From 2e53745a03f66f74f01c89641235d0e8f91848f2 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Tue, 16 Mar 2021 11:58:21 +0200 Subject: [PATCH] Allow specifying the path for manifests updates - Add optional `path` field to `spec.update`, defaults to the git repo root - Restrict updates to the specified `spec.update.path` Signed-off-by: Stefan Prodan --- api/v1alpha1/imageupdateautomation_types.go | 9 ++ ...lkit.fluxcd.io_imageupdateautomations.yaml | 5 + .../imageupdateautomation_controller.go | 12 ++- docs/api/image-automation.md | 92 ++++++++++++++++++- docs/spec/v1alpha1/imageupdateautomations.md | 5 + go.mod | 1 + go.sum | 1 + 7 files changed, 119 insertions(+), 6 deletions(-) diff --git a/api/v1alpha1/imageupdateautomation_types.go b/api/v1alpha1/imageupdateautomation_types.go index ffc24f7d..108f500d 100644 --- a/api/v1alpha1/imageupdateautomation_types.go +++ b/api/v1alpha1/imageupdateautomation_types.go @@ -30,15 +30,18 @@ type ImageUpdateAutomationSpec struct { // ready to make changes. // +required Checkout GitCheckoutSpec `json:"checkout"` + // Interval gives an lower bound for how often the automation // run should be attempted. // +required Interval metav1.Duration `json:"interval"` + // Update gives the specification for how to update the files in // the repository. This can be left empty, to use the default // value. // +kubebuilder:default={"strategy":"Setters"} Update *UpdateStrategy `json:"update,omitempty"` + // Commit specifies how to commit to the git repository. // +required Commit CommitSpec `json:"commit"` @@ -87,6 +90,12 @@ type UpdateStrategy struct { // +required // +kubebuilder:default=Setters Strategy UpdateStrategyName `json:"strategy"` + + // Path to the directory containing the manifests to be updated. + // Defaults to 'None', which translates to the root path + // of the GitRepositoryRef. + // +optional + Path string `json:"path,omitempty"` } // CommitSpec specifies how to commit changes to the git repository diff --git a/config/crd/bases/image.toolkit.fluxcd.io_imageupdateautomations.yaml b/config/crd/bases/image.toolkit.fluxcd.io_imageupdateautomations.yaml index 0dd9f04e..629548ea 100644 --- a/config/crd/bases/image.toolkit.fluxcd.io_imageupdateautomations.yaml +++ b/config/crd/bases/image.toolkit.fluxcd.io_imageupdateautomations.yaml @@ -111,6 +111,11 @@ spec: files in the repository. This can be left empty, to use the default value. properties: + path: + description: Path to the directory containing the manifests to + be updated. Defaults to 'None', which translates to the root + path of the GitRepositoryRef. + type: string strategy: default: Setters description: Strategy names the strategy to be used. diff --git a/controllers/imageupdateautomation_controller.go b/controllers/imageupdateautomation_controller.go index b0591332..903eaf77 100644 --- a/controllers/imageupdateautomation_controller.go +++ b/controllers/imageupdateautomation_controller.go @@ -30,6 +30,7 @@ import ( gogit "github.com/go-git/go-git/v5" libgit2 "github.com/libgit2/git2go/v31" + securejoin "github.com/cyphar/filepath-securejoin" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" "github.com/go-logr/logr" @@ -196,7 +197,16 @@ func (r *ImageUpdateAutomationReconciler) Reconcile(ctx context.Context, req ctr return failWithError(err) } - if result, err := updateAccordingToSetters(ctx, tmp, policies.Items); err != nil { + manifestsPath := tmp + if auto.Spec.Update.Path != "" { + if p, err := securejoin.SecureJoin(tmp, auto.Spec.Update.Path); err != nil { + return failWithError(err) + } else { + manifestsPath = p + } + } + + if result, err := updateAccordingToSetters(ctx, manifestsPath, policies.Items); err != nil { return failWithError(err) } else { templateValues.Updated = result diff --git a/docs/api/image-automation.md b/docs/api/image-automation.md index 2ca9543c..1446b195 100644 --- a/docs/api/image-automation.md +++ b/docs/api/image-automation.md @@ -88,8 +88,8 @@ into which will be interpolated the details of the change made.

gitRepositoryRef
- -Kubernetes core/v1.LocalObjectReference + +github.com/fluxcd/pkg/apis/meta.LocalObjectReference @@ -106,7 +106,9 @@ string -

Branch gives the branch to clone from the git repository.

+

Branch gives the branch to clone from the git repository. If +.spec.push is not supplied, commits will also be pushed to +this branch.

@@ -206,7 +208,23 @@ CommitSpec -

Commit specifies how to commit to the git repo

+

Commit specifies how to commit to the git repository.

+ + + + +push
+ + +PushSpec + + + + +(Optional) +

Push specifies how and where to push commits made by the +automation. If missing, commits are pushed (back) to +.spec.checkout.branch.

@@ -311,7 +329,23 @@ CommitSpec -

Commit specifies how to commit to the git repo

+

Commit specifies how to commit to the git repository.

+ + + + +push
+ + +PushSpec + + + + +(Optional) +

Push specifies how and where to push commits made by the +automation. If missing, commits are pushed (back) to +.spec.checkout.branch.

@@ -434,6 +468,40 @@ github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus +

PushSpec +

+

+(Appears on: +ImageUpdateAutomationSpec) +

+

PushSpec specifies how and where to push commits.

+
+
+ + + + + + + + + + + + + +
FieldDescription
+branch
+ +string + +		 +

Branch specifies that commits should be pushed to the branch +named. The branch is created using .spec.checkout.branch as the +starting point, if it doesn’t already exist.

+
+
+

UpdateStrategy

@@ -466,6 +534,20 @@ UpdateStrategyName

Strategy names the strategy to be used.

+ + +path
+ +string + + + +(Optional) +

Path to the directory containing the manifests to be updated. +Defaults to ‘None’, which translates to the root path +of the GitRepositoryRef.

+ + diff --git a/docs/spec/v1alpha1/imageupdateautomations.md b/docs/spec/v1alpha1/imageupdateautomations.md index ec35390e..8fa7f8d5 100644 --- a/docs/spec/v1alpha1/imageupdateautomations.md +++ b/docs/spec/v1alpha1/imageupdateautomations.md @@ -108,6 +108,11 @@ type UpdateStrategy struct { // Strategy names the strategy to be used. // +required Strategy UpdateStrategyName `json:"strategy"` + // Path to the directory containing the manifests to be updated. + // Defaults to 'None', which translates to the root path + // of the GitRepositoryRef. + // +optional + Path string `json:"path,omitempty"` } ``` diff --git a/go.mod b/go.mod index 6b4315b1..3e31551b 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ replace github.com/fluxcd/image-automation-controller/api => ./api replace gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c require ( + github.com/cyphar/filepath-securejoin v0.2.2 github.com/fluxcd/image-automation-controller/api v0.6.1 github.com/fluxcd/image-reflector-controller/api v0.7.0 github.com/fluxcd/pkg/apis/meta v0.8.0 diff --git a/go.sum b/go.sum index e5f1564a..c6bac23d 100644 --- a/go.sum +++ b/go.sum @@ -252,6 +252,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=