fbb28b5..217c1b2de6 100644 --- a/src/test/e2e/50_oci_publish_deploy_test.go +++ b/src/test/e2e/50_oci_publish_deploy_test.go @@ -5,7 +5,6 @@ package test import ( - "context" "fmt" "path/filepath" "strings" @@ -16,6 +15,7 @@ import ( "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" "github.com/zarf-dev/zarf/src/pkg/zoci" + "github.com/zarf-dev/zarf/src/test/testutil" "oras.land/oras-go/v2/registry" "oras.land/oras-go/v2/registry/remote" ) @@ -139,7 +139,7 @@ func (suite *PublishDeploySuiteTestSuite) Test_3_Copy() { suite.NoError(err) reg.PlainHTTP = true attempt := 0 - ctx := context.TODO() + ctx := testutil.TestContext(t) for attempt <= 5 { err = reg.Ping(ctx) if err == nil { @@ -164,6 +164,5 @@ func (suite *PublishDeploySuiteTestSuite) Test_3_Copy() { } func TestPublishDeploySuite(t *testing.T) { - suite.Run(t, new(PublishDeploySuiteTestSuite)) } diff --git a/src/test/e2e/51_oci_compose_test.go b/src/test/e2e/51_oci_compose_test.go index 0d98d13c8b..fda9d5eeab 100644 --- a/src/test/e2e/51_oci_compose_test.go +++ b/src/test/e2e/51_oci_compose_test.go @@ -15,10 +15,10 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/pkg/utils" - "github.com/zarf-dev/zarf/src/types" corev1 "k8s.io/api/core/v1" "oras.land/oras-go/v2/registry" ) @@ -135,7 +135,7 @@ func (suite *SkeletonSuite) Test_2_FilePaths() { } for _, pkgTar := range pkgTars { - var pkg types.ZarfPackage + var pkg v1alpha1.ZarfPackage unpacked := strings.TrimSuffix(pkgTar, ".tar.zst") defer os.RemoveAll(unpacked) @@ -184,8 +184,7 @@ func (suite *SkeletonSuite) DirOrFileExists(path string) { suite.Falsef(invalid, "path specified does not exist: %s", path) } -func (suite *SkeletonSuite) verifyComponentPaths(unpackedPath string, components []types.ZarfComponent, isSkeleton bool) { - +func (suite *SkeletonSuite) verifyComponentPaths(unpackedPath string, components []v1alpha1.ZarfComponent, isSkeleton bool) { if isSkeleton { suite.NoDirExists(filepath.Join(unpackedPath, "images")) suite.NoDirExists(filepath.Join(unpackedPath, "sboms")) @@ -280,10 +279,8 @@ func (suite *SkeletonSuite) verifyComponentPaths(unpackedPath string, components } } } - } func TestSkeletonSuite(t *testing.T) { - suite.Run(t, new(SkeletonSuite)) } diff --git a/src/test/external/docker-compose.yml b/src/test/external/docker-compose.yml index 401476653b..7e180fdbab 100644 --- a/src/test/external/docker-compose.yml +++ b/src/test/external/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3" - services: server: image: gitea/gitea:1.18.1 diff --git a/src/test/external/ext_in_cluster_test.go b/src/test/external/ext_in_cluster_test.go index bddc84fbf6..ffe5a08b73 100644 --- a/src/test/external/ext_in_cluster_test.go +++ b/src/test/external/ext_in_cluster_test.go @@ -19,6 +19,7 @@ import ( "github.com/stretchr/testify/suite" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/pkg/utils/exec" + "github.com/zarf-dev/zarf/src/test/testutil" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/cli-utils/pkg/object" ) @@ -103,7 +104,7 @@ func (suite *ExtInClusterTestSuite) Test_0_Mirror() { c, err := cluster.NewCluster() suite.NoError(err) - ctx := context.TODO() + ctx := testutil.TestContext(suite.T()) // Check that the registry contains the images we want tunnelReg, err := c.NewTunnel("external-registry", "svc", "external-registry-docker-registry", "", 0, 5000) diff --git a/src/test/external/ext_out_cluster_test.go b/src/test/external/ext_out_cluster_test.go index dfcc9da580..e2cbaccefb 100644 --- a/src/test/external/ext_out_cluster_test.go +++ b/src/test/external/ext_out_cluster_test.go @@ -20,6 +20,7 @@ import ( "github.com/stretchr/testify/suite" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/utils/exec" + "github.com/zarf-dev/zarf/src/test/testutil" "helm.sh/helm/v3/pkg/repo" ) @@ -54,7 +55,6 @@ type ExtOutClusterTestSuite struct { } func (suite *ExtOutClusterTestSuite) SetupSuite() { - suite.Assertions = require.New(suite.T()) // Teardown any leftovers from previous tests @@ -207,7 +207,7 @@ func (suite *ExtOutClusterTestSuite) createHelmChartInGitea(baseURL string, user podinfoTarballPath := filepath.Join(tempDir, fmt.Sprintf("podinfo-%s.tgz", podInfoVersion)) suite.NoError(err, "Unable to package chart") - err = utils.DownloadToFile(fmt.Sprintf("https://stefanprodan.github.io/podinfo/podinfo-%s.tgz", podInfoVersion), podinfoTarballPath, "") + err = utils.DownloadToFile(testutil.TestContext(suite.T()), fmt.Sprintf("https://stefanprodan.github.io/podinfo/podinfo-%s.tgz", podInfoVersion), podinfoTarballPath, "") suite.NoError(err) url := fmt.Sprintf("%s/api/packages/%s/helm/api/charts", baseURL, username) diff --git a/src/test/packages/00-find-images-with-vars/values.yaml b/src/test/packages/00-find-images-with-vars/values.yaml deleted file mode 100644 index da10dacc6b..0000000000 --- a/src/test/packages/00-find-images-with-vars/values.yaml +++ /dev/null @@ -1 +0,0 @@ -busybox: ###ZARF_VAR_BUSYBOX_IMAGE### diff --git a/src/test/packages/04-templating/zarf.yaml b/src/test/packages/04-templating/zarf.yaml new file mode 100644 index 0000000000..bcc8e5cc35 --- /dev/null +++ b/src/test/packages/04-templating/zarf.yaml @@ -0,0 +1,14 @@ +kind: ZarfPackageConfig +metadata: + name: templating + +constants: + - name: PODINFO_VERSION + value: "###ZARF_PKG_TMPL_PODINFO_VERSION###" + pattern: "^[\\w\\-\\.]+$" + +components: + - name: variables-with-podinfo + images: + # This sets the nginx image tag to the same PKG_TMPL used for the constant above to keep the zarf.yaml and nginx-deployment.yaml in sync + - "ghcr.io/stefanprodan/podinfo:###ZARF_PKG_TMPL_PODINFO_VERSION###" diff --git a/src/test/packages/00-find-images-with-vars/deployment.yaml b/src/test/packages/13-find-images-with-vars/deployment.yaml similarity index 86% rename from src/test/packages/00-find-images-with-vars/deployment.yaml rename to src/test/packages/13-find-images-with-vars/deployment.yaml index 8d4b344dae..c0f766fd9b 100644 --- a/src/test/packages/00-find-images-with-vars/deployment.yaml +++ b/src/test/packages/13-find-images-with-vars/deployment.yaml @@ -16,4 +16,4 @@ spec: spec: containers: - name: server - image: "###ZARF_CONST_SAMPLE_IMAGE###" + image: "###ZARF_CONST_AGENT_IMAGE###" diff --git a/src/test/packages/00-find-images-with-vars/simple-helm/Chart.yaml b/src/test/packages/13-find-images-with-vars/simple-helm/Chart.yaml similarity index 100% rename from src/test/packages/00-find-images-with-vars/simple-helm/Chart.yaml rename to src/test/packages/13-find-images-with-vars/simple-helm/Chart.yaml diff --git a/src/test/packages/00-find-images-with-vars/simple-helm/templates/deployment.yaml b/src/test/packages/13-find-images-with-vars/simple-helm/templates/deployment.yaml similarity index 82% rename from src/test/packages/00-find-images-with-vars/simple-helm/templates/deployment.yaml rename to src/test/packages/13-find-images-with-vars/simple-helm/templates/deployment.yaml index 335cb8afbb..c5bb598e7d 100644 --- a/src/test/packages/00-find-images-with-vars/simple-helm/templates/deployment.yaml +++ b/src/test/packages/13-find-images-with-vars/simple-helm/templates/deployment.yaml @@ -15,5 +15,5 @@ spec: app: simple-deployment spec: containers: - - name: busybox - image: {{.Values.busybox}} + - name: podinfo + image: {{.Values.podinfo}} diff --git a/src/test/packages/13-find-images-with-vars/values.yaml b/src/test/packages/13-find-images-with-vars/values.yaml new file mode 100644 index 0000000000..525c3d3bd8 --- /dev/null +++ b/src/test/packages/13-find-images-with-vars/values.yaml @@ -0,0 +1 @@ +podinfo: ###ZARF_VAR_PODINFO_IMAGE### diff --git a/src/test/packages/00-find-images-with-vars/zarf.yaml b/src/test/packages/13-find-images-with-vars/zarf.yaml similarity index 77% rename from src/test/packages/00-find-images-with-vars/zarf.yaml rename to src/test/packages/13-find-images-with-vars/zarf.yaml index b58911d993..bc234638c6 100644 --- a/src/test/packages/00-find-images-with-vars/zarf.yaml +++ b/src/test/packages/13-find-images-with-vars/zarf.yaml @@ -4,12 +4,12 @@ metadata: description: Simple zarf package with variables variables: - - name: BUSYBOX_IMAGE - default: "busybox:latest" + - name: PODINFO_IMAGE + default: "ghcr.io/stefanprodan/podinfo:latest" constants: - - name: SAMPLE_IMAGE - value: "nginx:latest" + - name: AGENT_IMAGE + value: "ghcr.io/zarf-dev/zarf/agent:v0.36.1" components: - name: simple-var diff --git a/src/test/packages/28-helm-no-wait/never-ready.pod.yaml b/src/test/packages/28-helm-no-wait/never-ready.pod.yaml index 6fa1682d52..3ad9bd944e 100644 --- a/src/test/packages/28-helm-no-wait/never-ready.pod.yaml +++ b/src/test/packages/28-helm-no-wait/never-ready.pod.yaml @@ -4,8 +4,8 @@ metadata: name: never-ready-zarf-wait-test spec: containers: - - name: alpine - image: alpine:latest + - name: podinfo + image: ghcr.io/stefanprodan/podinfo:6.4.0 command: - "sleep" - "infinity" diff --git a/src/test/packages/28-helm-no-wait/zarf.yaml b/src/test/packages/28-helm-no-wait/zarf.yaml index 177fe6792a..7b8881f886 100644 --- a/src/test/packages/28-helm-no-wait/zarf.yaml +++ b/src/test/packages/28-helm-no-wait/zarf.yaml @@ -13,4 +13,4 @@ components: files: - never-ready.pod.yaml images: - - alpine:latest + - ghcr.io/stefanprodan/podinfo:6.4.0 diff --git a/src/test/testutil/testutil.go b/src/test/testutil/testutil.go new file mode 100644 index 0000000000..862bca937d --- /dev/null +++ b/src/test/testutil/testutil.go @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: Apache-2.0 +// SPDX-FileCopyrightText: 2021-Present The Zarf Authors + +// Package testutil provides global testing helper functions +package testutil + +import ( + "context" + "testing" +) + +// TestContext takes a testing.T and returns a context that is +// attached to the test by t.Cleanup() +func TestContext(t *testing.T) context.Context { + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + return ctx +} diff --git a/src/types/component.go b/src/types/component.go deleted file mode 100644 index 4ccf392970..0000000000 --- a/src/types/component.go +++ /dev/null @@ -1,256 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package types contains all the types used by Zarf. -package types - -import ( - "github.com/invopop/jsonschema" - "github.com/zarf-dev/zarf/src/pkg/utils/exec" - "github.com/zarf-dev/zarf/src/pkg/variables" - "github.com/zarf-dev/zarf/src/types/extensions" -) - -// ZarfComponent is the primary functional grouping of assets to deploy by Zarf. -type ZarfComponent struct { - // Name is the unique identifier for this component - Name string `json:"name" jsonschema:"description=The name of the component,pattern=^[a-z0-9][a-z0-9\\-]*$"` - - // Description is a message given to a user when deciding to enable this component or not - Description string `json:"description,omitempty" jsonschema:"description=Message to include during package deploy describing the purpose of this component"` - - // Default changes the default option when deploying this component - Default bool `json:"default,omitempty" jsonschema:"description=Determines the default Y/N state for installing this component on package deploy"` - - // Required makes this component mandatory for package deployment - Required *bool `json:"required,omitempty" jsonschema:"description=Do not prompt user to install this component, always install on package deploy."` - - // Only include compatible components during package deployment - Only ZarfComponentOnlyTarget `json:"only,omitempty" jsonschema:"description=Filter when this component is included in package creation or deployment"` - - // DeprecatedGroup is a key to match other components to produce a user selector field, used to create a BOOLEAN XOR for a set of components - // - // Note: ignores default and required flags - DeprecatedGroup string `json:"group,omitempty" jsonschema:"description=[Deprecated] Create a user selector field based on all components in the same group. This will be removed in Zarf v1.0.0. Consider using 'only.flavor' instead.,deprecated=true"` - - // DeprecatedCosignKeyPath to cosign public key for signed online resources - DeprecatedCosignKeyPath string `json:"cosignKeyPath,omitempty" jsonschema:"description=[Deprecated] Specify a path to a public key to validate signed online resources. This will be removed in Zarf v1.0.0.,deprecated=true"` - - // Import refers to another zarf.yaml package component. - Import ZarfComponentImport `json:"import,omitempty" jsonschema:"description=Import a component from another Zarf package"` - - // Manifests are raw manifests that get converted into zarf-generated helm charts during deploy - Manifests []ZarfManifest `json:"manifests,omitempty" jsonschema:"description=Kubernetes manifests to be included in a generated Helm chart on package deploy"` - - // Charts are helm charts to install during package deploy - Charts []ZarfChart `json:"charts,omitempty" jsonschema:"description=Helm charts to install during package deploy"` - - // Data packages to push into a running cluster - DataInjections []ZarfDataInjection `json:"dataInjections,omitempty" jsonschema:"description=Datasets to inject into a container in the target cluster"` - - // Files are files to place on disk during deploy - Files []ZarfFile `json:"files,omitempty" jsonschema:"description=Files or folders to place on disk during package deployment"` - - // Images are the online images needed to be included in the zarf package - Images []string `json:"images,omitempty" jsonschema:"description=List of OCI images to include in the package"` - - // Repos are any git repos that need to be pushed into the git server - Repos []string `json:"repos,omitempty" jsonschema:"description=List of git repos to include in the package"` - - // Extensions provide additional functionality to a component - Extensions extensions.ZarfComponentExtensions `json:"extensions,omitempty" jsonschema:"description=Extend component functionality with additional features"` - - // DeprecatedScripts are custom commands that run before or after package deployment - DeprecatedScripts DeprecatedZarfComponentScripts `json:"scripts,omitempty" jsonschema:"description=[Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0.,deprecated=true"` - - // Replaces scripts, fine-grained control over commands to run at various stages of a package lifecycle - Actions ZarfComponentActions `json:"actions,omitempty" jsonschema:"description=Custom commands to run at various stages of a package lifecycle"` -} - -// RequiresCluster returns if the component requires a cluster connection to deploy -func (c ZarfComponent) RequiresCluster() bool { - hasImages := len(c.Images) > 0 - hasCharts := len(c.Charts) > 0 - hasManifests := len(c.Manifests) > 0 - hasRepos := len(c.Repos) > 0 - hasDataInjections := len(c.DataInjections) > 0 - - if hasImages || hasCharts || hasManifests || hasRepos || hasDataInjections { - return true - } - - return false -} - -// IsRequired returns if the component is required or not. -func (c ZarfComponent) IsRequired() bool { - if c.Required != nil { - return *c.Required - } - - return false -} - -// ZarfComponentOnlyTarget filters a component to only show it for a given local OS and cluster. -type ZarfComponentOnlyTarget struct { - LocalOS string `json:"localOS,omitempty" jsonschema:"description=Only deploy component to specified OS,enum=linux,enum=darwin,enum=windows"` - Cluster ZarfComponentOnlyCluster `json:"cluster,omitempty" jsonschema:"description=Only deploy component to specified clusters"` - Flavor string `json:"flavor,omitempty" jsonschema:"description=Only include this component when a matching '--flavor' is specified on 'zarf package create'"` -} - -// ZarfComponentOnlyCluster represents the architecture and K8s cluster distribution to filter on. -type ZarfComponentOnlyCluster struct { - Architecture string `json:"architecture,omitempty" jsonschema:"description=Only create and deploy to clusters of the given architecture,enum=amd64,enum=arm64"` - Distros []string `json:"distros,omitempty" jsonschema:"description=A list of kubernetes distros this package works with (Reserved for future use),example=k3s,example=eks"` -} - -// ZarfFile defines a file to deploy. -type ZarfFile struct { - Source string `json:"source" jsonschema:"description=Local folder or file path or remote URL to pull into the package"` - Shasum string `json:"shasum,omitempty" jsonschema:"description=(files only) Optional SHA256 checksum of the file"` - Target string `json:"target" jsonschema:"description=The absolute or relative path where the file or folder should be copied to during package deploy"` - Executable bool `json:"executable,omitempty" jsonschema:"description=(files only) Determines if the file should be made executable during package deploy"` - Symlinks []string `json:"symlinks,omitempty" jsonschema:"description=List of symlinks to create during package deploy"` - ExtractPath string `json:"extractPath,omitempty" jsonschema:"description=Local folder or file to be extracted from a 'source' archive"` -} - -// ZarfChart defines a helm chart to be deployed. -type ZarfChart struct { - Name string `json:"name" jsonschema:"description=The name of the chart within Zarf; note that this must be unique and does not need to be the same as the name in the chart repo"` - Version string `json:"version,omitempty" jsonschema:"description=The version of the chart to deploy; for git-based charts this is also the tag of the git repo by default (when not using the '@' syntax for 'repos')"` - URL string `json:"url,omitempty" jsonschema:"example=OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo,example=helm chart repo: https://stefanprodan.github.io/podinfo,example=git repo: https://github.com/stefanprodan/podinfo (note the '@' syntax for 'repos' is supported here too)" jsonschema_description:"The URL of the OCI registry, chart repository, or git repo where the helm chart is stored"` - RepoName string `json:"repoName,omitempty" jsonschema:"description=The name of a chart within a Helm repository (defaults to the Zarf name of the chart)"` - GitPath string `json:"gitPath,omitempty" jsonschema:"description=(git repo only) The sub directory to the chart within a git repo,example=charts/your-chart"` - LocalPath string `json:"localPath,omitempty" jsonschema:"description=The path to a local chart's folder or .tgz archive"` - Namespace string `json:"namespace,omitempty" jsonschema:"description=The namespace to deploy the chart to"` - ReleaseName string `json:"releaseName,omitempty" jsonschema:"description=The name of the Helm release to create (defaults to the Zarf name of the chart)"` - NoWait bool `json:"noWait,omitempty" jsonschema:"description=Whether to not wait for chart resources to be ready before continuing"` - ValuesFiles []string `json:"valuesFiles,omitempty" jsonschema:"description=List of local values file paths or remote URLs to include in the package; these will be merged together when deployed"` - Variables []ZarfChartVariable `json:"variables,omitempty" jsonschema:"description=[alpha] List of variables to set in the Helm chart"` -} - -// ZarfChartVariable represents a variable that can be set for a Helm chart overrides. -type ZarfChartVariable struct { - Name string `json:"name" jsonschema:"description=The name of the variable,pattern=^[A-Z0-9_]+$"` - Description string `json:"description" jsonschema:"description=A brief description of what the variable controls"` - Path string `json:"path" jsonschema:"description=The path within the Helm chart values where this variable applies"` -} - -// ZarfManifest defines raw manifests Zarf will deploy as a helm chart. -type ZarfManifest struct { - Name string `json:"name" jsonschema:"description=A name to give this collection of manifests; this will become the name of the dynamically-created helm chart"` - Namespace string `json:"namespace,omitempty" jsonschema:"description=The namespace to deploy the manifests to"` - Files []string `json:"files,omitempty" jsonschema:"description=List of local K8s YAML files or remote URLs to deploy (in order)"` - KustomizeAllowAnyDirectory bool `json:"kustomizeAllowAnyDirectory,omitempty" jsonschema:"description=Allow traversing directory above the current directory if needed for kustomization"` - Kustomizations []string `json:"kustomizations,omitempty" jsonschema:"description=List of local kustomization paths or remote URLs to include in the package"` - NoWait bool `json:"noWait,omitempty" jsonschema:"description=Whether to not wait for manifest resources to be ready before continuing"` -} - -// DeprecatedZarfComponentScripts are scripts that run before or after a component is deployed -type DeprecatedZarfComponentScripts struct { - ShowOutput bool `json:"showOutput,omitempty" jsonschema:"description=Show the output of the script during package deployment"` - TimeoutSeconds int `json:"timeoutSeconds,omitempty" jsonschema:"description=Timeout in seconds for the script"` - Retry bool `json:"retry,omitempty" jsonschema:"description=Retry the script if it fails"` - Prepare []string `json:"prepare,omitempty" jsonschema:"description=Scripts to run before the component is added during package create"` - Before []string `json:"before,omitempty" jsonschema:"description=Scripts to run before the component is deployed"` - After []string `json:"after,omitempty" jsonschema:"description=Scripts to run after the component successfully deploys"` -} - -// ZarfComponentActions are ActionSets that map to different zarf package operations -type ZarfComponentActions struct { - OnCreate ZarfComponentActionSet `json:"onCreate,omitempty" jsonschema:"description=Actions to run during package creation"` - OnDeploy ZarfComponentActionSet `json:"onDeploy,omitempty" jsonschema:"description=Actions to run during package deployment"` - OnRemove ZarfComponentActionSet `json:"onRemove,omitempty" jsonschema:"description=Actions to run during package removal"` -} - -// ZarfComponentActionSet is a set of actions to run during a zarf package operation -type ZarfComponentActionSet struct { - Defaults ZarfComponentActionDefaults `json:"defaults,omitempty" jsonschema:"description=Default configuration for all actions in this set"` - Before []ZarfComponentAction `json:"before,omitempty" jsonschema:"description=Actions to run at the start of an operation"` - After []ZarfComponentAction `json:"after,omitempty" jsonschema:"description=Actions to run at the end of an operation"` - OnSuccess []ZarfComponentAction `json:"onSuccess,omitempty" jsonschema:"description=Actions to run if all operations succeed"` - OnFailure []ZarfComponentAction `json:"onFailure,omitempty" jsonschema:"description=Actions to run if all operations fail"` -} - -// ZarfComponentActionDefaults sets the default configs for child actions -type ZarfComponentActionDefaults struct { - Mute bool `json:"mute,omitempty" jsonschema:"description=Hide the output of commands during execution (default false)"` - MaxTotalSeconds int `json:"maxTotalSeconds,omitempty" jsonschema:"description=Default timeout in seconds for commands (default to 0, no timeout)"` - MaxRetries int `json:"maxRetries,omitempty" jsonschema:"description=Retry commands given number of times if they fail (default 0)"` - Dir string `json:"dir,omitempty" jsonschema:"description=Working directory for commands (default CWD)"` - Env []string `json:"env,omitempty" jsonschema:"description=Additional environment variables for commands"` - Shell exec.Shell `json:"shell,omitempty" jsonschema:"description=(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems"` -} - -// ZarfComponentAction represents a single action to run during a zarf package operation -type ZarfComponentAction struct { - Mute *bool `json:"mute,omitempty" jsonschema:"description=Hide the output of the command during package deployment (default false)"` - MaxTotalSeconds *int `json:"maxTotalSeconds,omitempty" jsonschema:"description=Timeout in seconds for the command (default to 0, no timeout for cmd actions and 300, 5 minutes for wait actions)"` - MaxRetries *int `json:"maxRetries,omitempty" jsonschema:"description=Retry the command if it fails up to given number of times (default 0)"` - Dir *string `json:"dir,omitempty" jsonschema:"description=The working directory to run the command in (default is CWD)"` - Env []string `json:"env,omitempty" jsonschema:"description=Additional environment variables to set for the command"` - Cmd string `json:"cmd,omitempty" jsonschema:"description=The command to run. Must specify either cmd or wait for the action to do anything."` - Shell *exec.Shell `json:"shell,omitempty" jsonschema:"description=(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems"` - DeprecatedSetVariable string `json:"setVariable,omitempty" jsonschema:"description=[Deprecated] (replaced by setVariables) (onDeploy/cmd only) The name of a variable to update with the output of the command. This variable will be available to all remaining actions and components in the package. This will be removed in Zarf v1.0.0,pattern=^[A-Z0-9_]+$"` - SetVariables []variables.Variable `json:"setVariables,omitempty" jsonschema:"description=(onDeploy/cmd only) An array of variables to update with the output of the command. These variables will be available to all remaining actions and components in the package."` - Description string `json:"description,omitempty" jsonschema:"description=Description of the action to be displayed during package execution instead of the command"` - Wait *ZarfComponentActionWait `json:"wait,omitempty" jsonschema:"description=Wait for a condition to be met before continuing. Must specify either cmd or wait for the action. See the 'zarf tools wait-for' command for more info."` -} - -// ZarfComponentActionWait specifies a condition to wait for before continuing -type ZarfComponentActionWait struct { - Cluster *ZarfComponentActionWaitCluster `json:"cluster,omitempty" jsonschema:"description=Wait for a condition to be met in the cluster before continuing. Only one of cluster or network can be specified."` - Network *ZarfComponentActionWaitNetwork `json:"network,omitempty" jsonschema:"description=Wait for a condition to be met on the network before continuing. Only one of cluster or network can be specified."` -} - -// ZarfComponentActionWaitCluster specifies a condition to wait for before continuing -type ZarfComponentActionWaitCluster struct { - Kind string `json:"kind" jsonschema:"description=The kind of resource to wait for,example=Pod,example=Deployment)"` - Identifier string `json:"name" jsonschema:"description=The name of the resource or selector to wait for,example=podinfo,example=app=podinfo"` - Namespace string `json:"namespace,omitempty" jsonschema:"description=The namespace of the resource to wait for"` - Condition string `json:"condition,omitempty" jsonschema:"description=The condition or jsonpath state to wait for; defaults to exist, a special condition that will wait for the resource to exist,example=Ready,example=Available,'{.status.availableReplicas}'=23"` -} - -// ZarfComponentActionWaitNetwork specifies a condition to wait for before continuing -type ZarfComponentActionWaitNetwork struct { - Protocol string `json:"protocol" jsonschema:"description=The protocol to wait for,enum=tcp,enum=http,enum=https"` - Address string `json:"address" jsonschema:"description=The address to wait for,example=localhost:8080,example=1.1.1.1"` - Code int `json:"code,omitempty" jsonschema:"description=The HTTP status code to wait for if using http or https,example=200,example=404"` -} - -// ZarfContainerTarget defines the destination info for a ZarfData target -type ZarfContainerTarget struct { - Namespace string `json:"namespace" jsonschema:"description=The namespace to target for data injection"` - Selector string `json:"selector" jsonschema:"description=The K8s selector to target for data injection,example=app=data-injection"` - Container string `json:"container" jsonschema:"description=The container name to target for data injection"` - Path string `json:"path" jsonschema:"description=The path within the container to copy the data into"` -} - -// ZarfDataInjection is a data-injection definition. -type ZarfDataInjection struct { - Source string `json:"source" jsonschema:"description=Either a path to a local folder/file or a remote URL of a file to inject into the given target pod + container"` - Target ZarfContainerTarget `json:"target" jsonschema:"description=The target pod + container to inject the data into"` - Compress bool `json:"compress,omitempty" jsonschema:"description=Compress the data before transmitting using gzip. Note: this requires support for tar/gzip locally and in the target image."` -} - -// ZarfComponentImport structure for including imported Zarf components. -type ZarfComponentImport struct { - ComponentName string `json:"name,omitempty" jsonschema:"description=The name of the component to import from the referenced zarf.yaml"` - // For further explanation see https://regex101.com/r/nxX8vx/1 - Path string `json:"path,omitempty" jsonschema:"description=The relative path to a directory containing a zarf.yaml to import from"` - // For further explanation see https://regex101.com/r/nxX8vx/1 - URL string `json:"url,omitempty" jsonschema:"description=[beta] The URL to a Zarf package to import via OCI,pattern=^oci://.*$"` -} - -// JSONSchemaExtend extends the generated json schema during `zarf internal gen-config-schema` -func (ZarfComponentImport) JSONSchemaExtend(schema *jsonschema.Schema) { - path, _ := schema.Properties.Get("path") - url, _ := schema.Properties.Get("url") - - notSchema := &jsonschema.Schema{ - Pattern: ZarfPackageTemplatePrefix, - } - - path.Not = notSchema - url.Not = notSchema -} diff --git a/src/types/extensions/bigbang.go b/src/types/extensions/bigbang.go deleted file mode 100644 index 8078e0be04..0000000000 --- a/src/types/extensions/bigbang.go +++ /dev/null @@ -1,14 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package extensions contains the types for all official extensions. -package extensions - -// BigBang defines a file to deploy. -type BigBang struct { - Version string `json:"version" jsonschema:"description=The version of Big Bang to use"` - Repo string `json:"repo,omitempty" jsonschema:"description=Override repo to pull Big Bang from instead of Repo One"` - ValuesFiles []string `json:"valuesFiles,omitempty" jsonschema:"description=The list of values files to pass to Big Bang; these will be merged together"` - SkipFlux bool `json:"skipFlux,omitempty" jsonschema:"description=Whether to skip deploying flux; Defaults to false"` - FluxPatchFiles []string `json:"fluxPatchFiles,omitempty" jsonschema:"description=Optional paths to Flux kustomize strategic merge patch files"` -} diff --git a/src/types/k8s.go b/src/types/k8s.go index a8f61856ce..84ad8d7994 100644 --- a/src/types/k8s.go +++ b/src/types/k8s.go @@ -9,6 +9,7 @@ import ( "time" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config/lang" ) @@ -58,22 +59,30 @@ type GeneratedPKI struct { // ZarfState is maintained as a secret in the Zarf namespace to track Zarf init data. type ZarfState struct { - ZarfAppliance bool `json:"zarfAppliance" jsonschema:"description=Indicates if Zarf was initialized while deploying its own k8s cluster"` - Distro string `json:"distro" jsonschema:"description=K8s distribution of the cluster Zarf was deployed to"` - Architecture string `json:"architecture" jsonschema:"description=Machine architecture of the k8s node(s)"` - StorageClass string `json:"storageClass" jsonschema:"Default StorageClass value Zarf uses for variable templating"` - AgentTLS GeneratedPKI `json:"agentTLS" jsonschema:"PKI certificate information for the agent pods Zarf manages"` - - GitServer GitServerInfo `json:"gitServer" jsonschema:"description=Information about the repository Zarf is configured to use"` - RegistryInfo RegistryInfo `json:"registryInfo" jsonschema:"description=Information about the container registry Zarf is configured to use"` - ArtifactServer ArtifactServerInfo `json:"artifactServer" jsonschema:"description=Information about the artifact registry Zarf is configured to use"` + // Indicates if Zarf was initialized while deploying its own k8s cluster + ZarfAppliance bool `json:"zarfAppliance"` + // K8s distribution of the cluster Zarf was deployed to + Distro string `json:"distro"` + // Machine architecture of the k8s node(s) + Architecture string `json:"architecture"` + // Default StorageClass value Zarf uses for variable templating + StorageClass string `json:"storageClass"` + // PKI certificate information for the agent pods Zarf manages + AgentTLS GeneratedPKI `json:"agentTLS"` + + // Information about the repository Zarf is configured to use + GitServer GitServerInfo `json:"gitServer"` + // Information about the container registry Zarf is configured to use + RegistryInfo RegistryInfo `json:"registryInfo"` + // Information about the artifact registry Zarf is configured to use + ArtifactServer ArtifactServerInfo `json:"artifactServer"` } // DeployedPackage contains information about a Zarf Package that has been deployed to a cluster // This object is saved as the data of a k8s secret within the 'Zarf' namespace (not as part of the ZarfState secret). type DeployedPackage struct { Name string `json:"name"` - Data ZarfPackage `json:"data"` + Data v1alpha1.ZarfPackage `json:"data"` CLIVersion string `json:"cliVersion"` Generation int `json:"generation"` DeployedComponents []DeployedComponent `json:"deployedComponents"` @@ -81,6 +90,17 @@ type DeployedPackage struct { ConnectStrings ConnectStrings `json:"connectStrings,omitempty"` } +// ConnectString contains information about a connection made with Zarf connect. +type ConnectString struct { + // Descriptive text that explains what the resource you would be connecting to is used for + Description string `json:"description"` + // URL path that gets appended to the k8s port-forward result + URL string `json:"url"` +} + +// ConnectStrings is a map of connect names to connection information. +type ConnectStrings map[string]ConnectString + // DeployedComponent contains information about a Zarf Package Component that has been deployed to a cluster. type DeployedComponent struct { Name string `json:"name"` @@ -105,13 +125,21 @@ type InstalledChart struct { // GitServerInfo contains information Zarf uses to communicate with a git repository to push/pull repositories to. type GitServerInfo struct { - PushUsername string `json:"pushUsername" jsonschema:"description=Username of a user with push access to the git repository"` - PushPassword string `json:"pushPassword" jsonschema:"description=Password of a user with push access to the git repository"` - PullUsername string `json:"pullUsername" jsonschema:"description=Username of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used"` - PullPassword string `json:"pullPassword" jsonschema:"description=Password of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used"` + // Username of a user with push access to the git repository + PushUsername string `json:"pushUsername"` + // Password of a user with push access to the git repository + PushPassword string `json:"pushPassword"` + // Username of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used + PullUsername string `json:"pullUsername"` + // Password of a user with pull-only access to the git repository. If not provided for an external repository then the push-user is used + PullPassword string `json:"pullPassword"` + // URL address of the git server + Address string `json:"address"` +} - Address string `json:"address" jsonschema:"description=URL address of the git server"` - InternalServer bool `json:"internalServer" jsonschema:"description=Indicates if we are using a git server that Zarf is directly managing"` +// IsInternal returns true if the git server URL is equivalent to a git server deployed through the default init package +func (gs GitServerInfo) IsInternal() bool { + return gs.Address == ZarfInClusterGitServiceURL } // FillInEmptyValues sets every necessary value that's currently empty to a reasonable default @@ -120,7 +148,6 @@ func (gs *GitServerInfo) FillInEmptyValues() error { // Set default svc url if an external repository was not provided if gs.Address == "" { gs.Address = ZarfInClusterGitServiceURL - gs.InternalServer = true } // Generate a push-user password if not provided by init flag @@ -132,14 +159,14 @@ func (gs *GitServerInfo) FillInEmptyValues() error { // Set read-user information if using an internal repository, otherwise copy from the push-user if gs.PullUsername == "" { - if gs.InternalServer { + if gs.IsInternal() { gs.PullUsername = ZarfGitReadUser } else { gs.PullUsername = gs.PushUsername } } if gs.PullPassword == "" { - if gs.InternalServer { + if gs.IsInternal() { if gs.PullPassword, err = helpers.RandomString(ZarfGeneratedPasswordLen); err != nil { return fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } @@ -153,11 +180,17 @@ func (gs *GitServerInfo) FillInEmptyValues() error { // ArtifactServerInfo contains information Zarf uses to communicate with a artifact registry to push/pull repositories to. type ArtifactServerInfo struct { - PushUsername string `json:"pushUsername" jsonschema:"description=Username of a user with push access to the artifact registry"` - PushToken string `json:"pushPassword" jsonschema:"description=Password of a user with push access to the artifact registry"` + // Username of a user with push access to the artifact registry + PushUsername string `json:"pushUsername"` + // Password of a user with push access to the artifact registry + PushToken string `json:"pushPassword"` + // URL address of the artifact registry + Address string `json:"address"` +} - Address string `json:"address" jsonschema:"description=URL address of the artifact registry"` - InternalServer bool `json:"internalServer" jsonschema:"description=Indicates if we are using a artifact registry that Zarf is directly managing"` +// IsInternal returns true if the artifact server URL is equivalent to the artifact server deployed through the default init package +func (as ArtifactServerInfo) IsInternal() bool { + return as.Address == ZarfInClusterArtifactServiceURL } // FillInEmptyValues sets every necessary value that's currently empty to a reasonable default @@ -165,7 +198,6 @@ func (as *ArtifactServerInfo) FillInEmptyValues() { // Set default svc url if an external registry was not provided if as.Address == "" { as.Address = ZarfInClusterArtifactServiceURL - as.InternalServer = true } // Set the push username to the git push user if not specified @@ -176,29 +208,37 @@ func (as *ArtifactServerInfo) FillInEmptyValues() { // RegistryInfo contains information Zarf uses to communicate with a container registry to push/pull images. type RegistryInfo struct { - PushUsername string `json:"pushUsername" jsonschema:"description=Username of a user with push access to the registry"` - PushPassword string `json:"pushPassword" jsonschema:"description=Password of a user with push access to the registry"` - PullUsername string `json:"pullUsername" jsonschema:"description=Username of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used"` - PullPassword string `json:"pullPassword" jsonschema:"description=Password of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used"` - - Address string `json:"address" jsonschema:"description=URL address of the registry"` - NodePort int `json:"nodePort" jsonschema:"description=Nodeport of the registry. Only needed if the registry is running inside the kubernetes cluster"` - InternalRegistry bool `json:"internalRegistry" jsonschema:"description=Indicates if we are using a registry that Zarf is directly managing"` + // Username of a user with push access to the registry + PushUsername string `json:"pushUsername"` + // Password of a user with push access to the registry + PushPassword string `json:"pushPassword"` + // Username of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used + PullUsername string `json:"pullUsername"` + // Password of a user with pull-only access to the registry. If not provided for an external registry than the push-user is used + PullPassword string `json:"pullPassword"` + // URL address of the registry + Address string `json:"address"` + // Nodeport of the registry. Only needed if the registry is running inside the kubernetes cluster + NodePort int `json:"nodePort"` + // Secret value that the registry was seeded with + Secret string `json:"secret"` +} - Secret string `json:"secret" jsonschema:"description=Secret value that the registry was seeded with"` +// IsInternal returns true if the registry URL is equivalent to the registry deployed through the default init package +func (ri RegistryInfo) IsInternal() bool { + return ri.Address == fmt.Sprintf("%s:%d", helpers.IPV4Localhost, ri.NodePort) } // FillInEmptyValues sets every necessary value not already set to a reasonable default func (ri *RegistryInfo) FillInEmptyValues() error { var err error - // Set default NodePort if none was provided - if ri.NodePort == 0 { + // Set default NodePort if none was provided and the registry is internal + if ri.NodePort == 0 && ri.Address == "" { ri.NodePort = ZarfInClusterContainerRegistryNodePort } // Set default url if an external registry was not provided if ri.Address == "" { - ri.InternalRegistry = true ri.Address = fmt.Sprintf("%s:%d", helpers.IPV4Localhost, ri.NodePort) } @@ -211,7 +251,7 @@ func (ri *RegistryInfo) FillInEmptyValues() error { // Set pull-username if not provided by init flag if ri.PullUsername == "" { - if ri.InternalRegistry { + if ri.IsInternal() { ri.PullUsername = ZarfRegistryPullUser } else { // If this is an external registry and a pull-user wasn't provided, use the same credentials as the push user @@ -219,7 +259,7 @@ func (ri *RegistryInfo) FillInEmptyValues() error { } } if ri.PullPassword == "" { - if ri.InternalRegistry { + if ri.IsInternal() { if ri.PullPassword, err = helpers.RandomString(ZarfGeneratedPasswordLen); err != nil { return fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } diff --git a/src/types/package.go b/src/types/package.go deleted file mode 100644 index 17419dd6e3..0000000000 --- a/src/types/package.go +++ /dev/null @@ -1,75 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// SPDX-FileCopyrightText: 2021-Present The Zarf Authors - -// Package types contains all the types used by Zarf. -package types - -import "github.com/zarf-dev/zarf/src/pkg/variables" - -// ZarfPackageKind is an enum of the different kinds of Zarf packages. -type ZarfPackageKind string - -const ( - // ZarfInitConfig is the kind of Zarf package used during `zarf init`. - ZarfInitConfig ZarfPackageKind = "ZarfInitConfig" - // ZarfPackageConfig is the default kind of Zarf package, primarily used during `zarf package`. - ZarfPackageConfig ZarfPackageKind = "ZarfPackageConfig" -) - -// ZarfPackage the top-level structure of a Zarf config file. -type ZarfPackage struct { - Kind ZarfPackageKind `json:"kind" jsonschema:"description=The kind of Zarf package,enum=ZarfInitConfig,enum=ZarfPackageConfig,default=ZarfPackageConfig"` - Metadata ZarfMetadata `json:"metadata,omitempty" jsonschema:"description=Package metadata"` - Build ZarfBuildData `json:"build,omitempty" jsonschema:"description=Zarf-generated package build data"` - Components []ZarfComponent `json:"components" jsonschema:"description=List of components to deploy in this package,minItems=1"` - Constants []variables.Constant `json:"constants,omitempty" jsonschema:"description=Constant template values applied on deploy for K8s resources"` - Variables []variables.InteractiveVariable `json:"variables,omitempty" jsonschema:"description=Variable template values applied on deploy for K8s resources"` -} - -// IsInitConfig returns whether a Zarf package is an init config. -func (pkg ZarfPackage) IsInitConfig() bool { - return pkg.Kind == ZarfInitConfig -} - -// IsSBOMAble checks if a package has contents that an SBOM can be created on (i.e. images, files, or data injections). -func (pkg ZarfPackage) IsSBOMAble() bool { - for _, c := range pkg.Components { - if len(c.Images) > 0 || len(c.Files) > 0 || len(c.DataInjections) > 0 { - return true - } - } - return false -} - -// ZarfMetadata lists information about the current ZarfPackage. -type ZarfMetadata struct { - Name string `json:"name" jsonschema:"description=Name to identify this Zarf package,pattern=^[a-z0-9][a-z0-9\\-]*$"` - Description string `json:"description,omitempty" jsonschema:"description=Additional information about this package"` - Version string `json:"version,omitempty" jsonschema:"description=Generic string set by a package author to track the package version (Note: ZarfInitConfigs will always be versioned to the CLIVersion they were created with)"` - URL string `json:"url,omitempty" jsonschema:"description=Link to package information when online"` - Image string `json:"image,omitempty" jsonschema:"description=An image URL to embed in this package (Reserved for future use in Zarf UI)"` - Uncompressed bool `json:"uncompressed,omitempty" jsonschema:"description=Disable compression of this package"` - Architecture string `json:"architecture,omitempty" jsonschema:"description=The target cluster architecture for this package,example=arm64,example=amd64"` - YOLO bool `json:"yolo,omitempty" jsonschema:"description=Yaml OnLy Online (YOLO): True enables deploying a Zarf package without first running zarf init against the cluster. This is ideal for connected environments where you want to use existing VCS and container registries."` - Authors string `json:"authors,omitempty" jsonschema:"description=Comma-separated list of package authors (including contact info),example=Doug <hello@defenseunicorns.com>, Pepr <hello@defenseunicorns.com>"` - Documentation string `json:"documentation,omitempty" jsonschema:"description=Link to package documentation when online"` - Source string `json:"source,omitempty" jsonschema:"description=Link to package source code when online"` - Vendor string `json:"vendor,omitempty" jsonschema_description:"Name of the distributing entity, organization or individual."` - AggregateChecksum string `json:"aggregateChecksum,omitempty" jsonschema:"description=Checksum of a checksums.txt file that contains checksums all the layers within the package."` -} - -// ZarfBuildData is written during the packager.Create() operation to track details of the created package. -type ZarfBuildData struct { - Terminal string `json:"terminal" jsonschema:"description=The machine name that created this package"` - User string `json:"user" jsonschema:"description=The username who created this package"` - Architecture string `json:"architecture" jsonschema:"description=The architecture this package was created on"` - Timestamp string `json:"timestamp" jsonschema:"description=The timestamp when this package was created"` - Version string `json:"version" jsonschema:"description=The version of Zarf used to build this package"` - Migrations []string `json:"migrations,omitempty" jsonschema:"description=Any migrations that have been run on this package"` - RegistryOverrides map[string]string `json:"registryOverrides,omitempty" jsonschema:"description=Any registry domains that were overridden on package create when pulling images"` - Differential bool `json:"differential,omitempty" jsonschema:"description=Whether this package was created with differential components"` - DifferentialPackageVersion string `json:"differentialPackageVersion,omitempty" jsonschema:"description=Version of a previously built package used as the basis for creating this differential package"` - DifferentialMissing []string `json:"differentialMissing,omitempty" jsonschema:"description=List of components that were not included in this package due to differential packaging"` - LastNonBreakingVersion string `json:"lastNonBreakingVersion,omitempty" jsonschema:"description=The minimum version of Zarf that does not have breaking package structure changes"` - Flavor string `json:"flavor,omitempty" jsonschema:"description=The flavor of Zarf used to build this package"` -} diff --git a/src/types/packager.go b/src/types/packager.go index 0089b2ae07..fb3f68bfd5 100644 --- a/src/types/packager.go +++ b/src/types/packager.go @@ -4,6 +4,8 @@ // Package types contains all the types used by Zarf. package types +import "github.com/zarf-dev/zarf/src/api/v1alpha1" + // PackagerConfig is the main struct that the packager uses to hold high-level options. type PackagerConfig struct { // CreateOpts tracks the user-defined options used to create the package @@ -37,5 +39,5 @@ type PackagerConfig struct { GenerateOpts ZarfGenerateOptions // The package data - Pkg ZarfPackage + Pkg v1alpha1.ZarfPackage } diff --git a/src/types/runtime.go b/src/types/runtime.go index b4a7d44ad2..0faed8c9e6 100644 --- a/src/types/runtime.go +++ b/src/types/runtime.go @@ -8,32 +8,36 @@ import ( "time" ) -// Zarf looks for these strings in zarf.yaml to make dynamic changes -const ( - ZarfPackageTemplatePrefix = "###ZARF_PKG_TMPL_" - ZarfPackageVariablePrefix = "###ZARF_PKG_VAR_" - ZarfPackageArch = "###ZARF_PKG_ARCH###" - ZarfComponentName = "###ZARF_COMPONENT_NAME###" -) - // ZarfCommonOptions tracks the user-defined preferences used across commands. type ZarfCommonOptions struct { - Confirm bool `json:"confirm" jsonschema:"description=Verify that Zarf should perform an action"` - Insecure bool `json:"insecure" jsonschema:"description=Allow insecure connections for remote packages"` - CachePath string `json:"cachePath" jsonschema:"description=Path to use to cache images and git repos on package create"` - TempDirectory string `json:"tempDirectory" jsonschema:"description=Location Zarf should use as a staging ground when managing files and images for package creation and deployment"` - OCIConcurrency int `jsonschema:"description=Number of concurrent layer operations to perform when interacting with a remote package"` + // Verify that Zarf should perform an action + Confirm bool + // Allow insecure connections for remote packages + Insecure bool + // Path to use to cache images and git repos on package create + CachePath string + // Location Zarf should use as a staging ground when managing files and images for package creation and deployment + TempDirectory string + // Number of concurrent layer operations to perform when interacting with a remote package + OCIConcurrency int } // ZarfPackageOptions tracks the user-defined preferences during common package operations. type ZarfPackageOptions struct { - Shasum string `json:"shasum" jsonschema:"description=The SHA256 checksum of the package"` - PackageSource string `json:"packageSource" jsonschema:"description=Location where a Zarf package can be found"` - OptionalComponents string `json:"optionalComponents" jsonschema:"description=Comma separated list of optional components"` - SGetKeyPath string `json:"sGetKeyPath" jsonschema:"description=Location where the public key component of a cosign key-pair can be found"` - SetVariables map[string]string `json:"setVariables" jsonschema:"description=Key-Value map of variable names and their corresponding values that will be used to template manifests and files in the Zarf package"` - PublicKeyPath string `json:"publicKeyPath" jsonschema:"description=Location where the public key component of a cosign key-pair can be found"` - Retries int `json:"retries" jsonschema:"description=The number of retries to perform for Zarf deploy operations like image pushes or Helm installs"` + // The SHA256 checksum of the package + Shasum string + // Location where a Zarf package can be found + PackageSource string + // Comma separated list of optional components + OptionalComponents string + // Location where the public key component of a cosign key-pair can be found + SGetKeyPath string + // Key-Value map of variable names and their corresponding values that will be used to template manifests and files in the Zarf package + SetVariables map[string]string + // Location where the public key component of a cosign key-pair can be found + PublicKeyPath string + // The number of retries to perform for Zarf deploy operations like image pushes or Helm installs + Retries int } // ZarfInspectOptions tracks the user-defined preferences during a package inspection. @@ -48,125 +52,125 @@ type ZarfInspectOptions struct { // ZarfFindImagesOptions tracks the user-defined preferences during a prepare find-images search. type ZarfFindImagesOptions struct { - RepoHelmChartPath string `json:"repoHelmChartPath" jsonschema:"description=Path to the helm chart directory"` - KubeVersionOverride string `json:"kubeVersionOverride" jsonschema:"description=Kubernetes version to use for the helm chart"` - RegistryURL string `json:"registryURL" jsonschema:"description=Manual override for ###ZARF_REGISTRY###"` - Why string `json:"why" jsonschema:"description=Find the location of the image given as an argument and print it to the console"` - SkipCosign bool `json:"skip-cosign" jsonschema:"description=Optionally skip lookup of cosign artifacts when finding images"` + // Path to the helm chart directory + RepoHelmChartPath string + // Kubernetes version to use for the helm chart + KubeVersionOverride string + // Manual override for ###ZARF_REGISTRY### + RegistryURL string + // Find the location of the image given as an argument and print it to the console + Why string + // Optionally skip lookup of cosign artifacts when finding images + SkipCosign bool } // ZarfDeployOptions tracks the user-defined preferences during a package deploy. type ZarfDeployOptions struct { - AdoptExistingResources bool `json:"adoptExistingResources" jsonschema:"description=Whether to adopt any pre-existing K8s resources into the Helm charts managed by Zarf"` - SkipWebhooks bool `json:"componentWebhooks" jsonschema:"description=Skip waiting for external webhooks to execute as each package component is deployed"` - Timeout time.Duration `json:"timeout" jsonschema:"description=Timeout for performing Helm operations"` - - // TODO (@WSTARR): This is a library only addition to Zarf and should be refactored in the future (potentially to utilize component composability). As is it should NOT be exposed directly on the CLI - ValuesOverridesMap map[string]map[string]map[string]interface{} `json:"valuesOverridesMap" jsonschema:"description=[Library Only] A map of component names to chart names containing Helm Chart values to override values on deploy"` + // Whether to adopt any pre-existing K8s resources into the Helm charts managed by Zarf + AdoptExistingResources bool + // Skip waiting for external webhooks to execute as each package component is deployed + SkipWebhooks bool + // Timeout for performing Helm operations + Timeout time.Duration + // [Library Only] A map of component names to chart names containing Helm Chart values to override values on deploy + ValuesOverridesMap map[string]map[string]map[string]interface{} } // ZarfMirrorOptions tracks the user-defined preferences during a package mirror. type ZarfMirrorOptions struct { - NoImgChecksum bool `json:"noImgChecksum" jsonschema:"description=Whether to skip adding a Zarf checksum to image references."` + // Whether to skip adding a Zarf checksum to image references + NoImgChecksum bool } // ZarfPublishOptions tracks the user-defined preferences during a package publish. type ZarfPublishOptions struct { - PackageDestination string `json:"packageDestination" jsonschema:"description=Location where the Zarf package will be published to"` - SigningKeyPassword string `json:"signingKeyPassword" jsonschema:"description=Password to the private key signature file that will be used to sign the published package"` - SigningKeyPath string `json:"signingKeyPath" jsonschema:"description=Location where the private key component of a cosign key-pair can be found"` + // Location where the Zarf package will be published to + PackageDestination string + // Password to the private key signature file that will be used to sign the published package + SigningKeyPassword string + // Location where the private key component of a cosign key-pair can be found + SigningKeyPath string } // ZarfPullOptions tracks the user-defined preferences during a package pull. type ZarfPullOptions struct { - OutputDirectory string `json:"outputDirectory" jsonschema:"description=Location where the pulled Zarf package will be placed"` + // Location where the pulled Zarf package will be placed + OutputDirectory string } // ZarfGenerateOptions tracks the user-defined options during package generation. type ZarfGenerateOptions struct { - Name string `json:"name" jsonschema:"description=Name of the package being generated"` - URL string `json:"url" jsonschema:"description=URL to the source git repository"` - Version string `json:"version" jsonschema:"description=Version of the chart to use"` - GitPath string `json:"gitPath" jsonschema:"description=Relative path to the chart in the git repository"` - Output string `json:"output" jsonschema:"description=Location where the finalized zarf.yaml will be placed"` + // Name of the package being generated + Name string + // URL to the source git repository + URL string + // Version of the chart to use + Version string + // Relative path to the chart in the git repository + GitPath string + // Location where the finalized zarf.yaml will be placed + Output string } // ZarfInitOptions tracks the user-defined options during cluster initialization. type ZarfInitOptions struct { - // Zarf init is installing the k3s component - ApplianceMode bool `json:"applianceMode" jsonschema:"description=Indicates if Zarf was initialized while deploying its own k8s cluster"` - - // Using alternative services - GitServer GitServerInfo `json:"gitServer" jsonschema:"description=Information about the repository Zarf is going to be using"` - RegistryInfo RegistryInfo `json:"registryInfo" jsonschema:"description=Information about the container registry Zarf is going to be using"` - ArtifactServer ArtifactServerInfo `json:"artifactServer" jsonschema:"description=Information about the artifact registry Zarf is going to be using"` - - StorageClass string `json:"storageClass" jsonschema:"description=StorageClass of the k8s cluster Zarf is initializing"` + // Indicates if Zarf was initialized while deploying its own k8s cluster + ApplianceMode bool + // Information about the repository Zarf is going to be using + GitServer GitServerInfo + // Information about the container registry Zarf is going to be using + RegistryInfo RegistryInfo + // Information about the artifact registry Zarf is going to be using + ArtifactServer ArtifactServerInfo + // StorageClass of the k8s cluster Zarf is initializing + StorageClass string } // ZarfCreateOptions tracks the user-defined options used to create the package. type ZarfCreateOptions struct { - SkipSBOM bool `json:"skipSBOM" jsonschema:"description=Disable the generation of SBOM materials during package creation"` - BaseDir string `json:"baseDir" jsonschema:"description=Location where the Zarf package will be created from"` - Output string `json:"output" jsonschema:"description=Location where the finalized Zarf package will be placed"` - ViewSBOM bool `json:"sbom" jsonschema:"description=Whether to pause to allow for viewing the SBOM post-creation"` - SBOMOutputDir string `json:"sbomOutput" jsonschema:"description=Location to output an SBOM into after package creation"` - SetVariables map[string]string `json:"setVariables" jsonschema:"description=Key-Value map of variable names and their corresponding values that will be used to template against the Zarf package being used"` - MaxPackageSizeMB int `json:"maxPackageSizeMB" jsonschema:"description=Size of chunks to use when splitting a zarf package into multiple files in megabytes"` - SigningKeyPath string `json:"signingKeyPath" jsonschema:"description=Location where the private key component of a cosign key-pair can be found"` - SigningKeyPassword string `json:"signingKeyPassword" jsonschema:"description=Password to the private key signature file that will be used to sigh the created package"` - DifferentialPackagePath string `json:"differentialPackagePath" jsonschema:"description=Path to a previously built package used as the basis for creating a differential package"` - RegistryOverrides map[string]string `json:"registryOverrides" jsonschema:"description=A map of domains to override on package create when pulling images"` - Flavor string `json:"flavor" jsonschema:"description=An optional variant that controls which components will be included in a package"` - IsSkeleton bool `json:"isSkeleton" jsonschema:"description=Whether to create a skeleton package"` - NoYOLO bool `json:"noYOLO" jsonschema:"description=Whether to create a YOLO package"` + // Disable the generation of SBOM materials during package creation + SkipSBOM bool + // Location where the Zarf package will be created from + BaseDir string + // Location where the finalized Zarf package will be placed + Output string + // Whether to pause to allow for viewing the SBOM post-creation + ViewSBOM bool + // Location to output an SBOM into after package creation + SBOMOutputDir string + // Key-Value map of variable names and their corresponding values that will be used to template against the Zarf package being used + SetVariables map[string]string + // Size of chunks to use when splitting a zarf package into multiple files in megabytes + MaxPackageSizeMB int + // Location where the private key component of a cosign key-pair can be found + SigningKeyPath string + // Password to the private key signature file that will be used to sigh the created package + SigningKeyPassword string + // Path to a previously built package used as the basis for creating a differential package + DifferentialPackagePath string + // A map of domains to override on package create when pulling images + RegistryOverrides map[string]string + // An optional variant that controls which components will be included in a package + Flavor string + // Whether to create a skeleton package + IsSkeleton bool + // Whether to create a YOLO package + NoYOLO bool } // ZarfSplitPackageData contains info about a split package. type ZarfSplitPackageData struct { - Sha256Sum string `json:"sha256Sum" jsonschema:"description=The sha256sum of the package"` - Bytes int64 `json:"bytes" jsonschema:"description=The size of the package in bytes"` - Count int `json:"count" jsonschema:"description=The number of parts the package is split into"` + // The sha256sum of the package + Sha256Sum string + // The size of the package in bytes + Bytes int64 + // The number of parts the package is split into + Count int } -// ConnectString contains information about a connection made with Zarf connect. -type ConnectString struct { - Description string `json:"description" jsonschema:"description=Descriptive text that explains what the resource you would be connecting to is used for"` - URL string `json:"url" jsonschema:"description=URL path that gets appended to the k8s port-forward result"` -} - -// ConnectStrings is a map of connect names to connection information. -type ConnectStrings map[string]ConnectString - // DifferentialData contains image and repository information about the package a Differential Package is Based on. type DifferentialData struct { DifferentialImages map[string]bool DifferentialRepos map[string]bool DifferentialPackageVersion string } - -// PackageFinding is a struct that contains a finding about something wrong with a package -type PackageFinding struct { - // YqPath is the path to the key where the error originated from, this is sometimes empty in the case of a general error - YqPath string - Description string - // Item is the value of a key that is causing an error, for example a bad image name - Item string - // PackageNameOverride shows the name of the package that the error originated from - // If it is not set the base package will be used when displaying the error - PackageNameOverride string - // PackagePathOverride shows the path to the package that the error originated from - // If it is not set the base package will be used when displaying the error - PackagePathOverride string - Severity Severity -} - -// Severity is the type of package error -// Either Err or Warning -type Severity int - -// different severities of package errors -const ( - SevErr Severity = iota + 1 - SevWarn -) diff --git a/zarf.schema.json b/zarf.schema.json index b5c7a971d4..6249898643 100644 --- a/zarf.schema.json +++ b/zarf.schema.json @@ -1,34 +1,34 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://github.com/zarf-dev/zarf/src/types/zarf-package", + "$id": "https://github.com/zarf-dev/zarf/src/api/v1alpha1/zarf-package", "$defs": { "BigBang": { "properties": { "version": { "type": "string", - "description": "The version of Big Bang to use" + "description": "The version of Big Bang to use." }, "repo": { "type": "string", - "description": "Override repo to pull Big Bang from instead of Repo One" + "description": "Override repo to pull Big Bang from instead of Repo One." }, "valuesFiles": { "items": { "type": "string" }, "type": "array", - "description": "The list of values files to pass to Big Bang; these will be merged together" + "description": "The list of values files to pass to Big Bang; these will be merged together." }, "skipFlux": { "type": "boolean", - "description": "Whether to skip deploying flux; Defaults to false" + "description": "Whether to skip deploying flux; Defaults to false." }, "fluxPatchFiles": { "items": { "type": "string" }, "type": "array", - "description": "Optional paths to Flux kustomize strategic merge patch files" + "description": "Optional paths to Flux kustomize strategic merge patch files." } }, "additionalProperties": false, @@ -36,6 +36,7 @@ "required": [ "version" ], + "description": "BigBang holds the configuration for the Big Bang extension.", "patternProperties": { "^x-": {} } @@ -70,6 +71,7 @@ "name", "value" ], + "description": "Constant are constants that can be used to dynamically template K8s resources or run in actions.", "patternProperties": { "^x-": {} } @@ -78,40 +80,41 @@ "properties": { "showOutput": { "type": "boolean", - "description": "Show the output of the script during package deployment" + "description": "Show the output of the script during package deployment." }, "timeoutSeconds": { "type": "integer", - "description": "Timeout in seconds for the script" + "description": "Timeout in seconds for the script." }, "retry": { "type": "boolean", - "description": "Retry the script if it fails" + "description": "Retry the script if it fails." }, "prepare": { "items": { "type": "string" }, "type": "array", - "description": "Scripts to run before the component is added during package create" + "description": "Scripts to run before the component is added during package create." }, "before": { "items": { "type": "string" }, "type": "array", - "description": "Scripts to run before the component is deployed" + "description": "Scripts to run before the component is deployed." }, "after": { "items": { "type": "string" }, "type": "array", - "description": "Scripts to run after the component successfully deploys" + "description": "Scripts to run after the component successfully deploys." } }, "additionalProperties": false, "type": "object", + "description": "DeprecatedZarfComponentScripts are scripts that run before or after a component is deployed.", "patternProperties": { "^x-": {} } @@ -161,6 +164,7 @@ "required": [ "name" ], + "description": "InteractiveVariable is a variable that can be used to prompt a user for more information", "patternProperties": { "^x-": {} } @@ -241,6 +245,7 @@ "required": [ "name" ], + "description": "Variable represents a variable that has a value set programmatically", "patternProperties": { "^x-": {} } @@ -249,60 +254,60 @@ "properties": { "terminal": { "type": "string", - "description": "The machine name that created this package" + "description": "The machine name that created this package." }, "user": { "type": "string", - "description": "The username who created this package" + "description": "The username who created this package." }, "architecture": { "type": "string", - "description": "The architecture this package was created on" + "description": "The architecture this package was created on." }, "timestamp": { "type": "string", - "description": "The timestamp when this package was created" + "description": "The timestamp when this package was created." }, "version": { "type": "string", - "description": "The version of Zarf used to build this package" + "description": "The version of Zarf used to build this package." }, "migrations": { "items": { "type": "string" }, "type": "array", - "description": "Any migrations that have been run on this package" + "description": "Any migrations that have been run on this package." }, "registryOverrides": { "additionalProperties": { "type": "string" }, "type": "object", - "description": "Any registry domains that were overridden on package create when pulling images" + "description": "Any registry domains that were overridden on package create when pulling images." }, "differential": { "type": "boolean", - "description": "Whether this package was created with differential components" + "description": "Whether this package was created with differential components." }, "differentialPackageVersion": { "type": "string", - "description": "Version of a previously built package used as the basis for creating this differential package" + "description": "Version of a previously built package used as the basis for creating this differential package." }, "differentialMissing": { "items": { "type": "string" }, "type": "array", - "description": "List of components that were not included in this package due to differential packaging" + "description": "List of components that were not included in this package due to differential packaging." }, "lastNonBreakingVersion": { "type": "string", - "description": "The minimum version of Zarf that does not have breaking package structure changes" + "description": "The minimum version of Zarf that does not have breaking package structure changes." }, "flavor": { "type": "string", - "description": "The flavor of Zarf used to build this package" + "description": "The flavor of Zarf used to build this package." } }, "additionalProperties": false, @@ -314,6 +319,7 @@ "timestamp", "version" ], + "description": "ZarfBuildData is written during the packager.Create() operation to track details of the created package.", "patternProperties": { "^x-": {} } @@ -322,15 +328,15 @@ "properties": { "name": { "type": "string", - "description": "The name of the chart within Zarf; note that this must be unique and does not need to be the same as the name in the chart repo" + "description": "The name of the chart within Zarf; note that this must be unique and does not need to be the same as the name in the chart repo." }, "version": { "type": "string", - "description": "The version of the chart to deploy; for git-based charts this is also the tag of the git repo by default (when not using the '@' syntax for 'repos')" + "description": "The version of the chart to deploy; for git-based charts this is also the tag of the git repo by default (when not using the '@' syntax for 'repos')." }, "url": { "type": "string", - "description": "The URL of the OCI registry, chart repository, or git repo where the helm chart is stored", + "description": "The URL of the OCI registry, chart repository, or git repo where the helm chart is stored.", "examples": [ "OCI registry: oci://ghcr.io/stefanprodan/charts/podinfo", "helm chart repo: https://stefanprodan.github.io/podinfo", @@ -339,44 +345,44 @@ }, "repoName": { "type": "string", - "description": "The name of a chart within a Helm repository (defaults to the Zarf name of the chart)" + "description": "The name of a chart within a Helm repository (defaults to the Zarf name of the chart)." }, "gitPath": { "type": "string", - "description": "(git repo only) The sub directory to the chart within a git repo", + "description": "(git repo only) The sub directory to the chart within a git repo.", "examples": [ "charts/your-chart" ] }, "localPath": { "type": "string", - "description": "The path to a local chart's folder or .tgz archive" + "description": "The path to a local chart's folder or .tgz archive." }, "namespace": { "type": "string", - "description": "The namespace to deploy the chart to" + "description": "The namespace to deploy the chart to." }, "releaseName": { "type": "string", - "description": "The name of the Helm release to create (defaults to the Zarf name of the chart)" + "description": "The name of the Helm release to create (defaults to the Zarf name of the chart)." }, "noWait": { "type": "boolean", - "description": "Whether to not wait for chart resources to be ready before continuing" + "description": "Whether to not wait for chart resources to be ready before continuing." }, "valuesFiles": { "items": { "type": "string" }, "type": "array", - "description": "List of local values file paths or remote URLs to include in the package; these will be merged together when deployed" + "description": "List of local values file paths or remote URLs to include in the package; these will be merged together when deployed." }, "variables": { "items": { "$ref": "#/$defs/ZarfChartVariable" }, "type": "array", - "description": "[alpha] List of variables to set in the Helm chart" + "description": "[alpha] List of variables to set in the Helm chart." } }, "additionalProperties": false, @@ -384,6 +390,7 @@ "required": [ "name" ], + "description": "ZarfChart defines a helm chart to be deployed.", "patternProperties": { "^x-": {} } @@ -393,15 +400,15 @@ "name": { "type": "string", "pattern": "^[A-Z0-9_]+$", - "description": "The name of the variable" + "description": "The name of the variable." }, "description": { "type": "string", - "description": "A brief description of what the variable controls" + "description": "A brief description of what the variable controls." }, "path": { "type": "string", - "description": "The path within the Helm chart values where this variable applies" + "description": "The path within the Helm chart values where this variable applies." } }, "additionalProperties": false, @@ -411,6 +418,7 @@ "description", "path" ], + "description": "ZarfChartVariable represents a variable that can be set for a Helm chart overrides.", "patternProperties": { "^x-": {} } @@ -420,23 +428,23 @@ "name": { "type": "string", "pattern": "^[a-z0-9][a-z0-9\\-]*$", - "description": "The name of the component" + "description": "The name of the component." }, "description": { "type": "string", - "description": "Message to include during package deploy describing the purpose of this component" + "description": "Message to include during package deploy describing the purpose of this component." }, "default": { "type": "boolean", - "description": "Determines the default Y/N state for installing this component on package deploy" + "description": "Determines the default Y/N state for installing this component on package deploy." }, "required": { "type": "boolean", - "description": "Do not prompt user to install this component" + "description": "Do not prompt user to install this component." }, "only": { "$ref": "#/$defs/ZarfComponentOnlyTarget", - "description": "Filter when this component is included in package creation or deployment" + "description": "Filter when this component is included in package creation or deployment." }, "group": { "type": "string", @@ -448,61 +456,61 @@ }, "import": { "$ref": "#/$defs/ZarfComponentImport", - "description": "Import a component from another Zarf package" + "description": "Import a component from another Zarf package." }, "manifests": { "items": { "$ref": "#/$defs/ZarfManifest" }, "type": "array", - "description": "Kubernetes manifests to be included in a generated Helm chart on package deploy" + "description": "Kubernetes manifests to be included in a generated Helm chart on package deploy." }, "charts": { "items": { "$ref": "#/$defs/ZarfChart" }, "type": "array", - "description": "Helm charts to install during package deploy" + "description": "Helm charts to install during package deploy." }, "dataInjections": { "items": { "$ref": "#/$defs/ZarfDataInjection" }, "type": "array", - "description": "Datasets to inject into a container in the target cluster" + "description": "Datasets to inject into a container in the target cluster." }, "files": { "items": { "$ref": "#/$defs/ZarfFile" }, "type": "array", - "description": "Files or folders to place on disk during package deployment" + "description": "Files or folders to place on disk during package deployment." }, "images": { "items": { "type": "string" }, "type": "array", - "description": "List of OCI images to include in the package" + "description": "List of OCI images to include in the package." }, "repos": { "items": { "type": "string" }, "type": "array", - "description": "List of git repos to include in the package" + "description": "List of git repos to include in the package." }, "extensions": { "$ref": "#/$defs/ZarfComponentExtensions", - "description": "Extend component functionality with additional features" + "description": "Extend component functionality with additional features." }, "scripts": { "$ref": "#/$defs/DeprecatedZarfComponentScripts", - "description": "[Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0." + "description": "[Deprecated] (replaced by actions) Custom commands to run before or after package deployment. This will be removed in Zarf v1.0.0." }, "actions": { "$ref": "#/$defs/ZarfComponentActions", - "description": "Custom commands to run at various stages of a package lifecycle" + "description": "Custom commands to run at various stages of a package lifecycle." } }, "additionalProperties": false, @@ -510,6 +518,7 @@ "required": [ "name" ], + "description": "ZarfComponent is the primary functional grouping of assets to deploy by Zarf.", "patternProperties": { "^x-": {} } @@ -518,26 +527,26 @@ "properties": { "mute": { "type": "boolean", - "description": "Hide the output of the command during package deployment (default false)" + "description": "Hide the output of the command during package deployment (default false)." }, "maxTotalSeconds": { "type": "integer", - "description": "Timeout in seconds for the command (default to 0" + "description": "Timeout in seconds for the command (default to 0, no timeout for cmd actions and 300, 5 minutes for wait actions)." }, "maxRetries": { "type": "integer", - "description": "Retry the command if it fails up to given number of times (default 0)" + "description": "Retry the command if it fails up to given number of times (default 0)." }, "dir": { "type": "string", - "description": "The working directory to run the command in (default is CWD)" + "description": "The working directory to run the command in (default is CWD)." }, "env": { "items": { "type": "string" }, "type": "array", - "description": "Additional environment variables to set for the command" + "description": "Additional environment variables to set for the command." }, "cmd": { "type": "string", @@ -545,12 +554,12 @@ }, "shell": { "$ref": "#/$defs/Shell", - "description": "(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems" + "description": "(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems." }, "setVariable": { "type": "string", "pattern": "^[A-Z0-9_]+$", - "description": "[Deprecated] (replaced by setVariables) (onDeploy/cmd only) The name of a variable to update with the output of the command. This variable will be available to all remaining actions and components in the package. This will be removed in Zarf v1.0.0" + "description": "[Deprecated] (replaced by setVariables) (onDeploy/cmd only) The name of a variable to update with the output of the command. This variable will be available to all remaining actions and components in the package. This will be removed in Zarf v1.0.0." }, "setVariables": { "items": { @@ -561,7 +570,7 @@ }, "description": { "type": "string", - "description": "Description of the action to be displayed during package execution instead of the command" + "description": "Description of the action to be displayed during package execution instead of the command." }, "wait": { "$ref": "#/$defs/ZarfComponentActionWait", @@ -570,6 +579,7 @@ }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentAction represents a single action to run during a zarf package operation.", "patternProperties": { "^x-": {} } @@ -578,34 +588,35 @@ "properties": { "mute": { "type": "boolean", - "description": "Hide the output of commands during execution (default false)" + "description": "Hide the output of commands during execution (default false)." }, "maxTotalSeconds": { "type": "integer", - "description": "Default timeout in seconds for commands (default to 0" + "description": "Default timeout in seconds for commands (default to 0, no timeout)." }, "maxRetries": { "type": "integer", - "description": "Retry commands given number of times if they fail (default 0)" + "description": "Retry commands given number of times if they fail (default 0)." }, "dir": { "type": "string", - "description": "Working directory for commands (default CWD)" + "description": "Working directory for commands (default CWD)." }, "env": { "items": { "type": "string" }, "type": "array", - "description": "Additional environment variables for commands" + "description": "Additional environment variables for commands." }, "shell": { "$ref": "#/$defs/Shell", - "description": "(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems" + "description": "(cmd only) Indicates a preference for a shell for the provided cmd to be executed in on supported operating systems." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentActionDefaults sets the default configs for child actions.", "patternProperties": { "^x-": {} } @@ -614,39 +625,40 @@ "properties": { "defaults": { "$ref": "#/$defs/ZarfComponentActionDefaults", - "description": "Default configuration for all actions in this set" + "description": "Default configuration for all actions in this set." }, "before": { "items": { "$ref": "#/$defs/ZarfComponentAction" }, "type": "array", - "description": "Actions to run at the start of an operation" + "description": "Actions to run at the start of an operation." }, "after": { "items": { "$ref": "#/$defs/ZarfComponentAction" }, "type": "array", - "description": "Actions to run at the end of an operation" + "description": "Actions to run at the end of an operation." }, "onSuccess": { "items": { "$ref": "#/$defs/ZarfComponentAction" }, "type": "array", - "description": "Actions to run if all operations succeed" + "description": "Actions to run if all operations succeed." }, "onFailure": { "items": { "$ref": "#/$defs/ZarfComponentAction" }, "type": "array", - "description": "Actions to run if all operations fail" + "description": "Actions to run if all operations fail." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentActionSet is a set of actions to run during a zarf package operation.", "patternProperties": { "^x-": {} } @@ -664,6 +676,7 @@ }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentActionWait specifies a condition to wait for before continuing", "patternProperties": { "^x-": {} } @@ -672,27 +685,27 @@ "properties": { "kind": { "type": "string", - "description": "The kind of resource to wait for", + "description": "The kind of resource to wait for.", "examples": [ "Pod", - "Deployment)" + "Deployment" ] }, "name": { "type": "string", - "description": "The name of the resource or selector to wait for", + "description": "The name of the resource or selector to wait for.", "examples": [ "podinfo", - "app=podinfo" + "app=podinfo" ] }, "namespace": { "type": "string", - "description": "The namespace of the resource to wait for" + "description": "The namespace of the resource to wait for." }, "condition": { "type": "string", - "description": "The condition or jsonpath state to wait for; defaults to exist", + "description": "The condition or jsonpath state to wait for; defaults to exist, a special condition that will wait for the resource to exist.", "examples": [ "Ready", "Available" @@ -705,6 +718,7 @@ "kind", "name" ], + "description": "ZarfComponentActionWaitCluster specifies a condition to wait for before continuing", "patternProperties": { "^x-": {} } @@ -718,11 +732,11 @@ "http", "https" ], - "description": "The protocol to wait for" + "description": "The protocol to wait for." }, "address": { "type": "string", - "description": "The address to wait for", + "description": "The address to wait for.", "examples": [ "localhost:8080", "1.1.1.1" @@ -730,7 +744,7 @@ }, "code": { "type": "integer", - "description": "The HTTP status code to wait for if using http or https", + "description": "The HTTP status code to wait for if using http or https.", "examples": [ 200, 404 @@ -743,6 +757,7 @@ "protocol", "address" ], + "description": "ZarfComponentActionWaitNetwork specifies a condition to wait for before continuing", "patternProperties": { "^x-": {} } @@ -751,19 +766,20 @@ "properties": { "onCreate": { "$ref": "#/$defs/ZarfComponentActionSet", - "description": "Actions to run during package creation" + "description": "Actions to run during package creation." }, "onDeploy": { "$ref": "#/$defs/ZarfComponentActionSet", - "description": "Actions to run during package deployment" + "description": "Actions to run during package deployment." }, "onRemove": { "$ref": "#/$defs/ZarfComponentActionSet", - "description": "Actions to run during package removal" + "description": "Actions to run during package removal." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentActions are ActionSets that map to different zarf package operations.", "patternProperties": { "^x-": {} } @@ -772,11 +788,12 @@ "properties": { "bigbang": { "$ref": "#/$defs/BigBang", - "description": "Configurations for installing Big Bang and Flux in the cluster" + "description": "Configurations for installing Big Bang and Flux in the cluster." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentExtensions is a struct that contains all the official extensions.", "patternProperties": { "^x-": {} } @@ -785,14 +802,14 @@ "properties": { "name": { "type": "string", - "description": "The name of the component to import from the referenced zarf.yaml" + "description": "The name of the component to import from the referenced zarf.yaml." }, "path": { "not": { "pattern": "###ZARF_PKG_TMPL_" }, "type": "string", - "description": "The relative path to a directory containing a zarf.yaml to import from" + "description": "The path to the directory containing the zarf.yaml to import." }, "url": { "not": { @@ -800,11 +817,12 @@ }, "type": "string", "pattern": "^oci://.*$", - "description": "[beta] The URL to a Zarf package to import via OCI" + "description": "[beta] The URL to a Zarf package to import via OCI." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentImport structure for including imported Zarf components.", "patternProperties": { "^x-": {} } @@ -817,7 +835,7 @@ "amd64", "arm64" ], - "description": "Only create and deploy to clusters of the given architecture" + "description": "Only create and deploy to clusters of the given architecture." }, "distros": { "items": { @@ -828,11 +846,12 @@ ] }, "type": "array", - "description": "A list of kubernetes distros this package works with (Reserved for future use)" + "description": "A list of kubernetes distros this package works with (Reserved for future use)." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentOnlyCluster represents the architecture and K8s cluster distribution to filter on.", "patternProperties": { "^x-": {} } @@ -846,19 +865,20 @@ "darwin", "windows" ], - "description": "Only deploy component to specified OS" + "description": "Only deploy component to specified OS." }, "cluster": { "$ref": "#/$defs/ZarfComponentOnlyCluster", - "description": "Only deploy component to specified clusters" + "description": "Only deploy component to specified clusters." }, "flavor": { "type": "string", - "description": "Only include this component when a matching '--flavor' is specified on 'zarf package create'" + "description": "Only include this component when a matching '--flavor' is specified on 'zarf package create'." } }, "additionalProperties": false, "type": "object", + "description": "ZarfComponentOnlyTarget filters a component to only show it for a given local OS and cluster.", "patternProperties": { "^x-": {} } @@ -867,22 +887,22 @@ "properties": { "namespace": { "type": "string", - "description": "The namespace to target for data injection" + "description": "The namespace to target for data injection." }, "selector": { "type": "string", - "description": "The K8s selector to target for data injection", + "description": "The K8s selector to target for data injection.", "examples": [ - "app=data-injection" + "app=data-injection" ] }, "container": { "type": "string", - "description": "The container name to target for data injection" + "description": "The container name to target for data injection." }, "path": { "type": "string", - "description": "The path within the container to copy the data into" + "description": "The path within the container to copy the data into." } }, "additionalProperties": false, @@ -893,6 +913,7 @@ "container", "path" ], + "description": "ZarfContainerTarget defines the destination info for a ZarfData target", "patternProperties": { "^x-": {} } @@ -901,15 +922,15 @@ "properties": { "source": { "type": "string", - "description": "Either a path to a local folder/file or a remote URL of a file to inject into the given target pod + container" + "description": "Either a path to a local folder/file or a remote URL of a file to inject into the given target pod + container." }, "target": { "$ref": "#/$defs/ZarfContainerTarget", - "description": "The target pod + container to inject the data into" + "description": "The target pod + container to inject the data into." }, "compress": { "type": "boolean", - "description": "Compress the data before transmitting using gzip. Note: this requires support for tar/gzip locally and in the target image." + "description": "Compress the data before transmitting using gzip. Note: this requires support for tar/gzip locally and in the target image." } }, "additionalProperties": false, @@ -918,6 +939,7 @@ "source", "target" ], + "description": "ZarfDataInjection is a data-injection definition.", "patternProperties": { "^x-": {} } @@ -926,30 +948,30 @@ "properties": { "source": { "type": "string", - "description": "Local folder or file path or remote URL to pull into the package" + "description": "Local folder or file path or remote URL to pull into the package." }, "shasum": { "type": "string", - "description": "(files only) Optional SHA256 checksum of the file" + "description": "(files only) Optional SHA256 checksum of the file." }, "target": { "type": "string", - "description": "The absolute or relative path where the file or folder should be copied to during package deploy" + "description": "The absolute or relative path where the file or folder should be copied to during package deploy." }, "executable": { "type": "boolean", - "description": "(files only) Determines if the file should be made executable during package deploy" + "description": "(files only) Determines if the file should be made executable during package deploy." }, "symlinks": { "items": { "type": "string" }, "type": "array", - "description": "List of symlinks to create during package deploy" + "description": "List of symlinks to create during package deploy." }, "extractPath": { "type": "string", - "description": "Local folder or file to be extracted from a 'source' archive" + "description": "Local folder or file to be extracted from a 'source' archive." } }, "additionalProperties": false, @@ -958,6 +980,7 @@ "source", "target" ], + "description": "ZarfFile defines a file to deploy.", "patternProperties": { "^x-": {} } @@ -966,33 +989,33 @@ "properties": { "name": { "type": "string", - "description": "A name to give this collection of manifests; this will become the name of the dynamically-created helm chart" + "description": "A name to give this collection of manifests; this will become the name of the dynamically-created helm chart." }, "namespace": { "type": "string", - "description": "The namespace to deploy the manifests to" + "description": "The namespace to deploy the manifests to." }, "files": { "items": { "type": "string" }, "type": "array", - "description": "List of local K8s YAML files or remote URLs to deploy (in order)" + "description": "List of local K8s YAML files or remote URLs to deploy (in order)." }, "kustomizeAllowAnyDirectory": { "type": "boolean", - "description": "Allow traversing directory above the current directory if needed for kustomization" + "description": "Allow traversing directory above the current directory if needed for kustomization." }, "kustomizations": { "items": { "type": "string" }, "type": "array", - "description": "List of local kustomization paths or remote URLs to include in the package" + "description": "List of local kustomization paths or remote URLs to include in the package." }, "noWait": { "type": "boolean", - "description": "Whether to not wait for manifest resources to be ready before continuing" + "description": "Whether to not wait for manifest resources to be ready before continuing." } }, "additionalProperties": false, @@ -1000,6 +1023,7 @@ "required": [ "name" ], + "description": "ZarfManifest defines raw manifests Zarf will deploy as a helm chart.", "patternProperties": { "^x-": {} } @@ -1009,31 +1033,31 @@ "name": { "type": "string", "pattern": "^[a-z0-9][a-z0-9\\-]*$", - "description": "Name to identify this Zarf package" + "description": "Name to identify this Zarf package." }, "description": { "type": "string", - "description": "Additional information about this package" + "description": "Additional information about this package." }, "version": { "type": "string", - "description": "Generic string set by a package author to track the package version (Note: ZarfInitConfigs will always be versioned to the CLIVersion they were created with)" + "description": "Generic string set by a package author to track the package version (Note: ZarfInitConfigs will always be versioned to the CLIVersion they were created with)." }, "url": { "type": "string", - "description": "Link to package information when online" + "description": "Link to package information when online." }, "image": { "type": "string", - "description": "An image URL to embed in this package (Reserved for future use in Zarf UI)" + "description": "An image URL to embed in this package (Reserved for future use in Zarf UI)." }, "uncompressed": { "type": "boolean", - "description": "Disable compression of this package" + "description": "Disable compression of this package." }, "architecture": { "type": "string", - "description": "The target cluster architecture for this package", + "description": "The target cluster architecture for this package.", "examples": [ "arm64", "amd64" @@ -1045,18 +1069,18 @@ }, "authors": { "type": "string", - "description": "Comma-separated list of package authors (including contact info)", + "description": "Comma-separated list of package authors (including contact info).", "examples": [ "Doug <hello@defenseunicorns.com>, Pepr <hello@defenseunicorns.com>" ] }, "documentation": { "type": "string", - "description": "Link to package documentation when online" + "description": "Link to package documentation when online." }, "source": { "type": "string", - "description": "Link to package source code when online" + "description": "Link to package source code when online." }, "vendor": { "type": "string", @@ -1072,28 +1096,36 @@ "required": [ "name" ], + "description": "ZarfMetadata lists information about the current ZarfPackage.", "patternProperties": { "^x-": {} } } }, "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "zarf.dev/v1alpha1" + ], + "description": "The API version of the Zarf package." + }, "kind": { "type": "string", "enum": [ "ZarfInitConfig", "ZarfPackageConfig" ], - "description": "The kind of Zarf package", + "description": "The kind of Zarf package.", "default": "ZarfPackageConfig" }, "metadata": { "$ref": "#/$defs/ZarfMetadata", - "description": "Package metadata" + "description": "Package metadata." }, "build": { "$ref": "#/$defs/ZarfBuildData", - "description": "Zarf-generated package build data" + "description": "Zarf-generated package build data." }, "components": { "items": { @@ -1101,21 +1133,21 @@ }, "type": "array", "minItems": 1, - "description": "List of components to deploy in this package" + "description": "List of components to deploy in this package." }, "constants": { "items": { "$ref": "#/$defs/Constant" }, "type": "array", - "description": "Constant template values applied on deploy for K8s resources" + "description": "Constant template values applied on deploy for K8s resources." }, "variables": { "items": { "$ref": "#/$defs/InteractiveVariable" }, "type": "array", - "description": "Variable template values applied on deploy for K8s resources" + "description": "Variable template values applied on deploy for K8s resources." } }, "additionalProperties": false, @@ -1124,6 +1156,7 @@ "kind", "components" ], + "description": "ZarfPackage the top-level structure of a Zarf config file.", "patternProperties": { "^x-": {} }