diff --git a/.github/actions/cleanup-files/action.yaml b/.github/actions/cleanup-files/action.yaml index d490cc086b..d466daf3a8 100644 --- a/.github/actions/cleanup-files/action.yaml +++ b/.github/actions/cleanup-files/action.yaml @@ -7,10 +7,16 @@ runs: - run: | lsblk -f + echo "removing some github actions pre-installed tools to save space" + sudo rm -rf /usr/share/dotnet + sudo rm -rf /opt/ghc + sudo rm -rf /opt/hostedtoolcache/CodeQL + sudo docker system prune --all --force + + echo "removing zarf sboms, packages, cache" sudo rm -rf zarf-sbom /tmp/zarf-* sudo env "PATH=$PATH" CI=true make delete-packages sudo build/zarf tools clear-cache - sudo docker system prune --all --force lsblk -f shell: bash diff --git a/.github/actions/debug-cluster/action.yaml b/.github/actions/debug-cluster/action.yaml new file mode 100644 index 0000000000..e1f457cd92 --- /dev/null +++ b/.github/actions/debug-cluster/action.yaml @@ -0,0 +1,22 @@ +name: debug-cluster +description: "Setup Go binary and caching" + +runs: + using: composite + steps: + - run: | + echo "***** Getting pods *****" + kubectl get pods -A + + echo "***** Getting pods yaml *****" + kubectl get pods -A -o yaml + + echo "***** Describing pods *****" + kubectl describe pods -A + + echo "***** Getting nodes *****" + kubectl get nodes -A + + echo "***** describing nodes *****" + kubectl describe nodes -A + shell: bash diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml index 3ea9aae5a9..35b94721b9 100644 --- a/.github/workflows/nightly-eks.yml +++ b/.github/workflows/nightly-eks.yml @@ -57,21 +57,9 @@ jobs: - name: Run tests run: make test-e2e-with-cluster ARCH=amd64 - - name: get pods + - name: show cluster logs + uses: ./.github/actions/debug-cluster if: always() - run: kubectl get pods -n kiwix -o yaml - - - name: describe pod - if: always() - run: kubectl describe pods -n kiwix - - - name: get nodes - if: always() - run: kubectl get nodes -o yaml - - - name: describe nodes - if: always() - run: kubectl describe nodes - name: Teardown the cluster if: always() diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8da6cbc22b..f7f4b765c8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -72,7 +72,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ @@ -186,7 +186,7 @@ jobs: HOMEBREW_TAP_GITHUB_TOKEN: ${{ steps.brew-tap-token.outputs.token }} - name: Save CVE report - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: cve-report path: build/zarf-known-cves.csv diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 9b1a7e9f3a..e4c9399538 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -36,7 +36,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/test-bigbang.yml b/.github/workflows/test-bigbang.yml index 451a2082a9..48d2f795cf 100644 --- a/.github/workflows/test-bigbang.yml +++ b/.github/workflows/test-bigbang.yml @@ -63,7 +63,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index b3fee07a16..51faff752d 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -47,7 +47,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ @@ -119,6 +119,10 @@ jobs: run: | make test-e2e-with-cluster ARCH=amd64 + - name: get cluster info + uses: ./.github/actions/debug-cluster + if: always() + - name: Save logs if: always() uses: ./.github/actions/save-logs @@ -197,6 +201,10 @@ jobs: run: | make test-e2e-with-cluster ARCH=amd64 + - name: get cluster info + uses: ./.github/actions/debug-cluster + if: always() + - name: Save logs if: always() uses: ./.github/actions/save-logs @@ -235,6 +243,10 @@ jobs: run: | make test-e2e-with-cluster ARCH=amd64 + - name: get cluster info + uses: ./.github/actions/debug-cluster + if: always() + - name: Save logs if: always() uses: ./.github/actions/save-logs diff --git a/.github/workflows/test-external.yml b/.github/workflows/test-external.yml index 2db9dcbcd3..8fcb4c5683 100644 --- a/.github/workflows/test-external.yml +++ b/.github/workflows/test-external.yml @@ -48,9 +48,16 @@ jobs: - name: Setup k3d uses: ./.github/actions/k3d + - name: Cleanup files + uses: ./.github/actions/cleanup-files + - name: Run external service test run: make test-external + - name: get cluster info + uses: ./.github/actions/debug-cluster + if: always() + - name: Save logs if: always() uses: ./.github/actions/save-logs diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml index a86c02e5cc..a3230eb6a7 100644 --- a/.github/workflows/test-upgrade.yml +++ b/.github/workflows/test-upgrade.yml @@ -46,7 +46,7 @@ jobs: # Upload the contents of the build directory for later stages to use - name: Upload build artifacts - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: build-artifacts path: build/ diff --git a/examples/podinfo-flux/git/podinfo-kustomization.yaml b/examples/podinfo-flux/git/podinfo-kustomization.yaml index bc8d5d50ef..aa251f98ce 100644 --- a/examples/podinfo-flux/git/podinfo-kustomization.yaml +++ b/examples/podinfo-flux/git/podinfo-kustomization.yaml @@ -1,5 +1,5 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: podinfo-git diff --git a/examples/podinfo-flux/git/podinfo-source.yaml b/examples/podinfo-flux/git/podinfo-source.yaml index 3b6351955c..937ebb4e5e 100644 --- a/examples/podinfo-flux/git/podinfo-source.yaml +++ b/examples/podinfo-flux/git/podinfo-source.yaml @@ -1,5 +1,5 @@ --- -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: podinfo diff --git a/src/cmd/internal.go b/src/cmd/internal.go index d212445cde..ab14a9d5d6 100644 --- a/src/cmd/internal.go +++ b/src/cmd/internal.go @@ -278,7 +278,7 @@ var createPackageRegistryToken = &cobra.Command{ } // If we are setup to use an internal artifact server, create the artifact registry token - if state.ArtifactServer.InternalServer { + if state.ArtifactServer.IsInternal() { tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) if err != nil { return err diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go index 56198fe8ef..7c6ba91e88 100644 --- a/src/cmd/tools/zarf.go +++ b/src/cmd/tools/zarf.go @@ -148,7 +148,7 @@ var updateCredsCmd = &cobra.Command{ } // Update artifact token (if internal) - if slices.Contains(args, message.ArtifactKey) && newState.ArtifactServer.PushToken == "" && newState.ArtifactServer.InternalServer { + if slices.Contains(args, message.ArtifactKey) && newState.ArtifactServer.PushToken == "" && newState.ArtifactServer.IsInternal() { tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) if err != nil { return err @@ -186,14 +186,14 @@ var updateCredsCmd = &cobra.Command{ // Update Zarf 'init' component Helm releases if present h := helm.NewClusterOnly(&types.PackagerConfig{}, template.GetZarfVariableConfig(), newState, c) - if slices.Contains(args, message.RegistryKey) && newState.RegistryInfo.InternalRegistry { + if slices.Contains(args, message.RegistryKey) && newState.RegistryInfo.IsInternal() { err = h.UpdateZarfRegistryValues(ctx) if err != nil { // Warn if we couldn't actually update the registry (it might not be installed and we should try to continue) message.Warnf(lang.CmdToolsUpdateCredsUnableUpdateRegistry, err.Error()) } } - if slices.Contains(args, message.GitKey) && newState.GitServer.InternalServer { + if slices.Contains(args, message.GitKey) && newState.GitServer.IsInternal() { tunnel, err := c.NewTunnel(cluster.ZarfNamespaceName, cluster.SvcResource, cluster.ZarfGitServerName, "", 0, cluster.ZarfGitServerPort) if err != nil { return err diff --git a/src/internal/agent/hooks/flux-helmrepo.go b/src/internal/agent/hooks/flux-helmrepo.go index 64ad78e40a..a2fca0b9a4 100644 --- a/src/internal/agent/hooks/flux-helmrepo.go +++ b/src/internal/agent/hooks/flux-helmrepo.go @@ -80,7 +80,7 @@ func mutateHelmRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluste message.Debugf("original HelmRepo URL of (%s) got mutated to (%s)", src.Spec.URL, patchedURL) - patches := populateHelmRepoPatchOperations(patchedURL, zarfState.RegistryInfo.InternalRegistry) + patches := populateHelmRepoPatchOperations(patchedURL, zarfState.RegistryInfo.IsInternal()) patches = append(patches, getLabelPatch(src.Labels)) diff --git a/src/internal/agent/hooks/flux-ocirepo.go b/src/internal/agent/hooks/flux-ocirepo.go index e00362c906..e8c3d21a0f 100644 --- a/src/internal/agent/hooks/flux-ocirepo.go +++ b/src/internal/agent/hooks/flux-ocirepo.go @@ -99,7 +99,7 @@ func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster message.Debugf("original OCIRepo URL of (%s) got mutated to (%s)", src.Spec.URL, patchedURL) - patches := populateOCIRepoPatchOperations(patchedURL, zarfState.RegistryInfo.InternalRegistry, patchedRef) + patches := populateOCIRepoPatchOperations(patchedURL, zarfState.RegistryInfo.IsInternal(), patchedRef) patches = append(patches, getLabelPatch(src.Labels)) return &operations.Result{ diff --git a/src/internal/packager/template/template.go b/src/internal/packager/template/template.go index 70f7808cc2..645982865e 100644 --- a/src/internal/packager/template/template.go +++ b/src/internal/packager/template/template.go @@ -107,7 +107,7 @@ func GetZarfTemplates(componentName string, state *types.ZarfState) (templateMap // generateHtpasswd returns an htpasswd string for the current state's RegistryInfo. func generateHtpasswd(regInfo *types.RegistryInfo) (string, error) { // Only calculate this for internal registries to allow longer external passwords - if regInfo.InternalRegistry { + if regInfo.IsInternal() { pushUser, err := utils.GetHtpasswdString(regInfo.PushUsername, regInfo.PushPassword) if err != nil { return "", fmt.Errorf("error generating htpasswd string: %w", err) diff --git a/src/pkg/cluster/secrets.go b/src/pkg/cluster/secrets.go index 3cdeabe826..43c3402b64 100644 --- a/src/pkg/cluster/secrets.go +++ b/src/pkg/cluster/secrets.go @@ -64,7 +64,7 @@ func (c *Cluster) GenerateRegistryPullCreds(ctx context.Context, namespace, name // Convert to JSON dockerConfigData, err := json.Marshal(dockerConfigJSON) if err != nil { - return nil, fmt.Errorf("Unable to marshal the .dockerconfigjson secret data for the image pull secret: %w", err) + return nil, fmt.Errorf("unable to marshal the .dockerconfigjson secret data for the image pull secret: %w", err) } secretDockerConfig := &corev1.Secret{ diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index 82ee49424b..7ce8a3fa6d 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -35,15 +35,16 @@ const ( // InitZarfState initializes the Zarf state with the given temporary directory and init configs. func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitOptions) error { - var distro string - spinner := message.NewProgressSpinner("Gathering cluster state information") defer spinner.Stop() // Attempt to load an existing state prior to init. // NOTE: We are ignoring the error here because we don't really expect a state to exist yet. spinner.Updatef("Checking cluster for existing Zarf deployment") - state, _ := c.LoadZarfState(ctx) + state, err := c.LoadZarfState(ctx) + if err != nil && !kerrors.IsNotFound(err) { + return fmt.Errorf("failed to check for existing state: %w", err) + } // If state is nil, this is a new cluster. if state == nil { @@ -52,7 +53,7 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO if initOptions.ApplianceMode { // If the K3s component is being deployed, skip distro detection. - distro = DistroIsK3s + state.Distro = DistroIsK3s state.ZarfAppliance = true } else { // Otherwise, trying to detect the K8s distro type. @@ -67,16 +68,13 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO if err != nil { return err } - distro = detectDistro(nodeList.Items[0], namespaceList.Items) + state.Distro = detectDistro(nodeList.Items[0], namespaceList.Items) } - if distro != DistroIsUnknown { - spinner.Updatef("Detected K8s distro %s", distro) + if state.Distro != DistroIsUnknown { + spinner.Updatef("Detected K8s distro %s", state.Distro) } - // Defaults - state.Distro = distro - // Setup zarf agent PKI agentTLS, err := pki.GeneratePKI(config.ZarfAgentHost) if err != nil { @@ -100,8 +98,7 @@ func (c *Cluster) InitZarfState(ctx context.Context, initOptions types.ZarfInitO namespaceCopy := namespace _, err := c.Clientset.CoreV1().Namespaces().Update(ctx, &namespaceCopy, metav1.UpdateOptions{}) if err != nil { - // This is not a hard failure, but we should log it. - message.WarnErrf(err, "Unable to mark the namespace %s as ignored by Zarf Agent", namespace.Name) + return fmt.Errorf("unable to mark the namespace %s as ignored by Zarf Agent: %w", namespace.Name, err) } } @@ -306,21 +303,14 @@ func MergeZarfState(oldState *types.ZarfState, initOptions types.ZarfInitOptions if slices.Contains(services, message.RegistryKey) { // TODO: Replace use of reflections with explicit setting newState.RegistryInfo = helpers.MergeNonZero(newState.RegistryInfo, initOptions.RegistryInfo) - // Set the state of the internal registry if it has changed - // TODO: Internal registry should be a function of the address and not a property. - if newState.RegistryInfo.Address == fmt.Sprintf("%s:%d", helpers.IPV4Localhost, newState.RegistryInfo.NodePort) { - newState.RegistryInfo.InternalRegistry = true - } else { - newState.RegistryInfo.InternalRegistry = false - } // Set the new passwords if they should be autogenerated - if newState.RegistryInfo.PushPassword == oldState.RegistryInfo.PushPassword && oldState.RegistryInfo.InternalRegistry { + if newState.RegistryInfo.PushPassword == oldState.RegistryInfo.PushPassword && oldState.RegistryInfo.IsInternal() { if newState.RegistryInfo.PushPassword, err = helpers.RandomString(types.ZarfGeneratedPasswordLen); err != nil { return nil, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } } - if newState.RegistryInfo.PullPassword == oldState.RegistryInfo.PullPassword && oldState.RegistryInfo.InternalRegistry { + if newState.RegistryInfo.PullPassword == oldState.RegistryInfo.PullPassword && oldState.RegistryInfo.IsInternal() { if newState.RegistryInfo.PullPassword, err = helpers.RandomString(types.ZarfGeneratedPasswordLen); err != nil { return nil, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } @@ -330,21 +320,13 @@ func MergeZarfState(oldState *types.ZarfState, initOptions types.ZarfInitOptions // TODO: Replace use of reflections with explicit setting newState.GitServer = helpers.MergeNonZero(newState.GitServer, initOptions.GitServer) - // Set the state of the internal git server if it has changed - // TODO: Internal server should be a function of the address and not a property. - if newState.GitServer.Address == types.ZarfInClusterGitServiceURL { - newState.GitServer.InternalServer = true - } else { - newState.GitServer.InternalServer = false - } - // Set the new passwords if they should be autogenerated - if newState.GitServer.PushPassword == oldState.GitServer.PushPassword && oldState.GitServer.InternalServer { + if newState.GitServer.PushPassword == oldState.GitServer.PushPassword && oldState.GitServer.IsInternal() { if newState.GitServer.PushPassword, err = helpers.RandomString(types.ZarfGeneratedPasswordLen); err != nil { return nil, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } } - if newState.GitServer.PullPassword == oldState.GitServer.PullPassword && oldState.GitServer.InternalServer { + if newState.GitServer.PullPassword == oldState.GitServer.PullPassword && oldState.GitServer.IsInternal() { if newState.GitServer.PullPassword, err = helpers.RandomString(types.ZarfGeneratedPasswordLen); err != nil { return nil, fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } @@ -354,16 +336,8 @@ func MergeZarfState(oldState *types.ZarfState, initOptions types.ZarfInitOptions // TODO: Replace use of reflections with explicit setting newState.ArtifactServer = helpers.MergeNonZero(newState.ArtifactServer, initOptions.ArtifactServer) - // Set the state of the internal artifact server if it has changed - // TODO: Internal server should be a function of the address and not a property. - if newState.ArtifactServer.Address == types.ZarfInClusterArtifactServiceURL { - newState.ArtifactServer.InternalServer = true - } else { - newState.ArtifactServer.InternalServer = false - } - // Set an empty token if it should be autogenerated - if newState.ArtifactServer.PushToken == oldState.ArtifactServer.PushToken && oldState.ArtifactServer.InternalServer { + if newState.ArtifactServer.PushToken == oldState.ArtifactServer.PushToken && oldState.ArtifactServer.IsInternal() { newState.ArtifactServer.PushToken = "" } } diff --git a/src/pkg/cluster/state_test.go b/src/pkg/cluster/state_test.go index cf52d195dc..1575528f4a 100644 --- a/src/pkg/cluster/state_test.go +++ b/src/pkg/cluster/state_test.go @@ -6,6 +6,7 @@ package cluster import ( "context" + "encoding/json" "fmt" "testing" "time" @@ -23,6 +24,24 @@ import ( ) func TestInitZarfState(t *testing.T) { + emptyState := types.ZarfState{} + emptyStateData, err := json.Marshal(emptyState) + require.NoError(t, err) + + existingState := types.ZarfState{ + Distro: DistroIsK3d, + RegistryInfo: types.RegistryInfo{ + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", + NodePort: 1, + Secret: "secret", + }, + } + + existingStateData, err := json.Marshal(existingState) + require.NoError(t, err) + tests := []struct { name string initOpts types.ZarfInitOptions @@ -85,6 +104,34 @@ func TestInitZarfState(t *testing.T) { }, }, }, + { + name: "empty Zarf state exists", + nodes: []corev1.Node{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "node", + }, + }, + }, + namespaces: []corev1.Namespace{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: ZarfNamespaceName, + }, + }, + }, + secrets: []corev1.Secret{ + { + ObjectMeta: metav1.ObjectMeta{ + Namespace: ZarfNamespaceName, + Name: ZarfStateSecretName, + }, + Data: map[string][]byte{ + ZarfStateDataKey: emptyStateData, + }, + }, + }, + }, { name: "Zarf state exists", nodes: []corev1.Node{ @@ -107,6 +154,9 @@ func TestInitZarfState(t *testing.T) { Namespace: ZarfNamespaceName, Name: ZarfStateSecretName, }, + Data: map[string][]byte{ + ZarfStateDataKey: existingStateData, + }, }, }, }, @@ -158,11 +208,15 @@ func TestInitZarfState(t *testing.T) { return } require.NoError(t, err) + state, err := cs.CoreV1().Secrets(ZarfNamespaceName).Get(ctx, ZarfStateSecretName, metav1.GetOptions{}) + require.NoError(t, err) + require.Equal(t, map[string]string{"app.kubernetes.io/managed-by": "zarf"}, state.Labels) + if tt.secrets != nil { + return + } zarfNs, err := cs.CoreV1().Namespaces().Get(ctx, ZarfNamespaceName, metav1.GetOptions{}) require.NoError(t, err) require.Equal(t, map[string]string{"app.kubernetes.io/managed-by": "zarf"}, zarfNs.Labels) - _, err = cs.CoreV1().Secrets(zarfNs.Name).Get(ctx, ZarfStateSecretName, metav1.GetOptions{}) - require.NoError(t, err) for _, ns := range tt.namespaces { if ns.Name == zarfNs.Name { continue @@ -199,59 +253,46 @@ func TestMergeZarfStateRegistry(t *testing.T) { { name: "internal server auto generate", oldRegistry: types.RegistryInfo{ - Address: fmt.Sprintf("%s:%d", helpers.IPV4Localhost, 1), - NodePort: 1, - InternalRegistry: true, + Address: fmt.Sprintf("%s:%d", helpers.IPV4Localhost, 1), + NodePort: 1, }, expectedRegistry: types.RegistryInfo{ - Address: fmt.Sprintf("%s:%d", helpers.IPV4Localhost, 1), - NodePort: 1, - InternalRegistry: true, + Address: fmt.Sprintf("%s:%d", helpers.IPV4Localhost, 1), + NodePort: 1, }, }, { - name: "external server", + name: "init options merged", oldRegistry: types.RegistryInfo{ - Address: "example.com", - InternalRegistry: false, - PushPassword: "push", - PullPassword: "pull", - }, - expectedRegistry: types.RegistryInfo{ - Address: "example.com", - InternalRegistry: false, - PushPassword: "push", - PullPassword: "pull", + PushUsername: "doesn't matter", + PullUsername: "doesn't matter", + Address: "doesn't matter", + NodePort: 0, + Secret: "doesn't matter", }, - }, - { - name: "init options merged", initRegistry: types.RegistryInfo{ - PushUsername: "push-user", - PullUsername: "pull-user", - Address: "address", - NodePort: 1, - InternalRegistry: false, - Secret: "secret", + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", + NodePort: 1, + Secret: "secret", }, expectedRegistry: types.RegistryInfo{ - PushUsername: "push-user", - PullUsername: "pull-user", - Address: "address", - NodePort: 1, - InternalRegistry: false, - Secret: "secret", + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", + NodePort: 1, + Secret: "secret", }, }, { name: "init options not merged", expectedRegistry: types.RegistryInfo{ - PushUsername: "", - PullUsername: "", - Address: "", - NodePort: 0, - InternalRegistry: false, - Secret: "", + PushUsername: "", + PullUsername: "", + Address: "", + NodePort: 0, + Secret: "", }, }, } @@ -269,7 +310,6 @@ func TestMergeZarfStateRegistry(t *testing.T) { require.Equal(t, tt.expectedRegistry.PullUsername, newState.RegistryInfo.PullUsername) require.Equal(t, tt.expectedRegistry.Address, newState.RegistryInfo.Address) require.Equal(t, tt.expectedRegistry.NodePort, newState.RegistryInfo.NodePort) - require.Equal(t, tt.expectedRegistry.InternalRegistry, newState.RegistryInfo.InternalRegistry) require.Equal(t, tt.expectedRegistry.Secret, newState.RegistryInfo.Secret) }) } @@ -286,12 +326,14 @@ func TestMergeZarfStateGit(t *testing.T) { expectedGitServer types.GitServerInfo }{ { - name: "username is unmodified", + name: "address and usernames are unmodified", oldGitServer: types.GitServerInfo{ + Address: "address", PushUsername: "push-user", PullUsername: "pull-user", }, expectedGitServer: types.GitServerInfo{ + Address: "address", PushUsername: "push-user", PullUsername: "pull-user", }, @@ -299,51 +341,36 @@ func TestMergeZarfStateGit(t *testing.T) { { name: "internal server auto generate", oldGitServer: types.GitServerInfo{ - Address: types.ZarfInClusterGitServiceURL, - InternalServer: true, + Address: types.ZarfInClusterGitServiceURL, }, expectedGitServer: types.GitServerInfo{ - Address: types.ZarfInClusterGitServiceURL, - InternalServer: true, + Address: types.ZarfInClusterGitServiceURL, }, }, { - name: "external server", + name: "init options merged", oldGitServer: types.GitServerInfo{ - Address: "example.com", - InternalServer: false, - PushPassword: "push", - PullPassword: "pull", + Address: "doesn't matter", + PushUsername: "doesn't matter", + PullUsername: "doesn't matter", }, - expectedGitServer: types.GitServerInfo{ - Address: "example.com", - InternalServer: false, - PushPassword: "push", - PullPassword: "pull", - }, - }, - { - name: "init options merged", initGitServer: types.GitServerInfo{ - PushUsername: "push-user", - PullUsername: "pull-user", - Address: "address", - InternalServer: false, + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", }, expectedGitServer: types.GitServerInfo{ - PushUsername: "push-user", - PullUsername: "pull-user", - Address: "address", - InternalServer: false, + PushUsername: "push-user", + PullUsername: "pull-user", + Address: "address", }, }, { name: "empty init options not merged", expectedGitServer: types.GitServerInfo{ - PushUsername: "", - PullUsername: "", - Address: "", - InternalServer: false, + PushUsername: "", + PullUsername: "", + Address: "", }, }, } @@ -360,7 +387,6 @@ func TestMergeZarfStateGit(t *testing.T) { require.Equal(t, tt.expectedGitServer.PushUsername, newState.GitServer.PushUsername) require.Equal(t, tt.expectedGitServer.PullUsername, newState.GitServer.PullUsername) require.Equal(t, tt.expectedGitServer.Address, newState.GitServer.Address) - require.Equal(t, tt.expectedGitServer.InternalServer, newState.GitServer.InternalServer) }) } } @@ -386,14 +412,12 @@ func TestMergeZarfStateArtifact(t *testing.T) { { name: "old state is internal server auto generate push token", oldArtifactServer: types.ArtifactServerInfo{ - PushToken: "foobar", - Address: types.ZarfInClusterArtifactServiceURL, - InternalServer: true, + PushToken: "foobar", + Address: types.ZarfInClusterArtifactServiceURL, }, expectedArtifactServer: types.ArtifactServerInfo{ - PushToken: "", - Address: types.ZarfInClusterArtifactServiceURL, - InternalServer: true, + PushToken: "", + Address: types.ZarfInClusterArtifactServiceURL, }, }, { @@ -402,51 +426,38 @@ func TestMergeZarfStateArtifact(t *testing.T) { PushToken: "hello world", }, oldArtifactServer: types.ArtifactServerInfo{ - PushToken: "foobar", - Address: types.ZarfInClusterArtifactServiceURL, - InternalServer: false, + PushToken: "foobar", + Address: types.ZarfInClusterArtifactServiceURL, }, expectedArtifactServer: types.ArtifactServerInfo{ - PushToken: "hello world", - Address: types.ZarfInClusterArtifactServiceURL, - InternalServer: true, + PushToken: "hello world", + Address: types.ZarfInClusterArtifactServiceURL, }, }, { - name: "external server same push token", + name: "init options merged", oldArtifactServer: types.ArtifactServerInfo{ - PushToken: "foobar", - Address: "http://example.com", - InternalServer: false, - }, - expectedArtifactServer: types.ArtifactServerInfo{ - PushToken: "foobar", - Address: "http://example.com", - InternalServer: false, + PushUsername: "doesn't matter", + PushToken: "doesn't matter", + Address: "doesn't matter", }, - }, - { - name: "init options merged", initArtifactServer: types.ArtifactServerInfo{ - PushUsername: "user", - PushToken: "token", - Address: "address", - InternalServer: false, + PushUsername: "user", + PushToken: "token", + Address: "address", }, expectedArtifactServer: types.ArtifactServerInfo{ - PushUsername: "user", - PushToken: "token", - Address: "address", - InternalServer: false, + PushUsername: "user", + PushToken: "token", + Address: "address", }, }, { name: "empty init options not merged", expectedArtifactServer: types.ArtifactServerInfo{ - PushUsername: "", - PushToken: "", - Address: "", - InternalServer: false, + PushUsername: "", + PushToken: "", + Address: "", }, }, } diff --git a/src/pkg/cluster/tunnel.go b/src/pkg/cluster/tunnel.go index 301739f311..61fd090546 100644 --- a/src/pkg/cluster/tunnel.go +++ b/src/pkg/cluster/tunnel.go @@ -146,7 +146,7 @@ func (c *Cluster) ConnectToZarfRegistryEndpoint(ctx context.Context, registryInf var err error var tunnel *Tunnel - if registryInfo.InternalRegistry { + if registryInfo.IsInternal() { // Establish a registry tunnel to send the images to the zarf registry if tunnel, err = c.NewTunnel(ZarfNamespaceName, SvcResource, ZarfRegistryName, "", 0, ZarfRegistryPort); err != nil { return "", tunnel, err diff --git a/src/pkg/message/credentials.go b/src/pkg/message/credentials.go index 34134e6484..a0fc97537c 100644 --- a/src/pkg/message/credentials.go +++ b/src/pkg/message/credentials.go @@ -35,7 +35,7 @@ func PrintCredentialTable(state *types.ZarfState, componentsToDeploy []types.Dep } loginData := [][]string{} - if state.RegistryInfo.InternalRegistry { + if state.RegistryInfo.IsInternal() { loginData = append(loginData, []string{"Registry", state.RegistryInfo.PushUsername, state.RegistryInfo.PushPassword, "zarf connect registry", RegistryKey}, []string{"Registry (read-only)", state.RegistryInfo.PullUsername, state.RegistryInfo.PullPassword, "zarf connect registry", RegistryReadKey}, diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 5f2f2f4ab3..612fa5eb10 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -310,7 +310,7 @@ func (p *Packager) deployComponent(ctx context.Context, component types.ZarfComp } // Disable the registry HPA scale down if we are deploying images and it is not already disabled - if hasImages && !p.hpaModified && p.state.RegistryInfo.InternalRegistry { + if hasImages && !p.hpaModified && p.state.RegistryInfo.IsInternal() { if err := p.cluster.DisableRegHPAScaleDown(ctx); err != nil { message.Debugf("unable to disable the registry HPA scale down: %s", err.Error()) } else { diff --git a/src/test/external/docker-compose.yml b/src/test/external/docker-compose.yml index 401476653b..7e180fdbab 100644 --- a/src/test/external/docker-compose.yml +++ b/src/test/external/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3" - services: server: image: gitea/gitea:1.18.1 diff --git a/src/types/k8s.go b/src/types/k8s.go index 6804de17ee..6277a0f7d7 100644 --- a/src/types/k8s.go +++ b/src/types/k8s.go @@ -134,8 +134,11 @@ type GitServerInfo struct { PullPassword string `json:"pullPassword"` // URL address of the git server Address string `json:"address"` - // Indicates if we are using a git server that Zarf is directly managing - InternalServer bool `json:"internalServer"` +} + +// IsInternal returns true if the git server URL is equivalent to a git server deployed through the default init package +func (gs GitServerInfo) IsInternal() bool { + return gs.Address == ZarfInClusterGitServiceURL } // FillInEmptyValues sets every necessary value that's currently empty to a reasonable default @@ -144,7 +147,6 @@ func (gs *GitServerInfo) FillInEmptyValues() error { // Set default svc url if an external repository was not provided if gs.Address == "" { gs.Address = ZarfInClusterGitServiceURL - gs.InternalServer = true } // Generate a push-user password if not provided by init flag @@ -156,14 +158,14 @@ func (gs *GitServerInfo) FillInEmptyValues() error { // Set read-user information if using an internal repository, otherwise copy from the push-user if gs.PullUsername == "" { - if gs.InternalServer { + if gs.IsInternal() { gs.PullUsername = ZarfGitReadUser } else { gs.PullUsername = gs.PushUsername } } if gs.PullPassword == "" { - if gs.InternalServer { + if gs.IsInternal() { if gs.PullPassword, err = helpers.RandomString(ZarfGeneratedPasswordLen); err != nil { return fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) } @@ -183,8 +185,11 @@ type ArtifactServerInfo struct { PushToken string `json:"pushPassword"` // URL address of the artifact registry Address string `json:"address"` - // Indicates if we are using a artifact registry that Zarf is directly managing - InternalServer bool `json:"internalServer"` +} + +// IsInternal returns true if the artifact server URL is equivalent to the artifact server deployed through the default init package +func (as ArtifactServerInfo) IsInternal() bool { + return as.Address == ZarfInClusterArtifactServiceURL } // FillInEmptyValues sets every necessary value that's currently empty to a reasonable default @@ -192,7 +197,6 @@ func (as *ArtifactServerInfo) FillInEmptyValues() { // Set default svc url if an external registry was not provided if as.Address == "" { as.Address = ZarfInClusterArtifactServiceURL - as.InternalServer = true } // Set the push username to the git push user if not specified @@ -215,23 +219,25 @@ type RegistryInfo struct { Address string `json:"address"` // Nodeport of the registry. Only needed if the registry is running inside the kubernetes cluster NodePort int `json:"nodePort"` - // Indicates if we are using a registry that Zarf is directly managing - InternalRegistry bool `json:"internalRegistry"` // Secret value that the registry was seeded with Secret string `json:"secret"` } +// IsInternal returns true if the registry URL is equivalent to the registry deployed through the default init package +func (ri RegistryInfo) IsInternal() bool { + return ri.Address == fmt.Sprintf("%s:%d", helpers.IPV4Localhost, ri.NodePort) +} + // FillInEmptyValues sets every necessary value not already set to a reasonable default func (ri *RegistryInfo) FillInEmptyValues() error { var err error - // Set default NodePort if none was provided - if ri.NodePort == 0 { + // Set default NodePort if none was provided and the registry is internal + if ri.NodePort == 0 && ri.Address == "" { ri.NodePort = ZarfInClusterContainerRegistryNodePort } // Set default url if an external registry was not provided if ri.Address == "" { - ri.InternalRegistry = true ri.Address = fmt.Sprintf("%s:%d", helpers.IPV4Localhost, ri.NodePort) } @@ -244,7 +250,7 @@ func (ri *RegistryInfo) FillInEmptyValues() error { // Set pull-username if not provided by init flag if ri.PullUsername == "" { - if ri.InternalRegistry { + if ri.IsInternal() { ri.PullUsername = ZarfRegistryPullUser } else { // If this is an external registry and a pull-user wasn't provided, use the same credentials as the push user @@ -252,7 +258,7 @@ func (ri *RegistryInfo) FillInEmptyValues() error { } } if ri.PullPassword == "" { - if ri.InternalRegistry { + if ri.IsInternal() { if ri.PullPassword, err = helpers.RandomString(ZarfGeneratedPasswordLen); err != nil { return fmt.Errorf("%s: %w", lang.ErrUnableToGenerateRandomSecret, err) }