-
Notifications
You must be signed in to change notification settings - Fork 181
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #740 from fluxcd/refactor-generator
Refactor: Extract generator to internal package
- Loading branch information
Showing
20 changed files
with
163 additions
and
99 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
/* | ||
Copyright 2020 The Flux authors | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package generator | ||
|
||
import ( | ||
"fmt" | ||
"sync" | ||
|
||
securefs "github.com/fluxcd/pkg/kustomize/filesys" | ||
"sigs.k8s.io/kustomize/api/krusty" | ||
"sigs.k8s.io/kustomize/api/resmap" | ||
kustypes "sigs.k8s.io/kustomize/api/types" | ||
"sigs.k8s.io/kustomize/kyaml/filesys" | ||
) | ||
|
||
// buildMutex protects against kustomize concurrent map read/write panic | ||
var buildMutex sync.Mutex | ||
|
||
// Build wraps krusty.MakeKustomizer with the following settings: | ||
// - secure on-disk FS denying operations outside root | ||
// - load files from outside the kustomization dir path | ||
// (but not outside root) | ||
// - disable plugins except for the builtin ones | ||
func Build(root, dirPath string, allowRemoteBases bool) (_ resmap.ResMap, err error) { | ||
var fs filesys.FileSystem | ||
|
||
// Create secure FS for root with or without remote base support | ||
if allowRemoteBases { | ||
fs, err = securefs.MakeFsOnDiskSecureBuild(root) | ||
if err != nil { | ||
return nil, err | ||
} | ||
} else { | ||
fs, err = securefs.MakeFsOnDiskSecure(root) | ||
if err != nil { | ||
return nil, err | ||
} | ||
} | ||
|
||
// Temporary workaround for concurrent map read and map write bug | ||
// https://github.com/kubernetes-sigs/kustomize/issues/3659 | ||
buildMutex.Lock() | ||
defer buildMutex.Unlock() | ||
|
||
// Kustomize tends to panic in unpredicted ways due to (accidental) | ||
// invalid object data; recover when this happens to ensure continuity of | ||
// operations | ||
defer func() { | ||
if r := recover(); r != nil { | ||
err = fmt.Errorf("recovered from kustomize build panic: %v", r) | ||
} | ||
}() | ||
|
||
buildOptions := &krusty.Options{ | ||
LoadRestrictions: kustypes.LoadRestrictionsNone, | ||
PluginConfig: kustypes.DisabledPluginConfig(), | ||
} | ||
|
||
k := krusty.MakeKustomizer(buildOptions) | ||
return k.Run(fs, dirPath) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
/* | ||
Copyright 2022 The Flux authors | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package generator | ||
|
||
import ( | ||
"testing" | ||
|
||
. "github.com/onsi/gomega" | ||
) | ||
|
||
func Test_Buid(t *testing.T) { | ||
t.Run("remote build", func(t *testing.T) { | ||
g := NewWithT(t) | ||
|
||
_, err := Build("testdata/remote", "testdata/remote", true) | ||
g.Expect(err).ToNot(HaveOccurred()) | ||
}) | ||
|
||
t.Run("no remote build", func(t *testing.T) { | ||
g := NewWithT(t) | ||
|
||
_, err := Build("testdata/remote", "testdata/remote", false) | ||
g.Expect(err).To(HaveOccurred()) | ||
}) | ||
} | ||
|
||
func Test_Buid_panic(t *testing.T) { | ||
t.Run("build panic", func(t *testing.T) { | ||
g := NewWithT(t) | ||
|
||
_, err := Build("testdata/panic", "testdata/panic", false) | ||
g.Expect(err).To(HaveOccurred()) | ||
g.Expect(err.Error()).To(ContainSubstring("recovered from kustomize build panic")) | ||
// Run again to ensure the lock is released | ||
_, err = Build("testdata/panic", "testdata/panic", false) | ||
g.Expect(err).To(HaveOccurred()) | ||
}) | ||
} | ||
|
||
func Test_Buid_rel_basedir(t *testing.T) { | ||
g := NewWithT(t) | ||
|
||
_, err := Build("testdata/relbase", "testdata/relbase/clusters/staging/flux-system", false) | ||
g.Expect(err).ToNot(HaveOccurred()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters