Skip to content

Commit f3b4a81

Browse files
aryan9600aryan9600
committed
refactor code to be more neat
Signed-off-by: Sanskar Jaiswal <[email protected]>
1 parent 20a3c49 commit f3b4a81

18 files changed

+487
-357
lines changed

api/go.mod

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ go 1.17
55
require (
66
github.com/fluxcd/pkg/apis/acl v0.0.3
77
github.com/fluxcd/pkg/apis/meta v0.12.0
8-
k8s.io/apimachinery v0.23.2
8+
k8s.io/apimachinery v0.23.4
99
sigs.k8s.io/controller-runtime v0.11.0
1010
)
1111

@@ -17,10 +17,13 @@ require (
1717
github.com/json-iterator/go v1.1.12 // indirect
1818
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
1919
github.com/modern-go/reflect2 v1.0.2 // indirect
20-
golang.org/x/net v0.0.0-20211215060638-4ddde0e984e9 // indirect
20+
golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d // indirect
21+
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
2122
golang.org/x/text v0.3.7 // indirect
23+
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
2224
gopkg.in/inf.v0 v0.9.1 // indirect
2325
gopkg.in/yaml.v2 v2.4.0 // indirect
26+
k8s.io/api v0.23.4 // indirect
2427
k8s.io/klog/v2 v2.30.0 // indirect
2528
k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 // indirect
2629
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect

api/go.sum

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -297,6 +297,8 @@ github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
297297
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
298298
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
299299
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
300+
github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
301+
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
300302
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
301303
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
302304
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -334,7 +336,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
334336
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
335337
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
336338
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
337-
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
338339
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
339340
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
340341
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
@@ -569,8 +570,9 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx
569570
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
570571
golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
571572
golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
572-
golang.org/x/net v0.0.0-20211215060638-4ddde0e984e9 h1:kmreh1vGI63l2FxOAYS3Yv6ATsi7lSTuwNSVbGfJV9I=
573573
golang.org/x/net v0.0.0-20211215060638-4ddde0e984e9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
574+
golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d h1:62NvYBuaanGXR2ZOfwDFkhhl6X1DUgf8qg3GuQvxZsE=
575+
golang.org/x/net v0.0.0-20220107192237-5cfca573fb4d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
574576
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
575577
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
576578
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -660,8 +662,9 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc
660662
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
661663
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
662664
golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
663-
golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8 h1:M69LAlWZCshgp0QSzyDcSsSIejIEeuaCVpmwcKwyLMk=
664665
golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
666+
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
667+
golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
665668
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
666669
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
667670
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -857,8 +860,9 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks
857860
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
858861
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
859862
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
860-
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
861863
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
864+
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
865+
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
862866
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
863867
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
864868
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
@@ -893,12 +897,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
893897
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
894898
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
895899
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
896-
k8s.io/api v0.23.0 h1:WrL1gb73VSC8obi8cuYETJGXEoFNEh3LU0Pt+Sokgro=
897900
k8s.io/api v0.23.0/go.mod h1:8wmDdLBHBNxtOIytwLstXt5E9PddnZb0GaMcqsvDBpg=
901+
k8s.io/api v0.23.4 h1:85gnfXQOWbJa1SiWGpE9EEtHs0UVvDyIsSMpEtl2D4E=
902+
k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI=
898903
k8s.io/apiextensions-apiserver v0.23.0/go.mod h1:xIFAEEDlAZgpVBl/1VSjGDmLoXAWRG40+GsWhKhAxY4=
899904
k8s.io/apimachinery v0.23.0/go.mod h1:fFCTTBKvKcwTPFzjlcxp91uPFZr+JA0FubU4fLzzFYc=
900-
k8s.io/apimachinery v0.23.2 h1:dBmjCOeYBdg2ibcQxMuUq+OopZ9fjfLIR5taP/XKeTs=
901905
k8s.io/apimachinery v0.23.2/go.mod h1:zDqeV0AK62LbCI0CI7KbWCAYdLg+E+8UXJ0rIz5gmS8=
906+
k8s.io/apimachinery v0.23.4 h1:fhnuMd/xUL3Cjfl64j5ULKZ1/J9n8NuQEgNL+WXWfdM=
907+
k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
902908
k8s.io/apiserver v0.23.0/go.mod h1:Cec35u/9zAepDPPFyT+UMrgqOCjgJ5qtfVJDxjZYmt4=
903909
k8s.io/client-go v0.23.0/go.mod h1:hrDnpnK1mSr65lHHcUuIZIXDgEbzc7/683c6hyG4jTA=
904910
k8s.io/code-generator v0.23.0/go.mod h1:vQvOhDXhuzqiVfM/YHp+dmg10WDZCchJVObc9MvowsE=
@@ -911,6 +917,7 @@ k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
911917
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
912918
k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
913919
k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
920+
k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
914921
k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 h1:ZKMMxTvduyf5WUtREOqg5LiXaN1KO/+0oOQPRFrClpo=
915922
k8s.io/utils v0.0.0-20211208161948-7d6a63dca704/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
916923
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

controllers/helmchart_controller.go

Lines changed: 42 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ var helmChartReadyConditions = summarize.Conditions{
7171
sourcev1.BuildFailedCondition,
7272
sourcev1.FetchFailedCondition,
7373
sourcev1.ArtifactOutdatedCondition,
74+
sourcev1.SourceVerifiedCondition,
7475
meta.ReadyCondition,
7576
meta.ReconcilingCondition,
7677
meta.StalledCondition,
@@ -79,6 +80,7 @@ var helmChartReadyConditions = summarize.Conditions{
7980
sourcev1.BuildFailedCondition,
8081
sourcev1.FetchFailedCondition,
8182
sourcev1.ArtifactOutdatedCondition,
83+
sourcev1.SourceVerifiedCondition,
8284
meta.StalledCondition,
8385
meta.ReconcilingCondition,
8486
},
@@ -453,16 +455,20 @@ func (r *HelmChartReconciler) buildFromHelmRepository(ctx context.Context, obj *
453455
opts.VersionMetadata = strconv.FormatInt(obj.Generation, 10)
454456
}
455457

456-
var keyring []byte
457-
keyring, err = r.getProvenanceKeyring(ctx, obj)
458+
keyring, err := r.getProvenanceKeyring(ctx, obj)
458459
if err != nil {
459-
conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, sourcev1.AuthenticationFailedReason, err.Error())
460-
return sreconcile.ResultEmpty, err
460+
e := &serror.Event{
461+
Err: fmt.Errorf("failed to get public key for chart signature verification: %w", err),
462+
Reason: sourcev1.SourceVerifiedCondition,
463+
}
464+
conditions.MarkFalse(obj, sourcev1.FetchFailedCondition, sourcev1.SourceVerifiedCondition, e.Error())
465+
return sreconcile.ResultEmpty, e
461466
}
467+
opts.Keyring = keyring
462468

463469
// Build the chart
464470
ref := chart.RemoteReference{Name: obj.Spec.Chart, Version: obj.Spec.Version}
465-
build, err := cb.Build(ctx, ref, util.TempPathForObj("", ".tgz", obj), opts, keyring)
471+
build, err := cb.Build(ctx, ref, util.TempPathForObj("", ".tgz", obj), opts)
466472

467473
if err != nil {
468474
return sreconcile.ResultEmpty, err
@@ -585,19 +591,23 @@ func (r *HelmChartReconciler) buildFromTarballArtifact(ctx context.Context, obj
585591
}
586592
opts.VersionMetadata += strconv.FormatInt(obj.Generation, 10)
587593
}
588-
var keyring []byte
589-
keyring, err = r.getProvenanceKeyring(ctx, obj)
594+
keyring, err := r.getProvenanceKeyring(ctx, obj)
590595
if err != nil {
591-
conditions.MarkTrue(obj, sourcev1.FetchFailedCondition, sourcev1.AuthenticationFailedReason, err.Error())
592-
return sreconcile.ResultEmpty, err
596+
e := &serror.Event{
597+
Err: fmt.Errorf("failed to get public key for chart signature verification: %w", err),
598+
Reason: sourcev1.SourceVerifiedCondition,
599+
}
600+
conditions.MarkFalse(obj, sourcev1.FetchFailedCondition, sourcev1.SourceVerifiedCondition, e.Error())
601+
return sreconcile.ResultEmpty, e
593602
}
603+
opts.Keyring = keyring
594604

595605
// Build chart
596606
cb := chart.NewLocalBuilder(dm)
597607
build, err := cb.Build(ctx, chart.LocalReference{
598608
WorkDir: sourceDir,
599609
Path: chartPath,
600-
}, util.TempPathForObj("", ".tgz", obj), opts, keyring)
610+
}, util.TempPathForObj("", ".tgz", obj), opts)
601611
if err != nil {
602612
return sreconcile.ResultEmpty, err
603613
}
@@ -620,6 +630,14 @@ func (r *HelmChartReconciler) reconcileArtifact(ctx context.Context, obj *source
620630
conditions.Delete(obj, sourcev1.ArtifactOutdatedCondition)
621631
conditions.MarkTrue(obj, meta.ReadyCondition, reasonForBuild(b), b.Summary())
622632
}
633+
if b.VerificationSignature != nil && b.ProvFilePath != "" && obj.GetArtifact() != nil {
634+
var sigVerMsg strings.Builder
635+
sigVerMsg.WriteString(fmt.Sprintf("chart signed by: %v", strings.Join(b.VerificationSignature.Identities[:], ",")))
636+
sigVerMsg.WriteString(fmt.Sprintf(" using key with fingeprint: %X", b.VerificationSignature.KeyFingerprint))
637+
sigVerMsg.WriteString(fmt.Sprintf(" and hash verified: %s", b.VerificationSignature.FileHash))
638+
639+
conditions.MarkTrue(obj, sourcev1.SourceVerifiedCondition, reasonForBuild(b), sigVerMsg.String())
640+
}
623641
}()
624642

625643
// Create artifact from build data
@@ -759,15 +777,23 @@ func (r *HelmChartReconciler) garbageCollect(ctx context.Context, obj *sourcev1.
759777
obj.Status.Artifact = nil
760778
return nil
761779
}
780+
762781
if obj.GetArtifact() != nil {
763-
if deleted, err := r.Storage.RemoveAllButCurrent(*obj.GetArtifact()); err != nil {
782+
localPath := r.Storage.LocalPath(*obj.GetArtifact())
783+
provFilePath := localPath + ".prov"
784+
dir := filepath.Dir(localPath)
785+
callbacks := make([]func(path string, info os.FileInfo) bool, 0)
786+
callbacks = append(callbacks, func(path string, info os.FileInfo) bool {
787+
if path != localPath && path != provFilePath && info.Mode()&os.ModeSymlink != os.ModeSymlink {
788+
return true
789+
}
790+
return false
791+
})
792+
if _, err := r.Storage.RemoveConditionally(dir, callbacks); err != nil {
764793
return &serror.Event{
765794
Err: fmt.Errorf("garbage collection of old artifacts failed: %w", err),
766795
Reason: "GarbageCollectionFailed",
767796
}
768-
} else if len(deleted) > 0 {
769-
r.eventLogf(ctx, obj, events.EventTypeTrace, "GarbageCollectionSucceeded",
770-
"garbage collected old artifacts")
771797
}
772798
}
773799
return nil
@@ -1037,20 +1063,12 @@ func (r *HelmChartReconciler) getProvenanceKeyring(ctx context.Context, chart *s
10371063
var secret corev1.Secret
10381064
err := r.Client.Get(ctx, name, &secret)
10391065
if err != nil {
1040-
e := &serror.Event{
1041-
Err: fmt.Errorf("failed to get secret '%s': %w", chart.Spec.VerificationKeyring.SecretRef.Name, err),
1042-
Reason: sourcev1.AuthenticationFailedReason,
1043-
}
1044-
return nil, e
1066+
return nil, err
10451067
}
10461068
key := chart.Spec.VerificationKeyring.Key
10471069
if val, ok := secret.Data[key]; !ok {
10481070
err = fmt.Errorf("secret doesn't contain the advertised verification keyring name %s", key)
1049-
e := &serror.Event{
1050-
Err: fmt.Errorf("invalid secret '%s': %w", secret.GetName(), err),
1051-
Reason: sourcev1.AuthenticationFailedReason,
1052-
}
1053-
return nil, e
1071+
return nil, err
10541072
} else {
10551073
return val, nil
10561074
}

0 commit comments

Comments
 (0)