Merge pull request #26 from damsien/dev

Release beta 0.1.0

.github/workflows/helm-chart-releaser.yml

@@ -2,18 +2,14 @@ name: Release charts
 
 on:
   push:
-    branches:
-      - dev
     tags:
       - '*'
 
 jobs:
   release:
+    if: startsWith(github.ref, 'refs/tags/')
     # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
     # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
-    if: |
-      (github.event.repository.fork == true && github.ref == 'refs/heads/dev') || 
-      (github.event.repository.fork == false && startsWith(github.ref, 'refs/tags/'))
     permissions:
       contents: write
     runs-on: ubuntu-latest
@@ -39,5 +35,6 @@ jobs:
           charts_dir: charts
           config: charts/release_config.yml
           skip_existing: true
+          mark_as_latest: true
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -7,11 +7,6 @@
 *.dylib
 bin/*
 Dockerfile.cross
-config/samples/test
-config/webhook/manifests.yaml
-config/webhook/secret.yaml
-config/webhook/manifests.yaml.temp
-config/webhook/secret.yaml.temp
 
 # Test binary, built with `go test -c`
 *.test
@@ -31,3 +26,9 @@ go.work
 *.swp
 *.swo
 *~
+
+# cert-injector on manifests
+**/*.bak
+
+# developer's specific tests
+config/samples/test

Makefile

@@ -1,9 +1,10 @@
 
 # Image URL to use all building/pushing image targets
 IMG ?= syngit-controller:latest
-DEV_CLUSTER ?= dev-cluster
+DEV_CLUSTER ?= syngit-dev-cluster
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.29.0
+CRD_OPTIONS ?= "crd"
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -49,10 +50,9 @@ WEBHOOK_PATH ?= config/webhook
 IMAGE ?= syngit.io/op:dev
 .PHONY: dev-deploy
 dev-deploy: # Launch dev env on the cluster
+	kind create cluster --name $(DEV_CLUSTER) 2>/dev/null || true
 	make docker-build IMG=$(IMAGE)
-	kind load docker-image $(IMAGE) --name dev-cluster
-	cd $(WEBHOOK_PATH) && cp manifests.yaml manifests.yaml.temp
-	cd $(WEBHOOK_PATH) && cp secret.yaml secret.yaml.temp
+	kind load docker-image $(IMAGE) --name $(DEV_CLUSTER)
 	make deploy IMG=$(IMAGE)
 
 # .PHONY: dev-run
@@ -68,8 +68,7 @@ dev-deploy: # Launch dev env on the cluster
 
 .PHONY: cleanup-deploy
 cleanup-deploy: # Cleanup
-	cd $(WEBHOOK_PATH) && mv secret.yaml.temp secret.yaml
-	cd $(WEBHOOK_PATH) && mv manifests.yaml.temp manifests.yaml
+	cd $(WEBHOOK_PATH) && ./cleanup-injector.sh
 	make undeploy
 
 # .PHONY: cleanup-run
@@ -182,7 +181,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	cd $(WEBHOOK_PATH) && ./cert-injector.sh manifests.yaml
+	cd $(WEBHOOK_PATH) && ./cert-injector.sh manifests.yaml ../crd/patches
 	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
 
 .PHONY: undeploy

PROJECT

@@ -109,6 +109,9 @@ resources:
   kind: RemoteUserBinding
   path: syngit.io/syngit/api/v1alpha4
   version: v1alpha4
+  webhooks:
+    conversion: true
+    webhookVersion: v1
 - api:
     crdVersion: v1
     namespaced: true
@@ -131,4 +134,39 @@ resources:
   webhooks:
     validation: true
     webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: syngit.io
+  group: syngit
+  kind: RemoteUser
+  path: syngit.io/syngit/api/v1beta1
+  version: v1beta1
+  webhooks:
+    conversion: true
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: syngit.io
+  group: syngit
+  kind: RemoteUserBinding
+  path: syngit.io/syngit/api/v1beta1
+  version: v1beta1
+  webhooks:
+    conversion: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: syngit.io
+  group: syngit
+  kind: RemoteSyncer
+  path: syngit.io/syngit/api/v1beta1
+  version: v1beta1
+  webhooks:
+    conversion: true
+    validation: true
+    webhookVersion: v1
 version: "3"

README.md

@@ -45,7 +45,7 @@ helm repo add syngit https://syngit-org.github.io/syngit
 1. Install the operator
 You can customize the values before installing the Helm chart.
 ```sh
-helm install syngit syngit/syngit --version 1.0.1 -n syngit --create-namespace
+helm install syngit syngit/syngit --version 0.1.0 -n syngit --create-namespace
 ```
 
 syngit is now installed on your cluster!
@@ -70,34 +70,33 @@ stringData:
 ```
 
 ```yaml
-apiVersion: syngit.syngit.io/v1alpha4
+apiVersion: syngit.syngit.io/v1beta1
 kind: RemoteUser
 metadata:
   name: remoteuser-sample
 spec:
   gitBaseDomainFQDN: "github.com"
-  testAuthentication: true
   email: [email protected]
-  ownRemoteUserBinding: true
+  associatedRemoteUserBinding: true
   secretRef:
     name: git-server-my_git_username-auth
 ```
 
-Now, if you look at the status of the object, the user should be connected to the git server.
+Now, if you look at the status of the object, the secret should be correctly bound.
 
 ```sh
-kubectl get remoteuser remoteuser-sample -o=jsonpath='{.status.connexionStatus}'
+kubectl get remoteuser remoteuser-sample -o=jsonpath='{.status.secretBoundStatus}'
 ```
 
 ### RemoteUserBinding
 
 The RemoteUserBinding bind the Kubernetes user with the remote git user. This is used by syngit when the user apply changes on the cluster. syngit will push on the git server with the associated git user.
 
-By default, the `ownRemoteUserBinding` field of the RemoteUser object automatically creates a RemoteUserBinding. The name of the object is `owned-rub-<kubernetes_user_id>`.
+By default, the `associatedRemoteUserBinding` field of the RemoteUser object automatically creates a RemoteUserBinding. The name of the object is `associated-rub-<kubernetes_user_id>`.
 
 To get the associated RemoteUserBinding object, run :
 ```sh
-kubectl get remoteuserbinding owned-rub-$(kubectl auth whoami -o=jsonpath='{.status.userInfo.username}')
+kubectl get remoteuserbinding associated-rub-$(kubectl auth whoami -o=jsonpath='{.status.userInfo.username}')
 ```
 
 ### RemoteSyncer
@@ -107,15 +106,17 @@ The RemoteSyncer object contains the whole logic part of the operator.
 In this example, the RemoteSyncer will intercept all the *configmaps*. It will push them to *https://github.com/my_repo_path.git* in the branch *main* under the path `my_configmaps/`. Because the `commitProcess` is set to `CommitApply`, the changes will be pushed and then applied to the cluster. `CommitOnly` will only push the resource on the git server without applying it on the cluster.
 
 ```yaml
-apiVersion: syngit.syngit.io/v1alpha4
+apiVersion: syngit.syngit.io/v1beta1
 kind: RemoteSyncer
 metadata:
   name: remotesyncer-sample
 spec:
   remoteRepository: https://github.com/my_repo_path.git
-  branch: main
-  commitProcess: CommitApply
+  defaultBranch: main
+  processMode: CommitApply
+  pushMode: SameBranch
   defaultUnauthorizedUserMode: Block
+  rootPath: "my_configmaps"
   excludedFields:
     - metadata.managedFields
     - metadata.creationTimestamp

api/v1alpha1/remotesyncer_conversion.go

@@ -0,0 +1,63 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/conversion"
+	v1beta1 "syngit.io/syngit/api/v1beta1"
+)
+
+func (src *RemoteSyncer) ConvertTo(dstRaw conversion.Hub) error {
+	dst := dstRaw.(*v1beta1.RemoteSyncer)
+
+	// Common conversion
+	dst.ObjectMeta = src.ObjectMeta
+
+	dst.Spec.DefaultBranch = src.Spec.Branch
+	dst.Spec.BypassInterceptionSubjects = src.Spec.BypassInterceptionSubjects
+	dst.Spec.DefaultBlockAppliedMessage = src.Spec.DefaultBlockAppliedMessage
+	dst.Spec.DefaultUnauthorizedUserMode = v1beta1.DefaultUnauthorizedUserMode(src.Spec.DefaultUnauthorizedUserMode)
+	dst.Spec.DefaultRemoteUserRef = src.Spec.DefaultUserBind
+	dst.Spec.ExcludedFields = src.Spec.ExcludedFields
+	dst.Spec.RemoteRepository = src.Spec.RemoteRepository
+
+	// Breaking changes
+	dst.Spec.ProcessMode = v1beta1.ProcessMode(src.Spec.CommitProcess)
+	dst.Spec.PushMode = v1beta1.SameBranch
+
+	return nil
+}
+
+func (dst *RemoteSyncer) ConvertFrom(srcRaw conversion.Hub) error {
+	src := srcRaw.(*v1beta1.RemoteSyncer)
+
+	// Common conversion
+	dst.ObjectMeta = src.ObjectMeta
+
+	dst.Spec.Branch = src.Spec.DefaultBranch
+	dst.Spec.BypassInterceptionSubjects = src.Spec.BypassInterceptionSubjects
+	dst.Spec.DefaultBlockAppliedMessage = src.Spec.DefaultBlockAppliedMessage
+	dst.Spec.DefaultUnauthorizedUserMode = DefaultUnauthorizedUserMode(src.Spec.DefaultUnauthorizedUserMode)
+	dst.Spec.DefaultUserBind = src.Spec.DefaultRemoteUserRef
+	dst.Spec.ExcludedFields = src.Spec.ExcludedFields
+	dst.Spec.RemoteRepository = src.Spec.RemoteRepository
+
+	// Breaking changes
+	dst.Spec.CommitProcess = CommitProcess(src.Spec.ProcessMode)
+
+	return nil
+}

api/v1alpha1/remotesyncer_types.go

@@ -83,6 +83,7 @@ type RemoteSyncerStatus struct {
 }
 
 //+kubebuilder:object:root=true
+//+kubebuilder:unservedversion
 //+kubebuilder:subresource:status
 
 // RemoteSyncer is the Schema for the remotesyncers API