diff --git a/.bazelignore b/.bazelignore index 1e107f52..c7ca8d09 100644 --- a/.bazelignore +++ b/.bazelignore @@ -1 +1 @@ -examples +e2e diff --git a/.bazelversion b/.bazelversion index 09b254e9..91e4a9f2 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -6.0.0 +6.3.2 diff --git a/.fasterci/config.yaml b/.fasterci/config.yaml index 191fce72..2b5c34eb 100644 --- a/.fasterci/config.yaml +++ b/.fasterci/config.yaml @@ -1,12 +1,9 @@ -# configure vscode yaml support https://marketplace.visualstudio.com/items?itemName=redhat.vscode-yaml -# yaml-language-server: $schema=https://fasterci.com/config.schema.json workflows: - &build_workflow - name: Faster CI / build (6.0.0) + name: Faster CI / build (6.1.0) env: - USE_BAZEL_VERSION: "6.0.0" - image: us.gcr.io/fasterci/bazelbuilder:5e59f651dbb5 + USE_BAZEL_VERSION: "6.1.0" on: push: branches: @@ -21,17 +18,17 @@ workflows: - //... test_targets: - //... - - name: Build & test examples - working-directory: examples + - name: Build & test e2e + working-directory: e2e bazel: build_targets: - //... test_targets: - //... - - name: Check - run: bazel run //:buildifier-check + test_flags: + - --test_size_filters=-large,-enormous - <<: *build_workflow - name: Faster CI / build (5.3.1) + name: Faster CI / build (6.3.2) env: - USE_BAZEL_VERSION: "5.3.1" + USE_BAZEL_VERSION: "6.3.2" diff --git a/.github/workflows/workspace_snippet.sh b/.github/workflows/workspace_snippet.sh index d1d3a235..422e06e7 100755 --- a/.github/workflows/workspace_snippet.sh +++ b/.github/workflows/workspace_snippet.sh @@ -15,10 +15,10 @@ WORKSPACE snippet: load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") http_archive( - name = "com_adobe_rules_gitops", + name = "rules_gitops", sha256 = "${SHA}", strip_prefix = "${PREFIX}", - urls = ["https://github.com/adobe/rules_gitops/archive/refs/tags/${TAG}.tar.gz"], + urls = ["https://github.com/fasterci/rules_gitops/archive/refs/tags/${TAG}.tar.gz"], ) EOF diff --git a/BUILD b/BUILD index d4718a48..b8bfbd2b 100644 --- a/BUILD +++ b/BUILD @@ -9,11 +9,11 @@ # governing permissions and limitations under the License. # gazelle:build_tags darwin,linux -# gazelle:exclude examples +# gazelle:exclude examples e2e # gazelle:proto disable_global load("@bazel_gazelle//:def.bzl", "gazelle") -load("@com_github_bazelbuild_buildtools//buildifier:def.bzl", "buildifier") +load("@com_github_bazelbuild_buildtools//buildifier:def.bzl", "buildifier", "buildifier_test") licenses(["notice"]) # Apache 2.0 @@ -50,8 +50,8 @@ buildifier( lint_mode = "fix", ) -buildifier( - name = "buildifier-check", +buildifier_test( + name = "buildifier_check", lint_mode = "warn", lint_warnings = [ "-module-docstring", @@ -60,5 +60,4 @@ buildifier( "-function-docstring-args", "-function-docstring-return", ], - mode = "check", ) diff --git a/COPYRIGHT b/COPYRIGHT deleted file mode 100644 index 7aeab94c..00000000 --- a/COPYRIGHT +++ /dev/null @@ -1,5 +0,0 @@ -© Copyright 2015-2020 Adobe. All rights reserved. - -Adobe holds the copyright for all the files found in this repository. - -See the LICENSE file for licensing information. diff --git a/README.md b/README.md index 4db33521..29131b54 100644 --- a/README.md +++ b/README.md @@ -46,9 +46,9 @@ copy the WORKSPACE snippet into your `WORKSPACE` file. The `k8s_deploy` creates rules that produce the `.apply` and `.gitops` targets `k8s_deploy` is defined in [k8s.bzl](./skylib/k8s.bzl). `k8s_deploy` takes the files listed in the `manifests`, `patches`, and `configmaps_srcs` attributes and combines (**renders**) them into one YAML file. This happens when you `bazel build` or `bazel run` a target created by the `k8s_deploy`. The file is created at `bazel-bin/path/to/package/name.yaml`. When you run a `.apply` target, it runs `kubectl apply` on this file. When you run a `.gitops` target, it copies this file to the appropriate location in the same os separate repository. -For example, let's look at the [example's k8s_deploy](./examples/helloworld/BUILD). We can peek at the file containing the rendered K8s manifests: +For example, let's look at the [example's k8s_deploy](./e2e/helloworld/BUILD). We can peek at the file containing the rendered K8s manifests: ```bash -cd examples +cd e2e bazel run //helloworld:mynamespace.show ``` When you run `bazel run ///helloworld:mynamespace.apply`, it applies this file into your personal (`{BUILD_USER}`) namespace. Viewing the rendered files with `.show` can be useful for debugging issues with invalid or misconfigured manifests. @@ -57,7 +57,7 @@ When you run `bazel run ///helloworld:mynamespace.apply`, it applies this file i | ------------------------- | -------------- | ----------- | ***cluster*** | `None` | The name of the cluster in which these manifests will be applied. | ***namespace*** | `None` | The target namespace to assign to all manifests. Any namespace value in the source manifests will be replaced or added if not specified. -| ***user*** | `{BUILD_USER}` | The user passed to kubectl in .apply rule. Must exist in users ~/.kube/config +| ***user*** | value from ~/.kube/config | The user passed to kubectl in .apply rule. Must exist in users ~/.kube/config | ***configmaps_srcs*** | `None` | A list of files (of any type) that will be combined into configmaps. See [Generating Configmaps](#generating-configmaps). | ***configmaps_renaming*** | `None` | Configmaps/Secrets renaming policy. Could be None or 'hash'. 'hash' renaming policy is used to add a unique suffix to the generated configmap or secret name. All references to the configmap or secret in other manifests will be replaced with the generated name. | ***secrets_srcs*** | `None` | A list of files (of any type) that will be combined into a secret similar to configmaps. @@ -82,7 +82,7 @@ When you run `bazel run ///helloworld:mynamespace.apply`, it applies this file i | ***image_registry*** | `docker.io` | The registry to push images to. | ***image_repository*** | `None` | The repository to push images to. By default, this is generated from the current package path. | ***image_repository_prefix*** | `None` | Add a prefix to the image_repository. Can be used to upload the images in -| ***image_pushes*** | `[]` | A list of labels implementing K8sPushInfo referring image uploaded into registry. See [Injecting Docker Images](#injecting-docker-images). +| ***image_pushes*** | `[]` | A list of labels implementing GitopsPushInfo referring image uploaded into registry. See [Injecting Docker Images](#injecting-docker-images). | ***release_branch_prefix*** | `master` | A git branch name/prefix. Automatically run GitOps while building this branch. See [GitOps and Deployment](#gitops_and_deployment). | ***deployment_branch*** | `None` | Automatic GitOps output will appear in a branch and PR with this name. See [GitOps and Deployment](#gitops_and_deployment). | ***gitops_path*** | `cloud` | Path within the git repo where gitops files get generated into @@ -229,9 +229,9 @@ spec: ### Injecting Docker Images -Third-party Docker images can be referenced directly in K8s manifests, but for most apps, we need to run our own images. The images are built in the Bazel build pipeline using [rules_docker](https://github.com/bazelbuild/rules_docker). For example, the `java_image` rule creates an image of a Java application from Java source code, dependencies, and configuration. +Third-party Docker images can be referenced directly in K8s manifests, but for most apps, we need to run our own images. The images are built in the Bazel build pipeline using [rules_oci](https://github.com/bazel-contrib/rules_oci). -Here's a (very contrived) example of how this ties in with `k8s_deploy`. Here's the `BUILD` file located in the package `//examples`: +Here's a (very contrived) example of how this ties in with `k8s_deploy`. Here's the `BUILD` file located in the package `//e2e`: ```starlark java_image( name = "helloworld_image", @@ -254,9 +254,9 @@ metadata: name: helloworld spec: containers: - - image: //examples:helloworld_image # (2) + - image: //e2e:helloworld_image # (2) ``` -There `images` attribute dictionary `(1)` defines the images available for the substitution. The manifest file references the fully qualified image target path `//examples:helloworld_image` `(2)`. +There `images` attribute dictionary `(1)` defines the images available for the substitution. The manifest file references the fully qualified image target path `//e2e:helloworld_image` `(2)`. The `image` key value in the dictionary is used as an image push identifier. The best practice (as provided in the example) is to use image key that matches the [label name](https://docs.bazel.build/versions/master/skylark/lib/Label.html#name) of the image target. @@ -315,7 +315,7 @@ Docker image and the files in the image. So for example, here's what will happen 1. A new `helloworld` manifest will be rendered using the new image 1. The new `helloworld` pod will be deployed -It is possible to use alternative ways to resolve images as long as respective rule implements K8sPushInfo provider. For example, this setup will mirror the referred image into a local registry and provide a reference to it. `k8s_deploy` will need to use `image_pushes` parameter: +It is possible to use alternative ways to resolve images as long as respective rule implements GitopsPushInfo provider. For example, this setup will mirror the referred image into a local registry and provide a reference to it. `k8s_deploy` will need to use `image_pushes` parameter: ```starlark load("@com_fasterci_rules_mirror//mirror:defs.bzl", "mirror_image") @@ -368,7 +368,7 @@ The *Create GitOps PRs* step usually is the last step of a CI pipeline. `rules_g For the full list of `create_gitops_prs` command line options, run: ```bash -bazel run @com_adobe_rules_gitops//gitops/prer:create_gitops_prs +bazel run @rules_gitops//gitops/prer:create_gitops_prs ``` @@ -405,7 +405,7 @@ GIT_ROOT_DIR=$(git rev-parse --show-toplevel) GIT_COMMIT_ID=$(git rev-parse HEAD) GIT_BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) if [ "${GIT_BRANCH_NAME}" == "master"]; then - bazel run @com_adobe_rules_gitops//gitops/prer:create_gitops_prs -- \ + bazel run @rules_gitops//gitops/prer:create_gitops_prs -- \ --workspace $GIT_ROOT_DIR \ --git_repo https://github.com/example/repo.git \ --git_mirror $GIT_ROOT_DIR/.git \ @@ -482,7 +482,7 @@ GIT_BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD) # => release/team-20 RELEASE_BRANCH_SUFFIX=${GIT_BRANCH_NAME#"release/team"} # => -20200101 RELEASE_BRANCH=${GIT_BRANCH_NAME%${RELEASE_BRANCH_SUFFIX}} # => release/team if [ "${RELEASE_BRANCH}" == "release/team"]; then - bazel run @com_adobe_rules_gitops//gitops/prer:create_gitops_prs -- \ + bazel run @rules_gitops//gitops/prer:create_gitops_prs -- \ --workspace $GIT_ROOT_DIR \ --git_repo https://github.com/example/repo.git \ --git_mirror $GIT_ROOT_DIR/.git \ @@ -575,7 +575,7 @@ The test code launches the script to perform the test setup. The test code shoul The `@k8s_test//:kubeconfig` target referenced from `k8s_test_setup` rule serves the purpose of making Kubernetes configuration available in the test sandbox. The `kubeconfig` repository rule in the `WORKSPACE` file will need, at minimum, provide the cluster name. ```starlark -load("@com_adobe_rules_gitops//gitops:defs.bzl", "kubeconfig") +load("@rules_gitops//gitops:defs.bzl", "kubeconfig") kubeconfig( name = "k8s_test", diff --git a/WORKSPACE b/WORKSPACE index e6b8bbb0..a89dfeac 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -8,25 +8,25 @@ # OF ANY KIND, either express or implied. See the License for the specific language # governing permissions and limitations under the License. -workspace(name = "com_adobe_rules_gitops") +workspace(name = "rules_gitops") load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") http_archive( name = "io_bazel_rules_go", - sha256 = "dd926a88a564a9246713a9c00b35315f54cbd46b31a26d5d8fb264c07045f05d", + sha256 = "278b7ff5a826f3dc10f04feaf0b70d48b68748ccd512d7f98bf442077f043fe3", urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.38.1/rules_go-v0.38.1.zip", - "https://github.com/bazelbuild/rules_go/releases/download/v0.38.1/rules_go-v0.38.1.zip", + "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.41.0/rules_go-v0.41.0.zip", + "https://github.com/bazelbuild/rules_go/releases/download/v0.41.0/rules_go-v0.41.0.zip", ], ) http_archive( name = "com_github_bazelbuild_buildtools", - sha256 = "ca524d4df8c91838b9e80543832cf54d945e8045f6a2b9db1a1d02eec20e8b8c", - strip_prefix = "buildtools-6.0.1", + sha256 = "977a0bd4593c8d4c8f45e056d181c35e48aa01ad4f8090bdb84f78dca42f47dc", + strip_prefix = "buildtools-6.1.2", urls = [ - "https://github.com/bazelbuild/buildtools/archive/refs/tags/6.0.1.tar.gz", + "https://github.com/bazelbuild/buildtools/archive/refs/tags/v6.1.2.tar.gz", ], ) @@ -34,16 +34,16 @@ load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_depe go_rules_dependencies() -go_register_toolchains(version = "1.19.2") +go_register_toolchains(version = "1.20.6") # # Self dependencies # -load("@com_adobe_rules_gitops//gitops:deps.bzl", "rules_gitops_dependencies") +load("@rules_gitops//gitops:deps.bzl", "rules_gitops_dependencies") rules_gitops_dependencies() -load("@com_adobe_rules_gitops//gitops:repositories.bzl", "rules_gitops_repositories") +load("@rules_gitops//gitops:repositories.bzl", "rules_gitops_repositories") rules_gitops_repositories() @@ -51,13 +51,16 @@ rules_gitops_repositories() # Development dependencies # +load("@bazel_skylib//lib:unittest.bzl", "register_unittest_toolchains") + +register_unittest_toolchains() + http_archive( name = "com_google_protobuf", - sha256 = "d0f5f605d0d656007ce6c8b5a82df3037e1d8fe8b121ed42e536f569dec16113", - strip_prefix = "protobuf-3.14.0", + sha256 = "3bd7828aa5af4b13b99c191e8b1e884ebfa9ad371b0ce264605d347f135d2568", + strip_prefix = "protobuf-3.19.4", urls = [ - "https://mirror.bazel.build/github.com/protocolbuffers/protobuf/archive/v3.14.0.tar.gz", - "https://github.com/protocolbuffers/protobuf/archive/v3.14.0.tar.gz", + "https://github.com/protocolbuffers/protobuf/archive/v3.19.4.tar.gz", ], ) @@ -65,17 +68,6 @@ load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps") protobuf_deps() -load( - "@io_bazel_rules_docker//go:image.bzl", - go_image_repositories = "repositories", -) - -go_image_repositories() - -load("@bazel_skylib//lib:unittest.bzl", "register_unittest_toolchains") - -register_unittest_toolchains() - load("@com_github_bazelbuild_buildtools//buildifier:deps.bzl", "buildifier_dependencies") buildifier_dependencies() diff --git a/e2e/.bazelrc b/e2e/.bazelrc new file mode 100644 index 00000000..338b528b --- /dev/null +++ b/e2e/.bazelrc @@ -0,0 +1 @@ +build --action_env HOME --test_env HOME diff --git a/e2e/.bazelversion b/e2e/.bazelversion new file mode 100644 index 00000000..dc0208ab --- /dev/null +++ b/e2e/.bazelversion @@ -0,0 +1 @@ +6.3.1 diff --git a/examples/.gitignore b/e2e/.gitignore similarity index 100% rename from examples/.gitignore rename to e2e/.gitignore diff --git a/examples/BUILD b/e2e/BUILD similarity index 100% rename from examples/BUILD rename to e2e/BUILD diff --git a/examples/README.md b/e2e/README.md similarity index 100% rename from examples/README.md rename to e2e/README.md diff --git a/examples/WORKSPACE b/e2e/WORKSPACE similarity index 63% rename from examples/WORKSPACE rename to e2e/WORKSPACE index 86ee6eb9..6a1f0df4 100644 --- a/examples/WORKSPACE +++ b/e2e/WORKSPACE @@ -11,7 +11,7 @@ workspace(name = "examples") local_repository( - name = "com_adobe_rules_gitops", + name = "rules_gitops", path = "..", ) @@ -22,10 +22,10 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") http_archive( name = "io_bazel_rules_go", - sha256 = "099a9fb96a376ccbbb7d291ed4ecbdfd42f6bc822ab77ae6f1b5cb9e914e94fa", + sha256 = "278b7ff5a826f3dc10f04feaf0b70d48b68748ccd512d7f98bf442077f043fe3", urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.35.0/rules_go-v0.35.0.zip", - "https://github.com/bazelbuild/rules_go/releases/download/v0.35.0/rules_go-v0.35.0.zip", + "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.41.0/rules_go-v0.41.0.zip", + "https://github.com/bazelbuild/rules_go/releases/download/v0.41.0/rules_go-v0.41.0.zip", ], ) @@ -33,13 +33,13 @@ load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_depe go_rules_dependencies() -go_register_toolchains(version = "1.19.2") +go_register_toolchains(version = "1.20.6") -load("@com_adobe_rules_gitops//gitops:deps.bzl", "rules_gitops_dependencies") +load("@rules_gitops//gitops:deps.bzl", "rules_gitops_dependencies") rules_gitops_dependencies() -load("@com_adobe_rules_gitops//gitops:repositories.bzl", "rules_gitops_repositories") +load("@rules_gitops//gitops:repositories.bzl", "rules_gitops_repositories") rules_gitops_repositories() @@ -49,9 +49,18 @@ rules_gitops_repositories() # examples dependencies # -load( - "@io_bazel_rules_docker//go:image.bzl", - go_image_repositories = "repositories", +load("@rules_oci//oci:pull.bzl", "oci_pull") + +oci_pull( + name = "go_image_static", + digest = "sha256:ebd8cc37d22551dce0957ba8e58f03b22a8448bbf844c8c9ded4feef883b36bc", + image = "gcr.io/distroless/static", ) -go_image_repositories() +load("@rules_gitops//skylib:k8s.bzl", "kubeconfig") + +kubeconfig( + name = "k8s_test", + cluster = "gke_rules-gitops-demo_us-central1_cluster-demo", + use_host_config = True, +) diff --git a/examples/e2e-test.sh b/e2e/e2e-test.sh similarity index 100% rename from examples/e2e-test.sh rename to e2e/e2e-test.sh diff --git a/e2e/go.mod b/e2e/go.mod new file mode 100644 index 00000000..80e40c21 --- /dev/null +++ b/e2e/go.mod @@ -0,0 +1,5 @@ +module github.com/fasterci/rules_gitops/e2e + +go 1.20 + +require github.com/adobe/rules_gitops v0.18.0 diff --git a/e2e/go.sum b/e2e/go.sum new file mode 100644 index 00000000..b1ab7987 --- /dev/null +++ b/e2e/go.sum @@ -0,0 +1,2 @@ +github.com/adobe/rules_gitops v0.18.0 h1:VXG5WNHCA26pA72aqcyeUjXYkBXDyAQxS33QFs4czHw= +github.com/adobe/rules_gitops v0.18.0/go.mod h1:vdARypk35U3M/1EAmFRptiSbzXg9FMQPe8D33Am7rHY= diff --git a/e2e/helloworld/BUILD.bazel b/e2e/helloworld/BUILD.bazel new file mode 100644 index 00000000..35614387 --- /dev/null +++ b/e2e/helloworld/BUILD.bazel @@ -0,0 +1,104 @@ +# Copyright 2020 Adobe. All rights reserved. +# Copyright 2023 rules_gitops authors. All rights reserved. +# This file is licensed to you under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. You may obtain a copy +# of the License at http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software distributed under +# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS +# OF ANY KIND, either express or implied. See the License for the specific language +# governing permissions and limitations under the License. + +load("@rules_gitops//lang:go.bzl", "go_image") +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test") +load("@rules_gitops//gitops:defs.bzl", "k8s_deploy", "k8s_test_setup") + +go_library( + name = "go_default_library", + srcs = ["helloworld.go"], + importpath = "github.com/adobe/rules_gitops/examples/helloworld", + visibility = ["//visibility:private"], +) + +go_test( + name = "go_default_test", + srcs = ["helloworld_test.go"], + embed = [":go_default_library"], +) + +go_binary( + name = "helloworld", + embed = [":go_default_library"], + visibility = ["//visibility:public"], +) + +go_image( + name = "image", + embed = [":go_default_library"], + visibility = ["//visibility:public"], +) + +DEV = "gke_rules-gitops-demo_us-central1_cluster-demo" + +PROD_WEST = "gke_rules-gitops-demo_us-west1_cluster-demo" + +PROD_CENTRAL = "gke_rules-gitops-demo_us-central1_cluster-demo" + +PROD_EAST = "gke_rules-gitops-demo_us-east1_cluster-demo" + +REGISTRY = "us-central1-docker.pkg.dev/rules-gitops-demo/it" + +[ + k8s_deploy( + name = NAME, + cluster = CLUSTER, + configmaps_srcs = glob([ + "configmaps/%s/**/*" % ENVTYPE, + ]), + deployment_branch = ENVTYPE, + gitops = (NAME != "mynamespace"), + image_registry = REGISTRY, # hide the registry in macro wrapping k8s_deploy + images = [":image"], + manifests = glob([ + "manifests/*.yaml", + "manifests/{}/*.yaml".format(ENVTYPE), + ]), + namespace = NAMESPACE, + patches = glob([ + "overlays/{}/*.yaml".format(ENVTYPE), + ]), + secrets_srcs = glob([ + "secrets/{}/*.yaml".format(ENVTYPE), + ]), + ) + for (NAME, ENVTYPE, CLUSTER, NAMESPACE) in ( + ("mynamespace", "dev", DEV, None), + ("dev", "dev", DEV, "helloteam"), + ("canary", "prod", PROD_CENTRAL, "helloteam_canary"), + ("prod_west", "prod", PROD_WEST, "helloteam"), + ("prod_central", "prod", PROD_CENTRAL, "helloteam"), + ("prod_east", "prod", PROD_EAST, "helloteam"), + ) +] + +k8s_test_setup( + name = "hello_server_it.setup", + kubeconfig = "@k8s_test//:kubeconfig", + objects = [ + ":mynamespace", + ], +) + +go_test( + name = "hello_server_it", + size = "large", + srcs = ["helloworld_it_test.go"], + args = [ + "-setup", + "$(location :hello_server_it.setup)", + ], + data = [":hello_server_it.setup"], + rundir = ".", + deps = ["@rules_gitops//testing/it_sidecar/client:go_default_library"], +) + diff --git a/e2e/helloworld/configmaps/dev/cf/cf1.txt b/e2e/helloworld/configmaps/dev/cf/cf1.txt new file mode 100644 index 00000000..db680210 --- /dev/null +++ b/e2e/helloworld/configmaps/dev/cf/cf1.txt @@ -0,0 +1 @@ +config map content for dev diff --git a/e2e/helloworld/configmaps/prod/cf/cf1.txt b/e2e/helloworld/configmaps/prod/cf/cf1.txt new file mode 100644 index 00000000..5c718b1c --- /dev/null +++ b/e2e/helloworld/configmaps/prod/cf/cf1.txt @@ -0,0 +1 @@ +config map content for prod diff --git a/examples/helloworld/helloworld.go b/e2e/helloworld/helloworld.go similarity index 80% rename from examples/helloworld/helloworld.go rename to e2e/helloworld/helloworld.go index 309ab812..69a3b114 100644 --- a/examples/helloworld/helloworld.go +++ b/e2e/helloworld/helloworld.go @@ -21,7 +21,8 @@ import ( ) var ( - port = flag.Int("port", 8080, "IP port") + port = flag.Int("port", 8080, "IP port") + configFile = flag.String("config", "", "Config file") ) func printenv(w http.ResponseWriter, r *http.Request) { @@ -31,7 +32,10 @@ func printenv(w http.ResponseWriter, r *http.Request) { } func home(w http.ResponseWriter, r *http.Request) { - io.WriteString(w, "Hello World!") + io.WriteString(w, "") + io.WriteString(w, "

Hello World!

") + fmt.Fprintf(w, "

Config file: %s

", *configFile) + io.WriteString(w, "Hello World!") } func main() { diff --git a/e2e/helloworld/helloworld_it_test.go b/e2e/helloworld/helloworld_it_test.go new file mode 100644 index 00000000..6c2d1884 --- /dev/null +++ b/e2e/helloworld/helloworld_it_test.go @@ -0,0 +1,49 @@ +/* +Copyright 2020 Adobe. All rights reserved. +This file is licensed to you under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. You may obtain a copy +of the License at http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software distributed under +the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS +OF ANY KIND, either express or implied. See the License for the specific language +governing permissions and limitations under the License. +*/ +package main + +import ( + "fmt" + "io/ioutil" + "net/http" + "strings" + "testing" + + "github.com/adobe/rules_gitops/testing/it_sidecar/client" +) + +var setup client.K8STestSetup + +func TestMain(m *testing.M) { + setup = client.K8STestSetup{ + WaitForPods: []string{"helloworld"}, + PortForwardServices: map[string]int{ + "helloworld": 8080, + }, + } + setup.TestMain(m) +} + +func TestSimpleServer(t *testing.T) { + appServerPort := setup.GetServiceLocalPort("helloworld") + response, err := http.Get(fmt.Sprintf("http://localhost:%d", appServerPort)) + if err != nil { + t.FailNow() + } + if response.StatusCode != 200 { + t.Errorf("Expected status code 200, got %d", response.StatusCode) + } + body, _ := ioutil.ReadAll(response.Body) + if !strings.Contains(string(body), "Hello World") { + t.Error("Unexpected content returned:", string(body)) + } +} diff --git a/examples/helloworld/helloworld_test.go b/e2e/helloworld/helloworld_test.go similarity index 100% rename from examples/helloworld/helloworld_test.go rename to e2e/helloworld/helloworld_test.go diff --git a/examples/helloworld/k8s_deploy_test.sh b/e2e/helloworld/k8s_deploy_test.sh similarity index 71% rename from examples/helloworld/k8s_deploy_test.sh rename to e2e/helloworld/k8s_deploy_test.sh index c30c3101..b9b45d29 100755 --- a/examples/helloworld/k8s_deploy_test.sh +++ b/e2e/helloworld/k8s_deploy_test.sh @@ -4,22 +4,16 @@ # set -x # RUNFILES_LIB_DEBUG=1 -# --- begin runfiles.bash initialization v2 --- -# Copy-pasted from the Bazel Bash runfiles library v2. -set -uo pipefail -f=bazel_tools/tools/bash/runfiles/runfiles.bash -source "${RUNFILES_DIR:-/dev/null}/$f" 2>/dev/null || - source "$(grep -sm1 "^$f " "${RUNFILES_MANIFEST_FILE:-/dev/null}" | cut -f2- -d' ')" 2>/dev/null || - source "$0.runfiles/$f" 2>/dev/null || - source "$(grep -sm1 "^$f " "$0.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || - source "$(grep -sm1 "^$f " "$0.exe.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || - { - echo >&2 "ERROR: cannot find $f" - exit 1 - } -f= -set -e -# --- end runfiles.bash initialization v2 --- +# --- begin runfiles.bash initialization v3 --- +# Copy-pasted from the Bazel Bash runfiles library v3. +set -uo pipefail; set +e; f=bazel_tools/tools/bash/runfiles/runfiles.bash +source "${RUNFILES_DIR:-/dev/null}/$f" 2>/dev/null || \ + source "$(grep -sm1 "^$f " "${RUNFILES_MANIFEST_FILE:-/dev/null}" | cut -f2- -d' ')" 2>/dev/null || \ + source "$0.runfiles/$f" 2>/dev/null || \ + source "$(grep -sm1 "^$f " "$0.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || \ + source "$(grep -sm1 "^$f " "$0.exe.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || \ + { echo>&2 "ERROR: cannot find $f"; exit 1; }; f=; set -e +# --- end runfiles.bash initialization v3 --- CLUSTER="$1" NAMESPACE="$2" @@ -44,7 +38,7 @@ grep -F "namespace: $NAMESPACE" canary.show grep -F "name: helloworld-canary" canary.show grep -E "image: localhost:5000/k8s/helloworld/image@sha256" canary.show -$(rlocation examples/helloworld/release.show) > release.show +$(rlocation examples/helloworld/prod_west.show) > release.show echo "DEBUG: release.show:" cat release.show diff --git a/examples/helloworld/deployment.yaml b/e2e/helloworld/manifests/deployment.yaml similarity index 97% rename from examples/helloworld/deployment.yaml rename to e2e/helloworld/manifests/deployment.yaml index 391baedd..ab6dd7cc 100644 --- a/examples/helloworld/deployment.yaml +++ b/e2e/helloworld/manifests/deployment.yaml @@ -23,7 +23,7 @@ spec: name: web resources: requests: - memory: 2Mi + memory: 256Mi readinessProbe: httpGet: path: /healthz diff --git a/examples/helloworld/service.yaml b/e2e/helloworld/manifests/service.yaml similarity index 100% rename from examples/helloworld/service.yaml rename to e2e/helloworld/manifests/service.yaml diff --git a/e2e/helloworld/overlays/prod/deployment.yaml b/e2e/helloworld/overlays/prod/deployment.yaml new file mode 100644 index 00000000..09c98fee --- /dev/null +++ b/e2e/helloworld/overlays/prod/deployment.yaml @@ -0,0 +1,6 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld +spec: + replicas: 3 diff --git a/e2e_test.sh b/e2e_test.sh index 434bb22f..19c9e527 100755 --- a/e2e_test.sh +++ b/e2e_test.sh @@ -39,7 +39,7 @@ set +o xtrace trap "echo FAILED ; delete" EXIT set -o xtrace -./examples/e2e-test.sh +./e2e/e2e-test.sh delete diff --git a/examples/.bazelversion b/examples/.bazelversion deleted file mode 100644 index c7cb1311..00000000 --- a/examples/.bazelversion +++ /dev/null @@ -1 +0,0 @@ -5.3.1 diff --git a/examples/helloworld/BUILD b/examples/helloworld/BUILD deleted file mode 100644 index 924f8a40..00000000 --- a/examples/helloworld/BUILD +++ /dev/null @@ -1,140 +0,0 @@ -# Copyright 2020 Adobe. All rights reserved. -# This file is licensed to you under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 - -# Unless required by applicable law or agreed to in writing, software distributed under -# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS -# OF ANY KIND, either express or implied. See the License for the specific language -# governing permissions and limitations under the License. - -load("@io_bazel_rules_docker//go:image.bzl", "go_image") -load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library", "go_test") -load("@com_adobe_rules_gitops//gitops:defs.bzl", "k8s_deploy") - -licenses(["notice"]) # Apache 2.0 - -go_library( - name = "go_default_library", - srcs = ["helloworld.go"], - importpath = "github.com/adobe/rules_gitops/examples/helloworld", - visibility = ["//visibility:private"], -) - -go_test( - name = "go_default_test", - srcs = ["helloworld_test.go"], - embed = [":go_default_library"], -) - -go_binary( - name = "helloworld", - embed = [":go_default_library"], - visibility = ["//visibility:public"], -) - -go_image( - name = "image", - embed = [":go_default_library"], - goarch = "amd64", - goos = "linux", - visibility = ["//visibility:public"], -) - -CLUSTER = "kind-kind" - -USER = "kind-kind" - -REGISTRY = "localhost:5000" - -k8s_deploy( - name = "mynamespace", - cluster = CLUSTER, - image_registry = REGISTRY, # override the default registry host for developent - images = { - "helloworld-image": ":image", - }, - manifests = [ - "deployment.yaml", - "service.yaml", - ], - namespace = "{BUILD_USER}", - user = USER, -) - -NAMESPACE = "hwteam" - -k8s_deploy( - name = "canary", - cluster = CLUSTER, - deployment_branch = "helloworld-canary", - image_digest_tag = True, # test optional image tagging - image_registry = REGISTRY, # override the default registry for production - image_repository_prefix = "k8s", - images = { - "helloworld-image": ":image", - }, - manifests = [ - "deployment.yaml", - "service.yaml", - ], - name_suffix = "-canary", - namespace = NAMESPACE, - prefix_suffix_app_labels = True, - user = USER, -) - -k8s_deploy( - name = "release", - cluster = CLUSTER, - deployment_branch = "helloworld-prod", - image_digest_tag = True, # test optional image tagging - image_registry = REGISTRY, # override the default registry host for production - image_repository_prefix = "k8s", - images = { - "helloworld-image": ":image", - }, - manifests = [ - "deployment.yaml", - "service.yaml", - ], - namespace = NAMESPACE, - user = USER, -) - -k8s_deploy( - name = "gitops_custom_path", - cluster = CLUSTER, - deployment_branch = "helloworld-gitops-custom-path", - gitops_path = "custom_cloud", - image_digest_tag = True, # test optional image tagging - image_registry = REGISTRY, # override the default registry host for production - image_repository_prefix = "k8s", - images = { - "helloworld-image": ":image", - }, - manifests = [ - "deployment.yaml", - "service.yaml", - ], - name_suffix = "-gitops-custom-path", - namespace = NAMESPACE, - user = USER, -) - -sh_test( - name = "k8s_deploy_test", - srcs = ["k8s_deploy_test.sh"], - args = [ - CLUSTER, - NAMESPACE, - ], - data = [ - ":canary.show", - ":mynamespace.show", - ":release.show", - ], - deps = [ - "@bazel_tools//tools/bash/runfiles", - ], -) diff --git a/examples/secrets/BUILD.bazel b/examples/secrets/BUILD.bazel index 348eae20..c41fdb2b 100644 --- a/examples/secrets/BUILD.bazel +++ b/examples/secrets/BUILD.bazel @@ -1,4 +1,5 @@ -load("@com_adobe_rules_gitops//gitops:defs.bzl", "k8s_deploy") +load("@rules_gitops//gitops:defs.bzl", "external_image", "k8s_deploy") +load("@aspect_bazel_lib//lib:write_source_files.bzl", "write_source_files") # prepare two environments: it and mynamespace. Each environment will have its own secret # the secret with name secret-object-name is defined in the {it|mynamespace}/secrets/secret-object-name directories @@ -10,13 +11,19 @@ load("@com_adobe_rules_gitops//gitops:defs.bzl", "k8s_deploy") # DO NOT USE THIS IN PRODUCTION! # the secret value is not encrypted. It is recommended to use a secret management tool like vault or gcp secret manager +external_image( + name = "image", + digest = "sha:1234567890", + image = "gcr.io/repo/someimage:thetag", +) + [ k8s_deploy( name = ENV + "-server", cluster = CLUSTER, configmaps_renaming = "hash", # add a hash to the configmap and secret names images = [ - "//helloworld:image", + ":image", ], manifests = glob(["*.yaml"]), # we will use deployment.yaml to demonstrate a secret injection namespace = ENV, @@ -27,3 +34,13 @@ load("@com_adobe_rules_gitops//gitops:defs.bzl", "k8s_deploy") ("mynamespace", "dev-cluster"), ] ] + +# test expected transformation results. +write_source_files( + name = "expected_results", + files = { + # Do not use .yaml extension for the expected results files to avoid picking up by the k8s_deploy's glob() + "it_expected.txt": ":it-server", + "mynamespace_expected.txt": ":mynamespace-server", + }, +) diff --git a/examples/secrets/deployment.yaml b/examples/secrets/deployment.yaml index e4d35c16..af5f49f7 100644 --- a/examples/secrets/deployment.yaml +++ b/examples/secrets/deployment.yaml @@ -14,7 +14,7 @@ spec: spec: containers: - name: helloworld - image: //helloworld:image + image: //examples/secrets:image resources: requests: memory: 2Mi diff --git a/examples/secrets/it_expected.txt b/examples/secrets/it_expected.txt new file mode 100644 index 00000000..7eb25d8f --- /dev/null +++ b/examples/secrets/it_expected.txt @@ -0,0 +1,36 @@ +apiVersion: v1 +data: + apikey: SVQgdGVzdCBhcGkga2V5Cg== +kind: Secret +metadata: + name: secret-object-name-7kf9m899hk + namespace: it +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld + namespace: it +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + template: + metadata: + labels: + app: helloworld + spec: + containers: + - env: + - name: API_KEY + valueFrom: + secretKeyRef: + key: apikey + name: secret-object-name-7kf9m899hk + image: gcr.io/repo/someimage@sha:1234567890 + name: helloworld + resources: + requests: + memory: 2Mi diff --git a/examples/secrets/mynamespace_expected.txt b/examples/secrets/mynamespace_expected.txt new file mode 100644 index 00000000..09885ca3 --- /dev/null +++ b/examples/secrets/mynamespace_expected.txt @@ -0,0 +1,36 @@ +apiVersion: v1 +data: + apikey: ZGV2IGFwaSBrZXkK +kind: Secret +metadata: + name: secret-object-name-bd2bgm55kb + namespace: mynamespace +type: Opaque +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helloworld + namespace: mynamespace +spec: + replicas: 1 + selector: + matchLabels: + app: helloworld + template: + metadata: + labels: + app: helloworld + spec: + containers: + - env: + - name: API_KEY + valueFrom: + secretKeyRef: + key: apikey + name: secret-object-name-bd2bgm55kb + image: gcr.io/repo/someimage@sha:1234567890 + name: helloworld + resources: + requests: + memory: 2Mi diff --git a/gitops/defs.bzl b/gitops/defs.bzl index a0d01186..29bd449a 100644 --- a/gitops/defs.bzl +++ b/gitops/defs.bzl @@ -12,8 +12,8 @@ GitOps rules public interface """ -load("@com_adobe_rules_gitops//skylib:k8s.bzl", _k8s_deploy = "k8s_deploy", _k8s_test_setup = "k8s_test_setup") -load("@com_adobe_rules_gitops//skylib:external_image.bzl", _external_iamge = "external_image") +load("@rules_gitops//skylib:k8s.bzl", _k8s_deploy = "k8s_deploy", _k8s_test_setup = "k8s_test_setup") +load("@rules_gitops//skylib:external_image.bzl", _external_iamge = "external_image") k8s_deploy = _k8s_deploy k8s_test_setup = _k8s_test_setup diff --git a/gitops/deps.bzl b/gitops/deps.bzl index 12fba820..23a0e2a5 100644 --- a/gitops/deps.bzl +++ b/gitops/deps.bzl @@ -37,16 +37,35 @@ def rules_gitops_dependencies(): maybe( http_archive, name = "bazel_gazelle", - sha256 = "448e37e0dbf61d6fa8f00aaa12d191745e14f07c31cabfa731f0c8e8a4f41b97", + sha256 = "29218f8e0cebe583643cbf93cae6f971be8a2484cdcfa1e45057658df8d54002", urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.28.0/bazel-gazelle-v0.28.0.tar.gz", - "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.28.0/bazel-gazelle-v0.28.0.tar.gz", + "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.32.0/bazel-gazelle-v0.32.0.tar.gz", + "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.32.0/bazel-gazelle-v0.32.0.tar.gz", ], ) maybe( http_archive, - name = "io_bazel_rules_docker", - sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf", - urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"], + name = "aspect_bazel_lib", + sha256 = "d488d8ecca98a4042442a4ae5f1ab0b614f896c0ebf6e3eafff363bcc51c6e62", + strip_prefix = "bazel-lib-1.33.0", + url = "https://github.com/aspect-build/bazel-lib/releases/download/v1.33.0/bazel-lib-v1.33.0.tar.gz", + ) + + maybe( + http_archive, + name = "rules_pkg", + urls = [ + "https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.9.1/rules_pkg-0.9.1.tar.gz", + "https://github.com/bazelbuild/rules_pkg/releases/download/0.9.1/rules_pkg-0.9.1.tar.gz", + ], + sha256 = "8f9ee2dc10c1ae514ee599a8b42ed99fa262b757058f65ad3c384289ff70c4b8", + ) + + maybe( + http_archive, + name = "rules_oci", + sha256 = "176e601d21d1151efd88b6b027a24e782493c5d623d8c6211c7767f306d655c8", + strip_prefix = "rules_oci-1.2.0", + url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.2.0/rules_oci-v1.2.0.tar.gz", ) diff --git a/gitops/prer/create_gitops_prs.go b/gitops/prer/create_gitops_prs.go index 2ed30ef4..2df2c551 100644 --- a/gitops/prer/create_gitops_prs.go +++ b/gitops/prer/create_gitops_prs.go @@ -183,7 +183,7 @@ func main() { for _, target := range targets { log.Println("train", train, "target", target) bin := bazel.TargetToExecutable(target) - exec.Mustex("", bin, "--nopush", "--nobazel", "--deployment_root", gitopsdir) + exec.Mustex("", bin, "--nopush", "--deployment_root", gitopsdir) } if workdir.Commit(fmt.Sprintf("GitOps for release branch %s from %s commit %s\n%s", *releaseBranch, *branchName, *gitCommit, commitmsg.Generate(targets)), *gitopsPath) { log.Println("branch", branch, "has changes, push is required") diff --git a/gitops/provider.bzl b/gitops/provider.bzl new file mode 100644 index 00000000..e7bc194a --- /dev/null +++ b/gitops/provider.bzl @@ -0,0 +1,20 @@ +GitopsPushInfo = provider( + "Information required to inject image into a manifest", + fields = { + "image_label": "bazel label of the image", + "repository": "{registry}/{repository} without tag or sha part", + "digestfile": "file with sha256 digest of the image. Combine {repository}@{digestfile content} to get full image name", + }, +) + +# buildifier: disable=provider-params +GitopsArtifactsInfo = provider( + """ + List of of executable targets required to be executed before deployment. + Typically pushes images to a registry. + """, + fields = { + "image_pushes": "List of of executable targets required to be executed before deployment, typically pushes images to a registry.", + "deployment_branch": "Branch to merge manifests into and create a PR from.", + }, +) diff --git a/gitops/repositories.bzl b/gitops/repositories.bzl index f633b5c4..132b73fd 100644 --- a/gitops/repositories.bzl +++ b/gitops/repositories.bzl @@ -13,10 +13,12 @@ GtiOps rules repositories initialization """ load("@bazel_skylib//:workspace.bzl", "bazel_skylib_workspace") +load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies", "register_jq_toolchains") +load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies") load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") -load("@io_bazel_rules_docker//repositories:repositories.bzl", container_repositories = "repositories") -load("@io_bazel_rules_docker//repositories:go_repositories.bzl", container_go_deps = "go_deps") -load("@com_adobe_rules_gitops//skylib/kustomize:kustomize.bzl", "kustomize_setup") +load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies") +load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains") +load("@rules_gitops//skylib/kustomize:kustomize.bzl", "kustomize_setup") def rules_gitops_repositories(): """Initializes Declares workspaces the GitOps rules depend on. @@ -26,6 +28,13 @@ def rules_gitops_repositories(): bazel_skylib_workspace() gazelle_dependencies() - container_repositories() - container_go_deps() + aspect_bazel_lib_dependencies(override_local_config_platform = True) + register_jq_toolchains() + rules_pkg_dependencies() kustomize_setup(name = "kustomize_bin") + + rules_oci_dependencies() + oci_register_toolchains( + name = "oci", + crane_version = LATEST_CRANE_VERSION, + ) diff --git a/gitops/testing/BUILD b/gitops/testing/BUILD index 4b902004..38b112f1 100644 --- a/gitops/testing/BUILD +++ b/gitops/testing/BUILD @@ -10,8 +10,7 @@ load("@bazel_skylib//rules:diff_test.bzl", "diff_test") load("//gitops:defs.bzl", "external_image", "k8s_deploy", "k8s_test_setup") -load("//skylib:push.bzl", "k8s_container_push") -load("//skylib:templates.bzl", "expand_template") +load("//push_oci:push_oci.bzl", "push_oci") licenses(["notice"]) # Apache 2.0 @@ -20,9 +19,9 @@ k8s_deploy( cluster = "testcluster", deployment_branch = "test1", gitops = 1, - images = { - "img": "//skylib/kustomize/tests:image", - }, + images = [ + "//skylib/kustomize/tests:image", + ], manifests = [ ":deployment_legacy.yaml", ], @@ -31,28 +30,6 @@ k8s_deploy( visibility = ["//visibility:public"], ) -expand_template( - name = "generate_deployment_expected", - out = "deployment_expected.txt", - deps_aliases = { - "digest": "//skylib/kustomize/tests:image.digest", - }, - substitutions = {}, - template = ":deployment_expected_template.txt", - deps = ["//skylib/kustomize/tests:image.digest"], -) - -expand_template( - name = "generate_deployment2_expected", - out = "deployment2_expected.txt", - deps_aliases = { - "digest": "//skylib/kustomize/tests:image.digest", - }, - substitutions = {}, - template = ":deployment2_expected_template.txt", - deps = ["//skylib/kustomize/tests:image.digest"], -) - diff_test( name = "legacy_alias_test", file1 = ":legacy_alias", @@ -64,9 +41,9 @@ k8s_deploy( cluster = "testcluster", deployment_branch = "test1", gitops = 1, - images = { - "img": "//skylib/kustomize/tests:image", - }, + images = [ + "//skylib/kustomize/tests:image", + ], manifests = [ ":deployment.yaml", ], @@ -132,29 +109,7 @@ diff_test( file2 = "deployment1_expected.txt", ) -k8s_deploy( - name = "external_image_legacy", - cluster = "testcluster", - deployment_branch = "test1", - gitops = 1, - images = { - "img": ":external_image", - }, - manifests = [ - ":deployment_legacy.yaml", - ], - namespace = "ci", - release_branch_prefix = "gitops_test_release_branch", - visibility = ["//visibility:public"], -) - -diff_test( - name = "external_image_legacy_test", - file1 = ":external_image_legacy", - file2 = "deployment1_expected.txt", -) - -k8s_container_push( +push_oci( name = "pushed_image", image = "//skylib/kustomize/tests:image", registry = "gcr.io", @@ -162,19 +117,14 @@ k8s_container_push( tag = "thetag", ) -# rename( -# name = "//skylib/kustomize/tests:image", - -# ) - k8s_deploy( name = "legacy_renamed_alias", cluster = "testcluster", deployment_branch = "test1", gitops = 1, - images = { - "img": ":pushed_image", - }, + images = [ + ":pushed_image", + ], manifests = [ ":deployment_legacy.yaml", ], diff --git a/gitops/testing/deployment2_expected_template.txt b/gitops/testing/deployment2_expected.txt similarity index 68% rename from gitops/testing/deployment2_expected_template.txt rename to gitops/testing/deployment2_expected.txt index 5c0b4866..d8e88582 100644 --- a/gitops/testing/deployment2_expected_template.txt +++ b/gitops/testing/deployment2_expected.txt @@ -13,5 +13,5 @@ spec: app: myapp spec: containers: - - image: gcr.io/repo/imagethere@{{imports.digest}} + - image: gcr.io/repo/imagethere@sha256:1fa852d8eaf0f0a491713fb8c62c13ab8d25e2d6b32f024e49513f12a2e57b7a name: myapp diff --git a/gitops/testing/deployment_expected_template.txt b/gitops/testing/deployment_expected.txt similarity index 65% rename from gitops/testing/deployment_expected_template.txt rename to gitops/testing/deployment_expected.txt index 89437012..5325a370 100644 --- a/gitops/testing/deployment_expected_template.txt +++ b/gitops/testing/deployment_expected.txt @@ -13,5 +13,5 @@ spec: app: myapp spec: containers: - - image: docker.io/skylib/kustomize/tests/image@{{imports.digest}} + - image: docker.io/skylib/kustomize/tests/image@sha256:1fa852d8eaf0f0a491713fb8c62c13ab8d25e2d6b32f024e49513f12a2e57b7a name: myapp diff --git a/gitops/testing/deployment_legacy.yaml b/gitops/testing/deployment_legacy.yaml index f55f33cd..14aae2fb 100644 --- a/gitops/testing/deployment_legacy.yaml +++ b/gitops/testing/deployment_legacy.yaml @@ -13,5 +13,5 @@ spec: spec: containers: - name: myapp - image: img + image: //skylib/kustomize/tests:image diff --git a/hack/update_go_deps.sh b/hack/update_go_deps.sh index f3274286..22329f95 100755 --- a/hack/update_go_deps.sh +++ b/hack/update_go_deps.sh @@ -29,6 +29,7 @@ find vendor -type f \ -not -iname "COPYING*" \ -not -iname "LICENSE*" \ -not -iname "NOTICE*" \ + -not -iname "modules.txt" \ -delete diff --git a/examples/.bazelrc b/lang/BUILD.bazel similarity index 100% rename from examples/.bazelrc rename to lang/BUILD.bazel diff --git a/lang/go.bzl b/lang/go.bzl new file mode 100644 index 00000000..b651265a --- /dev/null +++ b/lang/go.bzl @@ -0,0 +1,34 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary") +load("@rules_pkg//:pkg.bzl", "pkg_tar") +load("@rules_oci//oci:defs.bzl", "oci_image") + +def go_image( + name, + embed, + goarch = "amd64", + goos = "linux", + gotags = ["containers_image_openpgp"], + pure = "on", + base = "@go_image_static", + visibility = ["//visibility:public"]): + """Emulate syntax of rules_gitops go_image.""" + go_binary( + name = name + "_binary", + embed = embed, + goarch = goarch, + goos = goos, + gotags = gotags, + pure = pure, + visibility = visibility, + ) + pkg_tar( + name = name + "_tar", + srcs = [":" + name + "_binary"], + ) + oci_image( + name = name, + base = base, + entrypoint = ["/" + name + "_binary"], + tars = [":" + name + "_tar"], + visibility = visibility, + ) diff --git a/push_oci/BUILD.bazel b/push_oci/BUILD.bazel new file mode 100644 index 00000000..fb82204e --- /dev/null +++ b/push_oci/BUILD.bazel @@ -0,0 +1 @@ +exports_files(["tag.sh.tpl"]) diff --git a/push_oci/push_oci.bzl b/push_oci/push_oci.bzl new file mode 100644 index 00000000..d59178c4 --- /dev/null +++ b/push_oci/push_oci.bzl @@ -0,0 +1,134 @@ +""" +Implementation of the `k8s_push` rule based on rules_oci +""" + +load("//gitops:provider.bzl", "GitopsPushInfo") + +# TODO: remove this once rules_oci is updated +# buildifier: disable=bzl-visibility +load("@rules_oci//oci/private:push.bzl", "oci_push_lib") +load("@bazel_skylib//rules:write_file.bzl", "write_file") +load("//skylib:runfile.bzl", "get_runfile_path") + +def _impl(ctx): + if GitopsPushInfo in ctx.attr.image: + # the image was already pushed, just rename if needed. Ignore registry and repository parameters + kpi = ctx.attr.image[GitopsPushInfo] + if ctx.attr.image[DefaultInfo].files_to_run.executable: + ctx.actions.expand_template( + template = ctx.file._tag_tpl, + substitutions = { + "%{args}": "", + "%{container_pusher}": get_runfile_path(ctx, ctx.attr.image[DefaultInfo].files_to_run.executable), + }, + output = ctx.outputs.executable, + is_executable = True, + ) + else: + ctx.actions.write( + content = "#!/bin/bash\n", + output = ctx.outputs.executable, + is_executable = True, + ) + + runfiles = ctx.runfiles(files = []).merge(ctx.attr.image[DefaultInfo].default_runfiles) + + digest = ctx.actions.declare_file(ctx.attr.name + ".digest") + ctx.actions.run_shell( + tools = [kpi.digestfile], + outputs = [digest], + command = "cp -f \"$1\" \"$2\"", + arguments = [kpi.digestfile.path, digest.path], + mnemonic = "CopyFile", + use_default_shell_env = True, + execution_requirements = { + "no-remote": "1", + "no-remote-cache": "1", + "no-remote-exec": "1", + "no-cache": "1", + "no-sandbox": "1", + "local": "1", + }, + ) + + return [ + # we need to provide executable that calls the actual pusher + DefaultInfo( + executable = ctx.outputs.executable, + runfiles = runfiles, + ), + GitopsPushInfo( + image_label = kpi.image_label, + repository = kpi.repository, + digestfile = digest, + ), + ] + + default_info = oci_push_lib.implementation(ctx = ctx) + + yq_bin = ctx.toolchains["@aspect_bazel_lib//lib:yq_toolchain_type"].yqinfo.bin + digest = ctx.actions.declare_file(ctx.attr.name + ".digest") + ctx.actions.run_shell( + inputs = [ctx.file.image], + outputs = [digest], + arguments = [yq_bin.path, ctx.file.image.path, digest.path], + command = "${1} '.manifests[].digest' ${2}/index.json > ${3}", + progress_message = "Extracting digest from %s" % ctx.file.image.short_path, + tools = [yq_bin], + # toolchain = "@aspect_bazel_lib//lib:yq_toolchain_type", + ) + + return [ + default_info, + GitopsPushInfo( + image_label = ctx.attr.image.label, + # registry = registry, + repository = ctx.attr.repository, + digestfile = digest, + ), + ] + +push_oci_rule = rule( + implementation = _impl, + attrs = oci_push_lib.attrs | + {"_tag_tpl": attr.label( + default = Label("//push_oci:tag.sh.tpl"), + allow_single_file = True, + )}, + toolchains = oci_push_lib.toolchains, + executable = True, + # provides = [GitopsPushInfo, DefaultInfo], +) + +def push_oci( + name, + image, + repository, + registry = None, + image_digest_tag = False, # buildifier: disable=unused-variable either remove parameter or implement + tag = None, + remote_tags = None, # file with tags to push + digestfile = None, + visibility = None): + if tag: + tags_label = "_{}_write_tags".format(name) + write_file( + name = tags_label, + out = "_{}.tags.txt".format(name), + content = remote_tags, + ) + remote_tags = tags_label + + if not repository: + label = native.package_relative_label(image) + repository = "{}/{}".format(label.package, label.name) + if registry: + repository = "{}/{}".format(registry, repository) + push_oci_rule( + name = name, + image = image, + repository = repository, + remote_tags = remote_tags, + digestfile = digestfile, + visibility = visibility, + ) diff --git a/push_oci/tag.sh.tpl b/push_oci/tag.sh.tpl new file mode 100644 index 00000000..9def637f --- /dev/null +++ b/push_oci/tag.sh.tpl @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +# Copyright 2017 The Bazel Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eu + +function guess_runfiles() { + if [ -d ${BASH_SOURCE[0]}.runfiles ]; then + # Runfiles are adjacent to the current script. + echo "$( cd ${BASH_SOURCE[0]}.runfiles && pwd )" + else + # The current script is within some other script's runfiles. + mydir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + echo $mydir | sed -e 's|\(.*\.runfiles\)/.*|\1|' + fi +} + +RUNFILES="${PYTHON_RUNFILES:-$(guess_runfiles)}" + +%{container_pusher} %{args} "$@" diff --git a/push_oci/tests/BUILD.bazel b/push_oci/tests/BUILD.bazel new file mode 100644 index 00000000..d4175789 --- /dev/null +++ b/push_oci/tests/BUILD.bazel @@ -0,0 +1,23 @@ +load("@rules_pkg//:pkg.bzl", "pkg_tar") +load("@rules_oci//oci:defs.bzl", "oci_image") +load("//push_oci:push_oci.bzl", "push_oci") + +pkg_tar( + name = "image_tar", + srcs = [":container_content.txt"], +) + +oci_image( + name = "image", + architecture = "amd64", + os = "linux", + tars = [":image_tar"], + visibility = ["//visibility:public"], +) + +push_oci( + name = "image_push", + image = ":image", + # tag = "test_tag", + repository = "us-central1-docker.pkg.dev/fasterci/internal/push_oci/tests/image_push", +) diff --git a/push_oci/tests/container_content.txt b/push_oci/tests/container_content.txt new file mode 100644 index 00000000..84f43fb6 --- /dev/null +++ b/push_oci/tests/container_content.txt @@ -0,0 +1 @@ +this fine will be in the container diff --git a/skylib/BUILD b/skylib/BUILD index 4e3663b3..f3d2cac6 100644 --- a/skylib/BUILD +++ b/skylib/BUILD @@ -17,6 +17,7 @@ exports_files([ "k8s_cmd.sh.tpl", "k8s_test_namespace.sh.tpl", "push-tag.sh.tpl", + "run_schema.json", ]) stamp_value( diff --git a/skylib/cmd.sh.tpl b/skylib/cmd.sh.tpl index b4436494..576fdae4 100644 --- a/skylib/cmd.sh.tpl +++ b/skylib/cmd.sh.tpl @@ -12,9 +12,14 @@ set -euo pipefail function guess_runfiles() { - pushd ${BASH_SOURCE[0]}.runfiles > /dev/null 2>&1 - pwd - popd > /dev/null 2>&1 + if [ -d ${BASH_SOURCE[0]}.runfiles ]; then + # Runfiles are adjacent to the current script. + echo "$( cd ${BASH_SOURCE[0]}.runfiles && pwd )" + else + # The current script is within some other script's runfiles. + mydir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + echo $mydir | sed -e 's|\(.*\.runfiles\)/.*|\1|' + fi } export RUNFILES="${PYTHON_RUNFILES:-$(guess_runfiles)}" diff --git a/skylib/external_image.bzl b/skylib/external_image.bzl index aae57c7e..faee0962 100644 --- a/skylib/external_image.bzl +++ b/skylib/external_image.bzl @@ -2,14 +2,13 @@ Implementation of external image information provider suitable for injection into manifests """ -load(":push.bzl", "K8sPushInfo") +load("//gitops:provider.bzl", "GitopsPushInfo") def _external_image_impl(ctx): sv = ctx.attr.image.split("@", 1) if (len(sv) == 1) and (not ctx.attr.digest): fail("digest must be specified either in image or as a separate attribute") s = sv[0].split(":", 1)[0] #drop tag - registry, repository = s.split("/", 1) #write digest to a file digest_file = ctx.actions.declare_file(ctx.label.name + ".digest") @@ -21,11 +20,9 @@ def _external_image_impl(ctx): DefaultInfo( files = depset([digest_file]), ), - K8sPushInfo( + GitopsPushInfo( image_label = ctx.label, - legacy_image_name = ctx.attr.image_name, - registry = registry, - repository = repository, + repository = s, digestfile = digest_file, ), ] @@ -34,7 +31,6 @@ external_image = rule( implementation = _external_image_impl, attrs = { "image": attr.string(mandatory = True, doc = "The image location, e.g. gcr.io/foo/bar:baz"), - "image_name": attr.string(doc = "Image name, e.g. exernalserver. DEPRECATED: Use full target label instead, e.g. //images:externalserver"), "digest": attr.string(mandatory = True, doc = "The image digest, e.g. sha256:deadbeef"), }, ) diff --git a/skylib/k8s.bzl b/skylib/k8s.bzl index 5280e10c..955d2891 100644 --- a/skylib/k8s.bzl +++ b/skylib/k8s.bzl @@ -8,22 +8,16 @@ # OF ANY KIND, either express or implied. See the License for the specific language # governing permissions and limitations under the License. +load("//skylib:runfile.bzl", "get_runfile_path") +load("//gitops:provider.bzl", "GitopsArtifactsInfo") load( - "@io_bazel_rules_docker//skylib:path.bzl", - _get_runfile_path = "runfile", -) -load( - "@com_adobe_rules_gitops//skylib/kustomize:kustomize.bzl", - "KustomizeInfo", + "//skylib/kustomize:kustomize.bzl", "imagePushStatements", "kubectl", "kustomize", kustomize_gitops = "gitops", ) -load("//skylib:push.bzl", "k8s_container_push") - -def _runfiles(ctx, f): - return "${RUNFILES}/%s" % _get_runfile_path(ctx, f) +load("//push_oci:push_oci.bzl", "push_oci") def _show_impl(ctx): script_content = "#!/usr/bin/env bash\nset -e\n" @@ -70,45 +64,34 @@ show = rule( executable = True, ) -def _image_pushes(name_suffix, images, image_registry, image_repository, image_repository_prefix, image_digest_tag): +def _image_pushes(name_suffix, images, image_registry, image_repository, image_digest_tag): image_pushes = [] - def process_image(image_label, legacy_name = None): - rule_name_parts = [image_label, image_registry, image_repository, legacy_name] + def process_image(image_label): + rule_name_parts = [image_label, image_registry, image_repository] rule_name_parts = [p for p in rule_name_parts if p] rule_name = "_".join(rule_name_parts) - rule_name = rule_name.replace("/", "_").replace(":", "_").replace("@", "_") - if rule_name.startswith("_"): - rule_name = rule_name[1:] - if rule_name.startswith("_"): - rule_name = rule_name[1:] + rule_name = rule_name.replace("/", "_").replace(":", "_").replace("@", "_").replace(".", "_") + rule_name = rule_name.strip("_") if not native.existing_rule(rule_name + name_suffix): - k8s_container_push( + push_oci( name = rule_name + name_suffix, image = image_label, # buildifier: disable=uninitialized image_digest_tag = image_digest_tag, - legacy_image_name = legacy_name, registry = image_registry, repository = image_repository, - repository_prefix = image_repository_prefix, ) return rule_name + name_suffix - if type(images) == "dict": - for image_name in images: - image = images[image_name] - push = process_image(image, image_name) - image_pushes.append(push) - else: - for image in images: - push = process_image(image) - image_pushes.append(push) + for image in images: + image_push = process_image(image) + image_pushes.append(image_push) return image_pushes def k8s_deploy( name, # name of the rule is important for gitops, since it will become a part of the target manifest file name in /cloud cluster = "dev", - user = "{BUILD_USER}", + user = None, namespace = None, configmaps_srcs = None, secrets_srcs = None, @@ -124,13 +107,13 @@ def k8s_deploy( configurations = [], # additional kustomize configuration files. rules_gitops provides common_labels = {}, # list of common labels to apply to all objects see commonLabels kustomize docs common_annotations = {}, # list of common annotations to apply to all objects see commonAnnotations kustomize docs + openapi_path = None, # path to openapi schema file deps = [], deps_aliases = {}, images = [], image_digest_tag = False, image_registry = "docker.io", # registry to push container to. jenkins will need an access configured for gitops to work. Ignored for mynamespace. image_repository = None, # repository (registry path) to push container to. Generated from the image bazel path if empty. - image_repository_prefix = None, # Mutually exclusive with 'image_repository'. Add a prefix to the repository name generated from the image bazel path objects = [], gitops = True, # make sure to use gitops = False to work with individual namespace. This option will be turned False if namespace is '{BUILD_USER}' gitops_path = "cloud", @@ -142,12 +125,14 @@ def k8s_deploy( """ k8s_deploy """ + if type(images) == "dict": + fail("image_pushes: dict type is deprecated. Use list instead.") if not manifests: manifests = native.glob(["*.yaml", "*.yaml.tpl"]) if prefix_suffix_app_labels: configurations = configurations + [ - "@com_adobe_rules_gitops//skylib/kustomize:nameprefix_deployment_labels_config.yaml", - "@com_adobe_rules_gitops//skylib/kustomize:namesuffix_deployment_labels_config.yaml", + "@rules_gitops//skylib/kustomize:nameprefix_deployment_labels_config.yaml", + "@rules_gitops//skylib/kustomize:namesuffix_deployment_labels_config.yaml", ] for reservedname in ["CLUSTER", "NAMESPACE"]: if substitutions.get(reservedname): @@ -166,9 +151,8 @@ def k8s_deploy( image_pushes = _image_pushes( name_suffix = "-mynamespace.push", images = images, - image_registry = image_registry, + image_registry = image_registry + "/mynamespace", image_repository = image_repository, - image_repository_prefix = "{BUILD_USER}", image_digest_tag = image_digest_tag, ) kustomize( @@ -194,6 +178,7 @@ def k8s_deploy( objects = objects, image_name_patches = image_name_patches, image_tag_patches = image_tag_patches, + openapi_path = openapi_path, visibility = visibility, ) kubectl( @@ -229,7 +214,6 @@ def k8s_deploy( images = images, image_registry = image_registry, image_repository = image_repository, - image_repository_prefix = image_repository_prefix, image_digest_tag = image_digest_tag, ) kustomize( @@ -255,6 +239,7 @@ def k8s_deploy( patches = patches, image_name_patches = image_name_patches, image_tag_patches = image_tag_patches, + openapi_path = openapi_path, ) kubectl( name = name + ".apply", @@ -483,7 +468,7 @@ def _k8s_test_setup_impl(ctx): files += ctx.files._set_namespace files += ctx.files.cluster - push_statements, files, pushes_runfiles = imagePushStatements(ctx, [o for o in ctx.attr.objects if KustomizeInfo in o], files) + push_statements, files, pushes_runfiles = imagePushStatements(ctx, [o for o in ctx.attr.objects if GitopsArtifactsInfo in o], files) # execute all objects targets for obj in ctx.attr.objects: @@ -493,7 +478,7 @@ def _k8s_test_setup_impl(ctx): transitive.append(obj.default_runfiles.files) # add object' execution command - commands.append(_runfiles(ctx, obj.files_to_run.executable) + " | ${SET_NAMESPACE} $NAMESPACE | ${IT_MANIFEST_FILTER} | ${KUBECTL} apply -f -") + commands.append(get_runfile_path(ctx, obj.files_to_run.executable) + " | ${SET_NAMESPACE} $NAMESPACE | ${IT_MANIFEST_FILTER} | ${KUBECTL} apply -f -") else: files += obj.files.to_list() commands += [ctx.executable._template_engine.short_path + " --template=" + filename.short_path + " --variable=NAMESPACE=${NAMESPACE} | ${SET_NAMESPACE} $NAMESPACE | ${IT_MANIFEST_FILTER} | ${KUBECTL} apply -f -" for filename in obj.files.to_list()] diff --git a/skylib/k8s_cmd.sh.tpl b/skylib/k8s_cmd.sh.tpl index f1df2830..503cbb10 100644 --- a/skylib/k8s_cmd.sh.tpl +++ b/skylib/k8s_cmd.sh.tpl @@ -12,9 +12,14 @@ set -euo pipefail function guess_runfiles() { - pushd ${BASH_SOURCE[0]}.runfiles > /dev/null 2>&1 - pwd - popd > /dev/null 2>&1 + if [ -d ${BASH_SOURCE[0]}.runfiles ]; then + # Runfiles are adjacent to the current script. + echo "$( cd ${BASH_SOURCE[0]}.runfiles && pwd )" + else + # The current script is within some other script's runfiles. + mydir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + echo $mydir | sed -e 's|\(.*\.runfiles\)/.*|\1|' + fi } RUNFILES="${PYTHON_RUNFILES:-$(guess_runfiles)}" diff --git a/skylib/k8s_gitops.sh.tpl b/skylib/k8s_gitops.sh.tpl index 45215802..4a79bc31 100644 --- a/skylib/k8s_gitops.sh.tpl +++ b/skylib/k8s_gitops.sh.tpl @@ -8,11 +8,10 @@ # the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS # OF ANY KIND, either express or implied. See the License for the specific language # governing permissions and limitations under the License. - +set -e set -o nounset set -o pipefail -is_bazel_run=true DEPLOYMENT_ROOT="" PERFORM_PUSH="1" # parse command line parameters @@ -25,10 +24,6 @@ do shift # past argument shift # past value ;; - --nobazel) - is_bazel_run=false - shift - ;; --nopush) PERFORM_PUSH="" shift @@ -41,9 +36,14 @@ do done function guess_runfiles() { - pushd ${BASH_SOURCE[0]}.runfiles > /dev/null 2>&1 - pwd - popd > /dev/null 2>&1 + if [ -d ${BASH_SOURCE[0]}.runfiles ]; then + # Runfiles are adjacent to the current script. + echo "$( cd ${BASH_SOURCE[0]}.runfiles && pwd )" + else + # The current script is within some other script's runfiles. + mydir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + echo $mydir | sed -e 's|\(.*\.runfiles\)/.*|\1|' + fi } RUNFILES="${PYTHON_RUNFILES:-$(guess_runfiles)}" @@ -64,8 +64,6 @@ function waitpids() { fi } -cd $BUILD_WORKSPACE_DIRECTORY - if [ "%{deployment_branch}" != "" -a "${DEPLOYMENT_ROOT}" != "" ] ; then TARGET_DIR=${DEPLOYMENT_ROOT} else diff --git a/skylib/k8s_test_namespace.sh.tpl b/skylib/k8s_test_namespace.sh.tpl index 2b2878a9..2e3aadcd 100644 --- a/skylib/k8s_test_namespace.sh.tpl +++ b/skylib/k8s_test_namespace.sh.tpl @@ -14,9 +14,14 @@ set -euo pipefail [ -o xtrace ] && env function guess_runfiles() { - pushd ${BASH_SOURCE[0]}.runfiles > /dev/null 2>&1 - pwd - popd > /dev/null 2>&1 + if [ -d ${BASH_SOURCE[0]}.runfiles ]; then + # Runfiles are adjacent to the current script. + echo "$( cd ${BASH_SOURCE[0]}.runfiles && pwd )" + else + # The current script is within some other script's runfiles. + mydir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + echo $mydir | sed -e 's|\(.*\.runfiles\)/.*|\1|' + fi } RUNFILES=${TEST_SRCDIR:-$(guess_runfiles)} @@ -44,7 +49,7 @@ set +e if [ -n "${K8S_MYNAMESPACE:-}" ] then # do not create random namesspace - NAMESPACE=${USER} + NAMESPACE=`whoami` # do not delete namespace after the test is complete DELETE_NAMESPACE_FLAG="" else diff --git a/skylib/kustomize/kubectl.sh.tpl b/skylib/kustomize/kubectl.sh.tpl index 6c5c77c1..fcb8e4ff 100644 --- a/skylib/kustomize/kubectl.sh.tpl +++ b/skylib/kustomize/kubectl.sh.tpl @@ -1,20 +1,51 @@ #!/usr/bin/env bash -# Copyright 2020 Adobe. All rights reserved. -# This file is licensed to you under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. You may obtain a copy -# of the License at http://www.apache.org/licenses/LICENSE-2.0 +# Copyright 2017 The Bazel Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. -# Unless required by applicable law or agreed to in writing, software distributed under -# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS -# OF ANY KIND, either express or implied. See the License for the specific language -# governing permissions and limitations under the License. +set -eu +function guess_runfiles() { + if [ -d ${BASH_SOURCE[0]}.runfiles ]; then + # Runfiles are adjacent to the current script. + echo "$( cd ${BASH_SOURCE[0]}.runfiles && pwd )" + else + # The current script is within some other script's runfiles. + mydir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + echo $mydir | sed -e 's|\(.*\.runfiles\)/.*|\1|' + fi +} -set -euo pipefail +RUNFILES="${PYTHON_RUNFILES:-$(guess_runfiles)}" -function exe() { echo "\$ ${@/eval/}" ; "$@" ; } +PIDS=() +function async() { + # Launch the command asynchronously and track its process id. + PYTHON_RUNFILES=${RUNFILES} "$@" & + PIDS+=($!) +} -for src in %{sources} -do - exe %{kubectl_tool} --cluster="%{cluster}" --context="%{context}" --user="%{user}" %{kubectl_command} $@ -f ${src} -done +function waitpids() { + # Wait for all of the subprocesses, failing the script if any of them failed. + if [ "${#PIDS[@]}" != 0 ]; then + for pid in ${PIDS[@]}; do + wait ${pid} + done + fi +} + +CLUSTER=%{cluster} +USER=%{user} +TEMPLATE_ENGINE=%{template_engine} + +%{statements} diff --git a/skylib/kustomize/kustomize.bzl b/skylib/kustomize/kustomize.bzl index 644f6292..1c70edaa 100644 --- a/skylib/kustomize/kustomize.bzl +++ b/skylib/kustomize/kustomize.bzl @@ -8,11 +8,8 @@ # OF ANY KIND, either express or implied. See the License for the specific language # governing permissions and limitations under the License. -load( - "@io_bazel_rules_docker//skylib:path.bzl", - _get_runfile_path = "runfile", -) -load("//skylib:push.bzl", "K8sPushInfo") +load("//skylib:runfile.bzl", "get_runfile_path") +load("//gitops:provider.bzl", "GitopsArtifactsInfo", "GitopsPushInfo") load("//skylib:stamp.bzl", "stamp") _binaries = { @@ -74,11 +71,6 @@ set -euo pipefail {kustomize} build --load-restrictor LoadRestrictionsNone --reorder legacy {kustomize_dir} {template_part} {resolver_part} >{out} """ -# buildifier: disable=provider-params -KustomizeInfo = provider(fields = [ - "image_pushes", -]) - def _kustomize_impl(ctx): kustomization_yaml_file = ctx.actions.declare_file(ctx.attr.name + "/kustomization.yaml") root = kustomization_yaml_file.dirname @@ -108,6 +100,9 @@ def _kustomize_impl(ctx): for _, f in enumerate(ctx.files.configurations): kustomization_yaml += "- {}/{}\n".format(upupup, f.path) + if ctx.file.openapi_path: + kustomization_yaml += "openapi:\n path: {}/{}\n".format(upupup, ctx.file.openapi_path.path) + if ctx.files.patches: kustomization_yaml += "patches:\n" for _, f in enumerate(ctx.files.patches): @@ -190,18 +185,13 @@ def _kustomize_impl(ctx): resolver_part += " | {resolver} ".format(resolver = ctx.executable._resolver.path) tmpfiles.append(ctx.executable._resolver) for img in ctx.attr.images: - kpi = img[K8sPushInfo] - regrepo = kpi.registry + "/" + kpi.repository + kpi = img[GitopsPushInfo] + regrepo = kpi.repository if "{" in regrepo: regrepo = stamp(ctx, regrepo, tmpfiles, ctx.attr.name + regrepo.replace("/", "_")) - resolver_part += " --image {}={}@$(cat {})".format(kpi.image_label, regrepo, kpi.digestfile.path) - if str(kpi.image_label).startswith("@//"): - # Bazel 6 add a @ prefix to the image label https://github.com/bazelbuild/bazel/issues/17069 - label = str(kpi.image_label)[1:] - resolver_part += " --image {}={}@$(cat {})".format(label, regrepo, kpi.digestfile.path) - if kpi.legacy_image_name: - resolver_part += " --image {}={}@$(cat {})".format(kpi.legacy_image_name, regrepo, kpi.digestfile.path) + label_str = str(kpi.image_label).lstrip("@") + resolver_part += " --image {}={}@$(cat {})".format(label_str, regrepo, kpi.digestfile.path) tmpfiles.append(kpi.digestfile) transitive_runfiles.append(img[DefaultInfo].default_runfiles) @@ -230,15 +220,12 @@ def _kustomize_impl(ctx): # Image name substitutions if ctx.attr.images: for _, img in enumerate(ctx.attr.images): - kpi = img[K8sPushInfo] - regrepo = kpi.registry + "/" + kpi.repository + kpi = img[GitopsPushInfo] + regrepo = kpi.repository if "{" in regrepo: regrepo = stamp(ctx, regrepo, tmpfiles, ctx.attr.name + regrepo.replace("/", "_")) - template_part += " --variable={}={}@$(cat {})".format(kpi.image_label, regrepo, kpi.digestfile.path) - if str(kpi.image_label).startswith("@//"): - # Bazel 6 add a @ prefix to the image label https://github.com/bazelbuild/bazel/issues/17069 - label = str(kpi.image_label)[1:] - template_part += " --variable={}={}@$(cat {})".format(label, regrepo, kpi.digestfile.path) + label_str = str(kpi.image_label).lstrip("@") + template_part += " --variable={}={}@$(cat {})".format(label_str, regrepo, kpi.digestfile.path) # Image digest template_part += " --variable={}=$(cat {} | cut -d ':' -f 2)".format(str(kpi.image_label) + ".digest", kpi.digestfile.path) @@ -249,9 +236,6 @@ def _kustomize_impl(ctx): template_part += " --variable={}=$(cat {} | cut -d ':' -f 2)".format(str(label) + ".digest", kpi.digestfile.path) template_part += " --variable={}=$(cat {} | cut -c 8-17)".format(str(label) + ".short-digest", kpi.digestfile.path) - if kpi.legacy_image_name: - template_part += " --variable={}={}@$(cat {})".format(kpi.legacy_image_name, regrepo, kpi.digestfile.path) - template_part += " " script = ctx.actions.declare_file("%s-kustomize" % ctx.label.name) @@ -266,7 +250,7 @@ def _kustomize_impl(ctx): ctx.actions.run( outputs = [ctx.outputs.yaml], - inputs = ctx.files.manifests + ctx.files.configmaps_srcs + ctx.files.secrets_srcs + ctx.files.configurations + [kustomization_yaml_file] + tmpfiles + ctx.files.patches + ctx.files.deps, + inputs = ctx.files.manifests + ctx.files.configmaps_srcs + ctx.files.secrets_srcs + ctx.files.configurations + ctx.files.openapi_path + [kustomization_yaml_file] + tmpfiles + ctx.files.patches + ctx.files.deps, executable = script, mnemonic = "Kustomize", tools = [ctx.executable._kustomize_bin], @@ -274,11 +258,11 @@ def _kustomize_impl(ctx): runfiles = ctx.runfiles(files = ctx.files.deps).merge_all(transitive_runfiles) - transitive_files = [m[DefaultInfo].files for m in ctx.attr.manifests if KustomizeInfo in m] + transitive_files = [m[DefaultInfo].files for m in ctx.attr.manifests if GitopsArtifactsInfo in m] transitive_files += [obj[DefaultInfo].files for obj in ctx.attr.objects] - transitive_image_pushes = [m[KustomizeInfo].image_pushes for m in ctx.attr.manifests if KustomizeInfo in m] - transitive_image_pushes += [obj[KustomizeInfo].image_pushes for obj in ctx.attr.objects] + transitive_image_pushes = [m[GitopsArtifactsInfo].image_pushes for m in ctx.attr.manifests if GitopsArtifactsInfo in m] + transitive_image_pushes += [obj[GitopsArtifactsInfo].image_pushes for obj in ctx.attr.objects] return [ DefaultInfo( @@ -288,7 +272,7 @@ def _kustomize_impl(ctx): ), runfiles = runfiles, ), - KustomizeInfo( + GitopsArtifactsInfo( image_pushes = depset( ctx.attr.images, transitive = transitive_image_pushes, @@ -304,12 +288,12 @@ kustomize = rule( "deps_aliases": attr.string_dict(default = {}), "disable_name_suffix_hash": attr.bool(default = True), "end_tag": attr.string(default = "}}"), - "images": attr.label_list(doc = "a list of images used in manifests", providers = (K8sPushInfo,)), + "images": attr.label_list(doc = "a list of images used in manifests", providers = (GitopsPushInfo,)), "manifests": attr.label_list(allow_files = True), "name_prefix": attr.string(), "name_suffix": attr.string(), "namespace": attr.string(), - "objects": attr.label_list(doc = "a list of dependent kustomize objects", providers = (KustomizeInfo,)), + "objects": attr.label_list(doc = "a list of dependent kustomize objects", providers = (GitopsArtifactsInfo,)), "patches": attr.label_list(allow_files = True), "image_name_patches": attr.string_dict(default = {}, doc = "set new names for selected images"), "image_tag_patches": attr.string_dict(default = {}, doc = "set new tags for selected images"), @@ -319,6 +303,7 @@ kustomize = rule( "configurations": attr.label_list(allow_files = True), "common_labels": attr.string_dict(default = {}), "common_annotations": attr.string_dict(default = {}), + "openapi_path": attr.label(allow_single_file = True, doc = "openapi schema file for the package. Use this attribute to add support for custom resources"), "_build_user_value": attr.label( default = Label("//skylib:build_user_value.txt"), allow_single_file = True, @@ -356,17 +341,17 @@ kustomize = rule( ) def _push_all_impl(ctx): - trans_img_pushes = depset(transitive = [obj[KustomizeInfo].image_pushes for obj in ctx.attr.srcs]).to_list() + trans_img_pushes = depset(transitive = [obj[GitopsArtifactsInfo].image_pushes for obj in ctx.attr.srcs]).to_list() ctx.actions.expand_template( template = ctx.file._tpl, substitutions = { "%{statements}": "\n".join([ - "echo pushing {}/{}".format(exe[K8sPushInfo].registry, exe[K8sPushInfo].repository) + "echo pushing {}".format(exe[GitopsPushInfo].repository) for exe in trans_img_pushes ]) + "\n" + "\n".join([ - "async \"${RUNFILES}/%s\"" % _get_runfile_path(ctx, exe.files_to_run.executable) + "async \"%s\"" % get_runfile_path(ctx, exe.files_to_run.executable) for exe in trans_img_pushes ]) + "\nwaitpids\n", }, @@ -386,7 +371,7 @@ push_all run all pushes referred in images attribute k8s_container_push should be used. """, attrs = { - "srcs": attr.label_list(doc = "a list of images used in manifests", providers = (KustomizeInfo,)), + "srcs": attr.label_list(doc = "a list of images used in manifests", providers = (GitopsArtifactsInfo,)), "_tpl": attr.label( default = Label("//skylib/kustomize:run-all.sh.tpl"), allow_single_file = True, @@ -408,13 +393,13 @@ def imagePushStatements( kustomize_objs, files = []): statements = "" - trans_img_pushes = depset(transitive = [obj[KustomizeInfo].image_pushes for obj in kustomize_objs]).to_list() + trans_img_pushes = depset(transitive = [obj[GitopsArtifactsInfo].image_pushes for obj in kustomize_objs]).to_list() statements += "\n".join([ - "echo pushing {}/{}".format(exe[K8sPushInfo].registry, exe[K8sPushInfo].repository) + "echo pushing {}".format(exe[GitopsPushInfo].repository) for exe in trans_img_pushes ]) + "\n" statements += "\n".join([ - "async \"${RUNFILES}/%s\"" % _get_runfile_path(ctx, exe.files_to_run.executable) + "async \"%s\"" % get_runfile_path(ctx, exe.files_to_run.executable) for exe in trans_img_pushes ]) + "\nwaitpids\n" files += [obj.files_to_run.executable for obj in trans_img_pushes] @@ -441,15 +426,15 @@ fi "mkdir -p $TARGET_DIR/{gitops_path}/{namespace}/{cluster}\n" + "echo '# GENERATED BY {rulename} -> {gitopsrulename}' > $TARGET_DIR/{gitops_path}/{namespace}/{cluster}/{file}\n" + "{template_engine} --template={infile} --variable=NAMESPACE={namespace} --stamp_info_file={info_file} >> $TARGET_DIR/{gitops_path}/{namespace}/{cluster}/{file}\n").format( - infile = infile.path, + infile = get_runfile_path(ctx, infile), rulename = inattr.label, gitopsrulename = ctx.label, namespace = namespace, gitops_path = ctx.attr.gitops_path, cluster = cluster, file = _remove_prefixes(infile.path.split("/")[-1], strip_prefixes), - template_engine = "${RUNFILES}/%s" % _get_runfile_path(ctx, ctx.executable._template_engine), - info_file = ctx.file._info_file.path, + template_engine = get_runfile_path(ctx, ctx.executable._template_engine), + info_file = get_runfile_path(ctx, ctx.file._info_file), ) ctx.actions.expand_template( @@ -468,14 +453,15 @@ fi rf = rf.merge(dep_rf) return [ DefaultInfo(runfiles = rf), - KustomizeInfo( - image_pushes = depset(transitive = [obj[KustomizeInfo].image_pushes for obj in ctx.attr.srcs]), + GitopsArtifactsInfo( + image_pushes = depset(transitive = [obj[GitopsArtifactsInfo].image_pushes for obj in ctx.attr.srcs]), + deployment_branch = ctx.attr.deployment_branch, ), ] gitops = rule( attrs = { - "srcs": attr.label_list(providers = (KustomizeInfo,)), + "srcs": attr.label_list(providers = (GitopsArtifactsInfo,)), "cluster": attr.string(mandatory = True), "namespace": attr.string(mandatory = True), "deployment_branch": attr.string(), @@ -503,34 +489,37 @@ gitops = rule( def _kubectl_impl(ctx): files = [] + ctx.files.srcs + statements = "" + transitive = None + transitive_runfiles = [] + cluster_arg = ctx.attr.cluster cluster_arg = ctx.expand_make_variables("cluster", cluster_arg, {}) if "{" in ctx.attr.cluster: cluster_arg = stamp(ctx, cluster_arg, files, ctx.label.name + ".cluster-name", True) - user_arg = ctx.attr.user - user_arg = ctx.expand_make_variables("user", user_arg, {}) - if "{" in ctx.attr.user: - user_arg = stamp(ctx, user_arg, files, ctx.label.name + ".user-name", True) + if ctx.attr.user: + user_arg = ctx.attr.user + user_arg = ctx.expand_make_variables("user", user_arg, {}) + if "{" in ctx.attr.user: + user_arg = stamp(ctx, user_arg, files, ctx.label.name + ".user-name", True) + else: + user_arg = """$(kubectl config view -o jsonpath='{.users[?(@.name == '"\\"${CLUSTER}\\")].name}")""" kubectl_command_arg = ctx.attr.command kubectl_command_arg = ctx.expand_make_variables("kubectl_command", kubectl_command_arg, {}) - statements = "" - transitive = None - transitive_runfiles = [] - files += [ctx.executable._template_engine, ctx.file._info_file] if ctx.attr.push: - trans_img_pushes = depset(transitive = [obj[KustomizeInfo].image_pushes for obj in ctx.attr.srcs]).to_list() + trans_img_pushes = depset(transitive = [obj[GitopsArtifactsInfo].image_pushes for obj in ctx.attr.srcs]).to_list() statements += "\n".join([ - "# {}\n".format(exe[K8sPushInfo].image_label) + - "echo pushing {}/{}".format(exe[K8sPushInfo].registry, exe[K8sPushInfo].repository) + "# {}\n".format(exe[GitopsPushInfo].image_label) + + "echo pushing {}".format(exe[GitopsPushInfo].repository) for exe in trans_img_pushes ]) + "\n" statements += "\n".join([ - "async \"${RUNFILES}/%s\"" % _get_runfile_path(ctx, exe.files_to_run.executable) + "async \"%s\"" % get_runfile_path(ctx, exe.files_to_run.executable) for exe in trans_img_pushes ]) + "\nwaitpids\n" files += [obj.files_to_run.executable for obj in trans_img_pushes] @@ -540,12 +529,10 @@ def _kubectl_impl(ctx): namespace = ctx.attr.namespace for inattr in ctx.attr.srcs: for infile in inattr.files.to_list(): - statements += "{template_engine} --template={infile} --variable=NAMESPACE={namespace} --stamp_info_file={info_file} | kubectl --cluster=\"{cluster}\" --user=\"{user}\" {kubectl_command} -f -\n".format( + statements += "{template_engine} --template={infile} --variable=NAMESPACE={namespace} --stamp_info_file={info_file} | kubectl --cluster=\"$CLUSTER\" --user=\"$USER\" {kubectl_command} -f -\n".format( infile = infile.short_path, - cluster = cluster_arg, - user = user_arg, kubectl_command = kubectl_command_arg, - template_engine = "${RUNFILES}/%s" % _get_runfile_path(ctx, ctx.executable._template_engine), + template_engine = get_runfile_path(ctx, ctx.executable._template_engine), namespace = namespace, info_file = ctx.file._info_file.short_path, ) @@ -553,6 +540,8 @@ def _kubectl_impl(ctx): ctx.actions.expand_template( template = ctx.file._template, substitutions = { + "%{cluster}": cluster_arg, + "%{user}": user_arg, "%{statements}": statements, }, output = ctx.outputs.executable, @@ -567,11 +556,11 @@ def _kubectl_impl(ctx): kubectl = rule( attrs = { - "srcs": attr.label_list(providers = (KustomizeInfo,)), + "srcs": attr.label_list(providers = (GitopsArtifactsInfo,)), "cluster": attr.string(mandatory = True), "namespace": attr.string(mandatory = True), "command": attr.string(default = "apply"), - "user": attr.string(default = "{BUILD_USER}"), + "user": attr.string(), "push": attr.bool(default = True), "_build_user_value": attr.label( default = Label("//skylib:build_user_value.txt"), @@ -588,7 +577,7 @@ kubectl = rule( allow_files = True, ), "_template": attr.label( - default = Label("//skylib/kustomize:run-all.sh.tpl"), + default = Label("//skylib/kustomize:kubectl.sh.tpl"), allow_single_file = True, ), "_template_engine": attr.label( diff --git a/skylib/kustomize/tests/BUILD b/skylib/kustomize/tests/BUILD index 9b28a8bd..d4861b0c 100644 --- a/skylib/kustomize/tests/BUILD +++ b/skylib/kustomize/tests/BUILD @@ -9,12 +9,10 @@ # governing permissions and limitations under the License. load("@bazel_tools//tools/build_rules:test_rules.bzl", "file_test", "rule_test") -load( - "@io_bazel_rules_docker//container:container.bzl", - "container_image", -) +load("@rules_pkg//:pkg.bzl", "pkg_tar") +load("@rules_oci//oci:defs.bzl", "oci_image") load("//skylib/kustomize:kustomize.bzl", "gitops", "kubectl", "kustomize", "push_all") -load("//skylib:push.bzl", "k8s_container_push") +load("//push_oci:push_oci.bzl", "push_oci_rule") load("//skylib:test_rules.bzl", "file_compare_test") # to generate new test data if needed: @@ -99,15 +97,24 @@ file_compare_test( ignore_all_space = True, ) -container_image( +pkg_tar( + name = "image_tar", + srcs = [":container_content.txt"], +) + +oci_image( name = "image", - files = ["container_content.txt"], + architecture = "amd64", + os = "linux", + tars = [":image_tar"], visibility = ["//visibility:public"], ) -k8s_container_push( +push_oci_rule( name = "image_push", image = ":image", + repository = "gcr.io/bs-dev/test_image", + visibility = ["//visibility:public"], ) kustomize( @@ -124,85 +131,13 @@ kustomize( namespace = "", ) -genrule( - name = "expected_image_resolved_test_yaml", - srcs = [ - ":expected_image_resolved_test.tpl.yaml", - ":image.digest", - ], - outs = ["expected_image_resolved_test.yaml"], - cmd = " ".join([ - "./$(location //templating:fast_template_engine)", - "--template=$(location expected_image_resolved_test.tpl.yaml)", - "--variable=IMAGE_DIGEST=$$(cat $(location :image.digest))", - "--output=$@", - ]), - tools = [ - "//templating:fast_template_engine", - ], -) - file_compare_test( name = "image_resolved_file", - expected = ":expected_image_resolved_test_yaml", - file = ":image_test", - ignore_all_space = True, -) - -k8s_container_push( - name = "image_digest_push", - image = ":image", - image_digest_tag = True, -) - -kustomize( - name = "image_digest_test", - testonly = True, - images = [ - ":image_digest_push", - ], - manifests = [ - "deployment.yaml", - "service.yaml", - "crb.yaml", - ], - namespace = "", -) - -file_compare_test( - name = "image_digest_resolved_file", - expected = "expected_image_resolved_test.yaml", + expected = ":expected_image_resolved_test.yaml", file = ":image_test", ignore_all_space = True, ) -k8s_container_push( - name = "image_push_legacy", - image = ":image", - legacy_image_name = "test-image", -) - -kustomize( - name = "legacy_image_test", - testonly = True, - images = [ - ":image_push_legacy", - ], - manifests = [ - "deployment_legacy.yaml", - "service.yaml", - "crb.yaml", - ], - namespace = "", -) - -file_compare_test( - name = "logacy_image_resolved_file", - expected = "expected_image_resolved_test.yaml", - file = ":legacy_image_test", - ignore_all_space = True, -) - kustomize( name = "configmap_test", testonly = True, @@ -311,27 +246,9 @@ kustomize( patches = ["overlay/deployment.yaml"], ) -genrule( - name = "expected_patch_yaml", - srcs = [ - ":expected_patch.tpl.yaml", - ":image.digest", - ], - outs = ["expected_patch.yaml"], - cmd = " ".join([ - "./$(location //templating:fast_template_engine)", - "--template=$(location expected_patch.tpl.yaml)", - "--variable=IMAGE_DIGEST=$$(cat $(location :image.digest))", - "--output=$@", - ]), - tools = [ - "//templating:fast_template_engine", - ], -) - file_compare_test( name = "patch_test", - expected = ":expected_patch_yaml", + expected = ":expected_patch.yaml", file = ":patch", ignore_all_space = True, ) diff --git a/skylib/kustomize/tests/deployment_legacy.yaml b/skylib/kustomize/tests/deployment_legacy.yaml deleted file mode 100644 index 4480f777..00000000 --- a/skylib/kustomize/tests/deployment_legacy.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: myapp -spec: - selector: - matchLabels: - app: myapp - template: - metadata: - labels: - app: myapp - spec: - containers: - - name: myapp - image: test-image diff --git a/skylib/kustomize/tests/expected_image_resolved_test.tpl.yaml b/skylib/kustomize/tests/expected_image_resolved_test.yaml similarity index 80% rename from skylib/kustomize/tests/expected_image_resolved_test.tpl.yaml rename to skylib/kustomize/tests/expected_image_resolved_test.yaml index d6c0f75c..036fce85 100644 --- a/skylib/kustomize/tests/expected_image_resolved_test.tpl.yaml +++ b/skylib/kustomize/tests/expected_image_resolved_test.yaml @@ -35,5 +35,5 @@ spec: app: myapp spec: containers: - - image: docker.io/skylib/kustomize/tests/image@{{IMAGE_DIGEST}} - name: myapp + - image: gcr.io/bs-dev/test_image@sha256:1fa852d8eaf0f0a491713fb8c62c13ab8d25e2d6b32f024e49513f12a2e57b7a + name: myapp diff --git a/skylib/kustomize/tests/expected_patch.tpl.yaml b/skylib/kustomize/tests/expected_patch.yaml similarity index 77% rename from skylib/kustomize/tests/expected_patch.tpl.yaml rename to skylib/kustomize/tests/expected_patch.yaml index eaa08618..cc7803be 100644 --- a/skylib/kustomize/tests/expected_patch.tpl.yaml +++ b/skylib/kustomize/tests/expected_patch.yaml @@ -12,7 +12,7 @@ spec: app: myapp spec: containers: - - image: docker.io/skylib/kustomize/tests/image@{{IMAGE_DIGEST}} + - image: gcr.io/bs-dev/test_image@sha256:1fa852d8eaf0f0a491713fb8c62c13ab8d25e2d6b32f024e49513f12a2e57b7a name: myapp resources: limits: diff --git a/skylib/push.bzl b/skylib/push.bzl deleted file mode 100644 index 1f02335d..00000000 --- a/skylib/push.bzl +++ /dev/null @@ -1,287 +0,0 @@ -# Copyright 2017 The Bazel Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""An implementation of container_push based on google/go-containerregistry. -This wraps the rules_docker.container.go.cmd.pusher.pusher executable in a -Bazel rule for publishing images. -""" - -load("@bazel_skylib//lib:dicts.bzl", "dicts") -load("@io_bazel_rules_docker//container:providers.bzl", "PushInfo") -load( - "@io_bazel_rules_docker//container:layer_tools.bzl", - _gen_img_args = "generate_args_for_image", - _get_layers = "get_from_target", - _layer_tools = "tools", -) -load( - "@io_bazel_rules_docker//skylib:path.bzl", - "runfile", -) - -K8sPushInfo = provider( - "Information required to inject image into a manifest", - fields = [ - "image_label", # bazel target label of the image - "legacy_image_name", # optional short name - "registry", - "repository", - "digestfile", - ], -) - -def _get_runfile_path(ctx, f): - return "${RUNFILES}/%s" % runfile(ctx, f) - -def _impl(ctx): - """Core implementation of container_push.""" - - if K8sPushInfo in ctx.attr.image: - # the image was already pushed, just rename if needed. Ignore registry and repository parameters - kpi = ctx.attr.image[K8sPushInfo] - if ctx.attr.image[DefaultInfo].files_to_run.executable: - ctx.actions.expand_template( - template = ctx.file._tag_tpl, - substitutions = { - "%{args}": "", - "%{container_pusher}": _get_runfile_path(ctx, ctx.attr.image[DefaultInfo].files_to_run.executable), - }, - output = ctx.outputs.executable, - is_executable = True, - ) - else: - ctx.actions.write( - content = "#!/bin/bash\n", - output = ctx.outputs.executable, - is_executable = True, - ) - - runfiles = ctx.runfiles(files = []).merge(ctx.attr.image[DefaultInfo].default_runfiles) - - ctx.actions.run_shell( - tools = [kpi.digestfile], - outputs = [ctx.outputs.digest], - command = "cp -f \"$1\" \"$2\"", - arguments = [kpi.digestfile.path, ctx.outputs.digest.path], - mnemonic = "CopyFile", - progress_message = "Copying files", - use_default_shell_env = True, - execution_requirements = {"no-remote": "1", "no-cache": "1"}, # It is is more efficient to locally copy file (which may come from the cache) rather than talk to remote cache. See https://github.com/aspect-build/bazel-lib/blob/e9b66b5e0a11946853c20ad4781abc077ba2a9fe/lib/private/copy_common.bzl#L4 for the - ) - - return [ - # we need to provide executable that calls the actual pusher - DefaultInfo( - executable = ctx.outputs.executable, - runfiles = runfiles, - ), - K8sPushInfo( - image_label = kpi.image_label, - legacy_image_name = ctx.attr.legacy_image_name, # this is the only difference - registry = kpi.registry, - repository = kpi.repository, - digestfile = kpi.digestfile, - ), - ] - - # TODO: Possible optimization for efficiently pushing intermediate format after container_image is refactored, similar with the old python implementation, e.g., push-by-layer. - - pusher_args = [] - pusher_input = [] - digester_args = [] - digester_input = [] - - # Parse and get destination registry to be pushed to - registry = ctx.expand_make_variables("registry", ctx.attr.registry, {}) - repository = ctx.expand_make_variables("repository", ctx.attr.repository, {}) - if not repository: - repository = ctx.attr.image.label.package.lstrip("/") + "/" + ctx.attr.image.label.name - prefix = ctx.attr.repository_prefix - if prefix and prefix != repository.partition("/")[0]: # don't add prefix if repository already starts w/ it - repository = "%s/%s" % (prefix, repository) - tag = ctx.expand_make_variables("tag", ctx.attr.tag, {}) - - # If a tag file is provided, override with tag value - if ctx.file.tag_file: - tag = "$(cat {})".format(_get_runfile_path(ctx, ctx.file.tag_file)) - pusher_input.append(ctx.file.tag_file) - - stamp = "{" in tag or "{" in registry or "{" in repository - stamp_inputs = [ctx.file._info_file] if stamp else [] - for f in stamp_inputs: - pusher_args += ["-stamp-info-file", "%s" % _get_runfile_path(ctx, f)] - pusher_input += stamp_inputs - - # Construct container_parts for input to pusher. - image = _get_layers(ctx, ctx.label.name, ctx.attr.image) - pusher_img_args, pusher_img_inputs = _gen_img_args(ctx, image, _get_runfile_path) - pusher_args += pusher_img_args - pusher_input += pusher_img_inputs - digester_img_args, digester_img_inputs = _gen_img_args(ctx, image) - digester_input += digester_img_inputs - digester_args += digester_img_args - pusher_runfiles = [ctx.executable._pusher] + pusher_input - - if ctx.attr.skip_unchanged_digest: - pusher_args.append("-skip-unchanged-digest") - digester_args += ["--dst", str(ctx.outputs.digest.path), "--format", str(ctx.attr.format)] - ctx.actions.run( - inputs = digester_input, - outputs = [ctx.outputs.digest], - executable = ctx.executable._digester, - arguments = digester_args, - tools = ctx.attr._digester[DefaultInfo].default_runfiles.files, - mnemonic = "ContainerPushDigest", - ) - - if ctx.attr.image_digest_tag: - tag = "$(cat {} | cut -d ':' -f 2 | cut -c 1-7)".format(_get_runfile_path(ctx, ctx.outputs.digest)) - pusher_runfiles.append(ctx.outputs.digest) - - pusher_args.append("--format={}".format(ctx.attr.format)) - pusher_args.append("--dst={registry}/{repository}:{tag}".format( - registry = registry, - repository = repository, - tag = tag, - )) - - # If the docker toolchain is configured to use a custom client config - # directory, use that instead - toolchain_info = ctx.toolchains["@io_bazel_rules_docker//toolchains/docker:toolchain_type"].info - if toolchain_info.client_config != "": - pusher_args += ["-client-config-dir", str(toolchain_info.client_config)] - - ctx.actions.expand_template( - template = ctx.file._tag_tpl, - substitutions = { - "%{args}": " ".join(pusher_args), - "%{container_pusher}": _get_runfile_path(ctx, ctx.executable._pusher), - }, - output = ctx.outputs.executable, - is_executable = True, - ) - - runfiles = ctx.runfiles(files = pusher_runfiles) - runfiles = runfiles.merge(ctx.attr._pusher[DefaultInfo].default_runfiles) - - return [ - DefaultInfo( - executable = ctx.outputs.executable, - runfiles = runfiles, - ), - PushInfo( - registry = registry, - repository = repository, - digest = image["digest"], - ), - K8sPushInfo( - image_label = ctx.attr.image.label, - legacy_image_name = ctx.attr.legacy_image_name, - registry = registry, - repository = repository, - digestfile = image["digest"], - ), - ] - -# Pushes a container image to a registry. -k8s_container_push = rule( - doc = """ -Pushes a container image. - -This rule pushes a container image to a registry. - -Args: - name: name of the rule - image: the label of the image to push. - format: The form to push: Docker or OCI. - legacy_image_name: alias for the image name in addition to default full bazel target name. Please use only for compatibility with older deployment - registry: the registry to which we are pushing. - repository: the name of the image. If not present, default to the image's bazel target path - repository_prefix: an optional prefix added to the name of the image - tag: (optional) the tag of the image, default to 'latest'. -""", - attrs = dicts.add({ - "format": attr.string( - default = "Docker", - values = [ - "OCI", - "Docker", - ], - doc = "The form to push: Docker or OCI, default to 'Docker'.", - ), - "image": attr.label( - # allow_single_file = [".tar"], - # providers = [K8sPushInfo], - mandatory = True, - doc = "The label of the image to push.", - ), - "image_digest_tag": attr.bool( - default = False, - mandatory = False, - doc = "Tag the image with the container digest, default to False", - ), - "legacy_image_name": attr.string(doc = "image name used in deployments, for compatibility with k8s_deploy. Do not use, refer images by full bazel target name instead"), - "registry": attr.string( - doc = "The registry to which we are pushing.", - default = "docker.io", - ), - "repository": attr.string( - doc = "the name of the image. If not present, default to the image's bazel target path", - ), - "repository_prefix": attr.string( - doc = "an optional prefix added to the name of the image", - ), - "skip_unchanged_digest": attr.bool( - default = False, - doc = "Only push images if the digest has changed, default to False", - ), - "stamp": attr.bool( - default = False, - mandatory = False, - doc = "(unused)", - ), - "tag": attr.string( - default = "latest", - doc = "(optional) The tag of the image, default to 'latest'.", - ), - "tag_file": attr.label( - allow_single_file = True, - doc = "(optional) The label of the file with tag value. Overrides 'tag'.", - ), - "_info_file": attr.label( - default = Label("//skylib:more_stable_status.txt"), - allow_single_file = True, - ), - "_digester": attr.label( - default = "@io_bazel_rules_docker//container/go/cmd/digester", - cfg = "exec", - executable = True, - ), - "_pusher": attr.label( - default = "@io_bazel_rules_docker//container/go/cmd/pusher", - cfg = "exec", - executable = True, - allow_files = True, - ), - "_tag_tpl": attr.label( - default = Label("//skylib:push-tag.sh.tpl"), - allow_single_file = True, - ), - }, _layer_tools), - executable = True, - toolchains = ["@io_bazel_rules_docker//toolchains/docker:toolchain_type"], - implementation = _impl, - outputs = { - "digest": "%{name}.digest", - }, -) diff --git a/skylib/run_in_workspace.bzl b/skylib/run_in_workspace.bzl deleted file mode 100644 index 04bb9e0b..00000000 --- a/skylib/run_in_workspace.bzl +++ /dev/null @@ -1,109 +0,0 @@ -# Copyright 2018 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This technique was inspired by the gazelle rule implementation in bazelbuild/rules_go: -# https://github.com/bazelbuild/rules_go/blob/86ade29284ca11deeead86c061e9ba9bd0d157e0/go/private/tools/gazelle.bzl - -# Writes out a script which saves the runfiles directory, -# changes to the workspace root, and then runs a command. -def _workspace_binary_script_impl(ctx): - content_header = """#!/usr/bin/env bash -# --- begin runfiles.bash initialization v2 --- -# Copy-pasted from the Bazel Bash runfiles library v2. -set -uo pipefail; f=bazel_tools/tools/bash/runfiles/runfiles.bash -source "${RUNFILES_DIR:-/dev/null}/$f" 2>/dev/null || \ - source "$(grep -sm1 "^$f " "${RUNFILES_MANIFEST_FILE:-/dev/null}" | cut -f2- -d' ')" 2>/dev/null || \ - source "$0.runfiles/$f" 2>/dev/null || \ - source "$(grep -sm1 "^$f " "$0.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || \ - source "$(grep -sm1 "^$f " "$0.exe.runfiles_manifest" | cut -f2- -d' ')" 2>/dev/null || \ - { echo>&2 "ERROR: cannot find $f"; exit 1; }; f=; set -e -# --- end runfiles.bash initialization v2 --- -""" - content = content_header + """ -set -o errexit -set -o nounset -set -o pipefail - -BASE=$(pwd) -cd $(dirname $(readlink {root_file})) -"$BASE/{cmd}" $@ -""".format( - cmd = ctx.file.cmd.short_path, - root_file = ctx.file.root_file.short_path, - ) - - ctx.actions.write( - output = ctx.outputs.executable, - content = content, - is_executable = True, - ) - runfiles = ctx.runfiles( - files = [ - ctx.file.cmd, - ctx.file.root_file, - ] + ctx.files._bash_runfiles, - ) - return [DefaultInfo(runfiles = runfiles)] - -_workspace_binary_script = rule( - attrs = { - "cmd": attr.label( - mandatory = True, - allow_single_file = True, - ), - "root_file": attr.label( - mandatory = True, - allow_single_file = True, - ), - "_bash_runfiles": attr.label( - allow_files = True, - default = "@bazel_tools//tools/bash/runfiles", - ), - }, - executable = True, - implementation = _workspace_binary_script_impl, -) - -# Wraps a binary to be run in the workspace root via bazel run. -# -# For example, one might do something like -# -# workspace_binary( -# name = "dep", -# cmd = "//vendor/github.com/golang/dep/cmd/dep", -# ) -# -# which would allow running dep with bazel run. -def workspace_binary( - name, - cmd, - args = None, - visibility = None, - data = None, - root_file = "//:WORKSPACE"): - script_name = name + "_script" - _workspace_binary_script( - name = script_name, - cmd = cmd, - root_file = root_file, - tags = ["manual"], - ) - native.sh_binary( - name = name, - srcs = [":" + script_name], - args = args, - data = data, - visibility = visibility, - tags = ["manual"], - ) diff --git a/skylib/run_schema.json b/skylib/run_schema.json new file mode 100644 index 00000000..ae29e115 --- /dev/null +++ b/skylib/run_schema.json @@ -0,0 +1,2329 @@ +{ + "description": "Schema for the Cloud Run yaml file. Extracted and modified from https://run.googleapis.com/$discovery/rest?version=v1", + "definitions": { + "Job": { + "description": "Job represents the configuration of a single job, which references a container image which is run to completion.", + "type": "object", + "properties": { + "spec": { + "description": "Optional. Specification of the desired behavior of a job.", + "$ref": "#/definitions/JobSpec" + }, + "metadata": { + "description": "Optional. Standard object's metadata.", + "$ref": "#/definitions/ObjectMeta" + }, + "status": { + "description": "Output only. Current status of a job.", + "$ref": "#/definitions/JobStatus", + "readOnly": true + }, + "apiVersion": { + "type": "string", + "description": "Optional. APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values." + }, + "kind": { + "type": "string", + "description": "Optional. Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase." + } + }, + "id": "Job" + }, + "Configuration": { + "description": "Configuration represents the \"floating HEAD\" of a linear history of Revisions, and optionally how the containers those revisions reference are built. Users create new Revisions by updating the Configuration's spec. The \"latest created\" revision's name is available under status, as is the \"latest ready\" revision's name.", + "type": "object", + "id": "Configuration", + "properties": { + "kind": { + "description": "The kind of resource, in this case always \"Configuration\".", + "type": "string" + }, + "metadata": { + "description": "Metadata associated with this Configuration, including name, namespace, labels, and annotations.", + "$ref": "#/definitions/ObjectMeta" + }, + "apiVersion": { + "type": "string", + "description": "The API version for this call such as \"serving.knative.dev/v1\"." + }, + "status": { + "$ref": "#/definitions/ConfigurationStatus", + "description": "Status communicates the observed state of the Configuration (from the controller)." + }, + "spec": { + "$ref": "#/definitions/ConfigurationSpec", + "description": "Spec holds the desired state of the Configuration (from the client)." + } + } + }, + "TestIamPermissionsRequest": { + "properties": { + "permissions": { + "type": "array", + "description": "The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).", + "items": { + "type": "string" + } + } + }, + "type": "object", + "id": "TestIamPermissionsRequest", + "description": "Request message for `TestIamPermissions` method." + }, + "ConfigurationStatus": { + "type": "object", + "description": "ConfigurationStatus communicates the observed state of the Configuration (from the controller).", + "properties": { + "observedGeneration": { + "format": "int32", + "description": "ObservedGeneration is the 'Generation' of the Configuration that was last processed by the controller. The observed generation is updated even if the controller failed to process the spec and create the Revision. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation, and the Ready condition's status is True or False.", + "type": "integer" + }, + "conditions": { + "description": "Conditions communicate information about ongoing/complete reconciliation processes that bring the \"spec\" inline with the observed state of the world.", + "items": { + "$ref": "#/definitions/GoogleCloudRunV1Condition" + }, + "type": "array" + }, + "latestCreatedRevisionName": { + "description": "LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, so for the latest ready revision, use LatestReadyRevisionName.", + "type": "string" + }, + "latestReadyRevisionName": { + "description": "LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its \"Ready\" condition become \"True\".", + "type": "string" + } + }, + "id": "ConfigurationStatus" + }, + "ConfigMapEnvSource": { + "properties": { + "optional": { + "description": "Specify whether the ConfigMap must be defined.", + "type": "boolean" + }, + "localObjectReference": { + "description": "This field should not be used directly as it is meant to be inlined directly into the message. Use the \"name\" field instead.", + "deprecated": true, + "$ref": "#/definitions/LocalObjectReference" + }, + "name": { + "type": "string", + "description": "The ConfigMap to select from." + } + }, + "type": "object", + "id": "ConfigMapEnvSource", + "description": "Not supported by Cloud Run. ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables." + }, + "RevisionTemplate": { + "properties": { + "spec": { + "$ref": "#/definitions/RevisionSpec", + "description": "RevisionSpec holds the desired state of the Revision (from the client)." + }, + "metadata": { + "$ref": "#/definitions/ObjectMeta", + "description": "Optional metadata for this Revision, including labels and annotations. Name will be generated by the Configuration. The following annotation keys set properties of the created revision: * `autoscaling.knative.dev/minScale` sets the minimum number of instances. * `autoscaling.knative.dev/maxScale` sets the maximum number of instances. * `run.googleapis.com/cloudsql-instances` sets Cloud SQL connections. Multiple values should be comma separated. * `run.googleapis.com/vpc-access-connector` sets a Serverless VPC Access connector. * `run.googleapis.com/vpc-access-egress` sets VPC egress. Supported values are `all-traffic`, `all` (deprecated), and `private-ranges-only`. `all-traffic` and `all` provide the same functionality. `all` is deprecated but will continue to be supported. Prefer `all-traffic`." + } + }, + "description": "RevisionTemplateSpec describes the data a revision should have when created from a template.", + "id": "RevisionTemplate", + "type": "object" + }, + "ListJobsResponse": { + "properties": { + "apiVersion": { + "description": "The API version for this call such as \"run.googleapis.com/v1\".", + "type": "string" + }, + "kind": { + "type": "string", + "description": "The kind of this resource, in this case \"JobsList\"." + }, + "unreachable": { + "type": "array", + "description": "Locations that could not be reached.", + "items": { + "type": "string" + } + }, + "items": { + "description": "List of Jobs.", + "type": "array", + "items": { + "$ref": "#/definitions/Job" + } + }, + "metadata": { + "$ref": "#/definitions/ListMeta", + "description": "Metadata associated with this jobs list." + } + }, + "id": "ListJobsResponse", + "description": "ListJobsResponse is a list of Jobs resources.", + "type": "object" + }, + "SetIamPolicyRequest": { + "description": "Request message for `SetIamPolicy` method.", + "type": "object", + "properties": { + "policy": { + "$ref": "#/definitions/Policy", + "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them." + }, + "updateMask": { + "description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`", + "format": "google-fieldmask", + "type": "string" + } + }, + "id": "SetIamPolicyRequest" + }, + "ExecAction": { + "id": "ExecAction", + "description": "Not supported by Cloud Run. ExecAction describes a \"run in container\" action.", + "properties": { + "command": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy." + } + }, + "type": "object" + }, + "LocalObjectReference": { + "properties": { + "name": { + "type": "string", + "description": "Name of the referent." + } + }, + "type": "object", + "id": "LocalObjectReference", + "description": "Not supported by Cloud Run. LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace." + }, + "Overrides": { + "description": "RunJob Overrides that contains Execution fields to be overridden on the go.", + "id": "Overrides", + "properties": { + "containerOverrides": { + "type": "array", + "description": "Per container override specification.", + "items": { + "$ref": "#/definitions/ContainerOverride" + } + }, + "taskCount": { + "description": "The desired number of tasks the execution should run. Will replace existing task_count value.", + "format": "int32", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "description": "Duration in seconds the task may be active before the system will actively try to mark it failed and kill associated containers. Will replace existing timeout_seconds value.", + "type": "integer" + } + }, + "type": "object" + }, + "ContainerOverride": { + "type": "object", + "description": "Per container override specification.", + "properties": { + "clearArgs": { + "description": "Optional. Set to True to clear all existing arguments.", + "type": "boolean" + }, + "args": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Arguments to the entrypoint. The specified arguments replace and override any existing entrypoint arguments. Must be empty if `clear_args` is set to true." + }, + "name": { + "type": "string", + "description": "The name of the container specified as a DNS_LABEL." + }, + "env": { + "items": { + "$ref": "#/definitions/EnvVar" + }, + "type": "array", + "description": "List of environment variables to set in the container. All specified environment variables are merged with existing environment variables. When the specified environment variables exist, these values override any existing values.", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + }, + "id": "ContainerOverride" + }, + "Expr": { + "properties": { + "expression": { + "description": "Textual representation of an expression in Common Expression Language syntax.", + "type": "string" + }, + "title": { + "type": "string", + "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression." + }, + "location": { + "type": "string", + "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file." + }, + "description": { + "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.", + "type": "string" + } + }, + "type": "object", + "id": "Expr", + "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() \u003c 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information." + }, + "ServiceStatus": { + "description": "The current state of the Service. Output only.", + "type": "object", + "properties": { + "url": { + "type": "string", + "description": "URL that will distribute traffic over the provided traffic targets. It generally has the form https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app" + }, + "observedGeneration": { + "format": "int32", + "type": "integer", + "description": "Returns the generation last fully processed by the system. This will only match metadata.generation when reconciliation is complete. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False." + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/definitions/GoogleCloudRunV1Condition" + }, + "description": "Conditions communicate information about ongoing/complete reconciliation processes that bring the `spec` inline with the observed state of the world. Service-specific conditions include: * `ConfigurationsReady`: `True` when the underlying Configuration is ready. * `RoutesReady`: `True` when the underlying Route is ready. * `Ready`: `True` when all underlying resources are ready." + }, + "latestReadyRevisionName": { + "description": "Name of the latest Revision from this Service's Configuration that has had its `Ready` condition become `True`.", + "type": "string" + }, + "traffic": { + "description": "Holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed.", + "type": "array", + "items": { + "$ref": "#/definitions/TrafficTarget" + } + }, + "address": { + "$ref": "#/definitions/Addressable", + "description": "Similar to url, information on where the service is available on HTTP." + }, + "latestCreatedRevisionName": { + "type": "string", + "description": "Name of the last revision that was created from this Service's Configuration. It might not be ready yet, for that use LatestReadyRevisionName." + } + }, + "id": "ServiceStatus" + }, + "Policy": { + "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).", + "id": "Policy", + "type": "object", + "properties": { + "etag": { + "type": "string", + "description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.", + "format": "byte" + }, + "version": { + "format": "int32", + "type": "integer", + "description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." + }, + "bindings": { + "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.", + "items": { + "$ref": "#/definitions/Binding" + }, + "type": "array" + }, + "auditConfigs": { + "type": "array", + "description": "Specifies cloud audit logging configuration for this policy.", + "items": { + "$ref": "#/definitions/AuditConfig" + } + } + } + }, + "EnvVar": { + "type": "object", + "properties": { + "valueFrom": { + "description": "Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty.", + "$ref": "#/definitions/EnvVarSource" + }, + "name": { + "type": "string", + "description": "Required. Name of the environment variable. Must be a C_IDENTIFIER." + }, + "value": { + "description": "Value of the environment variable. Defaults to \"\". Variable references are not supported in Cloud Run.", + "type": "string" + } + }, + "id": "EnvVar", + "description": "EnvVar represents an environment variable present in a Container." + }, + "ExecutionReference": { + "properties": { + "creationTimestamp": { + "type": "string", + "description": "Optional. Creation timestamp of the execution.", + "format": "google-datetime" + }, + "name": { + "type": "string", + "description": "Optional. Name of the execution." + }, + "completionTimestamp": { + "type": "string", + "format": "google-datetime", + "description": "Optional. Completion timestamp of the execution." + } + }, + "description": "Reference to an Execution. Use /Executions.GetExecution with the given name to get full execution including the latest status.", + "id": "ExecutionReference", + "type": "object" + }, + "ResourceRequirements": { + "type": "object", + "id": "ResourceRequirements", + "properties": { + "requests": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Requests describes the minimum amount of compute resources required. Only `cpu` and `memory` are supported. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits" + }, + "limits": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "description": "Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits" + } + }, + "description": "ResourceRequirements describes the compute resource requirements." + }, + "ExecutionTemplateSpec": { + "properties": { + "metadata": { + "$ref": "#/definitions/ObjectMeta", + "description": "Optional. Optional metadata for this Execution, including labels and annotations. The following annotation keys set properties of the created execution: * `run.googleapis.com/cloudsql-instances` sets Cloud SQL connections. Multiple values should be comma separated. * `run.googleapis.com/vpc-access-connector` sets a Serverless VPC Access connector. * `run.googleapis.com/vpc-access-egress` sets VPC egress. Supported values are `all-traffic`, `all` (deprecated), and `private-ranges-only`. `all-traffic` and `all` provide the same functionality. `all` is deprecated but will continue to be supported. Prefer `all-traffic`." + }, + "spec": { + "description": "Required. ExecutionSpec holds the desired configuration for executions of this job.", + "$ref": "#/definitions/ExecutionSpec" + } + }, + "description": "ExecutionTemplateSpec describes the metadata and spec an Execution should have when created from a job.", + "type": "object", + "id": "ExecutionTemplateSpec" + }, + "RunJobRequest": { + "id": "RunJobRequest", + "type": "object", + "description": "Request message for creating a new execution of a job.", + "properties": { + "overrides": { + "description": "Optional. Private preview feature. Currently only available by invitation. Overrides specification for a given execution of a job. The specified values update the specification of the created execution.", + "$ref": "#/definitions/Overrides" + } + } + }, + "ContainerPort": { + "id": "ContainerPort", + "type": "object", + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Port number the container listens on. If present, this must be a valid port number, 0 \u003c x \u003c 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port", + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string", + "description": "If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\"." + }, + "protocol": { + "description": "Protocol for port. Must be \"TCP\". Defaults to \"TCP\".", + "type": "string" + } + } + }, + "GoogleCloudRunV1Condition": { + "id": "GoogleCloudRunV1Condition", + "description": "Conditions show the status of reconciliation progress on a given resource. Most resource use a top-level condition type \"Ready\" or \"Completed\" to show overall status with other conditions to checkpoint each stage of reconciliation. Note that if metadata.Generation does not equal status.ObservedGeneration, the conditions shown may not be relevant for the current spec.", + "type": "object", + "properties": { + "lastTransitionTime": { + "type": "string", + "description": "Optional. Last time the condition transitioned from one status to another.", + "format": "google-datetime" + }, + "message": { + "type": "string", + "description": "Optional. Human readable message indicating details about the current status." + }, + "status": { + "type": "string", + "description": "Status of the condition, one of True, False, Unknown." + }, + "reason": { + "type": "string", + "description": "Optional. One-word CamelCase reason for the condition's last transition. These are intended to be stable, unique values which the client may use to trigger error handling logic, whereas messages which may be changed later by the server." + }, + "severity": { + "type": "string", + "description": "Optional. How to interpret this condition. One of Error, Warning, or Info. Conditions of severity Info do not contribute to resource readiness." + }, + "type": { + "type": "string", + "description": "type is used to communicate the status of the reconciliation process. Types common to all resources include: * \"Ready\" or \"Completed\": True when the Resource is ready." + } + } + }, + "TaskStatus": { + "properties": { + "conditions": { + "description": "Optional. Conditions communicate information about ongoing/complete reconciliation processes that bring the \"spec\" inline with the observed state of the world. Task-specific conditions include: * `Started`: `True` when the task has started to execute. * `Completed`: `True` when the task has succeeded. `False` when the task has failed.", + "type": "array", + "items": { + "$ref": "#/definitions/GoogleCloudRunV1Condition" + } + }, + "logUri": { + "description": "Optional. URI where logs for this task can be found in Cloud Console.", + "type": "string" + }, + "completionTime": { + "type": "string", + "description": "Optional. Represents time when the task was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.", + "format": "google-datetime" + }, + "retried": { + "format": "int32", + "type": "integer", + "description": "Optional. The number of times this task was retried. Instances are retried when they fail up to the maxRetries limit." + }, + "startTime": { + "type": "string", + "format": "google-datetime", + "description": "Optional. Represents time when the task started to run. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC." + }, + "index": { + "format": "int32", + "description": "Required. Index of the task, unique per execution, and beginning at 0.", + "type": "integer" + }, + "observedGeneration": { + "type": "integer", + "description": "Optional. The 'generation' of the task that was last processed by the controller.", + "format": "int32" + }, + "lastAttemptResult": { + "$ref": "#/definitions/TaskAttemptResult", + "description": "Optional. Result of the last attempt of this task." + } + }, + "id": "TaskStatus", + "description": "TaskStatus represents the status of a task.", + "type": "object" + }, + "Volume": { + "type": "object", + "description": "Volume represents a named volume in a container.", + "properties": { + "secret": { + "$ref": "#/definitions/SecretVolumeSource", + "description": "The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName." + }, + "emptyDir": { + "$ref": "#/definitions/EmptyDirVolumeSource", + "description": "Ephemeral storage used as a shared volume." + }, + "name": { + "type": "string", + "description": "Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved." + }, + "configMap": { + "$ref": "#/definitions/ConfigMapVolumeSource", + "description": "Not supported in Cloud Run." + } + }, + "id": "Volume" + }, + "RouteStatus": { + "properties": { + "address": { + "description": "Similar to url, information on where the service is available on HTTP.", + "$ref": "#/definitions/Addressable" + }, + "observedGeneration": { + "description": "ObservedGeneration is the 'Generation' of the Route that was last processed by the controller. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False. Note that providing a TrafficTarget that has latest_revision=True will result in a Route that does not increment either its metadata.generation or its observedGeneration, as new \"latest ready\" revisions from the Configuration are processed without an update to the Route's spec.", + "type": "integer", + "format": "int32" + }, + "url": { + "type": "string", + "description": "URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form: https://{route-hash}-{project-hash}-{cluster-level-suffix}.a.run.app" + }, + "traffic": { + "type": "array", + "description": "Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that was last observed.", + "items": { + "$ref": "#/definitions/TrafficTarget" + } + }, + "conditions": { + "items": { + "$ref": "#/definitions/GoogleCloudRunV1Condition" + }, + "description": "Conditions communicates information about ongoing/complete reconciliation processes that bring the \"spec\" inline with the observed state of the world.", + "type": "array" + } + }, + "type": "object", + "id": "RouteStatus", + "description": "RouteStatus communicates the observed state of the Route (from the controller)." + }, + "ListExecutionsResponse": { + "properties": { + "kind": { + "type": "string", + "description": "The kind of this resource, in this case \"ExecutionsList\"." + }, + "unreachable": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Locations that could not be reached." + }, + "metadata": { + "$ref": "#/definitions/ListMeta", + "description": "Metadata associated with this executions list." + }, + "apiVersion": { + "description": "The API version for this call such as \"run.googleapis.com/v1\".", + "type": "string" + }, + "items": { + "type": "array", + "description": "List of Executions.", + "items": { + "$ref": "#/definitions/Execution" + } + } + }, + "id": "ListExecutionsResponse", + "description": "ListExecutionsResponse is a list of Executions resources.", + "type": "object" + }, + "Probe": { + "id": "Probe", + "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", + "type": "object", + "properties": { + "failureThreshold": { + "type": "integer", + "format": "int32", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1." + }, + "exec": { + "$ref": "#/definitions/ExecAction", + "description": "Not supported by Cloud Run." + }, + "grpc": { + "$ref": "#/definitions/GRPCAction", + "description": "GRPCAction specifies an action involving a GRPC port." + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10.", + "type": "integer", + "format": "int32" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port.", + "$ref": "#/definitions/TCPSocketAction" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240.", + "type": "integer", + "format": "int32" + }, + "periodSeconds": { + "type": "integer", + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds.", + "format": "int32" + }, + "httpGet": { + "$ref": "#/definitions/HTTPGetAction", + "description": "HTTPGet specifies the http request to perform." + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set.", + "format": "int32", + "type": "integer" + } + } + }, + "ListServicesResponse": { + "type": "object", + "id": "ListServicesResponse", + "description": "A list of Service resources.", + "properties": { + "metadata": { + "description": "Metadata associated with this Service list.", + "$ref": "#/definitions/ListMeta" + }, + "kind": { + "type": "string", + "description": "The kind of this resource; returns \"ServiceList\"." + }, + "items": { + "description": "List of Services.", + "items": { + "$ref": "#/definitions/Service" + }, + "type": "array" + }, + "apiVersion": { + "description": "The API version for this call; returns \"serving.knative.dev/v1\".", + "type": "string" + }, + "unreachable": { + "description": "For calls against the global endpoint, returns the list of Cloud locations that could not be reached. For regional calls, this field is not used.", + "items": { + "type": "string" + }, + "type": "array" + } + } + }, + "ObjectMeta": { + "properties": { + "ownerReferences": { + "items": { + "$ref": "#/definitions/OwnerReference" + }, + "description": "Not supported by Cloud Run", + "type": "array" + }, + "creationTimestamp": { + "type": "string", + "format": "google-datetime", + "description": "UTC timestamp representing the server time when this object was created." + }, + "selfLink": { + "type": "string", + "description": "URL representing this object." + }, + "resourceVersion": { + "description": "Opaque, system-generated value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server or omit the value to disable conflict-detection.", + "type": "string" + }, + "generateName": { + "type": "string", + "description": "Not supported by Cloud Run" + }, + "deletionTimestamp": { + "description": "The read-only soft deletion timestamp for this resource. In Cloud Run, users are not able to set this field. Instead, they must call the corresponding Delete API.", + "format": "google-datetime", + "type": "string" + }, + "annotations": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. * `autoscaling.knative.dev/maxScale`: Revision. * `autoscaling.knative.dev/minScale`: Revision. * `run.googleapis.com/binary-authorization-breakglass`: Service, Job, * `run.googleapis.com/binary-authorization`: Service, Job, Execution. * `run.googleapis.com/client-name`: All resources. * `run.googleapis.com/cloudsql-instances`: Revision, Execution. * `run.googleapis.com/container-dependencies`: Revision. * `run.googleapis.com/cpu-throttling`: Revision. * `run.googleapis.com/custom-audiences`: Service. * `run.googleapis.com/description`: Service. * `run.googleapis.com/encryption-key-shutdown-hours`: Revision * `run.googleapis.com/encryption-key`: Revision, Execution. * `run.googleapis.com/execution-environment`: Revision, Execution. * `run.googleapis.com/gc-traffic-tags`: Service. * `run.googleapis.com/ingress`: Service. * `run.googleapis.com/launch-stage`: Service, Job. * `run.googleapis.com/network-interfaces`: Revision, Execution. * `run.googleapis.com/post-key-revocation-action-type`: Revision. * `run.googleapis.com/secrets`: Revision, Execution. * `run.googleapis.com/secure-session-agent`: Revision. * `run.googleapis.com/sessionAffinity`: Revision. * `run.googleapis.com/startup-cpu-boost`: Revision. * `run.googleapis.com/vpc-access-connector`: Revision, Execution. * `run.googleapis.com/vpc-access-egress`: Revision, Execution." + }, + "namespace": { + "type": "string", + "description": "Required. Defines the space within each name must be unique within a Cloud Run region. In Cloud Run, it must be project ID or number." + }, + "uid": { + "description": "Unique, system-generated identifier for this resource.", + "type": "string" + }, + "clusterName": { + "description": "Not supported by Cloud Run", + "type": "string" + }, + "generation": { + "description": "A system-provided sequence number representing a specific generation of the desired state.", + "format": "int32", + "type": "integer" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and routes.", + "type": "object" + }, + "name": { + "type": "string", + "description": "Required. The name of the resource. Name is required when creating top-level resources (Service, Job), must be unique within a Cloud Run project/region, and cannot be changed once created." + }, + "finalizers": { + "items": { + "type": "string" + }, + "description": "Not supported by Cloud Run", + "type": "array" + }, + "deletionGracePeriodSeconds": { + "format": "int32", + "description": "Not supported by Cloud Run", + "type": "integer" + } + }, + "id": "ObjectMeta", + "type": "object", + "description": "k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create." + }, + "GoogleRpcStatus": { + "type": "object", + "id": "GoogleRpcStatus", + "properties": { + "message": { + "type": "string", + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client." + }, + "details": { + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.", + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": [ + "number", + "string", + "boolean", + "object", + "array", + "null" + ], + "description": "Properties of the object. Contains field @type with type URL." + } + } + }, + "code": { + "description": "The status code, which should be an enum value of google.rpc.Code.", + "format": "int32", + "type": "integer" + } + }, + "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors)." + }, + "StatusCause": { + "description": "StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.", + "properties": { + "field": { + "type": "string", + "description": "The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Examples: \"name\" - the field \"name\" on the current resource \"items[0].name\" - the field \"name\" on the first array entry in \"items\"" + }, + "reason": { + "description": "A machine-readable description of the cause of the error. If this value is empty there is no information available.", + "type": "string" + }, + "message": { + "type": "string", + "description": "A human-readable description of the cause of the error. This field may be presented as-is to a reader." + } + }, + "type": "object", + "id": "StatusCause" + }, + "CancelExecutionRequest": { + "id": "CancelExecutionRequest", + "description": "Request message for cancelling an execution.", + "properties": {}, + "type": "object" + }, + "JobStatus": { + "type": "object", + "properties": { + "executionCount": { + "description": "Number of executions created for this job.", + "format": "int32", + "type": "integer" + }, + "observedGeneration": { + "format": "int32", + "type": "integer", + "description": "The 'generation' of the job that was last processed by the controller." + }, + "latestCreatedExecution": { + "$ref": "#/definitions/ExecutionReference", + "description": "A pointer to the most recently created execution for this job. This is set regardless of the eventual state of the execution." + }, + "conditions": { + "type": "array", + "description": "Conditions communicate information about ongoing/complete reconciliation processes that bring the \"spec\" inline with the observed state of the world. Job-specific conditions include: * `Ready`: `True` when the job is ready to be executed.", + "items": { + "$ref": "#/definitions/GoogleCloudRunV1Condition" + } + } + }, + "id": "JobStatus", + "description": "JobStatus represents the current state of a Job." + }, + "VolumeMount": { + "properties": { + "mountPath": { + "description": "Required. Path within the container at which the volume should be mounted. Must not contain ':'.", + "type": "string" + }, + "readOnly": { + "type": "boolean", + "description": "Only true is accepted for Secret Volumes. Defaults to true for Secrets Volumes." + }, + "subPath": { + "type": "string", + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root)." + }, + "name": { + "description": "Required. The name of the volume. There must be a corresponding Volume with the same name.", + "type": "string" + } + }, + "description": "VolumeMount describes a mounting of a Volume within a container.", + "id": "VolumeMount", + "type": "object" + }, + "Execution": { + "type": "object", + "id": "Execution", + "properties": { + "metadata": { + "description": "Optional. Standard object's metadata.", + "$ref": "#/definitions/ObjectMeta" + }, + "apiVersion": { + "type": "string", + "description": "Optional. APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values." + }, + "kind": { + "description": "Optional. Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase.", + "type": "string" + }, + "spec": { + "$ref": "#/definitions/ExecutionSpec", + "description": "Optional. Specification of the desired behavior of an execution." + }, + "status": { + "$ref": "#/definitions/ExecutionStatus", + "description": "Output only. Current status of an execution.", + "readOnly": true + } + }, + "description": "Execution represents the configuration of a single execution. An execution is an immutable resource that references a container image which is run to completion." + }, + "SecurityContext": { + "id": "SecurityContext", + "type": "object", + "properties": { + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "format": "int32", + "type": "integer" + } + }, + "description": "Not supported by Cloud Run. SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence." + }, + "TaskAttemptResult": { + "properties": { + "status": { + "$ref": "#/definitions/GoogleRpcStatus", + "description": "Optional. The status of this attempt. If the status code is OK, then the attempt succeeded." + }, + "exitCode": { + "type": "integer", + "format": "int32", + "description": "Optional. The exit code of this attempt. This may be unset if the container was unable to exit cleanly with a code due to some other failure. See status field for possible failure details." + } + }, + "type": "object", + "description": "Result of a task attempt.", + "id": "TaskAttemptResult" + }, + "ConfigurationSpec": { + "properties": { + "template": { + "$ref": "#/definitions/RevisionTemplate", + "description": "Template holds the latest specification for the Revision to be stamped out." + } + }, + "type": "object", + "id": "ConfigurationSpec", + "description": "ConfigurationSpec holds the desired state of the Configuration (from the client)." + }, + "ResourceRecord": { + "description": "A DNS resource record.", + "type": "object", + "properties": { + "rrdata": { + "description": "Data for this record. Values vary by record type, as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1).", + "type": "string" + }, + "type": { + "description": "Resource record type. Example: `AAAA`.", + "enumDescriptions": [ + "An unknown resource record.", + "An A resource record. Data is an IPv4 address.", + "An AAAA resource record. Data is an IPv6 address.", + "A CNAME resource record. Data is a domain name to be aliased." + ], + "enum": [ + "RECORD_TYPE_UNSPECIFIED", + "A", + "AAAA", + "CNAME" + ], + "type": "string" + }, + "name": { + "description": "Relative name of the object affected by this record. Only applicable for `CNAME` records. Example: 'www'.", + "type": "string" + } + }, + "id": "ResourceRecord" + }, + "TaskSpec": { + "type": "object", + "description": "TaskSpec is a description of a task.", + "properties": { + "volumes": { + "items": { + "$ref": "#/definitions/Volume" + }, + "description": "Optional. List of volumes that can be mounted by containers belonging to the task.", + "type": "array" + }, + "serviceAccountName": { + "description": "Optional. Email address of the IAM service account associated with the task of a job execution. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.", + "type": "string" + }, + "maxRetries": { + "type": "integer", + "description": "Optional. Number of retries allowed per task, before marking this job failed. Defaults to 3.", + "format": "int32" + }, + "containers": { + "type": "array", + "items": { + "$ref": "#/definitions/Container" + }, + "description": "Optional. List of containers belonging to the task. We disallow a number of fields on this Container. Only a single container may be provided.", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "timeoutSeconds": { + "format": "int64", + "type": "string", + "description": "Optional. Duration in seconds the task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. Defaults to 600 seconds." + } + }, + "id": "TaskSpec" + }, + "ExecutionSpec": { + "description": "ExecutionSpec describes how the execution will look.", + "type": "object", + "id": "ExecutionSpec", + "properties": { + "taskCount": { + "format": "int32", + "type": "integer", + "description": "Optional. Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. Defaults to 1." + }, + "parallelism": { + "format": "int32", + "description": "Optional. Specifies the maximum desired number of tasks the execution should run at given time. Must be \u003c= task_count. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed, i.e. when the work left to do is less than max parallelism.", + "type": "integer" + }, + "template": { + "$ref": "#/definitions/TaskTemplateSpec", + "description": "Optional. The template used to create tasks for this execution." + } + } + }, + "ConfigMapKeySelector": { + "properties": { + "optional": { + "type": "boolean", + "description": "Not supported by Cloud Run." + }, + "key": { + "type": "string", + "description": "Required. Not supported by Cloud Run." + }, + "localObjectReference": { + "$ref": "#/definitions/LocalObjectReference", + "deprecated": true, + "description": "Not supported by Cloud Run." + }, + "name": { + "description": "Required. Not supported by Cloud Run.", + "type": "string" + } + }, + "description": "Not supported by Cloud Run.", + "type": "object", + "id": "ConfigMapKeySelector" + }, + "ExecutionStatus": { + "properties": { + "cancelledCount": { + "type": "integer", + "format": "int32", + "description": "Optional. The number of tasks which reached phase Cancelled." + }, + "succeededCount": { + "description": "Optional. The number of tasks which reached phase Succeeded.", + "format": "int32", + "type": "integer" + }, + "runningCount": { + "format": "int32", + "type": "integer", + "description": "Optional. The number of actively running tasks." + }, + "conditions": { + "description": "Optional. Conditions communicate information about ongoing/complete reconciliation processes that bring the \"spec\" inline with the observed state of the world. Execution-specific conditions include: * `ResourcesAvailable`: `True` when underlying resources have been provisioned. * `Started`: `True` when the execution has started to execute. * `Completed`: `True` when the execution has succeeded. `False` when the execution has failed.", + "type": "array", + "items": { + "$ref": "#/definitions/GoogleCloudRunV1Condition" + } + }, + "startTime": { + "type": "string", + "format": "google-datetime", + "description": "Optional. Represents the time that the execution started to run. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC." + }, + "failedCount": { + "description": "Optional. The number of tasks which reached phase Failed.", + "format": "int32", + "type": "integer" + }, + "retriedCount": { + "type": "integer", + "description": "Optional. The number of tasks which have retried at least once.", + "format": "int32" + }, + "completionTime": { + "format": "google-datetime", + "type": "string", + "description": "Optional. Represents the time that the execution was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC. +optional" + }, + "observedGeneration": { + "format": "int32", + "description": "Optional. The 'generation' of the execution that was last processed by the controller.", + "type": "integer" + }, + "logUri": { + "type": "string", + "description": "Optional. URI where logs for this execution can be found in Cloud Console." + } + }, + "type": "object", + "description": "ExecutionStatus represents the current state of an Execution.", + "id": "ExecutionStatus" + }, + "ListMeta": { + "properties": { + "resourceVersion": { + "description": "Opaque string that identifies the server's internal version of this object. It can be used by clients to determine when objects have changed. If the message is passed back to the server, it must be left unmodified.", + "type": "string" + }, + "selfLink": { + "description": "URL representing this object.", + "type": "string" + }, + "continue": { + "type": "string", + "description": "Continuation token is a value emitted when the count of items is larger than the user/system limit. To retrieve the next page of items, pass the value of `continue` as the next request's `page_token`." + } + }, + "type": "object", + "description": "Metadata for synthetic resources like List. In Cloud Run, all List Resources Responses will have a ListMeta instead of ObjectMeta.", + "id": "ListMeta" + }, + "ListRoutesResponse": { + "type": "object", + "description": "ListRoutesResponse is a list of Route resources.", + "properties": { + "apiVersion": { + "type": "string", + "description": "The API version for this call such as \"serving.knative.dev/v1\"." + }, + "unreachable": { + "description": "Locations that could not be reached.", + "type": "array", + "items": { + "type": "string" + } + }, + "items": { + "type": "array", + "items": { + "$ref": "#/definitions/Route" + }, + "description": "List of Routes." + }, + "metadata": { + "description": "Metadata associated with this Route list.", + "$ref": "#/definitions/ListMeta" + }, + "kind": { + "type": "string", + "description": "The kind of this resource, in this case always \"RouteList\"." + } + }, + "id": "ListRoutesResponse" + }, + "Revision": { + "description": "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. See also: https://github.com/knative/specs/blob/main/specs/serving/overview.md#revision", + "properties": { + "spec": { + "$ref": "#/definitions/RevisionSpec", + "description": "Spec holds the desired state of the Revision (from the client)." + }, + "apiVersion": { + "description": "The API version for this call such as \"serving.knative.dev/v1\".", + "type": "string" + }, + "status": { + "$ref": "#/definitions/RevisionStatus", + "description": "Status communicates the observed state of the Revision (from the controller)." + }, + "metadata": { + "$ref": "#/definitions/ObjectMeta", + "description": "Metadata associated with this Revision, including name, namespace, labels, and annotations." + }, + "kind": { + "description": "The kind of this resource, in this case \"Revision\".", + "type": "string" + } + }, + "id": "Revision", + "type": "object" + }, + "SecretEnvSource": { + "id": "SecretEnvSource", + "properties": { + "optional": { + "type": "boolean", + "description": "Specify whether the Secret must be defined" + }, + "localObjectReference": { + "deprecated": true, + "$ref": "#/definitions/LocalObjectReference", + "description": "This field should not be used directly as it is meant to be inlined directly into the message. Use the \"name\" field instead." + }, + "name": { + "type": "string", + "description": "The Secret to select from." + } + }, + "type": "object", + "description": "Not supported by Cloud Run. SecretEnvSource selects a Secret to populate the environment variables with. The contents of the target Secret's Data field will represent the key-value pairs as environment variables." + }, + "Service": { + "description": "Service acts as a top-level container that manages a set of Routes and Configurations which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets). The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own.", + "properties": { + "kind": { + "description": "The kind of resource. It must be \"Service\".", + "type": "string" + }, + "spec": { + "description": "Holds the desired state of the Service (from the client).", + "$ref": "#/definitions/ServiceSpec" + }, + "apiVersion": { + "description": "The API version for this call. It must be \"serving.knative.dev/v1\".", + "type": "string" + }, + "metadata": { + "$ref": "#/definitions/ObjectMeta", + "description": "Metadata associated with this Service, including name, namespace, labels, and annotations. In Cloud Run, annotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted, and the accepted annotations will be different depending on the resource type. The following Cloud Run-specific annotations are accepted in Service.metadata.annotations. * `run.googleapis.com/binary-authorization-breakglass` * `run.googleapis.com/binary-authorization` * `run.googleapis.com/client-name` * `run.googleapis.com/custom-audiences` * `run.googleapis.com/description` * `run.googleapis.com/gc-traffic-tags` * `run.googleapis.com/ingress` * `run.googleapis.com/ingress` sets the ingress settings for the Service. See [the ingress settings documentation](/run/docs/securing/ingress) for details on configuring ingress settings. * `run.googleapis.com/ingress-status` is output-only and contains the currently active ingress settings for the Service. `run.googleapis.com/ingress-status` may differ from `run.googleapis.com/ingress` while the system is processing a change to `run.googleapis.com/ingress` or if the system failed to process a change to `run.googleapis.com/ingress`. When the system has processed all changes successfully `run.googleapis.com/ingress-status` and `run.googleapis.com/ingress` are equal." + }, + "status": { + "$ref": "#/definitions/ServiceStatus", + "description": "Communicates the system-controlled state of the Service." + } + }, + "id": "Service", + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "serving.knative.dev", + "kind": "Service", + "version": "v1" + } + ] + }, + "Status": { + "type": "object", + "id": "Status", + "properties": { + "code": { + "type": "integer", + "format": "int32", + "description": "Suggested HTTP return code for this status, 0 if not set." + }, + "message": { + "type": "string", + "description": "A human-readable description of the status of this operation." + }, + "details": { + "description": "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", + "$ref": "#/definitions/StatusDetails" + }, + "status": { + "type": "string", + "description": "Status of the operation. One of: \"Success\" or \"Failure\"." + }, + "metadata": { + "description": "Standard list metadata.", + "$ref": "#/definitions/ListMeta" + }, + "reason": { + "type": "string", + "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it." + } + }, + "description": "Status is a return value for calls that don't return other objects." + }, + "EnvFromSource": { + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "$ref": "#/definitions/ConfigMapEnvSource" + }, + "prefix": { + "type": "string", + "description": "An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER." + }, + "secretRef": { + "description": "The Secret to select from", + "$ref": "#/definitions/SecretEnvSource" + } + }, + "type": "object", + "description": "Not supported by Cloud Run. EnvFromSource represents the source of a set of ConfigMaps", + "id": "EnvFromSource" + }, + "TrafficTarget": { + "id": "TrafficTarget", + "description": "TrafficTarget holds a single entry of the routing table for a Route.", + "type": "object", + "properties": { + "url": { + "type": "string", + "readOnly": true, + "description": "Output only. URL displays the URL for accessing tagged traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. https://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.)" + }, + "percent": { + "format": "int32", + "type": "integer", + "description": "Percent specifies percent of the traffic to this Revision or Configuration. This defaults to zero if unspecified." + }, + "tag": { + "description": "Tag is used to expose a dedicated url for referencing this target exclusively.", + "type": "string" + }, + "revisionName": { + "type": "string", + "description": "Points this traffic target to a specific Revision. This field is mutually exclusive with latest_revision." + }, + "configurationName": { + "description": "[Deprecated] Not supported in Cloud Run. It must be empty.", + "deprecated": true, + "type": "string" + }, + "latestRevision": { + "type": "boolean", + "description": "Uses the \"status.latestReadyRevisionName\" of the Service to determine the traffic target. When it changes, traffic will automatically migrate from the prior \"latest ready\" revision to the new one. This field must be false if RevisionName is set. This field defaults to true otherwise. If the field is set to true on Status, this means that the Revision was resolved from the Service's latest ready revision." + } + } + }, + "DomainMappingSpec": { + "description": "The desired state of the Domain Mapping.", + "properties": { + "forceOverride": { + "description": "If set, the mapping will override any mapping set before this spec was set. It is recommended that the user leaves this empty to receive an error warning about a potential conflict and only set it once the respective UI has given such a warning.", + "type": "boolean" + }, + "certificateMode": { + "enumDescriptions": [ + "", + "Do not provision an HTTPS certificate.", + "Automatically provisions an HTTPS certificate via GoogleCA." + ], + "type": "string", + "enum": [ + "CERTIFICATE_MODE_UNSPECIFIED", + "NONE", + "AUTOMATIC" + ], + "description": "The mode of the certificate." + }, + "routeName": { + "description": "The name of the Knative Route that this DomainMapping applies to. The route must exist.", + "type": "string" + } + }, + "type": "object", + "id": "DomainMappingSpec" + }, + "KeyToPath": { + "description": "Maps a string key to a path within a volume.", + "id": "KeyToPath", + "properties": { + "path": { + "description": "The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "type": "string" + }, + "key": { + "type": "string", + "description": "The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. The key to project." + }, + "mode": { + "type": "integer", + "description": "(Optional) Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "format": "int32" + } + }, + "type": "object" + }, + "RevisionStatus": { + "id": "RevisionStatus", + "properties": { + "logUrl": { + "description": "Optional. Specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config.", + "type": "string" + }, + "imageDigest": { + "description": "ImageDigest holds the resolved digest for the image specified within .Spec.Container.Image. The digest is resolved during the creation of Revision. This field holds the digest value regardless of whether a tag or digest was originally specified in the Container object.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the 'Generation' of the Revision that was last processed by the controller. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation, and the Ready condition's status is True or False.", + "format": "int32", + "type": "integer" + }, + "conditions": { + "description": "Conditions communicate information about ongoing/complete reconciliation processes that bring the \"spec\" inline with the observed state of the world. As a Revision is being prepared, it will incrementally update conditions. Revision-specific conditions include: * `ResourcesAvailable`: `True` when underlying resources have been provisioned. * `ContainerHealthy`: `True` when the Revision readiness check completes. * `Active`: `True` when the Revision may receive traffic.", + "items": { + "$ref": "#/definitions/GoogleCloudRunV1Condition" + }, + "type": "array" + }, + "serviceName": { + "type": "string", + "description": "Not currently used by Cloud Run." + } + }, + "type": "object", + "description": "RevisionStatus communicates the observed state of the Revision (from the controller)." + }, + "StatusDetails": { + "properties": { + "group": { + "description": "The group attribute of the resource associated with the status StatusReason.", + "type": "string" + }, + "retryAfterSeconds": { + "format": "int32", + "type": "integer", + "description": "If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action." + }, + "name": { + "type": "string", + "description": "The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described)." + }, + "kind": { + "type": "string", + "description": "The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind." + }, + "causes": { + "description": "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.", + "type": "array", + "items": { + "$ref": "#/definitions/StatusCause" + } + }, + "uid": { + "type": "string", + "description": "UID of the resource. (when there is a single resource which can be described)." + } + }, + "type": "object", + "id": "StatusDetails", + "description": "StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined." + }, + "SecretVolumeSource": { + "type": "object", + "properties": { + "secretName": { + "description": "The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. Name of the secret in the container's namespace to use.", + "type": "string" + }, + "items": { + "items": { + "$ref": "#/definitions/KeyToPath" + }, + "type": "array", + "description": "A list of secret versions to mount in the volume. If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path." + }, + "defaultMode": { + "type": "integer", + "format": "int32", + "description": "Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + }, + "optional": { + "type": "boolean", + "description": "Not supported by Cloud Run." + } + }, + "description": "A volume representing a secret stored in Google Secret Manager. The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name. The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names.", + "id": "SecretVolumeSource" + }, + "HTTPGetAction": { + "properties": { + "scheme": { + "type": "string", + "description": "Not supported by Cloud Run." + }, + "host": { + "type": "string", + "description": "Not supported by Cloud Run." + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "type": "integer", + "description": "Port number to access on the container. Number must be in the range 1 to 65535.", + "format": "int32" + }, + "httpHeaders": { + "items": { + "$ref": "#/definitions/HTTPHeader" + }, + "type": "array", + "description": "Custom headers to set in the request. HTTP allows repeated headers." + } + }, + "description": "HTTPGetAction describes an action based on HTTP Get requests.", + "type": "object", + "id": "HTTPGetAction" + }, + "EnvVarSource": { + "type": "object", + "description": "EnvVarSource represents a source for the value of an EnvVar.", + "properties": { + "secretKeyRef": { + "description": "Selects a key (version) of a secret in Secret Manager.", + "$ref": "#/definitions/SecretKeySelector" + }, + "configMapKeyRef": { + "$ref": "#/definitions/ConfigMapKeySelector", + "description": "Not supported by Cloud Run. Not supported in Cloud Run." + } + }, + "id": "EnvVarSource" + }, + "SecretKeySelector": { + "type": "object", + "description": "SecretKeySelector selects a key of a Secret.", + "id": "SecretKeySelector", + "properties": { + "localObjectReference": { + "description": "This field should not be used directly as it is meant to be inlined directly into the message. Use the \"name\" field instead.", + "$ref": "#/definitions/LocalObjectReference", + "deprecated": true + }, + "key": { + "type": "string", + "description": "Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias. The key of the secret to select from. Must be a valid secret key." + }, + "name": { + "type": "string", + "description": "The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects//secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation. The name of the secret in the pod's namespace to select from." + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined.", + "type": "boolean" + } + } + }, + "TaskTemplateSpec": { + "type": "object", + "description": "TaskTemplateSpec describes the data a task should have when created from a template.", + "id": "TaskTemplateSpec", + "properties": { + "spec": { + "description": "Optional. Specification of the desired behavior of the task.", + "$ref": "#/definitions/TaskSpec" + } + } + }, + "ListAuthorizedDomainsResponse": { + "type": "object", + "description": "A list of Authorized Domains.", + "id": "ListAuthorizedDomainsResponse", + "properties": { + "nextPageToken": { + "type": "string", + "description": "Continuation token for fetching the next page of results." + }, + "domains": { + "description": "The authorized domains belonging to the user.", + "items": { + "$ref": "#/definitions/AuthorizedDomain" + }, + "type": "array" + } + } + }, + "AuditLogConfig": { + "id": "AuditLogConfig", + "properties": { + "logType": { + "enum": [ + "LOG_TYPE_UNSPECIFIED", + "ADMIN_READ", + "DATA_WRITE", + "DATA_READ" + ], + "description": "The log type that this config enables.", + "enumDescriptions": [ + "Default case. Should never be this.", + "Admin reads. Example: CloudIAM getIamPolicy", + "Data writes. Example: CloudSQL Users create", + "Data reads. Example: CloudSQL Users list" + ], + "type": "string" + }, + "exemptedMembers": { + "description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.", + "type": "object" + }, + "Container": { + "properties": { + "env": { + "type": "array", + "description": "List of environment variables to set in the container. EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one.", + "items": { + "$ref": "#/definitions/EnvVar" + } + }, + "args": { + "items": { + "type": "string" + }, + "description": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run.", + "type": "array" + }, + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "readinessProbe": { + "$ref": "#/definitions/Probe", + "description": "Not supported by Cloud Run." + }, + "resources": { + "$ref": "#/definitions/ResourceRequirements", + "description": "Compute Resources required by this container." + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run.", + "items": { + "type": "string" + }, + "type": "array" + }, + "livenessProbe": { + "$ref": "#/definitions/Probe", + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails." + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL (RFC 1123).", + "type": "string" + }, + "securityContext": { + "$ref": "#/definitions/SecurityContext", + "description": "Not supported by Cloud Run." + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + "type": "string" + }, + "terminationMessagePath": { + "type": "string", + "description": "Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log." + }, + "ports": { + "items": { + "$ref": "#/definitions/ContainerPort" + }, + "description": "List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on.", + "type": "array" + }, + "image": { + "description": "Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed.", + "type": "string" + }, + "workingDir": { + "type": "string", + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image." + }, + "volumeMounts": { + "description": "Volume to mount into the container's filesystem. Only supports SecretVolumeSources. Pod volumes to mount into the container's filesystem.", + "type": "array", + "items": { + "$ref": "#/definitions/VolumeMount" + } + }, + "startupProbe": { + "description": "Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used.", + "$ref": "#/definitions/Probe" + }, + "envFrom": { + "type": "array", + "description": "Not supported by Cloud Run.", + "items": { + "$ref": "#/definitions/EnvFromSource" + } + } + }, + "type": "object", + "description": "A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime.", + "id": "Container" + }, + "Addressable": { + "properties": { + "url": { + "type": "string" + } + }, + "id": "Addressable", + "description": "Information for connecting over HTTP(s).", + "type": "object" + }, + "DomainMapping": { + "properties": { + "status": { + "description": "The current status of the DomainMapping.", + "$ref": "#/definitions/DomainMappingStatus" + }, + "metadata": { + "$ref": "#/definitions/ObjectMeta", + "description": "Metadata associated with this BuildTemplate." + }, + "apiVersion": { + "type": "string", + "description": "The API version for this call such as \"domains.cloudrun.com/v1\"." + }, + "spec": { + "description": "The spec for this DomainMapping.", + "$ref": "#/definitions/DomainMappingSpec" + }, + "kind": { + "description": "The kind of resource, in this case \"DomainMapping\".", + "type": "string" + } + }, + "description": "Resource to hold the state and status of a user's domain mapping. NOTE: This resource is currently in Beta.", + "id": "DomainMapping", + "type": "object" + }, + "OwnerReference": { + "id": "OwnerReference", + "properties": { + "apiVersion": { + "type": "string", + "description": "This is not supported or used by Cloud Run." + }, + "controller": { + "description": "This is not supported or used by Cloud Run.", + "type": "boolean" + }, + "blockOwnerDeletion": { + "description": "This is not supported or used by Cloud Run.", + "type": "boolean" + }, + "name": { + "type": "string", + "description": "This is not supported or used by Cloud Run." + }, + "kind": { + "type": "string", + "description": "This is not supported or used by Cloud Run." + }, + "uid": { + "description": "This is not supported or used by Cloud Run.", + "type": "string" + } + }, + "description": "This is not supported or used by Cloud Run.", + "type": "object" + }, + "RouteSpec": { + "description": "RouteSpec holds the desired state of the Route (from the client).", + "type": "object", + "id": "RouteSpec", + "properties": { + "traffic": { + "description": "Traffic specifies how to distribute traffic over a collection of Knative Revisions and Configurations. Cloud Run currently supports a single configurationName.", + "type": "array", + "items": { + "$ref": "#/definitions/TrafficTarget" + } + } + } + }, + "Route": { + "type": "object", + "properties": { + "metadata": { + "$ref": "#/definitions/ObjectMeta", + "description": "Metadata associated with this Route, including name, namespace, labels, and annotations." + }, + "kind": { + "description": "The kind of this resource, in this case always \"Route\".", + "type": "string" + }, + "apiVersion": { + "type": "string", + "description": "The API version for this call such as \"serving.knative.dev/v1\"." + }, + "spec": { + "$ref": "#/definitions/RouteSpec", + "description": "Spec holds the desired state of the Route (from the client)." + }, + "status": { + "description": "Status communicates the observed state of the Route (from the controller).", + "$ref": "#/definitions/RouteStatus" + } + }, + "id": "Route", + "description": "Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for \"latest ready\" revision changes, and smoothly rolling out latest revisions. Cloud Run currently supports referencing a single Configuration to automatically deploy the \"latest ready\" Revision from that Configuration." + }, + "AuditConfig": { + "id": "AuditConfig", + "type": "object", + "description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.", + "properties": { + "service": { + "description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.", + "type": "string" + }, + "auditLogConfigs": { + "description": "The configuration for logging of each type of permission.", + "type": "array", + "items": { + "$ref": "#/definitions/AuditLogConfig" + } + } + } + }, + "ListLocationsResponse": { + "id": "ListLocationsResponse", + "type": "object", + "description": "The response message for Locations.ListLocations.", + "properties": { + "nextPageToken": { + "description": "The standard List next-page token.", + "type": "string" + }, + "locations": { + "type": "array", + "description": "A list of locations that matches the specified filter in the request.", + "items": { + "$ref": "#/definitions/Location" + } + } + } + }, + "TCPSocketAction": { + "id": "TCPSocketAction", + "description": "TCPSocketAction describes an action based on opening a socket", + "type": "object", + "properties": { + "host": { + "description": "Not supported by Cloud Run.", + "type": "string" + }, + "port": { + "description": "Port number to access on the container. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + } + } + }, + "Binding": { + "type": "object", + "description": "Associates `members`, or principals, with a `role`.", + "properties": { + "role": { + "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.", + "type": "string" + }, + "members": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding." + }, + "condition": { + "$ref": "#/definitions/Expr", + "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." + } + }, + "id": "Binding" + }, + "ListRevisionsResponse": { + "description": "ListRevisionsResponse is a list of Revision resources.", + "id": "ListRevisionsResponse", + "properties": { + "kind": { + "type": "string", + "description": "The kind of this resource, in this case \"RevisionList\"." + }, + "unreachable": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Locations that could not be reached." + }, + "metadata": { + "description": "Metadata associated with this revision list.", + "$ref": "#/definitions/ListMeta" + }, + "apiVersion": { + "description": "The API version for this call such as \"serving.knative.dev/v1\".", + "type": "string" + }, + "items": { + "type": "array", + "description": "List of Revisions.", + "items": { + "$ref": "#/definitions/Revision" + } + } + }, + "type": "object" + }, + "HTTPHeader": { + "id": "HTTPHeader", + "properties": { + "name": { + "type": "string", + "description": "Required. The header field name" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "type": "object" + }, + "RevisionSpec": { + "description": "RevisionSpec holds the desired state of the Revision (from the client).", + "id": "RevisionSpec", + "type": "object", + "properties": { + "volumes": { + "items": { + "$ref": "#/definitions/Volume" + }, + "type": "array" + }, + "imagePullSecrets": { + "items": { + "$ref": "#/definitions/LocalObjectReference" + }, + "type": "array", + "description": "Not supported by Cloud Run." + }, + "timeoutSeconds": { + "type": "integer", + "format": "int32", + "description": "TimeoutSeconds holds the max duration the instance is allowed for responding to a request. Cloud Run: defaults to 300 seconds (5 minutes). Maximum allowed value is 3600 seconds (1 hour)." + }, + "containerConcurrency": { + "type": "integer", + "description": "ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container instance of the Revision. If not specified, defaults to 80.", + "format": "int32" + }, + "serviceAccountName": { + "type": "string", + "description": "Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account." + }, + "enableServiceLinks": { + "type": "boolean", + "description": "Not supported by Cloud Run." + }, + "containers": { + "description": "Containers holds the single container that defines the unit of execution for this Revision. In the context of a Revision, we disallow a number of fields on this Container, including: name and lifecycle. In Cloud Run, only a single container may be provided.", + "items": { + "$ref": "#/definitions/Container" + }, + "type": "array", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + } + }, + "ListConfigurationsResponse": { + "description": "ListConfigurationsResponse is a list of Configuration resources.", + "type": "object", + "id": "ListConfigurationsResponse", + "properties": { + "apiVersion": { + "type": "string", + "description": "The API version for this call such as \"serving.knative.dev/v1\"." + }, + "kind": { + "type": "string", + "description": "The kind of this resource, in this case \"ConfigurationList\"." + }, + "metadata": { + "description": "Metadata associated with this Configuration list.", + "$ref": "#/definitions/ListMeta" + }, + "items": { + "items": { + "$ref": "#/definitions/Configuration" + }, + "description": "List of Configurations.", + "type": "array" + }, + "unreachable": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Locations that could not be reached." + } + } + }, + "ServiceSpec": { + "type": "object", + "description": "ServiceSpec holds the desired state of the Route (from the client), which is used to manipulate the underlying Route and Configuration(s).", + "properties": { + "traffic": { + "description": "Specifies how to distribute traffic over a collection of Knative Revisions and Configurations to the Service's main URL.", + "type": "array", + "items": { + "$ref": "#/definitions/TrafficTarget" + } + }, + "template": { + "$ref": "#/definitions/RevisionTemplate", + "description": "Holds the latest specification for the Revision to be stamped out." + } + }, + "id": "ServiceSpec" + }, + "EmptyDirVolumeSource": { + "properties": { + "sizeLimit": { + "type": "string", + "description": "Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir" + }, + "medium": { + "type": "string", + "description": "The medium on which the data is stored. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" + } + }, + "type": "object", + "description": "In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs).", + "id": "EmptyDirVolumeSource" + }, + "Task": { + "description": "Task represents a single run of a container to completion.", + "id": "Task", + "type": "object", + "properties": { + "spec": { + "description": "Optional. Specification of the desired behavior of a task.", + "$ref": "#/definitions/TaskSpec" + }, + "apiVersion": { + "description": "Optional. APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values.", + "type": "string" + }, + "kind": { + "type": "string", + "description": "Optional. Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase." + }, + "metadata": { + "description": "Optional. Standard object's metadata.", + "$ref": "#/definitions/ObjectMeta" + }, + "status": { + "$ref": "#/definitions/TaskStatus", + "readOnly": true, + "description": "Output only. Current status of a task." + } + } + }, + "TestIamPermissionsResponse": { + "id": "TestIamPermissionsResponse", + "type": "object", + "properties": { + "permissions": { + "description": "A subset of `TestPermissionsRequest.permissions` that the caller is allowed.", + "type": "array", + "items": { + "type": "string" + } + } + }, + "description": "Response message for `TestIamPermissions` method." + }, + "ListTasksResponse": { + "properties": { + "apiVersion": { + "type": "string", + "description": "The API version for this call such as \"run.googleapis.com/v1\"." + }, + "kind": { + "type": "string", + "description": "The kind of this resource, in this case \"TasksList\"." + }, + "metadata": { + "description": "Metadata associated with this tasks list.", + "$ref": "#/definitions/ListMeta" + }, + "items": { + "type": "array", + "description": "List of Tasks.", + "items": { + "$ref": "#/definitions/Task" + } + }, + "unreachable": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Locations that could not be reached." + } + }, + "id": "ListTasksResponse", + "type": "object", + "description": "ListTasksResponse is a list of Tasks resources." + }, + "ListDomainMappingsResponse": { + "id": "ListDomainMappingsResponse", + "properties": { + "metadata": { + "$ref": "#/definitions/ListMeta", + "description": "Metadata associated with this DomainMapping list." + }, + "items": { + "items": { + "$ref": "#/definitions/DomainMapping" + }, + "description": "List of DomainMappings.", + "type": "array" + }, + "unreachable": { + "items": { + "type": "string" + }, + "type": "array", + "description": "Locations that could not be reached." + }, + "kind": { + "description": "The kind of this resource, in this case \"DomainMappingList\".", + "type": "string" + }, + "apiVersion": { + "description": "The API version for this call such as \"domains.cloudrun.com/v1\".", + "type": "string" + } + }, + "type": "object", + "description": "ListDomainMappingsResponse is a list of DomainMapping resources." + }, + "DomainMappingStatus": { + "description": "The current state of the Domain Mapping.", + "type": "object", + "properties": { + "observedGeneration": { + "format": "int32", + "type": "integer", + "description": "ObservedGeneration is the 'Generation' of the DomainMapping that was last processed by the controller. Clients polling for completed reconciliation should poll until observedGeneration = metadata.generation and the Ready condition's status is True or False." + }, + "resourceRecords": { + "items": { + "$ref": "#/definitions/ResourceRecord" + }, + "type": "array", + "description": "The resource records required to configure this domain mapping. These records must be added to the domain's DNS configuration in order to serve the application via this domain mapping." + }, + "mappedRouteName": { + "description": "The name of the route that the mapping currently points to.", + "type": "string" + }, + "url": { + "type": "string", + "description": "Optional. Not supported by Cloud Run." + }, + "conditions": { + "description": "Array of observed DomainMappingConditions, indicating the current state of the DomainMapping.", + "items": { + "$ref": "#/definitions/GoogleCloudRunV1Condition" + }, + "type": "array" + } + }, + "id": "DomainMappingStatus" + }, + "Location": { + "properties": { + "displayName": { + "type": "string", + "description": "The friendly name for this location, typically a nearby city name. For example, \"Tokyo\"." + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Cross-service attributes for the location. For example {\"cloud.googleapis.com/region\": \"us-east1\"}" + }, + "locationId": { + "type": "string", + "description": "The canonical id for this location. For example: `\"us-east1\"`." + }, + "name": { + "type": "string", + "description": "Resource name for the location, which may vary between implementations. For example: `\"projects/example-project/locations/us-east1\"`" + }, + "metadata": { + "type": "object", + "description": "Service-specific metadata. For example the available capacity at the given location.", + "additionalProperties": { + "description": "Properties of the object. Contains field @type with type URL.", + "type": [ + "number", + "string", + "boolean", + "object", + "array", + "null" + ] + } + } + }, + "id": "Location", + "description": "A resource that represents a Google Cloud location.", + "type": "object" + }, + "AuthorizedDomain": { + "properties": { + "name": { + "deprecated": true, + "type": "string", + "description": "Deprecated Read only. Full path to the `AuthorizedDomain` resource in the API. Example: `projects/myproject/authorizedDomains/example.com`." + }, + "id": { + "type": "string", + "description": "Relative name of the domain authorized for use. Example: `example.com`." + } + }, + "description": "A domain that a user has been authorized to administer. To authorize use of a domain, verify ownership via [Search Console](https://search.google.com/search-console/welcome).", + "type": "object", + "id": "AuthorizedDomain" + }, + "ConfigMapVolumeSource": { + "description": "Not supported by Cloud Run. Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths.", + "id": "ConfigMapVolumeSource", + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer", + "description": "(Optional) Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." + }, + "items": { + "description": "(Optional) If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional.", + "type": "array", + "items": { + "$ref": "#/definitions/KeyToPath" + } + }, + "optional": { + "type": "boolean", + "description": "(Optional) Specify whether the Secret or its keys must be defined." + }, + "name": { + "type": "string", + "description": "Name of the config." + } + }, + "type": "object" + }, + "JobSpec": { + "description": "JobSpec describes how the job will look.", + "id": "JobSpec", + "type": "object", + "properties": { + "template": { + "$ref": "#/definitions/ExecutionTemplateSpec", + "description": "Optional. Describes the execution that will be created when running a job." + } + } + }, + "GRPCAction": { + "type": "object", + "description": "GRPCAction describes an action involving a GRPC port.", + "id": "GRPCAction", + "properties": { + "service": { + "type": "string", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC." + }, + "port": { + "type": "integer", + "format": "int32", + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535." + } + } + } + }, + "$schema": "http://json-schema.org/schema#" +} \ No newline at end of file diff --git a/skylib/runfile.bzl b/skylib/runfile.bzl new file mode 100644 index 00000000..1814db08 --- /dev/null +++ b/skylib/runfile.bzl @@ -0,0 +1,9 @@ +def runfile(ctx, f): + """Return the runfiles relative path of f.""" + if ctx.workspace_name: + return ctx.workspace_name + "/" + f.short_path + else: + return f.short_path + +def get_runfile_path(ctx, f): + return "${RUNFILES}/%s" % runfile(ctx, f) diff --git a/skylib/stamp.bzl b/skylib/stamp.bzl index 41640d33..69739718 100644 --- a/skylib/stamp.bzl +++ b/skylib/stamp.bzl @@ -9,7 +9,7 @@ # governing permissions and limitations under the License. load( - "@io_bazel_rules_docker//skylib:path.bzl", + "//skylib:runfile.bzl", "runfile", ) diff --git a/skylib/tests/cloudrun/BUILD.bazel b/skylib/tests/cloudrun/BUILD.bazel new file mode 100644 index 00000000..04287dc3 --- /dev/null +++ b/skylib/tests/cloudrun/BUILD.bazel @@ -0,0 +1,26 @@ +load("@rules_gitops//gitops:defs.bzl", "external_image", "k8s_deploy") +load("@aspect_bazel_lib//lib:write_source_files.bzl", "write_source_files") + +external_image( + name = "image", + digest = "sha:1234567890123", + image = "gcr.io/repo/someimage:thetag", +) + +k8s_deploy( + name = "prod", + gitops = False, + manifests = ["run.yaml"], + namespace = "cloudrun_project", + images = [":image"], + openapi_path = "//skylib:run_schema.json", + patches = ["run_patch.yaml"], +) + +write_source_files( + name = "expected_results", + files = { + # Do not use .yaml extension for the expected results files to avoid picking up by the k8s_deploy's glob() + "prod_expected.txt": ":prod", + }, +) diff --git a/skylib/tests/cloudrun/prod_expected.txt b/skylib/tests/cloudrun/prod_expected.txt new file mode 100644 index 00000000..9a3f6c89 --- /dev/null +++ b/skylib/tests/cloudrun/prod_expected.txt @@ -0,0 +1,38 @@ +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + annotations: + run.googleapis.com/ingress: all + run.googleapis.com/ingress-status: all + labels: + cloud.googleapis.com/location: us-central1 + name: webhook + namespace: cloudrun_project +spec: + template: + metadata: + annotations: + autoscaling.knative.dev/maxScale: "5" + autoscaling.knative.dev/minScale: "1" + run.googleapis.com/execution-environment: gen1 + spec: + containerConcurrency: 80 + containers: + - args: + - --app_id=309678 + - --measurement=ASDFGH + - --app_name=prodapp + - --api_key=WhatDidYouWantToSeeHere + image: gcr.io/repo/someimage@sha:1234567890123 + name: main + ports: + - containerPort: 8080 + name: http1 + resources: + limits: + cpu: 1000m + memory: 256Mi + timeoutSeconds: 10 + traffic: + - latestRevision: true + percent: 100 diff --git a/skylib/tests/cloudrun/run.yaml b/skylib/tests/cloudrun/run.yaml new file mode 100644 index 00000000..0ba1243d --- /dev/null +++ b/skylib/tests/cloudrun/run.yaml @@ -0,0 +1,34 @@ +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: webhook + labels: + cloud.googleapis.com/location: us-central1 + annotations: + run.googleapis.com/ingress: all + run.googleapis.com/ingress-status: all +spec: + template: + metadata: + annotations: + autoscaling.knative.dev/minScale: 0 + run.googleapis.com/execution-environment: gen1 + autoscaling.knative.dev/maxScale: 1 + spec: + containerConcurrency: 80 + timeoutSeconds: 10 + containers: + - name: main + image: //skylib/tests/cloudrun:image + args: + - --always_sample + ports: + - name: http1 + containerPort: 8080 + resources: + limits: + cpu: 1000m + memory: 256Mi + traffic: + - percent: 100 + latestRevision: true diff --git a/skylib/tests/cloudrun/run_patch.yaml b/skylib/tests/cloudrun/run_patch.yaml new file mode 100644 index 00000000..88fe2b3c --- /dev/null +++ b/skylib/tests/cloudrun/run_patch.yaml @@ -0,0 +1,18 @@ +apiVersion: serving.knative.dev/v1 +kind: Service +metadata: + name: webhook +spec: + template: + metadata: + annotations: + autoscaling.knative.dev/minScale: '1' + autoscaling.knative.dev/maxScale: '5' + spec: + containers: + - name: main + args: + - --app_id=309678 + - --measurement=ASDFGH + - --app_name=prodapp + - --api_key=WhatDidYouWantToSeeHere diff --git a/vendor/golang.org/x/sys/windows/BUILD b/vendor/golang.org/x/sys/windows/BUILD index 7d1f28e4..6399987f 100644 --- a/vendor/golang.org/x/sys/windows/BUILD +++ b/vendor/golang.org/x/sys/windows/BUILD @@ -22,6 +22,7 @@ go_library( "types_windows_386.go", "types_windows_amd64.go", "types_windows_arm.go", + "types_windows_arm64.go", "zerrors_windows.go", "zknownfolderids_windows.go", "zsyscall_windows.go", diff --git a/vendor/modules.txt b/vendor/modules.txt new file mode 100644 index 00000000..2a7547a9 --- /dev/null +++ b/vendor/modules.txt @@ -0,0 +1,572 @@ +# github.com/davecgh/go-spew v1.1.1 +## explicit +github.com/davecgh/go-spew/spew +# github.com/emicklei/go-restful/v3 v3.10.1 +## explicit; go 1.13 +github.com/emicklei/go-restful/v3 +github.com/emicklei/go-restful/v3/log +# github.com/ghodss/yaml v1.0.0 +## explicit +github.com/ghodss/yaml +# github.com/go-logr/logr v1.2.3 +## explicit; go 1.16 +github.com/go-logr/logr +# github.com/go-openapi/jsonpointer v0.19.6 +## explicit; go 1.13 +github.com/go-openapi/jsonpointer +# github.com/go-openapi/jsonreference v0.20.2 +## explicit; go 1.13 +github.com/go-openapi/jsonreference +github.com/go-openapi/jsonreference/internal +# github.com/go-openapi/swag v0.22.3 +## explicit; go 1.18 +github.com/go-openapi/swag +# github.com/gogo/protobuf v1.3.2 +## explicit; go 1.15 +github.com/gogo/protobuf/proto +github.com/gogo/protobuf/sortkeys +# github.com/golang/protobuf v1.5.2 +## explicit; go 1.9 +github.com/golang/protobuf/proto +github.com/golang/protobuf/ptypes +github.com/golang/protobuf/ptypes/any +github.com/golang/protobuf/ptypes/duration +github.com/golang/protobuf/ptypes/timestamp +# github.com/google/gnostic v0.6.9 +## explicit; go 1.12 +github.com/google/gnostic/compiler +github.com/google/gnostic/extensions +github.com/google/gnostic/jsonschema +github.com/google/gnostic/openapiv2 +github.com/google/gnostic/openapiv3 +# github.com/google/go-cmp v0.5.9 +## explicit; go 1.13 +github.com/google/go-cmp/cmp +github.com/google/go-cmp/cmp/internal/diff +github.com/google/go-cmp/cmp/internal/flags +github.com/google/go-cmp/cmp/internal/function +github.com/google/go-cmp/cmp/internal/value +# github.com/google/go-github/v32 v32.1.0 +## explicit; go 1.13 +github.com/google/go-github/v32/github +# github.com/google/go-querystring v1.1.0 +## explicit; go 1.10 +github.com/google/go-querystring/query +# github.com/google/gofuzz v1.2.0 +## explicit; go 1.12 +github.com/google/gofuzz +github.com/google/gofuzz/bytesource +# github.com/hashicorp/go-cleanhttp v0.5.2 +## explicit; go 1.13 +github.com/hashicorp/go-cleanhttp +# github.com/hashicorp/go-retryablehttp v0.7.2 +## explicit; go 1.13 +github.com/hashicorp/go-retryablehttp +# github.com/imdario/mergo v0.3.13 +## explicit; go 1.13 +github.com/imdario/mergo +# github.com/josharian/intern v1.0.0 +## explicit; go 1.5 +github.com/josharian/intern +# github.com/json-iterator/go v1.1.12 +## explicit; go 1.12 +github.com/json-iterator/go +# github.com/mailru/easyjson v0.7.7 +## explicit; go 1.12 +github.com/mailru/easyjson/buffer +github.com/mailru/easyjson/jlexer +github.com/mailru/easyjson/jwriter +# github.com/moby/spdystream v0.2.0 +## explicit; go 1.13 +github.com/moby/spdystream +github.com/moby/spdystream/spdy +# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd +## explicit +github.com/modern-go/concurrent +# github.com/modern-go/reflect2 v1.0.2 +## explicit; go 1.12 +github.com/modern-go/reflect2 +# github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 +## explicit +github.com/munnerz/goautoneg +# github.com/spf13/pflag v1.0.5 +## explicit; go 1.12 +github.com/spf13/pflag +# github.com/xanzy/go-gitlab v0.80.2 +## explicit; go 1.18 +github.com/xanzy/go-gitlab +# golang.org/x/crypto v0.6.0 +## explicit; go 1.17 +golang.org/x/crypto/cast5 +golang.org/x/crypto/openpgp +golang.org/x/crypto/openpgp/armor +golang.org/x/crypto/openpgp/elgamal +golang.org/x/crypto/openpgp/errors +golang.org/x/crypto/openpgp/packet +golang.org/x/crypto/openpgp/s2k +# golang.org/x/net v0.7.0 +## explicit; go 1.17 +golang.org/x/net/context +golang.org/x/net/http/httpguts +golang.org/x/net/http2 +golang.org/x/net/http2/hpack +golang.org/x/net/idna +golang.org/x/net/internal/socks +golang.org/x/net/proxy +# golang.org/x/oauth2 v0.5.0 +## explicit; go 1.17 +golang.org/x/oauth2 +golang.org/x/oauth2/internal +# golang.org/x/sys v0.5.0 +## explicit; go 1.17 +golang.org/x/sys/internal/unsafeheader +golang.org/x/sys/plan9 +golang.org/x/sys/unix +golang.org/x/sys/windows +# golang.org/x/term v0.5.0 +## explicit; go 1.17 +golang.org/x/term +# golang.org/x/text v0.7.0 +## explicit; go 1.17 +golang.org/x/text/secure/bidirule +golang.org/x/text/transform +golang.org/x/text/unicode/bidi +golang.org/x/text/unicode/norm +# golang.org/x/time v0.3.0 +## explicit +golang.org/x/time/rate +# google.golang.org/appengine v1.6.7 +## explicit; go 1.11 +google.golang.org/appengine/internal +google.golang.org/appengine/internal/base +google.golang.org/appengine/internal/datastore +google.golang.org/appengine/internal/log +google.golang.org/appengine/internal/remote_api +google.golang.org/appengine/internal/urlfetch +google.golang.org/appengine/urlfetch +# google.golang.org/protobuf v1.28.1 +## explicit; go 1.11 +google.golang.org/protobuf/encoding/prototext +google.golang.org/protobuf/encoding/protowire +google.golang.org/protobuf/internal/descfmt +google.golang.org/protobuf/internal/descopts +google.golang.org/protobuf/internal/detrand +google.golang.org/protobuf/internal/encoding/defval +google.golang.org/protobuf/internal/encoding/messageset +google.golang.org/protobuf/internal/encoding/tag +google.golang.org/protobuf/internal/encoding/text +google.golang.org/protobuf/internal/errors +google.golang.org/protobuf/internal/filedesc +google.golang.org/protobuf/internal/filetype +google.golang.org/protobuf/internal/flags +google.golang.org/protobuf/internal/genid +google.golang.org/protobuf/internal/impl +google.golang.org/protobuf/internal/order +google.golang.org/protobuf/internal/pragma +google.golang.org/protobuf/internal/set +google.golang.org/protobuf/internal/strs +google.golang.org/protobuf/internal/version +google.golang.org/protobuf/proto +google.golang.org/protobuf/reflect/protodesc +google.golang.org/protobuf/reflect/protoreflect +google.golang.org/protobuf/reflect/protoregistry +google.golang.org/protobuf/runtime/protoiface +google.golang.org/protobuf/runtime/protoimpl +google.golang.org/protobuf/types/descriptorpb +google.golang.org/protobuf/types/known/anypb +google.golang.org/protobuf/types/known/durationpb +google.golang.org/protobuf/types/known/timestamppb +# gopkg.in/inf.v0 v0.9.1 +## explicit +gopkg.in/inf.v0 +# gopkg.in/yaml.v2 v2.4.0 +## explicit; go 1.15 +gopkg.in/yaml.v2 +# gopkg.in/yaml.v3 v3.0.1 +## explicit +gopkg.in/yaml.v3 +# k8s.io/api v0.26.1 +## explicit; go 1.19 +k8s.io/api/admissionregistration/v1 +k8s.io/api/admissionregistration/v1alpha1 +k8s.io/api/admissionregistration/v1beta1 +k8s.io/api/apidiscovery/v2beta1 +k8s.io/api/apiserverinternal/v1alpha1 +k8s.io/api/apps/v1 +k8s.io/api/apps/v1beta1 +k8s.io/api/apps/v1beta2 +k8s.io/api/authentication/v1 +k8s.io/api/authentication/v1alpha1 +k8s.io/api/authentication/v1beta1 +k8s.io/api/authorization/v1 +k8s.io/api/authorization/v1beta1 +k8s.io/api/autoscaling/v1 +k8s.io/api/autoscaling/v2 +k8s.io/api/autoscaling/v2beta1 +k8s.io/api/autoscaling/v2beta2 +k8s.io/api/batch/v1 +k8s.io/api/batch/v1beta1 +k8s.io/api/certificates/v1 +k8s.io/api/certificates/v1beta1 +k8s.io/api/coordination/v1 +k8s.io/api/coordination/v1beta1 +k8s.io/api/core/v1 +k8s.io/api/discovery/v1 +k8s.io/api/discovery/v1beta1 +k8s.io/api/events/v1 +k8s.io/api/events/v1beta1 +k8s.io/api/extensions/v1beta1 +k8s.io/api/flowcontrol/v1alpha1 +k8s.io/api/flowcontrol/v1beta1 +k8s.io/api/flowcontrol/v1beta2 +k8s.io/api/flowcontrol/v1beta3 +k8s.io/api/networking/v1 +k8s.io/api/networking/v1alpha1 +k8s.io/api/networking/v1beta1 +k8s.io/api/node/v1 +k8s.io/api/node/v1alpha1 +k8s.io/api/node/v1beta1 +k8s.io/api/policy/v1 +k8s.io/api/policy/v1beta1 +k8s.io/api/rbac/v1 +k8s.io/api/rbac/v1alpha1 +k8s.io/api/rbac/v1beta1 +k8s.io/api/resource/v1alpha1 +k8s.io/api/scheduling/v1 +k8s.io/api/scheduling/v1alpha1 +k8s.io/api/scheduling/v1beta1 +k8s.io/api/storage/v1 +k8s.io/api/storage/v1alpha1 +k8s.io/api/storage/v1beta1 +# k8s.io/apimachinery v0.26.1 +## explicit; go 1.19 +k8s.io/apimachinery/pkg/api/errors +k8s.io/apimachinery/pkg/api/meta +k8s.io/apimachinery/pkg/api/resource +k8s.io/apimachinery/pkg/apis/meta/internalversion +k8s.io/apimachinery/pkg/apis/meta/v1 +k8s.io/apimachinery/pkg/apis/meta/v1/unstructured +k8s.io/apimachinery/pkg/apis/meta/v1beta1 +k8s.io/apimachinery/pkg/conversion +k8s.io/apimachinery/pkg/conversion/queryparams +k8s.io/apimachinery/pkg/fields +k8s.io/apimachinery/pkg/labels +k8s.io/apimachinery/pkg/runtime +k8s.io/apimachinery/pkg/runtime/schema +k8s.io/apimachinery/pkg/runtime/serializer +k8s.io/apimachinery/pkg/runtime/serializer/json +k8s.io/apimachinery/pkg/runtime/serializer/protobuf +k8s.io/apimachinery/pkg/runtime/serializer/recognizer +k8s.io/apimachinery/pkg/runtime/serializer/streaming +k8s.io/apimachinery/pkg/runtime/serializer/versioning +k8s.io/apimachinery/pkg/selection +k8s.io/apimachinery/pkg/types +k8s.io/apimachinery/pkg/util/cache +k8s.io/apimachinery/pkg/util/diff +k8s.io/apimachinery/pkg/util/errors +k8s.io/apimachinery/pkg/util/framer +k8s.io/apimachinery/pkg/util/httpstream +k8s.io/apimachinery/pkg/util/httpstream/spdy +k8s.io/apimachinery/pkg/util/intstr +k8s.io/apimachinery/pkg/util/json +k8s.io/apimachinery/pkg/util/managedfields +k8s.io/apimachinery/pkg/util/naming +k8s.io/apimachinery/pkg/util/net +k8s.io/apimachinery/pkg/util/runtime +k8s.io/apimachinery/pkg/util/sets +k8s.io/apimachinery/pkg/util/validation +k8s.io/apimachinery/pkg/util/validation/field +k8s.io/apimachinery/pkg/util/wait +k8s.io/apimachinery/pkg/util/yaml +k8s.io/apimachinery/pkg/version +k8s.io/apimachinery/pkg/watch +k8s.io/apimachinery/third_party/forked/golang/netutil +k8s.io/apimachinery/third_party/forked/golang/reflect +# k8s.io/client-go v0.26.1 +## explicit; go 1.19 +k8s.io/client-go/applyconfigurations/admissionregistration/v1 +k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 +k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1 +k8s.io/client-go/applyconfigurations/apiserverinternal/v1alpha1 +k8s.io/client-go/applyconfigurations/apps/v1 +k8s.io/client-go/applyconfigurations/apps/v1beta1 +k8s.io/client-go/applyconfigurations/apps/v1beta2 +k8s.io/client-go/applyconfigurations/autoscaling/v1 +k8s.io/client-go/applyconfigurations/autoscaling/v2 +k8s.io/client-go/applyconfigurations/autoscaling/v2beta1 +k8s.io/client-go/applyconfigurations/autoscaling/v2beta2 +k8s.io/client-go/applyconfigurations/batch/v1 +k8s.io/client-go/applyconfigurations/batch/v1beta1 +k8s.io/client-go/applyconfigurations/certificates/v1 +k8s.io/client-go/applyconfigurations/certificates/v1beta1 +k8s.io/client-go/applyconfigurations/coordination/v1 +k8s.io/client-go/applyconfigurations/coordination/v1beta1 +k8s.io/client-go/applyconfigurations/core/v1 +k8s.io/client-go/applyconfigurations/discovery/v1 +k8s.io/client-go/applyconfigurations/discovery/v1beta1 +k8s.io/client-go/applyconfigurations/events/v1 +k8s.io/client-go/applyconfigurations/events/v1beta1 +k8s.io/client-go/applyconfigurations/extensions/v1beta1 +k8s.io/client-go/applyconfigurations/flowcontrol/v1alpha1 +k8s.io/client-go/applyconfigurations/flowcontrol/v1beta1 +k8s.io/client-go/applyconfigurations/flowcontrol/v1beta2 +k8s.io/client-go/applyconfigurations/flowcontrol/v1beta3 +k8s.io/client-go/applyconfigurations/internal +k8s.io/client-go/applyconfigurations/meta/v1 +k8s.io/client-go/applyconfigurations/networking/v1 +k8s.io/client-go/applyconfigurations/networking/v1alpha1 +k8s.io/client-go/applyconfigurations/networking/v1beta1 +k8s.io/client-go/applyconfigurations/node/v1 +k8s.io/client-go/applyconfigurations/node/v1alpha1 +k8s.io/client-go/applyconfigurations/node/v1beta1 +k8s.io/client-go/applyconfigurations/policy/v1 +k8s.io/client-go/applyconfigurations/policy/v1beta1 +k8s.io/client-go/applyconfigurations/rbac/v1 +k8s.io/client-go/applyconfigurations/rbac/v1alpha1 +k8s.io/client-go/applyconfigurations/rbac/v1beta1 +k8s.io/client-go/applyconfigurations/resource/v1alpha1 +k8s.io/client-go/applyconfigurations/scheduling/v1 +k8s.io/client-go/applyconfigurations/scheduling/v1alpha1 +k8s.io/client-go/applyconfigurations/scheduling/v1beta1 +k8s.io/client-go/applyconfigurations/storage/v1 +k8s.io/client-go/applyconfigurations/storage/v1alpha1 +k8s.io/client-go/applyconfigurations/storage/v1beta1 +k8s.io/client-go/discovery +k8s.io/client-go/informers +k8s.io/client-go/informers/admissionregistration +k8s.io/client-go/informers/admissionregistration/v1 +k8s.io/client-go/informers/admissionregistration/v1alpha1 +k8s.io/client-go/informers/admissionregistration/v1beta1 +k8s.io/client-go/informers/apiserverinternal +k8s.io/client-go/informers/apiserverinternal/v1alpha1 +k8s.io/client-go/informers/apps +k8s.io/client-go/informers/apps/v1 +k8s.io/client-go/informers/apps/v1beta1 +k8s.io/client-go/informers/apps/v1beta2 +k8s.io/client-go/informers/autoscaling +k8s.io/client-go/informers/autoscaling/v1 +k8s.io/client-go/informers/autoscaling/v2 +k8s.io/client-go/informers/autoscaling/v2beta1 +k8s.io/client-go/informers/autoscaling/v2beta2 +k8s.io/client-go/informers/batch +k8s.io/client-go/informers/batch/v1 +k8s.io/client-go/informers/batch/v1beta1 +k8s.io/client-go/informers/certificates +k8s.io/client-go/informers/certificates/v1 +k8s.io/client-go/informers/certificates/v1beta1 +k8s.io/client-go/informers/coordination +k8s.io/client-go/informers/coordination/v1 +k8s.io/client-go/informers/coordination/v1beta1 +k8s.io/client-go/informers/core +k8s.io/client-go/informers/core/v1 +k8s.io/client-go/informers/discovery +k8s.io/client-go/informers/discovery/v1 +k8s.io/client-go/informers/discovery/v1beta1 +k8s.io/client-go/informers/events +k8s.io/client-go/informers/events/v1 +k8s.io/client-go/informers/events/v1beta1 +k8s.io/client-go/informers/extensions +k8s.io/client-go/informers/extensions/v1beta1 +k8s.io/client-go/informers/flowcontrol +k8s.io/client-go/informers/flowcontrol/v1alpha1 +k8s.io/client-go/informers/flowcontrol/v1beta1 +k8s.io/client-go/informers/flowcontrol/v1beta2 +k8s.io/client-go/informers/flowcontrol/v1beta3 +k8s.io/client-go/informers/internalinterfaces +k8s.io/client-go/informers/networking +k8s.io/client-go/informers/networking/v1 +k8s.io/client-go/informers/networking/v1alpha1 +k8s.io/client-go/informers/networking/v1beta1 +k8s.io/client-go/informers/node +k8s.io/client-go/informers/node/v1 +k8s.io/client-go/informers/node/v1alpha1 +k8s.io/client-go/informers/node/v1beta1 +k8s.io/client-go/informers/policy +k8s.io/client-go/informers/policy/v1 +k8s.io/client-go/informers/policy/v1beta1 +k8s.io/client-go/informers/rbac +k8s.io/client-go/informers/rbac/v1 +k8s.io/client-go/informers/rbac/v1alpha1 +k8s.io/client-go/informers/rbac/v1beta1 +k8s.io/client-go/informers/resource +k8s.io/client-go/informers/resource/v1alpha1 +k8s.io/client-go/informers/scheduling +k8s.io/client-go/informers/scheduling/v1 +k8s.io/client-go/informers/scheduling/v1alpha1 +k8s.io/client-go/informers/scheduling/v1beta1 +k8s.io/client-go/informers/storage +k8s.io/client-go/informers/storage/v1 +k8s.io/client-go/informers/storage/v1alpha1 +k8s.io/client-go/informers/storage/v1beta1 +k8s.io/client-go/kubernetes +k8s.io/client-go/kubernetes/scheme +k8s.io/client-go/kubernetes/typed/admissionregistration/v1 +k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1 +k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1 +k8s.io/client-go/kubernetes/typed/apiserverinternal/v1alpha1 +k8s.io/client-go/kubernetes/typed/apps/v1 +k8s.io/client-go/kubernetes/typed/apps/v1beta1 +k8s.io/client-go/kubernetes/typed/apps/v1beta2 +k8s.io/client-go/kubernetes/typed/authentication/v1 +k8s.io/client-go/kubernetes/typed/authentication/v1alpha1 +k8s.io/client-go/kubernetes/typed/authentication/v1beta1 +k8s.io/client-go/kubernetes/typed/authorization/v1 +k8s.io/client-go/kubernetes/typed/authorization/v1beta1 +k8s.io/client-go/kubernetes/typed/autoscaling/v1 +k8s.io/client-go/kubernetes/typed/autoscaling/v2 +k8s.io/client-go/kubernetes/typed/autoscaling/v2beta1 +k8s.io/client-go/kubernetes/typed/autoscaling/v2beta2 +k8s.io/client-go/kubernetes/typed/batch/v1 +k8s.io/client-go/kubernetes/typed/batch/v1beta1 +k8s.io/client-go/kubernetes/typed/certificates/v1 +k8s.io/client-go/kubernetes/typed/certificates/v1beta1 +k8s.io/client-go/kubernetes/typed/coordination/v1 +k8s.io/client-go/kubernetes/typed/coordination/v1beta1 +k8s.io/client-go/kubernetes/typed/core/v1 +k8s.io/client-go/kubernetes/typed/discovery/v1 +k8s.io/client-go/kubernetes/typed/discovery/v1beta1 +k8s.io/client-go/kubernetes/typed/events/v1 +k8s.io/client-go/kubernetes/typed/events/v1beta1 +k8s.io/client-go/kubernetes/typed/extensions/v1beta1 +k8s.io/client-go/kubernetes/typed/flowcontrol/v1alpha1 +k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1 +k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta2 +k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta3 +k8s.io/client-go/kubernetes/typed/networking/v1 +k8s.io/client-go/kubernetes/typed/networking/v1alpha1 +k8s.io/client-go/kubernetes/typed/networking/v1beta1 +k8s.io/client-go/kubernetes/typed/node/v1 +k8s.io/client-go/kubernetes/typed/node/v1alpha1 +k8s.io/client-go/kubernetes/typed/node/v1beta1 +k8s.io/client-go/kubernetes/typed/policy/v1 +k8s.io/client-go/kubernetes/typed/policy/v1beta1 +k8s.io/client-go/kubernetes/typed/rbac/v1 +k8s.io/client-go/kubernetes/typed/rbac/v1alpha1 +k8s.io/client-go/kubernetes/typed/rbac/v1beta1 +k8s.io/client-go/kubernetes/typed/resource/v1alpha1 +k8s.io/client-go/kubernetes/typed/scheduling/v1 +k8s.io/client-go/kubernetes/typed/scheduling/v1alpha1 +k8s.io/client-go/kubernetes/typed/scheduling/v1beta1 +k8s.io/client-go/kubernetes/typed/storage/v1 +k8s.io/client-go/kubernetes/typed/storage/v1alpha1 +k8s.io/client-go/kubernetes/typed/storage/v1beta1 +k8s.io/client-go/listers/admissionregistration/v1 +k8s.io/client-go/listers/admissionregistration/v1alpha1 +k8s.io/client-go/listers/admissionregistration/v1beta1 +k8s.io/client-go/listers/apiserverinternal/v1alpha1 +k8s.io/client-go/listers/apps/v1 +k8s.io/client-go/listers/apps/v1beta1 +k8s.io/client-go/listers/apps/v1beta2 +k8s.io/client-go/listers/autoscaling/v1 +k8s.io/client-go/listers/autoscaling/v2 +k8s.io/client-go/listers/autoscaling/v2beta1 +k8s.io/client-go/listers/autoscaling/v2beta2 +k8s.io/client-go/listers/batch/v1 +k8s.io/client-go/listers/batch/v1beta1 +k8s.io/client-go/listers/certificates/v1 +k8s.io/client-go/listers/certificates/v1beta1 +k8s.io/client-go/listers/coordination/v1 +k8s.io/client-go/listers/coordination/v1beta1 +k8s.io/client-go/listers/core/v1 +k8s.io/client-go/listers/discovery/v1 +k8s.io/client-go/listers/discovery/v1beta1 +k8s.io/client-go/listers/events/v1 +k8s.io/client-go/listers/events/v1beta1 +k8s.io/client-go/listers/extensions/v1beta1 +k8s.io/client-go/listers/flowcontrol/v1alpha1 +k8s.io/client-go/listers/flowcontrol/v1beta1 +k8s.io/client-go/listers/flowcontrol/v1beta2 +k8s.io/client-go/listers/flowcontrol/v1beta3 +k8s.io/client-go/listers/networking/v1 +k8s.io/client-go/listers/networking/v1alpha1 +k8s.io/client-go/listers/networking/v1beta1 +k8s.io/client-go/listers/node/v1 +k8s.io/client-go/listers/node/v1alpha1 +k8s.io/client-go/listers/node/v1beta1 +k8s.io/client-go/listers/policy/v1 +k8s.io/client-go/listers/policy/v1beta1 +k8s.io/client-go/listers/rbac/v1 +k8s.io/client-go/listers/rbac/v1alpha1 +k8s.io/client-go/listers/rbac/v1beta1 +k8s.io/client-go/listers/resource/v1alpha1 +k8s.io/client-go/listers/scheduling/v1 +k8s.io/client-go/listers/scheduling/v1alpha1 +k8s.io/client-go/listers/scheduling/v1beta1 +k8s.io/client-go/listers/storage/v1 +k8s.io/client-go/listers/storage/v1alpha1 +k8s.io/client-go/listers/storage/v1beta1 +k8s.io/client-go/openapi +k8s.io/client-go/pkg/apis/clientauthentication +k8s.io/client-go/pkg/apis/clientauthentication/install +k8s.io/client-go/pkg/apis/clientauthentication/v1 +k8s.io/client-go/pkg/apis/clientauthentication/v1beta1 +k8s.io/client-go/pkg/version +k8s.io/client-go/plugin/pkg/client/auth/exec +k8s.io/client-go/plugin/pkg/client/auth/gcp +k8s.io/client-go/rest +k8s.io/client-go/rest/watch +k8s.io/client-go/third_party/forked/golang/template +k8s.io/client-go/tools/auth +k8s.io/client-go/tools/cache +k8s.io/client-go/tools/clientcmd +k8s.io/client-go/tools/clientcmd/api +k8s.io/client-go/tools/clientcmd/api/latest +k8s.io/client-go/tools/clientcmd/api/v1 +k8s.io/client-go/tools/metrics +k8s.io/client-go/tools/pager +k8s.io/client-go/tools/portforward +k8s.io/client-go/tools/reference +k8s.io/client-go/transport +k8s.io/client-go/transport/spdy +k8s.io/client-go/util/cert +k8s.io/client-go/util/connrotation +k8s.io/client-go/util/flowcontrol +k8s.io/client-go/util/homedir +k8s.io/client-go/util/jsonpath +k8s.io/client-go/util/keyutil +k8s.io/client-go/util/workqueue +# k8s.io/klog/v2 v2.90.0 +## explicit; go 1.13 +k8s.io/klog/v2 +k8s.io/klog/v2/internal/buffer +k8s.io/klog/v2/internal/clock +k8s.io/klog/v2/internal/dbg +k8s.io/klog/v2/internal/serialize +k8s.io/klog/v2/internal/severity +# k8s.io/kube-openapi v0.0.0-20230217203603-ff9a8e8fa21d +## explicit; go 1.18 +k8s.io/kube-openapi/pkg/builder3/util +k8s.io/kube-openapi/pkg/common +k8s.io/kube-openapi/pkg/handler3 +k8s.io/kube-openapi/pkg/internal +k8s.io/kube-openapi/pkg/internal/handler +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json +k8s.io/kube-openapi/pkg/openapiconv +k8s.io/kube-openapi/pkg/schemaconv +k8s.io/kube-openapi/pkg/schemamutation +k8s.io/kube-openapi/pkg/spec3 +k8s.io/kube-openapi/pkg/util/proto +k8s.io/kube-openapi/pkg/validation/spec +# k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 +## explicit; go 1.18 +k8s.io/utils/buffer +k8s.io/utils/clock +k8s.io/utils/clock/testing +k8s.io/utils/integer +k8s.io/utils/internal/third_party/forked/golang/net +k8s.io/utils/net +k8s.io/utils/strings/slices +k8s.io/utils/trace +# sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd +## explicit; go 1.18 +sigs.k8s.io/json +sigs.k8s.io/json/internal/golang/encoding/json +# sigs.k8s.io/structured-merge-diff/v4 v4.2.3 +## explicit; go 1.13 +sigs.k8s.io/structured-merge-diff/v4/fieldpath +sigs.k8s.io/structured-merge-diff/v4/schema +sigs.k8s.io/structured-merge-diff/v4/typed +sigs.k8s.io/structured-merge-diff/v4/value +# sigs.k8s.io/yaml v1.3.0 +## explicit; go 1.12 +sigs.k8s.io/yaml