From 89a7fa03103e749f5209f14ac1c7142a77953e66 Mon Sep 17 00:00:00 2001 From: Kit Patella Date: Thu, 31 Oct 2024 06:11:46 -0700 Subject: [PATCH 1/7] chore: begin adding logger to `zarf dev` (#3163) Signed-off-by: Kit Patella --- src/cmd/dev.go | 21 +++++++++++++++++++-- src/pkg/packager/prepare.go | 25 +++++++++++++++++++++++-- src/pkg/transform/types.go | 1 + 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/src/cmd/dev.go b/src/cmd/dev.go index 7540c2b365..e8bffd57c0 100644 --- a/src/cmd/dev.go +++ b/src/cmd/dev.go @@ -23,6 +23,7 @@ import ( "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/config/lang" "github.com/zarf-dev/zarf/src/pkg/lint" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager" "github.com/zarf-dev/zarf/src/pkg/transform" @@ -113,13 +114,17 @@ var devTransformGitLinksCmd = &cobra.Command{ return fmt.Errorf("unable to read the file %s: %w", fileName, err) } - pkgConfig.InitOpts.GitServer.Address = host + gitServer := pkgConfig.InitOpts.GitServer + gitServer.Address = host // Perform git url transformation via regex text := string(content) - processedText := transform.MutateGitURLsInText(message.Warnf, pkgConfig.InitOpts.GitServer.Address, text, pkgConfig.InitOpts.GitServer.PushUsername) + + // TODO(mkcp): Currently uses message for its log fn. Migrate to ctx and slog + processedText := transform.MutateGitURLsInText(message.Warnf, gitServer.Address, text, gitServer.PushUsername) // Print the differences + // TODO(mkcp): Uses pterm to print text diffs. Decouple from pterm after we release logger. dmp := diffmatchpatch.New() diffs := dmp.DiffMain(text, processedText, true) diffs = dmp.DiffCleanupSemantic(diffs) @@ -160,6 +165,7 @@ var devSha256SumCmd = &cobra.Command{ if helpers.IsURL(fileName) { message.Warn(lang.CmdDevSha256sumRemoteWarning) + logger.From(cmd.Context()).Warn("this is a remote source. If a published checksum is available you should use that rather than calculating it directly from the remote link") fileBase, err := helpers.ExtractBasePathFromURL(fileName) if err != nil { @@ -251,8 +257,14 @@ var devFindImagesCmd = &cobra.Command{ defer pkgClient.ClearTempPaths() _, err = pkgClient.FindImages(cmd.Context()) + var lintErr *lint.LintError if errors.As(err, &lintErr) { + // HACK(mkcp): Re-initializing PTerm with a stderr writer isn't great, but it lets us render these lint + // tables below for backwards compatibility + if logger.Enabled(cmd.Context()) { + message.InitializePTerm(logger.DestinationDefault) + } common.PrintFindings(lintErr) } if err != nil { @@ -299,6 +311,11 @@ var devLintCmd = &cobra.Command{ err := lint.Validate(cmd.Context(), pkgConfig.CreateOpts.BaseDir, pkgConfig.CreateOpts.Flavor, pkgConfig.CreateOpts.SetVariables) var lintErr *lint.LintError if errors.As(err, &lintErr) { + // HACK(mkcp): Re-initializing PTerm with a stderr writer isn't great, but it lets us render these lint + // tables below for backwards compatibility + if logger.Enabled(cmd.Context()) { + message.InitializePTerm(logger.DestinationDefault) + } common.PrintFindings(lintErr) // Do not return an error if the findings are all warnings. if lintErr.OnlyWarnings() { diff --git a/src/pkg/packager/prepare.go b/src/pkg/packager/prepare.go index 9dd4f0edf0..0f17488929 100644 --- a/src/pkg/packager/prepare.go +++ b/src/pkg/packager/prepare.go @@ -8,11 +8,13 @@ import ( "context" "errors" "fmt" + "github.com/zarf-dev/zarf/src/pkg/logger" "os" "path/filepath" "regexp" "sort" "strings" + "time" "github.com/defenseunicorns/pkg/helpers/v2" "github.com/goccy/go-yaml" @@ -40,6 +42,7 @@ var imageFuzzyCheck = regexp.MustCompile(`(?mi)["|=]([a-z0-9\-.\/:]+:[\w.\-]*[a- // FindImages iterates over a Zarf.yaml and attempts to parse any images. func (p *Packager) FindImages(ctx context.Context) (map[string][]string, error) { + l := logger.From(ctx) cwd, err := os.Getwd() if err != nil { return nil, err @@ -48,12 +51,14 @@ func (p *Packager) FindImages(ctx context.Context) (map[string][]string, error) // Return to the original working directory if err := os.Chdir(cwd); err != nil { message.Warnf("Unable to return to the original working directory: %s", err.Error()) + l.Warn("unable to return to the original working directory", "error", err) } }() if err := os.Chdir(p.cfg.CreateOpts.BaseDir); err != nil { return nil, fmt.Errorf("unable to access directory %q: %w", p.cfg.CreateOpts.BaseDir, err) } message.Note(fmt.Sprintf("Using build directory %s", p.cfg.CreateOpts.BaseDir)) + l.Info("using build directory", "path", p.cfg.CreateOpts.BaseDir) c := creator.NewPackageCreator(p.cfg.CreateOpts, cwd) @@ -67,6 +72,7 @@ func (p *Packager) FindImages(ctx context.Context) (map[string][]string, error) } for _, warning := range warnings { message.Warn(warning) + l.Warn(warning) } p.cfg.Pkg = pkg @@ -75,12 +81,15 @@ func (p *Packager) FindImages(ctx context.Context) (map[string][]string, error) // TODO: Refactor to return output string instead of printing inside of function. func (p *Packager) findImages(ctx context.Context) (map[string][]string, error) { + l := logger.From(ctx) for _, component := range p.cfg.Pkg.Components { if len(component.Repos) > 0 && p.cfg.FindImagesOpts.RepoHelmChartPath == "" { - message.Note("This Zarf package contains git repositories, " + + msg := "This Zarf package contains git repositories, " + "if any repos contain helm charts you want to template and " + "search for images, make sure to specify the helm chart path " + - "via the --repo-chart-path flag") + "via the --repo-chart-path flag" + message.Note(msg) + l.Info(msg) break } } @@ -261,6 +270,8 @@ func (p *Packager) findImages(ctx context.Context) (map[string][]string, error) } } + imgCompStart := time.Now() + l.Info("looking for images in component", "name", component.Name, "resourcesCount", len(resources)) spinner := message.NewProgressSpinner("Looking for images in component %q across %d resources", component.Name, len(resources)) defer spinner.Stop() @@ -289,9 +300,11 @@ func (p *Packager) findImages(ctx context.Context) (map[string][]string, error) if descriptor, err := crane.Head(image, images.WithGlobalInsecureFlag()...); err != nil { // Test if this is a real image, if not just quiet log to debug, this is normal message.Debugf("Suspected image does not appear to be valid: %#v", err) + l.Debug("suspected image does not appear to be valid", "error", err) } else { // Otherwise, add to the list of images message.Debugf("Imaged digest found: %s", descriptor.Digest) + l.Debug("imaged digest found", "digest", descriptor.Digest) validImages = append(validImages, image) } } @@ -306,16 +319,23 @@ func (p *Packager) findImages(ctx context.Context) (map[string][]string, error) } spinner.Success() + l.Debug("done looking for images in component", + "name", component.Name, + "resourcesCount", len(resources), + "duration", time.Since(imgCompStart)) if !p.cfg.FindImagesOpts.SkipCosign { // Handle cosign artifact lookups if len(imagesMap[component.Name]) > 0 { var cosignArtifactList []string + imgStart := time.Now() spinner := message.NewProgressSpinner("Looking up cosign artifacts for discovered images (0/%d)", len(imagesMap[component.Name])) defer spinner.Stop() + l.Info("looking up cosign artifacts for discovered images", "count", len(imagesMap[component.Name])) for idx, image := range imagesMap[component.Name] { spinner.Updatef("Looking up cosign artifacts for discovered images (%d/%d)", idx+1, len(imagesMap[component.Name])) + l.Debug("looking up cosign artifacts for image", "name", imagesMap[component.Name]) cosignArtifacts, err := utils.GetCosignArtifacts(image) if err != nil { return nil, fmt.Errorf("could not lookup the cosing artifacts for image %s: %w", image, err) @@ -324,6 +344,7 @@ func (p *Packager) findImages(ctx context.Context) (map[string][]string, error) } spinner.Success() + l.Debug("done looking up cosign artifacts for discovered images", "count", len(imagesMap[component.Name]), "duration", time.Since(imgStart)) if len(cosignArtifactList) > 0 { imagesMap[component.Name] = append(imagesMap[component.Name], cosignArtifactList...) diff --git a/src/pkg/transform/types.go b/src/pkg/transform/types.go index dbf4922a0f..89cfaa391e 100644 --- a/src/pkg/transform/types.go +++ b/src/pkg/transform/types.go @@ -4,4 +4,5 @@ package transform // Log is a function that logs a message. +// TODO(mkcp): Remove Log and port over to logger once we remove message. type Log func(string, ...any) From 4c0521a83c5673819e1c963094405c2c0ab5f73e Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Thu, 31 Oct 2024 11:59:40 -0400 Subject: [PATCH 2/7] feat: expose Helm skip schema validation option in Zarf schema (#3165) Signed-off-by: Austin Abro --- src/api/v1alpha1/component.go | 10 ++++++++++ src/internal/packager/helm/chart.go | 4 ++++ zarf.schema.json | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/src/api/v1alpha1/component.go b/src/api/v1alpha1/component.go index 74ac45251c..8948f03f5c 100644 --- a/src/api/v1alpha1/component.go +++ b/src/api/v1alpha1/component.go @@ -157,6 +157,16 @@ type ZarfChart struct { ValuesFiles []string `json:"valuesFiles,omitempty"` // [alpha] List of variables to set in the Helm chart. Variables []ZarfChartVariable `json:"variables,omitempty"` + // Whether or not to validate the values.yaml schema, defaults to true. Necessary in the air-gap when the JSON Schema references resources on the internet. + SchemaValidation *bool `json:"schemaValidation,omitempty"` +} + +// ShouldRunSchemaValidation returns if Helm schema validation should be run or not +func (zc ZarfChart) ShouldRunSchemaValidation() bool { + if zc.SchemaValidation != nil { + return *zc.SchemaValidation + } + return true } // ZarfChartVariable represents a variable that can be set for a Helm chart overrides. diff --git a/src/internal/packager/helm/chart.go b/src/internal/packager/helm/chart.go index 35e1e5625c..3711479275 100644 --- a/src/internal/packager/helm/chart.go +++ b/src/internal/packager/helm/chart.go @@ -296,6 +296,8 @@ func (h *Helm) installChart(ctx context.Context, postRender *renderer) (*release // Must be unique per-namespace and < 53 characters. @todo: restrict helm loadedChart name to this. client.ReleaseName = h.chart.ReleaseName + client.SkipSchemaValidation = !h.chart.ShouldRunSchemaValidation() + // Namespace must be specified. client.Namespace = h.chart.Namespace @@ -329,6 +331,8 @@ func (h *Helm) upgradeChart(ctx context.Context, lastRelease *release.Release, p client.SkipCRDs = true + client.SkipSchemaValidation = !h.chart.ShouldRunSchemaValidation() + // Namespace must be specified. client.Namespace = h.chart.Namespace diff --git a/zarf.schema.json b/zarf.schema.json index 67094c0f38..9b474b9400 100644 --- a/zarf.schema.json +++ b/zarf.schema.json @@ -377,6 +377,10 @@ }, "type": "array", "description": "[alpha] List of variables to set in the Helm chart." + }, + "schemaValidation": { + "type": "boolean", + "description": "Whether or not to validate the values.yaml schema, defaults to true. Necessary in the air-gap when the JSON Schema references resources on the internet." } }, "additionalProperties": false, From 1e906ffee49f31366fffc0150c85417e82ef5c38 Mon Sep 17 00:00:00 2001 From: Kit Patella Date: Thu, 31 Oct 2024 09:18:13 -0700 Subject: [PATCH 3/7] feat: use console-slogger as text handler (#3167) Signed-off-by: Kit Patella --- src/pkg/logger/logger.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/pkg/logger/logger.go b/src/pkg/logger/logger.go index bd17269772..82e98d44e6 100644 --- a/src/pkg/logger/logger.go +++ b/src/pkg/logger/logger.go @@ -134,7 +134,10 @@ func New(cfg Config) (*slog.Logger, error) { switch cfg.Format.ToLower() { case FormatText: - handler = slog.NewTextHandler(cfg.Destination, &opts) + handler = console.NewHandler(cfg.Destination, &console.HandlerOptions{ + Level: slog.Level(cfg.Level), + NoColor: true, + }) case FormatJSON: handler = slog.NewJSONHandler(cfg.Destination, &opts) case FormatConsole: From 80eabd76eac427d3e371d319476b82aff7fe27dc Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Thu, 31 Oct 2024 14:01:47 -0400 Subject: [PATCH 4/7] feat: send actions output to slogger (#3164) Signed-off-by: Austin Abro --- src/pkg/packager/actions/actions.go | 32 ++++++++++++++++------------- src/pkg/utils/exec/exec.go | 2 ++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/pkg/packager/actions/actions.go b/src/pkg/packager/actions/actions.go index e688e0b6ce..1c18035516 100644 --- a/src/pkg/packager/actions/actions.go +++ b/src/pkg/packager/actions/actions.go @@ -7,12 +7,13 @@ package actions import ( "context" "fmt" - "github.com/zarf-dev/zarf/src/pkg/logger" "regexp" "runtime" "strings" "time" + "github.com/zarf-dev/zarf/src/pkg/logger" + "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/internal/packager/template" @@ -40,7 +41,6 @@ func Run(ctx context.Context, defaultCfg v1alpha1.ZarfComponentActionDefaults, a // Run commands that a component has provided. func runAction(ctx context.Context, defaultCfg v1alpha1.ZarfComponentActionDefaults, action v1alpha1.ZarfComponentAction, variableConfig *variables.VariableConfig) error { var cmdEscaped string - var out string var err error cmd := action.Cmd l := logger.From(ctx) @@ -103,15 +103,22 @@ retryCmd: // Perform the action run. tryCmd := func(ctx context.Context) error { // Try running the command and continue the retry loop if it fails. - if out, err = actionRun(ctx, actionDefaults, cmd, actionDefaults.Shell, spinner); err != nil { + stdout, stderr, err := actionRun(ctx, actionDefaults, cmd, spinner) + if err != nil { + if !actionDefaults.Mute { + l.Warn("action failed", "cmd", cmdEscaped, "stdout", stdout, "stderr", stderr) + } return err } + if !actionDefaults.Mute { + l.Info("action succeeded", "cmd", cmdEscaped, "stdout", stdout, "stderr", stderr) + } - out = strings.TrimSpace(out) + outTrimmed := strings.TrimSpace(stdout) // If an output variable is defined, set it. for _, v := range action.SetVariables { - variableConfig.SetVariable(v.Name, out, v.Sensitive, v.AutoIndent, v.Type) + variableConfig.SetVariable(v.Name, outTrimmed, v.Sensitive, v.AutoIndent, v.Type) if err := variableConfig.CheckVariablePattern(v.Name, v.Pattern); err != nil { return err } @@ -135,8 +142,7 @@ retryCmd: if actionDefaults.MaxTotalSeconds < 1 { spinner.Updatef("Waiting for \"%s\" (no timeout)", cmdEscaped) l.Info("waiting for action (no timeout)", "cmd", cmdEscaped) - //TODO (schristoff): Make it so tryCmd can take a normal ctx - if err := tryCmd(context.Background()); err != nil { + if err := tryCmd(ctx); err != nil { continue retryCmd } @@ -286,9 +292,9 @@ func actionGetCfg(_ context.Context, cfg v1alpha1.ZarfComponentActionDefaults, a return cfg } -func actionRun(ctx context.Context, cfg v1alpha1.ZarfComponentActionDefaults, cmd string, shellPref v1alpha1.Shell, spinner *message.Spinner) (string, error) { +func actionRun(ctx context.Context, cfg v1alpha1.ZarfComponentActionDefaults, cmd string, spinner *message.Spinner) (string, string, error) { l := logger.From(ctx) - shell, shellArgs := exec.GetOSShell(shellPref) + shell, shellArgs := exec.GetOSShell(cfg.Shell) // TODO(mkcp): Remove message on logger release message.Debugf("Running command in %s: %s", shell, cmd) @@ -304,13 +310,11 @@ func actionRun(ctx context.Context, cfg v1alpha1.ZarfComponentActionDefaults, cm execCfg.Stderr = spinner } - out, errOut, err := exec.CmdWithContext(ctx, execCfg, shell, append(shellArgs, cmd)...) + stdout, stderr, err := exec.CmdWithContext(ctx, execCfg, shell, append(shellArgs, cmd)...) // Dump final complete output (respect mute to prevent sensitive values from hitting the logs). if !cfg.Mute { // TODO(mkcp): Remove message on logger release - message.Debug(cmd, out, errOut) - l.Debug("action complete", "cmd", cmd, "out", out, "errOut", errOut) + message.Debug(cmd, stdout, stderr) } - - return out, err + return stdout, stderr, err } diff --git a/src/pkg/utils/exec/exec.go b/src/pkg/utils/exec/exec.go index f9ac5bbed4..4d1f3640a9 100644 --- a/src/pkg/utils/exec/exec.go +++ b/src/pkg/utils/exec/exec.go @@ -88,6 +88,8 @@ func CmdWithContext(ctx context.Context, config Config, command string, args ... &stderrBuf, } + // TODO (@austinabro321) remove config options for stdout/stderr once logger is released + // as these options seem to have been added specifically for the spinner // Add the writers if requested. if config.Stdout != nil { stdoutWriters = append(stdoutWriters, config.Stdout) From 118094762f4fdad65a81f73d617cee61b7d5534c Mon Sep 17 00:00:00 2001 From: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Date: Thu, 31 Oct 2024 14:04:56 -0400 Subject: [PATCH 5/7] chore: add logger package deploy (#3159) Signed-off-by: Austin Abro --- src/cmd/initialize.go | 7 +-- src/cmd/tools/zarf.go | 5 +- src/internal/git/repository.go | 6 +++ src/internal/packager/helm/chart.go | 30 ++++++++---- src/internal/packager/helm/destroy.go | 2 +- src/internal/packager/helm/post-render.go | 9 ++++ src/internal/packager/helm/utils.go | 12 ++++- src/internal/packager/helm/zarf.go | 4 +- src/internal/packager/images/push.go | 6 +-- src/internal/packager/template/template.go | 9 ++-- src/internal/packager2/layout/import.go | 4 +- src/internal/packager2/pull.go | 2 +- src/pkg/cluster/data.go | 9 ++++ src/pkg/cluster/state.go | 2 - src/pkg/packager/common.go | 5 +- src/pkg/packager/composer/oci.go | 2 +- src/pkg/packager/creator/differential.go | 2 +- src/pkg/packager/creator/normal.go | 3 +- src/pkg/packager/deploy.go | 56 ++++++++++++++++++---- src/pkg/packager/prepare.go | 2 +- src/pkg/packager/publish.go | 4 +- src/pkg/packager/sources/new.go | 4 +- src/pkg/packager/sources/new_test.go | 9 ++-- src/pkg/packager/sources/tarball.go | 8 ++++ src/pkg/zoci/common.go | 11 +++-- src/test/e2e/14_oci_compose_test.go | 6 +-- 26 files changed, 159 insertions(+), 60 deletions(-) diff --git a/src/cmd/initialize.go b/src/cmd/initialize.go index 70e73c1223..0543f97749 100644 --- a/src/cmd/initialize.go +++ b/src/cmd/initialize.go @@ -36,6 +36,7 @@ var initCmd = &cobra.Command{ Long: lang.CmdInitLong, Example: lang.CmdInitExample, RunE: func(cmd *cobra.Command, _ []string) error { + ctx := cmd.Context() if err := validateInitFlags(); err != nil { return fmt.Errorf("invalid command flags were provided: %w", err) } @@ -50,7 +51,7 @@ var initCmd = &cobra.Command{ return err } - src, err := sources.New(&pkgConfig.PkgOpts) + src, err := sources.New(ctx, &pkgConfig.PkgOpts) if err != nil { return err } @@ -65,7 +66,7 @@ var initCmd = &cobra.Command{ } defer pkgClient.ClearTempPaths() - err = pkgClient.Deploy(cmd.Context()) + err = pkgClient.Deploy(ctx) if err != nil { return err } @@ -142,7 +143,7 @@ func downloadInitPackage(ctx context.Context, cacheDirectory string) (string, er // If the user wants to download the init-package, download it if confirmDownload { - remote, err := zoci.NewRemote(url, oci.PlatformForArch(config.GetArch())) + remote, err := zoci.NewRemote(ctx, url, oci.PlatformForArch(config.GetArch())) if err != nil { return "", err } diff --git a/src/cmd/tools/zarf.go b/src/cmd/tools/zarf.go index 1bf56fd574..d33af49cdf 100644 --- a/src/cmd/tools/zarf.go +++ b/src/cmd/tools/zarf.go @@ -222,13 +222,14 @@ var downloadInitCmd = &cobra.Command{ Use: "download-init", Short: lang.CmdToolsDownloadInitShort, RunE: func(cmd *cobra.Command, _ []string) error { + ctx := cmd.Context() url := zoci.GetInitPackageURL(config.CLIVersion) - remote, err := zoci.NewRemote(url, oci.PlatformForArch(config.GetArch())) + remote, err := zoci.NewRemote(ctx, url, oci.PlatformForArch(config.GetArch())) if err != nil { return fmt.Errorf("unable to download the init package: %w", err) } source := &sources.OCISource{Remote: remote} - _, err = source.Collect(cmd.Context(), outputDirectory) + _, err = source.Collect(ctx, outputDirectory) if err != nil { return fmt.Errorf("unable to download the init package: %w", err) } diff --git a/src/internal/git/repository.go b/src/internal/git/repository.go index 9d2b2d4918..be0215044b 100644 --- a/src/internal/git/repository.go +++ b/src/internal/git/repository.go @@ -18,6 +18,7 @@ import ( "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/plumbing/transport/http" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/pkg/utils" @@ -146,6 +147,7 @@ func (r *Repository) Path() string { // Push pushes the repository to the remote git server. func (r *Repository) Push(ctx context.Context, address, username, password string) error { + l := logger.From(ctx) repo, err := git.PlainOpen(r.path) if err != nil { return fmt.Errorf("not a valid git repo or unable to open: %w", err) @@ -195,10 +197,13 @@ func (r *Repository) Push(ctx context.Context, address, username, password strin err = repo.FetchContext(ctx, fetchOptions) if errors.Is(err, transport.ErrRepositoryNotFound) { message.Debugf("Repo not yet available offline, skipping fetch...") + l.Debug("repo not yet available offline, skipping fetch") } else if errors.Is(err, git.ErrForceNeeded) { message.Debugf("Repo fetch requires force, skipping fetch...") + l.Debug("repo fetch requires force, skipping fetch") } else if errors.Is(err, git.NoErrAlreadyUpToDate) { message.Debugf("Repo already up-to-date, skipping fetch...") + l.Debug("repo already up-to-date, skipping fetch") } else if err != nil { return fmt.Errorf("unable to fetch the git repo prior to push: %w", err) } @@ -217,6 +222,7 @@ func (r *Repository) Push(ctx context.Context, address, username, password strin }) if errors.Is(err, git.NoErrAlreadyUpToDate) { message.Debug("Repo already up-to-date") + l.Debug("repo already up-to-date") } else if errors.Is(err, plumbing.ErrObjectNotFound) { return fmt.Errorf("unable to push repo due to likely shallow clone: %s", err.Error()) } else if err != nil { diff --git a/src/internal/packager/helm/chart.go b/src/internal/packager/helm/chart.go index 3711479275..ac79a0fc1d 100644 --- a/src/internal/packager/helm/chart.go +++ b/src/internal/packager/helm/chart.go @@ -9,9 +9,10 @@ import ( "context" "errors" "fmt" - "github.com/zarf-dev/zarf/src/pkg/logger" "time" + "github.com/zarf-dev/zarf/src/pkg/logger" + "github.com/Masterminds/semver/v3" "github.com/avast/retry-go/v4" plutoversionsfile "github.com/fairwindsops/pluto/v5" @@ -35,15 +36,18 @@ import ( // InstallOrUpgradeChart performs a helm install of the given chart. func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, string, error) { - fromMessage := h.chart.URL - if fromMessage == "" { - fromMessage = "Zarf-generated helm chart" + l := logger.From(ctx) + start := time.Now() + source := h.chart.URL + if source == "" { + source = "Zarf-generated" } - spinner := message.NewProgressSpinner("Processing helm chart %s:%s from %s", + spinner := message.NewProgressSpinner("Processing helm chart %s:%s source: %s", h.chart.Name, h.chart.Version, - fromMessage) + source) defer spinner.Stop() + l.Info("processing helm chart", "name", h.chart.Name, "version", h.chart.Version, "source", source) // If no release name is specified, use the chart name. if h.chart.ReleaseName == "" { @@ -51,7 +55,7 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, } // Setup K8s connection. - err := h.createActionConfig(h.chart.Namespace, spinner) + err := h.createActionConfig(ctx, h.chart.Namespace, spinner) if err != nil { return nil, "", fmt.Errorf("unable to initialize the K8s client: %w", err) } @@ -73,15 +77,18 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, releases, histErr := histClient.Run(h.chart.ReleaseName) spinner.Updatef("Checking for existing helm deployment") + l.Debug("checking for existing helm deployment") if errors.Is(histErr, driver.ErrReleaseNotFound) { // No prior release, try to install it. spinner.Updatef("Attempting chart installation") + l.Info("performing Helm install", "chart", h.chart.Name) release, err = h.installChart(helmCtx, postRender) } else if histErr == nil && len(releases) > 0 { // Otherwise, there is a prior release so upgrade it. spinner.Updatef("Attempting chart upgrade") + l.Info("performing Helm upgrade", "chart", h.chart.Name) lastRelease := releases[len(releases)-1] @@ -118,6 +125,7 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, // Attempt to rollback on a failed upgrade. spinner.Updatef("Performing chart rollback") + l.Info("performing Helm rollback", "chart", h.chart.Name) err = h.rollbackChart(h.chart.ReleaseName, previouslyDeployedVersion) if err != nil { return nil, "", fmt.Errorf("%w: unable to rollback: %w", installErr, err) @@ -137,11 +145,13 @@ func (h *Helm) InstallOrUpgradeChart(ctx context.Context) (types.ConnectStrings, if !h.chart.NoWait { // Ensure we don't go past the timeout by using a context initialized with the helm timeout spinner.Updatef("Running health checks") + l.Info("running health checks", "chart", h.chart.Name) if err := healthchecks.WaitForReadyRuntime(helmCtx, h.cluster.Watcher, runtimeObjs); err != nil { return nil, "", err } } spinner.Success() + l.Debug("done processing helm chart", "name", h.chart.Name, "duration", time.Since(start)) // return any collected connect strings for zarf connect. return postRender.connectStrings, h.chart.ReleaseName, nil @@ -152,7 +162,7 @@ func (h *Helm) TemplateChart(ctx context.Context) (manifest string, chartValues spinner := message.NewProgressSpinner("Templating helm chart %s", h.chart.Name) defer spinner.Stop() - err = h.createActionConfig(h.chart.Namespace, spinner) + err = h.createActionConfig(ctx, h.chart.Namespace, spinner) // Setup K8s connection. if err != nil { @@ -216,7 +226,7 @@ func (h *Helm) TemplateChart(ctx context.Context) (manifest string, chartValues // RemoveChart removes a chart from the cluster. func (h *Helm) RemoveChart(ctx context.Context, namespace string, name string, spinner *message.Spinner) error { // Establish a new actionConfig for the namespace. - _ = h.createActionConfig(namespace, spinner) + _ = h.createActionConfig(ctx, namespace, spinner) // Perform the uninstall. response, err := h.uninstallChart(name) message.Debug(response) @@ -230,7 +240,7 @@ func (h *Helm) UpdateReleaseValues(ctx context.Context, updatedValues map[string spinner := message.NewProgressSpinner("Updating values for helm release %s", h.chart.ReleaseName) defer spinner.Stop() - err := h.createActionConfig(h.chart.Namespace, spinner) + err := h.createActionConfig(ctx, h.chart.Namespace, spinner) if err != nil { return fmt.Errorf("unable to initialize the K8s client: %w", err) } diff --git a/src/internal/packager/helm/destroy.go b/src/internal/packager/helm/destroy.go index 21693aaa92..86e0b63ce6 100644 --- a/src/internal/packager/helm/destroy.go +++ b/src/internal/packager/helm/destroy.go @@ -26,7 +26,7 @@ func Destroy(ctx context.Context, purgeAllZarfInstallations bool) { h := Helm{} // Initially load the actionConfig without a namespace - err := h.createActionConfig("", spinner) + err := h.createActionConfig(ctx, "", spinner) if err != nil { // Don't fatal since this is a removal action spinner.Errorf(err, "Unable to initialize the K8s client") diff --git a/src/internal/packager/helm/post-render.go b/src/internal/packager/helm/post-render.go index c316375acb..b80109ffd0 100644 --- a/src/internal/packager/helm/post-render.go +++ b/src/internal/packager/helm/post-render.go @@ -16,6 +16,7 @@ import ( "github.com/defenseunicorns/pkg/helpers/v2" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/cluster" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/types" @@ -117,6 +118,7 @@ func (r *renderer) Run(renderedManifests *bytes.Buffer) (*bytes.Buffer, error) { } func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { + l := logger.From(ctx) c := r.cluster namespaceList, err := r.cluster.Clientset.CoreV1().Namespaces().List(ctx, metav1.ListOptions{}) if err != nil { @@ -142,6 +144,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { // https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#initial-namespaces if slices.Contains([]string{"default", "kube-node-lease", "kube-public", "kube-system"}, name) { message.Warnf("Refusing to adopt the initial namespace: %s", name) + l.Warn("refusing to adopt initial namespace", "name", name) } else { // This is an existing namespace to adopt _, err := c.Clientset.CoreV1().Namespaces().Update(ctx, namespace, metav1.UpdateOptions{}) @@ -181,6 +184,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { }() if err != nil { message.WarnErrf(err, "Problem creating registry secret for the %s namespace", name) + l.Warn("problem creating registry secret", "namespace", name, "error", err.Error()) } // Create or update the zarf git server secret @@ -201,6 +205,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { }() if err != nil { message.WarnErrf(err, "Problem creating git server secret for the %s namespace", name) + l.Warn("problem creating git server secret", "namespace", name, "error", err.Error()) } } } @@ -208,6 +213,7 @@ func (r *renderer) adoptAndUpdateNamespaces(ctx context.Context) error { } func (r *renderer) editHelmResources(ctx context.Context, resources []releaseutil.Manifest, finalManifestsOutput *bytes.Buffer) error { + l := logger.From(ctx) dc, err := dynamic.NewForConfig(r.cluster.RestConfig) if err != nil { return err @@ -231,8 +237,10 @@ func (r *renderer) editHelmResources(ctx context.Context, resources []releaseuti // parse the namespace resource so it can be applied out-of-band by zarf instead of helm to avoid helm ns shenanigans if err := runtime.DefaultUnstructuredConverter.FromUnstructured(rawData.UnstructuredContent(), namespace); err != nil { message.WarnErrf(err, "could not parse namespace %s", rawData.GetName()) + l.Warn("failed to parse namespace", "name", rawData.GetName(), "error", err) } else { message.Debugf("Matched helm namespace %s for zarf annotation", namespace.Name) + l.Debug("matched helm namespace for zarf annotation", "name", namespace.Name) namespace.Labels = cluster.AdoptZarfManagedLabels(namespace.Labels) // Add it to the stack r.namespaces[namespace.Name] = namespace @@ -253,6 +261,7 @@ func (r *renderer) editHelmResources(ctx context.Context, resources []releaseuti if key, keyExists := labels[cluster.ZarfConnectLabelName]; keyExists { // If there is a zarf-connect label message.Debugf("Match helm service %s for zarf connection %s", rawData.GetName(), key) + l.Debug("match helm service for zarf connection", "service", rawData.GetName(), "connection-key", key) // Add the connectString for processing later in the deployment r.connectStrings[key] = types.ConnectString{ diff --git a/src/internal/packager/helm/utils.go b/src/internal/packager/helm/utils.go index 8d3d5f3202..38b9e1f889 100644 --- a/src/internal/packager/helm/utils.go +++ b/src/internal/packager/helm/utils.go @@ -5,9 +5,12 @@ package helm import ( + "context" "fmt" + "log/slog" "github.com/defenseunicorns/pkg/helpers/v2" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" "helm.sh/helm/v3/pkg/action" "helm.sh/helm/v3/pkg/chart" @@ -60,7 +63,7 @@ func (h *Helm) parseChartValues() (chartutil.Values, error) { return helpers.MergeMapRecursive(chartValues, h.valuesOverrides), nil } -func (h *Helm) createActionConfig(namespace string, spinner *message.Spinner) error { +func (h *Helm) createActionConfig(ctx context.Context, namespace string, spinner *message.Spinner) error { // Initialize helm SDK actionConfig := new(action.Configuration) // Set the settings for the helm SDK @@ -70,7 +73,12 @@ func (h *Helm) createActionConfig(namespace string, spinner *message.Spinner) er h.settings.SetNamespace(namespace) // Setup K8s connection - err := actionConfig.Init(h.settings.RESTClientGetter(), namespace, "", spinner.Updatef) + helmLogger := spinner.Updatef + if logger.Enabled(ctx) { + l := logger.From(ctx) + helmLogger = slog.NewLogLogger(l.Handler(), slog.LevelDebug).Printf + } + err := actionConfig.Init(h.settings.RESTClientGetter(), namespace, "", helmLogger) // Set the actionConfig is the received Helm pointer h.actionConfig = actionConfig diff --git a/src/internal/packager/helm/zarf.go b/src/internal/packager/helm/zarf.go index b6945a6e8c..4783f6557e 100644 --- a/src/internal/packager/helm/zarf.go +++ b/src/internal/packager/helm/zarf.go @@ -81,7 +81,7 @@ func (h *Helm) UpdateZarfAgentValues(ctx context.Context) error { return err } - err = h.createActionConfig(cluster.ZarfNamespaceName, spinner) + err = h.createActionConfig(ctx, cluster.ZarfNamespaceName, spinner) if err != nil { return err } @@ -111,7 +111,7 @@ func (h *Helm) UpdateZarfAgentValues(ctx context.Context) error { Value: agentImage.Tag, }, }) - applicationTemplates, err := template.GetZarfTemplates("zarf-agent", h.state) + applicationTemplates, err := template.GetZarfTemplates(ctx, "zarf-agent", h.state) if err != nil { return fmt.Errorf("error setting up the templates: %w", err) } diff --git a/src/internal/packager/images/push.go b/src/internal/packager/images/push.go index e04c628023..1930754e45 100644 --- a/src/internal/packager/images/push.go +++ b/src/internal/packager/images/push.go @@ -10,10 +10,10 @@ import ( "github.com/avast/retry-go/v4" "github.com/google/go-containerregistry/pkg/crane" - "github.com/google/go-containerregistry/pkg/logs" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/zarf-dev/zarf/src/pkg/cluster" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/transform" "github.com/zarf-dev/zarf/src/pkg/utils" @@ -21,8 +21,7 @@ import ( // Push pushes images to a registry. func Push(ctx context.Context, cfg PushConfig) error { - logs.Warn.SetOutput(&message.DebugWriter{}) - logs.Progress.SetOutput(&message.DebugWriter{}) + l := logger.From(ctx) toPush := map[transform.Image]v1.Image{} // Build an image list from the references @@ -67,6 +66,7 @@ func Push(ctx context.Context, cfg PushConfig) error { }() for refInfo, img := range toPush { message.Infof("Pushing %s", refInfo.Reference) + l.Info("pushing image", "name", refInfo.Reference) // If this is not a no checksum image push it for use with the Zarf agent if !cfg.NoChecksum { offlineNameCRC, err := transform.ImageTransformHost(registryURL, refInfo.Reference) diff --git a/src/internal/packager/template/template.go b/src/internal/packager/template/template.go index a77d09de93..f069698425 100644 --- a/src/internal/packager/template/template.go +++ b/src/internal/packager/template/template.go @@ -43,7 +43,7 @@ func GetZarfVariableConfig(ctx context.Context) *variables.VariableConfig { } // GetZarfTemplates returns the template keys and values to be used for templating. -func GetZarfTemplates(componentName string, state *types.ZarfState) (templateMap map[string]*variables.TextTemplate, err error) { +func GetZarfTemplates(ctx context.Context, componentName string, state *types.ZarfState) (templateMap map[string]*variables.TextTemplate, err error) { templateMap = make(map[string]*variables.TextTemplate) if state != nil { @@ -102,7 +102,7 @@ func GetZarfTemplates(componentName string, state *types.ZarfState) (templateMap } } - debugPrintTemplateMap(templateMap) + debugPrintTemplateMap(ctx, templateMap) return templateMap, nil } @@ -127,7 +127,9 @@ func generateHtpasswd(regInfo *types.RegistryInfo) (string, error) { return "", nil } -func debugPrintTemplateMap(templateMap map[string]*variables.TextTemplate) { +func debugPrintTemplateMap(ctx context.Context, templateMap map[string]*variables.TextTemplate) { + // TODO (@austinabro321) sanitize the template by making a copy and changing the actual keys + // then use json.MarshalIndent to create the json debugText := "templateMap = { " for key, template := range templateMap { @@ -141,4 +143,5 @@ func debugPrintTemplateMap(templateMap map[string]*variables.TextTemplate) { debugText += " }" message.Debug(debugText) + logger.From(ctx).Debug(debugText) } diff --git a/src/internal/packager2/layout/import.go b/src/internal/packager2/layout/import.go index a1c917eee0..6c29aa31b5 100644 --- a/src/internal/packager2/layout/import.go +++ b/src/internal/packager2/layout/import.go @@ -54,7 +54,7 @@ func resolveImports(ctx context.Context, pkg v1alpha1.ZarfPackage, packagePath, return v1alpha1.ZarfPackage{}, err } } else if component.Import.URL != "" { - remote, err := zoci.NewRemote(component.Import.URL, zoci.PlatformForSkeleton()) + remote, err := zoci.NewRemote(ctx, component.Import.URL, zoci.PlatformForSkeleton()) if err != nil { return v1alpha1.ZarfPackage{}, err } @@ -166,7 +166,7 @@ func fetchOCISkeleton(ctx context.Context, component v1alpha1.ZarfComponent, pac } // Get the descriptor for the component. - remote, err := zoci.NewRemote(component.Import.URL, zoci.PlatformForSkeleton()) + remote, err := zoci.NewRemote(ctx, component.Import.URL, zoci.PlatformForSkeleton()) if err != nil { return "", err } diff --git a/src/internal/packager2/pull.go b/src/internal/packager2/pull.go index 538facc5b9..5f9dc2b5b7 100644 --- a/src/internal/packager2/pull.go +++ b/src/internal/packager2/pull.go @@ -99,7 +99,7 @@ func pullOCI(ctx context.Context, src, tarPath, shasum string, filter filters.Co src = fmt.Sprintf("%s@sha256:%s", src, shasum) } arch := config.GetArch() - remote, err := zoci.NewRemote(src, oci.PlatformForArch(arch)) + remote, err := zoci.NewRemote(ctx, src, oci.PlatformForArch(arch)) if err != nil { return false, err } diff --git a/src/pkg/cluster/data.go b/src/pkg/cluster/data.go index 68148003a7..a85f52c7ab 100644 --- a/src/pkg/cluster/data.go +++ b/src/pkg/cluster/data.go @@ -25,6 +25,7 @@ import ( "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/config" "github.com/zarf-dev/zarf/src/pkg/layout" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/utils" "github.com/zarf-dev/zarf/src/pkg/utils/exec" @@ -33,6 +34,7 @@ import ( // HandleDataInjection waits for the target pod(s) to come up and inject the data into them // todo: this currently requires kubectl but we should have enough k8s work to make this native now. func (c *Cluster) HandleDataInjection(ctx context.Context, data v1alpha1.ZarfDataInjection, componentPath *layout.ComponentPaths, dataIdx int) error { + l := logger.From(ctx) injectionCompletionMarker := filepath.Join(componentPath.DataInjections, config.GetDataInjectionMarker()) if err := os.WriteFile(injectionCompletionMarker, []byte("🦄"), helpers.ReadWriteUser); err != nil { return fmt.Errorf("unable to create the data injection completion marker: %w", err) @@ -61,6 +63,7 @@ func (c *Cluster) HandleDataInjection(ctx context.Context, data v1alpha1.ZarfDat } message.Debugf("Attempting to inject data into %s", data.Target) + l.Debug("performing data injection", "target", data.Target) source := filepath.Join(componentPath.DataInjections, filepath.Base(data.Target.Path)) if helpers.InvalidPath(source) { @@ -91,6 +94,7 @@ func (c *Cluster) HandleDataInjection(ctx context.Context, data v1alpha1.ZarfDat kubectlBinPath := "kubectl" if err != nil { message.Warnf("Unable to get the zarf executable path, falling back to host kubectl: %s", err) + l.Warn("unable to get the zarf executable path, falling back to host kubectl", "error", err) } else { kubectlBinPath = fmt.Sprintf("%s tools kubectl", zarfCommand) } @@ -171,6 +175,7 @@ type podFilter func(pod corev1.Pod) bool // If the timeout is reached, an empty list will be returned. // TODO: Test, refactor and/or remove. func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interface, target podLookup, include podFilter) ([]corev1.Pod, error) { + l := logger.From(ctx) readyPods, err := retry.DoWithData(func() ([]corev1.Pod, error) { listOpts := metav1.ListOptions{ LabelSelector: target.Selector, @@ -180,6 +185,7 @@ func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interfac return nil, err } message.Debugf("Found %d pods for target %#v", len(podList.Items), target) + l.Debug("found pods matching the target", "count", len(podList.Items), "target", target) // Sort the pods from newest to oldest sort.Slice(podList.Items, func(i, j int) bool { return podList.Items[i].CreationTimestamp.After(podList.Items[j].CreationTimestamp.Time) @@ -188,6 +194,7 @@ func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interfac readyPods := []corev1.Pod{} for _, pod := range podList.Items { message.Debugf("Testing pod %q", pod.Name) + l.Debug("testing pod", "name", pod.Name) // If an include function is provided, only keep pods that return true if include != nil && !include(pod) { @@ -197,6 +204,7 @@ func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interfac // Handle container targeting if target.Container != "" { message.Debugf("Testing pod %q for container %q", pod.Name, target.Container) + l.Debug("testing container", "name", target.Container, "source-pod", pod.Name) // Check the status of initContainers for a running match for _, initContainer := range pod.Status.InitContainerStatuses { @@ -219,6 +227,7 @@ func waitForPodsAndContainers(ctx context.Context, clientset kubernetes.Interfac } else { status := pod.Status.Phase message.Debugf("Testing pod %q phase, want (%q) got (%q)", pod.Name, corev1.PodRunning, status) + l.Debug(fmt.Sprintf("checking pod for %s status", corev1.PodRunning), "pod", pod.Name, "status", status) // Regular status checking without a container if status == corev1.PodRunning { readyPods = append(readyPods, pod) diff --git a/src/pkg/cluster/state.go b/src/pkg/cluster/state.go index a6274356a0..0ad4dac449 100644 --- a/src/pkg/cluster/state.go +++ b/src/pkg/cluster/state.go @@ -235,7 +235,6 @@ func (c *Cluster) debugPrintZarfState(ctx context.Context, state *types.ZarfStat if state == nil { return } - // this is a shallow copy, nested pointers WILL NOT be copied oldState := *state sanitized := c.sanitizeZarfState(&oldState) @@ -244,7 +243,6 @@ func (c *Cluster) debugPrintZarfState(ctx context.Context, state *types.ZarfStat return } message.Debugf("ZarfState - %s", string(b)) - logger.From(ctx).Debug("cluster.debugPrintZarfState", "state", sanitized) } diff --git a/src/pkg/packager/common.go b/src/pkg/packager/common.go index 442335cec0..f74a9d68c2 100644 --- a/src/pkg/packager/common.go +++ b/src/pkg/packager/common.go @@ -8,11 +8,12 @@ import ( "context" "errors" "fmt" - "github.com/zarf-dev/zarf/src/pkg/logger" "os" "slices" "strings" + "github.com/zarf-dev/zarf/src/pkg/logger" + "github.com/Masterminds/semver/v3" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -106,7 +107,7 @@ func New(cfg *types.PackagerConfig, mods ...Modifier) (*Packager, error) { // Fill the source if it wasn't provided - note source can be nil if the package is being created if pkgr.source == nil && pkgr.cfg.CreateOpts.BaseDir == "" { - pkgr.source, err = sources.New(&pkgr.cfg.PkgOpts) + pkgr.source, err = sources.New(pkgr.ctx, &pkgr.cfg.PkgOpts) if err != nil { return nil, err } diff --git a/src/pkg/packager/composer/oci.go b/src/pkg/packager/composer/oci.go index 4d2589f717..4a49ce569f 100644 --- a/src/pkg/packager/composer/oci.go +++ b/src/pkg/packager/composer/oci.go @@ -28,7 +28,7 @@ func (ic *ImportChain) getRemote(ctx context.Context, url string) (*zoci.Remote, return ic.remote, nil } var err error - ic.remote, err = zoci.NewRemote(url, zoci.PlatformForSkeleton()) + ic.remote, err = zoci.NewRemote(ctx, url, zoci.PlatformForSkeleton()) if err != nil { return nil, err } diff --git a/src/pkg/packager/creator/differential.go b/src/pkg/packager/creator/differential.go index a373bcc4f2..d3aea389d9 100644 --- a/src/pkg/packager/creator/differential.go +++ b/src/pkg/packager/creator/differential.go @@ -25,7 +25,7 @@ func loadDifferentialData(ctx context.Context, diffPkgPath string) (diffData *ty diffLayout := layout.New(tmpdir) defer os.RemoveAll(diffLayout.Base) - src, err := sources.New(&types.ZarfPackageOptions{ + src, err := sources.New(ctx, &types.ZarfPackageOptions{ PackageSource: diffPkgPath, }) if err != nil { diff --git a/src/pkg/packager/creator/normal.go b/src/pkg/packager/creator/normal.go index d13d05e595..c97cab63c1 100644 --- a/src/pkg/packager/creator/normal.go +++ b/src/pkg/packager/creator/normal.go @@ -292,8 +292,7 @@ func (pc *PackageCreator) Output(ctx context.Context, dst *layout.PackagePaths, if err != nil { return err } - // TODO(mkcp): Port zoci.NewRemote to new logger - remote, err := zoci.NewRemote(ref, oci.PlatformForArch(config.GetArch())) + remote, err := zoci.NewRemote(ctx, ref, oci.PlatformForArch(config.GetArch())) if err != nil { return err } diff --git a/src/pkg/packager/deploy.go b/src/pkg/packager/deploy.go index 26079df5d4..6ecf6cc229 100644 --- a/src/pkg/packager/deploy.go +++ b/src/pkg/packager/deploy.go @@ -34,6 +34,7 @@ import ( "github.com/zarf-dev/zarf/src/internal/packager/template" "github.com/zarf-dev/zarf/src/pkg/cluster" "github.com/zarf-dev/zarf/src/pkg/layout" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/actions" "github.com/zarf-dev/zarf/src/pkg/packager/filters" @@ -56,6 +57,8 @@ func (p *Packager) resetRegistryHPA(ctx context.Context) { // Deploy attempts to deploy the given PackageConfig. func (p *Packager) Deploy(ctx context.Context) error { + l := logger.From(ctx) + start := time.Now() isInteractive := !config.CommonOptions.Confirm deployFilter := filters.Combine( @@ -89,12 +92,18 @@ func (p *Packager) Deploy(ctx context.Context) error { return err } warnings = append(warnings, validateWarnings...) + for _, warning := range validateWarnings { + l.Warn(warning) + } sbomViewFiles, sbomWarnings, err := p.layout.SBOMs.StageSBOMViewFiles() if err != nil { return err } warnings = append(warnings, sbomWarnings...) + for _, warning := range sbomWarnings { + l.Warn(warning) + } // Confirm the overall package deployment if !p.confirmAction(config.ZarfDeployStage, warnings, sbomViewFiles) { @@ -124,10 +133,12 @@ func (p *Packager) Deploy(ctx context.Context) error { } if len(deployedComponents) == 0 { message.Warn("No components were selected for deployment. Inspect the package to view the available components and select components interactively or by name with \"--components\"") + l.Warn("no components were selected for deployment. Inspect the package to view the available components and select components interactively or by name with \"--components\"") } // Notify all the things about the successful deployment message.Successf("Zarf deployment complete") + l.Debug("Zarf deployment complete", "duration", time.Since(start)) err = p.printTablesForDeployment(ctx, deployedComponents) if err != nil { @@ -139,6 +150,7 @@ func (p *Packager) Deploy(ctx context.Context) error { // deployComponents loops through a list of ZarfComponents and deploys them. func (p *Packager) deployComponents(ctx context.Context) ([]types.DeployedComponent, error) { + l := logger.From(ctx) deployedComponents := []types.DeployedComponent{} // Process all the components we are deploying @@ -165,6 +177,7 @@ func (p *Packager) deployComponents(ctx context.Context) ([]types.DeployedCompon installedCharts, err := p.cluster.GetInstalledChartsForComponent(ctx, p.cfg.Pkg.Metadata.Name, component) if err != nil { message.Debugf("Unable to fetch installed Helm charts for component '%s': %s", component.Name, err.Error()) + l.Debug("unable to fetch installed Helm charts", "component", component.Name, "error", err.Error()) } deployedComponent.InstalledCharts = installedCharts } @@ -186,6 +199,7 @@ func (p *Packager) deployComponents(ctx context.Context) ([]types.DeployedCompon onFailure := func() { if err := actions.Run(ctx, onDeploy.Defaults, onDeploy.OnFailure, p.variableConfig); err != nil { message.Debugf("unable to run component failure action: %s", err.Error()) + l.Debug("unable to run component failure action", "error", err.Error()) } } @@ -195,6 +209,7 @@ func (p *Packager) deployComponents(ctx context.Context) ([]types.DeployedCompon if p.isConnectedToCluster() { if _, err := p.cluster.RecordPackageDeployment(ctx, p.cfg.Pkg, deployedComponents); err != nil { message.Debugf("Unable to record package deployment for component %q: this will affect features like `zarf package remove`: %s", component.Name, err.Error()) + l.Debug("unable to record package deployment", "component", component.Name, "error", err.Error()) } } return nil, fmt.Errorf("unable to deploy component %q: %w", component.Name, deployErr) @@ -205,6 +220,7 @@ func (p *Packager) deployComponents(ctx context.Context) ([]types.DeployedCompon if p.isConnectedToCluster() { if _, err := p.cluster.RecordPackageDeployment(ctx, p.cfg.Pkg, deployedComponents); err != nil { message.Debugf("Unable to record package deployment for component %q: this will affect features like `zarf package remove`: %s", component.Name, err.Error()) + l.Debug("unable to record package deployment", "component", component.Name, "error", err.Error()) } } @@ -218,6 +234,7 @@ func (p *Packager) deployComponents(ctx context.Context) ([]types.DeployedCompon } func (p *Packager) deployInitComponent(ctx context.Context, component v1alpha1.ZarfComponent) ([]types.InstalledChart, error) { + l := logger.From(ctx) hasExternalRegistry := p.cfg.InitOpts.RegistryInfo.Address != "" isSeedRegistry := component.Name == "zarf-seed-registry" isRegistry := component.Name == "zarf-registry" @@ -239,6 +256,7 @@ func (p *Packager) deployInitComponent(ctx context.Context, component v1alpha1.Z if hasExternalRegistry && (isSeedRegistry || isInjector || isRegistry) { message.Notef("Not deploying the component (%s) since external registry information was provided during `zarf init`", component.Name) + l.Info("skipping init package component since external registry information was provided", "component", component.Name) return nil, nil } @@ -274,11 +292,13 @@ func (p *Packager) deployInitComponent(ctx context.Context, component v1alpha1.Z // Deploy a Zarf Component. func (p *Packager) deployComponent(ctx context.Context, component v1alpha1.ZarfComponent, noImgChecksum bool, noImgPush bool) ([]types.InstalledChart, error) { + l := logger.From(ctx) + start := time.Now() // Toggles for general deploy operations componentPath := p.layout.Components.Dirs[component.Name] - // All components now require a name message.HeaderInfof("📦 %s COMPONENT", strings.ToUpper(component.Name)) + l.Info("deploying component", "name", component.Name) hasImages := len(component.Images) > 0 && !noImgPush hasCharts := len(component.Charts) > 0 @@ -301,13 +321,14 @@ func (p *Packager) deployComponent(ctx context.Context, component v1alpha1.ZarfC if hasImages && !p.hpaModified && p.state.RegistryInfo.IsInternal() { if err := p.cluster.DisableRegHPAScaleDown(ctx); err != nil { message.Debugf("unable to disable the registry HPA scale down: %s", err.Error()) + l.Debug("unable to disable the registry HPA scale down", "error", err.Error()) } else { p.hpaModified = true } } } - err := p.populateComponentAndStateTemplates(component.Name) + err := p.populateComponentAndStateTemplates(ctx, component.Name) if err != nil { return nil, err } @@ -317,7 +338,7 @@ func (p *Packager) deployComponent(ctx context.Context, component v1alpha1.ZarfC } if hasFiles { - if err := p.processComponentFiles(component, componentPath.Files); err != nil { + if err := p.processComponentFiles(ctx, component, componentPath.Files); err != nil { return nil, fmt.Errorf("unable to process the component files: %w", err) } } @@ -357,6 +378,7 @@ func (p *Packager) deployComponent(ctx context.Context, component v1alpha1.ZarfC healthCheckContext, cancel := context.WithTimeout(ctx, p.cfg.DeployOpts.Timeout) defer cancel() spinner := message.NewProgressSpinner("Running health checks") + l.Info("running health checks") defer spinner.Stop() if err = healthchecks.Run(healthCheckContext, p.cluster.Watcher, component.HealthChecks); err != nil { return nil, fmt.Errorf("health checks failed: %w", err) @@ -368,16 +390,21 @@ func (p *Packager) deployComponent(ctx context.Context, component v1alpha1.ZarfC if err != nil { return nil, err } + l.Debug("done deploying component", "name", component.Name, "duration", time.Since(start)) return charts, nil } // Move files onto the host of the machine performing the deployment. -func (p *Packager) processComponentFiles(component v1alpha1.ZarfComponent, pkgLocation string) error { +func (p *Packager) processComponentFiles(ctx context.Context, component v1alpha1.ZarfComponent, pkgLocation string) error { + l := logger.From(ctx) spinner := message.NewProgressSpinner("Copying %d files", len(component.Files)) + start := time.Now() + l.Info("copying files", "count", len(component.Files)) defer spinner.Stop() for fileIdx, file := range component.Files { spinner.Updatef("Loading %s", file.Target) + l.Info("loading file", "name", file.Target) fileLocation := filepath.Join(pkgLocation, strconv.Itoa(fileIdx), filepath.Base(file.Target)) if helpers.InvalidPath(fileLocation) { @@ -387,6 +414,7 @@ func (p *Packager) processComponentFiles(component v1alpha1.ZarfComponent, pkgLo // If a shasum is specified check it again on deployment as well if file.Shasum != "" { spinner.Updatef("Validating SHASUM for %s", file.Target) + l.Debug("Validating SHASUM", "file", file.Target) if err := helpers.SHAsMatch(fileLocation, file.Shasum); err != nil { return err } @@ -417,6 +445,7 @@ func (p *Packager) processComponentFiles(component v1alpha1.ZarfComponent, pkgLo // If the file is a text file, template it if isText { spinner.Updatef("Templating %s", file.Target) + l.Debug("template file", "name", file.Target) if err := p.variableConfig.ReplaceTextTemplate(subFile); err != nil { return fmt.Errorf("unable to template file %s: %w", subFile, err) } @@ -425,6 +454,7 @@ func (p *Packager) processComponentFiles(component v1alpha1.ZarfComponent, pkgLo // Copy the file to the destination spinner.Updatef("Saving %s", file.Target) + l.Debug("saving file", "name", file.Target) err = helpers.CreatePathAndCopy(fileLocation, file.Target) if err != nil { return fmt.Errorf("unable to copy file %s to %s: %w", fileLocation, file.Target, err) @@ -449,15 +479,18 @@ func (p *Packager) processComponentFiles(component v1alpha1.ZarfComponent, pkgLo } spinner.Success() + l.Debug("done copying files", "duration", time.Since(start)) return nil } // setupState fetches the current ZarfState from the k8s cluster and sets the packager to use it func (p *Packager) setupState(ctx context.Context) error { + l := logger.From(ctx) // If we are touching K8s, make sure we can talk to it once per deployment spinner := message.NewProgressSpinner("Loading the Zarf State from the Kubernetes cluster") defer spinner.Stop() + l.Debug("loading the Zarf State from the Kubernetes cluster") state, err := p.cluster.LoadZarfState(ctx) // We ignore the error if in YOLO mode because Zarf should not be initiated. @@ -473,8 +506,8 @@ func (p *Packager) setupState(ctx context.Context) error { // YOLO mode, so minimal state needed state.Distro = "YOLO" - // Try to create the zarf namespace spinner.Updatef("Creating the Zarf namespace") + l.Info("creating the Zarf namespace") zarfNamespace := cluster.NewZarfManagedNamespace(cluster.ZarfNamespaceName) err := func() error { _, err := p.cluster.Clientset.CoreV1().Namespaces().Create(ctx, zarfNamespace, metav1.CreateOptions{}) @@ -499,6 +532,9 @@ func (p *Packager) setupState(ctx context.Context) error { message.Warn("This package is in YOLO mode, but the cluster was already initialized with 'zarf init'. " + "This may cause issues if the package does not exclude any charts or manifests from the Zarf Agent using " + "the pod or namespace label `zarf.dev/agent: ignore'.") + l.Warn("This package is in YOLO mode, but the cluster was already initialized with 'zarf init'. " + + "This may cause issues if the package does not exclude any charts or manifests from the Zarf Agent using " + + "the pod or namespace label `zarf.dev/agent: ignore'.") } p.state = state @@ -507,8 +543,8 @@ func (p *Packager) setupState(ctx context.Context) error { return nil } -func (p *Packager) populateComponentAndStateTemplates(componentName string) error { - applicationTemplates, err := template.GetZarfTemplates(componentName, p.state) +func (p *Packager) populateComponentAndStateTemplates(ctx context.Context, componentName string) error { + applicationTemplates, err := template.GetZarfTemplates(ctx, componentName, p.state) if err != nil { return err } @@ -548,7 +584,9 @@ func (p *Packager) pushImagesToRegistry(ctx context.Context, componentImages []s // Push all of the components git repos to the configured git server. func (p *Packager) pushReposToRepository(ctx context.Context, reposPath string, repos []string) error { + l := logger.From(ctx) for _, repoURL := range repos { + l.Info("pushing repository", "name", repoURL, "server", p.state.GitServer.Address) repository, err := git.Open(reposPath, repoURL) if err != nil { return err @@ -728,13 +766,15 @@ func (p *Packager) installChartAndManifests(ctx context.Context, componentPaths connectStrings, installedChartName, err := helmCfg.InstallOrUpgradeChart(ctx) if err != nil { return nil, err - } + } installedCharts = append(installedCharts, types.InstalledChart{Namespace: manifest.Namespace, ChartName: installedChartName, ConnectStrings: connectStrings}) } return installedCharts, nil } +// TODO once deploy is refactored to load the Zarf package and cluster objects in the cmd package +// table printing should be moved to cmd func (p *Packager) printTablesForDeployment(ctx context.Context, componentsToDeploy []types.DeployedComponent) error { // If not init config, print the application connection table if !p.cfg.Pkg.IsInitConfig() { diff --git a/src/pkg/packager/prepare.go b/src/pkg/packager/prepare.go index 0f17488929..9dffa529b7 100644 --- a/src/pkg/packager/prepare.go +++ b/src/pkg/packager/prepare.go @@ -149,7 +149,7 @@ func (p *Packager) findImages(ctx context.Context) (map[string][]string, error) if err != nil { return nil, err } - err = p.populateComponentAndStateTemplates(component.Name) + err = p.populateComponentAndStateTemplates(ctx, component.Name) if err != nil { return nil, err } diff --git a/src/pkg/packager/publish.go b/src/pkg/packager/publish.go index 95d4c66a36..34c54bd546 100644 --- a/src/pkg/packager/publish.go +++ b/src/pkg/packager/publish.go @@ -40,7 +40,7 @@ func (p *Packager) Publish(ctx context.Context) (err error) { arch := config.GetArch() - dstRemote, err := zoci.NewRemote(p.cfg.PublishOpts.PackageDestination, oci.PlatformForArch(arch)) + dstRemote, err := zoci.NewRemote(ctx, p.cfg.PublishOpts.PackageDestination, oci.PlatformForArch(arch)) if err != nil { return err } @@ -95,7 +95,7 @@ func (p *Packager) Publish(ctx context.Context) (err error) { } else { platform = oci.PlatformForArch(p.cfg.Pkg.Build.Architecture) } - remote, err := zoci.NewRemote(ref, platform) + remote, err := zoci.NewRemote(ctx, ref, platform) if err != nil { return err } diff --git a/src/pkg/packager/sources/new.go b/src/pkg/packager/sources/new.go index 65d0af6762..063901fac8 100644 --- a/src/pkg/packager/sources/new.go +++ b/src/pkg/packager/sources/new.go @@ -59,7 +59,7 @@ func Identify(pkgSrc string) string { } // New returns a new PackageSource based on the provided package options. -func New(pkgOpts *types.ZarfPackageOptions) (PackageSource, error) { +func New(ctx context.Context, pkgOpts *types.ZarfPackageOptions) (PackageSource, error) { var source PackageSource pkgSrc := pkgOpts.PackageSource @@ -70,7 +70,7 @@ func New(pkgOpts *types.ZarfPackageOptions) (PackageSource, error) { pkgSrc = fmt.Sprintf("%s@sha256:%s", pkgSrc, pkgOpts.Shasum) } arch := config.GetArch() - remote, err := zoci.NewRemote(pkgSrc, oci.PlatformForArch(arch)) + remote, err := zoci.NewRemote(ctx, pkgSrc, oci.PlatformForArch(arch)) if err != nil { return nil, err } diff --git a/src/pkg/packager/sources/new_test.go b/src/pkg/packager/sources/new_test.go index 17d1481192..eb14403778 100644 --- a/src/pkg/packager/sources/new_test.go +++ b/src/pkg/packager/sources/new_test.go @@ -93,7 +93,7 @@ func TestNewPackageSource(t *testing.T) { t.Parallel() require.Equal(t, tt.expectedIdentify, Identify(tt.src)) - ps, err := New(&types.ZarfPackageOptions{PackageSource: tt.src}) + ps, err := New(context.Background(), &types.ZarfPackageOptions{PackageSource: tt.src}) require.NoError(t, err) require.IsType(t, tt.expectedType, ps) }) @@ -166,8 +166,9 @@ func TestPackageSource(t *testing.T) { PackageSource: tt.src, Shasum: tt.shasum, } + ctx := context.Background() - ps, err := New(opts) + ps, err := New(ctx, opts) require.NoError(t, err) packageDir := t.TempDir() pkgLayout := layout.New(packageDir) @@ -180,7 +181,7 @@ func TestPackageSource(t *testing.T) { require.Empty(t, warnings) require.Equal(t, expectedPkg, pkg) - ps, err = New(opts) + ps, err = New(ctx, opts) require.NoError(t, err) metadataDir := t.TempDir() metadataLayout := layout.New(metadataDir) @@ -189,7 +190,7 @@ func TestPackageSource(t *testing.T) { require.Empty(t, warnings) require.Equal(t, expectedPkg, metadata) - ps, err = New(opts) + ps, err = New(ctx, opts) require.NoError(t, err) collectDir := t.TempDir() fp, err := ps.Collect(context.Background(), collectDir) diff --git a/src/pkg/packager/sources/tarball.go b/src/pkg/packager/sources/tarball.go index 5b556f78e1..b7a00dc159 100644 --- a/src/pkg/packager/sources/tarball.go +++ b/src/pkg/packager/sources/tarball.go @@ -12,11 +12,13 @@ import ( "io" "os" "path/filepath" + "time" "github.com/defenseunicorns/pkg/helpers/v2" "github.com/mholt/archiver/v3" "github.com/zarf-dev/zarf/src/api/v1alpha1" "github.com/zarf-dev/zarf/src/pkg/layout" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" "github.com/zarf-dev/zarf/src/pkg/packager/filters" "github.com/zarf-dev/zarf/src/pkg/zoci" @@ -35,8 +37,11 @@ type TarballSource struct { // LoadPackage loads a package from a tarball. func (s *TarballSource) LoadPackage(ctx context.Context, dst *layout.PackagePaths, filter filters.ComponentFilterStrategy, unarchiveAll bool) (pkg v1alpha1.ZarfPackage, warnings []string, err error) { + l := logger.From(ctx) spinner := message.NewProgressSpinner("Loading package from %q", s.PackageSource) defer spinner.Stop() + start := time.Now() + l.Info("loading package", "source", s.PackageSource) if s.Shasum != "" { if err := helpers.SHAsMatch(s.PackageSource, s.Shasum); err != nil { @@ -100,12 +105,14 @@ func (s *TarballSource) LoadPackage(ctx context.Context, dst *layout.PackagePath if !dst.IsLegacyLayout() { spinner := message.NewProgressSpinner("Validating full package checksums") defer spinner.Stop() + l.Info("validating package checksums", "source", s.PackageSource) if err := ValidatePackageIntegrity(dst, pkg.Metadata.AggregateChecksum, false); err != nil { return pkg, nil, err } spinner.Success() + l.Debug("done validating package checksums", "source", s.PackageSource) if !s.SkipSignatureValidation { if err := ValidatePackageSignature(ctx, dst, s.PublicKeyPath); err != nil { @@ -136,6 +143,7 @@ func (s *TarballSource) LoadPackage(ctx context.Context, dst *layout.PackagePath } spinner.Success() + l.Debug("done loading package", "source", s.PackageSource, "duration", time.Since(start)) return pkg, warnings, nil } diff --git a/src/pkg/zoci/common.go b/src/pkg/zoci/common.go index 29e9f34564..ab8f92f3bf 100644 --- a/src/pkg/zoci/common.go +++ b/src/pkg/zoci/common.go @@ -5,11 +5,13 @@ package zoci import ( + "context" "log/slog" "github.com/defenseunicorns/pkg/oci" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/zarf-dev/zarf/src/config" + "github.com/zarf-dev/zarf/src/pkg/logger" "github.com/zarf-dev/zarf/src/pkg/message" ) @@ -29,12 +31,15 @@ type Remote struct { // NewRemote returns an oras remote repository client and context for the given url // with zarf opination embedded -func NewRemote(url string, platform ocispec.Platform, mods ...oci.Modifier) (*Remote, error) { - logger := slog.New(message.ZarfHandler{}) +func NewRemote(ctx context.Context, url string, platform ocispec.Platform, mods ...oci.Modifier) (*Remote, error) { + l := slog.New(message.ZarfHandler{}) + if logger.Enabled(ctx) { + l = logger.From(ctx) + } modifiers := append([]oci.Modifier{ oci.WithPlainHTTP(config.CommonOptions.PlainHTTP), oci.WithInsecureSkipVerify(config.CommonOptions.InsecureSkipTLSVerify), - oci.WithLogger(logger), + oci.WithLogger(l), oci.WithUserAgent("zarf/" + config.CLIVersion), }, mods...) remote, err := oci.NewOrasRemote(url, platform, modifiers...) diff --git a/src/test/e2e/14_oci_compose_test.go b/src/test/e2e/14_oci_compose_test.go index 6a983c7fc3..3f8c0a452b 100644 --- a/src/test/e2e/14_oci_compose_test.go +++ b/src/test/e2e/14_oci_compose_test.go @@ -189,18 +189,18 @@ func (suite *PublishCopySkeletonSuite) Test_3_Copy() { dstRegistry := testutil.SetupInMemoryRegistry(testutil.TestContext(t), t, 31890) dstRef := strings.Replace(ref, suite.Reference.Registry, dstRegistry, 1) + ctx := testutil.TestContext(t) - src, err := zoci.NewRemote(ref, oci.PlatformForArch(e2e.Arch), oci.WithPlainHTTP(true)) + src, err := zoci.NewRemote(ctx, ref, oci.PlatformForArch(e2e.Arch), oci.WithPlainHTTP(true)) suite.NoError(err) - dst, err := zoci.NewRemote(dstRef, oci.PlatformForArch(e2e.Arch), oci.WithPlainHTTP(true)) + dst, err := zoci.NewRemote(ctx, dstRef, oci.PlatformForArch(e2e.Arch), oci.WithPlainHTTP(true)) suite.NoError(err) reg, err := remote.NewRegistry(strings.Split(dstRef, "/")[0]) suite.NoError(err) reg.PlainHTTP = true attempt := 0 - ctx := testutil.TestContext(t) for attempt <= 5 { err = reg.Ping(ctx) if err == nil { From 38f5f995e920e6f380123aa7c6598bb32108e2bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 17:28:54 +0100 Subject: [PATCH 6/7] chore(deps): bump github.com/anchore/syft from 1.14.2 to 1.15.0 (#3156) Signed-off-by: dependabot[bot] Signed-off-by: Austin Abro Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Austin Abro --- go.mod | 12 +++++----- go.sum | 24 +++++++++---------- .../content/docs/commands/zarf_tools_sbom.md | 3 ++- .../docs/commands/zarf_tools_sbom_attest.md | 3 ++- .../commands/zarf_tools_sbom_cataloger.md | 3 ++- .../zarf_tools_sbom_cataloger_list.md | 3 ++- .../docs/commands/zarf_tools_sbom_config.md | 3 ++- .../zarf_tools_sbom_config_locations.md | 3 ++- .../docs/commands/zarf_tools_sbom_convert.md | 3 ++- .../docs/commands/zarf_tools_sbom_login.md | 3 ++- .../docs/commands/zarf_tools_sbom_scan.md | 3 ++- .../docs/commands/zarf_tools_sbom_version.md | 3 ++- 12 files changed, 38 insertions(+), 28 deletions(-) diff --git a/go.mod b/go.mod index d289ea2d49..2884d88a08 100644 --- a/go.mod +++ b/go.mod @@ -12,9 +12,9 @@ require ( github.com/AlecAivazis/survey/v2 v2.3.7 github.com/Masterminds/semver/v3 v3.3.0 github.com/agnivade/levenshtein v1.2.0 - github.com/anchore/clio v0.0.0-20240705045624-ac88e09ad9d0 + github.com/anchore/clio v0.0.0-20241015191535-f538a9016e10 github.com/anchore/stereoscope v0.0.5 - github.com/anchore/syft v1.14.2 + github.com/anchore/syft v1.15.0 github.com/avast/retry-go/v4 v4.6.0 github.com/defenseunicorns/pkg/helpers/v2 v2.0.1 github.com/defenseunicorns/pkg/oci v1.0.2 @@ -73,7 +73,7 @@ require ( github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 // indirect github.com/bshuster-repo/logrus-logstash-hook v1.0.0 // indirect github.com/buildkite/roko v1.2.0 // indirect - github.com/charmbracelet/x/ansi v0.2.3 // indirect + github.com/charmbracelet/x/ansi v0.4.0 // indirect github.com/charmbracelet/x/term v0.2.0 // indirect github.com/containerd/containerd/api v1.7.19 // indirect github.com/containerd/errdefs v0.3.0 // indirect @@ -184,7 +184,7 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/aliyun/credentials-go v1.3.2 // indirect github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9 // indirect - github.com/anchore/fangs v0.0.0-20240903175602-e716ef12c23d // indirect + github.com/anchore/fangs v0.0.0-20241014201141-b6e4b3469f10 // indirect github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect @@ -232,9 +232,9 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/charmbracelet/bubbles v0.20.0 // indirect - github.com/charmbracelet/bubbletea v1.1.1 // indirect + github.com/charmbracelet/bubbletea v1.1.2 // indirect github.com/charmbracelet/harmonica v0.2.0 // indirect - github.com/charmbracelet/lipgloss v0.13.0 // indirect + github.com/charmbracelet/lipgloss v0.13.1 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.3.8 // indirect diff --git a/go.sum b/go.sum index 74eff1214d..c27f0d53c5 100644 --- a/go.sum +++ b/go.sum @@ -375,10 +375,10 @@ github.com/aliyun/credentials-go v1.3.2 h1:L4WppI9rctC8PdlMgyTkF8bBsy9pyKQEzBD1b github.com/aliyun/credentials-go v1.3.2/go.mod h1:tlpz4uys4Rn7Ik4/piGRrTbXy2uLKvePgQJJduE+Y5c= github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9 h1:p0ZIe0htYOX284Y4axJaGBvXHU0VCCzLN5Wf5XbKStU= github.com/anchore/bubbly v0.0.0-20231115134915-def0aba654a9/go.mod h1:3ZsFB9tzW3vl4gEiUeuSOMDnwroWxIxJelOOHUp8dSw= -github.com/anchore/clio v0.0.0-20240705045624-ac88e09ad9d0 h1:rtO6Bcc5KX1i6Ndj4pFcFUkE5PaiKv0J4hKSlmbEIXQ= -github.com/anchore/clio v0.0.0-20240705045624-ac88e09ad9d0/go.mod h1:U3M+opzBUkSBUIRUXsQj6ZgrX9i7Nn0YLn4CjmhKMNI= -github.com/anchore/fangs v0.0.0-20240903175602-e716ef12c23d h1:ZD4wdCBgJJzJybjTUIEiiupLF7B9H3WLuBTjspBO2Mc= -github.com/anchore/fangs v0.0.0-20240903175602-e716ef12c23d/go.mod h1:Xh4ObY3fmoMzOEVXwDtS1uK44JC7+nRD0n29/1KYFYg= +github.com/anchore/clio v0.0.0-20241015191535-f538a9016e10 h1:3xmanFdoQEH0REvPA+gLm3Km0/981F4z2a/7ADTlv8k= +github.com/anchore/clio v0.0.0-20241015191535-f538a9016e10/go.mod h1:h6Ly2hlKjQoPtI3rA8oB5afSmB/XimhcY55xbuW4Dwo= +github.com/anchore/fangs v0.0.0-20241014201141-b6e4b3469f10 h1:w+HibE+e/heP6ysADh7sWxg5LhYdVqrpB1A4Hmgjyx8= +github.com/anchore/fangs v0.0.0-20241014201141-b6e4b3469f10/go.mod h1:s0L1//Sxn6Rq0Dcxx+dmT/RRmD9HhsaJjJkPUJHLJLM= github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 h1:GjNGuwK5jWjJMyVppBjYS54eOiiSNv4Ba869k4wh72Q= github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537/go.mod h1:1aiktV46ATCkuVg0O573ZrH56BUawTECPETbZyBcqT8= github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a h1:nJ2G8zWKASyVClGVgG7sfM5mwoZlZ2zYpIzN2OhjWkw= @@ -397,8 +397,8 @@ github.com/anchore/packageurl-go v0.1.1-0.20241018175412-5c22e6360c4f h1:dAQPIrQ github.com/anchore/packageurl-go v0.1.1-0.20241018175412-5c22e6360c4f/go.mod h1:KoYIv7tdP5+CC9VGkeZV4/vGCKsY55VvoG+5dadg4YI= github.com/anchore/stereoscope v0.0.5 h1:PILlvsQS3+dT5rNsDudRhi91jukR65y2itG1lQOLn0s= github.com/anchore/stereoscope v0.0.5/go.mod h1:jwK34VB049/iRE1DyWUv4ZWraOaFQ+FpurgvkWMGQzQ= -github.com/anchore/syft v1.14.2 h1:y/1QIsSUaVDzbT1Q29BkKAAyNivt+2wgWzpCxI0b5yc= -github.com/anchore/syft v1.14.2/go.mod h1:tyGQPeUSS9498A10nUF1kEVIObsvsnmrWt6hP25EjXE= +github.com/anchore/syft v1.15.0 h1:V2PKilik4ChuvQZ3kRGc41w62uVex+qDE3TxIR+lsoM= +github.com/anchore/syft v1.15.0/go.mod h1:z062WmfN0BMCDGIY8112PtxDgAmlWSDxgTOgpHpjxOM= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= @@ -528,14 +528,14 @@ github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNS github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/charmbracelet/bubbles v0.20.0 h1:jSZu6qD8cRQ6k9OMfR1WlM+ruM8fkPWkHvQWD9LIutE= github.com/charmbracelet/bubbles v0.20.0/go.mod h1:39slydyswPy+uVOHZ5x/GjwVAFkCsV8IIVy+4MhzwwU= -github.com/charmbracelet/bubbletea v1.1.1 h1:KJ2/DnmpfqFtDNVTvYZ6zpPFL9iRCRr0qqKOCvppbPY= -github.com/charmbracelet/bubbletea v1.1.1/go.mod h1:9Ogk0HrdbHolIKHdjfFpyXJmiCzGwy+FesYkZr7hYU4= +github.com/charmbracelet/bubbletea v1.1.2 h1:naQXF2laRxyLyil/i7fxdpiz1/k06IKquhm4vBfHsIc= +github.com/charmbracelet/bubbletea v1.1.2/go.mod h1:9HIU/hBV24qKjlehyj8z1r/tR9TYTQEag+cWZnuXo8E= github.com/charmbracelet/harmonica v0.2.0 h1:8NxJWRWg/bzKqqEaaeFNipOu77YR5t8aSwG4pgaUBiQ= github.com/charmbracelet/harmonica v0.2.0/go.mod h1:KSri/1RMQOZLbw7AHqgcBycp8pgJnQMYYT8QZRqZ1Ao= -github.com/charmbracelet/lipgloss v0.13.0 h1:4X3PPeoWEDCMvzDvGmTajSyYPcZM4+y8sCA/SsA3cjw= -github.com/charmbracelet/lipgloss v0.13.0/go.mod h1:nw4zy0SBX/F/eAO1cWdcvy6qnkDUxr8Lw7dvFrAIbbY= -github.com/charmbracelet/x/ansi v0.2.3 h1:VfFN0NUpcjBRd4DnKfRaIRo53KRgey/nhOoEqosGDEY= -github.com/charmbracelet/x/ansi v0.2.3/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= +github.com/charmbracelet/lipgloss v0.13.1 h1:Oik/oqDTMVA01GetT4JdEC033dNzWoQHdWnHnQmXE2A= +github.com/charmbracelet/lipgloss v0.13.1/go.mod h1:zaYVJ2xKSKEnTEEbX6uAHabh2d975RJ+0yfkFpRBz5U= +github.com/charmbracelet/x/ansi v0.4.0 h1:NqwHA4B23VwsDn4H3VcNX1W1tOmgnvY1NDx5tOXdnOU= +github.com/charmbracelet/x/ansi v0.4.0/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= github.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4hwm0x0= github.com/charmbracelet/x/term v0.2.0/go.mod h1:GVxgxAbjUrmpvIINHIQnJJKpMlHiZ4cktEQCN6GWyF0= github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= diff --git a/site/src/content/docs/commands/zarf_tools_sbom.md b/site/src/content/docs/commands/zarf_tools_sbom.md index 544b727f47..c726647224 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom.md +++ b/site/src/content/docs/commands/zarf_tools_sbom.md @@ -22,7 +22,7 @@ zarf tools sbom [flags] ``` --base-path string base directory for scanning, no links will be followed above this directory, and all paths will be reported relative to this directory - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --enrich stringArray enable package data enrichment from local and online sources (options: all, golang, java, javascript) --exclude stringArray exclude paths from being scanned using a glob expression --file string file to write the default report output to (default is STDOUT) (DEPRECATED: use: --output FORMAT=PATH) @@ -31,6 +31,7 @@ zarf tools sbom [flags] -o, --output stringArray report output format (= to output to a file), formats=[cyclonedx-json cyclonedx-xml github-json spdx-json spdx-tag-value syft-json syft-table syft-text template] (default [syft-table]) --override-default-catalogers stringArray set the base set of catalogers to use (defaults to 'image' or 'directory' depending on the scan source) --platform string an optional platform specifier for container image sources (e.g. 'linux/arm64', 'linux/arm64/v8', 'arm64', 'linux') + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -s, --scope string selection of layers to catalog, options=[squashed all-layers] --select-catalogers stringArray add, remove, and filter the catalogers to be used diff --git a/site/src/content/docs/commands/zarf_tools_sbom_attest.md b/site/src/content/docs/commands/zarf_tools_sbom_attest.md index e16d898963..ebbb818bab 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_attest.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_attest.md @@ -39,9 +39,10 @@ zarf tools sbom attest --output [FORMAT] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_cataloger.md b/site/src/content/docs/commands/zarf_tools_sbom_cataloger.md index 42ae09a3f7..f7b7505caa 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_cataloger.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_cataloger.md @@ -19,9 +19,10 @@ Show available catalogers and configuration ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md b/site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md index 157c5d98af..f10b8f2400 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_cataloger_list.md @@ -27,9 +27,10 @@ zarf tools sbom cataloger list [OPTIONS] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_config.md b/site/src/content/docs/commands/zarf_tools_sbom_config.md index 50f7d5edc2..29037cd5d4 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_config.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_config.md @@ -24,9 +24,10 @@ zarf tools sbom config [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_config_locations.md b/site/src/content/docs/commands/zarf_tools_sbom_config_locations.md index c2c58b38be..52c9e8026f 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_config_locations.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_config_locations.md @@ -24,9 +24,10 @@ zarf tools sbom config locations [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_convert.md b/site/src/content/docs/commands/zarf_tools_sbom_convert.md index e239863e6c..6243bd4734 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_convert.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_convert.md @@ -30,9 +30,10 @@ zarf tools sbom convert [SOURCE-SBOM] -o [FORMAT] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_login.md b/site/src/content/docs/commands/zarf_tools_sbom_login.md index 4555edc1a8..bada24d17c 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_login.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_login.md @@ -26,9 +26,10 @@ zarf tools sbom login [OPTIONS] [SERVER] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_scan.md b/site/src/content/docs/commands/zarf_tools_sbom_scan.md index e2098828ad..97411867d7 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_scan.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_scan.md @@ -40,9 +40,10 @@ zarf tools sbom scan [SOURCE] [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` diff --git a/site/src/content/docs/commands/zarf_tools_sbom_version.md b/site/src/content/docs/commands/zarf_tools_sbom_version.md index 3530449fc7..49bc4643bb 100644 --- a/site/src/content/docs/commands/zarf_tools_sbom_version.md +++ b/site/src/content/docs/commands/zarf_tools_sbom_version.md @@ -24,9 +24,10 @@ zarf tools sbom version [flags] ### Options inherited from parent commands ``` - -c, --config string syft configuration file + -c, --config stringArray syft configuration file(s) to use --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. + --profile stringArray configuration profiles to use -q, --quiet suppress all logging output -v, --verbose count increase verbosity (-v = info, -vv = debug) ``` From 785feeb306c45d0b9289f7c180cd650917f2a2e2 Mon Sep 17 00:00:00 2001 From: Ansible-man <93239366+Ansible-man@users.noreply.github.com> Date: Fri, 1 Nov 2024 12:30:09 -0500 Subject: [PATCH 7/7] feat: make zarf-agent pods comply with offical restricted pod security standard (#3036) Signed-off-by: Cade Thomas Signed-off-by: schristoff <28318173+schristoff@users.noreply.github.com> Signed-off-by: dependabot[bot] Co-authored-by: Cade Thomas Co-authored-by: schristoff <28318173+schristoff@users.noreply.github.com> Co-authored-by: Austin Abro <37223396+AustinAbro321@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/zarf-agent/manifests/deployment.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/packages/zarf-agent/manifests/deployment.yaml b/packages/zarf-agent/manifests/deployment.yaml index a8e481845f..61731ada18 100644 --- a/packages/zarf-agent/manifests/deployment.yaml +++ b/packages/zarf-agent/manifests/deployment.yaml @@ -21,6 +21,13 @@ spec: - name: private-registry priorityClassName: system-node-critical serviceAccountName: zarf + # Security context to comply with restricted PSS + securityContext: + runAsUser: 1000 + fsGroup: 2000 + runAsGroup: 2000 + seccompProfile: + type: "RuntimeDefault" containers: - name: server image: "###ZARF_REGISTRY###/###ZARF_CONST_AGENT_IMAGE###:###ZARF_CONST_AGENT_IMAGE_TAG###" @@ -32,6 +39,12 @@ spec: scheme: HTTPS ports: - containerPort: 8443 + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: ["ALL"] resources: requests: memory: "32Mi"