This sets the container to `manager` which is used by all Flux
controllers as the container name.
The other options I thought about were selecting the first, or doing
something with image detection. But both can be sensitive to either
users adding their patch as a first entry, or e.g. mirroring the image
to a different name.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Allow specifying the name of the Kubernetes Secret that contains a key with the kubeconfig file for connecting to a remote cluster.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This change will allow user to bootstrap with http git urls
But user must explicitely set --allow-insecure-http=true
Signed-off-by: Vipul Newaskar <vipulnewaskar7@gmail.com>
A new --ignore-paths flag is added to following commands:
flux create source git --ignore-paths ...
flux create source bucket --ignore-paths ...
A StringSliceVar is used which supports specifying the flag multiple
times to populate a list or either a comma seperated string value
A unit test with a golden file is added to validate the flag
Signed-off-by: Tarun Gupta Akirala <takirala@users.noreply.github.com>
The output of `kubectl version` has changed with newer kubectl version
from
```
{
"serverVersion": ...,
"clientVersion": ...
}
```
to
```
{
"serverVersion": ...,
"clientVersion": ...,
"kustomizeVersion": ...
}
```
So the `kustomizeVersion` field is new which causes the JSON
unmarshaling to fail.
We now just unmarshal it to `map[string]interface{}` and peel the
server git version out of that map manually w/o unmarshalling the JSON
into a custom type.
Signed-off-by: Max Jonas Werner <mail@makk.es>
If implemented this fixes a bug where retrieving the groupVersion.Group
of a kustomization were returning an empty string.
Signed-off-by: Soule BA <soule@weave.works>
This ensures the command will wait for the object to report a Ready
Condition with an ObservedGeneration matching the Generation of the
resource. Ensuring that when a "create" is actually a mutation, it waits
instead of prematurely assuming the Source to be Ready.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The creation of oldConditions, statusableConditions and
reconcilableConditions is an adhoc solution to deal with the upstream
changes on `pkg/apis/meta`, which are yet to be replicated across other
Flux API components.
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
If implemented, there will a common interface to print flux resource.
We are adding new way to print resource information e.g. diff of
objects.
Signed-off-by: Soule BA <soule@weave.works>
Add a template values check in the `assertGoldenTemplateFile()` function
to only update golden files if they aren't templates. A note is printed
when an update to a template golden file is needed and `-update` flag
can't update it.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
Message content could be long compared to other fields. Moving it to
the end helps improve the visibility of the other fields.
Signed-off-by: Sunny <darkowlzz@protonmail.com>
This commit migrate to the last version of pkg/ssa v0.14.1 that contains a fix
for stringData secrets. The test case was changed accordingly to
validate a stringData drift.
A progress-bar flag option has also been added in order to be able to
disable it.
Signed-off-by: Soule BA <soule@weave.works>
The TestTrace/Deployment and TestTrace/HelmRelease test cases fail in
environments where the timezone isn't UTC, because they compare a local time
string to the golden file, which has time in UTC. Here is an example:
```
--- FAIL: TestTrace (0.12s)
--- FAIL: TestTrace/Deployment (0.08s)
main_test.go:337: Mismatch from golden file 'testdata/trace/deployment.golden': Mismatch from expected value (-want +got):
strings.Join({
... // 88 identical bytes
" Flux\n---\nHelmRelease: podinfo\nNamespace: podinfo-8\nRevi",
"sion: 6.0.0\nStatus: Last reconciled at 2021-07-16 ",
- "15:42:20 +0000 UTC",
+ "09:42:20 -0600 MDT",
"\nMessage: Release reconciliation succeeded\n---\nHelmChart:",
" podinfo-podinfo\nNamespace: flux-system-9\nChart: ",
" podinfo\nVersion: 6.0.0\nRevision: 6.0.0\nStatus: ",
" Last reconciled at 2021-07-16 ",
- "15:32:09 +0000 UTC",
+ "09:32:09 -0600 MDT",
"\nMessage: Fetched revision: 6.0.0\n---\nHelmRepository: pod",
"info\nNamespace: flux-system-9\nURL: https://stefa",
"nprodan.github.io/podinfo\nRevision: 8411f23d07d3701f0e96e7",
"d9e503b7936d7e1d56\nStatus: Last reconciled at 2021-07-",
- "1",
"1",
- " 00:25:46 +0000 UTC",
+ "0 18:25:46 -0600 MDT",
"\nMessage: Fetched revision: 8411f23d07d3701f0e96e7d9e503b",
"7936d7e1d56\n",
}, "")
```
This commit fixes the issue by converting the golden test times to local
time before comparing. The utility function toLocalTime() is added to
trace_test.go, and then it is used to provide localized times as
template parameters to the golden files.
Signed-off-by: Andrew Jenkins <andrew@aspenmesh.io>
If implemented, flux diff kustomization will managed correctly sops
managed dockerconfigjson secrets.
Sops encrypted secret with stringData maps are supported too.
Signed-off-by: Soule BA <soule@weave.works>
If implemented, calling the diff command on kustomization will return 0,
1(if changes are identified), >1 for errors.
Signed-off-by: Soule BA <soule@weave.works>
If implemented it will permit queriying the Kubernetes API to fetch the specified
Flux Kustomization, then uses the specified path to build the overlay.
It will then ssa-dry-run apply and output the diff using homeport/dyff
Signed-off-by: Soule BA <soule@weave.works>
If implemented it will permit queriying the Kubernetes API to fetch the specified
Flux Kustomization, then uses the specified path to build
the overlay.
Signed-off-by: Soule BA <soule@weave.works>
It now accepts arguments in the forms <resource>/<name>
and <resource> <name> instead of requiring api version and
kind as flags.
Signed-off-by: Jakob Schrettenbrunner <jakob.schrettenbrunner@telekom.de>
Remove the overwrite of the repositoryURL.Host variable to include Git
servers deployed on non-standard https ports
Co-authored-by: Sebastián Vargas <develolux@gmail.com>
Signed-off-by: Alby Hernández <me@achetronic.com>
Signed-off-by: Alby Hernández <alby.hernandez@system73.com>
This fixes a styling issue:
```
$ flux --help
Command line utility for assembling Kubernetes CD pipelines the GitOps
way.
Usage:
flux [command]
...
Available Commands:
...
suspend Suspend resources
trace trace an in-cluster object throughout the GitOps delivery
pipeline
uninstall Uninstall Flux and its custom resource definitions
...
```
Signed-off-by: Hidde Beydals <hello@hidde.co>
The new command set is:
flux bootstrap bitbucket-server --owner=<project> --username=<user> --repository=<repository name> --hostname=<domain> --token-auth
There is a parity in the capabilities with the other providers.
Signed-off-by: Soule BA <soule@weave.works>
bufio's reader.ReadString includes any CRLF characters and we don't
want these in the resulting token because this leads to errors in the
authentication like this:
```
✗ failed to get Git repository
"https://github.com/kingdon-ci/jenkins-infra": Get
"https://api.github.com/repos/kingdon-ci/jenkins-infra": net/http:
invalid header field value "Bearer gho_NNNNNsecrettokenMMMMM\n" for
key Authorization
```
Signed-off-by: Max Jonas Werner <mail@makk.es>
This change adds functionality to both, `bootstrap github` and
`bootstrap gitlab` to prompt the user for the personal access tokens
if those can't be derived from the shell environment. Echoing is
turned off for better privacy.
Instead of having to interactively type the token or manually paste it
from the clipboard, users can also pipe it to Flux which comes in
handy e.g. when executing Flux remotely over an SSH connection:
```
$ echo 'asdf' | flux bootstrap github
```
Otherwise, Flux will prompt the user:
```
$ flux bootstrap github
Please type your GitHub personal access token:
```
closes#2011
Signed-off-by: Max Jonas Werner <mail@makk.es>
Motivation: RSA SHA-1 SSH keys are no longer accepted by GitHub https://github.blog/2021-09-01-improving-git-protocol-security-github/.
Given this we are switching the default from RSA to ECDSA for `git`, `github` and `gitlab` variants of `flux bootstrap`.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Use `app.kubernetes.io/part-of: flux` label instead of `app.kubernetes.io/instance` to select the in-cluster objects used in flux version, check, logs and uninstall commands.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
While fixing an unrelated issue, I noticed:
✗ GitRepository reconciliation failed: ''PGP public keys secret error: expected pointer, but got nil
the single quote should surround the readyCond.Message
Signed-off-by: Kingdon Barrett <yebyen@gmail.com>
The `flux tree kustomization` command prints the resources reconciled by the given Kustomization.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This fixes the case where you create a HelmRelease with `--export` and
the `install: {}` field being there, adding no value to the manifest.
Signed-off-by: Max Jonas Werner <mail@makk.es>
When a user provided the `--ca-file` flag to the `bootstrap` command,
the given CA file wasn't taken into account for cloning the repository
locally. It was just passed along to the CR that is created so Flux
can make use of it when cloning the repository in-cluster.
However, users may not want to add a custom CA to their local host's
trust chain and may expect the `--ca-file` flag to be respected also
for cloning the repository locally. This is what this commit
accomplishes.
closes#1775
Signed-off-by: Max Jonas Werner <mail@makk.es>
The create source tests are more interesting than the existing tests as they
create objects then wit for the flux source reconciler to complete. The tests
simulate this with a background goroutine that waits for an object to be
created then uses a test specific function to update it.
The tests set a timeout so that if there is a failure they timeout somewhat
quickly rather than hanging for a longer period of time.
Signed-off-by: Allen Porter <allen@thebends.org>
Speed up unit tests by using a shared envTest. This requires each
test to use its own namespace to avoid clobbering objects for
other tests. Tests previously took around 8 seconds each, and now
the initial test takes 2 seconds with follow up tests taking less
than a second each.
Also update existing tests that use a fixed namespace to use a
generated namespace.
Share gold file template function with yaml files.
Remove the testClusterMode, and instead rely on MainTest to do
the appropriate test setup and rootArgs flag setup. Move the
rootArg flag setup out of NewTestEnvKubeManager to avoid
side effects.
A follow up change can be to push the individual setups
from NewTestEnvKubeManager() into their respective TestMain since
the harness share little code.
Signed-off-by: Allen Porter <allen@thebends.org>
Replace the 4 arguments to cmdTestCase with a function that
can let tests run arbitrary logic if it is more complex than
what is provided by the test harness. Move the existing logic
into functions that the test can use for common assertions on
golden files and golden values.
These changes were pulled out of PR #1696 to make a smaller review.
Signed-off-by: Allen Porter <allen@thebends.org>
Remove use of the fake client, and replace with a real client connected to the
testEnv.
This required fixes to the yaml files as the testEnv has stricter verifcation
of objects. This also meant it was not possible to test a GitRepository with
a missing artifact since that is not a valid state.
The tests are slower than before, taking around 7-10 seconds each because the
testEnv is setup and destroyed for every test. These will be sped up in a
follow up PR.
Signed-off-by: Allen Porter <allen@thebends.org>
The new flag fetch and display the request ressource and then continue
watching the ressource until timeout or cancellation.
A single ressource/ressource type is supported.
Signed-off-by: Soule BA <soule@weave.works>
This should prevent the generation of the object getting bumped, as
observed on a GKE K8s 1.18 cluster using the logic before this commit.
We only want to generation to increase when there are actual changes to
the `spec` of a resource, as some controllers use the `generation`
value to make assumptions about what they should do during a
reconciliation.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- move test helpers to main
- add support for inline golden values
- add test for `flux --version`
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Add tests for flux trace command that fake out the kubernetes client,
load objects from a yaml file and create them in the client, and
assert on the output of the trace command to an expected golden file.
This is a follow up from the suggestions in PR https://github.com/fluxcd/flux2/pull/1626 which suggested that additional
testing would be helpful. This test approach is modeled after the helm command tests.
This required some changes to the kubernetes client setup to make it
possible to use a fake. If we agree this pattern makes sense, it can be
applied to other commands.
Signed-off-by: Allen Porter <allen@thebends.org>
Check for existence of GitRepository.Spec.Reference when displaying a trace to
avoid error:
✗ template: tmpl:28:21: executing "tmpl" at <.GitRepository.Spec.Reference.Tag>: nil pointer evaluating *v1beta1.GitRepositoryRef.Tag
Fixes issue #1621
Manually tested using the use cases highlighted in the issue.
Signed-off-by: Allen Porter <allen@thebends.org>
The trace command allows Flux users to point the CLI to a Kubernetes object in-cluster and get a detailed report about the GitOps pipeline that manages that particular object.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This includes an introduction of a `--pass-credentials` flag for the
`flux create source helm` command to allow configuring the new
option introduced.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This changes the logic for the parsing of private keys, as already
done for the source-controller, so that it is able to recognize and
work with a wider range of key formats instead of returning a vague
error:
```console
$ flux bootstrap git [..]
✗ ssh: this private key is passphrase protected
```
A patch for this was already submitted and merged in `go-git/go-git`,
but is not made available in a release yet:
https://github.com/go-git/go-git/pull/298
Signed-off-by: Hidde Beydals <hello@hidde.co>
This removes the usage of Hostname() which does not honor configured SSH
port to be used.
Resolves: #1377
See also: #1101, #1102
Signed-off-by: Tobias Jakobsson <jakobsson.tobias@gmail.com>
Remove the default branch value from `flux create source git` and validate that one of the ref options are specified.
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
StringSliceVar allows for more flexibility when passing vars to list
flags.
Both formats will be supported:
- '--foo=one --foo=two'
- '--foo=one,two'
Signed-off-by: Claudia Beresford <claudiaberesford@gmail.com>
As otherwise (comparisons to) cluster configuration will fail due to
Separator differences. Was already fixed for provider implementations.
Signed-off-by: Hidde Beydals <hello@hidde.co>
The behavior introduced during the introduction of go-git-providers
was more strict, and has proven pretty quickly to not be useful to
all users. Therefore, the reconciliation behavior for repository
configuration has been put behind an opt-in flag, so that it does
not overwrite people their configs by accident.
Signed-off-by: Hidde Beydals <hello@hidde.co>
To highlight the fact that it configures the repository as defined,
which was not _really_ clear to some users and has resulted in public
repositories accidentally being changed to private (losing important
goodies like stars and linked forks).
Discussion on this is ongoing and there will likely be other
improvements in the near future to protect users against this.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Using the `--commit-message-appendix` flag a string can be added to the
commit messages made by the bootstrapper process to for example skip CI
actions from executing using e.g. `[skip ci]`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This command makes it possible to bootstrap to a generic Git server
using the local SSH agent, or a given password or private key file.
If a private key is generated, the user is prompted to give the
generated key access to the repository.
Signed-off-by: Hidde Beydals <hello@hidde.co>
This includes making a lot of things configurable (e.g. SSH key
algorithm, RSA bit size, etc.) that used to be static.
Signed-off-by: Hidde Beydals <hello@hidde.co>
- change links in cli docs to be relative (making mkdocs AND hugo happy)
- run 'make docs'
- fix other links
Signed-off-by: Daniel Holbach <daniel@weave.works>
This commit adds support for supplying a path to an existing private
key file to both the `flux create secret git` and `flux create source
git` commands.
If a path is given, any private key generation configuration options
are ignored by the manifest generator. The SSH host will however still
be scanned for server keys.
Signed-off-by: Hidde Beydals <hello@hidde.co>