🍗 enforce gitops write on template store CRD #793

enforce gitops write on template store CRD

Author: petar-cvit

cyclops-ctrl/api/v1alpha1/module_types.go

@@ -56,6 +56,12 @@ const (
 	ResourceFinalizer = "cyclops-ui.com/module-resources"
 )
 
+type GitOpsWriteDestination struct {
+	Repo    string `json:"repo"`
+	Path    string `json:"path"`
+	Version string `json:"version"`
+}
+
 type TemplateRef struct {
 	URL     string `json:"repo"`
 	Path    string `json:"path"`
@@ -64,6 +70,9 @@ type TemplateRef struct {
 	// +kubebuilder:validation:Enum=git;helm;oci
 	// +kubebuilder:validation:Optional
 	SourceType TemplateSourceType `json:"sourceType,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	EnforceGitOpsWrite *GitOpsWriteDestination `json:"enforceGitOpsWrite,omitempty"`
 }
 
 type TemplateGitRef struct {

cyclops-ctrl/api/v1alpha1/zz_generated.deepcopy.go

@@ -104,6 +104,19 @@ spec:
                 type: string
               template:
                 properties:
+                  enforceGitOpsWrite:
+                    properties:
+                      path:
+                        type: string
+                      repo:
+                        type: string
+                      version:
+                        type: string
+                    required:
+                    - path
+                    - repo
+                    - version
+                    type: object
                   path:
                     type: string
                   repo:

cyclops-ctrl/config/crd/bases/cyclops-ui.com_modules.yaml

@@ -55,6 +55,19 @@ spec:
             type: object
           spec:
             properties:
+              enforceGitOpsWrite:
+                properties:
+                  path:
+                    type: string
+                  repo:
+                    type: string
+                  version:
+                    type: string
+                required:
+                - path
+                - repo
+                - version
+                type: object
               path:
                 type: string
               repo:

cyclops-ctrl/config/crd/bases/cyclops-ui.com_templatestores.yaml

@@ -4,14 +4,13 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	json "github.com/json-iterator/go"
 	path2 "path"
 	"text/template"
 	"time"
 
-	"github.com/cyclops-ui/cyclops/cyclops-ctrl/pkg/auth"
 	"github.com/go-logr/logr"
 
-	cyclopsv1alpha1 "github.com/cyclops-ui/cyclops/cyclops-ctrl/api/v1alpha1"
 	"github.com/go-git/go-billy/v5"
 	"github.com/go-git/go-billy/v5/memfs"
 	"github.com/go-git/go-git/v5"
@@ -20,6 +19,9 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	"github.com/go-git/go-git/v5/storage/memory"
 	"sigs.k8s.io/yaml"
+
+	cyclopsv1alpha1 "github.com/cyclops-ui/cyclops/cyclops-ctrl/api/v1alpha1"
+	"github.com/cyclops-ui/cyclops/cyclops-ctrl/pkg/auth"
 )
 
 type WriteClient struct {
@@ -50,6 +52,32 @@ func getCommitMessageTemplate(commitMessageTemplate string, logger logr.Logger)
 	return tmpl
 }
 
+func getModulePath(module cyclopsv1alpha1.Module) (string, error) {
+	path := module.GetAnnotations()[cyclopsv1alpha1.GitOpsWritePathAnnotation]
+
+	tmpl, err := template.New("modulePath").Parse(path)
+	if err != nil {
+		return "", err
+	}
+
+	moduleMap := make(map[string]interface{})
+	moduleData, err := json.Marshal(module)
+	if err != nil {
+		return "", err
+	}
+	if err := json.Unmarshal(moduleData, &moduleMap); err != nil {
+		return "", err
+	}
+
+	var o bytes.Buffer
+	err = tmpl.Execute(&o, moduleMap)
+	if err != nil {
+		return "", err
+	}
+
+	return o.String(), nil
+}
+
 func (c *WriteClient) Write(module cyclopsv1alpha1.Module) error {
 	module.Status.ReconciliationStatus = nil
 	module.Status.ManagedGVRs = nil
@@ -59,14 +87,22 @@ func (c *WriteClient) Write(module cyclopsv1alpha1.Module) error {
 		return errors.New(fmt.Sprintf("module passed to write without git repository; set cyclops-ui.com/write-repo annotation in module %v", module.Name))
 	}
 
-	path := module.GetAnnotations()[cyclopsv1alpha1.GitOpsWritePathAnnotation]
+	path, err := getModulePath(module)
+	if err != nil {
+		return err
+	}
+
 	revision := module.GetAnnotations()[cyclopsv1alpha1.GitOpsWriteRevisionAnnotation]
 
 	creds, err := c.templatesResolver.RepoAuthCredentials(repoURL)
 	if err != nil {
 		return err
 	}
 
+	if creds == nil {
+		return errors.New(fmt.Sprintf("failed to fetch creds for repo %v: check template auth rules", repoURL))
+	}
+
 	storer := memory.NewStorage()
 	fs := memfs.New()
 

cyclops-ctrl/internal/git/writeclient.go

@@ -16,6 +16,15 @@ func TemplateStoreListToDTO(store []v1alpha1.TemplateStore) []dto.TemplateStore
 			iconURL = templateStore.GetAnnotations()[v1alpha1.IconURLAnnotation]
 		}
 
+		var enforceGitOpsWrite *dto.GitOpsWrite
+		if templateStore.Spec.EnforceGitOpsWrite != nil {
+			enforceGitOpsWrite = &dto.GitOpsWrite{
+				Repo:   templateStore.Spec.EnforceGitOpsWrite.Repo,
+				Path:   templateStore.Spec.EnforceGitOpsWrite.Path,
+				Branch: templateStore.Spec.EnforceGitOpsWrite.Version,
+			}
+		}
+
 		out = append(out, dto.TemplateStore{
 			Name:    templateStore.Name,
 			IconURL: iconURL,
@@ -25,13 +34,23 @@ func TemplateStoreListToDTO(store []v1alpha1.TemplateStore) []dto.TemplateStore
 				Version:    templateStore.Spec.Version,
 				SourceType: string(templateStore.Spec.SourceType),
 			},
+			EnforceGitOpsWrite: enforceGitOpsWrite,
 		})
 	}
 
 	return out
 }
 
 func DTOToTemplateStore(store dto.TemplateStore, iconURL string) *v1alpha1.TemplateStore {
+	var enforceGitOpsWrite *v1alpha1.GitOpsWriteDestination
+	if store.EnforceGitOpsWrite != nil {
+		enforceGitOpsWrite = &v1alpha1.GitOpsWriteDestination{
+			Repo:    store.EnforceGitOpsWrite.Repo,
+			Path:    store.EnforceGitOpsWrite.Path,
+			Version: store.EnforceGitOpsWrite.Branch,
+		}
+	}
+
 	return &v1alpha1.TemplateStore{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "TemplateStore",
@@ -44,10 +63,11 @@ func DTOToTemplateStore(store dto.TemplateStore, iconURL string) *v1alpha1.Templ
 			},
 		},
 		Spec: v1alpha1.TemplateRef{
-			URL:        store.TemplateRef.URL,
-			Path:       store.TemplateRef.Path,
-			Version:    store.TemplateRef.Version,
-			SourceType: v1alpha1.TemplateSourceType(store.TemplateRef.SourceType),
+			URL:                store.TemplateRef.URL,
+			Path:               store.TemplateRef.Path,
+			Version:            store.TemplateRef.Version,
+			SourceType:         v1alpha1.TemplateSourceType(store.TemplateRef.SourceType),
+			EnforceGitOpsWrite: enforceGitOpsWrite,
 		},
 	}
 }

cyclops-ctrl/internal/mapper/templatestore.go

@@ -1,7 +1,8 @@
 package dto
 
 type TemplateStore struct {
-	Name        string   `json:"name" binding:"required"`
-	IconURL     string   `json:"iconURL"`
-	TemplateRef Template `json:"ref"`
+	Name               string       `json:"name" binding:"required"`
+	IconURL            string       `json:"iconURL"`
+	TemplateRef        Template     `json:"ref"`
+	EnforceGitOpsWrite *GitOpsWrite `json:"enforceGitOpsWrite,omitempty"`
 }

cyclops-ctrl/internal/models/dto/templatestore.go

@@ -91,13 +91,6 @@ func NewModuleReconciler(
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the Module object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
-//
-// For more details, check Reconcile and its Result here:
-// - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile
 func (r *ModuleReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	_ = log.FromContext(ctx)
 	r.telemetryClient.ModuleReconciliation()

cyclops-ctrl/internal/modulecontroller/module_controller.go

@@ -107,6 +107,7 @@ const Modules = () => {
   const handleClick = () => {
     window.location.href = "/modules/new";
   };
+
   const handleSelectItem = (selectedItems: any[]) => {
     setModuleHealthFilter(selectedItems);
   };