diff --git a/cmd/helm-sync/main.go b/cmd/helm-sync/main.go index ba57bc2d2f..87cfe95d0f 100644 --- a/cmd/helm-sync/main.go +++ b/cmd/helm-sync/main.go @@ -46,8 +46,8 @@ var ( flIncludeCRDs = flag.String("include-crds", os.Getenv(reconcilermanager.HelmIncludeCRDs), "include CRDs in the helm rendering output") flAuth = flag.String("auth", util.EnvString(reconcilermanager.HelmAuthType, string(configsync.AuthNone)), - fmt.Sprintf("the authentication type for access to the Helm repository. Must be one of %s, %s, %s, %s or %s. Defaults to %s", - configsync.AuthGCPServiceAccount, configsync.AuthK8sServiceAccount, configsync.AuthToken, configsync.AuthGCENode, configsync.AuthNone, configsync.AuthNone)) + fmt.Sprintf("the authentication type for access to the Helm repository. Must be one of %s. Defaults to %s", + configsync.SupportedAuthTypes(configsync.HelmSource), configsync.AuthNone)) flReleaseName = flag.String("release-name", os.Getenv(reconcilermanager.HelmReleaseName), "the name of helm release") flNamespace = flag.String("namespace", os.Getenv(reconcilermanager.HelmReleaseNamespace), diff --git a/cmd/hydration-controller/main.go b/cmd/hydration-controller/main.go index 167fcc33e3..7b56e1caf0 100644 --- a/cmd/hydration-controller/main.go +++ b/cmd/hydration-controller/main.go @@ -23,7 +23,6 @@ import ( "k8s.io/klog/v2" "k8s.io/klog/v2/klogr" "kpt.dev/configsync/pkg/api/configsync" - "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/hydrate" "kpt.dev/configsync/pkg/importer/filesystem/cmpath" "kpt.dev/configsync/pkg/kmetrics" @@ -111,7 +110,7 @@ func main() { hydrator := &hydrate.Hydrator{ DonePath: absDonePath, - SourceType: v1beta1.SourceType(*sourceType), + SourceType: configsync.SourceType(*sourceType), SourceRoot: absSourceRootDir, HydratedRoot: absHydratedRootDir, SourceLink: *sourceLinkDir, diff --git a/cmd/nomos/status/cluster_state.go b/cmd/nomos/status/cluster_state.go index 4470ef1e32..eb544d8a4d 100644 --- a/cmd/nomos/status/cluster_state.go +++ b/cmd/nomos/status/cluster_state.go @@ -25,6 +25,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "kpt.dev/configsync/cmd/nomos/util" v1 "kpt.dev/configsync/pkg/api/configmanagement/v1" + "kpt.dev/configsync/pkg/api/configsync" "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/reposync" "kpt.dev/configsync/pkg/rootsync" @@ -75,7 +76,7 @@ func unavailableCluster(ref string) *ClusterState { type RepoState struct { scope string syncName string - sourceType v1beta1.SourceType + sourceType configsync.SourceType git *v1beta1.Git oci *v1beta1.Oci helm *v1beta1.HelmBase @@ -133,13 +134,13 @@ func (r *RepoState) printRows(writer io.Writer) { } } -func sourceString(sourceType v1beta1.SourceType, git *v1beta1.Git, oci *v1beta1.Oci, helm *v1beta1.HelmBase) string { +func sourceString(sourceType configsync.SourceType, git *v1beta1.Git, oci *v1beta1.Oci, helm *v1beta1.HelmBase) string { switch sourceType { - case v1beta1.OciSource: + case configsync.OciSource: return ociString(oci) - case v1beta1.HelmSource: + case configsync.HelmSource: return helmString(helm) - case v1beta1.GitSource: + case configsync.GitSource: return gitString(git) } return gitString(git) @@ -307,7 +308,7 @@ func namespaceRepoStatus(rs *v1beta1.RepoSync, rg *unstructured.Unstructured, sy repostate := &RepoState{ scope: rs.Namespace, syncName: rs.Name, - sourceType: v1beta1.SourceType(rs.Spec.SourceType), + sourceType: configsync.SourceType(rs.Spec.SourceType), git: rs.Spec.Git, oci: rs.Spec.Oci, helm: reposync.GetHelmBase(rs.Spec.Helm), @@ -409,7 +410,7 @@ func RootRepoStatus(rs *v1beta1.RootSync, rg *unstructured.Unstructured, syncing repostate := &RepoState{ scope: "", syncName: rs.Name, - sourceType: v1beta1.SourceType(rs.Spec.SourceType), + sourceType: configsync.SourceType(rs.Spec.SourceType), git: rs.Spec.Git, oci: rs.Spec.Oci, helm: rootsync.GetHelmBase(rs.Spec.Helm), diff --git a/cmd/nomos/status/cluster_state_test.go b/cmd/nomos/status/cluster_state_test.go index 2e4c3a7043..1d5198a26f 100644 --- a/cmd/nomos/status/cluster_state_test.go +++ b/cmd/nomos/status/cluster_state_test.go @@ -284,7 +284,7 @@ func TestRepoState_PrintRows(t *testing.T) { &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, oci: &v1beta1.Oci{ Image: "us-docker.pkg.dev/test-project/test-ar-repo/sample", Dir: "test", @@ -301,7 +301,7 @@ func TestRepoState_PrintRows(t *testing.T) { &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, helm: helm, status: "ERROR", commit: "abc123", @@ -315,7 +315,7 @@ func TestRepoState_PrintRows(t *testing.T) { &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, status: "ERROR", errors: []string{"missing Git config"}, errorSummary: errorSummayWithOneError, @@ -327,7 +327,7 @@ func TestRepoState_PrintRows(t *testing.T) { &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, status: "ERROR", errors: []string{"missing OCI config"}, errorSummary: errorSummayWithOneError, @@ -339,7 +339,7 @@ func TestRepoState_PrintRows(t *testing.T) { &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, status: "ERROR", errors: []string{"missing Helm config"}, errorSummary: errorSummayWithOneError, @@ -508,7 +508,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { gitSpec *v1beta1.Git ociSpec *v1beta1.Oci helmSpec *v1beta1.HelmBase - sourceType v1beta1.SourceType + sourceType configsync.SourceType conditions []v1beta1.RepoSyncCondition sourceStatus v1beta1.SourceStatus renderingStatus v1beta1.RenderingStatus @@ -522,7 +522,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { conditions: []v1beta1.RepoSyncCondition{stalledCondition}, want: &RepoState{ scope: "bookstore", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, syncName: "repo-sync", git: git, status: stalledMsg, @@ -552,7 +552,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: stalledMsg, commit: emptyCommit, @@ -567,7 +567,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: reconcilingMsg, commit: emptyCommit, @@ -594,7 +594,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: reconcilingMsg, commit: emptyCommit, @@ -607,7 +607,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: pendingMsg, commit: emptyCommit, @@ -621,7 +621,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: pendingMsg, commit: emptyCommit, @@ -648,7 +648,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, // This mistakenly reports an error because `nomos status` checks all errors first. // The following test case shows how the status is reported correctly with the syncing condition. @@ -680,7 +680,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: pendingMsg, commit: emptyCommit, @@ -698,7 +698,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: util.ErrorMsg, // This mistakenly reports the commit as empty because "nomos status" used @@ -725,7 +725,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: util.ErrorMsg, commit: "abc123", @@ -755,7 +755,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: util.ErrorMsg, // This mistakenly shows the commit because `nomos status` sets commit to `.status.sync.commit`. @@ -792,7 +792,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: util.ErrorMsg, commit: "def456", @@ -812,7 +812,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: pendingMsg, // This mistakenly reports an empty commit because `nomos status` sets commit to `.status.sync.commit`. @@ -836,7 +836,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: pendingMsg, commit: "abc123", @@ -863,7 +863,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, // This mistakenly reports an error status because `nomos status` checks all errors first. // The test case below shows how it is fixed with the syncing condition. @@ -900,7 +900,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: pendingMsg, commit: "def456", @@ -918,7 +918,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: util.ErrorMsg, // This mistakenly reports an empty commit because `nomos status` sets the commit to `.status.sync.commit`. @@ -944,7 +944,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: util.ErrorMsg, commit: "abc123", @@ -974,7 +974,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: util.ErrorMsg, // This mistakenly reports the commit and errors because `nomos status` checks all errors first. @@ -1011,7 +1011,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: util.ErrorMsg, commit: "def456", @@ -1031,7 +1031,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: pendingMsg, // This mistakenly reports the commit to be empty because `nomos status` used to set the commit to `.status.sync.commit`. @@ -1055,7 +1055,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: pendingMsg, commit: "abc123", @@ -1082,7 +1082,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, // This mistakenly reports an error status because `nomos status` used to check all errors first. // The test case below shows how it is fixed with the syncing condition. @@ -1119,7 +1119,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: pendingMsg, commit: "def456", @@ -1142,7 +1142,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: util.ErrorMsg, // This mistakenly reports the commit as empty because `nomos status` used to set the commit to `.status.sync.commit`. @@ -1173,7 +1173,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: util.ErrorMsg, commit: "abc123", @@ -1203,7 +1203,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: util.ErrorMsg, // This mistakenly reports the commit because `nomos status` used to set the commit to `.status.sync.commit`. @@ -1240,7 +1240,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: util.ErrorMsg, commit: "def456", @@ -1264,7 +1264,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: pendingMsg, // The commit should be available because it is included in the rendering and source statuses, @@ -1293,7 +1293,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: pendingMsg, commit: "abc123", @@ -1320,7 +1320,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, // This mistakenly reports an error status because `nomos status` checks all errors first. // The test case below shows how the status is correctly reported with the syncing condition. @@ -1357,7 +1357,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: pendingMsg, commit: "def456", @@ -1385,7 +1385,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: util.ErrorMsg, commit: "abc123", @@ -1419,7 +1419,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: util.ErrorMsg, commit: "abc123", @@ -1449,7 +1449,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: util.ErrorMsg, commit: "def456", @@ -1483,7 +1483,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: gitUpdated, status: util.ErrorMsg, commit: "def456", @@ -1513,7 +1513,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { want: &RepoState{ scope: "bookstore", syncName: "repo-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: git, status: syncedMsg, lastSyncTimestamp: lastSyncTimestamp, @@ -1548,7 +1548,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { scope: "bookstore", syncName: "repo-sync", git: git, - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, status: syncedMsg, lastSyncTimestamp: lastSyncTimestamp, commit: "abc123", @@ -1558,7 +1558,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { { name: "OCI repo has import error", ociSpec: oci, - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, syncingConditionSupported: true, conditions: []v1beta1.RepoSyncCondition{ reconciledCondition, @@ -1573,7 +1573,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { scope: "bookstore", syncName: "repo-sync", oci: oci, - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, status: util.ErrorMsg, commit: "def456", errors: []string{"KNV2004: import error"}, @@ -1583,7 +1583,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { { name: "OCI repo has import error", ociSpec: oci, - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, syncingConditionSupported: true, conditions: []v1beta1.RepoSyncCondition{ reconciledCondition, @@ -1598,7 +1598,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { scope: "bookstore", syncName: "repo-sync", oci: oci, - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, status: util.ErrorMsg, commit: "abc123", errors: []string{"KNV2004: import error"}, @@ -1608,7 +1608,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { { name: "OCI repo has rendering error", ociSpec: oci, - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, syncingConditionSupported: true, conditions: []v1beta1.RepoSyncCondition{ reconciledCondition, @@ -1633,7 +1633,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { scope: "bookstore", syncName: "repo-sync", oci: oci, - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, status: util.ErrorMsg, commit: "def456", errors: []string{"KNV2015: rendering error"}, @@ -1643,7 +1643,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { { name: "OCI repo has syncing error", ociSpec: oci, - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, syncingConditionSupported: true, conditions: []v1beta1.RepoSyncCondition{ reconciledCondition, @@ -1667,7 +1667,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { scope: "bookstore", syncName: "repo-sync", oci: oci, - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, status: util.ErrorMsg, commit: "abc123", errors: []string{"KNV2009: apply error"}, @@ -1677,7 +1677,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { { name: "Helm repo has import error", helmSpec: helm, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, syncingConditionSupported: true, conditions: []v1beta1.RepoSyncCondition{ reconciledCondition, @@ -1692,7 +1692,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { scope: "bookstore", syncName: "repo-sync", helm: helm, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, status: util.ErrorMsg, commit: "abc123", errors: []string{"KNV2004: import error"}, @@ -1702,7 +1702,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { { name: "Helm repo has rendering error", helmSpec: helm, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, syncingConditionSupported: true, conditions: []v1beta1.RepoSyncCondition{ reconciledCondition, @@ -1727,7 +1727,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { scope: "bookstore", syncName: "repo-sync", helm: helm, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, status: util.ErrorMsg, commit: "def456", errors: []string{"KNV2015: rendering error"}, @@ -1737,7 +1737,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { { name: "Helm repo has syncing error", helmSpec: helm, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, syncingConditionSupported: true, conditions: []v1beta1.RepoSyncCondition{ reconciledCondition, @@ -1761,7 +1761,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { scope: "bookstore", syncName: "repo-sync", helm: helm, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, status: util.ErrorMsg, commit: "abc123", errors: []string{"KNV2009: apply error"}, @@ -1779,7 +1779,7 @@ func TestRepoState_NamespaceRepoStatus(t *testing.T) { } repoSync.Spec.SourceType = string(tc.sourceType) if repoSync.Spec.SourceType == "" { - repoSync.Spec.SourceType = string(v1beta1.GitSource) + repoSync.Spec.SourceType = string(configsync.GitSource) } repoSync.Status.Conditions = tc.conditions repoSync.Status.Source = tc.sourceStatus @@ -2895,7 +2895,7 @@ gke_sample-project_europe-west1-b_cluster-1 { scope: "", syncName: "root-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: &v1beta1.Git{ Repo: "git@github.com:tester/sample", }, @@ -2905,7 +2905,7 @@ gke_sample-project_europe-west1-b_cluster-1 { scope: "bookstore", syncName: "repos-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: &v1beta1.Git{ Repo: "git@github.com:tester/sample", Branch: "feature", @@ -2933,7 +2933,7 @@ gke_sample-project_europe-west1-b_cluster-2 { scope: "", syncName: "root-sync", - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, oci: &v1beta1.Oci{ Image: "us-docker.pkg.dev/test-project/test-ar-repo/sample", }, @@ -2943,7 +2943,7 @@ gke_sample-project_europe-west1-b_cluster-2 { scope: "bookstore", syncName: "repos-sync", - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, oci: &v1beta1.Oci{ Image: "us-docker.pkg.dev/test-project/test-ar-repo/sample-repo", Dir: "test", @@ -2971,7 +2971,7 @@ gke_sample-project_europe-west1-b_cluster-2 { scope: "", syncName: "root-sync", - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, helm: &v1beta1.HelmBase{ Repo: "oci://us-central1-docker.pkg.dev/your-dev-project/sample", Chart: "test", @@ -2982,7 +2982,7 @@ gke_sample-project_europe-west1-b_cluster-2 { scope: "bookstore", syncName: "repos-sync", - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, helm: &v1beta1.HelmBase{ Repo: "oci://us-central1-docker.pkg.dev/your-dev-project/sample", Chart: "test", @@ -3030,7 +3030,7 @@ func TestClusterState_PrintRowsWithNameFilter(t *testing.T) { { scope: "", syncName: "root-sync", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: &v1beta1.Git{ Repo: "git@github.com:tester/sample", }, @@ -3040,7 +3040,7 @@ func TestClusterState_PrintRowsWithNameFilter(t *testing.T) { { scope: "", syncName: "root-sync-2", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: &v1beta1.Git{ Repo: "git@github.com:tester/sample", Branch: "feature", @@ -3051,7 +3051,7 @@ func TestClusterState_PrintRowsWithNameFilter(t *testing.T) { { scope: "", syncName: "root-sync-3", - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, git: &v1beta1.Git{ Repo: "git@github.com:tester/sample", Branch: "dev", diff --git a/cmd/oci-sync/main.go b/cmd/oci-sync/main.go index 6d18e5d05c..7f71d5753c 100644 --- a/cmd/oci-sync/main.go +++ b/cmd/oci-sync/main.go @@ -35,8 +35,8 @@ import ( var flImage = flag.String("image", util.EnvString(reconcilermanager.OciSyncImage, ""), "the OCI image repository for the package") var flAuth = flag.String("auth", util.EnvString(reconcilermanager.OciSyncAuth, string(configsync.AuthNone)), - fmt.Sprintf("the authentication type for access to the OCI package. Must be one of %s, %s, %s, or %s. Defaults to %s", - configsync.AuthGCPServiceAccount, configsync.AuthK8sServiceAccount, configsync.AuthGCENode, configsync.AuthNone, configsync.AuthNone)) + fmt.Sprintf("the authentication type for access to the OCI package. Must be one of %s. Defaults to %s", + configsync.SupportedAuthTypes(configsync.OciSource), configsync.AuthNone)) var flRoot = flag.String("root", util.EnvString("OCI_SYNC_ROOT", util.EnvString("HOME", "")+"/oci"), "the root directory for oci-sync operations, under which --dest will be created") var flDest = flag.String("dest", util.EnvString("OCI_SYNC_DEST", ""), diff --git a/cmd/reconciler/main.go b/cmd/reconciler/main.go index 586a3a69f8..2dc6191297 100644 --- a/cmd/reconciler/main.go +++ b/cmd/reconciler/main.go @@ -23,7 +23,6 @@ import ( "k8s.io/klog/v2" "k8s.io/klog/v2/klogr" "kpt.dev/configsync/pkg/api/configsync" - "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/declared" "kpt.dev/configsync/pkg/importer/filesystem" "kpt.dev/configsync/pkg/importer/filesystem/cmpath" @@ -186,7 +185,7 @@ func main() { HydratedLink: *hydratedLinkDir, SourceRev: *sourceRev, SourceBranch: *sourceBranch, - SourceType: v1beta1.SourceType(*sourceType), + SourceType: configsync.SourceType(*sourceType), SourceRepo: *sourceRepo, SyncDir: relSyncDir, SyncName: *syncName, diff --git a/e2e/nomostest/config_sync.go b/e2e/nomostest/config_sync.go index 5a998dc42c..acded36948 100644 --- a/e2e/nomostest/config_sync.go +++ b/e2e/nomostest/config_sync.go @@ -655,7 +655,7 @@ func setupDelegatedControl(nt *NT) { func RootSyncObjectV1Alpha1(name, repoURL string, sourceFormat filesystem.SourceFormat) *v1alpha1.RootSync { rs := fake.RootSyncObjectV1Alpha1(name) rs.Spec.SourceFormat = string(sourceFormat) - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1alpha1.Git{ Repo: repoURL, Branch: gitproviders.MainBranch, @@ -693,7 +693,7 @@ func RootSyncObjectV1Alpha1FromRootRepo(nt *NT, name string) *v1alpha1.RootSync func RootSyncObjectV1Beta1(name, repoURL string, sourceFormat filesystem.SourceFormat) *v1beta1.RootSync { rs := fake.RootSyncObjectV1Beta1(name) rs.Spec.SourceFormat = string(sourceFormat) - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1beta1.Git{ Repo: repoURL, Branch: gitproviders.MainBranch, @@ -754,7 +754,7 @@ func StructuredNSPath(namespace, resourceName string) string { // SourceFormat for RepoSync must be Unstructured (default), so it's left unspecified. func RepoSyncObjectV1Alpha1(nn types.NamespacedName, repoURL string) *v1alpha1.RepoSync { rs := fake.RepoSyncObjectV1Alpha1(nn.Namespace, nn.Name) - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1alpha1.Git{ Repo: repoURL, Branch: gitproviders.MainBranch, @@ -800,7 +800,7 @@ func RepoSyncObjectV1Alpha1FromNonRootRepo(nt *NT, nn types.NamespacedName) *v1a func RepoSyncObjectV1Beta1(nn types.NamespacedName, repoURL string, sourceFormat filesystem.SourceFormat) *v1beta1.RepoSync { rs := fake.RepoSyncObjectV1Beta1(nn.Namespace, nn.Name) rs.Spec.SourceFormat = string(sourceFormat) - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1beta1.Git{ Repo: repoURL, Branch: gitproviders.MainBranch, diff --git a/e2e/nomostest/sync.go b/e2e/nomostest/sync.go index c839e58ee7..945dd92d5b 100644 --- a/e2e/nomostest/sync.go +++ b/e2e/nomostest/sync.go @@ -51,7 +51,7 @@ func RootSyncHasStatusSyncDirectory(dir string) testpredicates.Predicate { configsync.RootSyncKind, i, log.AsJSON(condition), log.AsYAML(rs)) } } - err := statusHasSyncDirAndNoErrors(rs.Status.Status, v1beta1.SourceType(rs.Spec.SourceType), dir) + err := statusHasSyncDirAndNoErrors(rs.Status.Status, configsync.SourceType(rs.Spec.SourceType), dir) if err != nil { return fmt.Errorf("%s %w:\n%s", configsync.RootSyncKind, err, log.AsYAML(rs)) } @@ -82,7 +82,7 @@ func RepoSyncHasStatusSyncDirectory(dir string) testpredicates.Predicate { configsync.RepoSyncKind, i, log.AsJSON(condition), log.AsYAML(rs)) } } - err := statusHasSyncDirAndNoErrors(rs.Status.Status, v1beta1.SourceType(rs.Spec.SourceType), dir) + err := statusHasSyncDirAndNoErrors(rs.Status.Status, configsync.SourceType(rs.Spec.SourceType), dir) if err != nil { return fmt.Errorf("%s %w:\n%s", configsync.RepoSyncKind, err, log.AsYAML(rs)) } @@ -189,7 +189,7 @@ func statusHasSyncCommitAndNoErrors(status v1beta1.Status, sha1 string) error { return nil } -func statusHasSyncDirAndNoErrors(status v1beta1.Status, sourceType v1beta1.SourceType, dir string) error { +func statusHasSyncDirAndNoErrors(status v1beta1.Status, sourceType configsync.SourceType, dir string) error { if status.Source.ErrorSummary != nil && status.Source.ErrorSummary.TotalCount > 0 { return fmt.Errorf("status.source contains %d errors", status.Source.ErrorSummary.TotalCount) } @@ -203,7 +203,7 @@ func statusHasSyncDirAndNoErrors(status v1beta1.Status, sourceType v1beta1.Sourc return fmt.Errorf("status.rendering.message %q does not indicate a successful state", message) } switch sourceType { - case v1beta1.OciSource: + case configsync.OciSource: if status.Source.Oci == nil { return fmt.Errorf("status.source.oci is nil") } @@ -222,7 +222,7 @@ func statusHasSyncDirAndNoErrors(status v1beta1.Status, sourceType v1beta1.Sourc if ociDir := status.Rendering.Oci.Dir; ociDir != dir { return fmt.Errorf("status.rendering.oci.dir %q does not match the provided directory %q", ociDir, dir) } - case v1beta1.GitSource: + case configsync.GitSource: if status.Source.Git == nil { return fmt.Errorf("status.source.git is nil") } @@ -241,7 +241,7 @@ func statusHasSyncDirAndNoErrors(status v1beta1.Status, sourceType v1beta1.Sourc if gitDir := status.Rendering.Git.Dir; gitDir != dir { return fmt.Errorf("status.rendering.git.dir %q does not match the provided directory %q", gitDir, dir) } - case v1beta1.HelmSource: + case configsync.HelmSource: if status.Source.Helm == nil { return fmt.Errorf("status.source.helm is nil") } diff --git a/e2e/testcases/helm_sync_test.go b/e2e/testcases/helm_sync_test.go index c7c2e3e978..5bf5e99910 100644 --- a/e2e/testcases/helm_sync_test.go +++ b/e2e/testcases/helm_sync_test.go @@ -413,7 +413,7 @@ func TestHelmDefaultNamespace(t *testing.T) { nt.T.Log("Update RootSync to sync from a private Artifact Registry") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "git": null, "helm": {"repo": "%s", "chart": "%s", "version": "%s", "auth": "gcpserviceaccount", "gcpServiceAccountEmail": "%s", "namespace": "", "deployNamespace": ""}}}`, - v1beta1.HelmSource, chart.Image.RepositoryOCI(), chart.Image.Name, chart.Image.Version, gsaARReaderEmail())) + configsync.HelmSource, chart.Image.RepositoryOCI(), chart.Image.Name, chart.Image.Version, gsaARReaderEmail())) err = nt.WatchForAllSyncs(nomostest.WithRootSha1Func(nomostest.HelmChartVersionShaFn(chart.Image.Version)), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{nomostest.DefaultRootRepoNamespacedName: chart.Image.Name})) if err != nil { @@ -458,7 +458,7 @@ func TestHelmLatestVersion(t *testing.T) { nt.T.Log("Update RootSync to sync from a private Artifact Registry") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "helm": {"chart": "%s", "repo": "%s", "version": "", "period": "5s", "auth": "gcpserviceaccount", "gcpServiceAccountEmail": "%s", "deployNamespace": "simple"}, "git": null}}`, - v1beta1.HelmSource, chart.Image.Name, chart.Image.RepositoryOCI(), gsaARReaderEmail())) + configsync.HelmSource, chart.Image.Name, chart.Image.RepositoryOCI(), gsaARReaderEmail())) if err = nt.Watcher.WatchObject(kinds.Deployment(), "deploy-default", "simple", []testpredicates.Predicate{testpredicates.HasLabel("version", chart.Image.Version)}); err != nil { nt.T.Error(err) @@ -521,7 +521,7 @@ func TestHelmNamespaceRepo(t *testing.T) { ntopts.NamespaceRepo(repoSyncNN.Namespace, repoSyncNN.Name)) nt.T.Log("Update RepoSync to sync from a public Helm Chart") rs := nomostest.RepoSyncObjectV1Beta1FromNonRootRepo(nt, repoSyncNN) - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRepoSync{HelmBase: v1beta1.HelmBase{ Repo: publicHelmRepo, Chart: publicHelmChart, @@ -576,7 +576,7 @@ func TestHelmConfigMapNamespaceRepo(t *testing.T) { } nt.T.Log("Update RepoSync to sync from a private Artifact Registry") - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRepoSync{HelmBase: v1beta1.HelmBase{ Repo: chart.Image.RepositoryOCI(), Chart: chart.Image.Name, @@ -681,7 +681,7 @@ func TestHelmGCENode(t *testing.T) { rs := fake.RootSyncObjectV1Beta1(configsync.RootSyncName) nt.T.Log("Update RootSync to sync from a private Artifact Registry") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "helm": {"repo": "%s", "chart": "%s", "auth": "gcenode", "version": "%s", "releaseName": "my-coredns", "namespace": "coredns"}, "git": null}}`, - v1beta1.HelmSource, chart.Image.RepositoryOCI(), chart.Image.Name, chart.Image.Version)) + configsync.HelmSource, chart.Image.RepositoryOCI(), chart.Image.Name, chart.Image.Version)) err = nt.WatchForAllSyncs( nomostest.WithRootSha1Func(nomostest.HelmChartVersionShaFn(chart.Image.Version)), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{nomostest.DefaultRootRepoNamespacedName: chart.Image.Name})) @@ -756,7 +756,7 @@ func TestHelmARTokenAuth(t *testing.T) { nt.T.Log("Update RootSync to sync from a private Artifact Registry") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "git": null, "helm": {"repo": "%s", "chart": "%s", "auth": "token", "version": "%s", "releaseName": "my-coredns", "namespace": "coredns", "secretRef": {"name" : "foo"}}}}`, - v1beta1.HelmSource, chart.Image.RepositoryOCI(), chart.Image.Name, chart.Image.Version)) + configsync.HelmSource, chart.Image.RepositoryOCI(), chart.Image.Name, chart.Image.Version)) err = nt.WatchForAllSyncs( nomostest.WithRootSha1Func(nomostest.HelmChartVersionShaFn(chart.Image.Version)), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{nomostest.DefaultRootRepoNamespacedName: chart.Image.Name})) @@ -814,7 +814,7 @@ func TestHelmEmptyChart(t *testing.T) { "git": null } }`, - v1beta1.HelmSource, + configsync.HelmSource, chart.Image.RepositoryOCI(), chart.Image.Name, chart.Image.Version, diff --git a/e2e/testcases/oci_sync_test.go b/e2e/testcases/oci_sync_test.go index 5a4b37e2a6..ed65109f9c 100644 --- a/e2e/testcases/oci_sync_test.go +++ b/e2e/testcases/oci_sync_test.go @@ -87,7 +87,7 @@ func TestPublicOCI(t *testing.T) { rs := fake.RootSyncObjectV1Beta1(configsync.RootSyncName) nt.T.Log("Update RootSync to sync from a public OCI image in AR") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "oci": {"image": "%s", "auth": "none"}, "git": null}}`, - v1beta1.OciSource, publicARImage)) + configsync.OciSource, publicARImage)) err := nt.WatchForAllSyncs( nomostest.WithRootSha1Func(imageDigestFunc(publicARImage)), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{ @@ -131,7 +131,7 @@ func TestGCENodeOCI(t *testing.T) { rs := fake.RootSyncObjectV1Beta1(configsync.RootSyncName) nt.T.Log("Update RootSync to sync from an OCI image in Artifact Registry") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "oci": {"dir": "%s", "image": "%s", "auth": "gcenode"}, "git": null}}`, - v1beta1.OciSource, tenant, privateARImage())) + configsync.OciSource, tenant, privateARImage())) err := nt.WatchForAllSyncs( nomostest.WithRootSha1Func(imageDigestFunc(privateARImage())), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{ @@ -217,7 +217,7 @@ func TestSwitchFromGitToOci(t *testing.T) { testpredicates.HasAnnotation(common.LifecycleDeleteAnnotation, common.PreventDeletion)); err != nil { nt.T.Error(err) } - if err := nt.Validate(configsync.RepoSyncName, namespace, &v1beta1.RepoSync{}, isSourceType(v1beta1.GitSource)); err != nil { + if err := nt.Validate(configsync.RepoSyncName, namespace, &v1beta1.RepoSync{}, isSourceType(configsync.GitSource)); err != nil { nt.T.Error(err) } nt.T.Log("Verify the namespace objects are synced") @@ -248,7 +248,7 @@ func TestSwitchFromGitToOci(t *testing.T) { nt.T.Log("Update the RepoSync object to sync from OCI") repoSyncOCI := repoSyncGit.DeepCopy() repoSyncOCI.Spec.Git = nil - repoSyncOCI.Spec.SourceType = string(v1beta1.OciSource) + repoSyncOCI.Spec.SourceType = string(configsync.OciSource) imageURL := bookinfoARImage repoSyncOCI.Spec.Oci = &v1beta1.Oci{ Image: imageURL, @@ -263,7 +263,7 @@ func TestSwitchFromGitToOci(t *testing.T) { if err := nt.WatchForAllSyncs(); err != nil { nt.T.Fatal(err) } - if err := nt.Validate(configsync.RepoSyncName, namespace, &v1beta1.RepoSync{}, isSourceType(v1beta1.OciSource)); err != nil { + if err := nt.Validate(configsync.RepoSyncName, namespace, &v1beta1.RepoSync{}, isSourceType(configsync.OciSource)); err != nil { nt.T.Error(err) } nt.T.Log("Verify the namespace objects are updated") @@ -296,7 +296,7 @@ func TestSwitchFromGitToOci(t *testing.T) { if err := nt.KubeClient.Create(repoSyncGit.DeepCopy()); err != nil { nt.T.Fatal(err) } - if err := nt.Validate(configsync.RepoSyncName, namespace, &v1beta1.RepoSync{}, isSourceType(v1beta1.GitSource)); err != nil { + if err := nt.Validate(configsync.RepoSyncName, namespace, &v1beta1.RepoSync{}, isSourceType(configsync.GitSource)); err != nil { nt.T.Error(err) } nt.T.Log("Verify the namespace objects are synced") @@ -315,8 +315,8 @@ func TestSwitchFromGitToOci(t *testing.T) { // Switch from Git to OCI nt.T.Log("Manually update the RepoSync object to sync from OCI") nt.MustMergePatch(repoSyncOCI.DeepCopy(), fmt.Sprintf(`{"spec": {"sourceType": "%s", "oci": {"image": "%s", "auth": "%s"}, "helm": null, "git": null}}`, - v1beta1.OciSource, imageURL, configsync.AuthNone)) - if err := nt.Validate(configsync.RepoSyncName, namespace, &v1beta1.RepoSync{}, isSourceType(v1beta1.OciSource)); err != nil { + configsync.OciSource, imageURL, configsync.AuthNone)) + if err := nt.Validate(configsync.RepoSyncName, namespace, &v1beta1.RepoSync{}, isSourceType(configsync.OciSource)); err != nil { nt.T.Error(err) } nt.T.Log("Verify the namespace objects are synced") @@ -352,7 +352,7 @@ func TestSwitchFromGitToOci(t *testing.T) { } // resourceQuotaHasHardPods validates if the RepoSync has the expected sourceType. -func isSourceType(sourceType v1beta1.SourceType) testpredicates.Predicate { +func isSourceType(sourceType configsync.SourceType) testpredicates.Predicate { return func(o client.Object) error { if o == nil { return testpredicates.ErrObjectNotFound @@ -397,7 +397,7 @@ func testDigestUpdate(nt *nomostest.NT, image string) { rs := fake.RootSyncObjectV1Beta1(configsync.RootSyncName) nt.T.Log("Update RootSync to sync from a public OCI image") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "oci": {"image": "%s", "auth": "none"}, "git": null}}`, - v1beta1.OciSource, image)) + configsync.OciSource, image)) nt.WaitForRepoSyncs(nomostest.WithRootSha1Func(fixedOCIDigest(digest)), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{nomostest.DefaultRootRepoNamespacedName: "."})) validateAllTenants(nt, string(declared.RootReconciler), "base", "tenant-a", "tenant-b", "tenant-c") diff --git a/e2e/testcases/private_cert_secret_test.go b/e2e/testcases/private_cert_secret_test.go index 47608d1b1b..f7e50afb5e 100644 --- a/e2e/testcases/private_cert_secret_test.go +++ b/e2e/testcases/private_cert_secret_test.go @@ -42,7 +42,7 @@ import ( "kpt.dev/configsync/pkg/testing/fake" ) -func caCertSecretPatch(sourceType v1beta1.SourceType, name string) string { +func caCertSecretPatch(sourceType configsync.SourceType, name string) string { return fmt.Sprintf(`{"spec": {"%s": {"caCertSecretRef": {"name": "%s"}}}}`, sourceType, name) } @@ -101,7 +101,7 @@ func TestCACertSecretRefV1Alpha1(t *testing.T) { } // Set caCertSecret for RootSync - nt.MustMergePatch(rootSync, caCertSecretPatch(v1beta1.GitSource, caCertSecret)) + nt.MustMergePatch(rootSync, caCertSecretPatch(configsync.GitSource, caCertSecret)) if err := nt.WatchForAllSyncs(); err != nil { nt.T.Fatal(err) } @@ -138,7 +138,7 @@ func TestCACertSecretRefV1Alpha1(t *testing.T) { } // Unset caCertSecret for RootSync - nt.MustMergePatch(rootSync, caCertSecretPatch(v1beta1.GitSource, "")) + nt.MustMergePatch(rootSync, caCertSecretPatch(configsync.GitSource, "")) // RootSync should fail without caCertSecret nt.WaitForRootSyncSourceError(configsync.RootSyncName, status.SourceErrorCode, "server certificate verification failed") err = nt.Validate(nomostest.DefaultRootReconcilerName, configsync.ControllerNamespace, &appsv1.Deployment{}, testpredicates.DeploymentMissingEnvVar(reconcilermanager.GitSync, key)) @@ -219,7 +219,7 @@ func TestCACertSecretRefV1Beta1(t *testing.T) { } // Set caCertSecret for RootSync - nt.MustMergePatch(rootSync, caCertSecretPatch(v1beta1.GitSource, caCertSecret)) + nt.MustMergePatch(rootSync, caCertSecretPatch(configsync.GitSource, caCertSecret)) if err := nt.WatchForAllSyncs(); err != nil { nt.T.Fatal(err) } @@ -261,7 +261,7 @@ func TestCACertSecretRefV1Beta1(t *testing.T) { } // Unset caCertSecret for RootSync - nt.MustMergePatch(rootSync, caCertSecretPatch(v1beta1.GitSource, "")) + nt.MustMergePatch(rootSync, caCertSecretPatch(configsync.GitSource, "")) // RootSync should fail without caCertSecret nt.WaitForRootSyncSourceError(configsync.RootSyncName, status.SourceErrorCode, "server certificate verification failed") err = nt.Validate(nomostest.DefaultRootReconcilerName, configsync.ControllerNamespace, &appsv1.Deployment{}, testpredicates.DeploymentMissingEnvVar(reconcilermanager.GitSync, key)) @@ -407,11 +407,11 @@ func TestOCICACertSecretRefRootRepo(t *testing.T) { nt.T.Log("Set the RootSync to sync the OCI image without providing a CA cert") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "oci": {"image": "%s", "auth": "none"}, "git": null}}`, - v1beta1.OciSource, image.FloatingBranchTag())) + configsync.OciSource, image.FloatingBranchTag())) nt.WaitForRootSyncSourceError(configsync.RootSyncName, status.SourceErrorCode, "tls: failed to verify certificate: x509: certificate signed by unknown authority") nt.T.Log("Add caCertSecretRef to RootSync") - nt.MustMergePatch(rs, caCertSecretPatch(v1beta1.OciSource, caCertSecret)) + nt.MustMergePatch(rs, caCertSecretPatch(configsync.OciSource, caCertSecret)) err = nt.WatchForAllSyncs( nomostest.WithRootSha1Func(func(nt *nomostest.NT, nn types.NamespacedName) (string, error) { // the RSync status does not include the sha256: prefix @@ -450,7 +450,7 @@ func TestOCICACertSecretRefNamespaceRepo(t *testing.T) { } nt.T.Log("Set the RepoSync to sync the OCI image without providing a CA cert") - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Oci = &v1beta1.Oci{ Image: image.FloatingBranchTag(), Auth: "none", @@ -487,7 +487,7 @@ func TestOCICACertSecretRefNamespaceRepo(t *testing.T) { } nt.T.Log("Set the RepoSync to sync from git") - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) nt.Must(nt.RootRepos[configsync.RootSyncName].Add( nomostest.StructuredNSPath(nn.Namespace, nn.Name), rs)) nt.Must(nt.RootRepos[configsync.RootSyncName].CommitAndPush("Set the RepoSync to sync from Git")) @@ -523,11 +523,11 @@ func TestHelmCACertSecretRefRootRepo(t *testing.T) { nt.T.Log("Set the RootSync to sync the Helm package without providing a CA cert") nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "helm": {"repo": "%s", "chart": "%s", "version": "%s", "auth": "none", "period": "15s"}, "git": null}}`, - v1beta1.HelmSource, nt.HelmProvider.SyncURL(chart.Name), chart.Name, chart.Version)) + configsync.HelmSource, nt.HelmProvider.SyncURL(chart.Name), chart.Name, chart.Version)) nt.WaitForRootSyncSourceError(configsync.RootSyncName, status.SourceErrorCode, "tls: failed to verify certificate: x509: certificate signed by unknown authority") nt.T.Log("Add caCertSecretRef to RootSync") - nt.MustMergePatch(rs, caCertSecretPatch(v1beta1.HelmSource, caCertSecret)) + nt.MustMergePatch(rs, caCertSecretPatch(configsync.HelmSource, caCertSecret)) err = nt.WatchForAllSyncs( nomostest.WithRootSha1Func(nomostest.HelmChartVersionShaFn(chart.Version)), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{ @@ -567,7 +567,7 @@ func TestHelmCACertSecretRefNamespaceRepo(t *testing.T) { } nt.T.Log("Set the RepoSync to sync the Helm package without providing a CA cert") - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRepoSync{ HelmBase: v1beta1.HelmBase{ Repo: nt.HelmProvider.SyncURL(chart.Name), @@ -606,7 +606,7 @@ func TestHelmCACertSecretRefNamespaceRepo(t *testing.T) { } nt.T.Log("Set the RepoSync to sync from git") - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) nt.Must(nt.RootRepos[configsync.RootSyncName].Add( nomostest.StructuredNSPath(nn.Namespace, nn.Name), rs)) nt.Must(nt.RootRepos[configsync.RootSyncName].CommitAndPush("Set the RepoSync to sync from Git")) diff --git a/e2e/testcases/stress_test.go b/e2e/testcases/stress_test.go index 1bf808eb55..576d6ac65d 100644 --- a/e2e/testcases/stress_test.go +++ b/e2e/testcases/stress_test.go @@ -516,7 +516,7 @@ func TestStressMemoryUsageOCI(t *testing.T) { nt.T.Log("Update RootSync to sync from the OCI image in Artifact Registry") rs := fake.RootSyncObjectV1Beta1(configsync.RootSyncName) nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "oci": {"dir": ".", "image": "%s", "auth": "gcpserviceaccount", "gcpServiceAccountEmail": "%s"}, "git": null}}`, - v1beta1.OciSource, imageURL, gsaEmail)) + configsync.OciSource, imageURL, gsaEmail)) // Validate that the resources sync without the reconciler running out of // memory, getting OOMKilled, and crash looping. @@ -629,7 +629,7 @@ func TestStressMemoryUsageHelm(t *testing.T) { } } }`, - v1beta1.HelmSource, + configsync.HelmSource, chart.Image.RepositoryOCI(), chart.Image.Name, chart.Image.Version, diff --git a/e2e/testcases/workload_identity_test.go b/e2e/testcases/workload_identity_test.go index 55f82434ca..e4227e6de2 100644 --- a/e2e/testcases/workload_identity_test.go +++ b/e2e/testcases/workload_identity_test.go @@ -56,7 +56,7 @@ func TestWorkloadIdentity(t *testing.T) { sourceRepo string sourceChart string sourceVersion string - sourceType v1beta1.SourceType + sourceType configsync.SourceType gsaEmail string rootCommitFn nomostest.Sha1Func testKSAMigration bool @@ -66,7 +66,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: false, crossProject: false, sourceRepo: csrRepo(), - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, gsaEmail: gsaCSRReaderEmail(), rootCommitFn: nomostest.RemoteRootRepoSha1Fn, }, @@ -75,7 +75,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: true, crossProject: false, sourceRepo: csrRepo(), - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, gsaEmail: gsaCSRReaderEmail(), rootCommitFn: nomostest.RemoteRootRepoSha1Fn, }, @@ -84,7 +84,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: true, crossProject: true, sourceRepo: csrRepo(), - sourceType: v1beta1.GitSource, + sourceType: configsync.GitSource, gsaEmail: gsaCSRReaderEmail(), rootCommitFn: nomostest.RemoteRootRepoSha1Fn, }, @@ -93,7 +93,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: false, crossProject: false, sourceRepo: privateARImage(), - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, gsaEmail: gsaARReaderEmail(), rootCommitFn: imageDigestFunc(privateARImage()), testKSAMigration: true, @@ -103,7 +103,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: false, crossProject: false, sourceRepo: privateGCRImage(), - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, gsaEmail: gsaGCRReaderEmail(), rootCommitFn: imageDigestFunc(privateGCRImage()), }, @@ -112,7 +112,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: true, crossProject: false, sourceRepo: privateARImage(), - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, gsaEmail: gsaARReaderEmail(), rootCommitFn: imageDigestFunc(privateARImage()), testKSAMigration: true, @@ -122,7 +122,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: true, crossProject: false, sourceRepo: privateGCRImage(), - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, gsaEmail: gsaGCRReaderEmail(), rootCommitFn: imageDigestFunc(privateGCRImage()), }, @@ -131,7 +131,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: true, crossProject: true, sourceRepo: privateARImage(), - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, gsaEmail: gsaARReaderEmail(), rootCommitFn: imageDigestFunc(privateARImage()), testKSAMigration: true, @@ -141,7 +141,7 @@ func TestWorkloadIdentity(t *testing.T) { fleetWITest: true, crossProject: true, sourceRepo: privateGCRImage(), - sourceType: v1beta1.OciSource, + sourceType: configsync.OciSource, gsaEmail: gsaGCRReaderEmail(), rootCommitFn: imageDigestFunc(privateGCRImage()), }, @@ -151,7 +151,7 @@ func TestWorkloadIdentity(t *testing.T) { crossProject: false, sourceVersion: privateCoreDNSHelmChartVersion, sourceChart: privateCoreDNSHelmChart, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, gsaEmail: gsaARReaderEmail(), rootCommitFn: nomostest.HelmChartVersionShaFn(privateCoreDNSHelmChartVersion), testKSAMigration: true, @@ -162,7 +162,7 @@ func TestWorkloadIdentity(t *testing.T) { crossProject: false, sourceVersion: privateCoreDNSHelmChartVersion, sourceChart: privateCoreDNSHelmChart, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, gsaEmail: gsaARReaderEmail(), rootCommitFn: nomostest.HelmChartVersionShaFn(privateCoreDNSHelmChartVersion), testKSAMigration: true, @@ -173,7 +173,7 @@ func TestWorkloadIdentity(t *testing.T) { crossProject: true, sourceVersion: privateCoreDNSHelmChartVersion, sourceChart: privateCoreDNSHelmChart, - sourceType: v1beta1.HelmSource, + sourceType: configsync.HelmSource, gsaEmail: gsaARReaderEmail(), rootCommitFn: nomostest.HelmChartVersionShaFn(privateCoreDNSHelmChartVersion), testKSAMigration: true, @@ -242,7 +242,7 @@ func TestWorkloadIdentity(t *testing.T) { } // For helm charts, we need to push the chart to the AR before configuring the RootSync - if tc.sourceType == v1beta1.HelmSource { + if tc.sourceType == configsync.HelmSource { chart, err := artifactregistry.PushHelmChart(nt, tc.sourceChart, tc.sourceVersion) if err != nil { nt.T.Fatalf("failed to push helm chart: %v", err) @@ -257,15 +257,15 @@ func TestWorkloadIdentity(t *testing.T) { // Reuse the RootSync instead of creating a new one so that testing resources can be cleaned up after the test. nt.T.Logf("Update RootSync to sync %s from repo %s", tenant, tc.sourceRepo) switch tc.sourceType { - case v1beta1.GitSource: + case configsync.GitSource: nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"git": {"dir": "%s", "branch": "main", "repo": "%s", "auth": "gcpserviceaccount", "gcpServiceAccountEmail": "%s", "secretRef": {"name": ""}}}}`, tenant, tc.sourceRepo, tc.gsaEmail)) - case v1beta1.OciSource: + case configsync.OciSource: nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "oci": {"dir": "%s", "image": "%s", "auth": "gcpserviceaccount", "gcpServiceAccountEmail": "%s"}, "git": null}}`, - v1beta1.OciSource, tenant, tc.sourceRepo, tc.gsaEmail)) - case v1beta1.HelmSource: + configsync.OciSource, tenant, tc.sourceRepo, tc.gsaEmail)) + case configsync.HelmSource: nt.MustMergePatch(rs, fmt.Sprintf(`{"spec": {"sourceType": "%s", "helm": {"chart": "%s", "repo": "%s", "version": "%s", "auth": "gcpserviceaccount", "gcpServiceAccountEmail": "%s", "releaseName": "my-coredns", "namespace": "coredns"}, "git": null}}`, - v1beta1.HelmSource, tc.sourceChart, tc.sourceRepo, tc.sourceVersion, tc.gsaEmail)) + configsync.HelmSource, tc.sourceChart, tc.sourceRepo, tc.sourceVersion, tc.gsaEmail)) } ksaRef := types.NamespacedName{ @@ -282,8 +282,7 @@ func TestWorkloadIdentity(t *testing.T) { return testutils.ReconcilerPodHasFWICredsAnnotation(nt, nomostest.DefaultRootReconcilerName, tc.gsaEmail, configsync.AuthGCPServiceAccount) }) } - - if tc.sourceType == v1beta1.HelmSource { + if tc.sourceType == configsync.HelmSource { err := nt.WatchForAllSyncs(nomostest.WithRootSha1Func(tc.rootCommitFn), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{nomostest.DefaultRootRepoNamespacedName: tc.sourceChart})) if err != nil { @@ -323,7 +322,7 @@ func truncateStringByLength(s string, l int) string { func migrateFromGSAtoKSA(nt *nomostest.NT, rs *v1beta1.RootSync, ksaRef types.NamespacedName, fleetWITest bool, rootCommitFn nomostest.Sha1Func) error { nt.T.Log("Update RootSync auth type from gcpserviceaccount to k8sserviceaccount") sourceChart := "" - if v1beta1.SourceType(rs.Spec.SourceType) == v1beta1.HelmSource { + if configsync.SourceType(rs.Spec.SourceType) == configsync.HelmSource { // Change the source repo to guarantee new resources can be reconciled with k8sserviceaccount chart, err := artifactregistry.PushHelmChart(nt, privateSimpleHelmChart, privateSimpleHelmChartVersion) if err != nil { @@ -380,7 +379,7 @@ func migrateFromGSAtoKSA(nt *nomostest.NT, rs *v1beta1.RootSync, ksaRef types.Na }) } - if v1beta1.SourceType(rs.Spec.SourceType) == v1beta1.HelmSource { + if configsync.SourceType(rs.Spec.SourceType) == configsync.HelmSource { if err := nt.WatchForAllSyncs(nomostest.WithRootSha1Func(rootCommitFn), nomostest.WithSyncDirectoryMap(map[types.NamespacedName]string{nomostest.DefaultRootRepoNamespacedName: sourceChart})); err != nil { return err diff --git a/pkg/api/configsync/register.go b/pkg/api/configsync/register.go index fcd4ca100d..e2e28bad8f 100644 --- a/pkg/api/configsync/register.go +++ b/pkg/api/configsync/register.go @@ -14,7 +14,12 @@ package configsync -import "time" +import ( + "strings" + "time" + + "golang.org/x/exp/slices" +) const ( // GroupName is the name of the group of configsync resources. @@ -89,6 +94,20 @@ const ( DefaultHelmReleaseNamespace = "default" ) +// SourceType specifies the type of the source of truth. +type SourceType string + +const ( + // GitSource represents the source type is Git repository. + GitSource SourceType = "git" + + // OciSource represents the source type is OCI package. + OciSource SourceType = "oci" + + // HelmSource represents the source type is Helm repository. + HelmSource SourceType = "helm" +) + // AuthType specifies the type to authenticate to a repository. type AuthType string @@ -123,3 +142,44 @@ const ( // declared to be created by the reconciler. NamespaceStrategyExplicit NamespaceStrategy = "explicit" ) + +// supportedAuthTypes returns a list of supported auth types for the given source type. +func supportedAuthTypes(sourceType SourceType) []string { + switch sourceType { + case GitSource: + return []string{ + string(AuthSSH), + string(AuthCookieFile), + string(AuthGCENode), + string(AuthToken), + string(AuthNone), + string(AuthGCPServiceAccount), + } + case OciSource: + return []string{ + string(AuthGCPServiceAccount), + string(AuthK8sServiceAccount), + string(AuthGCENode), + string(AuthNone), + } + case HelmSource: + return []string{ + string(AuthGCPServiceAccount), + string(AuthK8sServiceAccount), + string(AuthToken), + string(AuthGCENode), + string(AuthNone), + } + } + return nil +} + +// SupportedAuthTypes returns a list of the supported auth types in a string for the given source type. +func SupportedAuthTypes(sourceType SourceType) string { + return strings.Join(supportedAuthTypes(sourceType), ", ") +} + +// IsAuthTypeSupported checks if the provided auth type is supported for the given source type. +func IsAuthTypeSupported(sourceType SourceType, authType AuthType) bool { + return slices.Contains(supportedAuthTypes(sourceType), string(authType)) +} diff --git a/pkg/api/configsync/v1alpha1/sync_types.go b/pkg/api/configsync/v1alpha1/sync_types.go index 4c18878c26..450386a796 100644 --- a/pkg/api/configsync/v1alpha1/sync_types.go +++ b/pkg/api/configsync/v1alpha1/sync_types.go @@ -249,17 +249,3 @@ type ResourceRef struct { // +optional GVK metav1.GroupVersionKind `json:"gvk,omitempty"` } - -// SourceType specifies the type of the source of truth. -type SourceType string - -const ( - // GitSource represents the source type is Git repository. - GitSource SourceType = "git" - - // OciSource represents the source type is OCI package. - OciSource SourceType = "oci" - - // HelmSource represents the source type is Helm repository. - HelmSource SourceType = "helm" -) diff --git a/pkg/api/configsync/v1beta1/sync_types.go b/pkg/api/configsync/v1beta1/sync_types.go index f5f5291916..2c4c137c6a 100644 --- a/pkg/api/configsync/v1beta1/sync_types.go +++ b/pkg/api/configsync/v1beta1/sync_types.go @@ -249,17 +249,3 @@ type ResourceRef struct { // +optional GVK metav1.GroupVersionKind `json:"gvk,omitempty"` } - -// SourceType specifies the type of the source of truth. -type SourceType string - -const ( - // GitSource represents the source type is Git repository. - GitSource SourceType = "git" - - // OciSource represents the source type is OCI package. - OciSource SourceType = "oci" - - // HelmSource represents the source type is Helm repository. - HelmSource SourceType = "helm" -) diff --git a/pkg/hydrate/controller.go b/pkg/hydrate/controller.go index 96f5f93f43..7d26205742 100644 --- a/pkg/hydrate/controller.go +++ b/pkg/hydrate/controller.go @@ -27,7 +27,6 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/klog/v2" "kpt.dev/configsync/pkg/api/configsync" - "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/importer/filesystem/cmpath" "kpt.dev/configsync/pkg/metadata" "kpt.dev/configsync/pkg/reconcilermanager" @@ -49,7 +48,7 @@ type Hydrator struct { // DonePath is the absolute path to the done file under the /repo directory. DonePath cmpath.Absolute // SourceType is the type of the source repository, must be git or oci. - SourceType v1beta1.SourceType + SourceType configsync.SourceType // SourceRoot is the absolute path to the source root directory. SourceRoot cmpath.Absolute // HydratedRoot is the absolute path to the hydrated root directory. @@ -338,7 +337,7 @@ func deleteErrorFile(file string) error { // OCI image digest or a helm chart version), the absolute path of the sync // directory, and source errors. // It retries with the provided backoff. -func SourceCommitAndDirWithRetry(backoff wait.Backoff, sourceType v1beta1.SourceType, sourceRevDir cmpath.Absolute, syncDir cmpath.Relative, reconcilerName string) (commit string, sourceDir cmpath.Absolute, _ status.Error) { +func SourceCommitAndDirWithRetry(backoff wait.Backoff, sourceType configsync.SourceType, sourceRevDir cmpath.Absolute, syncDir cmpath.Relative, reconcilerName string) (commit string, sourceDir cmpath.Absolute, _ status.Error) { err := util.RetryWithBackoff(backoff, func() error { var err error commit, sourceDir, err = SourceCommitAndDir(sourceType, sourceRevDir, syncDir, reconcilerName) @@ -352,7 +351,7 @@ func SourceCommitAndDirWithRetry(backoff wait.Backoff, sourceType v1beta1.Source // SourceCommitAndDir returns the source hash (a git commit hash or an OCI image // digest or a helm chart version), the absolute path of the sync directory, // and source errors. -func SourceCommitAndDir(sourceType v1beta1.SourceType, sourceRevDir cmpath.Absolute, syncDir cmpath.Relative, reconcilerName string) (string, cmpath.Absolute, error) { +func SourceCommitAndDir(sourceType configsync.SourceType, sourceRevDir cmpath.Absolute, syncDir cmpath.Relative, reconcilerName string) (string, cmpath.Absolute, error) { sourceRoot := path.Dir(sourceRevDir.OSPath()) if _, err := os.Stat(sourceRoot); err != nil { // It fails to check the source root directory status, either because of @@ -366,11 +365,11 @@ func SourceCommitAndDir(sourceType v1beta1.SourceType, sourceRevDir cmpath.Absol var containerName string switch sourceType { - case v1beta1.OciSource: + case configsync.OciSource: containerName = reconcilermanager.OciSync - case v1beta1.GitSource: + case configsync.GitSource: containerName = reconcilermanager.GitSync - case v1beta1.HelmSource: + case configsync.HelmSource: containerName = reconcilermanager.HelmSync } diff --git a/pkg/hydrate/controller_test.go b/pkg/hydrate/controller_test.go index ab81607a58..c03fb155b6 100644 --- a/pkg/hydrate/controller_test.go +++ b/pkg/hydrate/controller_test.go @@ -24,7 +24,7 @@ import ( "github.com/stretchr/testify/assert" "k8s.io/apimachinery/pkg/util/rand" "k8s.io/apimachinery/pkg/util/wait" - "kpt.dev/configsync/pkg/api/configsync/v1beta1" + "kpt.dev/configsync/pkg/api/configsync" "kpt.dev/configsync/pkg/importer/filesystem/cmpath" ft "kpt.dev/configsync/pkg/importer/filesystem/filesystemtest" "sigs.k8s.io/cli-utils/pkg/testutil" @@ -175,7 +175,7 @@ func TestSourceCommitAndDirWithRetry(t *testing.T) { }() t.Logf("start calling SourceCommitAndDirWithRetry at %v", time.Now()) - srcCommit, srcSyncDir, err := SourceCommitAndDirWithRetry(backoff, v1beta1.GitSource, cmpath.Absolute(commitDir), cmpath.RelativeOS(tc.syncDir), "root-reconciler") + srcCommit, srcSyncDir, err := SourceCommitAndDirWithRetry(backoff, configsync.GitSource, cmpath.Absolute(commitDir), cmpath.RelativeOS(tc.syncDir), "root-reconciler") if tc.expectedErrMsg == "" { assert.Nil(t, err, "got unexpected error %v", err) assert.Equal(t, tc.expectedSourceCommit, srcCommit) @@ -250,7 +250,7 @@ func TestRunHydrate(t *testing.T) { hydrator := &Hydrator{ DonePath: "", - SourceType: v1beta1.HelmSource, + SourceType: configsync.HelmSource, SourceRoot: cmpath.Absolute(commitDir), HydratedRoot: cmpath.Absolute(commitDir), SourceLink: "", diff --git a/pkg/parse/root.go b/pkg/parse/root.go index bd63a0f605..ca8fcf6a9b 100644 --- a/pkg/parse/root.go +++ b/pkg/parse/root.go @@ -218,7 +218,7 @@ func setSourceStatusFields(source *v1beta1.SourceStatus, p Parser, newStatus sou cse := status.ToCSE(newStatus.errs) source.Commit = newStatus.commit switch p.options().SourceType { - case v1beta1.GitSource: + case configsync.GitSource: source.Git = &v1beta1.GitStatus{ Repo: p.options().SourceRepo, Revision: p.options().SourceRev, @@ -227,14 +227,14 @@ func setSourceStatusFields(source *v1beta1.SourceStatus, p Parser, newStatus sou } source.Oci = nil source.Helm = nil - case v1beta1.OciSource: + case configsync.OciSource: source.Oci = &v1beta1.OciStatus{ Image: p.options().SourceRepo, Dir: p.options().SyncDir.SlashPath(), } source.Git = nil source.Helm = nil - case v1beta1.HelmSource: + case configsync.HelmSource: source.Helm = &v1beta1.HelmStatus{ Repo: p.options().SourceRepo, Chart: p.options().SyncDir.SlashPath(), @@ -334,7 +334,7 @@ func setRenderingStatusFields(rendering *v1beta1.RenderingStatus, p Parser, newS cse := status.ToCSE(newStatus.errs) rendering.Commit = newStatus.commit switch p.options().SourceType { - case v1beta1.GitSource: + case configsync.GitSource: rendering.Git = &v1beta1.GitStatus{ Repo: p.options().SourceRepo, Revision: p.options().SourceRev, @@ -343,14 +343,14 @@ func setRenderingStatusFields(rendering *v1beta1.RenderingStatus, p Parser, newS } rendering.Oci = nil rendering.Helm = nil - case v1beta1.OciSource: + case configsync.OciSource: rendering.Oci = &v1beta1.OciStatus{ Image: p.options().SourceRepo, Dir: p.options().SyncDir.SlashPath(), } rendering.Git = nil rendering.Helm = nil - case v1beta1.HelmSource: + case configsync.HelmSource: rendering.Helm = &v1beta1.HelmStatus{ Repo: p.options().SourceRepo, Chart: p.options().SyncDir.SlashPath(), diff --git a/pkg/parse/root_test.go b/pkg/parse/root_test.go index 9495b7412d..c8374122bb 100644 --- a/pkg/parse/root_test.go +++ b/pkg/parse/root_test.go @@ -275,11 +275,11 @@ func TestRoot_Parse(t *testing.T) { format: filesystem.SourceFormatUnstructured, namespaceStrategy: configsync.NamespaceStrategyImplicit, parsed: []ast.FileObject{ - fake.RootSyncV1Beta1("test", fake.WithRootSyncSourceType(v1beta1.GitSource), gitSpec("https://github.com/test/test.git", configsync.AuthNone)), + fake.RootSyncV1Beta1("test", fake.WithRootSyncSourceType(configsync.GitSource), gitSpec("https://github.com/test/test.git", configsync.AuthNone)), }, want: []ast.FileObject{ fake.RootSyncV1Beta1("test", gitSpec("https://github.com/test/test.git", configsync.AuthNone), - fake.WithRootSyncSourceType(v1beta1.GitSource), + fake.WithRootSyncSourceType(configsync.GitSource), core.Label(metadata.ManagedByKey, metadata.ManagedByValue), core.Label(metadata.DeclaredVersionLabel, "v1beta1"), core.Annotation(metadata.DeclaredFieldsKey, `{"f:metadata":{"f:annotations":{},"f:labels":{}},"f:spec":{".":{},"f:git":{".":{},"f:auth":{},"f:period":{},"f:repo":{}},"f:sourceType":{}},"f:status":{".":{},"f:observedGeneration":{},"f:rendering":{".":{},"f:lastUpdate":{}},"f:source":{".":{},"f:lastUpdate":{}},"f:sync":{".":{},"f:lastUpdate":{}}}}`), diff --git a/pkg/parse/run_test.go b/pkg/parse/run_test.go index 58b22ec9ad..ff21210d56 100644 --- a/pkg/parse/run_test.go +++ b/pkg/parse/run_test.go @@ -358,7 +358,7 @@ func TestRun(t *testing.T) { RepoRoot: cmpath.Absolute(rootDir), HydratedRoot: hydratedRoot, HydratedLink: symLink, - SourceType: v1beta1.GitSource, + SourceType: configsync.GitSource, SourceRepo: "https://github.com/test/test.git", SourceBranch: "main", } diff --git a/pkg/parse/source.go b/pkg/parse/source.go index 63ea63cf2a..3a9e1df0ec 100644 --- a/pkg/parse/source.go +++ b/pkg/parse/source.go @@ -24,7 +24,6 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/klog/v2" "kpt.dev/configsync/pkg/api/configsync" - "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/hydrate" "kpt.dev/configsync/pkg/importer/filesystem/cmpath" "kpt.dev/configsync/pkg/metadata" @@ -46,7 +45,7 @@ type FileSource struct { // SyncDir is the path to the directory of policies within the source repository. SyncDir cmpath.Relative // SourceType is the type of the source repository, must be git or oci. - SourceType v1beta1.SourceType + SourceType configsync.SourceType // SourceRepo is the source repo to sync. SourceRepo string // SourceBranch is the branch of the source repo to sync. diff --git a/pkg/reconciler/reconciler.go b/pkg/reconciler/reconciler.go index d1bece3eac..8d7ed75b8f 100644 --- a/pkg/reconciler/reconciler.go +++ b/pkg/reconciler/reconciler.go @@ -23,7 +23,6 @@ import ( "k8s.io/klog/v2" "k8s.io/klog/v2/klogr" "kpt.dev/configsync/pkg/api/configsync" - "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/applier" "kpt.dev/configsync/pkg/client/restconfig" "kpt.dev/configsync/pkg/core" @@ -99,7 +98,7 @@ type Options struct { // SourceRepo is the git or OCI or Helm repo being synced. SourceRepo string // SourceType is the type of the source repository, must be git or oci or Helm. - SourceType v1beta1.SourceType + SourceType configsync.SourceType // SyncDir is the relative path to the configurations in the source. SyncDir cmpath.Relative // StatusMode controls the kpt applier to inject the actuation status data or not diff --git a/pkg/reconcilermanager/controllers/helm_value_files.go b/pkg/reconcilermanager/controllers/helm_value_files.go index b3f3a2a681..76eabc13fe 100644 --- a/pkg/reconcilermanager/controllers/helm_value_files.go +++ b/pkg/reconcilermanager/controllers/helm_value_files.go @@ -94,7 +94,7 @@ func (r *RepoSyncReconciler) getReconcilerHelmConfigMapRefs(rs *v1beta1.RepoSync func (r *RepoSyncReconciler) upsertHelmConfigMaps(ctx context.Context, rs *v1beta1.RepoSync, labelMap map[string]string) error { rsRef := client.ObjectKeyFromObject(rs) var cmNamesToKeep map[string]struct{} - if rs.Spec.SourceType == string(v1beta1.HelmSource) && rs.Spec.Helm != nil { + if rs.Spec.SourceType == string(configsync.HelmSource) && rs.Spec.Helm != nil { cmNamesToKeep = make(map[string]struct{}, len(rs.Spec.Helm.ValuesFileRefs)) for _, vfRef := range rs.Spec.Helm.ValuesFileRefs { userCMRef := types.NamespacedName{ diff --git a/pkg/reconcilermanager/controllers/reposync_controller.go b/pkg/reconcilermanager/controllers/reposync_controller.go index 7d98d2473b..fe028615e9 100644 --- a/pkg/reconcilermanager/controllers/reposync_controller.go +++ b/pkg/reconcilermanager/controllers/reposync_controller.go @@ -230,14 +230,14 @@ func (r *RepoSyncReconciler) upsertManagedObjects(ctx context.Context, reconcile // Overwrite reconciler pod ServiceAccount. var auth configsync.AuthType var gcpSAEmail string - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: auth = rs.Spec.Auth gcpSAEmail = rs.Spec.GCPServiceAccountEmail - case v1beta1.OciSource: + case configsync.OciSource: auth = rs.Spec.Oci.Auth gcpSAEmail = rs.Spec.Oci.GCPServiceAccountEmail - case v1beta1.HelmSource: + case configsync.HelmSource: auth = rs.Spec.Helm.Auth gcpSAEmail = rs.Spec.Helm.GCPServiceAccountEmail default: @@ -493,7 +493,7 @@ func (r *RepoSyncReconciler) Register(mgr controllerruntime.Manager, watchFleetM func (r *RepoSyncReconciler) watchConfigMaps(rs *v1beta1.RepoSync) error { // We add watches dynamically at runtime based on the RepoSync namespace // in order to avoid watching ConfigMaps in the entire cluster. - if rs == nil || rs.Spec.SourceType != string(v1beta1.HelmSource) || rs.Spec.Helm == nil || + if rs == nil || rs.Spec.SourceType != string(configsync.HelmSource) || rs.Spec.Helm == nil || len(rs.Spec.Helm.ValuesFileRefs) == 0 { // TODO: When it's available, we should remove unneeded watches from the controller // when all RepoSyncs with ConfigMap references in a particular namespace are @@ -893,8 +893,8 @@ func (r *RepoSyncReconciler) populateContainerEnvs(ctx context.Context, rs *v1be dynamicNSSelectorEnabled: false, }), } - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: result[reconcilermanager.GitSync] = gitSyncEnvs(ctx, options{ ref: rs.Spec.Git.Revision, branch: rs.Spec.Git.Branch, @@ -910,14 +910,14 @@ func (r *RepoSyncReconciler) populateContainerEnvs(ctx context.Context, rs *v1be if enableAskpassSidecar(rs.Spec.SourceType, rs.Spec.Git.Auth) { result[reconcilermanager.GCENodeAskpassSidecar] = gceNodeAskPassSidecarEnvs(rs.Spec.GCPServiceAccountEmail) } - case v1beta1.OciSource: + case configsync.OciSource: result[reconcilermanager.OciSync] = ociSyncEnvs(ociOptions{ image: rs.Spec.Oci.Image, auth: rs.Spec.Oci.Auth, period: v1beta1.GetPeriod(rs.Spec.Oci.Period, configsync.DefaultReconcilerPollingPeriod).Seconds(), caCertSecretRef: v1beta1.GetSecretName(rs.Spec.Oci.CACertSecretRef), }) - case v1beta1.HelmSource: + case configsync.HelmSource: result[reconcilermanager.HelmSync] = helmSyncEnvs(helmOptions{ helmBase: &rs.Spec.Helm.HelmBase, releaseNamespace: rs.Namespace, @@ -946,12 +946,12 @@ func (r *RepoSyncReconciler) validateRepoSync(ctx context.Context, rs *v1beta1.R } func (r *RepoSyncReconciler) validateSourceSpec(ctx context.Context, rs *v1beta1.RepoSync, reconcilerName string) error { - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: return r.validateGitSpec(ctx, rs, reconcilerName) - case v1beta1.OciSource: + case configsync.OciSource: return r.validateOciSpec(ctx, rs) - case v1beta1.HelmSource: + case configsync.HelmSource: return r.validateHelmSpec(ctx, rs) default: return validate.InvalidSourceType(rs) @@ -961,7 +961,7 @@ func (r *RepoSyncReconciler) validateSourceSpec(ctx context.Context, rs *v1beta1 // validateValuesFileSourcesRefs validates that the ConfigMaps specified in the RSync ValuesFileSources exist and have the // specified data key. func (r *RepoSyncReconciler) validateValuesFileSourcesRefs(ctx context.Context, rs *v1beta1.RepoSync) status.Error { - if rs.Spec.SourceType != string(v1beta1.HelmSource) || rs.Spec.Helm == nil || len(rs.Spec.Helm.ValuesFileRefs) == 0 { + if rs.Spec.SourceType != string(configsync.HelmSource) || rs.Spec.Helm == nil || len(rs.Spec.Helm.ValuesFileRefs) == 0 { return nil } return validate.ValuesFileRefs(ctx, r.client, rs, rs.Spec.Helm.ValuesFileRefs) @@ -995,14 +995,14 @@ func (r *RepoSyncReconciler) validateGitSpec(ctx context.Context, rs *v1beta1.Re func (r *RepoSyncReconciler) validateNamespaceSecret(ctx context.Context, repoSync *v1beta1.RepoSync, reconcilerName string) error { var authType configsync.AuthType var namespaceSecretName string - if repoSync.Spec.SourceType == string(v1beta1.GitSource) { + if repoSync.Spec.SourceType == string(configsync.GitSource) { authType = repoSync.Spec.Auth namespaceSecretName = v1beta1.GetSecretName(repoSync.Spec.SecretRef) - } else if repoSync.Spec.SourceType == string(v1beta1.HelmSource) { + } else if repoSync.Spec.SourceType == string(configsync.HelmSource) { authType = repoSync.Spec.Helm.Auth namespaceSecretName = v1beta1.GetSecretName(repoSync.Spec.Helm.SecretRef) } - if SkipForAuth(authType) { + if !validate.AuthRequiresSecret(configsync.SourceType(repoSync.Spec.SourceType), authType) { // There is no Secret to check for the Config object. return nil } @@ -1115,17 +1115,17 @@ func (r *RepoSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RepoS var gcpSAEmail string var secretRefName string var caCertSecretRefName string - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: auth = rs.Spec.Auth gcpSAEmail = rs.Spec.GCPServiceAccountEmail secretRefName = v1beta1.GetSecretName(rs.Spec.SecretRef) caCertSecretRefName = v1beta1.GetSecretName(rs.Spec.Git.CACertSecretRef) - case v1beta1.OciSource: + case configsync.OciSource: auth = rs.Spec.Oci.Auth gcpSAEmail = rs.Spec.Oci.GCPServiceAccountEmail caCertSecretRefName = v1beta1.GetSecretName(rs.Spec.Oci.CACertSecretRef) - case v1beta1.HelmSource: + case configsync.HelmSource: auth = rs.Spec.Helm.Auth gcpSAEmail = rs.Spec.Helm.GCPServiceAccountEmail secretRefName = v1beta1.GetSecretName(rs.Spec.Helm.SecretRef) @@ -1198,7 +1198,7 @@ func (r *RepoSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RepoS } case reconcilermanager.OciSync: // Don't add the oci-sync container when sourceType is NOT oci. - if v1beta1.SourceType(rs.Spec.SourceType) != v1beta1.OciSource { + if configsync.SourceType(rs.Spec.SourceType) != configsync.OciSource { addContainer = false } else { container.Env = append(container.Env, containerEnvs[container.Name]...) @@ -1207,7 +1207,7 @@ func (r *RepoSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RepoS } case reconcilermanager.HelmSync: // Don't add the helm-sync container when sourceType is NOT helm. - if v1beta1.SourceType(rs.Spec.SourceType) != v1beta1.HelmSource { + if configsync.SourceType(rs.Spec.SourceType) != configsync.HelmSource { addContainer = false } else { container.Env = append(container.Env, containerEnvs[container.Name]...) @@ -1220,7 +1220,7 @@ func (r *RepoSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RepoS } case reconcilermanager.GitSync: // Don't add the git-sync container when sourceType is NOT git. - if v1beta1.SourceType(rs.Spec.SourceType) != v1beta1.GitSource { + if configsync.SourceType(rs.Spec.SourceType) != configsync.GitSource { addContainer = false } else { container.Env = append(container.Env, containerEnvs[container.Name]...) @@ -1264,7 +1264,7 @@ func (r *RepoSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RepoS } func enableAskpassSidecar(sourceType string, auth configsync.AuthType) bool { - if v1beta1.SourceType(sourceType) == v1beta1.GitSource && + if configsync.SourceType(sourceType) == configsync.GitSource && (auth == configsync.AuthGCPServiceAccount || auth == configsync.AuthGCENode) { return true } diff --git a/pkg/reconcilermanager/controllers/reposync_controller_manager_test.go b/pkg/reconcilermanager/controllers/reposync_controller_manager_test.go index 862a005c7e..d96fb762bd 100644 --- a/pkg/reconcilermanager/controllers/reposync_controller_manager_test.go +++ b/pkg/reconcilermanager/controllers/reposync_controller_manager_test.go @@ -52,7 +52,7 @@ func TestRepoSyncReconcilerDeploymentLifecycle(t *testing.T) { t.Log("building RepoSync controller") rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(GitSecretConfigKeySSH), reposyncSecretRef(reposyncSSHKey)) - secretObj := secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace)) + secretObj := secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace)) fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, secretObj) @@ -175,7 +175,7 @@ func TestReconcileInvalidRepoSyncLifecycle(t *testing.T) { t.Log("building RepoSyncReconciler") // rs is an invalid RepoSync as its auth type is set to `token`, but the token key is not configured in the secret. rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthToken), reposyncSecretRef(reposyncSSHKey)) - secretObj := secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace)) + secretObj := secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace)) fakeClient, _, testReconciler := setupNSReconciler(t, secretObj) @@ -248,7 +248,7 @@ func TestReconcileRepoSyncLifecycleValidToInvalid(t *testing.T) { t.Log("building RepoSyncReconciler") rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) - secretObj := secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace)) + secretObj := secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace)) fakeClient, _, testReconciler := setupNSReconciler(t, secretObj) @@ -539,7 +539,7 @@ func TestRepoSyncReconcilerAuthSecretDriftProtection(t *testing.T) { func testRepoSyncDriftProtection(t *testing.T, exampleObj client.Object, objKeyFunc func(client.ObjectKey) client.ObjectKey, modify, validate func(client.Object) error) { t.Log("building RepoSyncReconciler") syncObj := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) - secretObj := secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(syncObj.Namespace)) + secretObj := secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(syncObj.Namespace)) fakeClient, _, testReconciler := setupNSReconciler(t, secretObj) testDriftProtection(t, fakeClient, testReconciler, syncObj, exampleObj, objKeyFunc, modify, validate) } diff --git a/pkg/reconcilermanager/controllers/reposync_controller_test.go b/pkg/reconcilermanager/controllers/reposync_controller_test.go index 31e1b5585d..50570d0062 100644 --- a/pkg/reconcilermanager/controllers/reposync_controller_test.go +++ b/pkg/reconcilermanager/controllers/reposync_controller_test.go @@ -218,14 +218,14 @@ func reposyncNoSSLVerify() func(*v1beta1.RepoSync) { } } -func reposyncCACert(sourceType v1beta1.SourceType, caCertSecretRef string) func(sync *v1beta1.RepoSync) { +func reposyncCACert(sourceType configsync.SourceType, caCertSecretRef string) func(sync *v1beta1.RepoSync) { return func(rs *v1beta1.RepoSync) { switch sourceType { - case v1beta1.GitSource: + case configsync.GitSource: rs.Spec.Git.CACertSecretRef = &v1beta1.SecretReference{Name: caCertSecretRef} - case v1beta1.OciSource: + case configsync.OciSource: rs.Spec.Oci.CACertSecretRef = &v1beta1.SecretReference{Name: caCertSecretRef} - case v1beta1.HelmSource: + case configsync.HelmSource: rs.Spec.Helm.CACertSecretRef = &v1beta1.SecretReference{Name: caCertSecretRef} } } @@ -250,7 +250,7 @@ func repoSync(ns, name string, opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSyn func repoSyncWithGit(ns, name string, opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSync { addGit := func(rs *v1beta1.RepoSync) { - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1beta1.Git{ Repo: reposyncRepo, Dir: reposyncDir, @@ -262,7 +262,7 @@ func repoSyncWithGit(ns, name string, opts ...func(*v1beta1.RepoSync)) *v1beta1. func repoSyncWithOCI(ns, name string, opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSync { addOci := func(rs *v1beta1.RepoSync) { - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Oci = &v1beta1.Oci{ Image: ociImage, Dir: reposyncDir, @@ -274,7 +274,7 @@ func repoSyncWithOCI(ns, name string, opts ...func(*v1beta1.RepoSync)) *v1beta1. func repoSyncWithHelm(ns, name string, opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSync { addHelm := func(rs *v1beta1.RepoSync) { - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRepoSync{HelmBase: v1beta1.HelmBase{ Repo: helmRepo, Chart: helmChart, @@ -356,7 +356,7 @@ func TestCreateAndUpdateNamespaceReconcilerWithOverride(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey), reposyncOverrideResources(overrideReconcilerAndGitSyncResourceLimits)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -496,7 +496,7 @@ func TestUpdateNamespaceReconcilerWithOverride(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -749,7 +749,7 @@ func TestRepoSyncCreateWithNoSSLVerify(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey), reposyncNoSSLVerify()) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -792,7 +792,7 @@ func TestRepoSyncUpdateNoSSLVerify(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncSourceType(gitSourceType), reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1102,11 +1102,11 @@ func TestRepoSyncCreateWithCACert(t *testing.T) { caCertSecret := "foo-secret" rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthToken), reposyncSecretRef(secretName), - reposyncCACert(v1beta1.GitSource, caCertSecret)) + reposyncCACert(configsync.GitSource, caCertSecret)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) gitSecret := secretObjWithProxy(t, secretName, GitSecretConfigKeyToken, core.Namespace(rs.Namespace)) gitSecret.Data[GitSecretConfigKeyTokenUsername] = []byte("test-user") - certSecret := secretObj(t, caCertSecret, GitSecretConfigKeyToken, v1beta1.GitSource, core.Namespace(rs.Namespace)) + certSecret := secretObj(t, caCertSecret, GitSecretConfigKeyToken, configsync.GitSource, core.Namespace(rs.Namespace)) certSecret.Data[CACertSecretKey] = []byte("test-cert") _, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, gitSecret, certSecret) @@ -1147,7 +1147,7 @@ func TestRepoSyncUpdateCACert(t *testing.T) { reqNamespacedName := namespacedName(rs.Name, rs.Namespace) gitSecret := secretObjWithProxy(t, secretName, GitSecretConfigKeyToken, core.Namespace(rs.Namespace)) gitSecret.Data[GitSecretConfigKeyTokenUsername] = []byte("test-user") - certSecret := secretObj(t, caCertSecret, GitSecretConfigKeyToken, v1beta1.GitSource, core.Namespace(rs.Namespace)) + certSecret := secretObj(t, caCertSecret, GitSecretConfigKeyToken, configsync.GitSource, core.Namespace(rs.Namespace)) certSecret.Data[CACertSecretKey] = []byte("test-cert") fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, gitSecret, certSecret) @@ -1268,15 +1268,15 @@ func TestRepoSyncReconcileWithInvalidCACertSecret(t *testing.T) { "git": { repoSync: repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthNone), - reposyncCACert(v1beta1.GitSource, caCertSecret)), + reposyncCACert(configsync.GitSource, caCertSecret)), }, "oci": { repoSync: repoSyncWithOCI(reposyncNs, reposyncName, reposyncOCIAuthType(configsync.AuthNone), - reposyncCACert(v1beta1.OciSource, caCertSecret)), + reposyncCACert(configsync.OciSource, caCertSecret)), }, "helm": { repoSync: repoSyncWithHelm(reposyncNs, reposyncName, reposyncHelmAuthType(configsync.AuthNone), - reposyncCACert(v1beta1.HelmSource, caCertSecret)), + reposyncCACert(configsync.HelmSource, caCertSecret)), }, } for name, tc := range testCases { @@ -1334,7 +1334,7 @@ func TestRepoSyncCreateWithOverrideGitSyncDepth(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey), reposyncOverrideGitSyncDepth(5)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - _, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + _, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1369,7 +1369,7 @@ func TestRepoSyncUpdateOverrideGitSyncDepth(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1522,7 +1522,7 @@ func TestRepoSyncCreateWithOverrideReconcileTimeout(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey), reposyncOverrideReconcileTimeout(metav1.Duration{Duration: 50 * time.Second})) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - _, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + _, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1557,7 +1557,7 @@ func TestRepoSyncUpdateOverrideReconcileTimeout(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1677,7 +1677,7 @@ func TestRepoSyncCreateWithOverrideAPIServerTimeout(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey), reposyncOverrideAPIServerTimeout(metav1.Duration{Duration: 50 * time.Second})) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - _, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + _, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1709,7 +1709,7 @@ func TestRepoSyncUpdateOverrideAPIServerTimeout(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1829,7 +1829,7 @@ func TestRepoSyncSwitchAuthTypes(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthGCPServiceAccount), reposyncGCPSAEmail(gcpSAEmail)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources with GCPServiceAccount auth type. ctx := context.Background() @@ -1951,7 +1951,7 @@ func TestRepoSyncReconcilerRestart(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -2063,7 +2063,7 @@ func TestMultipleRepoSyncs(t *testing.T) { secret5 := secretObjWithProxy(t, secretName, GitSecretConfigKeyToken, core.Namespace(rs5.Namespace)) secret5.Data[GitSecretConfigKeyTokenUsername] = []byte("test-user") - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs1, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs1.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs1, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs1.Namespace))) nsReconcilerName2 := core.NsReconcilerName(rs2.Namespace, rs2.Name) nsReconcilerName3 := core.NsReconcilerName(rs3.Namespace, rs3.Name) @@ -2610,9 +2610,9 @@ func TestMapSecretToRepoSyncs(t *testing.T) { rs1 := repoSyncWithGit("ns1", "rs1", reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) rs2 := repoSyncWithGit("ns1", "rs2", reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) rs3 := repoSyncWithGit("ns1", "rs3", reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(testSecretName)) - rs4 := repoSyncWithGit("ns1", "rs4", reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthNone), reposyncCACert(v1beta1.GitSource, caCertSecret)) - rs5 := repoSyncWithOCI("ns1", "rs5", reposyncOCIAuthType(configsync.AuthNone), reposyncCACert(v1beta1.OciSource, caCertSecret)) - rs6 := repoSyncWithHelm("ns1", "rs6", reposyncHelmAuthType(configsync.AuthNone), reposyncCACert(v1beta1.HelmSource, caCertSecret)) + rs4 := repoSyncWithGit("ns1", "rs4", reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthNone), reposyncCACert(configsync.GitSource, caCertSecret)) + rs5 := repoSyncWithOCI("ns1", "rs5", reposyncOCIAuthType(configsync.AuthNone), reposyncCACert(configsync.OciSource, caCertSecret)) + rs6 := repoSyncWithHelm("ns1", "rs6", reposyncHelmAuthType(configsync.AuthNone), reposyncCACert(configsync.HelmSource, caCertSecret)) ns1rs1ReconcilerName := core.NsReconcilerName(rs1.Namespace, rs1.Name) ns1rs4ReconcilerName := core.NsReconcilerName(rs4.Namespace, rs4.Name) @@ -2958,7 +2958,7 @@ func TestInjectFleetWorkloadIdentityCredentialsToRepoSync(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthGCPServiceAccount), reposyncGCPSAEmail(gcpSAEmail)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // The membership doesn't have WorkloadIdentityPool and IdentityProvider specified, so FWI creds won't be injected. testReconciler.membership = &hubv1.Membership{ Spec: hubv1.MembershipSpec{ @@ -3110,7 +3110,7 @@ func TestRepoSyncWithHelm(t *testing.T) { rs := repoSyncWithHelm(reposyncNs, reposyncName, reposyncHelmAuthType(configsync.AuthToken), reposyncHelmSecretRef(secretName)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - helmSecret := secretObj(t, secretName, configsync.AuthToken, v1beta1.HelmSource, core.Namespace(rs.Namespace)) + helmSecret := secretObj(t, secretName, configsync.AuthToken, configsync.HelmSource, core.Namespace(rs.Namespace)) fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, helmSecret) if _, err := testReconciler.Reconcile(ctx, reqNamespacedName); err != nil { @@ -3632,7 +3632,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the repo sync request, got error: %v", err) } @@ -3647,7 +3647,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the repo sync request, got error: %v", err) } @@ -3662,7 +3662,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the repo sync request, got error: %v", err) } @@ -3677,7 +3677,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Oci = &v1beta1.Oci{} if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the repo sync request, got error: %v", err) @@ -3693,7 +3693,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Oci = &v1beta1.Oci{Image: ociImage} if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the repo sync request, got error: %v", err) @@ -3709,7 +3709,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Oci = nil rs.Spec.Helm = &v1beta1.HelmRepoSync{} if err := fakeClient.Update(ctx, rs); err != nil { @@ -3726,7 +3726,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRepoSync{HelmBase: v1beta1.HelmBase{Repo: helmRepo}} if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the repo sync request, got error: %v", err) @@ -3742,7 +3742,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRepoSync{HelmBase: v1beta1.HelmBase{Repo: helmRepo, Chart: helmChart}} if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the repo sync request, got error: %v", err) @@ -3758,7 +3758,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Git = nil rs.Spec.Helm = nil rs.Spec.Oci = &v1beta1.Oci{Image: ociImage, Auth: configsync.AuthNone} @@ -3784,7 +3784,7 @@ func TestRepoSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the repo sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Git = nil rs.Spec.Oci = nil rs.Spec.Helm = &v1beta1.HelmRepoSync{HelmBase: v1beta1.HelmBase{Repo: helmRepo, Chart: helmChart, Auth: configsync.AuthNone}} @@ -3860,7 +3860,7 @@ func TestRepoSyncReconcileStaleClientCache(t *testing.T) { rs = fake.RepoSyncObjectV1Beta1(reposyncNs, reposyncName) err = fakeClient.Get(ctx, core.ObjectNamespacedName(rs), rs) require.NoError(t, err, "unexpected Get error") - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.ResourceVersion = "2" // doesn't need to be increasing or even numeric err = fakeClient.Update(ctx, rs) require.NoError(t, err, "unexpected Update error") @@ -3981,7 +3981,7 @@ func TestPopulateRepoContainerEnvs(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - _, _, testReconciler := setupNSReconciler(t, tc.repoSync, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(tc.repoSync.Namespace))) + _, _, testReconciler := setupNSReconciler(t, tc.repoSync, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(tc.repoSync.Namespace))) env := testReconciler.populateContainerEnvs(ctx, tc.repoSync, nsReconcilerName) @@ -4000,7 +4000,7 @@ func TestUpdateNamespaceReconcilerLogLevelWithOverride(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -4108,7 +4108,7 @@ func TestCreateAndUpdateNamespaceReconcilerWithOverrideOnAutopilot(t *testing.T) rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthSSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, util.FakeAutopilotWebhookObject(), rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupNSReconciler(t, util.FakeAutopilotWebhookObject(), rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -4271,15 +4271,15 @@ func TestRepoSyncGarbageCollectSecrets(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(configsync.AuthToken), reposyncSecretRef(gitSecret1Name), - reposyncCACert(v1beta1.GitSource, caCertSecret1Name)) + reposyncCACert(configsync.GitSource, caCertSecret1Name)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) gitSecret1 := secretObjWithProxy(t, gitSecret1Name, GitSecretConfigKeyToken, core.Namespace(rs.Namespace)) gitSecret1.Data[GitSecretConfigKeyTokenUsername] = []byte("test-user") - certSecret1 := secretObj(t, caCertSecret1Name, GitSecretConfigKeyToken, v1beta1.GitSource, core.Namespace(rs.Namespace)) + certSecret1 := secretObj(t, caCertSecret1Name, GitSecretConfigKeyToken, configsync.GitSource, core.Namespace(rs.Namespace)) certSecret1.Data[CACertSecretKey] = []byte("test-cert") gitSecret2 := secretObjWithProxy(t, gitSecret2Name, GitSecretConfigKeyToken, core.Namespace(rs.Namespace)) gitSecret2.Data[GitSecretConfigKeyTokenUsername] = []byte("test-user") - certSecret2 := secretObj(t, caCertSecret2Name, GitSecretConfigKeyToken, v1beta1.GitSource, core.Namespace(rs.Namespace)) + certSecret2 := secretObj(t, caCertSecret2Name, GitSecretConfigKeyToken, configsync.GitSource, core.Namespace(rs.Namespace)) certSecret2.Data[CACertSecretKey] = []byte("test-cert") fakeClient, _, testReconciler := setupNSReconciler(t, rs, gitSecret1, certSecret1, gitSecret2, certSecret2) @@ -4352,7 +4352,7 @@ func TestRepoSyncGarbageCollectSecrets(t *testing.T) { // Verify Secret garbage collection behavior with OCI source type rs = repoSyncWithOCI(reposyncNs, reposyncName, reposyncOCIAuthType(configsync.AuthNone), - reposyncCACert(v1beta1.OciSource, caCertSecret1Name)) + reposyncCACert(configsync.OciSource, caCertSecret1Name)) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v, want error: nil", err) } @@ -4366,7 +4366,7 @@ func TestRepoSyncGarbageCollectSecrets(t *testing.T) { // Switch secret reference to a different Secret rs = repoSyncWithOCI(reposyncNs, reposyncName, reposyncOCIAuthType(configsync.AuthNone), - reposyncCACert(v1beta1.OciSource, caCertSecret2Name)) + reposyncCACert(configsync.OciSource, caCertSecret2Name)) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v, want error: nil", err) } @@ -4395,7 +4395,7 @@ func TestRepoSyncGarbageCollectSecrets(t *testing.T) { // Verify Secret garbage collection behavior with helm source type rs = repoSyncWithHelm(reposyncNs, reposyncName, reposyncHelmAuthType(configsync.AuthNone), - reposyncCACert(v1beta1.HelmSource, caCertSecret1Name)) + reposyncCACert(configsync.HelmSource, caCertSecret1Name)) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v, want error: nil", err) } @@ -4409,7 +4409,7 @@ func TestRepoSyncGarbageCollectSecrets(t *testing.T) { // Switch secret reference to a different Secret rs = repoSyncWithHelm(reposyncNs, reposyncName, reposyncHelmAuthType(configsync.AuthNone), - reposyncCACert(v1beta1.HelmSource, caCertSecret2Name)) + reposyncCACert(configsync.HelmSource, caCertSecret2Name)) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v, want error: nil", err) } @@ -4441,7 +4441,7 @@ func TestRepoReconcilerWithoutKnownHosts(t *testing.T) { rs := repoSyncWithGit(reposyncNs, reposyncName, reposyncRef(gitRevision), reposyncBranch(branch), reposyncSecretType(GitSecretConfigKeySSH), reposyncSecretRef(reposyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - _, _, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + _, _, testReconciler := setupNSReconciler(t, rs, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test performing reconcile ctx := context.Background() diff --git a/pkg/reconcilermanager/controllers/rootsync_controller.go b/pkg/reconcilermanager/controllers/rootsync_controller.go index 47ff40dafa..cd257e6aa1 100644 --- a/pkg/reconcilermanager/controllers/rootsync_controller.go +++ b/pkg/reconcilermanager/controllers/rootsync_controller.go @@ -187,14 +187,14 @@ func (r *RootSyncReconciler) upsertManagedObjects(ctx context.Context, reconcile // Overwrite reconciler pod ServiceAccount. var auth configsync.AuthType var gcpSAEmail string - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: auth = rs.Spec.Auth gcpSAEmail = rs.Spec.GCPServiceAccountEmail - case v1beta1.OciSource: + case configsync.OciSource: auth = rs.Spec.Oci.Auth gcpSAEmail = rs.Spec.Oci.GCPServiceAccountEmail - case v1beta1.HelmSource: + case configsync.HelmSource: auth = rs.Spec.Helm.Auth gcpSAEmail = rs.Spec.Helm.GCPServiceAccountEmail default: @@ -774,8 +774,8 @@ func (r *RootSyncReconciler) populateContainerEnvs(ctx context.Context, rs *v1be namespaceStrategyEnv(rs.Spec.SafeOverride().NamespaceStrategy), ), } - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: result[reconcilermanager.GitSync] = gitSyncEnvs(ctx, options{ ref: rs.Spec.Git.Revision, branch: rs.Spec.Git.Branch, @@ -791,14 +791,14 @@ func (r *RootSyncReconciler) populateContainerEnvs(ctx context.Context, rs *v1be if enableAskpassSidecar(rs.Spec.SourceType, rs.Spec.Git.Auth) { result[reconcilermanager.GCENodeAskpassSidecar] = gceNodeAskPassSidecarEnvs(rs.Spec.GCPServiceAccountEmail) } - case v1beta1.OciSource: + case configsync.OciSource: result[reconcilermanager.OciSync] = ociSyncEnvs(ociOptions{ image: rs.Spec.Oci.Image, auth: rs.Spec.Oci.Auth, period: v1beta1.GetPeriod(rs.Spec.Oci.Period, configsync.DefaultReconcilerPollingPeriod).Seconds(), caCertSecretRef: v1beta1.GetSecretName(rs.Spec.Oci.CACertSecretRef), }) - case v1beta1.HelmSource: + case configsync.HelmSource: result[reconcilermanager.HelmSync] = helmSyncEnvs(helmOptions{ helmBase: &rs.Spec.Helm.HelmBase, releaseNamespace: rs.Spec.Helm.Namespace, @@ -830,12 +830,12 @@ func (r *RootSyncReconciler) validateRootSync(ctx context.Context, rs *v1beta1.R } func (r *RootSyncReconciler) validateSourceSpec(ctx context.Context, rs *v1beta1.RootSync, reconcilerName string) error { - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: return r.validateGitSpec(ctx, rs, reconcilerName) - case v1beta1.OciSource: + case configsync.OciSource: return r.validateOciSpec(ctx, rs) - case v1beta1.HelmSource: + case configsync.HelmSource: return r.validateHelmSpec(ctx, rs) default: return validate.InvalidSourceType(rs) @@ -854,7 +854,7 @@ func (r *RootSyncReconciler) validateRoleRefs(roleRefs []v1beta1.RootSyncRoleRef // validateValuesFileSourcesRefs validates that the ConfigMaps specified in the RSync ValuesFileSources exist, are immutable, and have the // specified data key. func (r *RootSyncReconciler) validateValuesFileSourcesRefs(ctx context.Context, rs *v1beta1.RootSync) status.Error { - if rs.Spec.SourceType != string(v1beta1.HelmSource) || rs.Spec.Helm == nil || len(rs.Spec.Helm.ValuesFileRefs) == 0 { + if rs.Spec.SourceType != string(configsync.HelmSource) || rs.Spec.Helm == nil || len(rs.Spec.Helm.ValuesFileRefs) == 0 { return nil } return validate.ValuesFileRefs(ctx, r.client, rs, rs.Spec.Helm.ValuesFileRefs) @@ -891,7 +891,7 @@ func (r *RootSyncReconciler) validateGitSpec(ctx context.Context, rs *v1beta1.Ro // validateRootSecret verify that any necessary Secret is present before creating ConfigMaps and Deployments. func (r *RootSyncReconciler) validateRootSecret(ctx context.Context, rootSync *v1beta1.RootSync, reconcilerName string) error { - if SkipForAuth(rootSync.Spec.Auth) { + if !validate.AuthRequiresSecret(configsync.SourceType(rootSync.Spec.SourceType), rootSync.Spec.Auth) { // There is no Secret to check for the Config object. return nil } @@ -1178,17 +1178,17 @@ func (r *RootSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RootS var gcpSAEmail string var secretRefName string var caCertSecretRefName string - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: auth = rs.Spec.Auth gcpSAEmail = rs.Spec.GCPServiceAccountEmail secretRefName = v1beta1.GetSecretName(rs.Spec.SecretRef) caCertSecretRefName = v1beta1.GetSecretName(rs.Spec.Git.CACertSecretRef) - case v1beta1.OciSource: + case configsync.OciSource: auth = rs.Spec.Oci.Auth gcpSAEmail = rs.Spec.Oci.GCPServiceAccountEmail caCertSecretRefName = v1beta1.GetSecretName(rs.Spec.Oci.CACertSecretRef) - case v1beta1.HelmSource: + case configsync.HelmSource: auth = rs.Spec.Helm.Auth gcpSAEmail = rs.Spec.Helm.GCPServiceAccountEmail secretRefName = v1beta1.GetSecretName(rs.Spec.Helm.SecretRef) @@ -1258,7 +1258,7 @@ func (r *RootSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RootS } case reconcilermanager.OciSync: // Don't add the oci-sync container when sourceType is NOT oci. - if v1beta1.SourceType(rs.Spec.SourceType) != v1beta1.OciSource { + if configsync.SourceType(rs.Spec.SourceType) != configsync.OciSource { addContainer = false } else { container.Env = append(container.Env, containerEnvs[container.Name]...) @@ -1267,7 +1267,7 @@ func (r *RootSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RootS } case reconcilermanager.HelmSync: // Don't add the helm-sync container when sourceType is NOT helm. - if v1beta1.SourceType(rs.Spec.SourceType) != v1beta1.HelmSource { + if configsync.SourceType(rs.Spec.SourceType) != configsync.HelmSource { addContainer = false } else { container.Env = append(container.Env, containerEnvs[container.Name]...) @@ -1280,7 +1280,7 @@ func (r *RootSyncReconciler) mutationsFor(ctx context.Context, rs *v1beta1.RootS } case reconcilermanager.GitSync: // Don't add the git-sync container when sourceType is NOT git. - if v1beta1.SourceType(rs.Spec.SourceType) != v1beta1.GitSource { + if configsync.SourceType(rs.Spec.SourceType) != configsync.GitSource { addContainer = false } else { container.Env = append(container.Env, containerEnvs[container.Name]...) diff --git a/pkg/reconcilermanager/controllers/rootsync_controller_manager_test.go b/pkg/reconcilermanager/controllers/rootsync_controller_manager_test.go index 6ec05cb7e7..a3c78d296a 100644 --- a/pkg/reconcilermanager/controllers/rootsync_controller_manager_test.go +++ b/pkg/reconcilermanager/controllers/rootsync_controller_manager_test.go @@ -64,7 +64,7 @@ func TestRootSyncReconcilerDeploymentLifecycle(t *testing.T) { t.Log("building RootSync controller") rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) - secretObj := secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace)) + secretObj := secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace)) fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, secretObj) @@ -187,7 +187,7 @@ func TestReconcileInvalidRootSyncLifecycle(t *testing.T) { t.Log("building RootSyncReconciler") // rs is an invalid RootSync as its auth type is set to `token`, but the token key is not configured in the secret. rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeyToken), rootsyncSecretRef(rootsyncSSHKey)) - secretObj := secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace)) + secretObj := secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace)) fakeClient, _, testReconciler := setupRootReconciler(t, secretObj) @@ -260,7 +260,7 @@ func TestReconcileRootSyncLifecycleValidToInvalid1(t *testing.T) { t.Log("building RootSyncReconciler") rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) - secretObj := secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace)) + secretObj := secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace)) fakeClient, _, testReconciler := setupRootReconciler(t, secretObj) @@ -498,7 +498,7 @@ func TestRootSyncReconcilerClusterRoleBindingDriftProtection(t *testing.T) { func testRootSyncDriftProtection(t *testing.T, exampleObj client.Object, objKeyFunc func(client.ObjectKey) client.ObjectKey, modify, validate func(client.Object) error) { t.Log("building RootSyncReconciler") syncObj := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) - secretObj := secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(syncObj.Namespace)) + secretObj := secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(syncObj.Namespace)) fakeClient, _, testReconciler := setupRootReconciler(t, secretObj) testDriftProtection(t, fakeClient, testReconciler, syncObj, exampleObj, objKeyFunc, modify, validate) } diff --git a/pkg/reconcilermanager/controllers/rootsync_controller_test.go b/pkg/reconcilermanager/controllers/rootsync_controller_test.go index a5238a37be..7baee13129 100644 --- a/pkg/reconcilermanager/controllers/rootsync_controller_test.go +++ b/pkg/reconcilermanager/controllers/rootsync_controller_test.go @@ -157,7 +157,7 @@ func configMapWithData(namespace, name string, data map[string]string, opts ...c return result } -func secretObj(t *testing.T, name string, auth configsync.AuthType, sourceType v1beta1.SourceType, opts ...core.MetaMutator) *corev1.Secret { +func secretObj(t *testing.T, name string, auth configsync.AuthType, sourceType configsync.SourceType, opts ...core.MetaMutator) *corev1.Secret { t.Helper() result := fake.SecretObject(name, opts...) result.Data = secretData(t, "test-key", auth, sourceType) @@ -167,8 +167,8 @@ func secretObj(t *testing.T, name string, auth configsync.AuthType, sourceType v func secretObjWithProxy(t *testing.T, name string, auth configsync.AuthType, opts ...core.MetaMutator) *corev1.Secret { t.Helper() result := fake.SecretObject(name, opts...) - result.Data = secretData(t, "test-key", auth, v1beta1.GitSource) - m2 := secretData(t, "test-key", "https_proxy", v1beta1.GitSource) + result.Data = secretData(t, "test-key", auth, configsync.GitSource) + m2 := secretData(t, "test-key", "https_proxy", configsync.GitSource) for k, v := range m2 { result.Data[k] = v } @@ -178,7 +178,7 @@ func secretObjWithProxy(t *testing.T, name string, auth configsync.AuthType, opt func secretObjWithKnownHosts(t *testing.T, name string, opts ...core.MetaMutator) *corev1.Secret { t.Helper() result := fake.SecretObject(name, opts...) - result.Data = secretData(t, "test-key", configsync.AuthSSH, v1beta1.GitSource) + result.Data = secretData(t, "test-key", configsync.AuthSSH, configsync.GitSource) result.Data[KnownHostsKey] = []byte("abc") return result } @@ -299,14 +299,14 @@ func rootsyncNoSSLVerify() func(*v1beta1.RootSync) { } } -func rootsyncCACert(sourceType v1beta1.SourceType, caCertSecretRef string) func(*v1beta1.RootSync) { +func rootsyncCACert(sourceType configsync.SourceType, caCertSecretRef string) func(*v1beta1.RootSync) { return func(rs *v1beta1.RootSync) { switch sourceType { - case v1beta1.GitSource: + case configsync.GitSource: rs.Spec.Git.CACertSecretRef = &v1beta1.SecretReference{Name: caCertSecretRef} - case v1beta1.OciSource: + case configsync.OciSource: rs.Spec.Oci.CACertSecretRef = &v1beta1.SecretReference{Name: caCertSecretRef} - case v1beta1.HelmSource: + case configsync.HelmSource: rs.Spec.Helm.CACertSecretRef = &v1beta1.SecretReference{Name: caCertSecretRef} } } @@ -338,7 +338,7 @@ func rootSync(name string, opts ...func(*v1beta1.RootSync)) *v1beta1.RootSync { func rootSyncWithGit(name string, opts ...func(*v1beta1.RootSync)) *v1beta1.RootSync { addGit := func(rs *v1beta1.RootSync) { - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1beta1.Git{ Repo: rootsyncRepo, Dir: rootsyncDir, @@ -350,7 +350,7 @@ func rootSyncWithGit(name string, opts ...func(*v1beta1.RootSync)) *v1beta1.Root func rootSyncWithOCI(name string, opts ...func(*v1beta1.RootSync)) *v1beta1.RootSync { addOci := func(rs *v1beta1.RootSync) { - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Oci = &v1beta1.Oci{ Image: ociImage, Dir: rootsyncDir, @@ -362,7 +362,7 @@ func rootSyncWithOCI(name string, opts ...func(*v1beta1.RootSync)) *v1beta1.Root func rootSyncWithHelm(name string, opts ...func(*v1beta1.RootSync)) *v1beta1.RootSync { addHelm := func(rs *v1beta1.RootSync) { - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRootSync{HelmBase: v1beta1.HelmBase{ Repo: helmRepo, Chart: helmChart, @@ -404,7 +404,7 @@ func TestCreateAndUpdateRootReconcilerWithOverride(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey), rootsyncOverrideResources(overrideAllContainerResources)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -528,7 +528,7 @@ func TestUpdateRootReconcilerWithOverride(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -764,7 +764,7 @@ func TestRootSyncCreateWithNoSSLVerify(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey), rootsyncNoSSLVerify()) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -802,7 +802,7 @@ func TestRootSyncUpdateNoSSLVerify(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -926,11 +926,11 @@ func TestRootSyncCreateWithCACertSecret(t *testing.T) { caCertSecret := "foo-secret" rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(configsync.AuthToken), rootsyncSecretRef(secretName), - rootsyncCACert(v1beta1.GitSource, caCertSecret)) + rootsyncCACert(configsync.GitSource, caCertSecret)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) gitSecret := secretObjWithProxy(t, secretName, GitSecretConfigKeyToken, core.Namespace(rs.Namespace)) gitSecret.Data[GitSecretConfigKeyTokenUsername] = []byte("test-user") - certSecret := secretObj(t, caCertSecret, GitSecretConfigKeyToken, v1beta1.GitSource, core.Namespace(rs.Namespace)) + certSecret := secretObj(t, caCertSecret, GitSecretConfigKeyToken, configsync.GitSource, core.Namespace(rs.Namespace)) certSecret.Data[CACertSecretKey] = []byte("test-data") fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, gitSecret, certSecret) @@ -972,7 +972,7 @@ func TestRootSyncUpdateCACertSecret(t *testing.T) { reqNamespacedName := namespacedName(rs.Name, rs.Namespace) gitSecret := secretObjWithProxy(t, secretName, GitSecretConfigKeyToken, core.Namespace(rs.Namespace)) gitSecret.Data[GitSecretConfigKeyTokenUsername] = []byte("test-user") - certSecret := secretObj(t, caCertSecret, GitSecretConfigKeyToken, v1beta1.GitSource, core.Namespace(rs.Namespace)) + certSecret := secretObj(t, caCertSecret, GitSecretConfigKeyToken, configsync.GitSource, core.Namespace(rs.Namespace)) certSecret.Data[CACertSecretKey] = []byte("test-data") fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, gitSecret, certSecret) @@ -1097,15 +1097,15 @@ func TestRootSyncReconcileWithInvalidCACertSecret(t *testing.T) { "git": { rootSync: rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(configsync.AuthNone), - rootsyncCACert(v1beta1.GitSource, caCertSecret)), + rootsyncCACert(configsync.GitSource, caCertSecret)), }, "oci": { rootSync: rootSyncWithOCI(rootsyncName, rootsyncOCIAuthType(configsync.AuthNone), - rootsyncCACert(v1beta1.OciSource, caCertSecret)), + rootsyncCACert(configsync.OciSource, caCertSecret)), }, "helm": { rootSync: rootSyncWithHelm(rootsyncName, rootsyncHelmAuthType(configsync.AuthNone), - rootsyncCACert(v1beta1.HelmSource, caCertSecret)), + rootsyncCACert(configsync.HelmSource, caCertSecret)), }, } for name, tc := range testCases { @@ -1162,7 +1162,7 @@ func TestRootSyncCreateWithOverrideGitSyncDepth(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey), rootsyncOverrideGitSyncDepth(5)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1200,7 +1200,7 @@ func TestRootSyncUpdateOverrideGitSyncDepth(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1358,7 +1358,7 @@ func TestRootSyncCreateWithOverrideReconcileTimeout(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey), rootsyncOverrideReconcileTimeout(metav1.Duration{Duration: 50 * time.Second})) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1396,7 +1396,7 @@ func TestRootSyncUpdateOverrideReconcileTimeout(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1520,7 +1520,7 @@ func TestRootSyncCreateWithOverrideAPIServerTimeout(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey), rootsyncOverrideReconcileTimeout(metav1.Duration{Duration: 50 * time.Second})) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1555,7 +1555,7 @@ func TestRootSyncUpdateOverrideAPIServerTimeout(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -1899,7 +1899,7 @@ func TestRootSyncSwitchAuthTypes(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(configsync.AuthGCPServiceAccount), rootsyncGCPSAEmail(gcpSAEmail)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources with GCPServiceAccount auth type. ctx := context.Background() @@ -2025,7 +2025,7 @@ func TestRootSyncReconcilerRestart(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -2123,7 +2123,7 @@ func TestMultipleRootSyncs(t *testing.T) { secret5 := secretObjWithProxy(t, secretName, GitSecretConfigKeyToken, core.Namespace(rs5.Namespace)) secret5.Data[GitSecretConfigKeyTokenUsername] = []byte("test-user") - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs1, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs1.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs1, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs1.Namespace))) rootReconcilerName2 := core.RootReconcilerName(rs2.Name) rootReconcilerName3 := core.RootReconcilerName(rs3.Name) @@ -2722,9 +2722,9 @@ func TestMapSecretToRootSyncs(t *testing.T) { rs1 := rootSyncWithGit("rs-1", rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) rs2 := rootSyncWithGit("rs-2", rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) rs3 := rootSyncWithGit("rs-3", rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(testSecretName)) - rs4 := rootSyncWithGit("rs-4", rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(configsync.AuthNone), rootsyncCACert(v1beta1.GitSource, caCertSecret)) - rs5 := rootSyncWithOCI("rs-5", rootsyncOCIAuthType(configsync.AuthNone), rootsyncCACert(v1beta1.OciSource, caCertSecret)) - rs6 := rootSyncWithHelm("rs-6", rootsyncHelmAuthType(configsync.AuthNone), rootsyncCACert(v1beta1.HelmSource, caCertSecret)) + rs4 := rootSyncWithGit("rs-4", rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(configsync.AuthNone), rootsyncCACert(configsync.GitSource, caCertSecret)) + rs5 := rootSyncWithOCI("rs-5", rootsyncOCIAuthType(configsync.AuthNone), rootsyncCACert(configsync.OciSource, caCertSecret)) + rs6 := rootSyncWithHelm("rs-6", rootsyncHelmAuthType(configsync.AuthNone), rootsyncCACert(configsync.HelmSource, caCertSecret)) testCases := []struct { name string @@ -2831,7 +2831,7 @@ func TestInjectFleetWorkloadIdentityCredentialsToRootSync(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(configsync.AuthGCPServiceAccount), rootsyncGCPSAEmail(gcpSAEmail)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // The membership doesn't have WorkloadIdentityPool and IdentityProvider specified, so FWI creds won't be injected. testReconciler.membership = &hubv1.Membership{ Spec: hubv1.MembershipSpec{ @@ -2987,7 +2987,7 @@ func TestRootSyncWithHelm(t *testing.T) { rs := rootSyncWithHelm(rootsyncName, rootsyncHelmAuthType(configsync.AuthToken), rootsyncHelmSecretRef(secretName)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - helmSecret := secretObj(t, secretName, configsync.AuthToken, v1beta1.HelmSource, core.Namespace(rs.Namespace)) + helmSecret := secretObj(t, secretName, configsync.AuthToken, configsync.HelmSource, core.Namespace(rs.Namespace)) fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, helmSecret) if _, err := testReconciler.Reconcile(ctx, reqNamespacedName); err != nil { @@ -3509,7 +3509,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v", err) } @@ -3524,7 +3524,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v", err) } @@ -3539,7 +3539,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v", err) } @@ -3554,7 +3554,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Oci = &v1beta1.Oci{} if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v", err) @@ -3570,7 +3570,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Oci = &v1beta1.Oci{Image: ociImage} if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v", err) @@ -3586,7 +3586,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRootSync{} rs.Spec.Oci = nil if err := fakeClient.Update(ctx, rs); err != nil { @@ -3603,7 +3603,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRootSync{HelmBase: v1beta1.HelmBase{Repo: helmRepo}} if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v", err) @@ -3619,7 +3619,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRootSync{HelmBase: v1beta1.HelmBase{Repo: helmRepo, Chart: helmChart}} if err := fakeClient.Update(ctx, rs); err != nil { t.Fatalf("failed to update the root sync request, got error: %v", err) @@ -3635,7 +3635,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Git = nil rs.Spec.Helm = nil rs.Spec.Oci = &v1beta1.Oci{Image: ociImage, Auth: configsync.AuthNone} @@ -3661,7 +3661,7 @@ func TestRootSyncSpecValidation(t *testing.T) { if err := fakeClient.Get(ctx, client.ObjectKeyFromObject(rs), rs); err != nil { t.Fatalf("failed to get the root sync: %v", err) } - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Git = nil rs.Spec.Oci = nil rs.Spec.Helm = &v1beta1.HelmRootSync{HelmBase: v1beta1.HelmBase{Repo: helmRepo, Chart: helmChart, Auth: configsync.AuthNone}} @@ -3739,7 +3739,7 @@ func TestRootSyncReconcileStaleClientCache(t *testing.T) { rs = fake.RootSyncObjectV1Beta1(rootsyncName) err = fakeClient.Get(ctx, core.ObjectNamespacedName(rs), rs) require.NoError(t, err, "unexpected Get error") - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) err = fakeClient.Update(ctx, rs) require.NoError(t, err, "unexpected Update error") @@ -3871,7 +3871,7 @@ func TestPopulateRootContainerEnvs(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - _, _, testReconciler := setupRootReconciler(t, tc.rootSync, secretObj(t, reposyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(tc.rootSync.Namespace))) + _, _, testReconciler := setupRootReconciler(t, tc.rootSync, secretObj(t, reposyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(tc.rootSync.Namespace))) env := testReconciler.populateContainerEnvs(ctx, tc.rootSync, rootReconcilerName) @@ -3890,7 +3890,7 @@ func TestUpdateRootReconcilerLogLevelWithOverride(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -3989,7 +3989,7 @@ func TestCreateAndUpdateRootReconcilerWithOverrideOnAutopilot(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, util.FakeAutopilotWebhookObject(), rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + fakeClient, fakeDynamicClient, testReconciler := setupRootReconciler(t, util.FakeAutopilotWebhookObject(), rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test creating Deployment resources. ctx := context.Background() @@ -4132,7 +4132,7 @@ func TestRootReconcilerWithoutKnownHosts(t *testing.T) { rs := rootSyncWithGit(rootsyncName, rootsyncRef(gitRevision), rootsyncBranch(branch), rootsyncSecretType(GitSecretConfigKeySSH), rootsyncSecretRef(rootsyncSSHKey)) reqNamespacedName := namespacedName(rs.Name, rs.Namespace) - _, _, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, v1beta1.GitSource, core.Namespace(rs.Namespace))) + _, _, testReconciler := setupRootReconciler(t, rs, secretObj(t, rootsyncSSHKey, configsync.AuthSSH, configsync.GitSource, core.Namespace(rs.Namespace))) // Test performing reconcile ctx := context.Background() diff --git a/pkg/reconcilermanager/controllers/secret.go b/pkg/reconcilermanager/controllers/secret.go index ef8f228269..7b0c7af3bb 100644 --- a/pkg/reconcilermanager/controllers/secret.go +++ b/pkg/reconcilermanager/controllers/secret.go @@ -24,6 +24,7 @@ import ( "kpt.dev/configsync/pkg/api/configsync" "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/core" + "kpt.dev/configsync/pkg/validate/raw/validate" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ) @@ -35,28 +36,26 @@ func isUpsertedSecret(rs *v1beta1.RepoSync, secretName string) bool { if name, ok := getCACertName(rs); ok && useCACert(name) && secretName == ReconcilerResourceName(reconcilerName, name) { return true } - if shouldUpsertGitSecret(rs) && secretName == ReconcilerResourceName(reconcilerName, v1beta1.GetSecretName(rs.Spec.Git.SecretRef)) { - return true - } - if shouldUpsertHelmSecret(rs) && secretName == ReconcilerResourceName(reconcilerName, v1beta1.GetSecretName(rs.Spec.Helm.SecretRef)) { + secRef, shouldUpsert := shouldUpsertSecret(rs) + if shouldUpsert && secretName == ReconcilerResourceName(reconcilerName, v1beta1.GetSecretName(secRef)) { return true } return false } func getCACertName(rs *v1beta1.RepoSync) (string, bool) { - switch v1beta1.SourceType(rs.Spec.SourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(rs.Spec.SourceType) { + case configsync.GitSource: if rs.Spec.Git == nil || rs.Spec.Git.CACertSecretRef == nil { return "", false } return v1beta1.GetSecretName(rs.Spec.Git.CACertSecretRef), true - case v1beta1.OciSource: + case configsync.OciSource: if rs.Spec.Oci == nil || rs.Spec.Oci.CACertSecretRef == nil { return "", false } return v1beta1.GetSecretName(rs.Spec.Oci.CACertSecretRef), true - case v1beta1.HelmSource: + case configsync.HelmSource: if rs.Spec.Helm == nil || rs.Spec.Helm.CACertSecretRef == nil { return "", false } @@ -66,12 +65,23 @@ func getCACertName(rs *v1beta1.RepoSync) (string, bool) { } } -func shouldUpsertGitSecret(rs *v1beta1.RepoSync) bool { - return v1beta1.SourceType(rs.Spec.SourceType) == v1beta1.GitSource && rs.Spec.Git != nil && rs.Spec.Git.SecretRef != nil && !SkipForAuth(rs.Spec.Auth) -} - -func shouldUpsertHelmSecret(rs *v1beta1.RepoSync) bool { - return v1beta1.SourceType(rs.Spec.SourceType) == v1beta1.HelmSource && rs.Spec.Helm != nil && rs.Spec.Helm.SecretRef != nil && !SkipForAuth(rs.Spec.Helm.Auth) +func shouldUpsertSecret(rs *v1beta1.RepoSync) (*v1beta1.SecretReference, bool) { + sourceType := configsync.SourceType(rs.Spec.SourceType) + switch sourceType { + case configsync.GitSource: + upsert := validate.AuthRequiresSecret(sourceType, rs.Spec.Auth) && + rs.Spec.Git != nil && rs.Spec.Git.SecretRef != nil + if upsert { + return rs.Spec.Git.SecretRef, true + } + case configsync.HelmSource: + upsert := validate.AuthRequiresSecret(sourceType, rs.Spec.Helm.Auth) && + rs.Spec.Helm != nil && rs.Spec.Helm.SecretRef != nil + if upsert { + return rs.Spec.Helm.SecretRef, true + } + } + return nil, false } // upsertAuthSecret creates or updates the auth secret in the @@ -79,27 +89,18 @@ func shouldUpsertHelmSecret(rs *v1beta1.RepoSync) bool { // namespace. func (r *reconcilerBase) upsertAuthSecret(ctx context.Context, rs *v1beta1.RepoSync, reconcilerRef types.NamespacedName, labelMap map[string]string) (client.ObjectKey, error) { rsRef := client.ObjectKeyFromObject(rs) - switch { - case shouldUpsertGitSecret(rs): - nsSecretRef, cmsSecretRef := getSecretRefs(rsRef, reconcilerRef, v1beta1.GetSecretName(rs.Spec.Git.SecretRef)) - userSecret, err := getUserSecret(ctx, r.client, nsSecretRef) - if err != nil { - return cmsSecretRef, errors.Wrap(err, "user secret required for git client authentication") - } - _, err = r.upsertSecret(ctx, cmsSecretRef, userSecret, labelMap) - return cmsSecretRef, err - case shouldUpsertHelmSecret(rs): - nsSecretRef, cmsSecretRef := getSecretRefs(rsRef, reconcilerRef, v1beta1.GetSecretName(rs.Spec.Helm.SecretRef)) - userSecret, err := getUserSecret(ctx, r.client, nsSecretRef) - if err != nil { - return cmsSecretRef, errors.Wrap(err, "user secret required for helm client authentication") - } - _, err = r.upsertSecret(ctx, cmsSecretRef, userSecret, labelMap) - return cmsSecretRef, err - default: + secRef, shouldUpsert := shouldUpsertSecret(rs) + if !shouldUpsert { // No secret required return client.ObjectKey{}, nil } + nsSecretRef, cmsSecretRef := getSecretRefs(rsRef, reconcilerRef, v1beta1.GetSecretName(secRef)) + userSecret, err := getUserSecret(ctx, r.client, nsSecretRef) + if err != nil { + return cmsSecretRef, errors.Wrapf(err, "user secret required for %s client authentication", rs.Spec.SourceType) + } + _, err = r.upsertSecret(ctx, cmsSecretRef, userSecret, labelMap) + return cmsSecretRef, err } // upsertCACertSecret creates or updates the CA cert secret in the @@ -192,15 +193,3 @@ func GetSecretKeys(ctx context.Context, c client.Client, sRef types.NamespacedNa func getSecret(ctx context.Context, c client.Client, sRef types.NamespacedName, secret *corev1.Secret) error { return c.Get(ctx, sRef, secret) } - -// SkipForAuth returns true if the passed auth is either 'none' or 'gcenode', -// 'gcpserviceaccount', or 'k8sserviceaccount'. -func SkipForAuth(auth configsync.AuthType) bool { - switch auth { - case configsync.AuthNone, configsync.AuthGCENode, - configsync.AuthGCPServiceAccount, configsync.AuthK8sServiceAccount: - return true - default: - return false - } -} diff --git a/pkg/reconcilermanager/controllers/secret_test.go b/pkg/reconcilermanager/controllers/secret_test.go index ac59d4c12f..0cbeb5199c 100644 --- a/pkg/reconcilermanager/controllers/secret_test.go +++ b/pkg/reconcilermanager/controllers/secret_test.go @@ -38,8 +38,8 @@ import ( const ( sshAuth = configsync.AuthSSH tokenAuth = configsync.AuthToken - gitSource = v1beta1.GitSource - helmSource = v1beta1.HelmSource + gitSource = configsync.GitSource + helmSource = configsync.HelmSource gitSecretName = "ssh-key" helmSecretName = "token" keyData = "test-key" @@ -52,15 +52,15 @@ var nsReconcilerKey = types.NamespacedName{ Name: nsReconcilerName, } -func repoSyncWithAuth(ns, name string, auth configsync.AuthType, sourceType v1beta1.SourceType, opts ...core.MetaMutator) *v1beta1.RepoSync { +func repoSyncWithAuth(ns, name string, auth configsync.AuthType, sourceType configsync.SourceType, opts ...core.MetaMutator) *v1beta1.RepoSync { result := fake.RepoSyncObjectV1Beta1(ns, name, opts...) result.Spec.SourceType = string(sourceType) - if sourceType == v1beta1.GitSource { + if sourceType == configsync.GitSource { result.Spec.Git = &v1beta1.Git{ Auth: auth, SecretRef: &v1beta1.SecretReference{Name: gitSecretName}, } - } else if sourceType == v1beta1.HelmSource { + } else if sourceType == configsync.HelmSource { result.Spec.Helm = &v1beta1.HelmRepoSync{HelmBase: v1beta1.HelmBase{ Auth: auth, SecretRef: &v1beta1.SecretReference{Name: helmSecretName}, @@ -69,7 +69,7 @@ func repoSyncWithAuth(ns, name string, auth configsync.AuthType, sourceType v1be return result } -func secret(t *testing.T, name, data string, auth configsync.AuthType, sourceType v1beta1.SourceType, opts ...core.MetaMutator) *corev1.Secret { +func secret(t *testing.T, name, data string, auth configsync.AuthType, sourceType configsync.SourceType, opts ...core.MetaMutator) *corev1.Secret { t.Helper() result := fake.SecretObject(name, opts...) result.Data = secretData(t, data, auth, sourceType) @@ -82,13 +82,13 @@ func secret(t *testing.T, name, data string, auth configsync.AuthType, sourceTyp return result } -func secretData(t *testing.T, data string, auth configsync.AuthType, sourceType v1beta1.SourceType) map[string][]byte { +func secretData(t *testing.T, data string, auth configsync.AuthType, sourceType configsync.SourceType) map[string][]byte { t.Helper() key, err := json.Marshal(data) if err != nil { t.Fatalf("failed to marshal test key: %v", err) } - if auth == configsync.AuthToken && sourceType == v1beta1.HelmSource { + if auth == configsync.AuthToken && sourceType == configsync.HelmSource { return map[string][]byte{ "username": key, "password": key, diff --git a/pkg/reconcilermanager/controllers/util.go b/pkg/reconcilermanager/controllers/util.go index 9f7924bf38..bc9ad88c49 100644 --- a/pkg/reconcilermanager/controllers/util.go +++ b/pkg/reconcilermanager/controllers/util.go @@ -55,12 +55,12 @@ type hydrationOptions struct { func hydrationEnvs(opts hydrationOptions) []corev1.EnvVar { var result []corev1.EnvVar var syncDir string - switch v1beta1.SourceType(opts.sourceType) { - case v1beta1.OciSource: + switch configsync.SourceType(opts.sourceType) { + case configsync.OciSource: syncDir = opts.ociConfig.Dir - case v1beta1.GitSource: + case configsync.GitSource: syncDir = opts.gitConfig.Dir - case v1beta1.HelmSource: + case configsync.HelmSource: syncDir = "." } @@ -122,11 +122,11 @@ func reconcilerEnvs(opts reconcilerOptions) []corev1.EnvVar { var syncBranch string var syncRevision string var syncDir string - switch v1beta1.SourceType(opts.sourceType) { - case v1beta1.OciSource: + switch configsync.SourceType(opts.sourceType) { + case configsync.OciSource: syncRepo = opts.ociConfig.Image syncDir = opts.ociConfig.Dir - case v1beta1.HelmSource: + case configsync.HelmSource: syncRepo = opts.helmConfig.Repo syncDir = opts.helmConfig.Chart if opts.helmConfig.Version != "" { @@ -134,7 +134,7 @@ func reconcilerEnvs(opts reconcilerOptions) []corev1.EnvVar { } else { syncRevision = "latest" } - case v1beta1.GitSource: + case configsync.GitSource: syncRepo = opts.gitConfig.Repo syncDir = opts.gitConfig.Dir if opts.gitConfig.Branch != "" { diff --git a/pkg/reconcilermanager/controllers/validate_secret_test.go b/pkg/reconcilermanager/controllers/validate_secret_test.go index cfd9bc9c5c..76f15ce98b 100644 --- a/pkg/reconcilermanager/controllers/validate_secret_test.go +++ b/pkg/reconcilermanager/controllers/validate_secret_test.go @@ -21,7 +21,6 @@ import ( "github.com/google/go-cmp/cmp" corev1 "k8s.io/api/core/v1" "kpt.dev/configsync/pkg/api/configsync" - "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/core" syncerFake "kpt.dev/configsync/pkg/syncer/syncertest/fake" ) @@ -38,7 +37,7 @@ func TestValidateSecretExist(t *testing.T) { name: "Secret present", secretNamespace: "bookinfo", secretReference: "ssh-key", - wantSecret: secretObj(t, "ssh-key", configsync.AuthSSH, v1beta1.GitSource, + wantSecret: secretObj(t, "ssh-key", configsync.AuthSSH, configsync.GitSource, core.Namespace("bookinfo"), core.UID("1"), core.ResourceVersion("1"), core.Generation(1), ), @@ -53,7 +52,7 @@ func TestValidateSecretExist(t *testing.T) { } ctx := context.Background() - fakeClient := syncerFake.NewClient(t, core.Scheme, secretObj(t, "ssh-key", configsync.AuthSSH, v1beta1.GitSource, core.Namespace("bookinfo"))) + fakeClient := syncerFake.NewClient(t, core.Scheme, secretObj(t, "ssh-key", configsync.AuthSSH, configsync.GitSource, core.Namespace("bookinfo"))) for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { @@ -83,12 +82,12 @@ func TestValidateSecretData(t *testing.T) { { name: "SSH auth data present", auth: configsync.AuthSSH, - secret: secretObj(t, "ssh-key", configsync.AuthSSH, v1beta1.GitSource, core.Namespace("bookinfo")), + secret: secretObj(t, "ssh-key", configsync.AuthSSH, configsync.GitSource, core.Namespace("bookinfo")), }, { name: "Cookiefile auth data present", auth: configsync.AuthCookieFile, - secret: secretObj(t, "ssh-key", "cookie_file", v1beta1.GitSource, core.Namespace("bookinfo")), + secret: secretObj(t, "ssh-key", "cookie_file", configsync.GitSource, core.Namespace("bookinfo")), }, { name: "None auth", diff --git a/pkg/reconcilermanager/controllers/volumes.go b/pkg/reconcilermanager/controllers/volumes.go index f11f724a02..1a6f3d02e0 100644 --- a/pkg/reconcilermanager/controllers/volumes.go +++ b/pkg/reconcilermanager/controllers/volumes.go @@ -21,9 +21,9 @@ import ( corev1 "k8s.io/api/core/v1" "kpt.dev/configsync/pkg/api/configsync" - "kpt.dev/configsync/pkg/api/configsync/v1beta1" hubv1 "kpt.dev/configsync/pkg/api/hub/v1" "kpt.dev/configsync/pkg/metadata" + "kpt.dev/configsync/pkg/validate/raw/validate" ) // GitCredentialVolume is the volume name of the git credentials. @@ -49,26 +49,25 @@ var defaultMode int32 = 0644 // It sets to 48 hours. var expirationSeconds = int64((48 * time.Hour).Seconds()) -// filterVolumes returns the volumes depending on different auth types. -// If authType is `none`, `gcenode`, or `gcpserviceaccount`, it won't mount the `git-creds` volume. -// If authType is `gcpserviceaccount` with fleet membership available, it also mounts a `gcp-ksa` volume. +// filterVolumes returns a list of PodSpec.Volumes depending on different auth types: +// 1. Keep the existing `git-creds` volume ONLY when the auth type is `ssh`, `token`, or `cookiefile`. +// 2. Keep the existing `helm-creds` volume ONLY when the auth type is `token`. +// 3. Add a new `ca-cert` volume ONLY when it is specified. +// 4. Add a new `gcp-ksa` volume ONLY when the auth type is `gcpserviceaccount` or `ks8serviceaccount` with fleet membership available. +// 5. Keep any other existing volumes that are not listed above. func filterVolumes(existing []corev1.Volume, authType configsync.AuthType, secretName, caCertSecretName, sourceType string, membership *hubv1.Membership) []corev1.Volume { var updatedVolumes []corev1.Volume - + requireSecret := validate.AuthRequiresSecret(configsync.SourceType(sourceType), authType) for _, volume := range existing { - if volume.Name == GitCredentialVolume { - // Don't mount git-creds volume if auth is 'none', 'gcenode', or 'gcpserviceaccount' - if SkipForAuth(authType) || sourceType != string(v1beta1.GitSource) { - continue - } - volume.Secret.SecretName = secretName - } else if volume.Name == HelmCredentialVolume { - if SkipForAuth(authType) || sourceType != string(v1beta1.HelmSource) { - continue - } + if volume.Name != GitCredentialVolume && volume.Name != HelmCredentialVolume { + // Keep any other existing volumes that are not credentials. + updatedVolumes = append(updatedVolumes, volume) + } else if requireSecret { + // Keep existing creds volume only when required volume.Secret.SecretName = secretName + updatedVolumes = append(updatedVolumes, volume) } - updatedVolumes = append(updatedVolumes, volume) + } if useCACert(caCertSecretName) { @@ -123,8 +122,12 @@ func filterVolumes(existing []corev1.Volume, authType configsync.AuthType, secre return updatedVolumes } -// volumeMounts returns a sorted list of VolumeMounts by filtering out git-creds -// VolumeMount when secret is 'none' or 'gcenode'. +// volumeMounts returns a sorted list of container.VolumeMounts depending on different auth types: +// 1. Keep the existing `git-creds` volumeMount ONLY when the auth type is `ssh`, `token`, or `cookiefile`. +// 2. Keep the existing `helm-creds` volumeMount ONLY when the auth type is `token`. +// 3. Add a new `ca-cert` volumeMount ONLY when it is specified. +// 4. Keep any other existing volumeMount that are not listed above. +// Note: the `gcp-ksa` volumeMount is added by the `injectFWICredsToContainer` function. func volumeMounts(auth configsync.AuthType, caCertSecretRef, sourceType string, vm []corev1.VolumeMount) []corev1.VolumeMount { var volumeMount []corev1.VolumeMount if useCACert(caCertSecretRef) { @@ -135,13 +138,12 @@ func volumeMounts(auth configsync.AuthType, caCertSecretRef, sourceType string, }) } for _, volume := range vm { - if volume.Name == GitCredentialVolume && (SkipForAuth(auth) || sourceType != string(v1beta1.GitSource)) { - continue - } - if volume.Name == HelmCredentialVolume && (SkipForAuth(auth) || sourceType != string(v1beta1.HelmSource)) { - continue + // Keep any existing volumeMounts that are not credentials, and also + // keep the credentials volumeMount when required + if volume.Name != GitCredentialVolume && volume.Name != HelmCredentialVolume || + validate.AuthRequiresSecret(configsync.SourceType(sourceType), auth) { + volumeMount = append(volumeMount, volume) } - volumeMount = append(volumeMount, volume) } sort.Slice(volumeMount[:], func(i, j int) bool { return volumeMount[i].Name < volumeMount[j].Name diff --git a/pkg/testing/fake/reposync.go b/pkg/testing/fake/reposync.go index 7d0f6ef791..6f5faa3541 100644 --- a/pkg/testing/fake/reposync.go +++ b/pkg/testing/fake/reposync.go @@ -16,6 +16,7 @@ package fake import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "kpt.dev/configsync/pkg/api/configsync" "kpt.dev/configsync/pkg/api/configsync/v1alpha1" "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/core" @@ -52,7 +53,7 @@ func RepoSyncObjectV1Beta1(ns, name string, opts ...core.MetaMutator) *v1beta1.R } // WithRepoSyncSourceType sets the sourceType of the RepoSync object. -func WithRepoSyncSourceType(sourceType v1beta1.SourceType) core.MetaMutator { +func WithRepoSyncSourceType(sourceType configsync.SourceType) core.MetaMutator { return func(o client.Object) { rs := o.(*v1beta1.RepoSync) rs.Spec.SourceType = string(sourceType) diff --git a/pkg/testing/fake/rootsync.go b/pkg/testing/fake/rootsync.go index d71c0a23f6..80d640910c 100644 --- a/pkg/testing/fake/rootsync.go +++ b/pkg/testing/fake/rootsync.go @@ -53,7 +53,7 @@ func RootSyncObjectV1Beta1(name string, opts ...core.MetaMutator) *v1beta1.RootS } // WithRootSyncSourceType sets the sourceType of the RootSync object. -func WithRootSyncSourceType(sourceType v1beta1.SourceType) core.MetaMutator { +func WithRootSyncSourceType(sourceType configsync.SourceType) core.MetaMutator { return func(o client.Object) { rs := o.(*v1beta1.RootSync) rs.Spec.SourceType = string(sourceType) diff --git a/pkg/validate/raw/validate/repo_sync_validator.go b/pkg/validate/raw/validate/repo_sync_validator.go index a35ffd5484..e960aeabc1 100644 --- a/pkg/validate/raw/validate/repo_sync_validator.go +++ b/pkg/validate/raw/validate/repo_sync_validator.go @@ -15,6 +15,7 @@ package validate import ( + "kpt.dev/configsync/pkg/api/configsync" "kpt.dev/configsync/pkg/api/configsync/v1alpha1" "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/importer/analyzer/ast" @@ -43,7 +44,7 @@ func RepoSync(obj ast.FileObject) status.Error { rs = s.(*v1beta1.RepoSync) } if rs.Spec.SourceType == "" { - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) } return RepoSyncSpec(rs.Spec.SourceType, rs.Spec.Git, rs.Spec.Oci, rs.Spec.Helm, rs) } diff --git a/pkg/validate/raw/validate/root_sync_validator.go b/pkg/validate/raw/validate/root_sync_validator.go index 6a05e7d816..009f0ba324 100644 --- a/pkg/validate/raw/validate/root_sync_validator.go +++ b/pkg/validate/raw/validate/root_sync_validator.go @@ -15,6 +15,7 @@ package validate import ( + "kpt.dev/configsync/pkg/api/configsync" "kpt.dev/configsync/pkg/api/configsync/v1alpha1" "kpt.dev/configsync/pkg/api/configsync/v1beta1" "kpt.dev/configsync/pkg/importer/analyzer/ast" @@ -43,7 +44,7 @@ func RootSync(obj ast.FileObject) status.Error { rs = s.(*v1beta1.RootSync) } if rs.Spec.SourceType == "" { - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) } return RootSyncSpec(rs.Spec.SourceType, rs.Spec.Git, rs.Spec.Oci, rs.Spec.Helm, rs) } diff --git a/pkg/validate/raw/validate/source_spec_validator.go b/pkg/validate/raw/validate/source_spec_validator.go index 76ce18e431..28c3316657 100644 --- a/pkg/validate/raw/validate/source_spec_validator.go +++ b/pkg/validate/raw/validate/source_spec_validator.go @@ -47,12 +47,12 @@ func HelmValuesFileDataKeyOrDefault(key string) string { // RepoSyncSpec validates the Repo Sync source specification for any obvious problems. func RepoSyncSpec(sourceType string, git *v1beta1.Git, oci *v1beta1.Oci, helm *v1beta1.HelmRepoSync, rs client.Object) status.Error { - switch v1beta1.SourceType(sourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(sourceType) { + case configsync.GitSource: return GitSpec(git, rs) - case v1beta1.OciSource: + case configsync.OciSource: return OciSpec(oci, rs) - case v1beta1.HelmSource: + case configsync.HelmSource: return HelmSpec(reposync.GetHelmBase(helm), rs) default: return InvalidSourceType(rs) @@ -61,12 +61,12 @@ func RepoSyncSpec(sourceType string, git *v1beta1.Git, oci *v1beta1.Oci, helm *v // RootSyncSpec validates the Root Sync source specification for any obvious problems. func RootSyncSpec(sourceType string, git *v1beta1.Git, oci *v1beta1.Oci, helm *v1beta1.HelmRootSync, rs client.Object) status.Error { - switch v1beta1.SourceType(sourceType) { - case v1beta1.GitSource: + switch configsync.SourceType(sourceType) { + case configsync.GitSource: return GitSpec(git, rs) - case v1beta1.OciSource: + case configsync.OciSource: return OciSpec(oci, rs) - case v1beta1.HelmSource: + case configsync.HelmSource: if err := HelmSpec(rootsync.GetHelmBase(helm), rs); err != nil { return err } @@ -93,36 +93,23 @@ func GitSpec(git *v1beta1.Git, rs client.Object) status.Error { // Ensure auth is a valid value. // Note that Auth is a case-sensitive field, so ones with arbitrary capitalization // will fail to apply. - switch git.Auth { - case configsync.AuthSSH, configsync.AuthCookieFile, configsync.AuthGCENode, configsync.AuthToken, configsync.AuthNone: - case configsync.AuthGCPServiceAccount: - if git.GCPServiceAccountEmail == "" { - return MissingGCPSAEmail(v1beta1.GitSource, rs) - } - if !validGCPServiceAccountEmail(git.GCPServiceAccountEmail) { - return InvalidGCPSAEmail(v1beta1.GitSource, rs) - } - default: + if !configsync.IsAuthTypeSupported(configsync.GitSource, git.Auth) { return InvalidGitAuthType(rs) } + if err := validateGSAEmail(configsync.GitSource, git.Auth, git.GCPServiceAccountEmail, rs); err != nil { + return err + } + + if err := validateSecretRef(configsync.GitSource, git.Auth, git.SecretRef, rs); err != nil { + return err + } + // Check that proxy isn't unnecessarily declared. if git.Proxy != "" && git.Auth != configsync.AuthNone && git.Auth != configsync.AuthCookieFile && git.Auth != configsync.AuthToken { return NoOpProxy(rs) } - // Check the secret ref is specified if and only if it is required. - switch git.Auth { - case configsync.AuthNone, configsync.AuthGCENode, configsync.AuthGCPServiceAccount: - if git.SecretRef != nil && git.SecretRef.Name != "" { - return IllegalSecretRef(v1beta1.GitSource, rs) - } - default: - if git.SecretRef == nil || git.SecretRef.Name == "" { - return MissingSecretRef(v1beta1.GitSource, rs) - } - } - return nil } @@ -140,18 +127,58 @@ func OciSpec(oci *v1beta1.Oci, rs client.Object) status.Error { // Ensure auth is a valid value. // Note that Auth is a case-sensitive field, so ones with arbitrary capitalization // will fail to apply. - switch oci.Auth { - case configsync.AuthGCENode, configsync.AuthK8sServiceAccount, configsync.AuthNone: - case configsync.AuthGCPServiceAccount: - if oci.GCPServiceAccountEmail == "" { - return MissingGCPSAEmail(v1beta1.OciSource, rs) - } - if !validGCPServiceAccountEmail(oci.GCPServiceAccountEmail) { - return InvalidGCPSAEmail(v1beta1.OciSource, rs) - } - default: + if !configsync.IsAuthTypeSupported(configsync.OciSource, oci.Auth) { return InvalidOciAuthType(rs) } + return validateGSAEmail(configsync.OciSource, oci.Auth, oci.GCPServiceAccountEmail, rs) +} + +// validateGSAEmail checks whether gcpServiceAccountEmail is specified when +// using the gcpserviceaccount auth type. +func validateGSAEmail(sourceType configsync.SourceType, auth configsync.AuthType, + gsaEmail string, rs client.Object) status.Error { + // Only the gcpserviceaccount auth type requires GSAEmail + if auth != configsync.AuthGCPServiceAccount { + return nil + } + + if gsaEmail == "" { + return MissingGCPSAEmail(sourceType, rs) + } + if !validGCPServiceAccountEmail(gsaEmail) { + return InvalidGCPSAEmail(sourceType, rs) + } + return nil +} + +// AuthRequiresSecret returns true if the given source type and auth type +// requires the secret. +// Below lists the auth types of each source type that require secret: +// - Git: ssh, token, cookiefile +// - Helm: token +// - oci: N/A +func AuthRequiresSecret(sourceType configsync.SourceType, auth configsync.AuthType) bool { + switch sourceType { + case configsync.GitSource: + return auth == configsync.AuthSSH || + auth == configsync.AuthToken || + auth == configsync.AuthCookieFile + case configsync.HelmSource: + return auth == configsync.AuthToken + } + return false +} + +// validateSecretRef checks whether the secretRef is specified when needed. +func validateSecretRef(sourceType configsync.SourceType, auth configsync.AuthType, + secretRef *v1beta1.SecretReference, rs client.Object) status.Error { + if !AuthRequiresSecret(sourceType, auth) { + return nil + } + + if secretRef == nil || secretRef.Name == "" { + return MissingSecretRef(sourceType, rs) + } return nil } @@ -174,28 +201,15 @@ func HelmSpec(helm *v1beta1.HelmBase, rs client.Object) status.Error { // Ensure auth is a valid value. // Note that Auth is a case-sensitive field, so ones with arbitrary capitalization // will fail to apply. - switch helm.Auth { - case configsync.AuthGCENode, configsync.AuthK8sServiceAccount, configsync.AuthNone: - if helm.SecretRef != nil && helm.SecretRef.Name != "" { - return IllegalSecretRef(v1beta1.HelmSource, rs) - } - case configsync.AuthToken: - if helm.SecretRef == nil || helm.SecretRef.Name == "" { - return MissingSecretRef(v1beta1.HelmSource, rs) - } - case configsync.AuthGCPServiceAccount: - if helm.SecretRef != nil && helm.SecretRef.Name != "" { - return IllegalSecretRef(v1beta1.HelmSource, rs) - } - if helm.GCPServiceAccountEmail == "" { - return MissingGCPSAEmail(v1beta1.HelmSource, rs) - } - if !validGCPServiceAccountEmail(helm.GCPServiceAccountEmail) { - return InvalidGCPSAEmail(v1beta1.HelmSource, rs) - } - default: + if !configsync.IsAuthTypeSupported(configsync.HelmSource, helm.Auth) { return InvalidHelmAuthType(rs) } + if err := validateGSAEmail(configsync.HelmSource, helm.Auth, helm.GCPServiceAccountEmail, rs); err != nil { + return err + } + if err := validateSecretRef(configsync.HelmSource, helm.Auth, helm.SecretRef, rs); err != nil { + return err + } for _, vf := range helm.ValuesFileRefs { if vf.Name == "" { @@ -238,7 +252,7 @@ var invalidSyncBuilder = status.NewErrorBuilder(InvalidSyncCode) func MissingGitSpec(o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.git when spec.sourceType is %q", kind, v1beta1.GitSource). + Sprintf("%ss must specify spec.git when spec.sourceType is %q", kind, configsync.GitSource). BuildWithResources(o) } @@ -247,18 +261,16 @@ func MissingGitSpec(o client.Object) status.Error { func MissingGitRepo(o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.git.repo when spec.sourceType is %q", kind, v1beta1.GitSource). + Sprintf("%ss must specify spec.git.repo when spec.sourceType is %q", kind, configsync.GitSource). BuildWithResources(o) } // InvalidGitAuthType reports that a RootSync/RepoSync doesn't use one of the known auth // methods. func InvalidGitAuthType(o client.Object) status.Error { - types := []string{string(configsync.AuthSSH), string(configsync.AuthCookieFile), string(configsync.AuthGCENode), string(configsync.AuthToken), string(configsync.AuthNone), string(configsync.AuthGCPServiceAccount)} kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.git.auth to be one of %s", kind, - strings.Join(types, ",")). + Sprintf("%ss must specify spec.git.auth to be one of %s", kind, configsync.SupportedAuthTypes(configsync.GitSource)). BuildWithResources(o) } @@ -272,19 +284,9 @@ func NoOpProxy(o client.Object) status.Error { BuildWithResources(o) } -// IllegalSecretRef reports that a RootSync/RepoSync declares an auth mode that doesn't -// allow SecretRefs does declare a SecretRef. -func IllegalSecretRef(sourceType v1beta1.SourceType, o client.Object) status.Error { - kind := o.GetObjectKind().GroupVersionKind().Kind - return invalidSyncBuilder. - Sprintf("%ss which specify spec.%s.auth as one of %q, %q, or %q must not specify spec.%s.secretRef", - kind, sourceType, configsync.AuthNone, configsync.AuthGCENode, configsync.AuthGCPServiceAccount, sourceType). - BuildWithResources(o) -} - // MissingSecretRef reports that a RootSync/RepoSync declares an auth mode that requires // a SecretRef, but does not do so. -func MissingSecretRef(sourceType v1beta1.SourceType, o client.Object) status.Error { +func MissingSecretRef(sourceType configsync.SourceType, o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. Sprintf("%ss which specify spec.%s.auth as one of %q, %q or %q must also specify spec.%s.secretRef", @@ -295,7 +297,7 @@ func MissingSecretRef(sourceType v1beta1.SourceType, o client.Object) status.Err // InvalidGCPSAEmail reports that a RepoSync/RootSync Resource doesn't have the // // correct gcp service account suffix. -func InvalidGCPSAEmail(sourceType v1beta1.SourceType, o client.Object) status.Error { +func InvalidGCPSAEmail(sourceType configsync.SourceType, o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. Sprintf("%ss which specify spec.%s.auth as %q must use suffix .[%s]", @@ -305,7 +307,7 @@ func InvalidGCPSAEmail(sourceType v1beta1.SourceType, o client.Object) status.Er // MissingGCPSAEmail reports that a RepoSync/RootSync resource declares an auth // mode that requires a GCPServiceAccountEmail, but does not do so. -func MissingGCPSAEmail(sourceType v1beta1.SourceType, o client.Object) status.Error { +func MissingGCPSAEmail(sourceType configsync.SourceType, o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. Sprintf("%ss which specify spec.%s.auth as %q must also specify spec.%s.gcpServiceAccountEmail", @@ -335,7 +337,7 @@ func validGCPServiceAccountEmail(email string) bool { func InvalidSourceType(o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.sourceType to be one of %q, %q, %q", kind, v1beta1.GitSource, v1beta1.OciSource, v1beta1.HelmSource). + Sprintf("%ss must specify spec.sourceType to be one of %q, %q, %q", kind, configsync.GitSource, configsync.OciSource, configsync.HelmSource). BuildWithResources(o) } @@ -344,7 +346,7 @@ func InvalidSourceType(o client.Object) status.Error { func MissingOciSpec(o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.oci when spec.sourceType is %q", kind, v1beta1.OciSource). + Sprintf("%ss must specify spec.oci when spec.sourceType is %q", kind, configsync.OciSource). BuildWithResources(o) } @@ -353,18 +355,16 @@ func MissingOciSpec(o client.Object) status.Error { func MissingOciImage(o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.oci.image when spec.sourceType is %q", kind, v1beta1.OciSource). + Sprintf("%ss must specify spec.oci.image when spec.sourceType is %q", kind, configsync.OciSource). BuildWithResources(o) } // InvalidOciAuthType reports that a RootSync/RepoSync doesn't use one of the known auth // methods for OCI image. func InvalidOciAuthType(o client.Object) status.Error { - types := []string{string(configsync.AuthGCENode), string(configsync.AuthGCPServiceAccount), string(configsync.AuthK8sServiceAccount), string(configsync.AuthNone)} kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.oci.auth to be one of %s", kind, - strings.Join(types, ",")). + Sprintf("%ss must specify spec.oci.auth to be one of %s", kind, configsync.SupportedAuthTypes(configsync.OciSource)). BuildWithResources(o) } @@ -373,7 +373,7 @@ func InvalidOciAuthType(o client.Object) status.Error { func MissingHelmSpec(o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.helm when spec.sourceType is %q", kind, v1beta1.HelmSource). + Sprintf("%ss must specify spec.helm when spec.sourceType is %q", kind, configsync.HelmSource). BuildWithResources(o) } @@ -382,7 +382,7 @@ func MissingHelmSpec(o client.Object) status.Error { func MissingHelmRepo(o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.helm.repo when spec.sourceType is %q", kind, v1beta1.HelmSource). + Sprintf("%ss must specify spec.helm.repo when spec.sourceType is %q", kind, configsync.HelmSource). BuildWithResources(o) } @@ -391,18 +391,16 @@ func MissingHelmRepo(o client.Object) status.Error { func MissingHelmChart(o client.Object) status.Error { kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.helm.chart when spec.sourceType is %q", kind, v1beta1.HelmSource). + Sprintf("%ss must specify spec.helm.chart when spec.sourceType is %q", kind, configsync.HelmSource). BuildWithResources(o) } // InvalidHelmAuthType reports that a RootSync/RepoSync doesn't use one of the known auth // methods for Helm. func InvalidHelmAuthType(o client.Object) status.Error { - types := []string{string(configsync.AuthGCENode), string(configsync.AuthGCPServiceAccount), string(configsync.AuthK8sServiceAccount), string(configsync.AuthNone), string(configsync.AuthToken)} kind := o.GetObjectKind().GroupVersionKind().Kind return invalidSyncBuilder. - Sprintf("%ss must specify spec.helm.auth to be one of %s", kind, - strings.Join(types, ",")). + Sprintf("%ss must specify spec.helm.auth to be one of %s", kind, configsync.SupportedAuthTypes(configsync.HelmSource)). BuildWithResources(o) } diff --git a/pkg/validate/raw/validate/source_spec_validator_test.go b/pkg/validate/raw/validate/source_spec_validator_test.go index 768808dfe0..24bdd0d18d 100644 --- a/pkg/validate/raw/validate/source_spec_validator_test.go +++ b/pkg/validate/raw/validate/source_spec_validator_test.go @@ -62,12 +62,32 @@ func secret(secretName string) func(*v1beta1.RepoSync) { } } +func secretForHelm(secretName string) func(*v1beta1.RepoSync) { + return func(sync *v1beta1.RepoSync) { + sync.Spec.Helm.SecretRef = &v1beta1.SecretReference{ + Name: secretName, + } + } +} + func gcpSAEmail(email string) func(sync *v1beta1.RepoSync) { return func(sync *v1beta1.RepoSync) { sync.Spec.GCPServiceAccountEmail = email } } +func gcpSAEmailForOCI(email string) func(sync *v1beta1.RepoSync) { + return func(sync *v1beta1.RepoSync) { + sync.Spec.Oci.GCPServiceAccountEmail = email + } +} + +func gcpSAEmailForHelm(email string) func(sync *v1beta1.RepoSync) { + return func(sync *v1beta1.RepoSync) { + sync.Spec.Helm.GCPServiceAccountEmail = email + } +} + func missingRepo(rs *v1beta1.RepoSync) { rs.Spec.Repo = "" } @@ -86,7 +106,7 @@ func missingHelmChart(rs *v1beta1.RepoSync) { func repoSyncWithGit(opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSync { rs := fake.RepoSyncObjectV1Beta1("test-ns", configsync.RepoSyncName) - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1beta1.Git{ Repo: "fake repo", } @@ -98,7 +118,7 @@ func repoSyncWithGit(opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSync { func repoSyncWithOci(opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSync { rs := fake.RepoSyncObjectV1Beta1("test-ns", configsync.RepoSyncName) - rs.Spec.SourceType = string(v1beta1.OciSource) + rs.Spec.SourceType = string(configsync.OciSource) rs.Spec.Oci = &v1beta1.Oci{ Image: "fake image", } @@ -110,7 +130,7 @@ func repoSyncWithOci(opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSync { func repoSyncWithHelm(opts ...func(*v1beta1.RepoSync)) *v1beta1.RepoSync { rs := fake.RepoSyncObjectV1Beta1("test-ns", configsync.RepoSyncName) - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRepoSync{HelmBase: v1beta1.HelmBase{ Repo: "fake repo", Chart: "fake chart", @@ -141,7 +161,7 @@ func withHelm() func(*v1beta1.RepoSync) { func rootSyncWithHelm(opts ...func(*v1beta1.RootSync)) *v1beta1.RootSync { rs := fake.RootSyncObjectV1Beta1(configsync.RootSyncName) - rs.Spec.SourceType = string(v1beta1.HelmSource) + rs.Spec.SourceType = string(configsync.HelmSource) rs.Spec.Helm = &v1beta1.HelmRootSync{HelmBase: v1beta1.HelmBase{ Repo: "fake repo", Chart: "fake chart", @@ -202,9 +222,8 @@ func TestValidateRepoSyncSpec(t *testing.T) { obj: repoSyncWithGit(auth(configsync.AuthToken), secret("token"), proxy("ok proxy")), }, { - name: "illegal secret", - obj: repoSyncWithGit(auth(configsync.AuthNone), secret("illegal secret")), - wantErr: fake.Error(InvalidSyncCode), + name: "secret ref is allowed when using none auth type", + obj: repoSyncWithGit(auth(configsync.AuthNone), secret("any secret")), }, { name: "missing secret", @@ -231,6 +250,10 @@ func TestValidateRepoSyncSpec(t *testing.T) { obj: repoSyncWithGit(auth(configsync.AuthGCPServiceAccount)), wantErr: fake.Error(InvalidSyncCode), }, + { + name: "GCP serviceaccount email is allowed with other auth types for git", + obj: repoSyncWithGit(auth(configsync.AuthGCENode), gcpSAEmail("foo-bar@my-project.iam.gserviceaccount.com")), + }, // Validate OCI spec { name: "valid oci", @@ -251,6 +274,10 @@ func TestValidateRepoSyncSpec(t *testing.T) { obj: repoSyncWithOci(ociAuth(configsync.AuthGCPServiceAccount)), wantErr: fake.Error(InvalidSyncCode), }, + { + name: "GCP serviceaccount email for Oci is allowed when using other auth types", + obj: repoSyncWithOci(ociAuth(configsync.AuthK8sServiceAccount), gcpSAEmailForOCI("foo@my-project.iam.gserviceaccount.com")), + }, { name: "invalid source type", obj: fake.RepoSyncObjectV1Beta1("test-ns", configsync.RepoSyncName, fake.WithRepoSyncSourceType("invalid")), @@ -291,6 +318,14 @@ func TestValidateRepoSyncSpec(t *testing.T) { obj: repoSyncWithHelm(helmAuth(configsync.AuthGCPServiceAccount)), wantErr: fake.Error(InvalidSyncCode), }, + { + name: "secret ref for Helm is allowed when using other auth types", + obj: repoSyncWithHelm(helmAuth(configsync.AuthK8sServiceAccount), secretForHelm("token")), + }, + { + name: "GCP serviceaccount email for Helm is allowed when using other auth types", + obj: repoSyncWithHelm(helmAuth(configsync.AuthK8sServiceAccount), gcpSAEmailForHelm("foo-bar@my-project.iam.gserviceaccount.com")), + }, { name: "redundant Helm spec", obj: repoSyncWithGit(withHelm()), diff --git a/pkg/validate/validate_test.go b/pkg/validate/validate_test.go index 6a8250aef9..bba6e9c8fb 100644 --- a/pkg/validate/validate_test.go +++ b/pkg/validate/validate_test.go @@ -65,7 +65,7 @@ const dir = "acme" func validRootSync(name, path string, opts ...core.MetaMutator) ast.FileObject { rs := fake.RootSyncObjectV1Beta1(name) - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1beta1.Git{ Repo: "https://github.com/test/abc", Auth: "none", @@ -78,7 +78,7 @@ func validRootSync(name, path string, opts ...core.MetaMutator) ast.FileObject { func validRepoSync(ns, name, path string, opts ...core.MetaMutator) ast.FileObject { rs := fake.RepoSyncObjectV1Beta1(ns, name) - rs.Spec.SourceType = string(v1beta1.GitSource) + rs.Spec.SourceType = string(configsync.GitSource) rs.Spec.Git = &v1beta1.Git{ Repo: "https://github.com/test/abc", Auth: "none",