Merge pull request #139 from mbaldessari/git-clone

Fix sharedValueFiles templating and add support for private repos
validatedpatterns · Dec 12, 2023 · 352aa85 · 352aa85
2 parents 69972c8 + 222a6b4
commit 352aa85
Show file tree

Hide file tree

Showing 175 changed files with 28,521 additions and 73 deletions.
diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml
diff --git a/.golangci.yml b/.golangci.yml
@@ -12,7 +12,7 @@ linters-settings:
     threshold: 100
   funlen:
     lines: -1 # the number of lines (code + empty lines) is not a right metric and leads to code without empty line or one-liner.
-    statements: 60
+    statements: 80
   goconst:
     min-len: 2
     min-occurrences: 3
@@ -29,7 +29,7 @@ linters-settings:
       - octalLiteral
       - whyNoLint
   gocyclo:
-    min-complexity: 32
+    min-complexity: 45
   gofmt:
     rewrite-rules:
       - pattern: 'interface{}'

diff --git a/api/v1alpha1/pattern_types.go b/api/v1alpha1/pattern_types.go
@@ -83,11 +83,8 @@ type PatternSpec struct {
 
 type GitConfig struct {
 	// Account              string `json:"account,omitempty"`
-	// TokenSecret          string `json:"tokenSecret,omitempty"`
-	// TokenSecretNamespace string `json:"tokenSecretNamespace,omitempty"`
-	// TokenSecretKey       string `json:"tokenSecretKey,omitempty"`
 
-	// Git repo containing the pattern to deploy. Must use https/http
+	// Git repo containing the pattern to deploy. Must use https/http or, for ssh, git@server:foo/bar.git
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1
 	TargetRepo string `json:"targetRepo"`
 
@@ -111,11 +108,21 @@ type GitConfig struct {
 	// Optional. FQDN of the git server if automatic parsing from TargetRepo is broken
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=6
 	Hostname string `json:"hostname,omitempty"`
+
+	// Optional. K8s secret name where the info for connecting to git can be found. The supported secrets are modeled after the
+	// private repositories in argo (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories)
+	// currently ssh and username+password are supported
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=7
+	TokenSecret string `json:"tokenSecret,omitempty"`
+
+	// Optional. K8s secret namespace where the token for connecting to git can be found
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=8
+	TokenSecretNamespace string `json:"tokenSecretNamespace,omitempty"`
 }
 
 type MultiSourceConfig struct {
 	// (EXPERIMENTAL) Enable multi-source support when deploying the clustergroup argo application
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=7,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=9,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
 	// +kubebuilder:default:=true
 	Enabled *bool `json:"enabled,omitempty"`
 
@@ -129,12 +136,12 @@ type MultiSourceConfig struct {
 
 	// The url when deploying the clustergroup helm chart directly from a git repo
 	// Defaults to '' which means not used (Only used when developing the clustergroup helm chart)
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=10,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldDependency:multiSourceConfig.enabled:true"}
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=12,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldDependency:multiSourceConfig.enabled:true"}
 	ClusterGroupGitRepoUrl string `json:"clusterGroupGitRepoUrl,omitempty"`
 
 	// The git reference when deploying the clustergroup helm chart directly from a git repo
 	// Defaults to 'main'. (Only used when developing the clustergroup helm chart)
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=11,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldDependency:multiSourceConfig.enabled:true"}
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=13,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldDependency:multiSourceConfig.enabled:true"}
 	// +kubebuilder:default:="main"
 	ClusterGroupChartGitRevision string `json:"clusterGroupChartGitRevision,omitempty"`
 }
@@ -194,6 +201,8 @@ type PatternStatus struct {
 	AnalyticsSent int `json:"analyticsSent,omitempty"`
 	// +operator-sdk:csv:customresourcedefinitions:type=status
 	AnalyticsUUID string `json:"analyticsUUID,omitempty"`
+	// +operator-sdk:csv:customresourcedefinitions:type=status
+	LocalCheckoutPath string `json:"path,omitempty"`
 }
 
 // See: https://book.kubebuilder.io/reference/markers/crd.html

diff --git a/bundle/manifests/gitops.hybrid-cloud-patterns.io_patterns.yaml b/bundle/manifests/gitops.hybrid-cloud-patterns.io_patterns.yaml
@@ -98,12 +98,22 @@ spec:
                     type: integer
                   targetRepo:
                     description: Git repo containing the pattern to deploy. Must use
-                      https/http
+                      https/http or, for ssh, git@server:foo/bar.git
                     type: string
                   targetRevision:
                     description: 'Branch, tag, or commit to deploy.  Does not support
                       short-sha''s. Default: HEAD'
                     type: string
+                  tokenSecret:
+                    description: Optional. K8s secret name where the info for connecting
+                      to git can be found. The supported secrets are modeled after
+                      the private repositories in argo (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories)
+                      currently ssh and username+password are supported
+                    type: string
+                  tokenSecretNamespace:
+                    description: Optional. K8s secret namespace where the token for
+                      connecting to git can be found
+                    type: string
                 required:
                 - targetRepo
                 type: object
@@ -211,6 +221,8 @@ spec:
               lastStep:
                 description: Last action related to the pattern
                 type: string
+              path:
+                type: string
               version:
                 description: Number of updates to the pattern
                 type: integer

diff --git a/bundle/manifests/patterns-operator.clusterserviceversion.yaml b/bundle/manifests/patterns-operator.clusterserviceversion.yaml
@@ -46,6 +46,7 @@ spec:
       - displayName: Name
         path: extraParameters[0].name
       - description: Git repo containing the pattern to deploy. Must use https/http
+          or, for ssh, git@server:foo/bar.git
         displayName: Target Repo
         path: gitSpec.targetRepo
       - displayName: Value
@@ -84,14 +85,28 @@ spec:
       - description: URLs to additional Helm parameter files
         displayName: Extra Value Files
         path: extraValueFiles
+      - description: Optional. K8s secret name where the info for connecting to git
+          can be found. The supported secrets are modeled after the private repositories
+          in argo (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories)
+          currently ssh and username+password are supported
+        displayName: Token Secret
+        path: gitSpec.tokenSecret
+      - displayName: Git Ops Config
+        path: gitOpsSpec
+      - description: Optional. K8s secret namespace where the token for connecting
+          to git can be found
+        displayName: Token Secret Namespace
+        path: gitSpec.tokenSecretNamespace
+      - description: Analytics UUID. Leave empty to autogenerate a random one. Not
+          PII information
+        displayName: Analytics UUID
+        path: analyticsUUID
       - description: (EXPERIMENTAL) Enable multi-source support when deploying the
           clustergroup argo application
         displayName: Enabled
         path: multiSourceConfig.enabled
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - displayName: Git Ops Config
-        path: gitOpsSpec
       - description: The helm chart url to fetch the helm charts from in order to
           deploy the pattern. Defaults to https://charts.validatedpatterns.io/
         displayName: Helm Repo Url
@@ -149,6 +164,8 @@ spec:
       - description: Last action related to the pattern
         displayName: Last Step
         path: lastStep
+      - displayName: Local Checkout Path
+        path: path
       - description: Number of updates to the pattern
         displayName: Version
         path: version
@@ -176,6 +193,15 @@ spec:
           verbs:
           - get
           - list
+        - apiGroups:
+          - ""
+          resources:
+          - secrets
+          verbs:
+          - create
+          - get
+          - update
+          - watch
         - apiGroups:
           - argoproj.io
           resources:

diff --git a/config/crd/bases/gitops.hybrid-cloud-patterns.io_patterns.yaml b/config/crd/bases/gitops.hybrid-cloud-patterns.io_patterns.yaml
@@ -98,12 +98,22 @@ spec:
                     type: integer
                   targetRepo:
                     description: Git repo containing the pattern to deploy. Must use
-                      https/http
+                      https/http or, for ssh, git@server:foo/bar.git
                     type: string
                   targetRevision:
                     description: 'Branch, tag, or commit to deploy.  Does not support
                       short-sha''s. Default: HEAD'
                     type: string
+                  tokenSecret:
+                    description: Optional. K8s secret name where the info for connecting
+                      to git can be found. The supported secrets are modeled after
+                      the private repositories in argo (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories)
+                      currently ssh and username+password are supported
+                    type: string
+                  tokenSecretNamespace:
+                    description: Optional. K8s secret namespace where the token for
+                      connecting to git can be found
+                    type: string
                 required:
                 - targetRepo
                 type: object
@@ -211,6 +221,8 @@ spec:
               lastStep:
                 description: Last action related to the pattern
                 type: string
+              path:
+                type: string
               version:
                 description: Number of updates to the pattern
                 type: integer

diff --git a/config/manifests/bases/patterns-operator.clusterserviceversion.yaml b/config/manifests/bases/patterns-operator.clusterserviceversion.yaml
@@ -26,6 +26,7 @@ spec:
       - displayName: Name
         path: extraParameters[0].name
       - description: Git repo containing the pattern to deploy. Must use https/http
+          or, for ssh, git@server:foo/bar.git
         displayName: Target Repo
         path: gitSpec.targetRepo
       - displayName: Value
@@ -64,14 +65,28 @@ spec:
       - description: URLs to additional Helm parameter files
         displayName: Extra Value Files
         path: extraValueFiles
+      - description: Optional. K8s secret name where the info for connecting to git
+          can be found. The supported secrets are modeled after the private repositories
+          in argo (https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories)
+          currently ssh and username+password are supported
+        displayName: Token Secret
+        path: gitSpec.tokenSecret
+      - displayName: Git Ops Config
+        path: gitOpsSpec
+      - description: Optional. K8s secret namespace where the token for connecting
+          to git can be found
+        displayName: Token Secret Namespace
+        path: gitSpec.tokenSecretNamespace
+      - description: Analytics UUID. Leave empty to autogenerate a random one. Not
+          PII information
+        displayName: Analytics UUID
+        path: analyticsUUID
       - description: (EXPERIMENTAL) Enable multi-source support when deploying the
           clustergroup argo application
         displayName: Enabled
         path: multiSourceConfig.enabled
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
-      - displayName: Git Ops Config
-        path: gitOpsSpec
       - description: The helm chart url to fetch the helm charts from in order to
           deploy the pattern. Defaults to https://charts.validatedpatterns.io/
         displayName: Helm Repo Url
@@ -129,6 +144,8 @@ spec:
       - description: Last action related to the pattern
         displayName: Last Step
         path: lastStep
+      - displayName: Local Checkout Path
+        path: path
       - description: Number of updates to the pattern
         displayName: Version
         path: version

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -18,6 +18,15 @@ rules:
   verbs:
   - get
   - list
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - get
+  - update
+  - watch
 - apiGroups:
   - argoproj.io
   resources: