diff --git a/.github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yaml index 12f9ddfb..e0d7803e 100644 --- a/.github/workflows/golangci-lint.yaml +++ b/.github/workflows/golangci-lint.yaml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x cache-dependency-path: | @@ -36,7 +36,7 @@ jobs: echo 'run make tidy and commit changes' exit 1 fi - - uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc # v5.1.0 + - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 with: version: latest skip-pkg-cache: true diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 6e8c1d51..df4687c9 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -45,7 +45,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x cache-dependency-path: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 16db5daa..fea1a69e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: # Allow goreleaser to access older tag information. fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x cache: false diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index b664de40..4994ca3f 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -16,7 +16,7 @@ jobs: timeout-minutes: 5 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x cache-dependency-path: | @@ -54,7 +54,7 @@ jobs: - '1.8.*' steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x - uses: hashicorp/setup-terraform@97f030cf6dc0b4f5e0da352c7bca9cca34579800 # v3.1.0 @@ -71,7 +71,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x cache-dependency-path: | @@ -153,7 +153,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x cache-dependency-path: | @@ -207,7 +207,7 @@ jobs: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x cache-dependency-path: | diff --git a/.github/workflows/update-flux.yaml b/.github/workflows/update-flux.yaml index 8c7117be..c5849923 100644 --- a/.github/workflows/update-flux.yaml +++ b/.github/workflows/update-flux.yaml @@ -12,7 +12,7 @@ jobs: - name: Check out code uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.22.x cache-dependency-path: | diff --git a/.golangci.yml b/.golangci.yml index a3b6f942..b36a2a82 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -14,6 +14,7 @@ linters: - godot - gofmt - gosimple + - govet - makezero - misspell - nilerr @@ -23,4 +24,3 @@ linters: - unconvert - unparam - unused - - vet diff --git a/docs/resources/bootstrap_git.md b/docs/resources/bootstrap_git.md index 00a3193f..9ef21b7a 100644 --- a/docs/resources/bootstrap_git.md +++ b/docs/resources/bootstrap_git.md @@ -44,6 +44,7 @@ The following examples are available to help you use the provider: - `path` (String) Path relative to the repository root, when specified the cluster sync will be scoped to this path (immutable). - `recurse_submodules` (Boolean) Configures the GitRepository source to initialize and include Git submodules in the artifact it produces. - `registry` (String) Container registry where the toolkit images are published. Defaults to `ghcr.io/fluxcd`. +- `registry_credentials` (String) Container registry credentials in the format 'user:password' - `secret_name` (String) Name of the secret the sync credentials can be found in or stored to. Defaults to `flux-system`. - `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts)) - `toleration_keys` (Set of String) List of toleration keys used to schedule the components pods onto nodes with matching taints. diff --git a/go.mod b/go.mod index 8ab7d40b..f5ffde50 100644 --- a/go.mod +++ b/go.mod @@ -17,19 +17,19 @@ require ( github.com/docker/docker v24.0.9+incompatible github.com/docker/go-connections v0.4.0 github.com/fluxcd/cli-utils v0.36.0-flux.7 - github.com/fluxcd/flux2/v2 v2.2.3 + github.com/fluxcd/flux2/v2 v2.2.1-0.20240509101344-54f33ece2ad9 github.com/fluxcd/helm-controller/api v0.37.4 - github.com/fluxcd/image-automation-controller/api v0.37.1 - github.com/fluxcd/image-reflector-controller/api v0.31.2 - github.com/fluxcd/kustomize-controller/api v1.2.2 - github.com/fluxcd/notification-controller/api v1.2.4 + github.com/fluxcd/image-automation-controller/api v0.38.0 + github.com/fluxcd/image-reflector-controller/api v0.32.0 + github.com/fluxcd/kustomize-controller/api v1.3.0 + github.com/fluxcd/notification-controller/api v1.3.0 github.com/fluxcd/pkg/apis/meta v1.5.0 github.com/fluxcd/pkg/git v0.19.0 github.com/fluxcd/pkg/git/gogit v0.19.0 github.com/fluxcd/pkg/runtime v0.47.0 github.com/fluxcd/pkg/ssa v0.39.0 github.com/fluxcd/pkg/ssh v0.13.0 - github.com/fluxcd/source-controller/api v1.2.4 + github.com/fluxcd/source-controller/api v1.3.0 github.com/go-logr/logr v1.4.1 github.com/google/go-containerregistry v0.19.1 github.com/hashicorp/terraform-plugin-docs v0.19.1 @@ -48,7 +48,7 @@ require ( k8s.io/apimachinery v0.30.0 k8s.io/cli-runtime v0.30.0 k8s.io/client-go v0.30.0 - sigs.k8s.io/controller-runtime v0.18.0 + sigs.k8s.io/controller-runtime v0.18.1 sigs.k8s.io/kind v0.22.0 sigs.k8s.io/kustomize/api v0.17.1 sigs.k8s.io/yaml v1.4.0 @@ -86,11 +86,11 @@ require ( github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect github.com/fatih/color v1.16.0 // indirect - github.com/fluxcd/go-git-providers v0.20.0 // indirect + github.com/fluxcd/go-git-providers v0.20.1 // indirect github.com/fluxcd/pkg/apis/acl v0.3.0 // indirect - github.com/fluxcd/pkg/apis/kustomize v1.3.0 // indirect - github.com/fluxcd/pkg/kustomize v1.6.0 // indirect - github.com/fluxcd/pkg/tar v0.4.0 // indirect + github.com/fluxcd/pkg/apis/kustomize v1.5.0 // indirect + github.com/fluxcd/pkg/kustomize v1.11.0 // indirect + github.com/fluxcd/pkg/tar v0.7.0 // indirect github.com/fluxcd/pkg/version v0.4.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-errors/errors v1.5.1 // indirect @@ -107,7 +107,7 @@ require ( github.com/google/btree v1.1.2 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect - github.com/google/go-github/v57 v57.0.0 // indirect + github.com/google/go-github/v61 v61.0.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect @@ -161,7 +161,7 @@ require ( github.com/oklog/run v1.1.0 // indirect github.com/onsi/gomega v1.32.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc3 // indirect + github.com/opencontainers/image-spec v1.1.0-rc5 // indirect github.com/pelletier/go-toml v1.9.4 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect diff --git a/go.sum b/go.sum index fcc06a72..ae0192ed 100644 --- a/go.sum +++ b/go.sum @@ -92,26 +92,26 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fluxcd/cli-utils v0.36.0-flux.7 h1:81zEo/LNmIRWMgtsZy/8L13TMUZHmmJib4gHRvKwVE8= github.com/fluxcd/cli-utils v0.36.0-flux.7/go.mod h1:TcfLhvBjtQnqxYMsHQUAEB2c5WJRVuibtas2Izz5ZTs= -github.com/fluxcd/flux2/v2 v2.2.3 h1:sVeYLHIDGMTkT1ibbdz52z5y9pr456XSRULsehxqEXI= -github.com/fluxcd/flux2/v2 v2.2.3/go.mod h1:vDwnGaRVqeChwgg2eo6MtoF8NJ0OmBnE2tfRPa3PZrQ= +github.com/fluxcd/flux2/v2 v2.2.1-0.20240509101344-54f33ece2ad9 h1:tuucOZ+J9Vx/gYVkhSTvc20/goxGisSKis99c/KUdHw= +github.com/fluxcd/flux2/v2 v2.2.1-0.20240509101344-54f33ece2ad9/go.mod h1:mgi4AmxrL0YUQnzgga67OMhv1pqy7v/k9LjxsbkV7g4= github.com/fluxcd/gitkit v0.6.0 h1:iNg5LTx6ePo+Pl0ZwqHTAkhbUHxGVSY3YCxCdw7VIFg= github.com/fluxcd/gitkit v0.6.0/go.mod h1:svOHuKi0fO9HoawdK4HfHAJJseZDHHjk7I3ihnCIqNo= -github.com/fluxcd/go-git-providers v0.20.0 h1:giNEn32psYUkKogjfMkVqkSwmtFj13E8DTTCflExDes= -github.com/fluxcd/go-git-providers v0.20.0/go.mod h1:lnTUH7WuQ/GzkDAQQbmruUnKjBT2fiGi/YfZss6zCYg= +github.com/fluxcd/go-git-providers v0.20.1 h1:ER10UUup3y/lAyANvMjgaYI/9av/upetF2PTi3aCqvs= +github.com/fluxcd/go-git-providers v0.20.1/go.mod h1:FhBThaf3/kyKCBg4v0mKcQqQB2rPDv/L8baH3+nFtHc= github.com/fluxcd/helm-controller/api v0.37.4 h1:rkBMqYXexyf1s5BS8QpxGi691DsCi+yugIFCM5fNKLU= github.com/fluxcd/helm-controller/api v0.37.4/go.mod h1:KFdP5Lbrc4Vv+Jt4xRj6UUo3qiwdBqBPl1xiiAnBe9c= -github.com/fluxcd/image-automation-controller/api v0.37.1 h1:zi1VfPoGuHsNtyTpueKbr4b/c+Ms7HjFocTAmixmYno= -github.com/fluxcd/image-automation-controller/api v0.37.1/go.mod h1:7p0woxB275YzhdctzbxVMck0/hZt45bm0K12A0ABldo= -github.com/fluxcd/image-reflector-controller/api v0.31.2 h1:s16ewwfuLBYuh8hENuVgU8SYsSNxRaA4f+AD60/+les= -github.com/fluxcd/image-reflector-controller/api v0.31.2/go.mod h1:tV7g+KXQL3W8w5+fRJU7ubVGc4QAfx1C7XI5qrQvA3U= -github.com/fluxcd/kustomize-controller/api v1.2.2 h1:LXRa2181usLsDkAJ86i/CnvCyPwhLcFUw9jBnXxTFJ4= -github.com/fluxcd/kustomize-controller/api v1.2.2/go.mod h1:dfAaPQuuoWfExyWaeO7Kj2ZtfKQ4nDcJrt7AeAFlLZs= -github.com/fluxcd/notification-controller/api v1.2.4 h1:H/C8XW5boncf8rzJjSe/MCr186Hgvw+arPat9XOaRlw= -github.com/fluxcd/notification-controller/api v1.2.4/go.mod h1:LeHtKKTI3ew+FXY0oYtYqM68UYOArfBa/cy4pxAzN4M= +github.com/fluxcd/image-automation-controller/api v0.38.0 h1:+phX67uf0INGDC4sghsPPNUiE8taVp7AcWgJH8LkiUk= +github.com/fluxcd/image-automation-controller/api v0.38.0/go.mod h1:FfWWRxG03514+MUNJ+uN6fXzjwdbqsJqCggukIZ1tx8= +github.com/fluxcd/image-reflector-controller/api v0.32.0 h1:mb/v9JzRHcjLcnGqmgsq0+yCcoOyae/TrOWae9T87PE= +github.com/fluxcd/image-reflector-controller/api v0.32.0/go.mod h1:Ap3/KK8MfQAdmuhakg9CweEa3Xwwmvausbqrgd3HBWY= +github.com/fluxcd/kustomize-controller/api v1.3.0 h1:IwXkU48lQ/YhU6XULlPXDgQlnpNyQdCNbUvhLdWVIbE= +github.com/fluxcd/kustomize-controller/api v1.3.0/go.mod h1:kg/WM9Uye5NOqGVW/F3jnkjrlgFZHHa84+4lnzOV8fI= +github.com/fluxcd/notification-controller/api v1.3.0 h1:e3Plvo44XIKP2pUjwx8U4/fMpPwVM3EvJrYLIIqcVrI= +github.com/fluxcd/notification-controller/api v1.3.0/go.mod h1:KUaWXACNwWpAYo/Q4mzBjGbsYlUzXdq654jc1XpgMQw= github.com/fluxcd/pkg/apis/acl v0.3.0 h1:UOrKkBTOJK+OlZX7n8rWt2rdBmDCoTK+f5TY2LcZi8A= github.com/fluxcd/pkg/apis/acl v0.3.0/go.mod h1:WVF9XjSMVBZuU+HTTiSebGAWMgM7IYexFLyVWbK9bNY= -github.com/fluxcd/pkg/apis/kustomize v1.3.0 h1:qvB46CfaOWcL1SyR2RiVWN/j7/035D0OtB1ltLN7rgI= -github.com/fluxcd/pkg/apis/kustomize v1.3.0/go.mod h1:PCXf5kktTzNav0aH2Ns3jsowqwmA9xTcsrEOoPzx/K8= +github.com/fluxcd/pkg/apis/kustomize v1.5.0 h1:ah4sfqccnio+/5Edz/tVz6LetFhiBoDzXAElj6fFCzU= +github.com/fluxcd/pkg/apis/kustomize v1.5.0/go.mod h1:nEzhnhHafhWOUUV8VMFLojUOH+HHDEsL75y54mt/c30= github.com/fluxcd/pkg/apis/meta v1.5.0 h1:/G82d2Az5D9op3F+wJUpD8jw/eTV0suM6P7+cSURoUM= github.com/fluxcd/pkg/apis/meta v1.5.0/go.mod h1:Y3u7JomuuKtr5fvP1Iji2/50FdRe5GcBug2jawNVkdM= github.com/fluxcd/pkg/git v0.19.0 h1:zIv+GAT0ieIUpnGBVi3Bhax/qq4Rr28BW7Jv4DTt6zE= @@ -120,20 +120,20 @@ github.com/fluxcd/pkg/git/gogit v0.19.0 h1:SdoNAmC/HTPXniQjp609X59rCsBiA+Sdq1Hv8 github.com/fluxcd/pkg/git/gogit v0.19.0/go.mod h1:8kOmrNMjq8daQTVLhp6klhuoY8+s81gydM0MozDjaHM= github.com/fluxcd/pkg/gittestserver v0.12.0 h1:QGbIVyje9U6urSAeDw3diKb/5wdA+Cnw1YJN+3Zflaw= github.com/fluxcd/pkg/gittestserver v0.12.0/go.mod h1:Eh82e+kzKdhpafnUwR5oCBmxqAqhF5QuCn290AFntPM= -github.com/fluxcd/pkg/kustomize v1.6.0 h1:LIZ0BkpGLkyj33yzJ3HUsNzJ20wcLSxkUFcZg9kpg34= -github.com/fluxcd/pkg/kustomize v1.6.0/go.mod h1:LitgZWd9+2X9g+Y4JeyZJewel+E10OIkUaUw4t4YWM8= +github.com/fluxcd/pkg/kustomize v1.11.0 h1:8YV4i6VCCxpXGlK+NzfNKbuhuSlK6Bfdr/Qv5jJgEtQ= +github.com/fluxcd/pkg/kustomize v1.11.0/go.mod h1:SfkN+DKgf8aLNoQtNuHBUEeB/uyC4nGzbbF+Ld0TmPU= github.com/fluxcd/pkg/runtime v0.47.0 h1:m3BEgwTYJslIF0lqhZMw6ZcKD6bD+4Ut+Xd/8X86SZA= github.com/fluxcd/pkg/runtime v0.47.0/go.mod h1:UgHy8DTkU2MFHDe2q3b+OP4mBYTsopGhSzWb8rHJa9Q= github.com/fluxcd/pkg/ssa v0.39.0 h1:MdsTjwmF7mxTuZRt1XcLp5SzDI0PcRDR8bnbGH4nvHo= github.com/fluxcd/pkg/ssa v0.39.0/go.mod h1:bS/QGx2YjAiyzPl1CGb8w+6ETmoIhpeViTcEnTpv+t4= github.com/fluxcd/pkg/ssh v0.13.0 h1:lPU1Gst8XIz7AU2dhdqVFaaOWd54/O1LZu62vH4JB/s= github.com/fluxcd/pkg/ssh v0.13.0/go.mod h1:J9eyirMd4s++tWG4euRRhmcthKX203GPHpzFpH++TP8= -github.com/fluxcd/pkg/tar v0.4.0 h1:SuXpfXBIcSJ5R/yqQi2CBxBmV/i/LH0agqNAh2PWBZg= -github.com/fluxcd/pkg/tar v0.4.0/go.mod h1:SyJBaQvuv2VA/rv4d1OHhCV6R8+9QKc9np193EzNHBc= +github.com/fluxcd/pkg/tar v0.7.0 h1:xdg95f4DlzMgd4m+xPRXrX4NLb8P8b5SAqB19sDOLIs= +github.com/fluxcd/pkg/tar v0.7.0/go.mod h1:KLg1zMZF7sEncGA9LEsfkskbCMyLSEgrjBRXqFK++VE= github.com/fluxcd/pkg/version v0.4.0 h1:3F6oeIZ+ug/f7pALIBhcUhfURel37EPPOn7nsGfsnOg= github.com/fluxcd/pkg/version v0.4.0/go.mod h1:izVsSDxac81qWRmpOL9qcxZYx+zAN1ajoP5SidGP6PA= -github.com/fluxcd/source-controller/api v1.2.4 h1:XjKTWhSSeLGsogWnTcLl5sUnyMlC5TKDbbBgP9SyJ5c= -github.com/fluxcd/source-controller/api v1.2.4/go.mod h1:j3QSHpIPBP5sjaGIkVtsgWCx8JcOmcsutRmdJmRMOZg= +github.com/fluxcd/source-controller/api v1.3.0 h1:Z5Lq0aJY87yg0cQDEuwGLKS60GhdErCHtsi546HUt10= +github.com/fluxcd/source-controller/api v1.3.0/go.mod h1:+tfd0vltjcVs/bbnq9AlYR9AAHSVfM/Z4v4TpQmdJf4= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= @@ -189,8 +189,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= -github.com/google/go-github/v57 v57.0.0 h1:L+Y3UPTY8ALM8x+TV0lg+IEBI+upibemtBD8Q9u7zHs= -github.com/google/go-github/v57 v57.0.0/go.mod h1:s0omdnye0hvK/ecLvpsGfJMiRt85PimQh4oygmLIxHw= +github.com/google/go-github/v61 v61.0.0 h1:VwQCBwhyE9JclCI+22/7mLB1PuU9eowCXKY5pNlu1go= +github.com/google/go-github/v61 v61.0.0/go.mod h1:0WR+KmsWX75G2EbpyGsGmradjo3IiciuI4BmdVCobQY= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -359,8 +359,8 @@ github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8= -github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= +github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU= github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= @@ -609,8 +609,8 @@ k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.1 h1:RpWbigmuiylbxOCLy0tGnq1cU1qWPwNIQzoJk+QeJx4= +sigs.k8s.io/controller-runtime v0.18.1/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kind v0.22.0 h1:z/+yr/azoOfzsfooqRsPw1wjJlqT/ukXP0ShkHwNlsI= diff --git a/internal/provider/resource_bootstrap_git.go b/internal/provider/resource_bootstrap_git.go index 635485fa..1bfd00d9 100644 --- a/internal/provider/resource_bootstrap_git.go +++ b/internal/provider/resource_bootstrap_git.go @@ -18,6 +18,7 @@ package provider import ( "context" + "encoding/base64" "errors" "fmt" "io" @@ -49,11 +50,13 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" apitypes "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/json" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/kustomize/api/konfig" @@ -77,7 +80,6 @@ import ( const ( defaultCreateTimeout = 15 * time.Minute - defaultReadTimeout = 5 * time.Minute defaultUpdateTimeout = 15 * time.Minute defaultDeleteTimeout = 5 * time.Minute @@ -111,6 +113,7 @@ type bootstrapGitResourceData struct { Path types.String `tfsdk:"path"` RecurseSubmodules types.Bool `tfsdk:"recurse_submodules"` Registry customtypes.URL `tfsdk:"registry"` + RegistryCredentials types.String `tfsdk:"registry_credentials"` RepositoryFiles types.Map `tfsdk:"repository_files"` SecretName types.String `tfsdk:"secret_name"` Timeouts timeouts.Value `tfsdk:"timeouts"` @@ -286,6 +289,10 @@ func (r *bootstrapGitResource) Schema(ctx context.Context, req resource.SchemaRe Computed: true, Default: stringdefault.StaticString(defaultOpts.Registry), }, + "registry_credentials": schema.StringAttribute{ + Description: "Container registry credentials in the format 'user:password'", + Optional: true, + }, "repository_files": schema.MapAttribute{ ElementType: types.StringType, Description: "Git repository files created and managed by the provider.", @@ -335,6 +342,37 @@ func (r *bootstrapGitResource) Schema(ctx context.Context, req resource.SchemaRe } } +// TODO: Move all resource attribute validation here. +func (r *bootstrapGitResource) ValidateConfig(ctx context.Context, req resource.ValidateConfigRequest, resp *resource.ValidateConfigResponse) { + var data bootstrapGitResourceData + resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) + + if resp.Diagnostics.HasError() { + return + } + + if data.RegistryCredentials.ValueString() != "" && data.ImagePullSecret.ValueString() == "" { + resp.Diagnostics.AddAttributeError( + path.Root("registry_credentials"), + "Missing image_pull_secret configuration", + "The image_pull_secret attribute must be configured when registry_credential is set.", + ) + } + + if data.RegistryCredentials.ValueString() != "" && len(strings.Split(data.RegistryCredentials.ValueString(), ":")) != 2 { + resp.Diagnostics.AddAttributeError( + path.Root("registry_credentials"), + "Invalid registry_credential format", + "Expected 'user:password' format.", + ) + } + + // If registry_credential is not configured, return without warning. + if data.RegistryCredentials.IsNull() || data.RegistryCredentials.ValueString() == "" { + return + } +} + // ModifyPlan sets the desired Git repository files to be managed by the provider. func (r bootstrapGitResource) ModifyPlan(ctx context.Context, req resource.ModifyPlanRequest, resp *resource.ModifyPlanResponse) { if r.prd == nil { @@ -925,6 +963,14 @@ func (r *bootstrapGitResource) ImportState(ctx context.Context, req resource.Imp data.ImagePullSecret = types.StringValue(kustomizeDeployment.Spec.Template.Spec.ImagePullSecrets[0].Name) } + if data.ImagePullSecret != types.StringNull() { + username, password, err := getRegistryCredentials(ctx, kubeClient, data) + if err != nil { + resp.Diagnostics.AddError("Could not get registry credentials", err.Error()) + return + } + data.RegistryCredentials = types.StringValue(fmt.Sprintf("%s:%s", username, password)) + } // Get if watching all namespace. value, err := utils.GetArgValue(managerContainer, "--watch-all-namespaces") if err != nil { @@ -1098,35 +1144,36 @@ func getInstallOptions(data bootstrapGitResourceData) install.Options { installOptions := install.Options{ BaseURL: baseURL, - Version: data.Version.ValueString(), - Namespace: data.Namespace.ValueString(), + ClusterDomain: data.ClusterDomain.ValueString(), Components: components, - Registry: data.Registry.ValueURL().String(), ImagePullSecret: data.ImagePullSecret.ValueString(), - WatchAllNamespaces: data.WatchAllNamespaces.ValueBool(), - NetworkPolicy: data.NetworkPolicy.ValueBool(), LogLevel: data.LogLevel.ValueString(), - NotificationController: install.MakeDefaultOptions().NotificationController, ManifestFile: install.MakeDefaultOptions().ManifestFile, - Timeout: install.MakeDefaultOptions().Timeout, + Namespace: data.Namespace.ValueString(), + NetworkPolicy: data.NetworkPolicy.ValueBool(), + NotificationController: install.MakeDefaultOptions().NotificationController, + Registry: data.Registry.ValueURL().String(), + RegistryCredential: data.RegistryCredentials.ValueString(), TargetPath: data.Path.ValueString(), - ClusterDomain: data.ClusterDomain.ValueString(), + Timeout: install.MakeDefaultOptions().Timeout, TolerationKeys: tolerationKeys, + Version: data.Version.ValueString(), + WatchAllNamespaces: data.WatchAllNamespaces.ValueBool(), } return installOptions } func getSyncOptions(data bootstrapGitResourceData, url *url.URL, branch string) sync.Options { syncOpts := sync.Options{ + Branch: branch, Interval: data.Interval.ValueDuration(), + ManifestFile: sync.MakeDefaultOptions().ManifestFile, Name: data.Namespace.ValueString(), Namespace: data.Namespace.ValueString(), - URL: url.String(), - Branch: branch, + RecurseSubmodules: data.RecurseSubmodules.ValueBool(), Secret: data.SecretName.ValueString(), TargetPath: data.Path.ValueString(), - ManifestFile: sync.MakeDefaultOptions().ManifestFile, - RecurseSubmodules: data.RecurseSubmodules.ValueBool(), + URL: url.String(), } return syncOpts } @@ -1196,3 +1243,65 @@ func isFluxReady(ctx context.Context, kubeClient client.Client, data bootstrapGi return true, nil } + +func getRegistryCredentials(ctx context.Context, kubeClient client.Client, data bootstrapGitResourceData) (string, string, error) { + imagePullSecret := corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: data.ImagePullSecret.ValueString(), + Namespace: data.Namespace.ValueString(), + }, + } + + if err := kubeClient.Get(ctx, client.ObjectKeyFromObject(&imagePullSecret), &imagePullSecret); err != nil { + return "", "", fmt.Errorf("unable to get Secret %s/%s: %w", imagePullSecret.Namespace, imagePullSecret.Name, err) + } + + // Parse the .dockerconfigjson data + dockerConfigData, ok := imagePullSecret.Data[".dockerconfigjson"] + if !ok { + return "", "", fmt.Errorf("unable to get .dockerconfigjson key in Secret %s/%s", imagePullSecret.Namespace, imagePullSecret.Name) + } + + var dockerConfig map[string]interface{} + if err := json.Unmarshal(dockerConfigData, &dockerConfig); err != nil { + return "", "", fmt.Errorf("unable to unmarshal .dockerconfigjson key in Secret %s/%s: %w", imagePullSecret.Namespace, imagePullSecret.Name, err) + } + + // Assuming the format and key existences in the JSON + auths, ok := dockerConfig["auths"].(map[string]interface{}) + if !ok { + return "", "", fmt.Errorf("unable to get auths key in Secret %s/%s", imagePullSecret.Namespace, imagePullSecret.Name) + } + + // Extract credentials (assume one set of credentials) + for _, auth := range auths { + entry, ok := auth.(map[string]interface{}) + if !ok { + return "", "", fmt.Errorf("unable to get auth key in Secret %s/%s", imagePullSecret.Namespace, imagePullSecret.Name) + } + authEntry, ok := entry["auth"].(string) + if !ok { + return "", "", fmt.Errorf("unable to get auth key in Secret %s/%s", imagePullSecret.Namespace, imagePullSecret.Name) + } + + if authEntry == "" { + return "", "", fmt.Errorf("auth key in Secret %s/%s is empty", imagePullSecret.Namespace, imagePullSecret.Name) + } + + decoded, err := base64.StdEncoding.DecodeString(authEntry) + if err != nil { + return "", "", fmt.Errorf("unable to decode auth key in Secret %s/%s: %w", imagePullSecret.Namespace, imagePullSecret.Name, err) + } + + parts := string(decoded) + split := strings.Split(parts, ":") // Split string into username and password based on colon + if len(split) != 2 { + return "", "", fmt.Errorf("unable to split auth key in Secret %s/%s", imagePullSecret.Namespace, imagePullSecret.Name) + } + username := split[0] + password := split[1] + return username, password, nil + } + + return "", "", fmt.Errorf("no credentials found in Secret %s/%s", imagePullSecret.Namespace, imagePullSecret.Name) +}