From 071fa1a3911ef96a56aba991b6392ef13a28003d Mon Sep 17 00:00:00 2001 From: Simon Gerber Date: Tue, 4 Jul 2023 14:57:31 +0200 Subject: [PATCH] Use `patch-operator.libsonnet` directly --- component/main.jsonnet | 10 ++-- tests/custom-logo.yml | 10 ++-- tests/custom-route-legacy.yml | 10 ++-- tests/custom-route-managed-tls.yml | 10 ++-- tests/custom-route.yml | 10 ++-- .../20_ingress_config_patch.yaml | 52 +++---------------- .../20_ingress_config_patch.yaml | 52 +++---------------- .../20_ingress_config_patch.yaml | 52 +++---------------- ..._openshift_config_ns_annotation_patch.yaml | 52 +++---------------- .../20_ingress_config_patch.yaml | 52 +++---------------- 10 files changed, 59 insertions(+), 251 deletions(-) diff --git a/component/main.jsonnet b/component/main.jsonnet index 52b54d6..13d6613 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -1,6 +1,6 @@ local kap = import 'lib/kapitan.libjsonnet'; local kube = import 'lib/kube.libjsonnet'; -local rl = import 'lib/resource-locker.libjsonnet'; +local po = import 'lib/patch-operator.libsonnet'; local inv = kap.inventory(); local params = inv.parameters.openshift4_console; @@ -129,7 +129,7 @@ local consoleRoutePatch = }, }; [ - if std.member([ 'ResourceLocker', 'Patch' ], obj.kind) then + if obj.kind == 'Patch' then obj { metadata+: { annotations+: { @@ -141,7 +141,7 @@ local consoleRoutePatch = } else obj - for obj in rl.Patch( + for obj in po.Patch( target, patch, patchstrategy='application/merge-patch+json' @@ -174,7 +174,7 @@ local openshiftConfigNsAnnotationPatch = }, }; [ - if std.member([ 'ResourceLocker', 'Patch' ], obj.kind) then + if obj.kind == 'Patch' then obj { metadata+: { annotations+: { @@ -187,7 +187,7 @@ local openshiftConfigNsAnnotationPatch = else obj for obj in - rl.Patch( + po.Patch( target, patch, patchstrategy='application/merge-patch+json' diff --git a/tests/custom-logo.yml b/tests/custom-logo.yml index 504c0cc..3252664 100644 --- a/tests/custom-logo.yml +++ b/tests/custom-logo.yml @@ -2,11 +2,13 @@ parameters: kapitan: dependencies: - type: https - source: https://raw.githubusercontent.com/projectsyn/component-resource-locker/v2.1.0/lib/resource-locker.libjsonnet - output_path: vendor/lib/resource-locker.libjsonnet + source: https://raw.githubusercontent.com/projectsyn/component-patch-operator/v1.2.0/lib/patch-operator.libsonnet + output_path: vendor/lib/patch-operator.libsonnet - resource_locker: - namespace: syn-resource-locker + patch_operator: + patch_serviceaccount: + name: patch-sa + namespace: syn-patch-operator openshift4_console: config: diff --git a/tests/custom-route-legacy.yml b/tests/custom-route-legacy.yml index 127c0ac..52b13e5 100644 --- a/tests/custom-route-legacy.yml +++ b/tests/custom-route-legacy.yml @@ -2,11 +2,13 @@ parameters: kapitan: dependencies: - type: https - source: https://raw.githubusercontent.com/projectsyn/component-resource-locker/v2.1.0/lib/resource-locker.libjsonnet - output_path: vendor/lib/resource-locker.libjsonnet + source: https://raw.githubusercontent.com/projectsyn/component-patch-operator/v1.2.0/lib/patch-operator.libsonnet + output_path: vendor/lib/patch-operator.libsonnet - resource_locker: - namespace: syn-resource-locker + patch_operator: + patch_serviceaccount: + name: patch-sa + namespace: syn-patch-operator openshift4_console: config: diff --git a/tests/custom-route-managed-tls.yml b/tests/custom-route-managed-tls.yml index dfe86ab..bdc4e17 100644 --- a/tests/custom-route-managed-tls.yml +++ b/tests/custom-route-managed-tls.yml @@ -7,14 +7,16 @@ parameters: source: https://raw.githubusercontent.com/projectsyn/component-cert-manager/v2.2.0/lib/cert-manager.libsonnet output_path: vendor/lib/cert-manager.libsonnet - type: https - source: https://raw.githubusercontent.com/projectsyn/component-resource-locker/v2.3.2/lib/resource-locker.libjsonnet - output_path: vendor/lib/resource-locker.libjsonnet + source: https://raw.githubusercontent.com/projectsyn/component-patch-operator/v1.2.0/lib/patch-operator.libsonnet + output_path: vendor/lib/patch-operator.libsonnet - type: https source: https://raw.githubusercontent.com/projectsyn/component-kyverno/v1.4.0/lib/kyverno.libsonnet output_path: vendor/lib/kyverno.libsonnet - resource_locker: - namespace: syn-resource-locker + patch_operator: + patch_serviceaccount: + name: patch-sa + namespace: syn-patch-operator openshift4_console: route: diff --git a/tests/custom-route.yml b/tests/custom-route.yml index 74092b0..a763ca8 100644 --- a/tests/custom-route.yml +++ b/tests/custom-route.yml @@ -2,11 +2,13 @@ parameters: kapitan: dependencies: - type: https - source: https://raw.githubusercontent.com/projectsyn/component-resource-locker/v2.1.0/lib/resource-locker.libjsonnet - output_path: vendor/lib/resource-locker.libjsonnet + source: https://raw.githubusercontent.com/projectsyn/component-patch-operator/v1.2.0/lib/patch-operator.libsonnet + output_path: vendor/lib/patch-operator.libsonnet - resource_locker: - namespace: syn-resource-locker + patch_operator: + patch_serviceaccount: + name: patch-sa + namespace: syn-patch-operator openshift4_console: route: diff --git a/tests/golden/custom-logo/openshift4-console/openshift4-console/20_ingress_config_patch.yaml b/tests/golden/custom-logo/openshift4-console/openshift4-console/20_ingress_config_patch.yaml index a1df8bd..ba75d1c 100644 --- a/tests/golden/custom-logo/openshift4-console/openshift4-console/20_ingress_config_patch.yaml +++ b/tests/golden/custom-logo/openshift4-console/openshift4-console/20_ingress_config_patch.yaml @@ -1,56 +1,16 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - name: cluster-manager - name: cluster-manager - namespace: syn-resource-locker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - name: syn-resource-locker-cluster-manager - name: syn-resource-locker-cluster-manager -rules: - - apiGroups: - - config.openshift.io - resources: - - ingresses - verbs: - - get - - list - - patch - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - name: syn-resource-locker-cluster-manager - name: syn-resource-locker-cluster-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: syn-resource-locker-cluster-manager -subjects: - - kind: ServiceAccount - name: cluster-manager - namespace: syn-resource-locker ---- apiVersion: redhatcop.redhat.io/v1alpha1 -kind: ResourceLocker +kind: Patch metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '10' labels: - name: cluster - name: cluster - namespace: syn-resource-locker + name: ingress-cluster-96338c6a0d5b244 + name: ingress-cluster-96338c6a0d5b244 + namespace: syn-patch-operator spec: patches: - - id: patch1 + ingress-cluster-96338c6a0d5b244-patch: patchTemplate: |- "spec": "componentRoutes": @@ -65,4 +25,4 @@ spec: kind: Ingress name: cluster serviceAccountRef: - name: cluster-manager + name: patch-sa diff --git a/tests/golden/custom-route-legacy/openshift4-console/openshift4-console/20_ingress_config_patch.yaml b/tests/golden/custom-route-legacy/openshift4-console/openshift4-console/20_ingress_config_patch.yaml index 53fecca..edf4a1d 100644 --- a/tests/golden/custom-route-legacy/openshift4-console/openshift4-console/20_ingress_config_patch.yaml +++ b/tests/golden/custom-route-legacy/openshift4-console/openshift4-console/20_ingress_config_patch.yaml @@ -1,56 +1,16 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - name: cluster-manager - name: cluster-manager - namespace: syn-resource-locker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - name: syn-resource-locker-cluster-manager - name: syn-resource-locker-cluster-manager -rules: - - apiGroups: - - config.openshift.io - resources: - - ingresses - verbs: - - get - - list - - patch - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - name: syn-resource-locker-cluster-manager - name: syn-resource-locker-cluster-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: syn-resource-locker-cluster-manager -subjects: - - kind: ServiceAccount - name: cluster-manager - namespace: syn-resource-locker ---- apiVersion: redhatcop.redhat.io/v1alpha1 -kind: ResourceLocker +kind: Patch metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '10' labels: - name: cluster - name: cluster - namespace: syn-resource-locker + name: ingress-cluster-96338c6a0d5b244 + name: ingress-cluster-96338c6a0d5b244 + namespace: syn-patch-operator spec: patches: - - id: patch1 + ingress-cluster-96338c6a0d5b244-patch: patchTemplate: |- "spec": "componentRoutes": @@ -63,4 +23,4 @@ spec: kind: Ingress name: cluster serviceAccountRef: - name: cluster-manager + name: patch-sa diff --git a/tests/golden/custom-route-managed-tls/openshift4-console/openshift4-console/20_ingress_config_patch.yaml b/tests/golden/custom-route-managed-tls/openshift4-console/openshift4-console/20_ingress_config_patch.yaml index 643227c..a2087b2 100644 --- a/tests/golden/custom-route-managed-tls/openshift4-console/openshift4-console/20_ingress_config_patch.yaml +++ b/tests/golden/custom-route-managed-tls/openshift4-console/openshift4-console/20_ingress_config_patch.yaml @@ -1,56 +1,16 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - name: ingress-config-openshift-io-cluster-manager - name: ingress-config-openshift-io-cluster-manager - namespace: syn-resource-locker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - name: syn-resource-locker-ingress-config-openshift-io-cluster-manager - name: syn-resource-locker-ingress-config-openshift-io-cluster-manager -rules: - - apiGroups: - - config.openshift.io - resources: - - ingresses - verbs: - - get - - list - - patch - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - name: syn-resource-locker-ingress-config-openshift-io-cluster-manager - name: syn-resource-locker-ingress-config-openshift-io-cluster-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: syn-resource-locker-ingress-config-openshift-io-cluster-manager -subjects: - - kind: ServiceAccount - name: ingress-config-openshift-io-cluster-manager - namespace: syn-resource-locker ---- apiVersion: redhatcop.redhat.io/v1alpha1 -kind: ResourceLocker +kind: Patch metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '10' labels: - name: ingress-config-openshift-io-cluster - name: ingress-config-openshift-io-cluster - namespace: syn-resource-locker + name: ingress-cluster-96338c6a0d5b244 + name: ingress-cluster-96338c6a0d5b244 + namespace: syn-patch-operator spec: patches: - - id: patch1 + ingress-cluster-96338c6a0d5b244-patch: patchTemplate: |- "spec": "componentRoutes": @@ -65,4 +25,4 @@ spec: kind: Ingress name: cluster serviceAccountRef: - name: ingress-config-openshift-io-cluster-manager + name: patch-sa diff --git a/tests/golden/custom-route-managed-tls/openshift4-console/openshift4-console/20_openshift_config_ns_annotation_patch.yaml b/tests/golden/custom-route-managed-tls/openshift4-console/openshift4-console/20_openshift_config_ns_annotation_patch.yaml index c7b4d56..46ef949 100644 --- a/tests/golden/custom-route-managed-tls/openshift4-console/openshift4-console/20_openshift_config_ns_annotation_patch.yaml +++ b/tests/golden/custom-route-managed-tls/openshift4-console/openshift4-console/20_openshift_config_ns_annotation_patch.yaml @@ -1,56 +1,16 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - name: namespace-openshift-config-manager - name: namespace-openshift-config-manager - namespace: syn-resource-locker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - name: syn-resource-locker-namespace-openshift-config-manager - name: syn-resource-locker-namespace-openshift-config-manager -rules: - - apiGroups: - - '' - resources: - - namespaces - verbs: - - get - - list - - patch - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - name: syn-resource-locker-namespace-openshift-config-manager - name: syn-resource-locker-namespace-openshift-config-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: syn-resource-locker-namespace-openshift-config-manager -subjects: - - kind: ServiceAccount - name: namespace-openshift-config-manager - namespace: syn-resource-locker ---- apiVersion: redhatcop.redhat.io/v1alpha1 -kind: ResourceLocker +kind: Patch metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '5' labels: - name: namespace-openshift-config - name: namespace-openshift-config - namespace: syn-resource-locker + name: namespace-openshift-config-2c8343f13594d63 + name: namespace-openshift-config-2c8343f13594d63 + namespace: syn-patch-operator spec: patches: - - id: patch1 + namespace-openshift-config-2c8343f13594d63-patch: patchTemplate: |- "metadata": "annotations": @@ -61,4 +21,4 @@ spec: kind: Namespace name: openshift-config serviceAccountRef: - name: namespace-openshift-config-manager + name: patch-sa diff --git a/tests/golden/custom-route/openshift4-console/openshift4-console/20_ingress_config_patch.yaml b/tests/golden/custom-route/openshift4-console/openshift4-console/20_ingress_config_patch.yaml index b3b28c1..a2087b2 100644 --- a/tests/golden/custom-route/openshift4-console/openshift4-console/20_ingress_config_patch.yaml +++ b/tests/golden/custom-route/openshift4-console/openshift4-console/20_ingress_config_patch.yaml @@ -1,56 +1,16 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - name: cluster-manager - name: cluster-manager - namespace: syn-resource-locker ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - name: syn-resource-locker-cluster-manager - name: syn-resource-locker-cluster-manager -rules: - - apiGroups: - - config.openshift.io - resources: - - ingresses - verbs: - - get - - list - - patch - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - name: syn-resource-locker-cluster-manager - name: syn-resource-locker-cluster-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: syn-resource-locker-cluster-manager -subjects: - - kind: ServiceAccount - name: cluster-manager - namespace: syn-resource-locker ---- apiVersion: redhatcop.redhat.io/v1alpha1 -kind: ResourceLocker +kind: Patch metadata: annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true argocd.argoproj.io/sync-wave: '10' labels: - name: cluster - name: cluster - namespace: syn-resource-locker + name: ingress-cluster-96338c6a0d5b244 + name: ingress-cluster-96338c6a0d5b244 + namespace: syn-patch-operator spec: patches: - - id: patch1 + ingress-cluster-96338c6a0d5b244-patch: patchTemplate: |- "spec": "componentRoutes": @@ -65,4 +25,4 @@ spec: kind: Ingress name: cluster serviceAccountRef: - name: cluster-manager + name: patch-sa