This commit adds multiple safe guards for relative paths, ensuring they
never traverse outside the working directory.
The `SafeRelativePath` flag calculates the safe relative path based on a
relative base dir, which results in a flattened path.
The write methods of `manifestgen` make use of the `SecureJoin` as well,
to ensure writes are never outside of the given directory when used as
a lib outside of the CLI.
Signed-off-by: Hidde Beydals <hello@hidde.co>
It's a common pattern in the create commands to construct a value,
then (if not exporting it) upsert it and wait for it to
reconcile. This commit factors `upsert`, which does the update/insert
bit, and `upsertAndWait`, which does the whole thing.
Since these output messages, they are methods of `apiType` (previously
`names`), so that they have access to the name of the kind they are
operating on.
Signed-off-by: Michael Bridgen <michael@weave.works>
This means all the sub-subcommands can drop the `image-` prefix,
making them shorter and more fluent.
E.g.,
flux create image policy
rather than
flux create auto image-policy
Signed-off-by: Michael Bridgen <michael@weave.works>
Most commands use either a kind, or a more readable spelling of a
kind, in their output. To make this easier, this centralises the
definition of those names in one place, and lets the command
implementations choose whichever they need.
Signed-off-by: Michael Bridgen <michael@weave.works>
Since the generic commands tend to share a few of the methods they
need -- at least AsClientObject -- it's worth having just one wrapper
struct for each API type, and adding methods to it where necessary.
For the automation types, I put these in auto.go.
While doing this I also did some tidying:
- I changed the name of the wrappers to `<type>Adapter`, and the
generic adapter to `universalAdapter` (it's only needed for delete,
so far).
- I de-exported and renamed some interface methods e.g.,
`exportItem`. They aren't needed outside the package.
Signed-off-by: Michael Bridgen <michael@weave.works>
This uses the established abstractions to implement the usual
subcommands for the ImageUpdateAutomation type.
I've called the sub-subcommand in each case `image-update`, as a
fairly safe shorthand for the much longer `image-update-automation`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds the create subcommand, without attempting any refactoring.
NB the TODO: the image/v1alpha1 API does not yet export a const for
the name of the kind. The field `RunInterval` will likely be changed
to `Interval` (with a value field), at some point, too.
Signed-off-by: Michael Bridgen <michael@weave.works>
The export command works the same way for most (all?) types. I have
made it generic and moved it into export.go, then ported
{export,create}_auto_image{repository,policy}.go to use it.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds a command for deleting ImagePolicy objects. Since the
control flow for the command needs only a runtime.Object (and a name
for the type), it can be factored out.
I have made the argument (field in the deleteCommand struct) an
interface `objectContainer`, through which the command code gets a
`runtime.Object` to deserialise into (and delete). It could be simply
a `runtime.Object` here; however things like `getCommand` require
other methods, so it's convenient to have an interface for it.
Signed-off-by: Michael Bridgen <michael@weave.works>
This factors the get command implementation so that the control flow
is generic and relies on a handful of methods, then uses that to add
`get auto image-policy` and to rewrite `get auto image-repository`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This adds all the standard subcommands for the ImageRepository type.
Following `source`, I have put them under a namespace: `auto`,
referring to automation.
NB For `create` I use controllerutil.CreateOrUpdate, which looks to me
like a slightly more rounded version of the upsert* funcs.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit adds a flag for supplying extra components to bootstrap
(and its subcommands), to match the one for `flux install`.
Since the bootstrapComponents global is used in a few places, I made
it a func and renamed the variable. For consistency, I also renamed
the var used in install.go.
Lastly, so that the flag sorts next to `--components`, I changed it to
`--components-extra` in both commands.
Signed-off-by: Michael Bridgen <michael@weave.works>
If you want to install the default set of controllers and the image-*
controllers, at present you have to list every single one of them.
An improvement on this is to let people specify what they want _in
addition_ to the default controllers. This commit adds an argument
`--extra-components` which appends to the (most likely, default value)
slice of `--components`.
Signed-off-by: Michael Bridgen <michael@weave.works>
This commit refactors the `printLogger` into a `stderrLogger` that
properly logs to `os.stderr` instead of `os.stdout`.
Signed-off-by: Hidde Beydals <hello@hidde.co>
Updates to use metav1.Condition type and removes references for
deprecated corev1.Condition* constants and uses the new k8s api/meta
helpers in place of the old pkg/apis/meta types.
Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
- introduce manifestgen pkg, to be consumed by the CLI and Terraform provider
- consolidate defaults in manifestgen/install pkg
- introduce Manifest as the returning type of manifest generation
- add helper function to Manifest for writing multi-doc YAMLs on disk
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
* Take ObservedGeneration into account in readiness checks where
applicable
* Reduce amount of code (and duplicate GETs) by working with pointers
where possible
* Improve logged messages to properly take resource names into account
and better describe processes
- ignore not found errors when deleting objects
- remove the CR/CRDs before deleting the cluster role binding
- capture kubectl exist code
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
Includes a change to an empty revision string if the reconciler has not
produced an artifact yet, as this will otherwise result in a nil
pointer dereference.
