-
Notifications
You must be signed in to change notification settings - Fork 277
/
fluxconfig.go
164 lines (145 loc) Β· 4.37 KB
/
fluxconfig.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
package v1alpha1
import (
"errors"
"fmt"
"net/url"
"os"
"github.com/aws/eks-anywhere/pkg/config"
"github.com/aws/eks-anywhere/pkg/logger"
)
const (
FluxConfigKind = "FluxConfig"
RsaAlgorithm = "rsa"
EcdsaAlgorithm = "ecdsa"
Ed25519Algorithm = "ed25519"
)
func GetAndValidateFluxConfig(fileName string, refName string, clusterConfig *Cluster) (*FluxConfig, error) {
config, err := getFluxConfig(fileName)
if err != nil {
return nil, err
}
if err = validateFluxConfig(config); err != nil {
return nil, err
}
if err = validateFluxRefName(config, refName); err != nil {
return nil, err
}
if err = validateFluxNamespace(config, clusterConfig); err != nil {
return nil, err
}
return config, nil
}
func getFluxConfig(fileName string) (*FluxConfig, error) {
var config FluxConfig
err := ParseClusterConfig(fileName, &config)
if err != nil {
return nil, err
}
return &config, nil
}
func validateFluxConfig(config *FluxConfig) error {
if config.Spec.Git != nil && config.Spec.Github != nil {
return errors.New("must specify only one provider")
}
if config.Spec.Git == nil && config.Spec.Github == nil {
return errors.New("must specify a provider. Valid options are git and github")
}
if config.Spec.Github != nil {
err := validateGithubProviderConfig(*config.Spec.Github)
if err != nil {
return err
}
}
if config.Spec.Git != nil {
err := validateGitProviderConfig(*config.Spec.Git)
if err != nil {
return err
}
}
if len(config.Spec.Branch) > 0 {
err := validateGitBranchName(config.Spec.Branch)
if err != nil {
return err
}
}
return nil
}
func validateGitProviderConfig(gitProviderConfig GitProviderConfig) error {
if len(gitProviderConfig.RepositoryUrl) <= 0 {
return errors.New("'repositoryUrl' is not set or empty in gitProviderConfig; repositoryUrl is a required field")
}
if len(gitProviderConfig.SshKeyAlgorithm) > 0 {
if err := validateSshKeyAlgorithm(gitProviderConfig.SshKeyAlgorithm); err != nil {
return err
}
} else {
logger.Info("Warning: 'sshKeyAlgorithm' is not set, defaulting to 'ecdsa'")
}
if privateKeyFile, ok := os.LookupEnv(config.EksaGitPrivateKeyTokenEnv); !ok || len(privateKeyFile) <= 0 {
return fmt.Errorf("%s is not set or is empty", config.EksaGitPrivateKeyTokenEnv)
}
if gitKnownHosts, ok := os.LookupEnv(config.EksaGitKnownHostsFileEnv); !ok || len(gitKnownHosts) <= 0 {
return fmt.Errorf("%s is not set or is empty", config.EksaGitKnownHostsFileEnv)
}
return validateRepositoryUrl(gitProviderConfig.RepositoryUrl)
}
func validateGithubProviderConfig(config GithubProviderConfig) error {
if len(config.Owner) <= 0 {
return errors.New("'owner' is not set or empty in githubProviderConfig; owner is a required field")
}
if len(config.Repository) <= 0 {
return errors.New("'repository' is not set or empty in githubProviderConfig; repository is a required field")
}
err := validateGitRepoName(config.Repository)
if err != nil {
return err
}
return nil
}
func validateRepositoryUrl(repositoryUrl string) error {
url, err := url.Parse(repositoryUrl)
if err != nil {
return fmt.Errorf("unable to parse repository url: %v", err)
}
if url.Scheme != "ssh" {
return fmt.Errorf("invalid repository url scheme: %v", url.Scheme)
}
return nil
}
func validateSshKeyAlgorithm(sshKeyAlgorithm string) error {
if sshKeyAlgorithm != RsaAlgorithm && sshKeyAlgorithm != EcdsaAlgorithm && sshKeyAlgorithm != Ed25519Algorithm {
return fmt.Errorf("'sshKeyAlgorithm' does not have a valid value in gitProviderConfig; sshKeyAlgorithm must be amongst %s, %s, %s", RsaAlgorithm, EcdsaAlgorithm, Ed25519Algorithm)
}
return nil
}
func validateFluxRefName(config *FluxConfig, refName string) error {
if config == nil {
return nil
}
if config.Name != refName {
return fmt.Errorf("FluxConfig retrieved with name %s does not match name (%s) specified in "+
"gitOpsRef", config.Name, refName)
}
return nil
}
func validateFluxNamespace(config *FluxConfig, clusterConfig *Cluster) error {
if config == nil {
return nil
}
if config.Namespace != clusterConfig.Namespace {
return errors.New("FluxConfig and Cluster objects must have the same namespace specified")
}
return nil
}
func setFluxConfigDefaults(flux *FluxConfig) {
if flux == nil {
return
}
c := &flux.Spec
if len(c.SystemNamespace) == 0 {
c.SystemNamespace = FluxDefaultNamespace
}
if len(c.Branch) == 0 {
c.Branch = FluxDefaultBranch
}
}