Add support to limit applied policies in automation by specifying a s…

…elector
fluxcd · Dec 21, 2023 · ac3f809 · ac3f809
1 parent 1439a5c
commit ac3f809
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 1 deletion.
diff --git a/api/v1beta1/imageupdateautomation_types.go b/api/v1beta1/imageupdateautomation_types.go
@@ -49,6 +49,11 @@ type ImageUpdateAutomationSpec struct {
 	// +required
 	Interval metav1.Duration `json:"interval"`
 
+	// PolicySelector allows to filter applied policies based on labels.
+	// By default includes all policies in namespace
+	// +optional
+	PolicySelector *metav1.LabelSelector `json:"policySelector"`
+
 	// Update gives the specification for how to update the files in
 	// the repository. This can be left empty, to use the default
 	// value.

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/image.toolkit.fluxcd.io_imageupdateautomations.yaml b/config/crd/bases/image.toolkit.fluxcd.io_imageupdateautomations.yaml
@@ -158,6 +158,52 @@ spec:
                   run should be attempted.
                 pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
                 type: string
+              policySelector:
+                description: PolicySelector allows to filter applied policies based
+                  on labels. By default includes all policies in namespace
+                properties:
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: A label selector requirement is a selector that
+                        contains values, a key, and an operator that relates the key
+                        and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
+                          description: operator represents a key's relationship to
+                            a set of values. Valid operators are In, NotIn, Exists
+                            and DoesNotExist.
+                          type: string
+                        values:
+                          description: values is an array of string values. If the
+                            operator is In or NotIn, the values array must be non-empty.
+                            If the operator is Exists or DoesNotExist, the values
+                            array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: matchLabels is a map of {key,value} pairs. A single
+                      {key,value} in the matchLabels map is equivalent to an element
+                      of matchExpressions, whose key field is "key", the operator
+                      is "In", and the values array contains only "value". The requirements
+                      are ANDed.
+                    type: object
+                type: object
+                x-kubernetes-map-type: atomic
               sourceRef:
                 description: SourceRef refers to the resource giving access details
                   to a git repository.

diff --git a/internal/controller/imageupdateautomation_controller.go b/internal/controller/imageupdateautomation_controller.go
@@ -35,6 +35,7 @@ import (
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
 	kuberecorder "k8s.io/client-go/tools/record"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -316,7 +317,15 @@ func (r *ImageUpdateAutomationReconciler) Reconcile(ctx context.Context, req ctr
 		// policies in the same namespace (maybe in the future this
 		// could be filtered by the automation object).
 		var policies imagev1_reflect.ImagePolicyList
-		if err := r.List(ctx, &policies, &client.ListOptions{Namespace: req.NamespacedName.Namespace}); err != nil {
+
+		policySelector := labels.Everything()
+		if auto.Spec.PolicySelector != nil {
+			if policySelector, err = metav1.LabelSelectorAsSelector(auto.Spec.PolicySelector); err != nil {
+				return failWithError(err)
+			}
+		}
+
+		if err := r.List(ctx, &policies, &client.ListOptions{Namespace: req.NamespacedName.Namespace, LabelSelector: policySelector}); err != nil {
 			return failWithError(err)
 		}