-
Notifications
You must be signed in to change notification settings - Fork 271
Expand file tree
/
Copy pathpostrender.go
More file actions
232 lines (211 loc) · 6.89 KB
/
postrender.go
File metadata and controls
232 lines (211 loc) · 6.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
package helmdeployer
import (
"bufio"
"bytes"
"encoding/json"
"errors"
"fmt"
"io"
"strings"
"helm.sh/helm/v4/pkg/kube"
chartv2 "helm.sh/helm/v4/pkg/chart/v2"
"github.com/rancher/fleet/internal/cmd/agent/deployer/desiredset"
"github.com/rancher/fleet/internal/helmdeployer/kustomize"
"github.com/rancher/fleet/internal/helmdeployer/rawyaml"
"github.com/rancher/fleet/internal/manifest"
fleet "github.com/rancher/fleet/pkg/apis/fleet.cattle.io/v1alpha1"
"github.com/rancher/wrangler/v3/pkg/yaml"
"k8s.io/apimachinery/pkg/api/meta"
utilyaml "k8s.io/apimachinery/pkg/util/yaml"
sigsyaml "sigs.k8s.io/yaml"
)
const CRDKind = "CustomResourceDefinition"
// isYAMLDocMarker reports whether b starts with a valid YAML document-start
// marker: "---" followed by whitespace, CR, LF, or end of input. Per the
// YAML spec, "---" is only a marker when it is the complete token on a line;
// a sequence like "---foo" is NOT a marker and must not be stripped.
func isYAMLDocMarker(b []byte) bool {
if !bytes.HasPrefix(b, []byte("---")) {
return false
}
if len(b) == 3 {
return true
}
c := b[3]
return c == ' ' || c == '\t' || c == '\r' || c == '\n'
}
// normalizeFlowStyleDocs converts YAML documents that start with '{' but are
// not valid JSON (i.e. YAML flow-style with unquoted keys, as emitted by
// Helm v4's kyaml when templates use the toJson function) into block-style
// YAML. k8s.io/apimachinery's ToJSON treats any '{'-prefixed document as
// already-valid JSON and returns it unchanged, so a flow-style document with
// unquoted keys causes json.Unmarshal to fail with "invalid character".
//
// If no document boundary in data starts with '{', data is returned unchanged
// with no allocations. When flow-style documents are present, all documents
// are re-serialized into a consistent "---\n<content>\n" format; documents
// that are not flow-style YAML are passed through without content changes.
func normalizeFlowStyleDocs(data []byte) ([]byte, error) {
if !hasFlowStyleCandidate(data) {
return data, nil
}
reader := utilyaml.NewYAMLReader(bufio.NewReader(bytes.NewReader(data)))
var out bytes.Buffer
for {
doc, err := reader.Read()
if err != nil {
if errors.Is(err, io.EOF) {
break
}
return nil, err
}
// The YAMLReader may include the document-start marker ("---") as part
// of the document bytes when it appears at the beginning of the input
// stream. Strip it to obtain the raw content of the document. Only
// strip a marker that is valid per YAML (followed by whitespace/EOF).
content := bytes.TrimSpace(doc)
if isYAMLDocMarker(content) {
content = bytes.TrimLeft(content[3:], " \t\r\n")
}
if len(content) == 0 {
continue
}
if content[0] == '{' && !json.Valid(content) {
var obj any
if err := sigsyaml.Unmarshal(content, &obj); err != nil {
return nil, err
}
content, err = sigsyaml.Marshal(obj)
if err != nil {
return nil, err
}
}
out.WriteString("---\n")
out.Write(content)
if content[len(content)-1] != '\n' {
out.WriteByte('\n')
}
}
return out.Bytes(), nil
}
// hasFlowStyleCandidate reports whether data contains at least one YAML
// document whose first non-whitespace byte is '{'. It is a fast, zero-
// allocation scan used as a pre-check before the more expensive processing
// in normalizeFlowStyleDocs.
func hasFlowStyleCandidate(data []byte) bool {
firstNonSpace := func(b []byte) byte {
for _, c := range b {
if c != ' ' && c != '\t' && c != '\r' && c != '\n' {
return c
}
}
return 0
}
rest := data
// When data begins with a valid YAML document-start marker ("---" followed
// by whitespace), skip past it so the content of the first document is
// checked rather than the marker itself. CRLF before the marker is handled
// by TrimLeft.
if trimmed := bytes.TrimLeft(data, " \t\r\n"); isYAMLDocMarker(trimmed) {
rest = trimmed[3:]
}
for {
if firstNonSpace(rest) == '{' {
return true
}
// Searching for "\n---" also covers CRLF separators ("\r\n---") because
// "\n---" is a substring of "\r\n---".
i := bytes.Index(rest, []byte("\n---"))
if i < 0 {
return false
}
rest = rest[i+4:]
}
}
type postRender struct {
labelPrefix string
labelSuffix string
bundleID string
manifest *manifest.Manifest
chart *chartv2.Chart
mapper meta.RESTMapper
opts fleet.BundleDeploymentOptions
}
func (p *postRender) Run(renderedManifests *bytes.Buffer) (modifiedManifests *bytes.Buffer, err error) {
data := renderedManifests.Bytes()
data, err = normalizeFlowStyleDocs(data)
if err != nil {
return nil, err
}
objs, err := yaml.ToObjects(bytes.NewBuffer(data))
if err != nil {
return nil, err
}
if len(objs) == 0 {
data = nil
}
// Kustomize applies some restrictions fleet does not have, like a regular expression, which checks for valid file
// names. If no instructions for kustomize are found in the manifests, then kustomize shouldn't be called at all
// to prevent causing issues with these restrictions.
kustomizable := false
for _, resource := range p.manifest.Resources {
if strings.HasSuffix(resource.Name, "kustomization.yaml") ||
strings.HasSuffix(resource.Name, "kustomization.yml") ||
strings.HasSuffix(resource.Name, "Kustomization") {
kustomizable = true
break
}
}
if kustomizable {
newObjs, processed, err := kustomize.Process(p.manifest, data, p.opts.Kustomize.Dir)
if err != nil {
return nil, err
}
if processed {
objs = newObjs
}
}
yamlObjs, err := rawyaml.ToObjects(p.chart)
if err != nil {
return nil, err
}
objs = append(objs, yamlObjs...)
setID := desiredset.GetSetID(p.bundleID, p.labelPrefix, p.labelSuffix)
labels, annotations, err := desiredset.GetLabelsAndAnnotations(setID)
if err != nil {
return nil, err
}
for _, obj := range objs {
m, err := meta.Accessor(obj)
if err != nil {
return nil, err
}
objAnnotations := mergeMaps(m.GetAnnotations(), annotations)
if !p.opts.DeleteCRDResources &&
obj.GetObjectKind().GroupVersionKind().Kind == CRDKind {
objAnnotations[kube.ResourcePolicyAnno] = kube.KeepPolicy
}
m.SetLabels(mergeMaps(m.GetLabels(), labels))
m.SetAnnotations(objAnnotations)
if p.opts.TargetNamespace != "" {
if p.mapper != nil {
gvk := obj.GetObjectKind().GroupVersionKind()
mapping, err := p.mapper.RESTMapping(gvk.GroupKind(), gvk.Version)
if err != nil {
return nil, err
}
if mapping.Scope.Name() == meta.RESTScopeNameRoot {
apiVersion, kind := gvk.ToAPIVersionAndKind()
return nil, fmt.Errorf("invalid cluster scoped object [name=%s kind=%v apiVersion=%s] found. "+
"Your config uses targetNamespace or namespace and thus forbids cluster-scoped resources. "+
"If you do not intend to disallow cluster scoped resources, you could switch to defaultNamespace",
m.GetName(),
kind, apiVersion)
}
}
m.SetNamespace(p.opts.TargetNamespace)
}
}
data, err = yaml.ToBytes(objs)
return bytes.NewBuffer(data), err
}