Skip to content

Commit

Permalink
feat: allow and deny list support for schema field overwriting (namel…
Browse files Browse the repository at this point in the history 
…y label and image fields atm)
  • Loading branch information
@aaron-prindle
aaron-prindle committed Mar 9, 2022
1 parent d2134aa commit e891951
Show file tree
Hide file tree
Showing 24 changed files with 849 additions and 206 deletions.
8 changes: 8 additions & 0 deletions cmd/skaffold/app/cmd/flags.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -606,6 +606,14 @@ var flagRegistry = []Flag{
FlagAddMethod: "BoolVar",
DefinedOn: []string{"deploy"},
},
{
Name: "resource-selector-rules-file",
Usage: "Path to JSON file specifying the deny list of yaml objects for skaffold to NOT transform with 'image' and 'label' field replacements. NOTE: this list is additive to skaffold's default denylist and denylist has priority over allowlist",
Value: &opts.TransformRulesFile,
DefValue: "",
FlagAddMethod: "StringVar",
DefinedOn: []string{"dev", "render", "run", "debug", "deploy"},
},
}

func methodNameByType(v reflect.Value) string {
Expand Down
10 changes: 10 additions & 0 deletions docs/content/en/docs/references/cli/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,7 @@ Options:
--propagate-profiles=true: Setting '--propagate-profiles=false' disables propagating profiles set by the '--profile' flag across config dependencies. This mean that only profiles defined directly in the target 'skaffold.yaml' file are activated.
--protocols=[]: Priority sorted order of debugger protocols to support.
--remote-cache-dir='': Specify the location of the git repositories cache (default $HOME/.skaffold/repos)
--resource-selector-rules-file='': Path to JSON file specifying the deny list of yaml objects for skaffold to NOT transform with 'image' and 'label' field replacements. NOTE: this list is additive to skaffold's default denylist and denylist has priority over allowlist
--rpc-http-port=: tcp port to expose the Skaffold API over HTTP REST
--rpc-port=: tcp port to expose the Skaffold API over gRPC
--skip-tests=false: Whether to skip the tests after building
Expand Down Expand Up @@ -478,6 +479,7 @@ Env vars:
* `SKAFFOLD_PROPAGATE_PROFILES` (same as `--propagate-profiles`)
* `SKAFFOLD_PROTOCOLS` (same as `--protocols`)
* `SKAFFOLD_REMOTE_CACHE_DIR` (same as `--remote-cache-dir`)
* `SKAFFOLD_RESOURCE_SELECTOR_RULES_FILE` (same as `--resource-selector-rules-file`)
* `SKAFFOLD_RPC_HTTP_PORT` (same as `--rpc-http-port`)
* `SKAFFOLD_RPC_PORT` (same as `--rpc-port`)
* `SKAFFOLD_SKIP_TESTS` (same as `--skip-tests`)
Expand Down Expand Up @@ -588,6 +590,7 @@ Options:
--profile-auto-activation=true: Set to false to disable profile auto activation
--propagate-profiles=true: Setting '--propagate-profiles=false' disables propagating profiles set by the '--profile' flag across config dependencies. This mean that only profiles defined directly in the target 'skaffold.yaml' file are activated.
--remote-cache-dir='': Specify the location of the git repositories cache (default $HOME/.skaffold/repos)
--resource-selector-rules-file='': Path to JSON file specifying the deny list of yaml objects for skaffold to NOT transform with 'image' and 'label' field replacements. NOTE: this list is additive to skaffold's default denylist and denylist has priority over allowlist
--rpc-http-port=: tcp port to expose the Skaffold API over HTTP REST
--rpc-port=: tcp port to expose the Skaffold API over gRPC
--skip-render=false: Don't render the manifests, just deploy them
Expand Down Expand Up @@ -632,6 +635,7 @@ Env vars:
* `SKAFFOLD_PROFILE_AUTO_ACTIVATION` (same as `--profile-auto-activation`)
* `SKAFFOLD_PROPAGATE_PROFILES` (same as `--propagate-profiles`)
* `SKAFFOLD_REMOTE_CACHE_DIR` (same as `--remote-cache-dir`)
* `SKAFFOLD_RESOURCE_SELECTOR_RULES_FILE` (same as `--resource-selector-rules-file`)
* `SKAFFOLD_RPC_HTTP_PORT` (same as `--rpc-http-port`)
* `SKAFFOLD_RPC_PORT` (same as `--rpc-port`)
* `SKAFFOLD_SKIP_RENDER` (same as `--skip-render`)
Expand Down Expand Up @@ -684,6 +688,7 @@ Options:
--profile-auto-activation=true: Set to false to disable profile auto activation
--propagate-profiles=true: Setting '--propagate-profiles=false' disables propagating profiles set by the '--profile' flag across config dependencies. This mean that only profiles defined directly in the target 'skaffold.yaml' file are activated.
--remote-cache-dir='': Specify the location of the git repositories cache (default $HOME/.skaffold/repos)
--resource-selector-rules-file='': Path to JSON file specifying the deny list of yaml objects for skaffold to NOT transform with 'image' and 'label' field replacements. NOTE: this list is additive to skaffold's default denylist and denylist has priority over allowlist
--rpc-http-port=: tcp port to expose the Skaffold API over HTTP REST
--rpc-port=: tcp port to expose the Skaffold API over gRPC
--skip-tests=false: Whether to skip the tests after building
Expand Down Expand Up @@ -740,6 +745,7 @@ Env vars:
* `SKAFFOLD_PROFILE_AUTO_ACTIVATION` (same as `--profile-auto-activation`)
* `SKAFFOLD_PROPAGATE_PROFILES` (same as `--propagate-profiles`)
* `SKAFFOLD_REMOTE_CACHE_DIR` (same as `--remote-cache-dir`)
* `SKAFFOLD_RESOURCE_SELECTOR_RULES_FILE` (same as `--resource-selector-rules-file`)
* `SKAFFOLD_RPC_HTTP_PORT` (same as `--rpc-http-port`)
* `SKAFFOLD_RPC_PORT` (same as `--rpc-port`)
* `SKAFFOLD_SKIP_TESTS` (same as `--skip-tests`)
Expand Down Expand Up @@ -934,6 +940,7 @@ Options:
--profile-auto-activation=true: Set to false to disable profile auto activation
--propagate-profiles=true: Setting '--propagate-profiles=false' disables propagating profiles set by the '--profile' flag across config dependencies. This mean that only profiles defined directly in the target 'skaffold.yaml' file are activated.
--remote-cache-dir='': Specify the location of the git repositories cache (default $HOME/.skaffold/repos)
--resource-selector-rules-file='': Path to JSON file specifying the deny list of yaml objects for skaffold to NOT transform with 'image' and 'label' field replacements. NOTE: this list is additive to skaffold's default denylist and denylist has priority over allowlist
--sync-remote-cache='always': Controls how Skaffold manages the remote config cache (see `remote-cache-dir`). One of `always` (default), `missing`, or `never`. `always` syncs remote repositories to latest on access. `missing` only clones remote repositories if they do not exist locally. `never` means the user takes responsibility for updating remote repositories.
--wait-for-connection=false: Blocks ending execution of skaffold until the /v2/events gRPC/HTTP endpoint is hit
Expand Down Expand Up @@ -962,6 +969,7 @@ Env vars:
* `SKAFFOLD_PROFILE_AUTO_ACTIVATION` (same as `--profile-auto-activation`)
* `SKAFFOLD_PROPAGATE_PROFILES` (same as `--propagate-profiles`)
* `SKAFFOLD_REMOTE_CACHE_DIR` (same as `--remote-cache-dir`)
* `SKAFFOLD_RESOURCE_SELECTOR_RULES_FILE` (same as `--resource-selector-rules-file`)
* `SKAFFOLD_SYNC_REMOTE_CACHE` (same as `--sync-remote-cache`)
* `SKAFFOLD_WAIT_FOR_CONNECTION` (same as `--wait-for-connection`)

Expand Down Expand Up @@ -1009,6 +1017,7 @@ Options:
--profile-auto-activation=true: Set to false to disable profile auto activation
--propagate-profiles=true: Setting '--propagate-profiles=false' disables propagating profiles set by the '--profile' flag across config dependencies. This mean that only profiles defined directly in the target 'skaffold.yaml' file are activated.
--remote-cache-dir='': Specify the location of the git repositories cache (default $HOME/.skaffold/repos)
--resource-selector-rules-file='': Path to JSON file specifying the deny list of yaml objects for skaffold to NOT transform with 'image' and 'label' field replacements. NOTE: this list is additive to skaffold's default denylist and denylist has priority over allowlist
--rpc-http-port=: tcp port to expose the Skaffold API over HTTP REST
--rpc-port=: tcp port to expose the Skaffold API over gRPC
--skip-tests=false: Whether to skip the tests after building
Expand Down Expand Up @@ -1060,6 +1069,7 @@ Env vars:
* `SKAFFOLD_PROFILE_AUTO_ACTIVATION` (same as `--profile-auto-activation`)
* `SKAFFOLD_PROPAGATE_PROFILES` (same as `--propagate-profiles`)
* `SKAFFOLD_REMOTE_CACHE_DIR` (same as `--remote-cache-dir`)
* `SKAFFOLD_RESOURCE_SELECTOR_RULES_FILE` (same as `--resource-selector-rules-file`)
* `SKAFFOLD_RPC_HTTP_PORT` (same as `--rpc-http-port`)
* `SKAFFOLD_RPC_PORT` (same as `--rpc-port`)
* `SKAFFOLD_SKIP_TESTS` (same as `--skip-tests`)
Expand Down
56 changes: 48 additions & 8 deletions docs/content/en/schemas/v2beta28.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3301,6 +3301,11 @@
"description": "describes user defined resources to port-forward.",
"x-intellij-html-description": "describes user defined resources to port-forward."
},
"resourceSelector": {
"$ref": "#/definitions/ResourceSelectorConfig",
"description": "describes user defined filters describing how skaffold should treat objects/fields during rendering.",
"x-intellij-html-description": "describes user defined filters describing how skaffold should treat objects/fields during rendering."
},
"test": {
"items": {
"$ref": "#/definitions/TestCase"
Expand All @@ -3317,7 +3322,8 @@
"build",
"test",
"deploy",
"portForward"
"portForward",
"resourceSelector"
],
"additionalProperties": false,
"type": "object",
Expand Down Expand Up @@ -3355,9 +3361,14 @@
},
"ResourceFilter": {
"required": [
"type"
"groupKind"
],
"properties": {
"groupKind": {
"type": "string",
"description": "compact format of a resource type.",
"x-intellij-html-description": "compact format of a resource type."
},
"image": {
"items": {
"type": "string"
Expand All @@ -3375,15 +3386,10 @@
"description": "an optional slide of JSON-path-like paths of where to add a labels block if missing.",
"x-intellij-html-description": "an optional slide of JSON-path-like paths of where to add a labels block if missing.",
"default": "[]"
},
"type": {
"type": "string",
"description": "compact format of a resource type.",
"x-intellij-html-description": "compact format of a resource type."
}
},
"preferredOrder": [
"type",
"groupKind",
"image",
"labels"
],
Expand Down Expand Up @@ -3460,6 +3466,34 @@
"description": "describes the resource requirements for the kaniko pod.",
"x-intellij-html-description": "describes the resource requirements for the kaniko pod."
},
"ResourceSelectorConfig": {
"properties": {
"allow": {
"items": {
"$ref": "#/definitions/ResourceFilter"
},
"type": "array",
"description": "configures an allowlist for transforming manifests.",
"x-intellij-html-description": "configures an allowlist for transforming manifests."
},
"deny": {
"items": {
"$ref": "#/definitions/ResourceFilter"
},
"type": "array",
"description": "configures an allowlist for transforming manifests.",
"x-intellij-html-description": "configures an allowlist for transforming manifests."
}
},
"preferredOrder": [
"allow",
"deny"
],
"additionalProperties": false,
"type": "object",
"description": "contains all the configuration needed by the deploy steps.",
"x-intellij-html-description": "contains all the configuration needed by the deploy steps."
},
"ResourceType": {
"type": "string",
"description": "describes the Kubernetes resource types used for port forwarding.",
Expand Down Expand Up @@ -3526,6 +3560,11 @@
"description": "describes a list of other required configs for the current config.",
"x-intellij-html-description": "describes a list of other required configs for the current config."
},
"resourceSelector": {
"$ref": "#/definitions/ResourceSelectorConfig",
"description": "describes user defined filters describing how skaffold should treat objects/fields during rendering.",
"x-intellij-html-description": "describes user defined filters describing how skaffold should treat objects/fields during rendering."
},
"test": {
"items": {
"$ref": "#/definitions/TestCase"
Expand All @@ -3544,6 +3583,7 @@
"test",
"deploy",
"portForward",
"resourceSelector",
"profiles"
],
"additionalProperties": false,
Expand Down
13 changes: 7 additions & 6 deletions pkg/skaffold/config/options.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,13 @@ type SkaffoldOptions struct {
// TODO(https://github.com/GoogleContainerTools/skaffold/issues/3668):
// remove minikubeProfile from here and instead detect it by matching the
// kubecontext API Server to minikube profiles
MinikubeProfile string
Namespace string
RenderOutput string
RepoCacheDir string
Trigger string
User string
MinikubeProfile string
Namespace string
RenderOutput string
RepoCacheDir string
Trigger string
User string
TransformRulesFile string

ConfigurationFilter []string
CustomLabels []string
Expand Down
32 changes: 17 additions & 15 deletions pkg/skaffold/deploy/deploy_problems_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,18 +108,20 @@ type mockConfig struct {
kubeContext string
}

func (m mockConfig) MinikubeProfile() string { return m.minikube }
func (m mockConfig) GetPipelines() []latestV1.Pipeline { return []latestV1.Pipeline{} }
func (m mockConfig) GetWorkingDir() string { return "" }
func (m mockConfig) GetNamespace() string { return "" }
func (m mockConfig) GlobalConfig() string { return "" }
func (m mockConfig) ConfigurationFile() string { return "" }
func (m mockConfig) DefaultRepo() *string { return &m.minikube }
func (m mockConfig) MultiLevelRepo() *bool { return nil }
func (m mockConfig) SkipRender() bool { return true }
func (m mockConfig) Prune() bool { return true }
func (m mockConfig) ContainerDebugging() bool { return false }
func (m mockConfig) GetKubeContext() string { return m.kubeContext }
func (m mockConfig) GetInsecureRegistries() map[string]bool { return map[string]bool{} }
func (m mockConfig) Mode() config.RunMode { return config.RunModes.Dev }
func (m mockConfig) TransformableAllowList() []latestV1.ResourceFilter { return nil }
func (m mockConfig) MinikubeProfile() string { return m.minikube }
func (m mockConfig) GetPipelines() []latestV1.Pipeline { return []latestV1.Pipeline{} }
func (m mockConfig) GetWorkingDir() string { return "" }
func (m mockConfig) GetNamespace() string { return "" }
func (m mockConfig) GlobalConfig() string { return "" }
func (m mockConfig) ConfigurationFile() string { return "" }
func (m mockConfig) DefaultRepo() *string { return &m.minikube }
func (m mockConfig) MultiLevelRepo() *bool { return nil }
func (m mockConfig) SkipRender() bool { return true }
func (m mockConfig) Prune() bool { return true }
func (m mockConfig) ContainerDebugging() bool { return false }
func (m mockConfig) GetKubeContext() string { return m.kubeContext }
func (m mockConfig) GetInsecureRegistries() map[string]bool { return map[string]bool{} }
func (m mockConfig) Mode() config.RunMode { return config.RunModes.Dev }
func (m mockConfig) TransformAllowList() []latestV1.ResourceFilter { return nil }
func (m mockConfig) TransformDenyList() []latestV1.ResourceFilter { return nil }
func (m mockConfig) TransformRulesFile() string { return "" }
Loading

0 comments on commit e891951

Please sign in to comment.