Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update module github.com/defenseunicorns/pkg/helpers to v1 #2411

Merged
merged 8 commits into from
Apr 4, 2024
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ require (
github.com/anchore/clio v0.0.0-20240307182142-fb5fc4c9db3c
github.com/anchore/stereoscope v0.0.1
github.com/anchore/syft v0.100.0
github.com/defenseunicorns/pkg/helpers v0.0.2
github.com/defenseunicorns/pkg/helpers v1.0.0
github.com/defenseunicorns/pkg/oci v0.0.1
github.com/derailed/k9s v0.31.7
github.com/distribution/reference v0.5.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -593,8 +593,8 @@ github.com/daviddengcn/go-colortext v1.0.0 h1:ANqDyC0ys6qCSvuEK7l3g5RaehL/Xck9EX
github.com/daviddengcn/go-colortext v1.0.0/go.mod h1:zDqEI5NVUop5QPpVJUxE9UO10hRnmkD5G4Pmri9+m4c=
github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6 h1:gwevOZ0fxT2nzM9hrtdPbsiOHjFqDRIYMzJHba3/G6Q=
github.com/defenseunicorns/gojsonschema v0.0.0-20231116163348-e00f069122d6/go.mod h1:StKLYMmPj1R5yIs6CK49EkcW1TvUYuw5Vri+LRk7Dy8=
github.com/defenseunicorns/pkg/helpers v0.0.2 h1:Axfk96vWkYQpya7E/JkghzwITu2F4GocpGm+mqEVcEg=
github.com/defenseunicorns/pkg/helpers v0.0.2/go.mod h1:F4S5VZLDrlNWQKklzv4v9tFWjjZNhxJ1gT79j4XiLwk=
github.com/defenseunicorns/pkg/helpers v1.0.0 h1:0o3Rs+J/g0UemZHcENBS1Z2Qw2y4FIUUrGs75iEyPb4=
github.com/defenseunicorns/pkg/helpers v1.0.0/go.mod h1:F4S5VZLDrlNWQKklzv4v9tFWjjZNhxJ1gT79j4XiLwk=
github.com/defenseunicorns/pkg/oci v0.0.1 h1:EFRp3NeiwzhOWKpQ6mAxi0l9chnrAvDcIgjMr0o0fkM=
github.com/defenseunicorns/pkg/oci v0.0.1/go.mod h1:zVBgRjckEAhfdvbnQrnfOP/3M/GYJkIgWtJtY7pjYdo=
github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da h1:ZOjWpVsFZ06eIhnh4mkaceTiVoktdU67+M7KDHJ268M=
Expand Down
3 changes: 3 additions & 0 deletions src/pkg/k8s/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ import (
"k8s.io/client-go/tools/clientcmd"
)

// cannot import config.ZarfManagedByLabel due to import cycle
const zarfManagedByLabel = "app.kubernetes.io/managed-by"

// New creates a new K8s client.
func New(logger Log, defaultLabels Labels) (*K8s, error) {
klog.SetLogger(funcr.New(func(_, args string) {
Expand Down
5 changes: 1 addition & 4 deletions src/pkg/k8s/configmap.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (
"context"
"fmt"

"github.com/defenseunicorns/pkg/helpers"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand All @@ -29,13 +28,11 @@ func (k *K8s) CreateConfigmap(namespace, name string, data map[string][]byte) (*
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
Labels: make(Labels),
lucasrod16 marked this conversation as resolved.
Show resolved Hide resolved
},
BinaryData: data,
}

// Merge in common labels so that later modifications to the namespace can't mutate them
configMap.ObjectMeta.Labels = helpers.MergeMap[string](k.Labels, configMap.ObjectMeta.Labels)

createOptions := metav1.CreateOptions{}
return k.Clientset.CoreV1().ConfigMaps(namespace).Create(context.TODO(), configMap, createOptions)
}
Expand Down
11 changes: 4 additions & 7 deletions src/pkg/k8s/namespace.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"time"

"cuelang.org/go/pkg/strings"
"github.com/defenseunicorns/pkg/helpers"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -64,20 +63,18 @@ func (k *K8s) DeleteNamespace(ctx context.Context, name string) error {

// NewZarfManagedNamespace returns a corev1.Namespace with Zarf-managed labels
func (k *K8s) NewZarfManagedNamespace(name string) *corev1.Namespace {
namespace := &corev1.Namespace{
return &corev1.Namespace{
TypeMeta: metav1.TypeMeta{
APIVersion: corev1.SchemeGroupVersion.String(),
Kind: "Namespace",
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Labels: map[string]string{
zarfManagedByLabel: "zarf",
},
},
}

// Merge in common labels so that later modifications to the namespace can't mutate them
namespace.ObjectMeta.Labels = helpers.MergeMap[string](k.Labels, namespace.ObjectMeta.Labels)

return namespace
}

// IsInitialNamespace returns true if the given namespace name is an initial k8s namespace: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#initial-namespaces
Expand Down
5 changes: 1 addition & 4 deletions src/pkg/k8s/pods.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"sort"
"time"

"github.com/defenseunicorns/pkg/helpers"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand All @@ -27,12 +26,10 @@ func (k *K8s) GeneratePod(name, namespace string) *corev1.Pod {
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
Labels: make(Labels),
},
}

// Merge in common labels so that later modifications to the pod can't mutate them
pod.ObjectMeta.Labels = helpers.MergeMap[string](k.Labels, pod.ObjectMeta.Labels)

return pod
}

Expand Down
11 changes: 4 additions & 7 deletions src/pkg/k8s/secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"crypto/tls"
"fmt"

"github.com/defenseunicorns/pkg/helpers"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand All @@ -28,23 +27,21 @@ func (k *K8s) GetSecretsWithLabel(namespace, labelSelector string) (*corev1.Secr

// GenerateSecret returns a Kubernetes secret object without applying it to the cluster.
func (k *K8s) GenerateSecret(namespace, name string, secretType corev1.SecretType) *corev1.Secret {
secret := &corev1.Secret{
return &corev1.Secret{
TypeMeta: metav1.TypeMeta{
APIVersion: corev1.SchemeGroupVersion.String(),
Kind: "Secret",
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
Labels: map[string]string{
zarfManagedByLabel: "zarf",
},
},
Type: secretType,
Data: map[string][]byte{},
}

// Merge in common labels so that later modifications to the secret can't mutate them
secret.ObjectMeta.Labels = helpers.MergeMap[string](k.Labels, secret.ObjectMeta.Labels)

return secret
}

// GenerateTLSSecret returns a Kubernetes secret object without applying it to the cluster.
Expand Down
4 changes: 1 addition & 3 deletions src/pkg/k8s/services.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,10 @@ func (k *K8s) GenerateService(namespace, name string) *corev1.Service {
Name: name,
Namespace: namespace,
Annotations: make(Labels),
Labels: make(Labels),
},
}

// Merge in common labels so that later modifications to the service can't mutate them
service.ObjectMeta.Labels = helpers.MergeMap[string](k.Labels, service.ObjectMeta.Labels)

return service
}

Expand Down
109 changes: 109 additions & 0 deletions src/test/e2e/20_zarf_init_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,12 +105,19 @@ func TestZarfInit(t *testing.T) {
require.NoError(t, err)
require.Contains(t, stdOut, "Min")

verifyZarfNamespaceLabels(t)
verifyZarfSecretLabels(t)
verifyZarfPodLabels(t)
verifyZarfServiceLabels(t)

// Special sizing-hacking for reducing resources where Kind + CI eats a lot of free cycles (ignore errors)
_, _, _ = e2e.Kubectl("scale", "deploy", "-n", "kube-system", "coredns", "--replicas=1")
_, _, _ = e2e.Kubectl("scale", "deploy", "-n", "zarf", "agent-hook", "--replicas=1")
}

func checkLogForSensitiveState(t *testing.T, logText string, zarfState types.ZarfState) {
t.Helper()

require.NotContains(t, logText, zarfState.AgentTLS.CA)
require.NotContains(t, logText, string(zarfState.AgentTLS.CA))
require.NotContains(t, logText, zarfState.AgentTLS.Cert)
Expand All @@ -125,3 +132,105 @@ func checkLogForSensitiveState(t *testing.T, logText string, zarfState types.Zar
require.NotContains(t, logText, zarfState.RegistryInfo.Secret)
require.NotContains(t, logText, zarfState.LoggingSecret)
}

func verifyZarfNamespaceLabels(t *testing.T) {
t.Helper()

expectedLabels := `'{"app.kubernetes.io/managed-by":"zarf","kubernetes.io/metadata.name":"zarf"}'`
actualLabels, _, err := e2e.Kubectl("get", "ns", "zarf", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)
}

func verifyZarfSecretLabels(t *testing.T) {
t.Helper()

// zarf state
expectedLabels := `'{"app.kubernetes.io/managed-by":"zarf"}'`
actualLabels, _, err := e2e.Kubectl("get", "-n=zarf", "secret", "zarf-state", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)

// init package secret
expectedLabels = `'{"app.kubernetes.io/managed-by":"zarf","package-deploy-info":"init"}'`
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "secret", "zarf-package-init", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)

// registry
expectedLabels = `'{"app.kubernetes.io/managed-by":"zarf"}'`
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "secret", "private-registry", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)

// agent hook TLS
//
// this secret does not have the managed by zarf label
// because it is deployed as a helm chart rather than generated in Go code.
expectedLabels = `'{"app.kubernetes.io/managed-by":"Helm"}'`
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "secret", "agent-hook-tls", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)

// git server
expectedLabels = `'{"app.kubernetes.io/managed-by":"zarf"}'`
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "secret", "private-git-server", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)
}

func verifyZarfPodLabels(t *testing.T) {
t.Helper()

// registry
podHash, _, err := e2e.Kubectl("get", "-n=zarf", "--selector=app=docker-registry", "pods", `-o=jsonpath="{.items[0].metadata.labels['pod-template-hash']}"`)
require.NoError(t, err)
expectedLabels := fmt.Sprintf(`'{"app":"docker-registry","pod-template-hash":%s,"release":"zarf-docker-registry","zarf.dev/agent":"ignore"}'`, podHash)
actualLabels, _, err := e2e.Kubectl("get", "-n=zarf", "--selector=app=docker-registry", "pods", "-o=jsonpath='{.items[0].metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)

// agent
podHash, _, err = e2e.Kubectl("get", "-n=zarf", "--selector=app=agent-hook", "pods", `-o=jsonpath="{.items[0].metadata.labels['pod-template-hash']}"`)
require.NoError(t, err)
expectedLabels = fmt.Sprintf(`'{"app":"agent-hook","pod-template-hash":%s,"zarf.dev/agent":"ignore"}'`, podHash)
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "--selector=app=agent-hook", "pods", "-o=jsonpath='{.items[0].metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)

// logging and git server pods should have the `zarf-agent=patched` label
// since they should have been mutated by the agent
patchedLabel := `"zarf-agent":"patched"`

// logging
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "--selector=app.kubernetes.io/instance=zarf-loki-stack", "pods", "-o=jsonpath='{.items[0].metadata.labels}'")
require.NoError(t, err)
require.Contains(t, actualLabels, patchedLabel)

// git server
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "--selector=app.kubernetes.io/instance=zarf-gitea ", "pods", "-o=jsonpath='{.items[0].metadata.labels}'")
require.NoError(t, err)
require.Contains(t, actualLabels, patchedLabel)
}

func verifyZarfServiceLabels(t *testing.T) {
t.Helper()

// registry
expectedLabels := `'{"app.kubernetes.io/managed-by":"Helm","zarf.dev/connect-name":"registry"}'`
actualLabels, _, err := e2e.Kubectl("get", "-n=zarf", "service", "zarf-connect-registry", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)

// logging
expectedLabels = `'{"app.kubernetes.io/managed-by":"Helm","zarf.dev/connect-name":"logging"}'`
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "service", "zarf-connect-logging", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)

// git server
expectedLabels = `'{"app.kubernetes.io/managed-by":"Helm","zarf.dev/connect-name":"git"}'`
actualLabels, _, err = e2e.Kubectl("get", "-n=zarf", "service", "zarf-connect-git", "-o=jsonpath='{.metadata.labels}'")
require.NoError(t, err)
require.Equal(t, expectedLabels, actualLabels)
}
Loading