From e82d3891076b77fd74a1292e6e64a248c786e990 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 2 May 2022 16:16:04 +0200 Subject: [PATCH 01/76] helm/storage: add observator and implementation This adds an observer which wraps around a Helm storage driver, to keep track of the release metadata as written to the storage. This enables you to work with, and compare release data as persisted by Helm. Without having to rely on the result as returned by the Helm SDK. Which at times of an error, may differ from last written state. The observer does at present expect to be watching a single namespace, and was designed without working with multiple releases simultianiously into account, although this should theoretically still work. The releases are at stored in a simple map by index storage key, which are unique to the namespace. The `ObservedRelease` objects the keys hold are overwritten on sequential writes to the same release object, and returned by getter methods as deep copies. This could theoretically be changed to observing e.g. all writes, I have left this as a refinement TODO while actually implementing it in the reconciler. The same goes for the included metadata, which might be not all relevant. Signed-off-by: Hidde Beydals --- go.mod | 2 +- internal/storage/driver.go | 68 +++ internal/storage/observer.go | 373 ++++++++++++++++ internal/storage/observer_test.go | 535 +++++++++++++++++++++++ internal/storage/testdata/istio-base-1 | 1 + internal/storage/testdata/podinfo-helm-1 | 1 + internal/storage/testdata/prom-stack-1 | 1 + 7 files changed, 980 insertions(+), 1 deletion(-) create mode 100644 internal/storage/driver.go create mode 100644 internal/storage/observer.go create mode 100644 internal/storage/observer_test.go create mode 100644 internal/storage/testdata/istio-base-1 create mode 100644 internal/storage/testdata/podinfo-helm-1 create mode 100644 internal/storage/testdata/prom-stack-1 diff --git a/go.mod b/go.mod index 4502ebd31..3a1c3c76a 100644 --- a/go.mod +++ b/go.mod @@ -26,6 +26,7 @@ require ( github.com/go-logr/logr v1.2.4 github.com/google/go-cmp v0.5.9 github.com/hashicorp/go-retryablehttp v0.7.4 + github.com/mitchellh/copystructure v1.2.0 github.com/onsi/gomega v1.27.10 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/go-digest/blake3 v0.0.0-20230815154656-802ce17c4f59 @@ -113,7 +114,6 @@ require ( github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect diff --git a/internal/storage/driver.go b/internal/storage/driver.go new file mode 100644 index 000000000..130704d37 --- /dev/null +++ b/internal/storage/driver.go @@ -0,0 +1,68 @@ +/* +Copyright The Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package storage + +import ( + "bytes" + "compress/gzip" + "encoding/base64" + "encoding/json" + "io/ioutil" + + rspb "helm.sh/helm/v3/pkg/release" +) + +// Copied over from the Helm project to be able to decrypt encoded releases +// as testdata. + +var b64 = base64.StdEncoding + +var magicGzip = []byte{0x1f, 0x8b, 0x08} + +// decodeRelease decodes the bytes of data into a release +// type. Data must contain a base64 encoded gzipped string of a +// valid release, otherwise an error is returned. +func decodeRelease(data string) (*rspb.Release, error) { + // base64 decode string + b, err := b64.DecodeString(data) + if err != nil { + return nil, err + } + + // For backwards compatibility with releases that were stored before + // compression was introduced we skip decompression if the + // gzip magic header is not found + if bytes.Equal(b[0:3], magicGzip) { + r, err := gzip.NewReader(bytes.NewReader(b)) + if err != nil { + return nil, err + } + defer r.Close() + b2, err := ioutil.ReadAll(r) + if err != nil { + return nil, err + } + b = b2 + } + + var rls rspb.Release + // unmarshal release object bytes + if err := json.Unmarshal(b, &rls); err != nil { + return nil, err + } + return &rls, nil +} diff --git a/internal/storage/observer.go b/internal/storage/observer.go new file mode 100644 index 000000000..43287f4c3 --- /dev/null +++ b/internal/storage/observer.go @@ -0,0 +1,373 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package storage + +import ( + "crypto/sha256" + "errors" + "fmt" + "sort" + "strconv" + "strings" + "sync" + + "github.com/mitchellh/copystructure" + "helm.sh/helm/v3/pkg/chart" + "helm.sh/helm/v3/pkg/release" + "helm.sh/helm/v3/pkg/releaseutil" + "helm.sh/helm/v3/pkg/storage" + "helm.sh/helm/v3/pkg/storage/driver" +) + +// ObserverDriverName contains the string representation of Observer. +const ObserverDriverName = "observer" + +var ( + // ErrReleaseNotObserved indicates the release has not been observed by + // the Observator. + ErrReleaseNotObserved = errors.New("release: not observed") +) + +// Observator reports about the write actions to a driver.Driver, recorded as +// ObservedRelease objects. +// Named to be inline with driver.Creator, driver.Updator, etc. +type Observator interface { + // LastObservation returns the last observed release with the highest version, + // or ErrReleaseNotObserved if there is no observed release with the provided + // name. + LastObservation(name string) (ObservedRelease, error) + // GetObservedVersion returns the release with the given version if + // observed, or ErrReleaseNotObserved. + GetObservedVersion(name string, version int) (ObservedRelease, error) + // ObserveLastRelease observes the release in with the highest version in + // the embedded driver.Driver. It returns the driver.ErrReleaseNotFound is + // returned if a release with the provided name does not exist. + ObserveLastRelease(name string) (ObservedRelease, error) +} + +// ObservedRelease is a copy of a release.Release as observed to be written to +// a Helm storage driver by an Observator. The object is detached from the Helm +// storage object, and mutations to it do not change the underlying release +// object. +type ObservedRelease struct { + // Name of the release. + Name string + // Version of the release, at times also called revision. + Version int + // Info provides information about the release. + Info release.Info + // ChartMetadata contains the current Chartfile data of the release. + ChartMetadata chart.Metadata + // Config is the set of extra Values added to the chart. + // These values override the default values inside the chart. + Config map[string]interface{} + // Manifest is the string representation of the rendered template. + Manifest string + // ManifestSHA256 is the string representation of the SHA256 sum of + // Manifest. + ManifestSHA256 string + // Hooks are all the hooks declared for this release, and the current + // state they are in. + Hooks []release.Hook + // Namespace is the Kubernetes namespace of the release. + Namespace string + // Labels of the release. + Labels map[string]string +} + +// DeepCopy deep copies the ObservedRelease, creating a new ObservedRelease. +func (in ObservedRelease) DeepCopy() ObservedRelease { + out := ObservedRelease{} + in.DeepCopyInto(&out) + return out +} + +// DeepCopyInto deep copies the ObservedRelease, writing it into out. +func (in ObservedRelease) DeepCopyInto(out *ObservedRelease) { + if out == nil { + return + } + + out.Name = in.Name + out.Version = in.Version + out.Info = in.Info + out.Manifest = in.Manifest + out.ManifestSHA256 = in.ManifestSHA256 + out.Namespace = in.Namespace + + if v, err := copystructure.Copy(in.ChartMetadata); err == nil { + out.ChartMetadata = v.(chart.Metadata) + } + + if v, err := copystructure.Copy(in.Config); err == nil { + out.Config = v.(map[string]interface{}) + } + + if len(in.Hooks) > 0 { + out.Hooks = make([]release.Hook, len(in.Hooks)) + if v, err := copystructure.Copy(in.Hooks); err == nil { + for i, h := range v.([]release.Hook) { + out.Hooks[i] = h + } + } + } + + if len(in.Labels) > 0 { + out.Labels = make(map[string]string, len(in.Labels)) + for i, v := range in.Labels { + out.Labels[i] = v + } + } +} + +// NewObservedRelease deep copies the values from the provided release.Release +// into a new ObservedRelease while omitting all chart data except metadata. +func NewObservedRelease(rel *release.Release) ObservedRelease { + if rel == nil { + return ObservedRelease{} + } + + obsRel := ObservedRelease{ + Name: rel.Name, + Version: rel.Version, + Config: nil, + Manifest: rel.Manifest, + Hooks: nil, + Namespace: rel.Namespace, + Labels: nil, + } + + if rel.Info != nil { + obsRel.Info = *rel.Info + } + + if rel.Manifest != "" { + obsRel.ManifestSHA256 = fmt.Sprintf("%x", sha256.Sum256([]byte(rel.Manifest))) + } + + if rel.Chart != nil && rel.Chart.Metadata != nil { + if v, err := copystructure.Copy(rel.Chart.Metadata); err == nil { + obsRel.ChartMetadata = *v.(*chart.Metadata) + } + } + + if len(rel.Config) > 0 { + if v, err := copystructure.Copy(rel.Config); err == nil { + obsRel.Config = v.(map[string]interface{}) + } + } + + if len(rel.Hooks) > 0 { + obsRel.Hooks = make([]release.Hook, len(rel.Hooks)) + if v, err := copystructure.Copy(rel.Hooks); err == nil { + for i, h := range v.([]*release.Hook) { + obsRel.Hooks[i] = *h + } + } + } + + if len(rel.Labels) > 0 { + obsRel.Labels = make(map[string]string, len(rel.Labels)) + for i, v := range rel.Labels { + obsRel.Labels[i] = v + } + } + + return obsRel +} + +// Observer is a driver.Driver Observator. +// +// It observes the writes to the Helm storage driver it embeds, and caches +// persisted release.Release objects as an ObservedRelease by their Helm +// storage key. +// +// This allows for observations on persisted state as performed by the driver, +// and works around the inconsistent behavior of some Helm actions that may +// return an object that was not actually persisted to the Helm storage +// (e.g. because a validation error occurred during a Helm upgrade). +type Observer struct { + // driver holds the underlying driver.Driver implementation which is used + // to persist data to, and retrieve from. + driver driver.Driver + // releases contains a map of ObservedRelease objects indexed by makeKeyFunc + // key. + releases map[string]ObservedRelease + // mu is a read-write lock for releases. + mu sync.RWMutex + // makeKeyFunc returns the expected Helm storage key for the given name and + // version. + // At present, the only implementation is makeKey, but to prevent + // hard-coded assumptions and acknowledge the unexposed Helm API around it, + // it can (theoretically) be configured. + makeKeyFunc func(name string, version int) string + // splitKeyFunc returns the name and version of a Helm storage key. + // At present, the only implementation is splitKey, but to prevent + // hard-coded assumptions and acknowledge the unexposed Helm API around it, + // it can (theoretically) be configured. + splitKeyFunc func(key string) (name string, version int) +} + +// NewObserver creates a new observer for the given Helm storage driver. +func NewObserver(driver driver.Driver) *Observer { + return &Observer{ + driver: driver, + makeKeyFunc: makeKey, + splitKeyFunc: splitKey, + releases: make(map[string]ObservedRelease), + } +} + +// Name returns the name of the driver. +func (o *Observer) Name() string { + return ObserverDriverName +} + +// Get returns the release named by key or returns ErrReleaseNotFound. +func (o *Observer) Get(key string) (*release.Release, error) { + return o.driver.Get(key) +} + +// List returns the list of all releases such that filter(release) == true. +func (o *Observer) List(filter func(*release.Release) bool) ([]*release.Release, error) { + return o.driver.List(filter) +} + +// Query returns the set of releases that match the provided set of labels. +func (o *Observer) Query(keyvals map[string]string) ([]*release.Release, error) { + return o.driver.Query(keyvals) +} + +// Create creates a new release or returns driver.ErrReleaseExists. +// It observes the release as provided after a successful creation. +func (o *Observer) Create(key string, rls *release.Release) error { + defer unlock(o.wlock()) + if err := o.driver.Create(key, rls); err != nil { + return err + } + o.releases[key] = NewObservedRelease(rls) + return nil +} + +// Update updates a release or returns driver.ErrReleaseNotFound. +// After a successful update, it observes the release as provided. +func (o *Observer) Update(key string, rls *release.Release) error { + defer unlock(o.wlock()) + if err := o.driver.Update(key, rls); err != nil { + return err + } + o.releases[key] = NewObservedRelease(rls) + return nil +} + +// Delete deletes a release or returns driver.ErrReleaseNotFound. +// After a successful deletion, it observes the release as returned by the +// embedded driver.Deletor. +func (o *Observer) Delete(key string) (*release.Release, error) { + defer unlock(o.wlock()) + rel, err := o.driver.Delete(key) + if err != nil { + return nil, err + } + o.releases[key] = NewObservedRelease(rel) + return rel, nil +} + +// LastObservation returns the last observed release with the highest version, +// or ErrReleaseNotObserved if there is no observed release with the provided +// name. +func (o *Observer) LastObservation(name string) (ObservedRelease, error) { + defer unlock(o.rlock()) + if len(o.releases) == 0 { + return ObservedRelease{}, ErrReleaseNotObserved + } + var candidates []int + for key := range o.releases { + if n, ver := o.splitKeyFunc(key); n == name { + candidates = append(candidates, ver) + } + } + if len(candidates) == 0 { + return ObservedRelease{}, ErrReleaseNotObserved + } + sort.Ints(candidates) + return o.releases[o.makeKeyFunc(name, candidates[len(candidates)-1])].DeepCopy(), nil +} + +// GetObservedVersion returns the observation for provided release name with +// the given version, or ErrReleaseNotObserved if it has not been observed. +func (o *Observer) GetObservedVersion(name string, version int) (ObservedRelease, error) { + defer unlock(o.rlock()) + rls, ok := o.releases[o.makeKeyFunc(name, version)] + if !ok { + return ObservedRelease{}, ErrReleaseNotObserved + } + return rls.DeepCopy(), nil +} + +// ObserveLastRelease observes the release with the highest version, or +// driver.ErrReleaseNotFound if a release with the provided name does not +// exist. +func (o *Observer) ObserveLastRelease(name string) (ObservedRelease, error) { + defer unlock(o.wlock()) + rls, err := o.Query(map[string]string{"name": name, "owner": "helm"}) + if err != nil { + return ObservedRelease{}, err + } + if len(rls) == 0 { + return ObservedRelease{}, driver.ErrReleaseNotFound + } + releaseutil.Reverse(rls, releaseutil.SortByRevision) + key := o.makeKeyFunc(rls[0].Name, rls[0].Version) + o.releases[key] = NewObservedRelease(rls[0]) + return o.releases[key].DeepCopy(), nil +} + +// wlock locks Observer for writing and returns a func to reverse the operation. +func (o *Observer) wlock() func() { + o.mu.Lock() + return func() { o.mu.Unlock() } +} + +// rlock locks Observer for reading and returns a func to reverse the operation. +func (o *Observer) rlock() func() { + o.mu.RLock() + return func() { o.mu.RUnlock() } +} + +// unlock calls fn which reverses an o.rlock or o.wlock. e.g: +// ```defer unlock(o.rlock())```, locks mem for reading at the +// call point of defer and unlocks upon exiting the block. +func unlock(fn func()) { fn() } + +// makeKey mimics the Helm storage's internal makeKey method: +// https://github.com/helm/helm/blob/29d273f985306bc508b32455d77894f3b1eb8d4d/pkg/storage/storage.go#L251 +func makeKey(name string, version int) string { + return fmt.Sprintf("%s.%s.v%d", storage.HelmStorageType, name, version) +} + +// splitKey is capable of splitting a Helm storage key into a name and version, +// if created using the makeKey logic. +func splitKey(key string) (name string, version int) { + typeLessKey := strings.TrimPrefix(key, storage.HelmStorageType+".") + split := strings.Split(typeLessKey, ".v") + name = split[0] + if len(split) > 1 { + version, _ = strconv.Atoi(split[1]) + } + return +} diff --git a/internal/storage/observer_test.go b/internal/storage/observer_test.go new file mode 100644 index 000000000..86ab309ba --- /dev/null +++ b/internal/storage/observer_test.go @@ -0,0 +1,535 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package storage + +import ( + "crypto/sha256" + "fmt" + "log" + "os" + "testing" + + . "github.com/onsi/gomega" + "helm.sh/helm/v3/pkg/chart" + "helm.sh/helm/v3/pkg/release" + "helm.sh/helm/v3/pkg/storage/driver" + "helm.sh/helm/v3/pkg/time" +) + +var ( + // smallRelease is 17K while encoded. + smallRelease *release.Release + // midRelease is 125K while encoded. + midRelease *release.Release + // biggerRelease is 862K while encoded. + biggerRelease *release.Release +) + +func TestMain(m *testing.M) { + var err error + if smallRelease, err = decodeReleaseFromFile("testdata/podinfo-helm-1"); err != nil { + log.Fatal(err) + } + if midRelease, err = decodeReleaseFromFile("testdata/istio-base-1"); err != nil { + log.Fatal(err) + } + if biggerRelease, err = decodeReleaseFromFile("testdata/prom-stack-1"); err != nil { + log.Fatal(err) + } + r := m.Run() + os.Exit(r) +} + +func TestObservedRelease_DeepCopyInto(t *testing.T) { + t.Run("deep copies", func(t *testing.T) { + g := NewWithT(t) + + now := time.Now() + in := ObservedRelease{ + Name: "universe", + Version: 42, + Info: release.Info{ + FirstDeployed: now, + Description: "ever expanding", + Status: release.StatusPendingRollback, + }, + ChartMetadata: chart.Metadata{ + Name: "bang", + Version: "v1.0", + Maintainers: []*chart.Maintainer{ + {Name: "Lord", Email: "noreply@example.com"}, + }, + Annotations: map[string]string{ + "big": "bang", + }, + APIVersion: chart.APIVersionV2, + Type: "application", + }, + Config: map[string]interface{}{ + "sky": "blue", + }, + Manifest: `--- +apiVersion: v1 +kind: ConfigMap +Namespace: void +data: + sky: blue +`, + ManifestSHA256: "1e472606d9e10ab58c5264a6b45aa2d5dad96d06f27423140fd6280a48a0b775", + Hooks: []release.Hook{ + { + Name: "passing-test", + Events: []release.HookEvent{release.HookTest}, + LastRun: release.HookExecution{ + StartedAt: now, + CompletedAt: now, + Phase: release.HookPhaseSucceeded, + }, + }, + }, + Namespace: "void", + Labels: map[string]string{ + "concept": "true", + }, + } + + out := ObservedRelease{} + in.DeepCopyInto(&out) + g.Expect(out).To(Equal(in)) + g.Expect(out).ToNot(BeIdenticalTo(in)) + + deepcopy := out.DeepCopy() + g.Expect(deepcopy).To(Equal(out)) + g.Expect(deepcopy).ToNot(BeIdenticalTo(out)) + }) + + t.Run("with nil", func(t *testing.T) { + in := ObservedRelease{} + in.DeepCopyInto(nil) + }) +} + +func TestNewObservedRelease(t *testing.T) { + tests := []struct { + name string + releases []*release.Release + inspect func(w *WithT, rel *release.Release, obsRel ObservedRelease) + }{ + { + name: "observes release", + releases: []*release.Release{smallRelease, midRelease, biggerRelease}, + inspect: func(w *WithT, rel *release.Release, obsRel ObservedRelease) { + w.Expect(obsRel.Name).To(Equal(rel.Name)) + w.Expect(obsRel.Version).To(Equal(rel.Version)) + w.Expect(obsRel.Info).To(Equal(*rel.Info)) + w.Expect(obsRel.ChartMetadata).To(Equal(*rel.Chart.Metadata)) + w.Expect(obsRel.Config).To(Equal(rel.Config)) + w.Expect(obsRel.Manifest).To(Equal(rel.Manifest)) + w.Expect(obsRel.ManifestSHA256).To(Equal(fmt.Sprintf("%x", sha256.Sum256([]byte(rel.Manifest))))) + w.Expect(obsRel.Hooks).To(HaveLen(len(rel.Hooks))) + for k, v := range rel.Hooks { + w.Expect(obsRel.Hooks[k]).To(Equal(*v)) + } + w.Expect(obsRel.Namespace).To(Equal(rel.Namespace)) + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + for _, rel := range tt.releases { + rel := rel + t.Run(t.Name()+"_"+rel.Name, func(t *testing.T) { + got := NewObservedRelease(rel) + tt.inspect(NewWithT(t), rel, got) + }) + } + }) + } +} + +func TestObserver_Name(t *testing.T) { + g := NewWithT(t) + + o := NewObserver(driver.NewMemory()) + g.Expect(o.Name()).To(Equal(ObserverDriverName)) +} + +func TestObserver_Get(t *testing.T) { + t.Run("ignores get", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + o := NewObserver(ms) + + rel := releaseStub("success", 1, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(ms.Create(key, rel)).To(Succeed()) + g.Expect(o.releases).To(HaveLen(0)) + + got, err := o.Get(key) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(rel)) + g.Expect(o.releases).To(HaveLen(0)) + }) +} + +func TestObserver_List(t *testing.T) { + t.Run("ignores list", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + rel := releaseStub("success", 1, "ns1", release.StatusDeployed) + key := makeKey(rel.Name, rel.Version) + g.Expect(ms.Create(key, rel)).To(Succeed()) + + o := NewObserver(ms) + got, err := o.List(func(r *release.Release) bool { + // Include everything + return true + }) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(HaveLen(1)) + g.Expect(got[0]).To(Equal(rel)) + // Observed releases still empty + g.Expect(o.releases).To(HaveLen(0)) + }) +} + +func TestObserver_Query(t *testing.T) { + t.Run("ignores query", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + rel := releaseStub("success", 1, "ns1", release.StatusDeployed) + key := makeKey(rel.Name, rel.Version) + g.Expect(ms.Create(key, rel)).To(Succeed()) + + o := NewObserver(ms) + rls, err := o.Query(map[string]string{"status": "deployed"}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(rls).To(HaveLen(1)) + g.Expect(rls[0]).To(Equal(rel)) + // Observed releases still empty + g.Expect(o.releases).To(HaveLen(0)) + }) +} + +func TestObserver_Create(t *testing.T) { + t.Run("observes create success", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + o := NewObserver(ms) + + rel := releaseStub("success", 1, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(o.Create(key, rel)).To(Succeed()) + g.Expect(o.releases).To(HaveLen(1)) + g.Expect(o.releases).To(HaveKey(key)) + g.Expect(o.releases[key]).To(Equal(NewObservedRelease(rel))) + }) + + t.Run("ignores create error", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + o := NewObserver(ms) + + rel := releaseStub("error", 1, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(o.Create(key, rel)).To(Succeed()) + + rel2 := releaseStub("error", 1, "ns1", release.StatusFailed) + g.Expect(o.Create(key, rel2)).To(HaveOccurred()) + g.Expect(o.releases).To(HaveLen(1)) + g.Expect(o.releases).To(HaveKey(key)) + g.Expect(o.releases[key]).ToNot(Equal(rel2)) + }) +} + +func TestObserver_Update(t *testing.T) { + t.Run("observes update success", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + o := NewObserver(ms) + + rel := releaseStub("success", 1, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(ms.Create(key, rel)).To(Succeed()) + + g.Expect(o.Update(key, rel)).To(Succeed()) + g.Expect(o.releases).To(HaveLen(1)) + g.Expect(o.releases).To(HaveKey(key)) + g.Expect(o.releases[key]).To(Equal(NewObservedRelease(rel))) + }) + + t.Run("observation updates earlier observation", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + o := NewObserver(ms) + + rel := releaseStub("success", 1, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(o.Create(key, rel)).To(Succeed()) + + rel2 := releaseStub("success", 1, "ns1", release.StatusFailed) + g.Expect(o.Update(key, rel2)).To(Succeed()) + g.Expect(o.releases[key]).To(Equal(NewObservedRelease(rel2))) + }) + + t.Run("ignores update error", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + o := NewObserver(ms) + + rel := releaseStub("error", 1, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(o.Update(key, rel)).To(HaveOccurred()) + g.Expect(o.releases).To(HaveLen(0)) + }) +} + +func TestObserver_Delete(t *testing.T) { + t.Run("observes delete success", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + o := NewObserver(ms) + + rel := releaseStub("success", 1, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(o.Create(key, rel)).To(Succeed()) + g.Expect(o.LastObservation(rel.Name)).ToNot(BeNil()) + + got, err := o.Delete(key) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).ToNot(BeNil()) + + g.Expect(o.releases).To(HaveLen(1)) + g.Expect(o.releases).To(HaveKey(key)) + g.Expect(o.releases[key]).To(Equal(NewObservedRelease(got))) + + _, err = ms.Get(key) + g.Expect(err).To(Equal(driver.ErrReleaseNotFound)) + }) + + t.Run("delete release not found", func(t *testing.T) { + g := NewWithT(t) + + ms := driver.NewMemory() + o := NewObserver(ms) + + key := o.makeKeyFunc("error", 1) + got, err := o.Delete(key) + g.Expect(err).To(Equal(driver.ErrReleaseNotFound)) + g.Expect(got).To(BeNil()) + }) +} + +func TestObserver_LastObservation(t *testing.T) { + t.Run("last observation by version", func(t *testing.T) { + g := NewWithT(t) + + o := NewObserver(driver.NewMemory()) + + rel1 := releaseStub("success", 1, "ns1", release.StatusDeployed) + key1 := o.makeKeyFunc(rel1.Name, rel1.Version) + + rel2 := releaseStub("success", 2, "ns1", release.StatusDeployed) + key2 := o.makeKeyFunc(rel2.Name, rel2.Version) + + g.Expect(o.Create(key2, rel2)).To(Succeed()) + g.Expect(o.Create(key1, rel1)).To(Succeed()) + + got, err := o.LastObservation(rel2.Name) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(NewObservedRelease(rel2))) + }) + + t.Run("no observed releases", func(t *testing.T) { + g := NewWithT(t) + + o := NewObserver(driver.NewMemory()) + got, err := o.LastObservation("notobserved") + g.Expect(err).To(Equal(ErrReleaseNotObserved)) + g.Expect(got).To(Equal(ObservedRelease{})) + }) + + t.Run("no observed releases for name", func(t *testing.T) { + g := NewWithT(t) + + o := NewObserver(driver.NewMemory()) + + otherRel := releaseStub("other", 2, "ns1", release.StatusDeployed) + otherKey := o.makeKeyFunc(otherRel.Name, otherRel.Version) + g.Expect(o.Create(otherKey, otherRel)).To(Succeed()) + + got, err := o.LastObservation("notobserved") + g.Expect(err).To(Equal(ErrReleaseNotObserved)) + g.Expect(got).To(Equal(ObservedRelease{})) + }) +} + +func TestObserver_GetObservedVersion(t *testing.T) { + t.Run("observation with version", func(t *testing.T) { + g := NewWithT(t) + + o := NewObserver(driver.NewMemory()) + + rel := releaseStub("thirtythree", 33, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(o.Create(key, rel)).To(Succeed()) + + got, err := o.GetObservedVersion(rel.Name, rel.Version) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(NewObservedRelease(rel))) + }) + + t.Run("unobserved version", func(t *testing.T) { + g := NewWithT(t) + + o := NewObserver(driver.NewMemory()) + + rel := releaseStub("two", 2, "ns1", release.StatusDeployed) + key := o.makeKeyFunc(rel.Name, rel.Version) + g.Expect(o.Create(key, rel)).To(Succeed()) + + got, err := o.GetObservedVersion("two", 1) + g.Expect(err).To(Equal(ErrReleaseNotObserved)) + g.Expect(got).To(Equal(ObservedRelease{})) + }) +} + +func TestObserver_ObserveLastRelease(t *testing.T) { + t.Run("observes last release from storage", func(t *testing.T) { + g := NewWithT(t) + + d := driver.NewMemory() + + rel1 := releaseStub("two", 1, "ns1", release.StatusDeployed) + key1 := makeKey(rel1.Name, rel1.Version) + g.Expect(d.Create(key1, rel1)).To(Succeed()) + + rel2 := releaseStub("two", 2, "ns1", release.StatusDeployed) + key2 := makeKey(rel2.Name, rel2.Version) + g.Expect(d.Create(key2, rel2)).To(Succeed()) + + o := NewObserver(d) + got, err := o.ObserveLastRelease("two") + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(NewObservedRelease(rel2))) + }) + + t.Run("error on release not found", func(t *testing.T) { + g := NewWithT(t) + + o := NewObserver(driver.NewMemory()) + got, err := o.ObserveLastRelease("notfound") + g.Expect(err).To(Equal(driver.ErrReleaseNotFound)) + g.Expect(got).To(Equal(ObservedRelease{})) + }) +} + +func Test_makeKey(t *testing.T) { + tests := []struct { + name string + version int + want string + }{ + {name: "release-a", version: 2, want: "sh.helm.release.v1.release-a.v2"}, + {name: "release-b", version: 48, want: "sh.helm.release.v1.release-b.v48"}, + } + for _, tt := range tests { + t.Run(fmt.Sprintf("%s_%d", tt.name, tt.version), func(t *testing.T) { + g := NewWithT(t) + + g.Expect(makeKey(tt.name, tt.version)).To(Equal(tt.want)) + }) + } +} + +func Test_splitKey(t *testing.T) { + tests := []struct { + key string + wantName string + wantVersion int + }{ + {key: "sh.helm.release.v1.release-a.v2", wantName: "release-a", wantVersion: 2}, + {key: "sh.helm.release.v1.release-b.v48", wantName: "release-b", wantVersion: 48}, + } + for _, tt := range tests { + t.Run(tt.key, func(t *testing.T) { + g := NewWithT(t) + + gotN, gotV := splitKey(tt.key) + g.Expect(gotN).To(Equal(tt.wantName)) + g.Expect(gotV).To(Equal(tt.wantVersion)) + }) + } +} + +func Test_makeKey_splitKey(t *testing.T) { + g := NewWithT(t) + + key := makeKey("release-name", 894) + gotN, gotV := splitKey(key) + g.Expect(gotN).To(Equal("release-name")) + g.Expect(gotV).To(Equal(894)) +} + +func releaseStub(name string, version int, namespace string, status release.Status) *release.Release { + return &release.Release{ + Name: name, + Version: version, + Namespace: namespace, + Info: &release.Info{Status: status}, + } +} + +func decodeReleaseFromFile(path string) (*release.Release, error) { + b, err := os.ReadFile(path) + if err != nil { + return nil, fmt.Errorf("failed to load encoded release data: %w", err) + } + rel, err := decodeRelease(string(b)) + if err != nil { + return nil, fmt.Errorf("failed to decode release data: %w", err) + } + return rel, nil +} + +func benchmarkNewObservedRelease(rel release.Release, b *testing.B) { + b.ReportAllocs() + for n := 0; n < b.N; n++ { + NewObservedRelease(&rel) + } +} + +func BenchmarkNewObservedReleaseSmall(b *testing.B) { + benchmarkNewObservedRelease(*smallRelease, b) +} + +func BenchmarkNewObservedReleaseMid(b *testing.B) { + benchmarkNewObservedRelease(*midRelease, b) +} + +func BenchmarkNewObservedReleaseBigger(b *testing.B) { + benchmarkNewObservedRelease(*biggerRelease, b) +} diff --git a/internal/storage/testdata/istio-base-1 b/internal/storage/testdata/istio-base-1 new file mode 100644 index 000000000..a99ff1f77 --- /dev/null +++ b/internal/storage/testdata/istio-base-1 @@ -0,0 +1 @@  \ No newline at end of file diff --git a/internal/storage/testdata/podinfo-helm-1 b/internal/storage/testdata/podinfo-helm-1 new file mode 100644 index 000000000..e1e387187 --- /dev/null +++ b/internal/storage/testdata/podinfo-helm-1 @@ -0,0 +1 @@  \ No newline at end of file diff --git a/internal/storage/testdata/prom-stack-1 b/internal/storage/testdata/prom-stack-1 new file mode 100644 index 000000000..ea3a7899a --- /dev/null +++ b/internal/storage/testdata/prom-stack-1 @@ -0,0 +1 @@  \ No newline at end of file From fe661df9d7199ac920d26b352072c59ad0518b1f Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 3 May 2022 01:09:42 +0200 Subject: [PATCH 02/76] Move HelmChart handling to separate reconciler This moves the HelmChart template handling to a separate reconciler, with predicates detecing relevant changes. The idea is that this would both facilitate working _without_ chart templates but with references in the future, and to reduce cognitive load while working with reconciler logic. The predicate uses `DeepEqual` from `k8s.io/apimachinery/pkg/api/equality` to inspect the Chart template objects of the old and new HelmRelease object in the update event. The reconciler uses server-side apply to create or update the HelmChart on the cluster, and emits an event based on the change set of the action. It does not produce any diff yet, as the server-side apply library at present does not provide a way to gain access to an "old" versus "new" objects after performing an apply. The `diff` package has however been prepared to allow diffing Unstructured objects. As this reconciler has a separate life-cycle, a new `chart.finalizers.fluxcd.io` finalizer has been introduced to ensure a HelmChart is properly garbage collected before the HelmRelease is allowed to be deleted. The implementation on the release reconciler's end is a rough sketch, but in working shape. The foresight is that much of the reconciler will change when the release logic will be adjusted to work with the earlier introduced storage observer. Signed-off-by: Hidde Beydals --- Makefile | 31 +- api/v2beta1/condition_types.go | 4 + go.mod | 2 +- .../controller/chart_template_predicate.go | 68 ++ .../helmrelease_chart_controller.go | 293 +++++ .../helmrelease_chart_controller_test.go | 1004 +++++++++++++++++ internal/controller/helmrelease_controller.go | 25 +- .../helmrelease_controller_chart.go | 225 +--- .../helmrelease_controller_chart_test.go | 659 ++++------- .../controller/helmrelease_controller_test.go | 2 +- internal/controller/suite_test.go | 60 +- internal/controller/testdata/chart-0.1.0.tgz | Bin 0 -> 3751 bytes internal/diff/differ.go | 25 +- internal/diff/unstructured.go | 54 + internal/diff/unstructured_test.go | 162 +++ main.go | 18 +- 16 files changed, 1961 insertions(+), 671 deletions(-) create mode 100644 internal/controller/chart_template_predicate.go create mode 100644 internal/controller/helmrelease_chart_controller.go create mode 100644 internal/controller/helmrelease_chart_controller_test.go create mode 100644 internal/controller/testdata/chart-0.1.0.tgz create mode 100644 internal/diff/unstructured.go create mode 100644 internal/diff/unstructured_test.go diff --git a/Makefile b/Makefile index ee5511adc..ccd6afd16 100644 --- a/Makefile +++ b/Makefile @@ -27,6 +27,17 @@ BUILD_PLATFORMS ?= linux/amd64 # Architecture to use envtest with ENVTEST_ARCH ?= amd64 +# Paths to download the CRD dependency to. +CRD_DEP_ROOT ?= $(BUILD_DIR)/config/crd/bases + +# Keep a record of the version of the downloaded source CRDs. It is used to +# detect and download new CRDs when the SOURCE_VER changes. +SOURCE_VER ?= $(shell go list -m all | grep github.com/fluxcd/source-controller/api | awk '{print $$2}') +SOURCE_CRD_VER = $(CRD_DEP_ROOT)/.src-crd-$(SOURCE_VER) + +# HelmChart source CRD. +HELMCHART_SOURCE_CRD ?= $(CRD_DEP_ROOT)/source.toolkit.fluxcd.io_helmcharts.yaml + # API (doc) generation utilities CONTROLLER_GEN_VERSION ?= v0.12.0 GEN_API_REF_DOCS_VERSION ?= e327d0730470cbd61b06300f81c5fcf91c23c113 @@ -35,7 +46,7 @@ all: manager # Run tests KUBEBUILDER_ASSETS?="$(shell $(ENVTEST) --arch=$(ENVTEST_ARCH) use -i $(ENVTEST_KUBERNETES_VERSION) --bin-dir=$(ENVTEST_ASSETS_DIR) -p path)" -test: tidy generate fmt vet manifests api-docs install-envtest +test: tidy generate fmt vet manifests api-docs install-envtest download-crd-deps KUBEBUILDER_ASSETS=$(KUBEBUILDER_ASSETS) go test ./... -coverprofile cover.out cd api; go test ./... -coverprofile cover.out @@ -113,6 +124,24 @@ docker-build: docker-push: docker push ${IMG} +# Delete previously downloaded CRDs and record the new version of the source +# CRDs. +$(SOURCE_CRD_VER): + rm -f $(CRD_DEP_ROOT)/.src-crd* + mkdir -p $(CRD_DEP_ROOT) + $(MAKE) cleanup-crd-deps + touch $(SOURCE_CRD_VER) + +$(HELMCHART_SOURCE_CRD): + curl -s https://raw.githubusercontent.com/fluxcd/source-controller/${SOURCE_VER}/config/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml > $(HELMCHART_SOURCE_CRD) + +# Download the CRDs the controller depends on +download-crd-deps: $(SOURCE_CRD_VER) $(HELMCHART_SOURCE_CRD) + +# Delete the downloaded CRD dependencies. +cleanup-crd-deps: + rm -f $(HELMCHART_SOURCE_CRD) + # Find or download controller-gen CONTROLLER_GEN = $(GOBIN)/controller-gen .PHONY: controller-gen diff --git a/api/v2beta1/condition_types.go b/api/v2beta1/condition_types.go index c0c209560..09eae7354 100644 --- a/api/v2beta1/condition_types.go +++ b/api/v2beta1/condition_types.go @@ -16,6 +16,10 @@ limitations under the License. package v2beta1 +// ChartFinalizer is set on a HelmRelease when a HelmChart object is created +// for it, and removed when this object has been deleted. +const ChartFinalizer = "chart.finalizers.fluxcd.io" + const ( // ReleasedCondition represents the status of the last release attempt // (install/upgrade/test) against the latest desired state. diff --git a/go.mod b/go.mod index 3a1c3c76a..e1c52b5f6 100644 --- a/go.mod +++ b/go.mod @@ -31,6 +31,7 @@ require ( github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/go-digest/blake3 v0.0.0-20230815154656-802ce17c4f59 github.com/spf13/pflag v1.0.5 + golang.org/x/text v0.13.0 gopkg.in/yaml.v2 v2.4.0 helm.sh/helm/v3 v3.12.3 k8s.io/api v0.27.4 @@ -153,7 +154,6 @@ require ( golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/internal/controller/chart_template_predicate.go b/internal/controller/chart_template_predicate.go new file mode 100644 index 000000000..89b569099 --- /dev/null +++ b/internal/controller/chart_template_predicate.go @@ -0,0 +1,68 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + apiequality "k8s.io/apimachinery/pkg/api/equality" + "sigs.k8s.io/controller-runtime/pkg/event" + "sigs.k8s.io/controller-runtime/pkg/predicate" + + v2 "github.com/fluxcd/helm-controller/api/v2beta1" +) + +// ChartTemplateChangePredicate detects changes to the v1beta2.HelmChart +// template embedded in v2beta1.HelmRelease objects. +type ChartTemplateChangePredicate struct { + predicate.Funcs +} + +func (ChartTemplateChangePredicate) Create(e event.CreateEvent) bool { + if e.Object == nil { + return false + } + if _, ok := e.Object.(*v2.HelmRelease); !ok { + return false + } + return true +} + +func (ChartTemplateChangePredicate) Update(e event.UpdateEvent) bool { + if e.ObjectOld == nil || e.ObjectNew == nil { + return false + } + + oldObj, ok := e.ObjectOld.(*v2.HelmRelease) + if !ok { + return false + } + newObj, ok := e.ObjectNew.(*v2.HelmRelease) + if !ok { + return false + } + + return !apiequality.Semantic.DeepEqual(oldObj.Spec.Chart, newObj.Spec.Chart) +} + +func (ChartTemplateChangePredicate) Delete(e event.DeleteEvent) bool { + if e.Object == nil { + return false + } + if _, ok := e.Object.(*v2.HelmRelease); !ok { + return false + } + return true +} diff --git a/internal/controller/helmrelease_chart_controller.go b/internal/controller/helmrelease_chart_controller.go new file mode 100644 index 000000000..93b09e3b0 --- /dev/null +++ b/internal/controller/helmrelease_chart_controller.go @@ -0,0 +1,293 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + "fmt" + + "golang.org/x/text/cases" + "golang.org/x/text/language" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/errors" + kuberecorder "k8s.io/client-go/tools/record" + "sigs.k8s.io/cli-utils/pkg/kstatus/polling" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/apiutil" + "sigs.k8s.io/controller-runtime/pkg/controller" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/predicate" + "sigs.k8s.io/controller-runtime/pkg/ratelimiter" + + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" + "github.com/fluxcd/pkg/runtime/acl" + helper "github.com/fluxcd/pkg/runtime/controller" + "github.com/fluxcd/pkg/runtime/patch" + "github.com/fluxcd/pkg/runtime/predicates" + "github.com/fluxcd/pkg/ssa" + sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" + + v2 "github.com/fluxcd/helm-controller/api/v2beta1" +) + +type HelmReleaseChartReconciler struct { + client.Client + kuberecorder.EventRecorder + helper.Metrics + + StatusPoller *polling.StatusPoller + FieldManager string + NoCrossNamespaceRef bool +} + +type HelmReleaseChartReconcilerOptions struct { + RateLimiter ratelimiter.RateLimiter +} + +func (r *HelmReleaseChartReconciler) SetupWithManager(mgr ctrl.Manager) error { + return r.SetupWithManagerAndOptions(mgr, HelmReleaseChartReconcilerOptions{}) +} + +func (r *HelmReleaseChartReconciler) SetupWithManagerAndOptions(mgr ctrl.Manager, opts HelmReleaseChartReconcilerOptions) error { + return ctrl.NewControllerManagedBy(mgr). + For(&v2.HelmRelease{}). + WithEventFilter(predicate.Or(ChartTemplateChangePredicate{}, predicates.ReconcileRequestedPredicate{})). + WithOptions(controller.Options{ + RateLimiter: opts.RateLimiter, + }). + Complete(r) +} + +func (r *HelmReleaseChartReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, retErr error) { + log := ctrl.LoggerFrom(ctx) + + // Fetch the HelmRelease + obj := &v2.HelmRelease{} + if err := r.Get(ctx, req.NamespacedName, obj); err != nil { + return ctrl.Result{}, client.IgnoreNotFound(err) + } + + // Record suspended status metric + r.RecordSuspend(ctx, obj, obj.Spec.Suspend) + + // Initialize the patch helper with the current version of the object. + patchHelper := patch.NewSerialPatcher(obj, r.Client) + + // Always attempt to patch the object after each reconciliation. + defer func() { + if err := patchHelper.Patch(ctx, obj, patch.WithFieldOwner(r.FieldManager)); err != nil { + if retErr != nil { + retErr = errors.NewAggregate([]error{retErr, err}) + } else { + retErr = err + } + } + }() + + // Add finalizer first if not exist to avoid the race condition + // between init and delete. + if !controllerutil.ContainsFinalizer(obj, v2.ChartFinalizer) { + controllerutil.AddFinalizer(obj, v2.ChartFinalizer) + return ctrl.Result{Requeue: true}, nil + } + + // Examine if the object is under deletion. + if !obj.ObjectMeta.DeletionTimestamp.IsZero() { + return r.reconcileDelete(ctx, obj) + } + + // Return early if the object is suspended + if obj.Spec.Suspend { + log.Info("reconciliation is suspended for this object") + return ctrl.Result{}, nil + } + + return r.reconcile(ctx, obj) +} + +func (r *HelmReleaseChartReconciler) reconcile(ctx context.Context, obj *v2.HelmRelease) (ctrl.Result, error) { + chartRef := types.NamespacedName{ + Namespace: obj.Spec.Chart.GetNamespace(obj.Namespace), + Name: obj.GetHelmChartName(), + } + + // The HelmChart name and/or namespace diverges, delete first the current + // and come back. + if obj.Status.HelmChart != "" && obj.Status.HelmChart != chartRef.String() { + return r.reconcileDelete(ctx, obj) + } + + // Confirm we are allowed to fetch the HelmChart. + if err := r.aclAllowAccessTo(obj, chartRef); err != nil { + return ctrl.Result{}, err + } + + // Build new HelmChart based on the declared template. + newChart := buildHelmChartFromTemplate(obj) + + // Convert to an unstructured object to please the SSA library. + uo, err := runtime.DefaultUnstructuredConverter.ToUnstructured(newChart.DeepCopy()) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to convert HelmChart to unstructured: %w", err) + } + u := &unstructured.Unstructured{Object: uo} + + // Get the GVK for the object according to the current scheme. + gvk, err := apiutil.GVKForObject(newChart, r.Client.Scheme()) + if err != nil { + return ctrl.Result{}, fmt.Errorf("unable to get GVK for HelmChart: %w", err) + } + u.SetGroupVersionKind(gvk) + + rm := ssa.NewResourceManager(r.Client, r.StatusPoller, ssa.Owner{ + Group: v2.GroupVersion.Group, + Field: r.FieldManager, + }) + + // Mark the object as owned by the HelmRelease. + rm.SetOwnerLabels([]*unstructured.Unstructured{u}, obj.GetName(), obj.GetNamespace()) + + // Run using server-side apply. + entry, err := rm.Apply(ctx, u, ssa.DefaultApplyOptions()) + if err != nil { + err = fmt.Errorf("failed to run server-side apply: %w", err) + r.Eventf(obj, eventv1.EventTypeTrace, "HelmChartApplyFailed", err.Error()) + return ctrl.Result{}, err + } + + // Consult the entry result and act accordingly. + switch entry.Action { + case ssa.CreatedAction, ssa.ConfiguredAction: + msg := fmt.Sprintf("%s %s with SourceRef '%s/%s/%s'", entry.Action.String(), entry.Subject, + newChart.Spec.SourceRef.Kind, newChart.GetNamespace(), newChart.Spec.SourceRef.Name) + r.Eventf(obj, eventv1.EventTypeTrace, fmt.Sprintf("HelmChart%s", cases.Title(language.Und).String(entry.Action.String())), msg) + ctrl.LoggerFrom(ctx).Info(msg) + case ssa.UnchangedAction: + msg := fmt.Sprintf("%s with SourceRef '%s/%s/%s' is in-sync with the declared state", entry.Subject, + newChart.Spec.SourceRef.Kind, newChart.GetNamespace(), newChart.Spec.SourceRef.Name) + r.Eventf(obj, eventv1.EventTypeTrace, "HelmChartUnchanged", msg) + ctrl.LoggerFrom(ctx).Info(msg) + default: + err = fmt.Errorf("unexpected action '%s' for %s", entry.Action.String(), entry.Subject) + return ctrl.Result{}, err + } + + // From this moment on, we know the HelmChart spec is up-to-date. + obj.Status.HelmChart = chartRef.String() + + // Requeue to ensure the state continues to be the same. + return ctrl.Result{RequeueAfter: obj.GetRequeueAfter()}, nil +} + +// reconcileDelete handles the garbage collection of the current HelmChart in +// the Status object of the given HelmRelease. +func (r *HelmReleaseChartReconciler) reconcileDelete(ctx context.Context, obj *v2.HelmRelease) (ctrl.Result, error) { + if !obj.Spec.Suspend && obj.Status.HelmChart != "" { + ns, name := obj.Status.GetHelmChart() + namespacedName := types.NamespacedName{Namespace: ns, Name: name} + + // Confirm we are allowed to fetch the HelmChart. + if err := r.aclAllowAccessTo(obj, namespacedName); err != nil { + return ctrl.Result{}, err + } + + // Fetch the HelmChart. + var chart sourcev1.HelmChart + err := r.Client.Get(ctx, namespacedName, &chart) + if err != nil && !apierrors.IsNotFound(err) { + // Return error to retry until we succeed. + err = fmt.Errorf("failed to delete HelmChart '%s': %w", obj.Status.HelmChart, err) + return ctrl.Result{}, err + } + if err == nil { + // Delete the HelmChart. + if err = r.Client.Delete(ctx, &chart); err != nil { + err = fmt.Errorf("failed to delete HelmChart '%s': %w", obj.Status.HelmChart, err) + return ctrl.Result{}, err + } + r.Eventf(obj, eventv1.EventSeverityTrace, "HelmChartDeleted", "deleted HelmChart '%s'", obj.Status.HelmChart) + } + // Truncate the chart reference in the status object. + obj.Status.HelmChart = "" + } + + if obj.DeletionTimestamp != nil { + // Remove our finalizer from the list. + controllerutil.RemoveFinalizer(obj, v2.ChartFinalizer) + + // Stop reconciliation as the object is being deleted. + return ctrl.Result{}, nil + } + return ctrl.Result{Requeue: true}, nil +} + +// aclAllowAccessTo returns an acl.AccessDeniedError if the given v2beta1.HelmRelease +// object is not allowed to access the provided name. +func (r *HelmReleaseChartReconciler) aclAllowAccessTo(obj *v2.HelmRelease, name types.NamespacedName) error { + if !r.NoCrossNamespaceRef { + return nil + } + if obj.Namespace != name.Namespace { + return acl.AccessDeniedError(fmt.Sprintf("can't access '%s/%s', cross-namespace references have been blocked", + obj.Spec.Chart.Spec.SourceRef.Kind, types.NamespacedName{ + Namespace: obj.Spec.Chart.Spec.SourceRef.Namespace, + Name: obj.Spec.Chart.Spec.SourceRef.Name, + }, + )) + } + return nil +} + +// buildHelmChartFromTemplate builds a v1beta2.HelmChart from the +// v2beta1.HelmChartTemplate of the given v2beta1.HelmRelease. +func buildHelmChartFromTemplate(obj *v2.HelmRelease) *sourcev1.HelmChart { + template := obj.Spec.Chart.DeepCopy() + result := &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Name: obj.GetHelmChartName(), + Namespace: template.GetNamespace(obj.Namespace), + }, + Spec: sourcev1.HelmChartSpec{ + Chart: template.Spec.Chart, + Version: template.Spec.Version, + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Name: template.Spec.SourceRef.Name, + Kind: template.Spec.SourceRef.Kind, + }, + Interval: template.GetInterval(obj.Spec.Interval), + ReconcileStrategy: template.Spec.ReconcileStrategy, + ValuesFiles: template.Spec.ValuesFiles, + ValuesFile: template.Spec.ValuesFile, + }, + } + if verifyTpl := template.Spec.Verify; verifyTpl != nil { + result.Spec.Verify = &sourcev1.OCIRepositoryVerification{ + Provider: verifyTpl.Provider, + SecretRef: verifyTpl.SecretRef, + } + } + if metaTpl := template.ObjectMeta; metaTpl != nil { + result.SetAnnotations(metaTpl.Annotations) + result.SetLabels(metaTpl.Labels) + } + return result +} diff --git a/internal/controller/helmrelease_chart_controller_test.go b/internal/controller/helmrelease_chart_controller_test.go new file mode 100644 index 000000000..7f5cddce8 --- /dev/null +++ b/internal/controller/helmrelease_chart_controller_test.go @@ -0,0 +1,1004 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + "github.com/fluxcd/pkg/apis/meta" + sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" + + v2 "github.com/fluxcd/helm-controller/api/v2beta1" +) + +func TestHelmReleaseChartReconciler_Reconcile(t *testing.T) { + t.Run("reconciles HelmChartTemplate", func(t *testing.T) { + g := NewWithT(t) + + namespace := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "helm-release-chart-", + }, + } + g.Expect(testEnv.CreateAndWait(context.Background(), namespace)).To(Succeed()) + t.Cleanup(func() { + g.Expect(testEnv.Cleanup(context.Background(), namespace)).To(Succeed()) + }) + + chartSpecTemplate := v2.HelmChartTemplateSpec{ + Chart: "chart", + SourceRef: v2.CrossNamespaceObjectReference{ + Kind: sourcev1.HelmRepositoryKind, + Name: "repository", + }, + } + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + Name: "reconcile", + Finalizers: []string{ + v2.ChartFinalizer, + }, + }, + Spec: v2.HelmReleaseSpec{ + Interval: metav1.Duration{Duration: 1 * time.Millisecond}, + Chart: v2.HelmChartTemplate{ + Spec: chartSpecTemplate, + }, + }, + } + + g.Expect(testEnv.CreateAndWait(context.TODO(), obj.DeepCopy())).To(Succeed()) + t.Cleanup(func() { + g.Expect(testEnv.Cleanup(context.TODO(), obj)).To(Succeed()) + }) + + r := &HelmReleaseChartReconciler{ + Client: testEnv, + EventRecorder: record.NewFakeRecorder(32), + FieldManager: "helm-controller", + } + + key := types.NamespacedName{ + Name: obj.GetName(), + Namespace: obj.GetNamespace(), + } + got, err := r.Reconcile(ctrl.LoggerInto(context.TODO(), logr.Discard()), reconcile.Request{NamespacedName: key}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{RequeueAfter: obj.Spec.Interval.Duration})) + + g.Expect(testClient.Get(context.TODO(), key, obj)).To(Succeed()) + g.Expect(obj.Status.HelmChart).ToNot(BeEmpty()) + + chartNs, chartName := obj.Status.GetHelmChart() + var chartObj sourcev1.HelmChart + g.Expect(r.Client.Get(context.TODO(), types.NamespacedName{Namespace: chartNs, Name: chartName}, &chartObj)).To(Succeed()) + t.Cleanup(func() { + g.Expect(testEnv.Cleanup(context.Background(), &chartObj)).To(Succeed()) + }) + + g.Expect(chartObj.Spec.Chart).To(Equal(obj.Spec.Chart.Spec.Chart)) + }) + + t.Run("HelmRelease NotFound", func(t *testing.T) { + g := NewWithT(t) + + builder := fake.NewClientBuilder(). + WithScheme(testScheme) + r := &HelmReleaseChartReconciler{ + Client: builder.Build(), + EventRecorder: record.NewFakeRecorder(32), + } + + key := types.NamespacedName{ + Name: "not", + Namespace: "found", + } + got, err := r.Reconcile(ctrl.LoggerInto(context.TODO(), logr.Discard()), reconcile.Request{NamespacedName: key}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{})) + }) + + t.Run("finalizer set before start reconciliation", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "release", + Namespace: "default", + }, + } + + builder := fake.NewClientBuilder(). + WithScheme(testScheme). + WithObjects(obj) + r := &HelmReleaseChartReconciler{ + Client: builder.Build(), + EventRecorder: record.NewFakeRecorder(32), + } + + key := types.NamespacedName{ + Name: obj.GetName(), + Namespace: obj.GetNamespace(), + } + got, err := r.Reconcile(ctrl.LoggerInto(context.TODO(), logr.Discard()), reconcile.Request{NamespacedName: key}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{Requeue: true})) + + g.Expect(r.Client.Get(context.TODO(), key, obj)).To(Succeed()) + g.Expect(controllerutil.ContainsFinalizer(obj, v2.ChartFinalizer)).To(BeTrue()) + }) + + t.Run("HelmRelease suspended", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "release", + Namespace: "default", + Finalizers: []string{ + v2.ChartFinalizer, + }, + }, + Spec: v2.HelmReleaseSpec{ + Suspend: true, + }, + } + + builder := fake.NewClientBuilder(). + WithScheme(testScheme). + WithObjects(obj) + r := &HelmReleaseChartReconciler{ + Client: builder.Build(), + EventRecorder: record.NewFakeRecorder(32), + } + + key := types.NamespacedName{ + Name: obj.GetName(), + Namespace: obj.GetNamespace(), + } + got, err := r.Reconcile(ctrl.LoggerInto(context.TODO(), logr.Discard()), reconcile.Request{NamespacedName: key}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{})) + }) + + t.Run("DeletionTimestamp triggers delete", func(t *testing.T) { + g := NewWithT(t) + + now := metav1.Now() + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "release", + Namespace: "default", + DeletionTimestamp: &now, + Finalizers: []string{ + v2.ChartFinalizer, + sourcev1.SourceFinalizer, + }, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: "default/does-not-exist", + }, + } + + builder := fake.NewClientBuilder(). + WithScheme(testScheme). + WithObjects(obj). + WithStatusSubresource(&v2.HelmRelease{}) + + r := &HelmReleaseChartReconciler{ + Client: builder.Build(), + EventRecorder: record.NewFakeRecorder(32), + } + + key := types.NamespacedName{ + Name: obj.GetName(), + Namespace: obj.GetNamespace(), + } + got, err := r.Reconcile(ctrl.LoggerInto(context.TODO(), logr.Discard()), reconcile.Request{NamespacedName: key}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{})) + + g.Expect(r.Client.Get(context.TODO(), key, obj)).To(Succeed()) + g.Expect(obj.Status.HelmChart).To(BeEmpty()) + g.Expect(controllerutil.ContainsFinalizer(obj, v2.ChartFinalizer)).To(BeFalse()) + }) + + t.Run("DeletionTimestamp with Suspend removes finalizer", func(t *testing.T) { + g := NewWithT(t) + + now := metav1.Now() + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "release", + Namespace: "default", + DeletionTimestamp: &now, + Finalizers: []string{ + v2.ChartFinalizer, + sourcev1.SourceFinalizer, + }, + }, + Spec: v2.HelmReleaseSpec{ + Suspend: true, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: "default/does-not-exist", + }, + } + + builder := fake.NewClientBuilder(). + WithScheme(testScheme). + WithObjects(obj). + WithStatusSubresource(&v2.HelmRelease{}) + + r := &HelmReleaseChartReconciler{ + Client: builder.Build(), + EventRecorder: record.NewFakeRecorder(32), + } + + key := types.NamespacedName{ + Name: obj.GetName(), + Namespace: obj.GetNamespace(), + } + got, err := r.Reconcile(ctrl.LoggerInto(context.TODO(), logr.Discard()), reconcile.Request{NamespacedName: key}) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{})) + + g.Expect(r.Client.Get(context.TODO(), key, obj)).To(Succeed()) + g.Expect(obj.Status.HelmChart).ToNot(BeEmpty()) + g.Expect(controllerutil.ContainsFinalizer(obj, v2.ChartFinalizer)).To(BeFalse()) + }) +} + +func TestHelmReleaseChartReconciler_reconcile(t *testing.T) { + g := NewWithT(t) + + namespace := corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: "helm-release-chart-reconciler-", + }, + } + g.Expect(testEnv.CreateAndWait(context.Background(), &namespace)).To(Succeed()) + t.Cleanup(func() { + g.Expect(testEnv.Cleanup(context.Background(), &namespace)).To(Succeed()) + }) + + t.Run("Status.HelmChart divergence triggers delete and requeue", func(t *testing.T) { + g := NewWithT(t) + + existingChart := sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + GenerateName: "existing-chart-", + }, + Spec: sourcev1.HelmChartSpec{ + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Kind: sourcev1.HelmRepositoryKind, + Name: "mock", + }, + }, + } + g.Expect(testEnv.CreateAndWait(context.TODO(), &existingChart)).To(Succeed()) + t.Cleanup(func() { + g.Expect(testEnv.Cleanup(context.Background(), &existingChart)).To(Succeed()) + }) + + r := &HelmReleaseChartReconciler{ + Client: testEnv, + EventRecorder: record.NewFakeRecorder(32), + } + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + Name: "release-with-existing-chart", + }, + Status: v2.HelmReleaseStatus{ + HelmChart: fmt.Sprintf("%s/%s", existingChart.GetNamespace(), existingChart.GetName()), + }, + } + got, err := r.reconcile(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{Requeue: true})) + g.Expect(obj.Status.HelmChart).To(BeEmpty()) + }) + + t.Run("HelmChart NotFound creates HelmChart", func(t *testing.T) { + g := NewWithT(t) + + recorder := record.NewFakeRecorder(32) + r := &HelmReleaseChartReconciler{ + Client: testEnv, + EventRecorder: recorder, + FieldManager: "helm-controller", + } + + releaseName := "not-found" + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + Name: releaseName, + }, + Spec: v2.HelmReleaseSpec{ + Interval: metav1.Duration{Duration: 1 * time.Hour}, + Chart: v2.HelmChartTemplate{ + Spec: v2.HelmChartTemplateSpec{ + SourceRef: v2.CrossNamespaceObjectReference{ + Kind: sourcev1.HelmRepositoryKind, + Name: "mock", + }, + }, + }, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: fmt.Sprintf("%s/%s", namespace.GetName(), namespace.GetName()+"-"+releaseName), + }, + } + got, err := r.reconcile(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{RequeueAfter: obj.GetRequeueAfter()})) + g.Expect(obj.Status.HelmChart).ToNot(BeEmpty()) + + expectChart := sourcev1.HelmChart{} + g.Expect(testClient.Get(context.TODO(), types.NamespacedName{ + Namespace: obj.Spec.Chart.GetNamespace(obj.Namespace), + Name: obj.GetHelmChartName()}, + &expectChart, + )).To(Succeed()) + t.Cleanup(func() { + g.Expect(testEnv.Cleanup(context.Background(), &expectChart)).To(Succeed()) + }) + }) + + t.Run("Spec divergence updates HelmChart", func(t *testing.T) { + g := NewWithT(t) + + releaseName := "divergence" + existingChart := sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + Name: fmt.Sprintf("%s-%s", namespace.GetName(), releaseName), + Labels: map[string]string{ + v2.GroupVersion.Group + "/name": releaseName, + v2.GroupVersion.Group + "/namespace": namespace.GetName(), + }, + }, + Spec: sourcev1.HelmChartSpec{ + Chart: "./bar", + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Kind: sourcev1.HelmRepositoryKind, + Name: "bar-repository", + }, + }, + } + g.Expect(testEnv.CreateAndWait(context.TODO(), &existingChart)).To(Succeed()) + t.Cleanup(func() { + g.Expect(testEnv.Cleanup(context.Background(), &existingChart)).To(Succeed()) + }) + + recorder := record.NewFakeRecorder(32) + r := &HelmReleaseChartReconciler{ + Client: testEnv, + EventRecorder: recorder, + FieldManager: "helm-controller", + } + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + Name: releaseName, + }, + Spec: v2.HelmReleaseSpec{ + Interval: metav1.Duration{Duration: 1 * time.Hour}, + Chart: v2.HelmChartTemplate{ + Spec: v2.HelmChartTemplateSpec{ + Chart: "foo", + SourceRef: v2.CrossNamespaceObjectReference{ + Kind: sourcev1.HelmRepositoryKind, + Name: "foo-repository", + }, + }, + }, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: fmt.Sprintf("%s/%s", existingChart.GetNamespace(), existingChart.GetName()), + }, + } + got, err := r.reconcile(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{RequeueAfter: obj.GetRequeueAfter()})) + g.Expect(obj.Status.HelmChart).ToNot(BeEmpty()) + + newChart := sourcev1.HelmChart{} + g.Expect(testClient.Get(context.TODO(), types.NamespacedName{ + Namespace: obj.Spec.Chart.GetNamespace(obj.Namespace), + Name: obj.GetHelmChartName()}, &newChart)).To(Succeed()) + + g.Expect(newChart.Spec.Chart).To(Equal(obj.Spec.Chart.Spec.Chart)) + g.Expect(newChart.Spec.SourceRef.Name).To(Equal(obj.Spec.Chart.Spec.SourceRef.Name)) + g.Expect(newChart.Spec.SourceRef.Kind).To(Equal(obj.Spec.Chart.Spec.SourceRef.Kind)) + }) + + t.Run("no HelmChart divergence", func(t *testing.T) { + g := NewWithT(t) + + releaseName := "no-divergence" + existingChart := &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + Name: fmt.Sprintf("%s-%s", namespace.GetName(), releaseName), + Labels: map[string]string{ + v2.GroupVersion.Group + "/name": releaseName, + v2.GroupVersion.Group + "/namespace": namespace.GetName(), + }, + }, + Spec: sourcev1.HelmChartSpec{ + Interval: metav1.Duration{Duration: 1 * time.Hour}, + Chart: "foo", + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Kind: sourcev1.HelmRepositoryKind, + Name: "foo-repository", + }, + }, + } + g.Expect(testEnv.CreateAndWait(context.Background(), existingChart)).To(Succeed()) + t.Cleanup(func() { + g.Expect(testEnv.Cleanup(context.Background(), existingChart)).To(Succeed()) + }) + + recorder := record.NewFakeRecorder(32) + r := &HelmReleaseChartReconciler{ + Client: testEnv, + EventRecorder: recorder, + FieldManager: "helm-controller", + } + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + Name: releaseName, + }, + Spec: v2.HelmReleaseSpec{ + Interval: existingChart.Spec.Interval, + Chart: v2.HelmChartTemplate{ + Spec: v2.HelmChartTemplateSpec{ + Chart: existingChart.Spec.Chart, + SourceRef: v2.CrossNamespaceObjectReference{ + Kind: existingChart.Spec.SourceRef.Kind, + Name: existingChart.Spec.SourceRef.Name, + }, + }, + }, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: fmt.Sprintf("%s/%s", existingChart.GetNamespace(), existingChart.GetName()), + }, + } + + got, err := r.reconcile(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{RequeueAfter: obj.GetRequeueAfter()})) + g.Expect(obj.Status.HelmChart).ToNot(BeEmpty()) + + newChart := sourcev1.HelmChart{} + g.Expect(testClient.Get(context.TODO(), types.NamespacedName{ + Namespace: obj.Spec.Chart.GetNamespace(obj.Namespace), + Name: obj.GetHelmChartName()}, &newChart)).To(Succeed()) + g.Expect(newChart.ResourceVersion).To(Equal(existingChart.ResourceVersion), "HelmChart should not have been updated") + }) + + t.Run("sets owner labels on HelmChart", func(t *testing.T) { + g := NewWithT(t) + + recorder := record.NewFakeRecorder(32) + r := &HelmReleaseChartReconciler{ + Client: testEnv, + EventRecorder: recorder, + FieldManager: "helm-controller", + } + + releaseName := "owner-labels" + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace.GetName(), + Name: releaseName, + }, + Spec: v2.HelmReleaseSpec{ + Interval: metav1.Duration{Duration: 1 * time.Hour}, + Chart: v2.HelmChartTemplate{ + Spec: v2.HelmChartTemplateSpec{ + SourceRef: v2.CrossNamespaceObjectReference{ + Kind: sourcev1.HelmRepositoryKind, + Name: "mock", + }, + }, + }, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: fmt.Sprintf("%s/%s", namespace.GetName(), namespace.GetName()+"-"+releaseName), + }, + } + got, err := r.reconcile(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{RequeueAfter: obj.GetRequeueAfter()})) + g.Expect(obj.Status.HelmChart).ToNot(BeEmpty()) + + expectChart := sourcev1.HelmChart{} + g.Expect(r.Client.Get(context.TODO(), types.NamespacedName{ + Namespace: obj.Spec.Chart.GetNamespace(obj.Namespace), + Name: obj.GetHelmChartName()}, + &expectChart, + )).To(Succeed()) + g.Expect(testEnv.Cleanup(context.Background(), &expectChart)).To(Succeed()) + + g.Expect(expectChart.GetLabels()).To(HaveKeyWithValue(v2.GroupVersion.Group+"/name", obj.GetName())) + g.Expect(expectChart.GetLabels()).To(HaveKeyWithValue(v2.GroupVersion.Group+"/namespace", obj.GetNamespace())) + }) + + t.Run("cross namespace disallow is respected", func(t *testing.T) { + g := NewWithT(t) + + r := &HelmReleaseChartReconciler{ + Client: fake.NewClientBuilder().WithScheme(testScheme).Build(), + NoCrossNamespaceRef: true, + } + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "release", + Namespace: "default", + }, + Spec: v2.HelmReleaseSpec{ + Chart: v2.HelmChartTemplate{ + Spec: v2.HelmChartTemplateSpec{ + SourceRef: v2.CrossNamespaceObjectReference{ + Name: "chart", + Namespace: "other", + }, + }, + }, + }, + Status: v2.HelmReleaseStatus{}, + } + got, err := r.reconcile(context.TODO(), obj) + g.Expect(err).To(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{})) + g.Expect(obj.Status.HelmChart).To(BeEmpty()) + + err = r.Client.Get(context.TODO(), types.NamespacedName{Namespace: "other", Name: "chart"}, &sourcev1.HelmChart{}) + g.Expect(err).To(HaveOccurred()) + g.Expect(apierrors.IsNotFound(err)).To(BeTrue()) + }) +} + +func TestHelmReleaseChartReconciler_reconcileDelete(t *testing.T) { + now := metav1.Now() + + t.Run("Status.HelmChart is deleted", func(t *testing.T) { + g := NewWithT(t) + + builder := fake.NewClientBuilder(). + WithScheme(testScheme). + WithObjects(&sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "default", + Name: "chart", + }, + }) + + recorder := record.NewFakeRecorder(32) + r := &HelmReleaseChartReconciler{ + Client: builder.Build(), + EventRecorder: recorder, + } + + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + HelmChart: "default/chart", + }, + } + got, err := r.reconcileDelete(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{Requeue: true})) + g.Expect(obj.Status.HelmChart).To(BeEmpty()) + + err = r.Client.Get(context.TODO(), types.NamespacedName{Namespace: "default", Name: "chart"}, &sourcev1.HelmChart{}) + g.Expect(err).To(HaveOccurred()) + g.Expect(apierrors.IsNotFound(err)).To(BeTrue()) + }) + + t.Run("Status.HelmChart already deleted", func(t *testing.T) { + g := NewWithT(t) + + r := &HelmReleaseChartReconciler{ + Client: fake.NewClientBuilder().WithScheme(testScheme).Build(), + } + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Finalizers: []string{v2.ChartFinalizer}, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: "default/chart", + }, + } + got, err := r.reconcileDelete(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{Requeue: true})) + g.Expect(obj.Status.HelmChart).To(BeEmpty()) + g.Expect(obj.Finalizers).To(ContainElement(v2.ChartFinalizer)) + }) + + t.Run("DeletionTimestamp removes finalizer", func(t *testing.T) { + g := NewWithT(t) + + r := &HelmReleaseChartReconciler{ + Client: fake.NewClientBuilder().WithScheme(testScheme).Build(), + } + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + DeletionTimestamp: &now, + Finalizers: []string{v2.ChartFinalizer}, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: "default/chart", + }, + } + got, err := r.reconcileDelete(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{})) + g.Expect(obj.Status.HelmChart).To(BeEmpty()) + g.Expect(obj.Finalizers).ToNot(ContainElement(v2.ChartFinalizer)) + }) + + t.Run("Spec.Suspend is respected", func(t *testing.T) { + g := NewWithT(t) + + builder := fake.NewClientBuilder(). + WithScheme(testScheme). + WithObjects(&sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "default", + Name: "chart", + }, + }) + + recorder := record.NewFakeRecorder(32) + r := &HelmReleaseChartReconciler{ + Client: builder.Build(), + EventRecorder: recorder, + } + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + DeletionTimestamp: &now, + }, + Spec: v2.HelmReleaseSpec{ + Suspend: true, + }, + Status: v2.HelmReleaseStatus{ + HelmChart: "default/chart", + }, + } + got, err := r.reconcileDelete(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{})) + g.Expect(obj.Status.HelmChart).ToNot(BeEmpty()) + g.Expect(obj.Finalizers).ToNot(ContainElement(v2.ChartFinalizer)) + + err = r.Client.Get(context.TODO(), types.NamespacedName{Namespace: "default", Name: "chart"}, &sourcev1.HelmChart{}) + g.Expect(err).ToNot(HaveOccurred()) + + }) + + t.Run("cross namespace disallow is respected", func(t *testing.T) { + g := NewWithT(t) + + chart := &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "other", + Name: "chart", + }, + } + builder := fake.NewClientBuilder(). + WithScheme(testScheme). + WithObjects(chart) + + r := &HelmReleaseChartReconciler{ + Client: builder.Build(), + NoCrossNamespaceRef: true, + } + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "default", + }, + Status: v2.HelmReleaseStatus{ + HelmChart: "other/chart", + }, + } + got, err := r.reconcileDelete(context.TODO(), obj) + g.Expect(err).To(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{})) + g.Expect(obj.Status.HelmChart).ToNot(BeEmpty()) + g.Expect(r.Client.Get(context.TODO(), types.NamespacedName{Namespace: chart.Namespace, Name: chart.Name}, &sourcev1.HelmChart{})).To(Succeed()) + }) + + t.Run("empty Status.HelmChart", func(t *testing.T) { + g := NewWithT(t) + + r := &HelmReleaseChartReconciler{ + Client: fake.NewClientBuilder().WithScheme(testScheme).Build(), + } + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{}, + } + got, err := r.reconcileDelete(context.TODO(), obj) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(ctrl.Result{Requeue: true})) + }) +} + +func TestHelmReleaseChartReconciler_aclAllowAccessTo(t *testing.T) { + tests := []struct { + name string + obj *v2.HelmRelease + namespacedName types.NamespacedName + allowCrossNS bool + wantErr bool + }{ + { + name: "disallow cross namespace", + obj: &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "a", + }, + }, + namespacedName: types.NamespacedName{ + Namespace: "b", + Name: "foo", + }, + allowCrossNS: false, + wantErr: true, + }, + { + name: "allow cross namespace", + obj: &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "a", + }, + }, + namespacedName: types.NamespacedName{ + Namespace: "b", + Name: "foo", + }, + allowCrossNS: true, + }, + { + name: "same namespace disallow cross namespace", + obj: &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "a", + }, + }, + namespacedName: types.NamespacedName{ + Namespace: "a", + Name: "foo", + }, + allowCrossNS: false, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + r := &HelmReleaseChartReconciler{ + NoCrossNamespaceRef: !tt.allowCrossNS, + } + err := r.aclAllowAccessTo(tt.obj, tt.namespacedName) + g.Expect(err != nil).To(Equal(tt.wantErr), err) + }) + } +} + +func Test_buildHelmChartFromTemplate(t *testing.T) { + hrWithChartTemplate := v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-release", + Namespace: "default", + }, + Spec: v2.HelmReleaseSpec{ + Interval: metav1.Duration{Duration: time.Minute}, + Chart: v2.HelmChartTemplate{ + Spec: v2.HelmChartTemplateSpec{ + Chart: "chart", + Version: "1.0.0", + SourceRef: v2.CrossNamespaceObjectReference{ + Name: "test-repository", + Kind: "HelmRepository", + }, + Interval: &metav1.Duration{Duration: 2 * time.Minute}, + ValuesFiles: []string{"values.yaml"}, + }, + }, + }, + } + + tests := []struct { + name string + modify func(release *v2.HelmRelease) + want *sourcev1.HelmChart + }{ + { + name: "builds HelmChart from HelmChartTemplate", + modify: func(*v2.HelmRelease) {}, + want: &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-test-release", + Namespace: "default", + }, + Spec: sourcev1.HelmChartSpec{ + Chart: "chart", + Version: "1.0.0", + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Name: "test-repository", + Kind: "HelmRepository", + }, + Interval: metav1.Duration{Duration: 2 * time.Minute}, + ValuesFiles: []string{"values.yaml"}, + }, + }, + }, + { + name: "takes SourceRef namespace into account", + modify: func(hr *v2.HelmRelease) { + hr.Spec.Chart.Spec.SourceRef.Namespace = "cross" + }, + want: &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-test-release", + Namespace: "cross", + }, + Spec: sourcev1.HelmChartSpec{ + Chart: "chart", + Version: "1.0.0", + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Name: "test-repository", + Kind: "HelmRepository", + }, + Interval: metav1.Duration{Duration: 2 * time.Minute}, + ValuesFiles: []string{"values.yaml"}, + }, + }, + }, + { + name: "falls back to HelmRelease interval", + modify: func(hr *v2.HelmRelease) { + hr.Spec.Chart.Spec.Interval = nil + }, + want: &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-test-release", + Namespace: "default", + }, + Spec: sourcev1.HelmChartSpec{ + Chart: "chart", + Version: "1.0.0", + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Name: "test-repository", + Kind: "HelmRepository", + }, + Interval: metav1.Duration{Duration: time.Minute}, + ValuesFiles: []string{"values.yaml"}, + }, + }, + }, + { + name: "take cosign verification into account", + modify: func(hr *v2.HelmRelease) { + hr.Spec.Chart.Spec.Verify = &v2.HelmChartTemplateVerification{ + Provider: "cosign", + SecretRef: &meta.LocalObjectReference{ + Name: "cosign-key", + }, + } + }, + want: &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-test-release", + Namespace: "default", + }, + Spec: sourcev1.HelmChartSpec{ + Chart: "chart", + Version: "1.0.0", + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Name: "test-repository", + Kind: "HelmRepository", + }, + Interval: metav1.Duration{Duration: 2 * time.Minute}, + ValuesFiles: []string{"values.yaml"}, + Verify: &sourcev1.OCIRepositoryVerification{ + Provider: "cosign", + SecretRef: &meta.LocalObjectReference{ + Name: "cosign-key", + }, + }, + }, + }, + }, + { + name: "takes object meta into account", + modify: func(hr *v2.HelmRelease) { + hr.Spec.Chart.ObjectMeta = &v2.HelmChartTemplateObjectMeta{ + Labels: map[string]string{ + "foo": "bar", + }, + Annotations: map[string]string{ + "bar": "baz", + }, + } + }, + want: &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Name: "default-test-release", + Namespace: "default", + Labels: map[string]string{ + "foo": "bar", + }, + Annotations: map[string]string{ + "bar": "baz", + }, + }, + Spec: sourcev1.HelmChartSpec{ + Chart: "chart", + Version: "1.0.0", + SourceRef: sourcev1.LocalHelmChartSourceReference{ + Name: "test-repository", + Kind: "HelmRepository", + }, + Interval: metav1.Duration{Duration: 2 * time.Minute}, + ValuesFiles: []string{"values.yaml"}, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + hr := hrWithChartTemplate.DeepCopy() + tt.modify(hr) + + g.Expect(buildHelmChartFromTemplate(hr)).To(Equal(tt.want)) + }) + } +} diff --git a/internal/controller/helmrelease_controller.go b/internal/controller/helmrelease_controller.go index 45833cd4c..00bc256cf 100644 --- a/internal/controller/helmrelease_controller.go +++ b/internal/controller/helmrelease_controller.go @@ -23,7 +23,6 @@ import ( "strings" "time" - "github.com/fluxcd/pkg/runtime/conditions" "github.com/hashicorp/go-retryablehttp" "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/chartutil" @@ -54,6 +53,7 @@ import ( "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/acl" runtimeClient "github.com/fluxcd/pkg/runtime/client" + "github.com/fluxcd/pkg/runtime/conditions" helper "github.com/fluxcd/pkg/runtime/controller" "github.com/fluxcd/pkg/runtime/jitter" "github.com/fluxcd/pkg/runtime/predicates" @@ -215,19 +215,19 @@ func (r *HelmReleaseReconciler) reconcile(ctx context.Context, hr v2.HelmRelease } } - // Reconcile chart based on the HelmChartTemplate - hc, reconcileErr := r.reconcileChart(ctx, &hr) - if reconcileErr != nil { - if acl.IsAccessDenied(reconcileErr) { - log.Error(reconcileErr, "access denied to cross-namespace source") - r.event(ctx, hr, hr.Status.LastAttemptedRevision, eventv1.EventSeverityError, reconcileErr.Error()) - return v2.HelmReleaseNotReady(hr, apiacl.AccessDeniedReason, reconcileErr.Error()), + // Get HelmChart object for release + hc, err := r.getHelmChart(ctx, &hr) + if err != nil { + if acl.IsAccessDenied(err) { + log.Error(err, "access denied to cross-namespace source") + r.event(ctx, hr, hr.Status.LastAttemptedRevision, eventv1.EventSeverityError, err.Error()) + return v2.HelmReleaseNotReady(hr, apiacl.AccessDeniedReason, err.Error()), jitter.JitteredRequeueInterval(ctrl.Result{RequeueAfter: hr.GetRequeueAfter()}), nil } - msg := fmt.Sprintf("chart reconciliation failed: %s", reconcileErr.Error()) + msg := fmt.Sprintf("chart reconciliation failed: %s", err.Error()) r.event(ctx, hr, hr.Status.LastAttemptedRevision, eventv1.EventSeverityError, msg) - return v2.HelmReleaseNotReady(hr, v2.ArtifactFailedReason, msg), ctrl.Result{Requeue: true}, reconcileErr + return v2.HelmReleaseNotReady(hr, v2.ArtifactFailedReason, msg), ctrl.Result{Requeue: true}, err } // Check chart readiness @@ -659,11 +659,6 @@ func (r *HelmReleaseReconciler) composeValues(ctx context.Context, hr v2.HelmRel func (r *HelmReleaseReconciler) reconcileDelete(ctx context.Context, hr *v2.HelmRelease) (ctrl.Result, error) { log := ctrl.LoggerFrom(ctx) - // Delete the HelmChart that belongs to this resource. - if err := r.deleteHelmChart(ctx, hr); err != nil { - return ctrl.Result{}, err - } - // Only uninstall the Helm Release if the resource is not suspended. if !hr.Spec.Suspend { impersonator := runtimeClient.NewImpersonator( diff --git a/internal/controller/helmrelease_controller_chart.go b/internal/controller/helmrelease_controller_chart.go index 4b3ef8111..670462212 100644 --- a/internal/controller/helmrelease_controller_chart.go +++ b/internal/controller/helmrelease_controller_chart.go @@ -17,6 +17,7 @@ limitations under the License. package controller import ( + "bytes" "context" _ "crypto/sha256" _ "crypto/sha512" @@ -25,33 +26,34 @@ import ( "net/http" "net/url" "os" - "reflect" - "strings" - "github.com/fluxcd/pkg/runtime/acl" "github.com/hashicorp/go-retryablehttp" "github.com/opencontainers/go-digest" _ "github.com/opencontainers/go-digest/blake3" "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/chart/loader" - apiequality "k8s.io/apimachinery/pkg/api/equality" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - ctrl "sigs.k8s.io/controller-runtime" + "github.com/fluxcd/pkg/runtime/acl" sourcev1 "github.com/fluxcd/source-controller/api/v1" sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2" v2 "github.com/fluxcd/helm-controller/api/v2beta1" ) -func (r *HelmReleaseReconciler) reconcileChart(ctx context.Context, hr *v2.HelmRelease) (*sourcev1b2.HelmChart, error) { - chartName := types.NamespacedName{ - Namespace: hr.Spec.Chart.GetNamespace(hr.Namespace), - Name: hr.GetHelmChartName(), - } +const ( + // EnvArtifactHostOverwrite can be used to overwrite the hostname. + // The main purpose is while running controllers locally with e.g. mocked + // storage data during development. + EnvArtifactHostOverwrite = "ARTIFACT_HOST_OVERWRITE" +) +// getHelmChart retrieves the v1beta2.HelmChart for the given +// v2beta1.HelmRelease using the name that is advertised in the status +// object. It returns the v1beta2.HelmChart, or an error. +func (r *HelmReleaseReconciler) getHelmChart(ctx context.Context, hr *v2.HelmRelease) (*sourcev1b2.HelmChart, error) { + namespace, name := hr.Status.GetHelmChart() + chartName := types.NamespacedName{Namespace: namespace, Name: name} if r.NoCrossNamespaceRef && chartName.Namespace != hr.Namespace { return nil, acl.AccessDeniedError(fmt.Sprintf("can't access '%s/%s', cross-namespace references have been blocked", hr.Spec.Chart.Spec.SourceRef.Kind, types.NamespacedName{ @@ -59,92 +61,55 @@ func (r *HelmReleaseReconciler) reconcileChart(ctx context.Context, hr *v2.HelmR Name: hr.Spec.Chart.Spec.SourceRef.Name, })) } - - // Garbage collect the previous HelmChart if the namespace named changed. - if hr.Status.HelmChart != "" && hr.Status.HelmChart != chartName.String() { - if err := r.deleteHelmChart(ctx, hr); err != nil { - return nil, err - } - } - - // Continue with the reconciliation of the current template. - var helmChart sourcev1b2.HelmChart - err := r.Client.Get(ctx, chartName, &helmChart) - if err != nil && !apierrors.IsNotFound(err) { + hc := sourcev1b2.HelmChart{} + if err := r.Client.Get(ctx, chartName, &hc); err != nil { return nil, err } - hc := buildHelmChartFromTemplate(hr) - switch { - case apierrors.IsNotFound(err): - if err = r.Client.Create(ctx, hc); err != nil { - return nil, err - } - hr.Status.HelmChart = chartName.String() - return hc, nil - case helmChartRequiresUpdate(hr, &helmChart): - ctrl.LoggerFrom(ctx).Info("chart diverged from template", strings.ToLower(sourcev1b2.HelmChartKind), chartName.String()) - helmChart.Spec = hc.Spec - helmChart.Labels = hc.Labels - helmChart.Annotations = hc.Annotations - - if err = r.Client.Update(ctx, &helmChart); err != nil { - return nil, err - } - hr.Status.HelmChart = chartName.String() - } - return &helmChart, nil + return &hc, nil } -// loadHelmChart attempts to download the artifact from the provided source, -// loads it into a chart.Chart, and removes the downloaded artifact. -// It returns the loaded chart.Chart on success, or an error. +// loadHelmChart attempts to download the advertised v1beta2.Artifact from the +// provided v1beta2.HelmChart. The digest of the Artifact is confirmed to +// equal to the digest of the retrieved bytes before loading the chart. +// It returns the loaded chart.Chart, or an error. func (r *HelmReleaseReconciler) loadHelmChart(source *sourcev1b2.HelmChart) (*chart.Chart, error) { - artifact := source.GetArtifact() - if artifact == nil { - return nil, fmt.Errorf("cannot load chart: HelmChart '%s/%s' has no artifact", source.GetNamespace(), source.GetName()) - } - - f, err := os.CreateTemp("", fmt.Sprintf("%s-%s-*.tgz", source.GetNamespace(), source.GetName())) - if err != nil { - return nil, err - } - defer f.Close() - defer os.Remove(f.Name()) - - artifactURL := artifact.URL - if hostname := os.Getenv("SOURCE_CONTROLLER_LOCALHOST"); hostname != "" { - u, err := url.Parse(artifactURL) - if err != nil { - return nil, err + artifactURL := source.GetArtifact().URL + if hostname := os.Getenv(EnvArtifactHostOverwrite); hostname != "" { + if replacedArtifactURL, err := replaceHostname(artifactURL, hostname); err == nil { + artifactURL = replacedArtifactURL } - u.Host = hostname - artifactURL = u.String() } req, err := retryablehttp.NewRequest(http.MethodGet, artifactURL, nil) if err != nil { - return nil, fmt.Errorf("failed to create a new request: %w", err) + return nil, fmt.Errorf("failed to create a new request for artifact '%s': %w", source.GetArtifact().URL, err) } resp, err := r.httpClient.Do(req) - if err != nil { - return nil, fmt.Errorf("failed to download artifact, error: %w", err) + if err != nil || resp != nil && resp.StatusCode != http.StatusOK { + if resp != nil { + _ = resp.Body.Close() + return nil, fmt.Errorf("artifact '%s' download failed (status code: %s)", source.GetArtifact().URL, resp.Status) + } + return nil, fmt.Errorf("artifact '%s' download failed: %w", source.GetArtifact().URL, err) } - defer resp.Body.Close() - if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("artifact '%s' download failed (status code: %s)", source.GetArtifact().URL, resp.Status) + var c bytes.Buffer + if err := copyAndVerifyArtifact(source.GetArtifact(), resp.Body, &c); err != nil { + return nil, fmt.Errorf("artifact '%s' download failed: %w", source.GetArtifact().URL, err) } - // verify checksum matches origin - if err := r.copyAndVerifyArtifact(source.GetArtifact(), resp.Body, f); err != nil { - return nil, err + if err := resp.Body.Close(); err != nil { + return nil, fmt.Errorf("artifact '%s' download failed: %w", source.GetArtifact().URL, err) } - return loader.Load(f.Name()) + return loader.LoadArchive(&c) } -func (r *HelmReleaseReconciler) copyAndVerifyArtifact(artifact *sourcev1.Artifact, reader io.Reader, writer io.Writer) error { +// copyAndVerifyArtifact copies from reader into writer while confirming the +// digest of the copied data matches the digest from the provided Artifact. +// If this does not match, it returns an error. +func copyAndVerifyArtifact(artifact *sourcev1.Artifact, reader io.Reader, writer io.Writer) error { dig, err := digest.Parse(artifact.Digest) if err != nil { return fmt.Errorf("failed to verify artifact: %w", err) @@ -163,104 +128,14 @@ func (r *HelmReleaseReconciler) copyAndVerifyArtifact(artifact *sourcev1.Artifac return nil } -// deleteHelmChart deletes the v1beta2.HelmChart of the v2beta1.HelmRelease. -func (r *HelmReleaseReconciler) deleteHelmChart(ctx context.Context, hr *v2.HelmRelease) error { - if hr.Status.HelmChart == "" { - return nil - } - var hc sourcev1b2.HelmChart - chartNS, chartName := hr.Status.GetHelmChart() - err := r.Client.Get(ctx, types.NamespacedName{Namespace: chartNS, Name: chartName}, &hc) +// replaceHostname parses the given URL and replaces the Host in the parsed +// result with the provided hostname. It returns the string result, or an +// error. +func replaceHostname(URL, hostname string) (string, error) { + parsedURL, err := url.Parse(URL) if err != nil { - if apierrors.IsNotFound(err) { - hr.Status.HelmChart = "" - return nil - } - err = fmt.Errorf("failed to delete HelmChart '%s': %w", hr.Status.HelmChart, err) - return err - } - if err = r.Client.Delete(ctx, &hc); err != nil { - err = fmt.Errorf("failed to delete HelmChart '%s': %w", hr.Status.HelmChart, err) - return err - } - // Truncate the chart reference in the status object. - hr.Status.HelmChart = "" - return nil -} - -// buildHelmChartFromTemplate builds a v1beta2.HelmChart from the -// v2beta1.HelmChartTemplate of the given v2beta1.HelmRelease. -func buildHelmChartFromTemplate(hr *v2.HelmRelease) *sourcev1b2.HelmChart { - template := hr.Spec.Chart - result := &sourcev1b2.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Name: hr.GetHelmChartName(), - Namespace: hr.Spec.Chart.GetNamespace(hr.Namespace), - }, - Spec: sourcev1b2.HelmChartSpec{ - Chart: template.Spec.Chart, - Version: template.Spec.Version, - SourceRef: sourcev1b2.LocalHelmChartSourceReference{ - Name: template.Spec.SourceRef.Name, - Kind: template.Spec.SourceRef.Kind, - }, - Interval: template.GetInterval(hr.Spec.Interval), - ReconcileStrategy: template.Spec.ReconcileStrategy, - ValuesFiles: template.Spec.ValuesFiles, - ValuesFile: template.Spec.ValuesFile, - Verify: templateVerificationToSourceVerification(template.Spec.Verify), - }, - } - if hr.Spec.Chart.ObjectMeta != nil { - result.ObjectMeta.Labels = hr.Spec.Chart.ObjectMeta.Labels - result.ObjectMeta.Annotations = hr.Spec.Chart.ObjectMeta.Annotations - } - return result -} - -// helmChartRequiresUpdate compares the v2beta1.HelmChartTemplate of the -// v2beta1.HelmRelease to the given v1beta2.HelmChart to determine if an -// update is required. -func helmChartRequiresUpdate(hr *v2.HelmRelease, chart *sourcev1b2.HelmChart) bool { - template := hr.Spec.Chart - switch { - case template.Spec.Chart != chart.Spec.Chart: - return true - // TODO(hidde): remove emptiness checks on next MINOR version - case template.Spec.Version == "" && chart.Spec.Version != "*", - template.Spec.Version != "" && template.Spec.Version != chart.Spec.Version: - return true - case template.Spec.SourceRef.Name != chart.Spec.SourceRef.Name: - return true - case template.Spec.SourceRef.Kind != chart.Spec.SourceRef.Kind: - return true - case template.GetInterval(hr.Spec.Interval) != chart.Spec.Interval: - return true - case template.Spec.ReconcileStrategy != chart.Spec.ReconcileStrategy: - return true - case !reflect.DeepEqual(template.Spec.ValuesFiles, chart.Spec.ValuesFiles): - return true - case template.Spec.ValuesFile != chart.Spec.ValuesFile: - return true - case template.ObjectMeta != nil && !apiequality.Semantic.DeepEqual(template.ObjectMeta.Annotations, chart.Annotations): - return true - case template.ObjectMeta != nil && !apiequality.Semantic.DeepEqual(template.ObjectMeta.Labels, chart.Labels): - return true - case !reflect.DeepEqual(templateVerificationToSourceVerification(template.Spec.Verify), chart.Spec.Verify): - return true - default: - return false - } -} - -// templateVerificationToSourceVerification converts the HelmChartTemplateVerification to the OCIRepositoryVerification. -func templateVerificationToSourceVerification(template *v2.HelmChartTemplateVerification) *sourcev1b2.OCIRepositoryVerification { - if template == nil { - return nil - } - - return &sourcev1b2.OCIRepositoryVerification{ - Provider: template.Provider, - SecretRef: template.SecretRef, + return "", err } + parsedURL.Host = hostname + return parsedURL.String(), nil } diff --git a/internal/controller/helmrelease_controller_chart_test.go b/internal/controller/helmrelease_controller_chart_test.go index 75094fce2..3bb302c70 100644 --- a/internal/controller/helmrelease_controller_chart_test.go +++ b/internal/controller/helmrelease_controller_chart_test.go @@ -17,527 +17,310 @@ limitations under the License. package controller import ( + "bytes" "context" - "fmt" + "io" + "net/http" + "net/http/httptest" + "os" + "strings" "testing" - "time" - "github.com/fluxcd/pkg/apis/meta" - sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" - "github.com/go-logr/logr" + "github.com/hashicorp/go-retryablehttp" . "github.com/onsi/gomega" - apierrors "k8s.io/apimachinery/pkg/api/errors" + "github.com/opencontainers/go-digest" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes/scheme" - "sigs.k8s.io/controller-runtime/pkg/client" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/tools/record" "sigs.k8s.io/controller-runtime/pkg/client/fake" + sourcev1 "github.com/fluxcd/source-controller/api/v1" + sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta1" ) -func TestHelmReleaseReconciler_reconcileChart(t *testing.T) { +func TestHelmReleaseReconciler_getHelmChart(t *testing.T) { + g := NewWithT(t) + + scheme := runtime.NewScheme() + g.Expect(v2.AddToScheme(scheme)).To(Succeed()) + g.Expect(sourcev1b2.AddToScheme(scheme)).To(Succeed()) + + chart := &sourcev1b2.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "some-namespace", + Name: "some-chart-name", + }, + } + tests := []struct { - name string - hr *v2.HelmRelease - hc *sourcev1.HelmChart - expectHelmChartStatus string - expectGC bool - expectErr bool - noCrossNamspaceRef bool + name string + rel *v2.HelmRelease + chart *sourcev1b2.HelmChart + expectChart bool + wantErr bool + disallowCrossNS bool }{ { - name: "new HelmChart", - hr: &v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-release", - Namespace: "default", - }, - Spec: v2.HelmReleaseSpec{ - Interval: metav1.Duration{Duration: time.Minute}, - Chart: v2.HelmChartTemplate{ - Spec: v2.HelmChartTemplateSpec{ - Chart: "chart", - SourceRef: v2.CrossNamespaceObjectReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, - }, - }, + name: "retrieves HelmChart object from Status", + rel: &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + HelmChart: "some-namespace/some-chart-name", }, }, - hc: nil, - expectHelmChartStatus: "default/default-test-release", + chart: chart, + expectChart: true, }, { - name: "existing HelmChart", - hr: &v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-release", - Namespace: "default", - }, - Spec: v2.HelmReleaseSpec{ - Interval: metav1.Duration{Duration: time.Minute}, - Chart: v2.HelmChartTemplate{ - Spec: v2.HelmChartTemplateSpec{ - Chart: "chart", - SourceRef: v2.CrossNamespaceObjectReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, - }, - }, - }, - }, - hc: &sourcev1.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Name: "default-test-release", - Namespace: "default", - }, - Spec: sourcev1.HelmChartSpec{ - Chart: "chart", - SourceRef: sourcev1.LocalHelmChartSourceReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, + name: "no HelmChart found", + rel: &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + HelmChart: "some-namespace/some-chart-name", }, }, - expectHelmChartStatus: "default/default-test-release", + chart: nil, + expectChart: false, + wantErr: true, }, { - name: "modified HelmChart", - hr: &v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-release", - Namespace: "default", - }, - Spec: v2.HelmReleaseSpec{ - Interval: metav1.Duration{Duration: time.Minute}, - Chart: v2.HelmChartTemplate{ - Spec: v2.HelmChartTemplateSpec{ - Chart: "chart", - SourceRef: v2.CrossNamespaceObjectReference{ - Name: "test-repository", - Kind: "HelmRepository", - Namespace: "cross", - }, - }, - }, - }, + name: "no HelmChart in Status", + rel: &v2.HelmRelease{ Status: v2.HelmReleaseStatus{ - HelmChart: "default/default-test-release", - }, - }, - hc: &sourcev1.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Name: "default-test-release", - Namespace: "default", - }, - Spec: sourcev1.HelmChartSpec{ - Chart: "chart", - SourceRef: sourcev1.LocalHelmChartSourceReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, + HelmChart: "", }, }, - expectHelmChartStatus: "cross/default-test-release", - expectGC: true, + chart: chart, + expectChart: false, + wantErr: true, }, { - name: "block cross namespace access when flag is set", - hr: &v2.HelmRelease{ + name: "ACL disallows cross namespace", + rel: &v2.HelmRelease{ ObjectMeta: metav1.ObjectMeta{ - Name: "test-release", Namespace: "default", }, - Spec: v2.HelmReleaseSpec{ - Interval: metav1.Duration{Duration: time.Minute}, - Chart: v2.HelmChartTemplate{ - Spec: v2.HelmChartTemplateSpec{ - Chart: "chart", - SourceRef: v2.CrossNamespaceObjectReference{ - Name: "test-repository", - Kind: "HelmRepository", - Namespace: "cross", - }, - }, - }, - }, Status: v2.HelmReleaseStatus{ - HelmChart: "", + HelmChart: "some-namespace/some-chart-name", }, }, - noCrossNamspaceRef: true, - expectErr: true, + chart: chart, + expectChart: false, + wantErr: true, + disallowCrossNS: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - g := NewWithT(t) - - g.Expect(v2.AddToScheme(scheme.Scheme)).To(Succeed()) - g.Expect(sourcev1.AddToScheme(scheme.Scheme)).To(Succeed()) - - c := fake.NewClientBuilder().WithScheme(scheme.Scheme) - if tt.hc != nil { - c.WithObjects(tt.hc) + builder := fake.NewClientBuilder() + builder.WithScheme(scheme) + if tt.chart != nil { + builder.WithObjects(tt.chart) } r := &HelmReleaseReconciler{ - Client: c.Build(), - NoCrossNamespaceRef: tt.noCrossNamspaceRef, + Client: builder.Build(), + EventRecorder: record.NewFakeRecorder(32), + NoCrossNamespaceRef: tt.disallowCrossNS, } - hc, err := r.reconcileChart(logr.NewContext(context.TODO(), logr.Discard()), tt.hr) - if tt.expectErr { + got, err := r.getHelmChart(context.TODO(), tt.rel) + if tt.wantErr { g.Expect(err).To(HaveOccurred()) - g.Expect(hc).To(BeNil()) - } else { - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(hc).NotTo(BeNil()) + g.Expect(got).To(BeNil()) + return } - - g.Expect(tt.hr.Status.HelmChart).To(Equal(tt.expectHelmChartStatus)) - - if tt.expectGC { - objKey := client.ObjectKeyFromObject(tt.hc) - err = r.Get(context.TODO(), objKey, tt.hc.DeepCopy()) - g.Expect(apierrors.IsNotFound(err)).To(BeTrue()) + g.Expect(err).ToNot(HaveOccurred()) + expect := g.Expect(got.ObjectMeta) + if tt.expectChart { + expect.To(BeEquivalentTo(tt.chart.ObjectMeta)) + } else { + expect.To(BeNil()) } }) } } -func TestHelmReleaseReconciler_deleteHelmChart(t *testing.T) { - tests := []struct { - name string - hc *sourcev1.HelmChart - hr *v2.HelmRelease - expectHelmChartStatus string - expectErr bool - }{ - { - name: "delete existing HelmChart", - hc: &sourcev1.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-chart", - Namespace: "default", - }, - }, - hr: &v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-release", - }, - Status: v2.HelmReleaseStatus{ - HelmChart: "default/test-chart", +func TestHelmReleaseReconciler_loadHelmChart(t *testing.T) { + g := NewWithT(t) + + b, err := os.ReadFile("testdata/chart-0.1.0.tgz") + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(b).ToNot(BeNil()) + dig := digest.SHA256.FromBytes(b) + + const chartPath = "/chart.tgz" + server := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { + if req.URL.Path == chartPath { + res.WriteHeader(http.StatusOK) + _, _ = res.Write(b) + return + } + res.WriteHeader(http.StatusInternalServerError) + return + })) + t.Cleanup(server.Close) + + chartURL := server.URL + chartPath + + client := retryablehttp.NewClient() + client.Logger = nil + client.RetryMax = 2 + + t.Run("loads HelmChart from Artifact URL", func(t *testing.T) { + g := NewWithT(t) + + r := &HelmReleaseReconciler{ + Client: fake.NewClientBuilder().Build(), + EventRecorder: record.NewFakeRecorder(32), + httpClient: client, + } + got, err := r.loadHelmChart(&sourcev1b2.HelmChart{ + Status: sourcev1b2.HelmChartStatus{ + Artifact: &sourcev1.Artifact{ + URL: chartURL, + Digest: dig.String(), }, }, - expectHelmChartStatus: "", - expectErr: false, - }, - { - name: "delete already removed HelmChart", - hc: nil, - hr: &v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-release", - }, - Status: v2.HelmReleaseStatus{ - HelmChart: "default/test-chart", + }) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Name()).To(Equal("chart")) + g.Expect(got.Metadata.Version).To(Equal("0.1.0")) + }) + + t.Run("error on Artifact digest mismatch", func(t *testing.T) { + g := NewWithT(t) + + r := &HelmReleaseReconciler{ + Client: fake.NewClientBuilder().Build(), + EventRecorder: record.NewFakeRecorder(32), + httpClient: client, + } + got, err := r.loadHelmChart(&sourcev1b2.HelmChart{ + Status: sourcev1b2.HelmChartStatus{ + Artifact: &sourcev1.Artifact{ + URL: chartURL, + Digest: "", }, }, - expectHelmChartStatus: "", - expectErr: false, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - g := NewWithT(t) + }) + g.Expect(err).To(HaveOccurred()) + g.Expect(got).To(BeNil()) + }) - g.Expect(v2.AddToScheme(scheme.Scheme)).To(Succeed()) - g.Expect(sourcev1.AddToScheme(scheme.Scheme)).To(Succeed()) + t.Run("error on server error", func(t *testing.T) { + g := NewWithT(t) - c := fake.NewClientBuilder().WithScheme(scheme.Scheme) - if tt.hc != nil { - c.WithObjects(tt.hc) - } + r := &HelmReleaseReconciler{ + Client: fake.NewClientBuilder().Build(), + EventRecorder: record.NewFakeRecorder(32), + httpClient: client, + } + got, err := r.loadHelmChart(&sourcev1b2.HelmChart{ + Status: sourcev1b2.HelmChartStatus{ + Artifact: &sourcev1.Artifact{ + URL: server.URL + "/invalid.tgz", + Digest: "", + }, + }, + }) + g.Expect(err).To(HaveOccurred()) + g.Expect(got).To(BeNil()) + }) - r := &HelmReleaseReconciler{ - Client: c.Build(), - } + t.Run("EnvArtifactHostOverwrite overwrites Artifact hostname", func(t *testing.T) { + g := NewWithT(t) - err := r.deleteHelmChart(context.TODO(), tt.hr) - if tt.expectErr { - g.Expect(err).To(HaveOccurred()) - } else { - g.Expect(err).NotTo(HaveOccurred()) - } - g.Expect(tt.hr.Status.HelmChart).To(Equal(tt.expectHelmChartStatus)) + t.Setenv(EnvArtifactHostOverwrite, strings.TrimPrefix(server.URL, "http://")) + r := &HelmReleaseReconciler{ + Client: fake.NewClientBuilder().Build(), + EventRecorder: record.NewFakeRecorder(32), + httpClient: client, + } + got, err := r.loadHelmChart(&sourcev1b2.HelmChart{ + Status: sourcev1b2.HelmChartStatus{ + Artifact: &sourcev1.Artifact{ + URL: "http://example.com" + chartPath, + Digest: dig.String(), + }, + }, }) - } + g.Expect(err).To(Not(HaveOccurred())) + g.Expect(got).ToNot(BeNil()) + }) } -func Test_buildHelmChartFromTemplate(t *testing.T) { - hrWithChartTemplate := v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-release", - Namespace: "default", - }, - Spec: v2.HelmReleaseSpec{ - Interval: metav1.Duration{Duration: time.Minute}, - Chart: v2.HelmChartTemplate{ - Spec: v2.HelmChartTemplateSpec{ - Chart: "chart", - Version: "1.0.0", - SourceRef: v2.CrossNamespaceObjectReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, - Interval: &metav1.Duration{Duration: 2 * time.Minute}, - ValuesFiles: []string{"values.yaml"}, - }, - }, - }, - } +func Test_copyAndVerifyArtifact(t *testing.T) { + g := NewWithT(t) + + tmpDir := t.TempDir() + closedF, err := os.CreateTemp(tmpDir, "closed.txt") + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(closedF.Close()).ToNot(HaveOccurred()) tests := []struct { - name string - modify func(release *v2.HelmRelease) - want *sourcev1.HelmChart + name string + digest string + in io.Reader + out io.Writer + wantErr bool }{ { - name: "builds HelmChart from HelmChartTemplate", - modify: func(*v2.HelmRelease) {}, - want: &sourcev1.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Name: "default-test-release", - Namespace: "default", - }, - Spec: sourcev1.HelmChartSpec{ - Chart: "chart", - Version: "1.0.0", - SourceRef: sourcev1.LocalHelmChartSourceReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, - Interval: metav1.Duration{Duration: 2 * time.Minute}, - ValuesFiles: []string{"values.yaml"}, - }, - }, - }, - { - name: "takes SourceRef namespace into account", - modify: func(hr *v2.HelmRelease) { - hr.Spec.Chart.Spec.SourceRef.Namespace = "cross" - }, - want: &sourcev1.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Name: "default-test-release", - Namespace: "cross", - }, - Spec: sourcev1.HelmChartSpec{ - Chart: "chart", - Version: "1.0.0", - SourceRef: sourcev1.LocalHelmChartSourceReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, - Interval: metav1.Duration{Duration: 2 * time.Minute}, - ValuesFiles: []string{"values.yaml"}, - }, - }, + name: "digest match", + digest: "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae", + in: bytes.NewReader([]byte("foo")), + out: io.Discard, }, { - name: "falls back to HelmRelease interval", - modify: func(hr *v2.HelmRelease) { - hr.Spec.Chart.Spec.Interval = nil - }, - want: &sourcev1.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Name: "default-test-release", - Namespace: "default", - }, - Spec: sourcev1.HelmChartSpec{ - Chart: "chart", - Version: "1.0.0", - SourceRef: sourcev1.LocalHelmChartSourceReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, - Interval: metav1.Duration{Duration: time.Minute}, - ValuesFiles: []string{"values.yaml"}, - }, - }, + name: "digest mismatch", + digest: "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae", + in: bytes.NewReader([]byte("bar")), + out: io.Discard, + wantErr: true, }, { - name: "take cosign verification into account", - modify: func(hr *v2.HelmRelease) { - hr.Spec.Chart.Spec.Verify = &v2.HelmChartTemplateVerification{ - Provider: "cosign", - SecretRef: &meta.LocalObjectReference{ - Name: "cosign-key", - }, - } - }, - want: &sourcev1.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Name: "default-test-release", - Namespace: "default", - }, - Spec: sourcev1.HelmChartSpec{ - Chart: "chart", - Version: "1.0.0", - SourceRef: sourcev1.LocalHelmChartSourceReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, - Interval: metav1.Duration{Duration: 2 * time.Minute}, - ValuesFiles: []string{"values.yaml"}, - Verify: &sourcev1.OCIRepositoryVerification{ - Provider: "cosign", - SecretRef: &meta.LocalObjectReference{ - Name: "cosign-key", - }, - }, - }, - }, + name: "copy failure (closed file)", + digest: "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae", + in: bytes.NewReader([]byte("foo")), + out: closedF, + wantErr: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { g := NewWithT(t) - hr := hrWithChartTemplate.DeepCopy() - tt.modify(hr) - g.Expect(buildHelmChartFromTemplate(hr)).To(Equal(tt.want)) + + err := copyAndVerifyArtifact(&sourcev1.Artifact{Digest: tt.digest}, tt.in, tt.out) + g.Expect(err != nil).To(Equal(tt.wantErr), err) }) } } -func Test_helmChartRequiresUpdate(t *testing.T) { - hrWithChartTemplate := v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-release", - }, - Spec: v2.HelmReleaseSpec{ - Interval: metav1.Duration{Duration: time.Minute}, - Chart: v2.HelmChartTemplate{ - Spec: v2.HelmChartTemplateSpec{ - Chart: "chart", - Version: "1.0.0", - SourceRef: v2.CrossNamespaceObjectReference{ - Name: "test-repository", - Kind: "HelmRepository", - }, - Interval: &metav1.Duration{Duration: 2 * time.Minute}, - Verify: &v2.HelmChartTemplateVerification{ - Provider: "cosign", - }, - }, - }, - }, - } - +func Test_replaceHostname(t *testing.T) { tests := []struct { - name string - modify func(*v2.HelmRelease, *sourcev1.HelmChart) - want bool + name string + URL string + hostname string + want string + wantErr bool }{ - { - name: "detects no change", - modify: func(*v2.HelmRelease, *sourcev1.HelmChart) {}, - want: false, - }, - { - name: "detects chart change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.Chart = "new" - }, - want: true, - }, - { - name: "detects version change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.Version = "2.0.0" - }, - want: true, - }, - { - name: "detects chart source name change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.SourceRef.Name = "new" - }, - want: true, - }, - { - name: "detects chart source kind change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.SourceRef.Kind = "GitRepository" - }, - want: true, - }, - { - name: "detects interval change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.Interval = nil - }, - want: true, - }, - { - name: "detects reconcile strategy change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.ReconcileStrategy = "Revision" - }, - want: true, - }, - { - name: "detects values files change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.ValuesFiles = []string{"values-prod.yaml"} - }, - want: true, - }, - { - name: "detects values file change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.ValuesFile = "values-prod.yaml" - }, - want: true, - }, - { - name: "detects verify change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.Spec.Verify.Provider = "foo-bar" - }, - want: true, - }, - { - name: "detects labels change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.ObjectMeta = &v2.HelmChartTemplateObjectMeta{Labels: map[string]string{"foo": "bar"}} - }, - want: true, - }, - { - name: "detects annotations change", - modify: func(hr *v2.HelmRelease, hc *sourcev1.HelmChart) { - hr.Spec.Chart.ObjectMeta = &v2.HelmChartTemplateObjectMeta{Annotations: map[string]string{"foo": "bar"}} - }, - want: true, - }, + {"hostname overwrite", "https://example.com/file.txt", "overwrite.com", "https://overwrite.com/file.txt", false}, + {"hostname overwrite with port", "https://example.com:8080/file.txt", "overwrite.com:6666", "https://overwrite.com:6666/file.txt", false}, + {"invalid url", ":malformed./com", "", "", true}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { g := NewWithT(t) - hr := hrWithChartTemplate.DeepCopy() - hc := buildHelmChartFromTemplate(hr) - // second copy to avoid modifying the original - hr = hrWithChartTemplate.DeepCopy() - g.Expect(helmChartRequiresUpdate(hr, hc)).To(Equal(false)) - - tt.modify(hr, hc) - fmt.Println("verify", hr.Spec.Chart.Spec.Verify.Provider, hc.Spec.Verify.Provider) - g.Expect(helmChartRequiresUpdate(hr, hc)).To(Equal(tt.want)) + got, err := replaceHostname(tt.URL, tt.hostname) + if tt.wantErr { + g.Expect(err).To(HaveOccurred()) + g.Expect(got).To(BeEmpty()) + return + } + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(tt.want)) }) } } diff --git a/internal/controller/helmrelease_controller_test.go b/internal/controller/helmrelease_controller_test.go index dd3bb167b..06e3f4d22 100644 --- a/internal/controller/helmrelease_controller_test.go +++ b/internal/controller/helmrelease_controller_test.go @@ -437,7 +437,7 @@ func TestValuesReferenceValidation(t *testing.T) { }, } - err := k8sClient.Create(context.TODO(), &hr, client.DryRunAll) + err := testEnv.Create(context.TODO(), &hr, client.DryRunAll) if (err != nil) != tt.wantErr { t.Errorf("composeValues() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go index 764d29787..b4e349c1e 100644 --- a/internal/controller/suite_test.go +++ b/internal/controller/suite_test.go @@ -22,42 +22,62 @@ import ( "path/filepath" "testing" + "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" + ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "github.com/fluxcd/helm-controller/api/v2beta1" + "github.com/fluxcd/pkg/runtime/testenv" + sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" + + v2 "github.com/fluxcd/helm-controller/api/v2beta1" // +kubebuilder:scaffold:imports ) -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment +var ( + testScheme = runtime.NewScheme() + + testEnv *testenv.Environment + + testClient client.Client + + testCtx = ctrl.SetupSignalHandler() +) func TestMain(m *testing.M) { - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, - } + utilruntime.Must(scheme.AddToScheme(testScheme)) + utilruntime.Must(sourcev1.AddToScheme(testScheme)) + utilruntime.Must(v2.AddToScheme(testScheme)) - var err error - cfg, err = testEnv.Start() - if err != nil { - panic(fmt.Errorf("failed to start testenv: %v", err)) - } + testEnv = testenv.New( + testenv.WithCRDPath( + filepath.Join("..", "..", "build", "config", "crd", "bases"), + filepath.Join("..", "..", "config", "crd", "bases"), + ), + testenv.WithScheme(testScheme), + ) - utilruntime.Must(v2beta1.AddToScheme(scheme.Scheme)) - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) + go func() { + fmt.Println("Starting the test environment") + if err := testEnv.Start(testCtx); err != nil { + panic(fmt.Sprintf("Failed to start the test environment manager: %v", err)) + } + }() + <-testEnv.Manager.Elected() + + // Client with caching disabled. + var err error + testClient, err = client.New(testEnv.Config, client.Options{Scheme: testScheme}) if err != nil { - panic(fmt.Errorf("failed to create k8s client: %v", err)) + panic(fmt.Sprintf("Failed to create cacheless Kubernetes client: %v", err)) } code := m.Run() - err = testEnv.Stop() - if err != nil { - panic(fmt.Errorf("failed to stop testenv: %v", err)) + fmt.Println("Stopping the test environment") + if err := testEnv.Stop(); err != nil { + panic(fmt.Sprintf("Failed to stop the test environment: %v", err)) } os.Exit(code) diff --git a/internal/controller/testdata/chart-0.1.0.tgz b/internal/controller/testdata/chart-0.1.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b5dca7618089851852ea40c72dc6d077089c0e1e GIT binary patch literal 3751 zcmV;Y4p{LYiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PK8iZ`-)Ca6ju;%;V;uFHbGoiJSBa=mm1q-aWy#sgY!Ruvjb# zS{mEjP^6ZmoOs>b-+n<-?~>zmo2ES%;Ri>i$eH1g^TL^N!Ud6faAZFH6^YrSZ_tLr z;c$OEwtt7iVe{{BbTE808t?9n#|H(PDgFQ7c6B2$-rzkmUR30ZW2JV%o zR|y6{l7!Kan5o_}2Rrmf{?Pm0>wajiIr(1_mZJJr3Sf);@4eh@$^XmogZ$r1dkk-I zMpCB1odGM<_E7lVV>n+>1ylinUk~5E>(7LYiPjjwj50I>-eAaxL|76@$&{f2Entd} z5T!5z%C&%%NF`{D6Gk*D-}59|wQwX-t^*i(9*xNy0}nuAA{5m^t^(k5%C9_tBxP(O z7!6ke9M4XKo=8;4wFmGRJ}gm68X3F`1Pcc=nZxBmD1<0m8g;Lo)+$w;?|~T{K(Ck4 zFi9CZ!%(7D0sQv6RcSd2J8YIR*6Q>W$|Vi)FbwUIEM;d2hIB?z!Q}$=0woa0#sP5y zK`lheBEzpxBGDLmkUa&UWr`NiA?HF{9cr0NqR9L)>uG@V07yADfc3SVf4)F4B!ifB z%`(7Jg}xnoJOeH?DAYiBl+j|@CsTX@!~voT=EzYRiXl~$&n@7bH^p9i0L~^D9wj0= zY*1(V&M-_R)vF`HHD2k0>Y4gUiZlsecQ_mx4tEa=NkXQSQB6@fz5_&3B>8h64&S}A z&k{-WfwR@A5cm`+4lem(Ti-bn_xNu7!*Bj$hlqnv6&ttchqNR zJ~XUhPJ-+<^g&snIw?Jb9CcqamF-nY=Hnc77nPnwB~lq;dBp#PkgAk0wgQQvh-2iD zJ;+*svNWvJoomwPJ3837_ zh(cvZ<)Qm4wKB&B1PA0xDg`$jQgBK20vOerWk)L~4W2?GHyRY8UY>9uSsBSyMBdHcDB#iQTr{Kht zpE~2AjNt%?$yKFeIJ6pF&QTvte)&aHM*p%0bAmE7hjflsI1O$$?7hXmd8EfhglEVw z)IvI?r3Evp&k5^qzk42;%_ygOWnX`9d;X=(`G19V9-MqQe|zTZD}9GJw)ua1qrHaz zHy)0L5B}eMw2==#p;I4~+Zz0G`VOWmqs4e;-W7t;HH1eh@Yd@-&>8q2-Mt~VO_{vH z^|c)#37;eE7_|<;>(*$i?#)<$a+4`JSg#!_ z3m2}h*J}r?#NdW{%}1ut;0OiRgmMMF6A|G=NZl()&TPJK48DVhSH{%C$%i*@KTSTI zp1xf8O%{bzi&Jrm5>m@5ORvlmtR^}vVg>t_wZjwcPW3{dsAh@%=~OPA6_r^+W$WHthA zU-sp?X9)-w!fstK80=(Z1Um(zHt_tNAklvjW^AauiSGblR8#=R8e*~nO)d}!%<$3} zhg4@b7;~PhAmMnD-Au@mP-c#)UvX&QSCK+UI9w7PE}WZe*J+&QiX1%o;yqT&5c-!} zckW5Kb7yZ)KOP@-Y@P*m8=TvaLBF3XeCVy$z4ba1zNeH&cm??$vkC)q$%ElDD_g!5 zFegU6>yDi-mk}638yjj@x={cNkNOr8IQj7A)5+ocw+&_`BD(ECXV4=_;@7=sGx2qs zktGvfwC7N+v|-lkCN9IHjRF;;CK1uZ!p<1!mUi^v~8NPRaEDjJlZ|*hyKtX1+Rv$hS^Qh-S;cT#N0q~%5O!np`t$% z@{-7?LcYNf?9`c3Rp#H@l>S?`rvLY8fh<9(e4X4`C~&L)H{Nafe+R?82mkLr+Il^B z?!CQA>}9wSDayit&j*>Jj&MeKLlySRclLViyHt|Zdb#ed2F&0yXqoa5_V?@~jnC5A zj9x*n-)lH$o~7-`#h^%m!Pv4D{FxF)XA~o&X)M*g_b+s??Raf47)ljPF(gJYDG_5O zVd2&~qsSr!M54RgVisPb3Z70^mJe@E&dgZj02rP5%=eCGAf4uNKnm04LX0j-rs0w@ zW_*rR89J5mQ&PqV3KRh&UG9(Wf@i=iWL37sz5?Ee7^Y(BVsF zi}4-0=3AA;O5SB4{mKc+7I#<#;LW?X8&zZqjf2pd@)`b2g~rBW+fZV{$sD8pbQRP* zjk7HL-Nmdt(6fbI%{BHr32>qBn_S3_Nx2Idw7jF6PHIzecZc{lFQ=NlIN79o>cjjj zH_%Z3Pd8sYo^67}tE;QXdk(XgJ+v+Zod8-g{k<*hkKLO7UxW!0s~GtmmV<2b|Hdu< z@8x)R|H1#ek5;Y!AW5PI%aM0Mc@)5#;v{(a6*VX_dfP$_9%MSyC6cTvsgGxcf%puZ z@(8(xv6*RHtRRcnQJ0U*<-U?0sKy#?-Z;wvRALR)G;=Em2#{-WM`28KxOi6~xs&L& zbt{SAcVKf-%D`4Qm&3Gapq$8hTC|99)lz~*pvuhF;#U&08s=B!wAuqM17{(YLbdU$d6Bq3Sw_UFOWM0;y+`I|(W`r;(rTrnC&ARP&~Vq*NWeV$O}U zY@kPNBxbZ*hwLgUpjQzG+vS%P7I1wXv|ej6htEy#zvi&@nph^4`ivI5vUsCTpA9tC z*PAnJp>(~sIpRmDl=*V^F)V2td zNFw?Tq34;`ZHJ;vXm=lnmb6w=n&q%sqVsE{w1qFvk5-gho-w^sJe9<3IjWki{d?HH zw}t+;t?BB);}mBOPM5Q5`dbdKRfxBxv{sZ-v4B-xR>owLs)Z|?CY58d zNvI_at4!(MxtmL1axK@->eo&)1LD;!PpK}m!tNw3dK`koB}y{K3X+XWxgA9f9lv#j zH&pNZ%|*I;q_17)E$I4DViisOpBGr%r487k|Hs398NwG553UakA7<^C%HM#7^O{-Qz_o^qk#sls@P@<_x9kqEv2d_D3zLw9`LSbTx93rw<*#xyy5b-m`))_JqB$FGAmdh?su2y_A}e1fCJuQ9_Nc5;uiolg zINO1>4JyTz>}93l1rxHWzfEKFg7wDbEt^%TAat#7X|3jnsjjevhxMUrEKM| z0&+6Wt7UteHo~E`DKur ztC9FVfg4?zkd39kmFz)33!mRmW9(F(yO~d#vG%UiK`jqaPZNG&`fU8e>(LGJpH+_B zjT+b{|Ko#kL;m-7_aEf{UfQjSe41CVrlQD(-%4NHket?%iV|k&%Lxxv7U&iLza8njDNpzY;y|l+LAzGt!|6If! z0k~WshiOV#MEM*N5?+uws^TBQs5G%2IH(0O26HB+u6~a4`3sQ9h^9-l@t{gS;gRjqXSo00Gao*1wgSQJOhXbRDDA&7@IC*{*{3rtBzlh_D{23DbOsTX z%Jb(`5A3HS-}9$`$$|aMI~MbS`N+SjB_EW4rX;*b6ZpOOpjxvyjM zEF_(K&;Q4J3?GT4B2{qw=B@JlM2bH!)SgcxBm*~Gia$JmsX`Iq;75}4hxX7O+Cyu$ R{|x{D|Np4iKV|?@006&!T%7;_ literal 0 HcmV?d00001 diff --git a/internal/diff/differ.go b/internal/diff/differ.go index 9359fa3f6..a4ee3b10a 100644 --- a/internal/diff/differ.go +++ b/internal/diff/differ.go @@ -21,25 +21,22 @@ import ( "fmt" "strings" - "github.com/fluxcd/pkg/runtime/client" - "github.com/fluxcd/pkg/ssa" - "github.com/google/go-cmp/cmp" "helm.sh/helm/v3/pkg/release" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/util/errors" ctrl "sigs.k8s.io/controller-runtime" + "github.com/fluxcd/pkg/runtime/client" "github.com/fluxcd/pkg/runtime/logger" + "github.com/fluxcd/pkg/ssa" - helmv1 "github.com/fluxcd/helm-controller/api/v2beta1" - intcmp "github.com/fluxcd/helm-controller/internal/cmp" + v2 "github.com/fluxcd/helm-controller/api/v2beta1" "github.com/fluxcd/helm-controller/internal/util" ) var ( // MetadataKey is the label or annotation key used to disable the diffing // of an object. - MetadataKey = helmv1.GroupVersion.Group + "/driftDetection" + MetadataKey = v2.GroupVersion.Group + "/driftDetection" // MetadataDisabledValue is the value used to disable the diffing of an // object using MetadataKey. MetadataDisabledValue = "disabled" @@ -132,12 +129,8 @@ func (d *Differ) Diff(ctx context.Context, rel *release.Release) (*ssa.ChangeSet if entry.Action == ssa.ConfiguredAction { // TODO: remove this once we have a better way to log the diff // for example using a custom dyff reporter, or a flux CLI command - r := intcmp.SimpleUnstructuredReporter{} - if diff := cmp.Diff( - unstructuredWithoutStatus(releaseObject).UnstructuredContent(), - unstructuredWithoutStatus(clusterObject).UnstructuredContent(), - cmp.Reporter(&r)); diff != "" { - ctrl.LoggerFrom(ctx).V(logger.DebugLevel).Info(entry.Subject + " diff:\n" + r.String()) + if d, equal := Unstructured(releaseObject, clusterObject, WithoutStatus()); !equal { + ctrl.LoggerFrom(ctx).V(logger.DebugLevel).Info(entry.Subject + " diff:\n" + d) } } case ssa.SkippedAction: @@ -151,9 +144,3 @@ func (d *Differ) Diff(ctx context.Context, rel *release.Release) (*ssa.ChangeSet } return changeSet, diff, err } - -func unstructuredWithoutStatus(obj *unstructured.Unstructured) *unstructured.Unstructured { - obj = obj.DeepCopy() - delete(obj.Object, "status") - return obj -} diff --git a/internal/diff/unstructured.go b/internal/diff/unstructured.go new file mode 100644 index 000000000..a61ed04db --- /dev/null +++ b/internal/diff/unstructured.go @@ -0,0 +1,54 @@ +/* +Copyright 2023 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package diff + +import ( + "github.com/google/go-cmp/cmp" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + intcmp "github.com/fluxcd/helm-controller/internal/cmp" +) + +// CompareOption is a function that modifies the unstructured object before +// comparing. +type CompareOption func(u *unstructured.Unstructured) + +// WithoutStatus removes the status field from the unstructured object +// before comparing. +func WithoutStatus() CompareOption { + return func(u *unstructured.Unstructured) { + delete(u.Object, "status") + } +} + +// Unstructured compares two unstructured objects and returns a diff and +// a bool indicating whether the objects are equal. +func Unstructured(x, y *unstructured.Unstructured, opts ...CompareOption) (string, bool) { + if len(opts) > 0 { + x = x.DeepCopy() + y = y.DeepCopy() + } + + for _, opt := range opts { + opt(x) + opt(y) + } + + r := intcmp.SimpleUnstructuredReporter{} + _ = cmp.Diff(x.UnstructuredContent(), y.UnstructuredContent(), cmp.Reporter(&r)) + return r.String(), r.String() == "" +} diff --git a/internal/diff/unstructured_test.go b/internal/diff/unstructured_test.go new file mode 100644 index 000000000..8c0d42868 --- /dev/null +++ b/internal/diff/unstructured_test.go @@ -0,0 +1,162 @@ +/* +Copyright 2023 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package diff + +import ( + "testing" + + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" +) + +func TestWithoutStatus(t *testing.T) { + g := NewWithT(t) + + u := unstructured.Unstructured{ + Object: map[string]interface{}{ + "status": "test", + }, + } + WithoutStatus()(&u) + g.Expect(u.Object["status"]).To(BeNil()) +} + +func TestUnstructured(t *testing.T) { + tests := []struct { + name string + x *unstructured.Unstructured + y *unstructured.Unstructured + opts []CompareOption + want string + equal bool + }{ + { + name: "equal objects", + x: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(4), + }, + "status": map[string]interface{}{ + "readyReplicas": int64(4), + }, + }}, + y: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(4), + }, + "status": map[string]interface{}{ + "readyReplicas": int64(4), + }, + }}, + want: "", + equal: true, + }, + { + name: "added simple value", + x: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(1), + }, + "status": map[string]interface{}{}, + }}, + y: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(1), + }, + "status": map[string]interface{}{ + "readyReplicas": int64(1), + }, + }}, + want: `.status.readyReplicas ++1`, + equal: false, + }, + { + name: "removed simple value", + x: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(1), + }, + "status": map[string]interface{}{ + "readyReplicas": int64(4), + }, + }}, + y: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{}, + "status": map[string]interface{}{ + "readyReplicas": int64(4), + }, + }}, + want: `.spec.replicas +-1`, + equal: false, + }, + { + name: "changed simple value", + x: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(3), + }, + "status": map[string]interface{}{ + "readyReplicas": int64(1), + }, + }}, + y: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(3), + }, + "status": map[string]interface{}{ + "readyReplicas": int64(3), + }, + }}, + want: `.status.readyReplicas +-1 ++3`, + equal: false, + }, + { + name: "with options", + opts: []CompareOption{WithoutStatus()}, + x: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(3), + }, + "status": map[string]interface{}{ + "readyReplicas": int64(4), + }, + }}, + y: &unstructured.Unstructured{Object: map[string]interface{}{ + "spec": map[string]interface{}{ + "replicas": int64(3), + }, + "status": map[string]interface{}{ + "readyReplicas": int64(1), + }, + }}, + equal: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + got, equal := Unstructured(tt.x, tt.y, tt.opts...) + g.Expect(got).To(Equal(tt.want)) + g.Expect(equal).To(Equal(tt.equal)) + }) + } +} diff --git a/main.go b/main.go index a9ea78c13..b63a359ac 100644 --- a/main.go +++ b/main.go @@ -238,6 +238,22 @@ func main() { } pollingOpts := polling.Options{} + statusPoller := polling.NewStatusPoller(mgr.GetClient(), mgr.GetRESTMapper(), pollingOpts) + + if err = (&controller.HelmReleaseChartReconciler{ + Client: mgr.GetClient(), + EventRecorder: eventRecorder, + Metrics: metricsH, + StatusPoller: statusPoller, + NoCrossNamespaceRef: aclOptions.NoCrossNamespaceRefs, + FieldManager: controllerName, + }).SetupWithManagerAndOptions(mgr, controller.HelmReleaseChartReconcilerOptions{ + RateLimiter: helper.GetRateLimiter(rateLimiterOptions), + }); err != nil { + setupLog.Error(err, "unable to create reconciler", "controller", v2.HelmReleaseKind, "reconciler", "chart") + os.Exit(1) + } + if err = (&controller.HelmReleaseReconciler{ Client: mgr.GetClient(), Config: mgr.GetConfig(), @@ -248,7 +264,7 @@ func main() { ClientOpts: clientOptions, KubeConfigOpts: kubeConfigOpts, PollingOpts: pollingOpts, - StatusPoller: polling.NewStatusPoller(mgr.GetClient(), mgr.GetRESTMapper(), pollingOpts), + StatusPoller: statusPoller, ControllerName: controllerName, }).SetupWithManager(ctx, mgr, controller.HelmReleaseReconcilerOptions{ DependencyRequeueInterval: requeueDependency, From 0140eeeea939110abbee50055d553cd1b72017c0 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Thu, 5 May 2022 18:36:31 +0200 Subject: [PATCH 03/76] Factor various bits out of reconciler This commit moves various generic bits out of the reconciler into separate modules, while adding more test coverage. Some of the logic around merging chart values from references has been improved to work with `client.Object`, instead of two separate maps. In addition, the option to override the hostname of an Artifact has been removed. It was undocumented and for testing purposes only, which these days can be better achieved by e.g. configuring the `--storage-adv-addr`. Signed-off-by: Hidde Beydals --- internal/chartutil/values.go | 272 ++++++++++++ internal/chartutil/values_fuzz_test.go | 186 ++++++++ internal/chartutil/values_test.go | 396 ++++++++++++++++++ internal/controller/helmrelease_controller.go | 153 ++----- .../helmrelease_controller_chart.go | 141 ------- .../helmrelease_controller_chart_test.go | 326 -------------- .../helmrelease_controller_fuzz_test.go | 139 ------ .../controller/helmrelease_controller_test.go | 301 ++++--------- internal/loader/artifact_url.go | 91 ++++ internal/loader/artifact_url_test.go | 150 +++++++ .../testdata/chart-0.1.0.tgz | Bin 11 files changed, 1195 insertions(+), 960 deletions(-) create mode 100644 internal/chartutil/values.go create mode 100644 internal/chartutil/values_fuzz_test.go create mode 100644 internal/chartutil/values_test.go delete mode 100644 internal/controller/helmrelease_controller_chart.go delete mode 100644 internal/controller/helmrelease_controller_chart_test.go create mode 100644 internal/loader/artifact_url.go create mode 100644 internal/loader/artifact_url_test.go rename internal/{controller => loader}/testdata/chart-0.1.0.tgz (100%) diff --git a/internal/chartutil/values.go b/internal/chartutil/values.go new file mode 100644 index 000000000..d7cb6e1ec --- /dev/null +++ b/internal/chartutil/values.go @@ -0,0 +1,272 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chartutil + +import ( + "context" + "errors" + "fmt" + "strings" + + "helm.sh/helm/v3/pkg/chartutil" + "helm.sh/helm/v3/pkg/strvals" + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + ctrl "sigs.k8s.io/controller-runtime" + kubeclient "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/fluxcd/pkg/runtime/transform" + + "github.com/fluxcd/helm-controller/api/v2beta1" +) + +// ErrValuesRefReason is the descriptive reason for an ErrValuesReference. +type ErrValuesRefReason error + +var ( + // ErrResourceNotFound signals the referenced values resource could not be + // found. + ErrResourceNotFound = errors.New("resource not found") + // ErrKeyNotFound signals the key could not be found in the referenced + // values resource. + ErrKeyNotFound = errors.New("key not found") + // ErrUnsupportedRefKind signals the values reference kind is not + // supported. + ErrUnsupportedRefKind = errors.New("unsupported values reference kind") + // ErrValuesDataRead signals the referenced resource's values data could + // not be read. + ErrValuesDataRead = errors.New("failed to read values data") + // ErrValueMerge signals a single value could not be merged into the + // values. + ErrValueMerge = errors.New("failed to merge value") + // ErrUnknown signals the reason an error occurred is unknown. + ErrUnknown = errors.New("unknown error") +) + +// ErrValuesReference is returned by ChartValuesFromReferences +type ErrValuesReference struct { + // Reason for the values reference error. Nil equals ErrUnknown. + // Can be used with Is to reason about a returned error: + // err := &ErrValuesReference{Reason: ErrResourceNotFound, ...} + // errors.Is(err, ErrResourceNotFound) + Reason ErrValuesRefReason + // Kind of the values reference the error is being reported for. + Kind string + // Name of the values reference the error is being reported for. + Name types.NamespacedName + // Key of the values reference the error is being reported for. + Key string + // Optional indicates if the error is being reported for an optional values + // reference. + Optional bool + // Err contains the further error chain leading to this error, it can be + // nil. + Err error +} + +// Error returns an error string constructed out of the state of +// ErrValuesReference. +func (e *ErrValuesReference) Error() string { + b := strings.Builder{} + b.WriteString("could not resolve") + if e.Optional { + b.WriteString(" optional") + } + if kind := e.Kind; kind != "" { + b.WriteString(" " + kind) + } + b.WriteString(" chart values reference") + if name := e.Name.String(); name != "" { + b.WriteString(fmt.Sprintf(" '%s'", name)) + } + if key := e.Key; key != "" { + b.WriteString(fmt.Sprintf(" with key '%s'", key)) + } + reason := e.Reason.Error() + if reason == "" && e.Err == nil { + reason = ErrUnknown.Error() + } + if e.Err != nil { + reason = e.Err.Error() + } + b.WriteString(": " + reason) + return b.String() +} + +// Is returns if target == Reason, or target == Err. +// Can be used to Reason about a returned error: +// +// err := &ErrValuesReference{Reason: ErrResourceNotFound, ...} +// errors.Is(err, ErrResourceNotFound) +func (e *ErrValuesReference) Is(target error) bool { + reason := e.Reason + if reason == nil { + reason = ErrUnknown + } + if reason == target { + return true + } + return errors.Is(e.Err, target) +} + +// Unwrap returns the wrapped Err. +func (e *ErrValuesReference) Unwrap() error { + return e.Err +} + +// NewErrValuesReference returns a new ErrValuesReference constructed from the +// provided values. +func NewErrValuesReference(name types.NamespacedName, ref v2beta1.ValuesReference, reason ErrValuesRefReason, err error) *ErrValuesReference { + return &ErrValuesReference{ + Reason: reason, + Kind: ref.Kind, + Name: name, + Key: ref.GetValuesKey(), + Optional: ref.Optional, + Err: err, + } +} + +const ( + kindConfigMap = "ConfigMap" + kindSecret = "Secret" +) + +// ChartValuesFromReferences attempts to construct new chart values by resolving +// the provided references using the client, merging them in the order given. +// If provided, the values map is merged in last. Overwriting values from +// references. It returns the merged values, or an ErrValuesReference error. +func ChartValuesFromReferences(ctx context.Context, client kubeclient.Client, namespace string, + values map[string]interface{}, refs ...v2beta1.ValuesReference) (chartutil.Values, error) { + + log := ctrl.LoggerFrom(ctx) + + result := chartutil.Values{} + resources := make(map[string]kubeclient.Object) + + for _, ref := range refs { + namespacedName := types.NamespacedName{Namespace: namespace, Name: ref.Name} + var valuesData []byte + + switch ref.Kind { + case kindConfigMap, kindSecret: + index := ref.Kind + namespacedName.String() + + resource, ok := resources[index] + if !ok { + // The resource may not exist, but we want to act on a single version + // of the resource in case the values reference is marked as optional. + resources[index] = nil + + switch ref.Kind { + case kindSecret: + resource = &corev1.Secret{} + case kindConfigMap: + resource = &corev1.ConfigMap{} + } + + if resource != nil { + if err := client.Get(ctx, namespacedName, resource); err != nil { + if apierrors.IsNotFound(err) { + err := NewErrValuesReference(namespacedName, ref, ErrResourceNotFound, err) + if err.Optional { + log.Info(err.Error()) + continue + } + return nil, err + } + return nil, err + } + resources[index] = resource + } + } + + if resource == nil { + if ref.Optional { + continue + } + return nil, NewErrValuesReference(namespacedName, ref, ErrResourceNotFound, nil) + } + + switch typedRes := resource.(type) { + case *corev1.Secret: + data, ok := typedRes.Data[ref.GetValuesKey()] + if !ok { + err := NewErrValuesReference(namespacedName, ref, ErrKeyNotFound, nil) + if ref.Optional { + log.Info(err.Error()) + continue + } + return nil, NewErrValuesReference(namespacedName, ref, ErrKeyNotFound, nil) + } + valuesData = data + case *corev1.ConfigMap: + data, ok := typedRes.Data[ref.GetValuesKey()] + if !ok { + err := NewErrValuesReference(namespacedName, ref, ErrKeyNotFound, nil) + if ref.Optional { + log.Info(err.Error()) + continue + } + return nil, err + } + valuesData = []byte(data) + default: + return nil, NewErrValuesReference(namespacedName, ref, ErrUnsupportedRefKind, nil) + } + default: + return nil, NewErrValuesReference(namespacedName, ref, ErrUnsupportedRefKind, nil) + } + + if ref.TargetPath != "" { + // TODO(hidde): this is a bit of hack, as it mimics the way the option string is passed + // to Helm from a CLI perspective. Given the parser is however not publicly accessible + // while it contains all logic around parsing the target path, it is a fair trade-off. + if err := ReplacePathValue(result, ref.TargetPath, string(valuesData)); err != nil { + return nil, NewErrValuesReference(namespacedName, ref, ErrValueMerge, err) + } + continue + } + + values, err := chartutil.ReadValues(valuesData) + if err != nil { + return nil, NewErrValuesReference(namespacedName, ref, ErrValuesDataRead, err) + } + result = transform.MergeMaps(result, values) + } + return transform.MergeMaps(result, values), nil +} + +// ReplacePathValue replaces the value at the dot notation path with the given +// value using Helm's string value parser using strvals.ParseInto. Single or +// double-quoted values are merged using strvals.ParseIntoString. +func ReplacePathValue(values chartutil.Values, path string, value string) error { + const ( + singleQuote = "'" + doubleQuote = `"` + ) + isSingleQuoted := strings.HasPrefix(value, singleQuote) && strings.HasSuffix(value, singleQuote) + isDoubleQuoted := strings.HasPrefix(value, doubleQuote) && strings.HasSuffix(value, doubleQuote) + if isSingleQuoted || isDoubleQuoted { + value = strings.Trim(value, singleQuote+doubleQuote) + value = path + "=" + value + return strvals.ParseIntoString(value, values) + } + value = path + "=" + value + return strvals.ParseInto(value, values) +} diff --git a/internal/chartutil/values_fuzz_test.go b/internal/chartutil/values_fuzz_test.go new file mode 100644 index 000000000..f1ab1304e --- /dev/null +++ b/internal/chartutil/values_fuzz_test.go @@ -0,0 +1,186 @@ +//go:build gofuzz_libfuzzer +// +build gofuzz_libfuzzer + +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chartutil + +import ( + "context" + "testing" + + "github.com/go-logr/logr" + "helm.sh/helm/v3/pkg/chartutil" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + v2 "github.com/fluxcd/helm-controller/api/v2beta1" +) + +func FuzzChartValuesFromReferences(f *testing.F) { + scheme := testScheme() + + tests := []struct { + targetPath string + valuesKey string + hrValues string + createObject bool + secretData []byte + configData string + }{ + { + targetPath: "flat", + valuesKey: "custom-values.yaml", + secretData: []byte(`flat: + nested: value +nested: value +`), + configData: `flat: value +nested: + configuration: value +`, + hrValues: ` +other: values +`, + createObject: true, + }, + { + targetPath: "'flat'", + valuesKey: "custom-values.yaml", + secretData: []byte(`flat: + nested: value +nested: value +`), + configData: `flat: value +nested: + configuration: value +`, + hrValues: ` +other: values +`, + createObject: true, + }, + { + targetPath: "flat[0]", + secretData: []byte(``), + configData: `flat: value`, + hrValues: ` +other: values +`, + createObject: true, + }, + { + secretData: []byte(`flat: + nested: value +nested: value +`), + configData: `flat: value +nested: + configuration: value +`, + hrValues: ` +other: values +`, + createObject: true, + }, + { + targetPath: "some-value", + hrValues: ` +other: values +`, + createObject: false, + }, + } + + for _, tt := range tests { + f.Add(tt.targetPath, tt.valuesKey, tt.hrValues, tt.createObject, tt.secretData, tt.configData) + } + + f.Fuzz(func(t *testing.T, + targetPath, valuesKey, hrValues string, createObject bool, secretData []byte, configData string) { + + // objectName and objectNamespace represent a name reference to a core + // Kubernetes object upstream (Secret/ConfigMap) which is validated upstream, + // and also validated by us in the OpenAPI-based validation set in + // v2.ValuesReference. Therefore, a static value here suffices, and instead + // we just play with the objects presence/absence. + objectName := "values" + objectNamespace := "default" + var resources []runtime.Object + + if createObject { + resources = append(resources, + mockConfigMap(objectName, map[string]string{valuesKey: configData}), + mockSecret(objectName, map[string][]byte{valuesKey: secretData}), + ) + } + + references := []v2.ValuesReference{ + { + Kind: kindConfigMap, + Name: objectName, + ValuesKey: valuesKey, + TargetPath: targetPath, + }, + { + Kind: kindSecret, + Name: objectName, + ValuesKey: valuesKey, + TargetPath: targetPath, + }, + } + + c := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(resources...) + var values chartutil.Values + if hrValues != "" { + values, _ = chartutil.ReadValues([]byte(hrValues)) + } + + _, _ = ChartValuesFromReferences(logr.NewContext(context.TODO(), logr.Discard()), c.Build(), objectNamespace, values, references...) + }) +} + +func mockSecret(name string, data map[string][]byte) *corev1.Secret { + return &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: kindSecret, + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{Name: name}, + Data: data, + } +} + +func mockConfigMap(name string, data map[string]string) *corev1.ConfigMap { + return &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + Kind: kindConfigMap, + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{Name: name}, + Data: data, + } +} + +func testScheme() *runtime.Scheme { + scheme := runtime.NewScheme() + _ = corev1.AddToScheme(scheme) + _ = v2.AddToScheme(scheme) + return scheme +} diff --git a/internal/chartutil/values_test.go b/internal/chartutil/values_test.go new file mode 100644 index 000000000..b1d94d87e --- /dev/null +++ b/internal/chartutil/values_test.go @@ -0,0 +1,396 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chartutil + +import ( + "context" + "testing" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + "helm.sh/helm/v3/pkg/chartutil" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + v2 "github.com/fluxcd/helm-controller/api/v2beta1" +) + +func TestChartValuesFromReferences(t *testing.T) { + scheme := testScheme() + + tests := []struct { + name string + resources []runtime.Object + namespace string + references []v2.ValuesReference + values string + want chartutil.Values + wantErr bool + }{ + { + name: "merges", + resources: []runtime.Object{ + mockConfigMap("values", map[string]string{ + "values.yaml": `flat: value +nested: + configuration: value +`, + }), + mockSecret("values", map[string][]byte{ + "values.yaml": []byte(`flat: + nested: value +nested: value +`), + }), + }, + references: []v2.ValuesReference{ + { + Kind: kindConfigMap, + Name: "values", + }, + { + Kind: kindSecret, + Name: "values", + }, + }, + values: ` +other: values +`, + want: chartutil.Values{ + "flat": map[string]interface{}{ + "nested": "value", + }, + "nested": "value", + "other": "values", + }, + }, + { + name: "with target path", + resources: []runtime.Object{ + mockSecret("values", map[string][]byte{"single": []byte("value")}), + }, + references: []v2.ValuesReference{ + { + Kind: kindSecret, + Name: "values", + ValuesKey: "single", + TargetPath: "merge.at.specific.path", + }, + }, + want: chartutil.Values{ + "merge": map[string]interface{}{ + "at": map[string]interface{}{ + "specific": map[string]interface{}{ + "path": "value", + }, + }, + }, + }, + }, + { + name: "target path for string type array item", + resources: []runtime.Object{ + mockConfigMap("values", map[string]string{ + "values.yaml": `flat: value +nested: + configuration: + - list + - item + - option +`, + }), + mockSecret("values", map[string][]byte{ + "values.yaml": []byte(`foo`), + }), + }, + references: []v2.ValuesReference{ + { + Kind: kindConfigMap, + Name: "values", + }, + { + Kind: kindSecret, + Name: "values", + TargetPath: "nested.configuration[1]", + }, + }, + values: ` +other: values +`, + want: chartutil.Values{ + "flat": "value", + "nested": map[string]interface{}{ + "configuration": []interface{}{"list", "foo", "option"}, + }, + "other": "values", + }, + }, + { + name: "values reference to non existing secret", + references: []v2.ValuesReference{ + { + Kind: kindSecret, + Name: "missing", + }, + }, + wantErr: true, + }, + { + name: "optional values reference to non existing secret", + references: []v2.ValuesReference{ + { + Kind: kindSecret, + Name: "missing", + Optional: true, + }, + }, + want: chartutil.Values{}, + wantErr: false, + }, + { + name: "values reference to non existing config map", + references: []v2.ValuesReference{ + { + Kind: kindConfigMap, + Name: "missing", + }, + }, + wantErr: true, + }, + { + name: "optional values reference to non existing config map", + references: []v2.ValuesReference{ + { + Kind: kindConfigMap, + Name: "missing", + Optional: true, + }, + }, + want: chartutil.Values{}, + wantErr: false, + }, + { + name: "missing secret key", + resources: []runtime.Object{ + mockSecret("values", nil), + }, + references: []v2.ValuesReference{ + { + Kind: kindSecret, + Name: "values", + ValuesKey: "nonexisting", + }, + }, + wantErr: true, + }, + { + name: "missing config map key", + resources: []runtime.Object{ + mockConfigMap("values", nil), + }, + references: []v2.ValuesReference{ + { + Kind: kindConfigMap, + Name: "values", + ValuesKey: "nonexisting", + }, + }, + wantErr: true, + }, + { + name: "unsupported values reference kind", + references: []v2.ValuesReference{ + { + Kind: "Unsupported", + }, + }, + wantErr: true, + }, + { + name: "invalid values", + resources: []runtime.Object{ + mockConfigMap("values", map[string]string{ + "values.yaml": ` +invalid`, + }), + }, + references: []v2.ValuesReference{ + { + Kind: kindConfigMap, + Name: "values", + }, + }, + wantErr: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + c := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(tt.resources...) + var values map[string]interface{} + if tt.values != "" { + m, err := chartutil.ReadValues([]byte(tt.values)) + g.Expect(err).ToNot(HaveOccurred()) + values = m + } + ctx := logr.NewContext(context.TODO(), logr.Discard()) + got, err := ChartValuesFromReferences(ctx, c.Build(), tt.namespace, values, tt.references...) + if tt.wantErr { + g.Expect(err).To(HaveOccurred()) + g.Expect(got).To(BeNil()) + return + } + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(tt.want)) + }) + } +} + +// This tests compatability with the formats described in: +// https://helm.sh/docs/intro/using_helm/#the-format-and-limitations-of---set +func TestReplacePathValue(t *testing.T) { + tests := []struct { + name string + value []byte + path string + want map[string]interface{} + wantErr bool + }{ + { + name: "outer inner", + value: []byte("value"), + path: "outer.inner", + want: map[string]interface{}{ + "outer": map[string]interface{}{ + "inner": "value", + }, + }, + }, + { + name: "inline list", + value: []byte("{a,b,c}"), + path: "name", + want: map[string]interface{}{ + // TODO(hidde): figure out why the cap is off by len+1 + "name": append(make([]interface{}, 0, 4), []interface{}{"a", "b", "c"}...), + }, + }, + { + name: "with escape", + value: []byte(`value1\,value2`), + path: "name", + want: map[string]interface{}{ + "name": "value1,value2", + }, + }, + { + name: "target path with boolean value", + value: []byte("true"), + path: "merge.at.specific.path", + want: chartutil.Values{ + "merge": map[string]interface{}{ + "at": map[string]interface{}{ + "specific": map[string]interface{}{ + "path": true, + }, + }, + }, + }, + }, + { + name: "target path with set-string behavior", + value: []byte(`"true"`), + path: "merge.at.specific.path", + want: chartutil.Values{ + "merge": map[string]interface{}{ + "at": map[string]interface{}{ + "specific": map[string]interface{}{ + "path": "true", + }, + }, + }, + }, + }, + { + name: "target path with array item", + value: []byte("value"), + path: "merge.at[2]", + want: chartutil.Values{ + "merge": map[string]interface{}{ + "at": []interface{}{nil, nil, "value"}, + }, + }, + }, + { + name: "dot sequence escaping path", + value: []byte("master"), + path: `nodeSelector.kubernetes\.io/role`, + want: map[string]interface{}{ + "nodeSelector": map[string]interface{}{ + "kubernetes.io/role": "master", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + values := map[string]interface{}{} + err := ReplacePathValue(values, tt.path, string(tt.value)) + if tt.wantErr { + g.Expect(err).To(HaveOccurred()) + g.Expect(values).To(BeNil()) + return + } + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(values).To(Equal(tt.want)) + }) + } +} + +func mockSecret(name string, data map[string][]byte) *corev1.Secret { + return &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: kindSecret, + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{Name: name}, + Data: data, + } +} + +func mockConfigMap(name string, data map[string]string) *corev1.ConfigMap { + return &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + Kind: kindConfigMap, + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{Name: name}, + Data: data, + } +} + +func testScheme() *runtime.Scheme { + scheme := runtime.NewScheme() + _ = corev1.AddToScheme(scheme) + _ = v2.AddToScheme(scheme) + return scheme +} diff --git a/internal/controller/helmrelease_controller.go b/internal/controller/helmrelease_controller.go index 00bc256cf..9f3233432 100644 --- a/internal/controller/helmrelease_controller.go +++ b/internal/controller/helmrelease_controller.go @@ -27,9 +27,7 @@ import ( "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/chartutil" "helm.sh/helm/v3/pkg/storage/driver" - "helm.sh/helm/v3/pkg/strvals" corev1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" apimeta "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -57,13 +55,14 @@ import ( helper "github.com/fluxcd/pkg/runtime/controller" "github.com/fluxcd/pkg/runtime/jitter" "github.com/fluxcd/pkg/runtime/predicates" - "github.com/fluxcd/pkg/runtime/transform" sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" v2 "github.com/fluxcd/helm-controller/api/v2beta1" + intchartutil "github.com/fluxcd/helm-controller/internal/chartutil" "github.com/fluxcd/helm-controller/internal/diff" "github.com/fluxcd/helm-controller/internal/features" "github.com/fluxcd/helm-controller/internal/kube" + "github.com/fluxcd/helm-controller/internal/loader" "github.com/fluxcd/helm-controller/internal/runner" "github.com/fluxcd/helm-controller/internal/util" ) @@ -94,6 +93,12 @@ type HelmReleaseReconciler struct { requeueDependency time.Duration } +type HelmReleaseReconcilerOptions struct { + HTTPRetry int + DependencyRequeueInterval time.Duration + RateLimiter ratelimiter.RateLimiter +} + func (r *HelmReleaseReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager, opts HelmReleaseReconcilerOptions) error { // Index the HelmRelease by the HelmChart references they point at if err := mgr.GetFieldIndexer().IndexField(ctx, &v2.HelmRelease{}, v2.SourceIndexKey, @@ -257,21 +262,21 @@ func (r *HelmReleaseReconciler) reconcile(ctx context.Context, hr v2.HelmRelease } // Compose values - values, err := r.composeValues(ctx, hr) + values, err := intchartutil.ChartValuesFromReferences(ctx, r.Client, hr.Namespace, hr.GetValues(), hr.Spec.ValuesFrom...) if err != nil { r.event(ctx, hr, hr.Status.LastAttemptedRevision, eventv1.EventSeverityError, err.Error()) return v2.HelmReleaseNotReady(hr, v2.InitFailedReason, err.Error()), ctrl.Result{Requeue: true}, nil } // Load chart from artifact - chart, err := r.loadHelmChart(hc) + loadedChart, err := loader.SecureLoadChartFromURL(r.httpClient, hc.GetArtifact().URL, hc.GetArtifact().Digest) if err != nil { r.event(ctx, hr, hr.Status.LastAttemptedRevision, eventv1.EventSeverityError, err.Error()) return v2.HelmReleaseNotReady(hr, v2.ArtifactFailedReason, err.Error()), ctrl.Result{Requeue: true}, nil } // Reconcile Helm release - reconciledHr, reconcileErr := r.reconcileRelease(ctx, *hr.DeepCopy(), chart, values) + reconciledHr, reconcileErr := r.reconcileRelease(ctx, *hr.DeepCopy(), loadedChart, values) if reconcileErr != nil { r.event(ctx, hr, hc.GetArtifact().Revision, eventv1.EventSeverityError, fmt.Sprintf("reconciliation failed: %s", reconcileErr.Error())) @@ -279,12 +284,6 @@ func (r *HelmReleaseReconciler) reconcile(ctx context.Context, hr v2.HelmRelease return reconciledHr, jitter.JitteredRequeueInterval(ctrl.Result{RequeueAfter: hr.GetRequeueAfter()}), reconcileErr } -type HelmReleaseReconcilerOptions struct { - HTTPRetry int - DependencyRequeueInterval time.Duration - RateLimiter ratelimiter.RateLimiter -} - func (r *HelmReleaseReconciler) reconcileRelease(ctx context.Context, hr v2.HelmRelease, chart *chart.Chart, values chartutil.Values) (v2.HelmRelease, error) { log := ctrl.LoggerFrom(ctx) @@ -538,118 +537,24 @@ func (r *HelmReleaseReconciler) buildRESTClientGetter(ctx context.Context, hr v2 return kube.NewInClusterMemoryRESTClientGetter(opts...) } -// composeValues attempts to resolve all v2beta1.ValuesReference resources -// and merges them as defined. Referenced resources are only retrieved once -// to ensure a single version is taken into account during the merge. -func (r *HelmReleaseReconciler) composeValues(ctx context.Context, hr v2.HelmRelease) (chartutil.Values, error) { - result := chartutil.Values{} - - configMaps := make(map[string]*corev1.ConfigMap) - secrets := make(map[string]*corev1.Secret) - - for _, v := range hr.Spec.ValuesFrom { - namespacedName := types.NamespacedName{Namespace: hr.Namespace, Name: v.Name} - var valuesData []byte - - switch v.Kind { - case "ConfigMap": - resource, ok := configMaps[namespacedName.String()] - if !ok { - // The resource may not exist, but we want to act on a single version - // of the resource in case the values reference is marked as optional. - configMaps[namespacedName.String()] = nil - - resource = &corev1.ConfigMap{} - if err := r.Get(ctx, namespacedName, resource); err != nil { - if apierrors.IsNotFound(err) { - if v.Optional { - (ctrl.LoggerFrom(ctx)). - Info(fmt.Sprintf("could not find optional %s '%s'", v.Kind, namespacedName)) - continue - } - return nil, fmt.Errorf("could not find %s '%s'", v.Kind, namespacedName) - } - return nil, err - } - configMaps[namespacedName.String()] = resource - } - if resource == nil { - if v.Optional { - (ctrl.LoggerFrom(ctx)).Info(fmt.Sprintf("could not find optional %s '%s'", v.Kind, namespacedName)) - continue - } - return nil, fmt.Errorf("could not find %s '%s'", v.Kind, namespacedName) - } - if data, ok := resource.Data[v.GetValuesKey()]; !ok { - return nil, fmt.Errorf("missing key '%s' in %s '%s'", v.GetValuesKey(), v.Kind, namespacedName) - } else { - valuesData = []byte(data) - } - case "Secret": - resource, ok := secrets[namespacedName.String()] - if !ok { - // The resource may not exist, but we want to act on a single version - // of the resource in case the values reference is marked as optional. - secrets[namespacedName.String()] = nil - - resource = &corev1.Secret{} - if err := r.Get(ctx, namespacedName, resource); err != nil { - if apierrors.IsNotFound(err) { - if v.Optional { - (ctrl.LoggerFrom(ctx)). - Info(fmt.Sprintf("could not find optional %s '%s'", v.Kind, namespacedName)) - continue - } - return nil, fmt.Errorf("could not find %s '%s'", v.Kind, namespacedName) - } - return nil, err - } - secrets[namespacedName.String()] = resource - } - if resource == nil { - if v.Optional { - (ctrl.LoggerFrom(ctx)).Info(fmt.Sprintf("could not find optional %s '%s'", v.Kind, namespacedName)) - continue - } - return nil, fmt.Errorf("could not find %s '%s'", v.Kind, namespacedName) - } - if data, ok := resource.Data[v.GetValuesKey()]; !ok { - return nil, fmt.Errorf("missing key '%s' in %s '%s'", v.GetValuesKey(), v.Kind, namespacedName) - } else { - valuesData = data - } - default: - return nil, fmt.Errorf("unsupported ValuesReference kind '%s'", v.Kind) - } - switch v.TargetPath { - case "": - values, err := chartutil.ReadValues(valuesData) - if err != nil { - return nil, fmt.Errorf("unable to read values from key '%s' in %s '%s': %w", v.GetValuesKey(), v.Kind, namespacedName, err) - } - result = transform.MergeMaps(result, values) - default: - // TODO(hidde): this is a bit of hack, as it mimics the way the option string is passed - // to Helm from a CLI perspective. Given the parser is however not publicly accessible - // while it contains all logic around parsing the target path, it is a fair trade-off. - stringValuesData := string(valuesData) - const singleQuote = "'" - const doubleQuote = "\"" - var err error - if (strings.HasPrefix(stringValuesData, singleQuote) && strings.HasSuffix(stringValuesData, singleQuote)) || (strings.HasPrefix(stringValuesData, doubleQuote) && strings.HasSuffix(stringValuesData, doubleQuote)) { - stringValuesData = strings.Trim(stringValuesData, singleQuote+doubleQuote) - singleValue := v.TargetPath + "=" + stringValuesData - err = strvals.ParseIntoString(singleValue, result) - } else { - singleValue := v.TargetPath + "=" + stringValuesData - err = strvals.ParseInto(singleValue, result) - } - if err != nil { - return nil, fmt.Errorf("unable to merge value from key '%s' in %s '%s' into target path '%s': %w", v.GetValuesKey(), v.Kind, namespacedName, v.TargetPath, err) - } - } - } - return transform.MergeMaps(result, hr.GetValues()), nil +// getHelmChart retrieves the v1beta2.HelmChart for the given +// v2beta1.HelmRelease using the name that is advertised in the status +// object. It returns the v1beta2.HelmChart, or an error. +func (r *HelmReleaseReconciler) getHelmChart(ctx context.Context, hr *v2.HelmRelease) (*sourcev1.HelmChart, error) { + namespace, name := hr.Status.GetHelmChart() + chartName := types.NamespacedName{Namespace: namespace, Name: name} + if r.NoCrossNamespaceRef && chartName.Namespace != hr.Namespace { + return nil, acl.AccessDeniedError(fmt.Sprintf("can't access '%s/%s', cross-namespace references have been blocked", + hr.Spec.Chart.Spec.SourceRef.Kind, types.NamespacedName{ + Namespace: hr.Spec.Chart.Spec.SourceRef.Namespace, + Name: hr.Spec.Chart.Spec.SourceRef.Name, + })) + } + hc := sourcev1.HelmChart{} + if err := r.Client.Get(ctx, chartName, &hc); err != nil { + return nil, err + } + return &hc, nil } // reconcileDelete deletes the v1beta2.HelmChart of the v2beta1.HelmRelease, diff --git a/internal/controller/helmrelease_controller_chart.go b/internal/controller/helmrelease_controller_chart.go deleted file mode 100644 index 670462212..000000000 --- a/internal/controller/helmrelease_controller_chart.go +++ /dev/null @@ -1,141 +0,0 @@ -/* -Copyright 2020 The Flux authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -import ( - "bytes" - "context" - _ "crypto/sha256" - _ "crypto/sha512" - "fmt" - "io" - "net/http" - "net/url" - "os" - - "github.com/hashicorp/go-retryablehttp" - "github.com/opencontainers/go-digest" - _ "github.com/opencontainers/go-digest/blake3" - "helm.sh/helm/v3/pkg/chart" - "helm.sh/helm/v3/pkg/chart/loader" - "k8s.io/apimachinery/pkg/types" - - "github.com/fluxcd/pkg/runtime/acl" - sourcev1 "github.com/fluxcd/source-controller/api/v1" - sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2" - - v2 "github.com/fluxcd/helm-controller/api/v2beta1" -) - -const ( - // EnvArtifactHostOverwrite can be used to overwrite the hostname. - // The main purpose is while running controllers locally with e.g. mocked - // storage data during development. - EnvArtifactHostOverwrite = "ARTIFACT_HOST_OVERWRITE" -) - -// getHelmChart retrieves the v1beta2.HelmChart for the given -// v2beta1.HelmRelease using the name that is advertised in the status -// object. It returns the v1beta2.HelmChart, or an error. -func (r *HelmReleaseReconciler) getHelmChart(ctx context.Context, hr *v2.HelmRelease) (*sourcev1b2.HelmChart, error) { - namespace, name := hr.Status.GetHelmChart() - chartName := types.NamespacedName{Namespace: namespace, Name: name} - if r.NoCrossNamespaceRef && chartName.Namespace != hr.Namespace { - return nil, acl.AccessDeniedError(fmt.Sprintf("can't access '%s/%s', cross-namespace references have been blocked", - hr.Spec.Chart.Spec.SourceRef.Kind, types.NamespacedName{ - Namespace: hr.Spec.Chart.Spec.SourceRef.Namespace, - Name: hr.Spec.Chart.Spec.SourceRef.Name, - })) - } - hc := sourcev1b2.HelmChart{} - if err := r.Client.Get(ctx, chartName, &hc); err != nil { - return nil, err - } - return &hc, nil -} - -// loadHelmChart attempts to download the advertised v1beta2.Artifact from the -// provided v1beta2.HelmChart. The digest of the Artifact is confirmed to -// equal to the digest of the retrieved bytes before loading the chart. -// It returns the loaded chart.Chart, or an error. -func (r *HelmReleaseReconciler) loadHelmChart(source *sourcev1b2.HelmChart) (*chart.Chart, error) { - artifactURL := source.GetArtifact().URL - if hostname := os.Getenv(EnvArtifactHostOverwrite); hostname != "" { - if replacedArtifactURL, err := replaceHostname(artifactURL, hostname); err == nil { - artifactURL = replacedArtifactURL - } - } - - req, err := retryablehttp.NewRequest(http.MethodGet, artifactURL, nil) - if err != nil { - return nil, fmt.Errorf("failed to create a new request for artifact '%s': %w", source.GetArtifact().URL, err) - } - - resp, err := r.httpClient.Do(req) - if err != nil || resp != nil && resp.StatusCode != http.StatusOK { - if resp != nil { - _ = resp.Body.Close() - return nil, fmt.Errorf("artifact '%s' download failed (status code: %s)", source.GetArtifact().URL, resp.Status) - } - return nil, fmt.Errorf("artifact '%s' download failed: %w", source.GetArtifact().URL, err) - } - - var c bytes.Buffer - if err := copyAndVerifyArtifact(source.GetArtifact(), resp.Body, &c); err != nil { - return nil, fmt.Errorf("artifact '%s' download failed: %w", source.GetArtifact().URL, err) - } - - if err := resp.Body.Close(); err != nil { - return nil, fmt.Errorf("artifact '%s' download failed: %w", source.GetArtifact().URL, err) - } - - return loader.LoadArchive(&c) -} - -// copyAndVerifyArtifact copies from reader into writer while confirming the -// digest of the copied data matches the digest from the provided Artifact. -// If this does not match, it returns an error. -func copyAndVerifyArtifact(artifact *sourcev1.Artifact, reader io.Reader, writer io.Writer) error { - dig, err := digest.Parse(artifact.Digest) - if err != nil { - return fmt.Errorf("failed to verify artifact: %w", err) - } - - // Verify the downloaded artifact against the advertised digest. - verifier := dig.Verifier() - mw := io.MultiWriter(verifier, writer) - if _, err := io.Copy(mw, reader); err != nil { - return err - } - - if !verifier.Verified() { - return fmt.Errorf("failed to verify artifact: computed digest doesn't match advertised '%s'", dig) - } - return nil -} - -// replaceHostname parses the given URL and replaces the Host in the parsed -// result with the provided hostname. It returns the string result, or an -// error. -func replaceHostname(URL, hostname string) (string, error) { - parsedURL, err := url.Parse(URL) - if err != nil { - return "", err - } - parsedURL.Host = hostname - return parsedURL.String(), nil -} diff --git a/internal/controller/helmrelease_controller_chart_test.go b/internal/controller/helmrelease_controller_chart_test.go deleted file mode 100644 index 3bb302c70..000000000 --- a/internal/controller/helmrelease_controller_chart_test.go +++ /dev/null @@ -1,326 +0,0 @@ -/* -Copyright 2020 The Flux authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -import ( - "bytes" - "context" - "io" - "net/http" - "net/http/httptest" - "os" - "strings" - "testing" - - "github.com/hashicorp/go-retryablehttp" - . "github.com/onsi/gomega" - "github.com/opencontainers/go-digest" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/record" - "sigs.k8s.io/controller-runtime/pkg/client/fake" - - sourcev1 "github.com/fluxcd/source-controller/api/v1" - sourcev1b2 "github.com/fluxcd/source-controller/api/v1beta2" - - v2 "github.com/fluxcd/helm-controller/api/v2beta1" -) - -func TestHelmReleaseReconciler_getHelmChart(t *testing.T) { - g := NewWithT(t) - - scheme := runtime.NewScheme() - g.Expect(v2.AddToScheme(scheme)).To(Succeed()) - g.Expect(sourcev1b2.AddToScheme(scheme)).To(Succeed()) - - chart := &sourcev1b2.HelmChart{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: "some-namespace", - Name: "some-chart-name", - }, - } - - tests := []struct { - name string - rel *v2.HelmRelease - chart *sourcev1b2.HelmChart - expectChart bool - wantErr bool - disallowCrossNS bool - }{ - { - name: "retrieves HelmChart object from Status", - rel: &v2.HelmRelease{ - Status: v2.HelmReleaseStatus{ - HelmChart: "some-namespace/some-chart-name", - }, - }, - chart: chart, - expectChart: true, - }, - { - name: "no HelmChart found", - rel: &v2.HelmRelease{ - Status: v2.HelmReleaseStatus{ - HelmChart: "some-namespace/some-chart-name", - }, - }, - chart: nil, - expectChart: false, - wantErr: true, - }, - { - name: "no HelmChart in Status", - rel: &v2.HelmRelease{ - Status: v2.HelmReleaseStatus{ - HelmChart: "", - }, - }, - chart: chart, - expectChart: false, - wantErr: true, - }, - { - name: "ACL disallows cross namespace", - rel: &v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: "default", - }, - Status: v2.HelmReleaseStatus{ - HelmChart: "some-namespace/some-chart-name", - }, - }, - chart: chart, - expectChart: false, - wantErr: true, - disallowCrossNS: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - builder := fake.NewClientBuilder() - builder.WithScheme(scheme) - if tt.chart != nil { - builder.WithObjects(tt.chart) - } - - r := &HelmReleaseReconciler{ - Client: builder.Build(), - EventRecorder: record.NewFakeRecorder(32), - NoCrossNamespaceRef: tt.disallowCrossNS, - } - - got, err := r.getHelmChart(context.TODO(), tt.rel) - if tt.wantErr { - g.Expect(err).To(HaveOccurred()) - g.Expect(got).To(BeNil()) - return - } - g.Expect(err).ToNot(HaveOccurred()) - expect := g.Expect(got.ObjectMeta) - if tt.expectChart { - expect.To(BeEquivalentTo(tt.chart.ObjectMeta)) - } else { - expect.To(BeNil()) - } - }) - } -} - -func TestHelmReleaseReconciler_loadHelmChart(t *testing.T) { - g := NewWithT(t) - - b, err := os.ReadFile("testdata/chart-0.1.0.tgz") - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(b).ToNot(BeNil()) - dig := digest.SHA256.FromBytes(b) - - const chartPath = "/chart.tgz" - server := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { - if req.URL.Path == chartPath { - res.WriteHeader(http.StatusOK) - _, _ = res.Write(b) - return - } - res.WriteHeader(http.StatusInternalServerError) - return - })) - t.Cleanup(server.Close) - - chartURL := server.URL + chartPath - - client := retryablehttp.NewClient() - client.Logger = nil - client.RetryMax = 2 - - t.Run("loads HelmChart from Artifact URL", func(t *testing.T) { - g := NewWithT(t) - - r := &HelmReleaseReconciler{ - Client: fake.NewClientBuilder().Build(), - EventRecorder: record.NewFakeRecorder(32), - httpClient: client, - } - got, err := r.loadHelmChart(&sourcev1b2.HelmChart{ - Status: sourcev1b2.HelmChartStatus{ - Artifact: &sourcev1.Artifact{ - URL: chartURL, - Digest: dig.String(), - }, - }, - }) - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(got).ToNot(BeNil()) - g.Expect(got.Name()).To(Equal("chart")) - g.Expect(got.Metadata.Version).To(Equal("0.1.0")) - }) - - t.Run("error on Artifact digest mismatch", func(t *testing.T) { - g := NewWithT(t) - - r := &HelmReleaseReconciler{ - Client: fake.NewClientBuilder().Build(), - EventRecorder: record.NewFakeRecorder(32), - httpClient: client, - } - got, err := r.loadHelmChart(&sourcev1b2.HelmChart{ - Status: sourcev1b2.HelmChartStatus{ - Artifact: &sourcev1.Artifact{ - URL: chartURL, - Digest: "", - }, - }, - }) - g.Expect(err).To(HaveOccurred()) - g.Expect(got).To(BeNil()) - }) - - t.Run("error on server error", func(t *testing.T) { - g := NewWithT(t) - - r := &HelmReleaseReconciler{ - Client: fake.NewClientBuilder().Build(), - EventRecorder: record.NewFakeRecorder(32), - httpClient: client, - } - got, err := r.loadHelmChart(&sourcev1b2.HelmChart{ - Status: sourcev1b2.HelmChartStatus{ - Artifact: &sourcev1.Artifact{ - URL: server.URL + "/invalid.tgz", - Digest: "", - }, - }, - }) - g.Expect(err).To(HaveOccurred()) - g.Expect(got).To(BeNil()) - }) - - t.Run("EnvArtifactHostOverwrite overwrites Artifact hostname", func(t *testing.T) { - g := NewWithT(t) - - t.Setenv(EnvArtifactHostOverwrite, strings.TrimPrefix(server.URL, "http://")) - r := &HelmReleaseReconciler{ - Client: fake.NewClientBuilder().Build(), - EventRecorder: record.NewFakeRecorder(32), - httpClient: client, - } - got, err := r.loadHelmChart(&sourcev1b2.HelmChart{ - Status: sourcev1b2.HelmChartStatus{ - Artifact: &sourcev1.Artifact{ - URL: "http://example.com" + chartPath, - Digest: dig.String(), - }, - }, - }) - g.Expect(err).To(Not(HaveOccurred())) - g.Expect(got).ToNot(BeNil()) - }) -} - -func Test_copyAndVerifyArtifact(t *testing.T) { - g := NewWithT(t) - - tmpDir := t.TempDir() - closedF, err := os.CreateTemp(tmpDir, "closed.txt") - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(closedF.Close()).ToNot(HaveOccurred()) - - tests := []struct { - name string - digest string - in io.Reader - out io.Writer - wantErr bool - }{ - { - name: "digest match", - digest: "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae", - in: bytes.NewReader([]byte("foo")), - out: io.Discard, - }, - { - name: "digest mismatch", - digest: "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae", - in: bytes.NewReader([]byte("bar")), - out: io.Discard, - wantErr: true, - }, - { - name: "copy failure (closed file)", - digest: "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae", - in: bytes.NewReader([]byte("foo")), - out: closedF, - wantErr: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - g := NewWithT(t) - - err := copyAndVerifyArtifact(&sourcev1.Artifact{Digest: tt.digest}, tt.in, tt.out) - g.Expect(err != nil).To(Equal(tt.wantErr), err) - }) - } -} - -func Test_replaceHostname(t *testing.T) { - tests := []struct { - name string - URL string - hostname string - want string - wantErr bool - }{ - {"hostname overwrite", "https://example.com/file.txt", "overwrite.com", "https://overwrite.com/file.txt", false}, - {"hostname overwrite with port", "https://example.com:8080/file.txt", "overwrite.com:6666", "https://overwrite.com:6666/file.txt", false}, - {"invalid url", ":malformed./com", "", "", true}, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - g := NewWithT(t) - - got, err := replaceHostname(tt.URL, tt.hostname) - if tt.wantErr { - g.Expect(err).To(HaveOccurred()) - g.Expect(got).To(BeEmpty()) - return - } - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(got).To(Equal(tt.want)) - }) - } -} diff --git a/internal/controller/helmrelease_controller_fuzz_test.go b/internal/controller/helmrelease_controller_fuzz_test.go index 165969689..efa113f02 100644 --- a/internal/controller/helmrelease_controller_fuzz_test.go +++ b/internal/controller/helmrelease_controller_fuzz_test.go @@ -36,145 +36,6 @@ import ( sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" ) -func FuzzHelmReleaseReconciler_composeValues(f *testing.F) { - scheme := testScheme() - - tests := []struct { - targetPath string - valuesKey string - hrValues string - createObject bool - secretData []byte - configData string - }{ - { - targetPath: "flat", - valuesKey: "custom-values.yaml", - secretData: []byte(`flat: - nested: value -nested: value -`), - configData: `flat: value -nested: - configuration: value -`, - hrValues: ` -other: values -`, - createObject: true, - }, - { - targetPath: "'flat'", - valuesKey: "custom-values.yaml", - secretData: []byte(`flat: - nested: value -nested: value -`), - configData: `flat: value -nested: - configuration: value -`, - hrValues: ` -other: values -`, - createObject: true, - }, - { - targetPath: "flat[0]", - secretData: []byte(``), - configData: `flat: value`, - hrValues: ` -other: values -`, - createObject: true, - }, - { - secretData: []byte(`flat: - nested: value -nested: value -`), - configData: `flat: value -nested: - configuration: value -`, - hrValues: ` -other: values -`, - createObject: true, - }, - { - targetPath: "some-value", - hrValues: ` -other: values -`, - createObject: false, - }, - } - - for _, tt := range tests { - f.Add(tt.targetPath, tt.valuesKey, tt.hrValues, tt.createObject, tt.secretData, tt.configData) - } - - f.Fuzz(func(t *testing.T, - targetPath, valuesKey, hrValues string, createObject bool, secretData []byte, configData string) { - - // objectName represents a core Kubernetes name (Secret/ConfigMap) which is validated - // upstream, and also validated by us in the OpenAPI-based validation set in - // v2.ValuesReference. Therefore a static value here suffices, and instead we just - // play with the objects presence/absence. - objectName := "values" - var resources []client.Object - - if createObject { - resources = append(resources, - valuesConfigMap(objectName, map[string]string{valuesKey: configData}), - valuesSecret(objectName, map[string][]byte{valuesKey: secretData}), - ) - } - - references := []v2.ValuesReference{ - { - Kind: "ConfigMap", - Name: objectName, - ValuesKey: valuesKey, - TargetPath: targetPath, - }, - { - Kind: "Secret", - Name: objectName, - ValuesKey: valuesKey, - TargetPath: targetPath, - }, - } - - c := fake.NewClientBuilder().WithScheme(scheme).WithObjects(resources...).Build() - r := &HelmReleaseReconciler{Client: c} - var values *apiextensionsv1.JSON - if hrValues != "" { - v, _ := yaml.YAMLToJSON([]byte(hrValues)) - values = &apiextensionsv1.JSON{Raw: v} - } - - hr := v2.HelmRelease{ - Spec: v2.HelmReleaseSpec{ - ValuesFrom: references, - Values: values, - }, - } - - // OpenAPI-based validation on schema is not verified here. - // Therefore some false positives may be arise, as the apiserver - // would not allow such values to make their way into the control plane. - // - // Testenv could be used so the fuzzing covers the entire E2E. - // The downsize being the resource and time cost per test would be a lot higher. - // - // Another approach could be to add validation to reject invalid inputs before - // the r.composeValues call. - _, _ = r.composeValues(logr.NewContext(context.TODO(), logr.Discard()), hr) - }) -} - func FuzzHelmReleaseReconciler_reconcile(f *testing.F) { scheme := testScheme() tests := []struct { diff --git a/internal/controller/helmrelease_controller_test.go b/internal/controller/helmrelease_controller_test.go index 06e3f4d22..2e4170679 100644 --- a/internal/controller/helmrelease_controller_test.go +++ b/internal/controller/helmrelease_controller_test.go @@ -18,264 +18,119 @@ package controller import ( "context" - "reflect" "strings" "testing" "time" - "github.com/go-logr/logr" - "helm.sh/helm/v3/pkg/chartutil" - corev1 "k8s.io/api/core/v1" + . "github.com/onsi/gomega" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/tools/record" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/yaml" v2 "github.com/fluxcd/helm-controller/api/v2beta1" + sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" ) -func TestHelmReleaseReconciler_composeValues(t *testing.T) { +func TestHelmReleaseReconciler_getHelmChart(t *testing.T) { + g := NewWithT(t) + scheme := runtime.NewScheme() - _ = corev1.AddToScheme(scheme) - _ = v2.AddToScheme(scheme) + g.Expect(v2.AddToScheme(scheme)).To(Succeed()) + g.Expect(sourcev1.AddToScheme(scheme)).To(Succeed()) + + chart := &sourcev1.HelmChart{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "some-namespace", + Name: "some-chart-name", + }, + } tests := []struct { - name string - resources []client.Object - references []v2.ValuesReference - values string - want chartutil.Values - wantErr bool + name string + rel *v2.HelmRelease + chart *sourcev1.HelmChart + expectChart bool + wantErr bool + disallowCrossNS bool }{ { - name: "merges", - resources: []client.Object{ - valuesConfigMap("values", map[string]string{ - "values.yaml": `flat: value -nested: - configuration: value -`, - }), - valuesSecret("values", map[string][]byte{ - "values.yaml": []byte(`flat: - nested: value -nested: value -`), - }), - }, - references: []v2.ValuesReference{ - { - Kind: "ConfigMap", - Name: "values", - }, - { - Kind: "Secret", - Name: "values", - }, - }, - values: ` -other: values -`, - want: chartutil.Values{ - "flat": map[string]interface{}{ - "nested": "value", - }, - "nested": "value", - "other": "values", - }, - }, - { - name: "target path", - resources: []client.Object{ - valuesSecret("values", map[string][]byte{"single": []byte("value")}), - }, - references: []v2.ValuesReference{ - { - Kind: "Secret", - Name: "values", - ValuesKey: "single", - TargetPath: "merge.at.specific.path", - }, - }, - want: chartutil.Values{ - "merge": map[string]interface{}{ - "at": map[string]interface{}{ - "specific": map[string]interface{}{ - "path": "value", - }, - }, - }, - }, - }, - { - name: "target path with boolean value", - resources: []client.Object{ - valuesSecret("values", map[string][]byte{"single": []byte("true")}), - }, - references: []v2.ValuesReference{ - { - Kind: "Secret", - Name: "values", - ValuesKey: "single", - TargetPath: "merge.at.specific.path", - }, - }, - want: chartutil.Values{ - "merge": map[string]interface{}{ - "at": map[string]interface{}{ - "specific": map[string]interface{}{ - "path": true, - }, - }, - }, - }, - }, - { - name: "target path with set-string behavior", - resources: []client.Object{ - valuesSecret("values", map[string][]byte{"single": []byte("\"true\"")}), - }, - references: []v2.ValuesReference{ - { - Kind: "Secret", - Name: "values", - ValuesKey: "single", - TargetPath: "merge.at.specific.path", - }, - }, - want: chartutil.Values{ - "merge": map[string]interface{}{ - "at": map[string]interface{}{ - "specific": map[string]interface{}{ - "path": "true", - }, - }, - }, - }, - }, - { - name: "values reference to non existing secret", - references: []v2.ValuesReference{ - { - Kind: "Secret", - Name: "missing", - }, - }, - wantErr: true, - }, - { - name: "optional values reference to non existing secret", - references: []v2.ValuesReference{ - { - Kind: "Secret", - Name: "missing", - Optional: true, + name: "retrieves HelmChart object from Status", + rel: &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + HelmChart: "some-namespace/some-chart-name", }, }, - want: chartutil.Values{}, - wantErr: false, + chart: chart, + expectChart: true, }, { - name: "values reference to non existing config map", - references: []v2.ValuesReference{ - { - Kind: "ConfigMap", - Name: "missing", + name: "no HelmChart found", + rel: &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + HelmChart: "some-namespace/some-chart-name", }, }, - wantErr: true, + chart: nil, + expectChart: false, + wantErr: true, }, { - name: "optional values reference to non existing config map", - references: []v2.ValuesReference{ - { - Kind: "ConfigMap", - Name: "missing", - Optional: true, - }, - }, - want: chartutil.Values{}, - wantErr: false, - }, - { - name: "missing secret key", - resources: []client.Object{ - valuesSecret("values", nil), - }, - references: []v2.ValuesReference{ - { - Kind: "Secret", - Name: "values", - ValuesKey: "nonexisting", - }, - }, - wantErr: true, - }, - { - name: "missing config map key", - resources: []client.Object{ - valuesConfigMap("values", nil), - }, - references: []v2.ValuesReference{ - { - Kind: "ConfigMap", - Name: "values", - ValuesKey: "nonexisting", + name: "no HelmChart in Status", + rel: &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + HelmChart: "", }, }, - wantErr: true, + chart: chart, + expectChart: false, + wantErr: true, }, { - name: "unsupported values reference kind", - references: []v2.ValuesReference{ - { - Kind: "Unsupported", + name: "ACL disallows cross namespace", + rel: &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "default", }, - }, - wantErr: true, - }, - { - name: "invalid values", - resources: []client.Object{ - valuesConfigMap("values", map[string]string{ - "values.yaml": ` -invalid`, - }), - }, - references: []v2.ValuesReference{ - { - Kind: "ConfigMap", - Name: "values", + Status: v2.HelmReleaseStatus{ + HelmChart: "some-namespace/some-chart-name", }, }, - wantErr: true, + chart: chart, + expectChart: false, + wantErr: true, + disallowCrossNS: true, }, } - for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - c := fake.NewClientBuilder().WithScheme(scheme).WithObjects(tt.resources...).Build() - r := &HelmReleaseReconciler{Client: c} - var values *apiextensionsv1.JSON - if tt.values != "" { - v, _ := yaml.YAMLToJSON([]byte(tt.values)) - values = &apiextensionsv1.JSON{Raw: v} + builder := fake.NewClientBuilder() + builder.WithScheme(scheme) + if tt.chart != nil { + builder.WithObjects(tt.chart) } - hr := v2.HelmRelease{ - Spec: v2.HelmReleaseSpec{ - ValuesFrom: tt.references, - Values: values, - }, + + r := &HelmReleaseReconciler{ + Client: builder.Build(), + EventRecorder: record.NewFakeRecorder(32), + NoCrossNamespaceRef: tt.disallowCrossNS, } - got, err := r.composeValues(logr.NewContext(context.TODO(), logr.Discard()), hr) - if (err != nil) != tt.wantErr { - t.Errorf("composeValues() error = %v, wantErr %v", err, tt.wantErr) + + got, err := r.getHelmChart(context.TODO(), tt.rel) + if tt.wantErr { + g.Expect(err).To(HaveOccurred()) + g.Expect(got).To(BeNil()) return } - if !reflect.DeepEqual(got, tt.want) { - t.Errorf("composeValues() got = %v, want %v", got, tt.want) + g.Expect(err).ToNot(HaveOccurred()) + expect := g.Expect(got.ObjectMeta) + if tt.expectChart { + expect.To(BeEquivalentTo(tt.chart.ObjectMeta)) + } else { + expect.To(BeNil()) } }) } @@ -445,17 +300,3 @@ func TestValuesReferenceValidation(t *testing.T) { }) } } - -func valuesSecret(name string, data map[string][]byte) *corev1.Secret { - return &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Name: name}, - Data: data, - } -} - -func valuesConfigMap(name string, data map[string]string) *corev1.ConfigMap { - return &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{Name: name}, - Data: data, - } -} diff --git a/internal/loader/artifact_url.go b/internal/loader/artifact_url.go new file mode 100644 index 000000000..92ba391d8 --- /dev/null +++ b/internal/loader/artifact_url.go @@ -0,0 +1,91 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package loader + +import ( + "bytes" + _ "crypto/sha256" + _ "crypto/sha512" + "errors" + "fmt" + "io" + "net/http" + + "github.com/hashicorp/go-retryablehttp" + digestlib "github.com/opencontainers/go-digest" + _ "github.com/opencontainers/go-digest/blake3" + "helm.sh/helm/v3/pkg/chart" + "helm.sh/helm/v3/pkg/chart/loader" +) + +var ( + // ErrIntegrity signals a chart loader failed to verify the integrity of + // a chart, for example due to a digest mismatch. + ErrIntegrity = errors.New("integrity failure") +) + +// SecureLoadChartFromURL attempts to download a Helm chart from the given URL +// using the provided client. The retrieved data is verified against the given +// digest before loading the chart. It returns the loaded chart.Chart, or an +// error. The error may be of type ErrIntegrity if the integrity check fails. +func SecureLoadChartFromURL(client *retryablehttp.Client, URL, digest string) (*chart.Chart, error) { + req, err := retryablehttp.NewRequest(http.MethodGet, URL, nil) + if err != nil { + return nil, err + } + + resp, err := client.Do(req) + if err != nil || resp != nil && resp.StatusCode != http.StatusOK { + if err != nil { + return nil, err + } + _ = resp.Body.Close() + return nil, fmt.Errorf("failed to download chart from '%s': %s", URL, resp.Status) + } + + var c bytes.Buffer + if err := copyAndVerify(digest, resp.Body, &c); err != nil { + _ = resp.Body.Close() + return nil, err + } + + if err := resp.Body.Close(); err != nil { + return nil, err + } + return loader.LoadArchive(&c) +} + +// copyAndVerify copies the contents of reader to writer, and verifies the +// integrity of the data using the given digest. It returns an error if the +// integrity check fails. +func copyAndVerify(digest string, reader io.Reader, writer io.Writer) error { + dig, err := digestlib.Parse(digest) + if err != nil { + return fmt.Errorf("failed to parse digest '%s': %w", digest, err) + } + + verifier := dig.Verifier() + mw := io.MultiWriter(verifier, writer) + if _, err := io.Copy(mw, reader); err != nil { + return fmt.Errorf("failed to copy and verify chart artifact: %w", err) + } + + if !verifier.Verified() { + return fmt.Errorf("%w: computed digest doesn't match '%s'", ErrIntegrity, dig) + } + return nil +} diff --git a/internal/loader/artifact_url_test.go b/internal/loader/artifact_url_test.go new file mode 100644 index 000000000..e60795d76 --- /dev/null +++ b/internal/loader/artifact_url_test.go @@ -0,0 +1,150 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package loader + +import ( + "bytes" + "errors" + "io" + "net/http" + "net/http/httptest" + "os" + "testing" + + "github.com/hashicorp/go-retryablehttp" + . "github.com/onsi/gomega" + digestlib "github.com/opencontainers/go-digest" +) + +func TestSecureLoadChartFromURL(t *testing.T) { + g := NewWithT(t) + + b, err := os.ReadFile("testdata/chart-0.1.0.tgz") + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(b).ToNot(BeNil()) + digest := digestlib.SHA256.FromBytes(b) + + const chartPath = "/chart.tgz" + server := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { + if req.URL.Path == chartPath { + res.WriteHeader(http.StatusOK) + _, _ = res.Write(b) + return + } + res.WriteHeader(http.StatusInternalServerError) + })) + t.Cleanup(func() { + server.Close() + }) + + chartURL := server.URL + chartPath + + client := retryablehttp.NewClient() + client.Logger = nil + client.RetryMax = 2 + + t.Run("loads Helm chart from URL", func(t *testing.T) { + g := NewWithT(t) + + got, err := SecureLoadChartFromURL(client, chartURL, digest.String()) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Name()).To(Equal("chart")) + g.Expect(got.Metadata.Version).To(Equal("0.1.0")) + }) + + t.Run("error on chart data digest mismatch", func(t *testing.T) { + g := NewWithT(t) + + got, err := SecureLoadChartFromURL(client, chartURL, digestlib.SHA256.FromString("invalid").String()) + g.Expect(err).To(HaveOccurred()) + g.Expect(errors.Is(err, ErrIntegrity)).To(BeTrue()) + g.Expect(got).To(BeNil()) + }) + + t.Run("error on server error", func(t *testing.T) { + g := NewWithT(t) + + got, err := SecureLoadChartFromURL(client, server.URL+"/invalid.tgz", digest.String()) + g.Expect(err).To(HaveOccurred()) + g.Expect(got).To(BeNil()) + }) +} + +func Test_copyAndVerify(t *testing.T) { + g := NewWithT(t) + + tmpDir := t.TempDir() + closedF, err := os.CreateTemp(tmpDir, "closed.txt") + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(closedF.Close()).ToNot(HaveOccurred()) + + tests := []struct { + name string + digest string + in io.Reader + out io.Writer + wantErr bool + }{ + { + name: "digest match (SHA256)", + digest: digestlib.SHA256.FromString("foo").String(), + in: bytes.NewReader([]byte("foo")), + out: bytes.NewBuffer(nil), + }, + { + name: "digest match (SHA384)", + digest: digestlib.SHA384.FromString("foo").String(), + in: bytes.NewReader([]byte("foo")), + out: bytes.NewBuffer(nil), + }, + { + name: "digest match (SHA512)", + digest: digestlib.SHA512.FromString("foo").String(), + in: bytes.NewReader([]byte("foo")), + out: bytes.NewBuffer(nil), + }, + { + name: "digest match (BLAKE3)", + digest: digestlib.BLAKE3.FromString("foo").String(), + in: bytes.NewReader([]byte("foo")), + out: bytes.NewBuffer(nil), + }, + { + name: "digest mismatch", + digest: digestlib.SHA256.FromString("foo").String(), + in: bytes.NewReader([]byte("bar")), + out: io.Discard, + wantErr: true, + }, + { + name: "copy failure (closed file)", + digest: digestlib.SHA256.FromString("foo").String(), + in: bytes.NewReader([]byte("foo")), + out: closedF, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + err := copyAndVerify(tt.digest, tt.in, tt.out) + g.Expect(err != nil).To(Equal(tt.wantErr), err) + }) + } +} diff --git a/internal/controller/testdata/chart-0.1.0.tgz b/internal/loader/testdata/chart-0.1.0.tgz similarity index 100% rename from internal/controller/testdata/chart-0.1.0.tgz rename to internal/loader/testdata/chart-0.1.0.tgz From c99b00d88557f2ac354d206336895a55a7e79896 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 6 May 2022 11:44:53 +0200 Subject: [PATCH 04/76] Move predicates into package and add tests Signed-off-by: Hidde Beydals --- .../helmrelease_chart_controller.go | 3 +- internal/controller/helmrelease_controller.go | 3 +- .../chart_template_predicate.go | 2 +- .../chart_template_predicate_test.go | 175 ++++++++++++++++++ .../source_predicate.go | 4 +- internal/predicates/source_predicate_test.go | 82 ++++++++ 6 files changed, 265 insertions(+), 4 deletions(-) rename internal/{controller => predicates}/chart_template_predicate.go (98%) create mode 100644 internal/predicates/chart_template_predicate_test.go rename internal/{controller => predicates}/source_predicate.go (92%) create mode 100644 internal/predicates/source_predicate_test.go diff --git a/internal/controller/helmrelease_chart_controller.go b/internal/controller/helmrelease_chart_controller.go index 93b09e3b0..0fd0beca1 100644 --- a/internal/controller/helmrelease_chart_controller.go +++ b/internal/controller/helmrelease_chart_controller.go @@ -47,6 +47,7 @@ import ( sourcev1 "github.com/fluxcd/source-controller/api/v1beta2" v2 "github.com/fluxcd/helm-controller/api/v2beta1" + intpredicates "github.com/fluxcd/helm-controller/internal/predicates" ) type HelmReleaseChartReconciler struct { @@ -70,7 +71,7 @@ func (r *HelmReleaseChartReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *HelmReleaseChartReconciler) SetupWithManagerAndOptions(mgr ctrl.Manager, opts HelmReleaseChartReconcilerOptions) error { return ctrl.NewControllerManagedBy(mgr). For(&v2.HelmRelease{}). - WithEventFilter(predicate.Or(ChartTemplateChangePredicate{}, predicates.ReconcileRequestedPredicate{})). + WithEventFilter(predicate.Or(intpredicates.ChartTemplateChangePredicate{}, predicates.ReconcileRequestedPredicate{})). WithOptions(controller.Options{ RateLimiter: opts.RateLimiter, }). diff --git a/internal/controller/helmrelease_controller.go b/internal/controller/helmrelease_controller.go index 9f3233432..88774112e 100644 --- a/internal/controller/helmrelease_controller.go +++ b/internal/controller/helmrelease_controller.go @@ -63,6 +63,7 @@ import ( "github.com/fluxcd/helm-controller/internal/features" "github.com/fluxcd/helm-controller/internal/kube" "github.com/fluxcd/helm-controller/internal/loader" + intpredicates "github.com/fluxcd/helm-controller/internal/predicates" "github.com/fluxcd/helm-controller/internal/runner" "github.com/fluxcd/helm-controller/internal/util" ) @@ -130,7 +131,7 @@ func (r *HelmReleaseReconciler) SetupWithManager(ctx context.Context, mgr ctrl.M Watches( &sourcev1.HelmChart{}, handler.EnqueueRequestsFromMapFunc(r.requestsForHelmChartChange), - builder.WithPredicates(SourceRevisionChangePredicate{}), + builder.WithPredicates(intpredicates.SourceRevisionChangePredicate{}), ). WithOptions(controller.Options{ RateLimiter: opts.RateLimiter, diff --git a/internal/controller/chart_template_predicate.go b/internal/predicates/chart_template_predicate.go similarity index 98% rename from internal/controller/chart_template_predicate.go rename to internal/predicates/chart_template_predicate.go index 89b569099..660d46d05 100644 --- a/internal/controller/chart_template_predicate.go +++ b/internal/predicates/chart_template_predicate.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controller +package predicates import ( apiequality "k8s.io/apimachinery/pkg/api/equality" diff --git a/internal/predicates/chart_template_predicate_test.go b/internal/predicates/chart_template_predicate_test.go new file mode 100644 index 000000000..46923eb04 --- /dev/null +++ b/internal/predicates/chart_template_predicate_test.go @@ -0,0 +1,175 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package predicates + +import ( + "testing" + + "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/event" + + "github.com/fluxcd/helm-controller/api/v2beta1" +) + +func TestChartTemplateChangePredicate_Create(t *testing.T) { + obj := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{}} + suspended := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{Suspend: true}} + not := &unstructured.Unstructured{} + + tests := []struct { + name string + obj client.Object + want bool + }{ + {name: "new", obj: obj, want: true}, + {name: "suspended", obj: suspended, want: true}, + {name: "not a HelmRelease", obj: not, want: false}, + {name: "nil", obj: nil, want: false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := gomega.NewWithT(t) + + so := ChartTemplateChangePredicate{} + e := event.CreateEvent{ + Object: tt.obj, + } + g.Expect(so.Create(e)).To(gomega.Equal(tt.want)) + }) + } +} + +func TestChartTemplateChangePredicate_Update(t *testing.T) { + templateA := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{ + Chart: v2beta1.HelmChartTemplate{ + Spec: v2beta1.HelmChartTemplateSpec{ + Chart: "chart-name-a", + SourceRef: v2beta1.CrossNamespaceObjectReference{ + Name: "repository", + Kind: "HelmRepository", + }, + }, + }, + }} + templateB := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{ + Chart: v2beta1.HelmChartTemplate{ + Spec: v2beta1.HelmChartTemplateSpec{ + Chart: "chart-name-b", + SourceRef: v2beta1.CrossNamespaceObjectReference{ + Name: "repository", + Kind: "HelmRepository", + }, + }, + }, + }} + templateWithMetaA := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{ + Chart: v2beta1.HelmChartTemplate{ + ObjectMeta: &v2beta1.HelmChartTemplateObjectMeta{ + Labels: map[string]string{ + "key": "value", + }, + Annotations: map[string]string{ + "key": "value", + }, + }, + Spec: v2beta1.HelmChartTemplateSpec{ + Chart: "chart-name-a", + SourceRef: v2beta1.CrossNamespaceObjectReference{ + Name: "repository", + Kind: "HelmRepository", + }, + }, + }, + }} + templateWithMetaB := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{ + Chart: v2beta1.HelmChartTemplate{ + ObjectMeta: &v2beta1.HelmChartTemplateObjectMeta{ + Labels: map[string]string{ + "key": "new-value", + }, + Annotations: map[string]string{ + "key": "new-value", + }, + }, + }, + }} + empty := &v2beta1.HelmRelease{} + suspended := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{Suspend: true}} + not := &unstructured.Unstructured{} + + tests := []struct { + name string + old client.Object + new client.Object + want bool + }{ + {name: "same template", old: templateA, new: templateA, want: false}, + {name: "diff template", old: templateA, new: templateB, want: true}, + {name: "same template with meta", old: templateWithMetaA, new: templateWithMetaA, want: false}, + {name: "diff template with meta", old: templateWithMetaA, new: templateWithMetaB, want: true}, + {name: "new with template", old: empty, new: templateA, want: true}, + {name: "old with template", old: templateA, new: empty, want: true}, + {name: "new suspended", old: templateA, new: suspended, want: true}, + {name: "old suspended new template", old: suspended, new: templateA, want: true}, + {name: "old not a HelmRelease", old: not, new: templateA, want: false}, + {name: "new not a HelmRelease", old: templateA, new: not, want: false}, + {name: "old nil", old: nil, new: templateA, want: false}, + {name: "new nil", old: templateA, new: nil, want: false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := gomega.NewWithT(t) + + so := ChartTemplateChangePredicate{} + e := event.UpdateEvent{ + ObjectOld: tt.old, + ObjectNew: tt.new, + } + g.Expect(so.Update(e)).To(gomega.Equal(tt.want)) + }) + } +} + +func TestChartTemplateChangePredicate_Delete(t *testing.T) { + obj := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{}} + suspended := &v2beta1.HelmRelease{Spec: v2beta1.HelmReleaseSpec{Suspend: true}} + not := &unstructured.Unstructured{} + + tests := []struct { + name string + obj client.Object + want bool + }{ + {name: "object", obj: obj, want: true}, + {name: "suspended", obj: suspended, want: true}, + {name: "not a HelmRelease", obj: not, want: false}, + {name: "nil", obj: nil, want: false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := gomega.NewWithT(t) + + so := ChartTemplateChangePredicate{} + e := event.DeleteEvent{ + Object: tt.obj, + } + g.Expect(so.Delete(e)).To(gomega.Equal(tt.want)) + }) + } +} diff --git a/internal/controller/source_predicate.go b/internal/predicates/source_predicate.go similarity index 92% rename from internal/controller/source_predicate.go rename to internal/predicates/source_predicate.go index 8e5be1656..2fc03a4ce 100644 --- a/internal/controller/source_predicate.go +++ b/internal/predicates/source_predicate.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controller +package predicates import ( "sigs.k8s.io/controller-runtime/pkg/event" @@ -23,6 +23,8 @@ import ( sourcev1 "github.com/fluxcd/source-controller/api/v1" ) +// SourceRevisionChangePredicate detects revision changes to the v1beta2.Artifact +// of a v1beta2.Source object. type SourceRevisionChangePredicate struct { predicate.Funcs } diff --git a/internal/predicates/source_predicate_test.go b/internal/predicates/source_predicate_test.go new file mode 100644 index 000000000..14239b3dd --- /dev/null +++ b/internal/predicates/source_predicate_test.go @@ -0,0 +1,82 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package predicates + +import ( + "testing" + "time" + + "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/event" + + sourcev1 "github.com/fluxcd/source-controller/api/v1" +) + +func TestSourceRevisionChangePredicate_Update(t *testing.T) { + sourceA := &sourceMock{revision: "revision-a"} + sourceB := &sourceMock{revision: "revision-b"} + emptySource := &sourceMock{} + notASource := &unstructured.Unstructured{} + + tests := []struct { + name string + old client.Object + new client.Object + want bool + }{ + {name: "same artifact revision", old: sourceA, new: sourceA, want: false}, + {name: "diff artifact revision", old: sourceA, new: sourceB, want: true}, + {name: "new with artifact", old: emptySource, new: sourceA, want: true}, + {name: "old with artifact", old: sourceA, new: emptySource, want: false}, + {name: "old not a source", old: notASource, new: sourceA, want: false}, + {name: "new not a source", old: sourceA, new: notASource, want: false}, + {name: "old nil", old: nil, new: sourceA, want: false}, + {name: "new nil", old: sourceA, new: nil, want: false}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := gomega.NewWithT(t) + + so := SourceRevisionChangePredicate{} + e := event.UpdateEvent{ + ObjectOld: tt.old, + ObjectNew: tt.new, + } + g.Expect(so.Update(e)).To(gomega.Equal(tt.want)) + }) + } +} + +type sourceMock struct { + unstructured.Unstructured + revision string +} + +func (m sourceMock) GetRequeueAfter() time.Duration { + return time.Second * 0 +} + +func (m *sourceMock) GetArtifact() *sourcev1.Artifact { + if m.revision != "" { + return &sourcev1.Artifact{ + Revision: m.revision, + } + } + return nil +} From 730ccec91f0c4e0457f3547d545bfdec60a3a1a6 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 6 May 2022 12:17:24 +0200 Subject: [PATCH 05/76] Move post renderers into separate package Plus change the tests a tiny bit to work with Gomega, and break the further API free from direct attachment to our Helm API objects. Signed-off-by: Hidde Beydals --- .../combined.go} | 22 ++-- .../kustomize.go} | 118 +++++++++--------- .../kustomize_test.go} | 25 ++-- .../origin_labels.go} | 26 ++-- .../origin_labels_test.go} | 24 ++-- internal/runner/runner.go | 18 ++- 6 files changed, 120 insertions(+), 113 deletions(-) rename internal/{runner/post_renderer.go => postrender/combined.go} (61%) rename internal/{runner/post_renderer_kustomize.go => postrender/kustomize.go} (94%) rename internal/{runner/post_renderer_kustomize_test.go => postrender/kustomize_test.go} (93%) rename internal/{runner/post_renderer_origin_labels.go => postrender/origin_labels.go} (68%) rename internal/{runner/post_renderer_origin_labels_test.go => postrender/origin_labels_test.go} (76%) diff --git a/internal/runner/post_renderer.go b/internal/postrender/combined.go similarity index 61% rename from internal/runner/post_renderer.go rename to internal/postrender/combined.go index 45ad3c501..54190fa46 100644 --- a/internal/runner/post_renderer.go +++ b/internal/postrender/combined.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package runner +package postrender import ( "bytes" @@ -22,24 +22,22 @@ import ( "helm.sh/helm/v3/pkg/postrender" ) -// combinedPostRenderer, a collection of Helm PostRenders which are +// Combined is a collection of Helm PostRenders which are // invoked in the order of insertion. -type combinedPostRenderer struct { +type Combined struct { renderers []postrender.PostRenderer } -func newCombinedPostRenderer() combinedPostRenderer { - return combinedPostRenderer{ - renderers: make([]postrender.PostRenderer, 0), +func NewCombined(renderer ...postrender.PostRenderer) *Combined { + pr := make([]postrender.PostRenderer, 0) + pr = append(pr, renderer...) + return &Combined{ + renderers: pr, } } -func (c *combinedPostRenderer) addRenderer(renderer postrender.PostRenderer) { - c.renderers = append(c.renderers, renderer) -} - -func (c *combinedPostRenderer) Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) { - var result *bytes.Buffer = renderedManifests +func (c *Combined) Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) { + var result = renderedManifests for _, renderer := range c.renderers { result, err = renderer.Run(result) if err != nil { diff --git a/internal/runner/post_renderer_kustomize.go b/internal/postrender/kustomize.go similarity index 94% rename from internal/runner/post_renderer_kustomize.go rename to internal/postrender/kustomize.go index e55d1512a..aec9e694f 100644 --- a/internal/runner/post_renderer_kustomize.go +++ b/internal/postrender/kustomize.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package runner +package postrender import ( "bytes" @@ -31,71 +31,17 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta1" ) -type postRendererKustomize struct { +type Kustomize struct { spec *v2.Kustomize } -func newPostRendererKustomize(spec *v2.Kustomize) *postRendererKustomize { - return &postRendererKustomize{ +func NewKustomize(spec *v2.Kustomize) *Kustomize { + return &Kustomize{ spec: spec, } } -func writeToFile(fs filesys.FileSystem, path string, content []byte) error { - helmOutput, err := fs.Create(path) - if err != nil { - return err - } - if _, err = helmOutput.Write(content); err != nil { - return err - } - if err = helmOutput.Close(); err != nil { - return err - } - return nil -} - -func writeFile(fs filesys.FileSystem, path string, content *bytes.Buffer) error { - helmOutput, err := fs.Create(path) - if err != nil { - return err - } - if _, err = content.WriteTo(helmOutput); err != nil { - return err - } - if err = helmOutput.Close(); err != nil { - return err - } - return nil -} - -func adaptImages(images []kustomize.Image) (output []kustypes.Image) { - for _, image := range images { - output = append(output, kustypes.Image{ - Name: image.Name, - NewName: image.NewName, - NewTag: image.NewTag, - Digest: image.Digest, - }) - } - return -} - -func adaptSelector(selector *kustomize.Selector) (output *kustypes.Selector) { - if selector != nil { - output = &kustypes.Selector{} - output.Gvk.Group = selector.Group - output.Gvk.Kind = selector.Kind - output.Gvk.Version = selector.Version - output.Name = selector.Name - output.Namespace = selector.Namespace - output.LabelSelector = selector.LabelSelector - output.AnnotationSelector = selector.AnnotationSelector - } - return -} - -func (k *postRendererKustomize) Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) { +func (k *Kustomize) Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) { fs := filesys.MakeFsInMemory() cfg := kustypes.Kustomization{} cfg.APIVersion = kustypes.KustomizationVersion @@ -153,6 +99,60 @@ func (k *postRendererKustomize) Run(renderedManifests *bytes.Buffer) (modifiedMa return bytes.NewBuffer(yaml), nil } +func writeToFile(fs filesys.FileSystem, path string, content []byte) error { + helmOutput, err := fs.Create(path) + if err != nil { + return err + } + if _, err = helmOutput.Write(content); err != nil { + return err + } + if err = helmOutput.Close(); err != nil { + return err + } + return nil +} + +func writeFile(fs filesys.FileSystem, path string, content *bytes.Buffer) error { + helmOutput, err := fs.Create(path) + if err != nil { + return err + } + if _, err = content.WriteTo(helmOutput); err != nil { + return err + } + if err = helmOutput.Close(); err != nil { + return err + } + return nil +} + +func adaptImages(images []kustomize.Image) (output []kustypes.Image) { + for _, image := range images { + output = append(output, kustypes.Image{ + Name: image.Name, + NewName: image.NewName, + NewTag: image.NewTag, + Digest: image.Digest, + }) + } + return +} + +func adaptSelector(selector *kustomize.Selector) (output *kustypes.Selector) { + if selector != nil { + output = &kustypes.Selector{} + output.Gvk.Group = selector.Group + output.Gvk.Kind = selector.Kind + output.Gvk.Version = selector.Version + output.Name = selector.Name + output.Namespace = selector.Namespace + output.LabelSelector = selector.LabelSelector + output.AnnotationSelector = selector.AnnotationSelector + } + return +} + // TODO: remove mutex when kustomize fixes the concurrent map read/write panic var kustomizeRenderMutex sync.Mutex diff --git a/internal/runner/post_renderer_kustomize_test.go b/internal/postrender/kustomize_test.go similarity index 93% rename from internal/runner/post_renderer_kustomize_test.go rename to internal/postrender/kustomize_test.go index 31f322e82..f8856a413 100644 --- a/internal/runner/post_renderer_kustomize_test.go +++ b/internal/postrender/kustomize_test.go @@ -14,14 +14,14 @@ See the License for the specific language governing permissions and limitations under the License. */ -package runner +package postrender import ( "bytes" "encoding/json" - "reflect" "testing" + . "github.com/onsi/gomega" v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "sigs.k8s.io/yaml" @@ -253,22 +253,23 @@ spec: } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + spec, err := mockKustomize(tt.patches, tt.patchesStrategicMerge, tt.patchesJson6902, tt.images) - if err != nil { - t.Errorf("Run() mockKustomize returned %v", err) - return - } - k := &postRendererKustomize{ + g.Expect(err).ToNot(HaveOccurred()) + + k := &Kustomize{ spec: spec, } gotModifiedManifests, err := k.Run(bytes.NewBufferString(tt.renderedManifests)) - if (err != nil) != tt.expectErr { - t.Errorf("Run() error = %v, expectErr %v", err, tt.expectErr) + if tt.expectErr { + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(gotModifiedManifests.String()).To(BeEmpty()) return } - if !reflect.DeepEqual(gotModifiedManifests, bytes.NewBufferString(tt.expectManifests)) { - t.Errorf("Run() gotModifiedManifests = %v, want %v", gotModifiedManifests, tt.expectManifests) - } + + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(gotModifiedManifests).To(Equal(bytes.NewBufferString(tt.expectManifests))) }) } } diff --git a/internal/runner/post_renderer_origin_labels.go b/internal/postrender/origin_labels.go similarity index 68% rename from internal/runner/post_renderer_origin_labels.go rename to internal/postrender/origin_labels.go index 47437de05..34974a065 100644 --- a/internal/runner/post_renderer_origin_labels.go +++ b/internal/postrender/origin_labels.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package runner +package postrender import ( "bytes" @@ -24,23 +24,23 @@ import ( "sigs.k8s.io/kustomize/api/provider" "sigs.k8s.io/kustomize/api/resmap" kustypes "sigs.k8s.io/kustomize/api/types" - - v2 "github.com/fluxcd/helm-controller/api/v2beta1" ) -func newPostRendererOriginLabels(release *v2.HelmRelease) *postRendererOriginLabels { - return &postRendererOriginLabels{ - name: release.ObjectMeta.Name, - namespace: release.ObjectMeta.Namespace, +func NewOriginLabels(group, namespace, name string) *OriginLabels { + return &OriginLabels{ + group: group, + name: name, + namespace: namespace, } } -type postRendererOriginLabels struct { +type OriginLabels struct { + group string name string namespace string } -func (k *postRendererOriginLabels) Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) { +func (k *OriginLabels) Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) { resFactory := provider.NewDefaultDepProvider().GetResourceFactory() resMapFactory := resmap.NewFactory(resFactory) @@ -50,7 +50,7 @@ func (k *postRendererOriginLabels) Run(renderedManifests *bytes.Buffer) (modifie } labelTransformer := builtins.LabelTransformerPlugin{ - Labels: originLabels(k.name, k.namespace), + Labels: originLabels(k.group, k.namespace, k.name), FieldSpecs: []kustypes.FieldSpec{ {Path: "metadata/labels", CreateIfNotPresent: true}, }, @@ -67,9 +67,9 @@ func (k *postRendererOriginLabels) Run(renderedManifests *bytes.Buffer) (modifie return bytes.NewBuffer(yaml), nil } -func originLabels(name, namespace string) map[string]string { +func originLabels(group, namespace, name string) map[string]string { return map[string]string{ - fmt.Sprintf("%s/name", v2.GroupVersion.Group): name, - fmt.Sprintf("%s/namespace", v2.GroupVersion.Group): namespace, + fmt.Sprintf("%s/name", group): name, + fmt.Sprintf("%s/namespace", group): namespace, } } diff --git a/internal/runner/post_renderer_origin_labels_test.go b/internal/postrender/origin_labels_test.go similarity index 76% rename from internal/runner/post_renderer_origin_labels_test.go rename to internal/postrender/origin_labels_test.go index 14a03c23a..1d3d344af 100644 --- a/internal/runner/post_renderer_origin_labels_test.go +++ b/internal/postrender/origin_labels_test.go @@ -14,12 +14,13 @@ See the License for the specific language governing permissions and limitations under the License. */ -package runner +package postrender import ( "bytes" - "reflect" "testing" + + . "github.com/onsi/gomega" ) const mixedResourceMock = `apiVersion: v1 @@ -35,7 +36,7 @@ metadata: existing: label ` -func Test_postRendererOriginLabels_Run(t *testing.T) { +func Test_OriginLabels_Run(t *testing.T) { tests := []struct { name string renderedManifests string @@ -66,18 +67,17 @@ metadata: } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - k := &postRendererOriginLabels{ - name: "name", - namespace: "namespace", - } + g := NewWithT(t) + + k := NewOriginLabels("helm.toolkit.fluxcd.io", "namespace", "name") gotModifiedManifests, err := k.Run(bytes.NewBufferString(tt.renderedManifests)) - if (err != nil) != tt.expectErr { - t.Errorf("Run() error = %v, expectErr %v", err, tt.expectErr) + if tt.expectErr { + g.Expect(err).To(HaveOccurred()) + g.Expect(gotModifiedManifests.String()).To(BeEmpty()) return } - if !reflect.DeepEqual(gotModifiedManifests, bytes.NewBufferString(tt.expectManifests)) { - t.Errorf("Run() gotModifiedManifests = %v, want %v", gotModifiedManifests, tt.expectManifests) - } + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(gotModifiedManifests).To(Equal(bytes.NewBufferString(tt.expectManifests))) }) } } diff --git a/internal/runner/runner.go b/internal/runner/runner.go index afdce270e..c63e2c608 100644 --- a/internal/runner/runner.go +++ b/internal/runner/runner.go @@ -46,6 +46,7 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta1" "github.com/fluxcd/helm-controller/internal/features" + intpostrender "github.com/fluxcd/helm-controller/internal/postrender" ) var accessor = meta.NewAccessor() @@ -100,17 +101,17 @@ func NewRunner(getter genericclioptions.RESTClientGetter, storageNamespace strin // Create post renderer instances from HelmRelease and combine them into // a single combined post renderer. func postRenderers(hr v2.HelmRelease) (postrender.PostRenderer, error) { - var combinedRenderer = newCombinedPostRenderer() + renderers := make([]postrender.PostRenderer, 0) for _, r := range hr.Spec.PostRenderers { if r.Kustomize != nil { - combinedRenderer.addRenderer(newPostRendererKustomize(r.Kustomize)) + renderers = append(renderers, intpostrender.NewKustomize(r.Kustomize)) } } - combinedRenderer.addRenderer(newPostRendererOriginLabels(&hr)) - if len(combinedRenderer.renderers) == 0 { + renderers = append(renderers, intpostrender.NewOriginLabels(v2.GroupVersion.Group, hr.Namespace, hr.Name)) + if len(renderers) == 0 { return nil, nil } - return &combinedRenderer, nil + return intpostrender.NewCombined(renderers...), nil } // Install runs a Helm install action for the given v2beta1.HelmRelease. @@ -459,6 +460,13 @@ func mergeLabels(obj runtime.Object, labels map[string]string) error { return accessor.SetLabels(obj, mergeStrStrMaps(current, labels)) } +func originLabels(name, namespace string) map[string]string { + return map[string]string{ + fmt.Sprintf("%s/name", v2.GroupVersion.Group): name, + fmt.Sprintf("%s/namespace", v2.GroupVersion.Group): namespace, + } +} + func resourceString(info *resource.Info) string { _, k := info.Mapping.GroupVersionKind.ToAPIVersionAndKind() return fmt.Sprintf( From 14e08f791fe604044884bc46277e2bb0f92581a2 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 1 Jul 2022 12:53:04 +0200 Subject: [PATCH 06/76] api: introduce v2beta2 API This is an initial introduction, and still subject to changes. The storage version is still configured to v2beta1. This allows low level packages to already work with the new object data, but keeps it away from the reconciler for now. The changes mainly focus around removing the helper methods from the API, and to enrich the status object with more data about the current and previous revision. With the goal to deprecate all `LastAttempted*` and `LastApplied*` fields, as this data is now available in `Current` and `Previous`. Signed-off-by: Hidde Beydals --- PROJECT | 4 + api/v2beta1/helmrelease_types.go | 1 + api/v2beta1/zz_generated.deepcopy.go | 2 +- api/v2beta2/condition_types.go | 102 ++ api/v2beta2/doc.go | 20 + api/v2beta2/groupversion_info.go | 33 + api/v2beta2/helmrelease_types.go | 1095 +++++++++++++++++ api/v2beta2/reference_types.go | 88 ++ api/v2beta2/zz_generated.deepcopy.go | 613 +++++++++ .../helm.toolkit.fluxcd.io_helmreleases.yaml | 1045 ++++++++++++++++ hack/boilerplate.go.txt | 2 +- 11 files changed, 3003 insertions(+), 2 deletions(-) create mode 100644 api/v2beta2/condition_types.go create mode 100644 api/v2beta2/doc.go create mode 100644 api/v2beta2/groupversion_info.go create mode 100644 api/v2beta2/helmrelease_types.go create mode 100644 api/v2beta2/reference_types.go create mode 100644 api/v2beta2/zz_generated.deepcopy.go diff --git a/PROJECT b/PROJECT index 4b09ffd52..d8d16add1 100644 --- a/PROJECT +++ b/PROJECT @@ -4,4 +4,8 @@ resources: - group: helm kind: HelmRelease version: v2beta1 +- group: helm + kind: HelmRelease + version: v2beta2 +storageVersion: v2beta1 version: "2" diff --git a/api/v2beta1/helmrelease_types.go b/api/v2beta1/helmrelease_types.go index 4678a35cc..427ac816e 100644 --- a/api/v2beta1/helmrelease_types.go +++ b/api/v2beta1/helmrelease_types.go @@ -1017,6 +1017,7 @@ const ( // +genclient:Namespaced // +kubebuilder:object:root=true // +kubebuilder:resource:shortName=hr +// +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" diff --git a/api/v2beta1/zz_generated.deepcopy.go b/api/v2beta1/zz_generated.deepcopy.go index a224748e3..09a86ca77 100644 --- a/api/v2beta1/zz_generated.deepcopy.go +++ b/api/v2beta1/zz_generated.deepcopy.go @@ -2,7 +2,7 @@ // +build !ignore_autogenerated /* -Copyright 2021 The Flux authors +Copyright 2022 The Flux authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/api/v2beta2/condition_types.go b/api/v2beta2/condition_types.go new file mode 100644 index 000000000..23b579c0d --- /dev/null +++ b/api/v2beta2/condition_types.go @@ -0,0 +1,102 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v2beta2 + +// ChartFinalizer is set on a HelmRelease when a HelmChart object is created +// for it, and removed when this object has been deleted. +const ChartFinalizer = "chart.finalizers.fluxcd.io" + +const ( + // ReleasedCondition represents the status of the last release attempt + // (install/upgrade/test) against the latest desired state. + ReleasedCondition string = "Released" + + // TestSuccessCondition represents the status of the last test attempt against + // the latest desired state. + TestSuccessCondition string = "TestSuccess" + + // RemediatedCondition represents the status of the last remediation attempt + // (uninstall/rollback) due to a failure of the last release attempt against the + // latest desired state. + RemediatedCondition string = "Remediated" +) + +const ( + // InstallSucceededReason represents the fact that the Helm install for the + // HelmRelease succeeded. + InstallSucceededReason string = "InstallSucceeded" + + // InstallFailedReason represents the fact that the Helm install for the + // HelmRelease failed. + InstallFailedReason string = "InstallFailed" + + // UpgradeSucceededReason represents the fact that the Helm upgrade for the + // HelmRelease succeeded. + UpgradeSucceededReason string = "UpgradeSucceeded" + + // UpgradeFailedReason represents the fact that the Helm upgrade for the + // HelmRelease failed. + UpgradeFailedReason string = "UpgradeFailed" + + // TestSucceededReason represents the fact that the Helm tests for the + // HelmRelease succeeded. + TestSucceededReason string = "TestSucceeded" + + // TestFailedReason represents the fact that the Helm tests for the HelmRelease + // failed. + TestFailedReason string = "TestFailed" + + // RollbackSucceededReason represents the fact that the Helm rollback for the + // HelmRelease succeeded. + RollbackSucceededReason string = "RollbackSucceeded" + + // RollbackFailedReason represents the fact that the Helm test for the + // HelmRelease failed. + RollbackFailedReason string = "RollbackFailed" + + // UninstallSucceededReason represents the fact that the Helm uninstall for the + // HelmRelease succeeded. + UninstallSucceededReason string = "UninstallSucceeded" + + // UninstallFailedReason represents the fact that the Helm uninstall for the + // HelmRelease failed. + UninstallFailedReason string = "UninstallFailed" + + // ArtifactFailedReason represents the fact that the artifact download for the + // HelmRelease failed. + ArtifactFailedReason string = "ArtifactFailed" + + // InitFailedReason represents the fact that the initialization of the Helm + // configuration failed. + InitFailedReason string = "InitFailed" + + // GetLastReleaseFailedReason represents the fact that observing the last + // release failed. + GetLastReleaseFailedReason string = "GetLastReleaseFailed" + + // DependencyNotReadyReason represents the fact that + // one of the dependencies is not ready. + DependencyNotReadyReason string = "DependencyNotReady" + + // ReconciliationSucceededReason represents the fact that + // the reconciliation succeeded. + ReconciliationSucceededReason string = "ReconciliationSucceeded" + + // ReconciliationFailedReason represents the fact that + // the reconciliation failed. + ReconciliationFailedReason string = "ReconciliationFailed" +) diff --git a/api/v2beta2/doc.go b/api/v2beta2/doc.go new file mode 100644 index 000000000..282bff813 --- /dev/null +++ b/api/v2beta2/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v2beta2 contains API Schema definitions for the helm v2beta2 API group +// +kubebuilder:object:generate=true +// +groupName=helm.toolkit.fluxcd.io +package v2beta2 diff --git a/api/v2beta2/groupversion_info.go b/api/v2beta2/groupversion_info.go new file mode 100644 index 000000000..ea03d5f67 --- /dev/null +++ b/api/v2beta2/groupversion_info.go @@ -0,0 +1,33 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v2beta2 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "helm.toolkit.fluxcd.io", Version: "v2beta2"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go new file mode 100644 index 000000000..7eb959759 --- /dev/null +++ b/api/v2beta2/helmrelease_types.go @@ -0,0 +1,1095 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v2beta2 + +import ( + "encoding/json" + "strings" + "time" + + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + + "github.com/fluxcd/pkg/apis/kustomize" + "github.com/fluxcd/pkg/apis/meta" +) + +const ( + // HelmReleaseKind is the kind in string format. + HelmReleaseKind = "HelmRelease" + // HelmReleaseFinalizer is set on a HelmRelease when it is first handled by + // the controller, and removed when this object is deleted. + HelmReleaseFinalizer = "finalizers.fluxcd.io" +) + +// Kustomize Helm PostRenderer specification. +type Kustomize struct { + // Strategic merge and JSON patches, defined as inline YAML objects, + // capable of targeting objects based on kind, label and annotation selectors. + // +optional + Patches []kustomize.Patch `json:"patches,omitempty"` + + // Strategic merge patches, defined as inline YAML objects. + // +optional + PatchesStrategicMerge []apiextensionsv1.JSON `json:"patchesStrategicMerge,omitempty"` + + // JSON 6902 patches, defined as inline YAML objects. + // +optional + PatchesJSON6902 []kustomize.JSON6902Patch `json:"patchesJson6902,omitempty"` + + // Images is a list of (image name, new name, new tag or digest) + // for changing image names, tags or digests. This can also be achieved with a + // patch, but this operator is simpler to specify. + // +optional + Images []kustomize.Image `json:"images,omitempty" yaml:"images,omitempty"` +} + +// PostRenderer contains a Helm PostRenderer specification. +type PostRenderer struct { + // Kustomization to apply as PostRenderer. + // +optional + Kustomize *Kustomize `json:"kustomize,omitempty"` +} + +// HelmReleaseSpec defines the desired state of a Helm release. +type HelmReleaseSpec struct { + // Chart defines the template of the v1beta2.HelmChart that should be created + // for this HelmRelease. + // +required + Chart HelmChartTemplate `json:"chart"` + + // Interval at which to reconcile the Helm release. + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + // +required + Interval metav1.Duration `json:"interval"` + + // KubeConfig for reconciling the HelmRelease on a remote cluster. + // When used in combination with HelmReleaseSpec.ServiceAccountName, + // forces the controller to act on behalf of that Service Account at the + // target cluster. + // If the --default-service-account flag is set, its value will be used as + // a controller level fallback for when HelmReleaseSpec.ServiceAccountName + // is empty. + // +optional + KubeConfig *meta.KubeConfigReference `json:"kubeConfig,omitempty"` + + // Suspend tells the controller to suspend reconciliation for this HelmRelease, + // it does not apply to already started reconciliations. Defaults to false. + // +optional + Suspend bool `json:"suspend,omitempty"` + + // ReleaseName used for the Helm release. Defaults to a composition of + // '[TargetNamespace-]Name'. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=53 + // +kubebuilder:validation:Optional + // +optional + ReleaseName string `json:"releaseName,omitempty"` + + // TargetNamespace to target when performing operations for the HelmRelease. + // Defaults to the namespace of the HelmRelease. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Optional + // +optional + TargetNamespace string `json:"targetNamespace,omitempty"` + + // StorageNamespace used for the Helm storage. + // Defaults to the namespace of the HelmRelease. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Optional + // +optional + StorageNamespace string `json:"storageNamespace,omitempty"` + + // DependsOn may contain a meta.NamespacedObjectReference slice with + // references to HelmRelease resources that must be ready before this HelmRelease + // can be reconciled. + // +optional + DependsOn []meta.NamespacedObjectReference `json:"dependsOn,omitempty"` + + // Timeout is the time to wait for any individual Kubernetes operation (like Jobs + // for hooks) during the performance of a Helm action. Defaults to '5m0s'. + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + // +optional + Timeout *metav1.Duration `json:"timeout,omitempty"` + + // MaxHistory is the number of revisions saved by Helm for this HelmRelease. + // Use '0' for an unlimited number of revisions; defaults to '10'. + // +optional + MaxHistory *int `json:"maxHistory,omitempty"` + + // The name of the Kubernetes service account to impersonate + // when reconciling this HelmRelease. + // +optional + ServiceAccountName string `json:"serviceAccountName,omitempty"` + + // PersistentClient tells the controller to use a persistent Kubernetes + // client for this release. When enabled, the client will be reused for the + // duration of the reconciliation, instead of being created and destroyed + // for each (step of a) Helm action. + // + // This can improve performance, but may cause issues with some Helm charts + // that for example do create Custom Resource Definitions during installation + // outside Helm's CRD lifecycle hooks, which are then not observed to be + // available by e.g. post-install hooks. + // + // If not set, it defaults to true. + // + // +optional + PersistentClient *bool `json:"persistentClient,omitempty"` + + // Install holds the configuration for Helm install actions for this HelmRelease. + // +optional + Install *Install `json:"install,omitempty"` + + // Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. + // +optional + Upgrade *Upgrade `json:"upgrade,omitempty"` + + // Test holds the configuration for Helm test actions for this HelmRelease. + // +optional + Test *Test `json:"test,omitempty"` + + // Rollback holds the configuration for Helm rollback actions for this HelmRelease. + // +optional + Rollback *Rollback `json:"rollback,omitempty"` + + // Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. + // +optional + Uninstall *Uninstall `json:"uninstall,omitempty"` + + // ValuesFrom holds references to resources containing Helm values for this HelmRelease, + // and information about how they should be merged. + ValuesFrom []ValuesReference `json:"valuesFrom,omitempty"` + + // Values holds the values for this Helm release. + // +optional + Values *apiextensionsv1.JSON `json:"values,omitempty"` + + // PostRenderers holds an array of Helm PostRenderers, which will be applied in order + // of their definition. + // +optional + PostRenderers []PostRenderer `json:"postRenderers,omitempty"` +} + +// GetInstall returns the configuration for Helm install actions for the +// HelmRelease. +func (in HelmReleaseSpec) GetInstall() Install { + if in.Install == nil { + return Install{} + } + return *in.Install +} + +// GetUpgrade returns the configuration for Helm upgrade actions for this +// HelmRelease. +func (in HelmReleaseSpec) GetUpgrade() Upgrade { + if in.Upgrade == nil { + return Upgrade{} + } + return *in.Upgrade +} + +// GetTest returns the configuration for Helm test actions for this HelmRelease. +func (in HelmReleaseSpec) GetTest() Test { + if in.Test == nil { + return Test{} + } + return *in.Test +} + +// GetRollback returns the configuration for Helm rollback actions for this +// HelmRelease. +func (in HelmReleaseSpec) GetRollback() Rollback { + if in.Rollback == nil { + return Rollback{} + } + return *in.Rollback +} + +// GetUninstall returns the configuration for Helm uninstall actions for this +// HelmRelease. +func (in HelmReleaseSpec) GetUninstall() Uninstall { + if in.Uninstall == nil { + return Uninstall{} + } + return *in.Uninstall +} + +// HelmChartTemplate defines the template from which the controller will +// generate a v1beta2.HelmChart object in the same namespace as the referenced +// v1.Source. +type HelmChartTemplate struct { + // ObjectMeta holds the template for metadata like labels and annotations. + // +optional + ObjectMeta *HelmChartTemplateObjectMeta `json:"metadata,omitempty"` + + // Spec holds the template for the v1beta2.HelmChartSpec for this HelmRelease. + // +required + Spec HelmChartTemplateSpec `json:"spec"` +} + +// HelmChartTemplateObjectMeta defines the template for the ObjectMeta of a +// v1beta2.HelmChart. +type HelmChartTemplateObjectMeta struct { + // Map of string keys and values that can be used to organize and categorize + // (scope and select) objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + // +optional + Labels map[string]string `json:"labels,omitempty"` + + // Annotations is an unstructured key value map stored with a resource that may be + // set by external tools to store and retrieve arbitrary metadata. They are not + // queryable and should be preserved when modifying objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + // +optional + Annotations map[string]string `json:"annotations,omitempty"` +} + +// HelmChartTemplateSpec defines the template from which the controller will +// generate a v1beta2.HelmChartSpec object. +type HelmChartTemplateSpec struct { + // The name or path the Helm chart is available at in the SourceRef. + // +required + Chart string `json:"chart"` + + // Version semver expression, ignored for charts from v1beta2.GitRepository and + // v1beta2.Bucket sources. Defaults to latest when omitted. + // +kubebuilder:default:=* + // +optional + Version string `json:"version,omitempty"` + + // The name and namespace of the v1.Source the chart is available at. + // +required + SourceRef CrossNamespaceObjectReference `json:"sourceRef"` + + // Interval at which to check the v1.Source for updates. Defaults to + // 'HelmReleaseSpec.Interval'. + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + // +optional + Interval *metav1.Duration `json:"interval,omitempty"` + + // Determines what enables the creation of a new artifact. Valid values are + // ('ChartVersion', 'Revision'). + // See the documentation of the values for an explanation on their behavior. + // Defaults to ChartVersion when omitted. + // +kubebuilder:validation:Enum=ChartVersion;Revision + // +kubebuilder:default:=ChartVersion + // +optional + ReconcileStrategy string `json:"reconcileStrategy,omitempty"` + + // Alternative list of values files to use as the chart values (values.yaml + // is not included by default), expected to be a relative path in the SourceRef. + // Values files are merged in the order of this list with the last file overriding + // the first. Ignored when omitted. + // +optional + ValuesFiles []string `json:"valuesFiles,omitempty"` + + // Alternative values file to use as the default chart values, expected to + // be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, + // for backwards compatibility the file defined here is merged before the + // ValuesFiles items. Ignored when omitted. + // +optional + // +deprecated + ValuesFile string `json:"valuesFile,omitempty"` + + // Verify contains the secret name containing the trusted public keys + // used to verify the signature and specifies which provider to use to check + // whether OCI image is authentic. + // This field is only supported for OCI sources. + // Chart dependencies, which are not bundled in the umbrella chart artifact, + // are not verified. + // +optional + Verify *HelmChartTemplateVerification `json:"verify,omitempty"` +} + +// GetInterval returns the configured interval for the v1beta2.HelmChart, +// or the given default. +func (in HelmChartTemplate) GetInterval(defaultInterval metav1.Duration) metav1.Duration { + if in.Spec.Interval == nil { + return defaultInterval + } + return *in.Spec.Interval +} + +// GetNamespace returns the namespace targeted namespace for the +// v1beta2.HelmChart, or the given default. +func (in HelmChartTemplate) GetNamespace(defaultNamespace string) string { + if in.Spec.SourceRef.Namespace == "" { + return defaultNamespace + } + return in.Spec.SourceRef.Namespace +} + +// HelmChartTemplateVerification verifies the authenticity of an OCI Helm chart. +type HelmChartTemplateVerification struct { + // Provider specifies the technology used to sign the OCI Helm chart. + // +kubebuilder:validation:Enum=cosign + // +kubebuilder:default:=cosign + Provider string `json:"provider"` + + // SecretRef specifies the Kubernetes Secret containing the + // trusted public keys. + // +optional + SecretRef *meta.LocalObjectReference `json:"secretRef,omitempty"` +} + +// DeploymentAction defines a consistent interface for Install and Upgrade. +// +kubebuilder:object:generate=false +type DeploymentAction interface { + GetDescription() string + GetRemediation() Remediation +} + +// Remediation defines a consistent interface for InstallRemediation and +// UpgradeRemediation. +// +kubebuilder:object:generate=false +type Remediation interface { + GetRetries() int + MustIgnoreTestFailures(bool) bool + MustRemediateLastFailure() bool + GetStrategy() RemediationStrategy + GetFailureCount(hr HelmRelease) int64 + IncrementFailureCount(hr *HelmRelease) + RetriesExhausted(hr HelmRelease) bool +} + +// Install holds the configuration for Helm install actions performed for this +// HelmRelease. +type Install struct { + // Timeout is the time to wait for any individual Kubernetes operation (like + // Jobs for hooks) during the performance of a Helm install action. Defaults to + // 'HelmReleaseSpec.Timeout'. + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + // +optional + Timeout *metav1.Duration `json:"timeout,omitempty"` + + // Remediation holds the remediation configuration for when the Helm install + // action for the HelmRelease fails. The default is to not perform any action. + // +optional + Remediation *InstallRemediation `json:"remediation,omitempty"` + + // DisableWait disables the waiting for resources to be ready after a Helm + // install has been performed. + // +optional + DisableWait bool `json:"disableWait,omitempty"` + + // DisableWaitForJobs disables waiting for jobs to complete after a Helm + // install has been performed. + // +optional + DisableWaitForJobs bool `json:"disableWaitForJobs,omitempty"` + + // DisableHooks prevents hooks from running during the Helm install action. + // +optional + DisableHooks bool `json:"disableHooks,omitempty"` + + // DisableOpenAPIValidation prevents the Helm install action from validating + // rendered templates against the Kubernetes OpenAPI Schema. + // +optional + DisableOpenAPIValidation bool `json:"disableOpenAPIValidation,omitempty"` + + // Replace tells the Helm install action to re-use the 'ReleaseName', but only + // if that name is a deleted release which remains in the history. + // +optional + Replace bool `json:"replace,omitempty"` + + // SkipCRDs tells the Helm install action to not install any CRDs. By default, + // CRDs are installed if not already present. + // + // Deprecated use CRD policy (`crds`) attribute with value `Skip` instead. + // + // +deprecated + // +optional + SkipCRDs bool `json:"skipCRDs,omitempty"` + + // CRDs upgrade CRDs from the Helm Chart's crds directory according + // to the CRD upgrade policy provided here. Valid values are `Skip`, + // `Create` or `CreateReplace`. Default is `Create` and if omitted + // CRDs are installed but not updated. + // + // Skip: do neither install nor replace (update) any CRDs. + // + // Create: new CRDs are created, existing CRDs are neither updated nor deleted. + // + // CreateReplace: new CRDs are created, existing CRDs are updated (replaced) + // but not deleted. + // + // By default, CRDs are applied (installed) during Helm install action. + // With this option users can opt in to CRD replace existing CRDs on Helm + // install actions, which is not (yet) natively supported by Helm. + // https://helm.sh/docs/chart_best_practices/custom_resource_definitions. + // + // +kubebuilder:validation:Enum=Skip;Create;CreateReplace + // +optional + CRDs CRDsPolicy `json:"crds,omitempty"` + + // CreateNamespace tells the Helm install action to create the + // HelmReleaseSpec.TargetNamespace if it does not exist yet. + // On uninstall, the namespace will not be garbage collected. + // +optional + CreateNamespace bool `json:"createNamespace,omitempty"` +} + +// GetTimeout returns the configured timeout for the Helm install action, +// or the given default. +func (in Install) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { + if in.Timeout == nil { + return defaultTimeout + } + return *in.Timeout +} + +// GetDescription returns a description for the Helm install action. +func (in Install) GetDescription() string { + return "install" +} + +// GetRemediation returns the configured Remediation for the Helm install action. +func (in Install) GetRemediation() Remediation { + if in.Remediation == nil { + return InstallRemediation{} + } + return *in.Remediation +} + +// InstallRemediation holds the configuration for Helm install remediation. +type InstallRemediation struct { + // Retries is the number of retries that should be attempted on failures before + // bailing. Remediation, using an uninstall, is performed between each attempt. + // Defaults to '0', a negative integer equals to unlimited retries. + // +optional + Retries int `json:"retries,omitempty"` + + // IgnoreTestFailures tells the controller to skip remediation when the Helm + // tests are run after an install action but fail. Defaults to + // 'Test.IgnoreFailures'. + // +optional + IgnoreTestFailures *bool `json:"ignoreTestFailures,omitempty"` + + // RemediateLastFailure tells the controller to remediate the last failure, when + // no retries remain. Defaults to 'false'. + // +optional + RemediateLastFailure *bool `json:"remediateLastFailure,omitempty"` +} + +// GetRetries returns the number of retries that should be attempted on +// failures. +func (in InstallRemediation) GetRetries() int { + return in.Retries +} + +// MustIgnoreTestFailures returns the configured IgnoreTestFailures or the given +// default. +func (in InstallRemediation) MustIgnoreTestFailures(def bool) bool { + if in.IgnoreTestFailures == nil { + return def + } + return *in.IgnoreTestFailures +} + +// MustRemediateLastFailure returns whether to remediate the last failure when +// no retries remain. +func (in InstallRemediation) MustRemediateLastFailure() bool { + if in.RemediateLastFailure == nil { + return false + } + return *in.RemediateLastFailure +} + +// GetStrategy returns the strategy to use for failure remediation. +func (in InstallRemediation) GetStrategy() RemediationStrategy { + return UninstallRemediationStrategy +} + +// GetFailureCount gets the failure count. +func (in InstallRemediation) GetFailureCount(hr HelmRelease) int64 { + return hr.Status.InstallFailures +} + +// IncrementFailureCount increments the failure count. +func (in InstallRemediation) IncrementFailureCount(hr *HelmRelease) { + hr.Status.InstallFailures++ +} + +// RetriesExhausted returns true if there are no remaining retries. +func (in InstallRemediation) RetriesExhausted(hr HelmRelease) bool { + return in.Retries >= 0 && in.GetFailureCount(hr) > int64(in.Retries) +} + +// CRDsPolicy defines the install/upgrade approach to use for CRDs when +// installing or upgrading a HelmRelease. +type CRDsPolicy string + +const ( + // Skip CRDs do neither install nor replace (update) any CRDs. + Skip CRDsPolicy = "Skip" + // Create CRDs which do not already exist, do not replace (update) already existing + // CRDs and keep (do not delete) CRDs which no longer exist in the current release. + Create CRDsPolicy = "Create" + // Create CRDs which do not already exist, Replace (update) already existing CRDs + // and keep (do not delete) CRDs which no longer exist in the current release. + CreateReplace CRDsPolicy = "CreateReplace" +) + +// Upgrade holds the configuration for Helm upgrade actions for this +// HelmRelease. +type Upgrade struct { + // Timeout is the time to wait for any individual Kubernetes operation (like + // Jobs for hooks) during the performance of a Helm upgrade action. Defaults to + // 'HelmReleaseSpec.Timeout'. + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + // +optional + Timeout *metav1.Duration `json:"timeout,omitempty"` + + // Remediation holds the remediation configuration for when the Helm upgrade + // action for the HelmRelease fails. The default is to not perform any action. + // +optional + Remediation *UpgradeRemediation `json:"remediation,omitempty"` + + // DisableWait disables the waiting for resources to be ready after a Helm + // upgrade has been performed. + // +optional + DisableWait bool `json:"disableWait,omitempty"` + + // DisableWaitForJobs disables waiting for jobs to complete after a Helm + // upgrade has been performed. + // +optional + DisableWaitForJobs bool `json:"disableWaitForJobs,omitempty"` + + // DisableHooks prevents hooks from running during the Helm upgrade action. + // +optional + DisableHooks bool `json:"disableHooks,omitempty"` + + // DisableOpenAPIValidation prevents the Helm upgrade action from validating + // rendered templates against the Kubernetes OpenAPI Schema. + // +optional + DisableOpenAPIValidation bool `json:"disableOpenAPIValidation,omitempty"` + + // Force forces resource updates through a replacement strategy. + // +optional + Force bool `json:"force,omitempty"` + + // PreserveValues will make Helm reuse the last release's values and merge in + // overrides from 'Values'. Setting this flag makes the HelmRelease + // non-declarative. + // +optional + PreserveValues bool `json:"preserveValues,omitempty"` + + // CleanupOnFail allows deletion of new resources created during the Helm + // upgrade action when it fails. + // +optional + CleanupOnFail bool `json:"cleanupOnFail,omitempty"` + + // CRDs upgrade CRDs from the Helm Chart's crds directory according + // to the CRD upgrade policy provided here. Valid values are `Skip`, + // `Create` or `CreateReplace`. Default is `Skip` and if omitted + // CRDs are neither installed nor upgraded. + // + // Skip: do neither install nor replace (update) any CRDs. + // + // Create: new CRDs are created, existing CRDs are neither updated nor deleted. + // + // CreateReplace: new CRDs are created, existing CRDs are updated (replaced) + // but not deleted. + // + // By default, CRDs are not applied during Helm upgrade action. With this + // option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. + // https://helm.sh/docs/chart_best_practices/custom_resource_definitions. + // + // +kubebuilder:validation:Enum=Skip;Create;CreateReplace + // +optional + CRDs CRDsPolicy `json:"crds,omitempty"` +} + +// GetTimeout returns the configured timeout for the Helm upgrade action, or the +// given default. +func (in Upgrade) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { + if in.Timeout == nil { + return defaultTimeout + } + return *in.Timeout +} + +// GetDescription returns a description for the Helm upgrade action. +func (in Upgrade) GetDescription() string { + return "upgrade" +} + +// GetRemediation returns the configured Remediation for the Helm upgrade +// action. +func (in Upgrade) GetRemediation() Remediation { + if in.Remediation == nil { + return UpgradeRemediation{} + } + return *in.Remediation +} + +// UpgradeRemediation holds the configuration for Helm upgrade remediation. +type UpgradeRemediation struct { + // Retries is the number of retries that should be attempted on failures before + // bailing. Remediation, using 'Strategy', is performed between each attempt. + // Defaults to '0', a negative integer equals to unlimited retries. + // +optional + Retries int `json:"retries,omitempty"` + + // IgnoreTestFailures tells the controller to skip remediation when the Helm + // tests are run after an upgrade action but fail. + // Defaults to 'Test.IgnoreFailures'. + // +optional + IgnoreTestFailures *bool `json:"ignoreTestFailures,omitempty"` + + // RemediateLastFailure tells the controller to remediate the last failure, when + // no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. + // +optional + RemediateLastFailure *bool `json:"remediateLastFailure,omitempty"` + + // Strategy to use for failure remediation. Defaults to 'rollback'. + // +kubebuilder:validation:Enum=rollback;uninstall + // +optional + Strategy *RemediationStrategy `json:"strategy,omitempty"` +} + +// GetRetries returns the number of retries that should be attempted on +// failures. +func (in UpgradeRemediation) GetRetries() int { + return in.Retries +} + +// MustIgnoreTestFailures returns the configured IgnoreTestFailures or the given +// default. +func (in UpgradeRemediation) MustIgnoreTestFailures(def bool) bool { + if in.IgnoreTestFailures == nil { + return def + } + return *in.IgnoreTestFailures +} + +// MustRemediateLastFailure returns whether to remediate the last failure when +// no retries remain. +func (in UpgradeRemediation) MustRemediateLastFailure() bool { + if in.RemediateLastFailure == nil { + return in.Retries > 0 + } + return *in.RemediateLastFailure +} + +// GetStrategy returns the strategy to use for failure remediation. +func (in UpgradeRemediation) GetStrategy() RemediationStrategy { + if in.Strategy == nil { + return RollbackRemediationStrategy + } + return *in.Strategy +} + +// GetFailureCount gets the failure count. +func (in UpgradeRemediation) GetFailureCount(hr HelmRelease) int64 { + return hr.Status.UpgradeFailures +} + +// IncrementFailureCount increments the failure count. +func (in UpgradeRemediation) IncrementFailureCount(hr *HelmRelease) { + hr.Status.UpgradeFailures++ +} + +// RetriesExhausted returns true if there are no remaining retries. +func (in UpgradeRemediation) RetriesExhausted(hr HelmRelease) bool { + return in.Retries >= 0 && in.GetFailureCount(hr) > int64(in.Retries) +} + +// RemediationStrategy returns the strategy to use to remediate a failed install +// or upgrade. +type RemediationStrategy string + +const ( + // RollbackRemediationStrategy represents a Helm remediation strategy of Helm + // rollback. + RollbackRemediationStrategy RemediationStrategy = "rollback" + + // UninstallRemediationStrategy represents a Helm remediation strategy of Helm + // uninstall. + UninstallRemediationStrategy RemediationStrategy = "uninstall" +) + +// Test holds the configuration for Helm test actions for this HelmRelease. +type Test struct { + // Enable enables Helm test actions for this HelmRelease after an Helm install + // or upgrade action has been performed. + // +optional + Enable bool `json:"enable,omitempty"` + + // Timeout is the time to wait for any individual Kubernetes operation during + // the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + // +optional + Timeout *metav1.Duration `json:"timeout,omitempty"` + + // IgnoreFailures tells the controller to skip remediation when the Helm tests + // are run but fail. Can be overwritten for tests run after install or upgrade + // actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. + // +optional + IgnoreFailures bool `json:"ignoreFailures,omitempty"` +} + +// GetTimeout returns the configured timeout for the Helm test action, +// or the given default. +func (in Test) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { + if in.Timeout == nil { + return defaultTimeout + } + return *in.Timeout +} + +// Rollback holds the configuration for Helm rollback actions for this +// HelmRelease. +type Rollback struct { + // Timeout is the time to wait for any individual Kubernetes operation (like + // Jobs for hooks) during the performance of a Helm rollback action. Defaults to + // 'HelmReleaseSpec.Timeout'. + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + // +optional + Timeout *metav1.Duration `json:"timeout,omitempty"` + + // DisableWait disables the waiting for resources to be ready after a Helm + // rollback has been performed. + // +optional + DisableWait bool `json:"disableWait,omitempty"` + + // DisableWaitForJobs disables waiting for jobs to complete after a Helm + // rollback has been performed. + // +optional + DisableWaitForJobs bool `json:"disableWaitForJobs,omitempty"` + + // DisableHooks prevents hooks from running during the Helm rollback action. + // +optional + DisableHooks bool `json:"disableHooks,omitempty"` + + // Recreate performs pod restarts for the resource if applicable. + // +optional + Recreate bool `json:"recreate,omitempty"` + + // Force forces resource updates through a replacement strategy. + // +optional + Force bool `json:"force,omitempty"` + + // CleanupOnFail allows deletion of new resources created during the Helm + // rollback action when it fails. + // +optional + CleanupOnFail bool `json:"cleanupOnFail,omitempty"` +} + +// GetTimeout returns the configured timeout for the Helm rollback action, or +// the given default. +func (in Rollback) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { + if in.Timeout == nil { + return defaultTimeout + } + return *in.Timeout +} + +// Uninstall holds the configuration for Helm uninstall actions for this +// HelmRelease. +type Uninstall struct { + // Timeout is the time to wait for any individual Kubernetes operation (like + // Jobs for hooks) during the performance of a Helm uninstall action. Defaults + // to 'HelmReleaseSpec.Timeout'. + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" + // +optional + Timeout *metav1.Duration `json:"timeout,omitempty"` + + // DisableHooks prevents hooks from running during the Helm rollback action. + // +optional + DisableHooks bool `json:"disableHooks,omitempty"` + + // KeepHistory tells Helm to remove all associated resources and mark the + // release as deleted, but retain the release history. + // +optional + KeepHistory bool `json:"keepHistory,omitempty"` + + // DisableWait disables waiting for all the resources to be deleted after + // a Helm uninstall is performed. + // +optional + DisableWait bool `json:"disableWait,omitempty"` +} + +// GetTimeout returns the configured timeout for the Helm uninstall action, or +// the given default. +func (in Uninstall) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { + if in.Timeout == nil { + return defaultTimeout + } + return *in.Timeout +} + +// HelmReleaseInfo holds the status information for a Helm release as performed +// by the controller. +type HelmReleaseInfo struct { + // Digest is the checksum of the release object in storage. + // It has the format of `:`. + // +required + Digest string `json:"digest"` + // Name is the name of the release. + // +required + Name string `json:"name"` + // Namespace is the namespace the release is deployed to. + // +required + Namespace string `json:"namespace"` + // Version is the version of the release object in storage. + // +required + Version int `json:"version"` + // Status is the current state of the release. + // +required + Status string `json:"status"` + // ChartName is the chart name of the release object in storage. + // +required + ChartName string `json:"chartName"` + // ChartVersion is the chart version of the release object in + // storage. + // +required + ChartVersion string `json:"chartVersion"` + // ConfigDigest is the checksum of the config (better known as + // "values") of the release object in storage. + // It has the format of `:`. + // +required + ConfigDigest string `json:"configDigest"` + // FirstDeployed is when the release was first deployed. + // +required + FirstDeployed metav1.Time `json:"firstDeployed"` + // LastDeployed is when the release was last deployed. + // +required + LastDeployed metav1.Time `json:"lastDeployed"` + // Deleted is when the release was deleted. + // +optional + Deleted metav1.Time `json:"deleted,omitempty"` + // TestHooks is the list of test hooks for the release as observed to be + // run by the controller. + // +optional + TestHooks map[string]*HelmReleaseTestHook `json:"testHooks,omitempty"` +} + +// HelmReleaseTestHook holds the status information for a test hook as observed +// to be run by the controller. +type HelmReleaseTestHook struct { + // LastStarted is the time the test hook was last started. + // +optional + LastStarted metav1.Time `json:"lastStarted,omitempty"` + // LastCompleted is the time the test hook last completed. + // +optional + LastCompleted metav1.Time `json:"lastCompleted,omitempty"` + // Phase the test hook was observed to be in. + // +optional + Phase string `json:"phase,omitempty"` +} + +// HelmReleaseStatus defines the observed state of a HelmRelease. +type HelmReleaseStatus struct { + // ObservedGeneration is the last observed generation. + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + + // Conditions holds the conditions for the HelmRelease. + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // HelmChart is the namespaced name of the HelmChart resource created by + // the controller for the HelmRelease. + // +optional + HelmChart string `json:"helmChart,omitempty"` + + // Current holds the latest observed HelmReleaseInfo for the current + // release. + // +optional + Current *HelmReleaseInfo `json:"current,omitempty"` + + // Previous holds the latest observed HelmReleaseInfo for the previous + // release. + // +optional + Previous *HelmReleaseInfo `json:"previous,omitempty"` + + // Failures is the reconciliation failure count against the latest desired + // state. It is reset after a successful reconciliation. + // +optional + Failures int64 `json:"failures,omitempty"` + + // InstallFailures is the install failure count against the latest desired + // state. It is reset after a successful reconciliation. + // +optional + InstallFailures int64 `json:"installFailures,omitempty"` + + // UpgradeFailures is the upgrade failure count against the latest desired + // state. It is reset after a successful reconciliation. + // +optional + UpgradeFailures int64 `json:"upgradeFailures,omitempty"` + + // LastAttemptedRevision is the Source revision of the last reconciliation + // attempt. + // +optional + LastAttemptedRevision string `json:"lastAttemptedRevision,omitempty"` + + // LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last + // reconciliation attempt. + // +optional + LastAttemptedValuesChecksum string `json:"lastAttemptedValuesChecksum,omitempty"` + + meta.ReconcileRequestStatus `json:",inline"` +} + +// GetHelmChart returns the namespace and name of the HelmChart. +func (in HelmReleaseStatus) GetHelmChart() (string, string) { + if in.HelmChart == "" { + return "", "" + } + if split := strings.Split(in.HelmChart, string(types.Separator)); len(split) > 1 { + return split[0], split[1] + } + return "", "" +} + +const ( + // SourceIndexKey is the key used for indexing HelmReleases based on + // their sources. + SourceIndexKey string = ".metadata.source" +) + +// +genclient +// +genclient:Namespaced +// +kubebuilder:object:root=true +// +kubebuilder:resource:shortName=hr +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" +// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" +// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].message",description="" + +// HelmRelease is the Schema for the helmreleases API +type HelmRelease struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec HelmReleaseSpec `json:"spec,omitempty"` + // +kubebuilder:default:={"observedGeneration":-1} + Status HelmReleaseStatus `json:"status,omitempty"` +} + +// GetRequeueAfter returns the duration after which the HelmRelease +// must be reconciled again. +func (in HelmRelease) GetRequeueAfter() time.Duration { + return in.Spec.Interval.Duration +} + +// GetValues unmarshals the raw values to a map[string]interface{} and returns +// the result. +func (in HelmRelease) GetValues() map[string]interface{} { + var values map[string]interface{} + if in.Spec.Values != nil { + _ = json.Unmarshal(in.Spec.Values.Raw, &values) + } + return values +} + +// GetReleaseName returns the configured release name, or a composition of +// '[TargetNamespace-]Name'. +func (in HelmRelease) GetReleaseName() string { + if in.Spec.ReleaseName != "" { + return in.Spec.ReleaseName + } + if in.Spec.TargetNamespace != "" { + return strings.Join([]string{in.Spec.TargetNamespace, in.Name}, "-") + } + return in.Name +} + +// GetReleaseNamespace returns the configured TargetNamespace, or the namespace +// of the HelmRelease. +func (in HelmRelease) GetReleaseNamespace() string { + if in.Spec.TargetNamespace != "" { + return in.Spec.TargetNamespace + } + return in.Namespace +} + +// GetStorageNamespace returns the configured StorageNamespace for helm, or the namespace +// of the HelmRelease. +func (in HelmRelease) GetStorageNamespace() string { + if in.Spec.StorageNamespace != "" { + return in.Spec.StorageNamespace + } + return in.Namespace +} + +// GetHelmChartName returns the name used by the controller for the HelmChart creation. +func (in HelmRelease) GetHelmChartName() string { + return strings.Join([]string{in.Namespace, in.Name}, "-") +} + +// GetTimeout returns the configured Timeout, or the default of 300s. +func (in HelmRelease) GetTimeout() metav1.Duration { + if in.Spec.Timeout == nil { + return metav1.Duration{Duration: 300 * time.Second} + } + return *in.Spec.Timeout +} + +// GetMaxHistory returns the configured MaxHistory, or the default of 10. +func (in HelmRelease) GetMaxHistory() int { + if in.Spec.MaxHistory == nil { + return 10 + } + return *in.Spec.MaxHistory +} + +// GetDependsOn returns the list of dependencies across-namespaces. +func (in HelmRelease) GetDependsOn() []meta.NamespacedObjectReference { + return in.Spec.DependsOn +} + +// GetConditions returns the status conditions of the object. +func (in HelmRelease) GetConditions() []metav1.Condition { + return in.Status.Conditions +} + +// SetConditions sets the status conditions on the object. +func (in *HelmRelease) SetConditions(conditions []metav1.Condition) { + in.Status.Conditions = conditions +} + +// GetStatusConditions returns a pointer to the Status.Conditions slice. +// Deprecated: use GetConditions instead. +func (in *HelmRelease) GetStatusConditions() *[]metav1.Condition { + return &in.Status.Conditions +} + +// +kubebuilder:object:root=true + +// HelmReleaseList contains a list of HelmRelease objects. +type HelmReleaseList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []HelmRelease `json:"items"` +} + +func init() { + SchemeBuilder.Register(&HelmRelease{}, &HelmReleaseList{}) +} diff --git a/api/v2beta2/reference_types.go b/api/v2beta2/reference_types.go new file mode 100644 index 000000000..4c899fe5d --- /dev/null +++ b/api/v2beta2/reference_types.go @@ -0,0 +1,88 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v2beta2 + +// CrossNamespaceObjectReference contains enough information to let you locate +// the typed referenced object at cluster level. +type CrossNamespaceObjectReference struct { + // APIVersion of the referent. + // +optional + APIVersion string `json:"apiVersion,omitempty"` + + // Kind of the referent. + // +kubebuilder:validation:Enum=HelmRepository;GitRepository;Bucket + // +required + Kind string `json:"kind,omitempty"` + + // Name of the referent. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +required + Name string `json:"name"` + + // Namespace of the referent. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Optional + // +optional + Namespace string `json:"namespace,omitempty"` +} + +// ValuesReference contains a reference to a resource containing Helm values, +// and optionally the key they can be found at. +type ValuesReference struct { + // Kind of the values referent, valid values are ('Secret', 'ConfigMap'). + // +kubebuilder:validation:Enum=Secret;ConfigMap + // +required + Kind string `json:"kind"` + + // Name of the values referent. Should reside in the same namespace as the + // referring resource. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +required + Name string `json:"name"` + + // ValuesKey is the data key where the values.yaml or a specific value can be + // found at. Defaults to 'values.yaml'. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^[\-._a-zA-Z0-9]+$` + // +optional + ValuesKey string `json:"valuesKey,omitempty"` + + // TargetPath is the YAML dot notation path the value should be merged at. When + // set, the ValuesKey is expected to be a single flat value. Defaults to 'None', + // which results in the values getting merged at the root. + // +kubebuilder:validation:MaxLength=250 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$` + // +optional + TargetPath string `json:"targetPath,omitempty"` + + // Optional marks this ValuesReference as optional. When set, a not found error + // for the values reference is ignored, but any ValuesKey, TargetPath or + // transient error will still result in a reconciliation failure. + // +optional + Optional bool `json:"optional,omitempty"` +} + +// GetValuesKey returns the defined ValuesKey, or the default ('values.yaml'). +func (in ValuesReference) GetValuesKey() string { + if in.ValuesKey == "" { + return "values.yaml" + } + return in.ValuesKey +} diff --git a/api/v2beta2/zz_generated.deepcopy.go b/api/v2beta2/zz_generated.deepcopy.go new file mode 100644 index 000000000..5b2716936 --- /dev/null +++ b/api/v2beta2/zz_generated.deepcopy.go @@ -0,0 +1,613 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v2beta2 + +import ( + "github.com/fluxcd/pkg/apis/kustomize" + "github.com/fluxcd/pkg/apis/meta" + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CrossNamespaceObjectReference) DeepCopyInto(out *CrossNamespaceObjectReference) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossNamespaceObjectReference. +func (in *CrossNamespaceObjectReference) DeepCopy() *CrossNamespaceObjectReference { + if in == nil { + return nil + } + out := new(CrossNamespaceObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartTemplate) DeepCopyInto(out *HelmChartTemplate) { + *out = *in + if in.ObjectMeta != nil { + in, out := &in.ObjectMeta, &out.ObjectMeta + *out = new(HelmChartTemplateObjectMeta) + (*in).DeepCopyInto(*out) + } + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartTemplate. +func (in *HelmChartTemplate) DeepCopy() *HelmChartTemplate { + if in == nil { + return nil + } + out := new(HelmChartTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartTemplateObjectMeta) DeepCopyInto(out *HelmChartTemplateObjectMeta) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartTemplateObjectMeta. +func (in *HelmChartTemplateObjectMeta) DeepCopy() *HelmChartTemplateObjectMeta { + if in == nil { + return nil + } + out := new(HelmChartTemplateObjectMeta) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartTemplateSpec) DeepCopyInto(out *HelmChartTemplateSpec) { + *out = *in + out.SourceRef = in.SourceRef + if in.Interval != nil { + in, out := &in.Interval, &out.Interval + *out = new(metav1.Duration) + **out = **in + } + if in.ValuesFiles != nil { + in, out := &in.ValuesFiles, &out.ValuesFiles + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Verify != nil { + in, out := &in.Verify, &out.Verify + *out = new(HelmChartTemplateVerification) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartTemplateSpec. +func (in *HelmChartTemplateSpec) DeepCopy() *HelmChartTemplateSpec { + if in == nil { + return nil + } + out := new(HelmChartTemplateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartTemplateVerification) DeepCopyInto(out *HelmChartTemplateVerification) { + *out = *in + if in.SecretRef != nil { + in, out := &in.SecretRef, &out.SecretRef + *out = new(meta.LocalObjectReference) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartTemplateVerification. +func (in *HelmChartTemplateVerification) DeepCopy() *HelmChartTemplateVerification { + if in == nil { + return nil + } + out := new(HelmChartTemplateVerification) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmRelease) DeepCopyInto(out *HelmRelease) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmRelease. +func (in *HelmRelease) DeepCopy() *HelmRelease { + if in == nil { + return nil + } + out := new(HelmRelease) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HelmRelease) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmReleaseInfo) DeepCopyInto(out *HelmReleaseInfo) { + *out = *in + in.FirstDeployed.DeepCopyInto(&out.FirstDeployed) + in.LastDeployed.DeepCopyInto(&out.LastDeployed) + in.Deleted.DeepCopyInto(&out.Deleted) + if in.TestHooks != nil { + in, out := &in.TestHooks, &out.TestHooks + *out = make(map[string]*HelmReleaseTestHook, len(*in)) + for key, val := range *in { + var outVal *HelmReleaseTestHook + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = new(HelmReleaseTestHook) + (*in).DeepCopyInto(*out) + } + (*out)[key] = outVal + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmReleaseInfo. +func (in *HelmReleaseInfo) DeepCopy() *HelmReleaseInfo { + if in == nil { + return nil + } + out := new(HelmReleaseInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmReleaseList) DeepCopyInto(out *HelmReleaseList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]HelmRelease, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmReleaseList. +func (in *HelmReleaseList) DeepCopy() *HelmReleaseList { + if in == nil { + return nil + } + out := new(HelmReleaseList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HelmReleaseList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmReleaseSpec) DeepCopyInto(out *HelmReleaseSpec) { + *out = *in + in.Chart.DeepCopyInto(&out.Chart) + out.Interval = in.Interval + if in.KubeConfig != nil { + in, out := &in.KubeConfig, &out.KubeConfig + *out = new(meta.KubeConfigReference) + **out = **in + } + if in.DependsOn != nil { + in, out := &in.DependsOn, &out.DependsOn + *out = make([]meta.NamespacedObjectReference, len(*in)) + copy(*out, *in) + } + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(metav1.Duration) + **out = **in + } + if in.MaxHistory != nil { + in, out := &in.MaxHistory, &out.MaxHistory + *out = new(int) + **out = **in + } + if in.PersistentClient != nil { + in, out := &in.PersistentClient, &out.PersistentClient + *out = new(bool) + **out = **in + } + if in.Install != nil { + in, out := &in.Install, &out.Install + *out = new(Install) + (*in).DeepCopyInto(*out) + } + if in.Upgrade != nil { + in, out := &in.Upgrade, &out.Upgrade + *out = new(Upgrade) + (*in).DeepCopyInto(*out) + } + if in.Test != nil { + in, out := &in.Test, &out.Test + *out = new(Test) + (*in).DeepCopyInto(*out) + } + if in.Rollback != nil { + in, out := &in.Rollback, &out.Rollback + *out = new(Rollback) + (*in).DeepCopyInto(*out) + } + if in.Uninstall != nil { + in, out := &in.Uninstall, &out.Uninstall + *out = new(Uninstall) + (*in).DeepCopyInto(*out) + } + if in.ValuesFrom != nil { + in, out := &in.ValuesFrom, &out.ValuesFrom + *out = make([]ValuesReference, len(*in)) + copy(*out, *in) + } + if in.Values != nil { + in, out := &in.Values, &out.Values + *out = new(v1.JSON) + (*in).DeepCopyInto(*out) + } + if in.PostRenderers != nil { + in, out := &in.PostRenderers, &out.PostRenderers + *out = make([]PostRenderer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmReleaseSpec. +func (in *HelmReleaseSpec) DeepCopy() *HelmReleaseSpec { + if in == nil { + return nil + } + out := new(HelmReleaseSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmReleaseStatus) DeepCopyInto(out *HelmReleaseStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Current != nil { + in, out := &in.Current, &out.Current + *out = new(HelmReleaseInfo) + (*in).DeepCopyInto(*out) + } + if in.Previous != nil { + in, out := &in.Previous, &out.Previous + *out = new(HelmReleaseInfo) + (*in).DeepCopyInto(*out) + } + out.ReconcileRequestStatus = in.ReconcileRequestStatus +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmReleaseStatus. +func (in *HelmReleaseStatus) DeepCopy() *HelmReleaseStatus { + if in == nil { + return nil + } + out := new(HelmReleaseStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmReleaseTestHook) DeepCopyInto(out *HelmReleaseTestHook) { + *out = *in + in.LastStarted.DeepCopyInto(&out.LastStarted) + in.LastCompleted.DeepCopyInto(&out.LastCompleted) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmReleaseTestHook. +func (in *HelmReleaseTestHook) DeepCopy() *HelmReleaseTestHook { + if in == nil { + return nil + } + out := new(HelmReleaseTestHook) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Install) DeepCopyInto(out *Install) { + *out = *in + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(metav1.Duration) + **out = **in + } + if in.Remediation != nil { + in, out := &in.Remediation, &out.Remediation + *out = new(InstallRemediation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Install. +func (in *Install) DeepCopy() *Install { + if in == nil { + return nil + } + out := new(Install) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstallRemediation) DeepCopyInto(out *InstallRemediation) { + *out = *in + if in.IgnoreTestFailures != nil { + in, out := &in.IgnoreTestFailures, &out.IgnoreTestFailures + *out = new(bool) + **out = **in + } + if in.RemediateLastFailure != nil { + in, out := &in.RemediateLastFailure, &out.RemediateLastFailure + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstallRemediation. +func (in *InstallRemediation) DeepCopy() *InstallRemediation { + if in == nil { + return nil + } + out := new(InstallRemediation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Kustomize) DeepCopyInto(out *Kustomize) { + *out = *in + if in.Patches != nil { + in, out := &in.Patches, &out.Patches + *out = make([]kustomize.Patch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PatchesStrategicMerge != nil { + in, out := &in.PatchesStrategicMerge, &out.PatchesStrategicMerge + *out = make([]v1.JSON, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.PatchesJSON6902 != nil { + in, out := &in.PatchesJSON6902, &out.PatchesJSON6902 + *out = make([]kustomize.JSON6902Patch, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Images != nil { + in, out := &in.Images, &out.Images + *out = make([]kustomize.Image, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Kustomize. +func (in *Kustomize) DeepCopy() *Kustomize { + if in == nil { + return nil + } + out := new(Kustomize) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PostRenderer) DeepCopyInto(out *PostRenderer) { + *out = *in + if in.Kustomize != nil { + in, out := &in.Kustomize, &out.Kustomize + *out = new(Kustomize) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostRenderer. +func (in *PostRenderer) DeepCopy() *PostRenderer { + if in == nil { + return nil + } + out := new(PostRenderer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Rollback) DeepCopyInto(out *Rollback) { + *out = *in + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(metav1.Duration) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rollback. +func (in *Rollback) DeepCopy() *Rollback { + if in == nil { + return nil + } + out := new(Rollback) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Test) DeepCopyInto(out *Test) { + *out = *in + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(metav1.Duration) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Test. +func (in *Test) DeepCopy() *Test { + if in == nil { + return nil + } + out := new(Test) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Uninstall) DeepCopyInto(out *Uninstall) { + *out = *in + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(metav1.Duration) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Uninstall. +func (in *Uninstall) DeepCopy() *Uninstall { + if in == nil { + return nil + } + out := new(Uninstall) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Upgrade) DeepCopyInto(out *Upgrade) { + *out = *in + if in.Timeout != nil { + in, out := &in.Timeout, &out.Timeout + *out = new(metav1.Duration) + **out = **in + } + if in.Remediation != nil { + in, out := &in.Remediation, &out.Remediation + *out = new(UpgradeRemediation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Upgrade. +func (in *Upgrade) DeepCopy() *Upgrade { + if in == nil { + return nil + } + out := new(Upgrade) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpgradeRemediation) DeepCopyInto(out *UpgradeRemediation) { + *out = *in + if in.IgnoreTestFailures != nil { + in, out := &in.IgnoreTestFailures, &out.IgnoreTestFailures + *out = new(bool) + **out = **in + } + if in.RemediateLastFailure != nil { + in, out := &in.RemediateLastFailure, &out.RemediateLastFailure + *out = new(bool) + **out = **in + } + if in.Strategy != nil { + in, out := &in.Strategy, &out.Strategy + *out = new(RemediationStrategy) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpgradeRemediation. +func (in *UpgradeRemediation) DeepCopy() *UpgradeRemediation { + if in == nil { + return nil + } + out := new(UpgradeRemediation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ValuesReference) DeepCopyInto(out *ValuesReference) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValuesReference. +func (in *ValuesReference) DeepCopy() *ValuesReference { + if in == nil { + return nil + } + out := new(ValuesReference) + in.DeepCopyInto(out) + return out +} diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index d60c61267..274ffd06a 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -922,3 +922,1048 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + name: v2beta2 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: Chart defines the template of the v1beta2.HelmChart that + should be created for this HelmRelease. + properties: + metadata: + description: ObjectMeta holds the template for metadata like labels + and annotations. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' + type: object + type: object + spec: + description: Spec holds the template for the v1beta2.HelmChartSpec + for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available + at in the SourceRef. + type: string + interval: + description: Interval at which to check the v1.Source for + updates. Defaults to 'HelmReleaseSpec.Interval'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + reconcileStrategy: + default: ChartVersion + description: Determines what enables the creation of a new + artifact. Valid values are ('ChartVersion', 'Revision'). + See the documentation of the values for an explanation on + their behavior. Defaults to ChartVersion when omitted. + enum: + - ChartVersion + - Revision + type: string + sourceRef: + description: The name and namespace of the v1.Source the chart + is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - name + type: object + valuesFile: + description: Alternative values file to use as the default + chart values, expected to be a relative path in the SourceRef. + Deprecated in favor of ValuesFiles, for backwards compatibility + the file defined here is merged before the ValuesFiles items. + Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the + chart values (values.yaml is not included by default), expected + to be a relative path in the SourceRef. Values files are + merged in the order of this list with the last file overriding + the first. Ignored when omitted. + items: + type: string + type: array + verify: + description: Verify contains the secret name containing the + trusted public keys used to verify the signature and specifies + which provider to use to check whether OCI image is authentic. + This field is only supported for OCI sources. Chart dependencies, + which are not bundled in the umbrella chart artifact, are + not verified. + properties: + provider: + default: cosign + description: Provider specifies the technology used to + sign the OCI Helm chart. + enum: + - cosign + type: string + secretRef: + description: SecretRef specifies the Kubernetes Secret + containing the trusted public keys. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + required: + - provider + type: object + version: + default: '*' + description: Version semver expression, ignored for charts + from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults + to latest when omitted. + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + dependsOn: + description: DependsOn may contain a meta.NamespacedObjectReference + slice with references to HelmRelease resources that must be ready + before this HelmRelease can be reconciled. + items: + description: NamespacedObjectReference contains enough information + to locate the referenced Kubernetes resource object in any namespace. + properties: + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent, when not specified it + acts as LocalObjectReference. + type: string + required: + - name + type: object + type: array + install: + description: Install holds the configuration for Helm install actions + for this HelmRelease. + properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Create` + and if omitted CRDs are installed but not updated. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are applied (installed) during Helm install action. With this + option users can opt in to CRD replace existing CRDs on Helm + install actions, which is not (yet) natively supported by Helm. + https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + createNamespace: + description: CreateNamespace tells the Helm install action to + create the HelmReleaseSpec.TargetNamespace if it does not exist + yet. On uninstall, the namespace will not be garbage collected. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm install action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm install + action from validating rendered templates against the Kubernetes + OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm install has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm install has been performed. + type: boolean + remediation: + description: Remediation holds the remediation configuration for + when the Helm install action for the HelmRelease fails. The + default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an install + action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false'. + type: boolean + retries: + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + an uninstall, is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. + type: integer + type: object + replace: + description: Replace tells the Helm install action to re-use the + 'ReleaseName', but only if that name is a deleted release which + remains in the history. + type: boolean + skipCRDs: + description: "SkipCRDs tells the Helm install action to not install + any CRDs. By default, CRDs are installed if not already present. + \n Deprecated use CRD policy (`crds`) attribute with value `Skip` + instead." + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + kubeConfig: + description: KubeConfig for reconciling the HelmRelease on a remote + cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, + forces the controller to act on behalf of that Service Account at + the target cluster. If the --default-service-account flag is set, + its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName + is empty. + properties: + secretRef: + description: SecretRef holds the name of a secret that contains + a key with the kubeconfig file as the value. If no key is set, + the key will default to 'value'. It is recommended that the + kubeconfig is self-contained, and the secret is regularly updated + if credentials such as a cloud-access-token expire. Cloud specific + `cmd-path` auth helpers will not function without adding binaries + and credentials to the Pod that is responsible for reconciling + Kubernetes resources. + properties: + key: + description: Key in the Secret, when not specified an implementation-specific + default key is used. + type: string + name: + description: Name of the Secret. + type: string + required: + - name + type: object + required: + - secretRef + type: object + maxHistory: + description: MaxHistory is the number of revisions saved by Helm for + this HelmRelease. Use '0' for an unlimited number of revisions; + defaults to '10'. + type: integer + persistentClient: + description: "PersistentClient tells the controller to use a persistent + Kubernetes client for this release. When enabled, the client will + be reused for the duration of the reconciliation, instead of being + created and destroyed for each (step of a) Helm action. \n This + can improve performance, but may cause issues with some Helm charts + that for example do create Custom Resource Definitions during installation + outside Helm's CRD lifecycle hooks, which are then not observed + to be available by e.g. post-install hooks. \n If not set, it defaults + to true." + type: boolean + postRenderers: + description: PostRenderers holds an array of Helm PostRenderers, which + will be applied in order of their definition. + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: Images is a list of (image name, new name, + new tag or digest) for changing image names, tags or digests. + This can also be achieved with a patch, but this operator + is simpler to specify. + items: + description: Image contains an image name, a new name, + a new tag or digest, which will replace the original + name and tag. + properties: + digest: + description: Digest is the value used to replace the + original image tag. If digest is present NewTag + value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace + the original name. + type: string + newTag: + description: NewTag is the value used to replace the + original tag. + type: string + required: + - name + type: object + type: array + patches: + description: Strategic merge and JSON patches, defined as + inline YAML objects, capable of targeting objects based + on kind, label and annotation selectors. + items: + description: Patch contains an inline StrategicMerge or + JSON6902 patch, and the target the patch should be applied + to. + properties: + patch: + description: Patch contains an inline StrategicMerge + patch or an inline JSON6902 patch with an array + of operation objects. + type: string + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and + the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document + with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. + https://datatracker.ietf.org/doc/html/rfc6902#section-4 + properties: + from: + description: From contains a JSON-pointer value + that references a location within the target + document where the operation is performed. + The meaning of the value depends on the value + of Op, and is NOT taken into account by all + operations. + type: string + op: + description: Op indicates the operation to perform. + Its value MUST be one of "add", "remove", + "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + description: Path contains the JSON-pointer + value that references a location within the + target document where the operation is performed. + The meaning of the value depends on the value + of Op. + type: string + value: + description: Value contains a valid JSON structure. + The meaning of the value depends on the value + of Op, and is NOT taken into account by all + operations. + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the + patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that + follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: Group is the API group to select + resources from. Together with Version and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources + from. Together with Group and Version it is + capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows + the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select + resources from. Together with Group and Kind + it is capable of unambiguously identifying and/or + selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline + YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + type: array + releaseName: + description: ReleaseName used for the Helm release. Defaults to a + composition of '[TargetNamespace-]Name'. + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions + for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created + during the Helm rollback action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm rollback has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm rollback has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + recreate: + description: Recreate performs pod restarts for the resource if + applicable. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + serviceAccountName: + description: The name of the Kubernetes service account to impersonate + when reconciling this HelmRelease. + type: string + storageNamespace: + description: StorageNamespace used for the Helm storage. Defaults + to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + suspend: + description: Suspend tells the controller to suspend reconciliation + for this HelmRelease, it does not apply to already started reconciliations. + Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace to target when performing operations + for the HelmRelease. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for + this HelmRelease. + properties: + enable: + description: Enable enables Helm test actions for this HelmRelease + after an Helm install or upgrade action has been performed. + type: boolean + ignoreFailures: + description: IgnoreFailures tells the controller to skip remediation + when the Helm tests are run but fail. Can be overwritten for + tests run after install or upgrade actions in 'Install.IgnoreTestFailures' + and 'Upgrade.IgnoreTestFailures'. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation during the performance of a Helm test action. Defaults + to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a Helm + action. Defaults to '5m0s'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall + actions for this HelmRelease. + properties: + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables waiting for all the resources + to be deleted after a Helm uninstall is performed. + type: boolean + keepHistory: + description: KeepHistory tells Helm to remove all associated resources + and mark the release as deleted, but retain the release history. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions + for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created + during the Helm upgrade action when it fails. + type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory + according to the CRD upgrade policy provided here. Valid values + are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and + if omitted CRDs are neither installed nor upgraded. \n Skip: + do neither install nor replace (update) any CRDs. \n Create: + new CRDs are created, existing CRDs are neither updated nor + deleted. \n CreateReplace: new CRDs are created, existing CRDs + are updated (replaced) but not deleted. \n By default, CRDs + are not applied during Helm upgrade action. With this option + users can opt-in to CRD upgrade, which is not (yet) natively + supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the + Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm upgrade + action from validating rendered templates against the Kubernetes + OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to + be ready after a Helm upgrade has been performed. + type: boolean + disableWaitForJobs: + description: DisableWaitForJobs disables waiting for jobs to complete + after a Helm upgrade has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement + strategy. + type: boolean + preserveValues: + description: PreserveValues will make Helm reuse the last release's + values and merge in overrides from 'Values'. Setting this flag + makes the HelmRelease non-declarative. + type: boolean + remediation: + description: Remediation holds the remediation configuration for + when the Helm upgrade action for the HelmRelease fails. The + default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip + remediation when the Helm tests are run after an upgrade + action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to + remediate the last failure, when no retries remain. Defaults + to 'false' unless 'Retries' is greater than 0. + type: boolean + retries: + description: Retries is the number of retries that should + be attempted on failures before bailing. Remediation, using + 'Strategy', is performed between each attempt. Defaults + to '0', a negative integer equals to unlimited retries. + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults + to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during the performance of a + Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. + pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: ValuesFrom holds references to resources containing Helm + values for this HelmRelease, and information about how they should + be merged. + items: + description: ValuesReference contains a reference to a resource + containing Helm values, and optionally the key they can be found + at. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', + 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the + same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + description: Optional marks this ValuesReference as optional. + When set, a not found error for the values reference is ignored, + but any ValuesKey, TargetPath or transient error will still + result in a reconciliation failure. + type: boolean + targetPath: + description: TargetPath is the YAML dot notation path the value + should be merged at. When set, the ValuesKey is expected to + be a single flat value. Defaults to 'None', which results + in the values getting merged at the root. + maxLength: 250 + pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml + or a specific value can be found at. Defaults to 'values.yaml'. + maxLength: 253 + pattern: ^[\-._a-zA-Z0-9]+$ + type: string + required: + - kind + - name + type: object + type: array + required: + - chart + - interval + type: object + status: + default: + observedGeneration: -1 + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + current: + description: Current holds the latest observed HelmReleaseInfo for + the current release. + properties: + chartName: + description: ChartName is the chart name of the release object + in storage. + type: string + chartVersion: + description: ChartVersion is the chart version of the release + object in storage. + type: string + configDigest: + description: ConfigDigest is the checksum of the config (better + known as "values") of the release object in storage. It has + the format of `:`. + type: string + deleted: + description: Deleted is when the release was deleted. + format: date-time + type: string + digest: + description: Digest is the checksum of the release object in storage. + It has the format of `:`. + type: string + firstDeployed: + description: FirstDeployed is when the release was first deployed. + format: date-time + type: string + lastDeployed: + description: LastDeployed is when the release was last deployed. + format: date-time + type: string + name: + description: Name is the name of the release. + type: string + namespace: + description: Namespace is the namespace the release is deployed + to. + type: string + status: + description: Status is the current state of the release. + type: string + testHooks: + additionalProperties: + description: HelmReleaseTestHook holds the status information + for a test hook as observed to be run by the controller. + properties: + lastCompleted: + description: LastCompleted is the time the test hook last + completed. + format: date-time + type: string + lastStarted: + description: LastStarted is the time the test hook was last + started. + format: date-time + type: string + phase: + description: Phase the test hook was observed to be in. + type: string + type: object + description: TestHooks is the list of test hooks for the release + as observed to be run by the controller. + type: object + version: + description: Version is the version of the release object in storage. + type: integer + required: + - chartName + - chartVersion + - configDigest + - digest + - firstDeployed + - lastDeployed + - name + - namespace + - status + - version + type: object + failures: + description: Failures is the reconciliation failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource + created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAttemptedRevision: + description: LastAttemptedRevision is the Source revision of the last + reconciliation attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the + values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent + reconcile request value, so a change of the annotation value can + be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + previous: + description: Previous holds the latest observed HelmReleaseInfo for + the previous release. + properties: + chartName: + description: ChartName is the chart name of the release object + in storage. + type: string + chartVersion: + description: ChartVersion is the chart version of the release + object in storage. + type: string + configDigest: + description: ConfigDigest is the checksum of the config (better + known as "values") of the release object in storage. It has + the format of `:`. + type: string + deleted: + description: Deleted is when the release was deleted. + format: date-time + type: string + digest: + description: Digest is the checksum of the release object in storage. + It has the format of `:`. + type: string + firstDeployed: + description: FirstDeployed is when the release was first deployed. + format: date-time + type: string + lastDeployed: + description: LastDeployed is when the release was last deployed. + format: date-time + type: string + name: + description: Name is the name of the release. + type: string + namespace: + description: Namespace is the namespace the release is deployed + to. + type: string + status: + description: Status is the current state of the release. + type: string + testHooks: + additionalProperties: + description: HelmReleaseTestHook holds the status information + for a test hook as observed to be run by the controller. + properties: + lastCompleted: + description: LastCompleted is the time the test hook last + completed. + format: date-time + type: string + lastStarted: + description: LastStarted is the time the test hook was last + started. + format: date-time + type: string + phase: + description: Phase the test hook was observed to be in. + type: string + type: object + description: TestHooks is the list of test hooks for the release + as observed to be run by the controller. + type: object + version: + description: Version is the version of the release object in storage. + type: integer + required: + - chartName + - chartVersion + - configDigest + - digest + - firstDeployed + - lastDeployed + - name + - namespace + - status + - version + type: object + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against + the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt index 439ccd868..44d2aa16e 100644 --- a/hack/boilerplate.go.txt +++ b/hack/boilerplate.go.txt @@ -1,5 +1,5 @@ /* -Copyright 2021 The Flux authors +Copyright 2022 The Flux authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. From 89a6f497e55b1f488acf3d1e8f473be4374a3886 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 1 Jul 2022 17:16:26 +0200 Subject: [PATCH 07/76] Run individual Helm actions using HelmRelease This commit introduces an `action` package which allows the consumer to run Helm actions using the instructions from a `HelmRelease` v2beta2 API object. The actions do not determine if there is a desire be run, nor do they record state on the object. This can however be injected by the caller using the simplified observing Helm storage driver, which now iterates over a list of callback functions after persisting an object instead of keeping state. This separation of concerns would allow e.g. the Flux CLI later on to run actions (but with a dry-run flag or different storage configuration) using the object in the same manner as the controller. Some minor changes have been made to the `postrender` and `runner` package to allow the code to co-exist while we are inbetween API versions. Signed-off-by: Hidde Beydals --- go.mod | 6 +- go.sum | 5 +- internal/action/config.go | 162 ++++++++ internal/action/config_test.go | 280 +++++++++++++ internal/action/crds.go | 265 ++++++++++++ internal/action/install.go | 93 +++++ internal/action/log.go | 95 +++++ internal/action/log_test.go | 102 +++++ internal/action/rollback.go | 54 +++ internal/action/test.go | 48 +++ internal/action/uninstall.go | 50 +++ internal/action/upgrade.go | 90 +++++ internal/postrender/build.go | 47 +++ internal/postrender/combined.go | 8 +- internal/postrender/kustomize.go | 31 +- internal/postrender/kustomize_test.go | 7 +- internal/runner/runner.go | 7 +- internal/storage/driver.go | 68 ---- internal/storage/observer.go | 328 ++------------- internal/storage/observer_test.go | 489 ++++------------------- internal/storage/testdata/istio-base-1 | 1 - internal/storage/testdata/podinfo-helm-1 | 1 - internal/storage/testdata/prom-stack-1 | 1 - 23 files changed, 1448 insertions(+), 790 deletions(-) create mode 100644 internal/action/config.go create mode 100644 internal/action/config_test.go create mode 100644 internal/action/crds.go create mode 100644 internal/action/install.go create mode 100644 internal/action/log.go create mode 100644 internal/action/log_test.go create mode 100644 internal/action/rollback.go create mode 100644 internal/action/test.go create mode 100644 internal/action/uninstall.go create mode 100644 internal/action/upgrade.go create mode 100644 internal/postrender/build.go delete mode 100644 internal/storage/driver.go delete mode 100644 internal/storage/testdata/istio-base-1 delete mode 100644 internal/storage/testdata/podinfo-helm-1 delete mode 100644 internal/storage/testdata/prom-stack-1 diff --git a/go.mod b/go.mod index e1c52b5f6..8048fc95e 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,6 @@ require ( github.com/go-logr/logr v1.2.4 github.com/google/go-cmp v0.5.9 github.com/hashicorp/go-retryablehttp v0.7.4 - github.com/mitchellh/copystructure v1.2.0 github.com/onsi/gomega v1.27.10 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/go-digest/blake3 v0.0.0-20230815154656-802ce17c4f59 @@ -39,6 +38,7 @@ require ( k8s.io/apimachinery v0.27.4 k8s.io/cli-runtime v0.27.4 k8s.io/client-go v0.27.4 + k8s.io/kubectl v0.27.4 k8s.io/utils v0.0.0-20230505201702-9f6742963106 sigs.k8s.io/cli-utils v0.35.0 sigs.k8s.io/controller-runtime v0.15.1 @@ -115,6 +115,7 @@ require ( github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect @@ -128,6 +129,7 @@ require ( github.com/opencontainers/image-spec v1.1.0-rc5 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/client_golang v1.16.0 // indirect github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/common v0.42.0 // indirect @@ -138,6 +140,7 @@ require ( github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/cobra v1.7.0 // indirect + github.com/stretchr/testify v1.8.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect @@ -166,7 +169,6 @@ require ( k8s.io/component-base v0.27.4 // indirect k8s.io/klog/v2 v2.100.1 // indirect k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/kubectl v0.27.3 // indirect oras.land/oras-go v1.2.4 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect diff --git a/go.sum b/go.sum index 9d9db1431..adb5afea0 100644 --- a/go.sum +++ b/go.sum @@ -607,6 +607,7 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= @@ -1114,8 +1115,8 @@ k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/kubectl v0.27.3 h1:HyC4o+8rCYheGDWrkcOQHGwDmyLKR5bxXFgpvF82BOw= -k8s.io/kubectl v0.27.3/go.mod h1:g9OQNCC2zxT+LT3FS09ZYqnDhlvsKAfFq76oyarBcq4= +k8s.io/kubectl v0.27.4 h1:RV1TQLIbtL34+vIM+W7HaS3KfAbqvy9lWn6pWB9els4= +k8s.io/kubectl v0.27.4/go.mod h1:qtc1s3BouB9KixJkriZMQqTsXMc+OAni6FeKAhq7q14= k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY= diff --git a/internal/action/config.go b/internal/action/config.go new file mode 100644 index 000000000..50680098e --- /dev/null +++ b/internal/action/config.go @@ -0,0 +1,162 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "fmt" + + "github.com/go-logr/logr" + helmaction "helm.sh/helm/v3/pkg/action" + helmkube "helm.sh/helm/v3/pkg/kube" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + "k8s.io/cli-runtime/pkg/genericclioptions" + + "github.com/fluxcd/pkg/runtime/logger" + + "github.com/fluxcd/helm-controller/internal/storage" +) + +const ( + // DefaultStorageDriver is the default Helm storage driver. + DefaultStorageDriver = helmdriver.SecretsDriverName +) + +// ConfigFactory is a factory for the Helm action configuration of a (series +// of) Helm action(s). It allows for sharing Kubernetes client(s) and the +// Helm storage driver between actions. +// +// To get a Helm action.Configuration for an action, use the Build method on an +// initialized factory. +type ConfigFactory struct { + // Getter is the RESTClientGetter used to get the RESTClient for the + // Kubernetes API. + Getter genericclioptions.RESTClientGetter + // KubeClient is the (Helm) Kubernetes client, it is Helm-specific and + // contains a factory used for lazy-loading. + KubeClient *helmkube.Client + // Driver to use for the Helm action. + Driver helmdriver.Driver +} + +// ConfigFactoryOption is a function that configures a ConfigFactory. +type ConfigFactoryOption func(*ConfigFactory) error + +// NewConfigFactory returns a new ConfigFactory configured with the provided +// options. +func NewConfigFactory(getter genericclioptions.RESTClientGetter, opts ...ConfigFactoryOption) (*ConfigFactory, error) { + kubeClient := helmkube.New(getter) + factory := &ConfigFactory{ + Getter: getter, + KubeClient: kubeClient, + } + for _, opt := range opts { + if err := opt(factory); err != nil { + return nil, err + } + } + if err := factory.Valid(); err != nil { + return nil, err + } + return factory, nil +} + +// WithStorage configures the ConfigFactory.Driver by constructing a new Helm +// driver.Driver using the provided driver name and namespace. +// It supports driver.ConfigMapsDriverName, driver.SecretsDriverName and +// driver.MemoryDriverName. +// It returns an error when the driver name is not supported, or the client +// configuration for the storage fails. +func WithStorage(driver, namespace string) ConfigFactoryOption { + if driver == "" { + driver = DefaultStorageDriver + } + + return func(f *ConfigFactory) error { + switch driver { + case helmdriver.SecretsDriverName, helmdriver.ConfigMapsDriverName, "": + clientSet, err := f.KubeClient.Factory.KubernetesClientSet() + if err != nil { + return fmt.Errorf("could not get client set for '%s' storage driver: %w", driver, err) + } + if driver == helmdriver.ConfigMapsDriverName { + f.Driver = helmdriver.NewConfigMaps(clientSet.CoreV1().ConfigMaps(namespace)) + } + if driver == helmdriver.SecretsDriverName { + f.Driver = helmdriver.NewSecrets(clientSet.CoreV1().Secrets(namespace)) + } + case helmdriver.MemoryDriverName: + driver := helmdriver.NewMemory() + driver.SetNamespace(namespace) + f.Driver = driver + default: + return fmt.Errorf("unsupported Helm storage driver '%s'", driver) + } + return nil + } +} + +// WithDriver sets the ConfigFactory.Driver. +func WithDriver(driver helmdriver.Driver) ConfigFactoryOption { + return func(f *ConfigFactory) error { + f.Driver = driver + return nil + } +} + +// WithDebugLog sets the debug log on the ConfigFactory.KubeClient. +// If no ConfigFactory.KubeClient is configured, it returns an error. +func WithDebugLog(log logr.Logger) ConfigFactoryOption { + return func(f *ConfigFactory) error { + if f.KubeClient == nil { + return fmt.Errorf("failed to set debug log: no Kubernetes client configured") + } + f.KubeClient.Log = NewDebugLog(log.V(logger.DebugLevel)) + return nil + } +} + +// Build returns a new Helm action.Configuration configured with the receiver +// values, and the provided logger and observer(s). +func (c *ConfigFactory) Build(log helmaction.DebugLog, observers ...storage.ObserveFunc) *helmaction.Configuration { + driver := func() helmdriver.Driver { + if len(observers) > 0 { + return storage.NewObserver(c.Driver, observers...) + } + return c.Driver + } + return &helmaction.Configuration{ + RESTClientGetter: c.Getter, + Releases: helmstorage.Init(driver()), + KubeClient: c.KubeClient, + Log: log, + } +} + +// Valid returns an error if the ConfigFactory is missing configuration +// required to run a Helm action. +func (c *ConfigFactory) Valid() error { + switch { + case c == nil: + return fmt.Errorf("ConfigFactory is nil") + case c.Driver == nil: + return fmt.Errorf("no Helm storage driver configured") + case c.KubeClient == nil, c.Getter == nil: + return fmt.Errorf("no Kubernetes client and/or getter configured") + } + return nil +} diff --git a/internal/action/config_test.go b/internal/action/config_test.go new file mode 100644 index 000000000..5c8eb5652 --- /dev/null +++ b/internal/action/config_test.go @@ -0,0 +1,280 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "errors" + "testing" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + helmkube "helm.sh/helm/v3/pkg/kube" + helmrelease "helm.sh/helm/v3/pkg/release" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + "k8s.io/cli-runtime/pkg/genericclioptions" + cmdtest "k8s.io/kubectl/pkg/cmd/testing" + + "github.com/fluxcd/helm-controller/internal/kube" + "github.com/fluxcd/helm-controller/internal/storage" +) + +func TestNewConfigFactory(t *testing.T) { + tests := []struct { + name string + getter genericclioptions.RESTClientGetter + opts []ConfigFactoryOption + wantErr error + }{ + { + name: "constructs config factory", + getter: &kube.MemoryRESTClientGetter{}, + opts: []ConfigFactoryOption{ + WithStorage(helmdriver.MemoryDriverName, ""), + }, + wantErr: nil, + }, + { + name: "invalid config", + getter: &kube.MemoryRESTClientGetter{}, + wantErr: errors.New("no Helm storage driver configured"), + }, + { + name: "multiple options", + getter: &kube.MemoryRESTClientGetter{}, + opts: []ConfigFactoryOption{ + WithDriver(helmdriver.NewMemory()), + WithDebugLog(logr.Discard()), + }, + wantErr: nil, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + factory, err := NewConfigFactory(tt.getter, tt.opts...) + if tt.wantErr != nil { + g.Expect(err).To(HaveOccurred()) + g.Expect(factory).To(BeNil()) + return + } + + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(factory).ToNot(BeNil()) + }) + } +} + +func TestWithStorage(t *testing.T) { + tests := []struct { + name string + factory ConfigFactory + driverName string + namespace string + wantErr error + wantDriver string + }{ + { + name: "default_" + DefaultStorageDriver, + factory: ConfigFactory{ + KubeClient: helmkube.New(cmdtest.NewTestFactory()), + }, + wantDriver: helmdriver.SecretsDriverName, + }, + { + name: helmdriver.SecretsDriverName, + driverName: helmdriver.SecretsDriverName, + factory: ConfigFactory{ + KubeClient: helmkube.New(cmdtest.NewTestFactory()), + }, + wantDriver: helmdriver.SecretsDriverName, + }, + { + name: helmdriver.ConfigMapsDriverName, + driverName: helmdriver.ConfigMapsDriverName, + factory: ConfigFactory{ + KubeClient: helmkube.New(cmdtest.NewTestFactory()), + }, + wantDriver: helmdriver.ConfigMapsDriverName, + }, + { + name: helmdriver.MemoryDriverName, + driverName: helmdriver.MemoryDriverName, + factory: ConfigFactory{}, + wantDriver: helmdriver.MemoryDriverName, + }, + { + name: "invalid driver", + driverName: "invalid", + factory: ConfigFactory{}, + wantErr: errors.New("unsupported Helm storage driver 'invalid'"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + factory := tt.factory + err := WithStorage(tt.driverName, tt.namespace)(&factory) + if tt.wantErr != nil { + g.Expect(err).To(HaveOccurred()) + g.Expect(factory.Driver).To(BeNil()) + return + } + + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(factory.Driver).ToNot(BeNil()) + g.Expect(factory.Driver.Name()).To(Equal(tt.wantDriver)) + }) + } +} + +func TestWithDriver(t *testing.T) { + g := NewWithT(t) + + factory := &ConfigFactory{} + driver := helmdriver.NewMemory() + g.Expect(WithDriver(driver)(factory)).NotTo(HaveOccurred()) + g.Expect(factory.Driver).To(Equal(driver)) +} + +func TestDebugLog(t *testing.T) { + t.Run("sets log on client", func(t *testing.T) { + g := NewWithT(t) + + factory := &ConfigFactory{ + KubeClient: helmkube.New(&kube.MemoryRESTClientGetter{}), + } + log := logr.Discard() + + g.Expect(WithDebugLog(log)(factory)).NotTo(HaveOccurred()) + g.Expect(factory.KubeClient.Log).To(Not(BeNil())) + }) + + t.Run("error without client", func(t *testing.T) { + g := NewWithT(t) + + err := WithDebugLog(logr.Discard())(&ConfigFactory{}) + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(Equal(errors.New("failed to set debug log: no Kubernetes client configured"))) + }) +} + +func TestConfigFactory_Build(t *testing.T) { + t.Run("build", func(t *testing.T) { + g := NewWithT(t) + + getter := &kube.MemoryRESTClientGetter{} + factory := &ConfigFactory{ + Getter: getter, + KubeClient: helmkube.New(getter), + } + + cfg := factory.Build(nil) + g.Expect(cfg).ToNot(BeNil()) + g.Expect(cfg.KubeClient).To(Equal(factory.KubeClient)) + g.Expect(cfg.RESTClientGetter).To(Equal(factory.Getter)) + }) + + t.Run("with log", func(t *testing.T) { + g := NewWithT(t) + + var called bool + log := func(fmt string, v ...interface{}) { + called = true + } + cfg := (&ConfigFactory{}).Build(log) + + g.Expect(cfg).ToNot(BeNil()) + cfg.Log("") + g.Expect(called).To(BeTrue()) + }) + + t.Run("with observe func", func(t *testing.T) { + g := NewWithT(t) + + factory := &ConfigFactory{ + Driver: helmdriver.NewMemory(), + } + + obsFunc := func(rel *helmrelease.Release) {} + cfg := factory.Build(nil, obsFunc) + + g.Expect(cfg).To(Not(BeNil())) + g.Expect(cfg.Releases).ToNot(BeNil()) + g.Expect(cfg.Releases.Driver).To(BeAssignableToTypeOf(&storage.Observer{})) + }) +} + +func TestConfigFactory_Valid(t *testing.T) { + tests := []struct { + name string + factory *ConfigFactory + wantErr error + }{ + { + name: "valid", + factory: &ConfigFactory{ + Driver: helmdriver.NewMemory(), + Getter: &kube.MemoryRESTClientGetter{}, + KubeClient: helmkube.New(&kube.MemoryRESTClientGetter{}), + }, + wantErr: nil, + }, + { + name: "no Kubernetes client", + factory: &ConfigFactory{ + Driver: helmdriver.NewMemory(), + Getter: &kube.MemoryRESTClientGetter{}, + }, + wantErr: errors.New("no Kubernetes client and/or getter configured"), + }, + { + name: "no Kubernetes getter", + factory: &ConfigFactory{ + Driver: helmdriver.NewMemory(), + KubeClient: helmkube.New(&kube.MemoryRESTClientGetter{}), + }, + wantErr: errors.New("no Kubernetes client and/or getter configured"), + }, + { + name: "no driver", + factory: &ConfigFactory{ + KubeClient: helmkube.New(&kube.MemoryRESTClientGetter{}), + Getter: &kube.MemoryRESTClientGetter{}, + }, + wantErr: errors.New("no Helm storage driver configured"), + }, + { + name: "nil factory", + factory: nil, + wantErr: errors.New("ConfigFactory is nil"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + err := tt.factory.Valid() + if tt.wantErr == nil { + g.Expect(err).To(BeNil()) + return + } + g.Expect(tt.factory.Valid()).To(Equal(tt.wantErr)) + }) + } +} diff --git a/internal/action/crds.go b/internal/action/crds.go new file mode 100644 index 000000000..a266a0e49 --- /dev/null +++ b/internal/action/crds.go @@ -0,0 +1,265 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "bytes" + "context" + "fmt" + "time" + + helmaction "helm.sh/helm/v3/pkg/action" + helmchart "helm.sh/helm/v3/pkg/chart" + helmkube "helm.sh/helm/v3/pkg/kube" + apiextension "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" + apierrors "k8s.io/apimachinery/pkg/api/errors" + apimeta "k8s.io/apimachinery/pkg/api/meta" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apiruntime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/cli-runtime/pkg/resource" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +const ( + // DefaultCRDPolicy is the default CRD policy. + DefaultCRDPolicy = v2.Create +) + +var accessor = apimeta.NewAccessor() + +// crdPolicy returns the CRD policy for the given CRD. +func crdPolicyOrDefault(policy v2.CRDsPolicy) (v2.CRDsPolicy, error) { + switch policy { + case "": + policy = DefaultCRDPolicy + case v2.Skip, v2.Create, v2.CreateReplace: + break + default: + return policy, fmt.Errorf("invalid CRD upgrade policy '%s', valid values are '%s', '%s' or '%s'", + policy, v2.Skip, v2.Create, v2.CreateReplace, + ) + } + return policy, nil +} + +type rootScoped struct{} + +func (*rootScoped) Name() apimeta.RESTScopeName { + return apimeta.RESTScopeNameRoot +} + +func applyCRDs(cfg *helmaction.Configuration, policy v2.CRDsPolicy, chrt *helmchart.Chart, visitorFunc ...resource.VisitorFunc) error { + if policy == v2.Skip { + cfg.Log("skipping CustomResourceDefinition apply: policy is set to %s", policy) + return nil + } + + if len(chrt.CRDObjects()) == 0 { + cfg.Log("skipping CustomResourceDefinition apply: no CRD objects found in chart") + return nil + } + + // Collect all CRDs from all files in `crds` directory. + allCRDs := make(helmkube.ResourceList, 0) + for _, obj := range chrt.CRDObjects() { + // Read in the resources + res, err := cfg.KubeClient.Build(bytes.NewBuffer(obj.File.Data), false) + if err != nil { + err = fmt.Errorf("failed to parse CustomResourceDefinitions from %s: %w", obj.Name, err) + cfg.Log(err.Error()) + return err + } + allCRDs = append(allCRDs, res...) + } + + // Visit CRDs with any provided visitor functions. + for _, visitor := range visitorFunc { + if err := allCRDs.Visit(visitor); err != nil { + return err + } + } + + cfg.Log("applying CustomResourceDefinition(s) with policy %s", policy) + var totalItems []*resource.Info + switch policy { + case v2.Create: + for i := range allCRDs { + if rr, err := cfg.KubeClient.Create(allCRDs[i : i+1]); err != nil { + crdName := allCRDs[i].Name + // If the CustomResourceDefinition already exists, we skip it. + if apierrors.IsAlreadyExists(err) { + cfg.Log("CustomResourceDefinition %s is already present. Skipping.", crdName) + if rr != nil && rr.Created != nil { + totalItems = append(totalItems, rr.Created...) + } + continue + } + err = fmt.Errorf("failed to create CustomResourceDefinition %s: %w", crdName, err) + cfg.Log(err.Error()) + return err + } else { + if rr != nil && rr.Created != nil { + totalItems = append(totalItems, rr.Created...) + } + } + } + case v2.CreateReplace: + config, err := cfg.RESTClientGetter.ToRESTConfig() + if err != nil { + err = fmt.Errorf("could not create Kubernetes client REST config: %w", err) + cfg.Log(err.Error()) + return err + } + clientSet, err := apiextension.NewForConfig(config) + if err != nil { + err = fmt.Errorf("could not create Kubernetes client set for API extensions: %w", err) + cfg.Log(err.Error()) + return err + } + client := clientSet.ApiextensionsV1().CustomResourceDefinitions() + + // Note, we build the originals from the current set of Custom Resource + // Definitions, and therefore this upgrade will never delete CRDs that + // existed in the former release but no longer exist in the current + // release. + original := make(helmkube.ResourceList, 0) + for _, r := range allCRDs { + if o, err := client.Get(context.TODO(), r.Name, metav1.GetOptions{}); err == nil && o != nil { + o.GetResourceVersion() + original = append(original, &resource.Info{ + Client: clientSet.ApiextensionsV1().RESTClient(), + Mapping: &apimeta.RESTMapping{ + Resource: schema.GroupVersionResource{ + Group: "apiextensions.k8s.io", + Version: r.Mapping.GroupVersionKind.Version, + Resource: "customresourcedefinition", + }, + GroupVersionKind: schema.GroupVersionKind{ + Kind: "CustomResourceDefinition", + Group: "apiextensions.k8s.io", + Version: r.Mapping.GroupVersionKind.Version, + }, + Scope: &rootScoped{}, + }, + Namespace: o.ObjectMeta.Namespace, + Name: o.ObjectMeta.Name, + Object: o, + ResourceVersion: o.ObjectMeta.ResourceVersion, + }) + } else if !apierrors.IsNotFound(err) { + err = fmt.Errorf("failed to get CustomResourceDefinition %s: %w", r.Name, err) + cfg.Log(err.Error()) + return err + } + } + + // Send them to Kubernetes... + if rr, err := cfg.KubeClient.Update(original, allCRDs, true); err != nil { + err = fmt.Errorf("failed to update CustomResourceDefinition(s): %w", err) + return err + } else { + if rr != nil { + if rr.Created != nil { + totalItems = append(totalItems, rr.Created...) + } + if rr.Updated != nil { + totalItems = append(totalItems, rr.Updated...) + } + if rr.Deleted != nil { + totalItems = append(totalItems, rr.Deleted...) + } + } + } + default: + err := fmt.Errorf("unexpected policy %s", policy) + cfg.Log(err.Error()) + return err + } + + if len(totalItems) > 0 { + // Give time for the CRD to be recognized. + if err := cfg.KubeClient.Wait(totalItems, 60*time.Second); err != nil { + err = fmt.Errorf("failed to wait for CustomResourceDefinition(s): %w", err) + cfg.Log(err.Error()) + return err + } + cfg.Log("successfully applied %d CustomResourceDefinition(s)", len(totalItems)) + + // Clear the RESTMapper cache, since it will not have the new CRDs. + // Helm does further invalidation of the client at a later stage + // when it gathers the server capabilities. + if m, err := cfg.RESTClientGetter.ToRESTMapper(); err == nil { + if rm, ok := m.(apimeta.ResettableRESTMapper); ok { + cfg.Log("clearing REST mapper cache") + rm.Reset() + } + } + } + + return nil +} + +func setOriginVisitor(group, namespace, name string) resource.VisitorFunc { + return func(info *resource.Info, err error) error { + if err != nil { + return err + } + if err = mergeLabels(info.Object, originLabels(group, namespace, name)); err != nil { + return fmt.Errorf( + "%s origin labels could not be updated: %s", + resourceString(info), err, + ) + } + return nil + } +} + +func originLabels(group, namespace, name string) map[string]string { + return map[string]string{ + fmt.Sprintf("%s/name", group): name, + fmt.Sprintf("%s/namespace", group): namespace, + } +} + +func mergeLabels(obj apiruntime.Object, labels map[string]string) error { + current, err := accessor.Labels(obj) + if err != nil { + return err + } + return accessor.SetLabels(obj, mergeStrStrMaps(current, labels)) +} + +func resourceString(info *resource.Info) string { + _, k := info.Mapping.GroupVersionKind.ToAPIVersionAndKind() + return fmt.Sprintf( + "%s %q in namespace %q", + k, info.Name, info.Namespace, + ) +} + +func mergeStrStrMaps(current, desired map[string]string) map[string]string { + result := make(map[string]string) + for k, v := range current { + result[k] = v + } + for k, desiredVal := range desired { + result[k] = desiredVal + } + return result +} diff --git a/internal/action/install.go b/internal/action/install.go new file mode 100644 index 000000000..355689a27 --- /dev/null +++ b/internal/action/install.go @@ -0,0 +1,93 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "context" + "fmt" + + helmaction "helm.sh/helm/v3/pkg/action" + helmchart "helm.sh/helm/v3/pkg/chart" + helmchartutil "helm.sh/helm/v3/pkg/chartutil" + helmrelease "helm.sh/helm/v3/pkg/release" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/features" + "github.com/fluxcd/helm-controller/internal/postrender" +) + +// Install runs the Helm install action with the provided config, using the +// v2beta2.HelmReleaseSpec of the given object to determine the target release +// and rollback configuration. +// +// It performs the installation according to the spec, which includes installing +// the CRDs according to the defined policy. +// +// It does not determine if there is a desire to perform the action, this is +// expected to be done by the caller. In addition, it does not take note of the +// action result. The caller is expected to listen to this using a +// storage.ObserveFunc, which provides superior access to Helm storage writes. +func Install(ctx context.Context, config *helmaction.Configuration, obj *v2.HelmRelease, + chrt *helmchart.Chart, vals helmchartutil.Values) (*helmrelease.Release, error) { + + install, err := newInstall(config, obj) + if err != nil { + return nil, err + } + + policy, err := crdPolicyOrDefault(obj.Spec.GetInstall().CRDs) + if err != nil { + return nil, err + } + if err := applyCRDs(config, policy, chrt, setOriginVisitor(v2.GroupVersion.Group, obj.Namespace, obj.Name)); err != nil { + return nil, fmt.Errorf("failed to apply CustomResourceDefinitions: %w", err) + } + + return install.RunWithContext(ctx, chrt, vals.AsMap()) +} + +func newInstall(config *helmaction.Configuration, obj *v2.HelmRelease) (*helmaction.Install, error) { + install := helmaction.NewInstall(config) + + install.ReleaseName = obj.GetReleaseName() + install.Namespace = obj.GetReleaseNamespace() + install.Timeout = obj.Spec.GetInstall().GetTimeout(obj.GetTimeout()).Duration + install.Wait = !obj.Spec.GetInstall().DisableWait + install.WaitForJobs = !obj.Spec.GetInstall().DisableWaitForJobs + install.DisableHooks = obj.Spec.GetInstall().DisableHooks + install.DisableOpenAPIValidation = obj.Spec.GetInstall().DisableOpenAPIValidation + install.Replace = obj.Spec.GetInstall().Replace + install.Devel = true + install.SkipCRDs = true + + if obj.Spec.TargetNamespace != "" { + install.CreateNamespace = obj.Spec.GetInstall().CreateNamespace + } + + // If the user opted-in to allow DNS lookups, enable it. + if allowDNS, _ := features.Enabled(features.AllowDNSLookups); allowDNS { + install.EnableDNS = allowDNS + } + + renderer, err := postrender.BuildPostRenderers(obj) + if err != nil { + return nil, err + } + install.PostRenderer = renderer + + return install, nil +} diff --git a/internal/action/log.go b/internal/action/log.go new file mode 100644 index 000000000..2a2b35bf8 --- /dev/null +++ b/internal/action/log.go @@ -0,0 +1,95 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "container/ring" + "fmt" + "strings" + "sync" + + "github.com/go-logr/logr" + helmaction "helm.sh/helm/v3/pkg/action" +) + +// DefaultLogBufferSize is the default size of the LogBuffer. +const DefaultLogBufferSize = 5 + +// NewDebugLog returns an action.DebugLog that logs to the given logr.Logger. +func NewDebugLog(log logr.Logger) helmaction.DebugLog { + return func(format string, v ...interface{}) { + log.Info(fmt.Sprintf(format, v...)) + } +} + +// LogBuffer is a ring buffer that logs to a Helm action.DebugLog. +type LogBuffer struct { + mu sync.RWMutex + log helmaction.DebugLog + buffer *ring.Ring +} + +// NewLogBuffer creates a new LogBuffer with the given log function +// and a buffer of the given size. If size <= 0, it defaults to +// DefaultLogBufferSize. +func NewLogBuffer(log helmaction.DebugLog, size int) *LogBuffer { + if size <= 0 { + size = DefaultLogBufferSize + } + return &LogBuffer{ + log: log, + buffer: ring.New(size), + } +} + +// Log adds the log message to the ring buffer before calling the actual log +// function. It is safe to call this function from multiple goroutines. +func (l *LogBuffer) Log(format string, v ...interface{}) { + l.mu.Lock() + + // Filter out duplicate log lines, this happens for example when + // Helm is waiting on workloads to become ready. + msg := fmt.Sprintf(format, v...) + if prev := l.buffer.Prev(); prev.Value != msg { + l.buffer.Value = msg + l.buffer = l.buffer.Next() + } + + l.mu.Unlock() + l.log(format, v...) +} + +// Reset clears the buffer. +func (l *LogBuffer) Reset() { + l.mu.Lock() + l.buffer = ring.New(l.buffer.Len()) + l.mu.Unlock() +} + +// String returns the contents of the buffer as a string. +func (l *LogBuffer) String() string { + var str string + l.mu.RLock() + l.buffer.Do(func(s interface{}) { + if s == nil { + return + } + str += s.(string) + "\n" + }) + l.mu.RUnlock() + return strings.TrimSpace(str) +} diff --git a/internal/action/log_test.go b/internal/action/log_test.go new file mode 100644 index 000000000..c4c29cae6 --- /dev/null +++ b/internal/action/log_test.go @@ -0,0 +1,102 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "testing" + + "github.com/go-logr/logr" +) + +func TestLogBuffer_Log(t *testing.T) { + tests := []struct { + name string + size int + fill []string + wantCount int + want string + }{ + {name: "log", size: 2, fill: []string{"a", "b", "c"}, wantCount: 3, want: "b\nc"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + var count int + l := NewLogBuffer(func(format string, v ...interface{}) { + count++ + }, tt.size) + for _, v := range tt.fill { + l.Log("%s", v) + } + if count != tt.wantCount { + t.Errorf("Inner Log() called %v times, want %v", count, tt.wantCount) + } + if got := l.String(); got != tt.want { + t.Errorf("String() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestLogBuffer_Reset(t *testing.T) { + bufferSize := 10 + l := NewLogBuffer(NewDebugLog(logr.Discard()), bufferSize) + + if got := l.buffer.Len(); got != bufferSize { + t.Errorf("Len() = %v, want %v", got, bufferSize) + } + + for _, v := range []string{"a", "b", "c"} { + l.Log("%s", v) + } + + if got := l.String(); got == "" { + t.Errorf("String() = empty") + } + + l.Reset() + + if got := l.buffer.Len(); got != bufferSize { + t.Errorf("Len() = %v after Reset(), want %v", got, bufferSize) + } + if got := l.String(); got != "" { + t.Errorf("String() != empty after Reset()") + } +} + +func TestLogBuffer_String(t *testing.T) { + tests := []struct { + name string + size int + fill []string + want string + }{ + {name: "empty buffer", fill: []string{}, want: ""}, + {name: "filled buffer", size: 2, fill: []string{"a", "b", "c"}, want: "b\nc"}, + {name: "duplicate buffer items", fill: []string{"b", "b", "b"}, want: "b"}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + l := NewLogBuffer(NewDebugLog(logr.Discard()), tt.size) + for _, v := range tt.fill { + l.Log("%s", v) + } + if got := l.String(); got != tt.want { + t.Errorf("String() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/internal/action/rollback.go b/internal/action/rollback.go new file mode 100644 index 000000000..74daa350b --- /dev/null +++ b/internal/action/rollback.go @@ -0,0 +1,54 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + helmaction "helm.sh/helm/v3/pkg/action" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +// Rollback runs the Helm rollback action with the provided config, using the +// v2beta2.HelmReleaseSpec of the given object to determine the target release +// and rollback configuration. +// +// It does not determine if there is a desire to perform the action, this is +// expected to be done by the caller. In addition, it does not take note of the +// action result. The caller is expected to listen to this using a +// storage.ObserveFunc, which provides superior access to Helm storage writes. +func Rollback(config *helmaction.Configuration, obj *v2.HelmRelease) error { + rollback := newRollback(config, obj) + return rollback.Run(obj.GetReleaseName()) +} + +func newRollback(config *helmaction.Configuration, rel *v2.HelmRelease) *helmaction.Rollback { + rollback := helmaction.NewRollback(config) + + rollback.Timeout = rel.Spec.GetRollback().GetTimeout(rel.GetTimeout()).Duration + rollback.Wait = !rel.Spec.GetRollback().DisableWait + rollback.WaitForJobs = !rel.Spec.GetRollback().DisableWaitForJobs + rollback.DisableHooks = rel.Spec.GetRollback().DisableHooks + rollback.Force = rel.Spec.GetRollback().Force + rollback.Recreate = rel.Spec.GetRollback().Recreate + rollback.CleanupOnFail = rel.Spec.GetRollback().CleanupOnFail + + if prev := rel.Status.Previous; prev != nil && prev.Name == rel.GetReleaseName() && prev.Namespace == rel.GetReleaseNamespace() { + rollback.Version = prev.Version + } + + return rollback +} diff --git a/internal/action/test.go b/internal/action/test.go new file mode 100644 index 000000000..3bdcba881 --- /dev/null +++ b/internal/action/test.go @@ -0,0 +1,48 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "context" + + helmaction "helm.sh/helm/v3/pkg/action" + helmrelease "helm.sh/helm/v3/pkg/release" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +// Test runs the Helm test action with the provided config, using the +// v2beta2.HelmReleaseSpec of the given object to determine the target release +// and test configuration. +// +// It does not determine if there is a desire to perform the action, this is +// expected to be done by the caller. In addition, it does not take note of the +// action result. The caller is expected to listen to this using a +// storage.ObserveFunc, which provides superior access to Helm storage writes. +func Test(_ context.Context, config *helmaction.Configuration, obj *v2.HelmRelease) (*helmrelease.Release, error) { + test := newTest(config, obj) + return test.Run(obj.GetReleaseName()) +} + +func newTest(config *helmaction.Configuration, obj *v2.HelmRelease) *helmaction.ReleaseTesting { + test := helmaction.NewReleaseTesting(config) + + test.Namespace = obj.GetReleaseNamespace() + test.Timeout = obj.Spec.GetTest().GetTimeout(obj.GetTimeout()).Duration + + return test +} diff --git a/internal/action/uninstall.go b/internal/action/uninstall.go new file mode 100644 index 000000000..5a9959fc4 --- /dev/null +++ b/internal/action/uninstall.go @@ -0,0 +1,50 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "context" + + helmaction "helm.sh/helm/v3/pkg/action" + helmrelease "helm.sh/helm/v3/pkg/release" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +// Uninstall runs the Helm uninstall action with the provided config, using the +// v2beta2.HelmReleaseSpec of the given object to determine the target release +// and uninstall configuration. +// +// It does not determine if there is a desire to perform the action, this is +// expected to be done by the caller. In addition, it does not take note of the +// action result. The caller is expected to listen to this using a +// storage.ObserveFunc, which provides superior access to Helm storage writes. +func Uninstall(ctx context.Context, config *helmaction.Configuration, obj *v2.HelmRelease) (*helmrelease.UninstallReleaseResponse, error) { + uninstall := newUninstall(config, obj) + return uninstall.Run(obj.GetReleaseName()) +} + +func newUninstall(config *helmaction.Configuration, obj *v2.HelmRelease) *helmaction.Uninstall { + uninstall := helmaction.NewUninstall(config) + + uninstall.Timeout = obj.Spec.GetUninstall().GetTimeout(obj.GetTimeout()).Duration + uninstall.DisableHooks = obj.Spec.GetUninstall().DisableHooks + uninstall.KeepHistory = obj.Spec.GetUninstall().KeepHistory + uninstall.Wait = !obj.Spec.GetUninstall().DisableWait + + return uninstall +} diff --git a/internal/action/upgrade.go b/internal/action/upgrade.go new file mode 100644 index 000000000..fcc0a8488 --- /dev/null +++ b/internal/action/upgrade.go @@ -0,0 +1,90 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "context" + "fmt" + + helmaction "helm.sh/helm/v3/pkg/action" + helmchart "helm.sh/helm/v3/pkg/chart" + helmchartutil "helm.sh/helm/v3/pkg/chartutil" + helmrelease "helm.sh/helm/v3/pkg/release" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/features" + "github.com/fluxcd/helm-controller/internal/postrender" +) + +// Upgrade runs the Helm upgrade action with the provided config, using the +// v2beta2.HelmReleaseSpec of the given object to determine the target release +// and upgrade configuration. +// +// It performs the upgrade according to the spec, which includes upgrading the +// CRDs according to the defined policy. +// +// It does not determine if there is a desire to perform the action, this is +// expected to be done by the caller. In addition, it does not take note of the +// action result. The caller is expected to listen to this using a +// storage.ObserveFunc, which provides superior access to Helm storage writes. +func Upgrade(ctx context.Context, config *helmaction.Configuration, obj *v2.HelmRelease, chrt *helmchart.Chart, + vals helmchartutil.Values) (*helmrelease.Release, error) { + upgrade, err := newUpgrade(config, obj) + if err != nil { + return nil, err + } + + policy, err := crdPolicyOrDefault(obj.Spec.GetInstall().CRDs) + if err != nil { + return nil, err + } + if err := applyCRDs(config, policy, chrt, setOriginVisitor(v2.GroupVersion.Group, obj.Namespace, obj.Name)); err != nil { + return nil, fmt.Errorf("failed to apply CustomResourceDefinitions: %w", err) + } + + return upgrade.RunWithContext(ctx, obj.GetReleaseName(), chrt, vals.AsMap()) +} + +func newUpgrade(config *helmaction.Configuration, rel *v2.HelmRelease) (*helmaction.Upgrade, error) { + upgrade := helmaction.NewUpgrade(config) + + upgrade.Namespace = rel.GetReleaseNamespace() + upgrade.ResetValues = !rel.Spec.GetUpgrade().PreserveValues + upgrade.ReuseValues = rel.Spec.GetUpgrade().PreserveValues + upgrade.MaxHistory = rel.GetMaxHistory() + upgrade.Timeout = rel.Spec.GetUpgrade().GetTimeout(rel.GetTimeout()).Duration + upgrade.Wait = !rel.Spec.GetUpgrade().DisableWait + upgrade.WaitForJobs = !rel.Spec.GetUpgrade().DisableWaitForJobs + upgrade.DisableHooks = rel.Spec.GetUpgrade().DisableHooks + upgrade.DisableOpenAPIValidation = rel.Spec.GetUpgrade().DisableOpenAPIValidation + upgrade.Force = rel.Spec.GetUpgrade().Force + upgrade.CleanupOnFail = rel.Spec.GetUpgrade().CleanupOnFail + upgrade.Devel = true + + // If the user opted-in to allow DNS lookups, enable it. + if allowDNS, _ := features.Enabled(features.AllowDNSLookups); allowDNS { + upgrade.EnableDNS = allowDNS + } + + renderer, err := postrender.BuildPostRenderers(rel) + if err != nil { + return nil, err + } + upgrade.PostRenderer = renderer + + return upgrade, err +} diff --git a/internal/postrender/build.go b/internal/postrender/build.go new file mode 100644 index 000000000..ba771d173 --- /dev/null +++ b/internal/postrender/build.go @@ -0,0 +1,47 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package postrender + +import ( + helmpostrender "helm.sh/helm/v3/pkg/postrender" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +// BuildPostRenderers creates the post-renderer instances from a HelmRelease +// and combines them into a single Combined post renderer. +func BuildPostRenderers(rel *v2.HelmRelease) (helmpostrender.PostRenderer, error) { + if rel == nil { + return nil, nil + } + renderers := make([]helmpostrender.PostRenderer, 0) + for _, r := range rel.Spec.PostRenderers { + if r.Kustomize != nil { + renderers = append(renderers, &Kustomize{ + Patches: r.Kustomize.Patches, + PatchesStrategicMerge: r.Kustomize.PatchesStrategicMerge, + PatchesJSON6902: r.Kustomize.PatchesJSON6902, + Images: r.Kustomize.Images, + }) + } + } + renderers = append(renderers, NewOriginLabels(v2.GroupVersion.Group, rel.Namespace, rel.Name)) + if len(renderers) == 0 { + return nil, nil + } + return NewCombined(renderers...), nil +} diff --git a/internal/postrender/combined.go b/internal/postrender/combined.go index 54190fa46..c25947437 100644 --- a/internal/postrender/combined.go +++ b/internal/postrender/combined.go @@ -19,17 +19,17 @@ package postrender import ( "bytes" - "helm.sh/helm/v3/pkg/postrender" + helmpostrender "helm.sh/helm/v3/pkg/postrender" ) // Combined is a collection of Helm PostRenders which are // invoked in the order of insertion. type Combined struct { - renderers []postrender.PostRenderer + renderers []helmpostrender.PostRenderer } -func NewCombined(renderer ...postrender.PostRenderer) *Combined { - pr := make([]postrender.PostRenderer, 0) +func NewCombined(renderer ...helmpostrender.PostRenderer) *Combined { + pr := make([]helmpostrender.PostRenderer, 0) pr = append(pr, renderer...) return &Combined{ renderers: pr, diff --git a/internal/postrender/kustomize.go b/internal/postrender/kustomize.go index aec9e694f..9195be811 100644 --- a/internal/postrender/kustomize.go +++ b/internal/postrender/kustomize.go @@ -21,24 +21,27 @@ import ( "encoding/json" "sync" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "sigs.k8s.io/kustomize/api/krusty" "sigs.k8s.io/kustomize/api/resmap" kustypes "sigs.k8s.io/kustomize/api/types" "sigs.k8s.io/kustomize/kyaml/filesys" "github.com/fluxcd/pkg/apis/kustomize" - - v2 "github.com/fluxcd/helm-controller/api/v2beta1" ) +// Kustomize is a Helm post-render plugin that runs Kustomize. type Kustomize struct { - spec *v2.Kustomize -} - -func NewKustomize(spec *v2.Kustomize) *Kustomize { - return &Kustomize{ - spec: spec, - } + // Patches is a list of patches to apply to the rendered manifests. + Patches []kustomize.Patch + // PatchesStrategicMerge is a list of strategic merge patches to apply to + // the rendered manifests. + PatchesStrategicMerge []apiextensionsv1.JSON + // PatchesJSON6902 is a list of JSON patches to apply to the rendered + // manifests. + PatchesJSON6902 []kustomize.JSON6902Patch + // Images is a list of images to replace in the rendered manifests. + Images []kustomize.Image } func (k *Kustomize) Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) { @@ -46,7 +49,7 @@ func (k *Kustomize) Run(renderedManifests *bytes.Buffer) (modifiedManifests *byt cfg := kustypes.Kustomization{} cfg.APIVersion = kustypes.KustomizationVersion cfg.Kind = kustypes.KustomizationKind - cfg.Images = adaptImages(k.spec.Images) + cfg.Images = adaptImages(k.Images) // Add rendered Helm output as input resource to the Kustomization. const input = "helm-output.yaml" @@ -56,7 +59,7 @@ func (k *Kustomize) Run(renderedManifests *bytes.Buffer) (modifiedManifests *byt } // Add patches. - for _, m := range k.spec.Patches { + for _, m := range k.Patches { cfg.Patches = append(cfg.Patches, kustypes.Patch{ Patch: m.Patch, Target: adaptSelector(m.Target), @@ -64,19 +67,19 @@ func (k *Kustomize) Run(renderedManifests *bytes.Buffer) (modifiedManifests *byt } // Add strategic merge patches. - for _, m := range k.spec.PatchesStrategicMerge { + for _, m := range k.PatchesStrategicMerge { cfg.PatchesStrategicMerge = append(cfg.PatchesStrategicMerge, kustypes.PatchStrategicMerge(m.Raw)) } // Add JSON 6902 patches. - for i, m := range k.spec.PatchesJSON6902 { + for i, m := range k.PatchesJSON6902 { patch, err := json.Marshal(m.Patch) if err != nil { return nil, err } cfg.PatchesJson6902 = append(cfg.PatchesJson6902, kustypes.Patch{ Patch: string(patch), - Target: adaptSelector(&k.spec.PatchesJSON6902[i].Target), + Target: adaptSelector(&k.PatchesJSON6902[i].Target), }) } diff --git a/internal/postrender/kustomize_test.go b/internal/postrender/kustomize_test.go index f8856a413..c526b8795 100644 --- a/internal/postrender/kustomize_test.go +++ b/internal/postrender/kustomize_test.go @@ -27,7 +27,7 @@ import ( "github.com/fluxcd/pkg/apis/kustomize" - v2 "github.com/fluxcd/helm-controller/api/v2beta1" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" ) const replaceImageMock = `apiVersion: v1 @@ -259,7 +259,10 @@ spec: g.Expect(err).ToNot(HaveOccurred()) k := &Kustomize{ - spec: spec, + Patches: spec.Patches, + PatchesStrategicMerge: spec.PatchesStrategicMerge, + PatchesJSON6902: spec.PatchesJSON6902, + Images: spec.Images, } gotModifiedManifests, err := k.Run(bytes.NewBufferString(tt.renderedManifests)) if tt.expectErr { diff --git a/internal/runner/runner.go b/internal/runner/runner.go index c63e2c608..c6f9234b9 100644 --- a/internal/runner/runner.go +++ b/internal/runner/runner.go @@ -104,7 +104,12 @@ func postRenderers(hr v2.HelmRelease) (postrender.PostRenderer, error) { renderers := make([]postrender.PostRenderer, 0) for _, r := range hr.Spec.PostRenderers { if r.Kustomize != nil { - renderers = append(renderers, intpostrender.NewKustomize(r.Kustomize)) + renderers = append(renderers, &intpostrender.Kustomize{ + Patches: r.Kustomize.Patches, + PatchesStrategicMerge: r.Kustomize.PatchesStrategicMerge, + PatchesJSON6902: r.Kustomize.PatchesJSON6902, + Images: r.Kustomize.Images, + }) } } renderers = append(renderers, intpostrender.NewOriginLabels(v2.GroupVersion.Group, hr.Namespace, hr.Name)) diff --git a/internal/storage/driver.go b/internal/storage/driver.go deleted file mode 100644 index 130704d37..000000000 --- a/internal/storage/driver.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright The Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "bytes" - "compress/gzip" - "encoding/base64" - "encoding/json" - "io/ioutil" - - rspb "helm.sh/helm/v3/pkg/release" -) - -// Copied over from the Helm project to be able to decrypt encoded releases -// as testdata. - -var b64 = base64.StdEncoding - -var magicGzip = []byte{0x1f, 0x8b, 0x08} - -// decodeRelease decodes the bytes of data into a release -// type. Data must contain a base64 encoded gzipped string of a -// valid release, otherwise an error is returned. -func decodeRelease(data string) (*rspb.Release, error) { - // base64 decode string - b, err := b64.DecodeString(data) - if err != nil { - return nil, err - } - - // For backwards compatibility with releases that were stored before - // compression was introduced we skip decompression if the - // gzip magic header is not found - if bytes.Equal(b[0:3], magicGzip) { - r, err := gzip.NewReader(bytes.NewReader(b)) - if err != nil { - return nil, err - } - defer r.Close() - b2, err := ioutil.ReadAll(r) - if err != nil { - return nil, err - } - b = b2 - } - - var rls rspb.Release - // unmarshal release object bytes - if err := json.Unmarshal(b, &rls); err != nil { - return nil, err - } - return &rls, nil -} diff --git a/internal/storage/observer.go b/internal/storage/observer.go index 43287f4c3..a0885ad76 100644 --- a/internal/storage/observer.go +++ b/internal/storage/observer.go @@ -17,184 +17,17 @@ limitations under the License. package storage import ( - "crypto/sha256" - "errors" - "fmt" - "sort" - "strconv" - "strings" - "sync" - - "github.com/mitchellh/copystructure" - "helm.sh/helm/v3/pkg/chart" - "helm.sh/helm/v3/pkg/release" - "helm.sh/helm/v3/pkg/releaseutil" - "helm.sh/helm/v3/pkg/storage" - "helm.sh/helm/v3/pkg/storage/driver" + helmrelease "helm.sh/helm/v3/pkg/release" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" ) // ObserverDriverName contains the string representation of Observer. const ObserverDriverName = "observer" -var ( - // ErrReleaseNotObserved indicates the release has not been observed by - // the Observator. - ErrReleaseNotObserved = errors.New("release: not observed") -) - -// Observator reports about the write actions to a driver.Driver, recorded as -// ObservedRelease objects. -// Named to be inline with driver.Creator, driver.Updator, etc. -type Observator interface { - // LastObservation returns the last observed release with the highest version, - // or ErrReleaseNotObserved if there is no observed release with the provided - // name. - LastObservation(name string) (ObservedRelease, error) - // GetObservedVersion returns the release with the given version if - // observed, or ErrReleaseNotObserved. - GetObservedVersion(name string, version int) (ObservedRelease, error) - // ObserveLastRelease observes the release in with the highest version in - // the embedded driver.Driver. It returns the driver.ErrReleaseNotFound is - // returned if a release with the provided name does not exist. - ObserveLastRelease(name string) (ObservedRelease, error) -} - -// ObservedRelease is a copy of a release.Release as observed to be written to -// a Helm storage driver by an Observator. The object is detached from the Helm -// storage object, and mutations to it do not change the underlying release -// object. -type ObservedRelease struct { - // Name of the release. - Name string - // Version of the release, at times also called revision. - Version int - // Info provides information about the release. - Info release.Info - // ChartMetadata contains the current Chartfile data of the release. - ChartMetadata chart.Metadata - // Config is the set of extra Values added to the chart. - // These values override the default values inside the chart. - Config map[string]interface{} - // Manifest is the string representation of the rendered template. - Manifest string - // ManifestSHA256 is the string representation of the SHA256 sum of - // Manifest. - ManifestSHA256 string - // Hooks are all the hooks declared for this release, and the current - // state they are in. - Hooks []release.Hook - // Namespace is the Kubernetes namespace of the release. - Namespace string - // Labels of the release. - Labels map[string]string -} - -// DeepCopy deep copies the ObservedRelease, creating a new ObservedRelease. -func (in ObservedRelease) DeepCopy() ObservedRelease { - out := ObservedRelease{} - in.DeepCopyInto(&out) - return out -} - -// DeepCopyInto deep copies the ObservedRelease, writing it into out. -func (in ObservedRelease) DeepCopyInto(out *ObservedRelease) { - if out == nil { - return - } - - out.Name = in.Name - out.Version = in.Version - out.Info = in.Info - out.Manifest = in.Manifest - out.ManifestSHA256 = in.ManifestSHA256 - out.Namespace = in.Namespace - - if v, err := copystructure.Copy(in.ChartMetadata); err == nil { - out.ChartMetadata = v.(chart.Metadata) - } - - if v, err := copystructure.Copy(in.Config); err == nil { - out.Config = v.(map[string]interface{}) - } - - if len(in.Hooks) > 0 { - out.Hooks = make([]release.Hook, len(in.Hooks)) - if v, err := copystructure.Copy(in.Hooks); err == nil { - for i, h := range v.([]release.Hook) { - out.Hooks[i] = h - } - } - } - - if len(in.Labels) > 0 { - out.Labels = make(map[string]string, len(in.Labels)) - for i, v := range in.Labels { - out.Labels[i] = v - } - } -} - -// NewObservedRelease deep copies the values from the provided release.Release -// into a new ObservedRelease while omitting all chart data except metadata. -func NewObservedRelease(rel *release.Release) ObservedRelease { - if rel == nil { - return ObservedRelease{} - } - - obsRel := ObservedRelease{ - Name: rel.Name, - Version: rel.Version, - Config: nil, - Manifest: rel.Manifest, - Hooks: nil, - Namespace: rel.Namespace, - Labels: nil, - } - - if rel.Info != nil { - obsRel.Info = *rel.Info - } - - if rel.Manifest != "" { - obsRel.ManifestSHA256 = fmt.Sprintf("%x", sha256.Sum256([]byte(rel.Manifest))) - } - - if rel.Chart != nil && rel.Chart.Metadata != nil { - if v, err := copystructure.Copy(rel.Chart.Metadata); err == nil { - obsRel.ChartMetadata = *v.(*chart.Metadata) - } - } - - if len(rel.Config) > 0 { - if v, err := copystructure.Copy(rel.Config); err == nil { - obsRel.Config = v.(map[string]interface{}) - } - } - - if len(rel.Hooks) > 0 { - obsRel.Hooks = make([]release.Hook, len(rel.Hooks)) - if v, err := copystructure.Copy(rel.Hooks); err == nil { - for i, h := range v.([]*release.Hook) { - obsRel.Hooks[i] = *h - } - } - } - - if len(rel.Labels) > 0 { - obsRel.Labels = make(map[string]string, len(rel.Labels)) - for i, v := range rel.Labels { - obsRel.Labels[i] = v - } - } - - return obsRel -} - -// Observer is a driver.Driver Observator. +// Observer is an observing Helm storage driver. // -// It observes the writes to the Helm storage driver it embeds, and caches -// persisted release.Release objects as an ObservedRelease by their Helm -// storage key. +// It can be configured with a list of ObserveFunc functions that are called +// after a successful persistence operation to the underlying driver. // // This allows for observations on persisted state as performed by the driver, // and works around the inconsistent behavior of some Helm actions that may @@ -203,32 +36,23 @@ func NewObservedRelease(rel *release.Release) ObservedRelease { type Observer struct { // driver holds the underlying driver.Driver implementation which is used // to persist data to, and retrieve from. - driver driver.Driver - // releases contains a map of ObservedRelease objects indexed by makeKeyFunc - // key. - releases map[string]ObservedRelease - // mu is a read-write lock for releases. - mu sync.RWMutex - // makeKeyFunc returns the expected Helm storage key for the given name and - // version. - // At present, the only implementation is makeKey, but to prevent - // hard-coded assumptions and acknowledge the unexposed Helm API around it, - // it can (theoretically) be configured. - makeKeyFunc func(name string, version int) string - // splitKeyFunc returns the name and version of a Helm storage key. - // At present, the only implementation is splitKey, but to prevent - // hard-coded assumptions and acknowledge the unexposed Helm API around it, - // it can (theoretically) be configured. - splitKeyFunc func(key string) (name string, version int) + driver helmdriver.Driver + // observers holds a slice of ObserveFunc which are called after a + // successful persistence of a release to storage driver. + observers []ObserveFunc } -// NewObserver creates a new observer for the given Helm storage driver. -func NewObserver(driver driver.Driver) *Observer { +// ObserveFunc observes a release which has been successfully persisted to +// storage. +// NOTE: while it takes a pointer, the caller is expected to perform a +// read-only operation. +type ObserveFunc func(rel *helmrelease.Release) + +// NewObserver creates a new Observer for the given Helm storage driver. +func NewObserver(driver helmdriver.Driver, observers ...ObserveFunc) *Observer { return &Observer{ - driver: driver, - makeKeyFunc: makeKey, - splitKeyFunc: splitKey, - releases: make(map[string]ObservedRelease), + driver: driver, + observers: observers, } } @@ -238,136 +62,54 @@ func (o *Observer) Name() string { } // Get returns the release named by key or returns ErrReleaseNotFound. -func (o *Observer) Get(key string) (*release.Release, error) { +func (o *Observer) Get(key string) (*helmrelease.Release, error) { return o.driver.Get(key) } // List returns the list of all releases such that filter(release) == true. -func (o *Observer) List(filter func(*release.Release) bool) ([]*release.Release, error) { +func (o *Observer) List(filter func(*helmrelease.Release) bool) ([]*helmrelease.Release, error) { return o.driver.List(filter) } // Query returns the set of releases that match the provided set of labels. -func (o *Observer) Query(keyvals map[string]string) ([]*release.Release, error) { +func (o *Observer) Query(keyvals map[string]string) ([]*helmrelease.Release, error) { return o.driver.Query(keyvals) } // Create creates a new release or returns driver.ErrReleaseExists. // It observes the release as provided after a successful creation. -func (o *Observer) Create(key string, rls *release.Release) error { - defer unlock(o.wlock()) +func (o *Observer) Create(key string, rls *helmrelease.Release) error { if err := o.driver.Create(key, rls); err != nil { return err } - o.releases[key] = NewObservedRelease(rls) + for _, obs := range o.observers { + obs(rls) + } return nil } // Update updates a release or returns driver.ErrReleaseNotFound. // After a successful update, it observes the release as provided. -func (o *Observer) Update(key string, rls *release.Release) error { - defer unlock(o.wlock()) +func (o *Observer) Update(key string, rls *helmrelease.Release) error { if err := o.driver.Update(key, rls); err != nil { return err } - o.releases[key] = NewObservedRelease(rls) + for _, obs := range o.observers { + obs(rls) + } return nil } // Delete deletes a release or returns driver.ErrReleaseNotFound. // After a successful deletion, it observes the release as returned by the // embedded driver.Deletor. -func (o *Observer) Delete(key string) (*release.Release, error) { - defer unlock(o.wlock()) - rel, err := o.driver.Delete(key) +func (o *Observer) Delete(key string) (*helmrelease.Release, error) { + rls, err := o.driver.Delete(key) if err != nil { return nil, err } - o.releases[key] = NewObservedRelease(rel) - return rel, nil -} - -// LastObservation returns the last observed release with the highest version, -// or ErrReleaseNotObserved if there is no observed release with the provided -// name. -func (o *Observer) LastObservation(name string) (ObservedRelease, error) { - defer unlock(o.rlock()) - if len(o.releases) == 0 { - return ObservedRelease{}, ErrReleaseNotObserved - } - var candidates []int - for key := range o.releases { - if n, ver := o.splitKeyFunc(key); n == name { - candidates = append(candidates, ver) - } - } - if len(candidates) == 0 { - return ObservedRelease{}, ErrReleaseNotObserved - } - sort.Ints(candidates) - return o.releases[o.makeKeyFunc(name, candidates[len(candidates)-1])].DeepCopy(), nil -} - -// GetObservedVersion returns the observation for provided release name with -// the given version, or ErrReleaseNotObserved if it has not been observed. -func (o *Observer) GetObservedVersion(name string, version int) (ObservedRelease, error) { - defer unlock(o.rlock()) - rls, ok := o.releases[o.makeKeyFunc(name, version)] - if !ok { - return ObservedRelease{}, ErrReleaseNotObserved - } - return rls.DeepCopy(), nil -} - -// ObserveLastRelease observes the release with the highest version, or -// driver.ErrReleaseNotFound if a release with the provided name does not -// exist. -func (o *Observer) ObserveLastRelease(name string) (ObservedRelease, error) { - defer unlock(o.wlock()) - rls, err := o.Query(map[string]string{"name": name, "owner": "helm"}) - if err != nil { - return ObservedRelease{}, err - } - if len(rls) == 0 { - return ObservedRelease{}, driver.ErrReleaseNotFound - } - releaseutil.Reverse(rls, releaseutil.SortByRevision) - key := o.makeKeyFunc(rls[0].Name, rls[0].Version) - o.releases[key] = NewObservedRelease(rls[0]) - return o.releases[key].DeepCopy(), nil -} - -// wlock locks Observer for writing and returns a func to reverse the operation. -func (o *Observer) wlock() func() { - o.mu.Lock() - return func() { o.mu.Unlock() } -} - -// rlock locks Observer for reading and returns a func to reverse the operation. -func (o *Observer) rlock() func() { - o.mu.RLock() - return func() { o.mu.RUnlock() } -} - -// unlock calls fn which reverses an o.rlock or o.wlock. e.g: -// ```defer unlock(o.rlock())```, locks mem for reading at the -// call point of defer and unlocks upon exiting the block. -func unlock(fn func()) { fn() } - -// makeKey mimics the Helm storage's internal makeKey method: -// https://github.com/helm/helm/blob/29d273f985306bc508b32455d77894f3b1eb8d4d/pkg/storage/storage.go#L251 -func makeKey(name string, version int) string { - return fmt.Sprintf("%s.%s.v%d", storage.HelmStorageType, name, version) -} - -// splitKey is capable of splitting a Helm storage key into a name and version, -// if created using the makeKey logic. -func splitKey(key string) (name string, version int) { - typeLessKey := strings.TrimPrefix(key, storage.HelmStorageType+".") - split := strings.Split(typeLessKey, ".v") - name = split[0] - if len(split) > 1 { - version, _ = strconv.Atoi(split[1]) + for _, obs := range o.observers { + obs(rls) } - return + return rls, nil } diff --git a/internal/storage/observer_test.go b/internal/storage/observer_test.go index 86ab309ba..b8e055e27 100644 --- a/internal/storage/observer_test.go +++ b/internal/storage/observer_test.go @@ -17,154 +17,18 @@ limitations under the License. package storage import ( - "crypto/sha256" "fmt" - "log" - "os" "testing" . "github.com/onsi/gomega" - "helm.sh/helm/v3/pkg/chart" - "helm.sh/helm/v3/pkg/release" - "helm.sh/helm/v3/pkg/storage/driver" - "helm.sh/helm/v3/pkg/time" + helmrelease "helm.sh/helm/v3/pkg/release" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" ) -var ( - // smallRelease is 17K while encoded. - smallRelease *release.Release - // midRelease is 125K while encoded. - midRelease *release.Release - // biggerRelease is 862K while encoded. - biggerRelease *release.Release -) - -func TestMain(m *testing.M) { - var err error - if smallRelease, err = decodeReleaseFromFile("testdata/podinfo-helm-1"); err != nil { - log.Fatal(err) - } - if midRelease, err = decodeReleaseFromFile("testdata/istio-base-1"); err != nil { - log.Fatal(err) - } - if biggerRelease, err = decodeReleaseFromFile("testdata/prom-stack-1"); err != nil { - log.Fatal(err) - } - r := m.Run() - os.Exit(r) -} - -func TestObservedRelease_DeepCopyInto(t *testing.T) { - t.Run("deep copies", func(t *testing.T) { - g := NewWithT(t) - - now := time.Now() - in := ObservedRelease{ - Name: "universe", - Version: 42, - Info: release.Info{ - FirstDeployed: now, - Description: "ever expanding", - Status: release.StatusPendingRollback, - }, - ChartMetadata: chart.Metadata{ - Name: "bang", - Version: "v1.0", - Maintainers: []*chart.Maintainer{ - {Name: "Lord", Email: "noreply@example.com"}, - }, - Annotations: map[string]string{ - "big": "bang", - }, - APIVersion: chart.APIVersionV2, - Type: "application", - }, - Config: map[string]interface{}{ - "sky": "blue", - }, - Manifest: `--- -apiVersion: v1 -kind: ConfigMap -Namespace: void -data: - sky: blue -`, - ManifestSHA256: "1e472606d9e10ab58c5264a6b45aa2d5dad96d06f27423140fd6280a48a0b775", - Hooks: []release.Hook{ - { - Name: "passing-test", - Events: []release.HookEvent{release.HookTest}, - LastRun: release.HookExecution{ - StartedAt: now, - CompletedAt: now, - Phase: release.HookPhaseSucceeded, - }, - }, - }, - Namespace: "void", - Labels: map[string]string{ - "concept": "true", - }, - } - - out := ObservedRelease{} - in.DeepCopyInto(&out) - g.Expect(out).To(Equal(in)) - g.Expect(out).ToNot(BeIdenticalTo(in)) - - deepcopy := out.DeepCopy() - g.Expect(deepcopy).To(Equal(out)) - g.Expect(deepcopy).ToNot(BeIdenticalTo(out)) - }) - - t.Run("with nil", func(t *testing.T) { - in := ObservedRelease{} - in.DeepCopyInto(nil) - }) -} - -func TestNewObservedRelease(t *testing.T) { - tests := []struct { - name string - releases []*release.Release - inspect func(w *WithT, rel *release.Release, obsRel ObservedRelease) - }{ - { - name: "observes release", - releases: []*release.Release{smallRelease, midRelease, biggerRelease}, - inspect: func(w *WithT, rel *release.Release, obsRel ObservedRelease) { - w.Expect(obsRel.Name).To(Equal(rel.Name)) - w.Expect(obsRel.Version).To(Equal(rel.Version)) - w.Expect(obsRel.Info).To(Equal(*rel.Info)) - w.Expect(obsRel.ChartMetadata).To(Equal(*rel.Chart.Metadata)) - w.Expect(obsRel.Config).To(Equal(rel.Config)) - w.Expect(obsRel.Manifest).To(Equal(rel.Manifest)) - w.Expect(obsRel.ManifestSHA256).To(Equal(fmt.Sprintf("%x", sha256.Sum256([]byte(rel.Manifest))))) - w.Expect(obsRel.Hooks).To(HaveLen(len(rel.Hooks))) - for k, v := range rel.Hooks { - w.Expect(obsRel.Hooks[k]).To(Equal(*v)) - } - w.Expect(obsRel.Namespace).To(Equal(rel.Namespace)) - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - for _, rel := range tt.releases { - rel := rel - t.Run(t.Name()+"_"+rel.Name, func(t *testing.T) { - got := NewObservedRelease(rel) - tt.inspect(NewWithT(t), rel, got) - }) - } - }) - } -} - func TestObserver_Name(t *testing.T) { g := NewWithT(t) - o := NewObserver(driver.NewMemory()) + o := NewObserver(helmdriver.NewMemory()) g.Expect(o.Name()).To(Equal(ObserverDriverName)) } @@ -172,18 +36,20 @@ func TestObserver_Get(t *testing.T) { t.Run("ignores get", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - o := NewObserver(ms) - - rel := releaseStub("success", 1, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) + ms := helmdriver.NewMemory() + rel := releaseStub("success", 1, "ns1", helmrelease.StatusDeployed) + key := testKey(rel.Name, rel.Version) g.Expect(ms.Create(key, rel)).To(Succeed()) - g.Expect(o.releases).To(HaveLen(0)) + + var called bool + o := NewObserver(ms, func(rls *helmrelease.Release) { + called = true + }) got, err := o.Get(key) g.Expect(err).ToNot(HaveOccurred()) g.Expect(got).To(Equal(rel)) - g.Expect(o.releases).To(HaveLen(0)) + g.Expect(called).To(BeFalse()) }) } @@ -191,21 +57,23 @@ func TestObserver_List(t *testing.T) { t.Run("ignores list", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - rel := releaseStub("success", 1, "ns1", release.StatusDeployed) - key := makeKey(rel.Name, rel.Version) + ms := helmdriver.NewMemory() + rel := releaseStub("success", 1, "ns1", helmrelease.StatusDeployed) + key := testKey(rel.Name, rel.Version) g.Expect(ms.Create(key, rel)).To(Succeed()) - o := NewObserver(ms) - got, err := o.List(func(r *release.Release) bool { + var called bool + o := NewObserver(ms, func(rls *helmrelease.Release) { + called = true + }) + got, err := o.List(func(r *helmrelease.Release) bool { // Include everything return true }) g.Expect(err).ToNot(HaveOccurred()) g.Expect(got).To(HaveLen(1)) g.Expect(got[0]).To(Equal(rel)) - // Observed releases still empty - g.Expect(o.releases).To(HaveLen(0)) + g.Expect(called).To(BeFalse()) }) } @@ -213,18 +81,21 @@ func TestObserver_Query(t *testing.T) { t.Run("ignores query", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - rel := releaseStub("success", 1, "ns1", release.StatusDeployed) - key := makeKey(rel.Name, rel.Version) + ms := helmdriver.NewMemory() + rel := releaseStub("success", 1, "ns1", helmrelease.StatusDeployed) + key := testKey(rel.Name, rel.Version) g.Expect(ms.Create(key, rel)).To(Succeed()) - o := NewObserver(ms) + var called bool + o := NewObserver(ms, func(rls *helmrelease.Release) { + called = true + }) + rls, err := o.Query(map[string]string{"status": "deployed"}) g.Expect(err).ToNot(HaveOccurred()) g.Expect(rls).To(HaveLen(1)) g.Expect(rls[0]).To(Equal(rel)) - // Observed releases still empty - g.Expect(o.releases).To(HaveLen(0)) + g.Expect(called).To(BeFalse()) }) } @@ -232,32 +103,36 @@ func TestObserver_Create(t *testing.T) { t.Run("observes create success", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - o := NewObserver(ms) + ms := helmdriver.NewMemory() + rel := releaseStub("success", 1, "ns1", helmrelease.StatusDeployed) + key := testKey(rel.Name, rel.Version) + + var called bool + o := NewObserver(ms, func(rls *helmrelease.Release) { + called = true + }) - rel := releaseStub("success", 1, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) g.Expect(o.Create(key, rel)).To(Succeed()) - g.Expect(o.releases).To(HaveLen(1)) - g.Expect(o.releases).To(HaveKey(key)) - g.Expect(o.releases[key]).To(Equal(NewObservedRelease(rel))) + g.Expect(called).To(BeTrue()) }) t.Run("ignores create error", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - o := NewObserver(ms) + ms := helmdriver.NewMemory() - rel := releaseStub("error", 1, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) - g.Expect(o.Create(key, rel)).To(Succeed()) + rel := releaseStub("error", 1, "ns1", helmrelease.StatusDeployed) + key := testKey(rel.Name, rel.Version) + g.Expect(ms.Create(key, rel)).To(Succeed()) + + var called bool + o := NewObserver(ms, func(rls *helmrelease.Release) { + called = true + }) - rel2 := releaseStub("error", 1, "ns1", release.StatusFailed) + rel2 := releaseStub("error", 1, "ns1", helmrelease.StatusFailed) g.Expect(o.Create(key, rel2)).To(HaveOccurred()) - g.Expect(o.releases).To(HaveLen(1)) - g.Expect(o.releases).To(HaveKey(key)) - g.Expect(o.releases[key]).ToNot(Equal(rel2)) + g.Expect(called).To(BeFalse()) }) } @@ -265,44 +140,32 @@ func TestObserver_Update(t *testing.T) { t.Run("observes update success", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - o := NewObserver(ms) - - rel := releaseStub("success", 1, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) + ms := helmdriver.NewMemory() + rel := releaseStub("success", 1, "ns1", helmrelease.StatusDeployed) + key := testKey(rel.Name, rel.Version) g.Expect(ms.Create(key, rel)).To(Succeed()) - g.Expect(o.Update(key, rel)).To(Succeed()) - g.Expect(o.releases).To(HaveLen(1)) - g.Expect(o.releases).To(HaveKey(key)) - g.Expect(o.releases[key]).To(Equal(NewObservedRelease(rel))) - }) - - t.Run("observation updates earlier observation", func(t *testing.T) { - g := NewWithT(t) - - ms := driver.NewMemory() - o := NewObserver(ms) - - rel := releaseStub("success", 1, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) - g.Expect(o.Create(key, rel)).To(Succeed()) + var called bool + o := NewObserver(ms, func(rls *helmrelease.Release) { + called = true + }) - rel2 := releaseStub("success", 1, "ns1", release.StatusFailed) - g.Expect(o.Update(key, rel2)).To(Succeed()) - g.Expect(o.releases[key]).To(Equal(NewObservedRelease(rel2))) + g.Expect(o.Update(key, rel)).To(Succeed()) + g.Expect(called).To(BeTrue()) }) t.Run("ignores update error", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - o := NewObserver(ms) + var called bool + o := NewObserver(helmdriver.NewMemory(), func(rls *helmrelease.Release) { + called = true + }) - rel := releaseStub("error", 1, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) + rel := releaseStub("error", 1, "ns1", helmrelease.StatusDeployed) + key := testKey(rel.Name, rel.Version) g.Expect(o.Update(key, rel)).To(HaveOccurred()) - g.Expect(o.releases).To(HaveLen(0)) + g.Expect(called).To(BeFalse()) }) } @@ -310,226 +173,50 @@ func TestObserver_Delete(t *testing.T) { t.Run("observes delete success", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - o := NewObserver(ms) + ms := helmdriver.NewMemory() + rel := releaseStub("success", 1, "ns1", helmrelease.StatusDeployed) + key := testKey(rel.Name, rel.Version) + g.Expect(ms.Create(key, rel)).To(Succeed()) - rel := releaseStub("success", 1, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) - g.Expect(o.Create(key, rel)).To(Succeed()) - g.Expect(o.LastObservation(rel.Name)).ToNot(BeNil()) + var called bool + o := NewObserver(ms, func(rls *helmrelease.Release) { + called = true + }) got, err := o.Delete(key) g.Expect(err).ToNot(HaveOccurred()) g.Expect(got).ToNot(BeNil()) - - g.Expect(o.releases).To(HaveLen(1)) - g.Expect(o.releases).To(HaveKey(key)) - g.Expect(o.releases[key]).To(Equal(NewObservedRelease(got))) + g.Expect(called).To(BeTrue()) _, err = ms.Get(key) - g.Expect(err).To(Equal(driver.ErrReleaseNotFound)) + g.Expect(err).To(Equal(helmdriver.ErrReleaseNotFound)) }) t.Run("delete release not found", func(t *testing.T) { g := NewWithT(t) - ms := driver.NewMemory() - o := NewObserver(ms) + var called bool + o := NewObserver(helmdriver.NewMemory(), func(rls *helmrelease.Release) { + called = true + }) - key := o.makeKeyFunc("error", 1) + key := testKey("error", 1) got, err := o.Delete(key) - g.Expect(err).To(Equal(driver.ErrReleaseNotFound)) + g.Expect(err).To(Equal(helmdriver.ErrReleaseNotFound)) g.Expect(got).To(BeNil()) + g.Expect(called).To(BeFalse()) }) } -func TestObserver_LastObservation(t *testing.T) { - t.Run("last observation by version", func(t *testing.T) { - g := NewWithT(t) - - o := NewObserver(driver.NewMemory()) - - rel1 := releaseStub("success", 1, "ns1", release.StatusDeployed) - key1 := o.makeKeyFunc(rel1.Name, rel1.Version) - - rel2 := releaseStub("success", 2, "ns1", release.StatusDeployed) - key2 := o.makeKeyFunc(rel2.Name, rel2.Version) - - g.Expect(o.Create(key2, rel2)).To(Succeed()) - g.Expect(o.Create(key1, rel1)).To(Succeed()) - - got, err := o.LastObservation(rel2.Name) - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(got).To(Equal(NewObservedRelease(rel2))) - }) - - t.Run("no observed releases", func(t *testing.T) { - g := NewWithT(t) - - o := NewObserver(driver.NewMemory()) - got, err := o.LastObservation("notobserved") - g.Expect(err).To(Equal(ErrReleaseNotObserved)) - g.Expect(got).To(Equal(ObservedRelease{})) - }) - - t.Run("no observed releases for name", func(t *testing.T) { - g := NewWithT(t) - - o := NewObserver(driver.NewMemory()) - - otherRel := releaseStub("other", 2, "ns1", release.StatusDeployed) - otherKey := o.makeKeyFunc(otherRel.Name, otherRel.Version) - g.Expect(o.Create(otherKey, otherRel)).To(Succeed()) - - got, err := o.LastObservation("notobserved") - g.Expect(err).To(Equal(ErrReleaseNotObserved)) - g.Expect(got).To(Equal(ObservedRelease{})) - }) -} - -func TestObserver_GetObservedVersion(t *testing.T) { - t.Run("observation with version", func(t *testing.T) { - g := NewWithT(t) - - o := NewObserver(driver.NewMemory()) - - rel := releaseStub("thirtythree", 33, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) - g.Expect(o.Create(key, rel)).To(Succeed()) - - got, err := o.GetObservedVersion(rel.Name, rel.Version) - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(got).To(Equal(NewObservedRelease(rel))) - }) - - t.Run("unobserved version", func(t *testing.T) { - g := NewWithT(t) - - o := NewObserver(driver.NewMemory()) - - rel := releaseStub("two", 2, "ns1", release.StatusDeployed) - key := o.makeKeyFunc(rel.Name, rel.Version) - g.Expect(o.Create(key, rel)).To(Succeed()) - - got, err := o.GetObservedVersion("two", 1) - g.Expect(err).To(Equal(ErrReleaseNotObserved)) - g.Expect(got).To(Equal(ObservedRelease{})) - }) -} - -func TestObserver_ObserveLastRelease(t *testing.T) { - t.Run("observes last release from storage", func(t *testing.T) { - g := NewWithT(t) - - d := driver.NewMemory() - - rel1 := releaseStub("two", 1, "ns1", release.StatusDeployed) - key1 := makeKey(rel1.Name, rel1.Version) - g.Expect(d.Create(key1, rel1)).To(Succeed()) - - rel2 := releaseStub("two", 2, "ns1", release.StatusDeployed) - key2 := makeKey(rel2.Name, rel2.Version) - g.Expect(d.Create(key2, rel2)).To(Succeed()) - - o := NewObserver(d) - got, err := o.ObserveLastRelease("two") - g.Expect(err).ToNot(HaveOccurred()) - g.Expect(got).To(Equal(NewObservedRelease(rel2))) - }) - - t.Run("error on release not found", func(t *testing.T) { - g := NewWithT(t) - - o := NewObserver(driver.NewMemory()) - got, err := o.ObserveLastRelease("notfound") - g.Expect(err).To(Equal(driver.ErrReleaseNotFound)) - g.Expect(got).To(Equal(ObservedRelease{})) - }) -} - -func Test_makeKey(t *testing.T) { - tests := []struct { - name string - version int - want string - }{ - {name: "release-a", version: 2, want: "sh.helm.release.v1.release-a.v2"}, - {name: "release-b", version: 48, want: "sh.helm.release.v1.release-b.v48"}, - } - for _, tt := range tests { - t.Run(fmt.Sprintf("%s_%d", tt.name, tt.version), func(t *testing.T) { - g := NewWithT(t) - - g.Expect(makeKey(tt.name, tt.version)).To(Equal(tt.want)) - }) - } -} - -func Test_splitKey(t *testing.T) { - tests := []struct { - key string - wantName string - wantVersion int - }{ - {key: "sh.helm.release.v1.release-a.v2", wantName: "release-a", wantVersion: 2}, - {key: "sh.helm.release.v1.release-b.v48", wantName: "release-b", wantVersion: 48}, - } - for _, tt := range tests { - t.Run(tt.key, func(t *testing.T) { - g := NewWithT(t) - - gotN, gotV := splitKey(tt.key) - g.Expect(gotN).To(Equal(tt.wantName)) - g.Expect(gotV).To(Equal(tt.wantVersion)) - }) - } -} - -func Test_makeKey_splitKey(t *testing.T) { - g := NewWithT(t) - - key := makeKey("release-name", 894) - gotN, gotV := splitKey(key) - g.Expect(gotN).To(Equal("release-name")) - g.Expect(gotV).To(Equal(894)) -} - -func releaseStub(name string, version int, namespace string, status release.Status) *release.Release { - return &release.Release{ +func releaseStub(name string, version int, namespace string, status helmrelease.Status) *helmrelease.Release { + return &helmrelease.Release{ Name: name, Version: version, Namespace: namespace, - Info: &release.Info{Status: status}, - } -} - -func decodeReleaseFromFile(path string) (*release.Release, error) { - b, err := os.ReadFile(path) - if err != nil { - return nil, fmt.Errorf("failed to load encoded release data: %w", err) - } - rel, err := decodeRelease(string(b)) - if err != nil { - return nil, fmt.Errorf("failed to decode release data: %w", err) + Info: &helmrelease.Info{Status: status}, } - return rel, nil -} - -func benchmarkNewObservedRelease(rel release.Release, b *testing.B) { - b.ReportAllocs() - for n := 0; n < b.N; n++ { - NewObservedRelease(&rel) - } -} - -func BenchmarkNewObservedReleaseSmall(b *testing.B) { - benchmarkNewObservedRelease(*smallRelease, b) -} - -func BenchmarkNewObservedReleaseMid(b *testing.B) { - benchmarkNewObservedRelease(*midRelease, b) } -func BenchmarkNewObservedReleaseBigger(b *testing.B) { - benchmarkNewObservedRelease(*biggerRelease, b) +func testKey(name string, vers int) string { + return fmt.Sprintf("%s.v%d", name, vers) } diff --git a/internal/storage/testdata/istio-base-1 b/internal/storage/testdata/istio-base-1 deleted file mode 100644 index a99ff1f77..000000000 --- a/internal/storage/testdata/istio-base-1 +++ /dev/null @@ -1 +0,0 @@  \ No newline at end of file diff --git a/internal/storage/testdata/podinfo-helm-1 b/internal/storage/testdata/podinfo-helm-1 deleted file mode 100644 index e1e387187..000000000 --- a/internal/storage/testdata/podinfo-helm-1 +++ /dev/null @@ -1 +0,0 @@  \ No newline at end of file diff --git a/internal/storage/testdata/prom-stack-1 b/internal/storage/testdata/prom-stack-1 deleted file mode 100644 index ea3a7899a..000000000 --- a/internal/storage/testdata/prom-stack-1 +++ /dev/null @@ -1 +0,0 @@  \ No newline at end of file From dfebba278379054048ac641709996064e621e3b7 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 1 Jul 2022 17:49:29 +0200 Subject: [PATCH 08/76] Add `ObservedRelease` and other release utils This adds a `release` package which allows to create (minified) `ObservedRelease` copy of a Helm release object. This `ObservedRelease` contains sufficient data to detect changes to the storage object made by Helm actions run manually, and a variety of malicious changes (but not all, at present). The data in an `ObservedRelease` can be filtered using a `DataFilter`, this allows for example to filter out test hooks to prevent the controller from taking action on a manually run `helm test`. The consumer can combine the `ObservedRelease` with a Helm storage observer to take snapshots of the release object as written to the storage by a Helm action. To record this on a `HelmRelease` v2beta2 API object, the `ObservedRelease` can be transformed into a `HelmReleaseInfo` API object which can be recorded as either the Current or Previous release in the status. During the transformation, the digests of both the `ObservedRelease` object and release config are calculated using the canonical algorithm. Signed-off-by: Hidde Beydals --- go.mod | 2 +- internal/chartutil/digest.go | 32 ++ internal/chartutil/digest_test.go | 67 ++++ internal/digest/digest.go | 31 ++ internal/release/decode_test.go | 70 +++++ internal/release/digest.go | 36 +++ internal/release/digest_test.go | 51 +++ internal/release/observed.go | 198 ++++++++++++ internal/release/observed_bench_test.go | 49 +++ internal/release/observed_test.go | 376 +++++++++++++++++++++++ internal/release/suite_test.go | 62 ++++ internal/release/testdata/istio-base-1 | 1 + internal/release/testdata/podinfo-helm-1 | 1 + internal/release/testdata/prom-stack-1 | 1 + internal/release/util.go | 71 +++++ internal/release/util_test.go | 99 ++++++ internal/testutil/equal_cmp.go | 67 ++++ internal/testutil/helm_time.go | 33 ++ internal/testutil/mock_chart.go | 160 ++++++++++ internal/testutil/mock_release.go | 126 ++++++++ 20 files changed, 1532 insertions(+), 1 deletion(-) create mode 100644 internal/chartutil/digest.go create mode 100644 internal/chartutil/digest_test.go create mode 100644 internal/digest/digest.go create mode 100644 internal/release/decode_test.go create mode 100644 internal/release/digest.go create mode 100644 internal/release/digest_test.go create mode 100644 internal/release/observed.go create mode 100644 internal/release/observed_bench_test.go create mode 100644 internal/release/observed_test.go create mode 100644 internal/release/suite_test.go create mode 100644 internal/release/testdata/istio-base-1 create mode 100644 internal/release/testdata/podinfo-helm-1 create mode 100644 internal/release/testdata/prom-stack-1 create mode 100644 internal/release/util.go create mode 100644 internal/release/util_test.go create mode 100644 internal/testutil/equal_cmp.go create mode 100644 internal/testutil/helm_time.go create mode 100644 internal/testutil/mock_chart.go create mode 100644 internal/testutil/mock_release.go diff --git a/go.mod b/go.mod index 8048fc95e..fcd7c6a4d 100644 --- a/go.mod +++ b/go.mod @@ -26,6 +26,7 @@ require ( github.com/go-logr/logr v1.2.4 github.com/google/go-cmp v0.5.9 github.com/hashicorp/go-retryablehttp v0.7.4 + github.com/mitchellh/copystructure v1.2.0 github.com/onsi/gomega v1.27.10 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/go-digest/blake3 v0.0.0-20230815154656-802ce17c4f59 @@ -115,7 +116,6 @@ require ( github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect diff --git a/internal/chartutil/digest.go b/internal/chartutil/digest.go new file mode 100644 index 000000000..aa6a8512f --- /dev/null +++ b/internal/chartutil/digest.go @@ -0,0 +1,32 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chartutil + +import ( + "github.com/opencontainers/go-digest" + "helm.sh/helm/v3/pkg/chartutil" +) + +// DigestValues calculates the digest of the values using the provided algorithm. +// The caller is responsible for ensuring that the algorithm is supported. +func DigestValues(algo digest.Algorithm, values chartutil.Values) digest.Digest { + digester := algo.Digester() + if err := values.Encode(digester.Hash()); err != nil { + return "" + } + return digester.Digest() +} diff --git a/internal/chartutil/digest_test.go b/internal/chartutil/digest_test.go new file mode 100644 index 000000000..8f03adbfb --- /dev/null +++ b/internal/chartutil/digest_test.go @@ -0,0 +1,67 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chartutil + +import ( + "testing" + + "github.com/opencontainers/go-digest" + "helm.sh/helm/v3/pkg/chartutil" +) + +const testDigestAlgo = digest.SHA256 + +func TestDigestValues(t *testing.T) { + tests := []struct { + name string + values chartutil.Values + want digest.Digest + }{ + { + name: "empty", + values: chartutil.Values{}, + want: "sha256:ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356", + }, + { + name: "value map", + values: chartutil.Values{ + "foo": "bar", + "baz": map[string]string{ + "cool": "stuff", + }, + }, + want: "sha256:3f3641788a2d4abda3534eaa90c90b54916e4c6e3a5b2e1b24758b7bfa701ecd", + }, + { + name: "value map in different order", + values: chartutil.Values{ + "baz": map[string]string{ + "cool": "stuff", + }, + "foo": "bar", + }, + want: "sha256:3f3641788a2d4abda3534eaa90c90b54916e4c6e3a5b2e1b24758b7bfa701ecd", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := DigestValues(testDigestAlgo, tt.values); got != tt.want { + t.Errorf("DigestValues() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/internal/digest/digest.go b/internal/digest/digest.go new file mode 100644 index 000000000..e75a11e7f --- /dev/null +++ b/internal/digest/digest.go @@ -0,0 +1,31 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package digest + +import ( + _ "crypto/sha256" + _ "crypto/sha512" + + "github.com/opencontainers/go-digest" + _ "github.com/opencontainers/go-digest/blake3" +) + +var ( + // Canonical is the primary digest algorithm used to calculate checksums + // for e.g. Helm release objects and config values. + Canonical = digest.SHA256 +) diff --git a/internal/release/decode_test.go b/internal/release/decode_test.go new file mode 100644 index 000000000..1ea41c237 --- /dev/null +++ b/internal/release/decode_test.go @@ -0,0 +1,70 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "bytes" + "compress/gzip" + "encoding/base64" + "encoding/json" + "io" + + rspb "helm.sh/helm/v3/pkg/release" +) + +var ( + b64 = base64.StdEncoding + magicGzip = []byte{0x1f, 0x8b, 0x08} +) + +// decodeRelease decodes the bytes of data into a release +// type. Data must contain a base64 encoded gzipped string of a +// valid release, otherwise an error is returned. +// +// It is copied over from the Helm project to be able to deal +// with encoded releases. +// Ref: https://github.com/helm/helm/blob/v3.9.0/pkg/storage/driver/util.go#L56 +func decodeRelease(data string) (*rspb.Release, error) { + // base64 decode string + b, err := b64.DecodeString(data) + if err != nil { + return nil, err + } + + // For backwards compatibility with releases that were stored before + // compression was introduced we skip decompression if the + // gzip magic header is not found + if bytes.Equal(b[0:3], magicGzip) { + r, err := gzip.NewReader(bytes.NewReader(b)) + if err != nil { + return nil, err + } + defer r.Close() + b2, err := io.ReadAll(r) + if err != nil { + return nil, err + } + b = b2 + } + + var rls rspb.Release + // unmarshal release object bytes + if err := json.Unmarshal(b, &rls); err != nil { + return nil, err + } + return &rls, nil +} diff --git a/internal/release/digest.go b/internal/release/digest.go new file mode 100644 index 000000000..cf2feb288 --- /dev/null +++ b/internal/release/digest.go @@ -0,0 +1,36 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "encoding/json" + + "github.com/opencontainers/go-digest" +) + +// Digest calculates the digest of the given ObservedRelease by JSON encoding +// it into a hash.Hash of the given digest.Algorithm. The algorithm is expected +// to have been confirmed to be available by the caller, not doing this may +// result in panics. +func Digest(algo digest.Algorithm, rel ObservedRelease) digest.Digest { + digester := algo.Digester() + enc := json.NewEncoder(digester.Hash()) + if err := enc.Encode(rel); err != nil { + return "" + } + return digester.Digest() +} diff --git a/internal/release/digest_test.go b/internal/release/digest_test.go new file mode 100644 index 000000000..28077aa48 --- /dev/null +++ b/internal/release/digest_test.go @@ -0,0 +1,51 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "testing" + + . "github.com/onsi/gomega" + + "github.com/opencontainers/go-digest" +) + +func TestDigest(t *testing.T) { + tests := []struct { + name string + algo digest.Algorithm + rel ObservedRelease + exp digest.Digest + }{ + { + name: "SHA256", + algo: digest.SHA256, + rel: ObservedRelease{ + Name: "foo", + }, + exp: "sha256:d0bc0774bd4b6d4aaa3c19e6a951352fe10a1a1a4e280ee06e85e972c572a74e", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + got := Digest(tt.algo, tt.rel) + g.Expect(got).To(Equal(tt.exp)) + }) + } +} diff --git a/internal/release/observed.go b/internal/release/observed.go new file mode 100644 index 000000000..eb5df7f87 --- /dev/null +++ b/internal/release/observed.go @@ -0,0 +1,198 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "encoding/json" + "io" + + "github.com/mitchellh/copystructure" + "helm.sh/helm/v3/pkg/chart" + helmrelease "helm.sh/helm/v3/pkg/release" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" +) + +var ( + DefaultDataFilters = []DataFilter{ + IgnoreHookTestEvents, + } +) + +// DataFilter allows for filtering data from the returned ObservedRelease while +// making an observation. +type DataFilter func(rel *ObservedRelease) + +// IgnoreHookTestEvents ignores test event hooks. For example, to exclude it +// while generating a digest for the object. To prevent manual test triggers +// from a user to interfere with the checksum. +func IgnoreHookTestEvents(rel *ObservedRelease) { + if len(rel.Hooks) > 0 { + var hooks []helmrelease.Hook + for i := range rel.Hooks { + h := rel.Hooks[i] + if !IsHookForEvent(&h, helmrelease.HookTest) { + hooks = append(hooks, h) + } + } + rel.Hooks = hooks + } +} + +// ObservedRelease is a copy of a Helm release object, as observed to be written +// to the storage by a storage.Observer. The object is detached from the Helm +// storage object, and mutations to it do not change the underlying release +// object. +type ObservedRelease struct { + // Name of the release. + Name string `json:"name"` + // Version of the release, at times also called revision. + Version int `json:"version"` + // Info provides information about the release. + Info helmrelease.Info `json:"info"` + // ChartMetadata contains the current Chartfile data of the release. + ChartMetadata chart.Metadata `json:"chartMetadata"` + // Config is the set of extra Values added to the chart. + // These values override the default values inside the chart. + Config map[string]interface{} `json:"config"` + // Manifest is the string representation of the rendered template. + Manifest string `json:"manifest"` + // Hooks are all the hooks declared for this release, and the current + // state they are in. + Hooks []helmrelease.Hook `json:"hooks"` + // Namespace is the Kubernetes namespace of the release. + Namespace string `json:"namespace"` + // Labels of the release. + Labels map[string]string `json:"labels"` +} + +// Targets returns if the release matches the given name, namespace and +// version. If the version is 0, it matches any version. +func (o ObservedRelease) Targets(name, namespace string, version int) bool { + return o.Name == name && o.Namespace == namespace && (version == 0 || o.Version == version) +} + +// Encode JSON encodes the ObservedRelease and writes it into the given writer. +func (o ObservedRelease) Encode(w io.Writer) error { + enc := json.NewEncoder(w) + if err := enc.Encode(o); err != nil { + return err + } + return nil +} + +// ObserveRelease deep copies the values from the provided release.Release +// into a new ObservedRelease while omitting all chart data except metadata. +// If no filters are provided, it defaults to DefaultDataFilters. To not use +// any filters, pass an explicit empty slice. +func ObserveRelease(rel *helmrelease.Release, filter ...DataFilter) ObservedRelease { + if rel == nil { + return ObservedRelease{} + } + + if filter == nil { + filter = DefaultDataFilters + } + + obsRel := ObservedRelease{ + Name: rel.Name, + Version: rel.Version, + Config: nil, + Manifest: rel.Manifest, + Hooks: nil, + Namespace: rel.Namespace, + Labels: nil, + } + + if rel.Info != nil { + obsRel.Info = *rel.Info + } + + if rel.Chart != nil && rel.Chart.Metadata != nil { + if v, err := copystructure.Copy(rel.Chart.Metadata); err == nil { + obsRel.ChartMetadata = *v.(*chart.Metadata) + } + } + + if len(rel.Config) > 0 { + if v, err := copystructure.Copy(rel.Config); err == nil { + obsRel.Config = v.(map[string]interface{}) + } + } + + if len(rel.Hooks) > 0 { + obsRel.Hooks = make([]helmrelease.Hook, len(rel.Hooks)) + if v, err := copystructure.Copy(rel.Hooks); err == nil { + for i, h := range v.([]*helmrelease.Hook) { + obsRel.Hooks[i] = *h + } + } + } + + if len(rel.Labels) > 0 { + obsRel.Labels = make(map[string]string, len(rel.Labels)) + for i, v := range rel.Labels { + obsRel.Labels[i] = v + } + } + + for _, f := range filter { + f(&obsRel) + } + + return obsRel +} + +// ObservedToInfo returns a v2beta2.HelmReleaseInfo constructed from the +// ObservedRelease data. Calculating the (config) digest using the +// digest.Canonical algorithm. +func ObservedToInfo(rls ObservedRelease) *v2.HelmReleaseInfo { + return &v2.HelmReleaseInfo{ + Digest: Digest(digest.Canonical, rls).String(), + Name: rls.Name, + Namespace: rls.Namespace, + Version: rls.Version, + ChartName: rls.ChartMetadata.Name, + ChartVersion: rls.ChartMetadata.Version, + ConfigDigest: chartutil.DigestValues(digest.Canonical, rls.Config).String(), + FirstDeployed: metav1.NewTime(rls.Info.FirstDeployed.Time), + LastDeployed: metav1.NewTime(rls.Info.LastDeployed.Time), + Deleted: metav1.NewTime(rls.Info.Deleted.Time), + Status: rls.Info.Status.String(), + } +} + +// TestHooksFromRelease returns the list of v2beta2.HelmReleaseTestHook for the +// given release, indexed by name. +func TestHooksFromRelease(rls *helmrelease.Release) map[string]*v2.HelmReleaseTestHook { + hooks := make(map[string]*v2.HelmReleaseTestHook) + for k, v := range GetTestHooks(rls) { + var h *v2.HelmReleaseTestHook + if v != nil { + h = &v2.HelmReleaseTestHook{ + LastStarted: metav1.NewTime(v.LastRun.StartedAt.Time), + LastCompleted: metav1.NewTime(v.LastRun.CompletedAt.Time), + Phase: v.LastRun.Phase.String(), + } + } + hooks[k] = h + } + return hooks +} diff --git a/internal/release/observed_bench_test.go b/internal/release/observed_bench_test.go new file mode 100644 index 000000000..5c73459b1 --- /dev/null +++ b/internal/release/observed_bench_test.go @@ -0,0 +1,49 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "testing" + + "github.com/opencontainers/go-digest" + "helm.sh/helm/v3/pkg/release" + + intdigest "github.com/fluxcd/helm-controller/internal/digest" +) + +func init() { + intdigest.Canonical = digest.SHA256 +} + +func benchmarkNewObservedRelease(rel release.Release, b *testing.B) { + b.ReportAllocs() + for n := 0; n < b.N; n++ { + ObservedToInfo(ObserveRelease(&rel)) + } +} + +func BenchmarkNewObservedReleaseSmall(b *testing.B) { + benchmarkNewObservedRelease(*smallRelease, b) +} + +func BenchmarkNewObservedReleaseMid(b *testing.B) { + benchmarkNewObservedRelease(*midRelease, b) +} + +func BenchmarkNewObservedReleaseBigger(b *testing.B) { + benchmarkNewObservedRelease(*biggerRelease, b) +} diff --git a/internal/release/observed_test.go b/internal/release/observed_test.go new file mode 100644 index 000000000..d9276c5c1 --- /dev/null +++ b/internal/release/observed_test.go @@ -0,0 +1,376 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "bytes" + "testing" + + . "github.com/onsi/gomega" + "github.com/opencontainers/go-digest" + helmrelease "helm.sh/helm/v3/pkg/release" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func TestIgnoreHookTestEvents(t *testing.T) { + // testHookFixtures is a list of release.Hook in every possible LastRun state. + var testHookFixtures = []helmrelease.Hook{ + { + Name: "never-run-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + }, + { + Name: "passing-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + LastRun: helmrelease.HookExecution{ + Phase: helmrelease.HookPhaseSucceeded, + }, + }, + { + Name: "failing-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + LastRun: helmrelease.HookExecution{ + Phase: helmrelease.HookPhaseFailed, + }, + }, + { + Name: "passing-pre-install", + Events: []helmrelease.HookEvent{helmrelease.HookPreInstall}, + LastRun: helmrelease.HookExecution{ + Phase: helmrelease.HookPhaseSucceeded, + }, + }, + } + + tests := []struct { + name string + hooks []helmrelease.Hook + want []helmrelease.Hook + }{ + { + name: "ignores test hooks", + hooks: testHookFixtures, + want: []helmrelease.Hook{ + testHookFixtures[3], + }, + }, + { + name: "no hooks", + hooks: []helmrelease.Hook{}, + want: []helmrelease.Hook{}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + obs := ObservedRelease{ + Hooks: tt.hooks, + } + IgnoreHookTestEvents(&obs) + g.Expect(obs.Hooks).To(Equal(tt.want)) + + }) + } +} + +func TestObservedRelease_Targets(t *testing.T) { + tests := []struct { + name string + obs ObservedRelease + targetName string + targetNamespace string + targetVersion int + want bool + }{ + { + name: "matching name, namespace and version", + obs: ObservedRelease{ + Name: "foo", + Namespace: "bar", + Version: 2, + }, + targetName: "foo", + targetNamespace: "bar", + targetVersion: 2, + want: true, + }, + { + name: "matching name and namespace with version set to 0", + obs: ObservedRelease{ + Name: "foo", + Namespace: "bar", + Version: 2, + }, + targetName: "foo", + targetNamespace: "bar", + targetVersion: 0, + want: true, + }, + { + name: "name mismatch", + obs: ObservedRelease{ + Name: "baz", + Namespace: "bar", + Version: 2, + }, + targetName: "foo", + targetNamespace: "bar", + targetVersion: 2, + }, + { + name: "namespace mismatch", + obs: ObservedRelease{ + Name: "foo", + Namespace: "baz", + Version: 2, + }, + targetName: "foo", + targetNamespace: "bar", + targetVersion: 2, + }, + { + name: "matching name, namespace and version", + obs: ObservedRelease{ + Name: "foo", + Namespace: "bar", + Version: 2, + }, + targetName: "foo", + targetNamespace: "bar", + targetVersion: 3, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + g.Expect(tt.obs.Targets(tt.targetName, tt.targetNamespace, tt.targetVersion)).To(Equal(tt.want)) + }) + } +} + +func TestObservedRelease_Encode(t *testing.T) { + g := NewWithT(t) + + o := ObservedRelease{ + Name: "foo", + Namespace: "bar", + Version: 2, + } + w := &bytes.Buffer{} + g.Expect(o.Encode(w)).ToNot(HaveOccurred()) + g.Expect(w.String()).ToNot(BeEmpty()) +} + +func TestObserveRelease(t *testing.T) { + var ( + testReleaseWithConfig = testutil.BuildRelease( + &helmrelease.MockReleaseOptions{ + Name: "foo", + Namespace: "namespace", + Version: 1, + Chart: testutil.BuildChart(), + }, + testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}), + ) + testReleaseWithLabels = testutil.BuildRelease( + &helmrelease.MockReleaseOptions{ + Name: "foo", + Namespace: "namespace", + Version: 1, + Chart: testutil.BuildChart(), + }, + testutil.ReleaseWithLabels(map[string]string{"foo": "bar"}), + ) + ) + + tests := []struct { + name string + release *helmrelease.Release + filters []DataFilter + want ObservedRelease + }{ + { + name: "observes release", + release: smallRelease, + want: ObservedRelease{ + Name: smallRelease.Name, + Namespace: smallRelease.Namespace, + Version: smallRelease.Version, + Info: *smallRelease.Info, + ChartMetadata: *smallRelease.Chart.Metadata, + Manifest: smallRelease.Manifest, + Hooks: nil, + Labels: smallRelease.Labels, + Config: smallRelease.Config, + }, + }, + { + name: "observes with filters overwrite", + release: midRelease, + filters: []DataFilter{}, + want: ObservedRelease{ + Name: midRelease.Name, + Namespace: midRelease.Namespace, + Version: midRelease.Version, + Info: *midRelease.Info, + ChartMetadata: *midRelease.Chart.Metadata, + Manifest: midRelease.Manifest, + Hooks: func() []helmrelease.Hook { + var hooks []helmrelease.Hook + for _, h := range midRelease.Hooks { + hooks = append(hooks, *h) + } + return hooks + }(), + Labels: midRelease.Labels, + Config: midRelease.Config, + }, + }, + { + name: "observes config", + release: testReleaseWithConfig, + want: ObservedRelease{ + Name: testReleaseWithConfig.Name, + Namespace: testReleaseWithConfig.Namespace, + Version: testReleaseWithConfig.Version, + Info: *testReleaseWithConfig.Info, + ChartMetadata: *testReleaseWithConfig.Chart.Metadata, + Config: testReleaseWithConfig.Config, + Manifest: testReleaseWithConfig.Manifest, + Hooks: []helmrelease.Hook{ + *testReleaseWithConfig.Hooks[0], + }, + }, + }, + { + name: "observes labels", + release: testReleaseWithLabels, + want: ObservedRelease{ + Name: testReleaseWithLabels.Name, + Namespace: testReleaseWithLabels.Namespace, + Version: testReleaseWithLabels.Version, + Info: *testReleaseWithLabels.Info, + ChartMetadata: *testReleaseWithLabels.Chart.Metadata, + Config: testReleaseWithLabels.Config, + Labels: testReleaseWithLabels.Labels, + Manifest: testReleaseWithLabels.Manifest, + Hooks: []helmrelease.Hook{ + *testReleaseWithLabels.Hooks[0], + }, + }, + }, + { + name: "empty release", + release: &helmrelease.Release{}, + want: ObservedRelease{}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + g.Expect(ObserveRelease(tt.release, tt.filters...)).To(testutil.Equal(tt.want)) + }) + } +} + +func TestObservedToInfo(t *testing.T) { + g := NewWithT(t) + + obs := ObserveRelease(testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "foo", + Namespace: "namespace", + Version: 1, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}))) + + got := ObservedToInfo(obs) + + g.Expect(got.Name).To(Equal(obs.Name)) + g.Expect(got.Namespace).To(Equal(obs.Namespace)) + g.Expect(got.Version).To(Equal(obs.Version)) + g.Expect(got.ChartName).To(Equal(obs.ChartMetadata.Name)) + g.Expect(got.ChartVersion).To(Equal(obs.ChartMetadata.Version)) + g.Expect(got.Status).To(BeEquivalentTo(obs.Info.Status)) + + g.Expect(obs.Info.FirstDeployed.Time.Equal(got.FirstDeployed.Time)).To(BeTrue()) + g.Expect(obs.Info.LastDeployed.Time.Equal(got.LastDeployed.Time)).To(BeTrue()) + g.Expect(obs.Info.Deleted.Time.Equal(got.Deleted.Time)).To(BeTrue()) + + g.Expect(got.Digest).ToNot(BeEmpty()) + g.Expect(digest.Digest(got.Digest).Validate()).To(Succeed()) + + g.Expect(got.ConfigDigest).ToNot(BeEmpty()) + g.Expect(digest.Digest(got.ConfigDigest).Validate()).To(Succeed()) +} + +func TestTestHooksFromRelease(t *testing.T) { + g := NewWithT(t) + + hooks := []*helmrelease.Hook{ + { + Name: "never-run-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + }, + { + Name: "passing-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + LastRun: helmrelease.HookExecution{ + Phase: helmrelease.HookPhaseSucceeded, + }, + }, + { + Name: "failing-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + LastRun: helmrelease.HookExecution{ + Phase: helmrelease.HookPhaseFailed, + }, + }, + { + Name: "passing-pre-install", + Events: []helmrelease.HookEvent{helmrelease.HookPreInstall}, + LastRun: helmrelease.HookExecution{ + Phase: helmrelease.HookPhaseSucceeded, + }, + }, + } + rls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "foo", + Namespace: "namespace", + Version: 1, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithHooks(hooks)) + + g.Expect(TestHooksFromRelease(rls)).To(testutil.Equal(map[string]*v2.HelmReleaseTestHook{ + hooks[0].Name: {}, + hooks[1].Name: { + LastStarted: metav1.Time{Time: hooks[1].LastRun.StartedAt.Time}, + LastCompleted: metav1.Time{Time: hooks[1].LastRun.CompletedAt.Time}, + Phase: hooks[1].LastRun.Phase.String(), + }, + hooks[2].Name: { + LastStarted: metav1.Time{Time: hooks[2].LastRun.StartedAt.Time}, + LastCompleted: metav1.Time{Time: hooks[2].LastRun.CompletedAt.Time}, + Phase: hooks[2].LastRun.Phase.String(), + }, + })) +} diff --git a/internal/release/suite_test.go b/internal/release/suite_test.go new file mode 100644 index 000000000..659b03f9e --- /dev/null +++ b/internal/release/suite_test.go @@ -0,0 +1,62 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "fmt" + "log" + "os" + "testing" + + "helm.sh/helm/v3/pkg/release" +) + +var ( + // smallRelease is 125K while encoded. + smallRelease *release.Release + // midRelease is 17K while encoded, but heavier in metadata than smallRelease. + midRelease *release.Release + // biggerRelease is 862K while encoded. + biggerRelease *release.Release +) + +func TestMain(m *testing.M) { + var err error + if smallRelease, err = decodeReleaseFromFile("testdata/istio-base-1"); err != nil { + log.Fatal(err) + } + if midRelease, err = decodeReleaseFromFile("testdata/podinfo-helm-1"); err != nil { + log.Fatal(err) + } + if biggerRelease, err = decodeReleaseFromFile("testdata/prom-stack-1"); err != nil { + log.Fatal(err) + } + r := m.Run() + os.Exit(r) +} + +func decodeReleaseFromFile(path string) (*release.Release, error) { + b, err := os.ReadFile(path) + if err != nil { + return nil, fmt.Errorf("failed to load encoded release data: %w", err) + } + rel, err := decodeRelease(string(b)) + if err != nil { + return nil, fmt.Errorf("failed to decode release data: %w", err) + } + return rel, nil +} diff --git a/internal/release/testdata/istio-base-1 b/internal/release/testdata/istio-base-1 new file mode 100644 index 000000000..a99ff1f77 --- /dev/null +++ b/internal/release/testdata/istio-base-1 @@ -0,0 +1 @@  \ No newline at end of file diff --git a/internal/release/testdata/podinfo-helm-1 b/internal/release/testdata/podinfo-helm-1 new file mode 100644 index 000000000..e1e387187 --- /dev/null +++ b/internal/release/testdata/podinfo-helm-1 @@ -0,0 +1 @@  \ No newline at end of file diff --git a/internal/release/testdata/prom-stack-1 b/internal/release/testdata/prom-stack-1 new file mode 100644 index 000000000..ea3a7899a --- /dev/null +++ b/internal/release/testdata/prom-stack-1 @@ -0,0 +1 @@  \ No newline at end of file diff --git a/internal/release/util.go b/internal/release/util.go new file mode 100644 index 000000000..23dd51455 --- /dev/null +++ b/internal/release/util.go @@ -0,0 +1,71 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + helmrelease "helm.sh/helm/v3/pkg/release" +) + +// GetTestHooks returns the list of test hooks for the given release, indexed +// by hook name. +func GetTestHooks(rls *helmrelease.Release) map[string]*helmrelease.Hook { + th := make(map[string]*helmrelease.Hook) + for _, h := range rls.Hooks { + if IsHookForEvent(h, helmrelease.HookTest) { + th[h.Name] = h + } + } + return th +} + +// HasBeenTested returns if any of the test hooks for the given release has +// been started. +func HasBeenTested(rls *helmrelease.Release) bool { + for _, h := range rls.Hooks { + if IsHookForEvent(h, helmrelease.HookTest) { + if !h.LastRun.StartedAt.IsZero() { + return true + } + } + } + return false +} + +// HasFailedTests returns if any of the test hooks for the given release has +// failed. +func HasFailedTests(rls *helmrelease.Release) bool { + for _, h := range rls.Hooks { + if IsHookForEvent(h, helmrelease.HookTest) { + if h.LastRun.Phase == helmrelease.HookPhaseFailed { + return true + } + } + } + return false +} + +// IsHookForEvent returns if the given hook fires on the provided event. +func IsHookForEvent(hook *helmrelease.Hook, event helmrelease.HookEvent) bool { + if hook != nil { + for _, e := range hook.Events { + if e == event { + return true + } + } + } + return false +} diff --git a/internal/release/util_test.go b/internal/release/util_test.go new file mode 100644 index 000000000..529dc14f8 --- /dev/null +++ b/internal/release/util_test.go @@ -0,0 +1,99 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "testing" + + . "github.com/onsi/gomega" + helmrelease "helm.sh/helm/v3/pkg/release" + + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func TestGetTestHooks(t *testing.T) { + g := NewWithT(t) + + hooks := []*helmrelease.Hook{ + { + Name: "pre-install", + Events: []helmrelease.HookEvent{ + helmrelease.HookPreInstall, + }, + }, + { + Name: "test", + Events: []helmrelease.HookEvent{ + helmrelease.HookTest, + }, + }, + { + Name: "post-install", + Events: []helmrelease.HookEvent{ + helmrelease.HookPostInstall, + }, + }, + { + Name: "combined-test-hook", + Events: []helmrelease.HookEvent{ + helmrelease.HookPostRollback, + helmrelease.HookTest, + }, + }, + } + + g.Expect(GetTestHooks(&helmrelease.Release{ + Hooks: hooks, + })).To(testutil.Equal(map[string]*helmrelease.Hook{ + hooks[1].Name: hooks[1], + hooks[3].Name: hooks[3], + })) +} + +func TestHasBeenTested(t *testing.T) { + type args struct { + rls *helmrelease.Release + } + tests := []struct { + name string + args args + want bool + }{ + // TODO: Add test cases. + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := HasBeenTested(tt.args.rls); got != tt.want { + t.Errorf("HasBeenTested() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestIsHookForEvent(t *testing.T) { + g := NewWithT(t) + + hook := &helmrelease.Hook{ + Events: []helmrelease.HookEvent{ + helmrelease.HookPreInstall, + helmrelease.HookPostInstall, + }, + } + g.Expect(IsHookForEvent(hook, helmrelease.HookPreInstall)).To(BeTrue()) + g.Expect(IsHookForEvent(hook, helmrelease.HookPostInstall)).To(BeTrue()) + g.Expect(IsHookForEvent(hook, helmrelease.HookTest)).To(BeFalse()) +} diff --git a/internal/testutil/equal_cmp.go b/internal/testutil/equal_cmp.go new file mode 100644 index 000000000..a8ca1960c --- /dev/null +++ b/internal/testutil/equal_cmp.go @@ -0,0 +1,67 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package testutil + +import ( + "github.com/google/go-cmp/cmp" + "github.com/onsi/gomega/types" +) + +// This file was adapted from https://github.com/KamikazeZirou/equal-cmp +// Original license follows: +// +// MIT License +// +// Copyright (c) 2021 KamikazeZirou +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. + +// Equal uses go-cmp to compare actual with expected. Equal is strict about +// types when performing comparisons. +func Equal(expected interface{}, options ...cmp.Option) types.GomegaMatcher { + return &equalCmpMatcher{ + expected: expected, + options: options, + } +} + +type equalCmpMatcher struct { + expected interface{} + options cmp.Options +} + +func (matcher *equalCmpMatcher) Match(actual interface{}) (success bool, err error) { + return cmp.Equal(actual, matcher.expected, matcher.options), nil +} + +func (matcher *equalCmpMatcher) FailureMessage(actual interface{}) (message string) { + diff := cmp.Diff(matcher.expected, actual, matcher.options) + return "Mismatch (-want, +got):\n" + diff +} + +func (matcher *equalCmpMatcher) NegatedFailureMessage(actual interface{}) (message string) { + diff := cmp.Diff(matcher.expected, actual, matcher.options) + return "Mismatch (-want, +got):\n" + diff +} diff --git a/internal/testutil/helm_time.go b/internal/testutil/helm_time.go new file mode 100644 index 000000000..5c4b81639 --- /dev/null +++ b/internal/testutil/helm_time.go @@ -0,0 +1,33 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package testutil + +import ( + "time" + + helmtime "helm.sh/helm/v3/pkg/time" +) + +// MustParseHelmTime parses a string into a Helm time.Time, panicking if it +// fails. +func MustParseHelmTime(t string) helmtime.Time { + res, err := helmtime.Parse(time.RFC3339, t) + if err != nil { + panic(err) + } + return res +} diff --git a/internal/testutil/mock_chart.go b/internal/testutil/mock_chart.go new file mode 100644 index 000000000..489a314ca --- /dev/null +++ b/internal/testutil/mock_chart.go @@ -0,0 +1,160 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package testutil + +import ( + "fmt" + + helmchart "helm.sh/helm/v3/pkg/chart" +) + +var manifestTmpl = `apiVersion: v1 +kind: ConfigMap +metadata: + name: cm + namespace: %[1]s +data: + foo: bar +` + +var manifestWithHookTmpl = `apiVersion: v1 +kind: ConfigMap +metadata: + name: hook + namespace: %[1]s + annotations: + "helm.sh/hook": post-install,pre-delete,post-upgrade +data: + name: value +` + +var manifestWithFailingHookTmpl = `apiVersion: v1 +kind: Pod +metadata: + name: failing-hook + namespace: %[1]s + annotations: + "helm.sh/hook": post-install,pre-delete,post-upgrade +spec: + containers: + - name: test + image: alpine + command: ["/bin/sh", "-c", "exit 1"] +` + +var manifestWithTestHookTmpl = `apiVersion: v1 +kind: ConfigMap +metadata: + name: test-hook + namespace: %[1]s + annotations: + "helm.sh/hook": test +data: + test: data +` + +var manifestWithFailingTestHookTmpl = `apiVersion: v1 +kind: Pod +metadata: + name: failing-test-hook + namespace: %[1]s + annotations: + "helm.sh/hook": test +spec: + containers: + - name: test + image: alpine + command: ["/bin/sh", "-c", "exit 1"] + restartPolicy: Never +` + +// ChartOptions is a helper to build a Helm chart object. +type ChartOptions struct { + *helmchart.Chart +} + +// ChartOption is a function that can be used to modify a chart. +type ChartOption func(*ChartOptions) + +// BuildChart returns a Helm chart object built with basic data +// and any provided chart options. +func BuildChart(opts ...ChartOption) *helmchart.Chart { + c := &ChartOptions{ + Chart: &helmchart.Chart{ + // TODO: This should be more complete. + Metadata: &helmchart.Metadata{ + APIVersion: "v1", + Name: "hello", + Version: "0.1.0", + }, + // This adds a basic template and hooks. + Templates: []*helmchart.File{ + { + Name: "templates/manifest", + Data: []byte(fmt.Sprintf(manifestTmpl, "{{ default .Release.Namespace }}")), + }, + { + Name: "templates/hooks", + Data: []byte(fmt.Sprintf(manifestWithHookTmpl, "{{ default .Release.Namespace }}")), + }, + }, + }, + } + + for _, opt := range opts { + opt(c) + } + + return c.Chart +} + +// ChartWithName sets the name of the chart. +func ChartWithName(name string) ChartOption { + return func(opts *ChartOptions) { + opts.Metadata.Name = name + } +} + +// ChartWithFailingHook appends a failing hook to the chart. +func ChartWithFailingHook() ChartOption { + return func(opts *ChartOptions) { + opts.Templates = append(opts.Templates, &helmchart.File{ + Name: "templates/failing-hook", + Data: []byte(fmt.Sprintf(manifestWithFailingHookTmpl, "{{ default .Release.Namespace }}")), + }) + } +} + +// ChartWithTestHook appends a test hook to the chart. +func ChartWithTestHook() ChartOption { + return func(opts *ChartOptions) { + opts.Templates = append(opts.Templates, &helmchart.File{ + Name: "templates/test-hooks", + Data: []byte(fmt.Sprintf(manifestWithTestHookTmpl, "{{ default .Release.Namespace }}")), + }) + } +} + +// ChartWithFailingTestHook appends a failing test hook to the chart. +func ChartWithFailingTestHook() ChartOption { + return func(options *ChartOptions) { + options.Templates = append(options.Templates, &helmchart.File{ + Name: "templates/test-hooks", + Data: []byte(fmt.Sprintf(manifestWithFailingTestHookTmpl, "{{ default .Release.Namespace }}")), + }) + } +} diff --git a/internal/testutil/mock_release.go b/internal/testutil/mock_release.go new file mode 100644 index 000000000..e37b3e762 --- /dev/null +++ b/internal/testutil/mock_release.go @@ -0,0 +1,126 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package testutil + +import ( + "fmt" + + helmrelease "helm.sh/helm/v3/pkg/release" +) + +// ReleaseOptions is a helper to build a Helm release mock. +type ReleaseOptions struct { + *helmrelease.Release +} + +// ReleaseOption is a function that can be used to modify a release. +type ReleaseOption func(*ReleaseOptions) + +// BuildRelease builds a release with release.Mock using the given options, +// and applies any provided options to the release before returning it. +func BuildRelease(mockOpts *helmrelease.MockReleaseOptions, opts ...ReleaseOption) *helmrelease.Release { + mock := helmrelease.Mock(mockOpts) + r := &ReleaseOptions{Release: mock} + + for _, opt := range opts { + opt(r) + } + + return r.Release +} + +// ReleaseWithConfig sets the config on the release. +func ReleaseWithConfig(config map[string]interface{}) ReleaseOption { + return func(options *ReleaseOptions) { + options.Config = config + } +} + +// ReleaseWithLabels sets the labels on the release. +func ReleaseWithLabels(labels map[string]string) ReleaseOption { + return func(options *ReleaseOptions) { + options.Release.Labels = labels + } +} + +// ReleaseWithFailingHook appends a failing hook to the release. +func ReleaseWithFailingHook() ReleaseOption { + return func(options *ReleaseOptions) { + options.Release.Hooks = append(options.Release.Hooks, &helmrelease.Hook{ + Name: "failing-hook", + Kind: "Pod", + Manifest: fmt.Sprintf(manifestWithFailingTestHookTmpl, options.Release.Namespace), + Events: []helmrelease.HookEvent{ + helmrelease.HookPostInstall, + helmrelease.HookPostUpgrade, + helmrelease.HookPostRollback, + helmrelease.HookPostDelete, + }, + }) + } +} + +// ReleaseWithHookExecution appends a hook with a last run with the given +// execution phase on the release. +func ReleaseWithHookExecution(name string, events []helmrelease.HookEvent, phase helmrelease.HookPhase) ReleaseOption { + return func(options *ReleaseOptions) { + options.Release.Hooks = append(options.Release.Hooks, &helmrelease.Hook{ + Name: name, + Events: events, + LastRun: helmrelease.HookExecution{ + StartedAt: MustParseHelmTime("2006-01-02T15:10:05Z"), + CompletedAt: MustParseHelmTime("2006-01-02T15:10:07Z"), + Phase: phase, + }, + }) + } +} + +// ReleaseWithTestHook appends a test hook to the release. +func ReleaseWithTestHook() ReleaseOption { + return func(options *ReleaseOptions) { + options.Release.Hooks = append(options.Release.Hooks, &helmrelease.Hook{ + Name: "test-hook", + Kind: "ConfigMap", + Manifest: fmt.Sprintf(manifestWithTestHookTmpl, options.Release.Namespace), + Events: []helmrelease.HookEvent{ + helmrelease.HookTest, + }, + }) + } +} + +// ReleaseWithFailingTestHook appends a failing test hook to the release. +func ReleaseWithFailingTestHook() ReleaseOption { + return func(options *ReleaseOptions) { + options.Release.Hooks = append(options.Release.Hooks, &helmrelease.Hook{ + Name: "failing-test-hook", + Kind: "Pod", + Manifest: fmt.Sprintf(manifestWithFailingTestHookTmpl, options.Release.Namespace), + Events: []helmrelease.HookEvent{ + helmrelease.HookTest, + }, + }) + } +} + +// ReleaseWithHooks sets the hooks on the release. +func ReleaseWithHooks(hooks []*helmrelease.Hook) ReleaseOption { + return func(options *ReleaseOptions) { + options.Release.Hooks = append(options.Release.Hooks, hooks...) + } +} From d9055f81b8d2919b418648c78f30f5e8d19f667a Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 1 Jul 2022 20:48:09 +0200 Subject: [PATCH 09/76] Add reconcile logic for individual Helm actions This adds a `reconcile` package with the reconciliation and (status) observation logic for individual Helm actions, but no glue to loop through them till desired state. All actions have individual `ActionReconciler` implementations which construct their `action.Configuration` out of a factory, so the Helm client can be shared between sub-reconcilers. They all present a `ReconcilerType`, allowing an iterator to e.g. stop after running every type just once. The observation model can be explained as follows, but may lack some minor details: - The observed release has to match the release target of the HelmRelease object - ActionReconcilers of type "release" move Current to Previous when they see a higher release revision. They then write the new release to Current, and continue to observe writes to revisions that match either version - Remediation only updates Current - Test updates Current and Current.TestHooks - Unlock updates Current After running the action, the reconcilers observe both the action result and the state of the object. This allows them to distinguish certain types of errors which are otherwise hard to detect. For example, errors which do not cause drift to the Helm storage, or a change of release version compared to Current for actions which do not provide a version target flag. Signed-off-by: Hidde Beydals --- internal/reconcile/install.go | 78 ++++++ internal/reconcile/install_test.go | 262 ++++++++++++++++++ internal/reconcile/reconcile.go | 75 +++++ internal/reconcile/release.go | 65 +++++ internal/reconcile/release_test.go | 148 ++++++++++ internal/reconcile/rollback.go | 94 +++++++ internal/reconcile/rollback_test.go | 357 ++++++++++++++++++++++++ internal/reconcile/suite_test.go | 127 +++++++++ internal/reconcile/test.go | 102 +++++++ internal/reconcile/test_test.go | 392 ++++++++++++++++++++++++++ internal/reconcile/uninstall.go | 105 +++++++ internal/reconcile/uninstall_test.go | 388 ++++++++++++++++++++++++++ internal/reconcile/unlock.go | 100 +++++++ internal/reconcile/unlock_test.go | 396 +++++++++++++++++++++++++++ internal/reconcile/upgrade.go | 76 +++++ internal/reconcile/upgrade_test.go | 377 +++++++++++++++++++++++++ internal/storage/failing.go | 104 +++++++ 17 files changed, 3246 insertions(+) create mode 100644 internal/reconcile/install.go create mode 100644 internal/reconcile/install_test.go create mode 100644 internal/reconcile/reconcile.go create mode 100644 internal/reconcile/release.go create mode 100644 internal/reconcile/release_test.go create mode 100644 internal/reconcile/rollback.go create mode 100644 internal/reconcile/rollback_test.go create mode 100644 internal/reconcile/suite_test.go create mode 100644 internal/reconcile/test.go create mode 100644 internal/reconcile/test_test.go create mode 100644 internal/reconcile/uninstall.go create mode 100644 internal/reconcile/uninstall_test.go create mode 100644 internal/reconcile/unlock.go create mode 100644 internal/reconcile/unlock_test.go create mode 100644 internal/reconcile/upgrade.go create mode 100644 internal/reconcile/upgrade_test.go create mode 100644 internal/storage/failing.go diff --git a/internal/reconcile/install.go b/internal/reconcile/install.go new file mode 100644 index 000000000..4cf3b4a3c --- /dev/null +++ b/internal/reconcile/install.go @@ -0,0 +1,78 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + + "github.com/fluxcd/pkg/runtime/logger" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/fluxcd/pkg/runtime/conditions" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" +) + +type Install struct { + configFactory *action.ConfigFactory +} + +func (r *Install) Reconcile(ctx context.Context, req *Request) error { + var ( + cur = req.Object.Status.Current.DeepCopy() + logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) + cfg = r.configFactory.Build(logBuf.Log, observeRelease(req.Object)) + ) + + // Run install action. + rls, err := action.Install(ctx, cfg, req.Object, req.Chart, req.Values) + if err != nil { + // Mark failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, helmv2.ReleasedCondition, helmv2.InstallFailedReason, err.Error()) + + // Return error if we did not store a release, as this does not + // require remediation and the caller should e.g. retry. + if newCur := req.Object.Status.Current; newCur == nil || cur == newCur { + return err + } + + // Count install failure on object, this is used to determine if + // we should retry the install and/or remediation. We only count + // attempts which did cause a modification to the storage, as + // without a new release in storage there is nothing to remediate, + // and the action can be retried immediately without causing + // storage drift. + req.Object.Status.InstallFailures++ + return nil + } + + // Mark release success and delete any test success, as the current release + // isn't tested (yet). + conditions.MarkTrue(req.Object, helmv2.ReleasedCondition, helmv2.InstallSucceededReason, rls.Info.Description) + conditions.Delete(req.Object, helmv2.TestSuccessCondition) + return nil +} + +func (r *Install) Name() string { + return "install" +} + +func (r *Install) Type() ReconcilerType { + return ReconcilerTypeRelease +} diff --git a/internal/reconcile/install_test.go b/internal/reconcile/install_test.go new file mode 100644 index 000000000..dd055e4c1 --- /dev/null +++ b/internal/reconcile/install_test.go @@ -0,0 +1,262 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + "helm.sh/helm/v3/pkg/chart" + "helm.sh/helm/v3/pkg/chartutil" + helmrelease "helm.sh/helm/v3/pkg/release" + "helm.sh/helm/v3/pkg/releaseutil" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/runtime/conditions" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func TestInstall_Reconcile(t *testing.T) { + tests := []struct { + name string + // driver allows for modifying the Helm storage driver. + driver func(driver helmdriver.Driver) helmdriver.Driver + // releases is the list of releases that are stored in the driver + // before install. + releases func(namespace string) []*helmrelease.Release + // chart to install. + chart *chart.Chart + // values to use during install. + values chartutil.Values + // spec modifies the HelmRelease object spec before install. + spec func(spec *helmv2.HelmReleaseSpec) + // status to configure on the HelmRelease object before install. + status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + // wantErr is the error that is expected to be returned. + wantErr error + // expectedConditions are the conditions that are expected to be set on + // the HelmRelease after running rollback. + expectConditions []metav1.Condition + // expectCurrent is the expected Current release information in the + // HelmRelease after install. + expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectPrevious returns the expected Previous release information of + // the HelmRelease after install. + expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectFailures is the expected Failures count of the HelmRelease. + expectFailures int64 + // expectInstallFailures is the expected InstallFailures count of the + // HelmRelease. + expectInstallFailures int64 + // expectUpgradeFailures is the expected UpgradeFailures count of the + // HelmRelease. + expectUpgradeFailures int64 + }{ + { + name: "install success", + chart: testutil.BuildChart(), + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.InstallSucceededReason, + "Install complete"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + }, + { + name: "install failure", + chart: testutil.BuildChart(testutil.ChartWithFailingHook()), + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.InstallFailedReason, + "failed post-install"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + expectInstallFailures: 1, + }, + { + name: "install failure without storage update", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + Driver: driver, + CreateErr: fmt.Errorf("storage create error"), + } + }, + chart: testutil.BuildChart(), + wantErr: fmt.Errorf("storage create error"), + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.InstallFailedReason, + "storage create error"), + }, + expectFailures: 1, + expectInstallFailures: 0, + }, + { + name: "install with current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Chart: testutil.BuildChart(), + Version: 1, + Status: helmrelease.StatusUninstalled, + }), + } + }, + spec: func(spec *helmv2.HelmReleaseSpec) { + spec.Install = &helmv2.Install{ + Replace: true, + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + chart: testutil.BuildChart(), + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.InstallSucceededReason, + "Install complete"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[1])) + }, + expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + }, + { + name: "install with stale current", + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: "other", + Version: 1, + Status: helmrelease.StatusUninstalled, + Chart: testutil.BuildChart(), + }))), + } + }, + chart: testutil.BuildChart(), + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.InstallSucceededReason, + "Install complete"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + namedNS, err := testEnv.CreateNamespace(context.TODO(), mockReleaseNamespace) + g.Expect(err).NotTo(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), namedNS) + }) + releaseNamespace := namedNS.Name + + var releases []*helmrelease.Release + if tt.releases != nil { + releases = tt.releases(releaseNamespace) + releaseutil.SortByRevision(releases) + } + + obj := &helmv2.HelmRelease{ + Spec: helmv2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: releaseNamespace, + StorageNamespace: releaseNamespace, + Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + }, + } + if tt.spec != nil { + tt.spec(&obj.Spec) + } + if tt.status != nil { + obj.Status = tt.status(releases) + } + + getter, err := RESTClientGetterFromManager(testEnv.Manager, obj.GetReleaseNamespace()) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithDebugLog(logr.Discard()), + ) + g.Expect(err).ToNot(HaveOccurred()) + + store := helmstorage.Init(cfg.Driver) + for _, r := range releases { + g.Expect(store.Create(r)).To(Succeed()) + } + + if tt.driver != nil { + cfg.Driver = tt.driver(cfg.Driver) + } + + got := (&Install{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + Object: obj, + Chart: tt.chart, + Values: tt.values, + }) + if tt.wantErr != nil { + g.Expect(got).To(Equal(tt.wantErr)) + } else { + g.Expect(got).ToNot(HaveOccurred()) + } + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.expectConditions)) + + releases, _ = store.History(mockReleaseName) + releaseutil.SortByRevision(releases) + + if tt.expectCurrent != nil { + g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + } else { + g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + } + + if tt.expectPrevious != nil { + g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + } else { + g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + } + + g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) + g.Expect(obj.Status.InstallFailures).To(Equal(tt.expectInstallFailures)) + g.Expect(obj.Status.UpgradeFailures).To(Equal(tt.expectUpgradeFailures)) + }) + } +} diff --git a/internal/reconcile/reconcile.go b/internal/reconcile/reconcile.go new file mode 100644 index 000000000..516f0cc97 --- /dev/null +++ b/internal/reconcile/reconcile.go @@ -0,0 +1,75 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + + helmchart "helm.sh/helm/v3/pkg/chart" + helmchartutil "helm.sh/helm/v3/pkg/chartutil" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +const ( + // ReconcilerTypeRelease is an ActionReconciler which produces a new + // Helm release. + ReconcilerTypeRelease ReconcilerType = "release" + // ReconcilerTypeRemediate is an ActionReconciler which remediates a + // failed Helm release. + ReconcilerTypeRemediate ReconcilerType = "remediate" + // ReconcilerTypeTest is an ActionReconciler which tests a Helm release. + ReconcilerTypeTest ReconcilerType = "test" + // ReconcilerTypeUnlock is an ActionReconciler which unlocks a Helm + // release in a stale pending state. It differs from ReconcilerTypeRemediate + // in that it does not produce a new Helm release. + ReconcilerTypeUnlock ReconcilerType = "unlock" +) + +// ReconcilerType is a string which identifies the type of ActionReconciler. +// It can be used to e.g. limiting the number of action (types) to be performed +// in a single reconciliation. +type ReconcilerType string + +// Request is a request to be performed by an ActionReconciler. The reconciler +// writes the result of the request to the Object's status. +type Request struct { + // Object is the Helm release to be reconciled, and describes the desired + // state to the ActionReconciler. + Object *helmv2.HelmRelease + // Chart is the Helm chart to be installed or upgraded. + Chart *helmchart.Chart + // Values is the Helm chart values to be used for the installation or + // upgrade. + Values helmchartutil.Values +} + +// ActionReconciler is an interface which defines the methods that a reconciler +// of a Helm action must implement. +type ActionReconciler interface { + // Reconcile performs the reconcile action for the given Request. The + // reconciler should write the result of the request to the Object's status. + // An error is returned if the reconcile action cannot be performed and did + // not result in a modification of the Helm storage. The caller should then + // either retry, or abort the operation. + Reconcile(ctx context.Context, req *Request) error + // Name returns the name of the ActionReconciler. Typically, this equals + // the name of the Helm action it performs. + Name() string + // Type returns the ReconcilerType of the ActionReconciler. + Type() ReconcilerType +} diff --git a/internal/reconcile/release.go b/internal/reconcile/release.go new file mode 100644 index 000000000..d912872d0 --- /dev/null +++ b/internal/reconcile/release.go @@ -0,0 +1,65 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "errors" + + helmrelease "helm.sh/helm/v3/pkg/release" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" +) + +var ( + // ErrNoCurrent is returned when the HelmRelease has no current release + // but this is required by the ActionReconciler. + ErrNoCurrent = errors.New("no current release") + // ErrNoPrevious is returned when the HelmRelease has no previous release + // but this is required by the ActionReconciler. + ErrNoPrevious = errors.New("no previous release") + // ErrReleaseMismatch is returned when the resulting release after running + // an action does not match the expected current and/or previous release. + // This can happen for actions where targeting a release by version is not + // possible, for example while running tests. + ErrReleaseMismatch = errors.New("release mismatch") +) + +// observeRelease returns a storage.ObserveFunc which updates the Status.Current +// and Status.Previous fields of the HelmRelease object. It can be used to +// record Helm install and upgrade actions as - and while - they are written to +// the Helm storage. +func observeRelease(obj *helmv2.HelmRelease) storage.ObserveFunc { + return func(rls *helmrelease.Release) { + cur := obj.Status.Current.DeepCopy() + obs := release.ObserveRelease(rls) + if cur != nil && obs.Targets(cur.Name, cur.Namespace, 0) && cur.Version < obs.Version { + // Add current to previous when we observe the first write of a + // newer release. + obj.Status.Previous = obj.Status.Current + } + if cur == nil || !obs.Targets(cur.Name, cur.Namespace, 0) || obs.Version >= cur.Version { + // Overwrite current with newer release, or update it. + obj.Status.Current = release.ObservedToInfo(obs) + } + if prev := obj.Status.Previous; prev != nil && obs.Targets(prev.Name, prev.Namespace, prev.Version) { + // Write latest state of previous (e.g. status updates) to status. + obj.Status.Previous = release.ObservedToInfo(obs) + } + } +} diff --git a/internal/reconcile/release_test.go b/internal/reconcile/release_test.go new file mode 100644 index 000000000..b7ef6db4e --- /dev/null +++ b/internal/reconcile/release_test.go @@ -0,0 +1,148 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "testing" + + . "github.com/onsi/gomega" + helmrelease "helm.sh/helm/v3/pkg/release" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/release" +) + +const ( + mockReleaseName = "mock-release" + mockReleaseNamespace = "mock-ns" +) + +func Test_observeRelease(t *testing.T) { + const ( + otherReleaseName = "other" + otherReleaseNamespace = "other-ns" + ) + + t.Run("release", func(t *testing.T) { + g := NewWithT(t) + + obj := &helmv2.HelmRelease{} + mock := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusPendingInstall, + }) + expect := release.ObservedToInfo(release.ObserveRelease(mock)) + + observeRelease(obj)(mock) + + g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.Status.Current).ToNot(BeNil()) + g.Expect(obj.Status.Current).To(Equal(expect)) + }) + + t.Run("release with current", func(t *testing.T) { + g := NewWithT(t) + + current := &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + }, + } + mock := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: current.Name, + Namespace: current.Namespace, + Version: current.Version + 1, + Status: helmrelease.StatusPendingInstall, + }) + expect := release.ObservedToInfo(release.ObserveRelease(mock)) + + observeRelease(obj)(mock) + g.Expect(obj.Status.Previous).ToNot(BeNil()) + g.Expect(obj.Status.Previous).To(Equal(current)) + g.Expect(obj.Status.Current).ToNot(BeNil()) + g.Expect(obj.Status.Current).To(Equal(expect)) + }) + + t.Run("release with current with different name", func(t *testing.T) { + g := NewWithT(t) + + current := &helmv2.HelmReleaseInfo{ + Name: otherReleaseName, + Namespace: otherReleaseNamespace, + Version: 3, + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + }, + } + mock := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusPendingInstall, + }) + expect := release.ObservedToInfo(release.ObserveRelease(mock)) + + observeRelease(obj)(mock) + g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.Status.Current).ToNot(BeNil()) + g.Expect(obj.Status.Current).To(Equal(expect)) + }) + + t.Run("release with update to previous", func(t *testing.T) { + g := NewWithT(t) + + previous := &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed.String(), + } + current := &helmv2.HelmReleaseInfo{ + Name: previous.Name, + Namespace: previous.Namespace, + Version: previous.Version + 1, + Status: helmrelease.StatusPendingInstall.String(), + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + Previous: previous, + }, + } + mock := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: previous.Name, + Namespace: previous.Namespace, + Version: previous.Version, + Status: helmrelease.StatusSuperseded, + }) + expect := release.ObservedToInfo(release.ObserveRelease(mock)) + + observeRelease(obj)(mock) + g.Expect(obj.Status.Previous).ToNot(BeNil()) + g.Expect(obj.Status.Previous).To(Equal(expect)) + g.Expect(obj.Status.Current).To(Equal(current)) + }) +} diff --git a/internal/reconcile/rollback.go b/internal/reconcile/rollback.go new file mode 100644 index 000000000..f5d3bd25e --- /dev/null +++ b/internal/reconcile/rollback.go @@ -0,0 +1,94 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "fmt" + + helmrelease "helm.sh/helm/v3/pkg/release" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/fluxcd/pkg/runtime/conditions" + "github.com/fluxcd/pkg/runtime/logger" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" +) + +type Rollback struct { + configFactory *action.ConfigFactory +} + +func (r *Rollback) Name() string { + return "rollback" +} + +func (r *Rollback) Type() ReconcilerType { + return ReconcilerTypeRemediate +} + +func (r *Rollback) Reconcile(ctx context.Context, req *Request) error { + var ( + cur = req.Object.Status.Current.DeepCopy() + logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) + ) + + // Previous is required to determine what version to roll back to. + if req.Object.Status.Previous == nil { + return fmt.Errorf("%w: required to rollback", ErrNoPrevious) + } + + // Run rollback action. + if err := action.Rollback(r.configFactory.Build(logBuf.Log, observeRollback(req.Object)), req.Object); err != nil { + // Mark failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, helmv2.RemediatedCondition, helmv2.RollbackFailedReason, err.Error()) + + // Return error if we did not store a release, as this does not + // affect state and the caller should e.g. retry. + if newCur := req.Object.Status.Current; newCur == nil || newCur == cur { + return err + } + return nil + } + + // Mark remediation success. + condMsg := "Rolled back to previous version" + if prev := req.Object.Status.Previous; prev != nil { + condMsg = fmt.Sprintf("Rolled back to version %d", prev.Version) + } + conditions.MarkTrue(req.Object, helmv2.RemediatedCondition, helmv2.RollbackSucceededReason, condMsg) + return nil +} + +// observeRollback returns a storage.ObserveFunc that can be used to observe +// and record the result of a rollback action in the status of the given release. +// It updates the Status.Current field of the release if it equals the target +// of the rollback action, and version >= Current.Version. +func observeRollback(obj *helmv2.HelmRelease) storage.ObserveFunc { + return func(rls *helmrelease.Release) { + cur := obj.Status.Current.DeepCopy() + obs := release.ObserveRelease(rls) + if cur == nil || !obs.Targets(cur.Name, cur.Namespace, 0) || obs.Version >= cur.Version { + // Overwrite current with newer release, or update it. + obj.Status.Current = release.ObservedToInfo(obs) + } + } +} diff --git a/internal/reconcile/rollback_test.go b/internal/reconcile/rollback_test.go new file mode 100644 index 000000000..ac5fec03a --- /dev/null +++ b/internal/reconcile/rollback_test.go @@ -0,0 +1,357 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "errors" + "testing" + "time" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + helmrelease "helm.sh/helm/v3/pkg/release" + helmreleaseutil "helm.sh/helm/v3/pkg/releaseutil" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/runtime/conditions" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func TestRollback_Reconcile(t *testing.T) { + tests := []struct { + name string + // driver allows for modifying the Helm storage driver. + driver func(driver helmdriver.Driver) helmdriver.Driver + // releases is the list of releases that are stored in the driver + // before rollback. + releases func(namespace string) []*helmrelease.Release + // spec modifies the HelmRelease object's spec before rollback. + spec func(spec *helmv2.HelmReleaseSpec) + // status to configure on the HelmRelease before rollback. + status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + // wantErr is the error that is expected to be returned. + wantErr error + // expectedConditions are the conditions that are expected to be set on + // the HelmRelease after rolling back. + expectConditions []metav1.Condition + // expectCurrent is the expected Current release information on the + // HelmRelease after rolling back. + expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectPrevious returns the expected Previous release information of + // the HelmRelease after rolling back. + expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectFailures is the expected Failures count on the HelmRelease. + expectFailures int64 + // expectInstallFailures is the expected InstallFailures count on the + // HelmRelease. + expectInstallFailures int64 + // expectUpgradeFailures is the expected UpgradeFailures count on the + // HelmRelease. + expectUpgradeFailures int64 + }{ + { + name: "rollback", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusSuperseded, + Namespace: namespace, + }), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusFailed, + Namespace: namespace, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.RemediatedCondition, helmv2.RollbackSucceededReason, + "Rolled back to version 1"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[2])) + }, + expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + }, + { + name: "rollback without previous", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusSuperseded, + Namespace: namespace, + }), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusFailed, + Namespace: namespace, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + } + }, + wantErr: ErrNoPrevious, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[1])) + }, + }, + { + name: "rollback failure", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithFailingHook()), + Status: helmrelease.StatusSuperseded, + Namespace: namespace, + }, testutil.ReleaseWithFailingHook()), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusFailed, + Namespace: namespace, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.RemediatedCondition, helmv2.RollbackFailedReason, + "timed out waiting for the condition"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[2])) + }, + expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + namedNS, err := testEnv.CreateNamespace(context.TODO(), mockReleaseNamespace) + g.Expect(err).NotTo(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), namedNS) + }) + releaseNamespace := namedNS.Name + + var releases []*helmrelease.Release + if tt.releases != nil { + releases = tt.releases(releaseNamespace) + helmreleaseutil.SortByRevision(releases) + } + + obj := &helmv2.HelmRelease{ + Spec: helmv2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: releaseNamespace, + StorageNamespace: releaseNamespace, + Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + }, + } + if tt.status != nil { + obj.Status = tt.status(releases) + } + + getter, err := RESTClientGetterFromManager(testEnv.Manager, obj.GetReleaseNamespace()) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithDebugLog(logr.Discard()), + ) + g.Expect(err).ToNot(HaveOccurred()) + + store := helmstorage.Init(cfg.Driver) + for _, r := range releases { + g.Expect(store.Create(r)).To(Succeed()) + } + + if tt.driver != nil { + cfg.Driver = tt.driver(cfg.Driver) + } + + got := (&Rollback{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + Object: obj, + }) + if tt.wantErr != nil { + g.Expect(errors.Is(got, tt.wantErr)).To(BeTrue()) + } else { + g.Expect(got).ToNot(HaveOccurred()) + } + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.expectConditions)) + + releases, _ = store.History(mockReleaseName) + helmreleaseutil.SortByRevision(releases) + + if tt.expectCurrent != nil { + g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + } else { + g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + } + + if tt.expectPrevious != nil { + g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + } else { + g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + } + + g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) + g.Expect(obj.Status.InstallFailures).To(Equal(tt.expectInstallFailures)) + g.Expect(obj.Status.UpgradeFailures).To(Equal(tt.expectUpgradeFailures)) + }) + } +} + +func Test_observeRollback(t *testing.T) { + t.Run("rollback", func(t *testing.T) { + g := NewWithT(t) + + obj := &helmv2.HelmRelease{} + rls := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusPendingRollback, + }) + observeRollback(obj)(rls) + expect := release.ObservedToInfo(release.ObserveRelease(rls)) + + g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.Status.Current).To(Equal(expect)) + }) + + t.Run("rollback with current", func(t *testing.T) { + g := NewWithT(t) + + current := &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusFailed.String(), + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + }, + } + rls := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: current.Name, + Namespace: current.Namespace, + Version: current.Version + 1, + Status: helmrelease.StatusPendingRollback, + }) + expect := release.ObservedToInfo(release.ObserveRelease(rls)) + + observeRollback(obj)(rls) + g.Expect(obj.Status.Current).ToNot(BeNil()) + g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.Status.Previous).To(BeNil()) + }) + + t.Run("rollback with current with higher version", func(t *testing.T) { + g := NewWithT(t) + + current := &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusPendingRollback.String(), + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + }, + } + rls := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: current.Name, + Namespace: current.Namespace, + Version: current.Version - 1, + Status: helmrelease.StatusSuperseded, + }) + + observeRollback(obj)(rls) + g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.Status.Current).To(Equal(current)) + }) + + t.Run("rollback with current with different name", func(t *testing.T) { + g := NewWithT(t) + + current := &helmv2.HelmReleaseInfo{ + Name: mockReleaseName + "-other", + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusFailed.String(), + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + }, + } + rls := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusPendingRollback, + }) + expect := release.ObservedToInfo(release.ObserveRelease(rls)) + + observeRollback(obj)(rls) + g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.Status.Current).To(Equal(expect)) + }) +} diff --git a/internal/reconcile/suite_test.go b/internal/reconcile/suite_test.go new file mode 100644 index 000000000..867ec2d93 --- /dev/null +++ b/internal/reconcile/suite_test.go @@ -0,0 +1,127 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "fmt" + "os" + "testing" + + "github.com/fluxcd/pkg/runtime/testenv" + "k8s.io/apimachinery/pkg/api/meta" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/cli-runtime/pkg/genericclioptions" + "k8s.io/client-go/discovery" + cached "k8s.io/client-go/discovery/cached" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/manager" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +var ( + ctx = ctrl.SetupSignalHandler() + testEnv *testenv.Environment +) + +func TestMain(m *testing.M) { + utilruntime.Must(helmv2.AddToScheme(scheme.Scheme)) + + testEnv = testenv.New() + + go func() { + fmt.Println("Starting the test environment") + if err := testEnv.Start(ctx); err != nil { + panic(fmt.Sprintf("Failed to start the test environment manager: %v", err)) + } + }() + <-testEnv.Manager.Elected() + + code := m.Run() + + fmt.Println("Stopping the test environment") + if err := testEnv.Stop(); err != nil { + panic(fmt.Sprintf("Failed to stop the test environment: %v", err)) + } + os.Exit(code) +} + +type managerRESTClientGetter struct { + restConfig *rest.Config + discoveryClient discovery.CachedDiscoveryInterface + restMapper meta.RESTMapper + namespaceConfig clientcmd.ClientConfig +} + +func RESTClientGetterFromManager(mgr manager.Manager, ns string) (genericclioptions.RESTClientGetter, error) { + cfg := mgr.GetConfig() + dc, err := discovery.NewDiscoveryClientForConfig(cfg) + if err != nil { + return nil, err + } + cdc := cached.NewMemCacheClient(dc) + rm := mgr.GetRESTMapper() + + return &managerRESTClientGetter{ + restConfig: cfg, + discoveryClient: cdc, + restMapper: rm, + namespaceConfig: &namespaceClientConfig{ns}, + }, nil +} + +func (c *managerRESTClientGetter) ToRESTConfig() (*rest.Config, error) { + return c.restConfig, nil +} + +func (c *managerRESTClientGetter) ToDiscoveryClient() (discovery.CachedDiscoveryInterface, error) { + return c.discoveryClient, nil +} + +func (c *managerRESTClientGetter) ToRESTMapper() (meta.RESTMapper, error) { + return c.restMapper, nil +} + +func (c *managerRESTClientGetter) ToRawKubeConfigLoader() clientcmd.ClientConfig { + return c.namespaceConfig +} + +var _ clientcmd.ClientConfig = &namespaceClientConfig{} + +type namespaceClientConfig struct { + namespace string +} + +func (c namespaceClientConfig) RawConfig() (clientcmdapi.Config, error) { + return clientcmdapi.Config{}, nil +} + +func (c namespaceClientConfig) ClientConfig() (*rest.Config, error) { + return nil, nil +} + +func (c namespaceClientConfig) Namespace() (string, bool, error) { + return c.namespace, false, nil +} + +func (c namespaceClientConfig) ConfigAccess() clientcmd.ConfigAccess { + return nil +} diff --git a/internal/reconcile/test.go b/internal/reconcile/test.go new file mode 100644 index 000000000..85ec32bba --- /dev/null +++ b/internal/reconcile/test.go @@ -0,0 +1,102 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "fmt" + + "github.com/fluxcd/pkg/runtime/logger" + helmrelease "helm.sh/helm/v3/pkg/release" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/fluxcd/pkg/runtime/conditions" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" +) + +type Test struct { + configFactory *action.ConfigFactory +} + +func (r *Test) Reconcile(ctx context.Context, req *Request) error { + var ( + cur = req.Object.Status.Current.DeepCopy() + logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) + ) + + // We only accept test results for the current release. + if cur == nil { + return fmt.Errorf("%w: required for test", ErrNoCurrent) + } + + // Run tests. + rls, err := action.Test(ctx, r.configFactory.Build(logBuf.Log, observeTest(req.Object)), req.Object) + + // The Helm test action does always target the latest release. Before + // accepting results, we need to confirm this is actually the release we + // have recorded as Current. + if rls != nil && !release.ObserveRelease(rls).Targets(cur.Name, cur.Namespace, cur.Version) { + err = fmt.Errorf("%w: tested release %s/%s with version %d != current release %s/%s with version %d", + ErrReleaseMismatch, rls.Namespace, rls.Name, rls.Version, cur.Namespace, cur.Name, cur.Version) + } + + // Something went wrong. + if err != nil { + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, helmv2.TestSuccessCondition, helmv2.TestFailedReason, err.Error()) + // If we failed to observe anything happened at all, we want to retry + // and return the error to indicate this. + if req.Object.Status.Current == cur { + return err + } + return nil + } + + // Compose success condition message. + condMsg := "No test hooks." + if hookLen := len(req.Object.Status.Current.TestHooks); hookLen > 0 { + condMsg = fmt.Sprintf("%d test hook(s) completed successfully.", hookLen) + } + conditions.MarkTrue(req.Object, helmv2.TestSuccessCondition, helmv2.TestSucceededReason, condMsg) + return nil +} + +func (r *Test) Name() string { + return "test" +} + +func (r *Test) Type() ReconcilerType { + return ReconcilerTypeTest +} + +func observeTest(obj *helmv2.HelmRelease) storage.ObserveFunc { + return func(rls *helmrelease.Release) { + if cur := obj.Status.Current; cur != nil { + obs := release.ObserveRelease(rls) + if obs.Targets(cur.Name, cur.Namespace, cur.Version) { + obj.Status.Current = release.ObservedToInfo(obs) + if hooks := release.TestHooksFromRelease(rls); len(hooks) > 0 { + obj.Status.Current.TestHooks = hooks + } + } + } + } +} diff --git a/internal/reconcile/test_test.go b/internal/reconcile/test_test.go new file mode 100644 index 000000000..cad78d496 --- /dev/null +++ b/internal/reconcile/test_test.go @@ -0,0 +1,392 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "errors" + "testing" + "time" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + helmrelease "helm.sh/helm/v3/pkg/release" + helmreleaseutil "helm.sh/helm/v3/pkg/releaseutil" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/runtime/conditions" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +// testHookFixtures is a list of release.Hook in every possible LastRun state. +var testHookFixtures = []*helmrelease.Hook{ + { + Name: "never-run-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + }, + { + Name: "passing-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + LastRun: helmrelease.HookExecution{ + StartedAt: testutil.MustParseHelmTime("2006-01-02T15:04:05Z"), + CompletedAt: testutil.MustParseHelmTime("2006-01-02T15:04:07Z"), + Phase: helmrelease.HookPhaseSucceeded, + }, + }, + { + Name: "failing-test", + Events: []helmrelease.HookEvent{helmrelease.HookTest}, + LastRun: helmrelease.HookExecution{ + StartedAt: testutil.MustParseHelmTime("2006-01-02T15:10:05Z"), + CompletedAt: testutil.MustParseHelmTime("2006-01-02T15:10:07Z"), + Phase: helmrelease.HookPhaseFailed, + }, + }, + { + Name: "passing-pre-install", + Events: []helmrelease.HookEvent{helmrelease.HookPreInstall}, + LastRun: helmrelease.HookExecution{ + StartedAt: testutil.MustParseHelmTime("2006-01-02T15:00:05Z"), + CompletedAt: testutil.MustParseHelmTime("2006-01-02T15:00:07Z"), + Phase: helmrelease.HookPhaseSucceeded, + }, + }, +} + +func TestTest_Reconcile(t *testing.T) { + tests := []struct { + name string + // driver allows for modifying the Helm storage driver. + driver func(driver helmdriver.Driver) helmdriver.Driver + // releases is the list of releases that are stored in the driver + // before test. + releases func(namespace string) []*helmrelease.Release + // spec modifies the HelmRelease Object spec before test. + spec func(spec *helmv2.HelmReleaseSpec) + // status to configure on the HelmRelease Object before test. + status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + // wantErr is the error that is expected to be returned. + wantErr error + // expectedConditions are the conditions that are expected to be set on + // the HelmRelease after running rollback. + expectConditions []metav1.Condition + // expectCurrent is the expected Current release information in the + // HelmRelease after install. + expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectPrevious returns the expected Previous release information of + // the HelmRelease after install. + expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectFailures is the expected Failures count of the HelmRelease. + expectFailures int64 + // expectInstallFailures is the expected InstallFailures count of the + // HelmRelease. + expectInstallFailures int64 + // expectUpgradeFailures is the expected UpgradeFailures count of the + // HelmRelease. + expectUpgradeFailures int64 + }{ + { + name: "test success", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusDeployed, + }, testutil.ReleaseWithTestHook()), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.TestSuccessCondition, helmv2.TestSucceededReason, + "1 test hook(s) completed successfully."), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + info := release.ObservedToInfo(release.ObserveRelease(releases[0])) + info.TestHooks = release.TestHooksFromRelease(releases[0]) + return info + }, + }, + { + name: "test without hooks", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.TestSuccessCondition, helmv2.TestSucceededReason, + "No test hooks."), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + info := release.ObservedToInfo(release.ObserveRelease(releases[0])) + return info + }, + }, + { + name: "test failure", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(testutil.ChartWithFailingTestHook()), + }, testutil.ReleaseWithFailingTestHook()), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.TestSuccessCondition, helmv2.TestFailedReason, + "timed out waiting for the condition"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + info := release.ObservedToInfo(release.ObserveRelease(releases[0])) + info.TestHooks = release.TestHooksFromRelease(releases[0]) + return info + }, + expectFailures: 1, + }, + { + name: "test without current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusDeployed, + }, testutil.ReleaseWithTestHook()), + } + }, + expectConditions: []metav1.Condition{}, + wantErr: ErrNoCurrent, + }, + { + name: "test with stale current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusSuperseded, + }, testutil.ReleaseWithTestHook()), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusDeployed, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.TestSuccessCondition, helmv2.TestFailedReason, + ErrReleaseMismatch.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + namedNS, err := testEnv.CreateNamespace(context.TODO(), mockReleaseNamespace) + g.Expect(err).NotTo(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), namedNS) + }) + releaseNamespace := namedNS.Name + + var releases []*helmrelease.Release + if tt.releases != nil { + releases = tt.releases(releaseNamespace) + helmreleaseutil.SortByRevision(releases) + } + + obj := &helmv2.HelmRelease{ + Spec: helmv2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: releaseNamespace, + StorageNamespace: releaseNamespace, + Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + }, + } + if tt.spec != nil { + tt.spec(&obj.Spec) + } + if tt.status != nil { + obj.Status = tt.status(releases) + } + + getter, err := RESTClientGetterFromManager(testEnv.Manager, obj.GetReleaseNamespace()) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithDebugLog(logr.Discard()), + ) + g.Expect(err).ToNot(HaveOccurred()) + + store := helmstorage.Init(cfg.Driver) + for _, r := range releases { + g.Expect(store.Create(r)).To(Succeed()) + } + + if tt.driver != nil { + cfg.Driver = tt.driver(cfg.Driver) + } + + got := (&Test{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + Object: obj, + }) + if tt.wantErr != nil { + g.Expect(errors.Is(got, tt.wantErr)).To(BeTrue()) + } else { + g.Expect(got).ToNot(HaveOccurred()) + } + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.expectConditions)) + + releases, _ = store.History(mockReleaseName) + helmreleaseutil.SortByRevision(releases) + + if tt.expectCurrent != nil { + g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + } else { + g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + } + + if tt.expectPrevious != nil { + g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + } else { + g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + } + + g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) + g.Expect(obj.Status.InstallFailures).To(Equal(tt.expectInstallFailures)) + g.Expect(obj.Status.UpgradeFailures).To(Equal(tt.expectUpgradeFailures)) + }) + } +} + +func Test_observeTest(t *testing.T) { + t.Run("test with current", func(t *testing.T) { + g := NewWithT(t) + + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + }, + }, + } + rls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + }, testutil.ReleaseWithHooks(testHookFixtures)) + + expect := release.ObservedToInfo(release.ObserveRelease(rls)) + expect.TestHooks = release.TestHooksFromRelease(rls) + + observeTest(obj)(rls) + g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.Status.Previous).To(BeNil()) + }) + + t.Run("test with different current version", func(t *testing.T) { + g := NewWithT(t) + + current := &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + }, + } + rls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + }, testutil.ReleaseWithHooks(testHookFixtures)) + + observeTest(obj)(rls) + g.Expect(obj.Status.Current).To(Equal(current)) + g.Expect(obj.Status.Previous).To(BeNil()) + }) + + t.Run("test without current", func(t *testing.T) { + g := NewWithT(t) + + obj := &helmv2.HelmRelease{} + + rls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + }, testutil.ReleaseWithHooks(testHookFixtures)) + + observeTest(obj)(rls) + g.Expect(obj.Status.Current).To(BeNil()) + g.Expect(obj.Status.Previous).To(BeNil()) + }) +} diff --git a/internal/reconcile/uninstall.go b/internal/reconcile/uninstall.go new file mode 100644 index 000000000..6f7d0063e --- /dev/null +++ b/internal/reconcile/uninstall.go @@ -0,0 +1,105 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "fmt" + + helmrelease "helm.sh/helm/v3/pkg/release" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/fluxcd/pkg/runtime/conditions" + "github.com/fluxcd/pkg/runtime/logger" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" +) + +type Uninstall struct { + configFactory *action.ConfigFactory +} + +func (r *Uninstall) Reconcile(ctx context.Context, req *Request) error { + var ( + cur = req.Object.Status.Current.DeepCopy() + logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) + cfg = r.configFactory.Build(logBuf.Log, observeUninstall(req.Object)) + ) + + // Require current to run uninstall. + if cur == nil { + return fmt.Errorf("%w: required to uninstall", ErrNoCurrent) + } + + // Run the uninstall action. + res, err := action.Uninstall(ctx, cfg, req.Object) + + // The Helm uninstall action does always target the latest release. Before + // accepting results, we need to confirm this is actually the release we + // have recorded as Current. + if res != nil && !release.ObserveRelease(res.Release).Targets(cur.Name, cur.Namespace, cur.Version) { + err = fmt.Errorf("%w: uninstalled release %s/%s with version %d != current release %s/%s with version %d", + ErrReleaseMismatch, res.Release.Namespace, res.Release.Name, res.Release.Version, cur.Namespace, cur.Name, + cur.Version) + } + + // The Helm uninstall action may return without an error while the update + // to the storage failed. Detect this and return an error. + if err == nil && cur == req.Object.Status.Current { + err = fmt.Errorf("uninstallation completed without updating Helm storage") + } + + // Handle any error. + if err != nil { + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, helmv2.RemediatedCondition, helmv2.UninstallFailedReason, err.Error()) + if req.Object.Status.Current == cur { + return err + } + return nil + } + + // Mark success. + conditions.MarkTrue(req.Object, helmv2.RemediatedCondition, helmv2.UninstallSucceededReason, + res.Release.Info.Description) + return nil +} + +func (r *Uninstall) Name() string { + return "uninstall" +} + +func (r *Uninstall) Type() ReconcilerType { + return ReconcilerTypeRemediate +} + +// observeUninstall returns a storage.ObserveFunc that can be used to observe +// and record the result of an uninstall action in the status of the given +// release. It updates the Status.Current field of the release if it equals the +// uninstallation target, and version = Current.Version. +func observeUninstall(obj *helmv2.HelmRelease) storage.ObserveFunc { + return func(rls *helmrelease.Release) { + if cur := obj.Status.Current; cur != nil { + if obs := release.ObserveRelease(rls); obs.Targets(cur.Name, cur.Namespace, cur.Version) { + obj.Status.Current = release.ObservedToInfo(obs) + } + } + } +} diff --git a/internal/reconcile/uninstall_test.go b/internal/reconcile/uninstall_test.go new file mode 100644 index 000000000..bcabd58a1 --- /dev/null +++ b/internal/reconcile/uninstall_test.go @@ -0,0 +1,388 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "errors" + "fmt" + "testing" + "time" + + "github.com/fluxcd/pkg/runtime/conditions" + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + helmrelease "helm.sh/helm/v3/pkg/release" + "helm.sh/helm/v3/pkg/releaseutil" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func Test_uninstall(t *testing.T) { + tests := []struct { + name string + // driver allows for modifying the Helm storage driver. + driver func(helmdriver.Driver) helmdriver.Driver + // releases is the list of releases that are stored in the driver + // before uninstall. + releases func(namespace string) []*helmrelease.Release + // spec modifies the HelmRelease Object spec before uninstall. + spec func(spec *helmv2.HelmReleaseSpec) + // status to configure on the HelmRelease Object before uninstall. + status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + // wantErr is the error that is expected to be returned. + wantErr error + // expectedConditions are the conditions that are expected to be set on + // the HelmRelease after running rollback. + expectConditions []metav1.Condition + // expectCurrent is the expected Current release information in the + // HelmRelease after uninstall. + expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectPrevious returns the expected Previous release information of + // the HelmRelease after uninstall. + expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectFailures is the expected Failures count of the HelmRelease. + expectFailures int64 + // expectInstallFailures is the expected InstallFailures count of the + // HelmRelease. + expectInstallFailures int64 + // expectUpgradeFailures is the expected UpgradeFailures count of the + // HelmRelease. + expectUpgradeFailures int64 + }{ + { + name: "uninstall success", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusDeployed, + }), + } + }, + spec: func(spec *helmv2.HelmReleaseSpec) { + spec.Uninstall = &helmv2.Uninstall{ + KeepHistory: true, + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.RemediatedCondition, helmv2.UninstallSucceededReason, + "Uninstallation complete"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + }, + { + name: "uninstall failure", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(testutil.ChartWithFailingHook()), + }, testutil.ReleaseWithFailingHook()), + } + }, + spec: func(spec *helmv2.HelmReleaseSpec) { + spec.Uninstall = &helmv2.Uninstall{ + KeepHistory: true, + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.RemediatedCondition, helmv2.UninstallFailedReason, + "uninstallation completed with 1 error(s): 1 error occurred:\n\t* timed out waiting for the condition\n\n"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + { + name: "uninstall failure without storage delete", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + // Explicitly inherit the driver, as we want to rely on the + // Secret storage, as the memory storage does not detach + // objects from the release action. Causing writes post-persist + // to leak to the stored release object. + Driver: driver, + DeleteErr: fmt.Errorf("delete error"), + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.RemediatedCondition, helmv2.UninstallFailedReason, + "delete error"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + { + name: "uninstall without current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusDeployed, + }), + } + }, + expectConditions: []metav1.Condition{}, + wantErr: ErrNoCurrent, + }, + { + name: "uninstall with stale current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusSuperseded, + }, testutil.ReleaseWithTestHook()), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusDeployed, + }), + } + }, + spec: func(spec *helmv2.HelmReleaseSpec) { + spec.Uninstall = &helmv2.Uninstall{ + KeepHistory: true, + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.RemediatedCondition, helmv2.UninstallFailedReason, + ErrReleaseMismatch.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + namedNS, err := testEnv.CreateNamespace(context.TODO(), mockReleaseNamespace) + g.Expect(err).NotTo(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), namedNS) + }) + releaseNamespace := namedNS.Name + + var releases []*helmrelease.Release + if tt.releases != nil { + releases = tt.releases(releaseNamespace) + releaseutil.SortByRevision(releases) + } + + obj := &helmv2.HelmRelease{ + Spec: helmv2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: releaseNamespace, + StorageNamespace: releaseNamespace, + Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + }, + } + if tt.spec != nil { + tt.spec(&obj.Spec) + } + if tt.status != nil { + obj.Status = tt.status(releases) + } + + getter, err := RESTClientGetterFromManager(testEnv.Manager, obj.GetReleaseNamespace()) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithDebugLog(logr.Discard()), + ) + g.Expect(err).ToNot(HaveOccurred()) + + store := helmstorage.Init(cfg.Driver) + for _, r := range releases { + g.Expect(store.Create(r)).To(Succeed()) + } + + if tt.driver != nil { + cfg.Driver = tt.driver(cfg.Driver) + } + + got := (&Uninstall{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + Object: obj, + }) + if tt.wantErr != nil { + g.Expect(errors.Is(got, tt.wantErr)).To(BeTrue()) + } else { + g.Expect(got).ToNot(HaveOccurred()) + } + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.expectConditions)) + + releases, _ = store.History(mockReleaseName) + releaseutil.SortByRevision(releases) + + if tt.expectCurrent != nil { + g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + } else { + g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + } + + if tt.expectPrevious != nil { + g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + } else { + g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + } + + g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) + g.Expect(obj.Status.InstallFailures).To(Equal(tt.expectInstallFailures)) + g.Expect(obj.Status.UpgradeFailures).To(Equal(tt.expectUpgradeFailures)) + }) + } +} + +func Test_observeUninstall(t *testing.T) { + t.Run("uninstall of current", func(t *testing.T) { + g := NewWithT(t) + + current := &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed.String(), + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + }, + } + rls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: current.Name, + Namespace: current.Namespace, + Version: current.Version, + Status: helmrelease.StatusUninstalled, + }) + expect := release.ObservedToInfo(release.ObserveRelease(rls)) + + observeUninstall(obj)(rls) + g.Expect(obj.Status.Current).ToNot(BeNil()) + g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.Status.Previous).To(BeNil()) + }) + + t.Run("uninstall without current", func(t *testing.T) { + g := NewWithT(t) + + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: nil, + }, + } + rls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusUninstalling, + }) + + observeUninstall(obj)(rls) + g.Expect(obj.Status.Current).To(BeNil()) + g.Expect(obj.Status.Previous).To(BeNil()) + }) + + t.Run("uninstall of different version than current", func(t *testing.T) { + g := NewWithT(t) + + current := &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed.String(), + } + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: current, + }, + } + rls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: current.Name, + Namespace: current.Namespace, + Version: current.Version + 1, + Status: helmrelease.StatusUninstalled, + }) + + observeUninstall(obj)(rls) + g.Expect(obj.Status.Current).ToNot(BeNil()) + g.Expect(obj.Status.Current).To(Equal(current)) + g.Expect(obj.Status.Previous).To(BeNil()) + }) +} diff --git a/internal/reconcile/unlock.go b/internal/reconcile/unlock.go new file mode 100644 index 000000000..d64cbc60e --- /dev/null +++ b/internal/reconcile/unlock.go @@ -0,0 +1,100 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "errors" + "fmt" + + "github.com/fluxcd/pkg/runtime/conditions" + helmrelease "helm.sh/helm/v3/pkg/release" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" +) + +type Unlock struct { + configFactory *action.ConfigFactory +} + +func (r *Unlock) Reconcile(_ context.Context, req *Request) error { + // We can only unlock a release if we have a current. + cur := req.Object.Status.Current.DeepCopy() + if cur == nil { + return fmt.Errorf("%w: required for unlock", ErrNoCurrent) + } + + // Build action configuration to gain access to Helm storage. + cfg := r.configFactory.Build(nil, observeUnlock(req.Object)) + + // Retrieve last release object. + rls, err := cfg.Releases.Last(req.Object.GetReleaseName()) + if err != nil { + // Ignore not found error. Assume caller will decide what to do + // when it re-assess state to determine the next action. + if errors.Is(err, helmdriver.ErrReleaseNotFound) { + return nil + } + // Return any other error to retry. + return err + } + + // Ensure latest is still same as current. + obs := release.ObserveRelease(rls) + if obs.Targets(cur.Name, cur.Namespace, cur.Version) { + if status := rls.Info.Status; status.IsPending() { + // Update pending status to failed and persist. + rls.SetStatus(helmrelease.StatusFailed, fmt.Sprintf("Release unlocked from stale '%s' state", + status.String())) + if err = cfg.Releases.Update(rls); err != nil { + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, helmv2.ReleasedCondition, "StalePending", + "Failed to unlock release from stale '%s' state: %s", status.String(), err.Error()) + return err + } + conditions.MarkFalse(req.Object, helmv2.ReleasedCondition, "StalePending", rls.Info.Description) + } + } + return nil +} + +func (r *Unlock) Name() string { + return "unlock" +} + +func (r *Unlock) Type() ReconcilerType { + return ReconcilerTypeUnlock +} + +// observeUnlock returns a storage.ObserveFunc that can be used to observe and +// record the result of an unlock action in the status of the given release. +// It updates the Status.Current field of the release if it equals the target +// of the unlock action. +func observeUnlock(obj *helmv2.HelmRelease) storage.ObserveFunc { + return func(rls *helmrelease.Release) { + if cur := obj.Status.Current; cur != nil { + obs := release.ObserveRelease(rls) + if obs.Targets(cur.Name, cur.Namespace, cur.Version) { + obj.Status.Current = release.ObservedToInfo(obs) + } + } + } +} diff --git a/internal/reconcile/unlock_test.go b/internal/reconcile/unlock_test.go new file mode 100644 index 000000000..58a49a154 --- /dev/null +++ b/internal/reconcile/unlock_test.go @@ -0,0 +1,396 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "errors" + "testing" + "time" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + helmrelease "helm.sh/helm/v3/pkg/release" + helmreleaseutil "helm.sh/helm/v3/pkg/releaseutil" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/runtime/conditions" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func Test_unlock(t *testing.T) { + var ( + mockQueryErr = errors.New("storage query error") + mockUpdateErr = errors.New("storage update error") + ) + + tests := []struct { + name string + // driver allows for modifying the Helm storage driver. + driver func(helmdriver.Driver) helmdriver.Driver + // releases is the list of releases that are stored in the driver + // before unlock. + releases func(namespace string) []*helmrelease.Release + // spec modifies the HelmRelease Object spec before unlock. + spec func(spec *helmv2.HelmReleaseSpec) + // status to configure on the HelmRelease object before unlock. + status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + // wantErr is the error that is expected to be returned. + wantErr error + // expectedConditions are the conditions that are expected to be set on + // the HelmRelease after running rollback. + expectConditions []metav1.Condition + // expectCurrent is the expected Current release information in the + // HelmRelease after unlock. + expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectPrevious returns the expected Previous release information of + // the HelmRelease after unlock. + expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectFailures is the expected Failures count of the HelmRelease. + expectFailures int64 + // expectInstallFailures is the expected InstallFailures count of the + // HelmRelease. + expectInstallFailures int64 + // expectUpgradeFailures is the expected UpgradeFailures count of the + // HelmRelease. + expectUpgradeFailures int64 + }{ + { + name: "unlock success", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusPendingInstall, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.ReleasedCondition, "StalePending", + "Release unlocked from stale '%s' state", helmrelease.StatusPendingInstall), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + }, + { + name: "unlock failure", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + Driver: driver, + UpdateErr: mockUpdateErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusPendingRollback, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + wantErr: mockUpdateErr, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.ReleasedCondition, "StalePending", + "Failed to unlock release from stale '%s' state", helmrelease.StatusPendingRollback), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + { + name: "unlock without pending status", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusFailed, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: releases[0].Namespace, + Version: 1, + Status: helmrelease.StatusFailed.String(), + }, + } + }, + expectConditions: []metav1.Condition{}, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: releases[0].Namespace, + Version: 1, + Status: helmrelease.StatusFailed.String(), + } + }, + }, + { + name: "unlock without current", + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{} + }, + wantErr: ErrNoCurrent, + expectConditions: []metav1.Condition{}, + }, + { + name: "unlock with stale current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusDeployed, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: releases[0].Namespace, + Version: releases[0].Version - 1, + Status: helmrelease.StatusPendingInstall.String(), + }, + } + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: releases[0].Namespace, + Version: releases[0].Version - 1, + Status: helmrelease.StatusPendingInstall.String(), + } + }, + }, + { + name: "unlock without latest", + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Version: 1, + Status: helmrelease.StatusFailed.String(), + }, + } + }, + expectConditions: []metav1.Condition{}, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Version: 1, + Status: helmrelease.StatusFailed.String(), + } + }, + }, + { + name: "unlock with storage query error", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + Driver: driver, + QueryErr: mockQueryErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusPendingInstall, + }), + } + }, + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Version: 1, + Status: helmrelease.StatusFailed.String(), + }, + } + }, + wantErr: mockQueryErr, + expectConditions: []metav1.Condition{}, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Version: 1, + Status: helmrelease.StatusFailed.String(), + } + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + namedNS, err := testEnv.CreateNamespace(context.TODO(), mockReleaseNamespace) + g.Expect(err).NotTo(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), namedNS) + }) + releaseNamespace := namedNS.Name + + var releases []*helmrelease.Release + if tt.releases != nil { + releases = tt.releases(releaseNamespace) + helmreleaseutil.SortByRevision(releases) + } + + obj := &helmv2.HelmRelease{ + Spec: helmv2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: releaseNamespace, + StorageNamespace: releaseNamespace, + Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + }, + } + if tt.spec != nil { + tt.spec(&obj.Spec) + } + if tt.status != nil { + obj.Status = tt.status(releases) + } + + getter, err := RESTClientGetterFromManager(testEnv.Manager, obj.GetReleaseNamespace()) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithDebugLog(logr.Discard()), + ) + g.Expect(err).ToNot(HaveOccurred()) + + store := helmstorage.Init(cfg.Driver) + for _, r := range releases { + g.Expect(store.Create(r)).To(Succeed()) + } + + if tt.driver != nil { + cfg.Driver = tt.driver(cfg.Driver) + } + + got := (&Unlock{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + Object: obj, + }) + if tt.wantErr != nil { + g.Expect(errors.Is(got, tt.wantErr)).To(BeTrue()) + } else { + g.Expect(got).ToNot(HaveOccurred()) + } + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.expectConditions)) + + releases, _ = store.History(mockReleaseName) + helmreleaseutil.SortByRevision(releases) + + if tt.expectCurrent != nil { + g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + } else { + g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + } + + if tt.expectPrevious != nil { + g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + } else { + g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + } + + g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) + g.Expect(obj.Status.InstallFailures).To(Equal(tt.expectInstallFailures)) + g.Expect(obj.Status.UpgradeFailures).To(Equal(tt.expectUpgradeFailures)) + }) + } +} + +func Test_observeUnlock(t *testing.T) { + t.Run("unlock", func(t *testing.T) { + g := NewWithT(t) + + obj := &helmv2.HelmRelease{ + Status: helmv2.HelmReleaseStatus{ + Current: &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusPendingRollback.String(), + }, + }, + } + rls := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusFailed, + }) + expect := release.ObservedToInfo(release.ObserveRelease(rls)) + observeUnlock(obj)(rls) + + g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.Status.Current).To(Equal(expect)) + }) + + t.Run("unlock without current", func(t *testing.T) { + g := NewWithT(t) + + obj := &helmv2.HelmRelease{} + rls := helmrelease.Mock(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusFailed, + }) + observeUnlock(obj)(rls) + + g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.Status.Current).To(BeNil()) + }) +} diff --git a/internal/reconcile/upgrade.go b/internal/reconcile/upgrade.go new file mode 100644 index 000000000..c13b7776e --- /dev/null +++ b/internal/reconcile/upgrade.go @@ -0,0 +1,76 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/fluxcd/pkg/runtime/conditions" + "github.com/fluxcd/pkg/runtime/logger" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" +) + +type Upgrade struct { + configFactory *action.ConfigFactory +} + +func (r *Upgrade) Reconcile(ctx context.Context, req *Request) error { + var ( + cur = req.Object.Status.Current.DeepCopy() + logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) + cfg = r.configFactory.Build(logBuf.Log, observeRelease(req.Object)) + ) + + // Run upgrade action. + rls, err := action.Upgrade(ctx, cfg, req.Object, req.Chart, req.Values) + if err != nil { + // Mark failure on object. + conditions.MarkFalse(req.Object, helmv2.ReleasedCondition, helmv2.UpgradeFailedReason, err.Error()) + req.Object.Status.Failures++ + + // Return error if we did not store a release, as this does not + // affect state and the caller should e.g. retry. + if newCur := req.Object.Status.Current; newCur == nil || newCur == cur { + return err + } + + // Count upgrade failure on object, this is used to determine if + // we should retry the upgrade and/or remediation. We only count + // attempts which did cause a modification to the storage, as + // without a new release in storage there is nothing to remediate, + // and the action can be retried immediately without causing + // storage drift. + req.Object.Status.UpgradeFailures++ + return nil + } + + // Mark success on object. + conditions.MarkTrue(req.Object, helmv2.ReleasedCondition, helmv2.UpgradeSucceededReason, rls.Info.Description) + return nil +} + +func (r *Upgrade) Name() string { + return "upgrade" +} + +func (r *Upgrade) Type() ReconcilerType { + return ReconcilerTypeRelease +} diff --git a/internal/reconcile/upgrade_test.go b/internal/reconcile/upgrade_test.go new file mode 100644 index 000000000..d355ae107 --- /dev/null +++ b/internal/reconcile/upgrade_test.go @@ -0,0 +1,377 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/fluxcd/pkg/runtime/conditions" + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + helmchart "helm.sh/helm/v3/pkg/chart" + helmchartutil "helm.sh/helm/v3/pkg/chartutil" + helmrelease "helm.sh/helm/v3/pkg/release" + helmreleaseutil "helm.sh/helm/v3/pkg/releaseutil" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func Test_upgrade(t *testing.T) { + var ( + mockCreateErr = fmt.Errorf("storage create error") + mockUpdateErr = fmt.Errorf("storage update error") + ) + + tests := []struct { + name string + // driver allows for modifying the Helm storage driver. + driver func(driver helmdriver.Driver) helmdriver.Driver + // releases is the list of releases that are stored in the driver + // before upgrade. + releases func(namespace string) []*helmrelease.Release + // chart to upgrade. + chart *helmchart.Chart + // values to use during upgrade. + values helmchartutil.Values + // spec modifies the HelmRelease object spec before upgrade. + spec func(spec *helmv2.HelmReleaseSpec) + // status to configure on the HelmRelease Object before upgrade. + status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + // wantErr is the error that is expected to be returned. + wantErr error + // expectedConditions are the conditions that are expected to be set on + // the HelmRelease after upgrade. + expectConditions []metav1.Condition + // expectCurrent is the expected Current release information in the + // HelmRelease after upgrade. + expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectPrevious returns the expected Previous release information of + // the HelmRelease after upgrade. + expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + // expectFailures is the expected Failures count of the HelmRelease. + expectFailures int64 + // expectInstallFailures is the expected InstallFailures count of the + // HelmRelease. + expectInstallFailures int64 + // expectUpgradeFailures is the expected UpgradeFailures count of the + // HelmRelease. + expectUpgradeFailures int64 + }{ + { + name: "upgrade success", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Version: 1, + Status: helmrelease.StatusDeployed, + }), + } + }, + chart: testutil.BuildChart(), + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.UpgradeSucceededReason, + "Upgrade complete"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[1])) + }, + expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + }, + { + name: "upgrade failure", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Chart: testutil.BuildChart(), + Version: 1, + Status: helmrelease.StatusDeployed, + }), + } + }, + chart: testutil.BuildChart(testutil.ChartWithFailingHook()), + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.UpgradeFailedReason, + "post-upgrade hooks failed: 1 error occurred:\n\t* timed out waiting for the condition\n\n"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[1])) + }, + expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + expectUpgradeFailures: 1, + }, + { + name: "upgrade failure without storage create", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + Driver: driver, + CreateErr: mockCreateErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Chart: testutil.BuildChart(), + Version: 1, + Status: helmrelease.StatusDeployed, + }), + } + }, + chart: testutil.BuildChart(), + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.UpgradeFailedReason, + mockCreateErr.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + expectUpgradeFailures: 1, + }, + { + name: "upgrade failure without storage update", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + Driver: driver, + UpdateErr: mockUpdateErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Chart: testutil.BuildChart(), + Version: 1, + Status: helmrelease.StatusDeployed, + }), + } + }, + chart: testutil.BuildChart(), + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.UpgradeFailedReason, + mockUpdateErr.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[1])) + }, + expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + expectUpgradeFailures: 1, + }, + { + name: "upgrade without current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Chart: testutil.BuildChart(), + Version: 1, + Status: helmrelease.StatusDeployed, + }), + } + }, + chart: testutil.BuildChart(), + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: nil, + } + }, + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.UpgradeSucceededReason, + "Upgrade complete"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[1])) + }, + }, + { + name: "upgrade with stale current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Chart: testutil.BuildChart(), + Version: 1, + Status: helmrelease.StatusSuperseded, + }), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Chart: testutil.BuildChart(), + Version: 2, + Status: helmrelease.StatusDeployed, + }), + } + }, + chart: testutil.BuildChart(), + status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { + return helmv2.HelmReleaseStatus{ + Current: &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: releases[0].Namespace, + Version: 1, + Status: helmrelease.StatusDeployed.String(), + }, + } + }, + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.UpgradeSucceededReason, + "Upgrade complete"), + }, + expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[2])) + }, + expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + return &helmv2.HelmReleaseInfo{ + Name: mockReleaseName, + Namespace: releases[0].Namespace, + Version: 1, + Status: helmrelease.StatusDeployed.String(), + } + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + namedNS, err := testEnv.CreateNamespace(context.TODO(), mockReleaseNamespace) + g.Expect(err).NotTo(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), namedNS) + }) + releaseNamespace := namedNS.Name + + var releases []*helmrelease.Release + if tt.releases != nil { + releases = tt.releases(releaseNamespace) + helmreleaseutil.SortByRevision(releases) + } + + obj := &helmv2.HelmRelease{ + Spec: helmv2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: releaseNamespace, + StorageNamespace: releaseNamespace, + Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + }, + } + if tt.spec != nil { + tt.spec(&obj.Spec) + } + if tt.status != nil { + obj.Status = tt.status(releases) + } + + getter, err := RESTClientGetterFromManager(testEnv.Manager, obj.GetReleaseNamespace()) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithDebugLog(logr.Discard()), + ) + g.Expect(err).ToNot(HaveOccurred()) + + store := helmstorage.Init(cfg.Driver) + for _, r := range releases { + g.Expect(store.Create(r)).To(Succeed()) + } + + if tt.driver != nil { + cfg.Driver = tt.driver(cfg.Driver) + } + + got := (&Upgrade{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + Object: obj, + Chart: tt.chart, + Values: tt.values, + }) + if tt.wantErr != nil { + g.Expect(got).To(Equal(tt.wantErr)) + } else { + g.Expect(got).ToNot(HaveOccurred()) + } + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.expectConditions)) + + releases, _ = store.History(mockReleaseName) + helmreleaseutil.SortByRevision(releases) + + if tt.expectCurrent != nil { + g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + } else { + g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + } + + if tt.expectPrevious != nil { + g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + } else { + g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + } + + g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) + g.Expect(obj.Status.InstallFailures).To(Equal(tt.expectInstallFailures)) + g.Expect(obj.Status.UpgradeFailures).To(Equal(tt.expectUpgradeFailures)) + }) + } +} diff --git a/internal/storage/failing.go b/internal/storage/failing.go new file mode 100644 index 000000000..3669fcece --- /dev/null +++ b/internal/storage/failing.go @@ -0,0 +1,104 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package storage + +import ( + "helm.sh/helm/v3/pkg/release" + "helm.sh/helm/v3/pkg/storage/driver" +) + +const ( + // FailingDriverName is the name of the failing driver. + FailingDriverName = "failing" +) + +// Failing is a failing Helm storage driver that returns the configured errors. +type Failing struct { + driver.Driver + + // GetErr is returned by Get if configured. If not set, the embedded driver + // result is returned. + GetErr error + // ListErr is returned by List if configured. If not set, the embedded + // driver result is returned. + ListErr error + // QueryErr is returned by Query if configured. If not set, the embedded + // driver result is returned. + QueryErr error + // CreateErr is returned by Create if configured. If not set, the embedded + // driver result is returned. + CreateErr error + // UpdateErr is returned by Update if configured. If not set, the embedded + // driver result is returned. + UpdateErr error + // DeleteErr is returned by Delete if configured. If not set, the embedded + // driver result is returned. + DeleteErr error +} + +// Name returns the name of the driver. +func (o *Failing) Name() string { + return FailingDriverName +} + +// Get returns GetErr, or the embedded driver result. +func (o *Failing) Get(key string) (*release.Release, error) { + if o.GetErr != nil { + return nil, o.GetErr + } + return o.Driver.Get(key) +} + +// List returns ListErr, or the embedded driver result. +func (o *Failing) List(filter func(*release.Release) bool) ([]*release.Release, error) { + if o.ListErr != nil { + return nil, o.ListErr + } + return o.Driver.List(filter) +} + +// Query returns QueryErr, or the embedded driver result. +func (o *Failing) Query(keyvals map[string]string) ([]*release.Release, error) { + if o.QueryErr != nil { + return nil, o.QueryErr + } + return o.Driver.Query(keyvals) +} + +// Create returns CreateErr, or the embedded driver result. +func (o *Failing) Create(key string, rls *release.Release) error { + if o.CreateErr != nil { + return o.CreateErr + } + return o.Driver.Create(key, rls) +} + +// Update returns UpdateErr, or the embedded driver result. +func (o *Failing) Update(key string, rls *release.Release) error { + if o.UpdateErr != nil { + return o.UpdateErr + } + return o.Driver.Update(key, rls) +} + +// Delete returns DeleteErr, or the embedded driver result. +func (o *Failing) Delete(key string) (*release.Release, error) { + if o.DeleteErr != nil { + return nil, o.DeleteErr + } + return o.Driver.Delete(key) +} From 220e78948114c0c344a61bc7871a4175b9a83cb6 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 1 Jul 2022 21:04:42 +0200 Subject: [PATCH 10/76] Allow detection of next reconcile action This provides a rough (but not flawless) outline for determining the sub-reconciler which should run based on the state of the `HelmRelease` API object, and the Helm storage. Signed-off-by: Hidde Beydals --- internal/action/verify.go | 101 ++++++ internal/chartutil/diff.go | 30 ++ internal/chartutil/digest.go | 12 + internal/reconcile/action.go | 115 +++++++ internal/reconcile/action_test.go | 496 +++++++++++++++++++++++++++ internal/reconcile/install.go | 8 +- internal/reconcile/install_test.go | 46 +-- internal/reconcile/reconcile.go | 4 +- internal/reconcile/release.go | 4 +- internal/reconcile/release_test.go | 24 +- internal/reconcile/rollback.go | 8 +- internal/reconcile/rollback_test.go | 60 ++-- internal/reconcile/suite_test.go | 4 +- internal/reconcile/test.go | 8 +- internal/reconcile/test_test.go | 60 ++-- internal/reconcile/uninstall.go | 8 +- internal/reconcile/uninstall_test.go | 74 ++-- internal/reconcile/unlock.go | 8 +- internal/reconcile/unlock_test.go | 82 ++--- internal/reconcile/upgrade.go | 6 +- internal/reconcile/upgrade_test.go | 74 ++-- 21 files changed, 993 insertions(+), 239 deletions(-) create mode 100644 internal/action/verify.go create mode 100644 internal/chartutil/diff.go create mode 100644 internal/reconcile/action.go create mode 100644 internal/reconcile/action_test.go diff --git a/internal/action/verify.go b/internal/action/verify.go new file mode 100644 index 000000000..f7040bc0e --- /dev/null +++ b/internal/action/verify.go @@ -0,0 +1,101 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "errors" + + "github.com/opencontainers/go-digest" + helmaction "helm.sh/helm/v3/pkg/action" + helmchart "helm.sh/helm/v3/pkg/chart" + helmchartutil "helm.sh/helm/v3/pkg/chartutil" + helmrelease "helm.sh/helm/v3/pkg/release" + + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/release" +) + +var ( + ErrReleaseDisappeared = errors.New("observed release disappeared from storage") + ErrReleaseNotFound = errors.New("no release found") + ErrReleaseNotObserved = errors.New("release not observed to be made by reconciler") + ErrReleaseDigest = errors.New("release digest verification error") + ErrChartChanged = errors.New("release chart changed") + ErrConfigDigest = errors.New("release config digest verification error") +) + +// VerifyStorage verifies that the last release in the Helm storage matches the +// Current state of the given HelmRelease. It returns the release, or an error +// of type ErrReleaseDisappeared, ErrReleaseNotFound, ErrReleaseNotObserved, or +// ErrReleaseDigest. +func VerifyStorage(config *helmaction.Configuration, obj *v2.HelmRelease) (*helmrelease.Release, error) { + curRel := obj.Status.Current + rls, err := config.Releases.Last(obj.GetReleaseName()) + if err != nil { + if errors.Is(err, helmdriver.ErrReleaseNotFound) { + if curRel != nil && curRel.Name == obj.GetReleaseName() && curRel.Namespace == obj.GetReleaseNamespace() { + return nil, ErrReleaseDisappeared + } + return nil, ErrReleaseNotFound + } + return nil, err + } + if curRel == nil { + return rls, ErrReleaseNotObserved + } + + relDig, err := digest.Parse(obj.Status.Current.Digest) + if err != nil { + return rls, ErrReleaseDigest + } + verifier := relDig.Verifier() + + obs := release.ObserveRelease(rls) + if err := obs.Encode(verifier); err != nil { + // We are expected to be able to encode valid JSON, error out without a + // typed error assuming malfunction to signal to e.g. retry. + return nil, err + } + if !verifier.Verified() { + return nil, ErrReleaseNotObserved + } + return rls, nil +} + +// VerifyRelease verifies that the data of the given release matches the given +// chart metadata, and the provided values match the Current.ConfigDigest. +// It returns either an error of type ErrReleaseNotFound, ErrChartChanged or +// ErrConfigDigest, or nil. +func VerifyRelease(rls *helmrelease.Release, obj *v2.HelmRelease, chrt *helmchart.Metadata, vals helmchartutil.Values) error { + if rls == nil { + return ErrReleaseNotFound + } + + if chrt != nil { + if _, eq := chartutil.DiffMeta(*rls.Chart.Metadata, *chrt); !eq { + return ErrChartChanged + } + } + + if !chartutil.VerifyValues(digest.Digest(obj.Status.Current.ConfigDigest), vals) { + return ErrConfigDigest + } + return nil +} diff --git a/internal/chartutil/diff.go b/internal/chartutil/diff.go new file mode 100644 index 000000000..fc385d941 --- /dev/null +++ b/internal/chartutil/diff.go @@ -0,0 +1,30 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package chartutil + +import ( + "github.com/google/go-cmp/cmp" + "helm.sh/helm/v3/pkg/chart" +) + +// DiffMeta returns if the two chart.Metadata differ. +func DiffMeta(x, y chart.Metadata) (diff string, eq bool) { + if diff := cmp.Diff(x, y); diff != "" { + return diff, false + } + return "", true +} diff --git a/internal/chartutil/digest.go b/internal/chartutil/digest.go index aa6a8512f..b17b5b8d2 100644 --- a/internal/chartutil/digest.go +++ b/internal/chartutil/digest.go @@ -30,3 +30,15 @@ func DigestValues(algo digest.Algorithm, values chartutil.Values) digest.Digest } return digester.Digest() } + +// VerifyValues verifies the digest of the values against the provided digest. +func VerifyValues(digest digest.Digest, values chartutil.Values) bool { + if digest.Validate() != nil { + return false + } + verifier := digest.Verifier() + if err := values.Encode(verifier); err != nil { + return false + } + return verifier.Verified() +} diff --git a/internal/reconcile/action.go b/internal/reconcile/action.go new file mode 100644 index 000000000..65bac3601 --- /dev/null +++ b/internal/reconcile/action.go @@ -0,0 +1,115 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "errors" + + helmrelease "helm.sh/helm/v3/pkg/release" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" +) + +var ( + // ErrReconcileEnd is returned by NextAction when the reconciliation process + // has reached an end state. + ErrReconcileEnd = errors.New("abort reconcile") +) + +// NextAction determines the action that should be performed for the release +// by verifying the integrity of the Helm storage and further state of the +// release, and comparing the Request.Chart and Request.Values to the latest +// release. It can be called repeatedly to step through the reconciliation +// process until it ends up in a state as desired by the Request.Object. +func NextAction(factory *action.ConfigFactory, req *Request) (ActionReconciler, error) { + rls, err := action.VerifyStorage(factory.Build(nil), req.Object) + if err != nil { + switch err { + case action.ErrReleaseNotFound, action.ErrReleaseDisappeared: + return &Install{configFactory: factory}, nil + case action.ErrReleaseNotObserved, action.ErrReleaseDigest: + return &Upgrade{configFactory: factory}, nil + default: + return nil, err + } + } + + if rls.Info.Status.IsPending() { + return &Unlock{configFactory: factory}, nil + } + + remediation := req.Object.Spec.GetInstall().GetRemediation() + if req.Object.Status.Previous != nil { + remediation = req.Object.Spec.GetUpgrade().GetRemediation() + } + + // TODO(hidde): the logic below lacks some implementation details. E.g. + // upgrading a failed release when a newer chart version appears. + switch rls.Info.Status { + case helmrelease.StatusFailed: + return rollbackOrUninstall(factory, req) + case helmrelease.StatusUninstalled: + return &Install{configFactory: factory}, nil + case helmrelease.StatusSuperseded: + return &Install{configFactory: factory}, nil + case helmrelease.StatusDeployed: + if err = action.VerifyRelease(rls, req.Object, req.Chart.Metadata, req.Values); err != nil { + switch err { + case action.ErrChartChanged: + return &Upgrade{configFactory: factory}, nil + case action.ErrConfigDigest: + return &Upgrade{configFactory: factory}, nil + default: + return nil, err + } + } + + if testSpec := req.Object.Spec.GetTest(); testSpec.Enable { + if !release.HasBeenTested(rls) { + return &Test{configFactory: factory}, nil + } + if release.HasFailedTests(rls) { + if !remediation.MustIgnoreTestFailures(req.Object.Spec.GetTest().IgnoreFailures) { + return rollbackOrUninstall(factory, req) + } + } + } + } + return nil, ErrReconcileEnd +} + +func rollbackOrUninstall(factory *action.ConfigFactory, req *Request) (ActionReconciler, error) { + remediation := req.Object.Spec.GetInstall().GetRemediation() + if req.Object.Status.Previous != nil { + // TODO: determine if previous is still in storage and unmodified + remediation = req.Object.Spec.GetUpgrade().GetRemediation() + } + // TODO: remove dependency on counter, as this shouldn't be used to determine + // if it's enabled. + remediation.IncrementFailureCount(req.Object) + if !remediation.RetriesExhausted(*req.Object) || remediation.MustRemediateLastFailure() { + switch remediation.GetStrategy() { + case v2.RollbackRemediationStrategy: + return &Rollback{configFactory: factory}, nil + case v2.UninstallRemediationStrategy: + return &Uninstall{configFactory: factory}, nil + } + } + return nil, ErrReconcileEnd +} diff --git a/internal/reconcile/action_test.go b/internal/reconcile/action_test.go new file mode 100644 index 000000000..3247d25d3 --- /dev/null +++ b/internal/reconcile/action_test.go @@ -0,0 +1,496 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "testing" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + helmchart "helm.sh/helm/v3/pkg/chart" + helmchartutil "helm.sh/helm/v3/pkg/chartutil" + helmrelease "helm.sh/helm/v3/pkg/release" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/kube" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func Test_NextAction(t *testing.T) { + tests := []struct { + name string + releases []*helmrelease.Release + spec func(spec *v2.HelmReleaseSpec) + status func(releases []*helmrelease.Release) v2.HelmReleaseStatus + chart *helmchart.Chart + values helmchartutil.Values + want ActionReconciler + wantErr bool + }{ + { + name: "up-to-date release returns no action", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + wantErr: true, + }, + { + name: "no release in storage requires install", + releases: nil, + want: &Install{}, + }, + { + name: "disappeared release from storage requires install", + status: func(_ []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }))), + } + }, + want: &Install{}, + }, + { + name: "existing release without current requires upgrade", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }), + }, + want: &Upgrade{}, + }, + { + name: "release digest parse error requires upgrade", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + cur := release.ObservedToInfo(release.ObserveRelease(releases[0])) + cur.Digest = "sha256:invalid" + return v2.HelmReleaseStatus{ + Current: cur, + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + want: &Upgrade{}, + }, + { + name: "release digest mismatch requires upgrade", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + cur := release.ObservedToInfo(release.ObserveRelease(releases[0])) + // Digest for empty string is always mismatch + cur.Digest = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + return v2.HelmReleaseStatus{ + Current: cur, + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + want: &Upgrade{}, + }, + { + name: "verified release with pending state requires unlock", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusPendingInstall, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + want: &Unlock{}, + }, + { + name: "deployed release requires test when enabled", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Test = &v2.Test{ + Enable: true, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + want: &Test{}, + }, + { + name: "failed test requires rollback when enabled", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusSuperseded, + Chart: testutil.BuildChart(), + }), + testutil.BuildRelease( + &helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, + testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}), + testutil.ReleaseWithHookExecution("failed-tests", []helmrelease.HookEvent{helmrelease.HookTest}, + helmrelease.HookPhaseFailed), + ), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Test = &v2.Test{ + Enable: true, + } + spec.Upgrade = &v2.Upgrade{ + Remediation: &v2.UpgradeRemediation{ + Retries: 1, + }, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + want: &Rollback{}, + }, + { + name: "failed test requires uninstall when enabled", + releases: []*helmrelease.Release{ + testutil.BuildRelease( + &helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, + testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}), + testutil.ReleaseWithHookExecution("failed-tests", []helmrelease.HookEvent{helmrelease.HookTest}, + helmrelease.HookPhaseFailed), + ), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Test = &v2.Test{ + Enable: true, + } + spec.Install = &v2.Install{ + Remediation: &v2.InstallRemediation{ + Retries: 1, + }, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + want: &Uninstall{}, + }, + { + name: "failed test is ignored when ignore failures is set", + releases: []*helmrelease.Release{ + testutil.BuildRelease( + &helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, + testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}), + testutil.ReleaseWithHookExecution("failed-tests", []helmrelease.HookEvent{helmrelease.HookTest}, + helmrelease.HookPhaseFailed), + ), + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Test = &v2.Test{ + Enable: true, + IgnoreFailures: true, + } + spec.Install = &v2.Install{ + Remediation: &v2.InstallRemediation{ + Retries: 1, + }, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + wantErr: true, + }, + { + name: "failed release requires rollback when enabled", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusSuperseded, + Chart: testutil.BuildChart(), + }), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusFailed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Upgrade = &v2.Upgrade{ + Remediation: &v2.UpgradeRemediation{ + Retries: 1, + }, + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + want: &Rollback{}, + }, + { + name: "failed release requires uninstall when enabled", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusFailed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Install = &v2.Install{ + Remediation: &v2.InstallRemediation{ + Retries: 1, + }, + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + want: &Uninstall{}, + }, + { + name: "failed release is ignored when no remediation strategy is configured", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusFailed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + wantErr: true, + }, + { + name: "uninstalled release requires install", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusUninstalled, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + want: &Install{}, + }, + { + name: "chart change requires upgrade", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + chart: testutil.BuildChart(testutil.ChartWithName("other-name")), + values: map[string]interface{}{"foo": "bar"}, + want: &Upgrade{}, + }, + { + name: "values diff requires upgrade", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"bar": "foo"}, + want: &Upgrade{}, + }, + // { + // name: "manifestTmpl diff requires upgrade (or apply?) when enabled", + // }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: mockReleaseNamespace, + StorageNamespace: mockReleaseNamespace, + }, + } + if tt.spec != nil { + tt.spec(&obj.Spec) + } + if tt.status != nil { + obj.Status = tt.status(tt.releases) + } + + cfg, err := action.NewConfigFactory(&kube.MemoryRESTClientGetter{}, + action.WithStorage(helmdriver.MemoryDriverName, mockReleaseNamespace), + action.WithDebugLog(logr.Discard())) + g.Expect(err).ToNot(HaveOccurred()) + + if len(tt.releases) > 0 { + store := helmstorage.Init(cfg.Driver) + for _, i := range tt.releases { + g.Expect(store.Create(i)).To(Succeed()) + } + } + + got, err := NextAction(cfg, &Request{ + Object: obj, + Chart: tt.chart, + Values: tt.values, + }) + if tt.wantErr { + g.Expect(got).To(BeNil()) + g.Expect(err).To(HaveOccurred()) + return + } + g.Expect(got).To(BeAssignableToTypeOf(tt.want)) + g.Expect(err).ToNot(HaveOccurred()) + }) + } +} diff --git a/internal/reconcile/install.go b/internal/reconcile/install.go index 4cf3b4a3c..dc8c4a328 100644 --- a/internal/reconcile/install.go +++ b/internal/reconcile/install.go @@ -24,7 +24,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" ) @@ -44,7 +44,7 @@ func (r *Install) Reconcile(ctx context.Context, req *Request) error { if err != nil { // Mark failure on object. req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, helmv2.ReleasedCondition, helmv2.InstallFailedReason, err.Error()) + conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.InstallFailedReason, err.Error()) // Return error if we did not store a release, as this does not // require remediation and the caller should e.g. retry. @@ -64,8 +64,8 @@ func (r *Install) Reconcile(ctx context.Context, req *Request) error { // Mark release success and delete any test success, as the current release // isn't tested (yet). - conditions.MarkTrue(req.Object, helmv2.ReleasedCondition, helmv2.InstallSucceededReason, rls.Info.Description) - conditions.Delete(req.Object, helmv2.TestSuccessCondition) + conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.InstallSucceededReason, rls.Info.Description) + conditions.Delete(req.Object, v2.TestSuccessCondition) return nil } diff --git a/internal/reconcile/install_test.go b/internal/reconcile/install_test.go index dd055e4c1..e13ea62f7 100644 --- a/internal/reconcile/install_test.go +++ b/internal/reconcile/install_test.go @@ -34,7 +34,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" @@ -54,9 +54,9 @@ func TestInstall_Reconcile(t *testing.T) { // values to use during install. values chartutil.Values // spec modifies the HelmRelease object spec before install. - spec func(spec *helmv2.HelmReleaseSpec) + spec func(spec *v2.HelmReleaseSpec) // status to configure on the HelmRelease object before install. - status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + status func(releases []*helmrelease.Release) v2.HelmReleaseStatus // wantErr is the error that is expected to be returned. wantErr error // expectedConditions are the conditions that are expected to be set on @@ -64,10 +64,10 @@ func TestInstall_Reconcile(t *testing.T) { expectConditions []metav1.Condition // expectCurrent is the expected Current release information in the // HelmRelease after install. - expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectCurrent func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectPrevious returns the expected Previous release information of // the HelmRelease after install. - expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectPrevious func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectFailures is the expected Failures count of the HelmRelease. expectFailures int64 // expectInstallFailures is the expected InstallFailures count of the @@ -81,10 +81,10 @@ func TestInstall_Reconcile(t *testing.T) { name: "install success", chart: testutil.BuildChart(), expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.InstallSucceededReason, + *conditions.TrueCondition(v2.ReleasedCondition, v2.InstallSucceededReason, "Install complete"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, }, @@ -92,10 +92,10 @@ func TestInstall_Reconcile(t *testing.T) { name: "install failure", chart: testutil.BuildChart(testutil.ChartWithFailingHook()), expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.InstallFailedReason, + *conditions.FalseCondition(v2.ReleasedCondition, v2.InstallFailedReason, "failed post-install"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -112,7 +112,7 @@ func TestInstall_Reconcile(t *testing.T) { chart: testutil.BuildChart(), wantErr: fmt.Errorf("storage create error"), expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.InstallFailedReason, + *conditions.FalseCondition(v2.ReleasedCondition, v2.InstallFailedReason, "storage create error"), }, expectFailures: 1, @@ -131,32 +131,32 @@ func TestInstall_Reconcile(t *testing.T) { }), } }, - spec: func(spec *helmv2.HelmReleaseSpec) { - spec.Install = &helmv2.Install{ + spec: func(spec *v2.HelmReleaseSpec) { + spec.Install = &v2.Install{ Replace: true, } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, chart: testutil.BuildChart(), expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.InstallSucceededReason, + *conditions.TrueCondition(v2.ReleasedCondition, v2.InstallSucceededReason, "Install complete"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) }, - expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, }, { name: "install with stale current", - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(testutil.BuildRelease(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, Namespace: "other", @@ -168,10 +168,10 @@ func TestInstall_Reconcile(t *testing.T) { }, chart: testutil.BuildChart(), expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.InstallSucceededReason, + *conditions.TrueCondition(v2.ReleasedCondition, v2.InstallSucceededReason, "Install complete"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, }, @@ -193,8 +193,8 @@ func TestInstall_Reconcile(t *testing.T) { releaseutil.SortByRevision(releases) } - obj := &helmv2.HelmRelease{ - Spec: helmv2.HelmReleaseSpec{ + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ ReleaseName: mockReleaseName, TargetNamespace: releaseNamespace, StorageNamespace: releaseNamespace, diff --git a/internal/reconcile/reconcile.go b/internal/reconcile/reconcile.go index 516f0cc97..762c9204d 100644 --- a/internal/reconcile/reconcile.go +++ b/internal/reconcile/reconcile.go @@ -22,7 +22,7 @@ import ( helmchart "helm.sh/helm/v3/pkg/chart" helmchartutil "helm.sh/helm/v3/pkg/chartutil" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" ) const ( @@ -50,7 +50,7 @@ type ReconcilerType string type Request struct { // Object is the Helm release to be reconciled, and describes the desired // state to the ActionReconciler. - Object *helmv2.HelmRelease + Object *v2.HelmRelease // Chart is the Helm chart to be installed or upgraded. Chart *helmchart.Chart // Values is the Helm chart values to be used for the installation or diff --git a/internal/reconcile/release.go b/internal/reconcile/release.go index d912872d0..94224a599 100644 --- a/internal/reconcile/release.go +++ b/internal/reconcile/release.go @@ -21,7 +21,7 @@ import ( helmrelease "helm.sh/helm/v3/pkg/release" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" ) @@ -44,7 +44,7 @@ var ( // and Status.Previous fields of the HelmRelease object. It can be used to // record Helm install and upgrade actions as - and while - they are written to // the Helm storage. -func observeRelease(obj *helmv2.HelmRelease) storage.ObserveFunc { +func observeRelease(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { cur := obj.Status.Current.DeepCopy() obs := release.ObserveRelease(rls) diff --git a/internal/reconcile/release_test.go b/internal/reconcile/release_test.go index b7ef6db4e..1cccc5f0c 100644 --- a/internal/reconcile/release_test.go +++ b/internal/reconcile/release_test.go @@ -22,7 +22,7 @@ import ( . "github.com/onsi/gomega" helmrelease "helm.sh/helm/v3/pkg/release" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/release" ) @@ -40,7 +40,7 @@ func Test_observeRelease(t *testing.T) { t.Run("release", func(t *testing.T) { g := NewWithT(t) - obj := &helmv2.HelmRelease{} + obj := &v2.HelmRelease{} mock := helmrelease.Mock(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, Namespace: mockReleaseNamespace, @@ -59,13 +59,13 @@ func Test_observeRelease(t *testing.T) { t.Run("release with current", func(t *testing.T) { g := NewWithT(t) - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 1, } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, }, } @@ -87,13 +87,13 @@ func Test_observeRelease(t *testing.T) { t.Run("release with current with different name", func(t *testing.T) { g := NewWithT(t) - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: otherReleaseName, Namespace: otherReleaseNamespace, Version: 3, } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, }, } @@ -114,20 +114,20 @@ func Test_observeRelease(t *testing.T) { t.Run("release with update to previous", func(t *testing.T) { g := NewWithT(t) - previous := &helmv2.HelmReleaseInfo{ + previous := &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 1, Status: helmrelease.StatusDeployed.String(), } - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: previous.Name, Namespace: previous.Namespace, Version: previous.Version + 1, Status: helmrelease.StatusPendingInstall.String(), } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, Previous: previous, }, diff --git a/internal/reconcile/rollback.go b/internal/reconcile/rollback.go index f5d3bd25e..319f80d7a 100644 --- a/internal/reconcile/rollback.go +++ b/internal/reconcile/rollback.go @@ -26,7 +26,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" "github.com/fluxcd/pkg/runtime/logger" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" @@ -59,7 +59,7 @@ func (r *Rollback) Reconcile(ctx context.Context, req *Request) error { if err := action.Rollback(r.configFactory.Build(logBuf.Log, observeRollback(req.Object)), req.Object); err != nil { // Mark failure on object. req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, helmv2.RemediatedCondition, helmv2.RollbackFailedReason, err.Error()) + conditions.MarkFalse(req.Object, v2.RemediatedCondition, v2.RollbackFailedReason, err.Error()) // Return error if we did not store a release, as this does not // affect state and the caller should e.g. retry. @@ -74,7 +74,7 @@ func (r *Rollback) Reconcile(ctx context.Context, req *Request) error { if prev := req.Object.Status.Previous; prev != nil { condMsg = fmt.Sprintf("Rolled back to version %d", prev.Version) } - conditions.MarkTrue(req.Object, helmv2.RemediatedCondition, helmv2.RollbackSucceededReason, condMsg) + conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.RollbackSucceededReason, condMsg) return nil } @@ -82,7 +82,7 @@ func (r *Rollback) Reconcile(ctx context.Context, req *Request) error { // and record the result of a rollback action in the status of the given release. // It updates the Status.Current field of the release if it equals the target // of the rollback action, and version >= Current.Version. -func observeRollback(obj *helmv2.HelmRelease) storage.ObserveFunc { +func observeRollback(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { cur := obj.Status.Current.DeepCopy() obs := release.ObserveRelease(rls) diff --git a/internal/reconcile/rollback_test.go b/internal/reconcile/rollback_test.go index ac5fec03a..cc5725f55 100644 --- a/internal/reconcile/rollback_test.go +++ b/internal/reconcile/rollback_test.go @@ -32,7 +32,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/testutil" @@ -47,9 +47,9 @@ func TestRollback_Reconcile(t *testing.T) { // before rollback. releases func(namespace string) []*helmrelease.Release // spec modifies the HelmRelease object's spec before rollback. - spec func(spec *helmv2.HelmReleaseSpec) + spec func(spec *v2.HelmReleaseSpec) // status to configure on the HelmRelease before rollback. - status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + status func(releases []*helmrelease.Release) v2.HelmReleaseStatus // wantErr is the error that is expected to be returned. wantErr error // expectedConditions are the conditions that are expected to be set on @@ -57,10 +57,10 @@ func TestRollback_Reconcile(t *testing.T) { expectConditions []metav1.Condition // expectCurrent is the expected Current release information on the // HelmRelease after rolling back. - expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectCurrent func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectPrevious returns the expected Previous release information of // the HelmRelease after rolling back. - expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectPrevious func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectFailures is the expected Failures count on the HelmRelease. expectFailures int64 // expectInstallFailures is the expected InstallFailures count on the @@ -90,20 +90,20 @@ func TestRollback_Reconcile(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.RemediatedCondition, helmv2.RollbackSucceededReason, + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rolled back to version 1"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[2])) }, - expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, }, @@ -127,13 +127,13 @@ func TestRollback_Reconcile(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), } }, wantErr: ErrNoPrevious, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) }, }, @@ -157,20 +157,20 @@ func TestRollback_Reconcile(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.RemediatedCondition, helmv2.RollbackFailedReason, + *conditions.FalseCondition(v2.RemediatedCondition, v2.RollbackFailedReason, "timed out waiting for the condition"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[2])) }, - expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -193,8 +193,8 @@ func TestRollback_Reconcile(t *testing.T) { helmreleaseutil.SortByRevision(releases) } - obj := &helmv2.HelmRelease{ - Spec: helmv2.HelmReleaseSpec{ + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ ReleaseName: mockReleaseName, TargetNamespace: releaseNamespace, StorageNamespace: releaseNamespace, @@ -260,7 +260,7 @@ func Test_observeRollback(t *testing.T) { t.Run("rollback", func(t *testing.T) { g := NewWithT(t) - obj := &helmv2.HelmRelease{} + obj := &v2.HelmRelease{} rls := helmrelease.Mock(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, Namespace: mockReleaseNamespace, @@ -277,14 +277,14 @@ func Test_observeRollback(t *testing.T) { t.Run("rollback with current", func(t *testing.T) { g := NewWithT(t) - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 2, Status: helmrelease.StatusFailed.String(), } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, }, } @@ -305,14 +305,14 @@ func Test_observeRollback(t *testing.T) { t.Run("rollback with current with higher version", func(t *testing.T) { g := NewWithT(t) - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 2, Status: helmrelease.StatusPendingRollback.String(), } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, }, } @@ -331,14 +331,14 @@ func Test_observeRollback(t *testing.T) { t.Run("rollback with current with different name", func(t *testing.T) { g := NewWithT(t) - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: mockReleaseName + "-other", Namespace: mockReleaseNamespace, Version: 2, Status: helmrelease.StatusFailed.String(), } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, }, } diff --git a/internal/reconcile/suite_test.go b/internal/reconcile/suite_test.go index 867ec2d93..f2dc80b39 100644 --- a/internal/reconcile/suite_test.go +++ b/internal/reconcile/suite_test.go @@ -34,7 +34,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/manager" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" ) var ( @@ -43,7 +43,7 @@ var ( ) func TestMain(m *testing.M) { - utilruntime.Must(helmv2.AddToScheme(scheme.Scheme)) + utilruntime.Must(v2.AddToScheme(scheme.Scheme)) testEnv = testenv.New() diff --git a/internal/reconcile/test.go b/internal/reconcile/test.go index 85ec32bba..ed6b556a2 100644 --- a/internal/reconcile/test.go +++ b/internal/reconcile/test.go @@ -26,7 +26,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" @@ -61,7 +61,7 @@ func (r *Test) Reconcile(ctx context.Context, req *Request) error { // Something went wrong. if err != nil { req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, helmv2.TestSuccessCondition, helmv2.TestFailedReason, err.Error()) + conditions.MarkFalse(req.Object, v2.TestSuccessCondition, v2.TestFailedReason, err.Error()) // If we failed to observe anything happened at all, we want to retry // and return the error to indicate this. if req.Object.Status.Current == cur { @@ -75,7 +75,7 @@ func (r *Test) Reconcile(ctx context.Context, req *Request) error { if hookLen := len(req.Object.Status.Current.TestHooks); hookLen > 0 { condMsg = fmt.Sprintf("%d test hook(s) completed successfully.", hookLen) } - conditions.MarkTrue(req.Object, helmv2.TestSuccessCondition, helmv2.TestSucceededReason, condMsg) + conditions.MarkTrue(req.Object, v2.TestSuccessCondition, v2.TestSucceededReason, condMsg) return nil } @@ -87,7 +87,7 @@ func (r *Test) Type() ReconcilerType { return ReconcilerTypeTest } -func observeTest(obj *helmv2.HelmRelease) storage.ObserveFunc { +func observeTest(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { if cur := obj.Status.Current; cur != nil { obs := release.ObserveRelease(rls) diff --git a/internal/reconcile/test_test.go b/internal/reconcile/test_test.go index cad78d496..5a4959091 100644 --- a/internal/reconcile/test_test.go +++ b/internal/reconcile/test_test.go @@ -32,7 +32,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/testutil" @@ -82,9 +82,9 @@ func TestTest_Reconcile(t *testing.T) { // before test. releases func(namespace string) []*helmrelease.Release // spec modifies the HelmRelease Object spec before test. - spec func(spec *helmv2.HelmReleaseSpec) + spec func(spec *v2.HelmReleaseSpec) // status to configure on the HelmRelease Object before test. - status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + status func(releases []*helmrelease.Release) v2.HelmReleaseStatus // wantErr is the error that is expected to be returned. wantErr error // expectedConditions are the conditions that are expected to be set on @@ -92,10 +92,10 @@ func TestTest_Reconcile(t *testing.T) { expectConditions []metav1.Condition // expectCurrent is the expected Current release information in the // HelmRelease after install. - expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectCurrent func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectPrevious returns the expected Previous release information of // the HelmRelease after install. - expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectPrevious func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectFailures is the expected Failures count of the HelmRelease. expectFailures int64 // expectInstallFailures is the expected InstallFailures count of the @@ -118,16 +118,16 @@ func TestTest_Reconcile(t *testing.T) { }, testutil.ReleaseWithTestHook()), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.TestSuccessCondition, helmv2.TestSucceededReason, + *conditions.TrueCondition(v2.TestSuccessCondition, v2.TestSucceededReason, "1 test hook(s) completed successfully."), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { info := release.ObservedToInfo(release.ObserveRelease(releases[0])) info.TestHooks = release.TestHooksFromRelease(releases[0]) return info @@ -146,16 +146,16 @@ func TestTest_Reconcile(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.TestSuccessCondition, helmv2.TestSucceededReason, + *conditions.TrueCondition(v2.TestSuccessCondition, v2.TestSucceededReason, "No test hooks."), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { info := release.ObservedToInfo(release.ObserveRelease(releases[0])) return info }, @@ -173,16 +173,16 @@ func TestTest_Reconcile(t *testing.T) { }, testutil.ReleaseWithFailingTestHook()), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.TestSuccessCondition, helmv2.TestFailedReason, + *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestFailedReason, "timed out waiting for the condition"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { info := release.ObservedToInfo(release.ObserveRelease(releases[0])) info.TestHooks = release.TestHooksFromRelease(releases[0]) return info @@ -225,16 +225,16 @@ func TestTest_Reconcile(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.TestSuccessCondition, helmv2.TestFailedReason, + *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestFailedReason, ErrReleaseMismatch.Error()), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -257,8 +257,8 @@ func TestTest_Reconcile(t *testing.T) { helmreleaseutil.SortByRevision(releases) } - obj := &helmv2.HelmRelease{ - Spec: helmv2.HelmReleaseSpec{ + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ ReleaseName: mockReleaseName, TargetNamespace: releaseNamespace, StorageNamespace: releaseNamespace, @@ -327,9 +327,9 @@ func Test_observeTest(t *testing.T) { t.Run("test with current", func(t *testing.T) { g := NewWithT(t) - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ - Current: &helmv2.HelmReleaseInfo{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 1, @@ -353,13 +353,13 @@ func Test_observeTest(t *testing.T) { t.Run("test with different current version", func(t *testing.T) { g := NewWithT(t) - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 1, } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, }, } @@ -377,7 +377,7 @@ func Test_observeTest(t *testing.T) { t.Run("test without current", func(t *testing.T) { g := NewWithT(t) - obj := &helmv2.HelmRelease{} + obj := &v2.HelmRelease{} rls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, diff --git a/internal/reconcile/uninstall.go b/internal/reconcile/uninstall.go index 6f7d0063e..c24f2be51 100644 --- a/internal/reconcile/uninstall.go +++ b/internal/reconcile/uninstall.go @@ -26,7 +26,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" "github.com/fluxcd/pkg/runtime/logger" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" @@ -69,7 +69,7 @@ func (r *Uninstall) Reconcile(ctx context.Context, req *Request) error { // Handle any error. if err != nil { req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, helmv2.RemediatedCondition, helmv2.UninstallFailedReason, err.Error()) + conditions.MarkFalse(req.Object, v2.RemediatedCondition, v2.UninstallFailedReason, err.Error()) if req.Object.Status.Current == cur { return err } @@ -77,7 +77,7 @@ func (r *Uninstall) Reconcile(ctx context.Context, req *Request) error { } // Mark success. - conditions.MarkTrue(req.Object, helmv2.RemediatedCondition, helmv2.UninstallSucceededReason, + conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.UninstallSucceededReason, res.Release.Info.Description) return nil } @@ -94,7 +94,7 @@ func (r *Uninstall) Type() ReconcilerType { // and record the result of an uninstall action in the status of the given // release. It updates the Status.Current field of the release if it equals the // uninstallation target, and version = Current.Version. -func observeUninstall(obj *helmv2.HelmRelease) storage.ObserveFunc { +func observeUninstall(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { if cur := obj.Status.Current; cur != nil { if obs := release.ObserveRelease(rls); obs.Targets(cur.Name, cur.Namespace, cur.Version) { diff --git a/internal/reconcile/uninstall_test.go b/internal/reconcile/uninstall_test.go index bcabd58a1..9e3eda33d 100644 --- a/internal/reconcile/uninstall_test.go +++ b/internal/reconcile/uninstall_test.go @@ -32,7 +32,7 @@ import ( helmdriver "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" @@ -48,9 +48,9 @@ func Test_uninstall(t *testing.T) { // before uninstall. releases func(namespace string) []*helmrelease.Release // spec modifies the HelmRelease Object spec before uninstall. - spec func(spec *helmv2.HelmReleaseSpec) + spec func(spec *v2.HelmReleaseSpec) // status to configure on the HelmRelease Object before uninstall. - status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + status func(releases []*helmrelease.Release) v2.HelmReleaseStatus // wantErr is the error that is expected to be returned. wantErr error // expectedConditions are the conditions that are expected to be set on @@ -58,10 +58,10 @@ func Test_uninstall(t *testing.T) { expectConditions []metav1.Condition // expectCurrent is the expected Current release information in the // HelmRelease after uninstall. - expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectCurrent func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectPrevious returns the expected Previous release information of // the HelmRelease after uninstall. - expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectPrevious func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectFailures is the expected Failures count of the HelmRelease. expectFailures int64 // expectInstallFailures is the expected InstallFailures count of the @@ -84,21 +84,21 @@ func Test_uninstall(t *testing.T) { }), } }, - spec: func(spec *helmv2.HelmReleaseSpec) { - spec.Uninstall = &helmv2.Uninstall{ + spec: func(spec *v2.HelmReleaseSpec) { + spec.Uninstall = &v2.Uninstall{ KeepHistory: true, } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.RemediatedCondition, helmv2.UninstallSucceededReason, + *conditions.TrueCondition(v2.RemediatedCondition, v2.UninstallSucceededReason, "Uninstallation complete"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, }, @@ -115,21 +115,21 @@ func Test_uninstall(t *testing.T) { }, testutil.ReleaseWithFailingHook()), } }, - spec: func(spec *helmv2.HelmReleaseSpec) { - spec.Uninstall = &helmv2.Uninstall{ + spec: func(spec *v2.HelmReleaseSpec) { + spec.Uninstall = &v2.Uninstall{ KeepHistory: true, } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.RemediatedCondition, helmv2.UninstallFailedReason, + *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, "uninstallation completed with 1 error(s): 1 error occurred:\n\t* timed out waiting for the condition\n\n"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -157,16 +157,16 @@ func Test_uninstall(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.RemediatedCondition, helmv2.UninstallFailedReason, + *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, "delete error"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -207,21 +207,21 @@ func Test_uninstall(t *testing.T) { }), } }, - spec: func(spec *helmv2.HelmReleaseSpec) { - spec.Uninstall = &helmv2.Uninstall{ + spec: func(spec *v2.HelmReleaseSpec) { + spec.Uninstall = &v2.Uninstall{ KeepHistory: true, } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.RemediatedCondition, helmv2.UninstallFailedReason, + *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, ErrReleaseMismatch.Error()), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -244,8 +244,8 @@ func Test_uninstall(t *testing.T) { releaseutil.SortByRevision(releases) } - obj := &helmv2.HelmRelease{ - Spec: helmv2.HelmReleaseSpec{ + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ ReleaseName: mockReleaseName, TargetNamespace: releaseNamespace, StorageNamespace: releaseNamespace, @@ -314,14 +314,14 @@ func Test_observeUninstall(t *testing.T) { t.Run("uninstall of current", func(t *testing.T) { g := NewWithT(t) - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 1, Status: helmrelease.StatusDeployed.String(), } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, }, } @@ -342,8 +342,8 @@ func Test_observeUninstall(t *testing.T) { t.Run("uninstall without current", func(t *testing.T) { g := NewWithT(t) - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: nil, }, } @@ -362,14 +362,14 @@ func Test_observeUninstall(t *testing.T) { t.Run("uninstall of different version than current", func(t *testing.T) { g := NewWithT(t) - current := &helmv2.HelmReleaseInfo{ + current := &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 1, Status: helmrelease.StatusDeployed.String(), } - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ Current: current, }, } diff --git a/internal/reconcile/unlock.go b/internal/reconcile/unlock.go index d64cbc60e..908bf4d53 100644 --- a/internal/reconcile/unlock.go +++ b/internal/reconcile/unlock.go @@ -25,7 +25,7 @@ import ( helmrelease "helm.sh/helm/v3/pkg/release" helmdriver "helm.sh/helm/v3/pkg/storage/driver" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" @@ -66,11 +66,11 @@ func (r *Unlock) Reconcile(_ context.Context, req *Request) error { status.String())) if err = cfg.Releases.Update(rls); err != nil { req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, helmv2.ReleasedCondition, "StalePending", + conditions.MarkFalse(req.Object, v2.ReleasedCondition, "StalePending", "Failed to unlock release from stale '%s' state: %s", status.String(), err.Error()) return err } - conditions.MarkFalse(req.Object, helmv2.ReleasedCondition, "StalePending", rls.Info.Description) + conditions.MarkFalse(req.Object, v2.ReleasedCondition, "StalePending", rls.Info.Description) } } return nil @@ -88,7 +88,7 @@ func (r *Unlock) Type() ReconcilerType { // record the result of an unlock action in the status of the given release. // It updates the Status.Current field of the release if it equals the target // of the unlock action. -func observeUnlock(obj *helmv2.HelmRelease) storage.ObserveFunc { +func observeUnlock(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { if cur := obj.Status.Current; cur != nil { obs := release.ObserveRelease(rls) diff --git a/internal/reconcile/unlock_test.go b/internal/reconcile/unlock_test.go index 58a49a154..b53ced76f 100644 --- a/internal/reconcile/unlock_test.go +++ b/internal/reconcile/unlock_test.go @@ -32,7 +32,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" @@ -53,9 +53,9 @@ func Test_unlock(t *testing.T) { // before unlock. releases func(namespace string) []*helmrelease.Release // spec modifies the HelmRelease Object spec before unlock. - spec func(spec *helmv2.HelmReleaseSpec) + spec func(spec *v2.HelmReleaseSpec) // status to configure on the HelmRelease object before unlock. - status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + status func(releases []*helmrelease.Release) v2.HelmReleaseStatus // wantErr is the error that is expected to be returned. wantErr error // expectedConditions are the conditions that are expected to be set on @@ -63,10 +63,10 @@ func Test_unlock(t *testing.T) { expectConditions []metav1.Condition // expectCurrent is the expected Current release information in the // HelmRelease after unlock. - expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectCurrent func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectPrevious returns the expected Previous release information of // the HelmRelease after unlock. - expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectPrevious func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectFailures is the expected Failures count of the HelmRelease. expectFailures int64 // expectInstallFailures is the expected InstallFailures count of the @@ -89,16 +89,16 @@ func Test_unlock(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.ReleasedCondition, "StalePending", + *conditions.FalseCondition(v2.ReleasedCondition, "StalePending", "Release unlocked from stale '%s' state", helmrelease.StatusPendingInstall), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, }, @@ -121,17 +121,17 @@ func Test_unlock(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, wantErr: mockUpdateErr, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.ReleasedCondition, "StalePending", + *conditions.FalseCondition(v2.ReleasedCondition, "StalePending", "Failed to unlock release from stale '%s' state", helmrelease.StatusPendingRollback), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -149,9 +149,9 @@ func Test_unlock(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ - Current: &helmv2.HelmReleaseInfo{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: releases[0].Namespace, Version: 1, @@ -160,8 +160,8 @@ func Test_unlock(t *testing.T) { } }, expectConditions: []metav1.Condition{}, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { - return &helmv2.HelmReleaseInfo{ + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: releases[0].Namespace, Version: 1, @@ -171,8 +171,8 @@ func Test_unlock(t *testing.T) { }, { name: "unlock without current", - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{} + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{} }, wantErr: ErrNoCurrent, expectConditions: []metav1.Condition{}, @@ -190,9 +190,9 @@ func Test_unlock(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ - Current: &helmv2.HelmReleaseInfo{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: releases[0].Namespace, Version: releases[0].Version - 1, @@ -200,8 +200,8 @@ func Test_unlock(t *testing.T) { }, } }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { - return &helmv2.HelmReleaseInfo{ + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: releases[0].Namespace, Version: releases[0].Version - 1, @@ -211,9 +211,9 @@ func Test_unlock(t *testing.T) { }, { name: "unlock without latest", - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ - Current: &helmv2.HelmReleaseInfo{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ Name: mockReleaseName, Version: 1, Status: helmrelease.StatusFailed.String(), @@ -221,8 +221,8 @@ func Test_unlock(t *testing.T) { } }, expectConditions: []metav1.Condition{}, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { - return &helmv2.HelmReleaseInfo{ + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return &v2.HelmReleaseInfo{ Name: mockReleaseName, Version: 1, Status: helmrelease.StatusFailed.String(), @@ -248,9 +248,9 @@ func Test_unlock(t *testing.T) { }), } }, - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ - Current: &helmv2.HelmReleaseInfo{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ Name: mockReleaseName, Version: 1, Status: helmrelease.StatusFailed.String(), @@ -259,8 +259,8 @@ func Test_unlock(t *testing.T) { }, wantErr: mockQueryErr, expectConditions: []metav1.Condition{}, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { - return &helmv2.HelmReleaseInfo{ + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return &v2.HelmReleaseInfo{ Name: mockReleaseName, Version: 1, Status: helmrelease.StatusFailed.String(), @@ -285,8 +285,8 @@ func Test_unlock(t *testing.T) { helmreleaseutil.SortByRevision(releases) } - obj := &helmv2.HelmRelease{ - Spec: helmv2.HelmReleaseSpec{ + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ ReleaseName: mockReleaseName, TargetNamespace: releaseNamespace, StorageNamespace: releaseNamespace, @@ -355,9 +355,9 @@ func Test_observeUnlock(t *testing.T) { t.Run("unlock", func(t *testing.T) { g := NewWithT(t) - obj := &helmv2.HelmRelease{ - Status: helmv2.HelmReleaseStatus{ - Current: &helmv2.HelmReleaseInfo{ + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 1, @@ -381,7 +381,7 @@ func Test_observeUnlock(t *testing.T) { t.Run("unlock without current", func(t *testing.T) { g := NewWithT(t) - obj := &helmv2.HelmRelease{} + obj := &v2.HelmRelease{} rls := helmrelease.Mock(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, Namespace: mockReleaseNamespace, diff --git a/internal/reconcile/upgrade.go b/internal/reconcile/upgrade.go index c13b7776e..ca8cae42b 100644 --- a/internal/reconcile/upgrade.go +++ b/internal/reconcile/upgrade.go @@ -24,7 +24,7 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" "github.com/fluxcd/pkg/runtime/logger" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" ) @@ -43,7 +43,7 @@ func (r *Upgrade) Reconcile(ctx context.Context, req *Request) error { rls, err := action.Upgrade(ctx, cfg, req.Object, req.Chart, req.Values) if err != nil { // Mark failure on object. - conditions.MarkFalse(req.Object, helmv2.ReleasedCondition, helmv2.UpgradeFailedReason, err.Error()) + conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.UpgradeFailedReason, err.Error()) req.Object.Status.Failures++ // Return error if we did not store a release, as this does not @@ -63,7 +63,7 @@ func (r *Upgrade) Reconcile(ctx context.Context, req *Request) error { } // Mark success on object. - conditions.MarkTrue(req.Object, helmv2.ReleasedCondition, helmv2.UpgradeSucceededReason, rls.Info.Description) + conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.UpgradeSucceededReason, rls.Info.Description) return nil } diff --git a/internal/reconcile/upgrade_test.go b/internal/reconcile/upgrade_test.go index d355ae107..a3669d05a 100644 --- a/internal/reconcile/upgrade_test.go +++ b/internal/reconcile/upgrade_test.go @@ -33,7 +33,7 @@ import ( helmdriver "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - helmv2 "github.com/fluxcd/helm-controller/api/v2beta2" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" @@ -58,9 +58,9 @@ func Test_upgrade(t *testing.T) { // values to use during upgrade. values helmchartutil.Values // spec modifies the HelmRelease object spec before upgrade. - spec func(spec *helmv2.HelmReleaseSpec) + spec func(spec *v2.HelmReleaseSpec) // status to configure on the HelmRelease Object before upgrade. - status func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus + status func(releases []*helmrelease.Release) v2.HelmReleaseStatus // wantErr is the error that is expected to be returned. wantErr error // expectedConditions are the conditions that are expected to be set on @@ -68,10 +68,10 @@ func Test_upgrade(t *testing.T) { expectConditions []metav1.Condition // expectCurrent is the expected Current release information in the // HelmRelease after upgrade. - expectCurrent func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectCurrent func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectPrevious returns the expected Previous release information of // the HelmRelease after upgrade. - expectPrevious func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo + expectPrevious func(releases []*helmrelease.Release) *v2.HelmReleaseInfo // expectFailures is the expected Failures count of the HelmRelease. expectFailures int64 // expectInstallFailures is the expected InstallFailures count of the @@ -95,19 +95,19 @@ func Test_upgrade(t *testing.T) { } }, chart: testutil.BuildChart(), - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.UpgradeSucceededReason, + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade complete"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) }, - expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, }, @@ -125,19 +125,19 @@ func Test_upgrade(t *testing.T) { } }, chart: testutil.BuildChart(testutil.ChartWithFailingHook()), - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.UpgradeFailedReason, + *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeFailedReason, "post-upgrade hooks failed: 1 error occurred:\n\t* timed out waiting for the condition\n\n"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) }, - expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -163,16 +163,16 @@ func Test_upgrade(t *testing.T) { } }, chart: testutil.BuildChart(), - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.UpgradeFailedReason, + *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeFailedReason, mockCreateErr.Error()), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -198,19 +198,19 @@ func Test_upgrade(t *testing.T) { } }, chart: testutil.BuildChart(), - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(helmv2.ReleasedCondition, helmv2.UpgradeFailedReason, + *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeFailedReason, mockUpdateErr.Error()), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) }, - expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, @@ -230,16 +230,16 @@ func Test_upgrade(t *testing.T) { } }, chart: testutil.BuildChart(), - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ Current: nil, } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.UpgradeSucceededReason, + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade complete"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) }, }, @@ -264,9 +264,9 @@ func Test_upgrade(t *testing.T) { } }, chart: testutil.BuildChart(), - status: func(releases []*helmrelease.Release) helmv2.HelmReleaseStatus { - return helmv2.HelmReleaseStatus{ - Current: &helmv2.HelmReleaseInfo{ + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: releases[0].Namespace, Version: 1, @@ -275,14 +275,14 @@ func Test_upgrade(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(helmv2.ReleasedCondition, helmv2.UpgradeSucceededReason, + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade complete"), }, - expectCurrent: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[2])) }, - expectPrevious: func(releases []*helmrelease.Release) *helmv2.HelmReleaseInfo { - return &helmv2.HelmReleaseInfo{ + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return &v2.HelmReleaseInfo{ Name: mockReleaseName, Namespace: releases[0].Namespace, Version: 1, @@ -308,8 +308,8 @@ func Test_upgrade(t *testing.T) { helmreleaseutil.SortByRevision(releases) } - obj := &helmv2.HelmRelease{ - Spec: helmv2.HelmReleaseSpec{ + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ ReleaseName: mockReleaseName, TargetNamespace: releaseNamespace, StorageNamespace: releaseNamespace, From 5843cc2ef07d10b5794196487a22b592f691ee09 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Wed, 6 Jul 2022 14:53:16 +0200 Subject: [PATCH 11/76] action: allow passing of config options This to allow the Flux CLI to e.g. enable the dry-run flag on an action outside of the HelmRelease spec, and inject other (user input based) modifications. Signed-off-by: Hidde Beydals --- internal/action/install.go | 25 +++--- internal/action/install_test.go | 97 +++++++++++++++++++++ internal/action/rollback.go | 31 ++++--- internal/action/rollback_test.go | 139 ++++++++++++++++++++++++++++++ internal/action/test.go | 15 +++- internal/action/test_test.go | 96 +++++++++++++++++++++ internal/action/uninstall.go | 15 +++- internal/action/uninstall_test.go | 95 ++++++++++++++++++++ internal/action/upgrade.go | 46 +++++----- internal/action/upgrade_test.go | 97 +++++++++++++++++++++ internal/postrender/build.go | 8 +- 11 files changed, 609 insertions(+), 55 deletions(-) create mode 100644 internal/action/install_test.go create mode 100644 internal/action/rollback_test.go create mode 100644 internal/action/test_test.go create mode 100644 internal/action/uninstall_test.go create mode 100644 internal/action/upgrade_test.go diff --git a/internal/action/install.go b/internal/action/install.go index 355689a27..96fe49a1f 100644 --- a/internal/action/install.go +++ b/internal/action/install.go @@ -30,6 +30,11 @@ import ( "github.com/fluxcd/helm-controller/internal/postrender" ) +// InstallOption can be used to modify Helm's action.Install after the instructions +// from the v2beta2.HelmRelease have been applied. This is for example useful to +// enable the dry-run setting as a CLI. +type InstallOption func(action *helmaction.Install) + // Install runs the Helm install action with the provided config, using the // v2beta2.HelmReleaseSpec of the given object to determine the target release // and rollback configuration. @@ -42,12 +47,8 @@ import ( // action result. The caller is expected to listen to this using a // storage.ObserveFunc, which provides superior access to Helm storage writes. func Install(ctx context.Context, config *helmaction.Configuration, obj *v2.HelmRelease, - chrt *helmchart.Chart, vals helmchartutil.Values) (*helmrelease.Release, error) { - - install, err := newInstall(config, obj) - if err != nil { - return nil, err - } + chrt *helmchart.Chart, vals helmchartutil.Values, opts ...InstallOption) (*helmrelease.Release, error) { + install := newInstall(config, obj, opts) policy, err := crdPolicyOrDefault(obj.Spec.GetInstall().CRDs) if err != nil { @@ -60,7 +61,7 @@ func Install(ctx context.Context, config *helmaction.Configuration, obj *v2.Helm return install.RunWithContext(ctx, chrt, vals.AsMap()) } -func newInstall(config *helmaction.Configuration, obj *v2.HelmRelease) (*helmaction.Install, error) { +func newInstall(config *helmaction.Configuration, obj *v2.HelmRelease, opts []InstallOption) *helmaction.Install { install := helmaction.NewInstall(config) install.ReleaseName = obj.GetReleaseName() @@ -83,11 +84,11 @@ func newInstall(config *helmaction.Configuration, obj *v2.HelmRelease) (*helmact install.EnableDNS = allowDNS } - renderer, err := postrender.BuildPostRenderers(obj) - if err != nil { - return nil, err + install.PostRenderer = postrender.BuildPostRenderers(obj) + + for _, opt := range opts { + opt(install) } - install.PostRenderer = renderer - return install, nil + return install } diff --git a/internal/action/install_test.go b/internal/action/install_test.go new file mode 100644 index 000000000..64e516617 --- /dev/null +++ b/internal/action/install_test.go @@ -0,0 +1,97 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "testing" + "time" + + . "github.com/onsi/gomega" + helmaction "helm.sh/helm/v3/pkg/action" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +func Test_newInstall(t *testing.T) { + t.Run("new install", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "install", + Namespace: "install-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + Install: &v2.Install{ + Timeout: &metav1.Duration{Duration: 10 * time.Second}, + Replace: true, + }, + }, + } + + got := newInstall(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Namespace).To(Equal(obj.Namespace)) + g.Expect(got.Timeout).To(Equal(obj.Spec.Install.Timeout.Duration)) + g.Expect(got.Replace).To(Equal(obj.Spec.Install.Replace)) + }) + + t.Run("timeout fallback", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "install", + Namespace: "install-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + }, + } + + got := newInstall(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Namespace).To(Equal(obj.Namespace)) + g.Expect(got.Timeout).To(Equal(obj.Spec.Timeout.Duration)) + }) + + t.Run("applies options", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "install", + Namespace: "install-ns", + }, + Spec: v2.HelmReleaseSpec{}, + } + + got := newInstall(&helmaction.Configuration{}, obj, []InstallOption{ + func(install *helmaction.Install) { + install.Atomic = true + }, + func(install *helmaction.Install) { + install.DryRun = true + }, + }) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Atomic).To(BeTrue()) + g.Expect(got.DryRun).To(BeTrue()) + }) +} diff --git a/internal/action/rollback.go b/internal/action/rollback.go index 74daa350b..0af54bd3c 100644 --- a/internal/action/rollback.go +++ b/internal/action/rollback.go @@ -22,6 +22,11 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" ) +// RollbackOption can be used to modify Helm's action.Rollback after the +// instructions from the v2beta2.HelmRelease have been applied. This is for +// example useful to enable the dry-run setting as a CLI. +type RollbackOption func(*helmaction.Rollback) + // Rollback runs the Helm rollback action with the provided config, using the // v2beta2.HelmReleaseSpec of the given object to determine the target release // and rollback configuration. @@ -30,25 +35,29 @@ import ( // expected to be done by the caller. In addition, it does not take note of the // action result. The caller is expected to listen to this using a // storage.ObserveFunc, which provides superior access to Helm storage writes. -func Rollback(config *helmaction.Configuration, obj *v2.HelmRelease) error { - rollback := newRollback(config, obj) +func Rollback(config *helmaction.Configuration, obj *v2.HelmRelease, opts ...RollbackOption) error { + rollback := newRollback(config, obj, opts) return rollback.Run(obj.GetReleaseName()) } -func newRollback(config *helmaction.Configuration, rel *v2.HelmRelease) *helmaction.Rollback { +func newRollback(config *helmaction.Configuration, obj *v2.HelmRelease, opts []RollbackOption) *helmaction.Rollback { rollback := helmaction.NewRollback(config) - rollback.Timeout = rel.Spec.GetRollback().GetTimeout(rel.GetTimeout()).Duration - rollback.Wait = !rel.Spec.GetRollback().DisableWait - rollback.WaitForJobs = !rel.Spec.GetRollback().DisableWaitForJobs - rollback.DisableHooks = rel.Spec.GetRollback().DisableHooks - rollback.Force = rel.Spec.GetRollback().Force - rollback.Recreate = rel.Spec.GetRollback().Recreate - rollback.CleanupOnFail = rel.Spec.GetRollback().CleanupOnFail + rollback.Timeout = obj.Spec.GetRollback().GetTimeout(obj.GetTimeout()).Duration + rollback.Wait = !obj.Spec.GetRollback().DisableWait + rollback.WaitForJobs = !obj.Spec.GetRollback().DisableWaitForJobs + rollback.DisableHooks = obj.Spec.GetRollback().DisableHooks + rollback.Force = obj.Spec.GetRollback().Force + rollback.Recreate = obj.Spec.GetRollback().Recreate + rollback.CleanupOnFail = obj.Spec.GetRollback().CleanupOnFail - if prev := rel.Status.Previous; prev != nil && prev.Name == rel.GetReleaseName() && prev.Namespace == rel.GetReleaseNamespace() { + if prev := obj.Status.Previous; prev != nil && prev.Name == obj.GetReleaseName() && prev.Namespace == obj.GetReleaseNamespace() { rollback.Version = prev.Version } + for _, opt := range opts { + opt(rollback) + } + return rollback } diff --git a/internal/action/rollback_test.go b/internal/action/rollback_test.go new file mode 100644 index 000000000..34d880bd0 --- /dev/null +++ b/internal/action/rollback_test.go @@ -0,0 +1,139 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "testing" + "time" + + . "github.com/onsi/gomega" + helmaction "helm.sh/helm/v3/pkg/action" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +func Test_newRollback(t *testing.T) { + t.Run("new rollback", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "rollback", + Namespace: "rollback-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + Rollback: &v2.Rollback{ + Timeout: &metav1.Duration{Duration: 10 * time.Second}, + Force: true, + }, + }, + } + + got := newRollback(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Timeout).To(Equal(obj.Spec.Rollback.Timeout.Duration)) + g.Expect(got.Force).To(Equal(obj.Spec.Rollback.Force)) + }) + + t.Run("rollback with previous", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "rollback", + Namespace: "rollback-ns", + }, + Status: v2.HelmReleaseStatus{ + Previous: &v2.HelmReleaseInfo{ + Name: "rollback", + Namespace: "rollback-ns", + Version: 3, + }, + }, + } + + got := newRollback(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Version).To(Equal(obj.Status.Previous.Version)) + }) + + t.Run("rollback with stale previous", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "rollback", + Namespace: "rollback-ns", + }, + Status: v2.HelmReleaseStatus{ + Previous: &v2.HelmReleaseInfo{ + Name: "rollback", + Namespace: "other-ns", + Version: 3, + }, + }, + } + + got := newRollback(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Version).To(BeZero()) + }) + + t.Run("timeout fallback", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "rollback", + Namespace: "rollback-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + }, + } + + got := newRollback(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Timeout).To(Equal(obj.Spec.Timeout.Duration)) + }) + + t.Run("applies options", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "rollback", + Namespace: "rollback-ns", + }, + Spec: v2.HelmReleaseSpec{}, + } + + got := newRollback(&helmaction.Configuration{}, obj, []RollbackOption{ + func(rollback *helmaction.Rollback) { + rollback.CleanupOnFail = true + }, + func(rollback *helmaction.Rollback) { + rollback.DryRun = true + }, + }) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.CleanupOnFail).To(BeTrue()) + g.Expect(got.DryRun).To(BeTrue()) + }) +} diff --git a/internal/action/test.go b/internal/action/test.go index 3bdcba881..4a59bd78f 100644 --- a/internal/action/test.go +++ b/internal/action/test.go @@ -25,6 +25,11 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" ) +// TestOption can be used to modify Helm's action.ReleaseTesting after the +// instructions from the v2beta2.HelmRelease have been applied. This is for +// example useful to enable the dry-run setting as a CLI. +type TestOption func(action *helmaction.ReleaseTesting) + // Test runs the Helm test action with the provided config, using the // v2beta2.HelmReleaseSpec of the given object to determine the target release // and test configuration. @@ -33,16 +38,20 @@ import ( // expected to be done by the caller. In addition, it does not take note of the // action result. The caller is expected to listen to this using a // storage.ObserveFunc, which provides superior access to Helm storage writes. -func Test(_ context.Context, config *helmaction.Configuration, obj *v2.HelmRelease) (*helmrelease.Release, error) { - test := newTest(config, obj) +func Test(_ context.Context, config *helmaction.Configuration, obj *v2.HelmRelease, opts ...TestOption) (*helmrelease.Release, error) { + test := newTest(config, obj, opts) return test.Run(obj.GetReleaseName()) } -func newTest(config *helmaction.Configuration, obj *v2.HelmRelease) *helmaction.ReleaseTesting { +func newTest(config *helmaction.Configuration, obj *v2.HelmRelease, opts []TestOption) *helmaction.ReleaseTesting { test := helmaction.NewReleaseTesting(config) test.Namespace = obj.GetReleaseNamespace() test.Timeout = obj.Spec.GetTest().GetTimeout(obj.GetTimeout()).Duration + for _, opt := range opts { + opt(test) + } + return test } diff --git a/internal/action/test_test.go b/internal/action/test_test.go new file mode 100644 index 000000000..b9dd71896 --- /dev/null +++ b/internal/action/test_test.go @@ -0,0 +1,96 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "testing" + "time" + + . "github.com/onsi/gomega" + helmaction "helm.sh/helm/v3/pkg/action" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +func Test_newTest(t *testing.T) { + t.Run("new test", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "test-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + Test: &v2.Test{ + Timeout: &metav1.Duration{Duration: 10 * time.Second}, + }, + }, + } + + got := newTest(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Namespace).To(Equal(obj.Namespace)) + g.Expect(got.Timeout).To(Equal(obj.Spec.Test.Timeout.Duration)) + }) + + t.Run("timeout fallback", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "test-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + }, + } + + got := newTest(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Namespace).To(Equal(obj.Namespace)) + g.Expect(got.Timeout).To(Equal(obj.Spec.Timeout.Duration)) + }) + + t.Run("applies options", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "test-ns", + }, + Spec: v2.HelmReleaseSpec{}, + } + + got := newTest(&helmaction.Configuration{}, obj, []TestOption{ + func(test *helmaction.ReleaseTesting) { + test.Filters = map[string][]string{ + "test": {"test"}, + } + }, + func(test *helmaction.ReleaseTesting) { + test.Filters["test2"] = []string{"test2"} + }, + }) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Filters).To(HaveLen(2)) + }) +} diff --git a/internal/action/uninstall.go b/internal/action/uninstall.go index 5a9959fc4..bfbafd2d9 100644 --- a/internal/action/uninstall.go +++ b/internal/action/uninstall.go @@ -25,6 +25,11 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" ) +// UninstallOption can be used to modify Helm's action.Uninstall after the +// instructions from the v2beta2.HelmRelease have been applied. This is for +// example useful to enable the dry-run setting as a CLI. +type UninstallOption func(*helmaction.Uninstall) + // Uninstall runs the Helm uninstall action with the provided config, using the // v2beta2.HelmReleaseSpec of the given object to determine the target release // and uninstall configuration. @@ -33,12 +38,12 @@ import ( // expected to be done by the caller. In addition, it does not take note of the // action result. The caller is expected to listen to this using a // storage.ObserveFunc, which provides superior access to Helm storage writes. -func Uninstall(ctx context.Context, config *helmaction.Configuration, obj *v2.HelmRelease) (*helmrelease.UninstallReleaseResponse, error) { - uninstall := newUninstall(config, obj) +func Uninstall(_ context.Context, config *helmaction.Configuration, obj *v2.HelmRelease, opts ...UninstallOption) (*helmrelease.UninstallReleaseResponse, error) { + uninstall := newUninstall(config, obj, opts) return uninstall.Run(obj.GetReleaseName()) } -func newUninstall(config *helmaction.Configuration, obj *v2.HelmRelease) *helmaction.Uninstall { +func newUninstall(config *helmaction.Configuration, obj *v2.HelmRelease, opts []UninstallOption) *helmaction.Uninstall { uninstall := helmaction.NewUninstall(config) uninstall.Timeout = obj.Spec.GetUninstall().GetTimeout(obj.GetTimeout()).Duration @@ -46,5 +51,9 @@ func newUninstall(config *helmaction.Configuration, obj *v2.HelmRelease) *helmac uninstall.KeepHistory = obj.Spec.GetUninstall().KeepHistory uninstall.Wait = !obj.Spec.GetUninstall().DisableWait + for _, opt := range opts { + opt(uninstall) + } + return uninstall } diff --git a/internal/action/uninstall_test.go b/internal/action/uninstall_test.go new file mode 100644 index 000000000..dcb3efe1b --- /dev/null +++ b/internal/action/uninstall_test.go @@ -0,0 +1,95 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "testing" + "time" + + . "github.com/onsi/gomega" + helmaction "helm.sh/helm/v3/pkg/action" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +func Test_newUninstall(t *testing.T) { + t.Run("new uninstall", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "uninstall", + Namespace: "uninstall-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + Uninstall: &v2.Uninstall{ + Timeout: &metav1.Duration{Duration: 10 * time.Second}, + KeepHistory: true, + }, + }, + } + + got := newUninstall(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Timeout).To(Equal(obj.Spec.Uninstall.Timeout.Duration)) + g.Expect(got.KeepHistory).To(Equal(obj.Spec.Uninstall.KeepHistory)) + }) + + t.Run("timeout fallback", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "uninstall", + Namespace: "uninstall-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + }, + } + + got := newUninstall(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Timeout).To(Equal(obj.Spec.Timeout.Duration)) + }) + + t.Run("applies options", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "uninstall", + Namespace: "uninstall-ns", + }, + Spec: v2.HelmReleaseSpec{}, + } + + got := newUninstall(&helmaction.Configuration{}, obj, []UninstallOption{ + func(uninstall *helmaction.Uninstall) { + uninstall.Wait = true + }, + func(uninstall *helmaction.Uninstall) { + uninstall.DisableHooks = true + }, + }) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Wait).To(BeTrue()) + g.Expect(got.DisableHooks).To(BeTrue()) + }) +} diff --git a/internal/action/upgrade.go b/internal/action/upgrade.go index fcc0a8488..9901542f5 100644 --- a/internal/action/upgrade.go +++ b/internal/action/upgrade.go @@ -30,6 +30,11 @@ import ( "github.com/fluxcd/helm-controller/internal/postrender" ) +// UpgradeOption can be used to modify Helm's action.Upgrade after the instructions +// from the v2beta2.HelmRelease have been applied. This is for example useful to +// enable the dry-run setting as a CLI. +type UpgradeOption func(upgrade *helmaction.Upgrade) + // Upgrade runs the Helm upgrade action with the provided config, using the // v2beta2.HelmReleaseSpec of the given object to determine the target release // and upgrade configuration. @@ -42,11 +47,8 @@ import ( // action result. The caller is expected to listen to this using a // storage.ObserveFunc, which provides superior access to Helm storage writes. func Upgrade(ctx context.Context, config *helmaction.Configuration, obj *v2.HelmRelease, chrt *helmchart.Chart, - vals helmchartutil.Values) (*helmrelease.Release, error) { - upgrade, err := newUpgrade(config, obj) - if err != nil { - return nil, err - } + vals helmchartutil.Values, opts ...UpgradeOption) (*helmrelease.Release, error) { + upgrade := newUpgrade(config, obj, opts) policy, err := crdPolicyOrDefault(obj.Spec.GetInstall().CRDs) if err != nil { @@ -59,20 +61,20 @@ func Upgrade(ctx context.Context, config *helmaction.Configuration, obj *v2.Helm return upgrade.RunWithContext(ctx, obj.GetReleaseName(), chrt, vals.AsMap()) } -func newUpgrade(config *helmaction.Configuration, rel *v2.HelmRelease) (*helmaction.Upgrade, error) { +func newUpgrade(config *helmaction.Configuration, obj *v2.HelmRelease, opts []UpgradeOption) *helmaction.Upgrade { upgrade := helmaction.NewUpgrade(config) - upgrade.Namespace = rel.GetReleaseNamespace() - upgrade.ResetValues = !rel.Spec.GetUpgrade().PreserveValues - upgrade.ReuseValues = rel.Spec.GetUpgrade().PreserveValues - upgrade.MaxHistory = rel.GetMaxHistory() - upgrade.Timeout = rel.Spec.GetUpgrade().GetTimeout(rel.GetTimeout()).Duration - upgrade.Wait = !rel.Spec.GetUpgrade().DisableWait - upgrade.WaitForJobs = !rel.Spec.GetUpgrade().DisableWaitForJobs - upgrade.DisableHooks = rel.Spec.GetUpgrade().DisableHooks - upgrade.DisableOpenAPIValidation = rel.Spec.GetUpgrade().DisableOpenAPIValidation - upgrade.Force = rel.Spec.GetUpgrade().Force - upgrade.CleanupOnFail = rel.Spec.GetUpgrade().CleanupOnFail + upgrade.Namespace = obj.GetReleaseNamespace() + upgrade.ResetValues = !obj.Spec.GetUpgrade().PreserveValues + upgrade.ReuseValues = obj.Spec.GetUpgrade().PreserveValues + upgrade.MaxHistory = obj.GetMaxHistory() + upgrade.Timeout = obj.Spec.GetUpgrade().GetTimeout(obj.GetTimeout()).Duration + upgrade.Wait = !obj.Spec.GetUpgrade().DisableWait + upgrade.WaitForJobs = !obj.Spec.GetUpgrade().DisableWaitForJobs + upgrade.DisableHooks = obj.Spec.GetUpgrade().DisableHooks + upgrade.DisableOpenAPIValidation = obj.Spec.GetUpgrade().DisableOpenAPIValidation + upgrade.Force = obj.Spec.GetUpgrade().Force + upgrade.CleanupOnFail = obj.Spec.GetUpgrade().CleanupOnFail upgrade.Devel = true // If the user opted-in to allow DNS lookups, enable it. @@ -80,11 +82,11 @@ func newUpgrade(config *helmaction.Configuration, rel *v2.HelmRelease) (*helmact upgrade.EnableDNS = allowDNS } - renderer, err := postrender.BuildPostRenderers(rel) - if err != nil { - return nil, err + upgrade.PostRenderer = postrender.BuildPostRenderers(obj) + + for _, opt := range opts { + opt(upgrade) } - upgrade.PostRenderer = renderer - return upgrade, err + return upgrade } diff --git a/internal/action/upgrade_test.go b/internal/action/upgrade_test.go new file mode 100644 index 000000000..da62479b7 --- /dev/null +++ b/internal/action/upgrade_test.go @@ -0,0 +1,97 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "testing" + "time" + + . "github.com/onsi/gomega" + helmaction "helm.sh/helm/v3/pkg/action" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" +) + +func Test_newUpgrade(t *testing.T) { + t.Run("new upgrade", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "upgrade", + Namespace: "upgrade-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + Upgrade: &v2.Upgrade{ + Timeout: &metav1.Duration{Duration: 10 * time.Second}, + Force: true, + }, + }, + } + + got := newUpgrade(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Namespace).To(Equal(obj.Namespace)) + g.Expect(got.Timeout).To(Equal(obj.Spec.Upgrade.Timeout.Duration)) + g.Expect(got.Force).To(Equal(obj.Spec.Upgrade.Force)) + }) + + t.Run("timeout fallback", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "upgrade", + Namespace: "upgrade-ns", + }, + Spec: v2.HelmReleaseSpec{ + Timeout: &metav1.Duration{Duration: time.Minute}, + }, + } + + got := newUpgrade(&helmaction.Configuration{}, obj, nil) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Namespace).To(Equal(obj.Namespace)) + g.Expect(got.Timeout).To(Equal(obj.Spec.Timeout.Duration)) + }) + + t.Run("applies options", func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: "upgrade", + Namespace: "upgrade-ns", + }, + Spec: v2.HelmReleaseSpec{}, + } + + got := newUpgrade(&helmaction.Configuration{}, obj, []UpgradeOption{ + func(upgrade *helmaction.Upgrade) { + upgrade.Install = true + }, + func(upgrade *helmaction.Upgrade) { + upgrade.DryRun = true + }, + }) + g.Expect(got).ToNot(BeNil()) + g.Expect(got.Install).To(BeTrue()) + g.Expect(got.DryRun).To(BeTrue()) + }) +} diff --git a/internal/postrender/build.go b/internal/postrender/build.go index ba771d173..5dc419af3 100644 --- a/internal/postrender/build.go +++ b/internal/postrender/build.go @@ -24,9 +24,9 @@ import ( // BuildPostRenderers creates the post-renderer instances from a HelmRelease // and combines them into a single Combined post renderer. -func BuildPostRenderers(rel *v2.HelmRelease) (helmpostrender.PostRenderer, error) { +func BuildPostRenderers(rel *v2.HelmRelease) helmpostrender.PostRenderer { if rel == nil { - return nil, nil + return nil } renderers := make([]helmpostrender.PostRenderer, 0) for _, r := range rel.Spec.PostRenderers { @@ -41,7 +41,7 @@ func BuildPostRenderers(rel *v2.HelmRelease) (helmpostrender.PostRenderer, error } renderers = append(renderers, NewOriginLabels(v2.GroupVersion.Group, rel.Namespace, rel.Name)) if len(renderers) == 0 { - return nil, nil + return nil } - return NewCombined(renderers...), nil + return NewCombined(renderers...) } From 6db62ed5074fdc31d397910cd87d8187f49eab79 Mon Sep 17 00:00:00 2001 From: Jiri Tyr Date: Thu, 28 Jul 2022 11:11:14 +0100 Subject: [PATCH 12/76] Adding test filters Signed-off-by: Jiri Tyr --- api/v2beta1/helmrelease_types.go | 21 ++++++++ api/v2beta1/zz_generated.deepcopy.go | 24 +++++++++ api/v2beta2/helmrelease_types.go | 21 ++++++++ api/v2beta2/zz_generated.deepcopy.go | 24 +++++++++ .../helm.toolkit.fluxcd.io_helmreleases.yaml | 36 +++++++++++++ docs/api/v2beta1/helm.md | 53 +++++++++++++++++++ internal/runner/runner.go | 14 +++++ 7 files changed, 193 insertions(+) diff --git a/api/v2beta1/helmrelease_types.go b/api/v2beta1/helmrelease_types.go index 427ac816e..391235a53 100644 --- a/api/v2beta1/helmrelease_types.go +++ b/api/v2beta1/helmrelease_types.go @@ -747,6 +747,9 @@ type Test struct { // actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. // +optional IgnoreFailures bool `json:"ignoreFailures,omitempty"` + + // Filters is a list of tests to run or exclude from running. + Filters *[]Filter `json:"filters,omitempty"` } // GetTimeout returns the configured timeout for the Helm test action, @@ -758,6 +761,24 @@ func (in Test) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { return *in.Timeout } +// Filters holds the configuration for individual Helm test filters. +type Filter struct { + // Name is the name of the test. + Name string `json:"name"` + // Exclude is specifies wheter the named test should be excluded. + // +optional + Exclude bool `json:"exclude,omitempty"` +} + +// GetFilters returns the configured filters for the Helm test action/ +func (in Test) GetFilters() []Filter { + if in.Filters == nil { + var filters []Filter + return filters + } + return *in.Filters +} + // Rollback holds the configuration for Helm rollback actions for this // HelmRelease. type Rollback struct { diff --git a/api/v2beta1/zz_generated.deepcopy.go b/api/v2beta1/zz_generated.deepcopy.go index 09a86ca77..da9e1c279 100644 --- a/api/v2beta1/zz_generated.deepcopy.go +++ b/api/v2beta1/zz_generated.deepcopy.go @@ -44,6 +44,21 @@ func (in *CrossNamespaceObjectReference) DeepCopy() *CrossNamespaceObjectReferen return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Filter) DeepCopyInto(out *Filter) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Filter. +func (in *Filter) DeepCopy() *Filter { + if in == nil { + return nil + } + out := new(Filter) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HelmChartTemplate) DeepCopyInto(out *HelmChartTemplate) { *out = *in @@ -450,6 +465,15 @@ func (in *Test) DeepCopyInto(out *Test) { *out = new(metav1.Duration) **out = **in } + if in.Filters != nil { + in, out := &in.Filters, &out.Filters + *out = new([]Filter) + if **in != nil { + in, out := *in, *out + *out = make([]Filter, len(*in)) + copy(*out, *in) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Test. diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index 7eb959759..67c03da92 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -750,6 +750,9 @@ type Test struct { // actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. // +optional IgnoreFailures bool `json:"ignoreFailures,omitempty"` + + // Filters is a list of tests to run or exclude from running. + Filters *[]Filter `json:"filters,omitempty"` } // GetTimeout returns the configured timeout for the Helm test action, @@ -761,6 +764,24 @@ func (in Test) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { return *in.Timeout } +// Filters holds the configuration for individual Helm test filters. +type Filter struct { + // Name is the name of the test. + Name string `json:"name"` + // Exclude is specifies wheter the named test should be excluded. + // +optional + Exclude bool `json:"exclude,omitempty"` +} + +// GetFilters returns the configured filters for the Helm test action/ +func (in Test) GetFilters() []Filter { + if in.Filters == nil { + var filters []Filter + return filters + } + return *in.Filters +} + // Rollback holds the configuration for Helm rollback actions for this // HelmRelease. type Rollback struct { diff --git a/api/v2beta2/zz_generated.deepcopy.go b/api/v2beta2/zz_generated.deepcopy.go index 5b2716936..05b3614b1 100644 --- a/api/v2beta2/zz_generated.deepcopy.go +++ b/api/v2beta2/zz_generated.deepcopy.go @@ -44,6 +44,21 @@ func (in *CrossNamespaceObjectReference) DeepCopy() *CrossNamespaceObjectReferen return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Filter) DeepCopyInto(out *Filter) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Filter. +func (in *Filter) DeepCopy() *Filter { + if in == nil { + return nil + } + out := new(Filter) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HelmChartTemplate) DeepCopyInto(out *HelmChartTemplate) { *out = *in @@ -510,6 +525,15 @@ func (in *Test) DeepCopyInto(out *Test) { *out = new(metav1.Duration) **out = **in } + if in.Filters != nil { + in, out := &in.Filters, &out.Filters + *out = new([]Filter) + if **in != nil { + in, out := *in, *out + *out = make([]Filter, len(*in)) + copy(*out, *in) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Test. diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index 274ffd06a..6bd156ad6 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -604,6 +604,24 @@ spec: description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. type: boolean + filters: + description: Filters is a list of tests to run or exclude from + running. + items: + description: Filters holds the configuration for individual + Helm test filters. + properties: + exclude: + description: Exclude is specifies wheter the named test + should be excluded. + type: boolean + name: + description: Name is the name of the test. + type: string + required: + - name + type: object + type: array ignoreFailures: description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for @@ -1508,6 +1526,24 @@ spec: description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. type: boolean + filters: + description: Filters is a list of tests to run or exclude from + running. + items: + description: Filters holds the configuration for individual + Helm test filters. + properties: + exclude: + description: Exclude is specifies wheter the named test + should be excluded. + type: boolean + name: + description: Name is the name of the test. + type: string + required: + - name + type: object + type: array ignoreFailures: description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for diff --git a/docs/api/v2beta1/helm.md b/docs/api/v2beta1/helm.md index 4076569d8..a6e39e577 100644 --- a/docs/api/v2beta1/helm.md +++ b/docs/api/v2beta1/helm.md @@ -458,6 +458,46 @@ string

DeploymentAction

DeploymentAction defines a consistent interface for Install and Upgrade.

+

Filter +

+

Filters holds the configuration for individual Helm test filters.

+
+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +
+

Name is the name of the test.

+
+exclude
+ +bool + +
+(Optional) +

Exclude is specifies wheter the named test should be excluded.

+
+
+

HelmChartTemplate

@@ -1868,6 +1908,19 @@ are run but fail. Can be overwritten for tests run after install or upgrade actions in ‘Install.IgnoreTestFailures’ and ‘Upgrade.IgnoreTestFailures’.

+ + +filters
+ + +[]./api/v2beta1.Filter + + + + +

Filters is a list of tests to run or exclude from running.

+ + diff --git a/internal/runner/runner.go b/internal/runner/runner.go index c6f9234b9..c472dde84 100644 --- a/internal/runner/runner.go +++ b/internal/runner/runner.go @@ -381,6 +381,20 @@ func (r *Runner) Test(hr v2.HelmRelease) (*release.Release, error) { test.Namespace = hr.GetReleaseNamespace() test.Timeout = hr.Spec.GetTest().GetTimeout(hr.GetTimeout()).Duration + filters := make(map[string][]string) + + for _, f := range hr.Spec.GetTest().GetFilters() { + name := "name" + + if f.Exclude { + name = fmt.Sprintf("!%s", name) + } + + filters[name] = append(filters[name], f.Name) + } + + test.Filters = filters + rel, err := test.Run(hr.GetReleaseName()) return rel, wrapActionErr(r.logBuffer, err) } From 88a21fecbf86f554db64a40146a1fdf4bc3516c7 Mon Sep 17 00:00:00 2001 From: Jiri Tyr Date: Thu, 28 Jul 2022 11:56:10 +0100 Subject: [PATCH 13/76] Moving stuff from runner; removing changes in v2beta1 Signed-off-by: Jiri Tyr --- api/v2beta1/helmrelease_types.go | 21 ---------------- api/v2beta1/zz_generated.deepcopy.go | 24 ------------------- .../helm.toolkit.fluxcd.io_helmreleases.yaml | 18 -------------- internal/action/test.go | 14 +++++++++++ internal/runner/runner.go | 14 ----------- 5 files changed, 14 insertions(+), 77 deletions(-) diff --git a/api/v2beta1/helmrelease_types.go b/api/v2beta1/helmrelease_types.go index 391235a53..427ac816e 100644 --- a/api/v2beta1/helmrelease_types.go +++ b/api/v2beta1/helmrelease_types.go @@ -747,9 +747,6 @@ type Test struct { // actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. // +optional IgnoreFailures bool `json:"ignoreFailures,omitempty"` - - // Filters is a list of tests to run or exclude from running. - Filters *[]Filter `json:"filters,omitempty"` } // GetTimeout returns the configured timeout for the Helm test action, @@ -761,24 +758,6 @@ func (in Test) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { return *in.Timeout } -// Filters holds the configuration for individual Helm test filters. -type Filter struct { - // Name is the name of the test. - Name string `json:"name"` - // Exclude is specifies wheter the named test should be excluded. - // +optional - Exclude bool `json:"exclude,omitempty"` -} - -// GetFilters returns the configured filters for the Helm test action/ -func (in Test) GetFilters() []Filter { - if in.Filters == nil { - var filters []Filter - return filters - } - return *in.Filters -} - // Rollback holds the configuration for Helm rollback actions for this // HelmRelease. type Rollback struct { diff --git a/api/v2beta1/zz_generated.deepcopy.go b/api/v2beta1/zz_generated.deepcopy.go index da9e1c279..09a86ca77 100644 --- a/api/v2beta1/zz_generated.deepcopy.go +++ b/api/v2beta1/zz_generated.deepcopy.go @@ -44,21 +44,6 @@ func (in *CrossNamespaceObjectReference) DeepCopy() *CrossNamespaceObjectReferen return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Filter) DeepCopyInto(out *Filter) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Filter. -func (in *Filter) DeepCopy() *Filter { - if in == nil { - return nil - } - out := new(Filter) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HelmChartTemplate) DeepCopyInto(out *HelmChartTemplate) { *out = *in @@ -465,15 +450,6 @@ func (in *Test) DeepCopyInto(out *Test) { *out = new(metav1.Duration) **out = **in } - if in.Filters != nil { - in, out := &in.Filters, &out.Filters - *out = new([]Filter) - if **in != nil { - in, out := *in, *out - *out = make([]Filter, len(*in)) - copy(*out, *in) - } - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Test. diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index 6bd156ad6..d5601f0b4 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -604,24 +604,6 @@ spec: description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. type: boolean - filters: - description: Filters is a list of tests to run or exclude from - running. - items: - description: Filters holds the configuration for individual - Helm test filters. - properties: - exclude: - description: Exclude is specifies wheter the named test - should be excluded. - type: boolean - name: - description: Name is the name of the test. - type: string - required: - - name - type: object - type: array ignoreFailures: description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for diff --git a/internal/action/test.go b/internal/action/test.go index 4a59bd78f..f3c5ffd2f 100644 --- a/internal/action/test.go +++ b/internal/action/test.go @@ -49,6 +49,20 @@ func newTest(config *helmaction.Configuration, obj *v2.HelmRelease, opts []TestO test.Namespace = obj.GetReleaseNamespace() test.Timeout = obj.Spec.GetTest().GetTimeout(obj.GetTimeout()).Duration + filters := make(map[string][]string) + + for _, f := range obj.Spec.GetTest().GetFilters() { + name := "name" + + if f.Exclude { + name = "!" + name + } + + filters[name] = append(filters[name], f.Name) + } + + test.Filters = filters + for _, opt := range opts { opt(test) } diff --git a/internal/runner/runner.go b/internal/runner/runner.go index c472dde84..c6f9234b9 100644 --- a/internal/runner/runner.go +++ b/internal/runner/runner.go @@ -381,20 +381,6 @@ func (r *Runner) Test(hr v2.HelmRelease) (*release.Release, error) { test.Namespace = hr.GetReleaseNamespace() test.Timeout = hr.Spec.GetTest().GetTimeout(hr.GetTimeout()).Duration - filters := make(map[string][]string) - - for _, f := range hr.Spec.GetTest().GetFilters() { - name := "name" - - if f.Exclude { - name = fmt.Sprintf("!%s", name) - } - - filters[name] = append(filters[name], f.Name) - } - - test.Filters = filters - rel, err := test.Run(hr.GetReleaseName()) return rel, wrapActionErr(r.logBuffer, err) } From e1393542a78aa5d08324f9b41b1114524398a9f6 Mon Sep 17 00:00:00 2001 From: Jiri Tyr Date: Thu, 28 Jul 2022 12:25:14 +0100 Subject: [PATCH 14/76] Fixing typo Co-authored-by: Hidde Beydals Signed-off-by: Jiri Tyr --- api/v2beta2/helmrelease_types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index 67c03da92..e39709c26 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -768,7 +768,7 @@ func (in Test) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { type Filter struct { // Name is the name of the test. Name string `json:"name"` - // Exclude is specifies wheter the named test should be excluded. + // Exclude is specifies whether the named test should be excluded. // +optional Exclude bool `json:"exclude,omitempty"` } From 8cefed19fde60fc9b3611ecc21b3d98592bcee38 Mon Sep 17 00:00:00 2001 From: Jiri Tyr Date: Thu, 28 Jul 2022 14:29:18 +0100 Subject: [PATCH 15/76] Adding tests Signed-off-by: Jiri Tyr --- .../helm.toolkit.fluxcd.io_helmreleases.yaml | 2 +- docs/api/v2beta1/helm.md | 53 ------------------- internal/action/test_test.go | 12 +++++ 3 files changed, 13 insertions(+), 54 deletions(-) diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index d5601f0b4..f51142a3c 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -1516,7 +1516,7 @@ spec: Helm test filters. properties: exclude: - description: Exclude is specifies wheter the named test + description: Exclude is specifies whether the named test should be excluded. type: boolean name: diff --git a/docs/api/v2beta1/helm.md b/docs/api/v2beta1/helm.md index a6e39e577..4076569d8 100644 --- a/docs/api/v2beta1/helm.md +++ b/docs/api/v2beta1/helm.md @@ -458,46 +458,6 @@ string

DeploymentAction

DeploymentAction defines a consistent interface for Install and Upgrade.

-

Filter -

-

Filters holds the configuration for individual Helm test filters.

-
-
- - - - - - - - - - - - - - - - - -
FieldDescription
-name
- -string - -
-

Name is the name of the test.

-
-exclude
- -bool - -
-(Optional) -

Exclude is specifies wheter the named test should be excluded.

-
-
-

HelmChartTemplate

@@ -1908,19 +1868,6 @@ are run but fail. Can be overwritten for tests run after install or upgrade actions in ‘Install.IgnoreTestFailures’ and ‘Upgrade.IgnoreTestFailures’.

- - -filters
- - -[]./api/v2beta1.Filter - - - - -

Filters is a list of tests to run or exclude from running.

- - diff --git a/internal/action/test_test.go b/internal/action/test_test.go index b9dd71896..a78dcb78f 100644 --- a/internal/action/test_test.go +++ b/internal/action/test_test.go @@ -40,6 +40,15 @@ func Test_newTest(t *testing.T) { Timeout: &metav1.Duration{Duration: time.Minute}, Test: &v2.Test{ Timeout: &metav1.Duration{Duration: 10 * time.Second}, + Filters: &[]v2.Filter{ + { + Name: "test", + }, + { + Name: "test2", + Exclude: true, + }, + }, }, }, } @@ -48,6 +57,9 @@ func Test_newTest(t *testing.T) { g.Expect(got).ToNot(BeNil()) g.Expect(got.Namespace).To(Equal(obj.Namespace)) g.Expect(got.Timeout).To(Equal(obj.Spec.Test.Timeout.Duration)) + g.Expect(got.Filters).To(HaveLen(2)) + g.Expect(got.Filters).To(HaveKeyWithValue(Equal("name"), ContainElement("test"))) + g.Expect(got.Filters).To(HaveKeyWithValue(Equal("!name"), ContainElement("test2"))) }) t.Run("timeout fallback", func(t *testing.T) { From 9e1eedcfa4c6406dc88282a61f8b6163356ef9a6 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Thu, 15 Sep 2022 11:17:27 +0000 Subject: [PATCH 16/76] api: various changes to support new logic - Change the map with Helm release test hooks to a pointer map. This allows (in combination with the constrains around JSON serialization) to distinguish a release _without_ a test run from a release _with_ test run but no tests (an empty map). - Add `GetTestHooks` and `SetTestHooks` methods to help circumvent some of the common problems around working with a pointer map in Go (e.g. not being capable of iterating over it using range). - Add `HasBeenTested` and `HasTestInPhase` methods to help make observations on captured release information. - Add `StorageNamespace` to Status to allow for observations of configuration changes which are mutating compared to the spec. - Add `GetActiveRemediation` helper method to get the active remediation strategy based on the presence of Current and/or Previous release observations in the Status of the object. - Add `ReleaseTargetChanged` helper method to determine if an immutable release target changed has occurred, in which case e.g. garbage collection needs to happen before performing any other action. - Add `GetCurrent`, `HasCurrent`, `GetPrevious` and `HasPrevious` helper methods to ease access to their values nested in the Status. - Add `FullReleaseName` and `VersionedChartName` helper methods to e.g. allow printing full name references in Condition and Event messages which can be placed in a point in time based on metadata more familiar to a user than for example the observed generation. - Change `GetFailureCount` and `RetriesExhausted` signatures of `Remediation` interface to take a pointer. This eases use of the API, as generally speaking a (Kubernetes) API object is a pointer. - Move methods from `HelmReleaseSpec` to `HelmRelease`, this is easier to access and matches `GetConditions`, etc. - Remove `DeploymentAction` interface and `GetDescription` from `Remediation` interface as this is no longer of value. Signed-off-by: Hidde Beydals --- api/v2beta2/helmrelease_types.go | 220 ++++++++++++------ api/v2beta2/zz_generated.deepcopy.go | 24 +- .../helm.toolkit.fluxcd.io_helmreleases.yaml | 8 +- internal/action/install.go | 16 +- internal/action/rollback.go | 14 +- internal/action/test.go | 4 +- internal/action/uninstall.go | 8 +- internal/action/upgrade.go | 20 +- internal/reconcile/action.go | 14 +- internal/reconcile/test.go | 6 +- internal/reconcile/test_test.go | 7 +- 11 files changed, 215 insertions(+), 126 deletions(-) diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index e39709c26..28a3c237d 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -18,6 +18,7 @@ package v2beta2 import ( "encoding/json" + "fmt" "strings" "time" @@ -190,50 +191,6 @@ type HelmReleaseSpec struct { PostRenderers []PostRenderer `json:"postRenderers,omitempty"` } -// GetInstall returns the configuration for Helm install actions for the -// HelmRelease. -func (in HelmReleaseSpec) GetInstall() Install { - if in.Install == nil { - return Install{} - } - return *in.Install -} - -// GetUpgrade returns the configuration for Helm upgrade actions for this -// HelmRelease. -func (in HelmReleaseSpec) GetUpgrade() Upgrade { - if in.Upgrade == nil { - return Upgrade{} - } - return *in.Upgrade -} - -// GetTest returns the configuration for Helm test actions for this HelmRelease. -func (in HelmReleaseSpec) GetTest() Test { - if in.Test == nil { - return Test{} - } - return *in.Test -} - -// GetRollback returns the configuration for Helm rollback actions for this -// HelmRelease. -func (in HelmReleaseSpec) GetRollback() Rollback { - if in.Rollback == nil { - return Rollback{} - } - return *in.Rollback -} - -// GetUninstall returns the configuration for Helm uninstall actions for this -// HelmRelease. -func (in HelmReleaseSpec) GetUninstall() Uninstall { - if in.Uninstall == nil { - return Uninstall{} - } - return *in.Uninstall -} - // HelmChartTemplate defines the template from which the controller will // generate a v1beta2.HelmChart object in the same namespace as the referenced // v1.Source. @@ -353,13 +310,6 @@ type HelmChartTemplateVerification struct { SecretRef *meta.LocalObjectReference `json:"secretRef,omitempty"` } -// DeploymentAction defines a consistent interface for Install and Upgrade. -// +kubebuilder:object:generate=false -type DeploymentAction interface { - GetDescription() string - GetRemediation() Remediation -} - // Remediation defines a consistent interface for InstallRemediation and // UpgradeRemediation. // +kubebuilder:object:generate=false @@ -368,9 +318,9 @@ type Remediation interface { MustIgnoreTestFailures(bool) bool MustRemediateLastFailure() bool GetStrategy() RemediationStrategy - GetFailureCount(hr HelmRelease) int64 + GetFailureCount(hr *HelmRelease) int64 IncrementFailureCount(hr *HelmRelease) - RetriesExhausted(hr HelmRelease) bool + RetriesExhausted(hr *HelmRelease) bool } // Install holds the configuration for Helm install actions performed for this @@ -459,11 +409,6 @@ func (in Install) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { return *in.Timeout } -// GetDescription returns a description for the Helm install action. -func (in Install) GetDescription() string { - return "install" -} - // GetRemediation returns the configured Remediation for the Helm install action. func (in Install) GetRemediation() Remediation { if in.Remediation == nil { @@ -522,7 +467,7 @@ func (in InstallRemediation) GetStrategy() RemediationStrategy { } // GetFailureCount gets the failure count. -func (in InstallRemediation) GetFailureCount(hr HelmRelease) int64 { +func (in InstallRemediation) GetFailureCount(hr *HelmRelease) int64 { return hr.Status.InstallFailures } @@ -532,7 +477,7 @@ func (in InstallRemediation) IncrementFailureCount(hr *HelmRelease) { } // RetriesExhausted returns true if there are no remaining retries. -func (in InstallRemediation) RetriesExhausted(hr HelmRelease) bool { +func (in InstallRemediation) RetriesExhausted(hr *HelmRelease) bool { return in.Retries >= 0 && in.GetFailureCount(hr) > int64(in.Retries) } @@ -631,11 +576,6 @@ func (in Upgrade) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { return *in.Timeout } -// GetDescription returns a description for the Helm upgrade action. -func (in Upgrade) GetDescription() string { - return "upgrade" -} - // GetRemediation returns the configured Remediation for the Helm upgrade // action. func (in Upgrade) GetRemediation() Remediation { @@ -703,7 +643,7 @@ func (in UpgradeRemediation) GetStrategy() RemediationStrategy { } // GetFailureCount gets the failure count. -func (in UpgradeRemediation) GetFailureCount(hr HelmRelease) int64 { +func (in UpgradeRemediation) GetFailureCount(hr *HelmRelease) int64 { return hr.Status.UpgradeFailures } @@ -713,7 +653,7 @@ func (in UpgradeRemediation) IncrementFailureCount(hr *HelmRelease) { } // RetriesExhausted returns true if there are no remaining retries. -func (in UpgradeRemediation) RetriesExhausted(hr HelmRelease) bool { +func (in UpgradeRemediation) RetriesExhausted(hr *HelmRelease) bool { return in.Retries >= 0 && in.GetFailureCount(hr) > int64(in.Retries) } @@ -764,7 +704,7 @@ func (in Test) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { return *in.Timeout } -// Filters holds the configuration for individual Helm test filters. +// Filter holds the configuration for individual Helm test filters. type Filter struct { // Name is the name of the test. Name string `json:"name"` @@ -908,7 +848,50 @@ type HelmReleaseInfo struct { // TestHooks is the list of test hooks for the release as observed to be // run by the controller. // +optional - TestHooks map[string]*HelmReleaseTestHook `json:"testHooks,omitempty"` + TestHooks *map[string]*HelmReleaseTestHook `json:"testHooks,omitempty"` +} + +// FullReleaseName returns the full name of the release in the format +// of '/. +func (in *HelmReleaseInfo) FullReleaseName() string { + return fmt.Sprintf("%s/%s.%d", in.Namespace, in.Name, in.Version) +} + +// VersionedChartName returns the full name of the chart in the format of +// '@'. +func (in *HelmReleaseInfo) VersionedChartName() string { + return fmt.Sprintf("%s@%s", in.ChartName, in.ChartVersion) +} + +// HasBeenTested returns true if TestHooks is not nil. This includes an empty +// map, which indicates the chart has no tests. +func (in *HelmReleaseInfo) HasBeenTested() bool { + return in != nil && in.TestHooks != nil +} + +// GetTestHooks returns the TestHooks for the release if not nil. +func (in *HelmReleaseInfo) GetTestHooks() map[string]*HelmReleaseTestHook { + if in == nil { + return nil + } + return *in.TestHooks +} + +// HasTestInPhase returns true if any of the TestHooks is in the given phase. +func (in *HelmReleaseInfo) HasTestInPhase(phase string) bool { + if in != nil { + for _, h := range in.GetTestHooks() { + if h.Phase == phase { + return true + } + } + } + return false +} + +// SetTestHooks sets the TestHooks for the release. +func (in *HelmReleaseInfo) SetTestHooks(hooks map[string]*HelmReleaseTestHook) { + in.TestHooks = &hooks } // HelmReleaseTestHook holds the status information for a test hook as observed @@ -940,6 +923,10 @@ type HelmReleaseStatus struct { // +optional HelmChart string `json:"helmChart,omitempty"` + // StorageNamespace is the namespace of the Helm release storage for the + // Current release. + StorageNamespace string `json:"storageNamespace,omitempty"` + // Current holds the latest observed HelmReleaseInfo for the current // release. // +optional @@ -1014,6 +1001,101 @@ type HelmRelease struct { Status HelmReleaseStatus `json:"status,omitempty"` } +// GetInstall returns the configuration for Helm install actions for the +// HelmRelease. +func (in *HelmRelease) GetInstall() Install { + if in.Spec.Install == nil { + return Install{} + } + return *in.Spec.Install +} + +// GetUpgrade returns the configuration for Helm upgrade actions for this +// HelmRelease. +func (in *HelmRelease) GetUpgrade() Upgrade { + if in.Spec.Upgrade == nil { + return Upgrade{} + } + return *in.Spec.Upgrade +} + +// GetTest returns the configuration for Helm test actions for this HelmRelease. +func (in *HelmRelease) GetTest() Test { + if in.Spec.Test == nil { + return Test{} + } + return *in.Spec.Test +} + +// GetRollback returns the configuration for Helm rollback actions for this +// HelmRelease. +func (in *HelmRelease) GetRollback() Rollback { + if in.Spec.Rollback == nil { + return Rollback{} + } + return *in.Spec.Rollback +} + +// GetUninstall returns the configuration for Helm uninstall actions for this +// HelmRelease. +func (in *HelmRelease) GetUninstall() Uninstall { + if in.Spec.Uninstall == nil { + return Uninstall{} + } + return *in.Spec.Uninstall +} + +// GetCurrent returns HelmReleaseStatus.Current. +func (in HelmRelease) GetCurrent() *HelmReleaseInfo { + if in.HasCurrent() { + return in.Status.Current + } + return nil +} + +// HasCurrent returns true if the HelmRelease has a HelmReleaseStatus.Current. +func (in HelmRelease) HasCurrent() bool { + return in.Status.Current != nil +} + +// GetPrevious returns HelmReleaseStatus.Previous. +func (in HelmRelease) GetPrevious() *HelmReleaseInfo { + if in.HasPrevious() { + return in.Status.Previous + } + return nil +} + +// HasPrevious returns true if the HelmRelease has a HelmReleaseStatus.Previous. +func (in HelmRelease) HasPrevious() bool { + return in.Status.Previous != nil +} + +// ReleaseTargetChanged returns true if the HelmReleaseSpec has been mutated in +// such a way that it no longer targets the same release as the +// HelmReleaseStatus.Current. +func (in HelmRelease) ReleaseTargetChanged() bool { + switch { + case in.Status.StorageNamespace == "", in.Status.Current == nil: + return false + case in.GetStorageNamespace() != in.Status.StorageNamespace, + in.GetReleaseNamespace() != in.Status.Current.Namespace, + in.GetReleaseName() != in.Status.Current.Name, + in.GetHelmChartName() != in.Status.Current.ChartName: + return true + default: + return false + } +} + +// GetActiveRemediation returns the active Remediation for the HelmRelease. +func (in HelmRelease) GetActiveRemediation() Remediation { + if in.Status.Previous != nil { + return in.GetUpgrade().GetRemediation() + } + return in.GetInstall().GetRemediation() +} + // GetRequeueAfter returns the duration after which the HelmRelease // must be reconciled again. func (in HelmRelease) GetRequeueAfter() time.Duration { diff --git a/api/v2beta2/zz_generated.deepcopy.go b/api/v2beta2/zz_generated.deepcopy.go index 05b3614b1..25e118848 100644 --- a/api/v2beta2/zz_generated.deepcopy.go +++ b/api/v2beta2/zz_generated.deepcopy.go @@ -195,17 +195,21 @@ func (in *HelmReleaseInfo) DeepCopyInto(out *HelmReleaseInfo) { in.Deleted.DeepCopyInto(&out.Deleted) if in.TestHooks != nil { in, out := &in.TestHooks, &out.TestHooks - *out = make(map[string]*HelmReleaseTestHook, len(*in)) - for key, val := range *in { - var outVal *HelmReleaseTestHook - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = new(HelmReleaseTestHook) - (*in).DeepCopyInto(*out) + *out = new(map[string]*HelmReleaseTestHook) + if **in != nil { + in, out := *in, *out + *out = make(map[string]*HelmReleaseTestHook, len(*in)) + for key, val := range *in { + var outVal *HelmReleaseTestHook + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = new(HelmReleaseTestHook) + (*in).DeepCopyInto(*out) + } + (*out)[key] = outVal } - (*out)[key] = outVal } } } diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index f51142a3c..06dcdaf2a 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -1512,8 +1512,8 @@ spec: description: Filters is a list of tests to run or exclude from running. items: - description: Filters holds the configuration for individual - Helm test filters. + description: Filter holds the configuration for individual Helm + test filters. properties: exclude: description: Exclude is specifies whether the named test @@ -1974,6 +1974,10 @@ spec: - status - version type: object + storageNamespace: + description: StorageNamespace is the namespace of the Helm release + storage for the Current release. + type: string upgradeFailures: description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation. diff --git a/internal/action/install.go b/internal/action/install.go index 96fe49a1f..e282c2d6f 100644 --- a/internal/action/install.go +++ b/internal/action/install.go @@ -50,7 +50,7 @@ func Install(ctx context.Context, config *helmaction.Configuration, obj *v2.Helm chrt *helmchart.Chart, vals helmchartutil.Values, opts ...InstallOption) (*helmrelease.Release, error) { install := newInstall(config, obj, opts) - policy, err := crdPolicyOrDefault(obj.Spec.GetInstall().CRDs) + policy, err := crdPolicyOrDefault(obj.GetInstall().CRDs) if err != nil { return nil, err } @@ -66,17 +66,17 @@ func newInstall(config *helmaction.Configuration, obj *v2.HelmRelease, opts []In install.ReleaseName = obj.GetReleaseName() install.Namespace = obj.GetReleaseNamespace() - install.Timeout = obj.Spec.GetInstall().GetTimeout(obj.GetTimeout()).Duration - install.Wait = !obj.Spec.GetInstall().DisableWait - install.WaitForJobs = !obj.Spec.GetInstall().DisableWaitForJobs - install.DisableHooks = obj.Spec.GetInstall().DisableHooks - install.DisableOpenAPIValidation = obj.Spec.GetInstall().DisableOpenAPIValidation - install.Replace = obj.Spec.GetInstall().Replace + install.Timeout = obj.GetInstall().GetTimeout(obj.GetTimeout()).Duration + install.Wait = !obj.GetInstall().DisableWait + install.WaitForJobs = !obj.GetInstall().DisableWaitForJobs + install.DisableHooks = obj.GetInstall().DisableHooks + install.DisableOpenAPIValidation = obj.GetInstall().DisableOpenAPIValidation + install.Replace = obj.GetInstall().Replace install.Devel = true install.SkipCRDs = true if obj.Spec.TargetNamespace != "" { - install.CreateNamespace = obj.Spec.GetInstall().CreateNamespace + install.CreateNamespace = obj.GetInstall().CreateNamespace } // If the user opted-in to allow DNS lookups, enable it. diff --git a/internal/action/rollback.go b/internal/action/rollback.go index 0af54bd3c..130ba4f5d 100644 --- a/internal/action/rollback.go +++ b/internal/action/rollback.go @@ -43,13 +43,13 @@ func Rollback(config *helmaction.Configuration, obj *v2.HelmRelease, opts ...Rol func newRollback(config *helmaction.Configuration, obj *v2.HelmRelease, opts []RollbackOption) *helmaction.Rollback { rollback := helmaction.NewRollback(config) - rollback.Timeout = obj.Spec.GetRollback().GetTimeout(obj.GetTimeout()).Duration - rollback.Wait = !obj.Spec.GetRollback().DisableWait - rollback.WaitForJobs = !obj.Spec.GetRollback().DisableWaitForJobs - rollback.DisableHooks = obj.Spec.GetRollback().DisableHooks - rollback.Force = obj.Spec.GetRollback().Force - rollback.Recreate = obj.Spec.GetRollback().Recreate - rollback.CleanupOnFail = obj.Spec.GetRollback().CleanupOnFail + rollback.Timeout = obj.GetRollback().GetTimeout(obj.GetTimeout()).Duration + rollback.Wait = !obj.GetRollback().DisableWait + rollback.WaitForJobs = !obj.GetRollback().DisableWaitForJobs + rollback.DisableHooks = obj.GetRollback().DisableHooks + rollback.Force = obj.GetRollback().Force + rollback.Recreate = obj.GetRollback().Recreate + rollback.CleanupOnFail = obj.GetRollback().CleanupOnFail if prev := obj.Status.Previous; prev != nil && prev.Name == obj.GetReleaseName() && prev.Namespace == obj.GetReleaseNamespace() { rollback.Version = prev.Version diff --git a/internal/action/test.go b/internal/action/test.go index f3c5ffd2f..04a4e509d 100644 --- a/internal/action/test.go +++ b/internal/action/test.go @@ -47,11 +47,11 @@ func newTest(config *helmaction.Configuration, obj *v2.HelmRelease, opts []TestO test := helmaction.NewReleaseTesting(config) test.Namespace = obj.GetReleaseNamespace() - test.Timeout = obj.Spec.GetTest().GetTimeout(obj.GetTimeout()).Duration + test.Timeout = obj.GetTest().GetTimeout(obj.GetTimeout()).Duration filters := make(map[string][]string) - for _, f := range obj.Spec.GetTest().GetFilters() { + for _, f := range obj.GetTest().GetFilters() { name := "name" if f.Exclude { diff --git a/internal/action/uninstall.go b/internal/action/uninstall.go index bfbafd2d9..612773ff6 100644 --- a/internal/action/uninstall.go +++ b/internal/action/uninstall.go @@ -46,10 +46,10 @@ func Uninstall(_ context.Context, config *helmaction.Configuration, obj *v2.Helm func newUninstall(config *helmaction.Configuration, obj *v2.HelmRelease, opts []UninstallOption) *helmaction.Uninstall { uninstall := helmaction.NewUninstall(config) - uninstall.Timeout = obj.Spec.GetUninstall().GetTimeout(obj.GetTimeout()).Duration - uninstall.DisableHooks = obj.Spec.GetUninstall().DisableHooks - uninstall.KeepHistory = obj.Spec.GetUninstall().KeepHistory - uninstall.Wait = !obj.Spec.GetUninstall().DisableWait + uninstall.Timeout = obj.GetUninstall().GetTimeout(obj.GetTimeout()).Duration + uninstall.DisableHooks = obj.GetUninstall().DisableHooks + uninstall.KeepHistory = obj.GetUninstall().KeepHistory + uninstall.Wait = !obj.GetUninstall().DisableWait for _, opt := range opts { opt(uninstall) diff --git a/internal/action/upgrade.go b/internal/action/upgrade.go index 9901542f5..196310a7a 100644 --- a/internal/action/upgrade.go +++ b/internal/action/upgrade.go @@ -50,7 +50,7 @@ func Upgrade(ctx context.Context, config *helmaction.Configuration, obj *v2.Helm vals helmchartutil.Values, opts ...UpgradeOption) (*helmrelease.Release, error) { upgrade := newUpgrade(config, obj, opts) - policy, err := crdPolicyOrDefault(obj.Spec.GetInstall().CRDs) + policy, err := crdPolicyOrDefault(obj.GetInstall().CRDs) if err != nil { return nil, err } @@ -65,16 +65,16 @@ func newUpgrade(config *helmaction.Configuration, obj *v2.HelmRelease, opts []Up upgrade := helmaction.NewUpgrade(config) upgrade.Namespace = obj.GetReleaseNamespace() - upgrade.ResetValues = !obj.Spec.GetUpgrade().PreserveValues - upgrade.ReuseValues = obj.Spec.GetUpgrade().PreserveValues + upgrade.ResetValues = !obj.GetUpgrade().PreserveValues + upgrade.ReuseValues = obj.GetUpgrade().PreserveValues upgrade.MaxHistory = obj.GetMaxHistory() - upgrade.Timeout = obj.Spec.GetUpgrade().GetTimeout(obj.GetTimeout()).Duration - upgrade.Wait = !obj.Spec.GetUpgrade().DisableWait - upgrade.WaitForJobs = !obj.Spec.GetUpgrade().DisableWaitForJobs - upgrade.DisableHooks = obj.Spec.GetUpgrade().DisableHooks - upgrade.DisableOpenAPIValidation = obj.Spec.GetUpgrade().DisableOpenAPIValidation - upgrade.Force = obj.Spec.GetUpgrade().Force - upgrade.CleanupOnFail = obj.Spec.GetUpgrade().CleanupOnFail + upgrade.Timeout = obj.GetUpgrade().GetTimeout(obj.GetTimeout()).Duration + upgrade.Wait = !obj.GetUpgrade().DisableWait + upgrade.WaitForJobs = !obj.GetUpgrade().DisableWaitForJobs + upgrade.DisableHooks = obj.GetUpgrade().DisableHooks + upgrade.DisableOpenAPIValidation = obj.GetUpgrade().DisableOpenAPIValidation + upgrade.Force = obj.GetUpgrade().Force + upgrade.CleanupOnFail = obj.GetUpgrade().CleanupOnFail upgrade.Devel = true // If the user opted-in to allow DNS lookups, enable it. diff --git a/internal/reconcile/action.go b/internal/reconcile/action.go index 65bac3601..c8c10fb23 100644 --- a/internal/reconcile/action.go +++ b/internal/reconcile/action.go @@ -54,9 +54,9 @@ func NextAction(factory *action.ConfigFactory, req *Request) (ActionReconciler, return &Unlock{configFactory: factory}, nil } - remediation := req.Object.Spec.GetInstall().GetRemediation() + remediation := req.Object.GetInstall().GetRemediation() if req.Object.Status.Previous != nil { - remediation = req.Object.Spec.GetUpgrade().GetRemediation() + remediation = req.Object.GetUpgrade().GetRemediation() } // TODO(hidde): the logic below lacks some implementation details. E.g. @@ -80,12 +80,12 @@ func NextAction(factory *action.ConfigFactory, req *Request) (ActionReconciler, } } - if testSpec := req.Object.Spec.GetTest(); testSpec.Enable { + if testSpec := req.Object.GetTest(); testSpec.Enable { if !release.HasBeenTested(rls) { return &Test{configFactory: factory}, nil } if release.HasFailedTests(rls) { - if !remediation.MustIgnoreTestFailures(req.Object.Spec.GetTest().IgnoreFailures) { + if !remediation.MustIgnoreTestFailures(req.Object.GetTest().IgnoreFailures) { return rollbackOrUninstall(factory, req) } } @@ -95,15 +95,15 @@ func NextAction(factory *action.ConfigFactory, req *Request) (ActionReconciler, } func rollbackOrUninstall(factory *action.ConfigFactory, req *Request) (ActionReconciler, error) { - remediation := req.Object.Spec.GetInstall().GetRemediation() + remediation := req.Object.GetInstall().GetRemediation() if req.Object.Status.Previous != nil { // TODO: determine if previous is still in storage and unmodified - remediation = req.Object.Spec.GetUpgrade().GetRemediation() + remediation = req.Object.GetUpgrade().GetRemediation() } // TODO: remove dependency on counter, as this shouldn't be used to determine // if it's enabled. remediation.IncrementFailureCount(req.Object) - if !remediation.RetriesExhausted(*req.Object) || remediation.MustRemediateLastFailure() { + if !remediation.RetriesExhausted(req.Object) || remediation.MustRemediateLastFailure() { switch remediation.GetStrategy() { case v2.RollbackRemediationStrategy: return &Rollback{configFactory: factory}, nil diff --git a/internal/reconcile/test.go b/internal/reconcile/test.go index ed6b556a2..0c712cbee 100644 --- a/internal/reconcile/test.go +++ b/internal/reconcile/test.go @@ -72,7 +72,7 @@ func (r *Test) Reconcile(ctx context.Context, req *Request) error { // Compose success condition message. condMsg := "No test hooks." - if hookLen := len(req.Object.Status.Current.TestHooks); hookLen > 0 { + if hookLen := len(req.Object.Status.Current.GetTestHooks()); hookLen > 0 { condMsg = fmt.Sprintf("%d test hook(s) completed successfully.", hookLen) } conditions.MarkTrue(req.Object, v2.TestSuccessCondition, v2.TestSucceededReason, condMsg) @@ -93,9 +93,7 @@ func observeTest(obj *v2.HelmRelease) storage.ObserveFunc { obs := release.ObserveRelease(rls) if obs.Targets(cur.Name, cur.Namespace, cur.Version) { obj.Status.Current = release.ObservedToInfo(obs) - if hooks := release.TestHooksFromRelease(rls); len(hooks) > 0 { - obj.Status.Current.TestHooks = hooks - } + obj.GetCurrent().SetTestHooks(release.TestHooksFromRelease(rls)) } } } diff --git a/internal/reconcile/test_test.go b/internal/reconcile/test_test.go index 5a4959091..79064409b 100644 --- a/internal/reconcile/test_test.go +++ b/internal/reconcile/test_test.go @@ -129,7 +129,7 @@ func TestTest_Reconcile(t *testing.T) { }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { info := release.ObservedToInfo(release.ObserveRelease(releases[0])) - info.TestHooks = release.TestHooksFromRelease(releases[0]) + info.SetTestHooks(release.TestHooksFromRelease(releases[0])) return info }, }, @@ -157,6 +157,7 @@ func TestTest_Reconcile(t *testing.T) { }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { info := release.ObservedToInfo(release.ObserveRelease(releases[0])) + info.SetTestHooks(release.TestHooksFromRelease(releases[0])) return info }, }, @@ -184,7 +185,7 @@ func TestTest_Reconcile(t *testing.T) { }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { info := release.ObservedToInfo(release.ObserveRelease(releases[0])) - info.TestHooks = release.TestHooksFromRelease(releases[0]) + info.SetTestHooks(release.TestHooksFromRelease(releases[0])) return info }, expectFailures: 1, @@ -343,7 +344,7 @@ func Test_observeTest(t *testing.T) { }, testutil.ReleaseWithHooks(testHookFixtures)) expect := release.ObservedToInfo(release.ObserveRelease(rls)) - expect.TestHooks = release.TestHooksFromRelease(rls) + expect.SetTestHooks(release.TestHooksFromRelease(rls)) observeTest(obj)(rls) g.Expect(obj.Status.Current).To(Equal(expect)) From 0b8692f61a4553ff0683c8e2e8009ff6d01fc94f Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 20 Sep 2022 21:58:50 +0000 Subject: [PATCH 17/76] api: add service account name validation rule Signed-off-by: Hidde Beydals --- api/v2beta2/helmrelease_types.go | 11 +++++++++++ .../bases/helm.toolkit.fluxcd.io_helmreleases.yaml | 8 ++++++++ 2 files changed, 19 insertions(+) diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index 28a3c237d..2c63ee9d6 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -139,6 +139,8 @@ type HelmReleaseSpec struct { // The name of the Kubernetes service account to impersonate // when reconciling this HelmRelease. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 // +optional ServiceAccountName string `json:"serviceAccountName,omitempty"` @@ -225,6 +227,8 @@ type HelmChartTemplateObjectMeta struct { // generate a v1beta2.HelmChartSpec object. type HelmChartTemplateSpec struct { // The name or path the Helm chart is available at in the SourceRef. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 // +required Chart string `json:"chart"` @@ -707,6 +711,9 @@ func (in Test) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { // Filter holds the configuration for individual Helm test filters. type Filter struct { // Name is the name of the test. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +required Name string `json:"name"` // Exclude is specifies whether the named test should be excluded. // +optional @@ -925,6 +932,10 @@ type HelmReleaseStatus struct { // StorageNamespace is the namespace of the Helm release storage for the // Current release. + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Optional + // +optional StorageNamespace string `json:"storageNamespace,omitempty"` // Current holds the latest observed HelmReleaseInfo for the current diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index 06dcdaf2a..7fcce625a 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -984,6 +984,8 @@ spec: chart: description: The name or path the Helm chart is available at in the SourceRef. + maxLength: 2048 + minLength: 1 type: string interval: description: Interval at which to check the v1.Source for @@ -1482,6 +1484,8 @@ spec: serviceAccountName: description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease. + maxLength: 253 + minLength: 1 type: string storageNamespace: description: StorageNamespace used for the Helm storage. Defaults @@ -1521,6 +1525,8 @@ spec: type: boolean name: description: Name is the name of the test. + maxLength: 253 + minLength: 1 type: string required: - name @@ -1977,6 +1983,8 @@ spec: storageNamespace: description: StorageNamespace is the namespace of the Helm release storage for the Current release. + maxLength: 63 + minLength: 1 type: string upgradeFailures: description: UpgradeFailures is the upgrade failure count against From 9812286bb4454a91d9da5f751e2592f8783860eb Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Thu, 15 Sep 2022 14:04:25 +0000 Subject: [PATCH 18/76] action: add `Len` method to `LogBuffer` This allows for requesting the count of non-empty values in the ring buffer, and thus the number of log lines. Signed-off-by: Hidde Beydals --- internal/action/log.go | 16 ++++++++++++++++ internal/action/log_test.go | 24 ++++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/internal/action/log.go b/internal/action/log.go index 2a2b35bf8..152bba4c4 100644 --- a/internal/action/log.go +++ b/internal/action/log.go @@ -73,6 +73,22 @@ func (l *LogBuffer) Log(format string, v ...interface{}) { l.log(format, v...) } +// Len returns the count of non-empty values in the buffer. +func (l *LogBuffer) Len() int { + var count int + l.mu.RLock() + l.buffer.Do(func(s interface{}) { + if s == nil { + return + } + if s.(string) != "" { + count++ + } + }) + l.mu.RUnlock() + return count +} + // Reset clears the buffer. func (l *LogBuffer) Reset() { l.mu.Lock() diff --git a/internal/action/log_test.go b/internal/action/log_test.go index c4c29cae6..4d8939b82 100644 --- a/internal/action/log_test.go +++ b/internal/action/log_test.go @@ -51,6 +51,30 @@ func TestLogBuffer_Log(t *testing.T) { } } +func TestLogBuffer_Len(t *testing.T) { + tests := []struct { + name string + size int + fill []string + want int + }{ + {name: "empty buffer", fill: []string{}, want: 0}, + {name: "filled buffer", size: 2, fill: []string{"a", "b"}, want: 2}, + {name: "half full buffer", size: 4, fill: []string{"a", "b"}, want: 2}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + l := NewLogBuffer(NewDebugLog(logr.Discard()), tt.size) + for _, v := range tt.fill { + l.Log("%s", v) + } + if got := l.Len(); got != tt.want { + t.Errorf("String() = %v, want %v", got, tt.want) + } + }) + } +} + func TestLogBuffer_Reset(t *testing.T) { bufferSize := 10 l := NewLogBuffer(NewDebugLog(logr.Discard()), bufferSize) From 026fd45c2c9d38551dd669b2e7c60bccfc15f41b Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Thu, 15 Sep 2022 14:40:48 +0000 Subject: [PATCH 19/76] action: add name param to rollback and uninstall This gives more fine-grain control over what release must be targeted, as we do not always want to rely on the current spec but rather on e.g. a release we have made ourselves with a previous configuration for garbage collection purposes. Signed-off-by: Hidde Beydals --- internal/action/rollback.go | 4 ++-- internal/action/uninstall.go | 6 +++--- internal/reconcile/rollback.go | 2 +- internal/reconcile/uninstall.go | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/internal/action/rollback.go b/internal/action/rollback.go index 130ba4f5d..c839d5154 100644 --- a/internal/action/rollback.go +++ b/internal/action/rollback.go @@ -35,9 +35,9 @@ type RollbackOption func(*helmaction.Rollback) // expected to be done by the caller. In addition, it does not take note of the // action result. The caller is expected to listen to this using a // storage.ObserveFunc, which provides superior access to Helm storage writes. -func Rollback(config *helmaction.Configuration, obj *v2.HelmRelease, opts ...RollbackOption) error { +func Rollback(config *helmaction.Configuration, obj *v2.HelmRelease, releaseName string, opts ...RollbackOption) error { rollback := newRollback(config, obj, opts) - return rollback.Run(obj.GetReleaseName()) + return rollback.Run(releaseName) } func newRollback(config *helmaction.Configuration, obj *v2.HelmRelease, opts []RollbackOption) *helmaction.Rollback { diff --git a/internal/action/uninstall.go b/internal/action/uninstall.go index 612773ff6..9c866e108 100644 --- a/internal/action/uninstall.go +++ b/internal/action/uninstall.go @@ -28,7 +28,7 @@ import ( // UninstallOption can be used to modify Helm's action.Uninstall after the // instructions from the v2beta2.HelmRelease have been applied. This is for // example useful to enable the dry-run setting as a CLI. -type UninstallOption func(*helmaction.Uninstall) +type UninstallOption func(cfg *helmaction.Uninstall) // Uninstall runs the Helm uninstall action with the provided config, using the // v2beta2.HelmReleaseSpec of the given object to determine the target release @@ -38,9 +38,9 @@ type UninstallOption func(*helmaction.Uninstall) // expected to be done by the caller. In addition, it does not take note of the // action result. The caller is expected to listen to this using a // storage.ObserveFunc, which provides superior access to Helm storage writes. -func Uninstall(_ context.Context, config *helmaction.Configuration, obj *v2.HelmRelease, opts ...UninstallOption) (*helmrelease.UninstallReleaseResponse, error) { +func Uninstall(_ context.Context, config *helmaction.Configuration, obj *v2.HelmRelease, releaseName string, opts ...UninstallOption) (*helmrelease.UninstallReleaseResponse, error) { uninstall := newUninstall(config, obj, opts) - return uninstall.Run(obj.GetReleaseName()) + return uninstall.Run(releaseName) } func newUninstall(config *helmaction.Configuration, obj *v2.HelmRelease, opts []UninstallOption) *helmaction.Uninstall { diff --git a/internal/reconcile/rollback.go b/internal/reconcile/rollback.go index 319f80d7a..8c4acfca4 100644 --- a/internal/reconcile/rollback.go +++ b/internal/reconcile/rollback.go @@ -56,7 +56,7 @@ func (r *Rollback) Reconcile(ctx context.Context, req *Request) error { } // Run rollback action. - if err := action.Rollback(r.configFactory.Build(logBuf.Log, observeRollback(req.Object)), req.Object); err != nil { + if err := action.Rollback(r.configFactory.Build(logBuf.Log, observeRollback(req.Object)), req.Object, cur.Name); err != nil { // Mark failure on object. req.Object.Status.Failures++ conditions.MarkFalse(req.Object, v2.RemediatedCondition, v2.RollbackFailedReason, err.Error()) diff --git a/internal/reconcile/uninstall.go b/internal/reconcile/uninstall.go index c24f2be51..10116507d 100644 --- a/internal/reconcile/uninstall.go +++ b/internal/reconcile/uninstall.go @@ -49,7 +49,7 @@ func (r *Uninstall) Reconcile(ctx context.Context, req *Request) error { } // Run the uninstall action. - res, err := action.Uninstall(ctx, cfg, req.Object) + res, err := action.Uninstall(ctx, cfg, req.Object, cur.Name) // The Helm uninstall action does always target the latest release. Before // accepting results, we need to confirm this is actually the release we From 479341461a53beac066c34cffe1862aab561cfa3 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 20 Sep 2022 21:59:48 +0000 Subject: [PATCH 20/76] action: allow composed release name >=53 char This solves the issue where a release name composed out of e.g. the target namespace and name of the HelmRelease itself would exceed the >=53 character length. By calculating the SHA256 checksum of the release name, taking the first 12 characters of this checksum and appending it to the release named trimmed to 40 characters separated by a hyphen (`-abcdef12345678`). Signed-off-by: Hidde Beydals --- internal/action/install.go | 3 +- internal/action/upgrade.go | 4 +-- internal/release/name.go | 46 +++++++++++++++++++++++++++++ internal/release/name_test.go | 55 +++++++++++++++++++++++++++++++++++ 4 files changed, 105 insertions(+), 3 deletions(-) create mode 100644 internal/release/name.go create mode 100644 internal/release/name_test.go diff --git a/internal/action/install.go b/internal/action/install.go index e282c2d6f..035cd3ab5 100644 --- a/internal/action/install.go +++ b/internal/action/install.go @@ -28,6 +28,7 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/features" "github.com/fluxcd/helm-controller/internal/postrender" + "github.com/fluxcd/helm-controller/internal/release" ) // InstallOption can be used to modify Helm's action.Install after the instructions @@ -64,7 +65,7 @@ func Install(ctx context.Context, config *helmaction.Configuration, obj *v2.Helm func newInstall(config *helmaction.Configuration, obj *v2.HelmRelease, opts []InstallOption) *helmaction.Install { install := helmaction.NewInstall(config) - install.ReleaseName = obj.GetReleaseName() + install.ReleaseName = release.ShortenName(obj.GetReleaseName()) install.Namespace = obj.GetReleaseNamespace() install.Timeout = obj.GetInstall().GetTimeout(obj.GetTimeout()).Duration install.Wait = !obj.GetInstall().DisableWait diff --git a/internal/action/upgrade.go b/internal/action/upgrade.go index 196310a7a..f18e50a26 100644 --- a/internal/action/upgrade.go +++ b/internal/action/upgrade.go @@ -28,6 +28,7 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/features" "github.com/fluxcd/helm-controller/internal/postrender" + "github.com/fluxcd/helm-controller/internal/release" ) // UpgradeOption can be used to modify Helm's action.Upgrade after the instructions @@ -58,12 +59,11 @@ func Upgrade(ctx context.Context, config *helmaction.Configuration, obj *v2.Helm return nil, fmt.Errorf("failed to apply CustomResourceDefinitions: %w", err) } - return upgrade.RunWithContext(ctx, obj.GetReleaseName(), chrt, vals.AsMap()) + return upgrade.RunWithContext(ctx, release.ShortenName(obj.GetReleaseName()), chrt, vals.AsMap()) } func newUpgrade(config *helmaction.Configuration, obj *v2.HelmRelease, opts []UpgradeOption) *helmaction.Upgrade { upgrade := helmaction.NewUpgrade(config) - upgrade.Namespace = obj.GetReleaseNamespace() upgrade.ResetValues = !obj.GetUpgrade().PreserveValues upgrade.ReuseValues = obj.GetUpgrade().PreserveValues diff --git a/internal/release/name.go b/internal/release/name.go new file mode 100644 index 000000000..c01b68dfb --- /dev/null +++ b/internal/release/name.go @@ -0,0 +1,46 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "crypto/sha256" + "fmt" +) + +// ShortenName returns a short release name in the format of +// '-' for the given name +// if it exceeds 53 characters in length. +// +// The shortening is done by hashing the given release name with +// SHA256 and taking the first 12 characters of the resulting hash. +// The hash is then appended to the release name shortened to 40 +// characters divided by a hyphen separator. +// +// For example: 'some-front-appended-namespace-release-wi-1234567890ab' +// where '1234567890ab' are the first 12 characters of the SHA hash. +func ShortenName(name string) string { + if len(name) <= 53 { + return name + } + + const maxLength = 53 + const shortHashLength = 12 + + sum := fmt.Sprintf("%x", sha256.Sum256([]byte(name))) + shortName := name[:maxLength-(shortHashLength+1)] + "-" + return shortName + sum[:shortHashLength] +} diff --git a/internal/release/name_test.go b/internal/release/name_test.go new file mode 100644 index 000000000..416629d12 --- /dev/null +++ b/internal/release/name_test.go @@ -0,0 +1,55 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package release + +import ( + "testing" + + . "github.com/onsi/gomega" +) + +func TestShortName(t *testing.T) { + g := NewWithT(t) + + tests := []struct { + name string + expected string + }{ + { + name: "release-name", + expected: "release-name", + }, + { + name: "release-name-with-very-long-name-which-is-longer-than-53-characters", + expected: "release-name-with-very-long-name-which-i-788ca0d0d7b0", + }, + { + name: "another-release-name-with-very-long-name-which-is-longer-than-53-characters", + expected: "another-release-name-with-very-long-name-7e72150d5a36", + }, + { + name: "", + expected: "", + }, + } + + for _, tt := range tests { + got := ShortenName(tt.name) + g.Expect(got).To(Equal(tt.expected), got) + g.Expect(got).To(Satisfy(func(s string) bool { return len(s) <= 53 })) + } +} From b975b3f9995ae8a20570edd23e9407ce2f9bca59 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 16 Sep 2022 13:01:05 +0000 Subject: [PATCH 21/76] reconcile: add atomic release reconciler This commit adds an atomic release reconciler, capable of stepping through a series of Helm actions. In addition, it adds the last bits around eventing and summarizing the end state of the Condition types into e.g. a Ready condition. Signed-off-by: Hidde Beydals --- api/v2beta2/helmrelease_types.go | 17 - internal/action/rollback.go | 25 +- internal/action/rollback_test.go | 36 +- internal/action/verify.go | 115 +++- internal/action/verify_test.go | 568 +++++++++++++++++ internal/reconcile/action.go | 156 +++-- internal/reconcile/action_test.go | 280 ++++++++- internal/reconcile/atomic_release.go | 242 +++++++ internal/reconcile/atomic_release_test.go | 192 ++++++ internal/reconcile/install.go | 94 ++- internal/reconcile/install_test.go | 29 +- internal/reconcile/reconcile.go | 24 + internal/reconcile/release.go | 147 ++++- internal/reconcile/release_test.go | 591 +++++++++++++++++- internal/reconcile/rollback.go | 94 --- internal/reconcile/rollback_remediation.go | 167 +++++ ...k_test.go => rollback_remediation_test.go} | 139 +++- internal/reconcile/suite_test.go | 12 +- internal/reconcile/test.go | 119 +++- internal/reconcile/test_test.go | 49 +- internal/reconcile/uninstall.go | 105 +++- internal/reconcile/uninstall_remediation.go | 163 +++++ .../reconcile/uninstall_remediation_test.go | 364 +++++++++++ internal/reconcile/uninstall_test.go | 102 ++- internal/reconcile/unlock.go | 93 ++- internal/reconcile/unlock_test.go | 35 +- internal/reconcile/upgrade.go | 92 ++- internal/reconcile/upgrade_test.go | 39 +- internal/release/util.go | 26 - internal/release/util_test.go | 20 - 30 files changed, 3664 insertions(+), 471 deletions(-) create mode 100644 internal/action/verify_test.go create mode 100644 internal/reconcile/atomic_release.go create mode 100644 internal/reconcile/atomic_release_test.go delete mode 100644 internal/reconcile/rollback.go create mode 100644 internal/reconcile/rollback_remediation.go rename internal/reconcile/{rollback_test.go => rollback_remediation_test.go} (69%) create mode 100644 internal/reconcile/uninstall_remediation.go create mode 100644 internal/reconcile/uninstall_remediation_test.go diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index 2c63ee9d6..77da07aa7 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -1082,23 +1082,6 @@ func (in HelmRelease) HasPrevious() bool { return in.Status.Previous != nil } -// ReleaseTargetChanged returns true if the HelmReleaseSpec has been mutated in -// such a way that it no longer targets the same release as the -// HelmReleaseStatus.Current. -func (in HelmRelease) ReleaseTargetChanged() bool { - switch { - case in.Status.StorageNamespace == "", in.Status.Current == nil: - return false - case in.GetStorageNamespace() != in.Status.StorageNamespace, - in.GetReleaseNamespace() != in.Status.Current.Namespace, - in.GetReleaseName() != in.Status.Current.Name, - in.GetHelmChartName() != in.Status.Current.ChartName: - return true - default: - return false - } -} - // GetActiveRemediation returns the active Remediation for the HelmRelease. func (in HelmRelease) GetActiveRemediation() Remediation { if in.Status.Previous != nil { diff --git a/internal/action/rollback.go b/internal/action/rollback.go index c839d5154..3985597d4 100644 --- a/internal/action/rollback.go +++ b/internal/action/rollback.go @@ -27,9 +27,24 @@ import ( // example useful to enable the dry-run setting as a CLI. type RollbackOption func(*helmaction.Rollback) -// Rollback runs the Helm rollback action with the provided config, using the -// v2beta2.HelmReleaseSpec of the given object to determine the target release -// and rollback configuration. +// RollbackToVersion returns a RollbackOption which sets the version to +// roll back to. +func RollbackToVersion(version int) RollbackOption { + return func(rollback *helmaction.Rollback) { + rollback.Version = version + } +} + +// RollbackDryRun returns a RollbackOption which enables the dry-run setting. +func RollbackDryRun() RollbackOption { + return func(rollback *helmaction.Rollback) { + rollback.DryRun = true + } +} + +// Rollback runs the Helm rollback action with the provided config. Targeting +// a specific release or enabling dry-run is possible by providing +// RollbackToVersion and/or RollbackDryRun as options. // // It does not determine if there is a desire to perform the action, this is // expected to be done by the caller. In addition, it does not take note of the @@ -51,10 +66,6 @@ func newRollback(config *helmaction.Configuration, obj *v2.HelmRelease, opts []R rollback.Recreate = obj.GetRollback().Recreate rollback.CleanupOnFail = obj.GetRollback().CleanupOnFail - if prev := obj.Status.Previous; prev != nil && prev.Name == obj.GetReleaseName() && prev.Namespace == obj.GetReleaseNamespace() { - rollback.Version = prev.Version - } - for _, opt := range opts { opt(rollback) } diff --git a/internal/action/rollback_test.go b/internal/action/rollback_test.go index 34d880bd0..adb66fd5b 100644 --- a/internal/action/rollback_test.go +++ b/internal/action/rollback_test.go @@ -51,7 +51,7 @@ func Test_newRollback(t *testing.T) { g.Expect(got.Force).To(Equal(obj.Spec.Rollback.Force)) }) - t.Run("rollback with previous", func(t *testing.T) { + t.Run("rollback to version", func(t *testing.T) { g := NewWithT(t) obj := &v2.HelmRelease{ @@ -59,40 +59,12 @@ func Test_newRollback(t *testing.T) { Name: "rollback", Namespace: "rollback-ns", }, - Status: v2.HelmReleaseStatus{ - Previous: &v2.HelmReleaseInfo{ - Name: "rollback", - Namespace: "rollback-ns", - Version: 3, - }, - }, - } - - got := newRollback(&helmaction.Configuration{}, obj, nil) - g.Expect(got).ToNot(BeNil()) - g.Expect(got.Version).To(Equal(obj.Status.Previous.Version)) - }) - - t.Run("rollback with stale previous", func(t *testing.T) { - g := NewWithT(t) - - obj := &v2.HelmRelease{ - ObjectMeta: metav1.ObjectMeta{ - Name: "rollback", - Namespace: "rollback-ns", - }, - Status: v2.HelmReleaseStatus{ - Previous: &v2.HelmReleaseInfo{ - Name: "rollback", - Namespace: "other-ns", - Version: 3, - }, - }, } - got := newRollback(&helmaction.Configuration{}, obj, nil) + toVersion := 3 + got := newRollback(&helmaction.Configuration{}, obj, []RollbackOption{RollbackToVersion(toVersion)}) g.Expect(got).ToNot(BeNil()) - g.Expect(got.Version).To(BeZero()) + g.Expect(got.Version).To(Equal(toVersion)) }) t.Run("timeout fallback", func(t *testing.T) { diff --git a/internal/action/verify.go b/internal/action/verify.go index f7040bc0e..bc0cdab13 100644 --- a/internal/action/verify.go +++ b/internal/action/verify.go @@ -33,57 +33,126 @@ import ( ) var ( - ErrReleaseDisappeared = errors.New("observed release disappeared from storage") + ErrReleaseDisappeared = errors.New("release disappeared from storage") ErrReleaseNotFound = errors.New("no release found") - ErrReleaseNotObserved = errors.New("release not observed to be made by reconciler") + ErrReleaseNotObserved = errors.New("release not observed to be made for object") ErrReleaseDigest = errors.New("release digest verification error") ErrChartChanged = errors.New("release chart changed") ErrConfigDigest = errors.New("release config digest verification error") ) -// VerifyStorage verifies that the last release in the Helm storage matches the -// Current state of the given HelmRelease. It returns the release, or an error -// of type ErrReleaseDisappeared, ErrReleaseNotFound, ErrReleaseNotObserved, or -// ErrReleaseDigest. -func VerifyStorage(config *helmaction.Configuration, obj *v2.HelmRelease) (*helmrelease.Release, error) { - curRel := obj.Status.Current - rls, err := config.Releases.Last(obj.GetReleaseName()) +// ReleaseTargetChanged returns true if the given release and/or chart +// name have been mutated in such a way that it no longer has the same release +// target as the Status.Current. By comparing the (storage) namespace, and +// release and chart names. This can be used to e.g. trigger a garbage +// collection of the old release before installing the new one. +func ReleaseTargetChanged(obj *v2.HelmRelease, chartName string) bool { + cur := obj.GetCurrent() + switch { + case obj.Status.StorageNamespace == "", cur == nil: + return false + case obj.GetStorageNamespace() != obj.Status.StorageNamespace: + return true + case obj.GetReleaseNamespace() != cur.Namespace: + return true + case release.ShortenName(obj.GetReleaseName()) != cur.Name: + return true + case chartName != cur.ChartName: + return true + default: + return false + } +} + +// IsInstalled returns true if there is any release in the Helm storage with the +// given name. It returns any error other than driver.ErrReleaseNotFound. +func IsInstalled(config *helmaction.Configuration, releaseName string) (bool, error) { + _, err := config.Releases.Last(release.ShortenName(releaseName)) + if err != nil { + if errors.Is(err, helmdriver.ErrReleaseNotFound) { + return false, nil + } + return false, err + } + return true, nil +} + +// VerifyReleaseInfo verifies the data of the given v2beta2.HelmReleaseInfo +// matches the release object in the Helm storage. It returns the verified +// release, or an error of type ErrReleaseNotFound, ErrReleaseDisappeared, +// ErrReleaseDigest or ErrReleaseNotObserved indicating the reason for the +// verification failure. +func VerifyReleaseInfo(config *helmaction.Configuration, info *v2.HelmReleaseInfo) (rls *helmrelease.Release, err error) { + if info == nil { + return nil, ErrReleaseNotFound + } + + rls, err = config.Releases.Get(info.Name, info.Version) if err != nil { if errors.Is(err, helmdriver.ErrReleaseNotFound) { - if curRel != nil && curRel.Name == obj.GetReleaseName() && curRel.Namespace == obj.GetReleaseNamespace() { - return nil, ErrReleaseDisappeared - } - return nil, ErrReleaseNotFound + return nil, ErrReleaseDisappeared } return nil, err } - if curRel == nil { - return rls, ErrReleaseNotObserved + + if err = VerifyReleaseObject(info, rls); err != nil { + return nil, err } + return rls, nil +} - relDig, err := digest.Parse(obj.Status.Current.Digest) +// VerifyLastStorageItem verifies the data of the given v2beta2.HelmReleaseInfo +// matches the last release object in the Helm storage. It returns the verified +// release, or an error of type ErrReleaseNotFound, ErrReleaseDisappeared, +// ErrReleaseDigest or ErrReleaseNotObserved indicating the reason for the +// verification failure. +func VerifyLastStorageItem(config *helmaction.Configuration, info *v2.HelmReleaseInfo) (rls *helmrelease.Release, err error) { + if info == nil { + return nil, ErrReleaseNotFound + } + + rls, err = config.Releases.Last(info.Name) if err != nil { - return rls, ErrReleaseDigest + if errors.Is(err, helmdriver.ErrReleaseNotFound) { + return nil, ErrReleaseDisappeared + } + return nil, err + } + + if err = VerifyReleaseObject(info, rls); err != nil { + return nil, err + } + return rls, nil +} + +// VerifyReleaseObject verifies the data of the given v2beta2.HelmReleaseInfo +// matches the given Helm release object. It returns the verified +// release, or an error of type ErrReleaseDigest or ErrReleaseNotObserved +// indicating the reason for the verification failure. +func VerifyReleaseObject(info *v2.HelmReleaseInfo, rls *helmrelease.Release) error { + relDig, err := digest.Parse(info.Digest) + if err != nil { + return ErrReleaseDigest } verifier := relDig.Verifier() obs := release.ObserveRelease(rls) - if err := obs.Encode(verifier); err != nil { + if err = obs.Encode(verifier); err != nil { // We are expected to be able to encode valid JSON, error out without a // typed error assuming malfunction to signal to e.g. retry. - return nil, err + return err } if !verifier.Verified() { - return nil, ErrReleaseNotObserved + return ErrReleaseNotObserved } - return rls, nil + return nil } // VerifyRelease verifies that the data of the given release matches the given // chart metadata, and the provided values match the Current.ConfigDigest. // It returns either an error of type ErrReleaseNotFound, ErrChartChanged or // ErrConfigDigest, or nil. -func VerifyRelease(rls *helmrelease.Release, obj *v2.HelmRelease, chrt *helmchart.Metadata, vals helmchartutil.Values) error { +func VerifyRelease(rls *helmrelease.Release, info *v2.HelmReleaseInfo, chrt *helmchart.Metadata, vals helmchartutil.Values) error { if rls == nil { return ErrReleaseNotFound } @@ -94,7 +163,7 @@ func VerifyRelease(rls *helmrelease.Release, obj *v2.HelmRelease, chrt *helmchar } } - if !chartutil.VerifyValues(digest.Digest(obj.Status.Current.ConfigDigest), vals) { + if info == nil || !chartutil.VerifyValues(digest.Digest(info.ConfigDigest), vals) { return ErrConfigDigest } return nil diff --git a/internal/action/verify_test.go b/internal/action/verify_test.go new file mode 100644 index 000000000..698d48ac0 --- /dev/null +++ b/internal/action/verify_test.go @@ -0,0 +1,568 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package action + +import ( + "errors" + "testing" + + . "github.com/onsi/gomega" + helmaction "helm.sh/helm/v3/pkg/action" + helmchart "helm.sh/helm/v3/pkg/chart" + "helm.sh/helm/v3/pkg/chartutil" + helmrelease "helm.sh/helm/v3/pkg/release" + helmstorage "helm.sh/helm/v3/pkg/storage" + "helm.sh/helm/v3/pkg/storage/driver" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func TestReleaseTargetChanged(t *testing.T) { + const ( + defaultNamespace = "default-ns" + defaultName = "default-name" + defaultChartName = "default-chart" + defaultReleaseName = "default-release" + defaultTargetNamespace = "default-target-ns" + defaultStorageNamespace = "default-storage-ns" + ) + + tests := []struct { + name string + chartName string + spec v2.HelmReleaseSpec + status v2.HelmReleaseStatus + want bool + }{ + { + name: "no change", + chartName: defaultChartName, + spec: v2.HelmReleaseSpec{}, + status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ + Name: defaultName, + Namespace: defaultNamespace, + ChartName: defaultChartName, + }, + StorageNamespace: defaultNamespace, + }, + want: false, + }, + { + name: "no storage namespace", + chartName: defaultChartName, + spec: v2.HelmReleaseSpec{ + ReleaseName: defaultReleaseName, + }, + status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ + Name: defaultReleaseName, + Namespace: defaultNamespace, + ChartName: defaultChartName, + }, + }, + want: false, + }, + { + name: "no current", + spec: v2.HelmReleaseSpec{}, + status: v2.HelmReleaseStatus{ + StorageNamespace: defaultNamespace, + Current: nil, + }, + want: false, + }, + { + name: "different storage namespace", + chartName: defaultChartName, + spec: v2.HelmReleaseSpec{ + StorageNamespace: defaultStorageNamespace, + }, + status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ + Name: defaultName, + Namespace: defaultNamespace, + ChartName: defaultChartName, + }, + StorageNamespace: defaultNamespace, + }, + want: true, + }, + { + name: "different release namespace", + chartName: defaultChartName, + spec: v2.HelmReleaseSpec{ + TargetNamespace: defaultTargetNamespace, + }, + status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ + Name: defaultName, + Namespace: defaultNamespace, + ChartName: defaultChartName, + }, + StorageNamespace: defaultNamespace, + }, + want: true, + }, + { + name: "different release name", + chartName: defaultChartName, + spec: v2.HelmReleaseSpec{ + ReleaseName: defaultReleaseName, + }, + status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ + Name: defaultName, + Namespace: defaultNamespace, + ChartName: defaultChartName, + }, + StorageNamespace: defaultNamespace, + }, + want: true, + }, + { + name: "different chart name", + chartName: "other-chart", + spec: v2.HelmReleaseSpec{}, + status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ + Name: defaultName, + Namespace: defaultNamespace, + ChartName: defaultChartName, + }, + StorageNamespace: defaultNamespace, + }, + want: true, + }, + { + name: "matching shortened release name", + chartName: defaultChartName, + spec: v2.HelmReleaseSpec{ + TargetNamespace: "target-namespace-exceeding-max-characters", + }, + status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ + Name: "target-namespace-exceeding-max-character-eceb26601388", + Namespace: "target-namespace-exceeding-max-characters", + ChartName: defaultChartName, + }, + StorageNamespace: defaultNamespace, + }, + want: false, + }, + { + name: "different shortened release name", + chartName: defaultChartName, + spec: v2.HelmReleaseSpec{ + TargetNamespace: "target-namespace-exceeding-max-characters", + }, + status: v2.HelmReleaseStatus{ + Current: &v2.HelmReleaseInfo{ + Name: defaultName, + Namespace: "target-namespace-exceeding-max-characters", + ChartName: defaultChartName, + }, + StorageNamespace: defaultNamespace, + }, + want: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + got := ReleaseTargetChanged(&v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: defaultNamespace, + Name: defaultName, + }, + Spec: tt.spec, + Status: tt.status, + }, tt.chartName) + g.Expect(got).To(Equal(tt.want)) + }) + } +} + +func TestIsInstalled(t *testing.T) { + var mockError = errors.New("query mock error") + + tests := []struct { + name string + releaseName string + releases []*helmrelease.Release + queryError error + want bool + wantErr error + }{ + { + name: "installed", + releaseName: "release", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "release", + Version: 1, + Status: helmrelease.StatusDeployed, + Namespace: "default", + }), + }, + want: true, + }, + { + name: "not installed", + releaseName: "release", + want: false, + }, + { + name: "release list error", + queryError: mockError, + wantErr: mockError, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + s := helmstorage.Init(driver.NewMemory()) + for _, v := range tt.releases { + g.Expect(s.Create(v)).To(Succeed()) + } + + s.Driver = &storage.Failing{ + Driver: s.Driver, + QueryErr: tt.queryError, + } + + got, err := IsInstalled(&helmaction.Configuration{Releases: s}, tt.releaseName) + + if tt.wantErr != nil { + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(Equal(tt.wantErr)) + g.Expect(got).To(BeFalse()) + return + } + + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(got).To(Equal(tt.want)) + }) + } +} + +func TestVerifyReleaseInfo(t *testing.T) { + mock := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "release", + Version: 1, + Status: helmrelease.StatusDeployed, + Namespace: "default", + }) + otherMock := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "release", + Version: 1, + Status: helmrelease.StatusSuperseded, + Namespace: "default", + }) + mockInfo := release.ObservedToInfo(release.ObserveRelease(mock)) + mockGetErr := errors.New("mock get error") + + tests := []struct { + name string + info *v2.HelmReleaseInfo + release *helmrelease.Release + getError error + want *helmrelease.Release + wantErr error + }{ + { + name: "valid release", + info: mockInfo, + release: mock, + want: mock, + }, + { + name: "invalid release", + info: mockInfo, + release: otherMock, + wantErr: ErrReleaseNotObserved, + }, + { + name: "release not found", + info: mockInfo, + release: nil, + wantErr: ErrReleaseDisappeared, + }, + { + name: "no release info", + info: nil, + release: nil, + wantErr: ErrReleaseNotFound, + }, + { + name: "driver get error", + info: mockInfo, + getError: mockGetErr, + wantErr: mockGetErr, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + s := helmstorage.Init(driver.NewMemory()) + if tt.release != nil { + g.Expect(s.Create(tt.release)).To(Succeed()) + } + + s.Driver = &storage.Failing{ + Driver: s.Driver, + GetErr: tt.getError, + } + + rls, err := VerifyReleaseInfo(&helmaction.Configuration{Releases: s}, tt.info) + if tt.wantErr != nil { + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(Equal(tt.wantErr)) + g.Expect(rls).To(BeNil()) + return + } + + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(rls).To(Equal(tt.want)) + }) + } +} + +func TestVerifyLastStorageItem(t *testing.T) { + mockOne := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "release", + Version: 1, + Status: helmrelease.StatusSuperseded, + Namespace: "default", + }) + mockTwo := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "release", + Version: 2, + Status: helmrelease.StatusDeployed, + Namespace: "default", + }) + mockInfo := release.ObservedToInfo(release.ObserveRelease(mockTwo)) + mockQueryErr := errors.New("mock query error") + + tests := []struct { + name string + info *v2.HelmReleaseInfo + releases []*helmrelease.Release + queryError error + want *helmrelease.Release + wantErr error + }{ + { + name: "valid last release", + info: mockInfo, + releases: []*helmrelease.Release{mockOne, mockTwo}, + want: mockTwo, + }, + { + name: "invalid last release", + info: mockInfo, + releases: []*helmrelease.Release{mockOne}, + wantErr: ErrReleaseNotObserved, + }, + { + name: "no last release", + info: mockInfo, + releases: []*helmrelease.Release{}, + wantErr: ErrReleaseDisappeared, + }, + { + name: "no release info", + info: nil, + releases: nil, + wantErr: ErrReleaseNotFound, + }, + { + name: "driver query error", + info: mockInfo, + queryError: mockQueryErr, + wantErr: mockQueryErr, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + s := helmstorage.Init(driver.NewMemory()) + for _, v := range tt.releases { + g.Expect(s.Create(v)).To(Succeed()) + } + + s.Driver = &storage.Failing{ + Driver: s.Driver, + QueryErr: tt.queryError, + } + + rls, err := VerifyLastStorageItem(&helmaction.Configuration{Releases: s}, tt.info) + if tt.wantErr != nil { + g.Expect(err).To(HaveOccurred()) + g.Expect(err).To(Equal(tt.wantErr)) + g.Expect(rls).To(BeNil()) + return + } + + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(rls).To(Equal(tt.want)) + }) + } +} + +func TestVerifyReleaseObject(t *testing.T) { + mockRls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "release", + Version: 1, + Status: helmrelease.StatusSuperseded, + Namespace: "default", + }) + mockInfo := release.ObservedToInfo(release.ObserveRelease(mockRls)) + mockInfoIllegal := mockInfo.DeepCopy() + mockInfoIllegal.Digest = "illegal" + + tests := []struct { + name string + info *v2.HelmReleaseInfo + rls *helmrelease.Release + wantErr error + }{ + { + name: "valid digest", + info: mockInfo, + rls: mockRls, + }, + { + name: "illegal digest", + info: mockInfoIllegal, + wantErr: ErrReleaseDigest, + }, + { + name: "invalid digest", + info: mockInfo, + rls: testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "release", + Version: 1, + Status: helmrelease.StatusDeployed, + Namespace: "default", + }), + wantErr: ErrReleaseNotObserved, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + got := VerifyReleaseObject(tt.info, tt.rls) + + if tt.wantErr != nil { + g.Expect(got).To(HaveOccurred()) + g.Expect(got).To(Equal(tt.wantErr)) + return + } + + g.Expect(got).NotTo(HaveOccurred()) + }) + } +} + +func TestVerifyRelease(t *testing.T) { + mockRls := testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: "release", + Version: 1, + Status: helmrelease.StatusSuperseded, + Namespace: "default", + }) + mockInfo := release.ObservedToInfo(release.ObserveRelease(mockRls)) + + tests := []struct { + name string + rls *helmrelease.Release + info *v2.HelmReleaseInfo + chrt *helmchart.Metadata + vals chartutil.Values + wantErr error + }{ + { + name: "equal", + rls: mockRls, + info: mockInfo, + chrt: mockRls.Chart.Metadata, + vals: mockRls.Config, + }, + { + name: "no release", + rls: nil, + info: mockInfo, + chrt: mockRls.Chart.Metadata, + vals: mockRls.Config, + wantErr: ErrReleaseNotFound, + }, + { + name: "no release info", + rls: mockRls, + info: nil, + chrt: mockRls.Chart.Metadata, + vals: mockRls.Config, + wantErr: ErrConfigDigest, + }, + { + name: "chart meta diff", + rls: mockRls, + info: mockInfo, + chrt: &helmchart.Metadata{ + Name: "some-other-chart", + Version: "1.0.0", + }, + vals: mockRls.Config, + wantErr: ErrChartChanged, + }, + { + name: "chart values diff", + rls: mockRls, + info: mockInfo, + chrt: mockRls.Chart.Metadata, + vals: chartutil.Values{ + "some": "other", + }, + wantErr: ErrConfigDigest, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + got := VerifyRelease(tt.rls, tt.info, tt.chrt, tt.vals) + + if tt.wantErr != nil { + g.Expect(got).To(HaveOccurred()) + g.Expect(got).To(Equal(tt.wantErr)) + return + } + + g.Expect(got).ToNot(HaveOccurred()) + }) + } +} diff --git a/internal/reconcile/action.go b/internal/reconcile/action.go index c8c10fb23..6a0e7c9ba 100644 --- a/internal/reconcile/action.go +++ b/internal/reconcile/action.go @@ -17,99 +17,157 @@ limitations under the License. package reconcile import ( + "context" "errors" + "fmt" helmrelease "helm.sh/helm/v3/pkg/release" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/fluxcd/pkg/runtime/logger" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" - "github.com/fluxcd/helm-controller/internal/release" ) var ( - // ErrReconcileEnd is returned by NextAction when the reconciliation process - // has reached an end state. - ErrReconcileEnd = errors.New("abort reconcile") + // ErrNoRetriesRemain is returned when there are no remaining retry + // attempts for the provided release config. + ErrNoRetriesRemain = errors.New("no retries remain") ) // NextAction determines the action that should be performed for the release // by verifying the integrity of the Helm storage and further state of the // release, and comparing the Request.Chart and Request.Values to the latest // release. It can be called repeatedly to step through the reconciliation -// process until it ends up in a state as desired by the Request.Object. -func NextAction(factory *action.ConfigFactory, req *Request) (ActionReconciler, error) { - rls, err := action.VerifyStorage(factory.Build(nil), req.Object) - if err != nil { - switch err { - case action.ErrReleaseNotFound, action.ErrReleaseDisappeared: - return &Install{configFactory: factory}, nil - case action.ErrReleaseNotObserved, action.ErrReleaseDigest: - return &Upgrade{configFactory: factory}, nil - default: - return nil, err +// process until it ends up in a state as desired by the Request.Object, +// or no retries remain. +func NextAction(ctx context.Context, cfg *action.ConfigFactory, recorder record.EventRecorder, req *Request) (ActionReconciler, error) { + log := ctrl.LoggerFrom(ctx).V(logger.DebugLevel) + config := cfg.Build(nil) + cur := req.Object.GetCurrent().DeepCopy() + + // If we do not have a current release, we should either install or upgrade + // the release depending on the state of the storage. + if cur == nil { + ok, err := action.IsInstalled(config, req.Object.GetReleaseName()) + if err != nil { + return nil, fmt.Errorf("cannot confirm if release is already installed: %w", err) } + if ok { + return NewUpgrade(cfg, recorder), nil + } + return NewInstall(cfg, recorder), nil } + // Verify the current release is still in storage and unmodified. + rls, err := action.VerifyLastStorageItem(config, cur) + switch err { + case nil: + // Noop + case action.ErrReleaseNotFound, action.ErrReleaseDisappeared: + log.Info(err.Error()) + return NewInstall(cfg, recorder), nil + case action.ErrReleaseNotObserved, action.ErrReleaseDigest: + log.Info(err.Error()) + return NewUpgrade(cfg, recorder), nil + default: + return nil, fmt.Errorf("cannot verify current release in storage: %w", err) + } + + // If the release is in a pending state, the release process likely failed + // unexpectedly. Unlock the release and e.g. retry again. if rls.Info.Status.IsPending() { - return &Unlock{configFactory: factory}, nil + log.Info("observed release is in stale pending state") + return &Unlock{configFactory: cfg}, nil + } + + remediation := req.Object.GetActiveRemediation() + + // A release in a failed state is different from any of the other states in + // that the action also needs to happen a last time when no retries remain. + if rls.Info.Status == helmrelease.StatusFailed { + if remediation.GetFailureCount(req.Object) <= 0 { + // If the chart version and/or values have changed, the failure count(s) + // are reset. This short circuits any remediation attempt to force an + // upgrade with the new configuration instead. + return NewUpgrade(cfg, recorder), nil + } + return rollbackOrUninstall(cfg, recorder, req) } - remediation := req.Object.GetInstall().GetRemediation() - if req.Object.Status.Previous != nil { - remediation = req.Object.GetUpgrade().GetRemediation() + // Short circuit if we are out of retries. + if remediation.RetriesExhausted(req.Object) { + return nil, fmt.Errorf("%w: ignoring release in %s state", ErrNoRetriesRemain, rls.Info.Status) } - // TODO(hidde): the logic below lacks some implementation details. E.g. - // upgrading a failed release when a newer chart version appears. + // Act on the state of the release. switch rls.Info.Status { - case helmrelease.StatusFailed: - return rollbackOrUninstall(factory, req) - case helmrelease.StatusUninstalled: - return &Install{configFactory: factory}, nil - case helmrelease.StatusSuperseded: - return &Install{configFactory: factory}, nil + case helmrelease.StatusUninstalled, helmrelease.StatusSuperseded: + return NewInstall(cfg, recorder), nil case helmrelease.StatusDeployed: - if err = action.VerifyRelease(rls, req.Object, req.Chart.Metadata, req.Values); err != nil { + // Confirm the current release matches the desired config. + if err = action.VerifyRelease(rls, cur, req.Chart.Metadata, req.Values); err != nil { switch err { case action.ErrChartChanged: - return &Upgrade{configFactory: factory}, nil + return NewUpgrade(cfg, recorder), nil case action.ErrConfigDigest: - return &Upgrade{configFactory: factory}, nil + return NewUpgrade(cfg, recorder), nil default: + // Error out on any other error as we cannot determine what + // the state and should e.g. retry. return nil, err } } + // For the further determination of test results, we look at the + // observed state of the object. As tests can be run manually by + // users running e.g. `helm test`. if testSpec := req.Object.GetTest(); testSpec.Enable { - if !release.HasBeenTested(rls) { - return &Test{configFactory: factory}, nil + // Confirm the release has been tested if enabled. + if !req.Object.GetCurrent().HasBeenTested() { + return NewTest(cfg, recorder), nil } - if release.HasFailedTests(rls) { - if !remediation.MustIgnoreTestFailures(req.Object.GetTest().IgnoreFailures) { - return rollbackOrUninstall(factory, req) - } + // Act on any observed test failure. + if !remediation.MustIgnoreTestFailures(req.Object.GetTest().IgnoreFailures) && + req.Object.GetCurrent().HasTestInPhase(helmrelease.HookPhaseFailed.String()) { + return rollbackOrUninstall(cfg, recorder, req) } } } - return nil, ErrReconcileEnd + + return nil, nil } -func rollbackOrUninstall(factory *action.ConfigFactory, req *Request) (ActionReconciler, error) { - remediation := req.Object.GetInstall().GetRemediation() - if req.Object.Status.Previous != nil { - // TODO: determine if previous is still in storage and unmodified - remediation = req.Object.GetUpgrade().GetRemediation() - } - // TODO: remove dependency on counter, as this shouldn't be used to determine - // if it's enabled. - remediation.IncrementFailureCount(req.Object) +// rollbackOrUninstall determines if the release should be rolled back or +// uninstalled based on the active remediation strategy. If the release +// must be rolled back, the target revision is verified to be in storage +// before returning the RollbackRemediation. If the verification fails, +// Upgrade is returned as a remediation action to ensure continuity. +func rollbackOrUninstall(cfg *action.ConfigFactory, recorder record.EventRecorder, req *Request) (ActionReconciler, error) { + remediation := req.Object.GetActiveRemediation() if !remediation.RetriesExhausted(req.Object) || remediation.MustRemediateLastFailure() { switch remediation.GetStrategy() { case v2.RollbackRemediationStrategy: - return &Rollback{configFactory: factory}, nil + // Verify the previous release is still in storage and unmodified + // before instructing to roll back to it. + if _, err := action.VerifyReleaseInfo(cfg.Build(nil), req.Object.GetPrevious()); err != nil { + switch err { + case action.ErrReleaseNotFound, action.ErrReleaseDisappeared, + action.ErrReleaseNotObserved, action.ErrReleaseDigest: + // If the rollback target is not found or is in any other + // way corrupt, the most correct remediation is to reattempt + // the upgrade. + return NewUpgrade(cfg, recorder), nil + default: + return nil, err + } + } + return NewRollbackRemediation(cfg, recorder), nil case v2.UninstallRemediationStrategy: - return &Uninstall{configFactory: factory}, nil + return NewUninstallRemediation(cfg, recorder), nil } } - return nil, ErrReconcileEnd + return nil, fmt.Errorf("%w: can not remediate %s state", ErrNoRetriesRemain, req.Object.GetCurrent().Status) } diff --git a/internal/reconcile/action_test.go b/internal/reconcile/action_test.go index 3247d25d3..6be9fa683 100644 --- a/internal/reconcile/action_test.go +++ b/internal/reconcile/action_test.go @@ -17,6 +17,7 @@ limitations under the License. package reconcile import ( + "context" "testing" "github.com/go-logr/logr" @@ -26,6 +27,7 @@ import ( helmrelease "helm.sh/helm/v3/pkg/release" helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + "k8s.io/client-go/tools/record" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" @@ -61,9 +63,8 @@ func Test_NextAction(t *testing.T) { Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, - chart: testutil.BuildChart(), - values: map[string]interface{}{"foo": "bar"}, - wantErr: true, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, }, { name: "no release in storage requires install", @@ -189,7 +190,7 @@ func Test_NextAction(t *testing.T) { want: &Test{}, }, { - name: "failed test requires rollback when enabled", + name: "failure test requires rollback when enabled", releases: []*helmrelease.Release{ testutil.BuildRelease(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, @@ -207,7 +208,7 @@ func Test_NextAction(t *testing.T) { Chart: testutil.BuildChart(), }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}), - testutil.ReleaseWithHookExecution("failed-tests", []helmrelease.HookEvent{helmrelease.HookTest}, + testutil.ReleaseWithHookExecution("failure-tests", []helmrelease.HookEvent{helmrelease.HookTest}, helmrelease.HookPhaseFailed), ), }, @@ -222,17 +223,20 @@ func Test_NextAction(t *testing.T) { } }, status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + cur := release.ObservedToInfo(release.ObserveRelease(releases[1])) + cur.SetTestHooks(release.TestHooksFromRelease(releases[1])) + return v2.HelmReleaseStatus{ - Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Current: cur, Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, chart: testutil.BuildChart(), values: map[string]interface{}{"foo": "bar"}, - want: &Rollback{}, + want: &RollbackRemediation{}, }, { - name: "failed test requires uninstall when enabled", + name: "failure test requires uninstall when enabled", releases: []*helmrelease.Release{ testutil.BuildRelease( &helmrelease.MockReleaseOptions{ @@ -243,7 +247,7 @@ func Test_NextAction(t *testing.T) { Chart: testutil.BuildChart(), }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}), - testutil.ReleaseWithHookExecution("failed-tests", []helmrelease.HookEvent{helmrelease.HookTest}, + testutil.ReleaseWithHookExecution("failure-tests", []helmrelease.HookEvent{helmrelease.HookTest}, helmrelease.HookPhaseFailed), ), }, @@ -258,16 +262,19 @@ func Test_NextAction(t *testing.T) { } }, status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + cur := release.ObservedToInfo(release.ObserveRelease(releases[0])) + cur.SetTestHooks(release.TestHooksFromRelease(releases[0])) + return v2.HelmReleaseStatus{ - Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + Current: cur, } }, chart: testutil.BuildChart(), values: map[string]interface{}{"foo": "bar"}, - want: &Uninstall{}, + want: &UninstallRemediation{}, }, { - name: "failed test is ignored when ignore failures is set", + name: "failure test is ignored when ignore failures is set", releases: []*helmrelease.Release{ testutil.BuildRelease( &helmrelease.MockReleaseOptions{ @@ -278,7 +285,7 @@ func Test_NextAction(t *testing.T) { Chart: testutil.BuildChart(), }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}), - testutil.ReleaseWithHookExecution("failed-tests", []helmrelease.HookEvent{helmrelease.HookTest}, + testutil.ReleaseWithHookExecution("failure-tests", []helmrelease.HookEvent{helmrelease.HookTest}, helmrelease.HookPhaseFailed), ), }, @@ -295,15 +302,52 @@ func Test_NextAction(t *testing.T) { }, } }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + cur := release.ObservedToInfo(release.ObserveRelease(releases[0])) + cur.SetTestHooks(release.TestHooksFromRelease(releases[0])) + + return v2.HelmReleaseStatus{ + Current: cur, + } + }, + }, + { + name: "failure test is ignored when not made by controller", + releases: []*helmrelease.Release{ + testutil.BuildRelease( + &helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }, + testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"}), + testutil.ReleaseWithHookExecution("failure-tests", []helmrelease.HookEvent{helmrelease.HookTest}, + helmrelease.HookPhaseFailed), + ), + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{"foo": "bar"}, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Test = &v2.Test{ + Enable: true, + } + spec.Install = &v2.Install{ + Remediation: &v2.InstallRemediation{ + Retries: 1, + }, + } + }, status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { return v2.HelmReleaseStatus{ Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, - wantErr: true, + want: &Test{}, }, { - name: "failed release requires rollback when enabled", + name: "failure release requires rollback when enabled", releases: []*helmrelease.Release{ testutil.BuildRelease(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, @@ -331,14 +375,15 @@ func Test_NextAction(t *testing.T) { values: map[string]interface{}{}, status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { return v2.HelmReleaseStatus{ - Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), - Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + UpgradeFailures: 1, } }, - want: &Rollback{}, + want: &RollbackRemediation{}, }, { - name: "failed release requires uninstall when enabled", + name: "failure release requires uninstall when enabled", releases: []*helmrelease.Release{ testutil.BuildRelease(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, @@ -359,22 +404,138 @@ func Test_NextAction(t *testing.T) { values: map[string]interface{}{}, status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { return v2.HelmReleaseStatus{ - Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + InstallFailures: 1, + } + }, + want: &UninstallRemediation{}, + }, + { + name: "failure release is ignored when no remediation strategy is configured", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusFailed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + InstallFailures: 1, + } + }, + wantErr: true, + }, + { + name: "failure release without install failure count requires upgrade", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusFailed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + UpgradeFailures: 1, } }, - want: &Uninstall{}, + want: &Upgrade{}, }, { - name: "failed release is ignored when no remediation strategy is configured", + name: "failure release without upgrade failure count requires upgrade", releases: []*helmrelease.Release{ testutil.BuildRelease(&helmrelease.MockReleaseOptions{ Name: mockReleaseName, Namespace: mockReleaseNamespace, Version: 1, + Status: helmrelease.StatusSuperseded, + Chart: testutil.BuildChart(), + }), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, Status: helmrelease.StatusFailed, Chart: testutil.BuildChart(), }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Upgrade = &v2.Upgrade{ + Remediation: &v2.UpgradeRemediation{ + Retries: 1, + }, + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + want: &Upgrade{}, + }, + { + name: "failure release with disappeared previous release requires upgrade", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusFailed, + Chart: testutil.BuildChart(), + }, testutil.ReleaseWithConfig(map[string]interface{}{"foo": "bar"})), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Upgrade = &v2.Upgrade{ + Remediation: &v2.UpgradeRemediation{ + Retries: 1, + }, + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + prev := *releases[0] + prev.Version = 1 + return v2.HelmReleaseStatus{ + UpgradeFailures: 1, + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + Previous: release.ObservedToInfo(release.ObserveRelease(&prev)), + } + }, + want: &Upgrade{}, + }, + { + name: "superseded release requires install", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusSuperseded, + Chart: testutil.BuildChart(), + }), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Upgrade = &v2.Upgrade{ + Remediation: &v2.UpgradeRemediation{ + Retries: 1, + }, + } + }, chart: testutil.BuildChart(), values: map[string]interface{}{}, status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { @@ -382,6 +543,70 @@ func Test_NextAction(t *testing.T) { Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), } }, + want: &Install{}, + }, + { + name: "exhausted install retries", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusFailed, + Chart: testutil.BuildChart(), + }), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Install = &v2.Install{ + Remediation: &v2.InstallRemediation{ + Retries: 2, + }, + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + InstallFailures: 3, + } + }, + wantErr: true, + }, + { + name: "exhausted upgrade retries", + releases: []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 1, + Status: helmrelease.StatusSuperseded, + Chart: testutil.BuildChart(), + }), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Version: 2, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }), + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Upgrade = &v2.Upgrade{ + Remediation: &v2.UpgradeRemediation{ + Retries: 2, + }, + } + }, + chart: testutil.BuildChart(), + values: map[string]interface{}{}, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + UpgradeFailures: 3, + } + }, wantErr: true, }, { @@ -479,7 +704,8 @@ func Test_NextAction(t *testing.T) { } } - got, err := NextAction(cfg, &Request{ + recorder := record.NewFakeRecorder(10) + got, err := NextAction(context.TODO(), cfg, recorder, &Request{ Object: obj, Chart: tt.chart, Values: tt.values, @@ -489,7 +715,13 @@ func Test_NextAction(t *testing.T) { g.Expect(err).To(HaveOccurred()) return } - g.Expect(got).To(BeAssignableToTypeOf(tt.want)) + + want := BeAssignableToTypeOf(tt.want) + if tt.want == nil { + want = BeNil() + } + + g.Expect(got).To(want) g.Expect(err).ToNot(HaveOccurred()) }) } diff --git a/internal/reconcile/atomic_release.go b/internal/reconcile/atomic_release.go new file mode 100644 index 000000000..7095d5cb9 --- /dev/null +++ b/internal/reconcile/atomic_release.go @@ -0,0 +1,242 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "errors" + "fmt" + "strings" + "time" + + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/fluxcd/pkg/apis/meta" + "github.com/fluxcd/pkg/runtime/conditions" + "github.com/fluxcd/pkg/runtime/logger" + "github.com/fluxcd/pkg/runtime/patch" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" +) + +// ownedConditions is a list of Condition types owned by the HelmRelease object. +var ownedConditions = []string{ + v2.ReleasedCondition, + v2.RemediatedCondition, + v2.TestSuccessCondition, + meta.ReconcilingCondition, + meta.ReadyCondition, + meta.StalledCondition, +} + +// AtomicRelease is an ActionReconciler which implements an atomic release +// strategy similar to Helm's `--atomic`, but with more advanced state +// determination. It determines the NextAction to take based on the current +// state of the Request.Object and other data, and the state of the Helm +// release. +// +// This process will continue until an action is called multiple times, no +// action remains, or a remediation action is called. In which case the process +// will stop to be resumed at a later time or be checked upon again, by e.g. a +// requeue. +// +// Before running the ActionReconciler for the next action, the object is +// marked with Reconciling=True and the status is patched. +// This condition is removed when the ActionReconciler process is done. +// +// When it determines the object is out of remediation retries, the object +// is marked with Stalled=True. +// +// The status conditions are summarized into a Ready condition when no actions +// to be run remain, to ensure any transient error is cleared. +// +// Any returned error other than ErrNoRetriesRemain should be retried by the +// caller as soon as possible, preferably with a backoff strategy. +// +// The caller is expected to patch the object one last time with the +// Request.Object result to persist the final observation. As there is an +// expectation they will need to patch the object anyway to e.g. update the +// ObservedGeneration. +// +// For more information on the individual ActionReconcilers, refer to their +// documentation. +type AtomicRelease struct { + kubeClient client.Client + configFactory *action.ConfigFactory + eventRecorder record.EventRecorder + strategy releaseStrategy +} + +// NewAtomicRelease returns a new AtomicRelease reconciler configured with the +// provided values. +func NewAtomicRelease(client client.Client, cfg *action.ConfigFactory, recorder record.EventRecorder) *AtomicRelease { + return &AtomicRelease{ + kubeClient: client, + eventRecorder: recorder, + configFactory: cfg, + strategy: &cleanReleaseStrategy{}, + } +} + +// releaseStrategy defines the continue-stop behavior of the reconcile loop. +type releaseStrategy interface { + // MustContinue should be called before running the current action, and + // returns true if the caller must proceed. + MustContinue(current ReconcilerType, previous ReconcilerTypeSet) bool + // MustStop should be called after running the current action, and returns + // true if the caller must stop. + MustStop(current ReconcilerType, previous ReconcilerTypeSet) bool +} + +// cleanReleaseStrategy is a releaseStrategy which will only execute the +// (remaining) actions for a single release. Effectively, this means it will +// only run any action once during a reconcile attempt, and stops after running +// a remediation action. +type cleanReleaseStrategy ReconcilerTypeSet + +// MustContinue returns if previous does not contain current. +func (cleanReleaseStrategy) MustContinue(current ReconcilerType, previous ReconcilerTypeSet) bool { + return !previous.Contains(current) +} + +// MustStop returns true if current equals ReconcilerTypeRemediate. +func (cleanReleaseStrategy) MustStop(current ReconcilerType, _ ReconcilerTypeSet) bool { + switch current { + case ReconcilerTypeRemediate: + return true + default: + return false + } +} + +func (r *AtomicRelease) Reconcile(ctx context.Context, req *Request) error { + log := ctrl.LoggerFrom(ctx).V(logger.DebugLevel) + patchHelper := patch.NewSerialPatcher(req.Object, r.kubeClient) + + var ( + previous ReconcilerTypeSet + next ActionReconciler + err error + ) + for { + select { + case <-ctx.Done(): + return ctx.Err() + default: + // Determine the next action to run based on the current state. + log.Info("determining next Helm action based on current state") + if next, err = NextAction(ctx, r.configFactory, r.eventRecorder, req); err != nil { + log.Error(err, "cannot determine next action") + if errors.Is(err, ErrNoRetriesRemain) { + conditions.MarkStalled(req.Object, "NoRemainingRetries", "Attempted %d times but failed", req.Object.GetActiveRemediation().GetRetries()) + } else { + conditions.MarkFalse(req.Object, meta.ReadyCondition, "ActionPlanError", fmt.Sprintf("Could not determine Helm action: %s", err.Error())) + } + return err + } + + // Nothing to do... + if next == nil { + log.Info("release in-sync") + + // If we are in-sync, we are no longer reconciling + conditions.Delete(req.Object, meta.ReconcilingCondition) + + // Always summarize, this ensures we e.g. restore transient errors written to Ready + summarize(req) + + return nil + } + + // If we are not allowed to run the next action, we are done for now... + if !r.strategy.MustContinue(next.Type(), previous) { + log.Info("instructed to stop before running %s action reconciler %s", next.Type(), next.Name()) + conditions.Delete(req.Object, meta.ReconcilingCondition) + return nil + } + + // Mark the release as reconciling before we attempt to run the action. + // This to show continuous progress, as Helm actions can be long-running. + conditions.MarkTrue(req.Object, meta.ReconcilingCondition, "Progressing", "Running '%s' %s action with timeout of %s", + next.Name(), next.Type(), timeoutForAction(next, req.Object).String()) + // Patch the object to reflect the new condition. + if err = patchHelper.Patch(ctx, req.Object, patch.WithOwnedConditions{Conditions: ownedConditions}); err != nil { + return err + } + + // Run the action sub-reconciler. + if err = next.Reconcile(ctx, req); err != nil { + if conditions.IsReady(req.Object) { + conditions.MarkFalse(req.Object, meta.ReadyCondition, "ReconcileError", err.Error()) + } + return err + } + + // If we must stop after running the action, we are done for now... + if r.strategy.MustStop(next.Type(), previous) { + log.Info("instructed to stop after running %s action reconciler %s", next.Type(), next.Name()) + conditions.Delete(req.Object, meta.ReconcilingCondition) + return nil + } + + // Append the type to the set of action types we have performed. + previous = append(previous, next.Type()) + + // Patch the release to reflect progress. + if err = patchHelper.Patch(ctx, req.Object, patch.WithOwnedConditions{Conditions: ownedConditions}); err != nil { + return err + } + } + } +} + +func (r *AtomicRelease) Name() string { + return "atomic-release" +} + +func (r *AtomicRelease) Type() ReconcilerType { + return ReconcilerTypeRelease +} + +func inStringSlice(ss []string, str string) (pos int, ok bool) { + for k, s := range ss { + if strings.EqualFold(s, str) { + return k, true + } + } + return -1, false +} + +func timeoutForAction(action ActionReconciler, obj *v2.HelmRelease) time.Duration { + switch action.(type) { + case *Install: + return obj.GetInstall().GetTimeout(obj.GetTimeout()).Duration + case *Upgrade: + return obj.GetUpgrade().GetTimeout(obj.GetTimeout()).Duration + case *Test: + return obj.GetTest().GetTimeout(obj.GetTimeout()).Duration + case *RollbackRemediation: + return obj.GetRollback().GetTimeout(obj.GetTimeout()).Duration + case *UninstallRemediation: + return obj.GetUninstall().GetTimeout(obj.GetTimeout()).Duration + default: + return obj.GetTimeout().Duration + } +} diff --git a/internal/reconcile/atomic_release_test.go b/internal/reconcile/atomic_release_test.go new file mode 100644 index 000000000..4951d7b88 --- /dev/null +++ b/internal/reconcile/atomic_release_test.go @@ -0,0 +1,192 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "testing" + "time" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "github.com/fluxcd/pkg/apis/meta" + "github.com/fluxcd/pkg/runtime/conditions" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func TestReleaseStrategy_CleanRelease_MustContinue(t *testing.T) { + tests := []struct { + name string + current ReconcilerType + previous ReconcilerTypeSet + want bool + }{ + { + name: "continue if not in previous", + current: ReconcilerTypeRemediate, + previous: []ReconcilerType{ + ReconcilerTypeRelease, + }, + want: true, + }, + { + name: "do not continue if in previous", + current: ReconcilerTypeRemediate, + previous: []ReconcilerType{ + ReconcilerTypeRemediate, + }, + want: false, + }, + { + name: "do continue on nil", + current: ReconcilerTypeRemediate, + previous: nil, + want: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + at := &cleanReleaseStrategy{} + if got := at.MustContinue(tt.current, tt.previous); got != tt.want { + g := NewWithT(t) + g.Expect(got).To(Equal(tt.want)) + } + }) + } +} + +func TestReleaseStrategy_CleanRelease_MustStop(t *testing.T) { + tests := []struct { + name string + current ReconcilerType + previous ReconcilerTypeSet + want bool + }{ + { + name: "stop if current is remediate", + current: ReconcilerTypeRemediate, + want: true, + }, + { + name: "do not stop if current is not remediate", + current: ReconcilerTypeRelease, + want: false, + }, + { + name: "do not stop if current is not remediate", + current: ReconcilerTypeUnlock, + want: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + at := &cleanReleaseStrategy{} + if got := at.MustStop(tt.current, tt.previous); got != tt.want { + g := NewWithT(t) + g.Expect(got).To(Equal(tt.want)) + } + }) + } +} + +func TestAtomicRelease_Reconcile(t *testing.T) { + t.Run("runs a series of actions", func(t *testing.T) { + g := NewWithT(t) + + namedNS, err := testEnv.CreateNamespace(context.TODO(), mockReleaseNamespace) + g.Expect(err).NotTo(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), namedNS) + }) + releaseNamespace := namedNS.Name + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Name: mockReleaseName, + Namespace: releaseNamespace, + }, + Spec: v2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: releaseNamespace, + Test: &v2.Test{ + Enable: true, + }, + StorageNamespace: releaseNamespace, + Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + }, + } + + getter, err := RESTClientGetterFromManager(testEnv.Manager, obj.GetReleaseNamespace()) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithDebugLog(logr.Discard()), + ) + g.Expect(err).ToNot(HaveOccurred()) + + client := fake.NewClientBuilder(). + WithScheme(testEnv.Scheme()). + WithObjects(obj). + WithStatusSubresource(&v2.HelmRelease{}). + Build() + recorder := record.NewFakeRecorder(10) + + req := &Request{ + Object: obj, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Values: nil, + } + g.Expect(NewAtomicRelease(client, cfg, recorder).Reconcile(context.TODO(), req)).ToNot(HaveOccurred()) + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: v2.TestSucceededReason, + Message: "test hook completed successfully", + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Installed release", + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionTrue, + Reason: v2.TestSucceededReason, + Message: "test hook completed successfully", + }, + })) + g.Expect(obj.GetCurrent()).ToNot(BeNil(), "expected current to not be nil") + g.Expect(obj.GetPrevious()).To(BeNil(), "expected previous to be nil") + + g.Expect(obj.Status.Failures).To(BeZero()) + g.Expect(obj.Status.InstallFailures).To(BeZero()) + g.Expect(obj.Status.UpgradeFailures).To(BeZero()) + + g.Expect(NextAction(context.TODO(), cfg, recorder, req)).To(And(Succeed(), BeNil())) + }) +} diff --git a/internal/reconcile/install.go b/internal/reconcile/install.go index dc8c4a328..41b3d41af 100644 --- a/internal/reconcile/install.go +++ b/internal/reconcile/install.go @@ -18,8 +18,11 @@ package reconcile import ( "context" + "fmt" "github.com/fluxcd/pkg/runtime/logger" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "github.com/fluxcd/pkg/runtime/conditions" @@ -28,27 +31,53 @@ import ( "github.com/fluxcd/helm-controller/internal/action" ) +// Install is an ActionReconciler which attempts to install a Helm release +// based on the given Request data. +// +// The writes to the Helm storage during the installation process are +// observed, and updates the Status.Current (and possibly Status.Previous) +// field(s). +// +// On installation success, the object is marked with Released=True and emits +// an event. In addition, the object is marked with TestSuccess=False if tests +// are enabled to indicate we are awaiting the results. +// On failure, the object is marked with Released=False and emits a warning +// event. Only an error which resulted in a modification to the Helm storage +// counts towards a failure for the active remediation strategy. +// +// At the end of the reconciliation, the Status.Conditions are summarized and +// propagated to the Ready condition on the Request.Object. +// +// The caller is assumed to have verified the integrity of Request.Object using +// e.g. action.VerifyReleaseInfo before calling Reconcile. type Install struct { configFactory *action.ConfigFactory + eventRecorder record.EventRecorder +} + +// NewInstall returns a new Install reconciler configured with the provided +// values. +func NewInstall(cfg *action.ConfigFactory, recorder record.EventRecorder) *Install { + return &Install{configFactory: cfg, eventRecorder: recorder} } func (r *Install) Reconcile(ctx context.Context, req *Request) error { var ( - cur = req.Object.Status.Current.DeepCopy() + cur = req.Object.GetCurrent().DeepCopy() logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) cfg = r.configFactory.Build(logBuf.Log, observeRelease(req.Object)) ) - // Run install action. - rls, err := action.Install(ctx, cfg, req.Object, req.Chart, req.Values) + defer summarize(req) + + // Run the Helm install action. + _, err := action.Install(ctx, cfg, req.Object, req.Chart, req.Values) if err != nil { - // Mark failure on object. - req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.InstallFailedReason, err.Error()) + r.failure(req, logBuf, err) // Return error if we did not store a release, as this does not // require remediation and the caller should e.g. retry. - if newCur := req.Object.Status.Current; newCur == nil || cur == newCur { + if newCur := req.Object.GetCurrent(); newCur == nil || (cur != nil && cur.Digest == newCur.Digest) { return err } @@ -58,14 +87,11 @@ func (r *Install) Reconcile(ctx context.Context, req *Request) error { // without a new release in storage there is nothing to remediate, // and the action can be retried immediately without causing // storage drift. - req.Object.Status.InstallFailures++ + req.Object.GetActiveRemediation().IncrementFailureCount(req.Object) return nil } - // Mark release success and delete any test success, as the current release - // isn't tested (yet). - conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.InstallSucceededReason, rls.Info.Description) - conditions.Delete(req.Object, v2.TestSuccessCondition) + r.success(req) return nil } @@ -76,3 +102,47 @@ func (r *Install) Name() string { func (r *Install) Type() ReconcilerType { return ReconcilerTypeRelease } + +// failure records the failure of a Helm installation action in the status of +// the given Request.Object by marking ReleasedCondition=False and increasing +// the failure counter. In addition, it emits a warning event for the +// Request.Object. +// +// Increase of the failure counter for the active remediation strategy should +// be done conditionally by the caller after verifying the failed action has +// modified the Helm storage. This to avoid counting failures which do not +// result in Helm storage drift. +func (r *Install) failure(req *Request, buffer *action.LogBuffer, err error) { + // Compose failure message. + msg := fmt.Sprintf("Install of release %s/%s with chart %s@%s failed: %s", req.Object.GetReleaseNamespace(), + req.Object.GetReleaseName(), req.Chart.Name(), req.Chart.Metadata.Version, err.Error()) + + // Mark install failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.InstallFailedReason, msg) + + // Record warning event, this message contains more data than the + // Condition summary. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(req.Chart.Metadata.Version), corev1.EventTypeWarning, v2.InstallFailedReason, eventMessageWithLog(msg, buffer)) +} + +// success records the success of a Helm installation action in the status of +// the given Request.Object by marking ReleasedCondition=True and emitting an +// event. In addition, it marks TestSuccessCondition=False when tests are +// enabled to indicate we are awaiting test results after having made the +// release. +func (r *Install) success(req *Request) { + // Compose success message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Installed release %s with chart %s", cur.FullReleaseName(), cur.VersionedChartName()) + + // Mark install success on object. + conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.InstallSucceededReason, msg) + if req.Object.GetTest().Enable && !cur.HasBeenTested() { + conditions.MarkFalse(req.Object, v2.TestSuccessCondition, "Pending", + "Release %s with chart %s has not been tested yet", cur.FullReleaseName(), cur.VersionedChartName()) + } + + // Record event. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.InstallSucceededReason, msg) +} diff --git a/internal/reconcile/install_test.go b/internal/reconcile/install_test.go index e13ea62f7..c4723d765 100644 --- a/internal/reconcile/install_test.go +++ b/internal/reconcile/install_test.go @@ -31,7 +31,9 @@ import ( helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" @@ -81,8 +83,10 @@ func TestInstall_Reconcile(t *testing.T) { name: "install success", chart: testutil.BuildChart(), expectConditions: []metav1.Condition{ + *conditions.TrueCondition(meta.ReadyCondition, v2.InstallSucceededReason, + "Installed release"), *conditions.TrueCondition(v2.ReleasedCondition, v2.InstallSucceededReason, - "Install complete"), + "Installed release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) @@ -92,6 +96,8 @@ func TestInstall_Reconcile(t *testing.T) { name: "install failure", chart: testutil.BuildChart(testutil.ChartWithFailingHook()), expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.InstallFailedReason, + "failed post-install"), *conditions.FalseCondition(v2.ReleasedCondition, v2.InstallFailedReason, "failed post-install"), }, @@ -112,6 +118,8 @@ func TestInstall_Reconcile(t *testing.T) { chart: testutil.BuildChart(), wantErr: fmt.Errorf("storage create error"), expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.InstallFailedReason, + "storage create error"), *conditions.FalseCondition(v2.ReleasedCondition, v2.InstallFailedReason, "storage create error"), }, @@ -143,8 +151,10 @@ func TestInstall_Reconcile(t *testing.T) { }, chart: testutil.BuildChart(), expectConditions: []metav1.Condition{ + *conditions.TrueCondition(meta.ReadyCondition, v2.InstallSucceededReason, + "Installed release"), *conditions.TrueCondition(v2.ReleasedCondition, v2.InstallSucceededReason, - "Install complete"), + "Installed release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) @@ -168,8 +178,10 @@ func TestInstall_Reconcile(t *testing.T) { }, chart: testutil.BuildChart(), expectConditions: []metav1.Condition{ + *conditions.TrueCondition(meta.ReadyCondition, v2.InstallSucceededReason, + "Installed release"), *conditions.TrueCondition(v2.ReleasedCondition, v2.InstallSucceededReason, - "Install complete"), + "Installed release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) @@ -226,7 +238,8 @@ func TestInstall_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - got := (&Install{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + recorder := record.NewFakeRecorder(10) + got := (NewInstall(cfg, recorder)).Reconcile(context.TODO(), &Request{ Object: obj, Chart: tt.chart, Values: tt.values, @@ -243,15 +256,15 @@ func TestInstall_Reconcile(t *testing.T) { releaseutil.SortByRevision(releases) if tt.expectCurrent != nil { - g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + g.Expect(obj.GetCurrent()).To(testutil.Equal(tt.expectCurrent(releases))) } else { - g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + g.Expect(obj.GetCurrent()).To(BeNil(), "expected current to be nil") } if tt.expectPrevious != nil { - g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + g.Expect(obj.GetPrevious()).To(testutil.Equal(tt.expectPrevious(releases))) } else { - g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + g.Expect(obj.GetPrevious()).To(BeNil(), "expected previous to be nil") } g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) diff --git a/internal/reconcile/reconcile.go b/internal/reconcile/reconcile.go index 762c9204d..2565e57fc 100644 --- a/internal/reconcile/reconcile.go +++ b/internal/reconcile/reconcile.go @@ -45,6 +45,30 @@ const ( // in a single reconciliation. type ReconcilerType string +// ReconcilerTypeSet is a set of ReconcilerType. +type ReconcilerTypeSet []ReconcilerType + +// Contains returns true if the set contains the given type. +func (s ReconcilerTypeSet) Contains(t ReconcilerType) bool { + for _, r := range s { + if r == t { + return true + } + } + return false +} + +// Count returns the number of elements matching the given type. +func (s ReconcilerTypeSet) Count(t ReconcilerType) int { + count := 0 + for _, r := range s { + if r == t { + count++ + } + } + return count +} + // Request is a request to be performed by an ActionReconciler. The reconciler // writes the result of the request to the Object's status. type Request struct { diff --git a/internal/reconcile/release.go b/internal/reconcile/release.go index 94224a599..9be4bf8c5 100644 --- a/internal/reconcile/release.go +++ b/internal/reconcile/release.go @@ -18,10 +18,16 @@ package reconcile import ( "errors" + "sort" helmrelease "helm.sh/helm/v3/pkg/release" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/fluxcd/pkg/apis/meta" + "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" ) @@ -46,20 +52,155 @@ var ( // the Helm storage. func observeRelease(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { - cur := obj.Status.Current.DeepCopy() + cur := obj.GetCurrent().DeepCopy() obs := release.ObserveRelease(rls) if cur != nil && obs.Targets(cur.Name, cur.Namespace, 0) && cur.Version < obs.Version { // Add current to previous when we observe the first write of a // newer release. - obj.Status.Previous = obj.Status.Current + obj.Status.Previous = obj.GetCurrent() } if cur == nil || !obs.Targets(cur.Name, cur.Namespace, 0) || obs.Version >= cur.Version { // Overwrite current with newer release, or update it. obj.Status.Current = release.ObservedToInfo(obs) } - if prev := obj.Status.Previous; prev != nil && obs.Targets(prev.Name, prev.Namespace, prev.Version) { + if prev := obj.GetPrevious(); prev != nil && obs.Targets(prev.Name, prev.Namespace, prev.Version) { // Write latest state of previous (e.g. status updates) to status. obj.Status.Previous = release.ObservedToInfo(obs) } } } + +// summarize composes a Ready condition out of the Remediated, TestSuccess and +// Released conditions of the given Request.Object, and sets it on the object. +// +// The composition is made by sorting them by highest generation and priority +// of the summary conditions, taking the first result. +// +// Not taking the generation of the object itself into account ensures that if +// the change in generation of the resource does not result in a release, the +// Ready condition is still reflected for the current generation based on a +// release made for the previous generation. +// +// It takes the current specification of the object into account, and deals +// with the conditional handling of TestSuccess. Deleting the condition when +// tests are not enabled, and excluding it when failures must be ignored. +// +// If Ready=True, any Stalled condition is removed. +func summarize(req *Request) { + var sumConds = []string{v2.RemediatedCondition, v2.ReleasedCondition} + if req.Object.GetTest().Enable && !req.Object.GetTest().IgnoreFailures { + sumConds = []string{v2.RemediatedCondition, v2.TestSuccessCondition, v2.ReleasedCondition} + } + + // Remove any stale TestSuccess condition as soon as tests are disabled. + if !req.Object.GetTest().Enable { + conditions.Delete(req.Object, v2.TestSuccessCondition) + } + + // Remove any stale Remediation observation as soon as the release is + // Released and (optionally) has TestSuccess. + conditionallyDeleteRemediated(req) + + conds := req.Object.Status.Conditions + if len(conds) == 0 { + // Nothing to summarize if there are no conditions. + return + } + + sort.SliceStable(conds, func(i, j int) bool { + iPos, ok := inStringSlice(sumConds, conds[i].Type) + if !ok { + return false + } + + jPos, ok := inStringSlice(sumConds, conds[j].Type) + if !ok { + return true + } + + return (conds[i].ObservedGeneration >= conds[j].ObservedGeneration) && (iPos < jPos) + }) + + status := conds[0].Status + // Any remediated state is considered an error. + if conds[0].Type == v2.RemediatedCondition { + status = metav1.ConditionFalse + } + + if status == metav1.ConditionTrue { + conditions.Delete(req.Object, meta.StalledCondition) + } + + conditions.Set(req.Object, &metav1.Condition{ + Type: meta.ReadyCondition, + Status: status, + Reason: conds[0].Reason, + Message: conds[0].Message, + ObservedGeneration: req.Object.Generation, + }) +} + +// conditionallyDeleteRemediated removes the Remediated condition if the +// release is Released and (optionally) has TestSuccess. But only if +// the observed generation of these conditions is equal or higher than +// the generation of the Remediated condition. +func conditionallyDeleteRemediated(req *Request) { + remediated := conditions.Get(req.Object, v2.RemediatedCondition) + if remediated == nil { + // If the object is not marked as Remediated, there is nothing to + // remove. + return + } + + released := conditions.Get(req.Object, v2.ReleasedCondition) + if released == nil || released.Status != metav1.ConditionTrue { + // If the release is not marked as Released, we must still be + // Remediated. + return + } + + if !req.Object.GetTest().Enable || req.Object.GetTest().IgnoreFailures { + // If tests are not enabled, or failures are ignored, and the + // generation is equal or higher than the generation of the + // Remediated condition, we are not in a Remediated state anymore. + if released.Status == metav1.ConditionTrue && released.ObservedGeneration >= remediated.ObservedGeneration { + conditions.Delete(req.Object, v2.RemediatedCondition) + } + return + } + + testSuccess := conditions.Get(req.Object, v2.TestSuccessCondition) + if testSuccess == nil || testSuccess.Status != metav1.ConditionTrue { + // If the release is not marked as TestSuccess, we must still be + // Remediated. + return + } + + if testSuccess.Status == metav1.ConditionTrue && testSuccess.ObservedGeneration >= remediated.ObservedGeneration { + // If the release is marked as TestSuccess, and the generation of + // the TestSuccess condition is equal or higher than the generation + // of the Remediated condition, we are not in a Remediated state. + conditions.Delete(req.Object, v2.RemediatedCondition) + return + } +} + +// eventMessageWithLog returns an event message composed out of the given +// message and any log messages by appending them to the message. +func eventMessageWithLog(msg string, log *action.LogBuffer) string { + if log == nil && log.Len() > 0 { + msg = msg + "\n\nLast Helm logs:\n\n" + log.String() + } + return msg +} + +// eventMeta returns the event (annotation) metadata based on the given +// parameters. +func eventMeta(revision string) map[string]string { + if revision == "" { + return nil + } + return map[string]string{ + "revision": revision, + } +} diff --git a/internal/reconcile/release_test.go b/internal/reconcile/release_test.go index 1cccc5f0c..611bf49a1 100644 --- a/internal/reconcile/release_test.go +++ b/internal/reconcile/release_test.go @@ -17,10 +17,13 @@ limitations under the License. package reconcile import ( - "testing" - . "github.com/onsi/gomega" helmrelease "helm.sh/helm/v3/pkg/release" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "testing" + + "github.com/fluxcd/pkg/apis/meta" + "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/release" @@ -51,9 +54,9 @@ func Test_observeRelease(t *testing.T) { observeRelease(obj)(mock) - g.Expect(obj.Status.Previous).To(BeNil()) - g.Expect(obj.Status.Current).ToNot(BeNil()) - g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.GetPrevious()).To(BeNil()) + g.Expect(obj.GetCurrent()).ToNot(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) }) t.Run("release with current", func(t *testing.T) { @@ -78,10 +81,10 @@ func Test_observeRelease(t *testing.T) { expect := release.ObservedToInfo(release.ObserveRelease(mock)) observeRelease(obj)(mock) - g.Expect(obj.Status.Previous).ToNot(BeNil()) - g.Expect(obj.Status.Previous).To(Equal(current)) - g.Expect(obj.Status.Current).ToNot(BeNil()) - g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.GetPrevious()).ToNot(BeNil()) + g.Expect(obj.GetPrevious()).To(Equal(current)) + g.Expect(obj.GetCurrent()).ToNot(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) }) t.Run("release with current with different name", func(t *testing.T) { @@ -106,9 +109,9 @@ func Test_observeRelease(t *testing.T) { expect := release.ObservedToInfo(release.ObserveRelease(mock)) observeRelease(obj)(mock) - g.Expect(obj.Status.Previous).To(BeNil()) - g.Expect(obj.Status.Current).ToNot(BeNil()) - g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.GetPrevious()).To(BeNil()) + g.Expect(obj.GetCurrent()).ToNot(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) }) t.Run("release with update to previous", func(t *testing.T) { @@ -141,8 +144,566 @@ func Test_observeRelease(t *testing.T) { expect := release.ObservedToInfo(release.ObserveRelease(mock)) observeRelease(obj)(mock) - g.Expect(obj.Status.Previous).ToNot(BeNil()) - g.Expect(obj.Status.Previous).To(Equal(expect)) - g.Expect(obj.Status.Current).To(Equal(current)) + g.Expect(obj.GetPrevious()).ToNot(BeNil()) + g.Expect(obj.GetPrevious()).To(Equal(expect)) + g.Expect(obj.GetCurrent()).To(Equal(current)) }) } + +func Test_summarize(t *testing.T) { + tests := []struct { + name string + generation int64 + spec *v2.HelmReleaseSpec + conditions []metav1.Condition + expect []metav1.Condition + }{ + { + name: "summarize conditions", + generation: 1, + conditions: []metav1.Condition{ + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionFalse, + Reason: v2.TestFailedReason, + Message: "test hook(s) failure", + ObservedGeneration: 1, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + }, + }, + { + name: "with tests enabled", + generation: 1, + conditions: []metav1.Condition{ + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionTrue, + Reason: v2.TestSucceededReason, + Message: "test hook(s) succeeded", + ObservedGeneration: 1, + }, + }, + spec: &v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: v2.TestSucceededReason, + Message: "test hook(s) succeeded", + ObservedGeneration: 1, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionTrue, + Reason: v2.TestSucceededReason, + Message: "test hook(s) succeeded", + ObservedGeneration: 1, + }, + }, + }, + { + name: "with tests enabled and failure tests", + generation: 1, + conditions: []metav1.Condition{ + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionFalse, + Reason: v2.TestFailedReason, + Message: "test hook(s) failure", + ObservedGeneration: 1, + }, + }, + spec: &v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionFalse, + Reason: v2.TestFailedReason, + Message: "test hook(s) failure", + ObservedGeneration: 1, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionFalse, + Reason: v2.TestFailedReason, + Message: "test hook(s) failure", + ObservedGeneration: 1, + }, + }, + }, + { + name: "with remediation failure", + generation: 1, + conditions: []metav1.Condition{ + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionFalse, + Reason: v2.TestFailedReason, + Message: "test hook(s) failure", + ObservedGeneration: 1, + }, + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionFalse, + Reason: v2.UninstallFailedReason, + Message: "Uninstall failure", + ObservedGeneration: 1, + }, + }, + spec: &v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionFalse, + Reason: v2.UninstallFailedReason, + Message: "Uninstall failure", + ObservedGeneration: 1, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionFalse, + Reason: v2.TestFailedReason, + Message: "test hook(s) failure", + ObservedGeneration: 1, + }, + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionFalse, + Reason: v2.UninstallFailedReason, + Message: "Uninstall failure", + ObservedGeneration: 1, + }, + }, + }, + { + name: "with remediation success", + generation: 1, + conditions: []metav1.Condition{ + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionFalse, + Reason: v2.UpgradeFailedReason, + Message: "Upgrade failure", + ObservedGeneration: 1, + }, + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionTrue, + Reason: v2.RollbackSucceededReason, + Message: "Uninstall complete", + ObservedGeneration: 1, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionFalse, + Reason: v2.RollbackSucceededReason, + Message: "Uninstall complete", + ObservedGeneration: 1, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionFalse, + Reason: v2.UpgradeFailedReason, + Message: "Upgrade failure", + ObservedGeneration: 1, + }, + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionTrue, + Reason: v2.RollbackSucceededReason, + Message: "Uninstall complete", + ObservedGeneration: 1, + }, + }, + }, + { + name: "with stale ready", + generation: 1, + conditions: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionFalse, + Reason: "ChartNotFound", + Message: "chart not found", + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.UpgradeSucceededReason, + Message: "Upgrade finished", + ObservedGeneration: 1, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: v2.UpgradeSucceededReason, + Message: "Upgrade finished", + ObservedGeneration: 1, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.UpgradeSucceededReason, + Message: "Upgrade finished", + ObservedGeneration: 1, + }, + }, + }, + { + name: "with stale observed generation", + generation: 5, + spec: &v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + conditions: []metav1.Condition{ + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.UpgradeSucceededReason, + Message: "Upgrade finished", + ObservedGeneration: 4, + }, + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionTrue, + Reason: v2.RollbackSucceededReason, + Message: "Rollback finished", + ObservedGeneration: 3, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionFalse, + Reason: v2.TestFailedReason, + Message: "test hook(s) failure", + ObservedGeneration: 2, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: v2.UpgradeSucceededReason, + Message: "Upgrade finished", + ObservedGeneration: 6, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.UpgradeSucceededReason, + Message: "Upgrade finished", + ObservedGeneration: 4, + }, + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionTrue, + Reason: v2.RollbackSucceededReason, + Message: "Rollback finished", + ObservedGeneration: 3, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionFalse, + Reason: v2.TestFailedReason, + Message: "test hook(s) failure", + ObservedGeneration: 2, + }, + }, + }, + { + name: "with stale remediation", + spec: &v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + conditions: []metav1.Condition{ + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionTrue, + Reason: v2.RollbackSucceededReason, + Message: "Rollback finished", + ObservedGeneration: 2, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.UpgradeSucceededReason, + Message: "Upgrade finished", + ObservedGeneration: 2, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionTrue, + Reason: v2.TestSucceededReason, + Message: "test hooks succeeded", + ObservedGeneration: 2, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionTrue, + Reason: v2.TestSucceededReason, + Message: "test hooks succeeded", + ObservedGeneration: 2, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.UpgradeSucceededReason, + Message: "Upgrade finished", + ObservedGeneration: 2, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionTrue, + Reason: v2.TestSucceededReason, + Message: "test hooks succeeded", + ObservedGeneration: 2, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + ObjectMeta: metav1.ObjectMeta{ + Generation: tt.generation, + }, + Status: v2.HelmReleaseStatus{ + Conditions: tt.conditions, + }, + } + if tt.spec != nil { + obj.Spec = *tt.spec.DeepCopy() + } + summarize(&Request{Object: obj}) + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.expect)) + }) + } +} + +func Test_conditionallyDeleteRemediated(t *testing.T) { + tests := []struct { + name string + spec v2.HelmReleaseSpec + conditions []metav1.Condition + expectDelete bool + }{ + { + name: "no Remediated condition", + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.ReleasedCondition, v2.InstallSucceededReason, "Install finished"), + }, + expectDelete: false, + }, + { + name: "no Released condition", + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rollback finished"), + }, + expectDelete: false, + }, + { + name: "Released=True without tests enabled", + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rollback finished"), + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), + }, + expectDelete: true, + }, + { + name: "Stale Released=True with newer Remediated", + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionTrue, + Reason: v2.RollbackSucceededReason, + Message: "Rollback finished", + ObservedGeneration: 2, + }, + }, + expectDelete: false, + }, + { + name: "Released=False", + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rollback finished"), + *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), + }, + expectDelete: false, + }, + { + name: "TestSuccess=True with tests enabled", + spec: v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rollback finished"), + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), + *conditions.TrueCondition(v2.TestSuccessCondition, v2.TestSucceededReason, "Test hooks succeeded"), + }, + expectDelete: true, + }, + { + name: "TestSuccess=False with tests enabled", + spec: v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rollback finished"), + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), + *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestSucceededReason, "Test hooks succeeded"), + }, + expectDelete: false, + }, + { + name: "TestSuccess=False with tests ignored", + spec: v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + IgnoreFailures: true, + }, + }, + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rollback finished"), + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), + *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestSucceededReason, "Test hooks succeeded"), + }, + expectDelete: true, + }, + { + name: "Stale TestSuccess=True with newer Remediated", + spec: v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + conditions: []metav1.Condition{ + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), + *conditions.TrueCondition(v2.TestSuccessCondition, v2.TestSucceededReason, "Test hooks succeeded"), + { + Type: v2.RemediatedCondition, + Status: metav1.ConditionTrue, + Reason: v2.RollbackSucceededReason, + Message: "Rollback finished", + ObservedGeneration: 2, + }, + }, + expectDelete: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + obj := &v2.HelmRelease{ + Spec: tt.spec, + Status: v2.HelmReleaseStatus{ + Conditions: tt.conditions, + }, + } + isRemediated := conditions.Has(obj, v2.RemediatedCondition) + + conditionallyDeleteRemediated(&Request{Object: obj}) + + if tt.expectDelete { + g.Expect(isRemediated).ToNot(Equal(conditions.Has(obj, v2.RemediatedCondition))) + return + } + + g.Expect(conditions.Has(obj, v2.RemediatedCondition)).To(Equal(isRemediated)) + }) + } +} diff --git a/internal/reconcile/rollback.go b/internal/reconcile/rollback.go deleted file mode 100644 index 8c4acfca4..000000000 --- a/internal/reconcile/rollback.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2022 The Flux authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package reconcile - -import ( - "context" - "fmt" - - helmrelease "helm.sh/helm/v3/pkg/release" - ctrl "sigs.k8s.io/controller-runtime" - - "github.com/fluxcd/pkg/runtime/conditions" - "github.com/fluxcd/pkg/runtime/logger" - - v2 "github.com/fluxcd/helm-controller/api/v2beta2" - "github.com/fluxcd/helm-controller/internal/action" - "github.com/fluxcd/helm-controller/internal/release" - "github.com/fluxcd/helm-controller/internal/storage" -) - -type Rollback struct { - configFactory *action.ConfigFactory -} - -func (r *Rollback) Name() string { - return "rollback" -} - -func (r *Rollback) Type() ReconcilerType { - return ReconcilerTypeRemediate -} - -func (r *Rollback) Reconcile(ctx context.Context, req *Request) error { - var ( - cur = req.Object.Status.Current.DeepCopy() - logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) - ) - - // Previous is required to determine what version to roll back to. - if req.Object.Status.Previous == nil { - return fmt.Errorf("%w: required to rollback", ErrNoPrevious) - } - - // Run rollback action. - if err := action.Rollback(r.configFactory.Build(logBuf.Log, observeRollback(req.Object)), req.Object, cur.Name); err != nil { - // Mark failure on object. - req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, v2.RemediatedCondition, v2.RollbackFailedReason, err.Error()) - - // Return error if we did not store a release, as this does not - // affect state and the caller should e.g. retry. - if newCur := req.Object.Status.Current; newCur == nil || newCur == cur { - return err - } - return nil - } - - // Mark remediation success. - condMsg := "Rolled back to previous version" - if prev := req.Object.Status.Previous; prev != nil { - condMsg = fmt.Sprintf("Rolled back to version %d", prev.Version) - } - conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.RollbackSucceededReason, condMsg) - return nil -} - -// observeRollback returns a storage.ObserveFunc that can be used to observe -// and record the result of a rollback action in the status of the given release. -// It updates the Status.Current field of the release if it equals the target -// of the rollback action, and version >= Current.Version. -func observeRollback(obj *v2.HelmRelease) storage.ObserveFunc { - return func(rls *helmrelease.Release) { - cur := obj.Status.Current.DeepCopy() - obs := release.ObserveRelease(rls) - if cur == nil || !obs.Targets(cur.Name, cur.Namespace, 0) || obs.Version >= cur.Version { - // Overwrite current with newer release, or update it. - obj.Status.Current = release.ObservedToInfo(obs) - } - } -} diff --git a/internal/reconcile/rollback_remediation.go b/internal/reconcile/rollback_remediation.go new file mode 100644 index 000000000..b826046af --- /dev/null +++ b/internal/reconcile/rollback_remediation.go @@ -0,0 +1,167 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "fmt" + + helmrelease "helm.sh/helm/v3/pkg/release" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/fluxcd/pkg/runtime/conditions" + "github.com/fluxcd/pkg/runtime/logger" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" +) + +// RollbackRemediation is an ActionReconciler which attempts to roll back +// a Request.Object to the version specified in Status.Previous. +// +// The writes to the Helm storage during the rollback are observed, and update +// the Status.Current field. On an upgrade reattempt, the UpgradeReconciler +// will move the Status.Current field to Status.Previous, effectively updating +// the previous version to the version which was rolled back to. Ensuring +// repetitive failures continue to be able to roll back to a version existing +// in the storage when the history is pruned. +// +// After a successful rollback, the object is marked with Remediated=True and +// an event is emitted. When the rollback fails, the object is marked with +// Remediated=False and a warning event is emitted. +// +// When the Request.Object does not have a Status.Previous, it returns an +// error of type ErrNoPrevious. In addition, it returns ErrReleaseMismatch +// if the name and/or namespace of Status.Current and Status.Previous point +// towards a different release. Any other returned error indicates the caller +// should retry as it did not cause a change to the Helm storage. +// +// At the end of the reconciliation, the Status.Conditions are summarized and +// propagated to the Ready condition on the Request.Object. +// +// The caller is assumed to have verified the integrity of Request.Object using +// e.g. action.VerifyReleaseInfo before calling Reconcile. +type RollbackRemediation struct { + configFactory *action.ConfigFactory + eventRecorder record.EventRecorder +} + +// NewRollbackRemediation returns a new RollbackRemediation reconciler +// configured with the provided values. +func NewRollbackRemediation(configFactory *action.ConfigFactory, eventRecorder record.EventRecorder) *RollbackRemediation { + return &RollbackRemediation{ + configFactory: configFactory, + eventRecorder: eventRecorder, + } +} + +func (r *RollbackRemediation) Reconcile(ctx context.Context, req *Request) error { + var ( + cur = req.Object.GetCurrent().DeepCopy() + logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) + cfg = r.configFactory.Build(logBuf.Log, observeRollback(req.Object)) + ) + + defer summarize(req) + + // Previous is required to determine what version to roll back to. + if !req.Object.HasPrevious() { + return fmt.Errorf("%w: required to rollback", ErrNoPrevious) + } + + // Confirm previous and current point to the same release. + prev := req.Object.GetPrevious() + if prev.Name != cur.Name || prev.Namespace != cur.Namespace { + return fmt.Errorf("%w: previous release name or namespace %s does not match current %s", + ErrReleaseMismatch, prev.FullReleaseName(), cur.FullReleaseName()) + } + + // Run the Helm rollback action. + if err := action.Rollback(cfg, req.Object, prev.Name, action.RollbackToVersion(prev.Version)); err != nil { + r.failure(req, logBuf, err) + + // Return error if we did not store a release, as this does not + // affect state and the caller should e.g. retry. + if newCur := req.Object.GetCurrent(); newCur == nil || (cur != nil && newCur.Digest == cur.Digest) { + return err + } + + return nil + } + + r.success(req) + return nil +} + +func (r *RollbackRemediation) Name() string { + return "rollback" +} + +func (r *RollbackRemediation) Type() ReconcilerType { + return ReconcilerTypeRemediate +} + +// failure records the failure of a Helm rollback action in the status of the +// given Request.Object by marking Remediated=False and emitting a warning +// event. +func (r *RollbackRemediation) failure(req *Request, buffer *action.LogBuffer, err error) { + // Compose failure message. + prev := req.Object.GetPrevious() + msg := fmt.Sprintf("Rollback to %s with chart %s failed: %s", + prev.FullReleaseName(), prev.VersionedChartName(), err.Error()) + + // Mark remediation failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, v2.RemediatedCondition, v2.RollbackFailedReason, msg) + + // Record warning event, this message contains more data than the + // Condition summary. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(prev.ChartVersion), corev1.EventTypeWarning, v2.RollbackFailedReason, eventMessageWithLog(msg, buffer)) +} + +// success records the success of a Helm rollback action in the status of the +// given Request.Object by marking Remediated=True and emitting an event. +func (r *RollbackRemediation) success(req *Request) { + // Compose success message. + prev := req.Object.GetPrevious() + msg := fmt.Sprintf("Rolled back to %s with chart %s", prev.FullReleaseName(), prev.VersionedChartName()) + + // Mark remediation success on object. + conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.RollbackSucceededReason, msg) + + // Record event. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(prev.ChartVersion), corev1.EventTypeNormal, v2.RollbackSucceededReason, msg) +} + +// observeRollback returns a storage.ObserveFunc that can be used to observe +// and record the result of a rollback action in the status of the given release. +// It updates the Status.Current field of the release if it equals the target +// of the rollback action, and version >= Current.Version. +func observeRollback(obj *v2.HelmRelease) storage.ObserveFunc { + return func(rls *helmrelease.Release) { + cur := obj.GetCurrent().DeepCopy() + obs := release.ObserveRelease(rls) + if cur == nil || !obs.Targets(cur.Name, cur.Namespace, 0) || obs.Version >= cur.Version { + // Overwrite current with newer release, or update it. + obj.Status.Current = release.ObservedToInfo(obs) + } + } +} diff --git a/internal/reconcile/rollback_test.go b/internal/reconcile/rollback_remediation_test.go similarity index 69% rename from internal/reconcile/rollback_test.go rename to internal/reconcile/rollback_remediation_test.go index cc5725f55..c9d8dcb22 100644 --- a/internal/reconcile/rollback_test.go +++ b/internal/reconcile/rollback_remediation_test.go @@ -19,6 +19,7 @@ package reconcile import ( "context" "errors" + "fmt" "testing" "time" @@ -29,16 +30,24 @@ import ( helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" "github.com/fluxcd/helm-controller/internal/testutil" ) -func TestRollback_Reconcile(t *testing.T) { +func TestRollbackRemediation_Reconcile(t *testing.T) { + var ( + mockCreateErr = fmt.Errorf("storage create error") + mockUpdateErr = fmt.Errorf("storage update error") + ) + tests := []struct { name string // driver allows for modifying the Helm storage driver. @@ -97,8 +106,8 @@ func TestRollback_Reconcile(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, - "Rolled back to version 1"), + *conditions.FalseCondition(meta.ReadyCondition, v2.RollbackSucceededReason, "Rolled back to"), + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rolled back to"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[2])) @@ -164,6 +173,8 @@ func TestRollback_Reconcile(t *testing.T) { } }, expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.RollbackFailedReason, + "timed out waiting for the condition"), *conditions.FalseCondition(v2.RemediatedCondition, v2.RollbackFailedReason, "timed out waiting for the condition"), }, @@ -175,6 +186,99 @@ func TestRollback_Reconcile(t *testing.T) { }, expectFailures: 1, }, + { + name: "rollback with storage create error", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + Driver: driver, + CreateErr: mockCreateErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusSuperseded, + Namespace: namespace, + }), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusFailed, + Namespace: namespace, + }), + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + wantErr: mockCreateErr, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.RollbackFailedReason, + mockCreateErr.Error()), + *conditions.FalseCondition(v2.RemediatedCondition, v2.RollbackFailedReason, + mockCreateErr.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[1])) + }, + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + { + name: "rollback with storage update error", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + Driver: driver, + UpdateErr: mockUpdateErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusSuperseded, + Namespace: namespace, + }), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusFailed, + Namespace: namespace, + }), + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[1])), + Previous: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.RollbackFailedReason, + "storage update error"), + *conditions.FalseCondition(v2.RemediatedCondition, v2.RollbackFailedReason, + "storage update error"), + }, + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[2])) + }, + expectPrevious: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -223,7 +327,8 @@ func TestRollback_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - got := (&Rollback{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + recorder := record.NewFakeRecorder(10) + got := (NewRollbackRemediation(cfg, recorder)).Reconcile(context.TODO(), &Request{ Object: obj, }) if tt.wantErr != nil { @@ -238,15 +343,15 @@ func TestRollback_Reconcile(t *testing.T) { helmreleaseutil.SortByRevision(releases) if tt.expectCurrent != nil { - g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + g.Expect(obj.GetCurrent()).To(testutil.Equal(tt.expectCurrent(releases))) } else { - g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + g.Expect(obj.GetCurrent()).To(BeNil(), "expected current to be nil") } if tt.expectPrevious != nil { - g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + g.Expect(obj.GetPrevious()).To(testutil.Equal(tt.expectPrevious(releases))) } else { - g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + g.Expect(obj.GetPrevious()).To(BeNil(), "expected previous to be nil") } g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) @@ -270,8 +375,8 @@ func Test_observeRollback(t *testing.T) { observeRollback(obj)(rls) expect := release.ObservedToInfo(release.ObserveRelease(rls)) - g.Expect(obj.Status.Previous).To(BeNil()) - g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.GetPrevious()).To(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) }) t.Run("rollback with current", func(t *testing.T) { @@ -297,9 +402,9 @@ func Test_observeRollback(t *testing.T) { expect := release.ObservedToInfo(release.ObserveRelease(rls)) observeRollback(obj)(rls) - g.Expect(obj.Status.Current).ToNot(BeNil()) - g.Expect(obj.Status.Current).To(Equal(expect)) - g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.GetCurrent()).ToNot(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) + g.Expect(obj.GetPrevious()).To(BeNil()) }) t.Run("rollback with current with higher version", func(t *testing.T) { @@ -324,8 +429,8 @@ func Test_observeRollback(t *testing.T) { }) observeRollback(obj)(rls) - g.Expect(obj.Status.Previous).To(BeNil()) - g.Expect(obj.Status.Current).To(Equal(current)) + g.Expect(obj.GetPrevious()).To(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(current)) }) t.Run("rollback with current with different name", func(t *testing.T) { @@ -351,7 +456,7 @@ func Test_observeRollback(t *testing.T) { expect := release.ObservedToInfo(release.ObserveRelease(rls)) observeRollback(obj)(rls) - g.Expect(obj.Status.Previous).To(BeNil()) - g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.GetPrevious()).To(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) }) } diff --git a/internal/reconcile/suite_test.go b/internal/reconcile/suite_test.go index f2dc80b39..d792bd301 100644 --- a/internal/reconcile/suite_test.go +++ b/internal/reconcile/suite_test.go @@ -21,12 +21,12 @@ import ( "os" "testing" - "github.com/fluxcd/pkg/runtime/testenv" + "helm.sh/helm/v3/pkg/kube" "k8s.io/apimachinery/pkg/api/meta" utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/cli-runtime/pkg/genericclioptions" "k8s.io/client-go/discovery" - cached "k8s.io/client-go/discovery/cached" + "k8s.io/client-go/discovery/cached/memory" "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" @@ -34,6 +34,8 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/manager" + "github.com/fluxcd/pkg/runtime/testenv" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" ) @@ -55,6 +57,9 @@ func TestMain(m *testing.M) { }() <-testEnv.Manager.Elected() + // Globally configure field manager for all tests. + kube.ManagedFieldsManager = "reconciler-tests" + code := m.Run() fmt.Println("Stopping the test environment") @@ -77,9 +82,8 @@ func RESTClientGetterFromManager(mgr manager.Manager, ns string) (genericcliopti if err != nil { return nil, err } - cdc := cached.NewMemCacheClient(dc) + cdc := memory.NewMemCacheClient(dc) rm := mgr.GetRESTMapper() - return &managerRESTClientGetter{ restConfig: cfg, discoveryClient: cdc, diff --git a/internal/reconcile/test.go b/internal/reconcile/test.go index 0c712cbee..6a0cbcd7b 100644 --- a/internal/reconcile/test.go +++ b/internal/reconcile/test.go @@ -19,9 +19,12 @@ package reconcile import ( "context" "fmt" + "strings" "github.com/fluxcd/pkg/runtime/logger" helmrelease "helm.sh/helm/v3/pkg/release" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "github.com/fluxcd/pkg/runtime/conditions" @@ -32,50 +35,79 @@ import ( "github.com/fluxcd/helm-controller/internal/storage" ) +// Test is an ActionReconciler which attempts to perform a Helm test for +// the Status.Current release of the Request.Object. +// +// The writes to the Helm storage during testing are observed, which causes the +// Status.Current.TestHooks field of the object to be updated with the results +// when the action targets the same release as current. +// +// When all test hooks for the release succeed, the object is marked with +// TestSuccess=True and an event is emitted. When one of the test hooks fails, +// Helm stops running the remaining tests, and the object is marked with +// TestSuccess=False and a warning event is emitted. If test failures are not +// ignored, the failure count for the active remediation strategy is +// incremented. +// +// When the Request.Object does not have a Status.Current, it returns an +// error of type ErrNoCurrent. In addition, it returns ErrReleaseMismatch +// if the test ran for a different release target than Status.Current. +// Any other returned error indicates the caller should retry as it did not cause +// a change to the Helm storage. +// +// At the end of the reconciliation, the Status.Conditions are summarized and +// propagated to the Ready condition on the Request.Object. +// +// The caller is assumed to have verified the integrity of Request.Object using +// e.g. action.VerifyReleaseInfo before calling Reconcile. type Test struct { configFactory *action.ConfigFactory + eventRecorder record.EventRecorder +} + +// NewTest returns a new Test reconciler configured with the provided values. +func NewTest(cfg *action.ConfigFactory, recorder record.EventRecorder) *Test { + return &Test{configFactory: cfg, eventRecorder: recorder} } func (r *Test) Reconcile(ctx context.Context, req *Request) error { var ( - cur = req.Object.Status.Current.DeepCopy() + cur = req.Object.GetCurrent().DeepCopy() logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) + cfg = r.configFactory.Build(logBuf.Log, observeTest(req.Object)) ) + defer summarize(req) + // We only accept test results for the current release. if cur == nil { return fmt.Errorf("%w: required for test", ErrNoCurrent) } - // Run tests. - rls, err := action.Test(ctx, r.configFactory.Build(logBuf.Log, observeTest(req.Object)), req.Object) + // Run the Helm test action. + rls, err := action.Test(ctx, cfg, req.Object) // The Helm test action does always target the latest release. Before // accepting results, we need to confirm this is actually the release we // have recorded as Current. if rls != nil && !release.ObserveRelease(rls).Targets(cur.Name, cur.Namespace, cur.Version) { - err = fmt.Errorf("%w: tested release %s/%s with version %d != current release %s/%s with version %d", + err = fmt.Errorf("%w: tested release %s/%s.%d != current release %s/%s.%d", ErrReleaseMismatch, rls.Namespace, rls.Name, rls.Version, cur.Namespace, cur.Name, cur.Version) } // Something went wrong. if err != nil { - req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, v2.TestSuccessCondition, v2.TestFailedReason, err.Error()) + r.failure(req, logBuf, err) + // If we failed to observe anything happened at all, we want to retry // and return the error to indicate this. - if req.Object.Status.Current == cur { + if !req.Object.GetCurrent().HasBeenTested() { return err } return nil } - // Compose success condition message. - condMsg := "No test hooks." - if hookLen := len(req.Object.Status.Current.GetTestHooks()); hookLen > 0 { - condMsg = fmt.Sprintf("%d test hook(s) completed successfully.", hookLen) - } - conditions.MarkTrue(req.Object, v2.TestSuccessCondition, v2.TestSucceededReason, condMsg) + r.success(req) return nil } @@ -87,9 +119,68 @@ func (r *Test) Type() ReconcilerType { return ReconcilerTypeTest } +// failure records the failure of a Helm test action in the status of the given +// Request.Object by marking TestSuccess=False and increasing the failure +// counter. In addition, it emits a warning event for the Request.Object. +// The active remediation failure count is only incremented if test failures +// are not ignored. +func (r *Test) failure(req *Request, buffer *action.LogBuffer, err error) { + // Compose failure message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Test for release %s with chart %s failed: %s", + cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) + + // Mark test failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, v2.TestSuccessCondition, v2.TestFailedReason, msg) + + // Record warning event, this message contains more data than the + // Condition summary. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, v2.TestFailedReason, eventMessageWithLog(msg, buffer)) + + // If we failed to observe anything happened at all, we want to retry + // and return the error to indicate this. + if req.Object.GetCurrent().HasBeenTested() { + // Count the failure of the test for the active remediation strategy if enabled. + remediation := req.Object.GetActiveRemediation() + if !remediation.MustIgnoreTestFailures(req.Object.GetTest().IgnoreFailures) { + remediation.IncrementFailureCount(req.Object) + } + } +} + +// success records the failure of a Helm test action in the status of the given +// Request.Object by marking TestSuccess=True and emitting an event. +func (r *Test) success(req *Request) { + // Compose success message. + cur := req.Object.GetCurrent() + msg := strings.Builder{} + msg.WriteString(fmt.Sprintf("Tests for release %s with chart %s succeeded", cur.FullReleaseName(), cur.VersionedChartName())) + + if l := len(cur.GetTestHooks()); l > 0 { + h := "hook" + if l > 1 { + h = h + "s" + } + msg.WriteString(fmt.Sprintf(": %d test %s completed successfully", l, h)) + } else { + msg.WriteString(fmt.Sprintf(": no test hooks")) + } + + // Mark test success on object. + conditions.MarkTrue(req.Object, v2.TestSuccessCondition, v2.TestSucceededReason, msg.String()) + + // Record event. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.TestSucceededReason, msg.String()) +} + +// observeTest returns a storage.ObserveFunc that can be used to observe +// and record the result of a Helm test action in the status of the given +// release. It updates the Status.Current and TestHooks fields of the release +// if it equals the test target, and version = Current.Version. func observeTest(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { - if cur := obj.Status.Current; cur != nil { + if cur := obj.GetCurrent(); cur != nil { obs := release.ObserveRelease(rls) if obs.Targets(cur.Name, cur.Namespace, cur.Version) { obj.Status.Current = release.ObservedToInfo(obs) diff --git a/internal/reconcile/test_test.go b/internal/reconcile/test_test.go index 79064409b..f13a90db9 100644 --- a/internal/reconcile/test_test.go +++ b/internal/reconcile/test_test.go @@ -29,7 +29,9 @@ import ( helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" @@ -124,8 +126,10 @@ func TestTest_Reconcile(t *testing.T) { } }, expectConditions: []metav1.Condition{ + *conditions.TrueCondition(meta.ReadyCondition, v2.TestSucceededReason, + "1 test hook completed successfully"), *conditions.TrueCondition(v2.TestSuccessCondition, v2.TestSucceededReason, - "1 test hook(s) completed successfully."), + "1 test hook completed successfully"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { info := release.ObservedToInfo(release.ObserveRelease(releases[0])) @@ -152,8 +156,10 @@ func TestTest_Reconcile(t *testing.T) { } }, expectConditions: []metav1.Condition{ + *conditions.TrueCondition(meta.ReadyCondition, v2.TestSucceededReason, + "no test hooks"), *conditions.TrueCondition(v2.TestSuccessCondition, v2.TestSucceededReason, - "No test hooks."), + "no test hooks"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { info := release.ObservedToInfo(release.ObserveRelease(releases[0])) @@ -162,7 +168,7 @@ func TestTest_Reconcile(t *testing.T) { }, }, { - name: "test failure", + name: "test install failure", releases: func(namespace string) []*helmrelease.Release { return []*helmrelease.Release{ testutil.BuildRelease(&helmrelease.MockReleaseOptions{ @@ -176,10 +182,13 @@ func TestTest_Reconcile(t *testing.T) { }, status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { return v2.HelmReleaseStatus{ - Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + InstallFailures: 0, } }, expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.TestFailedReason, + "timed out waiting for the condition"), *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestFailedReason, "timed out waiting for the condition"), }, @@ -188,7 +197,8 @@ func TestTest_Reconcile(t *testing.T) { info.SetTestHooks(release.TestHooksFromRelease(releases[0])) return info }, - expectFailures: 1, + expectFailures: 1, + expectInstallFailures: 1, }, { name: "test without current", @@ -232,6 +242,8 @@ func TestTest_Reconcile(t *testing.T) { } }, expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.TestFailedReason, + ErrReleaseMismatch.Error()), *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestFailedReason, ErrReleaseMismatch.Error()), }, @@ -239,6 +251,7 @@ func TestTest_Reconcile(t *testing.T) { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, + wantErr: ErrReleaseMismatch, }, } for _, tt := range tests { @@ -264,6 +277,9 @@ func TestTest_Reconcile(t *testing.T) { TargetNamespace: releaseNamespace, StorageNamespace: releaseNamespace, Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + Test: &v2.Test{ + Enable: true, + }, }, } if tt.spec != nil { @@ -291,7 +307,8 @@ func TestTest_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - got := (&Test{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + recorder := record.NewFakeRecorder(10) + got := (NewTest(cfg, recorder)).Reconcile(context.TODO(), &Request{ Object: obj, }) if tt.wantErr != nil { @@ -306,15 +323,15 @@ func TestTest_Reconcile(t *testing.T) { helmreleaseutil.SortByRevision(releases) if tt.expectCurrent != nil { - g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + g.Expect(obj.GetCurrent()).To(testutil.Equal(tt.expectCurrent(releases))) } else { - g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + g.Expect(obj.GetCurrent()).To(BeNil(), "expected current to be nil") } if tt.expectPrevious != nil { - g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + g.Expect(obj.GetPrevious()).To(testutil.Equal(tt.expectPrevious(releases))) } else { - g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + g.Expect(obj.GetPrevious()).To(BeNil(), "expected previous to be nil") } g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) @@ -347,8 +364,8 @@ func Test_observeTest(t *testing.T) { expect.SetTestHooks(release.TestHooksFromRelease(rls)) observeTest(obj)(rls) - g.Expect(obj.Status.Current).To(Equal(expect)) - g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) + g.Expect(obj.GetPrevious()).To(BeNil()) }) t.Run("test with different current version", func(t *testing.T) { @@ -371,8 +388,8 @@ func Test_observeTest(t *testing.T) { }, testutil.ReleaseWithHooks(testHookFixtures)) observeTest(obj)(rls) - g.Expect(obj.Status.Current).To(Equal(current)) - g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(current)) + g.Expect(obj.GetPrevious()).To(BeNil()) }) t.Run("test without current", func(t *testing.T) { @@ -387,7 +404,7 @@ func Test_observeTest(t *testing.T) { }, testutil.ReleaseWithHooks(testHookFixtures)) observeTest(obj)(rls) - g.Expect(obj.Status.Current).To(BeNil()) - g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.GetCurrent()).To(BeNil()) + g.Expect(obj.GetPrevious()).To(BeNil()) }) } diff --git a/internal/reconcile/uninstall.go b/internal/reconcile/uninstall.go index 10116507d..da3c01450 100644 --- a/internal/reconcile/uninstall.go +++ b/internal/reconcile/uninstall.go @@ -18,9 +18,13 @@ package reconcile import ( "context" + "errors" "fmt" helmrelease "helm.sh/helm/v3/pkg/release" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "github.com/fluxcd/pkg/runtime/conditions" @@ -32,53 +36,92 @@ import ( "github.com/fluxcd/helm-controller/internal/storage" ) +// Uninstall is an ActionReconciler which attempts to uninstall a Helm release +// based on the given Request data. +// +// The writes to the Helm storage during the uninstallation are observed, and +// update the Status.Current field. +// +// After a successful uninstall, the object is marked with Released=False and +// an event is emitted. When the uninstallation fails, the object is marked +// with Released=False and a warning event is emitted. +// +// When the Request.Object does not have a Status.Current, it returns an +// error of type ErrNoCurrent. If the uninstallation targeted a different +// release (version) than Status.Current, it returns an error of type +// ErrReleaseMismatch. In addition, it returns ErrNoStorageUpdate if the +// uninstallation completed without updating the Helm storage. In which case +// the resources for the release will be removed from the cluster, but the +// storage object remains in the cluster. Any other returned error indicates +// the caller should retry as it did not cause a change to the Helm storage or +// the cluster resources. +// +// At the end of the reconciliation, the Status.Conditions are summarized and +// propagated to the Ready condition on the Request.Object. +// +// This reconciler is different from UninstallRemediation, in that it makes +// observations to the Released condition type instead of Remediated. Use this +// reconciler to uninstall a release, and UninstallRemediation to remediate a +// release. +// +// The caller is assumed to have verified the integrity of Request.Object using +// e.g. action.VerifyReleaseInfo before calling Reconcile. type Uninstall struct { configFactory *action.ConfigFactory + eventRecorder record.EventRecorder +} + +// NewUninstall returns a new Uninstall reconciler configured with the provided +// values. +func NewUninstall(cfg *action.ConfigFactory, recorder record.EventRecorder) *Uninstall { + return &Uninstall{configFactory: cfg, eventRecorder: recorder} } func (r *Uninstall) Reconcile(ctx context.Context, req *Request) error { var ( - cur = req.Object.Status.Current.DeepCopy() + cur = req.Object.GetCurrent().DeepCopy() logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) cfg = r.configFactory.Build(logBuf.Log, observeUninstall(req.Object)) ) + defer summarize(req) + // Require current to run uninstall. if cur == nil { return fmt.Errorf("%w: required to uninstall", ErrNoCurrent) } - // Run the uninstall action. + // Run the Helm uninstall action. res, err := action.Uninstall(ctx, cfg, req.Object, cur.Name) + if errors.Is(err, helmdriver.ErrReleaseNotFound) { + err = nil + } // The Helm uninstall action does always target the latest release. Before // accepting results, we need to confirm this is actually the release we // have recorded as Current. if res != nil && !release.ObserveRelease(res.Release).Targets(cur.Name, cur.Namespace, cur.Version) { - err = fmt.Errorf("%w: uninstalled release %s/%s with version %d != current release %s/%s with version %d", - ErrReleaseMismatch, res.Release.Namespace, res.Release.Name, res.Release.Version, cur.Namespace, cur.Name, - cur.Version) + err = fmt.Errorf("%w: uninstalled release %s/%s.%d != current release %s", + ErrReleaseMismatch, res.Release.Namespace, res.Release.Name, res.Release.Version, cur.FullReleaseName()) } // The Helm uninstall action may return without an error while the update // to the storage failed. Detect this and return an error. - if err == nil && cur == req.Object.Status.Current { - err = fmt.Errorf("uninstallation completed without updating Helm storage") + if err == nil && cur.Digest == req.Object.GetCurrent().Digest { + err = fmt.Errorf("uninstall completed with error: %w", ErrNoStorageUpdate) } // Handle any error. if err != nil { - req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, v2.RemediatedCondition, v2.UninstallFailedReason, err.Error()) - if req.Object.Status.Current == cur { + r.failed(req, logBuf, err) + if req.Object.GetCurrent().Digest == cur.Digest { return err } return nil } // Mark success. - conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.UninstallSucceededReason, - res.Release.Info.Description) + r.success(req) return nil } @@ -87,7 +130,41 @@ func (r *Uninstall) Name() string { } func (r *Uninstall) Type() ReconcilerType { - return ReconcilerTypeRemediate + return ReconcilerTypeRelease +} + +// failure records the failure of a Helm uninstall action in the status of the +// given Request.Object by marking Released=False and emitting a warning +// event. +func (r *Uninstall) failed(req *Request, buffer *action.LogBuffer, err error) { + // Compose success message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Uninstall of release %s with chart %s failed: %s", + cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) + + // Mark remediation failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.UninstallFailedReason, msg) + + // Record warning event, this message contains more data than the + // Condition summary. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, v2.UninstallFailedReason, eventMessageWithLog(msg, buffer)) +} + +// success records the success of a Helm uninstall action in the status of +// the given Request.Object by marking Released=False and emitting an +// event. +func (r *Uninstall) success(req *Request) { + // Compose success message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Uninstall of release %s with chart %s succeeded", cur.FullReleaseName(), cur.VersionedChartName()) + + // Mark remediation success on object. + conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.UninstallSucceededReason, msg) + + // Record warning event, this message contains more data than the + // Condition summary. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.UninstallSucceededReason, msg) } // observeUninstall returns a storage.ObserveFunc that can be used to observe @@ -96,7 +173,7 @@ func (r *Uninstall) Type() ReconcilerType { // uninstallation target, and version = Current.Version. func observeUninstall(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { - if cur := obj.Status.Current; cur != nil { + if cur := obj.GetCurrent(); cur != nil { if obs := release.ObserveRelease(rls); obs.Targets(cur.Name, cur.Namespace, cur.Version) { obj.Status.Current = release.ObservedToInfo(obs) } diff --git a/internal/reconcile/uninstall_remediation.go b/internal/reconcile/uninstall_remediation.go new file mode 100644 index 000000000..9c1d5e901 --- /dev/null +++ b/internal/reconcile/uninstall_remediation.go @@ -0,0 +1,163 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "errors" + "fmt" + + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + + "github.com/fluxcd/pkg/runtime/conditions" + "github.com/fluxcd/pkg/runtime/logger" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" +) + +var ( + ErrNoStorageUpdate = errors.New("release not updated in Helm storage") +) + +// UninstallRemediation is an ActionReconciler which attempts to remediate a +// failed Helm release for the given Request data by uninstalling it. +// +// The writes to the Helm storage during the uninstallation are observed, and +// update the Status.Current field. +// +// After a successful uninstall, the object is marked with Remediated=True and +// an event is emitted. When the uninstallation fails, the object is marked +// with Remediated=False and a warning event is emitted. +// +// When the Request.Object does not have a Status.Current, it returns an +// error of type ErrNoCurrent. If the uninstallation targeted a different +// release (version) than Status.Current, it returns an error of type +// ErrReleaseMismatch. In addition, it returns ErrNoStorageUpdate if the +// uninstallation completed without updating the Helm storage. In which case +// the resources for the release will be removed from the cluster, but the +// storage object remains in the cluster. Any other returned error indicates +// the caller should retry as it did not cause a change to the Helm storage or +// the cluster resources. +// +// At the end of the reconciliation, the Status.Conditions are summarized and +// propagated to the Ready condition on the Request.Object. +// +// This reconciler is different from Uninstall, in that it makes observations +// to the Remediated condition type instead of Released. Use this reconciler +// to remediate a failed release, and Uninstall to uninstall a release. +// +// The caller is assumed to have verified the integrity of Request.Object using +// e.g. action.VerifyReleaseInfo before calling Reconcile. +type UninstallRemediation struct { + configFactory *action.ConfigFactory + eventRecorder record.EventRecorder +} + +// NewUninstallRemediation returns a new UninstallRemediation reconciler +// configured with the provided values. +func NewUninstallRemediation(cfg *action.ConfigFactory, recorder record.EventRecorder) *UninstallRemediation { + return &UninstallRemediation{configFactory: cfg, eventRecorder: recorder} +} + +func (r *UninstallRemediation) Reconcile(ctx context.Context, req *Request) error { + var ( + cur = req.Object.GetCurrent().DeepCopy() + logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) + cfg = r.configFactory.Build(logBuf.Log, observeUninstall(req.Object)) + ) + + // Require current to run uninstall. + if cur == nil { + return fmt.Errorf("%w: required to uninstall", ErrNoCurrent) + } + + // Run the Helm uninstall action. + res, err := action.Uninstall(ctx, cfg, req.Object, cur.Name) + + // The Helm uninstall action does always target the latest release. Before + // accepting results, we need to confirm this is actually the release we + // have recorded as Current. + if res != nil && !release.ObserveRelease(res.Release).Targets(cur.Name, cur.Namespace, cur.Version) { + err = fmt.Errorf("%w: uninstalled release %s/%s.%d != current release %s", + ErrReleaseMismatch, res.Release.Namespace, res.Release.Name, res.Release.Version, cur.FullReleaseName()) + } + + // The Helm uninstall action may return without an error while the update + // to the storage failed. Detect this and return an error. + if err == nil && cur.Digest == req.Object.GetCurrent().Digest { + err = fmt.Errorf("uninstall completed with error: %w", ErrNoStorageUpdate) + } + + // Handle any error. + if err != nil { + r.failure(req, logBuf, err) + if cur.Digest == req.Object.GetCurrent().Digest { + return err + } + return nil + } + + // Mark success. + r.success(req) + return nil +} + +func (r *UninstallRemediation) Name() string { + return "uninstall" +} + +func (r *UninstallRemediation) Type() ReconcilerType { + return ReconcilerTypeRemediate +} + +// success records the success of a Helm uninstall remediation action in the +// status of the given Request.Object by marking Remediated=False and emitting +// a warning event. +func (r *UninstallRemediation) failure(req *Request, buffer *action.LogBuffer, err error) { + // Compose success message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Uninstall remediation for release %s with chart %s failed: %s", + cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) + + // Mark uninstall failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, v2.RemediatedCondition, v2.UninstallFailedReason, msg) + + // Record warning event, this message contains more data than the + // Condition summary. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, v2.UninstallFailedReason, eventMessageWithLog(msg, buffer)) +} + +// success records the success of a Helm uninstall remediation action in the +// status of the given Request.Object by marking Remediated=True and emitting +// an event. +func (r *UninstallRemediation) success(req *Request) { + // Compose success message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Uninstall remediation for release %s with chart %s succeeded", + cur.FullReleaseName(), cur.VersionedChartName()) + + // Mark remediation success on object. + conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.UninstallSucceededReason, msg) + + // Record event. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.UninstallSucceededReason, msg) +} diff --git a/internal/reconcile/uninstall_remediation_test.go b/internal/reconcile/uninstall_remediation_test.go new file mode 100644 index 000000000..cbbaf5902 --- /dev/null +++ b/internal/reconcile/uninstall_remediation_test.go @@ -0,0 +1,364 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package reconcile + +import ( + "context" + "errors" + "fmt" + "testing" + "time" + + "github.com/go-logr/logr" + . "github.com/onsi/gomega" + helmrelease "helm.sh/helm/v3/pkg/release" + "helm.sh/helm/v3/pkg/releaseutil" + helmstorage "helm.sh/helm/v3/pkg/storage" + helmdriver "helm.sh/helm/v3/pkg/storage/driver" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + + "github.com/fluxcd/pkg/runtime/conditions" + + v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/release" + "github.com/fluxcd/helm-controller/internal/storage" + "github.com/fluxcd/helm-controller/internal/testutil" +) + +func TestUninstallRemediation_Reconcile(t *testing.T) { + var ( + mockUpdateErr = fmt.Errorf("storage update error") + mockDeleteErr = fmt.Errorf("storage delete error") + ) + + tests := []struct { + name string + // driver allows for modifying the Helm storage driver. + driver func(helmdriver.Driver) helmdriver.Driver + // releases is the list of releases that are stored in the driver + // before uninstall. + releases func(namespace string) []*helmrelease.Release + // spec modifies the HelmRelease Object spec before uninstall. + spec func(spec *v2.HelmReleaseSpec) + // status to configure on the HelmRelease Object before uninstall. + status func(releases []*helmrelease.Release) v2.HelmReleaseStatus + // wantErr is the error that is expected to be returned. + wantErr error + // expectedConditions are the conditions that are expected to be set on + // the HelmRelease after running rollback. + expectConditions []metav1.Condition + // expectCurrent is the expected Current release information in the + // HelmRelease after uninstall. + expectCurrent func(releases []*helmrelease.Release) *v2.HelmReleaseInfo + // expectPrevious returns the expected Previous release information of + // the HelmRelease after uninstall. + expectPrevious func(releases []*helmrelease.Release) *v2.HelmReleaseInfo + // expectFailures is the expected Failures count of the HelmRelease. + expectFailures int64 + // expectInstallFailures is the expected InstallFailures count of the + // HelmRelease. + expectInstallFailures int64 + // expectUpgradeFailures is the expected UpgradeFailures count of the + // HelmRelease. + expectUpgradeFailures int64 + }{ + { + name: "uninstall success", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusDeployed, + }), + } + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Uninstall = &v2.Uninstall{ + KeepHistory: true, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.UninstallSucceededReason, + "Uninstall remediation for release"), + }, + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + }, + { + name: "uninstall failure", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(testutil.ChartWithFailingHook()), + }, testutil.ReleaseWithFailingHook()), + } + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Uninstall = &v2.Uninstall{ + KeepHistory: true, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, + "uninstallation completed with 1 error(s): 1 error occurred:\n\t* timed out waiting for the condition\n\n"), + }, + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + { + name: "uninstall failure without storage update", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + // Explicitly inherit the driver, as we want to rely on the + // Secret storage, as the memory storage does not detach + // objects from the release action. Causing writes post-persist + // to leak to the stored release object. + // xref: https://github.com/helm/helm/issues/11304 + Driver: driver, + UpdateErr: mockUpdateErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusDeployed, + }), + } + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Uninstall = &v2.Uninstall{ + KeepHistory: true, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, + ErrNoStorageUpdate.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + wantErr: ErrNoStorageUpdate, + }, + { + name: "uninstall failure without storage delete", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + // Explicitly inherit the driver, as we want to rely on the + // Secret storage, as the memory storage does not detach + // objects from the release action. Causing writes post-persist + // to leak to the stored release object. + // xref: https://github.com/helm/helm/issues/11304 + Driver: driver, + DeleteErr: mockDeleteErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Status: helmrelease.StatusDeployed, + Chart: testutil.BuildChart(), + }), + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, mockDeleteErr.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + }, + { + name: "uninstall without current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusDeployed, + }), + } + }, + expectConditions: []metav1.Condition{}, + wantErr: ErrNoCurrent, + }, + { + name: "uninstall with stale current", + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusSuperseded, + }, testutil.ReleaseWithTestHook()), + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 2, + Chart: testutil.BuildChart(), + Status: helmrelease.StatusDeployed, + }), + } + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Uninstall = &v2.Uninstall{ + KeepHistory: true, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, + ErrReleaseMismatch.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + wantErr: ErrReleaseMismatch, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + namedNS, err := testEnv.CreateNamespace(context.TODO(), mockReleaseNamespace) + g.Expect(err).NotTo(HaveOccurred()) + t.Cleanup(func() { + _ = testEnv.Delete(context.TODO(), namedNS) + }) + releaseNamespace := namedNS.Name + + var releases []*helmrelease.Release + if tt.releases != nil { + releases = tt.releases(releaseNamespace) + releaseutil.SortByRevision(releases) + } + + obj := &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: releaseNamespace, + StorageNamespace: releaseNamespace, + Timeout: &metav1.Duration{Duration: 100 * time.Millisecond}, + }, + } + if tt.spec != nil { + tt.spec(&obj.Spec) + } + if tt.status != nil { + obj.Status = tt.status(releases) + } + + getter, err := RESTClientGetterFromManager(testEnv.Manager, obj.GetReleaseNamespace()) + g.Expect(err).ToNot(HaveOccurred()) + + cfg, err := action.NewConfigFactory(getter, + action.WithStorage(action.DefaultStorageDriver, obj.GetStorageNamespace()), + action.WithDebugLog(logr.Discard()), + ) + g.Expect(err).ToNot(HaveOccurred()) + + store := helmstorage.Init(cfg.Driver) + for _, r := range releases { + g.Expect(store.Create(r)).To(Succeed()) + } + + if tt.driver != nil { + cfg.Driver = tt.driver(cfg.Driver) + } + + recorder := record.NewFakeRecorder(10) + got := NewUninstallRemediation(cfg, recorder).Reconcile(context.TODO(), &Request{ + Object: obj, + }) + if tt.wantErr != nil { + g.Expect(errors.Is(got, tt.wantErr)).To(BeTrue()) + } else { + g.Expect(got).ToNot(HaveOccurred()) + } + + g.Expect(obj.Status.Conditions).To(conditions.MatchConditions(tt.expectConditions)) + + releases, _ = store.History(mockReleaseName) + releaseutil.SortByRevision(releases) + + if tt.expectCurrent != nil { + g.Expect(obj.GetCurrent()).To(testutil.Equal(tt.expectCurrent(releases))) + } else { + g.Expect(obj.GetCurrent()).To(BeNil(), "expected current to be nil") + } + + if tt.expectPrevious != nil { + g.Expect(obj.GetPrevious()).To(testutil.Equal(tt.expectPrevious(releases))) + } else { + g.Expect(obj.GetPrevious()).To(BeNil(), "expected previous to be nil") + } + + g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) + g.Expect(obj.Status.InstallFailures).To(Equal(tt.expectInstallFailures)) + g.Expect(obj.Status.UpgradeFailures).To(Equal(tt.expectUpgradeFailures)) + }) + } +} diff --git a/internal/reconcile/uninstall_test.go b/internal/reconcile/uninstall_test.go index 9e3eda33d..fd240c9a9 100644 --- a/internal/reconcile/uninstall_test.go +++ b/internal/reconcile/uninstall_test.go @@ -23,7 +23,6 @@ import ( "testing" "time" - "github.com/fluxcd/pkg/runtime/conditions" "github.com/go-logr/logr" . "github.com/onsi/gomega" helmrelease "helm.sh/helm/v3/pkg/release" @@ -31,6 +30,10 @@ import ( helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + + "github.com/fluxcd/pkg/apis/meta" + "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" @@ -39,7 +42,9 @@ import ( "github.com/fluxcd/helm-controller/internal/testutil" ) -func Test_uninstall(t *testing.T) { +func TestUninstall_Reconcile(t *testing.T) { + mockUpdateErr := errors.New("mock update error") + tests := []struct { name string // driver allows for modifying the Helm storage driver. @@ -95,8 +100,10 @@ func Test_uninstall(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(v2.RemediatedCondition, v2.UninstallSucceededReason, - "Uninstallation complete"), + *conditions.FalseCondition(meta.ReadyCondition, v2.UninstallSucceededReason, + "Uninstall of release"), + *conditions.FalseCondition(v2.ReleasedCondition, v2.UninstallSucceededReason, + "Uninstall of release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) @@ -126,7 +133,9 @@ func Test_uninstall(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, + *conditions.FalseCondition(meta.ReadyCondition, v2.UninstallFailedReason, + "uninstallation completed with 1 error(s): 1 error occurred:\n\t* timed out waiting for the condition\n\n"), + *conditions.FalseCondition(v2.ReleasedCondition, v2.UninstallFailedReason, "uninstallation completed with 1 error(s): 1 error occurred:\n\t* timed out waiting for the condition\n\n"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { @@ -134,6 +143,52 @@ func Test_uninstall(t *testing.T) { }, expectFailures: 1, }, + { + name: "uninstall failure without storage update", + driver: func(driver helmdriver.Driver) helmdriver.Driver { + return &storage.Failing{ + // Explicitly inherit the driver, as we want to rely on the + // Secret storage, as the memory storage does not detach + // objects from the release action. Causing writes post-persist + // to leak to the stored release object. + // xref: https://github.com/helm/helm/issues/11304 + Driver: driver, + UpdateErr: mockUpdateErr, + } + }, + releases: func(namespace string) []*helmrelease.Release { + return []*helmrelease.Release{ + testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: namespace, + Version: 1, + Chart: testutil.BuildChart(testutil.ChartWithTestHook()), + Status: helmrelease.StatusDeployed, + }), + } + }, + spec: func(spec *v2.HelmReleaseSpec) { + spec.Uninstall = &v2.Uninstall{ + KeepHistory: true, + } + }, + status: func(releases []*helmrelease.Release) v2.HelmReleaseStatus { + return v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(releases[0])), + } + }, + expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.UninstallFailedReason, + ErrNoStorageUpdate.Error()), + *conditions.FalseCondition(v2.ReleasedCondition, v2.UninstallFailedReason, + ErrNoStorageUpdate.Error()), + }, + expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { + return release.ObservedToInfo(release.ObserveRelease(releases[0])) + }, + expectFailures: 1, + wantErr: ErrNoStorageUpdate, + }, { name: "uninstall failure without storage delete", driver: func(driver helmdriver.Driver) helmdriver.Driver { @@ -142,6 +197,7 @@ func Test_uninstall(t *testing.T) { // Secret storage, as the memory storage does not detach // objects from the release action. Causing writes post-persist // to leak to the stored release object. + // xref: https://github.com/helm/helm/issues/11304 Driver: driver, DeleteErr: fmt.Errorf("delete error"), } @@ -163,7 +219,9 @@ func Test_uninstall(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, + *conditions.FalseCondition(meta.ReadyCondition, v2.UninstallFailedReason, + "delete error"), + *conditions.FalseCondition(v2.ReleasedCondition, v2.UninstallFailedReason, "delete error"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { @@ -218,13 +276,16 @@ func Test_uninstall(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, + *conditions.FalseCondition(meta.ReadyCondition, v2.UninstallFailedReason, + ErrReleaseMismatch.Error()), + *conditions.FalseCondition(v2.ReleasedCondition, v2.UninstallFailedReason, ErrReleaseMismatch.Error()), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, + wantErr: ErrReleaseMismatch, }, } for _, tt := range tests { @@ -277,7 +338,8 @@ func Test_uninstall(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - got := (&Uninstall{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + recorder := record.NewFakeRecorder(10) + got := NewUninstall(cfg, recorder).Reconcile(context.TODO(), &Request{ Object: obj, }) if tt.wantErr != nil { @@ -292,15 +354,15 @@ func Test_uninstall(t *testing.T) { releaseutil.SortByRevision(releases) if tt.expectCurrent != nil { - g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + g.Expect(obj.GetCurrent()).To(testutil.Equal(tt.expectCurrent(releases))) } else { - g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + g.Expect(obj.GetCurrent()).To(BeNil(), "expected current to be nil") } if tt.expectPrevious != nil { - g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + g.Expect(obj.GetPrevious()).To(testutil.Equal(tt.expectPrevious(releases))) } else { - g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + g.Expect(obj.GetPrevious()).To(BeNil(), "expected previous to be nil") } g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) @@ -334,9 +396,9 @@ func Test_observeUninstall(t *testing.T) { expect := release.ObservedToInfo(release.ObserveRelease(rls)) observeUninstall(obj)(rls) - g.Expect(obj.Status.Current).ToNot(BeNil()) - g.Expect(obj.Status.Current).To(Equal(expect)) - g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.GetCurrent()).ToNot(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) + g.Expect(obj.GetPrevious()).To(BeNil()) }) t.Run("uninstall without current", func(t *testing.T) { @@ -355,8 +417,8 @@ func Test_observeUninstall(t *testing.T) { }) observeUninstall(obj)(rls) - g.Expect(obj.Status.Current).To(BeNil()) - g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.GetCurrent()).To(BeNil()) + g.Expect(obj.GetPrevious()).To(BeNil()) }) t.Run("uninstall of different version than current", func(t *testing.T) { @@ -381,8 +443,8 @@ func Test_observeUninstall(t *testing.T) { }) observeUninstall(obj)(rls) - g.Expect(obj.Status.Current).ToNot(BeNil()) - g.Expect(obj.Status.Current).To(Equal(current)) - g.Expect(obj.Status.Previous).To(BeNil()) + g.Expect(obj.GetCurrent()).ToNot(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(current)) + g.Expect(obj.GetPrevious()).To(BeNil()) }) } diff --git a/internal/reconcile/unlock.go b/internal/reconcile/unlock.go index 908bf4d53..f084bdcbb 100644 --- a/internal/reconcile/unlock.go +++ b/internal/reconcile/unlock.go @@ -24,6 +24,8 @@ import ( "github.com/fluxcd/pkg/runtime/conditions" helmrelease "helm.sh/helm/v3/pkg/release" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/tools/record" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" @@ -31,13 +33,44 @@ import ( "github.com/fluxcd/helm-controller/internal/storage" ) +// Unlock is an ActionReconciler which attempts to unlock the Status.Current +// of a Request.Object in the Helm storage if stuck in a pending state, by +// setting the status to release.StatusFailed and persisting it. +// +// This write to the Helm storage is observed, and updates the Status.Current +// field if the persisted object targets the same release version. +// +// Any pending state marks the v2beta2.HelmRelease object with +// ReleasedCondition=False, even if persisting the object to the Helm storage +// fails. +// +// If the Request.Object does not have a Status.Current, an ErrNoCurrent error +// is returned. +// +// At the end of the reconciliation, the Status.Conditions are summarized and +// propagated to the Ready condition on the Request.Object. +// +// The caller is assumed to have verified the integrity of Request.Object using +// e.g. action.VerifyReleaseInfo before calling Reconcile. type Unlock struct { configFactory *action.ConfigFactory + eventRecorder record.EventRecorder +} + +// NewUnlock returns a new Unlock reconciler configured with the provided +// values. +func NewUnlock(cfg *action.ConfigFactory, recorder record.EventRecorder) *Unlock { + return &Unlock{configFactory: cfg, eventRecorder: recorder} } func (r *Unlock) Reconcile(_ context.Context, req *Request) error { + var ( + cur = req.Object.GetCurrent().DeepCopy() + ) + + defer summarize(req) + // We can only unlock a release if we have a current. - cur := req.Object.Status.Current.DeepCopy() if cur == nil { return fmt.Errorf("%w: required for unlock", ErrNoCurrent) } @@ -46,7 +79,7 @@ func (r *Unlock) Reconcile(_ context.Context, req *Request) error { cfg := r.configFactory.Build(nil, observeUnlock(req.Object)) // Retrieve last release object. - rls, err := cfg.Releases.Last(req.Object.GetReleaseName()) + rls, err := cfg.Releases.Get(cur.Name, cur.Version) if err != nil { // Ignore not found error. Assume caller will decide what to do // when it re-assess state to determine the next action. @@ -57,21 +90,15 @@ func (r *Unlock) Reconcile(_ context.Context, req *Request) error { return err } - // Ensure latest is still same as current. - obs := release.ObserveRelease(rls) - if obs.Targets(cur.Name, cur.Namespace, cur.Version) { - if status := rls.Info.Status; status.IsPending() { - // Update pending status to failed and persist. - rls.SetStatus(helmrelease.StatusFailed, fmt.Sprintf("Release unlocked from stale '%s' state", - status.String())) - if err = cfg.Releases.Update(rls); err != nil { - req.Object.Status.Failures++ - conditions.MarkFalse(req.Object, v2.ReleasedCondition, "StalePending", - "Failed to unlock release from stale '%s' state: %s", status.String(), err.Error()) - return err - } - conditions.MarkFalse(req.Object, v2.ReleasedCondition, "StalePending", rls.Info.Description) + // Ensure the release is in a pending state. + if status := rls.Info.Status; status.IsPending() { + // Update pending status to failed and persist. + rls.SetStatus(helmrelease.StatusFailed, fmt.Sprintf("Release unlocked from stale '%s' state", status.String())) + if err = cfg.Releases.Update(rls); err != nil { + r.failure(req, status, err) + return err } + r.success(req, status) } return nil } @@ -84,13 +111,45 @@ func (r *Unlock) Type() ReconcilerType { return ReconcilerTypeUnlock } +// failure records the failure of an unlock action in the status of the given +// Request.Object by marking ReleasedCondition=False and increasing the failure +// counter. In addition, it emits a warning event for the Request.Object. +func (r *Unlock) failure(req *Request, status helmrelease.Status, err error) { + // Compose failure message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Unlock of release %s with chart %s in %s state failed: %s", + cur.FullReleaseName(), cur.VersionedChartName(), status.String(), err.Error()) + + // Mark unlock failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, v2.ReleasedCondition, "PendingRelease", msg) + + // Record warning event. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, "PendingRelease", msg) +} + +// success records the success of an unlock action in the status of the given +// Request.Object by marking ReleasedCondition=False and emitting an event. +func (r *Unlock) success(req *Request, status helmrelease.Status) { + // Compose success message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Unlocked release %s with chart %s from %s state", + cur.FullReleaseName(), cur.VersionedChartName(), status.String()) + + // Mark unlock success on object. + conditions.MarkFalse(req.Object, v2.ReleasedCondition, "PendingRelease", msg) + + // Record event. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, "PendingRelease", msg) +} + // observeUnlock returns a storage.ObserveFunc that can be used to observe and // record the result of an unlock action in the status of the given release. // It updates the Status.Current field of the release if it equals the target // of the unlock action. func observeUnlock(obj *v2.HelmRelease) storage.ObserveFunc { return func(rls *helmrelease.Release) { - if cur := obj.Status.Current; cur != nil { + if cur := obj.GetCurrent(); cur != nil { obs := release.ObserveRelease(rls) if obs.Targets(cur.Name, cur.Namespace, cur.Version) { obj.Status.Current = release.ObservedToInfo(obs) diff --git a/internal/reconcile/unlock_test.go b/internal/reconcile/unlock_test.go index b53ced76f..24fe0d47b 100644 --- a/internal/reconcile/unlock_test.go +++ b/internal/reconcile/unlock_test.go @@ -29,7 +29,9 @@ import ( helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" @@ -39,7 +41,7 @@ import ( "github.com/fluxcd/helm-controller/internal/testutil" ) -func Test_unlock(t *testing.T) { +func TestUnlock_Reconcile(t *testing.T) { var ( mockQueryErr = errors.New("storage query error") mockUpdateErr = errors.New("storage update error") @@ -95,8 +97,8 @@ func Test_unlock(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(v2.ReleasedCondition, "StalePending", - "Release unlocked from stale '%s' state", helmrelease.StatusPendingInstall), + *conditions.FalseCondition(meta.ReadyCondition, "PendingRelease", "Unlocked release"), + *conditions.FalseCondition(v2.ReleasedCondition, "PendingRelease", "Unlocked release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) @@ -128,8 +130,8 @@ func Test_unlock(t *testing.T) { }, wantErr: mockUpdateErr, expectConditions: []metav1.Condition{ - *conditions.FalseCondition(v2.ReleasedCondition, "StalePending", - "Failed to unlock release from stale '%s' state", helmrelease.StatusPendingRollback), + *conditions.FalseCondition(meta.ReadyCondition, "PendingRelease", "Unlock of release"), + *conditions.FalseCondition(v2.ReleasedCondition, "PendingRelease", "Unlock of release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) @@ -233,8 +235,8 @@ func Test_unlock(t *testing.T) { name: "unlock with storage query error", driver: func(driver helmdriver.Driver) helmdriver.Driver { return &storage.Failing{ - Driver: driver, - QueryErr: mockQueryErr, + Driver: driver, + GetErr: mockQueryErr, } }, releases: func(namespace string) []*helmrelease.Release { @@ -318,7 +320,8 @@ func Test_unlock(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - got := (&Unlock{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + recorder := record.NewFakeRecorder(10) + got := NewUnlock(cfg, recorder).Reconcile(context.TODO(), &Request{ Object: obj, }) if tt.wantErr != nil { @@ -333,15 +336,15 @@ func Test_unlock(t *testing.T) { helmreleaseutil.SortByRevision(releases) if tt.expectCurrent != nil { - g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + g.Expect(obj.GetCurrent()).To(testutil.Equal(tt.expectCurrent(releases))) } else { - g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + g.Expect(obj.GetCurrent()).To(BeNil(), "expected current to be nil") } if tt.expectPrevious != nil { - g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + g.Expect(obj.GetPrevious()).To(testutil.Equal(tt.expectPrevious(releases))) } else { - g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + g.Expect(obj.GetPrevious()).To(BeNil(), "expected previous to be nil") } g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) @@ -374,8 +377,8 @@ func Test_observeUnlock(t *testing.T) { expect := release.ObservedToInfo(release.ObserveRelease(rls)) observeUnlock(obj)(rls) - g.Expect(obj.Status.Previous).To(BeNil()) - g.Expect(obj.Status.Current).To(Equal(expect)) + g.Expect(obj.GetPrevious()).To(BeNil()) + g.Expect(obj.GetCurrent()).To(Equal(expect)) }) t.Run("unlock without current", func(t *testing.T) { @@ -390,7 +393,7 @@ func Test_observeUnlock(t *testing.T) { }) observeUnlock(obj)(rls) - g.Expect(obj.Status.Previous).To(BeNil()) - g.Expect(obj.Status.Current).To(BeNil()) + g.Expect(obj.GetPrevious()).To(BeNil()) + g.Expect(obj.GetCurrent()).To(BeNil()) }) } diff --git a/internal/reconcile/upgrade.go b/internal/reconcile/upgrade.go index ca8cae42b..fa6157aba 100644 --- a/internal/reconcile/upgrade.go +++ b/internal/reconcile/upgrade.go @@ -18,7 +18,10 @@ package reconcile import ( "context" + "fmt" + corev1 "k8s.io/api/core/v1" + "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "github.com/fluxcd/pkg/runtime/conditions" @@ -28,27 +31,53 @@ import ( "github.com/fluxcd/helm-controller/internal/action" ) +// Upgrade is an ActionReconciler which attempts to upgrade a Helm release +// based on the given Request data. +// +// The writes to the Helm storage during the installation process are +// observed, and updates the Status.Current (and possibly Status.Previous) +// field(s). +// +// On upgrade success, the object is marked with Released=True and emits an +// event. In addition, the object is marked with TestSuccess=False if tests +// are enabled to indicate we are awaiting the results. +// On failure, the object is marked with Released=False and emits a warning +// event. Only an error which resulted in a modification to the Helm storage +// counts towards a failure for the active remediation strategy. +// +// At the end of the reconciliation, the Status.Conditions are summarized and +// propagated to the Ready condition on the Request.Object. +// +// The caller is assumed to have verified the integrity of Request.Object using +// e.g. action.VerifyReleaseInfo before calling Reconcile. type Upgrade struct { configFactory *action.ConfigFactory + eventRecorder record.EventRecorder +} + +// NewUpgrade returns a new Upgrade reconciler configured with the provided +// values. +func NewUpgrade(cfg *action.ConfigFactory, recorder record.EventRecorder) *Upgrade { + return &Upgrade{configFactory: cfg, eventRecorder: recorder} } func (r *Upgrade) Reconcile(ctx context.Context, req *Request) error { var ( - cur = req.Object.Status.Current.DeepCopy() + cur = req.Object.GetCurrent().DeepCopy() logBuf = action.NewLogBuffer(action.NewDebugLog(ctrl.LoggerFrom(ctx).V(logger.InfoLevel)), 10) cfg = r.configFactory.Build(logBuf.Log, observeRelease(req.Object)) ) - // Run upgrade action. - rls, err := action.Upgrade(ctx, cfg, req.Object, req.Chart, req.Values) + defer summarize(req) + + // Run the Helm upgrade action. + _, err := action.Upgrade(ctx, cfg, req.Object, req.Chart, req.Values) if err != nil { - // Mark failure on object. - conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.UpgradeFailedReason, err.Error()) - req.Object.Status.Failures++ + r.failure(req, logBuf, err) // Return error if we did not store a release, as this does not // affect state and the caller should e.g. retry. - if newCur := req.Object.Status.Current; newCur == nil || newCur == cur { + if newCur := req.Object.GetCurrent(); newCur == nil || (cur != nil && newCur.Digest == cur.Digest) { return err } @@ -58,12 +87,11 @@ func (r *Upgrade) Reconcile(ctx context.Context, req *Request) error { // without a new release in storage there is nothing to remediate, // and the action can be retried immediately without causing // storage drift. - req.Object.Status.UpgradeFailures++ + req.Object.GetActiveRemediation().IncrementFailureCount(req.Object) return nil } - // Mark success on object. - conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.UpgradeSucceededReason, rls.Info.Description) + r.success(req) return nil } @@ -74,3 +102,47 @@ func (r *Upgrade) Name() string { func (r *Upgrade) Type() ReconcilerType { return ReconcilerTypeRelease } + +// failure records the failure of a Helm upgrade action in the status of the +// given Request.Object by marking ReleasedCondition=False and increasing the +// failure counter. In addition, it emits a warning event for the +// Request.Object. +// +// Increase of the failure counter for the active remediation strategy should +// be done conditionally by the caller after verifying the failed action has +// modified the Helm storage. This to avoid counting failures which do not +// result in Helm storage drift. +func (r *Upgrade) failure(req *Request, buffer *action.LogBuffer, err error) { + // Compose failure message. + msg := fmt.Sprintf("Upgrade of release %s/%s with chart %s@%s failed: %s", req.Object.GetReleaseNamespace(), + req.Object.GetReleaseName(), req.Chart.Name(), req.Chart.Metadata.Version, err.Error()) + + // Mark upgrade failure on object. + req.Object.Status.Failures++ + conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.UpgradeFailedReason, msg) + + // Record warning event, this message contains more data than the + // Condition summary. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(req.Chart.Metadata.Version), corev1.EventTypeWarning, v2.UpgradeFailedReason, eventMessageWithLog(msg, buffer)) +} + +// success records the success of a Helm upgrade action in the status of the +// given Request.Object by marking ReleasedCondition=True and emitting an +// event. In addition, it marks TestSuccessCondition=False when tests are +// enabled to indicate we are awaiting test results after having made the +// release. +func (r *Upgrade) success(req *Request) { + // Compose success message. + cur := req.Object.GetCurrent() + msg := fmt.Sprintf("Upgraded release %s with chart %s", cur.FullReleaseName(), cur.VersionedChartName()) + + // Mark upgrade success on object. + conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.UpgradeSucceededReason, msg) + if req.Object.GetTest().Enable && !cur.HasBeenTested() { + conditions.MarkFalse(req.Object, v2.TestSuccessCondition, "Pending", + "Release %s with chart %s has not been tested yet", cur.FullReleaseName(), cur.VersionedChartName()) + } + + // Record event. + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.UpgradeSucceededReason, msg) +} diff --git a/internal/reconcile/upgrade_test.go b/internal/reconcile/upgrade_test.go index a3669d05a..c4b49c3cb 100644 --- a/internal/reconcile/upgrade_test.go +++ b/internal/reconcile/upgrade_test.go @@ -22,7 +22,6 @@ import ( "testing" "time" - "github.com/fluxcd/pkg/runtime/conditions" "github.com/go-logr/logr" . "github.com/onsi/gomega" helmchart "helm.sh/helm/v3/pkg/chart" @@ -32,6 +31,10 @@ import ( helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + + "github.com/fluxcd/pkg/apis/meta" + "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" @@ -40,7 +43,7 @@ import ( "github.com/fluxcd/helm-controller/internal/testutil" ) -func Test_upgrade(t *testing.T) { +func TestUpgrade_Reconcile(t *testing.T) { var ( mockCreateErr = fmt.Errorf("storage create error") mockUpdateErr = fmt.Errorf("storage update error") @@ -101,8 +104,8 @@ func Test_upgrade(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, - "Upgrade complete"), + *conditions.TrueCondition(meta.ReadyCondition, v2.UpgradeSucceededReason, "Upgraded release"), + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgraded release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) @@ -131,6 +134,8 @@ func Test_upgrade(t *testing.T) { } }, expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.UpgradeFailedReason, + "post-upgrade hooks failed: 1 error occurred:\n\t* timed out waiting for the condition\n\n"), *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeFailedReason, "post-upgrade hooks failed: 1 error occurred:\n\t* timed out waiting for the condition\n\n"), }, @@ -169,6 +174,8 @@ func Test_upgrade(t *testing.T) { } }, expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.UpgradeFailedReason, + mockCreateErr.Error()), *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeFailedReason, mockCreateErr.Error()), }, @@ -176,7 +183,8 @@ func Test_upgrade(t *testing.T) { return release.ObservedToInfo(release.ObserveRelease(releases[0])) }, expectFailures: 1, - expectUpgradeFailures: 1, + expectUpgradeFailures: 0, + wantErr: mockCreateErr, }, { name: "upgrade failure without storage update", @@ -204,6 +212,8 @@ func Test_upgrade(t *testing.T) { } }, expectConditions: []metav1.Condition{ + *conditions.FalseCondition(meta.ReadyCondition, v2.UpgradeFailedReason, + mockUpdateErr.Error()), *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeFailedReason, mockUpdateErr.Error()), }, @@ -236,8 +246,8 @@ func Test_upgrade(t *testing.T) { } }, expectConditions: []metav1.Condition{ - *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, - "Upgrade complete"), + *conditions.TrueCondition(meta.ReadyCondition, v2.UpgradeSucceededReason, "Upgraded release"), + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgraded release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[1])) @@ -275,8 +285,10 @@ func Test_upgrade(t *testing.T) { } }, expectConditions: []metav1.Condition{ + *conditions.TrueCondition(meta.ReadyCondition, v2.UpgradeSucceededReason, + "Upgraded release"), *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, - "Upgrade complete"), + "Upgraded release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[2])) @@ -341,7 +353,8 @@ func Test_upgrade(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - got := (&Upgrade{configFactory: cfg}).Reconcile(context.TODO(), &Request{ + recorder := record.NewFakeRecorder(10) + got := NewUpgrade(cfg, recorder).Reconcile(context.TODO(), &Request{ Object: obj, Chart: tt.chart, Values: tt.values, @@ -358,15 +371,15 @@ func Test_upgrade(t *testing.T) { helmreleaseutil.SortByRevision(releases) if tt.expectCurrent != nil { - g.Expect(obj.Status.Current).To(testutil.Equal(tt.expectCurrent(releases))) + g.Expect(obj.GetCurrent()).To(testutil.Equal(tt.expectCurrent(releases))) } else { - g.Expect(obj.Status.Current).To(BeNil(), "expected current to be nil") + g.Expect(obj.GetCurrent()).To(BeNil(), "expected current to be nil") } if tt.expectPrevious != nil { - g.Expect(obj.Status.Previous).To(testutil.Equal(tt.expectPrevious(releases))) + g.Expect(obj.GetPrevious()).To(testutil.Equal(tt.expectPrevious(releases))) } else { - g.Expect(obj.Status.Previous).To(BeNil(), "expected previous to be nil") + g.Expect(obj.GetPrevious()).To(BeNil(), "expected previous to be nil") } g.Expect(obj.Status.Failures).To(Equal(tt.expectFailures)) diff --git a/internal/release/util.go b/internal/release/util.go index 23dd51455..5ef10718a 100644 --- a/internal/release/util.go +++ b/internal/release/util.go @@ -32,32 +32,6 @@ func GetTestHooks(rls *helmrelease.Release) map[string]*helmrelease.Hook { return th } -// HasBeenTested returns if any of the test hooks for the given release has -// been started. -func HasBeenTested(rls *helmrelease.Release) bool { - for _, h := range rls.Hooks { - if IsHookForEvent(h, helmrelease.HookTest) { - if !h.LastRun.StartedAt.IsZero() { - return true - } - } - } - return false -} - -// HasFailedTests returns if any of the test hooks for the given release has -// failed. -func HasFailedTests(rls *helmrelease.Release) bool { - for _, h := range rls.Hooks { - if IsHookForEvent(h, helmrelease.HookTest) { - if h.LastRun.Phase == helmrelease.HookPhaseFailed { - return true - } - } - } - return false -} - // IsHookForEvent returns if the given hook fires on the provided event. func IsHookForEvent(hook *helmrelease.Hook, event helmrelease.HookEvent) bool { if hook != nil { diff --git a/internal/release/util_test.go b/internal/release/util_test.go index 529dc14f8..c4555379d 100644 --- a/internal/release/util_test.go +++ b/internal/release/util_test.go @@ -64,26 +64,6 @@ func TestGetTestHooks(t *testing.T) { })) } -func TestHasBeenTested(t *testing.T) { - type args struct { - rls *helmrelease.Release - } - tests := []struct { - name string - args args - want bool - }{ - // TODO: Add test cases. - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if got := HasBeenTested(tt.args.rls); got != tt.want { - t.Errorf("HasBeenTested() = %v, want %v", got, tt.want) - } - }) - } -} - func TestIsHookForEvent(t *testing.T) { g := NewWithT(t) From ea81c8e099c29c2c6855967a1a41022ba8317ee8 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Wed, 5 Oct 2022 08:45:39 +0000 Subject: [PATCH 22/76] action: include TS in LogBuffer This provides more context to individual log entries (and the duration between individual log lines) while e.g. printing them in an event. Signed-off-by: Hidde Beydals --- internal/action/log.go | 65 ++++++++++++++++++++++++++++++++----- internal/action/log_test.go | 20 ++++++++++-- 2 files changed, 74 insertions(+), 11 deletions(-) diff --git a/internal/action/log.go b/internal/action/log.go index 152bba4c4..4a7fcd6eb 100644 --- a/internal/action/log.go +++ b/internal/action/log.go @@ -21,6 +21,7 @@ import ( "fmt" "strings" "sync" + "time" "github.com/go-logr/logr" helmaction "helm.sh/helm/v3/pkg/action" @@ -29,6 +30,9 @@ import ( // DefaultLogBufferSize is the default size of the LogBuffer. const DefaultLogBufferSize = 5 +// nowTS can be used to stub out time.Now() in tests. +var nowTS = time.Now + // NewDebugLog returns an action.DebugLog that logs to the given logr.Logger. func NewDebugLog(log logr.Logger) helmaction.DebugLog { return func(format string, v ...interface{}) { @@ -43,6 +47,35 @@ type LogBuffer struct { buffer *ring.Ring } +// logLine is a log message with a timestamp. +type logLine struct { + ts time.Time + lastTS time.Time + msg string + count int64 +} + +// String returns the log line as a string, in the format of: +// ': '. But only if the message is not empty. +func (l *logLine) String() string { + if l == nil || l.msg == "" { + return "" + } + + msg := fmt.Sprintf("%s %s", l.ts.Format(time.RFC3339Nano), l.msg) + if c := l.count; c > 0 { + msg += fmt.Sprintf("\n%s %s", l.lastTS.Format(time.RFC3339Nano), l.msg) + } + if c := l.count - 1; c > 0 { + var dup = "line" + if c > 1 { + dup += "s" + } + msg += fmt.Sprintf(" (%d duplicate %s omitted)", c, dup) + } + return msg +} + // NewLogBuffer creates a new LogBuffer with the given log function // and a buffer of the given size. If size <= 0, it defaults to // DefaultLogBufferSize. @@ -64,8 +97,17 @@ func (l *LogBuffer) Log(format string, v ...interface{}) { // Filter out duplicate log lines, this happens for example when // Helm is waiting on workloads to become ready. msg := fmt.Sprintf(format, v...) - if prev := l.buffer.Prev(); prev.Value != msg { - l.buffer.Value = msg + prev, ok := l.buffer.Prev().Value.(*logLine) + if ok && prev.msg == msg { + prev.count++ + prev.lastTS = nowTS().UTC() + l.buffer.Prev().Value = prev + } + if !ok || prev.msg != msg { + l.buffer.Value = &logLine{ + ts: nowTS().UTC(), + msg: msg, + } l.buffer = l.buffer.Next() } @@ -74,19 +116,20 @@ func (l *LogBuffer) Log(format string, v ...interface{}) { } // Len returns the count of non-empty values in the buffer. -func (l *LogBuffer) Len() int { - var count int +func (l *LogBuffer) Len() (count int) { l.mu.RLock() l.buffer.Do(func(s interface{}) { if s == nil { return } - if s.(string) != "" { - count++ + ll, ok := s.(*logLine) + if !ok || ll.String() == "" { + return } + count++ }) l.mu.RUnlock() - return count + return } // Reset clears the buffer. @@ -104,7 +147,13 @@ func (l *LogBuffer) String() string { if s == nil { return } - str += s.(string) + "\n" + ll, ok := s.(*logLine) + if !ok { + return + } + if msg := ll.String(); msg != "" { + str += msg + "\n" + } }) l.mu.RUnlock() return strings.TrimSpace(str) diff --git a/internal/action/log_test.go b/internal/action/log_test.go index 4d8939b82..5e01f1802 100644 --- a/internal/action/log_test.go +++ b/internal/action/log_test.go @@ -17,12 +17,16 @@ limitations under the License. package action import ( + "fmt" "testing" + "time" "github.com/go-logr/logr" ) func TestLogBuffer_Log(t *testing.T) { + nowTS = stubNowTS + tests := []struct { name string size int @@ -30,7 +34,7 @@ func TestLogBuffer_Log(t *testing.T) { wantCount int want string }{ - {name: "log", size: 2, fill: []string{"a", "b", "c"}, wantCount: 3, want: "b\nc"}, + {name: "log", size: 2, fill: []string{"a", "b", "c"}, wantCount: 3, want: fmt.Sprintf("%[1]s b\n%[1]s c", stubNowTS().Format(time.RFC3339Nano))}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -102,6 +106,8 @@ func TestLogBuffer_Reset(t *testing.T) { } func TestLogBuffer_String(t *testing.T) { + nowTS = stubNowTS + tests := []struct { name string size int @@ -109,8 +115,11 @@ func TestLogBuffer_String(t *testing.T) { want string }{ {name: "empty buffer", fill: []string{}, want: ""}, - {name: "filled buffer", size: 2, fill: []string{"a", "b", "c"}, want: "b\nc"}, - {name: "duplicate buffer items", fill: []string{"b", "b", "b"}, want: "b"}, + {name: "filled buffer", size: 2, fill: []string{"a", "b", "c"}, want: fmt.Sprintf("%[1]s b\n%[1]s c", stubNowTS().Format(time.RFC3339Nano))}, + {name: "duplicate buffer items", fill: []string{"b", "b"}, want: fmt.Sprintf("%[1]s b\n%[1]s b", stubNowTS().Format(time.RFC3339Nano))}, + {name: "duplicate buffer items", fill: []string{"b", "b", "b"}, want: fmt.Sprintf("%[1]s b\n%[1]s b (1 duplicate line omitted)", stubNowTS().Format(time.RFC3339Nano))}, + {name: "duplicate buffer items", fill: []string{"b", "b", "b", "b"}, want: fmt.Sprintf("%[1]s b\n%[1]s b (2 duplicate lines omitted)", stubNowTS().Format(time.RFC3339Nano))}, + {name: "duplicate buffer items", fill: []string{"a", "b", "b", "b", "c", "c"}, want: fmt.Sprintf("%[1]s a\n%[1]s b\n%[1]s b (1 duplicate line omitted)\n%[1]s c\n%[1]s c", stubNowTS().Format(time.RFC3339Nano))}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -124,3 +133,8 @@ func TestLogBuffer_String(t *testing.T) { }) } } + +// stubNowTS returns a fixed time for testing purposes. +func stubNowTS() time.Time { + return time.Date(2016, 2, 18, 12, 24, 5, 12345600, time.UTC) +} From 64cc09ce5ecc0ad57399480c3a1d1aad9ed0cd6d Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 27 Sep 2022 15:11:45 +0000 Subject: [PATCH 23/76] reconcile: test emitted events Signed-off-by: Hidde Beydals --- internal/reconcile/action_test.go | 2 +- internal/reconcile/atomic_release_test.go | 2 +- internal/reconcile/install.go | 16 +- internal/reconcile/install_test.go | 142 +++++++++++++- internal/reconcile/release.go | 2 +- internal/reconcile/release_test.go | 13 +- internal/reconcile/rollback_remediation.go | 14 +- .../reconcile/rollback_remediation_test.go | 117 ++++++++++- internal/reconcile/test.go | 30 +-- internal/reconcile/test_test.go | 182 +++++++++++++++++- internal/reconcile/uninstall.go | 16 +- internal/reconcile/uninstall_remediation.go | 15 +- .../reconcile/uninstall_remediation_test.go | 118 +++++++++++- internal/reconcile/uninstall_test.go | 122 +++++++++++- internal/reconcile/unlock.go | 13 +- internal/reconcile/unlock_test.go | 103 +++++++++- internal/reconcile/upgrade.go | 16 +- internal/reconcile/upgrade_test.go | 142 +++++++++++++- internal/testutil/fake_recorder.go | 116 +++++++++++ 19 files changed, 1128 insertions(+), 53 deletions(-) create mode 100644 internal/testutil/fake_recorder.go diff --git a/internal/reconcile/action_test.go b/internal/reconcile/action_test.go index 6be9fa683..91dec9008 100644 --- a/internal/reconcile/action_test.go +++ b/internal/reconcile/action_test.go @@ -704,7 +704,7 @@ func Test_NextAction(t *testing.T) { } } - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) got, err := NextAction(context.TODO(), cfg, recorder, &Request{ Object: obj, Chart: tt.chart, diff --git a/internal/reconcile/atomic_release_test.go b/internal/reconcile/atomic_release_test.go index 4951d7b88..25fe3cf86 100644 --- a/internal/reconcile/atomic_release_test.go +++ b/internal/reconcile/atomic_release_test.go @@ -151,7 +151,7 @@ func TestAtomicRelease_Reconcile(t *testing.T) { WithObjects(obj). WithStatusSubresource(&v2.HelmRelease{}). Build() - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) req := &Request{ Object: obj, diff --git a/internal/reconcile/install.go b/internal/reconcile/install.go index 41b3d41af..0da28f9c7 100644 --- a/internal/reconcile/install.go +++ b/internal/reconcile/install.go @@ -103,6 +103,13 @@ func (r *Install) Type() ReconcilerType { return ReconcilerTypeRelease } +const ( + // fmtInstallFailure is the message format for an installation failure. + fmtInstallFailure = "Install of release %s/%s with chart %s@%s failed: %s" + // fmtInstallSuccess is the message format for a successful installation. + fmtInstallSuccess = "Installed release %s with chart %s" +) + // failure records the failure of a Helm installation action in the status of // the given Request.Object by marking ReleasedCondition=False and increasing // the failure counter. In addition, it emits a warning event for the @@ -114,8 +121,8 @@ func (r *Install) Type() ReconcilerType { // result in Helm storage drift. func (r *Install) failure(req *Request, buffer *action.LogBuffer, err error) { // Compose failure message. - msg := fmt.Sprintf("Install of release %s/%s with chart %s@%s failed: %s", req.Object.GetReleaseNamespace(), - req.Object.GetReleaseName(), req.Chart.Name(), req.Chart.Metadata.Version, err.Error()) + msg := fmt.Sprintf(fmtInstallFailure, req.Object.GetReleaseNamespace(), req.Object.GetReleaseName(), req.Chart.Name(), + req.Chart.Metadata.Version, err.Error()) // Mark install failure on object. req.Object.Status.Failures++ @@ -134,13 +141,12 @@ func (r *Install) failure(req *Request, buffer *action.LogBuffer, err error) { func (r *Install) success(req *Request) { // Compose success message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Installed release %s with chart %s", cur.FullReleaseName(), cur.VersionedChartName()) + msg := fmt.Sprintf(fmtInstallSuccess, cur.FullReleaseName(), cur.VersionedChartName()) // Mark install success on object. conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.InstallSucceededReason, msg) if req.Object.GetTest().Enable && !cur.HasBeenTested() { - conditions.MarkFalse(req.Object, v2.TestSuccessCondition, "Pending", - "Release %s with chart %s has not been tested yet", cur.FullReleaseName(), cur.VersionedChartName()) + conditions.MarkFalse(req.Object, v2.TestSuccessCondition, "Pending", fmtTestPending, cur.FullReleaseName(), cur.VersionedChartName()) } // Record event. diff --git a/internal/reconcile/install_test.go b/internal/reconcile/install_test.go index c4723d765..13b717099 100644 --- a/internal/reconcile/install_test.go +++ b/internal/reconcile/install_test.go @@ -18,6 +18,7 @@ package reconcile import ( "context" + "errors" "fmt" "testing" "time" @@ -30,6 +31,7 @@ import ( "helm.sh/helm/v3/pkg/releaseutil" helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" @@ -238,7 +240,7 @@ func TestInstall_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) got := (NewInstall(cfg, recorder)).Reconcile(context.TODO(), &Request{ Object: obj, Chart: tt.chart, @@ -273,3 +275,141 @@ func TestInstall_Reconcile(t *testing.T) { }) } } + +func TestInstall_failure(t *testing.T) { + var ( + obj = &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: mockReleaseNamespace, + }, + } + chrt = testutil.BuildChart() + err = errors.New("installation error") + ) + + t.Run("records failure", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Install{ + eventRecorder: recorder, + } + + req := &Request{Object: obj.DeepCopy(), Chart: chrt} + r.failure(req, nil, err) + + expectMsg := fmt.Sprintf(fmtInstallFailure, mockReleaseNamespace, mockReleaseName, chrt.Name(), + chrt.Metadata.Version, err.Error()) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.ReleasedCondition, v2.InstallFailedReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(1))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeWarning, + Reason: v2.InstallFailedReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": chrt.Metadata.Version, + }, + }, + }, + })) + }) + + t.Run("records failure with logs", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Install{ + eventRecorder: recorder, + } + req := &Request{Object: obj.DeepCopy(), Chart: chrt} + r.failure(req, mockLogBuffer(5, 10), err) + + expectSubStr := "Last Helm logs" + g.Expect(conditions.IsFalse(req.Object, v2.ReleasedCondition)).To(BeTrue()) + g.Expect(conditions.GetMessage(req.Object, v2.ReleasedCondition)).ToNot(ContainSubstring(expectSubStr)) + + events := recorder.GetEvents() + g.Expect(events).To(HaveLen(1)) + g.Expect(events[0].Message).To(ContainSubstring(expectSubStr)) + }) +} + +func TestInstall_success(t *testing.T) { + var ( + cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Chart: testutil.BuildChart(), + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + ) + + t.Run("records success", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Install{ + eventRecorder: recorder, + } + + req := &Request{ + Object: obj.DeepCopy(), + } + r.success(req) + + expectMsg := fmt.Sprintf(fmtInstallSuccess, + fmt.Sprintf("%s/%s.%d", mockReleaseNamespace, mockReleaseName, obj.Status.Current.Version), + fmt.Sprintf("%s@%s", obj.Status.Current.ChartName, obj.Status.Current.ChartVersion)) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.TrueCondition(v2.ReleasedCondition, v2.InstallSucceededReason, expectMsg), + })) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeNormal, + Reason: v2.InstallSucceededReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": obj.Status.Current.ChartVersion, + }, + }, + }, + })) + }) + + t.Run("records success with TestSuccess=False", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Install{ + eventRecorder: recorder, + } + + obj := obj.DeepCopy() + obj.Spec.Test = &v2.Test{Enable: true} + + req := &Request{Object: obj} + r.success(req) + + g.Expect(conditions.IsTrue(req.Object, v2.ReleasedCondition)).To(BeTrue()) + + cond := conditions.Get(req.Object, v2.TestSuccessCondition) + g.Expect(cond).ToNot(BeNil()) + + expectMsg := fmt.Sprintf(fmtTestPending, + fmt.Sprintf("%s/%s.%d", mockReleaseNamespace, mockReleaseName, obj.Status.Current.Version), + fmt.Sprintf("%s@%s", obj.Status.Current.ChartName, obj.Status.Current.ChartVersion)) + g.Expect(cond.Message).To(Equal(expectMsg)) + }) +} diff --git a/internal/reconcile/release.go b/internal/reconcile/release.go index 9be4bf8c5..4fc2978e5 100644 --- a/internal/reconcile/release.go +++ b/internal/reconcile/release.go @@ -188,7 +188,7 @@ func conditionallyDeleteRemediated(req *Request) { // eventMessageWithLog returns an event message composed out of the given // message and any log messages by appending them to the message. func eventMessageWithLog(msg string, log *action.LogBuffer) string { - if log == nil && log.Len() > 0 { + if log != nil && log.Len() > 0 { msg = msg + "\n\nLast Helm logs:\n\n" + log.String() } return msg diff --git a/internal/reconcile/release_test.go b/internal/reconcile/release_test.go index 611bf49a1..31abc67fb 100644 --- a/internal/reconcile/release_test.go +++ b/internal/reconcile/release_test.go @@ -17,15 +17,18 @@ limitations under the License. package reconcile import ( + "testing" + + "github.com/go-logr/logr" . "github.com/onsi/gomega" helmrelease "helm.sh/helm/v3/pkg/release" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "testing" "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" + "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" ) @@ -707,3 +710,11 @@ func Test_conditionallyDeleteRemediated(t *testing.T) { }) } } + +func mockLogBuffer(size int, lines int) *action.LogBuffer { + log := action.NewLogBuffer(action.NewDebugLog(logr.Discard()), size) + for i := 0; i < lines; i++ { + log.Log("line %d", i+1) + } + return log +} diff --git a/internal/reconcile/rollback_remediation.go b/internal/reconcile/rollback_remediation.go index b826046af..815bf7b05 100644 --- a/internal/reconcile/rollback_remediation.go +++ b/internal/reconcile/rollback_remediation.go @@ -119,14 +119,22 @@ func (r *RollbackRemediation) Type() ReconcilerType { return ReconcilerTypeRemediate } +const ( + // fmtRollbackRemediationFailure is the message format for a rollback + // remediation failure. + fmtRollbackRemediationFailure = "Rollback to previous release %s with chart %s failed: %s" + // fmtRollbackRemediationSuccess is the message format for a successful + // rollback remediation. + fmtRollbackRemediationSuccess = "Rolled back to previous release %s with chart %s" +) + // failure records the failure of a Helm rollback action in the status of the // given Request.Object by marking Remediated=False and emitting a warning // event. func (r *RollbackRemediation) failure(req *Request, buffer *action.LogBuffer, err error) { // Compose failure message. prev := req.Object.GetPrevious() - msg := fmt.Sprintf("Rollback to %s with chart %s failed: %s", - prev.FullReleaseName(), prev.VersionedChartName(), err.Error()) + msg := fmt.Sprintf(fmtRollbackRemediationFailure, prev.FullReleaseName(), prev.VersionedChartName(), err.Error()) // Mark remediation failure on object. req.Object.Status.Failures++ @@ -142,7 +150,7 @@ func (r *RollbackRemediation) failure(req *Request, buffer *action.LogBuffer, er func (r *RollbackRemediation) success(req *Request) { // Compose success message. prev := req.Object.GetPrevious() - msg := fmt.Sprintf("Rolled back to %s with chart %s", prev.FullReleaseName(), prev.VersionedChartName()) + msg := fmt.Sprintf(fmtRollbackRemediationSuccess, prev.FullReleaseName(), prev.VersionedChartName()) // Mark remediation success on object. conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.RollbackSucceededReason, msg) diff --git a/internal/reconcile/rollback_remediation_test.go b/internal/reconcile/rollback_remediation_test.go index c9d8dcb22..2e0a87f64 100644 --- a/internal/reconcile/rollback_remediation_test.go +++ b/internal/reconcile/rollback_remediation_test.go @@ -29,6 +29,7 @@ import ( helmreleaseutil "helm.sh/helm/v3/pkg/releaseutil" helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" @@ -327,7 +328,7 @@ func TestRollbackRemediation_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) got := (NewRollbackRemediation(cfg, recorder)).Reconcile(context.TODO(), &Request{ Object: obj, }) @@ -361,6 +362,120 @@ func TestRollbackRemediation_Reconcile(t *testing.T) { } } +func TestRollbackRemediation_failure(t *testing.T) { + var ( + prev = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Chart: testutil.BuildChart(), + Version: 4, + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Previous: release.ObservedToInfo(release.ObserveRelease(prev)), + }, + } + err = errors.New("rollback error") + ) + + t.Run("records failure", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &RollbackRemediation{ + eventRecorder: recorder, + } + + req := &Request{Object: obj.DeepCopy()} + r.failure(req, nil, err) + + expectMsg := fmt.Sprintf(fmtRollbackRemediationFailure, + fmt.Sprintf("%s/%s.%d", prev.Namespace, prev.Name, prev.Version), + fmt.Sprintf("%s@%s", prev.Chart.Name(), prev.Chart.Metadata.Version), + err.Error()) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.RemediatedCondition, v2.RollbackFailedReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(1))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeWarning, + Reason: v2.RollbackFailedReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": prev.Chart.Metadata.Version, + }, + }, + }, + })) + }) + + t.Run("records failure with logs", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &RollbackRemediation{ + eventRecorder: recorder, + } + req := &Request{Object: obj.DeepCopy()} + r.failure(req, mockLogBuffer(5, 10), err) + + expectSubStr := "Last Helm logs" + g.Expect(conditions.IsFalse(req.Object, v2.RemediatedCondition)).To(BeTrue()) + g.Expect(conditions.GetMessage(req.Object, v2.RemediatedCondition)).ToNot(ContainSubstring(expectSubStr)) + + events := recorder.GetEvents() + g.Expect(events).To(HaveLen(1)) + g.Expect(events[0].Message).To(ContainSubstring(expectSubStr)) + }) +} + +func TestRollbackRemediation_success(t *testing.T) { + g := NewWithT(t) + + var prev = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Chart: testutil.BuildChart(), + Version: 4, + }) + + recorder := testutil.NewFakeRecorder(10, false) + r := &RollbackRemediation{ + eventRecorder: recorder, + } + + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Previous: release.ObservedToInfo(release.ObserveRelease(prev)), + }, + } + + req := &Request{Object: obj} + r.success(req) + + expectMsg := fmt.Sprintf(fmtRollbackRemediationSuccess, + fmt.Sprintf("%s/%s.%d", prev.Namespace, prev.Name, prev.Version), + fmt.Sprintf("%s@%s", prev.Chart.Name(), prev.Chart.Metadata.Version)) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(0))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeNormal, + Reason: v2.RollbackSucceededReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": prev.Chart.Metadata.Version, + }, + }, + }, + })) +} + func Test_observeRollback(t *testing.T) { t.Run("rollback", func(t *testing.T) { g := NewWithT(t) diff --git a/internal/reconcile/test.go b/internal/reconcile/test.go index 6a0cbcd7b..d8c5063cc 100644 --- a/internal/reconcile/test.go +++ b/internal/reconcile/test.go @@ -19,7 +19,6 @@ package reconcile import ( "context" "fmt" - "strings" "github.com/fluxcd/pkg/runtime/logger" helmrelease "helm.sh/helm/v3/pkg/release" @@ -119,6 +118,15 @@ func (r *Test) Type() ReconcilerType { return ReconcilerTypeTest } +const ( + // fmtTestPending is the message format used when awaiting tests to be run. + fmtTestPending = "Release %s with chart %s is awaiting tests" + // fmtTestFailure is the message format for a test failure. + fmtTestFailure = "Test for release %s with chart %s failed: %s" + // fmtTestSuccess is the message format for a successful test. + fmtTestSuccess = "Tests for release %s with chart %s succeeded: %s" +) + // failure records the failure of a Helm test action in the status of the given // Request.Object by marking TestSuccess=False and increasing the failure // counter. In addition, it emits a warning event for the Request.Object. @@ -127,8 +135,7 @@ func (r *Test) Type() ReconcilerType { func (r *Test) failure(req *Request, buffer *action.LogBuffer, err error) { // Compose failure message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Test for release %s with chart %s failed: %s", - cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) + msg := fmt.Sprintf(fmtTestFailure, cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) // Mark test failure on object. req.Object.Status.Failures++ @@ -138,8 +145,6 @@ func (r *Test) failure(req *Request, buffer *action.LogBuffer, err error) { // Condition summary. r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, v2.TestFailedReason, eventMessageWithLog(msg, buffer)) - // If we failed to observe anything happened at all, we want to retry - // and return the error to indicate this. if req.Object.GetCurrent().HasBeenTested() { // Count the failure of the test for the active remediation strategy if enabled. remediation := req.Object.GetActiveRemediation() @@ -154,24 +159,21 @@ func (r *Test) failure(req *Request, buffer *action.LogBuffer, err error) { func (r *Test) success(req *Request) { // Compose success message. cur := req.Object.GetCurrent() - msg := strings.Builder{} - msg.WriteString(fmt.Sprintf("Tests for release %s with chart %s succeeded", cur.FullReleaseName(), cur.VersionedChartName())) - + var hookMsg = "no test hooks" if l := len(cur.GetTestHooks()); l > 0 { h := "hook" if l > 1 { - h = h + "s" + h += "s" } - msg.WriteString(fmt.Sprintf(": %d test %s completed successfully", l, h)) - } else { - msg.WriteString(fmt.Sprintf(": no test hooks")) + hookMsg = fmt.Sprintf("%d test %s completed successfully", l, h) } + msg := fmt.Sprintf(fmtTestSuccess, cur.FullReleaseName(), cur.VersionedChartName(), hookMsg) // Mark test success on object. - conditions.MarkTrue(req.Object, v2.TestSuccessCondition, v2.TestSucceededReason, msg.String()) + conditions.MarkTrue(req.Object, v2.TestSuccessCondition, v2.TestSucceededReason, msg) // Record event. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.TestSucceededReason, msg.String()) + r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.TestSucceededReason, msg) } // observeTest returns a storage.ObserveFunc that can be used to observe diff --git a/internal/reconcile/test_test.go b/internal/reconcile/test_test.go index f13a90db9..d4da41eb5 100644 --- a/internal/reconcile/test_test.go +++ b/internal/reconcile/test_test.go @@ -19,6 +19,7 @@ package reconcile import ( "context" "errors" + "fmt" "testing" "time" @@ -28,6 +29,7 @@ import ( helmreleaseutil "helm.sh/helm/v3/pkg/releaseutil" helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" @@ -307,7 +309,7 @@ func TestTest_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) got := (NewTest(cfg, recorder)).Reconcile(context.TODO(), &Request{ Object: obj, }) @@ -408,3 +410,181 @@ func Test_observeTest(t *testing.T) { g.Expect(obj.GetPrevious()).To(BeNil()) }) } + +func TestTest_failure(t *testing.T) { + var ( + cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Chart: testutil.BuildChart(), + Version: 4, + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + err = errors.New("test error") + ) + + t.Run("records failure", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Test{ + eventRecorder: recorder, + } + + req := &Request{Object: obj.DeepCopy()} + r.failure(req, nil, err) + + expectMsg := fmt.Sprintf(fmtTestFailure, + fmt.Sprintf("%s/%s.%d", cur.Namespace, cur.Name, cur.Version), + fmt.Sprintf("%s@%s", cur.Chart.Name(), cur.Chart.Metadata.Version), + err.Error()) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestFailedReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(1))) + g.Expect(req.Object.Status.InstallFailures).To(BeZero()) + g.Expect(req.Object.Status.UpgradeFailures).To(BeZero()) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeWarning, + Reason: v2.TestFailedReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": cur.Chart.Metadata.Version, + }, + }, + }, + })) + }) + + t.Run("records failure with logs", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Test{ + eventRecorder: recorder, + } + req := &Request{Object: obj.DeepCopy()} + r.failure(req, mockLogBuffer(5, 10), err) + + expectSubStr := "Last Helm logs" + g.Expect(conditions.IsFalse(req.Object, v2.TestSuccessCondition)).To(BeTrue()) + g.Expect(conditions.GetMessage(req.Object, v2.TestSuccessCondition)).ToNot(ContainSubstring(expectSubStr)) + + events := recorder.GetEvents() + g.Expect(events).To(HaveLen(1)) + g.Expect(events[0].Message).To(ContainSubstring(expectSubStr)) + }) + + t.Run("increases remediation failure count", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Test{ + eventRecorder: recorder, + } + + obj := obj.DeepCopy() + obj.Status.Current.SetTestHooks(map[string]*v2.HelmReleaseTestHook{}) + req := &Request{Object: obj} + r.failure(req, nil, err) + + g.Expect(req.Object.Status.InstallFailures).To(Equal(int64(1))) + }) + + t.Run("follows ignore failure instructions", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Test{ + eventRecorder: recorder, + } + + obj := obj.DeepCopy() + obj.Spec.Test = &v2.Test{IgnoreFailures: true} + obj.Status.Current.SetTestHooks(map[string]*v2.HelmReleaseTestHook{}) + req := &Request{Object: obj} + r.failure(req, nil, err) + + g.Expect(req.Object.Status.InstallFailures).To(BeZero()) + }) +} + +func TestTest_success(t *testing.T) { + g := NewWithT(t) + + var ( + cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Chart: testutil.BuildChart(), + Version: 4, + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + ) + + t.Run("records success", func(t *testing.T) { + recorder := testutil.NewFakeRecorder(10, false) + r := &Test{ + eventRecorder: recorder, + } + + obj := obj.DeepCopy() + obj.Status.Current.SetTestHooks(map[string]*v2.HelmReleaseTestHook{ + "test": { + Phase: helmrelease.HookPhaseSucceeded.String(), + }, + "test-2": { + Phase: helmrelease.HookPhaseSucceeded.String(), + }, + }) + req := &Request{Object: obj} + r.success(req) + + expectMsg := fmt.Sprintf(fmtTestSuccess, + fmt.Sprintf("%s/%s.%d", cur.Namespace, cur.Name, cur.Version), + fmt.Sprintf("%s@%s", cur.Chart.Name(), cur.Chart.Metadata.Version), + "2 test hooks completed successfully") + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.TrueCondition(v2.TestSuccessCondition, v2.TestSucceededReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(0))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeNormal, + Reason: v2.TestSucceededReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": cur.Chart.Metadata.Version, + }, + }, + }, + })) + }) + + t.Run("records success without hooks", func(t *testing.T) { + r := &Test{ + eventRecorder: new(testutil.FakeRecorder), + } + + obj := obj.DeepCopy() + obj.Status.Current.SetTestHooks(map[string]*v2.HelmReleaseTestHook{}) + req := &Request{Object: obj} + r.success(req) + + g.Expect(conditions.IsTrue(req.Object, v2.TestSuccessCondition)).To(BeTrue()) + g.Expect(req.Object.Status.Conditions[0].Message).To(ContainSubstring("no test hooks")) + }) +} diff --git a/internal/reconcile/uninstall.go b/internal/reconcile/uninstall.go index da3c01450..b735491a6 100644 --- a/internal/reconcile/uninstall.go +++ b/internal/reconcile/uninstall.go @@ -113,7 +113,7 @@ func (r *Uninstall) Reconcile(ctx context.Context, req *Request) error { // Handle any error. if err != nil { - r.failed(req, logBuf, err) + r.failure(req, logBuf, err) if req.Object.GetCurrent().Digest == cur.Digest { return err } @@ -133,14 +133,20 @@ func (r *Uninstall) Type() ReconcilerType { return ReconcilerTypeRelease } +const ( + // fmtUninstallFailed is the message format for an uninstall failure. + fmtUninstallFailure = "Uninstall of release %s with chart %s failed: %s" + // fmtUninstallSuccess is the message format for a successful uninstall. + fmtUninstallSuccess = "Uninstalled release %s with chart %s" +) + // failure records the failure of a Helm uninstall action in the status of the // given Request.Object by marking Released=False and emitting a warning // event. -func (r *Uninstall) failed(req *Request, buffer *action.LogBuffer, err error) { +func (r *Uninstall) failure(req *Request, buffer *action.LogBuffer, err error) { // Compose success message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Uninstall of release %s with chart %s failed: %s", - cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) + msg := fmt.Sprintf(fmtUninstallFailure, cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) // Mark remediation failure on object. req.Object.Status.Failures++ @@ -157,7 +163,7 @@ func (r *Uninstall) failed(req *Request, buffer *action.LogBuffer, err error) { func (r *Uninstall) success(req *Request) { // Compose success message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Uninstall of release %s with chart %s succeeded", cur.FullReleaseName(), cur.VersionedChartName()) + msg := fmt.Sprintf(fmtUninstallSuccess, cur.FullReleaseName(), cur.VersionedChartName()) // Mark remediation success on object. conditions.MarkFalse(req.Object, v2.ReleasedCondition, v2.UninstallSucceededReason, msg) diff --git a/internal/reconcile/uninstall_remediation.go b/internal/reconcile/uninstall_remediation.go index 9c1d5e901..77311a429 100644 --- a/internal/reconcile/uninstall_remediation.go +++ b/internal/reconcile/uninstall_remediation.go @@ -128,14 +128,22 @@ func (r *UninstallRemediation) Type() ReconcilerType { return ReconcilerTypeRemediate } +const ( + // fmtUninstallRemediationFailure is the message format for an uninstall + // remediation failure. + fmtUninstallRemediationFailure = "Uninstall remediation for release %s with chart %s failed: %s" + // fmtUninstallRemediationSuccess is the message format for a successful + // uninstall remediation. + fmtUninstallRemediationSuccess = "Uninstall remediation for release %s with chart %s succeeded" +) + // success records the success of a Helm uninstall remediation action in the // status of the given Request.Object by marking Remediated=False and emitting // a warning event. func (r *UninstallRemediation) failure(req *Request, buffer *action.LogBuffer, err error) { // Compose success message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Uninstall remediation for release %s with chart %s failed: %s", - cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) + msg := fmt.Sprintf(fmtUninstallRemediationFailure, cur.FullReleaseName(), cur.VersionedChartName(), err.Error()) // Mark uninstall failure on object. req.Object.Status.Failures++ @@ -152,8 +160,7 @@ func (r *UninstallRemediation) failure(req *Request, buffer *action.LogBuffer, e func (r *UninstallRemediation) success(req *Request) { // Compose success message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Uninstall remediation for release %s with chart %s succeeded", - cur.FullReleaseName(), cur.VersionedChartName()) + msg := fmt.Sprintf(fmtUninstallRemediationSuccess, cur.FullReleaseName(), cur.VersionedChartName()) // Mark remediation success on object. conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.UninstallSucceededReason, msg) diff --git a/internal/reconcile/uninstall_remediation_test.go b/internal/reconcile/uninstall_remediation_test.go index cbbaf5902..ef2f1f8af 100644 --- a/internal/reconcile/uninstall_remediation_test.go +++ b/internal/reconcile/uninstall_remediation_test.go @@ -29,6 +29,7 @@ import ( "helm.sh/helm/v3/pkg/releaseutil" helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" @@ -329,7 +330,7 @@ func TestUninstallRemediation_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) got := NewUninstallRemediation(cfg, recorder).Reconcile(context.TODO(), &Request{ Object: obj, }) @@ -362,3 +363,118 @@ func TestUninstallRemediation_Reconcile(t *testing.T) { }) } } + +func TestUninstallRemediation_failure(t *testing.T) { + var ( + cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Chart: testutil.BuildChart(), + Version: 4, + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + err = errors.New("uninstall error") + ) + + t.Run("records failure", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &UninstallRemediation{ + eventRecorder: recorder, + } + + req := &Request{Object: obj.DeepCopy()} + r.failure(req, nil, err) + + expectMsg := fmt.Sprintf(fmtUninstallRemediationFailure, + fmt.Sprintf("%s/%s.%d", cur.Namespace, cur.Name, cur.Version), + fmt.Sprintf("%s@%s", cur.Chart.Name(), cur.Chart.Metadata.Version), + err.Error()) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.RemediatedCondition, v2.UninstallFailedReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(1))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeWarning, + Reason: v2.UninstallFailedReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": cur.Chart.Metadata.Version, + }, + }, + }, + })) + }) + + t.Run("records failure with logs", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &UninstallRemediation{ + eventRecorder: recorder, + } + req := &Request{Object: obj.DeepCopy()} + r.failure(req, mockLogBuffer(5, 10), err) + + expectSubStr := "Last Helm logs" + g.Expect(conditions.IsFalse(req.Object, v2.RemediatedCondition)).To(BeTrue()) + g.Expect(conditions.GetMessage(req.Object, v2.RemediatedCondition)).ToNot(ContainSubstring(expectSubStr)) + + events := recorder.GetEvents() + g.Expect(events).To(HaveLen(1)) + g.Expect(events[0].Message).To(ContainSubstring(expectSubStr)) + }) +} + +func TestUninstallRemediation_success(t *testing.T) { + g := NewWithT(t) + + var cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Chart: testutil.BuildChart(), + Version: 4, + }) + + recorder := testutil.NewFakeRecorder(10, false) + r := &UninstallRemediation{ + eventRecorder: recorder, + } + + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + + req := &Request{Object: obj} + r.success(req) + + expectMsg := fmt.Sprintf(fmtUninstallRemediationSuccess, + fmt.Sprintf("%s/%s.%d", cur.Namespace, cur.Name, cur.Version), + fmt.Sprintf("%s@%s", cur.Chart.Name(), cur.Chart.Metadata.Version)) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.TrueCondition(v2.RemediatedCondition, v2.UninstallSucceededReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(0))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeNormal, + Reason: v2.UninstallSucceededReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": cur.Chart.Metadata.Version, + }, + }, + }, + })) +} diff --git a/internal/reconcile/uninstall_test.go b/internal/reconcile/uninstall_test.go index fd240c9a9..920eebbd6 100644 --- a/internal/reconcile/uninstall_test.go +++ b/internal/reconcile/uninstall_test.go @@ -29,6 +29,7 @@ import ( "helm.sh/helm/v3/pkg/releaseutil" helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" @@ -101,9 +102,9 @@ func TestUninstall_Reconcile(t *testing.T) { }, expectConditions: []metav1.Condition{ *conditions.FalseCondition(meta.ReadyCondition, v2.UninstallSucceededReason, - "Uninstall of release"), + "Uninstalled release"), *conditions.FalseCondition(v2.ReleasedCondition, v2.UninstallSucceededReason, - "Uninstall of release"), + "Uninstalled release"), }, expectCurrent: func(releases []*helmrelease.Release) *v2.HelmReleaseInfo { return release.ObservedToInfo(release.ObserveRelease(releases[0])) @@ -338,7 +339,7 @@ func TestUninstall_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) got := NewUninstall(cfg, recorder).Reconcile(context.TODO(), &Request{ Object: obj, }) @@ -372,6 +373,121 @@ func TestUninstall_Reconcile(t *testing.T) { } } +func TestUninstall_failure(t *testing.T) { + var ( + cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Chart: testutil.BuildChart(), + Version: 4, + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + err = errors.New("uninstall error") + ) + + t.Run("records failure", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Uninstall{ + eventRecorder: recorder, + } + + req := &Request{Object: obj.DeepCopy()} + r.failure(req, nil, err) + + expectMsg := fmt.Sprintf(fmtUninstallFailure, + fmt.Sprintf("%s/%s.%d", cur.Namespace, cur.Name, cur.Version), + fmt.Sprintf("%s@%s", cur.Chart.Name(), cur.Chart.Metadata.Version), + err.Error()) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.ReleasedCondition, v2.UninstallFailedReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(1))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeWarning, + Reason: v2.UninstallFailedReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": cur.Chart.Metadata.Version, + }, + }, + }, + })) + }) + + t.Run("records failure with logs", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Uninstall{ + eventRecorder: recorder, + } + req := &Request{Object: obj.DeepCopy()} + r.failure(req, mockLogBuffer(5, 10), err) + + expectSubStr := "Last Helm logs" + g.Expect(conditions.IsFalse(req.Object, v2.ReleasedCondition)).To(BeTrue()) + g.Expect(conditions.GetMessage(req.Object, v2.ReleasedCondition)).ToNot(ContainSubstring(expectSubStr)) + + events := recorder.GetEvents() + g.Expect(events).To(HaveLen(1)) + g.Expect(events[0].Message).To(ContainSubstring(expectSubStr)) + }) +} + +func TestUninstall_success(t *testing.T) { + g := NewWithT(t) + + var cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Chart: testutil.BuildChart(), + Version: 4, + }) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Uninstall{ + eventRecorder: recorder, + } + + obj := &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + + req := &Request{Object: obj} + r.success(req) + + expectMsg := fmt.Sprintf(fmtUninstallSuccess, + fmt.Sprintf("%s/%s.%d", cur.Namespace, cur.Name, cur.Version), + fmt.Sprintf("%s@%s", cur.Chart.Name(), cur.Chart.Metadata.Version)) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.ReleasedCondition, v2.UninstallSucceededReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(0))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeNormal, + Reason: v2.UninstallSucceededReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": cur.Chart.Metadata.Version, + }, + }, + }, + })) +} + func Test_observeUninstall(t *testing.T) { t.Run("uninstall of current", func(t *testing.T) { g := NewWithT(t) diff --git a/internal/reconcile/unlock.go b/internal/reconcile/unlock.go index f084bdcbb..c3c5395f5 100644 --- a/internal/reconcile/unlock.go +++ b/internal/reconcile/unlock.go @@ -111,14 +111,20 @@ func (r *Unlock) Type() ReconcilerType { return ReconcilerTypeUnlock } +const ( + // fmtUnlockFailure is the message format for an unlock failure. + fmtUnlockFailure = "Unlock of release %s with chart %s in %s state failed: %s" + // fmtUnlockSuccess is the message format for a successful unlock. + fmtUnlockSuccess = "Unlocked release %s with chart %s in %s state" +) + // failure records the failure of an unlock action in the status of the given // Request.Object by marking ReleasedCondition=False and increasing the failure // counter. In addition, it emits a warning event for the Request.Object. func (r *Unlock) failure(req *Request, status helmrelease.Status, err error) { // Compose failure message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Unlock of release %s with chart %s in %s state failed: %s", - cur.FullReleaseName(), cur.VersionedChartName(), status.String(), err.Error()) + msg := fmt.Sprintf(fmtUnlockFailure, cur.FullReleaseName(), cur.VersionedChartName(), status.String(), err.Error()) // Mark unlock failure on object. req.Object.Status.Failures++ @@ -133,8 +139,7 @@ func (r *Unlock) failure(req *Request, status helmrelease.Status, err error) { func (r *Unlock) success(req *Request, status helmrelease.Status) { // Compose success message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Unlocked release %s with chart %s from %s state", - cur.FullReleaseName(), cur.VersionedChartName(), status.String()) + msg := fmt.Sprintf(fmtUnlockSuccess, cur.FullReleaseName(), cur.VersionedChartName(), status.String()) // Mark unlock success on object. conditions.MarkFalse(req.Object, v2.ReleasedCondition, "PendingRelease", msg) diff --git a/internal/reconcile/unlock_test.go b/internal/reconcile/unlock_test.go index 24fe0d47b..aede948ab 100644 --- a/internal/reconcile/unlock_test.go +++ b/internal/reconcile/unlock_test.go @@ -19,6 +19,7 @@ package reconcile import ( "context" "errors" + "fmt" "testing" "time" @@ -28,6 +29,7 @@ import ( helmreleaseutil "helm.sh/helm/v3/pkg/releaseutil" helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" @@ -320,7 +322,7 @@ func TestUnlock_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) got := NewUnlock(cfg, recorder).Reconcile(context.TODO(), &Request{ Object: obj, }) @@ -354,6 +356,105 @@ func TestUnlock_Reconcile(t *testing.T) { } } +func TestUnlock_failure(t *testing.T) { + g := NewWithT(t) + + var ( + cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Chart: testutil.BuildChart(), + Version: 4, + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + status = helmrelease.StatusPendingInstall + err = fmt.Errorf("unlock error") + ) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Unlock{ + eventRecorder: recorder, + } + + req := &Request{Object: obj} + r.failure(req, status, err) + + expectMsg := fmt.Sprintf(fmtUnlockFailure, + fmt.Sprintf("%s/%s.%d", cur.Namespace, cur.Name, cur.Version), + fmt.Sprintf("%s@%s", cur.Chart.Name(), cur.Chart.Metadata.Version), + status, err.Error()) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.ReleasedCondition, "PendingRelease", expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(1))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeWarning, + Reason: "PendingRelease", + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": cur.Chart.Metadata.Version, + }, + }, + }, + })) +} + +func TestUnlock_success(t *testing.T) { + g := NewWithT(t) + + var ( + cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Chart: testutil.BuildChart(), + Version: 4, + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + status = helmrelease.StatusPendingInstall + ) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Unlock{ + eventRecorder: recorder, + } + + req := &Request{Object: obj} + r.success(req, status) + + expectMsg := fmt.Sprintf(fmtUnlockSuccess, + fmt.Sprintf("%s/%s.%d", cur.Namespace, cur.Name, cur.Version), + fmt.Sprintf("%s@%s", cur.Chart.Name(), cur.Chart.Metadata.Version), + status) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.ReleasedCondition, "PendingRelease", expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(0))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeNormal, + Reason: "PendingRelease", + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": cur.Chart.Metadata.Version, + }, + }, + }, + })) +} + func Test_observeUnlock(t *testing.T) { t.Run("unlock", func(t *testing.T) { g := NewWithT(t) diff --git a/internal/reconcile/upgrade.go b/internal/reconcile/upgrade.go index fa6157aba..f0d596c71 100644 --- a/internal/reconcile/upgrade.go +++ b/internal/reconcile/upgrade.go @@ -103,6 +103,13 @@ func (r *Upgrade) Type() ReconcilerType { return ReconcilerTypeRelease } +const ( + // fmtUpgradeFailure is the message format for an upgrade failure. + fmtUpgradeFailure = "Upgrade of release %s/%s with chart %s@%s failed: %s" + // fmtUpgradeSuccess is the message format for a successful upgrade. + fmtUpgradeSuccess = "Upgraded release %s with chart %s" +) + // failure records the failure of a Helm upgrade action in the status of the // given Request.Object by marking ReleasedCondition=False and increasing the // failure counter. In addition, it emits a warning event for the @@ -114,8 +121,7 @@ func (r *Upgrade) Type() ReconcilerType { // result in Helm storage drift. func (r *Upgrade) failure(req *Request, buffer *action.LogBuffer, err error) { // Compose failure message. - msg := fmt.Sprintf("Upgrade of release %s/%s with chart %s@%s failed: %s", req.Object.GetReleaseNamespace(), - req.Object.GetReleaseName(), req.Chart.Name(), req.Chart.Metadata.Version, err.Error()) + msg := fmt.Sprintf(fmtUpgradeFailure, req.Object.GetReleaseNamespace(), req.Object.GetReleaseName(), req.Chart.Name(), req.Chart.Metadata.Version, err.Error()) // Mark upgrade failure on object. req.Object.Status.Failures++ @@ -134,13 +140,13 @@ func (r *Upgrade) failure(req *Request, buffer *action.LogBuffer, err error) { func (r *Upgrade) success(req *Request) { // Compose success message. cur := req.Object.GetCurrent() - msg := fmt.Sprintf("Upgraded release %s with chart %s", cur.FullReleaseName(), cur.VersionedChartName()) + msg := fmt.Sprintf(fmtUpgradeSuccess, cur.FullReleaseName(), cur.VersionedChartName()) // Mark upgrade success on object. conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.UpgradeSucceededReason, msg) if req.Object.GetTest().Enable && !cur.HasBeenTested() { - conditions.MarkFalse(req.Object, v2.TestSuccessCondition, "Pending", - "Release %s with chart %s has not been tested yet", cur.FullReleaseName(), cur.VersionedChartName()) + conditions.MarkFalse(req.Object, v2.TestSuccessCondition, "Pending", fmtTestPending, + cur.FullReleaseName(), cur.VersionedChartName()) } // Record event. diff --git a/internal/reconcile/upgrade_test.go b/internal/reconcile/upgrade_test.go index c4b49c3cb..94b788006 100644 --- a/internal/reconcile/upgrade_test.go +++ b/internal/reconcile/upgrade_test.go @@ -18,6 +18,7 @@ package reconcile import ( "context" + "errors" "fmt" "testing" "time" @@ -30,6 +31,7 @@ import ( helmreleaseutil "helm.sh/helm/v3/pkg/releaseutil" helmstorage "helm.sh/helm/v3/pkg/storage" helmdriver "helm.sh/helm/v3/pkg/storage/driver" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" @@ -353,7 +355,7 @@ func TestUpgrade_Reconcile(t *testing.T) { cfg.Driver = tt.driver(cfg.Driver) } - recorder := record.NewFakeRecorder(10) + recorder := new(record.FakeRecorder) got := NewUpgrade(cfg, recorder).Reconcile(context.TODO(), &Request{ Object: obj, Chart: tt.chart, @@ -388,3 +390,141 @@ func TestUpgrade_Reconcile(t *testing.T) { }) } } + +func TestUpgrade_failure(t *testing.T) { + var ( + obj = &v2.HelmRelease{ + Spec: v2.HelmReleaseSpec{ + ReleaseName: mockReleaseName, + TargetNamespace: mockReleaseNamespace, + }, + } + chrt = testutil.BuildChart() + err = errors.New("upgrade error") + ) + + t.Run("records failure", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Upgrade{ + eventRecorder: recorder, + } + + req := &Request{Object: obj.DeepCopy(), Chart: chrt} + r.failure(req, nil, err) + + expectMsg := fmt.Sprintf(fmtUpgradeFailure, mockReleaseNamespace, mockReleaseName, chrt.Name(), + chrt.Metadata.Version, err.Error()) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeFailedReason, expectMsg), + })) + g.Expect(req.Object.Status.Failures).To(Equal(int64(1))) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeWarning, + Reason: v2.UpgradeFailedReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": chrt.Metadata.Version, + }, + }, + }, + })) + }) + + t.Run("records failure with logs", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Upgrade{ + eventRecorder: recorder, + } + req := &Request{Object: obj.DeepCopy(), Chart: chrt} + r.failure(req, mockLogBuffer(5, 10), err) + + expectSubStr := "Last Helm logs" + g.Expect(conditions.IsFalse(req.Object, v2.ReleasedCondition)).To(BeTrue()) + g.Expect(conditions.GetMessage(req.Object, v2.ReleasedCondition)).ToNot(ContainSubstring(expectSubStr)) + + events := recorder.GetEvents() + g.Expect(events).To(HaveLen(1)) + g.Expect(events[0].Message).To(ContainSubstring(expectSubStr)) + }) +} + +func TestUpgrade_success(t *testing.T) { + var ( + cur = testutil.BuildRelease(&helmrelease.MockReleaseOptions{ + Name: mockReleaseName, + Namespace: mockReleaseNamespace, + Chart: testutil.BuildChart(), + }) + obj = &v2.HelmRelease{ + Status: v2.HelmReleaseStatus{ + Current: release.ObservedToInfo(release.ObserveRelease(cur)), + }, + } + ) + + t.Run("records success", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Upgrade{ + eventRecorder: recorder, + } + + req := &Request{ + Object: obj.DeepCopy(), + } + r.success(req) + + expectMsg := fmt.Sprintf(fmtUpgradeSuccess, + fmt.Sprintf("%s/%s.%d", mockReleaseNamespace, mockReleaseName, obj.Status.Current.Version), + fmt.Sprintf("%s@%s", obj.Status.Current.ChartName, obj.Status.Current.ChartVersion)) + + g.Expect(req.Object.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{ + *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, expectMsg), + })) + g.Expect(recorder.GetEvents()).To(ConsistOf([]corev1.Event{ + { + Type: corev1.EventTypeNormal, + Reason: v2.UpgradeSucceededReason, + Message: expectMsg, + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "revision": obj.Status.Current.ChartVersion, + }, + }, + }, + })) + }) + + t.Run("records success with TestSuccess=False", func(t *testing.T) { + g := NewWithT(t) + + recorder := testutil.NewFakeRecorder(10, false) + r := &Upgrade{ + eventRecorder: recorder, + } + + obj := obj.DeepCopy() + obj.Spec.Test = &v2.Test{Enable: true} + + req := &Request{Object: obj} + r.success(req) + + g.Expect(conditions.IsTrue(req.Object, v2.ReleasedCondition)).To(BeTrue()) + + cond := conditions.Get(req.Object, v2.TestSuccessCondition) + g.Expect(cond).ToNot(BeNil()) + + expectMsg := fmt.Sprintf(fmtTestPending, + fmt.Sprintf("%s/%s.%d", mockReleaseNamespace, mockReleaseName, obj.Status.Current.Version), + fmt.Sprintf("%s@%s", obj.Status.Current.ChartName, obj.Status.Current.ChartVersion)) + g.Expect(cond.Message).To(Equal(expectMsg)) + }) +} diff --git a/internal/testutil/fake_recorder.go b/internal/testutil/fake_recorder.go new file mode 100644 index 000000000..24d877fb3 --- /dev/null +++ b/internal/testutil/fake_recorder.go @@ -0,0 +1,116 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package testutil + +import ( + "fmt" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + + _ "k8s.io/client-go/tools/record" +) + +// FakeRecorder is used as a fake during tests. +// +// It was invented to be used in tests which require more precise control over +// e.g. assertions of specific event fields like Reason. For which string +// comparisons on the concentrated event message using record.FakeRecorder is +// not sufficient. +// +// To empty the Events channel into a slice of the recorded events, use +// GetEvents(). Not initializing Events will cause the recorder to not record +// any messages. +type FakeRecorder struct { + Events chan corev1.Event + IncludeObject bool +} + +// NewFakeRecorder creates new fake event recorder with an Events channel with +// the given size. Setting includeObject to true will cause the recorder to +// include the object reference in the events. +// +// To initialize a recorder which does not record any events, simply use: +// +// recorder := new(FakeRecorder) +func NewFakeRecorder(bufferSize int, includeObject bool) *FakeRecorder { + return &FakeRecorder{ + Events: make(chan corev1.Event, bufferSize), + IncludeObject: includeObject, + } +} + +// Event emits an event with the given message. +func (f *FakeRecorder) Event(obj runtime.Object, eventType, reason, message string) { + f.Eventf(obj, eventType, reason, message) +} + +// Eventf emits an event with the given message. +func (f *FakeRecorder) Eventf(obj runtime.Object, eventType, reason, message string, args ...any) { + if f.Events != nil { + f.Events <- f.generateEvent(obj, nil, eventType, reason, message, args...) + } +} + +// AnnotatedEventf emits an event with annotations. +func (f *FakeRecorder) AnnotatedEventf(obj runtime.Object, annotations map[string]string, eventType, reason, message string, args ...any) { + if f.Events != nil { + f.Events <- f.generateEvent(obj, annotations, eventType, reason, message, args...) + } +} + +// GetEvents empties the Events channel and returns a slice of recorded events. +// If the Events channel is nil, it returns nil. +func (f *FakeRecorder) GetEvents() (events []corev1.Event) { + if f.Events != nil { + for { + select { + case e := <-f.Events: + events = append(events, e) + default: + return events + } + } + } + return nil +} + +// generateEvent generates a new mocked event with the given parameters. +func (f *FakeRecorder) generateEvent(obj runtime.Object, annotations map[string]string, eventType, reason, message string, args ...any) corev1.Event { + event := corev1.Event{ + InvolvedObject: objectReference(obj, f.IncludeObject), + Type: eventType, + Reason: reason, + Message: fmt.Sprintf(message, args...), + } + if annotations != nil { + event.ObjectMeta.Annotations = annotations + } + return event +} + +// objectReference returns an object reference for the given object with the +// kind and (group) API version set. +func objectReference(obj runtime.Object, includeObject bool) corev1.ObjectReference { + if !includeObject { + return corev1.ObjectReference{} + } + + return corev1.ObjectReference{ + Kind: obj.GetObjectKind().GroupVersionKind().Kind, + APIVersion: obj.GetObjectKind().GroupVersionKind().GroupVersion().String(), + } +} From 410ce3a00de012adf2cc31a5bf60fdbfb3bde2e2 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Wed, 14 Jun 2023 17:15:00 +0200 Subject: [PATCH 24/76] reconcile: include "token" in event metadata This includes the "token" in the emitted events which is used to rate limit events received by the notification-controller. Either by using the already calculated config (values) digest, or by calculating it for the current reconciliation request in scenarios where it isn't available from made observations. Signed-off-by: Hidde Beydals --- internal/reconcile/install.go | 18 ++++++++++++-- internal/reconcile/install_test.go | 15 ++++++++---- internal/reconcile/release.go | 24 ++++++++++++++----- internal/reconcile/rollback_remediation.go | 18 ++++++++++++-- .../reconcile/rollback_remediation_test.go | 11 ++++++--- internal/reconcile/test.go | 16 +++++++++++-- internal/reconcile/test_test.go | 9 +++++-- internal/reconcile/uninstall.go | 15 ++++++++++-- internal/reconcile/uninstall_remediation.go | 16 +++++++++++-- .../reconcile/uninstall_remediation_test.go | 9 +++++-- internal/reconcile/uninstall_test.go | 9 +++++-- internal/reconcile/unlock.go | 19 ++++++++++++--- internal/reconcile/unlock_test.go | 9 +++++-- internal/reconcile/upgrade.go | 18 ++++++++++++-- internal/reconcile/upgrade_test.go | 11 ++++++--- 15 files changed, 177 insertions(+), 40 deletions(-) diff --git a/internal/reconcile/install.go b/internal/reconcile/install.go index 0da28f9c7..f14022879 100644 --- a/internal/reconcile/install.go +++ b/internal/reconcile/install.go @@ -29,6 +29,8 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" ) // Install is an ActionReconciler which attempts to install a Helm release @@ -130,7 +132,13 @@ func (r *Install) failure(req *Request, buffer *action.LogBuffer, err error) { // Record warning event, this message contains more data than the // Condition summary. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(req.Chart.Metadata.Version), corev1.EventTypeWarning, v2.InstallFailedReason, eventMessageWithLog(msg, buffer)) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(req.Chart.Metadata.Version, chartutil.DigestValues(digest.Canonical, req.Values).String()), + corev1.EventTypeWarning, + v2.InstallFailedReason, + eventMessageWithLog(msg, buffer), + ) } // success records the success of a Helm installation action in the status of @@ -150,5 +158,11 @@ func (r *Install) success(req *Request) { } // Record event. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.InstallSucceededReason, msg) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeNormal, + v2.InstallSucceededReason, + msg, + ) } diff --git a/internal/reconcile/install_test.go b/internal/reconcile/install_test.go index 13b717099..dd7ec3967 100644 --- a/internal/reconcile/install_test.go +++ b/internal/reconcile/install_test.go @@ -26,7 +26,7 @@ import ( "github.com/go-logr/logr" . "github.com/onsi/gomega" "helm.sh/helm/v3/pkg/chart" - "helm.sh/helm/v3/pkg/chartutil" + helmchartutil "helm.sh/helm/v3/pkg/chartutil" helmrelease "helm.sh/helm/v3/pkg/release" "helm.sh/helm/v3/pkg/releaseutil" helmstorage "helm.sh/helm/v3/pkg/storage" @@ -35,11 +35,14 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" "github.com/fluxcd/helm-controller/internal/testutil" @@ -56,7 +59,7 @@ func TestInstall_Reconcile(t *testing.T) { // chart to install. chart *chart.Chart // values to use during install. - values chartutil.Values + values helmchartutil.Values // spec modifies the HelmRelease object spec before install. spec func(spec *v2.HelmReleaseSpec) // status to configure on the HelmRelease object before install. @@ -296,7 +299,7 @@ func TestInstall_failure(t *testing.T) { eventRecorder: recorder, } - req := &Request{Object: obj.DeepCopy(), Chart: chrt} + req := &Request{Object: obj.DeepCopy(), Chart: chrt, Values: map[string]interface{}{"foo": "bar"}} r.failure(req, nil, err) expectMsg := fmt.Sprintf(fmtInstallFailure, mockReleaseNamespace, mockReleaseName, chrt.Name(), @@ -313,7 +316,8 @@ func TestInstall_failure(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": chrt.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): chrt.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, req.Values).String(), }, }, }, @@ -381,7 +385,8 @@ func TestInstall_success(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": obj.Status.Current.ChartVersion, + eventMetaGroupKey(eventv1.MetaRevisionKey): obj.Status.Current.ChartVersion, + eventMetaGroupKey(eventv1.MetaTokenKey): obj.Status.Current.ConfigDigest, }, }, }, diff --git a/internal/reconcile/release.go b/internal/reconcile/release.go index 4fc2978e5..fd4428898 100644 --- a/internal/reconcile/release.go +++ b/internal/reconcile/release.go @@ -23,6 +23,7 @@ import ( helmrelease "helm.sh/helm/v3/pkg/release" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" @@ -196,11 +197,22 @@ func eventMessageWithLog(msg string, log *action.LogBuffer) string { // eventMeta returns the event (annotation) metadata based on the given // parameters. -func eventMeta(revision string) map[string]string { - if revision == "" { - return nil - } - return map[string]string{ - "revision": revision, +func eventMeta(revision, token string) map[string]string { + var metadata map[string]string + if revision != "" || token != "" { + metadata = make(map[string]string) + if revision != "" { + metadata[eventMetaGroupKey(eventv1.MetaRevisionKey)] = revision + } + if token != "" { + metadata[eventMetaGroupKey(eventv1.MetaTokenKey)] = token + } } + return metadata +} + +// eventMetaGroupKey returns the event (annotation) metadata key prefixed with +// the group. +func eventMetaGroupKey(key string) string { + return v2.GroupVersion.Group + "/" + key } diff --git a/internal/reconcile/rollback_remediation.go b/internal/reconcile/rollback_remediation.go index 815bf7b05..d73781594 100644 --- a/internal/reconcile/rollback_remediation.go +++ b/internal/reconcile/rollback_remediation.go @@ -30,6 +30,8 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" ) @@ -142,7 +144,13 @@ func (r *RollbackRemediation) failure(req *Request, buffer *action.LogBuffer, er // Record warning event, this message contains more data than the // Condition summary. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(prev.ChartVersion), corev1.EventTypeWarning, v2.RollbackFailedReason, eventMessageWithLog(msg, buffer)) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(prev.ChartVersion, chartutil.DigestValues(digest.Canonical, req.Values).String()), + corev1.EventTypeWarning, + v2.RollbackFailedReason, + eventMessageWithLog(msg, buffer), + ) } // success records the success of a Helm rollback action in the status of the @@ -156,7 +164,13 @@ func (r *RollbackRemediation) success(req *Request) { conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.RollbackSucceededReason, msg) // Record event. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(prev.ChartVersion), corev1.EventTypeNormal, v2.RollbackSucceededReason, msg) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(prev.ChartVersion, chartutil.DigestValues(digest.Canonical, req.Values).String()), + corev1.EventTypeNormal, + v2.RollbackSucceededReason, + msg, + ) } // observeRollback returns a storage.ObserveFunc that can be used to observe diff --git a/internal/reconcile/rollback_remediation_test.go b/internal/reconcile/rollback_remediation_test.go index 2e0a87f64..f346e52d5 100644 --- a/internal/reconcile/rollback_remediation_test.go +++ b/internal/reconcile/rollback_remediation_test.go @@ -20,6 +20,7 @@ import ( "context" "errors" "fmt" + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "testing" "time" @@ -38,6 +39,8 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" "github.com/fluxcd/helm-controller/internal/testutil" @@ -404,7 +407,8 @@ func TestRollbackRemediation_failure(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": prev.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): prev.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, req.Values).String(), }, }, }, @@ -451,7 +455,7 @@ func TestRollbackRemediation_success(t *testing.T) { }, } - req := &Request{Object: obj} + req := &Request{Object: obj, Values: map[string]interface{}{"foo": "bar"}} r.success(req) expectMsg := fmt.Sprintf(fmtRollbackRemediationSuccess, @@ -469,7 +473,8 @@ func TestRollbackRemediation_success(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": prev.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): prev.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, req.Values).String(), }, }, }, diff --git a/internal/reconcile/test.go b/internal/reconcile/test.go index d8c5063cc..b4a4e4cd6 100644 --- a/internal/reconcile/test.go +++ b/internal/reconcile/test.go @@ -143,7 +143,13 @@ func (r *Test) failure(req *Request, buffer *action.LogBuffer, err error) { // Record warning event, this message contains more data than the // Condition summary. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, v2.TestFailedReason, eventMessageWithLog(msg, buffer)) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeWarning, + v2.TestFailedReason, + eventMessageWithLog(msg, buffer), + ) if req.Object.GetCurrent().HasBeenTested() { // Count the failure of the test for the active remediation strategy if enabled. @@ -173,7 +179,13 @@ func (r *Test) success(req *Request) { conditions.MarkTrue(req.Object, v2.TestSuccessCondition, v2.TestSucceededReason, msg) // Record event. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.TestSucceededReason, msg) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeNormal, + v2.TestSucceededReason, + msg, + ) } // observeTest returns a storage.ObserveFunc that can be used to observe diff --git a/internal/reconcile/test_test.go b/internal/reconcile/test_test.go index d4da41eb5..d6f3d1a22 100644 --- a/internal/reconcile/test_test.go +++ b/internal/reconcile/test_test.go @@ -33,11 +33,14 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/testutil" ) @@ -456,7 +459,8 @@ func TestTest_failure(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, cur.Config).String(), }, }, }, @@ -567,7 +571,8 @@ func TestTest_success(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, cur.Config).String(), }, }, }, diff --git a/internal/reconcile/uninstall.go b/internal/reconcile/uninstall.go index b735491a6..7948e4e1f 100644 --- a/internal/reconcile/uninstall.go +++ b/internal/reconcile/uninstall.go @@ -154,7 +154,12 @@ func (r *Uninstall) failure(req *Request, buffer *action.LogBuffer, err error) { // Record warning event, this message contains more data than the // Condition summary. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, v2.UninstallFailedReason, eventMessageWithLog(msg, buffer)) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeWarning, v2.UninstallFailedReason, + eventMessageWithLog(msg, buffer), + ) } // success records the success of a Helm uninstall action in the status of @@ -170,7 +175,13 @@ func (r *Uninstall) success(req *Request) { // Record warning event, this message contains more data than the // Condition summary. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.UninstallSucceededReason, msg) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeNormal, + v2.UninstallSucceededReason, + msg, + ) } // observeUninstall returns a storage.ObserveFunc that can be used to observe diff --git a/internal/reconcile/uninstall_remediation.go b/internal/reconcile/uninstall_remediation.go index 77311a429..600712906 100644 --- a/internal/reconcile/uninstall_remediation.go +++ b/internal/reconcile/uninstall_remediation.go @@ -151,7 +151,13 @@ func (r *UninstallRemediation) failure(req *Request, buffer *action.LogBuffer, e // Record warning event, this message contains more data than the // Condition summary. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, v2.UninstallFailedReason, eventMessageWithLog(msg, buffer)) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeWarning, + v2.UninstallFailedReason, + eventMessageWithLog(msg, buffer), + ) } // success records the success of a Helm uninstall remediation action in the @@ -166,5 +172,11 @@ func (r *UninstallRemediation) success(req *Request) { conditions.MarkTrue(req.Object, v2.RemediatedCondition, v2.UninstallSucceededReason, msg) // Record event. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.UninstallSucceededReason, msg) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeNormal, + v2.UninstallSucceededReason, + msg, + ) } diff --git a/internal/reconcile/uninstall_remediation_test.go b/internal/reconcile/uninstall_remediation_test.go index ef2f1f8af..f2543899e 100644 --- a/internal/reconcile/uninstall_remediation_test.go +++ b/internal/reconcile/uninstall_remediation_test.go @@ -33,10 +33,13 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" "github.com/fluxcd/helm-controller/internal/testutil" @@ -406,7 +409,8 @@ func TestUninstallRemediation_failure(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, cur.Config).String(), }, }, }, @@ -472,7 +476,8 @@ func TestUninstallRemediation_success(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, cur.Config).String(), }, }, }, diff --git a/internal/reconcile/uninstall_test.go b/internal/reconcile/uninstall_test.go index 920eebbd6..d53b333f4 100644 --- a/internal/reconcile/uninstall_test.go +++ b/internal/reconcile/uninstall_test.go @@ -33,11 +33,14 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" "github.com/fluxcd/helm-controller/internal/testutil" @@ -415,7 +418,8 @@ func TestUninstall_failure(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, cur.Config).String(), }, }, }, @@ -481,7 +485,8 @@ func TestUninstall_success(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, cur.Config).String(), }, }, }, diff --git a/internal/reconcile/unlock.go b/internal/reconcile/unlock.go index c3c5395f5..adcbc85c3 100644 --- a/internal/reconcile/unlock.go +++ b/internal/reconcile/unlock.go @@ -21,12 +21,13 @@ import ( "errors" "fmt" - "github.com/fluxcd/pkg/runtime/conditions" helmrelease "helm.sh/helm/v3/pkg/release" helmdriver "helm.sh/helm/v3/pkg/storage/driver" corev1 "k8s.io/api/core/v1" "k8s.io/client-go/tools/record" + "github.com/fluxcd/pkg/runtime/conditions" + v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" "github.com/fluxcd/helm-controller/internal/release" @@ -131,7 +132,13 @@ func (r *Unlock) failure(req *Request, status helmrelease.Status, err error) { conditions.MarkFalse(req.Object, v2.ReleasedCondition, "PendingRelease", msg) // Record warning event. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeWarning, "PendingRelease", msg) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeWarning, + "PendingRelease", + msg, + ) } // success records the success of an unlock action in the status of the given @@ -145,7 +152,13 @@ func (r *Unlock) success(req *Request, status helmrelease.Status) { conditions.MarkFalse(req.Object, v2.ReleasedCondition, "PendingRelease", msg) // Record event. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, "PendingRelease", msg) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeNormal, + "PendingRelease", + msg, + ) } // observeUnlock returns a storage.ObserveFunc that can be used to observe and diff --git a/internal/reconcile/unlock_test.go b/internal/reconcile/unlock_test.go index aede948ab..163d69459 100644 --- a/internal/reconcile/unlock_test.go +++ b/internal/reconcile/unlock_test.go @@ -33,11 +33,14 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" "github.com/fluxcd/helm-controller/internal/testutil" @@ -399,7 +402,8 @@ func TestUnlock_failure(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, cur.Config).String(), }, }, }, @@ -448,7 +452,8 @@ func TestUnlock_success(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): cur.Chart.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, cur.Config).String(), }, }, }, diff --git a/internal/reconcile/upgrade.go b/internal/reconcile/upgrade.go index f0d596c71..323790db4 100644 --- a/internal/reconcile/upgrade.go +++ b/internal/reconcile/upgrade.go @@ -29,6 +29,8 @@ import ( v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" ) // Upgrade is an ActionReconciler which attempts to upgrade a Helm release @@ -129,7 +131,13 @@ func (r *Upgrade) failure(req *Request, buffer *action.LogBuffer, err error) { // Record warning event, this message contains more data than the // Condition summary. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(req.Chart.Metadata.Version), corev1.EventTypeWarning, v2.UpgradeFailedReason, eventMessageWithLog(msg, buffer)) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(req.Chart.Metadata.Version, chartutil.DigestValues(digest.Canonical, req.Values).String()), + corev1.EventTypeWarning, + v2.UpgradeFailedReason, + eventMessageWithLog(msg, buffer), + ) } // success records the success of a Helm upgrade action in the status of the @@ -150,5 +158,11 @@ func (r *Upgrade) success(req *Request) { } // Record event. - r.eventRecorder.AnnotatedEventf(req.Object, eventMeta(cur.ChartVersion), corev1.EventTypeNormal, v2.UpgradeSucceededReason, msg) + r.eventRecorder.AnnotatedEventf( + req.Object, + eventMeta(cur.ChartVersion, cur.ConfigDigest), + corev1.EventTypeNormal, + v2.UpgradeSucceededReason, + msg, + ) } diff --git a/internal/reconcile/upgrade_test.go b/internal/reconcile/upgrade_test.go index 94b788006..d7407c28d 100644 --- a/internal/reconcile/upgrade_test.go +++ b/internal/reconcile/upgrade_test.go @@ -35,11 +35,14 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/record" + eventv1 "github.com/fluxcd/pkg/apis/event/v1beta1" "github.com/fluxcd/pkg/apis/meta" "github.com/fluxcd/pkg/runtime/conditions" v2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/fluxcd/helm-controller/internal/action" + "github.com/fluxcd/helm-controller/internal/chartutil" + "github.com/fluxcd/helm-controller/internal/digest" "github.com/fluxcd/helm-controller/internal/release" "github.com/fluxcd/helm-controller/internal/storage" "github.com/fluxcd/helm-controller/internal/testutil" @@ -411,7 +414,7 @@ func TestUpgrade_failure(t *testing.T) { eventRecorder: recorder, } - req := &Request{Object: obj.DeepCopy(), Chart: chrt} + req := &Request{Object: obj.DeepCopy(), Chart: chrt, Values: map[string]interface{}{"foo": "bar"}} r.failure(req, nil, err) expectMsg := fmt.Sprintf(fmtUpgradeFailure, mockReleaseNamespace, mockReleaseName, chrt.Name(), @@ -428,7 +431,8 @@ func TestUpgrade_failure(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": chrt.Metadata.Version, + eventMetaGroupKey(eventv1.MetaRevisionKey): chrt.Metadata.Version, + eventMetaGroupKey(eventv1.MetaTokenKey): chartutil.DigestValues(digest.Canonical, req.Values).String(), }, }, }, @@ -496,7 +500,8 @@ func TestUpgrade_success(t *testing.T) { Message: expectMsg, ObjectMeta: metav1.ObjectMeta{ Annotations: map[string]string{ - "revision": obj.Status.Current.ChartVersion, + eventMetaGroupKey(eventv1.MetaRevisionKey): obj.Status.Current.ChartVersion, + eventMetaGroupKey(eventv1.MetaTokenKey): obj.Status.Current.ConfigDigest, }, }, }, From 64b2d5455e15ba4d658eb4dbaf9b20547314e007 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 10 Jul 2023 14:40:02 +0200 Subject: [PATCH 25/76] Address review comments - Use `Unknown` status for the `TestSuccess` condition when tests have not been run yet. - Update Ready summarization logic to incorportate conditions with an Unknown status. Within the context of readiness, this always caises Ready=False when the condition is included in the summarization. - Variety of tiny fixes. - Tiny nits in test mocks to prevent confusion. Signed-off-by: Hidde Beydals --- internal/action/verify.go | 8 ++-- internal/reconcile/action.go | 6 +-- internal/reconcile/atomic_release_test.go | 4 ++ internal/reconcile/install.go | 3 +- internal/reconcile/release.go | 5 +++ internal/reconcile/release_test.go | 53 +++++++++++++++++++++-- internal/reconcile/upgrade.go | 2 +- 7 files changed, 68 insertions(+), 13 deletions(-) diff --git a/internal/action/verify.go b/internal/action/verify.go index bc0cdab13..02f1e980c 100644 --- a/internal/action/verify.go +++ b/internal/action/verify.go @@ -43,7 +43,7 @@ var ( // ReleaseTargetChanged returns true if the given release and/or chart // name have been mutated in such a way that it no longer has the same release -// target as the Status.Current. By comparing the (storage) namespace, and +// target as the Status.Current, by comparing the (storage) namespace, and // release and chart names. This can be used to e.g. trigger a garbage // collection of the old release before installing the new one. func ReleaseTargetChanged(obj *v2.HelmRelease, chartName string) bool { @@ -126,9 +126,9 @@ func VerifyLastStorageItem(config *helmaction.Configuration, info *v2.HelmReleas } // VerifyReleaseObject verifies the data of the given v2beta2.HelmReleaseInfo -// matches the given Helm release object. It returns the verified -// release, or an error of type ErrReleaseDigest or ErrReleaseNotObserved -// indicating the reason for the verification failure. +// matches the given Helm release object. It returns an error of type +// ErrReleaseDigest or ErrReleaseNotObserved indicating the reason for the +// verification failure, or nil. func VerifyReleaseObject(info *v2.HelmReleaseInfo, rls *helmrelease.Release) error { relDig, err := digest.Parse(info.Digest) if err != nil { diff --git a/internal/reconcile/action.go b/internal/reconcile/action.go index 6a0e7c9ba..57e9f314a 100644 --- a/internal/reconcile/action.go +++ b/internal/reconcile/action.go @@ -80,7 +80,7 @@ func NextAction(ctx context.Context, cfg *action.ConfigFactory, recorder record. // unexpectedly. Unlock the release and e.g. retry again. if rls.Info.Status.IsPending() { log.Info("observed release is in stale pending state") - return &Unlock{configFactory: cfg}, nil + return NewUnlock(cfg, recorder), nil } remediation := req.Object.GetActiveRemediation() @@ -110,9 +110,7 @@ func NextAction(ctx context.Context, cfg *action.ConfigFactory, recorder record. // Confirm the current release matches the desired config. if err = action.VerifyRelease(rls, cur, req.Chart.Metadata, req.Values); err != nil { switch err { - case action.ErrChartChanged: - return NewUpgrade(cfg, recorder), nil - case action.ErrConfigDigest: + case action.ErrChartChanged, action.ErrConfigDigest: return NewUpgrade(cfg, recorder), nil default: // Error out on any other error as we cannot determine what diff --git a/internal/reconcile/atomic_release_test.go b/internal/reconcile/atomic_release_test.go index 25fe3cf86..b5c4d5d95 100644 --- a/internal/reconcile/atomic_release_test.go +++ b/internal/reconcile/atomic_release_test.go @@ -146,6 +146,10 @@ func TestAtomicRelease_Reconcile(t *testing.T) { ) g.Expect(err).ToNot(HaveOccurred()) + // We use a fake client here to allow us to work with a minimal release + // object mock. As the fake client does not perform any validation. + // However, for the Helm storage driver to work, we need a real client + // which is therefore initialized separately above. client := fake.NewClientBuilder(). WithScheme(testEnv.Scheme()). WithObjects(obj). diff --git a/internal/reconcile/install.go b/internal/reconcile/install.go index f14022879..33f0abdf1 100644 --- a/internal/reconcile/install.go +++ b/internal/reconcile/install.go @@ -154,7 +154,8 @@ func (r *Install) success(req *Request) { // Mark install success on object. conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.InstallSucceededReason, msg) if req.Object.GetTest().Enable && !cur.HasBeenTested() { - conditions.MarkFalse(req.Object, v2.TestSuccessCondition, "Pending", fmtTestPending, cur.FullReleaseName(), cur.VersionedChartName()) + conditions.MarkUnknown(req.Object, v2.TestSuccessCondition, "Pending", fmtTestPending, + cur.FullReleaseName(), cur.VersionedChartName()) } // Record event. diff --git a/internal/reconcile/release.go b/internal/reconcile/release.go index fd4428898..80e833a24 100644 --- a/internal/reconcile/release.go +++ b/internal/reconcile/release.go @@ -123,6 +123,11 @@ func summarize(req *Request) { }) status := conds[0].Status + // Unknown is considered False within the context of Readiness. + if status == metav1.ConditionUnknown { + status = metav1.ConditionFalse + } + // Any remediated state is considered an error. if conds[0].Type == v2.RemediatedCondition { status = metav1.ConditionFalse diff --git a/internal/reconcile/release_test.go b/internal/reconcile/release_test.go index 31abc67fb..1a11916e0 100644 --- a/internal/reconcile/release_test.go +++ b/internal/reconcile/release_test.go @@ -293,6 +293,53 @@ func Test_summarize(t *testing.T) { }, }, }, + { + name: "with test hooks enabled and pending tests", + conditions: []metav1.Condition{ + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionUnknown, + Reason: "Pending", + Message: "Release is awaiting tests", + ObservedGeneration: 1, + }, + }, + spec: &v2.HelmReleaseSpec{ + Test: &v2.Test{ + Enable: true, + }, + }, + expect: []metav1.Condition{ + { + Type: meta.ReadyCondition, + Status: metav1.ConditionFalse, + Reason: "Pending", + Message: "Release is awaiting tests", + ObservedGeneration: 1, + }, + { + Type: v2.ReleasedCondition, + Status: metav1.ConditionTrue, + Reason: v2.InstallSucceededReason, + Message: "Install complete", + ObservedGeneration: 1, + }, + { + Type: v2.TestSuccessCondition, + Status: metav1.ConditionUnknown, + Reason: "Pending", + Message: "Release is awaiting tests", + ObservedGeneration: 1, + }, + }, + }, { name: "with remediation failure", generation: 1, @@ -470,7 +517,7 @@ func Test_summarize(t *testing.T) { Status: metav1.ConditionTrue, Reason: v2.UpgradeSucceededReason, Message: "Upgrade finished", - ObservedGeneration: 6, + ObservedGeneration: 5, }, { Type: v2.ReleasedCondition, @@ -619,7 +666,7 @@ func Test_conditionallyDeleteRemediated(t *testing.T) { name: "Released=False", conditions: []metav1.Condition{ *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rollback finished"), - *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), + *conditions.FalseCondition(v2.ReleasedCondition, v2.UpgradeFailedReason, "Upgrade failed"), }, expectDelete: false, }, @@ -662,7 +709,7 @@ func Test_conditionallyDeleteRemediated(t *testing.T) { conditions: []metav1.Condition{ *conditions.TrueCondition(v2.RemediatedCondition, v2.RollbackSucceededReason, "Rollback finished"), *conditions.TrueCondition(v2.ReleasedCondition, v2.UpgradeSucceededReason, "Upgrade finished"), - *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestSucceededReason, "Test hooks succeeded"), + *conditions.FalseCondition(v2.TestSuccessCondition, v2.TestFailedReason, "Test hooks failed"), }, expectDelete: true, }, diff --git a/internal/reconcile/upgrade.go b/internal/reconcile/upgrade.go index 323790db4..8b8b3f0ba 100644 --- a/internal/reconcile/upgrade.go +++ b/internal/reconcile/upgrade.go @@ -153,7 +153,7 @@ func (r *Upgrade) success(req *Request) { // Mark upgrade success on object. conditions.MarkTrue(req.Object, v2.ReleasedCondition, v2.UpgradeSucceededReason, msg) if req.Object.GetTest().Enable && !cur.HasBeenTested() { - conditions.MarkFalse(req.Object, v2.TestSuccessCondition, "Pending", fmtTestPending, + conditions.MarkUnknown(req.Object, v2.TestSuccessCondition, "Pending", fmtTestPending, cur.FullReleaseName(), cur.VersionedChartName()) } From 76f62ffc47fc40eeb5a7d5cfc4d68ecec774dc39 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Tue, 11 Jul 2023 12:21:09 +0200 Subject: [PATCH 26/76] api: backport uninstall del propagation to v2beta2 Manual backport of the work done in #698, to keep things aligned. Signed-off-by: Hidde Beydals --- api/v2beta2/helmrelease_types.go | 16 ++++++++++++++++ api/v2beta2/zz_generated.deepcopy.go | 5 +++++ .../helm.toolkit.fluxcd.io_helmreleases.yaml | 9 +++++++++ internal/action/uninstall.go | 1 + 4 files changed, 31 insertions(+) diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index 77da07aa7..936a9101a 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -801,6 +801,13 @@ type Uninstall struct { // a Helm uninstall is performed. // +optional DisableWait bool `json:"disableWait,omitempty"` + + // DeletionPropagation specifies the deletion propagation policy when + // a Helm uninstall is performed. + // +kubebuilder:default=background + // +kubebuilder:validation:Enum=background;foreground;orphan + // +optional + DeletionPropagation *string `json:"deletionPropagation,omitempty"` } // GetTimeout returns the configured timeout for the Helm uninstall action, or @@ -812,6 +819,15 @@ func (in Uninstall) GetTimeout(defaultTimeout metav1.Duration) metav1.Duration { return *in.Timeout } +// GetDeletionPropagation returns the configured deletion propagation policy +// for the Helm uninstall action, or 'background'. +func (in Uninstall) GetDeletionPropagation() string { + if in.DeletionPropagation == nil { + return "background" + } + return *in.DeletionPropagation +} + // HelmReleaseInfo holds the status information for a Helm release as performed // by the controller. type HelmReleaseInfo struct { diff --git a/api/v2beta2/zz_generated.deepcopy.go b/api/v2beta2/zz_generated.deepcopy.go index 25e118848..31282f767 100644 --- a/api/v2beta2/zz_generated.deepcopy.go +++ b/api/v2beta2/zz_generated.deepcopy.go @@ -558,6 +558,11 @@ func (in *Uninstall) DeepCopyInto(out *Uninstall) { *out = new(metav1.Duration) **out = **in } + if in.DeletionPropagation != nil { + in, out := &in.DeletionPropagation, &out.DeletionPropagation + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Uninstall. diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index 7fcce625a..ab6161afc 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -1555,6 +1555,15 @@ spec: description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. properties: + deletionPropagation: + default: background + description: DeletionPropagation specifies the deletion propagation + policy when a Helm uninstall is performed. + enum: + - background + - foreground + - orphan + type: string disableHooks: description: DisableHooks prevents hooks from running during the Helm rollback action. diff --git a/internal/action/uninstall.go b/internal/action/uninstall.go index 9c866e108..75fe6126d 100644 --- a/internal/action/uninstall.go +++ b/internal/action/uninstall.go @@ -50,6 +50,7 @@ func newUninstall(config *helmaction.Configuration, obj *v2.HelmRelease, opts [] uninstall.DisableHooks = obj.GetUninstall().DisableHooks uninstall.KeepHistory = obj.GetUninstall().KeepHistory uninstall.Wait = !obj.GetUninstall().DisableWait + uninstall.DeletionPropagation = obj.GetUninstall().GetDeletionPropagation() for _, opt := range opts { opt(uninstall) From deb0b14e4363a2c0e7c90bff353c49622fc73d21 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 16 Jun 2023 21:54:33 +0200 Subject: [PATCH 27/76] api: make v2beta2 storage version Signed-off-by: Hidde Beydals --- Makefile | 2 +- PROJECT | 2 +- api/v2beta1/helmrelease_types.go | 1 - api/v2beta2/helmrelease_types.go | 1 + .../helm.toolkit.fluxcd.io_helmreleases.yaml | 4 +- docs/api/v2beta2/helm.md | 2598 +++++++++++++++++ 6 files changed, 2603 insertions(+), 5 deletions(-) create mode 100644 docs/api/v2beta2/helm.md diff --git a/Makefile b/Makefile index ccd6afd16..bfb6cec90 100644 --- a/Makefile +++ b/Makefile @@ -92,7 +92,7 @@ manifests: controller-gen # Generate API reference documentation api-docs: gen-crd-api-reference-docs - $(GEN_CRD_API_REFERENCE_DOCS) -api-dir=./api/v2beta1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api/v2beta1/helm.md + $(GEN_CRD_API_REFERENCE_DOCS) -api-dir=./api/v2beta2 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api/v2beta2/helm.md # Run go mod tidy tidy: diff --git a/PROJECT b/PROJECT index d8d16add1..200d2d5e4 100644 --- a/PROJECT +++ b/PROJECT @@ -7,5 +7,5 @@ resources: - group: helm kind: HelmRelease version: v2beta2 -storageVersion: v2beta1 +storageVersion: v2beta2 version: "2" diff --git a/api/v2beta1/helmrelease_types.go b/api/v2beta1/helmrelease_types.go index 427ac816e..4678a35cc 100644 --- a/api/v2beta1/helmrelease_types.go +++ b/api/v2beta1/helmrelease_types.go @@ -1017,7 +1017,6 @@ const ( // +genclient:Namespaced // +kubebuilder:object:root=true // +kubebuilder:resource:shortName=hr -// +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index 936a9101a..f6fac5d73 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -1013,6 +1013,7 @@ const ( // +genclient:Namespaced // +kubebuilder:object:root=true // +kubebuilder:resource:shortName=hr +// +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="" // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="" diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml index ab6161afc..e13c56aaa 100644 --- a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml +++ b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml @@ -919,7 +919,7 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -2003,6 +2003,6 @@ spec: type: object type: object served: true - storage: false + storage: true subresources: status: {} diff --git a/docs/api/v2beta2/helm.md b/docs/api/v2beta2/helm.md new file mode 100644 index 000000000..3d0fdecc5 --- /dev/null +++ b/docs/api/v2beta2/helm.md @@ -0,0 +1,2598 @@ +

Helm API reference v2beta2

+

Packages:

+ +

helm.toolkit.fluxcd.io/v2beta2

+

Package v2beta2 contains API Schema definitions for the helm v2beta2 API group

+Resource Types: + +

HelmRelease +

+

HelmRelease is the Schema for the helmreleases API

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string
+helm.toolkit.fluxcd.io/v2beta2 +
+kind
+string +
+HelmRelease +
+metadata
+ + +Kubernetes meta/v1.ObjectMeta + + +
+Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec
+ + +HelmReleaseSpec + + +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+chart
+ + +HelmChartTemplate + + +
+

Chart defines the template of the v1beta2.HelmChart that should be created +for this HelmRelease.

+
+interval
+ + +Kubernetes meta/v1.Duration + + +
+

Interval at which to reconcile the Helm release.

+
+kubeConfig
+ + +github.com/fluxcd/pkg/apis/meta.KubeConfigReference + + +
+(Optional) +

KubeConfig for reconciling the HelmRelease on a remote cluster. +When used in combination with HelmReleaseSpec.ServiceAccountName, +forces the controller to act on behalf of that Service Account at the +target cluster. +If the –default-service-account flag is set, its value will be used as +a controller level fallback for when HelmReleaseSpec.ServiceAccountName +is empty.

+
+suspend
+ +bool + +
+(Optional) +

Suspend tells the controller to suspend reconciliation for this HelmRelease, +it does not apply to already started reconciliations. Defaults to false.

+
+releaseName
+ +string + +
+(Optional) +

ReleaseName used for the Helm release. Defaults to a composition of +‘[TargetNamespace-]Name’.

+
+targetNamespace
+ +string + +
+(Optional) +

TargetNamespace to target when performing operations for the HelmRelease. +Defaults to the namespace of the HelmRelease.

+
+storageNamespace
+ +string + +
+(Optional) +

StorageNamespace used for the Helm storage. +Defaults to the namespace of the HelmRelease.

+
+dependsOn
+ + +[]github.com/fluxcd/pkg/apis/meta.NamespacedObjectReference + + +
+(Optional) +

DependsOn may contain a meta.NamespacedObjectReference slice with +references to HelmRelease resources that must be ready before this HelmRelease +can be reconciled.

+
+timeout
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Timeout is the time to wait for any individual Kubernetes operation (like Jobs +for hooks) during the performance of a Helm action. Defaults to ‘5m0s’.

+
+maxHistory
+ +int + +
+(Optional) +

MaxHistory is the number of revisions saved by Helm for this HelmRelease. +Use ‘0’ for an unlimited number of revisions; defaults to ‘10’.

+
+serviceAccountName
+ +string + +
+(Optional) +

The name of the Kubernetes service account to impersonate +when reconciling this HelmRelease.

+
+persistentClient
+ +bool + +
+(Optional) +

PersistentClient tells the controller to use a persistent Kubernetes +client for this release. When enabled, the client will be reused for the +duration of the reconciliation, instead of being created and destroyed +for each (step of a) Helm action.

+

This can improve performance, but may cause issues with some Helm charts +that for example do create Custom Resource Definitions during installation +outside Helm’s CRD lifecycle hooks, which are then not observed to be +available by e.g. post-install hooks.

+

If not set, it defaults to true.

+
+install
+ + +Install + + +
+(Optional) +

Install holds the configuration for Helm install actions for this HelmRelease.

+
+upgrade
+ + +Upgrade + + +
+(Optional) +

Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.

+
+test
+ + +Test + + +
+(Optional) +

Test holds the configuration for Helm test actions for this HelmRelease.

+
+rollback
+ + +Rollback + + +
+(Optional) +

Rollback holds the configuration for Helm rollback actions for this HelmRelease.

+
+uninstall
+ + +Uninstall + + +
+(Optional) +

Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.

+
+valuesFrom
+ + +[]ValuesReference + + +
+

ValuesFrom holds references to resources containing Helm values for this HelmRelease, +and information about how they should be merged.

+
+values
+ + +Kubernetes pkg/apis/apiextensions/v1.JSON + + +
+(Optional) +

Values holds the values for this Helm release.

+
+postRenderers
+ + +[]PostRenderer + + +
+(Optional) +

PostRenderers holds an array of Helm PostRenderers, which will be applied in order +of their definition.

+
+
+status
+ + +HelmReleaseStatus + + +
+
+
+
+

CRDsPolicy +(string alias)

+

+(Appears on: +Install, +Upgrade) +

+

CRDsPolicy defines the install/upgrade approach to use for CRDs when +installing or upgrading a HelmRelease.

+

CrossNamespaceObjectReference +

+

+(Appears on: +HelmChartTemplateSpec) +

+

CrossNamespaceObjectReference contains enough information to let you locate +the typed referenced object at cluster level.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+ +string + +
+(Optional) +

APIVersion of the referent.

+
+kind
+ +string + +
+

Kind of the referent.

+
+name
+ +string + +
+

Name of the referent.

+
+namespace
+ +string + +
+(Optional) +

Namespace of the referent.

+
+
+
+

Filter +

+

+(Appears on: +Test) +

+

Filter holds the configuration for individual Helm test filters.

+
+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+name
+ +string + +
+

Name is the name of the test.

+
+exclude
+ +bool + +
+(Optional) +

Exclude is specifies whether the named test should be excluded.

+
+
+
+

HelmChartTemplate +

+

+(Appears on: +HelmReleaseSpec) +

+

HelmChartTemplate defines the template from which the controller will +generate a v1beta2.HelmChart object in the same namespace as the referenced +v1.Source.

+
+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+metadata
+ + +HelmChartTemplateObjectMeta + + +
+(Optional) +

ObjectMeta holds the template for metadata like labels and annotations.

+
+spec
+ + +HelmChartTemplateSpec + + +
+

Spec holds the template for the v1beta2.HelmChartSpec for this HelmRelease.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+chart
+ +string + +
+

The name or path the Helm chart is available at in the SourceRef.

+
+version
+ +string + +
+(Optional) +

Version semver expression, ignored for charts from v1beta2.GitRepository and +v1beta2.Bucket sources. Defaults to latest when omitted.

+
+sourceRef
+ + +CrossNamespaceObjectReference + + +
+

The name and namespace of the v1.Source the chart is available at.

+
+interval
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Interval at which to check the v1.Source for updates. Defaults to +‘HelmReleaseSpec.Interval’.

+
+reconcileStrategy
+ +string + +
+(Optional) +

Determines what enables the creation of a new artifact. Valid values are +(‘ChartVersion’, ‘Revision’). +See the documentation of the values for an explanation on their behavior. +Defaults to ChartVersion when omitted.

+
+valuesFiles
+ +[]string + +
+(Optional) +

Alternative list of values files to use as the chart values (values.yaml +is not included by default), expected to be a relative path in the SourceRef. +Values files are merged in the order of this list with the last file overriding +the first. Ignored when omitted.

+
+valuesFile
+ +string + +
+(Optional) +

Alternative values file to use as the default chart values, expected to +be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, +for backwards compatibility the file defined here is merged before the +ValuesFiles items. Ignored when omitted.

+
+verify
+ + +HelmChartTemplateVerification + + +
+(Optional) +

Verify contains the secret name containing the trusted public keys +used to verify the signature and specifies which provider to use to check +whether OCI image is authentic. +This field is only supported for OCI sources. +Chart dependencies, which are not bundled in the umbrella chart artifact, +are not verified.

+
+
+
+
+

HelmChartTemplateObjectMeta +

+

+(Appears on: +HelmChartTemplate) +

+

HelmChartTemplateObjectMeta defines the template for the ObjectMeta of a +v1beta2.HelmChart.

+
+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+labels
+ +map[string]string + +
+(Optional) +

Map of string keys and values that can be used to organize and categorize +(scope and select) objects. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

+
+annotations
+ +map[string]string + +
+(Optional) +

Annotations is an unstructured key value map stored with a resource that may be +set by external tools to store and retrieve arbitrary metadata. They are not +queryable and should be preserved when modifying objects. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

+
+
+
+

HelmChartTemplateSpec +

+

+(Appears on: +HelmChartTemplate) +

+

HelmChartTemplateSpec defines the template from which the controller will +generate a v1beta2.HelmChartSpec object.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+chart
+ +string + +
+

The name or path the Helm chart is available at in the SourceRef.

+
+version
+ +string + +
+(Optional) +

Version semver expression, ignored for charts from v1beta2.GitRepository and +v1beta2.Bucket sources. Defaults to latest when omitted.

+
+sourceRef
+ + +CrossNamespaceObjectReference + + +
+

The name and namespace of the v1.Source the chart is available at.

+
+interval
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Interval at which to check the v1.Source for updates. Defaults to +‘HelmReleaseSpec.Interval’.

+
+reconcileStrategy
+ +string + +
+(Optional) +

Determines what enables the creation of a new artifact. Valid values are +(‘ChartVersion’, ‘Revision’). +See the documentation of the values for an explanation on their behavior. +Defaults to ChartVersion when omitted.

+
+valuesFiles
+ +[]string + +
+(Optional) +

Alternative list of values files to use as the chart values (values.yaml +is not included by default), expected to be a relative path in the SourceRef. +Values files are merged in the order of this list with the last file overriding +the first. Ignored when omitted.

+
+valuesFile
+ +string + +
+(Optional) +

Alternative values file to use as the default chart values, expected to +be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, +for backwards compatibility the file defined here is merged before the +ValuesFiles items. Ignored when omitted.

+
+verify
+ + +HelmChartTemplateVerification + + +
+(Optional) +

Verify contains the secret name containing the trusted public keys +used to verify the signature and specifies which provider to use to check +whether OCI image is authentic. +This field is only supported for OCI sources. +Chart dependencies, which are not bundled in the umbrella chart artifact, +are not verified.

+
+
+
+

HelmChartTemplateVerification +

+

+(Appears on: +HelmChartTemplateSpec) +

+

HelmChartTemplateVerification verifies the authenticity of an OCI Helm chart.

+
+
+ + + + + + + + + + + + + + + + + +
FieldDescription
+provider
+ +string + +
+

Provider specifies the technology used to sign the OCI Helm chart.

+
+secretRef
+ + +github.com/fluxcd/pkg/apis/meta.LocalObjectReference + + +
+(Optional) +

SecretRef specifies the Kubernetes Secret containing the +trusted public keys.

+
+
+
+

HelmReleaseInfo +

+

+(Appears on: +HelmReleaseStatus) +

+

HelmReleaseInfo holds the status information for a Helm release as performed +by the controller.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+digest
+ +string + +
+

Digest is the checksum of the release object in storage. +It has the format of <algo>:<checksum>.

+
+name
+ +string + +
+

Name is the name of the release.

+
+namespace
+ +string + +
+

Namespace is the namespace the release is deployed to.

+
+version
+ +int + +
+

Version is the version of the release object in storage.

+
+status
+ +string + +
+

Status is the current state of the release.

+
+chartName
+ +string + +
+

ChartName is the chart name of the release object in storage.

+
+chartVersion
+ +string + +
+

ChartVersion is the chart version of the release object in +storage.

+
+configDigest
+ +string + +
+

ConfigDigest is the checksum of the config (better known as +“values”) of the release object in storage. +It has the format of <algo>:<checksum>.

+
+firstDeployed
+ + +Kubernetes meta/v1.Time + + +
+

FirstDeployed is when the release was first deployed.

+
+lastDeployed
+ + +Kubernetes meta/v1.Time + + +
+

LastDeployed is when the release was last deployed.

+
+deleted
+ + +Kubernetes meta/v1.Time + + +
+(Optional) +

Deleted is when the release was deleted.

+
+testHooks
+ + +HelmReleaseTestHook + + +
+(Optional) +

TestHooks is the list of test hooks for the release as observed to be +run by the controller.

+
+
+
+

HelmReleaseSpec +

+

+(Appears on: +HelmRelease) +

+

HelmReleaseSpec defines the desired state of a Helm release.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+chart
+ + +HelmChartTemplate + + +
+

Chart defines the template of the v1beta2.HelmChart that should be created +for this HelmRelease.

+
+interval
+ + +Kubernetes meta/v1.Duration + + +
+

Interval at which to reconcile the Helm release.

+
+kubeConfig
+ + +github.com/fluxcd/pkg/apis/meta.KubeConfigReference + + +
+(Optional) +

KubeConfig for reconciling the HelmRelease on a remote cluster. +When used in combination with HelmReleaseSpec.ServiceAccountName, +forces the controller to act on behalf of that Service Account at the +target cluster. +If the –default-service-account flag is set, its value will be used as +a controller level fallback for when HelmReleaseSpec.ServiceAccountName +is empty.

+
+suspend
+ +bool + +
+(Optional) +

Suspend tells the controller to suspend reconciliation for this HelmRelease, +it does not apply to already started reconciliations. Defaults to false.

+
+releaseName
+ +string + +
+(Optional) +

ReleaseName used for the Helm release. Defaults to a composition of +‘[TargetNamespace-]Name’.

+
+targetNamespace
+ +string + +
+(Optional) +

TargetNamespace to target when performing operations for the HelmRelease. +Defaults to the namespace of the HelmRelease.

+
+storageNamespace
+ +string + +
+(Optional) +

StorageNamespace used for the Helm storage. +Defaults to the namespace of the HelmRelease.

+
+dependsOn
+ + +[]github.com/fluxcd/pkg/apis/meta.NamespacedObjectReference + + +
+(Optional) +

DependsOn may contain a meta.NamespacedObjectReference slice with +references to HelmRelease resources that must be ready before this HelmRelease +can be reconciled.

+
+timeout
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Timeout is the time to wait for any individual Kubernetes operation (like Jobs +for hooks) during the performance of a Helm action. Defaults to ‘5m0s’.

+
+maxHistory
+ +int + +
+(Optional) +

MaxHistory is the number of revisions saved by Helm for this HelmRelease. +Use ‘0’ for an unlimited number of revisions; defaults to ‘10’.

+
+serviceAccountName
+ +string + +
+(Optional) +

The name of the Kubernetes service account to impersonate +when reconciling this HelmRelease.

+
+persistentClient
+ +bool + +
+(Optional) +

PersistentClient tells the controller to use a persistent Kubernetes +client for this release. When enabled, the client will be reused for the +duration of the reconciliation, instead of being created and destroyed +for each (step of a) Helm action.

+

This can improve performance, but may cause issues with some Helm charts +that for example do create Custom Resource Definitions during installation +outside Helm’s CRD lifecycle hooks, which are then not observed to be +available by e.g. post-install hooks.

+

If not set, it defaults to true.

+
+install
+ + +Install + + +
+(Optional) +

Install holds the configuration for Helm install actions for this HelmRelease.

+
+upgrade
+ + +Upgrade + + +
+(Optional) +

Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.

+
+test
+ + +Test + + +
+(Optional) +

Test holds the configuration for Helm test actions for this HelmRelease.

+
+rollback
+ + +Rollback + + +
+(Optional) +

Rollback holds the configuration for Helm rollback actions for this HelmRelease.

+
+uninstall
+ + +Uninstall + + +
+(Optional) +

Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.

+
+valuesFrom
+ + +[]ValuesReference + + +
+

ValuesFrom holds references to resources containing Helm values for this HelmRelease, +and information about how they should be merged.

+
+values
+ + +Kubernetes pkg/apis/apiextensions/v1.JSON + + +
+(Optional) +

Values holds the values for this Helm release.

+
+postRenderers
+ + +[]PostRenderer + + +
+(Optional) +

PostRenderers holds an array of Helm PostRenderers, which will be applied in order +of their definition.

+
+
+
+

HelmReleaseStatus +

+

+(Appears on: +HelmRelease) +

+

HelmReleaseStatus defines the observed state of a HelmRelease.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+observedGeneration
+ +int64 + +
+(Optional) +

ObservedGeneration is the last observed generation.

+
+conditions
+ + +[]Kubernetes meta/v1.Condition + + +
+(Optional) +

Conditions holds the conditions for the HelmRelease.

+
+helmChart
+ +string + +
+(Optional) +

HelmChart is the namespaced name of the HelmChart resource created by +the controller for the HelmRelease.

+
+storageNamespace
+ +string + +
+(Optional) +

StorageNamespace is the namespace of the Helm release storage for the +Current release.

+
+current
+ + +HelmReleaseInfo + + +
+(Optional) +

Current holds the latest observed HelmReleaseInfo for the current +release.

+
+previous
+ + +HelmReleaseInfo + + +
+(Optional) +

Previous holds the latest observed HelmReleaseInfo for the previous +release.

+
+failures
+ +int64 + +
+(Optional) +

Failures is the reconciliation failure count against the latest desired +state. It is reset after a successful reconciliation.

+
+installFailures
+ +int64 + +
+(Optional) +

InstallFailures is the install failure count against the latest desired +state. It is reset after a successful reconciliation.

+
+upgradeFailures
+ +int64 + +
+(Optional) +

UpgradeFailures is the upgrade failure count against the latest desired +state. It is reset after a successful reconciliation.

+
+lastAttemptedRevision
+ +string + +
+(Optional) +

LastAttemptedRevision is the Source revision of the last reconciliation +attempt.

+
+lastAttemptedValuesChecksum
+ +string + +
+(Optional) +

LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last +reconciliation attempt.

+
+ReconcileRequestStatus
+ + +github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus + + +
+

+(Members of ReconcileRequestStatus are embedded into this type.) +

+
+
+
+

HelmReleaseTestHook +

+

+(Appears on: +HelmReleaseInfo) +

+

HelmReleaseTestHook holds the status information for a test hook as observed +to be run by the controller.

+
+
+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+lastStarted
+ + +Kubernetes meta/v1.Time + + +
+(Optional) +

LastStarted is the time the test hook was last started.

+
+lastCompleted
+ + +Kubernetes meta/v1.Time + + +
+(Optional) +

LastCompleted is the time the test hook last completed.

+
+phase
+ +string + +
+(Optional) +

Phase the test hook was observed to be in.

+
+
+
+

Install +

+

+(Appears on: +HelmReleaseSpec) +

+

Install holds the configuration for Helm install actions performed for this +HelmRelease.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+timeout
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Timeout is the time to wait for any individual Kubernetes operation (like +Jobs for hooks) during the performance of a Helm install action. Defaults to +‘HelmReleaseSpec.Timeout’.

+
+remediation
+ + +InstallRemediation + + +
+(Optional) +

Remediation holds the remediation configuration for when the Helm install +action for the HelmRelease fails. The default is to not perform any action.

+
+disableWait
+ +bool + +
+(Optional) +

DisableWait disables the waiting for resources to be ready after a Helm +install has been performed.

+
+disableWaitForJobs
+ +bool + +
+(Optional) +

DisableWaitForJobs disables waiting for jobs to complete after a Helm +install has been performed.

+
+disableHooks
+ +bool + +
+(Optional) +

DisableHooks prevents hooks from running during the Helm install action.

+
+disableOpenAPIValidation
+ +bool + +
+(Optional) +

DisableOpenAPIValidation prevents the Helm install action from validating +rendered templates against the Kubernetes OpenAPI Schema.

+
+replace
+ +bool + +
+(Optional) +

Replace tells the Helm install action to re-use the ‘ReleaseName’, but only +if that name is a deleted release which remains in the history.

+
+skipCRDs
+ +bool + +
+(Optional) +

SkipCRDs tells the Helm install action to not install any CRDs. By default, +CRDs are installed if not already present.

+

Deprecated use CRD policy (crds) attribute with value Skip instead.

+
+crds
+ + +CRDsPolicy + + +
+(Optional) +

CRDs upgrade CRDs from the Helm Chart’s crds directory according +to the CRD upgrade policy provided here. Valid values are Skip, +Create or CreateReplace. Default is Create and if omitted +CRDs are installed but not updated.

+

Skip: do neither install nor replace (update) any CRDs.

+

Create: new CRDs are created, existing CRDs are neither updated nor deleted.

+

CreateReplace: new CRDs are created, existing CRDs are updated (replaced) +but not deleted.

+

By default, CRDs are applied (installed) during Helm install action. +With this option users can opt in to CRD replace existing CRDs on Helm +install actions, which is not (yet) natively supported by Helm. +https://helm.sh/docs/chart_best_practices/custom_resource_definitions.

+
+createNamespace
+ +bool + +
+(Optional) +

CreateNamespace tells the Helm install action to create the +HelmReleaseSpec.TargetNamespace if it does not exist yet. +On uninstall, the namespace will not be garbage collected.

+
+
+
+

InstallRemediation +

+

+(Appears on: +Install) +

+

InstallRemediation holds the configuration for Helm install remediation.

+
+
+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+retries
+ +int + +
+(Optional) +

Retries is the number of retries that should be attempted on failures before +bailing. Remediation, using an uninstall, is performed between each attempt. +Defaults to ‘0’, a negative integer equals to unlimited retries.

+
+ignoreTestFailures
+ +bool + +
+(Optional) +

IgnoreTestFailures tells the controller to skip remediation when the Helm +tests are run after an install action but fail. Defaults to +‘Test.IgnoreFailures’.

+
+remediateLastFailure
+ +bool + +
+(Optional) +

RemediateLastFailure tells the controller to remediate the last failure, when +no retries remain. Defaults to ‘false’.

+
+
+
+

Kustomize +

+

+(Appears on: +PostRenderer) +

+

Kustomize Helm PostRenderer specification.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+patches
+ + +[]github.com/fluxcd/pkg/apis/kustomize.Patch + + +
+(Optional) +

Strategic merge and JSON patches, defined as inline YAML objects, +capable of targeting objects based on kind, label and annotation selectors.

+
+patchesStrategicMerge
+ + +[]Kubernetes pkg/apis/apiextensions/v1.JSON + + +
+(Optional) +

Strategic merge patches, defined as inline YAML objects.

+
+patchesJson6902
+ + +[]github.com/fluxcd/pkg/apis/kustomize.JSON6902Patch + + +
+(Optional) +

JSON 6902 patches, defined as inline YAML objects.

+
+images
+ + +[]github.com/fluxcd/pkg/apis/kustomize.Image + + +
+(Optional) +

Images is a list of (image name, new name, new tag or digest) +for changing image names, tags or digests. This can also be achieved with a +patch, but this operator is simpler to specify.

+
+
+
+

PostRenderer +

+

+(Appears on: +HelmReleaseSpec) +

+

PostRenderer contains a Helm PostRenderer specification.

+
+
+ + + + + + + + + + + + + +
FieldDescription
+kustomize
+ + +Kustomize + + +
+(Optional) +

Kustomization to apply as PostRenderer.

+
+
+
+

Remediation +

+

Remediation defines a consistent interface for InstallRemediation and +UpgradeRemediation.

+

RemediationStrategy +(string alias)

+

+(Appears on: +UpgradeRemediation) +

+

RemediationStrategy returns the strategy to use to remediate a failed install +or upgrade.

+

Rollback +

+

+(Appears on: +HelmReleaseSpec) +

+

Rollback holds the configuration for Helm rollback actions for this +HelmRelease.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+timeout
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Timeout is the time to wait for any individual Kubernetes operation (like +Jobs for hooks) during the performance of a Helm rollback action. Defaults to +‘HelmReleaseSpec.Timeout’.

+
+disableWait
+ +bool + +
+(Optional) +

DisableWait disables the waiting for resources to be ready after a Helm +rollback has been performed.

+
+disableWaitForJobs
+ +bool + +
+(Optional) +

DisableWaitForJobs disables waiting for jobs to complete after a Helm +rollback has been performed.

+
+disableHooks
+ +bool + +
+(Optional) +

DisableHooks prevents hooks from running during the Helm rollback action.

+
+recreate
+ +bool + +
+(Optional) +

Recreate performs pod restarts for the resource if applicable.

+
+force
+ +bool + +
+(Optional) +

Force forces resource updates through a replacement strategy.

+
+cleanupOnFail
+ +bool + +
+(Optional) +

CleanupOnFail allows deletion of new resources created during the Helm +rollback action when it fails.

+
+
+
+

Test +

+

+(Appears on: +HelmReleaseSpec) +

+

Test holds the configuration for Helm test actions for this HelmRelease.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+enable
+ +bool + +
+(Optional) +

Enable enables Helm test actions for this HelmRelease after an Helm install +or upgrade action has been performed.

+
+timeout
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Timeout is the time to wait for any individual Kubernetes operation during +the performance of a Helm test action. Defaults to ‘HelmReleaseSpec.Timeout’.

+
+ignoreFailures
+ +bool + +
+(Optional) +

IgnoreFailures tells the controller to skip remediation when the Helm tests +are run but fail. Can be overwritten for tests run after install or upgrade +actions in ‘Install.IgnoreTestFailures’ and ‘Upgrade.IgnoreTestFailures’.

+
+filters
+ + +Filter + + +
+

Filters is a list of tests to run or exclude from running.

+
+
+
+

Uninstall +

+

+(Appears on: +HelmReleaseSpec) +

+

Uninstall holds the configuration for Helm uninstall actions for this +HelmRelease.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+timeout
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Timeout is the time to wait for any individual Kubernetes operation (like +Jobs for hooks) during the performance of a Helm uninstall action. Defaults +to ‘HelmReleaseSpec.Timeout’.

+
+disableHooks
+ +bool + +
+(Optional) +

DisableHooks prevents hooks from running during the Helm rollback action.

+
+keepHistory
+ +bool + +
+(Optional) +

KeepHistory tells Helm to remove all associated resources and mark the +release as deleted, but retain the release history.

+
+disableWait
+ +bool + +
+(Optional) +

DisableWait disables waiting for all the resources to be deleted after +a Helm uninstall is performed.

+
+deletionPropagation
+ +string + +
+(Optional) +

DeletionPropagation specifies the deletion propagation policy when +a Helm uninstall is performed.

+
+
+
+

Upgrade +

+

+(Appears on: +HelmReleaseSpec) +

+

Upgrade holds the configuration for Helm upgrade actions for this +HelmRelease.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+timeout
+ + +Kubernetes meta/v1.Duration + + +
+(Optional) +

Timeout is the time to wait for any individual Kubernetes operation (like +Jobs for hooks) during the performance of a Helm upgrade action. Defaults to +‘HelmReleaseSpec.Timeout’.

+
+remediation
+ + +UpgradeRemediation + + +
+(Optional) +

Remediation holds the remediation configuration for when the Helm upgrade +action for the HelmRelease fails. The default is to not perform any action.

+
+disableWait
+ +bool + +
+(Optional) +

DisableWait disables the waiting for resources to be ready after a Helm +upgrade has been performed.

+
+disableWaitForJobs
+ +bool + +
+(Optional) +

DisableWaitForJobs disables waiting for jobs to complete after a Helm +upgrade has been performed.

+
+disableHooks
+ +bool + +
+(Optional) +

DisableHooks prevents hooks from running during the Helm upgrade action.

+
+disableOpenAPIValidation
+ +bool + +
+(Optional) +

DisableOpenAPIValidation prevents the Helm upgrade action from validating +rendered templates against the Kubernetes OpenAPI Schema.

+
+force
+ +bool + +
+(Optional) +

Force forces resource updates through a replacement strategy.

+
+preserveValues
+ +bool + +
+(Optional) +

PreserveValues will make Helm reuse the last release’s values and merge in +overrides from ‘Values’. Setting this flag makes the HelmRelease +non-declarative.

+
+cleanupOnFail
+ +bool + +
+(Optional) +

CleanupOnFail allows deletion of new resources created during the Helm +upgrade action when it fails.

+
+crds
+ + +CRDsPolicy + + +
+(Optional) +

CRDs upgrade CRDs from the Helm Chart’s crds directory according +to the CRD upgrade policy provided here. Valid values are Skip, +Create or CreateReplace. Default is Skip and if omitted +CRDs are neither installed nor upgraded.

+

Skip: do neither install nor replace (update) any CRDs.

+

Create: new CRDs are created, existing CRDs are neither updated nor deleted.

+

CreateReplace: new CRDs are created, existing CRDs are updated (replaced) +but not deleted.

+

By default, CRDs are not applied during Helm upgrade action. With this +option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. +https://helm.sh/docs/chart_best_practices/custom_resource_definitions.

+
+
+
+

UpgradeRemediation +

+

+(Appears on: +Upgrade) +

+

UpgradeRemediation holds the configuration for Helm upgrade remediation.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+retries
+ +int + +
+(Optional) +

Retries is the number of retries that should be attempted on failures before +bailing. Remediation, using ‘Strategy’, is performed between each attempt. +Defaults to ‘0’, a negative integer equals to unlimited retries.

+
+ignoreTestFailures
+ +bool + +
+(Optional) +

IgnoreTestFailures tells the controller to skip remediation when the Helm +tests are run after an upgrade action but fail. +Defaults to ‘Test.IgnoreFailures’.

+
+remediateLastFailure
+ +bool + +
+(Optional) +

RemediateLastFailure tells the controller to remediate the last failure, when +no retries remain. Defaults to ‘false’ unless ‘Retries’ is greater than 0.

+
+strategy
+ + +RemediationStrategy + + +
+(Optional) +

Strategy to use for failure remediation. Defaults to ‘rollback’.

+
+
+
+

ValuesReference +

+

+(Appears on: +HelmReleaseSpec) +

+

ValuesReference contains a reference to a resource containing Helm values, +and optionally the key they can be found at.

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+kind
+ +string + +
+

Kind of the values referent, valid values are (‘Secret’, ‘ConfigMap’).

+
+name
+ +string + +
+

Name of the values referent. Should reside in the same namespace as the +referring resource.

+
+valuesKey
+ +string + +
+(Optional) +

ValuesKey is the data key where the values.yaml or a specific value can be +found at. Defaults to ‘values.yaml’.

+
+targetPath
+ +string + +
+(Optional) +

TargetPath is the YAML dot notation path the value should be merged at. When +set, the ValuesKey is expected to be a single flat value. Defaults to ‘None’, +which results in the values getting merged at the root.

+
+optional
+ +bool + +
+(Optional) +

Optional marks this ValuesReference as optional. When set, a not found error +for the values reference is ignored, but any ValuesKey, TargetPath or +transient error will still result in a reconciliation failure.

+
+
+
+
+

This page was automatically generated with gen-crd-api-reference-docs

+
From bb4e9b7cee6adf88098dcf634ba6df0b0967d911 Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Fri, 16 Jun 2023 21:57:55 +0200 Subject: [PATCH 28/76] Update YAMLs to `helm.toolkit.fluxcd.io/v2beta2` Signed-off-by: Hidde Beydals --- ...itory.yaml => helm_v2beta2_helmrelease_gitrepository.yaml} | 2 +- ...tory.yaml => helm_v2beta2_helmrelease_helmrepository.yaml} | 2 +- config/testdata/crds-upgrade/create-replace/helmrelease.yaml | 2 +- config/testdata/crds-upgrade/create/helmrelease.yaml | 2 +- config/testdata/crds-upgrade/init/helmrelease.yaml | 2 +- config/testdata/delete-ns/test.yaml | 2 +- config/testdata/dependencies/helmrelease-backend.yaml | 2 +- config/testdata/dependencies/helmrelease-frontend.yaml | 2 +- config/testdata/impersonation/test.yaml | 4 ++-- config/testdata/install-create-target-ns/helmrelease.yaml | 2 +- config/testdata/install-fail-remediate/helmrelease.yaml | 2 +- config/testdata/install-fail-retry/helmrelease.yaml | 2 +- config/testdata/install-fail/helmrelease.yaml | 2 +- config/testdata/install-test-fail-ignore/helmrelease.yaml | 2 +- config/testdata/install-test-fail/helmrelease.yaml | 2 +- config/testdata/podinfo/helmrelease-git.yaml | 2 +- config/testdata/podinfo/helmrelease-oci.yaml | 2 +- config/testdata/podinfo/helmrelease.yaml | 2 +- config/testdata/post-renderer-kustomize/helmrelease.yaml | 2 +- config/testdata/status-defaults/helmrelease.yaml | 2 +- config/testdata/targetnamespace/helmrelease.yaml | 2 +- config/testdata/upgrade-fail-remediate-uninstall/install.yaml | 2 +- config/testdata/upgrade-fail-remediate-uninstall/upgrade.yaml | 2 +- config/testdata/upgrade-fail-remediate/install.yaml | 2 +- config/testdata/upgrade-fail-remediate/upgrade.yaml | 2 +- config/testdata/upgrade-fail-retry/install.yaml | 2 +- config/testdata/upgrade-fail-retry/upgrade.yaml | 2 +- config/testdata/upgrade-fail/install.yaml | 2 +- config/testdata/upgrade-fail/upgrade.yaml | 2 +- config/testdata/upgrade-test-fail/install.yaml | 2 +- config/testdata/upgrade-test-fail/upgrade.yaml | 2 +- config/testdata/valuesfrom/helmrelease.yaml | 2 +- 32 files changed, 33 insertions(+), 33 deletions(-) rename config/samples/{helm_v2beta1_helmrelease_gitrepository.yaml => helm_v2beta2_helmrelease_gitrepository.yaml} (87%) rename config/samples/{helm_v2beta1_helmrelease_helmrepository.yaml => helm_v2beta2_helmrelease_helmrepository.yaml} (88%) diff --git a/config/samples/helm_v2beta1_helmrelease_gitrepository.yaml b/config/samples/helm_v2beta2_helmrelease_gitrepository.yaml similarity index 87% rename from config/samples/helm_v2beta1_helmrelease_gitrepository.yaml rename to config/samples/helm_v2beta2_helmrelease_gitrepository.yaml index 256b8ca98..0f8d46335 100644 --- a/config/samples/helm_v2beta1_helmrelease_gitrepository.yaml +++ b/config/samples/helm_v2beta2_helmrelease_gitrepository.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo-gitrepository diff --git a/config/samples/helm_v2beta1_helmrelease_helmrepository.yaml b/config/samples/helm_v2beta2_helmrelease_helmrepository.yaml similarity index 88% rename from config/samples/helm_v2beta1_helmrelease_helmrepository.yaml rename to config/samples/helm_v2beta2_helmrelease_helmrepository.yaml index 7a52c3a36..06461c1b1 100644 --- a/config/samples/helm_v2beta1_helmrelease_helmrepository.yaml +++ b/config/samples/helm_v2beta2_helmrelease_helmrepository.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo-helmrepository diff --git a/config/testdata/crds-upgrade/create-replace/helmrelease.yaml b/config/testdata/crds-upgrade/create-replace/helmrelease.yaml index 5f21e5110..2df971a84 100644 --- a/config/testdata/crds-upgrade/create-replace/helmrelease.yaml +++ b/config/testdata/crds-upgrade/create-replace/helmrelease.yaml @@ -1,5 +1,5 @@ --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: crds-upgrade-test diff --git a/config/testdata/crds-upgrade/create/helmrelease.yaml b/config/testdata/crds-upgrade/create/helmrelease.yaml index de3b993e1..1e268c18e 100644 --- a/config/testdata/crds-upgrade/create/helmrelease.yaml +++ b/config/testdata/crds-upgrade/create/helmrelease.yaml @@ -1,5 +1,5 @@ --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: crds-upgrade-test diff --git a/config/testdata/crds-upgrade/init/helmrelease.yaml b/config/testdata/crds-upgrade/init/helmrelease.yaml index bfc595332..43da9323e 100644 --- a/config/testdata/crds-upgrade/init/helmrelease.yaml +++ b/config/testdata/crds-upgrade/init/helmrelease.yaml @@ -1,5 +1,5 @@ --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: crds-upgrade-test diff --git a/config/testdata/delete-ns/test.yaml b/config/testdata/delete-ns/test.yaml index f2bc4a082..71f10b596 100644 --- a/config/testdata/delete-ns/test.yaml +++ b/config/testdata/delete-ns/test.yaml @@ -51,7 +51,7 @@ spec: interval: 1m url: https://stefanprodan.github.io/podinfo --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo diff --git a/config/testdata/dependencies/helmrelease-backend.yaml b/config/testdata/dependencies/helmrelease-backend.yaml index abbad7c6c..bdf55e671 100644 --- a/config/testdata/dependencies/helmrelease-backend.yaml +++ b/config/testdata/dependencies/helmrelease-backend.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: backend diff --git a/config/testdata/dependencies/helmrelease-frontend.yaml b/config/testdata/dependencies/helmrelease-frontend.yaml index 5756725b4..91e327687 100644 --- a/config/testdata/dependencies/helmrelease-frontend.yaml +++ b/config/testdata/dependencies/helmrelease-frontend.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: frontend diff --git a/config/testdata/impersonation/test.yaml b/config/testdata/impersonation/test.yaml index e60c74a81..12edeea66 100644 --- a/config/testdata/impersonation/test.yaml +++ b/config/testdata/impersonation/test.yaml @@ -51,7 +51,7 @@ spec: interval: 1m url: https://stefanprodan.github.io/podinfo --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo @@ -67,7 +67,7 @@ spec: kind: HelmRepository name: podinfo --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo-fail diff --git a/config/testdata/install-create-target-ns/helmrelease.yaml b/config/testdata/install-create-target-ns/helmrelease.yaml index 69b3b8c10..92275fef8 100644 --- a/config/testdata/install-create-target-ns/helmrelease.yaml +++ b/config/testdata/install-create-target-ns/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: install-create-target-ns diff --git a/config/testdata/install-fail-remediate/helmrelease.yaml b/config/testdata/install-fail-remediate/helmrelease.yaml index 94733cee9..e464fe3ce 100644 --- a/config/testdata/install-fail-remediate/helmrelease.yaml +++ b/config/testdata/install-fail-remediate/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: install-fail-remediate diff --git a/config/testdata/install-fail-retry/helmrelease.yaml b/config/testdata/install-fail-retry/helmrelease.yaml index 72ad3adcb..c222b95fa 100644 --- a/config/testdata/install-fail-retry/helmrelease.yaml +++ b/config/testdata/install-fail-retry/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: install-fail-retry diff --git a/config/testdata/install-fail/helmrelease.yaml b/config/testdata/install-fail/helmrelease.yaml index 7cd37fc71..12935d988 100644 --- a/config/testdata/install-fail/helmrelease.yaml +++ b/config/testdata/install-fail/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: install-fail diff --git a/config/testdata/install-test-fail-ignore/helmrelease.yaml b/config/testdata/install-test-fail-ignore/helmrelease.yaml index d4d050f89..93567f7cb 100644 --- a/config/testdata/install-test-fail-ignore/helmrelease.yaml +++ b/config/testdata/install-test-fail-ignore/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: install-test-fail-ignore diff --git a/config/testdata/install-test-fail/helmrelease.yaml b/config/testdata/install-test-fail/helmrelease.yaml index 39ea4d260..85a6e589a 100644 --- a/config/testdata/install-test-fail/helmrelease.yaml +++ b/config/testdata/install-test-fail/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: install-test-fail diff --git a/config/testdata/podinfo/helmrelease-git.yaml b/config/testdata/podinfo/helmrelease-git.yaml index 2e8d46084..9ceffa8f6 100644 --- a/config/testdata/podinfo/helmrelease-git.yaml +++ b/config/testdata/podinfo/helmrelease-git.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo-git diff --git a/config/testdata/podinfo/helmrelease-oci.yaml b/config/testdata/podinfo/helmrelease-oci.yaml index 10e078bee..e1880d7a1 100644 --- a/config/testdata/podinfo/helmrelease-oci.yaml +++ b/config/testdata/podinfo/helmrelease-oci.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo-oci diff --git a/config/testdata/podinfo/helmrelease.yaml b/config/testdata/podinfo/helmrelease.yaml index 3c6c7b4b1..bd79661f7 100644 --- a/config/testdata/podinfo/helmrelease.yaml +++ b/config/testdata/podinfo/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: podinfo diff --git a/config/testdata/post-renderer-kustomize/helmrelease.yaml b/config/testdata/post-renderer-kustomize/helmrelease.yaml index 6f33528ba..9c5707604 100644 --- a/config/testdata/post-renderer-kustomize/helmrelease.yaml +++ b/config/testdata/post-renderer-kustomize/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: post-renderer-kustomize diff --git a/config/testdata/status-defaults/helmrelease.yaml b/config/testdata/status-defaults/helmrelease.yaml index 32d753ff7..ce7710dc6 100644 --- a/config/testdata/status-defaults/helmrelease.yaml +++ b/config/testdata/status-defaults/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: status-defaults diff --git a/config/testdata/targetnamespace/helmrelease.yaml b/config/testdata/targetnamespace/helmrelease.yaml index abe5e5747..80ac9e17a 100644 --- a/config/testdata/targetnamespace/helmrelease.yaml +++ b/config/testdata/targetnamespace/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: targetnamespace diff --git a/config/testdata/upgrade-fail-remediate-uninstall/install.yaml b/config/testdata/upgrade-fail-remediate-uninstall/install.yaml index 7871e8ac9..8ea8c1ae7 100644 --- a/config/testdata/upgrade-fail-remediate-uninstall/install.yaml +++ b/config/testdata/upgrade-fail-remediate-uninstall/install.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-fail-remediate-uninstall diff --git a/config/testdata/upgrade-fail-remediate-uninstall/upgrade.yaml b/config/testdata/upgrade-fail-remediate-uninstall/upgrade.yaml index 92e372f31..a169b79b1 100644 --- a/config/testdata/upgrade-fail-remediate-uninstall/upgrade.yaml +++ b/config/testdata/upgrade-fail-remediate-uninstall/upgrade.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-fail-remediate-uninstall diff --git a/config/testdata/upgrade-fail-remediate/install.yaml b/config/testdata/upgrade-fail-remediate/install.yaml index a6b4e92a8..3ddb6b53c 100644 --- a/config/testdata/upgrade-fail-remediate/install.yaml +++ b/config/testdata/upgrade-fail-remediate/install.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-fail-remediate diff --git a/config/testdata/upgrade-fail-remediate/upgrade.yaml b/config/testdata/upgrade-fail-remediate/upgrade.yaml index a2def1fac..07972aa03 100644 --- a/config/testdata/upgrade-fail-remediate/upgrade.yaml +++ b/config/testdata/upgrade-fail-remediate/upgrade.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-fail-remediate diff --git a/config/testdata/upgrade-fail-retry/install.yaml b/config/testdata/upgrade-fail-retry/install.yaml index 63cad76ee..e7512b10a 100644 --- a/config/testdata/upgrade-fail-retry/install.yaml +++ b/config/testdata/upgrade-fail-retry/install.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-fail-retry diff --git a/config/testdata/upgrade-fail-retry/upgrade.yaml b/config/testdata/upgrade-fail-retry/upgrade.yaml index 32ced3592..acf9c4b5c 100644 --- a/config/testdata/upgrade-fail-retry/upgrade.yaml +++ b/config/testdata/upgrade-fail-retry/upgrade.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-fail-retry diff --git a/config/testdata/upgrade-fail/install.yaml b/config/testdata/upgrade-fail/install.yaml index 39a5414f2..ec7872c7d 100644 --- a/config/testdata/upgrade-fail/install.yaml +++ b/config/testdata/upgrade-fail/install.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-fail diff --git a/config/testdata/upgrade-fail/upgrade.yaml b/config/testdata/upgrade-fail/upgrade.yaml index edcc45f0e..52468c434 100644 --- a/config/testdata/upgrade-fail/upgrade.yaml +++ b/config/testdata/upgrade-fail/upgrade.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-fail diff --git a/config/testdata/upgrade-test-fail/install.yaml b/config/testdata/upgrade-test-fail/install.yaml index 78cbe3984..a5644cbce 100644 --- a/config/testdata/upgrade-test-fail/install.yaml +++ b/config/testdata/upgrade-test-fail/install.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-test-fail diff --git a/config/testdata/upgrade-test-fail/upgrade.yaml b/config/testdata/upgrade-test-fail/upgrade.yaml index defdcde49..e976a63c0 100644 --- a/config/testdata/upgrade-test-fail/upgrade.yaml +++ b/config/testdata/upgrade-test-fail/upgrade.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: upgrade-test-fail diff --git a/config/testdata/valuesfrom/helmrelease.yaml b/config/testdata/valuesfrom/helmrelease.yaml index 76937bfda..d1ea55e58 100644 --- a/config/testdata/valuesfrom/helmrelease.yaml +++ b/config/testdata/valuesfrom/helmrelease.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: valuesfrom From eee91b06fad4d357d8e0a76836ee5a02f042b5fa Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Mon, 17 Jul 2023 22:57:31 +0200 Subject: [PATCH 29/76] Introduce new `yaml` package with `Encode` func Comparison versus `sigs.k8s.io/yaml#Marshal`: ``` BenchmarkEncode/EncodeWithSort-12 475 2419063 ns/op 2235305 B/op 5398 allocs/op BenchmarkEncode/EncodeWithSort-12 498 2406794 ns/op 2235300 B/op 5398 allocs/op BenchmarkEncode/EncodeWithSort-12 492 2376460 ns/op 2235312 B/op 5398 allocs/op BenchmarkEncode/EncodeWithSort-12 496 2406756 ns/op 2235323 B/op 5398 allocs/op BenchmarkEncode/EncodeWithSort-12 488 2402969 ns/op 2235336 B/op 5398 allocs/op BenchmarkEncode/SigYAMLMarshal-12 202 5791549 ns/op 3124841 B/op 19324 allocs/op BenchmarkEncode/SigYAMLMarshal-12 205 5780248 ns/op 3123193 B/op 19320 allocs/op BenchmarkEncode/SigYAMLMarshal-12 207 5762621 ns/op 3124537 B/op 19324 allocs/op BenchmarkEncode/SigYAMLMarshal-12 214 5748899 ns/op 3121183 B/op 19324 allocs/op BenchmarkEncode/SigYAMLMarshal-12 211 5682105 ns/op 3120592 B/op 19325 allocs/op ``` Signed-off-by: Hidde Beydals --- api/go.mod | 1 + api/go.sum | 1 + api/v2beta2/helmrelease_types.go | 4 +- internal/chartutil/digest.go | 25 +- internal/chartutil/digest_test.go | 199 +- internal/util/util.go | 77 +- internal/util/util_test.go | 132 - internal/yaml/encode.go | 43 + internal/yaml/encode_test.go | 106 + internal/yaml/sort.go | 44 + internal/yaml/sort_test.go | 183 ++ internal/yaml/testdata/values.yaml | 4043 ++++++++++++++++++++++++++++ 12 files changed, 4637 insertions(+), 221 deletions(-) create mode 100644 internal/yaml/encode.go create mode 100644 internal/yaml/encode_test.go create mode 100644 internal/yaml/sort.go create mode 100644 internal/yaml/sort_test.go create mode 100644 internal/yaml/testdata/values.yaml diff --git a/api/go.mod b/api/go.mod index 46f8471a9..8f3dd950d 100644 --- a/api/go.mod +++ b/api/go.mod @@ -8,6 +8,7 @@ require ( k8s.io/apiextensions-apiserver v0.27.4 k8s.io/apimachinery v0.27.4 sigs.k8s.io/controller-runtime v0.15.1 + sigs.k8s.io/yaml v1.3.0 ) require ( diff --git a/api/go.sum b/api/go.sum index 4a51f5632..819d8c518 100644 --- a/api/go.sum +++ b/api/go.sum @@ -103,3 +103,4 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h6 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/api/v2beta2/helmrelease_types.go b/api/v2beta2/helmrelease_types.go index f6fac5d73..707abcba4 100644 --- a/api/v2beta2/helmrelease_types.go +++ b/api/v2beta2/helmrelease_types.go @@ -17,7 +17,6 @@ limitations under the License. package v2beta2 import ( - "encoding/json" "fmt" "strings" "time" @@ -25,6 +24,7 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/yaml" "github.com/fluxcd/pkg/apis/kustomize" "github.com/fluxcd/pkg/apis/meta" @@ -1118,7 +1118,7 @@ func (in HelmRelease) GetRequeueAfter() time.Duration { func (in HelmRelease) GetValues() map[string]interface{} { var values map[string]interface{} if in.Spec.Values != nil { - _ = json.Unmarshal(in.Spec.Values.Raw, &values) + _ = yaml.Unmarshal(in.Spec.Values.Raw, &values) } return values } diff --git a/internal/chartutil/digest.go b/internal/chartutil/digest.go index b17b5b8d2..5a5cf83cc 100644 --- a/internal/chartutil/digest.go +++ b/internal/chartutil/digest.go @@ -19,14 +19,18 @@ package chartutil import ( "github.com/opencontainers/go-digest" "helm.sh/helm/v3/pkg/chartutil" + + intyaml "github.com/fluxcd/helm-controller/internal/yaml" ) // DigestValues calculates the digest of the values using the provided algorithm. // The caller is responsible for ensuring that the algorithm is supported. func DigestValues(algo digest.Algorithm, values chartutil.Values) digest.Digest { digester := algo.Digester() - if err := values.Encode(digester.Hash()); err != nil { - return "" + if values = valuesOrNil(values); values != nil { + if err := intyaml.Encode(digester.Hash(), values, intyaml.SortMapSlice); err != nil { + return "" + } } return digester.Digest() } @@ -36,9 +40,22 @@ func VerifyValues(digest digest.Digest, values chartutil.Values) bool { if digest.Validate() != nil { return false } + verifier := digest.Verifier() - if err := values.Encode(verifier); err != nil { - return false + if values = valuesOrNil(values); values != nil { + if err := intyaml.Encode(verifier, values, intyaml.SortMapSlice); err != nil { + return false + } } return verifier.Verified() } + +// valuesOrNil returns nil if the values are empty, otherwise the values are +// returned. This is used to ensure that the digest is calculated against nil +// opposed to an empty object. +func valuesOrNil(values chartutil.Values) chartutil.Values { + if values != nil && len(values) == 0 { + return nil + } + return values +} diff --git a/internal/chartutil/digest_test.go b/internal/chartutil/digest_test.go index 8f03adbfb..54368d41a 100644 --- a/internal/chartutil/digest_test.go +++ b/internal/chartutil/digest_test.go @@ -23,45 +23,222 @@ import ( "helm.sh/helm/v3/pkg/chartutil" ) -const testDigestAlgo = digest.SHA256 - func TestDigestValues(t *testing.T) { tests := []struct { name string + algo digest.Algorithm values chartutil.Values want digest.Digest }{ { name: "empty", + algo: digest.SHA256, values: chartutil.Values{}, - want: "sha256:ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356", + want: "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + }, + { + name: "nil", + algo: digest.SHA256, + values: nil, + want: "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", }, { name: "value map", + algo: digest.SHA256, values: chartutil.Values{ - "foo": "bar", - "baz": map[string]string{ - "cool": "stuff", + "replicas": 3, + "image": map[string]interface{}{ + "tag": "latest", + "repository": "nginx", + }, + "ports": []interface{}{ + map[string]interface{}{ + "protocol": "TCP", + "port": 8080, + }, + map[string]interface{}{ + "port": 9090, + "protocol": "UDP", + }, }, }, - want: "sha256:3f3641788a2d4abda3534eaa90c90b54916e4c6e3a5b2e1b24758b7bfa701ecd", + want: "sha256:fcdc2b0de1581a3633ada4afee3f918f6eaa5b5ab38c3fef03d5b48d3f85d9f6", }, { name: "value map in different order", + algo: digest.SHA256, values: chartutil.Values{ - "baz": map[string]string{ - "cool": "stuff", + "image": map[string]interface{}{ + "repository": "nginx", + "tag": "latest", + }, + "ports": []interface{}{ + map[string]interface{}{ + "port": 8080, + "protocol": "TCP", + }, + map[string]interface{}{ + "port": 9090, + "protocol": "UDP", + }, + }, + "replicas": 3, + }, + want: "sha256:fcdc2b0de1581a3633ada4afee3f918f6eaa5b5ab38c3fef03d5b48d3f85d9f6", + }, + { + // Explicit test for something that does not work with sigs.k8s.io/yaml. + // See: https://go.dev/play/p/KRyfK9ZobZx + name: "values map with numeric keys", + algo: digest.SHA256, + values: chartutil.Values{ + "replicas": 3, + "test": map[string]interface{}{ + "632bd80235a05f4192aefade": "value1", + "632bd80ddf416cf32fd50679": "value2", + "632bd817c559818a52307da2": "value3", + "632bd82398e71231a98004b6": "value4", + }, + }, + want: "sha256:8a980fcbeadd6f05818f07e8aec14070c22250ca3d96af1fcd5f93b3e85b4d70", + }, + { + name: "values map with numeric keys in different order", + algo: digest.SHA256, + values: chartutil.Values{ + "test": map[string]interface{}{ + "632bd82398e71231a98004b6": "value4", + "632bd817c559818a52307da2": "value3", + "632bd80ddf416cf32fd50679": "value2", + "632bd80235a05f4192aefade": "value1", }, + "replicas": 3, + }, + want: "sha256:8a980fcbeadd6f05818f07e8aec14070c22250ca3d96af1fcd5f93b3e85b4d70", + }, + { + name: "using different algorithm", + algo: digest.SHA512, + values: chartutil.Values{ "foo": "bar", + "baz": map[string]interface{}{ + "cool": "stuff", + }, }, - want: "sha256:3f3641788a2d4abda3534eaa90c90b54916e4c6e3a5b2e1b24758b7bfa701ecd", + want: "sha512:b5f9cd4855ca3b08afd602557f373069b1732ce2e6d52341481b0d38f1938452e9d7759ab177c66699962b592f20ceded03eea3cd405d8670578c47842e2c550", }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := DigestValues(testDigestAlgo, tt.values); got != tt.want { + if got := DigestValues(tt.algo, tt.values); got != tt.want { t.Errorf("DigestValues() = %v, want %v", got, tt.want) } }) } } + +func TestVerifyValues(t *testing.T) { + tests := []struct { + name string + digest digest.Digest + values chartutil.Values + want bool + }{ + { + name: "empty values", + digest: "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + values: chartutil.Values{}, + want: true, + }, + { + name: "nil values", + digest: "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + values: nil, + want: true, + }, + { + name: "empty digest", + digest: "", + want: false, + }, + { + name: "invalid digest", + digest: "sha512:invalid", + values: nil, + want: false, + }, + { + name: "matching values", + digest: "sha256:fcdc2b0de1581a3633ada4afee3f918f6eaa5b5ab38c3fef03d5b48d3f85d9f6", + values: chartutil.Values{ + "image": map[string]interface{}{ + "repository": "nginx", + "tag": "latest", + }, + "ports": []interface{}{ + map[string]interface{}{ + "port": 8080, + "protocol": "TCP", + }, + map[string]interface{}{ + "port": 9090, + "protocol": "UDP", + }, + }, + "replicas": 3, + }, + want: true, + }, + { + name: "matching values in different order", + digest: "sha256:fcdc2b0de1581a3633ada4afee3f918f6eaa5b5ab38c3fef03d5b48d3f85d9f6", + values: chartutil.Values{ + "replicas": 3, + "image": map[string]interface{}{ + "tag": "latest", + "repository": "nginx", + }, + "ports": []interface{}{ + map[string]interface{}{ + "protocol": "TCP", + "port": 8080, + }, + map[string]interface{}{ + "port": 9090, + "protocol": "UDP", + }, + }, + }, + want: true, + }, + { + name: "matching values with numeric keys", + digest: "sha256:8a980fcbeadd6f05818f07e8aec14070c22250ca3d96af1fcd5f93b3e85b4d70", + values: chartutil.Values{ + "replicas": 3, + "test": map[string]interface{}{ + "632bd80235a05f4192aefade": "value1", + "632bd80ddf416cf32fd50679": "value2", + "632bd817c559818a52307da2": "value3", + "632bd82398e71231a98004b6": "value4", + }, + }, + want: true, + }, + { + name: "mismatching values", + digest: "sha256:3f3641788a2d4abda3534eaa90c90b54916e4c6e3a5b2e1b24758b7bfa701ecd", + values: chartutil.Values{ + "foo": "bar", + }, + want: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := VerifyValues(tt.digest, tt.values); got != tt.want { + t.Errorf("VerifyValues() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/internal/util/util.go b/internal/util/util.go index 8c43d53b0..0845a12a0 100644 --- a/internal/util/util.go +++ b/internal/util/util.go @@ -17,14 +17,12 @@ limitations under the License. package util import ( + "bytes" "crypto/sha1" "fmt" - "sort" - - goyaml "gopkg.in/yaml.v2" + intyaml "github.com/fluxcd/helm-controller/internal/yaml" "helm.sh/helm/v3/pkg/chartutil" "helm.sh/helm/v3/pkg/release" - "sigs.k8s.io/yaml" ) // ValuesChecksum calculates and returns the SHA1 checksum for the @@ -40,76 +38,11 @@ func ValuesChecksum(values chartutil.Values) string { // OrderedValuesChecksum sort the chartutil.Values then calculates // and returns the SHA1 checksum for the sorted values. func OrderedValuesChecksum(values chartutil.Values) string { - var s []byte + var buf bytes.Buffer if len(values) != 0 { - msValues := yaml.JSONObjectToYAMLObject(copyValues(values)) - SortMapSlice(msValues) - s, _ = goyaml.Marshal(msValues) - } - return fmt.Sprintf("%x", sha1.Sum(s)) -} - -// SortMapSlice recursively sorts the given goyaml.MapSlice by key. -// This is used to ensure that the values checksum is the same regardless -// of the order of the keys in the values file. -func SortMapSlice(ms goyaml.MapSlice) { - sort.Slice(ms, func(i, j int) bool { - return fmt.Sprint(ms[i].Key) < fmt.Sprint(ms[j].Key) - }) - for _, item := range ms { - if nestedMS, ok := item.Value.(goyaml.MapSlice); ok { - SortMapSlice(nestedMS) - } else if _, ok := item.Value.([]interface{}); ok { - for _, vItem := range item.Value.([]interface{}) { - if itemMS, ok := vItem.(goyaml.MapSlice); ok { - SortMapSlice(itemMS) - } - } - } - } -} - -// cleanUpMapValue changes all instances of -// map[interface{}]interface{} to map[string]interface{}. -// This is for handling the mismatch when unmarshaling -// reference to the issue: https://github.com/go-yaml/yaml/issues/139 -func cleanUpMapValue(v interface{}) interface{} { - switch v := v.(type) { - case []interface{}: - return cleanUpInterfaceArray(v) - case map[interface{}]interface{}: - return cleanUpInterfaceMap(v) - default: - return v - } -} - -func cleanUpInterfaceMap(in map[interface{}]interface{}) map[string]interface{} { - result := make(map[string]interface{}) - for k, v := range in { - result[fmt.Sprintf("%v", k)] = cleanUpMapValue(v) + _ = intyaml.Encode(&buf, values, intyaml.SortMapSlice) } - return result -} - -func cleanUpInterfaceArray(in []interface{}) []interface{} { - result := make([]interface{}, len(in)) - for i, v := range in { - result[i] = cleanUpMapValue(v) - } - return result -} - -func copyValues(in map[string]interface{}) map[string]interface{} { - copiedValues, _ := goyaml.Marshal(in) - newValues := make(map[string]interface{}) - - _ = goyaml.Unmarshal(copiedValues, newValues) - for i, value := range newValues { - newValues[i] = cleanUpMapValue(value) - } - - return newValues + return fmt.Sprintf("%x", sha1.Sum(buf.Bytes())) } // ReleaseRevision returns the revision of the given release.Release. diff --git a/internal/util/util_test.go b/internal/util/util_test.go index 04826f642..96776b75e 100644 --- a/internal/util/util_test.go +++ b/internal/util/util_test.go @@ -17,10 +17,8 @@ limitations under the License. package util import ( - "reflect" "testing" - goyaml "gopkg.in/yaml.v2" "helm.sh/helm/v3/pkg/chartutil" "helm.sh/helm/v3/pkg/release" ) @@ -98,133 +96,3 @@ func TestReleaseRevision(t *testing.T) { t.Fatalf("ReleaseRevision() = %v, want %v", rev, 1) } } - -func TestSortMapSlice(t *testing.T) { - tests := []struct { - name string - input goyaml.MapSlice - expected goyaml.MapSlice - }{ - { - name: "Simple case", - input: goyaml.MapSlice{ - {Key: "b", Value: 2}, - {Key: "a", Value: 1}, - }, - expected: goyaml.MapSlice{ - {Key: "a", Value: 1}, - {Key: "b", Value: 2}, - }, - }, - { - name: "Nested MapSlice", - input: goyaml.MapSlice{ - {Key: "b", Value: 2}, - {Key: "a", Value: 1}, - {Key: "c", Value: goyaml.MapSlice{ - {Key: "d", Value: 4}, - {Key: "e", Value: 5}, - }}, - }, - expected: goyaml.MapSlice{ - {Key: "a", Value: 1}, - {Key: "b", Value: 2}, - {Key: "c", Value: goyaml.MapSlice{ - {Key: "d", Value: 4}, - {Key: "e", Value: 5}, - }}, - }, - }, - { - name: "Empty MapSlice", - input: goyaml.MapSlice{}, - expected: goyaml.MapSlice{}, - }, - { - name: "Single element", - input: goyaml.MapSlice{ - {Key: "a", Value: 1}, - }, - expected: goyaml.MapSlice{ - {Key: "a", Value: 1}, - }, - }, - { - name: "Already sorted", - input: goyaml.MapSlice{ - {Key: "a", Value: 1}, - {Key: "b", Value: 2}, - {Key: "c", Value: 3}, - }, - expected: goyaml.MapSlice{ - {Key: "a", Value: 1}, - {Key: "b", Value: 2}, - {Key: "c", Value: 3}, - }, - }, - - { - name: "Complex Case", - input: goyaml.MapSlice{ - {Key: "b", Value: 2}, - {Key: "a", Value: map[interface{}]interface{}{ - "d": []interface{}{4, 5}, - "c": 3, - }}, - {Key: "c", Value: goyaml.MapSlice{ - {Key: "f", Value: 6}, - {Key: "e", Value: goyaml.MapSlice{ - {Key: "h", Value: 8}, - {Key: "g", Value: 7}, - }}, - }}, - }, - expected: goyaml.MapSlice{ - {Key: "a", Value: map[interface{}]interface{}{ - "c": 3, - "d": []interface{}{4, 5}, - }}, - {Key: "b", Value: 2}, - {Key: "c", Value: goyaml.MapSlice{ - {Key: "e", Value: goyaml.MapSlice{ - {Key: "g", Value: 7}, - {Key: "h", Value: 8}, - }}, - {Key: "f", Value: 6}, - }}, - }, - }, - { - name: "Map slice in slice", - input: goyaml.MapSlice{ - {Key: "b", Value: 2}, - {Key: "a", Value: []interface{}{ - map[interface{}]interface{}{ - "d": 4, - "c": 3, - }, - 1, - }}, - }, - expected: goyaml.MapSlice{ - {Key: "a", Value: []interface{}{ - map[interface{}]interface{}{ - "c": 3, - "d": 4, - }, - 1, - }}, - {Key: "b", Value: 2}, - }, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - SortMapSlice(test.input) - if !reflect.DeepEqual(test.input, test.expected) { - t.Errorf("Expected %v, got %v", test.expected, test.input) - } - }) - } -} diff --git a/internal/yaml/encode.go b/internal/yaml/encode.go new file mode 100644 index 000000000..1bda1fb3d --- /dev/null +++ b/internal/yaml/encode.go @@ -0,0 +1,43 @@ +/* +Copyright 2023 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package yaml + +import ( + "io" + + goyaml "gopkg.in/yaml.v2" + "sigs.k8s.io/yaml" +) + +// PreEncoder allows for pre-processing of the YAML data before encoding. +type PreEncoder func(goyaml.MapSlice) + +// Encode encodes the given data to YAML format and writes it to the provided +// io.Write, without going through a byte representation (unlike +// sigs.k8s.io/yaml#Unmarshal). +// +// It optionally takes one or more PreEncoder functions that allow +// for pre-processing of the data before encoding, such as sorting the data. +// +// It returns an error if the data cannot be encoded. +func Encode(w io.Writer, data map[string]interface{}, pe ...PreEncoder) error { + ms := yaml.JSONObjectToYAMLObject(data) + for _, m := range pe { + m(ms) + } + return goyaml.NewEncoder(w).Encode(ms) +} diff --git a/internal/yaml/encode_test.go b/internal/yaml/encode_test.go new file mode 100644 index 000000000..048c2210f --- /dev/null +++ b/internal/yaml/encode_test.go @@ -0,0 +1,106 @@ +/* +Copyright 2023 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package yaml + +import ( + "bytes" + "os" + "testing" + + "sigs.k8s.io/yaml" +) + +func TestEncode(t *testing.T) { + tests := []struct { + name string + input map[string]interface{} + preEncoders []PreEncoder + want []byte + }{ + { + name: "empty map", + input: map[string]interface{}{}, + want: []byte(`{} +`), + }, + { + name: "simple values", + input: map[string]interface{}{ + "replicaCount": 3, + }, + want: []byte(`replicaCount: 3 +`), + }, + { + name: "with pre-encoder", + input: map[string]interface{}{ + "replicaCount": 3, + "image": map[string]interface{}{ + "repository": "nginx", + "tag": "latest", + }, + "port": 8080, + }, + preEncoders: []PreEncoder{SortMapSlice}, + want: []byte(`image: + repository: nginx + tag: latest +port: 8080 +replicaCount: 3 +`), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + var actual bytes.Buffer + err := Encode(&actual, tt.input, tt.preEncoders...) + if err != nil { + t.Fatalf("error encoding: %v", err) + } + + if !bytes.Equal(actual.Bytes(), tt.want) { + t.Errorf("Encode() = %v, want: %s", actual.String(), tt.want) + } + }) + } +} + +func BenchmarkEncode(b *testing.B) { + // Test against the values.yaml from the kube-prometheus-stack chart, which + // is a fairly large file. + v, err := os.ReadFile("testdata/values.yaml") + if err != nil { + b.Fatalf("error reading testdata: %v", err) + } + + var data map[string]interface{} + if err = yaml.Unmarshal(v, &data); err != nil { + b.Fatalf("error unmarshalling testdata: %v", err) + } + + b.Run("EncodeWithSort", func(b *testing.B) { + for i := 0; i < b.N; i++ { + Encode(bytes.NewBuffer(nil), data, SortMapSlice) + } + }) + + b.Run("SigYAMLMarshal", func(b *testing.B) { + for i := 0; i < b.N; i++ { + yaml.Marshal(data) + } + }) +} diff --git a/internal/yaml/sort.go b/internal/yaml/sort.go new file mode 100644 index 000000000..2d0e8a93e --- /dev/null +++ b/internal/yaml/sort.go @@ -0,0 +1,44 @@ +/* +Copyright 2023 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package yaml + +import ( + "sort" + + goyaml "gopkg.in/yaml.v2" +) + +// SortMapSlice recursively sorts the given goyaml.MapSlice by key. +// It can be used in combination with Encode to sort YAML by key +// before encoding it. +func SortMapSlice(ms goyaml.MapSlice) { + sort.Slice(ms, func(i, j int) bool { + return ms[i].Key.(string) < ms[j].Key.(string) + }) + + for _, item := range ms { + if nestedMS, ok := item.Value.(goyaml.MapSlice); ok { + SortMapSlice(nestedMS) + } else if nestedSlice, ok := item.Value.([]interface{}); ok { + for _, vItem := range nestedSlice { + if nestedMS, ok := vItem.(goyaml.MapSlice); ok { + SortMapSlice(nestedMS) + } + } + } + } +} diff --git a/internal/yaml/sort_test.go b/internal/yaml/sort_test.go new file mode 100644 index 000000000..832c81621 --- /dev/null +++ b/internal/yaml/sort_test.go @@ -0,0 +1,183 @@ +/* +Copyright 2023 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package yaml + +import ( + "bytes" + "testing" + + goyaml "gopkg.in/yaml.v2" + "sigs.k8s.io/yaml" +) + +func TestSortMapSlice(t *testing.T) { + tests := []struct { + name string + input map[string]interface{} + want map[string]interface{} + }{ + { + name: "empty map", + input: map[string]interface{}{}, + want: map[string]interface{}{}, + }, + { + name: "flat map", + input: map[string]interface{}{ + "b": "value-b", + "a": "value-a", + "c": "value-c", + }, + want: map[string]interface{}{ + "a": "value-a", + "b": "value-b", + "c": "value-c", + }, + }, + { + name: "nested map", + input: map[string]interface{}{ + "b": "value-b", + "a": "value-a", + "c": map[string]interface{}{ + "z": "value-z", + "y": "value-y", + }, + }, + want: map[string]interface{}{ + "a": "value-a", + "b": "value-b", + "c": map[string]interface{}{ + "y": "value-y", + "z": "value-z", + }, + }, + }, + { + name: "map with slices", + input: map[string]interface{}{ + "b": []interface{}{"apple", "banana", "cherry"}, + "a": []interface{}{"orange", "grape"}, + "c": []interface{}{"strawberry"}, + }, + want: map[string]interface{}{ + "a": []interface{}{"orange", "grape"}, + "b": []interface{}{"apple", "banana", "cherry"}, + "c": []interface{}{"strawberry"}, + }, + }, + { + name: "map with mixed data types", + input: map[string]interface{}{ + "b": 50, + "a": "value-a", + "c": []interface{}{"strawberry", "banana"}, + "d": map[string]interface{}{ + "x": true, + "y": 123, + }, + }, + want: map[string]interface{}{ + "a": "value-a", + "b": 50, + "c": []interface{}{"strawberry", "banana"}, + "d": map[string]interface{}{ + "x": true, + "y": 123, + }, + }, + }, + { + name: "map with complex structure", + input: map[string]interface{}{ + "a": map[string]interface{}{ + "c": "value-c", + "b": "value-b", + "a": "value-a", + }, + "b": "value-b", + "c": map[string]interface{}{ + "z": map[string]interface{}{ + "a": "value-a", + "b": "value-b", + "c": "value-c", + }, + "y": "value-y", + }, + "d": map[string]interface{}{ + "q": "value-q", + "p": "value-p", + "r": "value-r", + }, + "e": []interface{}{"strawberry", "banana"}, + }, + want: map[string]interface{}{ + "a": map[string]interface{}{ + "a": "value-a", + "b": "value-b", + "c": "value-c", + }, + "b": "value-b", + "c": map[string]interface{}{ + "y": "value-y", + "z": map[string]interface{}{ + "a": "value-a", + "b": "value-b", + "c": "value-c", + }, + }, + "d": map[string]interface{}{ + "p": "value-p", + "q": "value-q", + "r": "value-r", + }, + "e": []interface{}{"strawberry", "banana"}, + }, + }, + { + name: "map with empty slices and maps", + input: map[string]interface{}{ + "b": []interface{}{}, + "a": map[string]interface{}{}, + }, + want: map[string]interface{}{ + "a": map[string]interface{}{}, + "b": []interface{}{}, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + input := yaml.JSONObjectToYAMLObject(tt.input) + SortMapSlice(input) + + expect, err := goyaml.Marshal(input) + if err != nil { + t.Fatalf("error marshalling output: %v", err) + } + actual, err := goyaml.Marshal(tt.want) + if err != nil { + t.Fatalf("error marshalling want: %v", err) + } + + if !bytes.Equal(expect, actual) { + t.Errorf("SortMapSlice() = %s, want %s", expect, actual) + } + }) + } +} diff --git a/internal/yaml/testdata/values.yaml b/internal/yaml/testdata/values.yaml new file mode 100644 index 000000000..51d7c5288 --- /dev/null +++ b/internal/yaml/testdata/values.yaml @@ -0,0 +1,4043 @@ +# Snapshot taken from: https://raw.githubusercontent.com/prometheus-community/helm-charts/kube-prometheus-stack-48.1.1/charts/kube-prometheus-stack/values.yaml + +# Default values for kube-prometheus-stack. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +## Provide a name in place of kube-prometheus-stack for `app:` labels +## +nameOverride: "" + +## Override the deployment namespace +## +namespaceOverride: "" + +## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6 +## +kubeTargetVersionOverride: "" + +## Allow kubeVersion to be overridden while creating the ingress +## +kubeVersionOverride: "" + +## Provide a name to substitute for the full names of resources +## +fullnameOverride: "" + +## Labels to apply to all resources +## +commonLabels: {} +# scmhash: abc123 +# myLabel: aakkmd + +## Install Prometheus Operator CRDs +## +crds: + enabled: true + +## Create default rules for monitoring the cluster +## +defaultRules: + create: true + rules: + alertmanager: true + etcd: true + configReloaders: true + general: true + k8s: true + kubeApiserverAvailability: true + kubeApiserverBurnrate: true + kubeApiserverHistogram: true + kubeApiserverSlos: true + kubeControllerManager: true + kubelet: true + kubeProxy: true + kubePrometheusGeneral: true + kubePrometheusNodeRecording: true + kubernetesApps: true + kubernetesResources: true + kubernetesStorage: true + kubernetesSystem: true + kubeSchedulerAlerting: true + kubeSchedulerRecording: true + kubeStateMetrics: true + network: true + node: true + nodeExporterAlerting: true + nodeExporterRecording: true + prometheus: true + prometheusOperator: true + windows: true + + ## Reduce app namespace alert scope + appNamespacesTarget: ".*" + + ## Labels for default rules + labels: {} + ## Annotations for default rules + annotations: {} + + ## Additional labels for PrometheusRule alerts + additionalRuleLabels: {} + + ## Additional annotations for PrometheusRule alerts + additionalRuleAnnotations: {} + + ## Additional labels for specific PrometheusRule alert groups + additionalRuleGroupLabels: + alertmanager: {} + etcd: {} + configReloaders: {} + general: {} + k8s: {} + kubeApiserverAvailability: {} + kubeApiserverBurnrate: {} + kubeApiserverHistogram: {} + kubeApiserverSlos: {} + kubeControllerManager: {} + kubelet: {} + kubeProxy: {} + kubePrometheusGeneral: {} + kubePrometheusNodeRecording: {} + kubernetesApps: {} + kubernetesResources: {} + kubernetesStorage: {} + kubernetesSystem: {} + kubeSchedulerAlerting: {} + kubeSchedulerRecording: {} + kubeStateMetrics: {} + network: {} + node: {} + nodeExporterAlerting: {} + nodeExporterRecording: {} + prometheus: {} + prometheusOperator: {} + + ## Additional annotations for specific PrometheusRule alerts groups + additionalRuleGroupAnnotations: + alertmanager: {} + etcd: {} + configReloaders: {} + general: {} + k8s: {} + kubeApiserverAvailability: {} + kubeApiserverBurnrate: {} + kubeApiserverHistogram: {} + kubeApiserverSlos: {} + kubeControllerManager: {} + kubelet: {} + kubeProxy: {} + kubePrometheusGeneral: {} + kubePrometheusNodeRecording: {} + kubernetesApps: {} + kubernetesResources: {} + kubernetesStorage: {} + kubernetesSystem: {} + kubeSchedulerAlerting: {} + kubeSchedulerRecording: {} + kubeStateMetrics: {} + network: {} + node: {} + nodeExporterAlerting: {} + nodeExporterRecording: {} + prometheus: {} + prometheusOperator: {} + + ## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules. + runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks" + + ## Disabled PrometheusRule alerts + disabled: {} + # KubeAPIDown: true + # NodeRAIDDegraded: true + +## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster. +## +# additionalPrometheusRules: [] +# - name: my-rule-file +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## Provide custom recording or alerting rules to be deployed into the cluster. +## +additionalPrometheusRulesMap: {} +# rule-name: +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +## +global: + rbac: + create: true + + ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs + ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles + createAggregateClusterRoles: false + pspEnabled: false + pspAnnotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + + ## Global image registry to use if it needs to be overriden for some specific use cases (e.g local registries, custom images, ...) + ## + imageRegistry: "" + + ## Reference to one or more secrets to be used when pulling images + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + # or + # - "image-pull-secret" + +windowsMonitoring: + ## Deploys the windows-exporter and Windows-specific dashboards and rules + enabled: false + ## Job must match jobLabel in the PodMonitor/ServiceMonitor and is used for the rules + job: prometheus-windows-exporter + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: + + ## Deploy alertmanager + ## + enabled: true + + ## Annotations for Alertmanager + ## + annotations: {} + + ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 + ## + apiVersion: v2 + + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + annotations: {} + automountServiceAccountToken: true + + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + ## Alertmanager configuration directives + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## https://prometheus.io/webtools/alerting/routing-tree-editor/ + ## + config: + global: + resolve_timeout: 5m + inhibit_rules: + - source_matchers: + - 'severity = critical' + target_matchers: + - 'severity =~ warning|info' + equal: + - 'namespace' + - 'alertname' + - source_matchers: + - 'severity = warning' + target_matchers: + - 'severity = info' + equal: + - 'namespace' + - 'alertname' + - source_matchers: + - 'alertname = InfoInhibitor' + target_matchers: + - 'severity = info' + equal: + - 'namespace' + route: + group_by: ['namespace'] + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: 'null' + routes: + - receiver: 'null' + matchers: + - alertname =~ "InfoInhibitor|Watchdog" + receivers: + - name: 'null' + templates: + - '/etc/alertmanager/config/*.tmpl' + + ## Alertmanager configuration directives (as string type, preferred over the config hash map) + ## stringConfig will be used only, if tplConfig is true + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## https://prometheus.io/webtools/alerting/routing-tree-editor/ + ## + stringConfig: "" + + ## Pass the Alertmanager configuration directives through Helm's templating + ## engine. If the Alertmanager configuration contains Alertmanager templates, + ## they'll need to be properly escaped so that they are not interpreted by + ## Helm + ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function + ## https://prometheus.io/docs/alerting/configuration/#tmpl_string + ## https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + tplConfig: false + + ## Alertmanager template files to format alerts + ## By default, templateFiles are placed in /etc/alertmanager/config/ and if + ## they have a .tmpl file suffix will be loaded. See config.templates above + ## to change, add other suffixes. If adding other suffixes, be sure to update + ## config.templates above to include those suffixes. + ## ref: https://prometheus.io/docs/alerting/notifications/ + ## https://prometheus.io/docs/alerting/notification_examples/ + ## + templateFiles: {} + # + ## An example template: + # template_1.tmpl: |- + # {{ define "cluster" }}{{ .ExternalURL | reReplaceAll ".*alertmanager\\.(.*)" "$1" }}{{ end }} + # + # {{ define "slack.myorg.text" }} + # {{- $root := . -}} + # {{ range .Alerts }} + # *Alert:* {{ .Annotations.summary }} - `{{ .Labels.severity }}` + # *Cluster:* {{ template "cluster" $root }} + # *Description:* {{ .Annotations.description }} + # *Graph:* <{{ .GeneratorURL }}|:chart_with_upwards_trend:> + # *Runbook:* <{{ .Annotations.runbook }}|:spiral_note_pad:> + # *Details:* + # {{ range .Labels.SortedPairs }} - *{{ .Name }}:* `{{ .Value }}` + # {{ end }} + # {{ end }} + # {{ end }} + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + + labels: {} + + ## Override ingress to a different defined port on the service + # servicePort: 8081 + ## Override ingress to a different service then the default, this is useful if you need to + ## point to a specific instance of the alertmanager (eg kube-prometheus-stack-alertmanager-0) + # serviceName: kube-prometheus-stack-alertmanager-0 + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - alertmanager.domain.com + + ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Alertmanager Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: alertmanager-general-tls + # hosts: + # - alertmanager.example.com + + ## Configuration for Alertmanager secret + ## + secret: + annotations: {} + + ## Configuration for creating an Ingress that will map to each Alertmanager replica service + ## alertmanager.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## Secret name containing the TLS certificate for alertmanager per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" + + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "alertmanager" + + ## Configuration for Alertmanager service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for Alertmanager Service to listen on + ## + port: 9093 + ## To be used with a proxy extraContainer port + ## + targetPort: 9093 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30903 + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + + ## Additional ports to open for Alertmanager service + additionalPorts: [] + # additionalPorts: + # - name: authenticated + # port: 8081 + # targetPort: 8081 + + externalIPs: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + + ## If you want to make sure that connections from a particular client are passed to the same Pod each time + ## Accepts 'ClientIP' or '' + ## + sessionAffinity: "" + + ## Service type + ## + type: ClusterIP + + ## Configuration for creating a separate Service for each statefulset Alertmanager replica + ## + servicePerReplica: + enabled: false + annotations: {} + + ## Port for Alertmanager Service per replica to listen on + ## + port: 9093 + + ## To be used with a proxy extraContainer port + targetPort: 9093 + + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30904 + + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + + ## Service type + ## + type: ClusterIP + + ## If true, create a serviceMonitor for alertmanager + ## + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## Additional labels + ## + additionalLabels: {} + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## enableHttp2: Whether to enable HTTP2. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint + enableHttp2: true + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting alertmanagerSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerspec + ## + alertmanagerSpec: + ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the Alertmanager pods. + ## + podMetadata: {} + + ## Image of Alertmanager + ## + image: + registry: quay.io + repository: prometheus/alertmanager + tag: v0.25.0 + sha: "" + + ## If true then the user will be responsible to provide a secret with alertmanager configuration + ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used + ## + useExistingSecret: false + + ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the + ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. + ## + secrets: [] + + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. + ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/. + ## + configMaps: [] + + ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for + ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. + ## + # configSecret: + + ## WebTLSConfig defines the TLS parameters for HTTPS + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerwebspec + web: {} + + ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with. + ## + alertmanagerConfigSelector: {} + ## Example which selects all alertmanagerConfig resources + ## with label "alertconfig" with values any of "example-config" or "example-config-2" + # alertmanagerConfigSelector: + # matchExpressions: + # - key: alertconfig + # operator: In + # values: + # - example-config + # - example-config-2 + # + ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config" + # alertmanagerConfigSelector: + # matchLabels: + # role: example-config + + ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. + ## + alertmanagerConfigNamespaceSelector: {} + ## Example which selects all namespaces + ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2" + # alertmanagerConfigNamespaceSelector: + # matchExpressions: + # - key: alertmanagerconfig + # operator: In + # values: + # - example-namespace + # - example-namespace-2 + + ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled" + # alertmanagerConfigNamespaceSelector: + # matchLabels: + # alertmanagerconfig: enabled + + ## AlermanagerConfig to be used as top level configuration + ## + alertmanagerConfiguration: {} + ## Example with select a global alertmanagerconfig + # alertmanagerConfiguration: + # name: global-alertmanager-Configuration + + ## Defines the strategy used by AlertmanagerConfig objects to match alerts. eg: + ## + alertmanagerConfigMatcherStrategy: {} + ## Example with use OnNamespace strategy + # alertmanagerConfigMatcherStrategy: + # type: OnNamespace + + ## Define Log Format + # Use logfmt (default) or json logging + logFormat: logfmt + + ## Log level for Alertmanager to be configured with. + ## + logLevel: info + + ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the + ## running cluster equal to the expected size. + replicas: 1 + + ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression + ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). + ## + retention: 120h + + ## Storage is the definition of how storage will be used by the Alertmanager instances. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md + ## + storage: {} + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + + ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false + ## + externalUrl: + + ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, + ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. + ## + routePrefix: / + + ## scheme: HTTP scheme to use. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when connect to the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} + + ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. + ## + paused: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Define resources requests and limits for single Pods. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + # requests: + # memory: 400Mi + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + ## + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the alertmanager instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## If specified, the pod's tolerations. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: alertmanager + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + seccompProfile: + type: RuntimeDefault + + ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. + ## Note this is only for the Alertmanager UI, not the gossip communication. + ## + listenLocal: false + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. + ## + containers: [] + # containers: + # - name: oauth-proxy + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.3.0 + # args: + # - --upstream=http://127.0.0.1:9093 + # - --http-address=0.0.0.0:8081 + # - ... + # ports: + # - containerPort: 8081 + # name: oauth-proxy + # protocol: TCP + # resources: {} + + # Additional volumes on the output StatefulSet definition. + volumes: [] + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. + ## + additionalPeers: [] + + ## PortName to use for Alert Manager. + ## + portName: "http-web" + + ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 + ## + clusterAdvertiseAddress: false + + ## clusterGossipInterval determines interval between gossip attempts. + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + clusterGossipInterval: "" + + ## clusterPeerTimeout determines timeout for cluster peering. + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + clusterPeerTimeout: "" + + ## clusterPushpullInterval determines interval between pushpull attempts. + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + clusterPushpullInterval: "" + + ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. + ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. + forceEnableClusterMode: false + + ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to + ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). + minReadySeconds: 0 + + ## ExtraSecret can be used to store various data in an extra secret + ## (use it for example to store hashed basic auth credentials) + extraSecret: + ## if not set, name will be auto generated + # name: "" + annotations: {} + data: {} + # auth: | + # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 + # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. + +## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml +## +grafana: + enabled: true + namespaceOverride: "" + + ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled + ## + forceDeployDatasources: false + + ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled + ## + forceDeployDashboards: false + + ## Deploy default dashboards + ## + defaultDashboardsEnabled: true + + ## Timezone for the default dashboards + ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg + ## + defaultDashboardsTimezone: utc + + adminPassword: prom-operator + + rbac: + ## If true, Grafana PSPs will be created + ## + pspEnabled: false + + ingress: + ## If true, Grafana Ingress will be created + ## + enabled: false + + ## IngressClassName for Grafana Ingress. + ## Should be provided if Ingress is enable. + ## + # ingressClassName: nginx + + ## Annotations for Grafana Ingress + ## + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + ## Labels to be added to the Ingress + ## + labels: {} + + ## Hostnames. + ## Must be provided if Ingress is enable. + ## + # hosts: + # - grafana.domain.com + hosts: [] + + ## Path for grafana ingress + path: / + + ## TLS configuration for grafana Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: grafana-general-tls + # hosts: + # - grafana.example.com + + sidecar: + dashboards: + enabled: true + label: grafana_dashboard + labelValue: "1" + # Allow discovery in all namespaces for dashboards + searchNamespace: ALL + + ## Annotations for Grafana dashboard configmaps + ## + annotations: {} + multicluster: + global: + enabled: false + etcd: + enabled: false + provider: + allowUiUpdates: false + datasources: + enabled: true + defaultDatasourceEnabled: true + isDefaultDatasource: true + + uid: prometheus + + ## URL of prometheus datasource + ## + # url: http://prometheus-stack-prometheus:9090/ + + ## Prometheus request timeout in seconds + # timeout: 30 + + # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default + # defaultDatasourceScrapeInterval: 15s + + ## Annotations for Grafana datasource configmaps + ## + annotations: {} + + ## Set method for HTTP to send query to datasource + httpMethod: POST + + ## Create datasource for each Pod of Prometheus StatefulSet; + ## this uses headless service `prometheus-operated` which is + ## created by Prometheus Operator + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286 + createPrometheusReplicasDatasources: false + label: grafana_datasource + labelValue: "1" + + ## Field with internal link pointing to existing data source in Grafana. + ## Can be provisioned via additionalDataSources + exemplarTraceIdDestinations: {} + # datasourceUid: Jaeger + # traceIdLabelName: trace_id + alertmanager: + enabled: true + uid: alertmanager + handleGrafanaManagedAlerts: false + implementation: prometheus + + extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/grafana/ssl/ + # configMap: certs-configmap + # readOnly: true + + deleteDatasources: [] + # - name: example-datasource + # orgId: 1 + + ## Configure additional grafana datasources (passed through tpl) + ## ref: http://docs.grafana.org/administration/provisioning/#datasources + additionalDataSources: [] + # - name: prometheus-sample + # access: proxy + # basicAuth: true + # basicAuthPassword: pass + # basicAuthUser: daco + # editable: false + # jsonData: + # tlsSkipVerify: true + # orgId: 1 + # type: prometheus + # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 + # version: 1 + + ## Passed to grafana subchart and used by servicemonitor below + ## + service: + portName: http-web + + serviceMonitor: + # If true, a ServiceMonitor CRD is created for a prometheus operator + # https://github.com/coreos/prometheus-operator + # + enabled: true + + # Path to use for scraping metrics. Might be different if server.root_url is set + # in grafana.ini + path: "/metrics" + + # namespace: monitoring (defaults to use the namespace this chart is deployed to) + + # labels for the ServiceMonitor + labels: {} + + # Scrape interval. If not set, the Prometheus default scrape interval is used. + # + interval: "" + scheme: http + tlsConfig: {} + scrapeTimeout: 30s + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +## Flag to disable all the kubernetes component scrapers +## +kubernetesServiceMonitors: + enabled: true + +## Component scraping the kube api server +## +kubeApiServer: + enabled: true + tlsConfig: + serverName: kubernetes + insecureSkipVerify: false + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + jobLabel: component + selector: + matchLabels: + component: apiserver + provider: kubernetes + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: + # Drop excessively noisy apiserver buckets. + - action: drop + regex: apiserver_request_duration_seconds_bucket;(0.15|0.2|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2|3|3.5|4|4.5|6|7|8|9|15|25|40|50) + sourceLabels: + - __name__ + - le + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: + # - __meta_kubernetes_namespace + # - __meta_kubernetes_service_name + # - __meta_kubernetes_endpoint_port_name + # action: keep + # regex: default;kubernetes;https + # - targetLabel: __address__ + # replacement: kubernetes.default.svc:443 + + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping the kubelet and kubelet-hosted cAdvisor +## +kubelet: + enabled: true + namespace: kube-system + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## Enable scraping the kubelet over https. For requirements to enable this see + ## https://github.com/prometheus-operator/prometheus-operator/issues/926 + ## + https: true + + ## Enable scraping /metrics/cadvisor from kubelet's service + ## + cAdvisor: true + + ## Enable scraping /metrics/probes from kubelet's service + ## + probes: true + + ## Enable scraping /metrics/resource from kubelet's service + ## This is disabled by default because container metrics are already exposed by cAdvisor + ## + resource: false + # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource + resourcePath: "/metrics/resource/v1alpha1" + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + cAdvisorMetricRelabelings: + # Drop less useful container CPU metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)' + # Drop less useful container / always zero filesystem metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)' + # Drop less useful / always zero container memory metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_memory_(mapped_file|swap)' + # Drop less useful container process metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_(file_descriptors|tasks_state|threads_max)' + # Drop container spec metrics that overlap with kube-state-metrics. + - sourceLabels: [__name__] + action: drop + regex: 'container_spec.*' + # Drop cgroup metrics with no pod. + - sourceLabels: [id, pod] + action: drop + regex: '.+;' + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + probesMetricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + ## metrics_path is required to match upstream rules and charts + cAdvisorRelabelings: + - action: replace + sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + probesRelabelings: + - action: replace + sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + resourceRelabelings: + - action: replace + sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + ## metrics_path is required to match upstream rules and charts + relabelings: + - action: replace + sourceLabels: [__metrics_path__] + targetLabel: metrics_path + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping the kube controller manager +## +kubeControllerManager: + enabled: true + + ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeControllerManager.endpoints only the port and targetPort are used + ## + service: + enabled: true + ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change + ## of default port in Kubernetes 1.22. + ## + port: null + targetPort: null + # selector: + # component: kube-controller-manager + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## Enable scraping kube-controller-manager over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. + ## If null or unset, the value is determined dynamically based on target Kubernetes version. + ## + https: null + + # Skip TLS certificate validation when scraping + insecureSkipVerify: null + + # Name of the server to use when validating TLS certificate + serverName: null + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping coreDns. Use either this or kubeDns +## +coreDns: + enabled: true + service: + port: 9153 + targetPort: 9153 + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping kubeDns. Use either this or coreDns +## +kubeDns: + enabled: false + service: + dnsmasq: + port: 10054 + targetPort: 10054 + skydns: + port: 10055 + targetPort: 10055 + # selector: + # k8s-app: kube-dns + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + dnsmasqMetricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + dnsmasqRelabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping etcd +## +kubeEtcd: + enabled: true + + ## If your etcd is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 2381 + targetPort: 2381 + # selector: + # component: etcd + + ## Configure secure access to the etcd cluster by loading a secret into prometheus and + ## specifying security configuration below. For example, with a secret named etcd-client-cert + ## + ## serviceMonitor: + ## scheme: https + ## insecureSkipVerify: false + ## serverName: localhost + ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client + ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + ## + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + scheme: http + insecureSkipVerify: false + serverName: "" + caFile: "" + certFile: "" + keyFile: "" + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping kube scheduler +## +kubeScheduler: + enabled: true + + ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## + service: + enabled: true + ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change + ## of default port in Kubernetes 1.23. + ## + port: null + targetPort: null + # selector: + # component: kube-scheduler + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + ## Enable scraping kube-scheduler over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. + ## If null or unset, the value is determined dynamically based on target Kubernetes version. + ## + https: null + + ## Skip TLS certificate validation when scraping + insecureSkipVerify: null + + ## Name of the server to use when validating TLS certificate + serverName: null + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping kube proxy +## +kubeProxy: + enabled: true + + ## If your kube proxy is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + service: + enabled: true + port: 10249 + targetPort: 10249 + # selector: + # k8s-app: kube-proxy + + serviceMonitor: + enabled: true + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## Enable scraping kube-proxy over https. + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## Additional labels + ## + additionalLabels: {} + # foo: bar + +## Component scraping kube state metrics +## +kubeStateMetrics: + enabled: true + +## Configuration for kube-state-metrics subchart +## +kube-state-metrics: + namespaceOverride: "" + rbac: + create: true + releaseLabel: true + prometheus: + monitor: + enabled: true + + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## Scrape Timeout. If not set, the Prometheus default scrape timeout is used. + ## + scrapeTimeout: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + # Keep labels from scraped data, overriding server-side labels + ## + honorLabels: true + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + selfMonitor: + enabled: false + +## Deploy node exporter as a daemonset to all nodes +## +nodeExporter: + enabled: true + +## Configuration for prometheus-node-exporter subchart +## +prometheus-node-exporter: + namespaceOverride: "" + podLabels: + ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards + ## + jobLabel: node-exporter + releaseLabel: true + extraArgs: + - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + service: + portName: http-metrics + prometheus: + monitor: + enabled: true + + jobLabel: jobLabel + + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used. + ## + scrapeTimeout: "" + + ## proxyUrl: URL of a proxy that should be used for scraping. + ## + proxyUrl: "" + + ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + metricRelabelings: [] + # - sourceLabels: [__name__] + # separator: ; + # regex: ^node_mountstats_nfs_(event|operations|transport)_.+ + # replacement: $1 + # action: drop + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + rbac: + ## If true, create PSPs for node-exporter + ## + pspEnabled: false + +## Manages Prometheus and Alertmanager components +## +prometheusOperator: + enabled: true + + ## Prometheus-Operator v0.39.0 and later support TLS natively. + ## + tls: + enabled: true + # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + tlsMinVersion: VersionTLS13 + # The default webhook port is 10250 in order to work out-of-the-box in GKE private clusters and avoid adding firewall rules. + internalPort: 10250 + + ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted + ## rules from making their way into prometheus and potentially preventing the container from starting + admissionWebhooks: + ## Valid values: Fail, Ignore, IgnoreOnInstallOnly + ## IgnoreOnInstallOnly - If Release.IsInstall returns "true", set "Ignore" otherwise "Fail" + failurePolicy: "" + ## The default timeoutSeconds is 10 and the maximum value is 30. + timeoutSeconds: 10 + enabled: true + ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. + ## If unspecified, system trust roots on the apiserver are used. + caBundle: "" + ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data. + ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own + ## certs ahead of time if you wish. + ## + annotations: {} + # argocd.argoproj.io/hook: PreSync + # argocd.argoproj.io/hook-delete-policy: HookSucceeded + patch: + enabled: true + image: + registry: registry.k8s.io + repository: ingress-nginx/kube-webhook-certgen + tag: v20221220-controller-v1.5.1-58-g787ea74b6 + sha: "" + pullPolicy: IfNotPresent + resources: {} + ## Provide a priority class name to the webhook patching job + ## + priorityClassName: "" + annotations: {} + # argocd.argoproj.io/hook: PreSync + # argocd.argoproj.io/hook-delete-policy: HookSucceeded + podAnnotations: {} + nodeSelector: {} + affinity: {} + tolerations: [] + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + seccompProfile: + type: RuntimeDefault + + # Security context for create job container + createSecretJob: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + # Security context for patch job container + patchWebhookJob: + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + # Use certmanager to generate webhook certs + certManager: + enabled: false + # self-signed root certificate + rootCert: + duration: "" # default to be 5y + admissionCert: + duration: "" # default to be 1y + # issuerRef: + # name: "issuer" + # kind: "ClusterIssuer" + + ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). + ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration + ## + namespaces: {} + # releaseNamespace: true + # additional: + # - kube-system + + ## Namespaces not to scope the interaction of the Prometheus Operator (deny list). + ## + denyNamespaces: [] + + ## Filter namespaces to look for prometheus-operator custom resources + ## + alertmanagerInstanceNamespaces: [] + alertmanagerConfigNamespaces: [] + prometheusInstanceNamespaces: [] + thanosRulerInstanceNamespaces: [] + + ## The clusterDomain value will be added to the cluster.peer option of the alertmanager. + ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value) + ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094 + ## + # clusterDomain: "cluster.local" + + networkPolicy: + ## Enable creation of NetworkPolicy resources. + ## + enabled: false + + ## Flavor of the network policy to use. + # Can be: + # * kubernetes for networking.k8s.io/v1/NetworkPolicy + # * cilium for cilium.io/v2/CiliumNetworkPolicy + flavor: kubernetes + + # cilium: + # egress: + + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + + ## Configuration for Prometheus operator service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30080 + + nodePortTls: 30443 + + ## Additional ports to open for Prometheus service + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + additionalPorts: [] + + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + ## + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + + ## Service type + ## NodePort, ClusterIP, LoadBalancer + ## + type: ClusterIP + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + # ## Labels to add to the operator deployment + # ## + labels: {} + + ## Annotations to add to the operator deployment + ## + annotations: {} + + ## Labels to add to the operator pod + ## + podLabels: {} + + ## Annotations to add to the operator pod + ## + podAnnotations: {} + + ## Assign a PriorityClassName to pods if set + # priorityClassName: "" + + ## Define Log Format + # Use logfmt (default) or json logging + # logFormat: logfmt + + ## Decrease log verbosity to errors only + # logLevel: error + + ## If true, the operator will create and maintain a service for scraping kubelets + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md + ## + kubeletService: + enabled: true + namespace: kube-system + ## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default + name: "" + + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## Labels for ServiceMonitor + additionalLabels: {} + + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## Scrape timeout. If not set, the Prometheus default scrape timeout is used. + scrapeTimeout: "" + selfMonitor: true + + ## Metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Resource limits & requests + ## + resources: {} + # limits: + # cpu: 200m + # memory: 200Mi + # requests: + # cpu: 100m + # memory: 100Mi + + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + ## + hostNetwork: false + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## Assign custom affinity rules to the prometheus operator + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + dnsConfig: {} + # nameservers: + # - 1.2.3.4 + # searches: + # - ns1.svc.cluster-domain.example + # - my.dns.search.suffix + # options: + # - name: ndots + # value: "2" + # - name: edns0 + securityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + + ## Container-specific security context configuration + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + # Enable vertical pod autoscaler support for prometheus-operator + verticalPodAutoscaler: + enabled: false + + # Recommender responsible for generating recommendation for the object. + # List should be empty (then the default recommender will generate the recommendation) + # or contain exactly one recommender. + # recommenders: + # - name: custom-recommender-performance + + # List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory + controlledResources: [] + # Specifies which resource values should be controlled: RequestsOnly or RequestsAndLimits. + # controlledValues: RequestsAndLimits + + # Define the max allowed resources for the pod + maxAllowed: {} + # cpu: 200m + # memory: 100Mi + # Define the min allowed resources for the pod + minAllowed: {} + # cpu: 200m + # memory: 100Mi + + updatePolicy: + # Specifies minimal number of replicas which need to be alive for VPA Updater to attempt pod eviction + # minReplicas: 1 + # Specifies whether recommended updates are applied when a Pod is started and whether recommended updates + # are applied during the life of a Pod. Possible values are "Off", "Initial", "Recreate", and "Auto". + updateMode: Auto + + ## Prometheus-operator image + ## + image: + registry: quay.io + repository: prometheus-operator/prometheus-operator + # if not set appVersion field from Chart.yaml is used + tag: "" + sha: "" + pullPolicy: IfNotPresent + + ## Prometheus image to use for prometheuses managed by the operator + ## + # prometheusDefaultBaseImage: prometheus/prometheus + + ## Prometheus image registry to use for prometheuses managed by the operator + ## + # prometheusDefaultBaseImageRegistry: quay.io + + ## Alertmanager image to use for alertmanagers managed by the operator + ## + # alertmanagerDefaultBaseImage: prometheus/alertmanager + + ## Alertmanager image registry to use for alertmanagers managed by the operator + ## + # alertmanagerDefaultBaseImageRegistry: quay.io + + ## Prometheus-config-reloader + ## + prometheusConfigReloader: + image: + registry: quay.io + repository: prometheus-operator/prometheus-config-reloader + # if not set appVersion field from Chart.yaml is used + tag: "" + sha: "" + + # add prometheus config reloader liveness and readiness probe. Default: false + enableProbe: false + + # resource config for prometheusConfigReloader + resources: + requests: + cpu: 200m + memory: 50Mi + limits: + cpu: 200m + memory: 50Mi + + ## Thanos side-car image when configured + ## + thanosImage: + registry: quay.io + repository: thanos/thanos + tag: v0.31.0 + sha: "" + + ## Set a Label Selector to filter watched prometheus and prometheusAgent + ## + prometheusInstanceSelector: "" + + ## Set a Label Selector to filter watched alertmanager + ## + alertmanagerInstanceSelector: "" + + ## Set a Label Selector to filter watched thanosRuler + thanosRulerInstanceSelector: "" + + ## Set a Field Selector to filter watched secrets + ## + secretFieldSelector: "type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1" + +## Deploy a Prometheus instance +## +prometheus: + enabled: true + + ## Toggle prometheus into agent mode + ## Note many of features described below (e.g. rules, query, alerting, remote read, thanos) will not work in agent mode. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/designs/prometheus-agent.md + ## + agentMode: false + + ## Annotations for Prometheus + ## + annotations: {} + + ## Configure network policy for the prometheus + networkPolicy: + enabled: false + + ## Flavor of the network policy to use. + # Can be: + # * kubernetes for networking.k8s.io/v1/NetworkPolicy + # * cilium for cilium.io/v2/CiliumNetworkPolicy + flavor: kubernetes + + # cilium: + # endpointSelector: + # egress: + # ingress: + + # egress: + # - {} + # ingress: + # - {} + # podSelector: + # matchLabels: + # app: prometheus + + ## Service account for Prometheuses to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + create: true + name: "" + annotations: {} + + # Service for thanos service discovery on sidecar + # Enable this can make Thanos Query can use + # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery + # Thanos sidecar on prometheus nodes + # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!) + thanosService: + enabled: false + annotations: {} + labels: {} + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + + ## Service type + ## + type: ClusterIP + + ## gRPC port config + portName: grpc + port: 10901 + targetPort: "grpc" + + ## HTTP port config (for metrics) + httpPortName: http + httpPort: 10902 + targetHttpPort: "http" + + ## ClusterIP to assign + # Default is to make this a headless service ("None") + clusterIP: "None" + + ## Port to expose on each node, if service type is NodePort + ## + nodePort: 30901 + httpNodePort: 30902 + + # ServiceMonitor to scrape Sidecar metrics + # Needs thanosService to be enabled as well + thanosServiceMonitor: + enabled: false + interval: "" + + ## Additional labels + ## + additionalLabels: {} + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: + + ## Metric relabel configs to apply to samples before ingestion. + metricRelabelings: [] + + ## relabel configs to apply to samples before ingestion. + relabelings: [] + + # Service for external access to sidecar + # Enabling this creates a service to expose thanos-sidecar outside the cluster. + thanosServiceExternal: + enabled: false + annotations: {} + labels: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## gRPC port config + portName: grpc + port: 10901 + targetPort: "grpc" + + ## HTTP port config (for metrics) + httpPortName: http + httpPort: 10902 + targetHttpPort: "http" + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + + ## Service type + ## + type: LoadBalancer + + ## Port to expose on each node + ## + nodePort: 30901 + httpNodePort: 30902 + + ## Configuration for Prometheus service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for Prometheus Service to listen on + ## + port: 9090 + + ## To be used with a proxy extraContainer port + targetPort: 9090 + + ## List of IP addresses at which the Prometheus server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30090 + + ## Loadbalancer IP + ## Only use if service.type is "LoadBalancer" + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + + ## Service type + ## + type: ClusterIP + + ## Additional port to define in the Service + additionalPorts: [] + # additionalPorts: + # - name: authenticated + # port: 8081 + # targetPort: 8081 + + ## Consider that all endpoints are considered "ready" even if the Pods themselves are not + ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec + publishNotReadyAddresses: false + + sessionAffinity: "" + + ## Configuration for creating a separate Service for each statefulset Prometheus replica + ## + servicePerReplica: + enabled: false + annotations: {} + + ## Port for Prometheus Service per replica to listen on + ## + port: 9090 + + ## To be used with a proxy extraContainer port + targetPort: 9090 + + ## Port to expose on each node + ## Only used if servicePerReplica.type is 'NodePort' + ## + nodePort: 30091 + + ## Loadbalancer source IP ranges + ## Only used if servicePerReplica.type is "LoadBalancer" + loadBalancerSourceRanges: [] + + ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + ## + externalTrafficPolicy: Cluster + + ## Service type + ## + type: ClusterIP + + ## Configure pod disruption budgets for Prometheus + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## This configuration is immutable once created and will require the PDB to be deleted to be changed + ## https://github.com/kubernetes/kubernetes/issues/45398 + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + + # Ingress exposes thanos sidecar outside the cluster + thanosIngress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + servicePort: 10901 + + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: 30901 + + ## Hosts must be provided if Ingress is enabled. + ## + hosts: [] + # - thanos-gateway.domain.com + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Thanos Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: thanos-gateway-tls + # hosts: + # - thanos-gateway.domain.com + # + + ## ExtraSecret can be used to store various data in an extra secret + ## (use it for example to store hashed basic auth credentials) + extraSecret: + ## if not set, name will be auto generated + # name: "" + annotations: {} + data: {} + # auth: | + # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 + # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. + + ingress: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Redirect ingress to an additional defined port on the service + # servicePort: 8081 + + ## Hostnames. + ## Must be provided if Ingress is enabled. + ## + # hosts: + # - prometheus.domain.com + hosts: [] + + ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## TLS configuration for Prometheus Ingress + ## Secret must be manually created in the namespace + ## + tls: [] + # - secretName: prometheus-general-tls + # hosts: + # - prometheus.example.com + + ## Configuration for creating an Ingress that will map to each Prometheus replica service + ## prometheus.servicePerReplica must be enabled + ## + ingressPerReplica: + enabled: false + + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + + annotations: {} + labels: {} + + ## Final form of the hostname for each per replica ingress is + ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} + ## + ## Prefix for the per replica ingress that will have `-$replicaNumber` + ## appended to the end + hostPrefix: "" + ## Domain that will be used for the per replica ingress + hostDomain: "" + + ## Paths to use for ingress rules + ## + paths: [] + # - / + + ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) + ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types + # pathType: ImplementationSpecific + + ## Secret name containing the TLS certificate for Prometheus per replica ingress + ## Secret must be manually created in the namespace + tlsSecretName: "" + + ## Separated secret for each per replica Ingress. Can be used together with cert-manager + ## + tlsSecretPerReplica: + enabled: false + ## Final form of the secret for each per replica ingress is + ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} + ## + prefix: "prometheus" + + ## Configure additional options for default pod security policy for Prometheus + ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + podSecurityPolicy: + allowedCapabilities: [] + allowedHostPaths: [] + volumes: [] + + serviceMonitor: + ## Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + selfMonitor: true + + ## Additional labels + ## + additionalLabels: {} + + ## SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. + ## + sampleLimit: 0 + + ## TargetLimit defines a limit on the number of scraped targets that will be accepted. + ## + targetLimit: 0 + + ## Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelLimit: 0 + + ## Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelNameLengthLimit: 0 + + ## Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer. + ## + labelValueLengthLimit: 0 + + ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. + scheme: "" + + ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. + ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#tlsconfig + tlsConfig: {} + + bearerTokenFile: + + ## Metric relabel configs to apply to samples before ingestion. + ## + metricRelabelings: [] + # - action: keep + # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + # sourceLabels: [__name__] + + # relabel configs to apply to samples before ingestion. + ## + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + + ## Settings affecting prometheusSpec + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheusspec + ## + prometheusSpec: + ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos + ## + disableCompaction: false + ## APIServerConfig + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#apiserverconfig + ## + apiserverConfig: {} + + ## Allows setting additional arguments for the Prometheus container + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.Prometheus + additionalArgs: [] + + ## Interval between consecutive scrapes. + ## Defaults to 30s. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 + ## + scrapeInterval: "" + + ## Number of seconds to wait for target to respond before erroring + ## + scrapeTimeout: "" + + ## Interval between consecutive evaluations. + ## + evaluationInterval: "" + + ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. + ## + listenLocal: false + + ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. + ## This is disabled by default. + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + + ## Sets version of Prometheus overriding the Prometheus version as derived + ## from the image tag. Useful in cases where the tag does not follow semver v2. + version: "" + + ## WebTLSConfig defines the TLS parameters for HTTPS + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig + web: {} + + ## Exemplars related settings that are runtime reloadable. + ## It requires to enable the exemplar storage feature to be effective. + exemplars: "" + ## Maximum number of exemplars stored in memory for all series. + ## If not set, Prometheus uses its default value. + ## A value of zero or less than zero disables the storage. + # maxSize: 100000 + + # EnableFeatures API enables access to Prometheus disabled features. + # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ + enableFeatures: [] + # - exemplar-storage + + ## Image of Prometheus. + ## + image: + registry: quay.io + repository: prometheus/prometheus + tag: v2.45.0 + sha: "" + + ## Tolerations for use with node taints + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## If specified, the pod's topology spread constraints. + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## + topologySpreadConstraints: [] + # - maxSkew: 1 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # app: prometheus + + ## Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerendpoints + ## + ## Default configuration will connect to the alertmanager deployed as part of this release + ## + alertingEndpoints: [] + # - name: "" + # namespace: "" + # port: http + # scheme: http + # pathPrefix: "" + # tlsConfig: {} + # bearerTokenFile: "" + # apiVersion: v2 + + ## External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} + + ## enable --web.enable-remote-write-receiver flag on prometheus-server + ## + enableRemoteWriteReceiver: false + + ## Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" + + ## If true, the Operator won't add the external label used to denote replica name + ## + replicaExternalLabelNameClear: false + + ## Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" + + ## If true, the Operator won't add the external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false + + ## External URL at which Prometheus will be reachable. + ## + externalUrl: "" + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not + ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated + ## with the new list of secrets. + ## + secrets: [] + + ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. + ## The ConfigMaps are mounted into /etc/prometheus/configmaps/. + ## + configMaps: [] + + ## QuerySpec defines the query command line flags when starting Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#queryspec + ## + query: {} + + ## If nil, select own namespace. Namespaces to be selected for PrometheusRules discovery. + ruleNamespaceSelector: {} + ## Example which selects PrometheusRules in namespaces with label "prometheus" set to "somelabel" + # ruleNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the PrometheusRule resources created + ## + ruleSelectorNilUsesHelmValues: true + + ## PrometheusRules to be selected for target discovery. + ## If {}, select all PrometheusRules + ## + ruleSelector: {} + ## Example which select all PrometheusRules resources + ## with label "prometheus" with values any of "example-rules" or "example-rules-2" + # ruleSelector: + # matchExpressions: + # - key: prometheus + # operator: In + # values: + # - example-rules + # - example-rules-2 + # + ## Example which select all PrometheusRules resources with label "role" set to "example-rules" + # ruleSelector: + # matchLabels: + # role: example-rules + + ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the servicemonitors created + ## + serviceMonitorSelectorNilUsesHelmValues: true + + ## ServiceMonitors to be selected for target discovery. + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" + # serviceMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## Namespaces to be selected for ServiceMonitor discovery. + ## + serviceMonitorNamespaceSelector: {} + ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel" + # serviceMonitorNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the podmonitors created + ## + podMonitorSelectorNilUsesHelmValues: true + + ## PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## Example which selects PodMonitors with label "prometheus" set to "somelabel" + # podMonitorSelector: + # matchLabels: + # prometheus: somelabel + + ## If nil, select own namespace. Namespaces to be selected for PodMonitor discovery. + podMonitorNamespaceSelector: {} + ## Example which selects PodMonitor in namespaces with label "prometheus" set to "somelabel" + # podMonitorNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the probes created + ## + probeSelectorNilUsesHelmValues: true + + ## Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## Example which selects Probes with label "prometheus" set to "somelabel" + # probeSelector: + # matchLabels: + # prometheus: somelabel + + ## If nil, select own namespace. Namespaces to be selected for Probe discovery. + probeNamespaceSelector: {} + ## Example which selects Probe in namespaces with label "prometheus" set to "somelabel" + # probeNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## If true, a nil or {} value for prometheus.prometheusSpec.scrapeConfigSelector will cause the + ## prometheus resource to be created with selectors based on values in the helm deployment, + ## which will also match the scrapeConfigs created + ## + scrapeConfigSelectorNilUsesHelmValues: true + + ## scrapeConfigs to be selected for target discovery. + ## If {}, select all scrapeConfigs + ## + scrapeConfigSelector: {} + ## Example which selects scrapeConfigs with label "prometheus" set to "somelabel" + # scrapeConfig: + # matchLabels: + # prometheus: somelabel + + ## If nil, select own namespace. Namespaces to be selected for scrapeConfig discovery. + scrapeConfigNamespaceSelector: {} + ## Example which selects scrapeConfig in namespaces with label "prometheus" set to "somelabel" + # scrapeConfigsNamespaceSelector: + # matchLabels: + # prometheus: somelabel + + ## How long to retain metrics + ## + retention: 10d + + ## Maximum size of metrics + ## + retentionSize: "" + + ## Allow out-of-order/out-of-bounds samples ingested into Prometheus for a specified duration + ## See https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tsdb + tsdb: + outOfOrderTimeWindow: 0s + + ## Enable compression of the write-ahead log using Snappy. + ## + walCompression: true + + ## If true, the Operator won't process any Prometheus configuration changes + ## + paused: false + + ## Number of replicas of each shard to deploy for a Prometheus deployment. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## + replicas: 1 + + ## EXPERIMENTAL: Number of shards to distribute targets onto. + ## Number of replicas multiplied by shards is the total number of Pods created. + ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. + ## Increasing shards will not reshard data either but it will continue to be available from the same instances. + ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. + ## Sharding is done on the content of the `__address__` target meta-label. + ## + shards: 1 + + ## Log level for Prometheus be configured in + ## + logLevel: info + + ## Log format for Prometheus be configured in + ## + logFormat: logfmt + + ## Prefix used to register routes, overriding externalUrl route. + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + + ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## Metadata Labels and Annotations gets propagated to the prometheus pods. + ## + podMetadata: {} + # labels: + # app: prometheus + # k8s-app: prometheus + + ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. + ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. + ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. + ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. + podAntiAffinity: "" + + ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. + ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone + ## + podAntiAffinityTopologyKey: kubernetes.io/hostname + + ## Assign custom affinity rules to the prometheus instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 + + ## The remote_read spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotereadspec + remoteRead: [] + # - url: http://remote1/read + ## additionalRemoteRead is appended to remoteRead + additionalRemoteRead: [] + + ## The remote_write spec configuration for Prometheus. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotewritespec + remoteWrite: [] + # - url: http://remote1/push + ## additionalRemoteWrite is appended to remoteWrite + additionalRemoteWrite: [] + + ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature + remoteWriteDashboards: false + + ## Resource limits & requests + ## + resources: {} + # requests: + # memory: 400Mi + + ## Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Using PersistentVolumeClaim + ## + # volumeClaimTemplate: + # spec: + # storageClassName: gluster + # accessModes: ["ReadWriteOnce"] + # resources: + # requests: + # storage: 50Gi + # selector: {} + + ## Using tmpfs volume + ## + # emptyDir: + # medium: Memory + + # Additional volumes on the output StatefulSet definition. + volumes: [] + + # Additional VolumeMounts on the output StatefulSet definition. + volumeMounts: [] + + ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations + ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form + ## as specified in the official Prometheus documentation: + ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are + ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility + ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible + ## scrape configs are going to break Prometheus after the upgrade. + ## AdditionalScrapeConfigs can be defined as a list or as a templated string. + ## + ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the + ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes + ## + additionalScrapeConfigs: [] + # - job_name: kube-etcd + # kubernetes_sd_configs: + # - role: node + # scheme: https + # tls_config: + # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca + # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client + # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key + # relabel_configs: + # - action: labelmap + # regex: __meta_kubernetes_node_label_(.+) + # - source_labels: [__address__] + # action: replace + # targetLabel: __address__ + # regex: ([^:;]+):(\d+) + # replacement: ${1}:2379 + # - source_labels: [__meta_kubernetes_node_name] + # action: keep + # regex: .*mst.* + # - source_labels: [__meta_kubernetes_node_name] + # action: replace + # targetLabel: node + # regex: (.*) + # replacement: ${1} + # metric_relabel_configs: + # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone) + # action: labeldrop + # + ## If scrape config contains a repetitive section, you may want to use a template. + ## In the following example, you can see how to define `gce_sd_configs` for multiple zones + # additionalScrapeConfigs: | + # - job_name: "node-exporter" + # gce_sd_configs: + # {{range $zone := .Values.gcp_zones}} + # - project: "project1" + # zone: "{{$zone}}" + # port: 9100 + # {{end}} + # relabel_configs: + # ... + + + ## If additional scrape configurations are already deployed in a single secret file you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalScrapeConfigs + additionalScrapeConfigsSecret: {} + # enabled: false + # name: + # key: + + ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful + ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false' + additionalPrometheusSecretsAnnotations: {} + + ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified + ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. + ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. + ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this + ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release + ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. + ## + additionalAlertManagerConfigs: [] + # - consul_sd_configs: + # - server: consul.dev.test:8500 + # scheme: http + # datacenter: dev + # tag_separator: ',' + # services: + # - metrics-prometheus-alertmanager + + ## If additional alertmanager configurations are already deployed in a single secret, or you want to manage + ## them separately from the helm deployment, you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalAlertManagerConfigs + additionalAlertManagerConfigsSecret: {} + # name: + # key: + # optional: false + + ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended + ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the + ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. + ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the + ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel + ## configs are going to break Prometheus after the upgrade. + ## + additionalAlertRelabelConfigs: [] + # - separator: ; + # regex: prometheus_replica + # replacement: $1 + # action: labeldrop + + ## If additional alert relabel configurations are already deployed in a single secret, or you want to manage + ## them separately from the helm deployment, you can use this section. + ## Expected values are the secret name and key + ## Cannot be used with additionalAlertRelabelConfigs + additionalAlertRelabelConfigsSecret: {} + # name: + # key: + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. + ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md + ## + securityContext: + runAsGroup: 2000 + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 2000 + seccompProfile: + type: RuntimeDefault + + ## Priority class assigned to the Pods + ## + priorityClassName: "" + + ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. + ## This section is experimental, it may change significantly without deprecation notice in any release. + ## This is experimental and may change significantly without backward compatibility in any release. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#thanosspec + ## + thanos: {} + # secretProviderClass: + # provider: gcp + # parameters: + # secrets: | + # - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest" + # fileName: "objstore.yaml" + # objectStorageConfigFile: /var/secrets/object-store.yaml + + ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. + ## if using proxy extraContainer update targetPort with proxy container port + containers: [] + # containers: + # - name: oauth-proxy + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.3.0 + # args: + # - --upstream=http://127.0.0.1:9093 + # - --http-address=0.0.0.0:8081 + # - ... + # ports: + # - containerPort: 8081 + # name: oauth-proxy + # protocol: TCP + # resources: {} + + ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes + ## (permissions, dir tree) on mounted volumes before starting prometheus + initContainers: [] + + ## PortName to use for Prometheus. + ## + portName: "http-web" + + ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files + ## on the file system of the Prometheus container e.g. bearer token files. + arbitraryFSAccessThroughSMs: false + + ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor + ## or PodMonitor to true, this overrides honor_labels to false. + overrideHonorLabels: false + + ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. + overrideHonorTimestamps: false + + ## IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor + ## configs, and they will only discover endpoints within their current namespace. Defaults to false. + ignoreNamespaceSelectors: false + + ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. + ## The label value will always be the namespace of the object that is being created. + ## Disabled by default + enforcedNamespaceLabel: "" + + ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. + ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair + ## Deprecated, use `excludedFromEnforcement` instead + prometheusRulesExcludedFromEnforce: [] + + ## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects + ## to be excluded from enforcing a namespace label of origin. + ## Works only if enforcedNamespaceLabel set to true. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#objectreference + excludedFromEnforcement: [] + + ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, + ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such + ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions + ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) + queryLogFile: false + + ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit + ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall + ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. + enforcedSampleLimit: false + + ## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set + ## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall + ## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except + ## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced. + enforcedTargetLimit: false + + + ## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present + ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions + ## 2.27.0 and newer. + enforcedLabelLimit: false + + ## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number + ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions + ## 2.27.0 and newer. + enforcedLabelNameLengthLimit: false + + ## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this + ## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus + ## versions 2.27.0 and newer. + enforcedLabelValueLengthLimit: false + + ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental + ## in Prometheus so it may change in any upcoming release. + allowOverlappingBlocks: false + + ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to + ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). + minReadySeconds: 0 + + # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), + # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working + # Use the host's network namespace if true. Make sure to understand the security implications if you want to enable it. + # When hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet automatically. + hostNetwork: false + + # HostAlias holds the mapping between IP and hostnames that will be injected + # as an entry in the pod’s hosts file. + hostAliases: [] + # - ip: 10.10.0.100 + # hostnames: + # - a1.app.local + # - b1.app.local + + ## TracingConfig configures tracing in Prometheus. + ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheustracingconfig + tracingConfig: {} + + additionalRulesForClusterRole: [] + # - apiGroups: [ "" ] + # resources: + # - nodes/proxy + # verbs: [ "get", "list", "watch" ] + + additionalServiceMonitors: [] + ## Name of the ServiceMonitor to create + ## + # - name: "" + + ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from + ## the chart + ## + # additionalLabels: {} + + ## Service label for use in assembling a job name of the form