feat: support templated policy (#3)

Signed-off-by: Yusan Kurban <yusankurban@gmail.com>
k-cloud-labs · Jan 17, 2023 · fe56ca5 · fe56ca5
1 parent 94c5c8b
commit fe56ca5
Show file tree

Hide file tree

Showing 12 changed files with 676 additions and 98 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
       - name: install Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.17.x
+          go-version: 1.18.x
       - name: lint
         run: hack/verify-staticcheck.sh
   fmt:

diff --git a/README.md b/README.md
@@ -30,16 +30,19 @@ For namespaced scoped resource, apply order is:
 - Then apply OverridePolicy;
 
 ### Add transport middleware
-What you need to do is just call `Wrap` func after `rest.Config` initialized and before client to initialize.
+What you need to do is just call `RegisterPolicyTransport` func after `rest.Config` initialized and before client to initialize.
 
 ```go
 import(
 	"github.com/k-cloud-labs/pidalio"
 )
 
-config.Wrap(pidalio.NewPolicyTransport(config, stopCh).Wrap)
+// the black magic code
+pidalio.RegisterPolicyTransport(config, make(chan struct{}))
+
 ```
 
 ## Feature
 - [x] Support mutate k8s resource by (Cluster)OverridePolicy via plaintext jsonpatch.
-- [x] Support mutate k8s resource by (Cluster)OverridePolicy programmable via [CUE](https://cuelang.org/).
+- [x] Support mutate k8s resource by (Cluster)OverridePolicy programmable via [CUE](https://cuelang.org/).
+- [x] Support render template to cue in transport(even policy is not created by others) 
diff --git a/examples/main.go b/examples/main.go
@@ -3,24 +3,25 @@ package main
 import (
 	"context"
 	"flag"
-	"fmt"
 	"math/rand"
 	"strconv"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 
 	"github.com/k-cloud-labs/pidalio"
 )
 
 func main() {
+	klog.InitFlags(flag.CommandLine)
 	flag.Parse()
 
 	config := ctrl.GetConfigOrDie()
 
 	// the black magic code
-	config.Wrap(pidalio.NewPolicyTransport(config, make(chan struct{})).Wrap)
+	pidalio.RegisterPolicyTransport(config, make(chan struct{}))
 
 	client := kubernetes.NewForConfigOrDie(config)
 
@@ -34,5 +35,5 @@ func main() {
 		panic(err)
 	}
 
-	fmt.Println(pod)
+	klog.InfoS("update pod success", "pod", pod)
 }
diff --git a/examples/overridepolicy.yaml b/examples/overridepolicy.yaml
@@ -7,13 +7,45 @@ spec:
   resourceSelectors:
     - apiVersion: v1
       kind: Pod
+      namespace: default
       name: web-1
   overrideRules:
     - targetOperations:
-        - Create
-        - Update
+        - CREATE
+        - UPDATE
       overriders:
         plaintext:
           - path: /metadata/annotations/hello
-            operator: add
-            value: world
+            op: add
+            value: world
+    - targetOperations:
+        - CREATE
+        - UPDATE
+      overriders:
+        cue: |-
+          object: _ @tag(object)
+          
+          patches: [
+            if object.metadata.annotations == _|_ {
+              {
+                op: "add"
+                path: "/metadata/annotations"
+                value: {}
+              }
+            },
+            {
+              op: "add"
+              path: "/metadata/annotations/added-by"
+              value: "cue"
+            }
+          ]
+    - targetOperations:
+        - CREATE
+        - UPDATE
+      overriders:
+        template:
+          type: annotations
+          operation: add
+          path: updated-by
+          value:
+            string: templatedPolicy
diff --git a/go.mod b/go.mod
@@ -1,16 +1,20 @@
 module github.com/k-cloud-labs/pidalio
 
-go 1.17
+go 1.18
 
 require (
+	github.com/evanphx/json-patch v4.12.0+incompatible
 	github.com/golang/mock v1.5.0
-	github.com/k-cloud-labs/pkg v0.3.0
+	github.com/k-cloud-labs/pkg v0.4.3
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	gomodules.xyz/jsonpatch/v2 v2.2.0
 	k8s.io/api v0.23.6
-	k8s.io/apiextensions-apiserver v0.23.0
+	k8s.io/apiextensions-apiserver v0.23.5
 	k8s.io/apimachinery v0.23.6
 	k8s.io/client-go v0.23.6
 	k8s.io/klog/v2 v2.60.1
-	sigs.k8s.io/controller-runtime v0.11.0
+	sigs.k8s.io/controller-runtime v0.11.2
+	sigs.k8s.io/yaml v1.3.0
 )
 
 require (
@@ -19,9 +23,8 @@ require (
 	github.com/cespare/xxhash/v2 v2.1.1 // indirect
 	github.com/cockroachdb/apd/v2 v2.0.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect
-	github.com/go-logr/logr v1.2.0 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
@@ -47,16 +50,14 @@ require (
 	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
-	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
-	k8s.io/component-base v0.23.0 // indirect
+	k8s.io/component-base v0.23.6 // indirect
 	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
 	k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
 	sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
 )