diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index afbff984..1e53af2c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,7 +7,7 @@ repos: exclude: '^tests/.*/__snapshots__/.*.ambr$' - id: end-of-file-fixer - id: check-yaml - exclude: '^tests/testdata/cluster8/apps/.*\.yaml$' + exclude: '^tests/testdata/cluster8/apps/.*\.yaml|tests/testdata/cluster/apps/prod/.*\.yaml$' - id: check-added-large-files - repo: https://github.com/psf/black rev: 24.4.2 diff --git a/flux_local/command.py b/flux_local/command.py index 7084fbdc..572dc9e0 100644 --- a/flux_local/command.py +++ b/flux_local/command.py @@ -96,6 +96,7 @@ async def run(self, stdin: bytes | None = None) -> bytes: errors.append(out.decode("utf-8")) if err: errors.append(err.decode("utf-8")) + _LOGGER.debug("stdin=%s", stdin) _LOGGER.debug("\n".join(errors)) raise self.exc("\n".join(errors)) return out diff --git a/flux_local/git_repo.py b/flux_local/git_repo.py index a3a70784..7383c0d3 100644 --- a/flux_local/git_repo.py +++ b/flux_local/git_repo.py @@ -403,27 +403,54 @@ def remove(self, kustomization: Kustomization) -> None: del self._cache[key] +@dataclass +class VisitResult: + """Result of visiting a kustomization.""" + + kustomizations: list[Kustomization] + config_maps: list[ConfigMap] + secrets: list[Secret] + + def __post_init__(self) -> None: + """Validate the object""" + unique = {ks.namespaced_name for ks in self.kustomizations} + if len(unique) != len(self.kustomizations): + ks_names = [ks.namespaced_name for ks in self.kustomizations] + dupes = list(filter(lambda x: ks_names.count(x) > 1, ks_names)) + raise FluxException( + f"Detected multiple Fluxtomizations with the same name: {dupes}. " + "This indicates either (1) an incorrect Kustomization which needs to be fixed " + "or (2) a multi-cluster setup which requires flux-local to run with a more strict --path." + ) + + async def visit_kustomization( selector: PathSelector, builder: CachableBuilder, path: Path, visit_ks: Kustomization | None, -) -> list[Kustomization]: +) -> VisitResult: """Visit a path and return a list of Kustomizations.""" _LOGGER.debug("Visiting path (%s) %s", selector.path, path) label = visit_ks.namespaced_name if visit_ks else str(path) + + kinds = [CLUSTER_KUSTOMIZE_KIND, CONFIG_MAP_KIND, SECRET_KIND] + with trace_context(f"Kustomization '{label}'"): cmd: kustomize.Kustomize if visit_ks is None: - cmd = kustomize.grep(f"kind={CLUSTER_KUSTOMIZE_KIND}", selector.root / path) + cmd = kustomize.filter_resources(kinds, selector.root / path) else: cmd = await builder.build(visit_ks, selector.root / path) - cmd = cmd.grep(f"kind={CLUSTER_KUSTOMIZE_KIND}") - cmd = cmd.grep(GREP_SOURCE_REF_KIND) + cmd = cmd.filter_resources(kinds) + cmd = await cmd.stash() + ks_cmd = cmd.grep(GREP_SOURCE_REF_KIND) + cfg_cmd = cmd.filter_resources([CONFIG_MAP_KIND, SECRET_KIND]) try: - docs = await cmd.objects() + ks_docs = await ks_cmd.objects() + cfg_docs = await cfg_cmd.objects() except KustomizePathException as err: raise FluxException(err) from err except FluxException as err: @@ -436,25 +463,26 @@ async def visit_kustomization( f"Error building Fluxtomization '{visit_ks.namespaced_name}' " f"path '{path}': {ERROR_DETAIL_BAD_KS} {err}" ) from err - kustomizations = list( - filter( - is_allowed_source(selector.sources or []), - [ - Kustomization.parse_doc(doc) - for doc in filter(FLUXTOMIZE_DOMAIN_FILTER, docs) - ], - ) + + return VisitResult( + kustomizations=list( + filter( + is_allowed_source(selector.sources or []), + [ + Kustomization.parse_doc(doc) + for doc in filter(FLUXTOMIZE_DOMAIN_FILTER, ks_docs) + ], + ) + ), + config_maps=[ + ConfigMap.parse_doc(doc) + for doc in cfg_docs + if doc.get("kind") == CONFIG_MAP_KIND + ], + secrets=[ + Secret.parse_doc(doc) for doc in cfg_docs if doc.get("kind") == SECRET_KIND + ], ) - unique = {ks.namespaced_name for ks in kustomizations} - if len(unique) != len(kustomizations): - ks_names = [ks.namespaced_name for ks in kustomizations] - dupes = list(filter(lambda x: ks_names.count(x) > 1, ks_names)) - raise FluxException( - f"Detected multiple Fluxtomizations with the same name: {dupes}. " - "This indicates either (1) an incorrect Kustomization which needs to be fixed " - "or (2) a multi-cluster setup which requires flux-local to run with a more strict --path." - ) - return kustomizations async def kustomization_traversal( @@ -468,6 +496,7 @@ async def kustomization_traversal( path_queue: deque[tuple[Path, Kustomization | None]] = deque() path_queue.append((selector.relative_path, None)) + cluster_config = values.cluster_config([], []) while path_queue: # Fully empty the queue, running all tasks in parallel tasks = [] @@ -479,12 +508,24 @@ async def kustomization_traversal( continue visited_paths.add(path) + _LOGGER.debug("BEFORE: %s", visit_ks) + if visit_ks is not None and visit_ks.postbuild_substitute_from: + _LOGGER.debug("Expand: %s", cluster_config) + values.expand_postbuild_substitute_reference( + visit_ks, + cluster_config, + ) + _LOGGER.debug("AFTER: %s", visit_ks) + tasks.append(visit_kustomization(selector, builder, path, visit_ks)) # Find new kustomizations kustomizations = [] for result in await asyncio.gather(*tasks): - for ks in result: + cluster_config = values.merge_cluster_config( + cluster_config, result.secrets, result.config_maps + ) + for ks in result.kustomizations: if ks.namespaced_name in visited_ks: continue kustomizations.append(ks) @@ -705,7 +746,7 @@ async def update_kustomization(cluster: Cluster) -> None: ) # Clear the cache to remove any previous builds that are # missing the postbuild substitutions. - builder.remove(kustomization) + # builder.remove(kustomization) build_tasks.append( build_kustomization( diff --git a/flux_local/kustomize.py b/flux_local/kustomize.py index 5ae9948e..496466bd 100644 --- a/flux_local/kustomize.py +++ b/flux_local/kustomize.py @@ -141,6 +141,13 @@ def skip_resources(self, kinds: list[str]) -> "Kustomize": skip_re = "|".join(kinds) return self.grep(f"kind=^({skip_re})$", invert=True) + def filter_resources(self, kinds: list[str]) -> "Kustomize": + """Skip resources kinds of the specified types.""" + if not kinds: + return self + skip_re = "|".join(kinds) + return self.grep(f"kind=^({skip_re})$", invert=False) + async def validate_policies(self, policies: list[manifest.ClusterPolicy]) -> None: """Apply kyverno policies to objects built so far.""" if not policies: @@ -283,6 +290,12 @@ def grep(expr: str, path: Path, invert: bool = False) -> Kustomize: return Kustomize([Command(args, cwd=cwd, exc=KustomizeException)]) +def filter_resources(kinds: list[str], path: Path) -> Kustomize: + """Filter resources in the specified path based of a specific kind.""" + regexp = f"kind=^({'|'.join(kinds)})$" + return grep(regexp, path) + + def update_namespace(doc: dict[str, Any], namespace: str) -> dict[str, Any]: """Update the namespace of the specified document. diff --git a/flux_local/values.py b/flux_local/values.py index 9fcf1d67..f110f28c 100644 --- a/flux_local/values.py +++ b/flux_local/values.py @@ -59,6 +59,16 @@ def cluster_config( ) +def merge_cluster_config( + config: ClusterConfig, secrets: list[Secret], config_maps: list[ConfigMap] +) -> ClusterConfig: + """Create a ClusterConfig from a list of secrets and configmaps.""" + return ClusterConfig( + lambda: list(config.secrets) + secrets, + lambda: list(config.config_maps) + config_maps, + ) + + def ks_cluster_config(kustomizations: list[Kustomization]) -> ClusterConfig: """Create a ClusterConfig from a list of Kustomizations.""" @@ -262,7 +272,9 @@ def expand_postbuild_substitute_reference( continue if found_data is None: - if not ref.optional and not ref.kind == SECRET_KIND: # Secrets are commonly filtered + if ( + not ref.optional and not ref.kind == SECRET_KIND + ): # Secrets are commonly filtered _LOGGER.warning( "Unable to find SubstituteReference for %s: %s", ks.namespaced_name, @@ -271,5 +283,6 @@ def expand_postbuild_substitute_reference( continue values.update(found_data) + _LOGGER.debug("update_postbuild_substitutions=%s", values) ks.update_postbuild_substitutions(values) return ks diff --git a/tests/__snapshots__/test_git_repo.ambr b/tests/__snapshots__/test_git_repo.ambr index 5efc592d..ecb85149 100644 --- a/tests/__snapshots__/test_git_repo.ambr +++ b/tests/__snapshots__/test_git_repo.ambr @@ -681,42 +681,48 @@ "Kustomization 'flux-system/cluster'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster2/flux (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/cluster-apps'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster2/apps (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/cluster-apps-ingress-nginx'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster2/apps/networking/ingress-nginx/app (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/cluster-apps-ingress-nginx-certificates'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster2/apps/networking/ingress-nginx/certificates (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/cluster-apps-kubernetes-dashboard'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster2/apps/monitoring/kubernetes-dashboard/app (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'tests/testdata/cluster2'": dict({ 'cmds': list([ - '(tests/testdata/cluster2 (abs)) kustomize cfg grep kind=Kustomization .', + "(tests/testdata/cluster2 (abs)) kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$' .", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), }), @@ -740,21 +746,24 @@ "Kustomization 'flux-system/namespaces'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster3/namespaces/overlays/cluster3 (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/tenants'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster3/tenants/overlays/cluster3 (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'tests/testdata/cluster3'": dict({ 'cmds': list([ - '(tests/testdata/cluster3 (abs)) kustomize cfg grep kind=Kustomization .', + "(tests/testdata/cluster3 (abs)) kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$' .", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), }), @@ -784,28 +793,32 @@ "Kustomization 'flux-system/cluster'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster4/flux (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/cluster-apps'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster4/apps (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/cluster-apps-kubernetes-dashboard'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster4/apps/monitoring/kubernetes-dashboard (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'tests/testdata/cluster4'": dict({ 'cmds': list([ - '(tests/testdata/cluster4 (abs)) kustomize cfg grep kind=Kustomization .', + "(tests/testdata/cluster4 (abs)) kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$' .", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), }), @@ -823,14 +836,16 @@ "Kustomization 'flux-system/flux-system'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster5/clusters/prod (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'tests/testdata/cluster5'": dict({ 'cmds': list([ - '(tests/testdata/cluster5 (abs)) kustomize cfg grep kind=Kustomization .', + "(tests/testdata/cluster5 (abs)) kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$' .", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), }), @@ -854,21 +869,24 @@ "Kustomization 'flux-system/apps'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster6/apps (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/flux-system'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster6/cluster (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'tests/testdata/cluster6'": dict({ 'cmds': list([ - '(tests/testdata/cluster6 (abs)) kustomize cfg grep kind=Kustomization .', + "(tests/testdata/cluster6 (abs)) kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$' .", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), }), @@ -898,28 +916,32 @@ "Kustomization 'flux-system/apps'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster7/flux/apps (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/charts'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster7/flux/charts (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/flux-system'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster7/clusters/home (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'tests/testdata/cluster7'": dict({ 'cmds': list([ - '(tests/testdata/cluster7 (abs)) kustomize cfg grep kind=Kustomization .', + "(tests/testdata/cluster7 (abs)) kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$' .", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), }), @@ -930,7 +952,6 @@ "Cluster 'tests/testdata/cluster'": dict({ "Build 'flux-system/apps'": dict({ 'cmds': list([ - 'flux build tests/testdata/cluster/apps/prod (abs)', "kustomize cfg grep 'kind=^(CustomResourceDefinition|Secret)$' --invert-match", "kustomize cfg grep 'kind=^(ConfigMap|HelmRepository|HelmRelease|Secret|ClusterPolicy)$'", ]), @@ -956,35 +977,40 @@ "Kustomization 'flux-system/apps'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster/apps/prod (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/flux-system'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster/clusters/prod (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/infra-configs'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster/infrastructure/configs (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'flux-system/infra-controllers'": dict({ 'cmds': list([ 'flux build tests/testdata/cluster/infrastructure/controllers (abs)', - 'kustomize cfg grep kind=Kustomization', + "kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$'", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), "Kustomization 'tests/testdata/cluster'": dict({ 'cmds': list([ - '(tests/testdata/cluster (abs)) kustomize cfg grep kind=Kustomization .', + "(tests/testdata/cluster (abs)) kustomize cfg grep 'kind=^(Kustomization|ConfigMap|Secret)$' .", "kustomize cfg grep 'spec.sourceRef.kind=GitRepository|OCIRepository'", + "kustomize cfg grep 'kind=^(ConfigMap|Secret)$'", ]), }), }), diff --git a/tests/testdata/cluster/apps/prod/certificates.yaml b/tests/testdata/cluster/apps/prod/certificates.yaml new file mode 100644 index 00000000..3d670d14 --- /dev/null +++ b/tests/testdata/cluster/apps/prod/certificates.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "${SECRET_DOMAIN/./-}-staging" +spec: + secretName: "${SECRET_DOMAIN/./-}-staging-tls" + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + commonName: "${SECRET_DOMAIN}" + dnsNames: + - "${SECRET_DOMAIN}" + - "*.${SECRET_DOMAIN}" +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: "${SECRET_DOMAIN2/./-}-staging" +spec: + secretName: "${SECRET_DOMAIN2/./-}-staging-tls" + issuerRef: + name: letsencrypt-staging + kind: ClusterIssuer + commonName: "${SECRET_DOMAIN2}" + dnsNames: + - "${SECRET_DOMAIN2}" + - "*.${SECRET_DOMAIN2}" + - ${cluster_label} diff --git a/tests/testdata/cluster/apps/prod/kustomization.yaml b/tests/testdata/cluster/apps/prod/kustomization.yaml index 3ce76aa5..d830563b 100644 --- a/tests/testdata/cluster/apps/prod/kustomization.yaml +++ b/tests/testdata/cluster/apps/prod/kustomization.yaml @@ -4,5 +4,6 @@ kind: Kustomization resources: - ../base/podinfo - configmap.yaml + - certificates.yaml patchesStrategicMerge: - podinfo-values.yaml diff --git a/tests/testdata/cluster/clusters/prod/flux-system/cluster-config.yaml b/tests/testdata/cluster/clusters/prod/flux-system/cluster-config.yaml index 5a6f6544..ae91fd17 100644 --- a/tests/testdata/cluster/clusters/prod/flux-system/cluster-config.yaml +++ b/tests/testdata/cluster/clusters/prod/flux-system/cluster-config.yaml @@ -6,3 +6,5 @@ metadata: namespace: flux-system data: cluster_label: example-value + SECRET_DOMAIN: "example.com" + SECRET_DOMAIN2: "other.com" diff --git a/tests/tool/__snapshots__/test_build.ambr b/tests/tool/__snapshots__/test_build.ambr index 5c07f9e2..e7c88458 100644 --- a/tests/tool/__snapshots__/test_build.ambr +++ b/tests/tool/__snapshots__/test_build.ambr @@ -4440,6 +4440,47 @@ annotations: config.kubernetes.io/index: '2' internal.config.kubernetes.io/index: '2' + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + kustomize.toolkit.fluxcd.io/name: apps + kustomize.toolkit.fluxcd.io/namespace: flux-system + name: example-com-staging + annotations: + config.kubernetes.io/index: '3' + internal.config.kubernetes.io/index: '3' + spec: + commonName: example.com + dnsNames: + - example.com + - '*.example.com' + issuerRef: + kind: ClusterIssuer + name: letsencrypt-staging + secretName: example-com-staging-tls + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + kustomize.toolkit.fluxcd.io/name: apps + kustomize.toolkit.fluxcd.io/namespace: flux-system + name: other-com-staging + annotations: + config.kubernetes.io/index: '4' + internal.config.kubernetes.io/index: '4' + spec: + commonName: other.com + dnsNames: + - other.com + - '*.other.com' + - example-value + issuerRef: + kind: ClusterIssuer + name: letsencrypt-staging + secretName: other-com-staging-tls --- apiVersion: kustomize.toolkit.fluxcd.io/v1 @@ -4511,6 +4552,8 @@ --- apiVersion: v1 data: + SECRET_DOMAIN: example.com + SECRET_DOMAIN2: other.com cluster_label: example-value kind: ConfigMap metadata: diff --git a/tests/tool/__snapshots__/test_diff_ks.ambr b/tests/tool/__snapshots__/test_diff_ks.ambr index bdfb73c9..399df79b 100644 --- a/tests/tool/__snapshots__/test_diff_ks.ambr +++ b/tests/tool/__snapshots__/test_diff_ks.ambr @@ -1,6 +1,57 @@ # serializer version: 1 # name: test_diff_ks[apps] - '' + ''' + --- tests/testdata/cluster/apps/prod Kustomization: flux-system/apps Certificate: flux-system/example-com-staging + + +++ tests/testdata/cluster/apps/prod Kustomization: flux-system/apps Certificate: flux-system/example-com-staging + + @@ -0,0 +1,18 @@ + + +--- + +apiVersion: cert-manager.io/v1 + +kind: Certificate + +metadata: + + labels: + + kustomize.toolkit.fluxcd.io/name: apps + + kustomize.toolkit.fluxcd.io/namespace: flux-system + + name: example-com-staging + +spec: + + commonName: example.com + + dnsNames: + + - example.com + + - '*.example.com' + + issuerRef: + + kind: ClusterIssuer + + name: letsencrypt-staging + + secretName: example-com-staging-tls + + + --- tests/testdata/cluster/apps/prod Kustomization: flux-system/apps Certificate: flux-system/other-com-staging + + +++ tests/testdata/cluster/apps/prod Kustomization: flux-system/apps Certificate: flux-system/other-com-staging + + @@ -0,0 +1,19 @@ + + +--- + +apiVersion: cert-manager.io/v1 + +kind: Certificate + +metadata: + + labels: + + kustomize.toolkit.fluxcd.io/name: apps + + kustomize.toolkit.fluxcd.io/namespace: flux-system + + name: other-com-staging + +spec: + + commonName: other.com + + dnsNames: + + - other.com + + - '*.other.com' + + - example-value + + issuerRef: + + kind: ClusterIssuer + + name: letsencrypt-staging + + secretName: other-com-staging-tls + + + + ''' # --- # name: test_diff_ks[ks-external] ''