Skip to content

Commit 903d29b

Browse files
aryan9600aryan9600
committed
refactor code to be more neat
Signed-off-by: Sanskar Jaiswal <[email protected]>
1 parent e5652c5 commit 903d29b

File tree

16 files changed

+458
-333
lines changed

16 files changed

+458
-333
lines changed

api/go.mod

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ go 1.17
55
require (
66
github.com/fluxcd/pkg/apis/acl v0.0.3
77
github.com/fluxcd/pkg/apis/meta v0.12.0
8-
k8s.io/apimachinery v0.23.2
8+
k8s.io/apimachinery v0.23.4
99
sigs.k8s.io/controller-runtime v0.11.0
1010
)
1111

@@ -17,10 +17,13 @@ require (
1717
github.com/json-iterator/go v1.1.12 // indirect
1818
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
1919
github.com/modern-go/reflect2 v1.0.2 // indirect
20-
golang.org/x/net v0.0.0-20211215060638-4ddde0e984e9 // indirect
20+
golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d // indirect
21+
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
2122
golang.org/x/text v0.3.7 // indirect
23+
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
2224
gopkg.in/inf.v0 v0.9.1 // indirect
2325
gopkg.in/yaml.v2 v2.4.0 // indirect
26+
k8s.io/api v0.23.4 // indirect
2427
k8s.io/klog/v2 v2.30.0 // indirect
2528
k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 // indirect
2629
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect

api/go.sum

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -297,6 +297,8 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
297297
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
298298
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
299299
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
300+
github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
301+
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
300302
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
301303
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
302304
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -334,7 +336,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
334336
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
335337
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
336338
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
337-
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
338339
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
339340
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
340341
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
@@ -569,8 +570,9 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx
569570
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
570571
golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
571572
golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
572-
golang.org/x/net v0.0.0-20211215060638-4ddde0e984e9 h1:kmreh1vGI63l2FxOAYS3Yv6ATsi7lSTuwNSVbGfJV9I=
573573
golang.org/x/net v0.0.0-20211215060638-4ddde0e984e9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
574+
golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d h1:62NvYBuaanGXR2ZOfwDFkhhl6X1DUgf8qg3GuQvxZsE=
575+
golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
574576
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
575577
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
576578
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -660,8 +662,9 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
660662
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
661663
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
662664
golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
663-
golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8 h1:M69LAlWZCshgp0QSzyDcSsSIejIEeuaCVpmwcKwyLMk=
664665
golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
666+
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
667+
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
665668
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
666669
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
667670
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -857,8 +860,9 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
857860
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
858861
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
859862
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
860-
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
861863
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
864+
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
865+
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
862866
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
863867
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
864868
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
@@ -893,12 +897,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
893897
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
894898
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
895899
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
896-
k8s.io/api v0.23.0 h1:WrL1gb73VSC8obi8cuYETJGXEoFNEh3LU0Pt+Sokgro=
897900
k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg=
901+
k8s.io/api v0.23.4 h1:85gnfXQOWbJa1SiWGpE9EEtHs0UVvDyIsSMpEtl2D4E=
902+
k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI=
898903
k8s.io/apiextensions-apiserver v0.23.0/go.mod h1:xIFAEEDlAZgpVBl/1VSjGDmLoXAWRG40+GsWhKhAxY4=
899904
k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc=
900-
k8s.io/apimachinery v0.23.2 h1:dBmjCOeYBdg2ibcQxMuUq+OopZ9fjfLIR5taP/XKeTs=
901905
k8s.io/apimachinery v0.23.2/go.mod h1:zDqeV0AK62LbCI0CI7KbWCAYdLg+E+8UXJ0rIz5gmS8=
906+
k8s.io/apimachinery v0.23.4 h1:fhnuMd/xUL3Cjfl64j5ULKZ1/J9n8NuQEgNL+WXWfdM=
907+
k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
902908
k8s.io/apiserver v0.23.0/go.mod h1:Cec35u/9zAepDPPFyT+UMrgqOCjgJ5qtfVJDxjZYmt4=
903909
k8s.io/client-go v0.23.0/go.mod h1:hrDnpnK1mSr65lHHcUuIZIXDgEbzc7/683c6hyG4jTA=
904910
k8s.io/code-generator v0.23.0/go.mod h1:vQvOhDXhuzqiVfM/YHp+dmg10WDZCchJVObc9MvowsE=
@@ -911,6 +917,7 @@ k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
911917
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
912918
k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
913919
k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
920+
k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
914921
k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 h1:ZKMMxTvduyf5WUtREOqg5LiXaN1KO/+0oOQPRFrClpo=
915922
k8s.io/utils v0.0.0-20211208161948-7d6a63dca704/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
916923
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

controllers/helmchart_controller.go

Lines changed: 43 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ var helmChartReadyCondition = summarize.Conditions{
7373
sourcev1.FetchFailedCondition,
7474
sourcev1.ArtifactOutdatedCondition,
7575
sourcev1.StorageOperationFailedCondition,
76+
sourcev1.SourceVerifiedCondition,
7677
meta.ReadyCondition,
7778
meta.ReconcilingCondition,
7879
meta.StalledCondition,
@@ -82,6 +83,7 @@ var helmChartReadyCondition = summarize.Conditions{
8283
sourcev1.FetchFailedCondition,
8384
sourcev1.ArtifactOutdatedCondition,
8485
sourcev1.StorageOperationFailedCondition,
86+
sourcev1.SourceVerifiedCondition,
8587
meta.StalledCondition,
8688
meta.ReconcilingCondition,
8789
},
@@ -469,16 +471,20 @@ func (r *HelmChartReconciler) buildFromHelmRepository(ctx context.Context, obj *
469471
opts.VersionMetadata = strconv.FormatInt(obj.Generation, 10)
470472
}
471473

472-
var keyring []byte
473-
keyring, err = r.getProvenanceKeyring(ctx, obj)
474+
keyring, err := r.getProvenanceKeyring(ctx, obj)
474475
if err != nil {
475-
conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, sourcev1.AuthenticationFailedReason, err.Error())
476-
return sreconcile.ResultEmpty, err
476+
e := &serror.Event{
477+
Err: fmt.Errorf("failed to get public key for chart signature verification: %w", err),
478+
Reason: sourcev1.SourceVerifiedCondition,
479+
}
480+
conditions.MarkFalse(obj, sourcev1.FetchFailedCondition, sourcev1.SourceVerifiedCondition, e.Error())
481+
return sreconcile.ResultEmpty, e
477482
}
483+
opts.Keyring = keyring
478484

479485
// Build the chart
480486
ref := chart.RemoteReference{Name: obj.Spec.Chart, Version: obj.Spec.Version}
481-
build, err := cb.Build(ctx, ref, util.TempPathForObj("", ".tgz", obj), opts, keyring)
487+
build, err := cb.Build(ctx, ref, util.TempPathForObj("", ".tgz", obj), opts)
482488

483489
if err != nil {
484490
return sreconcile.ResultEmpty, err
@@ -599,19 +605,23 @@ func (r *HelmChartReconciler) buildFromTarballArtifact(ctx context.Context, obj
599605
}
600606
opts.VersionMetadata += strconv.FormatInt(obj.Generation, 10)
601607
}
602-
var keyring []byte
603-
keyring, err = r.getProvenanceKeyring(ctx, obj)
608+
keyring, err := r.getProvenanceKeyring(ctx, obj)
604609
if err != nil {
605-
conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, sourcev1.AuthenticationFailedReason, err.Error())
606-
return sreconcile.ResultEmpty, err
610+
e := &serror.Event{
611+
Err: fmt.Errorf("failed to get public key for chart signature verification: %w", err),
612+
Reason: sourcev1.SourceVerifiedCondition,
613+
}
614+
conditions.MarkFalse(obj, sourcev1.FetchFailedCondition, sourcev1.SourceVerifiedCondition, e.Error())
615+
return sreconcile.ResultEmpty, e
607616
}
617+
opts.Keyring = keyring
608618

609619
// Build chart
610620
cb := chart.NewLocalBuilder(dm)
611621
build, err := cb.Build(ctx, chart.LocalReference{
612622
WorkDir: sourceDir,
613623
Path: chartPath,
614-
}, util.TempPathForObj("", ".tgz", obj), opts, keyring)
624+
}, util.TempPathForObj("", ".tgz", obj), opts)
615625
if err != nil {
616626
return sreconcile.ResultEmpty, err
617627
}
@@ -641,6 +651,14 @@ func (r *HelmChartReconciler) reconcileArtifact(ctx context.Context, obj *source
641651
conditions.Delete(obj, sourcev1.ArtifactOutdatedCondition)
642652
conditions.MarkTrue(obj, meta.ReadyCondition, reasonForBuild(b), b.Summary())
643653
}
654+
if b.VerificationSignature != nil && b.ProvFilePath != "" && obj.GetArtifact() != nil {
655+
var sigVerMsg strings.Builder
656+
sigVerMsg.WriteString(fmt.Sprintf("chart signed by: %v", strings.Join(b.VerificationSignature.Identities[:], ",")))
657+
sigVerMsg.WriteString(fmt.Sprintf(" using key with fingeprint: %X", b.VerificationSignature.KeyFingerprint))
658+
sigVerMsg.WriteString(fmt.Sprintf(" and hash verified: %s", b.VerificationSignature.FileHash))
659+
660+
conditions.MarkTrue(obj, sourcev1.SourceVerifiedCondition, reasonForBuild(b), sigVerMsg.String())
661+
}
644662
}()
645663

646664
// Create artifact from build data
@@ -692,7 +710,7 @@ func (r *HelmChartReconciler) reconcileArtifact(ctx context.Context, obj *source
692710
if err = r.Storage.CopyFromPath(&provArtifact, b.ProvFilePath); err != nil {
693711
return sreconcile.ResultEmpty, &serror.Event{
694712
Err: fmt.Errorf("unable to copy Helm chart provenance file to storage: %w", err),
695-
Reason: sourcev1.StorageOperationFailedReason,
713+
Reason: sourcev1.StorageOperationFailedCondition,
696714
}
697715
}
698716
}
@@ -790,15 +808,23 @@ func (r *HelmChartReconciler) garbageCollect(ctx context.Context, obj *sourcev1.
790808
obj.Status.Artifact = nil
791809
return nil
792810
}
811+
793812
if obj.GetArtifact() != nil {
794-
if deleted, err := r.Storage.RemoveAllButCurrent(*obj.GetArtifact()); err != nil {
813+
localPath := r.Storage.LocalPath(*obj.GetArtifact())
814+
provFilePath := localPath + ".prov"
815+
dir := filepath.Dir(localPath)
816+
callbacks := make([]func(path string, info os.FileInfo) bool, 0)
817+
callbacks = append(callbacks, func(path string, info os.FileInfo) bool {
818+
if path != localPath && path != provFilePath && info.Mode()&os.ModeSymlink != os.ModeSymlink {
819+
return true
820+
}
821+
return false
822+
})
823+
if _, err := r.Storage.RemoveConditionally(dir, callbacks); err != nil {
795824
return &serror.Event{
796825
Err: fmt.Errorf("garbage collection of old artifacts failed: %w", err),
797826
Reason: "GarbageCollectionFailed",
798827
}
799-
} else if len(deleted) > 0 {
800-
r.eventLogf(ctx, obj, events.EventTypeTrace, "GarbageCollectionSucceeded",
801-
"garbage collected old artifacts")
802828
}
803829
}
804830
return nil
@@ -1076,20 +1102,12 @@ func (r *HelmChartReconciler) getProvenanceKeyring(ctx context.Context, chart *s
10761102
var secret corev1.Secret
10771103
err := r.Client.Get(ctx, name, &secret)
10781104
if err != nil {
1079-
e := &serror.Event{
1080-
Err: fmt.Errorf("failed to get secret '%s': %w", chart.Spec.VerificationKeyring.SecretRef.Name, err),
1081-
Reason: sourcev1.AuthenticationFailedReason,
1082-
}
1083-
return nil, e
1105+
return nil, err
10841106
}
10851107
key := chart.Spec.VerificationKeyring.Key
10861108
if val, ok := secret.Data[key]; !ok {
10871109
err = fmt.Errorf("secret doesn't contain the advertised verification keyring name %s", key)
1088-
e := &serror.Event{
1089-
Err: fmt.Errorf("invalid secret '%s': %w", secret.GetName(), err),
1090-
Reason: sourcev1.AuthenticationFailedReason,
1091-
}
1092-
return nil, e
1110+
return nil, err
10931111
} else {
10941112
return val, nil
10951113
}

0 commit comments

Comments
 (0)