diff --git a/cmd/flux/create_image_policy.go b/cmd/flux/create_image_policy.go index db287ed2..55da1a5d 100644 --- a/cmd/flux/create_image_policy.go +++ b/cmd/flux/create_image_policy.go @@ -20,6 +20,7 @@ import ( "fmt" "regexp/syntax" "strings" + "time" "unicode" "unicode/utf8" @@ -60,6 +61,8 @@ type imagePolicyFlags struct { numeric string filterRegex string filterExtract string + reflectDigest string + interval time.Duration } var imagePolicyArgs = imagePolicyFlags{} @@ -72,6 +75,8 @@ func init() { flags.StringVar(&imagePolicyArgs.numeric, "select-numeric", "", "use numeric sorting to select image; either \"asc\" meaning select the last, or \"desc\" meaning select the first") flags.StringVar(&imagePolicyArgs.filterRegex, "filter-regex", "", "regular expression pattern used to filter the image tags") flags.StringVar(&imagePolicyArgs.filterExtract, "filter-extract", "", "replacement pattern (using capture groups from --filter-regex) to use for sorting") + flags.StringVar(&imagePolicyArgs.reflectDigest, "reflect-digest", "", "the digest reflection policy to use when observing latest image tags (one of 'Never', 'IfNotPresent', 'Never')") + flags.DurationVar(&imagePolicyArgs.interval, "interval", 0, "the interval at which to check for new image digests when the policy is set to 'Always'") createImageCmd.AddCommand(createImagePolicyCmd) } @@ -153,6 +158,20 @@ func createImagePolicyRun(cmd *cobra.Command, args []string) error { return fmt.Errorf("cannot specify --filter-extract without specifying --filter-regex") } + if p := imagev1.ReflectionPolicy(imagePolicyArgs.reflectDigest); p != "" { + if p != imagev1.ReflectNever && p != imagev1.ReflectIfNotPresent && p != imagev1.ReflectAlways { + return fmt.Errorf("invalid value for --reflect-digest, must be one of 'Never', 'IfNotPresent', 'Always'") + } + policy.Spec.DigestReflectionPolicy = p + } + + if imagePolicyArgs.interval != 0 { + if imagePolicyArgs.reflectDigest != string(imagev1.ReflectAlways) { + return fmt.Errorf("the --interval flag can only be used with the 'Always' digest reflection policy, use --reflect-digest=Always") + } + policy.Spec.Interval = &metav1.Duration{Duration: imagePolicyArgs.interval} + } + if createArgs.export { return printExport(exportImagePolicy(&policy)) } diff --git a/cmd/flux/image_test.go b/cmd/flux/image_test.go index 8fe76a1e..ce13dcb4 100644 --- a/cmd/flux/image_test.go +++ b/cmd/flux/image_test.go @@ -38,7 +38,7 @@ func TestImageScanning(t *testing.T) { "testdata/image/create_image_repository.golden", }, { - "create image policy podinfo-semver --image-ref=podinfo --interval=10m --select-semver=5.0.x", + "create image policy podinfo-semver --image-ref=podinfo --interval=10m --reflect-digest=Always --select-semver=5.0.x", "testdata/image/create_image_policy.golden", }, { @@ -46,7 +46,7 @@ func TestImageScanning(t *testing.T) { "testdata/image/get_image_policy_semver.golden", }, { - `create image policy podinfo-regex --image-ref=podinfo --interval=10m --select-semver=">4.0.0" --filter-regex="5\.0\.0"`, + `create image policy podinfo-regex --image-ref=podinfo --select-semver=">4.0.0" --filter-regex="5\.0\.0"`, "testdata/image/create_image_policy.golden", }, { diff --git a/cmd/flux/testdata/image/get_image_policy_semver.golden b/cmd/flux/testdata/image/get_image_policy_semver.golden index 90ef4092..c55e404a 100644 --- a/cmd/flux/testdata/image/get_image_policy_semver.golden +++ b/cmd/flux/testdata/image/get_image_policy_semver.golden @@ -1,2 +1,2 @@ -NAME LATEST IMAGE READY MESSAGE -podinfo-semver ghcr.io/stefanprodan/podinfo:5.0.3 True Latest image tag for ghcr.io/stefanprodan/podinfo resolved to 5.0.3 +NAME LATEST IMAGE READY MESSAGE +podinfo-semver ghcr.io/stefanprodan/podinfo:5.0.3 True Latest image tag for ghcr.io/stefanprodan/podinfo resolved to 5.0.3 with digest sha256:8704da90172710d422af855049175c1a8295731cbe2ad3b9a1c1074feecf8c10