From 05c7ed82b0f86c453ca556fc87b9743b3277669e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jul 2024 15:11:55 +0200 Subject: [PATCH 01/26] chore(dependabot): bump golang from 1.22.4-alpine to 1.22.5-alpine (#1664) Bumps golang from 1.22.4-alpine to 1.22.5-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 539c8545c7..5618b0aaa5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.22.4-alpine as builder +FROM golang:1.22.5-alpine as builder WORKDIR /lifecycle-manager # Copy the Go Modules manifests From dfd484b2153c3e330420dc08e4da504480921fb5 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner <50365642+lindnerby@users.noreply.github.com> Date: Fri, 5 Jul 2024 14:31:56 +0200 Subject: [PATCH 02/26] chore: Bump k8s version for e2e to 1.29.6 (#1665) * chore: Bump k8s version for e2e to 1.29.6 * add wait for main build and bump smoke test version --- .github/actions/get-configuration/action.yaml | 2 +- .github/workflows/test-e2e.yaml | 2 +- .github/workflows/test-smoke.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/get-configuration/action.yaml b/.github/actions/get-configuration/action.yaml index ebdd642278..2d6002744f 100644 --- a/.github/actions/get-configuration/action.yaml +++ b/.github/actions/get-configuration/action.yaml @@ -26,7 +26,7 @@ runs: id: define-variables shell: bash run: | - echo "k8s_version=${{ github.event.inputs.k8s_version || '1.28.7' }}" >> $GITHUB_OUTPUT + echo "k8s_version=${{ github.event.inputs.k8s_version || '1.29.6' }}" >> $GITHUB_OUTPUT echo "istio_version=1.20.3" >> $GITHUB_OUTPUT echo "k3d_version=5.6.0" >> $GITHUB_OUTPUT echo "cert_manager_version=1.15.0" >> $GITHUB_OUTPUT diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml index eec21a94e4..d2618526b2 100644 --- a/.github/workflows/test-e2e.yaml +++ b/.github/workflows/test-e2e.yaml @@ -20,7 +20,7 @@ jobs: - uses: ./.github/actions/wait-for-image-build with: token: ${{ secrets.GITHUB_TOKEN }} - statusName: pull-lifecycle-mgr-build + statusName: ${{ (github.event_name == 'pull_request') && 'pull-lifecycle-mgr-build' || 'main-lifecycle-mgr-build' }} e2e-integration: name: E2E needs: wait-for-image-build diff --git a/.github/workflows/test-smoke.yml b/.github/workflows/test-smoke.yml index a734a8031d..cb08239ccb 100644 --- a/.github/workflows/test-smoke.yml +++ b/.github/workflows/test-smoke.yml @@ -50,7 +50,7 @@ jobs: env: LIFECYCLE_MANAGER: ${{ github.repository }} K3D_VERSION: v5.6.0 - K8S_VERSION: v1.28.7 + K8S_VERSION: v1.29.6 KUSTOMIZE_VERSION: 5.3.0 ISTIO_VERSION: 1.20.3 GOSUMDB: off From 136476d2ad0b74df2d3fbaece9a46e9548762405 Mon Sep 17 00:00:00 2001 From: Raj <54686422+LeelaChacha@users.noreply.github.com> Date: Mon, 8 Jul 2024 10:22:42 +0200 Subject: [PATCH 03/26] feat: Avoid Redundant SSA for Manifest Patching (#1620) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: avoid redundant ssa for manifest patching * refactor: linting issue * test: add unit test * fix: integration tests * refactor: unwrapped error * fix: state flickering * chore: add linter exception * chore: remove linter exception * fix: null pointer ref in case of mandatory module * chore: Add helpful comment Co-authored-by: Christoph Schwägerl * feat: add additional diff check in NeedToUpdate() * test: diff check in unit test * refactor: lint * refactor: remove manifest diff check * fix: module template integration test * test: add unit test * Revert "test: add unit test" This reverts commit a5a910283deda0ce8273b0129802ddece38f2094. * Revert "fix: module template integration test" This reverts commit 9ed7e26180c1e51461312b45a413ad77fd66846f. * fix integration test * chore: retrigger * refactor: gofunmpt * docs: Apply suggestions from code review Co-authored-by: Małgorzata Świeca --------- Co-authored-by: Christoph Schwägerl Co-authored-by: Christoph Schwägerl Co-authored-by: Małgorzata Świeca --- ...ta2_moduletemplate_kcp-module_updated.yaml | 56 +++++++++++++ docs/technical-reference/api/manifest-cr.md | 11 +++ pkg/module/sync/runner.go | 45 +++++++--- pkg/module/sync/runner_test.go | 82 +++++++++++++++++++ pkg/testutils/builder/moduletemplate.go | 5 ++ .../controller/kyma/manifest_test.go | 50 +++++------ 6 files changed, 206 insertions(+), 43 deletions(-) create mode 100644 config/samples/component-integration-installed/operator_v1beta2_moduletemplate_kcp-module_updated.yaml diff --git a/config/samples/component-integration-installed/operator_v1beta2_moduletemplate_kcp-module_updated.yaml b/config/samples/component-integration-installed/operator_v1beta2_moduletemplate_kcp-module_updated.yaml new file mode 100644 index 0000000000..653e7001b5 --- /dev/null +++ b/config/samples/component-integration-installed/operator_v1beta2_moduletemplate_kcp-module_updated.yaml @@ -0,0 +1,56 @@ +apiVersion: operator.kyma-project.io/v1beta2 +kind: ModuleTemplate +metadata: + name: moduletemplate-template-operator + namespace: default + labels: + "operator.kyma-project.io/module-name": "template-operator" +spec: + channel: regular + data: + apiVersion: operator.kyma-project.io/v1alpha1 + kind: Sample + metadata: + name: sample-yaml + spec: + initKey: valueUpdated + resourceFilePath: "./module-data/yaml" + descriptor: + component: + componentReferences: [] + name: kyma-project.io/template-operator + provider: internal + repositoryContexts: + - baseUrl: registry.docker.io/kyma-project/sap-kyma-jellyfish-dev/template-operator + componentNameMapping: urlPath + type: ociRegistry + resources: + - access: + digest: sha256:db86408caca4c94250d8291aa79655b84146f9cc45e0da49f05a52b3722d74a0 + type: localOciBlob + name: config + relation: local + type: yaml + version: v1.7.2 + - access: + digest: sha256:1735cfa45bf07b63427c8e11717278f8847e352a66af7633611db902386d18ed + type: localOciBlob + name: raw-manifest + relation: local + type: yaml + version: v1.7.2 + sources: + - access: + commit: 4e4b9d47cb655ca23e5c706462485ff7605e8d71 + repoUrl: github.com/kyma-project/template-operator + type: gitHub + labels: + - name: git.kyma-project.io/ref + value: refs/heads/main + version: v1 + name: module-sources + type: git + version: v1.7.2 + version: v1.7.2 + meta: + schemaVersion: v2 diff --git a/docs/technical-reference/api/manifest-cr.md b/docs/technical-reference/api/manifest-cr.md index e6ee00ef8c..9ba16a0428 100644 --- a/docs/technical-reference/api/manifest-cr.md +++ b/docs/technical-reference/api/manifest-cr.md @@ -2,6 +2,17 @@ The [Manifest custom resource (CR)](../../../api/v1beta2/manifest_types.go) is our internal representation of what results from the resolution of a ModuleTemplate CR in the context of a single cluster represented by a Kyma CR. Thus, a lot of configuration elements are similar or entirely equivalent to the data layer found in a ModuleTemplate CR. +## Patching + +The [Runner](../../../pkg/module/sync/runner.go) is responsible for creating and updating Manifest CRs using Server Side Apply (SSA). An update is only performed when one of the following conditions is met: + +1. The Manifest CR version differs from the Kyma CR's module status version. +2. The Manifest CR channel differs from the Kyma CR's module status channel. +3. The Manifest CR state differs from the Kyma CR's module status state. + +>[!NOTE] +>The module status is not present in the Kyma CR for mandatory modules, hence their Manifest CR is updated using SSA in every reconcile loop. + ## Configuration ### **.spec.remote** diff --git a/pkg/module/sync/runner.go b/pkg/module/sync/runner.go index 4d80a2bbfe..3bfe8f070c 100644 --- a/pkg/module/sync/runner.go +++ b/pkg/module/sync/runner.go @@ -64,7 +64,7 @@ func (r *Runner) ReconcileManifests(ctx context.Context, kyma *v1beta2.Kyma, results <- nil return } - if err := r.updateManifests(ctx, kyma, module); err != nil { + if err := r.updateManifest(ctx, kyma, module); err != nil { results <- fmt.Errorf("could not update module %s: %w", module.GetName(), err) return } @@ -95,7 +95,7 @@ func (r *Runner) getModule(ctx context.Context, module client.Object) error { return nil } -func (r *Runner) updateManifests(ctx context.Context, kyma *v1beta2.Kyma, +func (r *Runner) updateManifest(ctx context.Context, kyma *v1beta2.Kyma, module *common.Module, ) error { if err := r.setupModule(module, kyma); err != nil { @@ -110,8 +110,9 @@ func (r *Runner) updateManifests(ctx context.Context, kyma *v1beta2.Kyma, return commonerrs.ErrTypeAssert } + moduleStatus := kyma.GetModuleStatusMap()[module.ModuleName] if err := r.doUpdateWithStrategy(ctx, kyma.Labels[shared.ManagedBy], module.Enabled, - manifestObj); err != nil { + manifestObj, moduleStatus); err != nil { return err } module.Manifest = manifestObj @@ -119,8 +120,24 @@ func (r *Runner) updateManifests(ctx context.Context, kyma *v1beta2.Kyma, } func (r *Runner) doUpdateWithStrategy(ctx context.Context, owner string, isEnabledModule bool, - manifestObj *v1beta2.Manifest, + manifestObj *v1beta2.Manifest, kymaModuleStatus *v1beta2.ModuleStatus, ) error { + manifestInCluster := &v1beta2.Manifest{} + if err := r.Get(ctx, client.ObjectKey{ + Namespace: manifestObj.GetNamespace(), + Name: manifestObj.GetName(), + }, manifestInCluster); err != nil { + if !util.IsNotFound(err) { + return fmt.Errorf("error get manifest %s: %w", client.ObjectKeyFromObject(manifestObj), err) + } + manifestInCluster = nil + } + + if !NeedToUpdate(manifestInCluster, manifestObj, kymaModuleStatus) { + // Point to the current state from the cluster for the outside sync of the manifest + *manifestObj = *manifestInCluster + return nil + } if isEnabledModule { return r.patchManifest(ctx, owner, manifestObj) } @@ -144,14 +161,12 @@ func (r *Runner) patchManifest(ctx context.Context, owner string, manifestObj *v func (r *Runner) updateAvailableManifestSpec(ctx context.Context, manifestObj *v1beta2.Manifest) error { manifestInCluster := &v1beta2.Manifest{} - - if err := r.Get(ctx, client.ObjectKey{Namespace: manifestObj.GetNamespace(), Name: manifestObj.GetName()}, - manifestInCluster); err != nil { + if err := r.Get(ctx, client.ObjectKey{ + Namespace: manifestObj.GetNamespace(), + Name: manifestObj.GetName(), + }, manifestInCluster); err != nil { return fmt.Errorf("error get manifest %s: %w", client.ObjectKeyFromObject(manifestObj), err) } - if !needToUpdate(manifestInCluster, manifestObj) { - return nil - } manifestInCluster.Spec = manifestObj.Spec if err := r.Update(ctx, manifestInCluster); err != nil { return fmt.Errorf("error update manifest %s: %w", client.ObjectKeyFromObject(manifestObj), err) @@ -159,8 +174,14 @@ func (r *Runner) updateAvailableManifestSpec(ctx context.Context, manifestObj *v return nil } -func needToUpdate(manifestInCluster, manifestObj *v1beta2.Manifest) bool { - return manifestInCluster.Spec.Version != manifestObj.Spec.Version +func NeedToUpdate(manifestInCluster, manifestObj *v1beta2.Manifest, moduleStatus *v1beta2.ModuleStatus) bool { + if manifestInCluster == nil || moduleStatus == nil { // moduleStatus is nil in case of mandatory module + return true + } + + return manifestObj.Spec.Version != moduleStatus.Version || + manifestObj.Labels[shared.ChannelLabel] != moduleStatus.Channel || + moduleStatus.State != manifestInCluster.Status.State } func (r *Runner) deleteManifest(ctx context.Context, module *common.Module) error { diff --git a/pkg/module/sync/runner_test.go b/pkg/module/sync/runner_test.go index 2a442e2517..e5754b6680 100644 --- a/pkg/module/sync/runner_test.go +++ b/pkg/module/sync/runner_test.go @@ -9,9 +9,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" apierrors "k8s.io/apimachinery/pkg/api/errors" + apimetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/kyma-project/lifecycle-manager/api/shared" "github.com/kyma-project/lifecycle-manager/api/v1beta2" "github.com/kyma-project/lifecycle-manager/pkg/module/sync" "github.com/kyma-project/lifecycle-manager/pkg/testutils" @@ -186,3 +188,83 @@ func configureModuleInKyma( kyma.Status.Modules = append(kyma.Status.Modules, module) } } + +func TestNeedToUpdate(t *testing.T) { + type args struct { + manifestInCluster *v1beta2.Manifest + manifestObj *v1beta2.Manifest + moduleStatus *v1beta2.ModuleStatus + } + tests := []struct { + name string + args args + want bool + }{ + { + "When manifest in cluster is nil, expect need to update", + args{nil, &v1beta2.Manifest{}, &v1beta2.ModuleStatus{}}, + true, + }, + { + "When new module version available, expect need to update", + args{ + &v1beta2.Manifest{}, + &v1beta2.Manifest{ + ObjectMeta: apimetav1.ObjectMeta{ + Labels: map[string]string{shared.ChannelLabel: "regular"}, + }, + Spec: v1beta2.ManifestSpec{Version: "0.2"}, + }, &v1beta2.ModuleStatus{Version: "0.1", Channel: "regular"}, + }, + true, + }, + { + "When channel switch, expect need to update", + args{ + &v1beta2.Manifest{}, + &v1beta2.Manifest{ + ObjectMeta: apimetav1.ObjectMeta{ + Labels: map[string]string{shared.ChannelLabel: "fast"}, + }, + Spec: v1beta2.ManifestSpec{Version: "0.1"}, + }, &v1beta2.ModuleStatus{Version: "0.1", Channel: "regular"}, + }, + true, + }, + { + "When cluster Manifest in divergent state, expect need to update", + args{ + &v1beta2.Manifest{Status: shared.Status{ + State: "Warning", + }}, + &v1beta2.Manifest{}, + &v1beta2.ModuleStatus{State: "Ready"}, + }, + true, + }, + { + "When no update required, expect no update", + args{ + &v1beta2.Manifest{ + Status: shared.Status{ + State: "Ready", + }, + Spec: v1beta2.ManifestSpec{Version: "0.1"}, + }, + &v1beta2.Manifest{ + ObjectMeta: apimetav1.ObjectMeta{ + Labels: map[string]string{shared.ChannelLabel: "regular"}, + }, + Spec: v1beta2.ManifestSpec{Version: "0.1"}, + }, + &v1beta2.ModuleStatus{State: "Ready", Version: "0.1", Channel: "regular"}, + }, + false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equalf(t, tt.want, sync.NeedToUpdate(tt.args.manifestInCluster, tt.args.manifestObj, tt.args.moduleStatus), "needToUpdate(%v, %v, %v)", tt.args.manifestInCluster, tt.args.manifestObj, tt.args.moduleStatus) + }) + } +} diff --git a/pkg/testutils/builder/moduletemplate.go b/pkg/testutils/builder/moduletemplate.go index a73f32a6de..f7904e3248 100644 --- a/pkg/testutils/builder/moduletemplate.go +++ b/pkg/testutils/builder/moduletemplate.go @@ -143,6 +143,11 @@ func ComponentDescriptorFactoryFromSchema(schemaVersion compdesc.SchemaVersion) return moduleTemplate.Spec.Descriptor } +func ReadComponentDescriptorFromFile(template string, moduleTemplate *v1beta2.ModuleTemplate) { + // needs to be encapsulated in an outside call to make the runtime.Caller(1) find the proper path + readComponentDescriptorFromYaml(template, moduleTemplate) +} + func readComponentDescriptorFromYaml(template string, moduleTemplate *v1beta2.ModuleTemplate) { _, filename, _, ok := runtime.Caller(1) if !ok { diff --git a/tests/integration/controller/kyma/manifest_test.go b/tests/integration/controller/kyma/manifest_test.go index 9e26973420..01621d4d07 100644 --- a/tests/integration/controller/kyma/manifest_test.go +++ b/tests/integration/controller/kyma/manifest_test.go @@ -16,6 +16,7 @@ import ( "github.com/open-component-model/ocm/pkg/contexts/ocm/repositories/genericocireg/componentmapping" "github.com/open-component-model/ocm/pkg/runtime" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "sigs.k8s.io/controller-runtime/pkg/client" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -25,6 +26,7 @@ import ( "github.com/kyma-project/lifecycle-manager/internal/pkg/flags" . "github.com/kyma-project/lifecycle-manager/pkg/testutils" + "github.com/kyma-project/lifecycle-manager/pkg/testutils/builder" ) const ( @@ -91,41 +93,26 @@ var _ = Describe("Update Manifest CR", Ordered, func() { WithArguments(kyma.GetName(), kyma.GetNamespace(), kcpClient, shared.StateReady). Should(Succeed()) - By("Update Module Template spec.data.spec field") - valueUpdated := "valueUpdated" - Eventually(updateKCPModuleTemplateSpecData(kyma.Name, valueUpdated), Timeout, Interval).Should(Succeed()) + By("Update Module Template spec") + var moduleTemplateFromFile v1beta2.ModuleTemplate + builder.ReadComponentDescriptorFromFile("operator_v1beta2_moduletemplate_kcp-module_updated.yaml", &moduleTemplateFromFile) - By("CR updated with new value in spec.resource.spec") - Eventually(expectManifestSpecDataEquals(kyma.Name, valueUpdated), Timeout, Interval).Should(Succeed()) - - By("Update Module Template spec.descriptor.component values") - { - newComponentDescriptorRepositoryURL := func(moduleTemplate *v1beta2.ModuleTemplate) error { - descriptor, err := descriptorProvider.GetDescriptor(moduleTemplate) - if err != nil { - return err - } - - repositoryContext := descriptor.GetEffectiveRepositoryContext().Object - _, ok := repositoryContext["baseUrl"].(string) - if !ok { - Fail("Can't find \"baseUrl\" property in ModuleTemplate spec") - } - repositoryContext["baseUrl"] = updateRepositoryURL + moduleTemplateInCluster := &v1beta2.ModuleTemplate{} + err := kcpClient.Get(ctx, client.ObjectKey{ + Name: createModuleTemplateName(module), + Namespace: kyma.GetNamespace(), + }, moduleTemplateInCluster) + Expect(err).ToNot(HaveOccurred()) - newDescriptorRaw, err := compdesc.Encode(descriptor.ComponentDescriptor, compdesc.DefaultJSONCodec) - Expect(err).ToNot(HaveOccurred()) - moduleTemplate.Spec.Descriptor.Raw = newDescriptorRaw + moduleTemplateInCluster.Spec = moduleTemplateFromFile.Spec - return nil - } + Eventually(kcpClient.Update, Timeout, Interval). + WithContext(ctx). + WithArguments(moduleTemplateInCluster). + Should(Succeed()) - updateKCPModuleTemplateWith := updateKCPModuleTemplate(module, kyma.Spec.Channel) - update := func() error { - return updateKCPModuleTemplateWith(newComponentDescriptorRepositoryURL) - } - Eventually(update, Timeout, Interval).Should(Succeed()) - } + By("CR updated with new value in spec.resource.spec") + Eventually(expectManifestSpecDataEquals(kyma.Name, "valueUpdated"), Timeout, Interval).Should(Succeed()) By("Manifest is updated with new value in spec.install.source") { @@ -209,6 +196,7 @@ var _ = Describe("Manifest.Spec is reset after manual update", Ordered, func() { manifestImageSpec := extractInstallImageSpec(manifest.Spec.Install) manifestImageSpec.Repo = updateRepositoryURL + manifest.Spec.Version = "v1.7.0" // required to allow for SSA of manifest // is there a simpler way to update manifest.Spec.Install? updatedBytes, err := json.Marshal(manifestImageSpec) From 2a4b1a7fd625d637de7411203761dbfc4abbc9cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 10:40:28 +0200 Subject: [PATCH 04/26] chore(dependabot): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 (#1670) chore(dependabot): bump github.com/google/go-containerregistry Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.19.2 to 0.20.0. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.19.2...v0.20.0) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f79218ef37..0f9ef3213e 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/go-logr/logr v1.4.2 github.com/go-logr/zapr v1.3.0 github.com/golang/mock v1.6.0 - github.com/google/go-containerregistry v0.19.2 + github.com/google/go-containerregistry v0.20.0 github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20231202142526-55ffb0092afd github.com/jellydator/ttlcache/v3 v3.2.0 github.com/kyma-project/lifecycle-manager/api v0.0.0-00010101000000-000000000000 diff --git a/go.sum b/go.sum index c138bd0acd..2dc937011a 100644 --- a/go.sum +++ b/go.sum @@ -467,8 +467,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w= -github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg= +github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20231202142526-55ffb0092afd h1:RkbnRtHTdBpYmp0Simm3fDUTYNVbmX4aVwdgflHLfdg= github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20231202142526-55ffb0092afd/go.mod h1:5sSbf/SbGGvjWIlMlt2bkEqOq+ufOIBYrBevLuxbfSs= github.com/google/go-github/v45 v45.2.0 h1:5oRLszbrkvxDDqBCNj2hjDZMKmvexaZ1xw/FCD+K3FI= From 9ea69369803228773af6fdd224e677487fdf16f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 14:38:28 +0200 Subject: [PATCH 05/26] chore(dependabot): bump google.golang.org/grpc from 1.64.0 to 1.64.1 in the go_modules group (#1671) chore(dependabot): bump google.golang.org/grpc in the go_modules group Bumps the go_modules group with 1 update: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.64.0 to 1.64.1 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.64.0...v1.64.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0f9ef3213e..6bd336fd4c 100644 --- a/go.mod +++ b/go.mod @@ -310,7 +310,7 @@ require ( google.golang.org/api v0.181.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect diff --git a/go.sum b/go.sum index 2dc937011a..b153808eea 100644 --- a/go.sum +++ b/go.sum @@ -1157,8 +1157,8 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 13621dd301b9e1f0bf8cdc1b53acf9bbb41cf59d Mon Sep 17 00:00:00 2001 From: Benjamin Lindner <50365642+lindnerby@users.noreply.github.com> Date: Thu, 11 Jul 2024 10:48:28 +0200 Subject: [PATCH 06/26] chore: Remove diff manifest diff checker (#1674) * chore: Remove diff manifest diff checker * retrigger jobs --- .github/workflows/check-manifest-diffs.yaml | 99 --------------------- 1 file changed, 99 deletions(-) delete mode 100644 .github/workflows/check-manifest-diffs.yaml diff --git a/.github/workflows/check-manifest-diffs.yaml b/.github/workflows/check-manifest-diffs.yaml deleted file mode 100644 index a491a12d2b..0000000000 --- a/.github/workflows/check-manifest-diffs.yaml +++ /dev/null @@ -1,99 +0,0 @@ -name: "Check for diff in manifests" - -env: - PR_CACHE_KEY: pr-manifests-${{ github.run_id }}-${{ github.run_attempt }} - MAIN_CACHE_KEY: main-manifests-${{ github.run_id }}-${{ github.run_attempt }} - -on: - pull_request: - branches: - - main - - feat/** - types: - - "opened" - - "synchronize" - - "reopened" - - "labeled" - - "unlabeled" - -jobs: - create-pr-manifests: - if: ${{ contains(github.event.pull_request.labels.*.name, 'confirm/helm-update') == false }} - name: Create PR manifests - runs-on: ubuntu-latest - steps: - - name: Checkout lifecycle-manager - uses: actions/checkout@v4 - - - name: Run 'make dry-run-control-plane' - id: make-pr-manifests - run: | - make dry-run-control-plane - mkdir -p ./cache/pr - mv ./dry-run/manifests.yaml ./cache/pr/manifests.yaml - - - name: Save PR manifests in cache - id: cache-pr-manifests - uses: actions/cache/save@v4 - with: - path: ./cache/pr/ - key: ${{ env.PR_CACHE_KEY }} - - create-main-manifests: - if: ${{ contains(github.event.pull_request.labels.*.name, 'confirm/helm-update') == false }} - name: Create 'main' manifests - runs-on: ubuntu-latest - steps: - - name: Checkout lifecycle-manager - uses: actions/checkout@v4 - with: - ref: main - - - name: Run 'make dry-run-control-plane' - id: make-main-manifests - run: | - make dry-run-control-plane - mkdir -p ./cache/main - sudo mv ./dry-run/manifests.yaml ./cache/main/manifests.yaml - - - name: Save 'main' manifests in cache - id: cache-main-manifests - uses: actions/cache/save@v4 - with: - path: ./cache/main/ - key: ${{ env.MAIN_CACHE_KEY }} - - diff-manifests: - needs: - - create-pr-manifests - - create-main-manifests - name: Diff manifests - runs-on: ubuntu-latest - steps: - - name: Restore PR manifests cache - uses: actions/cache/restore@v4 - id: restore-pr-cache - with: - path: ./cache/pr/ - key: ${{ env.PR_CACHE_KEY }} - - - name: Restore 'main' manifests cache - uses: actions/cache/restore@v4 - id: restore-main-cache - with: - path: ./cache/main/ - key: ${{ env.MAIN_CACHE_KEY }} - - - name: Diff - run: | - set +e - SCRIPT_OUTPUT=$(diff ./cache/pr/manifests.yaml ./cache/main/manifests.yaml) - SCRIPT_EXIT_CODE=$? - if [[ $SCRIPT_EXIT_CODE != 0 ]]; then - echo "Detected diff in manifests. Make sure to update Helm charts accordingly and add the'confirm/helm-update' label to the PR when okay." - echo "$SCRIPT_OUTPUT" - exit $SCRIPT_EXIT_CODE - fi - set -e - - echo "No diff in manifests, all good." From 46d1e4b685fc1bfccf0240ceb19e38ba858c64e7 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner <50365642+lindnerby@users.noreply.github.com> Date: Thu, 11 Jul 2024 14:34:01 +0200 Subject: [PATCH 07/26] refactor: Simplify declarative reconciler (#1676) * extract default finalizer from opts * extract field owner and namespace * extract skip label funx * replace obj with manifest for manifest reconcile loop * add skip reconcile check as method. internalize cr deletion check * simplify SpecResolver * fix integration test setup * linting * linting * remove generace cache key --- api/v1beta2/manifest_types.go | 6 + internal/controller/manifest/controller.go | 8 +- internal/declarative/v2/inmemory_rendered.go | 3 +- .../declarative/v2/moduleCR_deletion_check.go | 22 -- internal/declarative/v2/options.go | 106 ----- internal/declarative/v2/reconciler.go | 366 +++++++++--------- internal/declarative/v2/spec.go | 37 +- internal/manifest/cr_deletion_check.go | 55 --- internal/manifest/custom_resource.go | 10 +- internal/manifest/spec_resolver.go | 81 +--- .../custom_resource_check/suite_test.go | 7 +- .../controller/manifest/suite_test.go | 7 +- 12 files changed, 228 insertions(+), 480 deletions(-) delete mode 100644 internal/declarative/v2/moduleCR_deletion_check.go delete mode 100644 internal/manifest/cr_deletion_check.go diff --git a/api/v1beta2/manifest_types.go b/api/v1beta2/manifest_types.go index ac52970a71..1c34d53bb8 100644 --- a/api/v1beta2/manifest_types.go +++ b/api/v1beta2/manifest_types.go @@ -17,6 +17,8 @@ limitations under the License. package v1beta2 import ( + "strconv" + apimetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" machineryruntime "k8s.io/apimachinery/pkg/runtime" @@ -130,3 +132,7 @@ type ManifestList struct { func init() { SchemeBuilder.Register(&Manifest{}, &ManifestList{}) } + +func (manifest *Manifest) SkipReconciliation() bool { + return manifest.GetLabels() != nil && manifest.GetLabels()[shared.SkipReconcileLabel] == strconv.FormatBool(true) +} diff --git a/internal/controller/manifest/controller.go b/internal/controller/manifest/controller.go index be6af3b9be..3fe47c12ae 100644 --- a/internal/controller/manifest/controller.go +++ b/internal/controller/manifest/controller.go @@ -3,7 +3,6 @@ package manifest import ( "sigs.k8s.io/controller-runtime/pkg/manager" - "github.com/kyma-project/lifecycle-manager/api/v1beta2" declarativev2 "github.com/kyma-project/lifecycle-manager/internal/declarative/v2" "github.com/kyma-project/lifecycle-manager/internal/manifest" "github.com/kyma-project/lifecycle-manager/internal/pkg/metrics" @@ -22,15 +21,12 @@ func NewReconciler(mgr manager.Manager, extractor := manifest.NewPathExtractor(nil) lookup := &manifest.RemoteClusterLookup{KCP: kcp} return declarativev2.NewFromManager( - mgr, &v1beta2.Manifest{}, requeueIntervals, manifestMetrics, mandatoryModulesMetrics, - declarativev2.WithSpecResolver( - manifest.NewSpecResolver(kcp, extractor), - ), + mgr, requeueIntervals, manifestMetrics, mandatoryModulesMetrics, + manifest.NewSpecResolver(kcp.Client, extractor), declarativev2.WithCustomReadyCheck(manifest.NewDeploymentReadyCheck()), declarativev2.WithRemoteTargetCluster(lookup.ConfigResolver), manifest.WithClientCacheKey(), declarativev2.WithPostRun{manifest.PostRunCreateCR}, declarativev2.WithPreDelete{manifest.PreDeleteDeleteCR}, - declarativev2.WithModuleCRDeletionCheck(manifest.NewModuleCRDeletionCheck()), ) } diff --git a/internal/declarative/v2/inmemory_rendered.go b/internal/declarative/v2/inmemory_rendered.go index 07fe19708a..1abcd8af98 100644 --- a/internal/declarative/v2/inmemory_rendered.go +++ b/internal/declarative/v2/inmemory_rendered.go @@ -62,6 +62,5 @@ func (c *InMemoryManifestCache) Parse(spec *Spec, } func generateCacheKey(spec *Spec) string { - file := filepath.Join(ManifestFilePrefix, spec.Path, spec.ManifestName) - return fmt.Sprintf("%s-%s", file, spec.Mode) + return filepath.Join(ManifestFilePrefix, spec.Path, spec.ManifestName) } diff --git a/internal/declarative/v2/moduleCR_deletion_check.go b/internal/declarative/v2/moduleCR_deletion_check.go deleted file mode 100644 index e5fdc63d96..0000000000 --- a/internal/declarative/v2/moduleCR_deletion_check.go +++ /dev/null @@ -1,22 +0,0 @@ -package v2 - -import ( - "context" - - "sigs.k8s.io/controller-runtime/pkg/client" -) - -type ModuleCRDeletionCheck interface { - Run(ctx context.Context, clnt client.Client, obj Object) (bool, error) -} - -// NewDefaultDeletionCheck creates a check that verifies that the Resource CR in the remote cluster is deleted. -func NewDefaultDeletionCheck() *DefaultDeletionCheck { - return &DefaultDeletionCheck{} -} - -type DefaultDeletionCheck struct{} - -func (c *DefaultDeletionCheck) Run(ctx context.Context, clnt client.Client, obj Object) (bool, error) { - return true, nil -} diff --git a/internal/declarative/v2/options.go b/internal/declarative/v2/options.go index 59f8fe1fef..ef3a160b8d 100644 --- a/internal/declarative/v2/options.go +++ b/internal/declarative/v2/options.go @@ -3,34 +3,23 @@ package v2 import ( "context" "os" - "strconv" "time" - apimetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" k8slabels "k8s.io/apimachinery/pkg/labels" "k8s.io/client-go/rest" "k8s.io/client-go/tools/record" "sigs.k8s.io/controller-runtime/pkg/client" - logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/manager" - - "github.com/kyma-project/lifecycle-manager/api/shared" - "github.com/kyma-project/lifecycle-manager/internal" ) const ( - FinalizerDefault = "declarative.kyma-project.io/finalizer" - FieldOwnerDefault = "declarative.kyma-project.io/applier" EventRecorderDefault = "declarative.kyma-project.io/events" DefaultInMemoryParseTTL = 24 * time.Hour ) func DefaultOptions() *Options { return (&Options{}).Apply( - WithNamespace(apimetav1.NamespaceDefault, false), - WithFinalizer(FinalizerDefault), - WithFieldOwner(FieldOwnerDefault), WithPostRenderTransform( ManagedByDeclarativeV2, watchedByOwnedBy, @@ -39,9 +28,7 @@ func DefaultOptions() *Options { ), WithSingletonClientCache(NewMemoryClientCache()), WithManifestCache(os.TempDir()), - WithSkipReconcileOn(SkipReconcileOnDefaultLabelPresentAndTrue), WithManifestParser(NewInMemoryCachedManifestParser(DefaultInMemoryParseTTL)), - WithModuleCRDeletionCheck(NewDefaultDeletionCheck()), ) } @@ -51,31 +38,16 @@ type Options struct { client.Client TargetCluster ClusterFn - SpecResolver ClientCache ClientCacheKeyFn ManifestParser ManifestCache CustomReadyCheck ReadyCheck - Namespace string - CreateNamespace bool - - Finalizer string - - ServerSideApply bool - FieldOwner client.FieldOwner - PostRenderTransforms []ObjectTransform PostRuns []PostRun PreDeletes []PreDelete - - DeletionCheck ModuleCRDeletionCheck - - DeletePrerequisites bool - - ShouldSkip SkipReconcile } type Option interface { @@ -89,35 +61,6 @@ func (o *Options) Apply(options ...Option) *Options { return o } -type WithNamespaceOption struct { - name string - createIfMissing bool -} - -func WithNamespace(name string, createIfMissing bool) WithNamespaceOption { - return WithNamespaceOption{ - name: name, - createIfMissing: createIfMissing, - } -} - -func (o WithNamespaceOption) Apply(options *Options) { - options.Namespace = o.name - options.CreateNamespace = o.createIfMissing -} - -type WithFieldOwner client.FieldOwner - -func (o WithFieldOwner) Apply(options *Options) { - options.FieldOwner = client.FieldOwner(o) -} - -type WithFinalizer string - -func (o WithFinalizer) Apply(options *Options) { - options.Finalizer = string(o) -} - type WithManagerOption struct { manager.Manager } @@ -151,18 +94,6 @@ func (o WithCustomResourceLabels) Apply(options *Options) { options.PostRenderTransforms = append(options.PostRenderTransforms, labelTransform) } -func WithSpecResolver(resolver SpecResolver) SpecResolverOption { - return SpecResolverOption{resolver} -} - -type SpecResolverOption struct { - SpecResolver -} - -func (o SpecResolverOption) Apply(options *Options) { - options.SpecResolver = o -} - type ObjectTransform = func(context.Context, Object, []*unstructured.Unstructured) error func WithPostRenderTransform(transforms ...ObjectTransform) PostRenderTransformOption { @@ -207,18 +138,6 @@ func (o WithPreDelete) Apply(options *Options) { options.PreDeletes = append(options.PreDeletes, o...) } -func WithModuleCRDeletionCheck(deletionCheckFn ModuleCRDeletionCheck) WithModuleCRDeletionCheckOption { - return WithModuleCRDeletionCheckOption{ModuleCRDeletionCheck: deletionCheckFn} -} - -type WithModuleCRDeletionCheckOption struct { - ModuleCRDeletionCheck -} - -func (o WithModuleCRDeletionCheckOption) Apply(options *Options) { - options.DeletionCheck = o -} - type WithSingletonClientCacheOption struct { ClientCache } @@ -277,31 +196,6 @@ func (o WithRemoteTargetClusterOption) Apply(options *Options) { options.TargetCluster = o.ClusterFn } -func WithSkipReconcileOn(skipReconcile SkipReconcile) WithSkipReconcileOnOption { - return WithSkipReconcileOnOption{skipReconcile: skipReconcile} -} - -type SkipReconcile func(context.Context, Object) (skip bool) - -// SkipReconcileOnDefaultLabelPresentAndTrue determines SkipReconcile by checking if DefaultSkipReconcileLabel is true. -func SkipReconcileOnDefaultLabelPresentAndTrue(ctx context.Context, object Object) bool { - if object.GetLabels() != nil && object.GetLabels()[shared.SkipReconcileLabel] == strconv.FormatBool(true) { - logf.FromContext(ctx, "skip-label", shared.SkipReconcileLabel). - V(internal.DebugLogLevel).Info("resource gets skipped because of label") - return true - } - - return false -} - -type WithSkipReconcileOnOption struct { - skipReconcile SkipReconcile -} - -func (o WithSkipReconcileOnOption) Apply(options *Options) { - options.ShouldSkip = o.skipReconcile -} - type ClientCacheKeyFn func(ctx context.Context, obj Object) (string, bool) type WithClientCacheKeyOption struct { diff --git a/internal/declarative/v2/reconciler.go b/internal/declarative/v2/reconciler.go index c7cf54ce30..91de58d41b 100644 --- a/internal/declarative/v2/reconciler.go +++ b/internal/declarative/v2/reconciler.go @@ -7,9 +7,10 @@ import ( "strconv" "time" - apicorev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" apimetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/cli-runtime/pkg/resource" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -19,6 +20,7 @@ import ( "github.com/kyma-project/lifecycle-manager/api/shared" "github.com/kyma-project/lifecycle-manager/api/v1beta2" + "github.com/kyma-project/lifecycle-manager/internal" "github.com/kyma-project/lifecycle-manager/internal/pkg/metrics" "github.com/kyma-project/lifecycle-manager/internal/pkg/resources" "github.com/kyma-project/lifecycle-manager/pkg/common" @@ -37,29 +39,35 @@ var ( ) const ( - namespaceNotBeRemoved = "kyma-system" - CustomResourceManager = "resource.kyma-project.io/finalizer" - SyncedOCIRefAnnotation = "sync-oci-ref" + namespaceNotBeRemoved = "kyma-system" + CustomResourceManagerFinalizer = "resource.kyma-project.io/finalizer" + SyncedOCIRefAnnotation = "sync-oci-ref" + defaultFinalizer = "declarative.kyma-project.io/finalizer" + defaultFieldOwner client.FieldOwner = "declarative.kyma-project.io/applier" ) -func NewFromManager(mgr manager.Manager, prototype Object, requeueIntervals queue.RequeueIntervals, - metrics *metrics.ManifestMetrics, mandatoryModulesMetrics *metrics.MandatoryModulesMetrics, options ...Option, +func NewFromManager(mgr manager.Manager, + requeueIntervals queue.RequeueIntervals, + metrics *metrics.ManifestMetrics, + mandatoryModulesMetrics *metrics.MandatoryModulesMetrics, + specResolver SpecResolver, + options ...Option, ) *Reconciler { reconciler := &Reconciler{} - reconciler.prototype = prototype reconciler.ManifestMetrics = metrics reconciler.MandatoryModuleMetrics = mandatoryModulesMetrics reconciler.RequeueIntervals = requeueIntervals + reconciler.specResolver = specResolver reconciler.Options = DefaultOptions().Apply(WithManager(mgr)).Apply(options...) return reconciler } type Reconciler struct { - prototype Object queue.RequeueIntervals *Options ManifestMetrics *metrics.ManifestMetrics MandatoryModuleMetrics *metrics.MandatoryModulesMetrics + specResolver SpecResolver } type ConditionType string @@ -76,23 +84,23 @@ const ( ConditionReasonReady ConditionReason = "Ready" ) -func newInstallationCondition(obj Object) apimetav1.Condition { +func newInstallationCondition(manifest *v1beta2.Manifest) apimetav1.Condition { return apimetav1.Condition{ Type: string(ConditionTypeInstallation), Reason: string(ConditionReasonReady), Status: apimetav1.ConditionFalse, Message: "installation is ready and resources can be used", - ObservedGeneration: obj.GetGeneration(), + ObservedGeneration: manifest.GetGeneration(), } } -func newResourcesCondition(obj Object) apimetav1.Condition { +func newResourcesCondition(manifest *v1beta2.Manifest) apimetav1.Condition { return apimetav1.Condition{ Type: string(ConditionTypeResources), Reason: string(ConditionReasonResourcesAreAvailable), Status: apimetav1.ConditionFalse, Message: "resources are parsed and ready for use", - ObservedGeneration: obj.GetGeneration(), + ObservedGeneration: manifest.GetGeneration(), } } @@ -100,12 +108,9 @@ func newResourcesCondition(obj Object) apimetav1.Condition { func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { startTime := time.Now() defer r.recordReconciliationDuration(startTime, req.Name) - obj, ok := r.prototype.DeepCopyObject().(Object) - if !ok { - r.ManifestMetrics.RecordRequeueReason(metrics.ManifestTypeCast, queue.UnexpectedRequeue) - return ctrl.Result{}, common.ErrTypeAssert - } - if err := r.Get(ctx, req.NamespacedName, obj); err != nil { + + manifest := &v1beta2.Manifest{} + if err := r.Get(ctx, req.NamespacedName, manifest); err != nil { if util.IsNotFound(err) { logf.FromContext(ctx).Info(req.NamespacedName.String() + " got deleted!") return ctrl.Result{}, nil @@ -113,130 +118,133 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu r.ManifestMetrics.RecordRequeueReason(metrics.ManifestRetrieval, queue.UnexpectedRequeue) return ctrl.Result{}, fmt.Errorf("manifestController: %w", err) } - currentObjStatus := obj.GetStatus() + manifestStatus := manifest.GetStatus() - if r.ShouldSkip(ctx, obj) { + if manifest.SkipReconciliation() { + logf.FromContext(ctx, "skip-label", shared.SkipReconcileLabel). + V(internal.DebugLogLevel).Info("resource gets skipped because of label") return ctrl.Result{RequeueAfter: r.Success}, nil } - if err := r.initialize(obj); err != nil { - return r.finishReconcile(ctx, obj, metrics.ManifestInit, currentObjStatus, err) + if err := r.initialize(manifest); err != nil { + return r.finishReconcile(ctx, manifest, metrics.ManifestInit, manifestStatus, err) } - if obj.GetLabels() != nil && obj.GetLabels()[shared.IsMandatoryModule] == strconv.FormatBool(true) { - state := obj.GetStatus().State - kymaName := obj.GetLabels()[shared.KymaName] - moduleName := obj.GetLabels()[shared.ModuleName] + if manifest.GetLabels() != nil && manifest.GetLabels()[shared.IsMandatoryModule] == strconv.FormatBool(true) { + state := manifest.GetStatus().State + kymaName := manifest.GetLabels()[shared.KymaName] + moduleName := manifest.GetLabels()[shared.ModuleName] r.MandatoryModuleMetrics.RecordMandatoryModuleState(kymaName, moduleName, state) } - if obj.GetDeletionTimestamp().IsZero() { - objMeta := r.partialObjectMetadata(obj) - if controllerutil.AddFinalizer(objMeta, r.Finalizer) { - return r.ssaSpec(ctx, objMeta, metrics.ManifestAddFinalizer) + if manifest.GetDeletionTimestamp().IsZero() { + partialMeta := r.partialObjectMetadata(manifest) + if controllerutil.AddFinalizer(partialMeta, defaultFinalizer) { + return r.ssaSpec(ctx, partialMeta, metrics.ManifestAddFinalizer) } } - spec, err := r.Spec(ctx, obj) + spec, err := r.specResolver.GetSpec(ctx, manifest) if err != nil { - if !obj.GetDeletionTimestamp().IsZero() { - return r.cleanupManifest(ctx, req, obj, currentObjStatus, metrics.ManifestParseSpec, err) + manifest.SetStatus(manifest.GetStatus().WithState(shared.StateError).WithErr(err)) + if !manifest.GetDeletionTimestamp().IsZero() { + return r.cleanupManifest(ctx, req, manifest, manifestStatus, metrics.ManifestParseSpec, err) } - return r.finishReconcile(ctx, obj, metrics.ManifestParseSpec, currentObjStatus, err) + return r.finishReconcile(ctx, manifest, metrics.ManifestParseSpec, manifestStatus, err) } - if notContainsSyncedOCIRefAnnotation(obj) { - updateSyncedOCIRefAnnotation(obj, spec.OCIRef) - return r.updateObject(ctx, obj, metrics.ManifestInitSyncedOCIRef) + if notContainsSyncedOCIRefAnnotation(manifest) { + updateSyncedOCIRefAnnotation(manifest, spec.OCIRef) + return r.updateObject(ctx, manifest, metrics.ManifestInitSyncedOCIRef) } - clnt, err := r.getTargetClient(ctx, obj) + skrClient, err := r.getTargetClient(ctx, manifest) if err != nil { - if !obj.GetDeletionTimestamp().IsZero() && errors.Is(err, ErrAccessSecretNotFound) { - return r.cleanupManifest(ctx, req, obj, currentObjStatus, metrics.ManifestClientInit, + if !manifest.GetDeletionTimestamp().IsZero() && errors.Is(err, ErrAccessSecretNotFound) { + return r.cleanupManifest(ctx, req, manifest, manifestStatus, metrics.ManifestClientInit, err) } - obj.SetStatus(obj.GetStatus().WithState(shared.StateError).WithErr(err)) - return r.finishReconcile(ctx, obj, metrics.ManifestClientInit, currentObjStatus, err) + manifest.SetStatus(manifest.GetStatus().WithState(shared.StateError).WithErr(err)) + return r.finishReconcile(ctx, manifest, metrics.ManifestClientInit, manifestStatus, err) } - target, current, err := r.renderResources(ctx, clnt, obj, spec) + target, current, err := r.renderResources(ctx, skrClient, manifest, spec) if err != nil { if util.IsConnectionRelatedError(err) { - r.invalidateClientCache(ctx, obj) - return r.finishReconcile(ctx, obj, metrics.ManifestUnauthorized, currentObjStatus, err) + r.invalidateClientCache(ctx, manifest) + return r.finishReconcile(ctx, manifest, metrics.ManifestUnauthorized, manifestStatus, err) } - return r.finishReconcile(ctx, obj, metrics.ManifestRenderResources, currentObjStatus, err) + return r.finishReconcile(ctx, manifest, metrics.ManifestRenderResources, manifestStatus, err) } - if err := r.pruneDiff(ctx, clnt, obj, current, target, spec); errors.Is(err, resources.ErrDeletionNotFinished) { + if err := r.pruneDiff(ctx, skrClient, manifest, current, target, spec); errors.Is(err, resources.ErrDeletionNotFinished) { r.ManifestMetrics.RecordRequeueReason(metrics.ManifestPruneDiffNotFinished, queue.IntendedRequeue) return ctrl.Result{Requeue: true}, nil } else if err != nil { - return r.finishReconcile(ctx, obj, metrics.ManifestPruneDiff, currentObjStatus, err) + return r.finishReconcile(ctx, manifest, metrics.ManifestPruneDiff, manifestStatus, err) } - if err := r.removeModuleCR(ctx, clnt, obj); err != nil { + if err := r.removeModuleCR(ctx, skrClient, manifest); err != nil { if errors.Is(err, ErrRequeueRequired) { r.ManifestMetrics.RecordRequeueReason(metrics.ManifestPreDeleteEnqueueRequired, queue.IntendedRequeue) return ctrl.Result{Requeue: true}, nil } - return r.finishReconcile(ctx, obj, metrics.ManifestPreDelete, currentObjStatus, err) + return r.finishReconcile(ctx, manifest, metrics.ManifestPreDelete, manifestStatus, err) } - if err = r.syncResources(ctx, clnt, obj, target); err != nil { + if err = r.syncResources(ctx, skrClient, manifest, target); err != nil { if errors.Is(err, ErrRequeueRequired) { r.ManifestMetrics.RecordRequeueReason(metrics.ManifestSyncResourcesEnqueueRequired, queue.IntendedRequeue) return ctrl.Result{Requeue: true}, nil } if errors.Is(err, ErrClientUnauthorized) { - r.invalidateClientCache(ctx, obj) + r.invalidateClientCache(ctx, manifest) } - return r.finishReconcile(ctx, obj, metrics.ManifestSyncResources, currentObjStatus, err) + return r.finishReconcile(ctx, manifest, metrics.ManifestSyncResources, manifestStatus, err) } // This situation happens when manifest get new installation layer to update resources, // we need to make sure all updates successfully before we can update synced oci ref - if requireUpdateSyncedOCIRefAnnotation(obj, spec.OCIRef) { - updateSyncedOCIRefAnnotation(obj, spec.OCIRef) - return r.updateObject(ctx, obj, metrics.ManifestUpdateSyncedOCIRef) + if requireUpdateSyncedOCIRefAnnotation(manifest, spec.OCIRef) { + updateSyncedOCIRefAnnotation(manifest, spec.OCIRef) + return r.updateObject(ctx, manifest, metrics.ManifestUpdateSyncedOCIRef) } - if !obj.GetDeletionTimestamp().IsZero() { - return r.cleanupManifest(ctx, req, obj, currentObjStatus, metrics.ManifestReconcileFinished, nil) + if !manifest.GetDeletionTimestamp().IsZero() { + return r.cleanupManifest(ctx, req, manifest, manifestStatus, metrics.ManifestReconcileFinished, nil) } - return r.finishReconcile(ctx, obj, metrics.ManifestReconcileFinished, currentObjStatus, nil) + return r.finishReconcile(ctx, manifest, metrics.ManifestReconcileFinished, manifestStatus, nil) } -func (r *Reconciler) cleanupManifest(ctx context.Context, req ctrl.Request, obj Object, currentObjStatus shared.Status, +func (r *Reconciler) cleanupManifest(ctx context.Context, req ctrl.Request, manifest *v1beta2.Manifest, manifestStatus shared.Status, requeueReason metrics.ManifestRequeueReason, originalErr error, ) (ctrl.Result, error) { r.ManifestMetrics.RemoveManifestDuration(req.Name) - r.cleanUpMandatoryModuleMetrics(obj) - if removeFinalizers(obj, r.finalizerToRemove(originalErr, obj)) { - return r.updateObject(ctx, obj, requeueReason) + r.cleanUpMandatoryModuleMetrics(manifest) + if removeFinalizers(manifest, r.finalizerToRemove(originalErr, manifest)) { + return r.updateObject(ctx, manifest, requeueReason) } - if obj.GetStatus().State != shared.StateWarning { - obj.SetStatus(obj.GetStatus().WithState(shared.StateDeleting). - WithOperation(fmt.Sprintf("waiting as other finalizers are present: %s", obj.GetFinalizers()))) + if manifest.GetStatus().State != shared.StateWarning { + manifest.SetStatus(manifest.GetStatus().WithState(shared.StateDeleting). + WithOperation(fmt.Sprintf("waiting as other finalizers are present: %s", manifest.GetFinalizers()))) } - return r.finishReconcile(ctx, obj, requeueReason, currentObjStatus, originalErr) + return r.finishReconcile(ctx, manifest, requeueReason, manifestStatus, originalErr) } -func (r *Reconciler) finalizerToRemove(originalErr error, obj Object) []string { - finalizersToRemove := []string{r.Finalizer} +func (r *Reconciler) finalizerToRemove(originalErr error, manifest *v1beta2.Manifest) []string { + finalizersToRemove := []string{defaultFinalizer} if errors.Is(originalErr, ErrAccessSecretNotFound) { - finalizersToRemove = obj.GetFinalizers() + finalizersToRemove = manifest.GetFinalizers() } return finalizersToRemove } -func (r *Reconciler) invalidateClientCache(ctx context.Context, obj Object) { +func (r *Reconciler) invalidateClientCache(ctx context.Context, manifest *v1beta2.Manifest) { if r.ClientCacheKeyFn != nil { - clientsCacheKey, ok := r.ClientCacheKeyFn(ctx, obj) + clientsCacheKey, ok := r.ClientCacheKeyFn(ctx, manifest) if ok { logf.FromContext(ctx).Info("Invalidating manifest-controller client cache entry for key: " + fmt.Sprintf("%#v", clientsCacheKey)) @@ -245,10 +253,10 @@ func (r *Reconciler) invalidateClientCache(ctx context.Context, obj Object) { } } -func removeFinalizers(obj Object, finalizersToRemove []string) bool { +func removeFinalizers(manifest *v1beta2.Manifest, finalizersToRemove []string) bool { finalizerRemoved := false for _, f := range finalizersToRemove { - if controllerutil.RemoveFinalizer(obj, f) { + if controllerutil.RemoveFinalizer(manifest, f) { finalizerRemoved = true } } @@ -256,21 +264,21 @@ func removeFinalizers(obj Object, finalizersToRemove []string) bool { return finalizerRemoved } -func (r *Reconciler) partialObjectMetadata(obj Object) *apimetav1.PartialObjectMetadata { +func (r *Reconciler) partialObjectMetadata(manifest *v1beta2.Manifest) *apimetav1.PartialObjectMetadata { objMeta := &apimetav1.PartialObjectMetadata{} - objMeta.SetName(obj.GetName()) - objMeta.SetNamespace(obj.GetNamespace()) - objMeta.SetGroupVersionKind(obj.GetObjectKind().GroupVersionKind()) - objMeta.SetFinalizers(obj.GetFinalizers()) + objMeta.SetName(manifest.GetName()) + objMeta.SetNamespace(manifest.GetNamespace()) + objMeta.SetGroupVersionKind(manifest.GetObjectKind().GroupVersionKind()) + objMeta.SetFinalizers(manifest.GetFinalizers()) return objMeta } -func (r *Reconciler) initialize(obj Object) error { - status := obj.GetStatus() +func (r *Reconciler) initialize(manifest *v1beta2.Manifest) error { + status := manifest.GetStatus() for _, condition := range []apimetav1.Condition{ - newResourcesCondition(obj), - newInstallationCondition(obj), + newResourcesCondition(manifest), + newInstallationCondition(manifest), } { if meta.FindStatusCondition(status.Conditions, condition.Type) == nil { meta.SetStatusCondition(&status.Conditions, condition) @@ -282,64 +290,56 @@ func (r *Reconciler) initialize(obj Object) error { } if status.State == "" { - obj.SetStatus(status.WithState(shared.StateProcessing).WithErr(ErrObjectHasEmptyState)) + manifest.SetStatus(status.WithState(shared.StateProcessing).WithErr(ErrObjectHasEmptyState)) return ErrObjectHasEmptyState } - obj.SetStatus(status) + manifest.SetStatus(status) return nil } -func (r *Reconciler) Spec(ctx context.Context, obj Object) (*Spec, error) { - spec, err := r.SpecResolver.Spec(ctx, obj) - if err != nil { - obj.SetStatus(obj.GetStatus().WithState(shared.StateError).WithErr(err)) - } - return spec, err -} - func (r *Reconciler) renderResources( ctx context.Context, - clnt Client, - obj Object, + skrClient Client, + manifest *v1beta2.Manifest, spec *Spec, ) ([]*resource.Info, []*resource.Info, error) { - resourceCondition := newResourcesCondition(obj) - status := obj.GetStatus() + resourceCondition := newResourcesCondition(manifest) + status := manifest.GetStatus() var err error var target, current ResourceList - converter := NewResourceToInfoConverter(ResourceInfoConverter(clnt), r.Namespace) + converter := NewResourceToInfoConverter(ResourceInfoConverter(skrClient), apimetav1.NamespaceDefault) - if target, err = r.renderTargetResources(ctx, clnt, converter, obj, spec); err != nil { - obj.SetStatus(status.WithState(shared.StateError).WithErr(err)) + if target, err = r.renderTargetResources(ctx, skrClient, converter, manifest, spec); err != nil { + manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return nil, nil, err } current, err = converter.ResourcesToInfos(status.Synced) if err != nil { - obj.SetStatus(status.WithState(shared.StateError).WithErr(err)) + manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return nil, nil, err } if !meta.IsStatusConditionTrue(status.Conditions, resourceCondition.Type) { resourceCondition.Status = apimetav1.ConditionTrue meta.SetStatusCondition(&status.Conditions, resourceCondition) - obj.SetStatus(status.WithOperation(resourceCondition.Message)) + manifest.SetStatus(status.WithOperation(resourceCondition.Message)) } return target, current, nil } -func (r *Reconciler) syncResources(ctx context.Context, clnt Client, obj Object, +func (r *Reconciler) syncResources(ctx context.Context, clnt Client, manifest *v1beta2.Manifest, target []*resource.Info, ) error { - status := obj.GetStatus() + status := manifest.GetStatus() - if err := ConcurrentSSA(clnt, r.FieldOwner).Run(ctx, target); err != nil { - obj.SetStatus(status.WithState(shared.StateError).WithErr(err)) + if err := ConcurrentSSA(clnt, defaultFieldOwner).Run(ctx, target); err != nil { + manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return err } @@ -348,27 +348,27 @@ func (r *Reconciler) syncResources(ctx context.Context, clnt Client, obj Object, status.Synced = newSynced if hasDiff(oldSynced, newSynced) { - if obj.GetDeletionTimestamp().IsZero() { - obj.SetStatus(status.WithState(shared.StateProcessing).WithOperation(ErrWarningResourceSyncStateDiff.Error())) + if manifest.GetDeletionTimestamp().IsZero() { + manifest.SetStatus(status.WithState(shared.StateProcessing).WithOperation(ErrWarningResourceSyncStateDiff.Error())) } else if status.State != shared.StateWarning { - obj.SetStatus(status.WithState(shared.StateDeleting).WithOperation(ErrWarningResourceSyncStateDiff.Error())) + manifest.SetStatus(status.WithState(shared.StateDeleting).WithOperation(ErrWarningResourceSyncStateDiff.Error())) } return ErrWarningResourceSyncStateDiff } for i := range r.PostRuns { - if err := r.PostRuns[i](ctx, clnt, r.Client, obj); err != nil { - obj.SetStatus(status.WithState(shared.StateError).WithErr(err)) + if err := r.PostRuns[i](ctx, clnt, r.Client, manifest); err != nil { + manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return err } } deploymentState, err := r.checkDeploymentState(ctx, clnt, target) if err != nil { - obj.SetStatus(status.WithState(shared.StateError).WithErr(err)) + manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return err } - return r.setManifestState(obj, deploymentState) + return r.setManifestState(manifest, deploymentState) } func hasDiff(oldResources []shared.Resource, newResources []shared.Resource) bool { @@ -409,7 +409,7 @@ func (r *Reconciler) checkDeploymentState( return deploymentState, nil } -func (r *Reconciler) setManifestState(manifest Object, state shared.State) error { +func (r *Reconciler) setManifestState(manifest *v1beta2.Manifest, state shared.State) error { status := manifest.GetStatus() if state == shared.StateProcessing { @@ -435,12 +435,12 @@ func (r *Reconciler) setManifestState(manifest Object, state shared.State) error return nil } -func (r *Reconciler) removeModuleCR(ctx context.Context, clnt Client, obj Object) error { - if !obj.GetDeletionTimestamp().IsZero() { +func (r *Reconciler) removeModuleCR(ctx context.Context, clnt Client, manifest *v1beta2.Manifest) error { + if !manifest.GetDeletionTimestamp().IsZero() { for _, preDelete := range r.PreDeletes { - if err := preDelete(ctx, clnt, r.Client, obj); err != nil { + if err := preDelete(ctx, clnt, r.Client, manifest); err != nil { // we do not set a status here since it will be deleting if timestamp is set. - obj.SetStatus(obj.GetStatus().WithErr(err)) + manifest.SetStatus(manifest.GetStatus().WithErr(err)) return err } } @@ -450,13 +450,13 @@ func (r *Reconciler) removeModuleCR(ctx context.Context, clnt Client, obj Object func (r *Reconciler) renderTargetResources( ctx context.Context, - clnt client.Client, + skrClient client.Client, converter ResourceToInfoConverter, - obj Object, + manifest *v1beta2.Manifest, spec *Spec, ) ([]*resource.Info, error) { - if !obj.GetDeletionTimestamp().IsZero() { - deleted, err := r.DeletionCheck.Run(ctx, clnt, obj) + if !manifest.GetDeletionTimestamp().IsZero() { + deleted, err := checkCRDeletion(ctx, skrClient, manifest) if err != nil { return nil, err } @@ -465,99 +465,119 @@ func (r *Reconciler) renderTargetResources( } } - status := obj.GetStatus() + status := manifest.GetStatus() targetResources, err := r.ManifestParser.Parse(spec) if err != nil { - obj.SetStatus(status.WithState(shared.StateError).WithErr(err)) + manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return nil, err } for _, transform := range r.PostRenderTransforms { - if err := transform(ctx, obj, targetResources.Items); err != nil { - obj.SetStatus(status.WithState(shared.StateError).WithErr(err)) + if err := transform(ctx, manifest, targetResources.Items); err != nil { + manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return nil, err } } target, err := converter.UnstructuredToInfos(targetResources.Items) if err != nil { - obj.SetStatus(status.WithState(shared.StateError).WithErr(err)) + manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return nil, err } return target, nil } +func checkCRDeletion(ctx context.Context, skrClient client.Client, manifest *v1beta2.Manifest) (bool, error) { + if manifest.Spec.Resource == nil { + return true, nil + } + + name := manifest.Spec.Resource.GetName() + namespace := manifest.Spec.Resource.GetNamespace() + gvk := manifest.Spec.Resource.GroupVersionKind() + + resourceCR := &unstructured.Unstructured{} + resourceCR.SetGroupVersionKind(schema.GroupVersionKind{ + Group: gvk.Group, + Version: gvk.Version, + Kind: gvk.Kind, + }) + + if err := skrClient.Get(ctx, + client.ObjectKey{Name: name, Namespace: namespace}, resourceCR); err != nil { + if util.IsNotFound(err) { + return true, nil + } + return false, fmt.Errorf("%w: failed to fetch default resource CR", err) + } + return false, nil +} + func (r *Reconciler) pruneDiff( ctx context.Context, clnt Client, - obj Object, + manifest *v1beta2.Manifest, current, target []*resource.Info, spec *Spec, ) error { diff, err := pruneResource(ResourceList(current).Difference(target), "Namespace", namespaceNotBeRemoved) if err != nil { - obj.SetStatus(obj.GetStatus().WithErr(err)) + manifest.SetStatus(manifest.GetStatus().WithErr(err)) return err } if len(diff) == 0 { return nil } - if manifestNotInDeletingAndOciRefNotChangedButDiffDetected(diff, obj, spec) { + if manifestNotInDeletingAndOciRefNotChangedButDiffDetected(diff, manifest, spec) { // This case should not happen normally, but if happens, it means the resources read from cache is incomplete, // and we should prevent diff resources to be deleted. // Meanwhile, evict cache to hope newly created resources back to normal. - obj.SetStatus(obj.GetStatus().WithState(shared.StateWarning).WithOperation(ErrResourceSyncDiffInSameOCILayer.Error())) + manifest.SetStatus(manifest.GetStatus().WithState(shared.StateWarning).WithOperation(ErrResourceSyncDiffInSameOCILayer.Error())) r.ManifestParser.EvictCache(spec) return ErrResourceSyncDiffInSameOCILayer } - // Remove this type casting while in progress this issue: https://github.com/kyma-project/lifecycle-manager/issues/1006 - manifest, ok := obj.(*v1beta2.Manifest) - if !ok { - obj.SetStatus(obj.GetStatus().WithErr(v1beta2.ErrTypeAssertManifest)) - return v1beta2.ErrTypeAssertManifest - } err = resources.NewConcurrentCleanup(clnt, manifest).DeleteDiffResources(ctx, diff) if err != nil { - obj.SetStatus(obj.GetStatus().WithErr(err)) + manifest.SetStatus(manifest.GetStatus().WithErr(err)) } return err } -func manifestNotInDeletingAndOciRefNotChangedButDiffDetected(diff []*resource.Info, obj Object, +func manifestNotInDeletingAndOciRefNotChangedButDiffDetected(diff []*resource.Info, manifest *v1beta2.Manifest, spec *Spec, ) bool { - return len(diff) > 0 && ociRefNotChanged(obj, spec.OCIRef) && obj.GetDeletionTimestamp().IsZero() + return len(diff) > 0 && ociRefNotChanged(manifest, spec.OCIRef) && manifest.GetDeletionTimestamp().IsZero() } -func ociRefNotChanged(obj Object, ref string) bool { - syncedOCIRef, found := obj.GetAnnotations()[SyncedOCIRefAnnotation] +func ociRefNotChanged(manifest *v1beta2.Manifest, ref string) bool { + syncedOCIRef, found := manifest.GetAnnotations()[SyncedOCIRefAnnotation] return found && syncedOCIRef == ref } -func requireUpdateSyncedOCIRefAnnotation(obj Object, ref string) bool { - syncedOCIRef, found := obj.GetAnnotations()[SyncedOCIRefAnnotation] +func requireUpdateSyncedOCIRefAnnotation(manifest *v1beta2.Manifest, ref string) bool { + syncedOCIRef, found := manifest.GetAnnotations()[SyncedOCIRefAnnotation] if found && syncedOCIRef != ref { return true } return false } -func notContainsSyncedOCIRefAnnotation(obj Object) bool { - _, found := obj.GetAnnotations()[SyncedOCIRefAnnotation] +func notContainsSyncedOCIRefAnnotation(manifest *v1beta2.Manifest) bool { + _, found := manifest.GetAnnotations()[SyncedOCIRefAnnotation] return !found } -func updateSyncedOCIRefAnnotation(obj Object, ref string) { - annotations := obj.GetAnnotations() +func updateSyncedOCIRefAnnotation(manifest *v1beta2.Manifest, ref string) { + annotations := manifest.GetAnnotations() if annotations == nil { annotations = make(map[string]string) } annotations[SyncedOCIRefAnnotation] = ref - obj.SetAnnotations(annotations) + manifest.SetAnnotations(annotations) } func pruneResource(diff []*resource.Info, resourceType string, resourceName string) ([]*resource.Info, error) { @@ -574,42 +594,30 @@ func pruneResource(diff []*resource.Info, resourceType string, resourceName stri return diff, nil } -func (r *Reconciler) getTargetClient(ctx context.Context, obj Object) (Client, error) { +func (r *Reconciler) getTargetClient(ctx context.Context, manifest *v1beta2.Manifest) (Client, error) { var err error var clnt Client if r.ClientCacheKeyFn == nil { - return r.configClient(ctx, obj) + return r.configClient(ctx, manifest) } - clientsCacheKey, found := r.ClientCacheKeyFn(ctx, obj) + clientsCacheKey, found := r.ClientCacheKeyFn(ctx, manifest) if found { clnt = r.GetClient(clientsCacheKey) } if clnt == nil { - clnt, err = r.configClient(ctx, obj) + clnt, err = r.configClient(ctx, manifest) if err != nil { return nil, err } r.AddClient(clientsCacheKey, clnt) } - if r.Namespace != apimetav1.NamespaceNone && r.Namespace != apimetav1.NamespaceDefault { - err := clnt.Patch( - ctx, &apicorev1.Namespace{ - TypeMeta: apimetav1.TypeMeta{APIVersion: "v1", Kind: "Namespace"}, - ObjectMeta: apimetav1.ObjectMeta{Name: r.Namespace}, - }, client.Apply, client.ForceOwnership, r.FieldOwner, - ) - if err != nil { - return nil, fmt.Errorf("failed to patch namespace: %w", err) - } - } - return clnt, nil } -func (r *Reconciler) configClient(ctx context.Context, obj Object) (Client, error) { +func (r *Reconciler) configClient(ctx context.Context, manifest *v1beta2.Manifest) (Client, error) { var err error cluster := &ClusterInfo{ @@ -618,7 +626,7 @@ func (r *Reconciler) configClient(ctx context.Context, obj Object) (Client, erro } if r.TargetCluster != nil { - cluster, err = r.TargetCluster(ctx, obj) + cluster, err = r.TargetCluster(ctx, manifest) if err != nil { return nil, err } @@ -632,11 +640,11 @@ func (r *Reconciler) configClient(ctx context.Context, obj Object) (Client, erro return clnt, nil } -func (r *Reconciler) finishReconcile(ctx context.Context, obj Object, +func (r *Reconciler) finishReconcile(ctx context.Context, manifest *v1beta2.Manifest, requeueReason metrics.ManifestRequeueReason, previousStatus shared.Status, originalErr error, ) (ctrl.Result, error) { - if err := r.patchStatusIfDiffExist(ctx, obj, previousStatus); err != nil { - r.Event(obj, "Warning", "PatchStatus", err.Error()) + if err := r.patchStatusIfDiffExist(ctx, manifest, previousStatus); err != nil { + r.Event(manifest, "Warning", "PatchStatus", err.Error()) return ctrl.Result{}, fmt.Errorf("failed to patch status: %w", err) } if originalErr != nil { @@ -647,10 +655,10 @@ func (r *Reconciler) finishReconcile(ctx context.Context, obj Object, return ctrl.Result{RequeueAfter: r.Success}, nil } -func (r *Reconciler) patchStatusIfDiffExist(ctx context.Context, obj Object, previousStatus shared.Status) error { - if hasStatusDiff(obj.GetStatus(), previousStatus) { - resetNonPatchableField(obj) - if err := r.Status().Patch(ctx, obj, client.Apply, client.ForceOwnership, r.FieldOwner); err != nil { +func (r *Reconciler) patchStatusIfDiffExist(ctx context.Context, manifest *v1beta2.Manifest, previousStatus shared.Status) error { + if hasStatusDiff(manifest.GetStatus(), previousStatus) { + resetNonPatchableField(manifest) + if err := r.Status().Patch(ctx, manifest, client.Apply, client.ForceOwnership, defaultFieldOwner); err != nil { return fmt.Errorf("failed to patch status: %w", err) } } @@ -667,7 +675,7 @@ func (r *Reconciler) ssaSpec(ctx context.Context, obj client.Object, ) (ctrl.Result, error) { resetNonPatchableField(obj) r.ManifestMetrics.RecordRequeueReason(requeueReason, queue.IntendedRequeue) - if err := r.Patch(ctx, obj, client.Apply, client.ForceOwnership, r.FieldOwner); err != nil { + if err := r.Patch(ctx, obj, client.Apply, client.ForceOwnership, defaultFieldOwner); err != nil { r.Event(obj, "Warning", "PatchObject", err.Error()) return ctrl.Result{}, fmt.Errorf("failed to patch object: %w", err) } @@ -700,10 +708,10 @@ func (r *Reconciler) recordReconciliationDuration(startTime time.Time, name stri } } -func (r *Reconciler) cleanUpMandatoryModuleMetrics(obj Object) { - if obj.GetLabels()[shared.IsMandatoryModule] == strconv.FormatBool(true) { - kymaName := obj.GetLabels()[shared.KymaName] - moduleName := obj.GetLabels()[shared.ModuleName] +func (r *Reconciler) cleanUpMandatoryModuleMetrics(manifest *v1beta2.Manifest) { + if manifest.GetLabels()[shared.IsMandatoryModule] == strconv.FormatBool(true) { + kymaName := manifest.GetLabels()[shared.KymaName] + moduleName := manifest.GetLabels()[shared.ModuleName] r.MandatoryModuleMetrics.CleanupMetrics(kymaName, moduleName) } } diff --git a/internal/declarative/v2/spec.go b/internal/declarative/v2/spec.go index e012e5f05b..6e3044bf8e 100644 --- a/internal/declarative/v2/spec.go +++ b/internal/declarative/v2/spec.go @@ -2,47 +2,16 @@ package v2 import ( "context" + + "github.com/kyma-project/lifecycle-manager/api/v1beta2" ) type SpecResolver interface { - Spec(ctx context.Context, object Object) (*Spec, error) + GetSpec(ctx context.Context, manifest *v1beta2.Manifest) (*Spec, error) } -type RenderMode string - -const ( - RenderModeRaw RenderMode = "raw" -) - type Spec struct { ManifestName string Path string OCIRef string - Mode RenderMode -} - -func DefaultSpec(path, ociref string, mode RenderMode) *CustomSpecFns { - return &CustomSpecFns{ - ManifestNameFn: func(_ context.Context, obj Object) string { return obj.GetName() }, - PathFn: func(_ context.Context, _ Object) string { return path }, - OCIRefFn: func(_ context.Context, _ Object) string { return ociref }, - ModeFn: func(_ context.Context, _ Object) RenderMode { return mode }, - } -} - -// CustomSpecFns is a simple static resolver that always uses the same chart and values. -type CustomSpecFns struct { - ManifestNameFn func(ctx context.Context, obj Object) string - PathFn func(ctx context.Context, obj Object) string - OCIRefFn func(ctx context.Context, obj Object) string - ModeFn func(ctx context.Context, obj Object) RenderMode -} - -func (s *CustomSpecFns) Spec(ctx context.Context, obj Object) (*Spec, error) { - return &Spec{ - ManifestName: s.ManifestNameFn(ctx, obj), - Path: s.PathFn(ctx, obj), - OCIRef: s.OCIRefFn(ctx, obj), - Mode: s.ModeFn(ctx, obj), - }, nil } diff --git a/internal/manifest/cr_deletion_check.go b/internal/manifest/cr_deletion_check.go deleted file mode 100644 index d694dcd83a..0000000000 --- a/internal/manifest/cr_deletion_check.go +++ /dev/null @@ -1,55 +0,0 @@ -package manifest - -import ( - "context" - "fmt" - - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/kyma-project/lifecycle-manager/api/v1beta2" - declarativev2 "github.com/kyma-project/lifecycle-manager/internal/declarative/v2" - "github.com/kyma-project/lifecycle-manager/pkg/util" -) - -// NewModuleCRDeletionCheck creates a check that verifies that the Resource CR in the remote cluster is deleted. -func NewModuleCRDeletionCheck() *ModuleCRDeletionCheck { - return &ModuleCRDeletionCheck{} -} - -type ModuleCRDeletionCheck struct{} - -func (c *ModuleCRDeletionCheck) Run( - ctx context.Context, - clnt client.Client, - obj declarativev2.Object, -) (bool, error) { - manifest, ok := obj.(*v1beta2.Manifest) - if !ok { - return false, v1beta2.ErrTypeAssertManifest - } - if manifest.Spec.Resource == nil { - return true, nil - } - - name := manifest.Spec.Resource.GetName() - namespace := manifest.Spec.Resource.GetNamespace() - gvk := manifest.Spec.Resource.GroupVersionKind() - - resourceCR := &unstructured.Unstructured{} - resourceCR.SetGroupVersionKind(schema.GroupVersionKind{ - Group: gvk.Group, - Version: gvk.Version, - Kind: gvk.Kind, - }) - - if err := clnt.Get(ctx, - client.ObjectKey{Name: name, Namespace: namespace}, resourceCR); err != nil { - if util.IsNotFound(err) { - return true, nil - } - return false, fmt.Errorf("%w: failed to fetch default resource CR", err) - } - return false, nil -} diff --git a/internal/manifest/custom_resource.go b/internal/manifest/custom_resource.go index 6f9513b6ce..b97f9f2323 100644 --- a/internal/manifest/custom_resource.go +++ b/internal/manifest/custom_resource.go @@ -31,7 +31,7 @@ func PostRunCreateCR( } resource := manifest.Spec.Resource.DeepCopy() - err := skr.Create(ctx, resource, client.FieldOwner(declarativev2.CustomResourceManager)) + err := skr.Create(ctx, resource, client.FieldOwner(declarativev2.CustomResourceManagerFinalizer)) if err != nil && !apierrors.IsAlreadyExists(err) { return fmt.Errorf("failed to create resource: %w", err) } @@ -41,9 +41,9 @@ func PostRunCreateCR( oMeta.SetGroupVersionKind(obj.GetObjectKind().GroupVersionKind()) oMeta.SetNamespace(obj.GetNamespace()) oMeta.SetFinalizers(obj.GetFinalizers()) - if added := controllerutil.AddFinalizer(oMeta, declarativev2.CustomResourceManager); added { + if added := controllerutil.AddFinalizer(oMeta, declarativev2.CustomResourceManagerFinalizer); added { if err := kcp.Patch( - ctx, oMeta, client.Apply, client.ForceOwnership, client.FieldOwner(declarativev2.CustomResourceManager), + ctx, oMeta, client.Apply, client.ForceOwnership, client.FieldOwner(declarativev2.CustomResourceManagerFinalizer), ); err != nil { return fmt.Errorf("failed to patch resource: %w", err) } @@ -83,9 +83,9 @@ func PreDeleteDeleteCR( if err != nil { return fmt.Errorf("failed to fetch resource: %w", err) } - if removed := controllerutil.RemoveFinalizer(onCluster, declarativev2.CustomResourceManager); removed { + if removed := controllerutil.RemoveFinalizer(onCluster, declarativev2.CustomResourceManagerFinalizer); removed { if err := kcp.Update( - ctx, onCluster, client.FieldOwner(declarativev2.CustomResourceManager), + ctx, onCluster, client.FieldOwner(declarativev2.CustomResourceManagerFinalizer), ); err != nil { return fmt.Errorf("failed to update resource: %w", err) } diff --git a/internal/manifest/spec_resolver.go b/internal/manifest/spec_resolver.go index 1066e3b9d4..c13362c1aa 100644 --- a/internal/manifest/spec_resolver.go +++ b/internal/manifest/spec_resolver.go @@ -4,8 +4,6 @@ import ( "context" "errors" "fmt" - "os" - "reflect" "github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/v1/google" @@ -17,74 +15,32 @@ import ( "github.com/kyma-project/lifecycle-manager/pkg/ocmextensions" ) -// RawManifestInfo defines raw manifest information. -type RawManifestInfo struct { - Path string - OCIRef string -} - type SpecResolver struct { - KCP *declarativev2.ClusterInfo + kcpClient client.Client manifestPathExtractor *PathExtractor - ChartCache string - cachedCharts map[string]string } -func NewSpecResolver(kcp *declarativev2.ClusterInfo, extractor *PathExtractor) *SpecResolver { +func NewSpecResolver(kcpClient client.Client, extractor *PathExtractor) *SpecResolver { return &SpecResolver{ - KCP: kcp, + kcpClient: kcpClient, manifestPathExtractor: extractor, - ChartCache: os.TempDir(), - cachedCharts: make(map[string]string), } } -var ( - ErrRenderModeInvalid = errors.New("render mode is invalid") - ErrInvalidObjectPassedToSpecResolution = errors.New("invalid object passed to spec resolution") -) - -func (s *SpecResolver) Spec(ctx context.Context, obj declarativev2.Object) (*declarativev2.Spec, error) { - manifest, ok := obj.(*v1beta2.Manifest) - if !ok { - return nil, fmt.Errorf( - "invalid type %s: %w", reflect.TypeOf(obj), - ErrInvalidObjectPassedToSpecResolution, - ) - } +var errRenderModeInvalid = errors.New("render mode is invalid") +func (s *SpecResolver) GetSpec(ctx context.Context, manifest *v1beta2.Manifest) (*declarativev2.Spec, error) { var imageSpec v1beta2.ImageSpec if err := yaml.Unmarshal(manifest.Spec.Install.Source.Raw, &imageSpec); err != nil { return nil, fmt.Errorf("failed to unmarshal data: %w", err) } - var mode declarativev2.RenderMode - switch imageSpec.Type { - case v1beta2.OciRefType: - mode = declarativev2.RenderModeRaw - default: + if imageSpec.Type != v1beta2.OciRefType { return nil, fmt.Errorf("could not determine render mode for %s: %w", - client.ObjectKeyFromObject(manifest), ErrRenderModeInvalid) + client.ObjectKeyFromObject(manifest), errRenderModeInvalid) } - rawManifestInfo, err := s.getRawManifestForInstall(ctx, imageSpec, s.KCP.Client) - if err != nil { - return nil, err - } - - return &declarativev2.Spec{ - ManifestName: manifest.Spec.Install.Name, - Path: rawManifestInfo.Path, - OCIRef: rawManifestInfo.OCIRef, - Mode: mode, - }, nil -} - -func (s *SpecResolver) getRawManifestForInstall(ctx context.Context, - imageSpec v1beta2.ImageSpec, - targetClient client.Client, -) (*RawManifestInfo, error) { - keyChain, err := s.lookupKeyChain(ctx, imageSpec, targetClient) + keyChain, err := s.lookupKeyChain(ctx, imageSpec) if err != nil { return nil, fmt.Errorf("failed to fetch keyChain: %w", err) } @@ -93,23 +49,22 @@ func (s *SpecResolver) getRawManifestForInstall(ctx context.Context, if err != nil { return nil, fmt.Errorf("failed to extract raw manifest from layer digest: %w", err) } - return &RawManifestInfo{ - Path: rawManifestPath, - OCIRef: imageSpec.Ref, + + return &declarativev2.Spec{ + ManifestName: manifest.Spec.Install.Name, + Path: rawManifestPath, + OCIRef: imageSpec.Ref, }, nil } -func (s *SpecResolver) lookupKeyChain( - ctx context.Context, imageSpec v1beta2.ImageSpec, targetClient client.Client, -) (authn.Keychain, error) { +func (s *SpecResolver) lookupKeyChain(ctx context.Context, imageSpec v1beta2.ImageSpec) (authn.Keychain, error) { var keyChain authn.Keychain var err error - if imageSpec.CredSecretSelector != nil { - if keyChain, err = ocmextensions.GetAuthnKeychain(ctx, imageSpec.CredSecretSelector, targetClient); err != nil { - return nil, err - } - } else { + if imageSpec.CredSecretSelector == nil { keyChain = authn.DefaultKeychain + } else if keyChain, err = ocmextensions.GetAuthnKeychain(ctx, imageSpec.CredSecretSelector, s.kcpClient); err != nil { + return nil, err } + return authn.NewMultiKeychain(google.Keychain, keyChain), nil } diff --git a/tests/integration/controller/manifest/custom_resource_check/suite_test.go b/tests/integration/controller/manifest/custom_resource_check/suite_test.go index 2d4ee5533f..39ae7f4576 100644 --- a/tests/integration/controller/manifest/custom_resource_check/suite_test.go +++ b/tests/integration/controller/manifest/custom_resource_check/suite_test.go @@ -136,14 +136,13 @@ var _ = BeforeSuite(func() { kcp := &declarativev2.ClusterInfo{Config: cfg, Client: kcpClient} extractor := manifest.NewPathExtractor(nil) - reconciler = declarativev2.NewFromManager(mgr, &v1beta2.Manifest{}, queue.RequeueIntervals{ + reconciler = declarativev2.NewFromManager(mgr, queue.RequeueIntervals{ Success: 1 * time.Second, Error: 1 * time.Second, }, metrics.NewManifestMetrics(metrics.NewSharedMetrics()), metrics.NewMandatoryModulesMetrics(), - declarativev2.WithSpecResolver( - manifest.NewSpecResolver(kcp, extractor), - ), declarativev2.WithRemoteTargetCluster( + manifest.NewSpecResolver(kcp.Client, extractor), + declarativev2.WithRemoteTargetCluster( func(_ context.Context, _ declarativev2.Object) (*declarativev2.ClusterInfo, error) { return &declarativev2.ClusterInfo{Config: authUser.Config()}, nil }, diff --git a/tests/integration/controller/manifest/suite_test.go b/tests/integration/controller/manifest/suite_test.go index 4990d4b878..f8ce48125e 100644 --- a/tests/integration/controller/manifest/suite_test.go +++ b/tests/integration/controller/manifest/suite_test.go @@ -133,13 +133,12 @@ var _ = BeforeSuite(func() { kcp := &declarativev2.ClusterInfo{Config: cfg, Client: kcpClient} extractor := manifest.NewPathExtractor(nil) - reconciler = declarativev2.NewFromManager(mgr, &v1beta2.Manifest{}, queue.RequeueIntervals{ + reconciler = declarativev2.NewFromManager(mgr, queue.RequeueIntervals{ Success: 1 * time.Second, Busy: 1 * time.Second, }, metrics.NewManifestMetrics(metrics.NewSharedMetrics()), metrics.NewMandatoryModulesMetrics(), - declarativev2.WithSpecResolver( - manifest.NewSpecResolver(kcp, extractor), - ), declarativev2.WithRemoteTargetCluster( + manifest.NewSpecResolver(kcp.Client, extractor), + declarativev2.WithRemoteTargetCluster( func(_ context.Context, _ declarativev2.Object) (*declarativev2.ClusterInfo, error) { return &declarativev2.ClusterInfo{Config: authUser.Config()}, nil }, From 7988224cbca714a08a108f843d9ae9139d403f8b Mon Sep 17 00:00:00 2001 From: Xin Ruan Date: Mon, 15 Jul 2024 15:49:35 +0200 Subject: [PATCH 08/26] chore: Update Protecode (#1683) update protecode --- sec-scanners-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sec-scanners-config.yaml b/sec-scanners-config.yaml index 958ea56d8b..973ad4bec0 100644 --- a/sec-scanners-config.yaml +++ b/sec-scanners-config.yaml @@ -1,7 +1,7 @@ module-name: lifecycle-manager protecode: - europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:latest - - europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:1.0.0 + - europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:1.1.0 whitesource: language: golang-mod exclude: From 618673e01cf462189cb2a1bbc326c2aad8a9bdd1 Mon Sep 17 00:00:00 2001 From: Xin Ruan Date: Thu, 18 Jul 2024 16:00:39 +0200 Subject: [PATCH 09/26] chore: Refactor NewCachedDescriptorProvider (#1695) * remove parameter for NewCachedDescriptorProvider * fix dead link * adjust unit test coverage * fix flaky test --- .golangci.yaml | 2 +- cmd/main.go | 9 ++++--- .../01-10-control-plane-quick-start.md | 4 ++- internal/descriptor/provider/provider.go | 19 ++++++-------- internal/descriptor/provider/provider_test.go | 25 ++++++++++--------- pkg/testutils/kyma.go | 5 ++++ pkg/testutils/moduletemplate.go | 4 +-- .../moduletemplate_crd_validation_test.go | 2 +- .../controller/eventfilters/suite_test.go | 5 ++-- .../controller/kcp/remote_sync_test.go | 5 ++-- .../integration/controller/kcp/suite_test.go | 9 +++---- .../integration/controller/kyma/suite_test.go | 2 +- .../mandatorymodule/deletion/suite_test.go | 2 +- .../installation/suite_test.go | 2 +- .../controller/withwatcher/suite_test.go | 2 +- unit-test-coverage.yaml | 2 +- 16 files changed, 52 insertions(+), 47 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index d5c184f292..a9d6a735c1 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -190,7 +190,7 @@ issues: linters: [ gci ] # Disable gci due to the test utilities dot import. - path: tests/integration/declarative/declarative_test.go linters: [ gci ] # Disable gci due to the test utilities dot import. - - path: tests/integration/controller/(controlplane|eventfilters|kyma|withwatcher|purge|mandatorymodule)/(.*)_test.go + - path: tests/integration/controller/(eventfilters|kyma|withwatcher|purge|mandatorymodule|kcp)/(.*)_test.go linters: [ gci ] # Disable gci due to the test utilities dot import. - linters: - importas diff --git a/cmd/main.go b/cmd/main.go index 45323217d1..c1ba929591 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -177,10 +177,11 @@ func setupManager(flagVar *flags.FlagVar, cacheOptions cache.Options, scheme *ma } sharedMetrics := metrics.NewSharedMetrics() - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() kymaMetrics := metrics.NewKymaMetrics(sharedMetrics) mandatoryModulesMetrics := metrics.NewMandatoryModulesMetrics() - setupKymaReconciler(mgr, descriptorProvider, skrContextProvider, eventRecorder, flagVar, options, skrWebhookManager, kymaMetrics, + setupKymaReconciler(mgr, descriptorProvider, skrContextProvider, eventRecorder, flagVar, options, skrWebhookManager, + kymaMetrics, setupLog) setupManifestReconciler(mgr, flagVar, options, sharedMetrics, mandatoryModulesMetrics, setupLog) setupMandatoryModuleReconciler(mgr, descriptorProvider, flagVar, options, mandatoryModulesMetrics, setupLog) @@ -315,7 +316,9 @@ func setupKymaReconciler(mgr ctrl.Manager, } } -func createSkrWebhookManager(mgr ctrl.Manager, skrContextFactory remote.SkrContextProvider, flagVar *flags.FlagVar) (*watcher.SKRWebhookManifestManager, error) { +func createSkrWebhookManager(mgr ctrl.Manager, skrContextFactory remote.SkrContextProvider, + flagVar *flags.FlagVar, +) (*watcher.SKRWebhookManifestManager, error) { caCertificateCache := watcher.NewCACertificateCache(flagVar.CaCertCacheTTL) config := watcher.SkrWebhookManagerConfig{ SKRWatcherPath: flagVar.WatcherResourcesPath, diff --git a/docs/user-tutorials/01-10-control-plane-quick-start.md b/docs/user-tutorials/01-10-control-plane-quick-start.md index d7506fe4f7..8cc8354d40 100644 --- a/docs/user-tutorials/01-10-control-plane-quick-start.md +++ b/docs/user-tutorials/01-10-control-plane-quick-start.md @@ -39,7 +39,9 @@ To use Lifecycle Manager in a local setup, you need the following prerequisites: kubectl apply -f https://raw.githubusercontent.com/prometheus-community/helm-charts/main/charts/kube-prometheus-stack/charts/crds/crds/crd-servicemonitors.yaml ``` -You can also follow the official [Prometheus Operator quick start](https://prometheus-operator.dev/docs/getting-started/quick-start/) guide to deploy a full set of Prometheus Operator features into your cluster. +You can also follow the +official [Prometheus Operator quick start](https://prometheus-operator.dev/docs/getting-started/) guide to deploy a full +set of Prometheus Operator features into your cluster. ### Deploy Lifecycle Manager diff --git a/internal/descriptor/provider/provider.go b/internal/descriptor/provider/provider.go index 138d10d3db..786dddae7a 100644 --- a/internal/descriptor/provider/provider.go +++ b/internal/descriptor/provider/provider.go @@ -17,17 +17,12 @@ var ( ) type CachedDescriptorProvider struct { - descriptorCache *cache.DescriptorCache + DescriptorCache *cache.DescriptorCache } -func NewCachedDescriptorProvider(descriptorCache *cache.DescriptorCache) *CachedDescriptorProvider { - if descriptorCache != nil { - return &CachedDescriptorProvider{ - descriptorCache: descriptorCache, - } - } +func NewCachedDescriptorProvider() *CachedDescriptorProvider { return &CachedDescriptorProvider{ - descriptorCache: cache.NewDescriptorCache(), + DescriptorCache: cache.NewDescriptorCache(), } } @@ -49,7 +44,7 @@ func (c *CachedDescriptorProvider) GetDescriptor(template *v1beta2.ModuleTemplat return desc, nil } key := cache.GenerateDescriptorKey(template) - descriptor := c.descriptorCache.Get(key) + descriptor := c.DescriptorCache.Get(key) if descriptor != nil { return descriptor, nil } @@ -75,7 +70,7 @@ func (c *CachedDescriptorProvider) Add(template *v1beta2.ModuleTemplate) error { return ErrTemplateNil } key := cache.GenerateDescriptorKey(template) - descriptor := c.descriptorCache.Get(key) + descriptor := c.DescriptorCache.Get(key) if descriptor != nil { return nil } @@ -83,7 +78,7 @@ func (c *CachedDescriptorProvider) Add(template *v1beta2.ModuleTemplate) error { if template.Spec.Descriptor.Object != nil { desc, ok := template.Spec.Descriptor.Object.(*v1beta2.Descriptor) if ok && desc != nil { - c.descriptorCache.Set(key, desc) + c.DescriptorCache.Set(key, desc) return nil } } @@ -101,6 +96,6 @@ func (c *CachedDescriptorProvider) Add(template *v1beta2.ModuleTemplate) error { return ErrTypeAssert } - c.descriptorCache.Set(key, descriptor) + c.DescriptorCache.Set(key, descriptor) return nil } diff --git a/internal/descriptor/provider/provider_test.go b/internal/descriptor/provider/provider_test.go index 3925d74772..b526e35bf0 100644 --- a/internal/descriptor/provider/provider_test.go +++ b/internal/descriptor/provider/provider_test.go @@ -14,7 +14,7 @@ import ( ) func TestGetDescriptor_OnEmptySpec_ReturnsErrDecode(t *testing.T) { - descriptorProvider := provider.NewCachedDescriptorProvider(nil) // assuming it handles nil cache internally + descriptorProvider := provider.NewCachedDescriptorProvider() template := &v1beta2.ModuleTemplate{} _, err := descriptorProvider.GetDescriptor(template) @@ -24,7 +24,7 @@ func TestGetDescriptor_OnEmptySpec_ReturnsErrDecode(t *testing.T) { } func TestAdd_OnNilTemplate_ReturnsErrTemplateNil(t *testing.T) { - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() err := descriptorProvider.Add(nil) @@ -33,7 +33,7 @@ func TestAdd_OnNilTemplate_ReturnsErrTemplateNil(t *testing.T) { } func TestGetDescriptor_OnNilTemplate_ReturnsErrTemplateNil(t *testing.T) { - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() _, err := descriptorProvider.GetDescriptor(nil) @@ -42,7 +42,7 @@ func TestGetDescriptor_OnNilTemplate_ReturnsErrTemplateNil(t *testing.T) { } func TestGetDescriptor_OnInvalidRawDescriptor_ReturnsErrDescriptorNil(t *testing.T) { - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() template := builder.NewModuleTemplateBuilder().WithRawDescriptor([]byte("invalid descriptor")).WithDescriptor(nil).Build() _, err := descriptorProvider.GetDescriptor(template) @@ -52,8 +52,7 @@ func TestGetDescriptor_OnInvalidRawDescriptor_ReturnsErrDescriptorNil(t *testing } func TestGetDescriptor_OnEmptyCache_ReturnsParsedDescriptor(t *testing.T) { - descriptorCache := cache.NewDescriptorCache() - descriptorProvider := provider.NewCachedDescriptorProvider(descriptorCache) + descriptorProvider := provider.NewCachedDescriptorProvider() template := builder.NewModuleTemplateBuilder().Build() _, err := descriptorProvider.GetDescriptor(template) @@ -62,7 +61,7 @@ func TestGetDescriptor_OnEmptyCache_ReturnsParsedDescriptor(t *testing.T) { } func TestAdd_OnInvalidRawDescriptor_ReturnsErrDecode(t *testing.T) { - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() template := builder.NewModuleTemplateBuilder().WithRawDescriptor([]byte("invalid descriptor")).WithDescriptor(nil).Build() err := descriptorProvider.Add(template) @@ -72,7 +71,7 @@ func TestAdd_OnInvalidRawDescriptor_ReturnsErrDecode(t *testing.T) { } func TestAdd_OnDescriptorTypeButNull_ReturnsNoError(t *testing.T) { - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() template := builder.NewModuleTemplateBuilder().WithDescriptor(&v1beta2.Descriptor{}).Build() err := descriptorProvider.Add(template) @@ -82,12 +81,14 @@ func TestAdd_OnDescriptorTypeButNull_ReturnsNoError(t *testing.T) { func TestGetDescriptor_OnEmptyCache_AddsDescriptorFromTemplate(t *testing.T) { descriptorCache := cache.NewDescriptorCache() - descriptorProvider := provider.NewCachedDescriptorProvider(descriptorCache) + descriptorProvider := provider.CachedDescriptorProvider{DescriptorCache: descriptorCache} expected := &v1beta2.Descriptor{ - ComponentDescriptor: &compdesc.ComponentDescriptor{Metadata: compdesc.Metadata{ - ConfiguredVersion: "v2", - }}, + ComponentDescriptor: &compdesc.ComponentDescriptor{ + Metadata: compdesc.Metadata{ + ConfiguredVersion: "v2", + }, + }, } template := builder.NewModuleTemplateBuilder().WithDescriptor(expected).Build() diff --git a/pkg/testutils/kyma.go b/pkg/testutils/kyma.go index 889de1f954..2a39eb5175 100644 --- a/pkg/testutils/kyma.go +++ b/pkg/testutils/kyma.go @@ -139,6 +139,11 @@ func EnableModule(ctx context.Context, if err != nil { return err } + for _, enabledModule := range kyma.Spec.Modules { + if enabledModule.Name == module.Name { + return nil + } + } kyma.Spec.Modules = append( kyma.Spec.Modules, module) err = clnt.Update(ctx, kyma) diff --git a/pkg/testutils/moduletemplate.go b/pkg/testutils/moduletemplate.go index 91f82fea18..b820dc36f9 100644 --- a/pkg/testutils/moduletemplate.go +++ b/pkg/testutils/moduletemplate.go @@ -18,7 +18,7 @@ func GetModuleTemplate(ctx context.Context, module v1beta2.Module, defaultChannel string, ) (*v1beta2.ModuleTemplate, error) { - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() templateLookup := templatelookup.NewTemplateLookup(clnt, descriptorProvider) templateInfo := templateLookup.GetAndValidate(ctx, module.Name, module.Channel, defaultChannel) if templateInfo.Err != nil { @@ -94,7 +94,7 @@ func ReadModuleVersionFromModuleTemplate(ctx context.Context, clnt client.Client return "", fmt.Errorf("failed to fetch ModuleTemplate: %w", err) } - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() ocmDesc, err := descriptorProvider.GetDescriptor(moduleTemplate) if err != nil { return "", fmt.Errorf("failed to get descriptor: %w", err) diff --git a/tests/integration/apiwebhook/moduletemplate_crd_validation_test.go b/tests/integration/apiwebhook/moduletemplate_crd_validation_test.go index 90d29e25de..843c13ab3c 100644 --- a/tests/integration/apiwebhook/moduletemplate_crd_validation_test.go +++ b/tests/integration/apiwebhook/moduletemplate_crd_validation_test.go @@ -77,7 +77,7 @@ var _ = Describe("Webhook ValidationCreate Strict", Ordered, func() { WithChannel(v1beta2.DefaultChannel). WithOCM(compdescv2.SchemaVersion).Build() Expect(k8sClient.Create(webhookServerContext, template)).Should(Succeed()) - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() descriptor, err := descriptorProvider.GetDescriptor(template) Expect(err).ToNot(HaveOccurred()) version, err := semver.NewVersion(descriptor.Version) diff --git a/tests/integration/controller/eventfilters/suite_test.go b/tests/integration/controller/eventfilters/suite_test.go index a249b7a928..cb2628c55e 100644 --- a/tests/integration/controller/eventfilters/suite_test.go +++ b/tests/integration/controller/eventfilters/suite_test.go @@ -34,6 +34,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/manager" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/kyma-project/lifecycle-manager/api" "github.com/kyma-project/lifecycle-manager/api/shared" "github.com/kyma-project/lifecycle-manager/internal" @@ -47,7 +49,6 @@ import ( "github.com/kyma-project/lifecycle-manager/pkg/queue" testskrcontext "github.com/kyma-project/lifecycle-manager/pkg/testutils/skrcontextimpl" "github.com/kyma-project/lifecycle-manager/tests/integration" - "sigs.k8s.io/controller-runtime/pkg/client" _ "github.com/open-component-model/ocm/pkg/contexts/ocm" @@ -142,7 +143,7 @@ var _ = BeforeSuite(func() { SkrContextFactory: testSkrContextFactory, Event: testEventRec, RequeueIntervals: intervals, - DescriptorProvider: provider.NewCachedDescriptorProvider(nil), + DescriptorProvider: provider.NewCachedDescriptorProvider(), SyncRemoteCrds: remote.NewSyncCrdsUseCase(kcpClient, testSkrContextFactory, nil), InKCPMode: false, RemoteSyncNamespace: flags.DefaultRemoteSyncNamespace, diff --git a/tests/integration/controller/kcp/remote_sync_test.go b/tests/integration/controller/kcp/remote_sync_test.go index 9fca8e7469..788ac42a85 100644 --- a/tests/integration/controller/kcp/remote_sync_test.go +++ b/tests/integration/controller/kcp/remote_sync_test.go @@ -15,9 +15,10 @@ import ( "github.com/kyma-project/lifecycle-manager/internal/pkg/flags" "github.com/kyma-project/lifecycle-manager/pkg/testutils/builder" - . "github.com/kyma-project/lifecycle-manager/pkg/testutils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + + . "github.com/kyma-project/lifecycle-manager/pkg/testutils" ) var ( @@ -223,7 +224,7 @@ func buildSkrKyma() *v1beta2.Kyma { func IsDescriptorCached(template *v1beta2.ModuleTemplate) bool { key := cache.GenerateDescriptorKey(template) - result := descriptorCache.Get(key) + result := descriptorProvider.DescriptorCache.Get(key) return result != nil } diff --git a/tests/integration/controller/kcp/suite_test.go b/tests/integration/controller/kcp/suite_test.go index 3b98f072ab..7e1a8d2118 100644 --- a/tests/integration/controller/kcp/suite_test.go +++ b/tests/integration/controller/kcp/suite_test.go @@ -40,7 +40,6 @@ import ( "github.com/kyma-project/lifecycle-manager/internal" "github.com/kyma-project/lifecycle-manager/internal/controller/kyma" "github.com/kyma-project/lifecycle-manager/internal/crd" - "github.com/kyma-project/lifecycle-manager/internal/descriptor/cache" "github.com/kyma-project/lifecycle-manager/internal/descriptor/provider" "github.com/kyma-project/lifecycle-manager/internal/event" "github.com/kyma-project/lifecycle-manager/internal/pkg/flags" @@ -48,12 +47,12 @@ import ( "github.com/kyma-project/lifecycle-manager/internal/remote" "github.com/kyma-project/lifecycle-manager/pkg/log" "github.com/kyma-project/lifecycle-manager/pkg/queue" + "github.com/kyma-project/lifecycle-manager/pkg/testutils" testskrcontext "github.com/kyma-project/lifecycle-manager/pkg/testutils/skrcontextimpl" "github.com/kyma-project/lifecycle-manager/tests/integration" _ "github.com/open-component-model/ocm/pkg/contexts/ocm" - . "github.com/kyma-project/lifecycle-manager/pkg/testutils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ) @@ -71,7 +70,6 @@ var ( ctx context.Context cancel context.CancelFunc cfg *rest.Config - descriptorCache *cache.DescriptorCache descriptorProvider *provider.CachedDescriptorProvider crdCache *crd.Cache ) @@ -88,7 +86,7 @@ var _ = BeforeSuite(func() { var err error By("bootstrapping test environment") - externalCRDs, err := AppendExternalCRDs( + externalCRDs, err := testutils.AppendExternalCRDs( filepath.Join(integration.GetProjectRoot(), "config", "samples", "tests", "crds"), "cert-manager-v1.10.1.crds.yaml", "istio-v1.17.1.crds.yaml") @@ -140,8 +138,7 @@ var _ = BeforeSuite(func() { testEventRec := event.NewRecorderWrapper(mgr.GetEventRecorderFor(shared.OperatorName)) testSkrContextFactory = testskrcontext.NewDualClusterFactory(kcpClient.Scheme(), testEventRec) - descriptorCache = cache.NewDescriptorCache() - descriptorProvider = provider.NewCachedDescriptorProvider(descriptorCache) + descriptorProvider = provider.NewCachedDescriptorProvider() crdCache = crd.NewCache(nil) err = (&kyma.Reconciler{ Client: kcpClient, diff --git a/tests/integration/controller/kyma/suite_test.go b/tests/integration/controller/kyma/suite_test.go index 5920854b7b..5d110d07d9 100644 --- a/tests/integration/controller/kyma/suite_test.go +++ b/tests/integration/controller/kyma/suite_test.go @@ -130,7 +130,7 @@ var _ = BeforeSuite(func() { Warning: 100 * time.Millisecond, } - descriptorProvider = provider.NewCachedDescriptorProvider(nil) + descriptorProvider = provider.NewCachedDescriptorProvider() kcpClient = mgr.GetClient() testEventRec := event.NewRecorderWrapper(mgr.GetEventRecorderFor(shared.OperatorName)) testSkrContextFactory := testskrcontext.NewSingleClusterFactory(kcpClient, mgr.GetConfig(), testEventRec) diff --git a/tests/integration/controller/mandatorymodule/deletion/suite_test.go b/tests/integration/controller/mandatorymodule/deletion/suite_test.go index 1795888e62..15163b843f 100644 --- a/tests/integration/controller/mandatorymodule/deletion/suite_test.go +++ b/tests/integration/controller/mandatorymodule/deletion/suite_test.go @@ -115,7 +115,7 @@ var _ = BeforeSuite(func() { Warning: 100 * time.Millisecond, } - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() reconciler = &mandatorymodule.DeletionReconciler{ Client: mgr.GetClient(), Event: event.NewRecorderWrapper(mgr.GetEventRecorderFor(shared.OperatorName)), diff --git a/tests/integration/controller/mandatorymodule/installation/suite_test.go b/tests/integration/controller/mandatorymodule/installation/suite_test.go index 781eea10f0..23240dfd7a 100644 --- a/tests/integration/controller/mandatorymodule/installation/suite_test.go +++ b/tests/integration/controller/mandatorymodule/installation/suite_test.go @@ -106,7 +106,7 @@ var _ = BeforeSuite(func() { Warning: 100 * time.Millisecond, } - descriptorProvider := provider.NewCachedDescriptorProvider(nil) + descriptorProvider := provider.NewCachedDescriptorProvider() reconciler = &mandatorymodule.InstallationReconciler{ Client: mgr.GetClient(), DescriptorProvider: descriptorProvider, diff --git a/tests/integration/controller/withwatcher/suite_test.go b/tests/integration/controller/withwatcher/suite_test.go index 65902930a8..3241563bfa 100644 --- a/tests/integration/controller/withwatcher/suite_test.go +++ b/tests/integration/controller/withwatcher/suite_test.go @@ -213,7 +213,7 @@ var _ = BeforeSuite(func() { Event: testEventRec, RequeueIntervals: intervals, SKRWebhookManager: skrWebhookChartManager, - DescriptorProvider: provider.NewCachedDescriptorProvider(nil), + DescriptorProvider: provider.NewCachedDescriptorProvider(), SyncRemoteCrds: remote.NewSyncCrdsUseCase(kcpClient, testSkrContextFactory, nil), RemoteSyncNamespace: flags.DefaultRemoteSyncNamespace, InKCPMode: true, diff --git a/unit-test-coverage.yaml b/unit-test-coverage.yaml index ab5f80c47b..6824037cfa 100644 --- a/unit-test-coverage.yaml +++ b/unit-test-coverage.yaml @@ -1,7 +1,7 @@ packages: internal/crd: 92 internal/descriptor/cache: 93 - internal/descriptor/provider: 68 + internal/descriptor/provider: 66 internal/event: 100 internal/manifest/filemutex: 100 internal/istio: 63 From 895587dfb0c3889a28f8beae1d749271366adef5 Mon Sep 17 00:00:00 2001 From: Amritanshu Sikdar Date: Fri, 19 Jul 2024 13:48:38 +0200 Subject: [PATCH 10/26] docs: Update KLM Local Test Setup Guide (#1680) fix errors in local test setup documentation add version info --- docs/developer-tutorials/local-test-setup.md | 63 +++++++++++--------- 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/docs/developer-tutorials/local-test-setup.md b/docs/developer-tutorials/local-test-setup.md index 0dfb213166..f4ef4f6c6c 100644 --- a/docs/developer-tutorials/local-test-setup.md +++ b/docs/developer-tutorials/local-test-setup.md @@ -1,5 +1,17 @@ # Local test Setup in the control-plane Mode Using k3d +> ### Supported Versions +> * Golang: `v1.22.5` +> * k3d: `v5.6.0` +> * k3s: `v1.27.4-k3s1 (default)` +> * kubectl: +> * Client Version: `v1.30.2` +> * Server Version: `v1.27.4+k3s1` +> * docker: +> * Client Version: `v26.1.4` +> * Server: `Docker Desktop v4.31.0` +> * Engine Version: `v26.1.4` + ## Context This tutorial shows how to configure a fully working e2e test setup including the following components: @@ -184,36 +196,33 @@ k3d cluster create skr-local Running Lifecycle Manager on a local machine and not on a cluster If you are running Lifecycle Manager on your local machine and not as a deployment on a cluster, use the following to create a Kyma CR and Secret: - ```shell - cat << EOF | kubectl apply -f - - --- - apiVersion: v1 - kind: Secret - metadata: - name: kyma-sample - namespace: kcp-system - labels: + ```shell + cat << EOF | kubectl apply -f - + --- + apiVersion: v1 + kind: Secret + metadata: + name: kyma-sample + namespace: kcp-system + labels: "operator.kyma-project.io/kyma-name": "kyma-sample" "operator.kyma-project.io/managed-by": "lifecycle-manager" - data: - config: $(k3d kubeconfig get skr-local | base64 | tr -d '\n') - --- - apiVersion: operator.kyma-project.io/v1beta2 - kind: Kyma - metadata: - annotations: - skr-domain: "example.domain.com" - name: kyma-sample - namespace: kcp-system - spec: - channel: regular - sync: - enabled: true - modules: - - name: template-operator - EOF + data: + config: $(k3d kubeconfig get skr-local | base64 | tr -d '\n') + --- + apiVersion: operator.kyma-project.io/v1beta2 + kind: Kyma + metadata: + annotations: + skr-domain: "example.domain.com" + name: kyma-sample + namespace: kcp-system + spec: + channel: regular + modules: + - name: template-operator + EOF ``` - ### Watcher and Module Installation Verification From d5ea47444a096f9371af18d160a3e6eb867e451e Mon Sep 17 00:00:00 2001 From: Amritanshu Sikdar Date: Fri, 19 Jul 2024 15:24:38 +0200 Subject: [PATCH 11/26] feat: Drop multiple ways to reference modules in Kyma CR (#1672) * remove module reference by namespace/name * remove module reference by objectmeta name * remove module reference by FQDN * add initial test structure * add test cases for different module reference scenarios * fix tests * update documentation * address review comments * address more review comments * fix linting issues * rearrange imports * adjust documentation --- api/v1beta2/kyma_types.go | 5 +- .../bases/operator.kyma-project.io_kymas.yaml | 10 +--- docs/technical-reference/api/kyma-cr.md | 47 ++++--------------- pkg/templatelookup/regular.go | 19 +------- .../controller/kyma/manifest_test.go | 44 +++++++++++++++-- 5 files changed, 54 insertions(+), 71 deletions(-) diff --git a/api/v1beta2/kyma_types.go b/api/v1beta2/kyma_types.go index f836bc0ecb..dff905ad65 100644 --- a/api/v1beta2/kyma_types.go +++ b/api/v1beta2/kyma_types.go @@ -61,10 +61,7 @@ type Module struct { // Name is a unique identifier of the module. // It is used to resolve a ModuleTemplate for creating a set of resources on the cluster. // - // Name can be one of 3 kinds: - // - The ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module - // - The Name or Namespace/Name of a ModuleTemplate, e.g. my-moduletemplate or kyma-system/my-moduletemplate - // - The FQDN, e.g. kyma-project.io/module/my-module as located in .spec.descriptor.component.name + // Name can only be the ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module Name string `json:"name"` // ControllerName is able to set the controller used for reconciliation of the module. It can be used diff --git a/config/crd/bases/operator.kyma-project.io_kymas.yaml b/config/crd/bases/operator.kyma-project.io_kymas.yaml index 1b2d77b66a..304b0cc8cd 100644 --- a/config/crd/bases/operator.kyma-project.io_kymas.yaml +++ b/config/crd/bases/operator.kyma-project.io_kymas.yaml @@ -90,10 +90,7 @@ spec: It is used to resolve a ModuleTemplate for creating a set of resources on the cluster. - Name can be one of 3 kinds: - - The ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module - - The Name or Namespace/Name of a ModuleTemplate, e.g. my-moduletemplate or kyma-system/my-moduletemplate - - The FQDN, e.g. kyma-project.io/module/my-module as located in .spec.descriptor.component.name + Name can only be the ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module type: string remoteModuleTemplateRef: description: |- @@ -526,10 +523,7 @@ spec: It is used to resolve a ModuleTemplate for creating a set of resources on the cluster. - Name can be one of 3 kinds: - - The ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module - - The Name or Namespace/Name of a ModuleTemplate, e.g. my-moduletemplate or kyma-system/my-moduletemplate - - The FQDN, e.g. kyma-project.io/module/my-module as located in .spec.descriptor.component.name + Name can only be the ModuleName label value of the module-template, e.g. operator.kyma-project.io/module-name=my-module type: string remoteModuleTemplateRef: description: |- diff --git a/docs/technical-reference/api/kyma-cr.md b/docs/technical-reference/api/kyma-cr.md index ddf9da8dfc..713c04248e 100644 --- a/docs/technical-reference/api/kyma-cr.md +++ b/docs/technical-reference/api/kyma-cr.md @@ -62,43 +62,16 @@ spec: name: kyma-project.io/module/sample ``` -The module mentioned above can be referenced in one of the following ways: - -* The label value of `operator.kyma-project.io/module-name`: - - ```yaml - spec: - channel: regular - modules: - - name: module-name-from-label - ``` - -* The name or namespace/name of a ModuleTemplate CR: - - ```yaml - spec: - channel: regular - modules: - - name: moduletemplate-sample - ``` - - or - - ```yaml - spec: - channel: regular - modules: - - name: default/moduletemplate-sample - ``` - -* The fully qualified name of the descriptor as located in **.spec.descriptor.component.name**: - - ```yaml - spec: - channel: regular - modules: - - name: kyma-project.io/module/sample - ``` +The module mentioned above can *only* be referenced using the label value of `operator.kyma-project.io/module-name`: +```yaml +spec: + channel: regular + modules: + - name: module-name-from-label +``` + +> **CAUTION:** +> Module referencing using NamespacedName and FQDN (Fully Qualified Domain Name) has been deprecated. ### **.spec.modules[].customResourcePolicy** diff --git a/pkg/templatelookup/regular.go b/pkg/templatelookup/regular.go index fc8c0221dc..ff58e6192d 100644 --- a/pkg/templatelookup/regular.go +++ b/pkg/templatelookup/regular.go @@ -138,7 +138,7 @@ func logUsedChannel(ctx context.Context, name string, actualChannel string, defa } func moduleMatch(moduleStatus *v1beta2.ModuleStatus, moduleName string) bool { - return moduleStatus.FQDN == moduleName || moduleStatus.Name == moduleName + return moduleStatus.Name == moduleName } // checkValidTemplateUpdate verifies if the given ModuleTemplate is valid for update and sets their IsValidUpdate Flag @@ -253,23 +253,6 @@ func (t *TemplateLookup) getTemplate(ctx context.Context, clnt client.Reader, na filteredTemplates = append(filteredTemplates, &template) continue } - if fmt.Sprintf("%s/%s", template.Namespace, template.Name) == name && - template.Spec.Channel == desiredChannel { - filteredTemplates = append(filteredTemplates, &template) - continue - } - if template.ObjectMeta.Name == name && template.Spec.Channel == desiredChannel { - filteredTemplates = append(filteredTemplates, &template) - continue - } - descriptor, err := t.descriptorProvider.GetDescriptor(&template) - if err != nil { - return nil, fmt.Errorf("invalid ModuleTemplate descriptor: %w", err) - } - if descriptor.Name == name && template.Spec.Channel == desiredChannel { - filteredTemplates = append(filteredTemplates, &template) - continue - } } if len(filteredTemplates) > 1 { diff --git a/tests/integration/controller/kyma/manifest_test.go b/tests/integration/controller/kyma/manifest_test.go index 01621d4d07..1c6bc56ffa 100644 --- a/tests/integration/controller/kyma/manifest_test.go +++ b/tests/integration/controller/kyma/manifest_test.go @@ -18,15 +18,15 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "sigs.k8s.io/controller-runtime/pkg/client" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "github.com/kyma-project/lifecycle-manager/api/shared" "github.com/kyma-project/lifecycle-manager/api/v1beta2" "github.com/kyma-project/lifecycle-manager/internal/pkg/flags" + "github.com/kyma-project/lifecycle-manager/pkg/templatelookup" + "github.com/kyma-project/lifecycle-manager/pkg/testutils/builder" . "github.com/kyma-project/lifecycle-manager/pkg/testutils" - "github.com/kyma-project/lifecycle-manager/pkg/testutils/builder" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) const ( @@ -329,6 +329,42 @@ var _ = Describe("Test Reconciliation Skip label for Manifest", Ordered, func() }) }) +var _ = Describe("Modules can only be referenced via module name", Ordered, func() { + kyma := NewTestKyma("random-kyma") + + moduleReferencedWithLabel := NewTestModuleWithFixName("random-module", v1beta2.DefaultChannel) + moduleReferencedWithNamespacedName := NewTestModuleWithFixName( + v1beta2.DefaultChannel+shared.Separator+"random-module", v1beta2.DefaultChannel) + moduleReferencedWithFQDN := NewTestModuleWithFixName("kyma-project.io/module/"+"random-module", v1beta2.DefaultChannel) + + kyma.Spec.Modules = append(kyma.Spec.Modules, moduleReferencedWithLabel) + RegisterDefaultLifecycleForKyma(kyma) + + Context("When operator is referenced just by the label name", func() { + It("returns the expected operator", func() { + moduleTemplate, err := GetModuleTemplate(ctx, kcpClient, moduleReferencedWithLabel, kyma.Spec.Channel) + Expect(err).ToNot(HaveOccurred()) + + foundModuleName := moduleTemplate.Labels[shared.ModuleName] + Expect(foundModuleName).To(Equal(moduleReferencedWithLabel.Name)) + }) + }) + + Context("When operator is referenced by Namespace/Name", func() { + It("cannot find the operator", func() { + _, err := GetModuleTemplate(ctx, kcpClient, moduleReferencedWithNamespacedName, kyma.Spec.Channel) + Expect(err.Error()).Should(ContainSubstring(templatelookup.ErrNoTemplatesInListResult.Error())) + }) + }) + + Context("When operator is referenced by FQDN", func() { + It("cannot find the operator", func() { + _, err := GetModuleTemplate(ctx, kcpClient, moduleReferencedWithFQDN, kyma.Spec.Channel) + Expect(err.Error()).Should(ContainSubstring(templatelookup.ErrNoTemplatesInListResult.Error())) + }) + }) +}) + func findRawManifestResource(reslist []compdesc.Resource) *compdesc.Resource { for _, r := range reslist { if r.Name == v1beta2.RawManifestLayerName { From ba2737464efdb9365cf7510ac4de981ba03fee7d Mon Sep 17 00:00:00 2001 From: Nesma Badr Date: Mon, 22 Jul 2024 11:46:40 +0200 Subject: [PATCH 12/26] chore: Configure different requeue intervals for Manifest reconciliation (#1690) * Add different requeue intervals for Manifest reconciliation * Empty-Commit * code review comments --- cmd/main.go | 4 +- internal/declarative/v2/reconciler.go | 41 ++++++++----------- internal/pkg/flags/flags.go | 15 +++++++ internal/pkg/flags/flags_test.go | 15 +++++++ pkg/queue/requeue_intervals.go | 6 +-- .../custom_resource_check/suite_test.go | 2 + .../controller/manifest/suite_test.go | 5 ++- 7 files changed, 59 insertions(+), 29 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index c1ba929591..45ad9ae23b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -400,7 +400,9 @@ func setupManifestReconciler(mgr ctrl.Manager, flagVar *flags.FlagVar, options c if err := manifest.SetupWithManager( mgr, options, queue.RequeueIntervals{ Success: flagVar.ManifestRequeueSuccessInterval, - Busy: flagVar.KymaRequeueBusyInterval, + Busy: flagVar.ManifestRequeueBusyInterval, + Error: flagVar.ManifestRequeueErrInterval, + Warning: flagVar.ManifestRequeueWarningInterval, }, manifest.SetupOptions{ ListenerAddr: flagVar.ManifestListenerAddr, EnableDomainNameVerification: flagVar.EnableDomainNameVerification, diff --git a/internal/declarative/v2/reconciler.go b/internal/declarative/v2/reconciler.go index 91de58d41b..f7d93cb2d2 100644 --- a/internal/declarative/v2/reconciler.go +++ b/internal/declarative/v2/reconciler.go @@ -179,7 +179,8 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu return r.finishReconcile(ctx, manifest, metrics.ManifestRenderResources, manifestStatus, err) } - if err := r.pruneDiff(ctx, skrClient, manifest, current, target, spec); errors.Is(err, resources.ErrDeletionNotFinished) { + if err := r.pruneDiff(ctx, skrClient, manifest, current, target, spec); errors.Is(err, + resources.ErrDeletionNotFinished) { r.ManifestMetrics.RecordRequeueReason(metrics.ManifestPruneDiffNotFinished, queue.IntendedRequeue) return ctrl.Result{Requeue: true}, nil } else if err != nil { @@ -219,8 +220,8 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu return r.finishReconcile(ctx, manifest, metrics.ManifestReconcileFinished, manifestStatus, nil) } -func (r *Reconciler) cleanupManifest(ctx context.Context, req ctrl.Request, manifest *v1beta2.Manifest, manifestStatus shared.Status, - requeueReason metrics.ManifestRequeueReason, originalErr error, +func (r *Reconciler) cleanupManifest(ctx context.Context, req ctrl.Request, manifest *v1beta2.Manifest, + manifestStatus shared.Status, requeueReason metrics.ManifestRequeueReason, originalErr error, ) (ctrl.Result, error) { r.ManifestMetrics.RemoveManifestDuration(req.Name) r.cleanUpMandatoryModuleMetrics(manifest) @@ -299,10 +300,7 @@ func (r *Reconciler) initialize(manifest *v1beta2.Manifest) error { return nil } -func (r *Reconciler) renderResources( - ctx context.Context, - skrClient Client, - manifest *v1beta2.Manifest, +func (r *Reconciler) renderResources(ctx context.Context, skrClient Client, manifest *v1beta2.Manifest, spec *Spec, ) ([]*resource.Info, []*resource.Info, error) { resourceCondition := newResourcesCondition(manifest) @@ -392,9 +390,9 @@ func hasDiff(oldResources []shared.Resource, newResources []shared.Resource) boo return false } -func (r *Reconciler) checkDeploymentState( - ctx context.Context, clnt Client, target []*resource.Info, -) (shared.State, error) { +func (r *Reconciler) checkDeploymentState(ctx context.Context, clnt Client, target []*resource.Info) (shared.State, + error, +) { resourceReadyCheck := r.CustomReadyCheck deploymentState, err := resourceReadyCheck.Run(ctx, clnt, target) @@ -448,12 +446,8 @@ func (r *Reconciler) removeModuleCR(ctx context.Context, clnt Client, manifest * return nil } -func (r *Reconciler) renderTargetResources( - ctx context.Context, - skrClient client.Client, - converter ResourceToInfoConverter, - manifest *v1beta2.Manifest, - spec *Spec, +func (r *Reconciler) renderTargetResources(ctx context.Context, skrClient client.Client, + converter ResourceToInfoConverter, manifest *v1beta2.Manifest, spec *Spec, ) ([]*resource.Info, error) { if !manifest.GetDeletionTimestamp().IsZero() { deleted, err := checkCRDeletion(ctx, skrClient, manifest) @@ -515,12 +509,8 @@ func checkCRDeletion(ctx context.Context, skrClient client.Client, manifest *v1b return false, nil } -func (r *Reconciler) pruneDiff( - ctx context.Context, - clnt Client, - manifest *v1beta2.Manifest, - current, target []*resource.Info, - spec *Spec, +func (r *Reconciler) pruneDiff(ctx context.Context, clnt Client, manifest *v1beta2.Manifest, + current, target []*resource.Info, spec *Spec, ) error { diff, err := pruneResource(ResourceList(current).Difference(target), "Namespace", namespaceNotBeRemoved) if err != nil { @@ -652,10 +642,13 @@ func (r *Reconciler) finishReconcile(ctx context.Context, manifest *v1beta2.Mani return ctrl.Result{}, originalErr } r.ManifestMetrics.RecordRequeueReason(requeueReason, queue.IntendedRequeue) - return ctrl.Result{RequeueAfter: r.Success}, nil + requeueAfter := queue.DetermineRequeueInterval(manifest.GetStatus().State, r.RequeueIntervals) + return ctrl.Result{RequeueAfter: requeueAfter}, nil } -func (r *Reconciler) patchStatusIfDiffExist(ctx context.Context, manifest *v1beta2.Manifest, previousStatus shared.Status) error { +func (r *Reconciler) patchStatusIfDiffExist(ctx context.Context, manifest *v1beta2.Manifest, + previousStatus shared.Status, +) error { if hasStatusDiff(manifest.GetStatus(), previousStatus) { resetNonPatchableField(manifest) if err := r.Status().Patch(ctx, manifest, client.Apply, client.ForceOwnership, defaultFieldOwner); err != nil { diff --git a/internal/pkg/flags/flags.go b/internal/pkg/flags/flags.go index 374cda47cd..8e2c327ce6 100644 --- a/internal/pkg/flags/flags.go +++ b/internal/pkg/flags/flags.go @@ -16,6 +16,9 @@ const ( DefaultKymaRequeueWarningInterval = 30 * time.Second DefaultKymaRequeueBusyInterval = 5 * time.Second DefaultManifestRequeueSuccessInterval = 30 * time.Second + DefaultManifestRequeueErrInterval = 2 * time.Second + DefaultManifestRequeueWarningInterval = 30 * time.Second + DefaultManifestRequeueBusyInterval = 5 * time.Second DefaultMandatoryModuleRequeueSuccessInterval = 30 * time.Second DefaultMandatoryModuleDeletionRequeueSuccessInterval = 30 * time.Second DefaultWatcherRequeueSuccessInterval = 30 * time.Second @@ -119,6 +122,15 @@ func DefineFlagVar() *FlagVar { flag.DurationVar(&flagVar.ManifestRequeueSuccessInterval, "manifest-requeue-success-interval", DefaultManifestRequeueSuccessInterval, "determines the duration a Manifest in Ready state is enqueued for reconciliation.") + flag.DurationVar(&flagVar.ManifestRequeueErrInterval, "manifest-requeue-error-interval", + DefaultManifestRequeueErrInterval, + "determines the duration a Manifest in Error state is enqueued for reconciliation.") + flag.DurationVar(&flagVar.ManifestRequeueWarningInterval, "manifest-requeue-warning-interval", + DefaultManifestRequeueWarningInterval, + "determines the duration a Manifest in Warning state is enqueued for reconciliation.") + flag.DurationVar(&flagVar.ManifestRequeueBusyInterval, "manifest-requeue-busy-interval", + DefaultManifestRequeueBusyInterval, + "determines the duration a Manifest in Processing state is enqueued for reconciliation.") flag.DurationVar(&flagVar.MandatoryModuleDeletionRequeueSuccessInterval, "mandatory-module-deletion-requeue-success-interval", DefaultMandatoryModuleDeletionRequeueSuccessInterval, @@ -230,6 +242,9 @@ type FlagVar struct { KymaRequeueBusyInterval time.Duration KymaRequeueWarningInterval time.Duration ManifestRequeueSuccessInterval time.Duration + ManifestRequeueErrInterval time.Duration + ManifestRequeueBusyInterval time.Duration + ManifestRequeueWarningInterval time.Duration WatcherRequeueSuccessInterval time.Duration MandatoryModuleRequeueSuccessInterval time.Duration MandatoryModuleDeletionRequeueSuccessInterval time.Duration diff --git a/internal/pkg/flags/flags_test.go b/internal/pkg/flags/flags_test.go index 706d029974..8f34ec5364 100644 --- a/internal/pkg/flags/flags_test.go +++ b/internal/pkg/flags/flags_test.go @@ -43,6 +43,21 @@ func Test_ConstantFlags(t *testing.T) { constValue: DefaultManifestRequeueSuccessInterval.String(), expectedValue: (30 * time.Second).String(), }, + { + constName: "DefaultManifestRequeueErrInterval", + constValue: DefaultManifestRequeueErrInterval.String(), + expectedValue: (2 * time.Second).String(), + }, + { + constName: "DefaultManifestRequeueWarningInterval", + constValue: DefaultManifestRequeueWarningInterval.String(), + expectedValue: (30 * time.Second).String(), + }, + { + constName: "DefaultManifestRequeueBusyInterval", + constValue: DefaultManifestRequeueBusyInterval.String(), + expectedValue: (5 * time.Second).String(), + }, { constName: "DefaultMandatoryModuleRequeueSuccessInterval", constValue: DefaultMandatoryModuleRequeueSuccessInterval.String(), diff --git a/pkg/queue/requeue_intervals.go b/pkg/queue/requeue_intervals.go index 1b91a78a92..1eeb8d77e7 100644 --- a/pkg/queue/requeue_intervals.go +++ b/pkg/queue/requeue_intervals.go @@ -18,13 +18,13 @@ func DetermineRequeueInterval(state shared.State, intervals RequeueIntervals) ti case shared.StateError: return intervals.Error case shared.StateDeleting: - fallthrough + return intervals.Busy case shared.StateProcessing: return intervals.Busy - case shared.StateReady: - fallthrough case shared.StateWarning: return intervals.Warning + case shared.StateReady: + return intervals.Success default: return intervals.Success } diff --git a/tests/integration/controller/manifest/custom_resource_check/suite_test.go b/tests/integration/controller/manifest/custom_resource_check/suite_test.go index 39ae7f4576..9c1fcdb5c8 100644 --- a/tests/integration/controller/manifest/custom_resource_check/suite_test.go +++ b/tests/integration/controller/manifest/custom_resource_check/suite_test.go @@ -138,7 +138,9 @@ var _ = BeforeSuite(func() { extractor := manifest.NewPathExtractor(nil) reconciler = declarativev2.NewFromManager(mgr, queue.RequeueIntervals{ Success: 1 * time.Second, + Busy: 1 * time.Second, Error: 1 * time.Second, + Warning: 1 * time.Second, }, metrics.NewManifestMetrics(metrics.NewSharedMetrics()), metrics.NewMandatoryModulesMetrics(), manifest.NewSpecResolver(kcp.Client, extractor), diff --git a/tests/integration/controller/manifest/suite_test.go b/tests/integration/controller/manifest/suite_test.go index f8ce48125e..03aac994ce 100644 --- a/tests/integration/controller/manifest/suite_test.go +++ b/tests/integration/controller/manifest/suite_test.go @@ -134,7 +134,10 @@ var _ = BeforeSuite(func() { kcp := &declarativev2.ClusterInfo{Config: cfg, Client: kcpClient} extractor := manifest.NewPathExtractor(nil) reconciler = declarativev2.NewFromManager(mgr, queue.RequeueIntervals{ - Success: 1 * time.Second, Busy: 1 * time.Second, + Success: 1 * time.Second, + Busy: 1 * time.Second, + Error: 1 * time.Second, + Warning: 1 * time.Second, }, metrics.NewManifestMetrics(metrics.NewSharedMetrics()), metrics.NewMandatoryModulesMetrics(), manifest.NewSpecResolver(kcp.Client, extractor), From a3af93e8b635d59f3cb3bb21f6eb14b12fbecf66 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner <50365642+lindnerby@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:38:39 +0200 Subject: [PATCH 13/26] chore: Bump k8s deps (#1703) * chore: Bump k8s deps * retrigger jobs * bump api folder as well --------- Co-authored-by: Nesma Badr --- api/go.mod | 2 +- api/go.sum | 4 ++-- go.mod | 20 ++++++++++---------- go.sum | 40 ++++++++++++++++++++-------------------- 4 files changed, 33 insertions(+), 33 deletions(-) diff --git a/api/go.mod b/api/go.mod index 261b578a8d..250ed799eb 100644 --- a/api/go.mod +++ b/api/go.mod @@ -5,7 +5,7 @@ go 1.22.4 require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/open-component-model/ocm v0.11.0 - k8s.io/apimachinery v0.30.2 + k8s.io/apimachinery v0.30.3 sigs.k8s.io/controller-runtime v0.18.4 ) diff --git a/api/go.sum b/api/go.sum index 671718c1ae..a1d22d3099 100644 --- a/api/go.sum +++ b/api/go.sum @@ -1052,8 +1052,8 @@ k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= diff --git a/go.mod b/go.mod index 6bd336fd4c..d7a9b4b03f 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/go-logr/logr v1.4.2 github.com/go-logr/zapr v1.3.0 github.com/golang/mock v1.6.0 - github.com/google/go-containerregistry v0.20.0 + github.com/google/go-containerregistry v0.20.1 github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20231202142526-55ffb0092afd github.com/jellydator/ttlcache/v3 v3.2.0 github.com/kyma-project/lifecycle-manager/api v0.0.0-00010101000000-000000000000 @@ -29,20 +29,20 @@ require ( ) require ( - istio.io/api v1.22.2 - istio.io/client-go v1.22.2 + istio.io/api v1.22.3 + istio.io/client-go v1.22.3 ) require ( github.com/go-co-op/gocron v1.37.0 github.com/kyma-project/template-operator/api v0.0.0-20240404131948-52c84f14e73c github.com/prometheus/client_model v0.6.1 - k8s.io/api v0.30.2 - k8s.io/apiextensions-apiserver v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/cli-runtime v0.30.2 - k8s.io/client-go v0.30.2 - k8s.io/kubectl v0.30.2 + k8s.io/api v0.30.3 + k8s.io/apiextensions-apiserver v0.30.3 + k8s.io/apimachinery v0.30.3 + k8s.io/cli-runtime v0.30.3 + k8s.io/client-go v0.30.3 + k8s.io/kubectl v0.30.3 ) require ( @@ -319,7 +319,7 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect helm.sh/helm/v3 v3.15.1 // indirect - k8s.io/component-base v0.30.2 // indirect + k8s.io/component-base v0.30.3 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect oras.land/oras-go v1.2.5 // indirect diff --git a/go.sum b/go.sum index b153808eea..64035e7e5f 100644 --- a/go.sum +++ b/go.sum @@ -467,8 +467,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg= -github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.20.1 h1:eTgx9QNYugV4DN5mz4U8hiAGTi1ybXn0TPi4Smd8du0= +github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20231202142526-55ffb0092afd h1:RkbnRtHTdBpYmp0Simm3fDUTYNVbmX4aVwdgflHLfdg= github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20231202142526-55ffb0092afd/go.mod h1:5sSbf/SbGGvjWIlMlt2bkEqOq+ufOIBYrBevLuxbfSs= github.com/google/go-github/v45 v45.2.0 h1:5oRLszbrkvxDDqBCNj2hjDZMKmvexaZ1xw/FCD+K3FI= @@ -1214,28 +1214,28 @@ helm.sh/helm/v3 v3.15.1 h1:22ztacHz4gMqhXNqCQ9NAg6BFWoRUryNLvnkz6OVyw0= helm.sh/helm/v3 v3.15.1/go.mod h1:fvfoRcB8UKRUV5jrIfOTaN/pG1TPhuqSb56fjYdTKXg= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -istio.io/api v1.22.2 h1:b02rTNfbnsEK2HMH/kfuXHTzovSmqcL5cAj2TSklPcQ= -istio.io/api v1.22.2/go.mod h1:S3l8LWqNYS9yT+d4bH+jqzH2lMencPkW7SKM1Cu9EyM= -istio.io/client-go v1.22.2 h1:BiE7itlXFTHpZwOv0t2aZQGga7oCox8lYOdaYbyWNEo= -istio.io/client-go v1.22.2/go.mod h1:Fxt0tVZLXQRKyrBv7uwm4zCZE0qayejG0bSwZy9K6Hg= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= -k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE= -k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= -k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII= -k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE= +istio.io/api v1.22.3 h1:V59wgcCm2fK2r137QBsddCDHNg0efg/DauIWEB9DFz8= +istio.io/api v1.22.3/go.mod h1:S3l8LWqNYS9yT+d4bH+jqzH2lMencPkW7SKM1Cu9EyM= +istio.io/client-go v1.22.3 h1:4WocGQYVTASpfn7tj1yGE8f0sgxzbxOkg56HX1LJQ5U= +istio.io/client-go v1.22.3/go.mod h1:D/vNne1n5586423NgGXMnPgshE/99mQgnjnxK/Vw2yM= +k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= +k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= +k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= +k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/cli-runtime v0.30.3 h1:aG69oRzJuP2Q4o8dm+f5WJIX4ZBEwrvdID0+MXyUY6k= +k8s.io/cli-runtime v0.30.3/go.mod h1:hwrrRdd9P84CXSKzhHxrOivAR9BRnkMt0OeP5mj7X30= +k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= +k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= +k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= +k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= -k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8= -k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4= +k8s.io/kubectl v0.30.3 h1:YIBBvMdTW0xcDpmrOBzcpUVsn+zOgjMYIu7kAq+yqiI= +k8s.io/kubectl v0.30.3/go.mod h1:IcR0I9RN2+zzTRUa1BzZCm4oM0NLOawE6RzlDvd1Fpo= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= From dc7ae44a6b6a579adee7d478880ec2cc47b9fef8 Mon Sep 17 00:00:00 2001 From: Xin Ruan Date: Thu, 25 Jul 2024 08:26:03 +0200 Subject: [PATCH 14/26] fix: Manifest CR should update by moduletemplate generation changes (#1702) * when moduletemplate generation updated, then manifest CR should also updated. * refactor regular_test.go --------- Co-authored-by: Benjamin Lindner <50365642+lindnerby@users.noreply.github.com> --- internal/descriptor/cache/key.go | 3 +- internal/descriptor/cache/key_test.go | 11 +- pkg/module/sync/runner.go | 45 ++- pkg/module/sync/runner_test.go | 86 +++++- pkg/templatelookup/regular.go | 176 +++++------ pkg/templatelookup/regular_test.go | 380 ++++++++++++++++++++++++ pkg/testutils/builder/kyma.go | 18 ++ pkg/testutils/builder/moduletemplate.go | 10 +- unit-test-coverage.yaml | 1 + 9 files changed, 600 insertions(+), 130 deletions(-) create mode 100644 pkg/templatelookup/regular_test.go diff --git a/internal/descriptor/cache/key.go b/internal/descriptor/cache/key.go index 500c197e8c..643dee5742 100644 --- a/internal/descriptor/cache/key.go +++ b/internal/descriptor/cache/key.go @@ -16,7 +16,8 @@ func GenerateDescriptorKey(template *v1beta2.ModuleTemplate) DescriptorKey { moduleVersion := template.Annotations[shared.ModuleVersionAnnotation] _, err := semver.NewVersion(moduleVersion) if moduleVersion != "" && err == nil { - return DescriptorKey(fmt.Sprintf("%s:%s:%s", template.Name, template.Spec.Channel, moduleVersion)) + return DescriptorKey(fmt.Sprintf("%s:%s:%d:%s", template.Name, template.Spec.Channel, template.Generation, + moduleVersion)) } } diff --git a/internal/descriptor/cache/key_test.go b/internal/descriptor/cache/key_test.go index c40dff7672..1261dd1d69 100644 --- a/internal/descriptor/cache/key_test.go +++ b/internal/descriptor/cache/key_test.go @@ -18,16 +18,17 @@ func TestGenerateDescriptorCacheKey(t *testing.T) { want cache.DescriptorKey }{ { - name: "Annotations is not nil and valid semver", + name: "ModuleVersionAnnotation is not nil and valid semver", template: builder.NewModuleTemplateBuilder(). WithName("name"). WithAnnotation(shared.ModuleVersionAnnotation, "1.0.0"). WithChannel("channel"). + WithGeneration(1). Build(), - want: "name:channel:1.0.0", + want: "name:channel:1:1.0.0", }, { - name: "Annotations is not nil but invalid semver", + name: "ModuleVersionAnnotation is not nil but invalid semver", template: builder.NewModuleTemplateBuilder(). WithName("name"). WithGeneration(1). @@ -37,7 +38,7 @@ func TestGenerateDescriptorCacheKey(t *testing.T) { want: "name:channel:1", }, { - name: "Annotations is not nil but module version is empty", + name: "ModuleVersionAnnotation is not nil but module version is empty", template: builder.NewModuleTemplateBuilder(). WithName("name"). WithGeneration(2). @@ -47,7 +48,7 @@ func TestGenerateDescriptorCacheKey(t *testing.T) { want: "name:channel:2", }, { - name: "Annotations is nil", + name: "ModuleVersionAnnotation is nil", template: builder.NewModuleTemplateBuilder(). WithName("name"). WithGeneration(3). diff --git a/pkg/module/sync/runner.go b/pkg/module/sync/runner.go index 3bfe8f070c..67128b563c 100644 --- a/pkg/module/sync/runner.go +++ b/pkg/module/sync/runner.go @@ -54,6 +54,11 @@ func (r *Runner) ReconcileManifests(ctx context.Context, kyma *v1beta2.Kyma, results := make(chan error, len(modules)) for _, module := range modules { go func(module *common.Module) { + // Should not happen, but in case of NPE, we should stop process further. + if module.Template == nil { + results <- nil + return + } // Due to module template visibility change, some module previously deployed should be removed. if errors.Is(module.Template.Err, templatelookup.ErrTemplateNotAllowed) { results <- r.deleteManifest(ctx, module) @@ -111,7 +116,7 @@ func (r *Runner) updateManifest(ctx context.Context, kyma *v1beta2.Kyma, } moduleStatus := kyma.GetModuleStatusMap()[module.ModuleName] - if err := r.doUpdateWithStrategy(ctx, kyma.Labels[shared.ManagedBy], module.Enabled, + if err := r.doUpdateWithStrategy(ctx, kyma.Labels[shared.ManagedBy], module, manifestObj, moduleStatus); err != nil { return err } @@ -119,7 +124,7 @@ func (r *Runner) updateManifest(ctx context.Context, kyma *v1beta2.Kyma, return nil } -func (r *Runner) doUpdateWithStrategy(ctx context.Context, owner string, isEnabledModule bool, +func (r *Runner) doUpdateWithStrategy(ctx context.Context, owner string, module *common.Module, manifestObj *v1beta2.Manifest, kymaModuleStatus *v1beta2.ModuleStatus, ) error { manifestInCluster := &v1beta2.Manifest{} @@ -133,12 +138,12 @@ func (r *Runner) doUpdateWithStrategy(ctx context.Context, owner string, isEnabl manifestInCluster = nil } - if !NeedToUpdate(manifestInCluster, manifestObj, kymaModuleStatus) { + if !NeedToUpdate(manifestInCluster, manifestObj, kymaModuleStatus, module.Template.GetGeneration()) { // Point to the current state from the cluster for the outside sync of the manifest *manifestObj = *manifestInCluster return nil } - if isEnabledModule { + if module.Enabled { return r.patchManifest(ctx, owner, manifestObj) } // For disabled module, the manifest CR is under deleting, in this case, we only update the spec when it's still not deleted. @@ -174,11 +179,15 @@ func (r *Runner) updateAvailableManifestSpec(ctx context.Context, manifestObj *v return nil } -func NeedToUpdate(manifestInCluster, manifestObj *v1beta2.Manifest, moduleStatus *v1beta2.ModuleStatus) bool { +func NeedToUpdate(manifestInCluster, manifestObj *v1beta2.Manifest, moduleStatus *v1beta2.ModuleStatus, + moduleTemplateGeneration int64, +) bool { if manifestInCluster == nil || moduleStatus == nil { // moduleStatus is nil in case of mandatory module return true } - + if moduleStatus.Template != nil && moduleStatus.Template.GetGeneration() != moduleTemplateGeneration { + return true + } return manifestObj.Spec.Version != moduleStatus.Version || manifestObj.Labels[shared.ChannelLabel] != moduleStatus.Channel || moduleStatus.State != manifestInCluster.Status.State @@ -263,8 +272,12 @@ func generateModuleStatus(module *common.Module, existStatus *v1beta2.ModuleStat moduleCRAPIVersion, moduleCRKind := manifestObject.Spec.Resource. GetObjectKind().GroupVersionKind().ToAPIVersionAndKind() moduleResource = &v1beta2.TrackingObject{ - PartialMeta: v1beta2.PartialMetaFromObject(manifestObject.Spec.Resource), - TypeMeta: apimetav1.TypeMeta{Kind: moduleCRKind, APIVersion: moduleCRAPIVersion}, + PartialMeta: v1beta2.PartialMeta{ + Name: manifestObject.Spec.Resource.GetName(), + Namespace: manifestObject.Spec.Resource.GetNamespace(), + Generation: manifestObject.Spec.Resource.GetGeneration(), + }, + TypeMeta: apimetav1.TypeMeta{Kind: moduleCRKind, APIVersion: moduleCRAPIVersion}, } if module.Template.Annotations[shared.IsClusterScopedAnnotation] == shared.EnableLabelValue { @@ -279,12 +292,20 @@ func generateModuleStatus(module *common.Module, existStatus *v1beta2.ModuleStat Channel: module.Template.Spec.Channel, Version: manifestObject.Spec.Version, Manifest: &v1beta2.TrackingObject{ - PartialMeta: v1beta2.PartialMetaFromObject(manifestObject), - TypeMeta: apimetav1.TypeMeta{Kind: manifestKind, APIVersion: manifestAPIVersion}, + PartialMeta: v1beta2.PartialMeta{ + Name: manifestObject.GetName(), + Namespace: manifestObject.GetNamespace(), + Generation: manifestObject.GetGeneration(), + }, + TypeMeta: apimetav1.TypeMeta{Kind: manifestKind, APIVersion: manifestAPIVersion}, }, Template: &v1beta2.TrackingObject{ - PartialMeta: v1beta2.PartialMetaFromObject(module.Template), - TypeMeta: apimetav1.TypeMeta{Kind: templateKind, APIVersion: templateAPIVersion}, + PartialMeta: v1beta2.PartialMeta{ + Name: module.Template.GetName(), + Namespace: module.Template.GetNamespace(), + Generation: module.Template.GetGeneration(), + }, + TypeMeta: apimetav1.TypeMeta{Kind: templateKind, APIVersion: templateAPIVersion}, }, Resource: moduleResource, } diff --git a/pkg/module/sync/runner_test.go b/pkg/module/sync/runner_test.go index e5754b6680..2784c3de95 100644 --- a/pkg/module/sync/runner_test.go +++ b/pkg/module/sync/runner_test.go @@ -191,10 +191,13 @@ func configureModuleInKyma( func TestNeedToUpdate(t *testing.T) { type args struct { - manifestInCluster *v1beta2.Manifest - manifestObj *v1beta2.Manifest - moduleStatus *v1beta2.ModuleStatus + manifestInCluster *v1beta2.Manifest + manifestObj *v1beta2.Manifest + moduleStatus *v1beta2.ModuleStatus + templateGeneration int64 } + const trackedModuleTemplateGeneration = 1 + const updatedModuleTemplateGeneration = 2 tests := []struct { name string args args @@ -202,7 +205,7 @@ func TestNeedToUpdate(t *testing.T) { }{ { "When manifest in cluster is nil, expect need to update", - args{nil, &v1beta2.Manifest{}, &v1beta2.ModuleStatus{}}, + args{nil, &v1beta2.Manifest{}, &v1beta2.ModuleStatus{}, trackedModuleTemplateGeneration}, true, }, { @@ -214,7 +217,17 @@ func TestNeedToUpdate(t *testing.T) { Labels: map[string]string{shared.ChannelLabel: "regular"}, }, Spec: v1beta2.ManifestSpec{Version: "0.2"}, - }, &v1beta2.ModuleStatus{Version: "0.1", Channel: "regular"}, + }, + &v1beta2.ModuleStatus{ + Version: "0.1", + Channel: "regular", + Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: trackedModuleTemplateGeneration, + }, + }, + }, + trackedModuleTemplateGeneration, }, true, }, @@ -227,18 +240,33 @@ func TestNeedToUpdate(t *testing.T) { Labels: map[string]string{shared.ChannelLabel: "fast"}, }, Spec: v1beta2.ManifestSpec{Version: "0.1"}, - }, &v1beta2.ModuleStatus{Version: "0.1", Channel: "regular"}, + }, &v1beta2.ModuleStatus{ + Version: "0.1", Channel: "regular", Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: trackedModuleTemplateGeneration, + }, + }, + }, + trackedModuleTemplateGeneration, }, true, }, { "When cluster Manifest in divergent state, expect need to update", args{ - &v1beta2.Manifest{Status: shared.Status{ - State: "Warning", - }}, + &v1beta2.Manifest{ + Status: shared.Status{ + State: "Warning", + }, + }, &v1beta2.Manifest{}, - &v1beta2.ModuleStatus{State: "Ready"}, + &v1beta2.ModuleStatus{ + State: "Ready", Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: trackedModuleTemplateGeneration, + }, + }, + }, trackedModuleTemplateGeneration, }, true, }, @@ -257,14 +285,48 @@ func TestNeedToUpdate(t *testing.T) { }, Spec: v1beta2.ManifestSpec{Version: "0.1"}, }, - &v1beta2.ModuleStatus{State: "Ready", Version: "0.1", Channel: "regular"}, + &v1beta2.ModuleStatus{ + State: "Ready", Version: "0.1", Channel: "regular", Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: trackedModuleTemplateGeneration, + }, + }, + }, trackedModuleTemplateGeneration, }, false, }, + { + "When moduleTemplate Generation updated, expect update", + args{ + &v1beta2.Manifest{ + Status: shared.Status{ + State: "Ready", + }, + Spec: v1beta2.ManifestSpec{Version: "0.1"}, + }, + &v1beta2.Manifest{ + ObjectMeta: apimetav1.ObjectMeta{ + Labels: map[string]string{shared.ChannelLabel: "regular"}, + }, + Spec: v1beta2.ManifestSpec{Version: "0.1"}, + }, + &v1beta2.ModuleStatus{ + State: "Ready", Version: "0.1", Channel: "regular", Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: trackedModuleTemplateGeneration, + }, + }, + }, updatedModuleTemplateGeneration, + }, + true, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - assert.Equalf(t, tt.want, sync.NeedToUpdate(tt.args.manifestInCluster, tt.args.manifestObj, tt.args.moduleStatus), "needToUpdate(%v, %v, %v)", tt.args.manifestInCluster, tt.args.manifestObj, tt.args.moduleStatus) + assert.Equalf(t, tt.want, sync.NeedToUpdate(tt.args.manifestInCluster, tt.args.manifestObj, + tt.args.moduleStatus, tt.args.templateGeneration), "needToUpdate(%v, %v, %v)", + tt.args.manifestInCluster, tt.args.manifestObj, + tt.args.moduleStatus) }) } } diff --git a/pkg/templatelookup/regular.go b/pkg/templatelookup/regular.go index ff58e6192d..53a5c99610 100644 --- a/pkg/templatelookup/regular.go +++ b/pkg/templatelookup/regular.go @@ -51,54 +51,56 @@ func (t *TemplateLookup) GetRegularTemplates(ctx context.Context, kyma *v1beta2. if found { continue } - template := t.GetAndValidate(ctx, module.Name, module.Channel, kyma.Spec.Channel) - if template.Err != nil { - templates[module.Name] = &template + templateInfo := t.GetAndValidate(ctx, module.Name, module.Channel, kyma.Spec.Channel) + templateInfo = ValidateTemplateMode(templateInfo, kyma) + if templateInfo.Err != nil { + templates[module.Name] = &templateInfo continue } - if err := t.descriptorProvider.Add(template.ModuleTemplate); err != nil { - template.Err = fmt.Errorf("failed to get descriptor: %w", err) - } - - templates[module.Name] = &template - } - - for moduleName, moduleTemplate := range templates { - if moduleTemplate.Err != nil { + if err := t.descriptorProvider.Add(templateInfo.ModuleTemplate); err != nil { + templateInfo.Err = fmt.Errorf("failed to get descriptor: %w", err) + templates[module.Name] = &templateInfo continue } - - if moduleTemplate.IsInternal() && !kyma.IsInternal() { - moduleTemplate.Err = fmt.Errorf("%w: internal module", ErrTemplateNotAllowed) - templates[moduleName] = moduleTemplate - } - if moduleTemplate.IsBeta() && !kyma.IsBeta() { - moduleTemplate.Err = fmt.Errorf("%w: beta module", ErrTemplateNotAllowed) - templates[moduleName] = moduleTemplate - } - } - - for moduleName, moduleTemplate := range templates { - template := moduleTemplate for i := range kyma.Status.Modules { moduleStatus := &kyma.Status.Modules[i] - if moduleMatch(moduleStatus, moduleName) && template.ModuleTemplate != nil { - t.checkValidTemplateUpdate(ctx, template, moduleStatus) + if moduleMatch(moduleStatus, module.Name) { + descriptor, err := t.descriptorProvider.GetDescriptor(templateInfo.ModuleTemplate) + if err != nil { + msg := "could not handle channel skew as descriptor from template cannot be fetched" + templateInfo.Err = fmt.Errorf("%w: %s", ErrTemplateUpdateNotAllowed, msg) + continue + } + markInvalidChannelSkewUpdate(ctx, &templateInfo, moduleStatus, descriptor.Version) } } - templates[moduleName] = template + templates[module.Name] = &templateInfo } - return templates } +func ValidateTemplateMode(template ModuleTemplateInfo, kyma *v1beta2.Kyma) ModuleTemplateInfo { + if template.Err != nil { + return template + } + if template.IsInternal() && !kyma.IsInternal() { + template.Err = fmt.Errorf("%w: internal module", ErrTemplateNotAllowed) + return template + } + if template.IsBeta() && !kyma.IsBeta() { + template.Err = fmt.Errorf("%w: beta module", ErrTemplateNotAllowed) + return template + } + return template +} + func (t *TemplateLookup) GetAndValidate(ctx context.Context, name, channel, defaultChannel string) ModuleTemplateInfo { desiredChannel := getDesiredChannel(channel, defaultChannel) info := ModuleTemplateInfo{ DesiredChannel: desiredChannel, } - template, err := t.getTemplate(ctx, t, name, desiredChannel) + template, err := t.getTemplate(ctx, name, desiredChannel) if err != nil { info.Err = err return info @@ -141,85 +143,67 @@ func moduleMatch(moduleStatus *v1beta2.ModuleStatus, moduleName string) bool { return moduleStatus.Name == moduleName } -// checkValidTemplateUpdate verifies if the given ModuleTemplate is valid for update and sets their IsValidUpdate Flag -// based on provided Modules, provided by the Cluster as a status of the last known module state. -// It does this by looking into selected key properties: -// 1. If the generation of ModuleTemplate changes, it means the spec is outdated -// 2. If the channel of ModuleTemplate changes, it means the kyma has an old reference to a previous channel. -func (t *TemplateLookup) checkValidTemplateUpdate( - ctx context.Context, moduleTemplate *ModuleTemplateInfo, moduleStatus *v1beta2.ModuleStatus, +// markInvalidChannelSkewUpdate verifies if the given ModuleTemplate is invalid for update when channel switch is detected. +func markInvalidChannelSkewUpdate(ctx context.Context, moduleTemplateInfo *ModuleTemplateInfo, + moduleStatus *v1beta2.ModuleStatus, templateVersion string, ) { if moduleStatus.Template == nil { return } + if moduleTemplateInfo == nil || moduleTemplateInfo.Err != nil { + return + } + logger := logf.FromContext(ctx) checkLog := logger.WithValues("module", moduleStatus.FQDN, - "template", moduleTemplate.Name, - "newTemplateGeneration", moduleTemplate.GetGeneration(), - "previousTemplateGeneration", moduleStatus.Template.Generation, - "newTemplateChannel", moduleTemplate.Spec.Channel, + "template", moduleTemplateInfo.Name, + "newTemplateGeneration", moduleTemplateInfo.GetGeneration(), + "previousTemplateGeneration", moduleStatus.Template.GetGeneration(), + "newTemplateChannel", moduleTemplateInfo.Spec.Channel, "previousTemplateChannel", moduleStatus.Channel, ) - if moduleTemplate.Spec.Channel != moduleStatus.Channel { - checkLog.Info("outdated ModuleTemplate: channel skew") - - descriptor, err := t.descriptorProvider.GetDescriptor(moduleTemplate.ModuleTemplate) - if err != nil { - msg := "could not handle channel skew as descriptor from template cannot be fetched" - checkLog.Error(err, msg) - moduleTemplate.Err = fmt.Errorf("%w: %s", ErrTemplateUpdateNotAllowed, msg) - return - } - - versionInTemplate, err := semver.NewVersion(descriptor.Version) - if err != nil { - msg := "could not handle channel skew as descriptor from template contains invalid version" - checkLog.Error(err, msg) - moduleTemplate.Err = fmt.Errorf("%w: %s", ErrTemplateUpdateNotAllowed, msg) - return - } - - versionInStatus, err := semver.NewVersion(moduleStatus.Version) - if err != nil { - msg := "could not handle channel skew as Modules contains invalid version" - checkLog.Error(err, msg) - moduleTemplate.Err = fmt.Errorf("%w: %s", ErrTemplateUpdateNotAllowed, msg) - return - } - - checkLog = checkLog.WithValues( - "previousVersion", versionInTemplate.String(), - "newVersion", versionInStatus.String(), - ) + if moduleTemplateInfo.Spec.Channel == moduleStatus.Channel { + return + } - // channel skews have to be handled with more detail. If a channel is changed this means - // that the downstream kyma might have changed its target channel for the module, meaning - // the old moduleStatus is reflecting the previous desired state. - // when increasing channel stability, this means we could potentially have a downgrade - // of module versions here (fast: v2.0.0 get downgraded to regular: v1.0.0). In this - // case we want to suspend updating the module until we reach v2.0.0 in regular, since downgrades - // are not supported. To circumvent this, a module can be uninstalled and then reinstalled in the old channel. - if !v1beta2.IsValidVersionChange(versionInTemplate, versionInStatus) { - msg := fmt.Sprintf("ignore channel skew (from %s to %s), "+ - "as a higher version (%s) of the module was previously installed", - moduleStatus.Channel, moduleTemplate.Spec.Channel, versionInStatus.String()) - checkLog.Info(msg) - moduleTemplate.Err = fmt.Errorf("%w: %s", ErrTemplateUpdateNotAllowed, msg) - return - } + checkLog.Info("outdated ModuleTemplate: channel skew") + versionInTemplate, err := semver.NewVersion(templateVersion) + if err != nil { + msg := "could not handle channel skew as descriptor from template contains invalid version" + checkLog.Error(err, msg) + moduleTemplateInfo.Err = fmt.Errorf("%w: %s", ErrTemplateUpdateNotAllowed, msg) return } - // generation skews always have to be handled. We are not in need of checking downgrades here, - // since these are caught by our validating webhook. We do not support downgrades of Versions - // in ModuleTemplates, meaning the only way the generation can be changed is by changing the target - // channel (valid change) or a version increase - if moduleTemplate.GetGeneration() != moduleStatus.Template.Generation { - checkLog.Info("outdated ModuleTemplate: generation skew") + versionInStatus, err := semver.NewVersion(moduleStatus.Version) + if err != nil { + msg := "could not handle channel skew as Modules contains invalid version" + checkLog.Error(err, msg) + moduleTemplateInfo.Err = fmt.Errorf("%w: %s", ErrTemplateUpdateNotAllowed, msg) return } + + checkLog = checkLog.WithValues( + "previousVersion", versionInTemplate.String(), + "newVersion", versionInStatus.String(), + ) + + // channel skews have to be handled with more detail. If a channel is changed this means + // that the downstream kyma might have changed its target channel for the module, meaning + // the old moduleStatus is reflecting the previous desired state. + // when increasing channel stability, this means we could potentially have a downgrade + // of module versions here (fast: v2.0.0 get downgraded to regular: v1.0.0). In this + // case we want to suspend updating the module until we reach v2.0.0 in regular, since downgrades + // are not supported. To circumvent this, a module can be uninstalled and then reinstalled in the old channel. + if !v1beta2.IsValidVersionChange(versionInTemplate, versionInStatus) { + msg := fmt.Sprintf("ignore channel skew (from %s to %s), "+ + "as a higher version (%s) of the module was previously installed", + moduleStatus.Channel, moduleTemplateInfo.Spec.Channel, versionInStatus.String()) + checkLog.Info(msg) + moduleTemplateInfo.Err = fmt.Errorf("%w: %s", ErrTemplateUpdateNotAllowed, msg) + } } func getDesiredChannel(moduleChannel, globalChannel string) string { @@ -237,18 +221,18 @@ func getDesiredChannel(moduleChannel, globalChannel string) string { return desiredChannel } -func (t *TemplateLookup) getTemplate(ctx context.Context, clnt client.Reader, name, desiredChannel string) ( +func (t *TemplateLookup) getTemplate(ctx context.Context, name, desiredChannel string) ( *v1beta2.ModuleTemplate, error, ) { templateList := &v1beta2.ModuleTemplateList{} - err := clnt.List(ctx, templateList) + err := t.List(ctx, templateList) if err != nil { return nil, fmt.Errorf("failed to list module templates on lookup: %w", err) } var filteredTemplates []*v1beta2.ModuleTemplate for _, template := range templateList.Items { - template := template // capture unique address + template := template if template.Labels[shared.ModuleName] == name && template.Spec.Channel == desiredChannel { filteredTemplates = append(filteredTemplates, &template) continue diff --git a/pkg/templatelookup/regular_test.go b/pkg/templatelookup/regular_test.go new file mode 100644 index 0000000000..03170c4310 --- /dev/null +++ b/pkg/templatelookup/regular_test.go @@ -0,0 +1,380 @@ +package templatelookup_test + +import ( + "context" + "errors" + "testing" + + "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc" + ocmmetav1 "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/meta/v1" + compdescv2 "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/versions/v2" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/kyma-project/lifecycle-manager/api/shared" + "github.com/kyma-project/lifecycle-manager/api/v1beta2" + "github.com/kyma-project/lifecycle-manager/internal/descriptor/provider" + "github.com/kyma-project/lifecycle-manager/pkg/templatelookup" + "github.com/kyma-project/lifecycle-manager/pkg/testutils" + "github.com/kyma-project/lifecycle-manager/pkg/testutils/builder" +) + +type FakeModuleTemplateReader struct { + templateList v1beta2.ModuleTemplateList +} + +func NewFakeModuleTemplateReader(templateList v1beta2.ModuleTemplateList) *FakeModuleTemplateReader { + return &FakeModuleTemplateReader{ + templateList: templateList, + } +} + +func (f *FakeModuleTemplateReader) List(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { + castedList, ok := list.(*v1beta2.ModuleTemplateList) + if !ok { + return errors.New("list is not of type *v1beta2.ModuleTemplateList") + } + castedList.Items = append(castedList.Items, f.templateList.Items...) + return nil +} + +func (f *FakeModuleTemplateReader) Get(_ context.Context, _ client.ObjectKey, _ client.Object, + _ ...client.GetOption, +) error { + return nil +} + +func TestValidateTemplateMode(t *testing.T) { + tests := []struct { + name string + template templatelookup.ModuleTemplateInfo + kyma *v1beta2.Kyma + wantErr error + }{ + { + name: "When TemplateInfo contains Error, Then the output is same as input", + template: templatelookup.ModuleTemplateInfo{ + Err: templatelookup.ErrTemplateNotAllowed, + }, + wantErr: templatelookup.ErrTemplateNotAllowed, + }, + { + name: "When ModuleTemplate is internal but Kyma is not, Then result contains error", + template: templatelookup.ModuleTemplateInfo{ + ModuleTemplate: builder.NewModuleTemplateBuilder(). + WithLabel(shared.InternalLabel, "true").Build(), + }, + kyma: builder.NewKymaBuilder(). + WithLabel(shared.InternalLabel, "false"). + Build(), + wantErr: templatelookup.ErrTemplateNotAllowed, + }, + { + name: "When ModuleTemplate is beta but Kyma is not, Then result contains error", + template: templatelookup.ModuleTemplateInfo{ + ModuleTemplate: builder.NewModuleTemplateBuilder(). + WithLabel(shared.BetaLabel, "true").Build(), + }, + kyma: builder.NewKymaBuilder(). + WithLabel(shared.BetaLabel, "false"). + Build(), + wantErr: templatelookup.ErrTemplateNotAllowed, + }, + } + for _, testCase := range tests { + t.Run(testCase.name, func(t *testing.T) { + if got := templatelookup.ValidateTemplateMode(testCase.template, testCase.kyma); !errors.Is(got.Err, + testCase.wantErr) { + t.Errorf("ValidateTemplateMode() = %v, want %v", got, testCase.wantErr) + } + }) + } +} + +func TestTemplateLookup_GetRegularTemplates_WhenSwitchModuleChannel(t *testing.T) { + testModule := testutils.NewTestModule("module1", "new_channel") + + tests := []struct { + name string + kyma *v1beta2.Kyma + availableModuleTemplate v1beta2.ModuleTemplateList + want templatelookup.ModuleTemplatesByModuleName + }{ + { + name: "When upgrade version during channel switch, Then result contains no error", + kyma: builder.NewKymaBuilder(). + WithEnabledModule(testModule). + WithModuleStatus(v1beta2.ModuleStatus{ + Name: testModule.Name, + Channel: v1beta2.DefaultChannel, + Version: "1.0.0", + Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: 1, + }, + }, + }).Build(), + availableModuleTemplate: generateModuleTemplateListWithModule(testModule.Name, testModule.Channel, "1.1.0"), + want: templatelookup.ModuleTemplatesByModuleName{ + testModule.Name: &templatelookup.ModuleTemplateInfo{ + DesiredChannel: testModule.Channel, + Err: nil, + }, + }, + }, { + name: "When downgrade version during channel switch, Then result contains error", + kyma: builder.NewKymaBuilder(). + WithEnabledModule(testModule). + WithModuleStatus(v1beta2.ModuleStatus{ + Name: testModule.Name, + Channel: v1beta2.DefaultChannel, + Version: "1.1.0", + Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: 1, + }, + }, + }).Build(), + availableModuleTemplate: generateModuleTemplateListWithModule(testModule.Name, testModule.Channel, "1.0.0"), + want: templatelookup.ModuleTemplatesByModuleName{ + testModule.Name: &templatelookup.ModuleTemplateInfo{ + DesiredChannel: testModule.Channel, + Err: templatelookup.ErrTemplateUpdateNotAllowed, + }, + }, + }, + } + + for _, testCase := range tests { + t.Run(testCase.name, func(t *testing.T) { + lookup := templatelookup.NewTemplateLookup(NewFakeModuleTemplateReader(testCase.availableModuleTemplate), + provider.NewCachedDescriptorProvider()) + got := lookup.GetRegularTemplates(context.TODO(), testCase.kyma) + assert.Equal(t, len(got), len(testCase.want)) + for key, module := range got { + wantModule, ok := testCase.want[key] + assert.True(t, ok) + assert.Equal(t, wantModule.DesiredChannel, module.DesiredChannel) + require.ErrorIs(t, module.Err, wantModule.Err) + } + }) + } +} + +func generateModuleTemplateListWithModule(moduleName, moduleChannel, moduleVersion string) v1beta2.ModuleTemplateList { + templateList := v1beta2.ModuleTemplateList{} + templateList.Items = append(templateList.Items, *builder.NewModuleTemplateBuilder(). + WithModuleName(moduleName). + WithChannel(moduleChannel). + WithDescriptor(&v1beta2.Descriptor{ + ComponentDescriptor: &compdesc.ComponentDescriptor{ + Metadata: compdesc.Metadata{ + ConfiguredVersion: compdescv2.SchemaVersion, + }, + ComponentSpec: compdesc.ComponentSpec{ + ObjectMeta: ocmmetav1.ObjectMeta{ + Version: moduleVersion, + }, + }, + }, + }).Build()) + return templateList +} + +func TestNewTemplateLookup_GetRegularTemplates_WhenModuleTemplateContainsInvalidDescriptor(t *testing.T) { + testModule := testutils.NewTestModule("module1", v1beta2.DefaultChannel) + + tests := []struct { + name string + kyma *v1beta2.Kyma + want templatelookup.ModuleTemplatesByModuleName + }{ + { + name: "When module enabled in Spec, then return ModuleTemplatesByModuleName with error", + kyma: builder.NewKymaBuilder(). + WithEnabledModule(testModule).Build(), + want: templatelookup.ModuleTemplatesByModuleName{ + testModule.Name: &templatelookup.ModuleTemplateInfo{ + DesiredChannel: testModule.Channel, + Err: provider.ErrDecode, + }, + }, + }, + { + name: "When module exits in ModuleStatus only, then return ModuleTemplatesByModuleName with error", + kyma: builder.NewKymaBuilder(). + WithModuleStatus(v1beta2.ModuleStatus{ + Name: testModule.Name, + Channel: testModule.Channel, + Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: 1, + }, + }, + }).Build(), + want: templatelookup.ModuleTemplatesByModuleName{ + testModule.Name: &templatelookup.ModuleTemplateInfo{ + DesiredChannel: testModule.Channel, + Err: provider.ErrDecode, + }, + }, + }, + } + for _, testCase := range tests { + t.Run(testCase.name, func(t *testing.T) { + givenTemplateList := &v1beta2.ModuleTemplateList{} + for _, module := range testCase.kyma.GetAvailableModules() { + givenTemplateList.Items = append(givenTemplateList.Items, *builder.NewModuleTemplateBuilder(). + WithModuleName(module.Name). + WithChannel(module.Channel). + WithDescriptor(nil). + WithRawDescriptor([]byte("{invalid_json}")).Build()) + } + lookup := templatelookup.NewTemplateLookup(NewFakeModuleTemplateReader(*givenTemplateList), + provider.NewCachedDescriptorProvider()) + got := lookup.GetRegularTemplates(context.TODO(), testCase.kyma) + assert.Equal(t, len(got), len(testCase.want)) + for key, module := range got { + wantModule, ok := testCase.want[key] + assert.True(t, ok) + assert.Equal(t, wantModule.DesiredChannel, module.DesiredChannel) + require.ErrorIs(t, module.Err, wantModule.Err) + } + }) + } +} + +func TestTemplateLookup_GetRegularTemplates_WhenModuleTemplateNotFound(t *testing.T) { + testModule := testutils.NewTestModule("module1", v1beta2.DefaultChannel) + + tests := []struct { + name string + kyma *v1beta2.Kyma + want templatelookup.ModuleTemplatesByModuleName + }{ + { + name: "When no module enabled in Spec, then return empty ModuleTemplatesByModuleName", + kyma: builder.NewKymaBuilder().Build(), + want: templatelookup.ModuleTemplatesByModuleName{}, + }, + { + name: "When module enabled in Spec, then return ModuleTemplatesByModuleName with error", + kyma: builder.NewKymaBuilder(). + WithEnabledModule(testModule).Build(), + want: templatelookup.ModuleTemplatesByModuleName{ + testModule.Name: &templatelookup.ModuleTemplateInfo{ + DesiredChannel: testModule.Channel, + Err: templatelookup.ErrNoTemplatesInListResult, + }, + }, + }, + { + name: "When module exits in ModuleStatus only, then return ModuleTemplatesByModuleName with error", + kyma: builder.NewKymaBuilder(). + WithModuleStatus(v1beta2.ModuleStatus{ + Name: testModule.Name, + Channel: testModule.Channel, + Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: 1, + }, + }, + }).Build(), + want: templatelookup.ModuleTemplatesByModuleName{ + testModule.Name: &templatelookup.ModuleTemplateInfo{ + DesiredChannel: testModule.Channel, + Err: templatelookup.ErrNoTemplatesInListResult, + }, + }, + }, + } + for _, testCase := range tests { + t.Run(testCase.name, func(t *testing.T) { + givenTemplateList := &v1beta2.ModuleTemplateList{} + lookup := templatelookup.NewTemplateLookup(NewFakeModuleTemplateReader(*givenTemplateList), + provider.NewCachedDescriptorProvider()) + got := lookup.GetRegularTemplates(context.TODO(), testCase.kyma) + assert.Equal(t, len(got), len(testCase.want)) + for key, module := range got { + wantModule, ok := testCase.want[key] + assert.True(t, ok) + assert.Equal(t, wantModule.DesiredChannel, module.DesiredChannel) + require.ErrorIs(t, module.Err, wantModule.Err) + assert.Nil(t, module.ModuleTemplate) + } + }) + } +} + +func TestTemplateLookup_GetRegularTemplates_WhenModuleTemplateExists(t *testing.T) { + testModule := testutils.NewTestModule("module1", v1beta2.DefaultChannel) + + tests := []struct { + name string + kyma *v1beta2.Kyma + want templatelookup.ModuleTemplatesByModuleName + }{ + { + name: "When module enabled in Spec, then return expected moduleTemplateInfo", + kyma: builder.NewKymaBuilder(). + WithEnabledModule(testModule).Build(), + want: templatelookup.ModuleTemplatesByModuleName{ + testModule.Name: &templatelookup.ModuleTemplateInfo{ + DesiredChannel: testModule.Channel, + Err: nil, + ModuleTemplate: builder.NewModuleTemplateBuilder(). + WithModuleName(testModule.Name). + WithChannel(testModule.Channel). + Build(), + }, + }, + }, + { + name: "When module exits in ModuleStatus only, then return expected moduleTemplateInfo", + kyma: builder.NewKymaBuilder(). + WithEnabledModule(testModule). + WithModuleStatus(v1beta2.ModuleStatus{ + Name: testModule.Name, + Channel: testModule.Channel, + Template: &v1beta2.TrackingObject{ + PartialMeta: v1beta2.PartialMeta{ + Generation: 1, + }, + }, + }).Build(), + want: templatelookup.ModuleTemplatesByModuleName{ + testModule.Name: &templatelookup.ModuleTemplateInfo{ + DesiredChannel: testModule.Channel, + Err: nil, + ModuleTemplate: builder.NewModuleTemplateBuilder(). + WithModuleName(testModule.Name). + WithChannel(testModule.Channel). + Build(), + }, + }, + }, + } + for _, testCase := range tests { + t.Run(testCase.name, func(t *testing.T) { + givenTemplateList := &v1beta2.ModuleTemplateList{} + for _, module := range testCase.kyma.GetAvailableModules() { + givenTemplateList.Items = append(givenTemplateList.Items, *builder.NewModuleTemplateBuilder(). + WithModuleName(module.Name). + WithChannel(module.Channel). + WithOCM(compdescv2.SchemaVersion).Build()) + } + lookup := templatelookup.NewTemplateLookup(NewFakeModuleTemplateReader(*givenTemplateList), + provider.NewCachedDescriptorProvider()) + got := lookup.GetRegularTemplates(context.TODO(), testCase.kyma) + assert.Equal(t, len(got), len(testCase.want)) + for key, module := range got { + wantModule, ok := testCase.want[key] + assert.True(t, ok) + assert.Equal(t, wantModule.DesiredChannel, module.DesiredChannel) + require.ErrorIs(t, module.Err, wantModule.Err) + assert.Equal(t, wantModule.ModuleTemplate.Spec.Channel, module.ModuleTemplate.Spec.Channel) + } + }) + } +} diff --git a/pkg/testutils/builder/kyma.go b/pkg/testutils/builder/kyma.go index f6bb68c86a..dadf252081 100644 --- a/pkg/testutils/builder/kyma.go +++ b/pkg/testutils/builder/kyma.go @@ -38,6 +38,15 @@ func (kb KymaBuilder) WithName(name string) KymaBuilder { return kb } +// WithEnabledModule append module to v1beta2.Kyma.Spec.Modules. +func (kb KymaBuilder) WithEnabledModule(module v1beta2.Module) KymaBuilder { + if kb.kyma.Spec.Modules == nil { + kb.kyma.Spec.Modules = []v1beta2.Module{} + } + kb.kyma.Spec.Modules = append(kb.kyma.Spec.Modules, module) + return kb +} + // WithNamePrefix sets v1beta2.Kyma.ObjectMeta.Name. func (kb KymaBuilder) WithNamePrefix(prefix string) KymaBuilder { kb.kyma.ObjectMeta.Name = fmt.Sprintf("%s-%s", prefix, random.Name()) @@ -83,6 +92,15 @@ func (kb KymaBuilder) WithCondition(condition apimetav1.Condition) KymaBuilder { return kb } +// WithCondition adds a ModuleStatus to v1beta2.Kyma.Status.Modules. +func (kb KymaBuilder) WithModuleStatus(moduleStatus v1beta2.ModuleStatus) KymaBuilder { + if kb.kyma.Status.Modules == nil { + kb.kyma.Status.Modules = []v1beta2.ModuleStatus{} + } + kb.kyma.Status.Modules = append(kb.kyma.Status.Modules, moduleStatus) + return kb +} + // Build returns the built v1beta2.Kyma. func (kb KymaBuilder) Build() *v1beta2.Kyma { return kb.kyma diff --git a/pkg/testutils/builder/moduletemplate.go b/pkg/testutils/builder/moduletemplate.go index f7904e3248..4858da3c63 100644 --- a/pkg/testutils/builder/moduletemplate.go +++ b/pkg/testutils/builder/moduletemplate.go @@ -29,7 +29,7 @@ func NewModuleTemplateBuilder() ModuleTemplateBuilder { moduleTemplate: &v1beta2.ModuleTemplate{ TypeMeta: apimetav1.TypeMeta{ APIVersion: v1beta2.GroupVersion.String(), - Kind: string(shared.KymaKind), + Kind: string(shared.ModuleTemplateKind), }, ObjectMeta: apimetav1.ObjectMeta{ Name: random.Name(), @@ -39,9 +39,11 @@ func NewModuleTemplateBuilder() ModuleTemplateBuilder { Data: data, Descriptor: machineryruntime.RawExtension{ Object: &v1beta2.Descriptor{ - ComponentDescriptor: &compdesc.ComponentDescriptor{Metadata: compdesc.Metadata{ - ConfiguredVersion: compdescv2.SchemaVersion, - }}, + ComponentDescriptor: &compdesc.ComponentDescriptor{ + Metadata: compdesc.Metadata{ + ConfiguredVersion: compdescv2.SchemaVersion, + }, + }, }, }, }, diff --git a/unit-test-coverage.yaml b/unit-test-coverage.yaml index 6824037cfa..f57b0b809c 100644 --- a/unit-test-coverage.yaml +++ b/unit-test-coverage.yaml @@ -7,3 +7,4 @@ packages: internal/istio: 63 internal/pkg/resources: 85 internal/remote: 5 + pkg/templatelookup: 63 From 294103d856cb03a2e148c960b56ce071b02d4372 Mon Sep 17 00:00:00 2001 From: Nesma Badr Date: Fri, 26 Jul 2024 11:18:03 +0200 Subject: [PATCH 15/26] feat: Support StatefulSet Module Resource in Ready Check (#1713) * Add implementation to support stateful set * Add unit tests * Start writing E2E test * Adjust Github Actions for E2E test * E2E test implementation --- .../deploy-template-operator/action.yaml | 71 ++++++++++++-- .github/workflows/test-e2e.yaml | 3 +- internal/controller/manifest/controller.go | 2 +- internal/declarative/v2/reconciler.go | 10 +- internal/manifest/deployment_ready_check.go | 59 ++++++++++++ .../manifest/deployment_ready_check_test.go | 75 +++++++++++++++ internal/manifest/ready_check.go | 92 ++++++++++--------- internal/manifest/ready_check_test.go | 64 ------------- internal/manifest/statefulset_ready_check.go | 56 +++++++++++ .../manifest/statefulset_ready_check_test.go | 50 ++++++++++ pkg/testutils/modulecr.go | 2 +- pkg/testutils/statefulset.go | 40 ++++++++ tests/e2e/Makefile | 10 +- tests/e2e/manifest_reconciliation_test.go | 8 +- tests/e2e/module_consistency_test.go | 6 +- tests/e2e/module_deletion_test.go | 8 +- tests/e2e/module_status_decoupling_test.go | 62 ++++++++++--- ..._status_decoupling_with_deployment_test.go | 9 ++ ...status_decoupling_with_statefulset_test.go | 9 ++ .../custom_resource_check/suite_test.go | 2 +- .../controller/manifest/ready_check_test.go | 2 +- 21 files changed, 489 insertions(+), 151 deletions(-) create mode 100644 internal/manifest/deployment_ready_check.go create mode 100644 internal/manifest/deployment_ready_check_test.go create mode 100644 internal/manifest/statefulset_ready_check.go create mode 100644 internal/manifest/statefulset_ready_check_test.go create mode 100644 pkg/testutils/statefulset.go create mode 100644 tests/e2e/module_status_decoupling_with_deployment_test.go create mode 100644 tests/e2e/module_status_decoupling_with_statefulset_test.go diff --git a/.github/actions/deploy-template-operator/action.yaml b/.github/actions/deploy-template-operator/action.yaml index 79631f1051..1eaecc82dc 100644 --- a/.github/actions/deploy-template-operator/action.yaml +++ b/.github/actions/deploy-template-operator/action.yaml @@ -46,12 +46,12 @@ runs: shell: bash run: | kubectl apply -f tests/moduletemplates/moduletemplate_template_operator_v2_fast.yaml - - name: Create Template Operator Module with final state and final deletion state as `Warning` and apply + - name: Create Template Operator Module with Deployment, with final state and final deletion state as `Warning` and apply working-directory: template-operator - if: ${{ matrix.e2e-test == 'module-status-decoupling'}} + if: ${{ matrix.e2e-test == 'module-status-decoupling-with-deployment'}} shell: bash run: | - pushd config/default + pushd config/overlays/deployment echo \ "- op: replace path: /spec/template/spec/containers/0/args/1 @@ -62,16 +62,52 @@ runs: cat warning_patch.yaml kustomize edit add patch --path warning_patch.yaml --kind Deployment popd - kyma alpha create module --kubebuilder-project --channel=regular --name kyma.project.io/module/template-operator --version 1.1.1 --path . --registry localhost:5111 --insecure --module-archive-version-overwrite / + make build-manifests + kyma alpha create module --module-config-file ./module-config.yaml --path . --registry localhost:5111 --insecure sed -i 's/localhost:5111/k3d-kcp-registry.localhost:5000/g' ./template.yaml kubectl get crds kubectl apply -f template.yaml - - name: Create Template Operator Module with non-working image and apply + - name: Create Template Operator Module with StatefulSet, with final state and final deletion state as `Warning` and apply + working-directory: template-operator + if: ${{ matrix.e2e-test == 'module-status-decoupling-with-statefulset'}} + shell: bash + run: | + pushd config/overlays/statefulset + echo \ + "- op: replace + path: /spec/template/spec/containers/0/args/1 + value: --final-state=Warning + - op: replace + path: /spec/template/spec/containers/0/args/2 + value: --final-deletion-state=Warning" >> warning_patch.yaml + cat warning_patch.yaml + kustomize edit add patch --path warning_patch.yaml --kind StatefulSet + popd + make build-statefulset-manifests + kyma alpha create module --module-config-file ./module-config.yaml --path . --registry localhost:5111 --insecure + sed -i 's/localhost:5111/k3d-kcp-registry.localhost:5000/g' ./template.yaml + kubectl get crds + kubectl apply -f template.yaml + - name: Create non-working image patch for Template Operator Module and create associated module config file + working-directory: template-operator + if: ${{ matrix.e2e-test == 'module-status-decoupling-with-deployment'|| + matrix.e2e-test == 'module-status-decoupling-with-statefulset'}} + shell: bash + run: | + echo "name: kyma-project.io/module/template-operator-misconfigured + channel: regular + version: v1.1.1 + manifest: template-operator.yaml + security: sec-scanners-config.yaml + defaultCR: ./config/samples/default-sample-cr.yaml + annotations: + operator.kyma-project.io/doc-url: https://kyma-project.io" >> misconfigured-module-config.yaml + - name: Create Template Operator Module with Deployment, with non-working image and apply working-directory: template-operator - if: ${{ matrix.e2e-test == 'module-status-decoupling'}} + if: ${{ matrix.e2e-test == 'module-status-decoupling-with-deployment'}} shell: bash run: | - pushd config/default + pushd config/overlays/deployment echo \ "- op: replace path: /spec/template/spec/containers/0/image @@ -79,7 +115,26 @@ runs: cat image_patch.yaml kustomize edit add patch --path image_patch.yaml --kind Deployment popd - kyma alpha create module --kubebuilder-project --channel=regular --name kyma.project.io/module/template-operator-misconfigured --version 1.1.1 --path . --registry localhost:5111 --insecure --module-archive-version-overwrite + make build-manifests + kyma alpha create module --module-config-file ./misconfigured-module-config.yaml --path . --registry localhost:5111 --insecure + sed -i 's/localhost:5111/k3d-kcp-registry.localhost:5000/g' ./template.yaml + kubectl get crds + kubectl apply -f template.yaml + - name: Create Template Operator Module with StatefulSet, with non-working image and apply + working-directory: template-operator + if: ${{ matrix.e2e-test == 'module-status-decoupling-with-statefulset'}} + shell: bash + run: | + pushd config/overlays/statefulset + echo \ + "- op: replace + path: /spec/template/spec/containers/0/image + value: non-working-path" >> image_patch.yaml + cat image_patch.yaml + kustomize edit add patch --path image_patch.yaml --kind StatefulSet + popd + make build-statefulset-manifests + kyma alpha create module --module-config-file ./misconfigured-module-config.yaml --path . --registry localhost:5111 --insecure sed -i 's/localhost:5111/k3d-kcp-registry.localhost:5000/g' ./template.yaml kubectl get crds kubectl apply -f template.yaml diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml index d2618526b2..5e5edca5ac 100644 --- a/.github/workflows/test-e2e.yaml +++ b/.github/workflows/test-e2e.yaml @@ -30,7 +30,8 @@ jobs: - watcher-enqueue - kyma-deprovision-with-foreground-propagation - kyma-deprovision-with-background-propagation - - module-status-decoupling + - module-status-decoupling-with-statefulset + - module-status-decoupling-with-deployment - kyma-metrics - module-without-default-cr - module-consistency diff --git a/internal/controller/manifest/controller.go b/internal/controller/manifest/controller.go index 3fe47c12ae..90fff1792c 100644 --- a/internal/controller/manifest/controller.go +++ b/internal/controller/manifest/controller.go @@ -23,7 +23,7 @@ func NewReconciler(mgr manager.Manager, return declarativev2.NewFromManager( mgr, requeueIntervals, manifestMetrics, mandatoryModulesMetrics, manifest.NewSpecResolver(kcp.Client, extractor), - declarativev2.WithCustomReadyCheck(manifest.NewDeploymentReadyCheck()), + declarativev2.WithCustomReadyCheck(manifest.NewResourceReadyCheck()), declarativev2.WithRemoteTargetCluster(lookup.ConfigResolver), manifest.WithClientCacheKey(), declarativev2.WithPostRun{manifest.PostRunCreateCR}, diff --git a/internal/declarative/v2/reconciler.go b/internal/declarative/v2/reconciler.go index f7d93cb2d2..9580881feb 100644 --- a/internal/declarative/v2/reconciler.go +++ b/internal/declarative/v2/reconciler.go @@ -361,7 +361,7 @@ func (r *Reconciler) syncResources(ctx context.Context, clnt Client, manifest *v } } - deploymentState, err := r.checkDeploymentState(ctx, clnt, target) + deploymentState, err := r.checkResourceState(ctx, clnt, target) if err != nil { manifest.SetStatus(status.WithState(shared.StateError).WithErr(err)) return err @@ -390,21 +390,21 @@ func hasDiff(oldResources []shared.Resource, newResources []shared.Resource) boo return false } -func (r *Reconciler) checkDeploymentState(ctx context.Context, clnt Client, target []*resource.Info) (shared.State, +func (r *Reconciler) checkResourceState(ctx context.Context, clnt Client, target []*resource.Info) (shared.State, error, ) { resourceReadyCheck := r.CustomReadyCheck - deploymentState, err := resourceReadyCheck.Run(ctx, clnt, target) + resourceState, err := resourceReadyCheck.Run(ctx, clnt, target) if err != nil { return shared.StateError, err } - if deploymentState == shared.StateProcessing { + if resourceState == shared.StateProcessing { return shared.StateProcessing, nil } - return deploymentState, nil + return resourceState, nil } func (r *Reconciler) setManifestState(manifest *v1beta2.Manifest, state shared.State) error { diff --git a/internal/manifest/deployment_ready_check.go b/internal/manifest/deployment_ready_check.go new file mode 100644 index 0000000000..0efdcfdf1d --- /dev/null +++ b/internal/manifest/deployment_ready_check.go @@ -0,0 +1,59 @@ +package manifest + +import ( + "context" + + apiappsv1 "k8s.io/api/apps/v1" + apicorev1 "k8s.io/api/core/v1" + "k8s.io/kubectl/pkg/util/deployment" + + "github.com/kyma-project/lifecycle-manager/api/shared" + declarativev2 "github.com/kyma-project/lifecycle-manager/internal/declarative/v2" +) + +// NewDeploymentReadyCheck creates a readiness check that verifies if a Deployment is ready. +func NewDeploymentReadyCheck() *DeploymentReadyCheck { + return &DeploymentReadyCheck{} +} + +type DeploymentReadyCheck struct{} + +func (c *DeploymentReadyCheck) Run(ctx context.Context, + clnt declarativev2.Client, + deploy *apiappsv1.Deployment, +) (shared.State, error) { + deploymentState := getDeploymentState(ctx, clnt, deploy) + return deploymentState, nil +} + +func getDeploymentState(ctx context.Context, clt declarativev2.Client, deploy *apiappsv1.Deployment) shared.State { + if IsDeploymentReady(deploy) { + return shared.StateReady + } + + // Since deployment is not ready check if pods are ready or in error state + // Get all Pods associated with the Deployment + podList, err := getPodsForDeployment(ctx, clt, deploy) + if err != nil { + return shared.StateError + } + + return GetPodsState(podList) +} + +func IsDeploymentReady(deploy *apiappsv1.Deployment) bool { + availableCond := deployment.GetDeploymentCondition(deploy.Status, apiappsv1.DeploymentAvailable) + if availableCond != nil && availableCond.Status == apicorev1.ConditionTrue { + return true + } + if deploy.Spec.Replicas != nil && *deploy.Spec.Replicas == deploy.Status.ReadyReplicas { + return true + } + return false +} + +func getPodsForDeployment(ctx context.Context, clt declarativev2.Client, + deploy *apiappsv1.Deployment, +) (*apicorev1.PodList, error) { + return getPodsList(ctx, clt, deploy.Namespace, deploy.Spec.Selector.MatchLabels) +} diff --git a/internal/manifest/deployment_ready_check_test.go b/internal/manifest/deployment_ready_check_test.go new file mode 100644 index 0000000000..d73215ae56 --- /dev/null +++ b/internal/manifest/deployment_ready_check_test.go @@ -0,0 +1,75 @@ +package manifest_test + +import ( + "testing" + + "github.com/stretchr/testify/require" + apiappsv1 "k8s.io/api/apps/v1" + apicorev1 "k8s.io/api/core/v1" + "k8s.io/utils/ptr" + + "github.com/kyma-project/lifecycle-manager/internal/manifest" +) + +func Test_IsDeploymentReady(t *testing.T) { + tests := []struct { + name string + deploy *apiappsv1.Deployment + expected bool + }{ + { + name: "Test Deployment Ready", + deploy: &apiappsv1.Deployment{ + Status: apiappsv1.DeploymentStatus{ + Conditions: []apiappsv1.DeploymentCondition{ + { + Type: apiappsv1.DeploymentAvailable, + Status: apicorev1.ConditionTrue, + }, + }, + ReadyReplicas: 1, + }, + Spec: apiappsv1.DeploymentSpec{ + Replicas: ptr.To(int32(1)), + }, + }, + expected: true, + }, + { + name: "Test Deployment Ready using Conditions", + deploy: &apiappsv1.Deployment{ + Status: apiappsv1.DeploymentStatus{ + ReadyReplicas: 1, + }, + Spec: apiappsv1.DeploymentSpec{ + Replicas: ptr.To(int32(1)), + }, + }, + expected: true, + }, + { + name: "Test Deployment Not Ready", + deploy: &apiappsv1.Deployment{ + Status: apiappsv1.DeploymentStatus{ + Conditions: []apiappsv1.DeploymentCondition{ + { + Type: apiappsv1.DeploymentAvailable, + Status: apicorev1.ConditionFalse, + }, + }, + ReadyReplicas: 0, + }, + Spec: apiappsv1.DeploymentSpec{ + Replicas: ptr.To(int32(1)), + }, + }, + expected: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + require.Equal(t, tt.expected, manifest.IsDeploymentReady(tt.deploy)) + }) + } +} diff --git a/internal/manifest/ready_check.go b/internal/manifest/ready_check.go index 04e6f67877..74a4217269 100644 --- a/internal/manifest/ready_check.go +++ b/internal/manifest/ready_check.go @@ -8,77 +8,83 @@ import ( apicorev1 "k8s.io/api/core/v1" k8slabels "k8s.io/apimachinery/pkg/labels" "k8s.io/cli-runtime/pkg/resource" - "k8s.io/kubectl/pkg/util/deployment" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/kyma-project/lifecycle-manager/api/shared" declarativev2 "github.com/kyma-project/lifecycle-manager/internal/declarative/v2" ) -// NewDeploymentReadyCheck creates a readiness check that verifies if a Deployment is ready. -func NewDeploymentReadyCheck() *DeploymentReadyCheck { - return &DeploymentReadyCheck{} +func NewResourceReadyCheck() *ResourceReadyCheck { + return &ResourceReadyCheck{} } -type DeploymentReadyCheck struct{} +type ResourceReadyCheck struct{} -func (c *DeploymentReadyCheck) Run(ctx context.Context, +type ResourceKind string + +const ( + DeploymentKind ResourceKind = "Deployment" + StatefulSetKind ResourceKind = "StatefulSet" +) + +type Resource struct { + Kind ResourceKind + *apiappsv1.Deployment + *apiappsv1.StatefulSet +} + +func (c *ResourceReadyCheck) Run(ctx context.Context, clnt declarativev2.Client, resources []*resource.Info, ) (shared.State, error) { - deploymentState := getDeploymentState(ctx, clnt, resources) - return deploymentState, nil -} - -func getDeploymentState(ctx context.Context, clt declarativev2.Client, resources []*resource.Info) shared.State { - deploy, found := findDeployment(clt, resources) - // Not every module operator use Deployment by default, e.g: StatefulSet also a valid approach - if !found { - return shared.StateReady - } - - if IsDeploymentReady(deploy) { - return shared.StateReady + res := findResource(clnt, resources) + if res == nil { + return shared.StateReady, nil } - // Since deployment is not ready check if pods are ready or in error state - // Get all Pods associated with the Deployment - podList, err := getPodsForDeployment(ctx, clt, deploy) - if err != nil { - return shared.StateError + switch res.Kind { + case StatefulSetKind: + statefulSetReadyCheck := NewStatefulSetReadyCheck() + return statefulSetReadyCheck.Run(ctx, clnt, res.StatefulSet) + case DeploymentKind: + deploymentReadyCheck := NewDeploymentReadyCheck() + return deploymentReadyCheck.Run(ctx, clnt, res.Deployment) } - return GetPodsState(podList) + return shared.StateReady, nil } -func findDeployment(clt declarativev2.Client, resources []*resource.Info) (*apiappsv1.Deployment, bool) { +func findResource(clt declarativev2.Client, resources []*resource.Info) *Resource { deploy := &apiappsv1.Deployment{} + statefulSet := &apiappsv1.StatefulSet{} + for _, res := range resources { if err := clt.Scheme().Convert(res.Object, deploy, nil); err == nil { - return deploy, true + return &Resource{ + Kind: DeploymentKind, + Deployment: deploy, + } } - } - return nil, false -} -func IsDeploymentReady(deploy *apiappsv1.Deployment) bool { - availableCond := deployment.GetDeploymentCondition(deploy.Status, apiappsv1.DeploymentAvailable) - if availableCond != nil && availableCond.Status == apicorev1.ConditionTrue { - return true - } - if deploy.Spec.Replicas != nil && *deploy.Spec.Replicas == deploy.Status.ReadyReplicas { - return true + if err := clt.Scheme().Convert(res.Object, statefulSet, nil); err == nil { + return &Resource{ + Kind: StatefulSetKind, + StatefulSet: statefulSet, + } + } } - return false + + return nil } -func getPodsForDeployment(ctx context.Context, clt declarativev2.Client, - deploy *apiappsv1.Deployment, -) (*apicorev1.PodList, error) { +func getPodsList(ctx context.Context, clt declarativev2.Client, namespace string, + matchLabels map[string]string) (*apicorev1.PodList, + error, +) { podList := &apicorev1.PodList{} listOptions := &client.ListOptions{ - Namespace: deploy.Namespace, - LabelSelector: k8slabels.SelectorFromSet(deploy.Spec.Selector.MatchLabels), + Namespace: namespace, + LabelSelector: k8slabels.SelectorFromSet(matchLabels), } if err := clt.List(ctx, podList, listOptions); err != nil { return nil, fmt.Errorf("failed to list pods: %w", err) diff --git a/internal/manifest/ready_check_test.go b/internal/manifest/ready_check_test.go index 0c6f668aaa..e9609422c7 100644 --- a/internal/manifest/ready_check_test.go +++ b/internal/manifest/ready_check_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/require" - apiappsv1 "k8s.io/api/apps/v1" apicorev1 "k8s.io/api/core/v1" "k8s.io/utils/ptr" @@ -107,66 +106,3 @@ func Test_getPodsState(t *testing.T) { }) } } - -func Test_IsDeploymentReady(t *testing.T) { - tests := []struct { - name string - deploy *apiappsv1.Deployment - expected bool - }{ - { - name: "Test Deployment Ready", - deploy: &apiappsv1.Deployment{ - Status: apiappsv1.DeploymentStatus{ - Conditions: []apiappsv1.DeploymentCondition{ - { - Type: apiappsv1.DeploymentAvailable, - Status: apicorev1.ConditionTrue, - }, - }, - ReadyReplicas: 1, - }, - Spec: apiappsv1.DeploymentSpec{ - Replicas: ptr.To(int32(1)), - }, - }, - expected: true, - }, - { - name: "Test Deployment Ready using Conditions", - deploy: &apiappsv1.Deployment{ - Status: apiappsv1.DeploymentStatus{ - ReadyReplicas: 1, - }, - Spec: apiappsv1.DeploymentSpec{ - Replicas: ptr.To(int32(1)), - }, - }, - expected: true, - }, - { - name: "Test Deployment Not Ready", - deploy: &apiappsv1.Deployment{ - Status: apiappsv1.DeploymentStatus{ - Conditions: []apiappsv1.DeploymentCondition{ - { - Type: apiappsv1.DeploymentAvailable, - Status: apicorev1.ConditionFalse, - }, - }, - ReadyReplicas: 0, - }, - Spec: apiappsv1.DeploymentSpec{ - Replicas: ptr.To(int32(1)), - }, - }, - expected: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - require.Equal(t, tt.expected, manifest.IsDeploymentReady(tt.deploy)) - }) - } -} diff --git a/internal/manifest/statefulset_ready_check.go b/internal/manifest/statefulset_ready_check.go new file mode 100644 index 0000000000..42e31f1fd2 --- /dev/null +++ b/internal/manifest/statefulset_ready_check.go @@ -0,0 +1,56 @@ +package manifest + +import ( + "context" + + apiappsv1 "k8s.io/api/apps/v1" + apicorev1 "k8s.io/api/core/v1" + + "github.com/kyma-project/lifecycle-manager/api/shared" + declarativev2 "github.com/kyma-project/lifecycle-manager/internal/declarative/v2" +) + +// NewStatefulSetReadyCheck creates a readiness check that verifies if a StatefulSet is ready. +func NewStatefulSetReadyCheck() *StatefulSetReadyCheck { + return &StatefulSetReadyCheck{} +} + +type StatefulSetReadyCheck struct{} + +func (c *StatefulSetReadyCheck) Run(ctx context.Context, + clnt declarativev2.Client, + statefulSet *apiappsv1.StatefulSet, +) (shared.State, error) { + statefulSetState := getStatefulSetState(ctx, clnt, statefulSet) + return statefulSetState, nil +} + +func getStatefulSetState(ctx context.Context, clt declarativev2.Client, + statefulSet *apiappsv1.StatefulSet, +) shared.State { + if IsStatefulSetReady(statefulSet) { + return shared.StateReady + } + + // Since statefulset is not ready, check if pods are ready or in error state + // Get all Pods associated with the StatefulSet + podList, err := getPodsForStatefulSet(ctx, clt, statefulSet) + if err != nil { + return shared.StateError + } + + return GetPodsState(podList) +} + +func IsStatefulSetReady(statefulSet *apiappsv1.StatefulSet) bool { + if statefulSet.Spec.Replicas != nil && *statefulSet.Spec.Replicas == statefulSet.Status.ReadyReplicas { + return true + } + return false +} + +func getPodsForStatefulSet(ctx context.Context, clt declarativev2.Client, + statefulSet *apiappsv1.StatefulSet, +) (*apicorev1.PodList, error) { + return getPodsList(ctx, clt, statefulSet.Namespace, statefulSet.Spec.Selector.MatchLabels) +} diff --git a/internal/manifest/statefulset_ready_check_test.go b/internal/manifest/statefulset_ready_check_test.go new file mode 100644 index 0000000000..0f5fbe8e5e --- /dev/null +++ b/internal/manifest/statefulset_ready_check_test.go @@ -0,0 +1,50 @@ +package manifest_test + +import ( + "testing" + + "github.com/stretchr/testify/require" + apiappsv1 "k8s.io/api/apps/v1" + "k8s.io/utils/ptr" + + "github.com/kyma-project/lifecycle-manager/internal/manifest" +) + +func Test_IsStatefulSetReady(t *testing.T) { + tests := []struct { + name string + statefulSet *apiappsv1.StatefulSet + expected bool + }{ + { + name: "Test StatefulSet Ready", + statefulSet: &apiappsv1.StatefulSet{ + Status: apiappsv1.StatefulSetStatus{ + ReadyReplicas: 1, + }, + Spec: apiappsv1.StatefulSetSpec{ + Replicas: ptr.To(int32(1)), + }, + }, + expected: true, + }, + { + name: "Test StatefulSet Not Ready", + statefulSet: &apiappsv1.StatefulSet{ + Status: apiappsv1.StatefulSetStatus{ + ReadyReplicas: 0, + }, + Spec: apiappsv1.StatefulSetSpec{ + Replicas: ptr.To(int32(1)), + }, + }, + expected: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + require.Equal(t, tt.expected, manifest.IsStatefulSetReady(tt.statefulSet)) + }) + } +} diff --git a/pkg/testutils/modulecr.go b/pkg/testutils/modulecr.go index f946ecf27b..5cc7bfb828 100644 --- a/pkg/testutils/modulecr.go +++ b/pkg/testutils/modulecr.go @@ -18,7 +18,7 @@ import ( const ( TestModuleCRName = "sample-yaml" TestModuleResourceNamespace = "template-operator-system" - ModuleDeploymentName = "template-operator-controller-manager" + ModuleResourceName = "template-operator-controller-manager" ModuleServiceAccountName = "template-operator-controller-manager" ModuleManagedCRName = "template-operator-managed-resource" ModuleDeploymentNameInNewerVersion = "template-operator-v2-controller-manager" diff --git a/pkg/testutils/statefulset.go b/pkg/testutils/statefulset.go new file mode 100644 index 0000000000..0402423a99 --- /dev/null +++ b/pkg/testutils/statefulset.go @@ -0,0 +1,40 @@ +package testutils + +import ( + "context" + "errors" + "fmt" + + apiappsv1 "k8s.io/api/apps/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/kyma-project/lifecycle-manager/pkg/util" +) + +var ErrStatefulSetNotReady = errors.New("statefulset is not ready") + +func StatefulSetIsReady(ctx context.Context, clnt client.Client, name, namespace string) error { + statefulSet, err := GetStatefulSet(ctx, clnt, name, namespace) + if err != nil { + if util.IsNotFound(err) { + return ErrNotFound + } + return fmt.Errorf("could not get statefulset: %w", err) + } + + if statefulSet.Spec.Replicas != nil && + *statefulSet.Spec.Replicas == statefulSet.Status.ReadyReplicas { + return nil + } + return ErrStatefulSetNotReady +} + +func GetStatefulSet(ctx context.Context, clnt client.Client, + name, namespace string, +) (*apiappsv1.StatefulSet, error) { + statefulSet := &apiappsv1.StatefulSet{} + if err := clnt.Get(ctx, client.ObjectKey{Name: name, Namespace: namespace}, statefulSet); err != nil { + return nil, fmt.Errorf("could not get statefulset: %w", err) + } + return statefulSet, nil +} diff --git a/tests/e2e/Makefile b/tests/e2e/Makefile index ca4e64681c..da8cfa1099 100644 --- a/tests/e2e/Makefile +++ b/tests/e2e/Makefile @@ -72,7 +72,8 @@ test: kyma-deprovision-with-foreground-propagation \ kyma-metrics \ mandatory-module-metrics \ watcher-enqueue \ - module-status-decoupling \ + module-status-decoupling-with-deployment \ + module-status-decoupling-with-statefulset \ module-without-default-cr \ module-consistency \ mandatory-module \ @@ -102,8 +103,11 @@ mandatory-module-metrics: watcher-enqueue: go test -timeout 20m -ginkgo.v -ginkgo.focus "Enqueue Event from Watcher" -module-status-decoupling: - go test -timeout 20m -ginkgo.v -ginkgo.focus "Module Status Decoupling" +module-status-decoupling-with-statefulset: + go test -timeout 20m -ginkgo.v -ginkgo.focus "Module Status Decoupling With StatefulSet" + +module-status-decoupling-with-deployment: + go test -timeout 20m -ginkgo.v -ginkgo.focus "Module Status Decoupling With Deployment" module-without-default-cr: go test -timeout 20m -ginkgo.v -ginkgo.focus "Module Without Default CR" diff --git a/tests/e2e/manifest_reconciliation_test.go b/tests/e2e/manifest_reconciliation_test.go index f69a2e94ce..df01783f19 100644 --- a/tests/e2e/manifest_reconciliation_test.go +++ b/tests/e2e/manifest_reconciliation_test.go @@ -29,7 +29,7 @@ var _ = Describe("Manifest Skip Reconciliation Label", Ordered, func() { By("Then the Module Operator is deployed on the SKR cluster") Eventually(DeploymentIsReady). WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). Should(Succeed()) By("And the SKR Module Default CR is in a \"Ready\" State") @@ -64,13 +64,13 @@ var _ = Describe("Manifest Skip Reconciliation Label", Ordered, func() { Should(Equal(ErrNotFound)) By("When deleting the SKR Module Manager Deployment") - err := DeleteCRWithGVK(ctx, runtimeClient, ModuleDeploymentName, + err := DeleteCRWithGVK(ctx, runtimeClient, ModuleResourceName, TestModuleResourceNamespace, "apps", "v1", "Deployment") Expect(err).ToNot(HaveOccurred()) By("Then Module Manager Deployment is not recreated on the SKR cluster") Eventually(DeploymentIsReady). WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). Should(Equal(ErrNotFound)) }) @@ -90,7 +90,7 @@ var _ = Describe("Manifest Skip Reconciliation Label", Ordered, func() { By("Then Module Deployment is recreated") Eventually(DeploymentIsReady). WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). Should(Succeed()) diff --git a/tests/e2e/module_consistency_test.go b/tests/e2e/module_consistency_test.go index a90f8d8981..7ba9c6c934 100644 --- a/tests/e2e/module_consistency_test.go +++ b/tests/e2e/module_consistency_test.go @@ -38,7 +38,7 @@ var _ = Describe("Module Keep Consistent After Deploy", Ordered, func() { By("And Module Operator Deployment is ready") Eventually(DeploymentIsReady). WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, TestModuleResourceNamespace). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). Should(Succeed()) By("And KCP Kyma CR is in \"Ready\" State") @@ -78,7 +78,7 @@ var _ = Describe("Module Keep Consistent After Deploy", Ordered, func() { Eventually(StopDeployment). WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, TestModuleResourceNamespace). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). Should(Succeed()) Eventually(SetSkipLabelToManifest). @@ -90,7 +90,7 @@ var _ = Describe("Module Keep Consistent After Deploy", Ordered, func() { It("Then Module Operator has been reset", func() { Eventually(DeploymentIsReady). WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, TestModuleResourceNamespace). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). Should(Succeed()) }) }) diff --git a/tests/e2e/module_deletion_test.go b/tests/e2e/module_deletion_test.go index cff06fc1b3..2106076942 100644 --- a/tests/e2e/module_deletion_test.go +++ b/tests/e2e/module_deletion_test.go @@ -32,7 +32,7 @@ var _ = Describe("Non Blocking Kyma Module Deletion", Ordered, func() { It("Then Module Operator is deployed on SKR cluster", func() { Eventually(CheckIfExists). WithContext(ctx). - WithArguments(ModuleDeploymentName, TestModuleResourceNamespace, "apps", "v1", + WithArguments(ModuleResourceName, TestModuleResourceNamespace, "apps", "v1", "Deployment", runtimeClient). Should(Succeed()) By("And KCP Kyma CR is in \"Ready\" State") @@ -89,7 +89,7 @@ var _ = Describe("Non Blocking Kyma Module Deletion", Ordered, func() { By("And Module Operator Deployment is not removed on SKR cluster") Consistently(CheckIfExists). WithContext(ctx). - WithArguments(ModuleDeploymentName, TestModuleResourceNamespace, + WithArguments(ModuleResourceName, TestModuleResourceNamespace, "apps", "v1", "Deployment", runtimeClient). Should(Succeed()) }) @@ -111,11 +111,11 @@ var _ = Describe("Non Blocking Kyma Module Deletion", Ordered, func() { By("And old Module Operator Deployment is removed") Eventually(DeploymentIsReady). WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, TestModuleResourceNamespace). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). Should(Equal(ErrNotFound)) Consistently(DeploymentIsReady). WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, TestModuleResourceNamespace). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). Should(Equal(ErrNotFound)) By("And Module CR is in \"Deleting\" State") diff --git a/tests/e2e/module_status_decoupling_test.go b/tests/e2e/module_status_decoupling_test.go index b6890935fb..07d701ed7b 100644 --- a/tests/e2e/module_status_decoupling_test.go +++ b/tests/e2e/module_status_decoupling_test.go @@ -3,7 +3,6 @@ package e2e_test import ( "context" - templatev1alpha1 "github.com/kyma-project/template-operator/api/v1alpha1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "github.com/kyma-project/lifecycle-manager/api/shared" @@ -13,9 +12,17 @@ import ( . "github.com/onsi/gomega" . "github.com/kyma-project/lifecycle-manager/pkg/testutils" + templatev1alpha1 "github.com/kyma-project/template-operator/api/v1alpha1" ) -var _ = Describe("Module Status Decoupling", Ordered, func() { +type ResourceKind string + +const ( + DeploymentKind ResourceKind = "Deployment" + StatefulSetKind ResourceKind = "StatefulSet" +) + +func RunModuleStatusDecouplingTest(resourceKind ResourceKind) { kyma := NewKymaWithSyncLabel("kyma-sample", ControlPlaneNamespace, v1beta2.DefaultChannel) module := NewTemplateOperator(v1beta2.DefaultChannel) moduleWrongConfig := NewTestModuleWithFixName("template-operator-misconfigured", "regular") @@ -33,6 +40,21 @@ var _ = Describe("Module Status Decoupling", Ordered, func() { checkModuleStatus(module, moduleCR, kyma, shared.StateReady) + It("And Module Resource is ready", func() { + switch resourceKind { + case DeploymentKind: + Eventually(DeploymentIsReady). + WithContext(ctx). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). + Should(Succeed()) + case StatefulSetKind: + Eventually(StatefulSetIsReady). + WithContext(ctx). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). + Should(Succeed()) + } + }) + It("When Kyma Module is disabled", func() { Eventually(DisableModule). WithContext(ctx). @@ -72,17 +94,25 @@ var _ = Describe("Module Status Decoupling", Ordered, func() { Should(Succeed()) }) - It("Then Module CR, Module Operator Deployment and Manifest CR are removed", func() { + It("Then Module CR, Module Operator Resource and Manifest CR are removed", func() { Eventually(CheckIfExists). WithContext(ctx). WithArguments(TestModuleCRName, RemoteNamespace, "operator.kyma-project.io", "v1alpha1", string(templatev1alpha1.SampleKind), runtimeClient). Should(Equal(ErrNotFound)) - Eventually(DeploymentIsReady). - WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, TestModuleResourceNamespace). - Should(Equal(ErrNotFound)) + switch resourceKind { + case DeploymentKind: + Eventually(DeploymentIsReady). + WithContext(ctx). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). + Should(Equal(ErrNotFound)) + case StatefulSetKind: + Eventually(StatefulSetIsReady). + WithContext(ctx). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). + Should(Equal(ErrNotFound)) + } Eventually(NoManifestExist). WithContext(ctx). @@ -121,10 +151,18 @@ var _ = Describe("Module Status Decoupling", Ordered, func() { "operator.kyma-project.io", "v1alpha1", string(templatev1alpha1.SampleKind), runtimeClient). Should(Equal(ErrNotFound)) - Eventually(DeploymentIsReady). - WithContext(ctx). - WithArguments(runtimeClient, ModuleDeploymentName, TestModuleResourceNamespace). - Should(Equal(ErrNotFound)) + switch resourceKind { + case DeploymentKind: + Eventually(DeploymentIsReady). + WithContext(ctx). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). + Should(Equal(ErrNotFound)) + case StatefulSetKind: + Eventually(StatefulSetIsReady). + WithContext(ctx). + WithArguments(runtimeClient, ModuleResourceName, TestModuleResourceNamespace). + Should(Equal(ErrNotFound)) + } Eventually(NoManifestExist). WithContext(ctx). @@ -138,7 +176,7 @@ var _ = Describe("Module Status Decoupling", Ordered, func() { Should(Succeed()) }) }) -}) +} func checkModuleStatus(module v1beta2.Module, moduleCR *unstructured.Unstructured, kyma *v1beta2.Kyma, expectedState shared.State, diff --git a/tests/e2e/module_status_decoupling_with_deployment_test.go b/tests/e2e/module_status_decoupling_with_deployment_test.go new file mode 100644 index 0000000000..a3c4e62ab8 --- /dev/null +++ b/tests/e2e/module_status_decoupling_with_deployment_test.go @@ -0,0 +1,9 @@ +package e2e_test + +import ( + . "github.com/onsi/ginkgo/v2" +) + +var _ = Describe("Module Status Decoupling With Deployment", Ordered, func() { + RunModuleStatusDecouplingTest(DeploymentKind) +}) diff --git a/tests/e2e/module_status_decoupling_with_statefulset_test.go b/tests/e2e/module_status_decoupling_with_statefulset_test.go new file mode 100644 index 0000000000..77b7bad901 --- /dev/null +++ b/tests/e2e/module_status_decoupling_with_statefulset_test.go @@ -0,0 +1,9 @@ +package e2e_test + +import ( + . "github.com/onsi/ginkgo/v2" +) + +var _ = Describe("Module Status Decoupling With StatefulSet", Ordered, func() { + RunModuleStatusDecouplingTest(StatefulSetKind) +}) diff --git a/tests/integration/controller/manifest/custom_resource_check/suite_test.go b/tests/integration/controller/manifest/custom_resource_check/suite_test.go index 9c1fcdb5c8..dee8ecf02b 100644 --- a/tests/integration/controller/manifest/custom_resource_check/suite_test.go +++ b/tests/integration/controller/manifest/custom_resource_check/suite_test.go @@ -150,7 +150,7 @@ var _ = BeforeSuite(func() { }, ), manifest.WithClientCacheKey(), declarativev2.WithPostRun{manifest.PostRunCreateCR}, declarativev2.WithPreDelete{manifest.PreDeleteDeleteCR}, - declarativev2.WithCustomReadyCheck(manifest.NewDeploymentReadyCheck())) + declarativev2.WithCustomReadyCheck(manifest.NewResourceReadyCheck())) err = ctrl.NewControllerManagedBy(mgr). For(&v1beta2.Manifest{}). diff --git a/tests/integration/controller/manifest/ready_check_test.go b/tests/integration/controller/manifest/ready_check_test.go index 3a406e6b46..454ae16ed3 100644 --- a/tests/integration/controller/manifest/ready_check_test.go +++ b/tests/integration/controller/manifest/ready_check_test.go @@ -76,7 +76,7 @@ var _ = Describe("Manifest readiness check", Ordered, func() { Expect(resources).ToNot(BeEmpty()) By("Executing the CR readiness check") - customReadyCheck := manifest.NewDeploymentReadyCheck() + customReadyCheck := manifest.NewResourceReadyCheck() state, err := customReadyCheck.Run(ctx, testClient, resources) Expect(err).NotTo(HaveOccurred()) Expect(state).To(Equal(shared.StateReady)) From 9cd9406ed16d91cf51a125c16f023038ebb7c377 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 Jul 2024 15:02:04 +0200 Subject: [PATCH 16/26] chore(dependabot): bump github.com/onsi/gomega from 1.33.1 to 1.34.0 (#1723) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.33.1 to 1.34.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.33.1...v1.34.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d7a9b4b03f..c643bb7a57 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/kyma-project/lifecycle-manager/api v0.0.0-00010101000000-000000000000 github.com/kyma-project/runtime-watcher/listener v0.0.0-20240502124257-9d96561ef070 github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 + github.com/onsi/gomega v1.34.0 github.com/open-component-model/ocm v0.11.0 github.com/prometheus/client_golang v1.19.1 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 64035e7e5f..45edb19d7c 100644 --- a/go.sum +++ b/go.sum @@ -701,8 +701,8 @@ github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= +github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= github.com/open-component-model/ocm v0.11.0 h1:m6r6OzNWvd713pwnSKcHAf4nH6wlrdOIRNbAlVCZnt8= github.com/open-component-model/ocm v0.11.0/go.mod h1:VwvVRqaSyw9OPtxmP0jsWOWfAxEBJCP4D7fzSNrI+kA= github.com/open-policy-agent/opa v0.63.0 h1:ztNNste1v8kH0/vJMJNquE45lRvqwrM5mY9Ctr9xIXw= From fe4f97aaf5dcb3f8c0fe4287644392798383650a Mon Sep 17 00:00:00 2001 From: Benjamin Lindner <50365642+lindnerby@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:46:06 +0200 Subject: [PATCH 17/26] deps: Use latest watcher img 1.1.1 (#1726) --- config/watcher/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/watcher/kustomization.yaml b/config/watcher/kustomization.yaml index 3315f6f61d..32d8fb53c9 100644 --- a/config/watcher/kustomization.yaml +++ b/config/watcher/kustomization.yaml @@ -18,7 +18,7 @@ patches: value: --skr-watcher-path=/skr-webhook - op: add path: /spec/template/spec/containers/0/args/- - value: --skr-watcher-image-tag=0.1.1 + value: --skr-watcher-image-tag=1.1.1 - op: add path: /spec/template/spec/containers/0/args/- value: --enable-domain-name-pinning=true From 7d8c619bbe6706aba8ea9d9c212bef9dcef4cb09 Mon Sep 17 00:00:00 2001 From: Benjamin Lindner <50365642+lindnerby@users.noreply.github.com> Date: Mon, 29 Jul 2024 16:02:07 +0200 Subject: [PATCH 18/26] deps: Bump sec-scanners-config KLM img tag to 1.1.1 (#1728) --- sec-scanners-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sec-scanners-config.yaml b/sec-scanners-config.yaml index 973ad4bec0..72b7538cbc 100644 --- a/sec-scanners-config.yaml +++ b/sec-scanners-config.yaml @@ -1,7 +1,7 @@ module-name: lifecycle-manager protecode: - europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:latest - - europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:1.1.0 + - europe-docker.pkg.dev/kyma-project/prod/lifecycle-manager:1.1.1 whitesource: language: golang-mod exclude: From 1451f6628d23c4435a18bcf465091f2c9da33ac9 Mon Sep 17 00:00:00 2001 From: Tomasz Smelcerz Date: Tue, 30 Jul 2024 09:35:42 +0200 Subject: [PATCH 19/26] chore: Add deprecation notes to customStateCheck (#1708) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add deprecation notes * Update docs/technical-reference/api/moduleTemplate-cr.md Co-authored-by: Małgorzata Świeca * Configure API version exclusion * Update docs/technical-reference/api/moduleTemplate-cr.md Co-authored-by: Małgorzata Świeca * review fix --------- Co-authored-by: Małgorzata Świeca --- api-version-compatibility-config.yaml | 2 ++ api/v1beta2/moduletemplate_types.go | 1 + config/crd/bases/operator.kyma-project.io_moduletemplates.yaml | 1 + docs/technical-reference/api/moduleTemplate-cr.md | 2 ++ 4 files changed, 6 insertions(+) diff --git a/api-version-compatibility-config.yaml b/api-version-compatibility-config.yaml index f001448d10..0e8e2ebf50 100644 --- a/api-version-compatibility-config.yaml +++ b/api-version-compatibility-config.yaml @@ -20,3 +20,5 @@ operator.kyma-project.io_moduletemplates.yaml: v1beta1: - .spec.properties.target - .spec.required[]|select(.=="target") + v1beta2: + - .spec.properties.customStateCheck.description diff --git a/api/v1beta2/moduletemplate_types.go b/api/v1beta2/moduletemplate_types.go index 61484361e6..413792f732 100644 --- a/api/v1beta2/moduletemplate_types.go +++ b/api/v1beta2/moduletemplate_types.go @@ -109,6 +109,7 @@ type ModuleTemplateSpec struct { // +kubebuilder:pruning:PreserveUnknownFields Descriptor machineryruntime.RawExtension `json:"descriptor"` + // CustomStateCheck is deprecated. CustomStateCheck []*CustomStateCheck `json:"customStateCheck,omitempty"` } diff --git a/config/crd/bases/operator.kyma-project.io_moduletemplates.yaml b/config/crd/bases/operator.kyma-project.io_moduletemplates.yaml index 94a86d6098..26f275cf81 100644 --- a/config/crd/bases/operator.kyma-project.io_moduletemplates.yaml +++ b/config/crd/bases/operator.kyma-project.io_moduletemplates.yaml @@ -163,6 +163,7 @@ spec: pattern: ^[a-z]+$ type: string customStateCheck: + description: CustomStateCheck is deprecated. items: properties: jsonPath: diff --git a/docs/technical-reference/api/moduleTemplate-cr.md b/docs/technical-reference/api/moduleTemplate-cr.md index 1ccefaeaa4..042b3363e4 100644 --- a/docs/technical-reference/api/moduleTemplate-cr.md +++ b/docs/technical-reference/api/moduleTemplate-cr.md @@ -49,6 +49,8 @@ If not specified, the **namespace** of the resource mentioned in **.spec.data** ### **.spec.customStateCheck** +> **CAUTION:** This field was deprecated at the end of July 2024 and will be deleted in the next ModuleTemplate API version. As of the deletion day, you can define the custom state only in a module's custom resource. + The `.spec.customStateCheck` field in Kyma Lifecycle Manager is primarily designed for third-party modules. For non-Kyma modules, the `status.state` might not be present, which the Lifecycle Manager relies on to determine the module state. This field enables users to define custom fields in the module Custom Resource (CR) that can be mapped to valid states supported by Lifecycle Manager. Imagine a scenario where a module's health is indicated by `status.health` in its CR. In such cases, users can employ the customStateCheck configuration to map the health states to Lifecycle Manager states. From 0294a70fc31c2111e2f2bb92f324cf10b1b64262 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 09:23:24 +0200 Subject: [PATCH 20/26] chore(dependabot): bump github.com/onsi/gomega from 1.34.0 to 1.34.1 (#1729) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.34.0 to 1.34.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.34.0...v1.34.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 32 ++++++++++++++++---------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index c643bb7a57..d83b8bb447 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/kyma-project/lifecycle-manager/api v0.0.0-00010101000000-000000000000 github.com/kyma-project/runtime-watcher/listener v0.0.0-20240502124257-9d96561ef070 github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.34.0 + github.com/onsi/gomega v1.34.1 github.com/open-component-model/ocm v0.11.0 github.com/prometheus/client_golang v1.19.1 github.com/stretchr/testify v1.9.0 @@ -297,15 +297,15 @@ require ( go.step.sm/crypto v0.44.2 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.26.0 // indirect + golang.org/x/crypto v0.25.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/mod v0.19.0 // indirect + golang.org/x/net v0.27.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect + golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.181.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect diff --git a/go.sum b/go.sum index 45edb19d7c..fa184c3cef 100644 --- a/go.sum +++ b/go.sum @@ -701,8 +701,8 @@ github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= -github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= -github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/open-component-model/ocm v0.11.0 h1:m6r6OzNWvd713pwnSKcHAf4nH6wlrdOIRNbAlVCZnt8= github.com/open-component-model/ocm v0.11.0/go.mod h1:VwvVRqaSyw9OPtxmP0jsWOWfAxEBJCP4D7fzSNrI+kA= github.com/open-policy-agent/opa v0.63.0 h1:ztNNste1v8kH0/vJMJNquE45lRvqwrM5mY9Ctr9xIXw= @@ -992,11 +992,11 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= -golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -1005,8 +1005,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1035,8 +1035,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -1086,8 +1086,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1097,8 +1097,8 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -1128,8 +1128,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 6f9e1fb271d969ec3ed7139b4e89eb51d6c2d598 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jul 2024 11:59:24 +0200 Subject: [PATCH 21/26] chore(dependabot): bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 (#1727) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.19.0 to 2.19.1. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.19.0...v2.19.1) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d83b8bb447..34938a8594 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/jellydator/ttlcache/v3 v3.2.0 github.com/kyma-project/lifecycle-manager/api v0.0.0-00010101000000-000000000000 github.com/kyma-project/runtime-watcher/listener v0.0.0-20240502124257-9d96561ef070 - github.com/onsi/ginkgo/v2 v2.19.0 + github.com/onsi/ginkgo/v2 v2.19.1 github.com/onsi/gomega v1.34.1 github.com/open-component-model/ocm v0.11.0 github.com/prometheus/client_golang v1.19.1 diff --git a/go.sum b/go.sum index fa184c3cef..c450e1a02b 100644 --- a/go.sum +++ b/go.sum @@ -694,8 +694,8 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= +github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= From f7d3024a2453859354ee02acb6174d59bc842bf2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 09:13:25 +0200 Subject: [PATCH 22/26] chore(dependabot): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible in the go_modules group (#1731) chore(dependabot): bump github.com/docker/docker in the go_modules group Bumps the go_modules group with 1 update: [github.com/docker/docker](https://github.com/docker/docker). Updates `github.com/docker/docker` from 26.1.3+incompatible to 26.1.4+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.3...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 34938a8594..d0c55ae2cb 100644 --- a/go.mod +++ b/go.mod @@ -130,7 +130,7 @@ require ( github.com/distribution/reference v0.6.0 // indirect github.com/docker/cli v26.1.3+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v26.1.3+incompatible // indirect + github.com/docker/docker v26.1.4+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.1 // indirect github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect github.com/docker/go-connections v0.5.0 // indirect diff --git a/go.sum b/go.sum index c450e1a02b..0ab1dc8b91 100644 --- a/go.sum +++ b/go.sum @@ -297,8 +297,8 @@ github.com/docker/cli v26.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvM github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo= -github.com/docker/docker v26.1.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= +github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= From 4126788fae7f5229cad25df8d790180f0aa69500 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 09:45:24 +0200 Subject: [PATCH 23/26] chore(dependabot): bump github.com/cert-manager/cert-manager from 1.15.1 to 1.15.2 (#1730) chore(dependabot): bump github.com/cert-manager/cert-manager Bumps [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) from 1.15.1 to 1.15.2. - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Changelog](https://github.com/cert-manager/cert-manager/blob/master/RELEASE.md) - [Commits](https://github.com/cert-manager/cert-manager/compare/v1.15.1...v1.15.2) --- updated-dependencies: - dependency-name: github.com/cert-manager/cert-manager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tomasz Smelcerz --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d0c55ae2cb..046381ae0a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ replace github.com/kyma-project/lifecycle-manager/api => ./api require ( github.com/Masterminds/semver/v3 v3.2.1 - github.com/cert-manager/cert-manager v1.15.1 + github.com/cert-manager/cert-manager v1.15.2 github.com/go-logr/logr v1.4.2 github.com/go-logr/zapr v1.3.0 github.com/golang/mock v1.6.0 diff --git a/go.sum b/go.sum index 0ab1dc8b91..c7ddfb4a81 100644 --- a/go.sum +++ b/go.sum @@ -213,8 +213,8 @@ github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4r github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cert-manager/cert-manager v1.15.1 h1:HSG4k2GlJ2YgTLkZfQzrArNaQpM9+ehDDg550IxAD94= -github.com/cert-manager/cert-manager v1.15.1/go.mod h1:p98JoGv3J9JhdKU9ngsj2EhWGI6/GlU7kpjWu5lf2js= +github.com/cert-manager/cert-manager v1.15.2 h1:Mjbvc+FjYeg2928xy7bcS+c+ARxyqBcXM9QypOg1/Uo= +github.com/cert-manager/cert-manager v1.15.2/go.mod h1:stBge/DTvrhfQMB/93+Y62s+gQgZBsfL1o0C/4AL/mI= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= From c42f9a42f79a179afdcdc275f68b3ccb3d12f9a9 Mon Sep 17 00:00:00 2001 From: Nesma Badr Date: Thu, 1 Aug 2024 14:21:27 +0200 Subject: [PATCH 24/26] chore: Limit access for remote and istio namespaces (#1722) * Limit access for remote and istio namespaces * Adjust E2E test * Empty-Commit * Change ClusterRole to Role * Review comments --- .../istio_namespace_role.yaml | 34 +++++++++++ .../istio_namespace_role_binding.yaml | 12 ++++ .../namespace_bindings/kustomization.yaml | 4 ++ .../remote_namespace_role.yaml | 42 ++++++++++++++ .../remote_namespace_role_binding.yaml | 12 ++++ .../rbac/namespace_bindings/role_binding.yaml | 26 --------- internal/cache_options.go | 5 +- tests/e2e/rbac_privileges_test.go | 58 ++++++++++++++++--- 8 files changed, 156 insertions(+), 37 deletions(-) create mode 100644 config/rbac/namespace_bindings/istio_namespace_role.yaml create mode 100644 config/rbac/namespace_bindings/istio_namespace_role_binding.yaml create mode 100644 config/rbac/namespace_bindings/remote_namespace_role.yaml create mode 100644 config/rbac/namespace_bindings/remote_namespace_role_binding.yaml diff --git a/config/rbac/namespace_bindings/istio_namespace_role.yaml b/config/rbac/namespace_bindings/istio_namespace_role.yaml new file mode 100644 index 0000000000..88a81257d1 --- /dev/null +++ b/config/rbac/namespace_bindings/istio_namespace_role.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manager-role-istio-namespace + namespace: istio-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - create + - delete +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - patch + - list + - watch + - get + - create + - delete +- apiGroups: + - cert-manager.io + resources: + - issuers + verbs: + - list + - watch diff --git a/config/rbac/namespace_bindings/istio_namespace_role_binding.yaml b/config/rbac/namespace_bindings/istio_namespace_role_binding.yaml new file mode 100644 index 0000000000..0f5dd49c78 --- /dev/null +++ b/config/rbac/namespace_bindings/istio_namespace_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manager-rolebinding-istio-namespace + namespace: istio-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manager-role-istio-namespace +subjects: + - kind: ServiceAccount + name: controller-manager \ No newline at end of file diff --git a/config/rbac/namespace_bindings/kustomization.yaml b/config/rbac/namespace_bindings/kustomization.yaml index 757f2366c3..cc9a059035 100644 --- a/config/rbac/namespace_bindings/kustomization.yaml +++ b/config/rbac/namespace_bindings/kustomization.yaml @@ -14,3 +14,7 @@ resources: - metrics_role_binding.yaml # Comment the following to disable manifest integration - manifest_role_binding.yaml + - istio_namespace_role.yaml + - remote_namespace_role.yaml + - istio_namespace_role_binding.yaml + - remote_namespace_role_binding.yaml \ No newline at end of file diff --git a/config/rbac/namespace_bindings/remote_namespace_role.yaml b/config/rbac/namespace_bindings/remote_namespace_role.yaml new file mode 100644 index 0000000000..4c8e2cc1fc --- /dev/null +++ b/config/rbac/namespace_bindings/remote_namespace_role.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: manager-role-remote-namespace + namespace: kyma-system +rules: +- apiGroups: + - operator.kyma-project.io + resources: + - kymas + verbs: + - list + - watch + - delete + - get + - create + - patch + - update +- apiGroups: + - operator.kyma-project.io + resources: + - kymas/finalizers + verbs: + - update +- apiGroups: + - operator.kyma-project.io + resources: + - kymas/status + verbs: + - get + - patch + - update + - watch +- apiGroups: + - operator.kyma-project.io + resources: + - moduletemplates + verbs: + - list + - watch + - delete \ No newline at end of file diff --git a/config/rbac/namespace_bindings/remote_namespace_role_binding.yaml b/config/rbac/namespace_bindings/remote_namespace_role_binding.yaml new file mode 100644 index 0000000000..23c42d6610 --- /dev/null +++ b/config/rbac/namespace_bindings/remote_namespace_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: manager-rolebinding-remote-namespace + namespace: kyma-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: manager-role-remote-namespace +subjects: + - kind: ServiceAccount + name: controller-manager \ No newline at end of file diff --git a/config/rbac/namespace_bindings/role_binding.yaml b/config/rbac/namespace_bindings/role_binding.yaml index d9a1c2a6e4..027614187b 100644 --- a/config/rbac/namespace_bindings/role_binding.yaml +++ b/config/rbac/namespace_bindings/role_binding.yaml @@ -6,32 +6,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: manager-role -subjects: - - kind: ServiceAccount - name: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: manager-rolebinding-kyma-system - namespace: kyma-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: - - kind: ServiceAccount - name: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: manager-rolebinding-istio-system - namespace: istio-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role subjects: - kind: ServiceAccount name: controller-manager \ No newline at end of file diff --git a/internal/cache_options.go b/internal/cache_options.go index efc47b5e81..ab9ac7559f 100644 --- a/internal/cache_options.go +++ b/internal/cache_options.go @@ -41,9 +41,8 @@ func (c *KcpCacheOptions) GetCacheOptions() cache.Options { &apicorev1.Secret{}: { Label: k8slabels.Everything(), Namespaces: map[string]cache.Config{ - c.kcpNamespace: {}, - c.istioNamespace: {}, - c.remoteNamespace: {}, + c.kcpNamespace: {}, + c.istioNamespace: {}, }, }, &v1beta2.Kyma{}: { diff --git a/tests/e2e/rbac_privileges_test.go b/tests/e2e/rbac_privileges_test.go index 6e05fa669a..efb4709312 100644 --- a/tests/e2e/rbac_privileges_test.go +++ b/tests/e2e/rbac_privileges_test.go @@ -1,9 +1,10 @@ package e2e_test import ( + apirbacv1 "k8s.io/api/rbac/v1" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - apirbacv1 "k8s.io/api/rbac/v1" . "github.com/kyma-project/lifecycle-manager/pkg/testutils" ) @@ -30,7 +31,7 @@ var _ = Describe("RBAC Privileges", func() { Expect(GetClusterRoleBindingPolicyRules(ctx, controlPlaneClient, "klm-manager-role-crd", klmClusterRoleBindings)).To(Equal(crdRoleRules)) - By("And KLM Service Account has the correct RoleBindings in kcp-system namespaces") + By("And KLM Service Account has the correct RoleBindings in kcp-system namespace") kcpSystemKlmRoleBindings, err := ListKlmRoleBindings(controlPlaneClient, ctx, "klm-controller-manager", "kcp-system") Expect(err).ToNot(HaveOccurred()) @@ -171,23 +172,64 @@ var _ = Describe("RBAC Privileges", func() { Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient, "klm-manager-role-manifest", kcpSystemKlmRoleBindings)).To(Equal(manifestRoleRules)) - By("And KLM Service Account has the correct RoleBindings in istio-system namespaces") + By("And KLM Service Account has the correct RoleBindings in istio-system namespace") + istioNamespaceRoleRules := []apirbacv1.PolicyRule{ + { + APIGroups: []string{""}, + Resources: []string{"secrets"}, + Verbs: []string{"list", "watch", "create", "delete"}, + }, + { + APIGroups: []string{"cert-manager.io"}, + Resources: []string{"certificates"}, + Verbs: []string{"patch", "list", "watch", "get", "create", "delete"}, + }, + { + APIGroups: []string{"cert-manager.io"}, + Resources: []string{"issuers"}, + Verbs: []string{"list", "watch"}, + }, + } istioSystemKlmRoleBindings, err := ListKlmRoleBindings(controlPlaneClient, ctx, "klm-controller-manager", "istio-system") Expect(err).ToNot(HaveOccurred()) Expect(istioSystemKlmRoleBindings.Items).To(HaveLen(1)) - Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient, "klm-manager-role", - istioSystemKlmRoleBindings)).To(Equal(klmManagerRoleRules)) + Expect(GetRoleBindingRolePolicyRules(ctx, controlPlaneClient, "klm-manager-role-istio-namespace", + "istio-system", + istioSystemKlmRoleBindings)).To(Equal(istioNamespaceRoleRules)) - By("And KLM Service Account has the correct RoleBindings in kyma-system namespaces") + By("And KLM Service Account has the correct RoleBindings in kyma-system namespace") + remoteNamespaceRoleRules := []apirbacv1.PolicyRule{ + { + APIGroups: []string{"operator.kyma-project.io"}, + Resources: []string{"kymas"}, + Verbs: []string{"list", "watch", "delete", "get", "create", "patch", "update"}, + }, + { + APIGroups: []string{"operator.kyma-project.io"}, + Resources: []string{"kymas/finalizers"}, + Verbs: []string{"update"}, + }, + { + APIGroups: []string{"operator.kyma-project.io"}, + Resources: []string{"kymas/status"}, + Verbs: []string{"get", "patch", "update", "watch"}, + }, + { + APIGroups: []string{"operator.kyma-project.io"}, + Resources: []string{"moduletemplates"}, + Verbs: []string{"list", "watch", "delete"}, + }, + } kymaSystemKlmRoleBindings, err := ListKlmRoleBindings(controlPlaneClient, ctx, "klm-controller-manager", "kyma-system") Expect(err).ToNot(HaveOccurred()) Expect(kymaSystemKlmRoleBindings.Items).To(HaveLen(2)) - Expect(GetRoleBindingwithClusterRolePolicyRules(ctx, controlPlaneClient, "klm-manager-role", - kymaSystemKlmRoleBindings)).To(Equal(klmManagerRoleRules)) + Expect(GetRoleBindingRolePolicyRules(ctx, controlPlaneClient, + "klm-manager-role-remote-namespace", "kyma-system", + kymaSystemKlmRoleBindings)).To(Equal(remoteNamespaceRoleRules)) metricsReaderRoleRules := []apirbacv1.PolicyRule{ { From d42bf078da03c0984e47693afbce0626512fc72a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 17:01:26 +0200 Subject: [PATCH 25/26] chore(dependabot): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible in /api in the go_modules group (#1732) chore(dependabot): bump github.com/docker/docker Bumps the go_modules group in /api with 1 update: [github.com/docker/docker](https://github.com/docker/docker). Updates `github.com/docker/docker` from 26.1.3+incompatible to 26.1.4+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.3...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tomasz Smelcerz --- api/go.mod | 2 +- api/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api/go.mod b/api/go.mod index 250ed799eb..5889d6f04d 100644 --- a/api/go.mod +++ b/api/go.mod @@ -77,7 +77,7 @@ require ( github.com/distribution/reference v0.6.0 // indirect github.com/docker/cli v26.1.3+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v26.1.3+incompatible // indirect + github.com/docker/docker v26.1.4+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.1 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect diff --git a/api/go.sum b/api/go.sum index a1d22d3099..26a226b518 100644 --- a/api/go.sum +++ b/api/go.sum @@ -262,8 +262,8 @@ github.com/docker/cli v26.1.3+incompatible h1:bUpXT/N0kDE3VUHI2r5VMsYQgi38kYuoC0 github.com/docker/cli v26.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.3+incompatible h1:lLCzRbrVZrljpVNobJu1J2FHk8V0s4BawoZippkc+xo= -github.com/docker/docker v26.1.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= +github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= From c657c61490c6790068d96d3ce17b31ba1ee70623 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 12:55:26 +0200 Subject: [PATCH 26/26] chore(dependabot): bump github.com/open-component-model/ocm from 0.11.0 to 0.12.0 in /api (#1705) * chore(dependabot): bump github.com/open-component-model/ocm in /api Bumps [github.com/open-component-model/ocm](https://github.com/open-component-model/ocm) from 0.11.0 to 0.12.0. - [Release notes](https://github.com/open-component-model/ocm/releases) - [Changelog](https://github.com/open-component-model/ocm/blob/main/.goreleaser.yaml) - [Commits](https://github.com/open-component-model/ocm/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: github.com/open-component-model/ocm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * bump ocm in lifecycle-manager --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tomasz Smelcerz --- api/go.mod | 59 +++++++++---------- api/go.sum | 164 ++++++++++++++++++++++++++++++++--------------------- go.mod | 53 ++++++++--------- go.sum | 108 +++++++++++++++++------------------ 4 files changed, 211 insertions(+), 173 deletions(-) diff --git a/api/go.mod b/api/go.mod index 5889d6f04d..436fab8915 100644 --- a/api/go.mod +++ b/api/go.mod @@ -4,7 +4,7 @@ go 1.22.4 require ( github.com/Masterminds/semver/v3 v3.2.1 - github.com/open-component-model/ocm v0.11.0 + github.com/open-component-model/ocm v0.12.0 k8s.io/apimachinery v0.30.3 sigs.k8s.io/controller-runtime v0.18.4 ) @@ -39,20 +39,20 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/aliyun/credentials-go v1.3.1 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2 v1.27.0 // indirect - github.com/aws/aws-sdk-go-v2/config v1.27.16 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.16 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 // indirect + github.com/aws/aws-sdk-go-v2 v1.30.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.21 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.21 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3 // indirect + github.com/aws/aws-sdk-go-v2/service/ecr v1.29.1 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.9 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 // indirect github.com/aws/smithy-go v1.20.2 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -65,7 +65,8 @@ require ( github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect - github.com/containerd/containerd v1.7.17 // indirect + github.com/containerd/containerd v1.7.18 // indirect + github.com/containerd/errdefs v0.1.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect github.com/coreos/go-oidc/v3 v3.10.0 // indirect @@ -75,9 +76,9 @@ require ( github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v26.1.3+incompatible // indirect + github.com/docker/cli v27.0.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v26.1.4+incompatible // indirect + github.com/docker/docker v27.0.1+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.1 // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect @@ -132,14 +133,14 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.8 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mandelsoft/filepath v0.0.0-20240223090642-3e2777258aa3 // indirect - github.com/mandelsoft/goutils v0.0.0-20240605100619-84d61423f421 // indirect - github.com/mandelsoft/logging v0.0.0-20240201091719-67180059d6bf // indirect + github.com/mandelsoft/goutils v0.0.0-20240623134558-383cb09dec16 // indirect + github.com/mandelsoft/logging v0.0.0-20240618075559-fdca28a87b0a // indirect github.com/mandelsoft/spiff v1.7.0-beta-5 // indirect github.com/mandelsoft/vfs v0.4.3 // indirect github.com/marstr/guid v1.1.0 // indirect @@ -213,15 +214,15 @@ require ( go.step.sm/crypto v0.44.2 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/mod v0.18.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.172.0 // indirect @@ -233,10 +234,10 @@ require ( gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - helm.sh/helm/v3 v3.15.1 // indirect - k8s.io/api v0.30.1 // indirect - k8s.io/apiextensions-apiserver v0.30.1 // indirect - k8s.io/client-go v0.30.1 // indirect + helm.sh/helm/v3 v3.15.2 // indirect + k8s.io/api v0.30.2 // indirect + k8s.io/apiextensions-apiserver v0.30.2 // indirect + k8s.io/client-go v0.30.2 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect diff --git a/api/go.sum b/api/go.sum index 26a226b518..7af116a921 100644 --- a/api/go.sum +++ b/api/go.sum @@ -127,38 +127,38 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W github.com/aws/aws-sdk-go v1.51.6 h1:Ld36dn9r7P9IjU8WZSaswQ8Y/XUCRpewim5980DwYiU= github.com/aws/aws-sdk-go v1.51.6/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= -github.com/aws/aws-sdk-go-v2 v1.27.0 h1:7bZWKoXhzI+mMR/HjdMx8ZCC5+6fY0lS5tr0bbgiLlo= -github.com/aws/aws-sdk-go-v2 v1.27.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/config v1.27.16 h1:knpCuH7laFVGYTNd99Ns5t+8PuRjDn4HnnZK48csipM= -github.com/aws/aws-sdk-go-v2/config v1.27.16/go.mod h1:vutqgRhDUktwSge3hrC3nkuirzkJ4E/mLj5GvI0BQas= -github.com/aws/aws-sdk-go-v2/credentials v1.17.16 h1:7d2QxY83uYl0l58ceyiSpxg9bSbStqBC6BeEeHEchwo= -github.com/aws/aws-sdk-go-v2/credentials v1.17.16/go.mod h1:Ae6li/6Yc6eMzysRL2BXlPYvnrLLBg3D11/AmOjw50k= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 h1:dQLK4TjtnlRGb0czOht2CevZ5l6RSyRWAnKeGd7VAFE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3/go.mod h1:TL79f2P6+8Q7dTsILpiVST+AL9lkF6PPGI167Ny0Cjw= +github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA= +github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM= +github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw= +github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 h1:lf/8VTF2cM+N4SLzaYJERKEWAXq8MOMpZfU6wEPWsPk= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7/go.mod h1:4SjkU7QiqK2M9oozyMzfZ/23LmUY+h3oFqhdeP5OMiI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 h1:4OYVp0705xu8yjdyoWix0r9wPIRXnIzzOoUpQVHIJ/g= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7/go.mod h1:vd7ESTEvI76T2Na050gODNmNU7+OyKrIKroYTu4ABiI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3 h1:NsP8PA4Kw1sA6UKl3ZFRIcA9dWomePbmoRIvfOl+HKs= -github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3/go.mod h1:X52zjAVRaXklEU1TE/wO8kyyJSr9cJx9ZsqliWbyRys= +github.com/aws/aws-sdk-go-v2/service/ecr v1.29.1 h1:ywNLJrn/Qn4enDsz/XnKlvpnLqvJxFGQV2BltWltbis= +github.com/aws/aws-sdk-go-v2/service/ecr v1.29.1/go.mod h1:WadVIk+UrTvWuAsCp6BKGX4i2snurpz8mPWhJQnS7Dg= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 h1:Wx0rlZoEJR7JwlSZcHnEa7CNjrSIyVxMFWGAaXy4fJY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9/go.mod h1:aVMHdE0aHO3v+f/iw01fmXV/5DbfQ3Bi9nN7nd9bE9Y= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI= github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 h1:yS0JkEdV6h9JOo8sy2JSpjX+i7vsKifU8SIeHrqiDhU= github.com/aws/aws-sdk-go-v2/service/kms v1.30.0/go.mod h1:+I8VUUSVD4p5ISQtzpgSva4I8cJ4SQ4b1dcBcof7O+g= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.9 h1:aD7AGQhvPuAxlSUfo0CWU7s6FpkbyykMhGYMvlqTjVs= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.9/go.mod h1:c1qtZUWtygI6ZdvKppzCSXsDOq5I4luJPZ0Ud3juFCA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3 h1:Pav5q3cA260Zqez42T9UhIlsd9QeypszRPwC9LdSSsQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3/go.mod h1:9lmoVDVLz/yUZwLaQ676TK02fhCu4+PgRSmMaKR1ozk= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.10 h1:69tpbPED7jKPyzMcrwSvhWcJ9bPnZsZs18NT40JwM0g= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.10/go.mod h1:0Aqn1MnEuitqfsCNyKsdKLhDUOr4txD/g19EfiUqgws= +github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4= +github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4= +github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0= +github.com/aws/aws-sdk-go-v2/service/sts v1.29.1/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE= github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= @@ -170,6 +170,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng= @@ -201,6 +203,8 @@ github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME= github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/cfssl v1.6.5 h1:46zpNkm6dlNkMZH/wMW22ejih6gIaJbzL2du6vD7ZeI= +github.com/cloudflare/cfssl v1.6.5/go.mod h1:Bk1si7sq8h2+yVEDrFJiz3d7Aw+pfjjJSZVaD+Taky4= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= @@ -216,8 +220,8 @@ github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= -github.com/containerd/containerd v1.7.17 h1:KjNnn0+tAVQHAoaWRjmdak9WlvnFR/8rU1CHHy8Rm2A= -github.com/containerd/containerd v1.7.17/go.mod h1:vK+hhT4TIv2uejlcDlbVIc8+h/BqtKLIyNrtCZol8lI= +github.com/containerd/containerd v1.7.18 h1:jqjZTQNfXGoEaZdW1WwPU0RqSn1Bm2Ay/KJPUuO8nao= +github.com/containerd/containerd v1.7.18/go.mod h1:IYEk9/IO6wAPUz2bCMVUbsfXjzw5UNP5fLz4PsUygQ4= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= @@ -226,8 +230,8 @@ github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= -github.com/containers/image/v5 v5.31.0 h1:eDFVlz5XaYICxe9dXpf23htEKvyosgkl62mJlIATXE4= -github.com/containers/image/v5 v5.31.0/go.mod h1:5QfOqSackPkSbF7Qxc1DnVNnPJKQ+KWLkfEfDpK590Q= +github.com/containers/image/v5 v5.31.1 h1:3x9soI6Biml/GiDLpkSmKrkRSwVGctxu/vONpoUdklA= +github.com/containers/image/v5 v5.31.1/go.mod h1:5QfOqSackPkSbF7Qxc1DnVNnPJKQ+KWLkfEfDpK590Q= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.1.10 h1:r7UR6o8+lyhkEywetubUUgcKFjOWOaWz8cEBrCPX0ic= @@ -239,6 +243,8 @@ github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlS github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM= github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= +github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= +github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -258,12 +264,12 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v26.1.3+incompatible h1:bUpXT/N0kDE3VUHI2r5VMsYQgi38kYuoC0oL9yt3lqc= -github.com/docker/cli v26.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.0.1+incompatible h1:d/OrlblkOTkhJ1IaAGD1bLgUBtFQC/oP0VjkFMIN+B0= +github.com/docker/cli v27.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= -github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.0.1+incompatible h1:AbszR+lCnR3f297p/g0arbQoyhAkImxQOR/XO9YZeIg= +github.com/docker/docker v27.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= @@ -294,8 +300,8 @@ github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= @@ -313,6 +319,8 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= +github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk= +github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= @@ -398,6 +406,8 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws= github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE= +github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= +github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/certificate-transparency-go v1.1.8 h1:LGYKkgZF7satzgTak9R4yzfJXEeYVAjV6/EAEJOf1to= github.com/google/certificate-transparency-go v1.1.8/go.mod h1:bV/o8r0TBKRf1X//iiiSgWrvII4d7/8OiA+3vG26gI8= github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU= @@ -428,6 +438,8 @@ github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQN github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w= github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcgTJZStM= github.com/google/trillian v1.6.0 h1:jMBeDBIkINFvS2n6oV5maDqfRlxREAc6CW9QYWQ0qT4= @@ -448,6 +460,8 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gowebpki/jcs v1.0.1 h1:Qjzg8EOkrOTuWP7DqQ1FbYtcpEbeTzUoTN9bptp8FOU= github.com/gowebpki/jcs v1.0.1/go.mod h1:CID1cNZ+sHp1CCpAR8mPf6QRtagFBgPJE0FCUQ6+BrI= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= @@ -508,8 +522,8 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= -github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -524,16 +538,18 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 h1:WGrKdjHtWC67RX96eTkYD2f53NDHhrq/7robWTAfk4s= github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491/go.mod h1:o158RFmdEbYyIZmXAbrvmJWesbyxlLKee6X64VPVuOc= +github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= +github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mandelsoft/filepath v0.0.0-20240223090642-3e2777258aa3 h1:oo9nIgnyiBgYPbcZslRT4y29siuL5EoNJ/t1tr0xEVQ= github.com/mandelsoft/filepath v0.0.0-20240223090642-3e2777258aa3/go.mod h1:LxhqC7khDoRENwooP6f/vWvia9ivj6TqLYrR39zqkN0= -github.com/mandelsoft/goutils v0.0.0-20240605100619-84d61423f421 h1:AdG9KVK4wloCoxotPRmaPgI01P+4N9tWpIT1W0QwsJU= -github.com/mandelsoft/goutils v0.0.0-20240605100619-84d61423f421/go.mod h1:EbNqk9JceSMq7MJuALB/vlOpoD4MAGE0TenM9TR+C0o= -github.com/mandelsoft/logging v0.0.0-20240201091719-67180059d6bf h1:WEmgzeArDbp6Aw34jmziMIE5ygo2zpl/atXRq3D7lSw= -github.com/mandelsoft/logging v0.0.0-20240201091719-67180059d6bf/go.mod h1:uO460C1lIB3IOOgrbXhAlz3AKsOv4T2K6ALBn3PwuSg= +github.com/mandelsoft/goutils v0.0.0-20240623134558-383cb09dec16 h1:7tcgfj+QZSfABuZKc9PrgQj1U+A7MsRySCG4ZG5JvLg= +github.com/mandelsoft/goutils v0.0.0-20240623134558-383cb09dec16/go.mod h1:9TJgkwSY43RWHiIAAz7fL8SEIHf0L13Pk4w8fDIt+i4= +github.com/mandelsoft/logging v0.0.0-20240618075559-fdca28a87b0a h1:MAvh0gbP2uwKmf7wWCkYCzrYa6vPjBvYeGhoUlVHwtI= +github.com/mandelsoft/logging v0.0.0-20240618075559-fdca28a87b0a/go.mod h1:uO460C1lIB3IOOgrbXhAlz3AKsOv4T2K6ALBn3PwuSg= github.com/mandelsoft/spiff v1.7.0-beta-5 h1:3kC10nTviDQhL8diSxp7i4IC2iSiDg6KPbH1CAq7Lfw= github.com/mandelsoft/spiff v1.7.0-beta-5/go.mod h1:TwEeOPuRZxlzQBCLEyVTlHmBSruSGGNdiQ2fovVJ8ao= github.com/mandelsoft/vfs v0.4.3 h1:2UMrxQkMXkcHyuqSFhgFDupQ1fmqpKLZuu04DOHx1PA= @@ -550,12 +566,16 @@ github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60 github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= @@ -573,6 +593,8 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= +github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Olw+G07u1hCq1EOVCDZZjCIBI= github.com/mozillazg/docker-credential-acr-helper v0.3.0/go.mod h1:cZlu3tof523ujmLuiNUb6JsjtHcNA70u1jitrrdnuyA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= @@ -602,8 +624,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= -github.com/open-component-model/ocm v0.11.0 h1:m6r6OzNWvd713pwnSKcHAf4nH6wlrdOIRNbAlVCZnt8= -github.com/open-component-model/ocm v0.11.0/go.mod h1:VwvVRqaSyw9OPtxmP0jsWOWfAxEBJCP4D7fzSNrI+kA= +github.com/open-component-model/ocm v0.12.0 h1:FVTkpw04qjH+ojpz4PrANRVvE3pZNLg8W7BF2BCe9nI= +github.com/open-component-model/ocm v0.12.0/go.mod h1:l1vln+WpEJ/RJPl+ADHYJtzCVh4+jDZUTJMe1ZKcUc4= github.com/open-policy-agent/opa v0.63.0 h1:ztNNste1v8kH0/vJMJNquE45lRvqwrM5mY9Ctr9xIXw= github.com/open-policy-agent/opa v0.63.0/go.mod h1:9VQPqEfoB2N//AToTxzZ1pVTVPUoF2Mhd64szzjWPpU= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -618,6 +640,8 @@ github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3v github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM= github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs= +github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= @@ -772,6 +796,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= +github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ= @@ -824,6 +850,8 @@ go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1 go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I= go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= +go.starlark.net v0.0.0-20231121155337-90ade8b19d09 h1:hzy3LFnSN8kuQK8h9tHl4ndF6UruMj47OqwqsS+/Ai4= +go.starlark.net v0.0.0-20231121155337-90ade8b19d09/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM= go.step.sm/crypto v0.44.2 h1:t3p3uQ7raP2jp2ha9P6xkQF85TJZh+87xmjSLaib+jk= go.step.sm/crypto v0.44.2/go.mod h1:x1439EnFhadzhkuaGX7sz03LEMQ+jV4gRamf5LCZJQQ= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -847,8 +875,8 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= @@ -859,8 +887,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= +golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -888,11 +916,11 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -934,8 +962,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -944,8 +972,8 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -957,8 +985,8 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -974,8 +1002,8 @@ golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1022,6 +1050,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= @@ -1044,18 +1074,20 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.15.1 h1:22ztacHz4gMqhXNqCQ9NAg6BFWoRUryNLvnkz6OVyw0= -helm.sh/helm/v3 v3.15.1/go.mod h1:fvfoRcB8UKRUV5jrIfOTaN/pG1TPhuqSb56fjYdTKXg= +helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= +helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= -k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= -k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= -k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= +k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= +k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= -k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE= +k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= @@ -1068,6 +1100,10 @@ sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHv sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/kustomize/api v0.17.1 h1:MYJBOP/yQ3/5tp4/sf6HiiMfNNyO97LmtnirH9SLNr4= +sigs.k8s.io/kustomize/api v0.17.1/go.mod h1:ffn5491s2EiNrJSmgqcWGzQUVhc/pB0OKNI0HsT/0tA= +sigs.k8s.io/kustomize/kyaml v0.17.0 h1:G2bWs03V9Ur2PinHLzTUJ8Ded+30SzXZKiO92SRDs3c= +sigs.k8s.io/kustomize/kyaml v0.17.0/go.mod h1:6lxkYF1Cv9Ic8g/N7I86cvxNc5iinUo/P2vKsHNmpyE= sigs.k8s.io/release-utils v0.7.7 h1:JKDOvhCk6zW8ipEOkpTGDH/mW3TI+XqtPp16aaQ79FU= sigs.k8s.io/release-utils v0.7.7/go.mod h1:iU7DGVNi3umZJ8q6aHyUFzsDUIaYwNnNKGHo3YE5E3s= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/go.mod b/go.mod index 046381ae0a..c3f8e3de86 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/kyma-project/runtime-watcher/listener v0.0.0-20240502124257-9d96561ef070 github.com/onsi/ginkgo/v2 v2.19.1 github.com/onsi/gomega v1.34.1 - github.com/open-component-model/ocm v0.11.0 + github.com/open-component-model/ocm v0.12.0 github.com/prometheus/client_golang v1.19.1 github.com/stretchr/testify v1.9.0 go.uber.org/zap v1.27.0 @@ -78,26 +78,26 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/aliyun/credentials-go v1.3.1 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2 v1.27.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.30.0 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect - github.com/aws/aws-sdk-go-v2/config v1.27.16 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.16 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.21 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.21 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.7 // indirect - github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 // indirect + github.com/aws/aws-sdk-go-v2/service/ecr v1.29.1 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.9 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.7 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.54.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.9 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.10 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 // indirect github.com/aws/smithy-go v1.20.2 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -113,10 +113,11 @@ require ( github.com/cloudflare/cfssl v1.6.5 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect - github.com/containerd/containerd v1.7.17 // indirect + github.com/containerd/containerd v1.7.18 // indirect + github.com/containerd/errdefs v0.1.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect - github.com/containers/image/v5 v5.31.0 // indirect + github.com/containers/image/v5 v5.31.1 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect github.com/containers/ocicrypt v1.1.10 // indirect github.com/containers/storage v1.54.0 // indirect @@ -128,9 +129,9 @@ require ( github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v26.1.3+incompatible // indirect + github.com/docker/cli v27.0.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker v26.1.4+incompatible // indirect + github.com/docker/docker v27.0.1+incompatible // indirect github.com/docker/docker-credential-helpers v0.8.1 // indirect github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect github.com/docker/go-connections v0.5.0 // indirect @@ -197,15 +198,15 @@ require ( github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.8 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mandelsoft/filepath v0.0.0-20240223090642-3e2777258aa3 // indirect - github.com/mandelsoft/goutils v0.0.0-20240605100619-84d61423f421 // indirect - github.com/mandelsoft/logging v0.0.0-20240201091719-67180059d6bf // indirect + github.com/mandelsoft/goutils v0.0.0-20240623134558-383cb09dec16 // indirect + github.com/mandelsoft/logging v0.0.0-20240618075559-fdca28a87b0a // indirect github.com/mandelsoft/spiff v1.7.0-beta-5 // indirect github.com/mandelsoft/vfs v0.4.3 // indirect github.com/marstr/guid v1.1.0 // indirect @@ -301,7 +302,7 @@ require ( golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/mod v0.19.0 // indirect golang.org/x/net v0.27.0 // indirect - golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sys v0.22.0 // indirect golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect @@ -318,7 +319,7 @@ require ( gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - helm.sh/helm/v3 v3.15.1 // indirect + helm.sh/helm/v3 v3.15.2 // indirect k8s.io/component-base v0.30.3 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect diff --git a/go.sum b/go.sum index c7ddfb4a81..2867e1898f 100644 --- a/go.sum +++ b/go.sum @@ -132,50 +132,50 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W github.com/aws/aws-sdk-go v1.51.6 h1:Ld36dn9r7P9IjU8WZSaswQ8Y/XUCRpewim5980DwYiU= github.com/aws/aws-sdk-go v1.51.6/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM= -github.com/aws/aws-sdk-go-v2 v1.27.0 h1:7bZWKoXhzI+mMR/HjdMx8ZCC5+6fY0lS5tr0bbgiLlo= -github.com/aws/aws-sdk-go-v2 v1.27.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA= +github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg= -github.com/aws/aws-sdk-go-v2/config v1.27.16 h1:knpCuH7laFVGYTNd99Ns5t+8PuRjDn4HnnZK48csipM= -github.com/aws/aws-sdk-go-v2/config v1.27.16/go.mod h1:vutqgRhDUktwSge3hrC3nkuirzkJ4E/mLj5GvI0BQas= -github.com/aws/aws-sdk-go-v2/credentials v1.17.16 h1:7d2QxY83uYl0l58ceyiSpxg9bSbStqBC6BeEeHEchwo= -github.com/aws/aws-sdk-go-v2/credentials v1.17.16/go.mod h1:Ae6li/6Yc6eMzysRL2BXlPYvnrLLBg3D11/AmOjw50k= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 h1:dQLK4TjtnlRGb0czOht2CevZ5l6RSyRWAnKeGd7VAFE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3/go.mod h1:TL79f2P6+8Q7dTsILpiVST+AL9lkF6PPGI167Ny0Cjw= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.21 h1:1v8Ii0MRVGYB/sdhkbxrtolCA7Tp+lGh+5OJTs5vmZ8= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.21/go.mod h1:cxdd1rc8yxCjKz28hi30XN1jDXr2DxZvD44vLxTz/bg= +github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM= +github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw= +github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1 h1:D9VqWMuw7lJAX6d5eINfRQ/PkvtcJAK3Qmd6f6xEeUw= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1/go.mod h1:ckvBx7codI4wzc5inOfDp5ZbK7TjMFa7eXwmLvXQrRk= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 h1:lf/8VTF2cM+N4SLzaYJERKEWAXq8MOMpZfU6wEPWsPk= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7/go.mod h1:4SjkU7QiqK2M9oozyMzfZ/23LmUY+h3oFqhdeP5OMiI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 h1:4OYVp0705xu8yjdyoWix0r9wPIRXnIzzOoUpQVHIJ/g= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7/go.mod h1:vd7ESTEvI76T2Na050gODNmNU7+OyKrIKroYTu4ABiI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.7 h1:/FUtT3xsoHO3cfh+I/kCbcMCN98QZRsiFet/V8QkWSs= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.7/go.mod h1:MaCAgWpGooQoCWZnMur97rGn5dp350w2+CeiV5406wE= -github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3 h1:NsP8PA4Kw1sA6UKl3ZFRIcA9dWomePbmoRIvfOl+HKs= -github.com/aws/aws-sdk-go-v2/service/ecr v1.28.3/go.mod h1:X52zjAVRaXklEU1TE/wO8kyyJSr9cJx9ZsqliWbyRys= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 h1:DXFWyt7ymx/l1ygdyTTS0X923e+Q2wXIxConJzrgwc0= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12/go.mod h1:mVOr/LbvaNySK1/BTy4cBOCjhCNY2raWBwK4v+WR5J4= +github.com/aws/aws-sdk-go-v2/service/ecr v1.29.1 h1:ywNLJrn/Qn4enDsz/XnKlvpnLqvJxFGQV2BltWltbis= +github.com/aws/aws-sdk-go-v2/service/ecr v1.29.1/go.mod h1:WadVIk+UrTvWuAsCp6BKGX4i2snurpz8mPWhJQnS7Dg= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 h1:PpbXaecV3sLAS6rjQiaKw4/jyq3Z8gNzmoJupHAoBp0= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2/go.mod h1:fUHpGXr4DrXkEDpGAjClPsviWf+Bszeb0daKE0blxv8= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.9 h1:UXqEWQI0n+q0QixzU0yUUQBZXRd5037qdInTIHFTl98= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.9/go.mod h1:xP6Gq6fzGZT8w/ZN+XvGMZ2RU1LeEs7b2yUP5DN8NY4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 h1:Wx0rlZoEJR7JwlSZcHnEa7CNjrSIyVxMFWGAaXy4fJY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9/go.mod h1:aVMHdE0aHO3v+f/iw01fmXV/5DbfQ3Bi9nN7nd9bE9Y= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.7 h1:uO5XR6QGBcmPyo2gxofYJLFkcVQ4izOoGDNenlZhTEk= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.7/go.mod h1:feeeAYfAcwTReM6vbwjEyDmiGho+YgBhaFULuXDW8kc= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 h1:oWccitSnByVU74rQRHac4gLfDqjB6Z1YQGOY/dXKedI= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14/go.mod h1:8SaZBlQdCLrc/2U3CEO48rYj9uR8qRsPRkmzwNM52pM= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI= github.com/aws/aws-sdk-go-v2/service/kms v1.30.0 h1:yS0JkEdV6h9JOo8sy2JSpjX+i7vsKifU8SIeHrqiDhU= github.com/aws/aws-sdk-go-v2/service/kms v1.30.0/go.mod h1:+I8VUUSVD4p5ISQtzpgSva4I8cJ4SQ4b1dcBcof7O+g= -github.com/aws/aws-sdk-go-v2/service/s3 v1.54.3 h1:57NtjG+WLims0TxIQbjTqebZUKDM03DfM11ANAekW0s= -github.com/aws/aws-sdk-go-v2/service/s3 v1.54.3/go.mod h1:739CllldowZiPPsDFcJHNF4FXrVxaSGVnZ9Ez9Iz9hc= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.9 h1:aD7AGQhvPuAxlSUfo0CWU7s6FpkbyykMhGYMvlqTjVs= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.9/go.mod h1:c1qtZUWtygI6ZdvKppzCSXsDOq5I4luJPZ0Ud3juFCA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3 h1:Pav5q3cA260Zqez42T9UhIlsd9QeypszRPwC9LdSSsQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3/go.mod h1:9lmoVDVLz/yUZwLaQ676TK02fhCu4+PgRSmMaKR1ozk= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.10 h1:69tpbPED7jKPyzMcrwSvhWcJ9bPnZsZs18NT40JwM0g= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.10/go.mod h1:0Aqn1MnEuitqfsCNyKsdKLhDUOr4txD/g19EfiUqgws= +github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo= +github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw= +github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4= +github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4= +github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0= +github.com/aws/aws-sdk-go-v2/service/sts v1.29.1/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE= github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= @@ -244,8 +244,8 @@ github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= -github.com/containerd/containerd v1.7.17 h1:KjNnn0+tAVQHAoaWRjmdak9WlvnFR/8rU1CHHy8Rm2A= -github.com/containerd/containerd v1.7.17/go.mod h1:vK+hhT4TIv2uejlcDlbVIc8+h/BqtKLIyNrtCZol8lI= +github.com/containerd/containerd v1.7.18 h1:jqjZTQNfXGoEaZdW1WwPU0RqSn1Bm2Ay/KJPUuO8nao= +github.com/containerd/containerd v1.7.18/go.mod h1:IYEk9/IO6wAPUz2bCMVUbsfXjzw5UNP5fLz4PsUygQ4= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= @@ -254,8 +254,8 @@ github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU= github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk= -github.com/containers/image/v5 v5.31.0 h1:eDFVlz5XaYICxe9dXpf23htEKvyosgkl62mJlIATXE4= -github.com/containers/image/v5 v5.31.0/go.mod h1:5QfOqSackPkSbF7Qxc1DnVNnPJKQ+KWLkfEfDpK590Q= +github.com/containers/image/v5 v5.31.1 h1:3x9soI6Biml/GiDLpkSmKrkRSwVGctxu/vONpoUdklA= +github.com/containers/image/v5 v5.31.1/go.mod h1:5QfOqSackPkSbF7Qxc1DnVNnPJKQ+KWLkfEfDpK590Q= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA= github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.1.10 h1:r7UR6o8+lyhkEywetubUUgcKFjOWOaWz8cEBrCPX0ic= @@ -292,13 +292,13 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v26.1.3+incompatible h1:bUpXT/N0kDE3VUHI2r5VMsYQgi38kYuoC0oL9yt3lqc= -github.com/docker/cli v26.1.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.0.1+incompatible h1:d/OrlblkOTkhJ1IaAGD1bLgUBtFQC/oP0VjkFMIN+B0= +github.com/docker/cli v27.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= -github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.0.1+incompatible h1:AbszR+lCnR3f297p/g0arbQoyhAkImxQOR/XO9YZeIg= +github.com/docker/docker v27.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= @@ -333,8 +333,8 @@ github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lSh github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= @@ -584,8 +584,8 @@ github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVE github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= -github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -618,10 +618,10 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mandelsoft/filepath v0.0.0-20240223090642-3e2777258aa3 h1:oo9nIgnyiBgYPbcZslRT4y29siuL5EoNJ/t1tr0xEVQ= github.com/mandelsoft/filepath v0.0.0-20240223090642-3e2777258aa3/go.mod h1:LxhqC7khDoRENwooP6f/vWvia9ivj6TqLYrR39zqkN0= -github.com/mandelsoft/goutils v0.0.0-20240605100619-84d61423f421 h1:AdG9KVK4wloCoxotPRmaPgI01P+4N9tWpIT1W0QwsJU= -github.com/mandelsoft/goutils v0.0.0-20240605100619-84d61423f421/go.mod h1:EbNqk9JceSMq7MJuALB/vlOpoD4MAGE0TenM9TR+C0o= -github.com/mandelsoft/logging v0.0.0-20240201091719-67180059d6bf h1:WEmgzeArDbp6Aw34jmziMIE5ygo2zpl/atXRq3D7lSw= -github.com/mandelsoft/logging v0.0.0-20240201091719-67180059d6bf/go.mod h1:uO460C1lIB3IOOgrbXhAlz3AKsOv4T2K6ALBn3PwuSg= +github.com/mandelsoft/goutils v0.0.0-20240623134558-383cb09dec16 h1:7tcgfj+QZSfABuZKc9PrgQj1U+A7MsRySCG4ZG5JvLg= +github.com/mandelsoft/goutils v0.0.0-20240623134558-383cb09dec16/go.mod h1:9TJgkwSY43RWHiIAAz7fL8SEIHf0L13Pk4w8fDIt+i4= +github.com/mandelsoft/logging v0.0.0-20240618075559-fdca28a87b0a h1:MAvh0gbP2uwKmf7wWCkYCzrYa6vPjBvYeGhoUlVHwtI= +github.com/mandelsoft/logging v0.0.0-20240618075559-fdca28a87b0a/go.mod h1:uO460C1lIB3IOOgrbXhAlz3AKsOv4T2K6ALBn3PwuSg= github.com/mandelsoft/spiff v1.7.0-beta-5 h1:3kC10nTviDQhL8diSxp7i4IC2iSiDg6KPbH1CAq7Lfw= github.com/mandelsoft/spiff v1.7.0-beta-5/go.mod h1:TwEeOPuRZxlzQBCLEyVTlHmBSruSGGNdiQ2fovVJ8ao= github.com/mandelsoft/vfs v0.4.3 h1:2UMrxQkMXkcHyuqSFhgFDupQ1fmqpKLZuu04DOHx1PA= @@ -703,8 +703,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= -github.com/open-component-model/ocm v0.11.0 h1:m6r6OzNWvd713pwnSKcHAf4nH6wlrdOIRNbAlVCZnt8= -github.com/open-component-model/ocm v0.11.0/go.mod h1:VwvVRqaSyw9OPtxmP0jsWOWfAxEBJCP4D7fzSNrI+kA= +github.com/open-component-model/ocm v0.12.0 h1:FVTkpw04qjH+ojpz4PrANRVvE3pZNLg8W7BF2BCe9nI= +github.com/open-component-model/ocm v0.12.0/go.mod h1:l1vln+WpEJ/RJPl+ADHYJtzCVh4+jDZUTJMe1ZKcUc4= github.com/open-policy-agent/opa v0.63.0 h1:ztNNste1v8kH0/vJMJNquE45lRvqwrM5mY9Ctr9xIXw= github.com/open-policy-agent/opa v0.63.0/go.mod h1:9VQPqEfoB2N//AToTxzZ1pVTVPUoF2Mhd64szzjWPpU= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1038,8 +1038,8 @@ golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1210,8 +1210,8 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= -helm.sh/helm/v3 v3.15.1 h1:22ztacHz4gMqhXNqCQ9NAg6BFWoRUryNLvnkz6OVyw0= -helm.sh/helm/v3 v3.15.1/go.mod h1:fvfoRcB8UKRUV5jrIfOTaN/pG1TPhuqSb56fjYdTKXg= +helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= +helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= istio.io/api v1.22.3 h1:V59wgcCm2fK2r137QBsddCDHNg0efg/DauIWEB9DFz8=