When a user provided the `--ca-file` flag to the `bootstrap` command,
the given CA file wasn't taken into account for cloning the repository
locally. It was just passed along to the CR that is created so Flux
can make use of it when cloning the repository in-cluster.
However, users may not want to add a custom CA to their local host's
trust chain and may expect the `--ca-file` flag to be respected also
for cloning the repository locally. This is what this commit
accomplishes.
closes#1775
Signed-off-by: Max Jonas Werner <mail@makk.es>
Remove use of the fake client, and replace with a real client connected to the
testEnv.
This required fixes to the yaml files as the testEnv has stricter verifcation
of objects. This also meant it was not possible to test a GitRepository with
a missing artifact since that is not a valid state.
The tests are slower than before, taking around 7-10 seconds each because the
testEnv is setup and destroyed for every test. These will be sped up in a
follow up PR.
Signed-off-by: Allen Porter <allen@thebends.org>
The new flag fetch and display the request ressource and then continue
watching the ressource until timeout or cancellation.
A single ressource/ressource type is supported.
Signed-off-by: Soule BA <soule@weave.works>
Add tests for flux trace command that fake out the kubernetes client,
load objects from a yaml file and create them in the client, and
assert on the output of the trace command to an expected golden file.
This is a follow up from the suggestions in PR https://github.com/fluxcd/flux2/pull/1626 which suggested that additional
testing would be helpful. This test approach is modeled after the helm command tests.
This required some changes to the kubernetes client setup to make it
possible to use a fake. If we agree this pattern makes sense, it can be
applied to other commands.
Signed-off-by: Allen Porter <allen@thebends.org>
The trace command allows Flux users to point the CLI to a Kubernetes object in-cluster and get a detailed report about the GitOps pipeline that manages that particular object.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Based on observations in
https://github.com/fluxcd/flux2/runs/2410633975:
1. Print error correctly by switching from `%w` to `%s`
2. Only print the change messsage if there has not been an error.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Pushing the first branch is sufficient to set a default, and the
`README.md` (and/or LICENSE) can better be pushed later on so commit
author and templates be configured.
This was already done for User in an earlier patch release.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The behavior introduced during the introduction of go-git-providers
was more strict, and has proven pretty quickly to not be useful to
all users. Therefore, the reconciliation behavior for repository
configuration has been put behind an opt-in flag, so that it does
not overwrite people their configs by accident.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This is useful in case the `Kustomization` does not reconcile
successfully because for example the controller(s) are in a crash loop,
which is not visible in the resource itself.
Signed-off-by: Hidde Beydals <hello@hidde.co>
We have observed that the code at times outperforms GitHub mechanics,
resulting in not found errors that are only true for a millisecond.
Retrying those actions once with a 2 second delay should be more
friendly to users.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Using the `--commit-message-appendix` flag a string can be added to the
commit messages made by the bootstrapper process to for example skip CI
actions from executing using e.g. `[skip ci]`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit factors out the bootstrap logic into a new `bootstrap`
package, while also moving to `go-git-providers` to handle things
around Git providers (e.g. repository creation, deploy key
upsertions).
The `GitProviderBootstrapper` is a superset of the
`PlainGitBootstrapper` that besides `Reconciler` also implements the
`RepositoryReconciler`.
The Git actions rely on an interface, making it easier to support
other implementations than `go-git` at a later moment, to for example
support bootstrapping to Git servers that only support the v2 protocol.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- deletes Flux components (deployments and services)
- deletes Flux RBAC (service accounts, cluster roles and cluster role bindings)
- removes the Kubernetes finalizers from Flux custom resources
- deletes Flux custom resource definitions and custom resources
- deletes the namespace where Flux was installed
- preserves the Kubernetes objects and Helm releases that were reconciled on the cluster by Flux
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
So that `<kind>/<name>` flags can be supplied as:
* `secret/foo`
* `Secret/foo`
* `SeCrEt/foo`
But result in: `Secret/foo`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes various bug fixes, especially around the area of missing
names for `<kind>/<name>` formats.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Stefan Prodan
Hidde Beydals
Somtochi Onyekwere
Kazuki Suda
Max Jonas Werner
Allen Porter
Chanwit Kaewkasi
Soule BA
Dmitry Rybin
Sunny
Michael Bridgen
Dylan Arbour
Alexei Ledenev