feat(override): add image overrider

.golangci.yml

@@ -258,7 +258,9 @@ linters-settings:
           {{ MAIN }}
         CREDIT_BOILERPLATE: |-
           The design of (the )?[a-zA-z0-9 ]*is inspired by [a-zA-z0-9 '-]*\. Kudos!
-        BOILERPLATE: "^({{ KUBERNETES_BOILERPLATE }}|{{ KUBEADMIRAL_BOILERPLATE }}|{{ CREDIT_BOILERPLATE }})$"
+        LIFTED_BOILERPLATE: |-
+          This file is lifted from [a-zA-z0-9 '/':'.]*
+        BOILERPLATE: "^({{ KUBERNETES_BOILERPLATE }}|{{ KUBEADMIRAL_BOILERPLATE }}|{{ CREDIT_BOILERPLATE }}|{{ LIFTED_BOILERPLATE }})$"
     template: "{{ BOILERPLATE }}"
   forbidigo:
     # Forbid the following identifiers (list of regexp).

go.mod

@@ -4,6 +4,7 @@ go 1.19
 
 require (
 	github.com/davecgh/go-spew v1.1.1
+	github.com/distribution/reference v0.5.0
 	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/evanphx/json-patch/v5 v5.6.0
 	github.com/go-logr/logr v1.2.4
@@ -56,6 +57,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/pelletier/go-toml v1.9.4 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect

go.sum

@@ -63,6 +63,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
+github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
 github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
@@ -231,6 +233,8 @@ github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU
 github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
 github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
 github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

pkg/apis/core/v1alpha1/types_overridepolicy.go

@@ -81,12 +81,48 @@ type TargetClusters struct {
 	ClusterAffinity []ClusterSelectorTerm `json:"clusterAffinity,omitempty"`
 }
 
+// Overriders contains a list of override patches.
+// The order in which the override patches take effect is:
+// - Image
+// - JsonPatch
 type Overriders struct {
+	// Image specifies the overriders that applies to the image.
+	// +optional
+	Image []ImageOverrider `json:"image,omitempty"`
 	// JsonPatch specifies overriders in a syntax similar to RFC6902 JSON Patch.
 	// +optional
 	JsonPatch []JsonPatchOverrider `json:"jsonpatch,omitempty"`
 }
 
+type ImageOverrider struct {
+	// ContainerName is ignored when ImagePath is set.
+	// If empty, the image override rule applies to all containers.
+	// Otherwise, this override targets the specified container or init container in the pod template.
+	// +optional
+	ContainerNames []string `json:"containerNames,omitempty"`
+
+	// ImagePath indicates the image path to target.
+	// For Example: /spec/template/spec/containers/0/image
+	//
+	// If empty, the system will automatically resolve the image path if the resource type is
+	// Pod, CronJob, Deployment, StatefulSet, DaemonSet or Job.
+	// +optional
+	ImagePath string `json:"imagePath,omitempty"`
+
+	// ImageComponent is the part of the image to override.
+	// +kubebuilder:validation:Enum=registry;repository;tag;digest
+	ImageComponent string `json:"imageComponent"`
+
+	// Operator specifies the operation.
+	// If omitted, defaults to "replace".
+	// +kubebuilder:validation:Enum=add;remove;replace
+	// +optional
+	Operator string `json:"operator,omitempty"`
+
+	// Value is the value(s) required by the operation.
+	Value string `json:"value,omitempty"`
+}
+
 type JsonPatchOverrider struct {
 	// Operator specifies the operation.
 	// If omitted, defaults to "replace".

pkg/controllers/override/imageparse.go

@@ -0,0 +1,181 @@
+/*
+Copyright 2023 The KubeAdmiral Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package override
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/distribution/reference"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+
+	utilreference "github.com/kubewharf/kubeadmiral/pkg/lifted/distribution/reference"
+)
+
+type Image struct {
+	registry   string
+	repository string
+	tag        string
+	digest     string
+}
+
+func (i *Image) OperateRegistry(operator, value string) {
+	switch operator {
+	case OperatorAdd:
+		i.registry += value
+	case OperatorReplace:
+		i.registry = value
+	case OperatorRemove:
+		i.registry = ""
+	}
+}
+
+func (i *Image) OperateRepository(operator, value string) {
+	switch operator {
+	case OperatorAdd:
+		i.repository += value
+	case OperatorReplace:
+		i.repository = value
+	case OperatorRemove:
+		i.repository = ""
+	}
+}
+
+func (i *Image) OperateTag(operator, value string) error {
+	var newTag string
+	switch operator {
+	case OperatorAdd:
+		newTag = i.tag + value
+	case OperatorReplace:
+		newTag = value
+	case OperatorRemove:
+		newTag = ""
+	}
+
+	if operator != OperatorRemove && !utilreference.AnchoredTagRegexp.MatchString(newTag) {
+		return fmt.Errorf("invalid tag format after applying the overrider")
+	}
+
+	i.tag = newTag
+	return nil
+}
+
+func (i *Image) OperateDigest(operator, value string) error {
+	var newDigest string
+	switch operator {
+	case OperatorAdd:
+		newDigest = i.digest + value
+	case OperatorReplace:
+		newDigest = value
+	case OperatorRemove:
+		newDigest = ""
+	}
+
+	if operator != OperatorRemove && !utilreference.AnchoredDigestRegexp.MatchString(newDigest) {
+		return fmt.Errorf("invalid digest format after applying the overrider")
+	}
+
+	i.digest = newDigest
+	return nil
+}
+
+func (i *Image) String() string {
+	fullName := i.repository
+
+	if i.registry != "" {
+		fullName = i.registry + "/" + i.repository
+	}
+
+	if i.tag != "" {
+		fullName = fullName + ":" + i.tag
+	}
+
+	if i.digest != "" {
+		fullName = fullName + "@" + i.digest
+	}
+
+	return fullName
+}
+
+// ParseImage returns an Image from the given string.
+func ParseImage(fullName string) (*Image, error) {
+	ref, err := reference.Parse(fullName)
+	if err != nil {
+		return nil, err
+	}
+
+	image := &Image{}
+	if named, ok := ref.(reference.Named); ok {
+		image.registry, image.repository = SplitRegistryAndRepository(named.Name())
+	}
+
+	if tagged, ok := ref.(reference.Tagged); ok {
+		image.tag = tagged.Tag()
+	}
+
+	if digested, ok := ref.(reference.Digested); ok {
+		image.digest = digested.Digest().String()
+	}
+
+	return image, nil
+}
+
+func SplitRegistryAndRepository(name string) (registry, repository string) {
+	i := strings.IndexRune(name, '/')
+	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != "localhost") {
+		registry, repository = "", name
+	} else {
+		registry, repository = name[:i], name[i+1:]
+	}
+	return
+}
+
+func ParseValueFromUnstructuredObj(input *unstructured.Unstructured, path string) (string, error) {
+	segments := strings.Split(strings.Trim(path, pathSeparator), pathSeparator)
+	currentObj := input.Object
+
+	for i := 0; i < len(segments)-1; i++ {
+		segment := segments[i]
+		switch obj := currentObj[segment].(type) {
+		case map[string]interface{}:
+			currentObj = obj
+		case []interface{}:
+			index, err := strconv.ParseInt(segments[i+1], 10, 32)
+			if err != nil {
+				return "", fmt.Errorf("%s requires the field to be an array, found %T instead", strings.Join(segments[:i+2], "/"), obj)
+			}
+			if index < 0 || int(index) >= len(obj) {
+				return "", fmt.Errorf("index(%d) is negative or out of range", index)
+			}
+			currentObj = obj[index].(map[string]interface{})
+			i++
+		default:
+			return "", fmt.Errorf(
+				"%s requires the field to be an map[string]interface{} or []interface{}, found %T instead",
+				strings.Join(segments[:i+1], "/"),
+				obj,
+			)
+		}
+	}
+
+	value, ok := currentObj[segments[len(segments)-1]].(string)
+	if !ok {
+		return "", fmt.Errorf("imagePath %q does not point to a string field", path)
+	}
+	return value, nil
+}