diff --git a/controllers/kustomization_controller.go b/controllers/kustomization_controller.go index b4482ed2..1a5f0210 100644 --- a/controllers/kustomization_controller.go +++ b/controllers/kustomization_controller.go @@ -300,7 +300,7 @@ func (r *KustomizationReconciler) reconcile( revision := source.GetArtifact().Revision // create tmp dir - tmpDir, err := os.MkdirTemp("", kustomization.Name) + tmpDir, err := os.MkdirTemp("", "kustomization-") if err != nil { err = fmt.Errorf("tmp dir error: %w", err) return kustomizev1.KustomizationNotReady( diff --git a/controllers/kustomization_generator.go b/controllers/kustomization_generator.go index 3b3efc8e..e6ca3007 100644 --- a/controllers/kustomization_generator.go +++ b/controllers/kustomization_generator.go @@ -200,7 +200,9 @@ func (kg *KustomizeGenerator) generateKustomization(dirPath string) error { if err != nil { return err } - f.Close() + if err = f.Close(); err != nil { + return err + } kus := kustypes.Kustomization{ TypeMeta: kustypes.TypeMeta{ @@ -247,7 +249,7 @@ var kustomizeBuildMutex sync.Mutex // - disable plugins except for the builtin ones func secureBuildKustomization(root, dirPath string) (resmap.ResMap, error) { // Create secure FS for root - fs, err := securefs.MakeFsOnDiskSecure(root) + fs, err := securefs.MakeFsOnDiskSecureBuild(root) if err != nil { return nil, err } diff --git a/controllers/kustomization_generator_test.go b/controllers/kustomization_generator_test.go new file mode 100644 index 00000000..4fd262c5 --- /dev/null +++ b/controllers/kustomization_generator_test.go @@ -0,0 +1,32 @@ +/* +Copyright 2022 The Flux authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controllers + +import ( + "testing" + + . "github.com/onsi/gomega" +) + +func Test_secureBuildKustomization(t *testing.T) { + t.Run("remote build", func(t *testing.T) { + g := NewWithT(t) + + _, err := secureBuildKustomization("testdata/remote", "testdata/remote") + g.Expect(err).ToNot(HaveOccurred()) + }) +} diff --git a/controllers/testdata/remote/kustomization.yaml b/controllers/testdata/remote/kustomization.yaml new file mode 100644 index 00000000..323ee968 --- /dev/null +++ b/controllers/testdata/remote/kustomization.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - github.com/fluxcd/kustomize-controller//config/crd?ref=main + - git::https://github.com/fluxcd/kustomize-controller//config/rbac?ref=main + - https://github.com/fluxcd/kustomize-controller//config/manager?ref=main diff --git a/go.mod b/go.mod index 7432da20..738f101b 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/fluxcd/pkg/apis/acl v0.0.3 github.com/fluxcd/pkg/apis/kustomize v0.3.3 github.com/fluxcd/pkg/apis/meta v0.12.2 - github.com/fluxcd/pkg/kustomize v0.2.0 + github.com/fluxcd/pkg/kustomize v0.3.0 github.com/fluxcd/pkg/runtime v0.14.1 github.com/fluxcd/pkg/ssa v0.15.2 github.com/fluxcd/pkg/testserver v0.2.0 diff --git a/go.sum b/go.sum index f2289ba3..2a21daab 100644 --- a/go.sum +++ b/go.sum @@ -276,8 +276,8 @@ github.com/fluxcd/pkg/apis/kustomize v0.3.3 h1:bPN29SdVzWl0yhgivuf/83IAe2R6vUuDV github.com/fluxcd/pkg/apis/kustomize v0.3.3/go.mod h1:5HTOFZfQFVMMqR2rvuxpbZhpb+sQpcTT6RCQZOhjFzA= github.com/fluxcd/pkg/apis/meta v0.12.2 h1:AiKAZxLyPtV150y63WC+mL1Qm4x5qWQmW6r4mLy1i8c= github.com/fluxcd/pkg/apis/meta v0.12.2/go.mod h1:Z26X5uTU5LxAyWETGueRQY7TvdPaGfKU7Wye9bdUlho= -github.com/fluxcd/pkg/kustomize v0.2.0 h1:twiGAFJctt2tyH8vHxL1uqb6BlU3B9ZqG8uSlluuioM= -github.com/fluxcd/pkg/kustomize v0.2.0/go.mod h1:Qczvl7vNY9NJBpyaFrldsxfGjj6uaMcMmKGsSJ6hcxc= +github.com/fluxcd/pkg/kustomize v0.3.0 h1:mrUsbONJxw1YapmIhim4C7yDGNILmQnAEFolrUdRx+s= +github.com/fluxcd/pkg/kustomize v0.3.0/go.mod h1:Qczvl7vNY9NJBpyaFrldsxfGjj6uaMcMmKGsSJ6hcxc= github.com/fluxcd/pkg/runtime v0.14.1 h1:ZbS3RzR+f+wu1e6Y7GoCxY9PFZkOgX6/gL7Enr75CY0= github.com/fluxcd/pkg/runtime v0.14.1/go.mod h1:eS4378ydLlWPt2fFjcrAAnJegGJNj3Q/iqYZqjBeWlM= github.com/fluxcd/pkg/ssa v0.15.2 h1:hLEIh7Ymlt6ihfQHIEx7DjAa+FCndBpHW6wyELToVsI=