Replace git cloner with go getter to support various target

[yujunz]

Fix #923 #1272

[Liujingfang1]

Originally we used go-getter to support the remote targets. When we integrated kustomize into kubectl, the go-getter and it dependencies blocked the integration. So we removed it. There is no plan for adding it back for now. You can use the go-getter plugin instead. Thank you.

[yujunz]

TIL

Shall we consider making the cloner configurable? i.e. instead of hardcoding it as ClonerUsingGitExec, allow executing arbitrary binary configured by user. This would not introduce any dependency on kustomize and is backward compatible.

[yujunz]

cc @howardjohn for visibility

[pwittrock]

Shall we consider making the cloner configurable? i.e. instead of hardcoding it as ClonerUsingGitExec, allow executing arbitrary binary configured by user. This would not introduce any dependency on kustomize and is backward compatible.

@yujunz I think this is what @Liujingfang1 was suggesting by using a generator plugin.

[pwittrock]

Using go-getter would be nice, we should revisit if this is possible. IIRC, the go-getter code pulled in a massive transitive dependency list. There may be a way to prune this through an upstream contribution. Or perhaps it won't be as controversial now.

[yujunz]

@yujunz I think this is what @Liujingfang1 was suggesting by using a generator plugin.

I did implement a generator plugin for go-getter. It was not so easy to configure and use.

The most user friendly way to solve the issue would be include go-getter package and solve the dependency issue in integration. How do we check it without merging this PR? @Liujingfang1

Customizable cloner still requires user to install the cloner (git, go-getter or anything) by themselves. A tradeoff for flexibility. If it looks good for all, I can make some time to implement it.

[pwittrock]

@yujunz I'm not sure I understand the proposal? Is it to create a new pluggable-cloner mechanism that would exec out to a cloner? Or something else?

[Liujingfang1]

The most user friendly way to solve the issue would be include go-getter package and solve the dependency issue in integration. How do we check it without merging this PR? @Liujingfang1

You can take a look at the api/go.sum to check what packages have been added when you add a new dependency. For example, github.com/aws/aws-sdk-go is added.

[yujunz]

kustomize/api/internal/git/cloner.go

Line 34 in 5707962

cmd := exec.Command(

The existing cloner is a simply exec of gitProgram. So if we can provide a way to make it declarative then it should work with arbitrary binary. e.g. in kustomizeconfig.yaml

cloners:
- go-getter
- aws s3 cp -r

Then we shall try exec ${cloner} ${resource} ${dest} until success. @pwittrock

[yujunz]

You can take a look at the api/go.sum to check what packages have been added when you add a new dependency. For example, github.com/aws/aws-sdk-go is added.

IIUC, we want to be cloud agnostic. I think the most wanted source is https archive. The go standard package should be sufficient.

I can try to tail go-getter to make it embeddable in kustomize. Does that work for you? @Liujingfang1

[Liujingfang1]

You can take a look at the api/go.sum to check what packages have been added when you add a new dependency. For example, github.com/aws/aws-sdk-go is added.

IIUC, we want to be cloud agnostic. I think the most wanted source is https archive. The go standard package should be sufficient.

I can try to tail go-getter to make it embeddable in kustomize. Does that work for you? @Liujingfang1

It would be great if you can do it by go standard packages.

[yujunz]

@Liujingfang1 I made a try to embed the go-getter package.

The changes to original go-getter are

• removed s3 and gcs from detect and get
• replaced module path of helper/url

Some additional notes

• don't be scared about the 180 files, most of them are test data as it is
• it still introduces several depedency
  • they are all small helper module and unlikely break upstream integration
  • we may rewrite some of them with standard package, but it may not worth doing so

Let me know if it works for you. cc @pwittrock

[Liujingfang1]

Can you add some tests that are not supported previously, but work with this change?

Among the 180 files, lots of them are not needed. Can you do a clean up? I'm also wondering if you can push this go-getter version to another branch of the upstream go-getter.

@monopole Any suggestions?

[Liujingfang1]

Why adding this replace? I don't think it's needed.

[yujunz]

removed

[Liujingfang1]

ditto

[yujunz]

ditto

[Liujingfang1]

The previous order is first to treat target as a remote target; when failed, treat it as a local target. The changes make the order reverted. Is there any reason for doing this?

[yujunz]

In fact, getter is capable to handle local target so we cannot check it with the error return as repoSpec, err := git.NewRepoSpecFromUrl(path). However it may not behavior exactly the same, e.g. the containment violation.

Putting local target before getter is to ensure backward compatibility.

[yujunz]

Can you add some tests that are not supported previously, but work with this change?

You mean an integration test? We can update the examples to include them, which is also covered by automatic testing IIRC. For unit test, I think it is self contained. We may mock some call to ensure it reaches the right method.

Among the 180 files, lots of them are not needed. Can you do a clean up?

I can try my best to clean up a bit.

I'm also wondering if you can push this go-getter version to another branch of the upstream go-getter.

Not sure it can be accepted but we definitely can propose that.

Any recommended justification?

[yujunz]

Pushed an update with dependency on a forked go-getter.

It is quite tricky to handle go mod with branches or forks. replace does not work well. So I ended up in modifying the package name in code. See yujunz/go-getter@fc7e8cd

Do you think we can host a fork under kubernetes-sigs organization? That would make the patch in kustomize cleaner and easier to maintain. @Liujingfang1 @monopole

[yujunz]

Replies inline.

[yujunz]

Link upstream discussion about reducing dependency: hashicorp/go-getter#193

[Liujingfang1]

Let's merge this for now. When we can get some updates from go-getter side for hashicorp/go-getter#193, we can change the dependency to the lite version of go-getter. Thank you for working on this. @yujunz As a follow up, can you add an integration test or an example test for this?

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Liujingfang1, yujunz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Liujingfang1]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment