Detect and correct cluster drift

Signed-off-by: Stefan Prodan <[email protected]>
fluxcd · Apr 15, 2024 · c148bac · c148bac
1 parent c768955
commit c148bac
Show file tree

Hide file tree

Showing 8 changed files with 234 additions and 108 deletions.
diff --git a/.github/workflows/golangci-lint.yml → .github/workflows/golangci-lint.yaml b/.github/workflows/golangci-lint.yml → .github/workflows/golangci-lint.yaml
@@ -1,4 +1,4 @@
-name: golangci-lint
+name: golangci
 on:
  pull_request:
  branches:
@@ -8,16 +8,16 @@ permissions:
  contents: read
 
 jobs:
- golangci-lint:
- name: golangci-lint
+ lint:
  runs-on: ubuntu-latest
  steps:
  - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
  - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
  with:
  go-version-file: 'go.mod'
  cache: true
- - name: golangci-lint
- uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
+ - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
  with:
+ version: latest
+ skip-pkg-cache: true
  args: --timeout=10m
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -21,12 +21,7 @@ jobs:
  with:
  go-version-file: 'go.mod'
  cache: true
- - run: go mod download
- - run: go build -v .
- - name: Run linters
- uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
- with:
- version: latest
+ - run: make build
  generate:
  runs-on: ubuntu-latest
  steps:
@@ -152,6 +147,24 @@ jobs:
  terraform apply -auto-approve -var "github_token=${GITHUB_TOKEN}" -var "github_org=fluxcd-testing" -var "github_repository=${{ steps.vars.outputs.test_repo_name }}"
  env:
  GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+ - name: Teardown Flux
+ run: |
+ flux uninstall -s --keep-namespace
+ kubectl delete ns flux-system
+ - name: Restore Flux with Terraform
+ run: |
+ export TF_CLI_CONFIG_FILE="${PWD}/.terraformrc"
+ cd examples/github-via-ssh
+ terraform apply -auto-approve -var "github_token=${GITHUB_TOKEN}" -var "github_org=fluxcd-testing" -var "github_repository=${{ steps.vars.outputs.test_repo_name }}"
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
+ - name: No-op apply Terraform
+ run: |
+ export TF_CLI_CONFIG_FILE="${PWD}/.terraformrc"
+ cd examples/github-via-ssh
+ terraform apply -auto-approve -var "github_token=${GITHUB_TOKEN}" -var "github_org=fluxcd-testing" -var "github_repository=${{ steps.vars.outputs.test_repo_name }}"
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
  - name: Destroy Terraform
  run: |
  cd examples/github-via-ssh

diff --git a/Makefile b/Makefile
@@ -22,6 +22,12 @@ test: tidy fmt vet
 testacc: tidy fmt vet
  TF_ACC=1 go test ./... -v -count $(TEST_COUNT) -parallel $(ACCTEST_PARALLELISM) -timeout $(ACCTEST_TIMEOUT)
 
+# Run acceptance tests on macOS with the gitea-flux instance
+# Requires the following entry in /etc/hosts:
+# 127.0.0.1 gitea-flux
+testmacos: tidy fmt vet
+ TF_ACC=1 GITEA_HOSTNAME=gitea-flux go test ./... -v -parallel 1 -run TestAccBootstrapGit_Drift
+
 build:
  CGO_ENABLED=0 go build -o ./bin/terraform-provider-flux main.go
 

diff --git a/docs/index.md b/docs/index.md
@@ -125,23 +125,23 @@ provider "flux" {
 
 ### Optional
 
-- `git` (Attributes) Configuration block with settings for Kubernetes. (see [below for nested schema](#nestedatt--git))
+- `git` (Attributes) Configuration block with settings for Git. (see [below for nested schema](#nestedatt--git))
 - `kubernetes` (Attributes) Configuration block with settings for Kubernetes. (see [below for nested schema](#nestedatt--kubernetes))
 
 <a id="nestedatt--git"></a>
 ### Nested Schema for `git`
 
 Required:
 
-- `url` (String) Url of git repository to bootstrap from.
+- `url` (String) Url of Git repository to bootstrap from.
 
 Optional:
 
 - `author_email` (String) Author email for Git commits.
 - `author_name` (String) Author name for Git commits. Defaults to `Flux`.
-- `branch` (String) Branch in repository to reconcile from. Defaults to `main`.
+- `branch` (String) Branch of the repository to reconcile from. Defaults to `main`.
 - `commit_message_appendix` (String) String to add to the commit messages.
-- `gpg_key_id` (String) Key id for selecting a particular key.
+- `gpg_key_id` (String) Key id for selecting a particular GPG key.
 - `gpg_key_ring` (String) Path to the GPG key ring for signing commits.
 - `gpg_passphrase` (String, Sensitive) Passphrase for decrypting GPG private key.
 - `http` (Attributes) (see [below for nested schema](#nestedatt--git--http))
@@ -163,7 +163,7 @@ Optional:
 
 Optional:
 
-- `password` (String, Sensitive) Password for private key.
+- `password` (String, Sensitive) Password of the SSH private key.
 - `private_key` (String, Sensitive) Private key used for authenticating to the Git SSH server.
 - `username` (String) Username for Git SSH server.
 

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -207,18 +207,18 @@ func (p *fluxProvider) Schema(ctx context.Context, req provider.SchemaRequest, r
  Optional: true,
  },
  "git": schema.SingleNestedAttribute{
- Description: "Configuration block with settings for Kubernetes.",
+ Description: "Configuration block with settings for Git.",
  Attributes: map[string]schema.Attribute{
  "url": schema.StringAttribute{
  CustomType: customtypes.URLType{},
- Description: "Url of git repository to bootstrap from.",
+ Description: "Url of Git repository to bootstrap from.",
  Required: true,
  Validators: []validator.String{
  validators.URLScheme("http", "https", "ssh"),
  },
  },
  "branch": schema.StringAttribute{
- Description: fmt.Sprintf("Branch in repository to reconcile from. Defaults to `%s`.", defaultBranch),
+ Description: fmt.Sprintf("Branch of the repository to reconcile from. Defaults to `%s`.", defaultBranch),
  Optional: true,
  },
  "author_name": schema.StringAttribute{
@@ -239,7 +239,7 @@ func (p *fluxProvider) Schema(ctx context.Context, req provider.SchemaRequest, r
  Sensitive: true,
  },
  "gpg_key_id": schema.StringAttribute{
- Description: "Key id for selecting a particular key.",
+ Description: "Key id for selecting a particular GPG key.",
  Optional: true,
  },
  "commit_message_appendix": schema.StringAttribute{
@@ -253,7 +253,7 @@ func (p *fluxProvider) Schema(ctx context.Context, req provider.SchemaRequest, r
  Optional: true,
  },
  "password": schema.StringAttribute{
- Description: "Password for private key.",
+ Description: "Password of the SSH private key.",
  Optional: true,
  Sensitive: true,
  },

diff --git a/internal/provider/provider_resource_data.go b/internal/provider/provider_resource_data.go
@@ -71,8 +71,7 @@ func (prd *providerResourceData) GetKubernetesClient() (client.WithWatch, error)
  return kubeClient, nil
 }
 
-func (prd *providerResourceData) GetGitClient(ctx context.Context) (*gogit.Client, error) {
- // Git configuration
+func (prd *providerResourceData) GetGitClient(tmpDir string) (*gogit.Client, error) {
  authOpts, err := getAuthOpts(prd.git)
  if err != nil {
  return nil, err
@@ -82,11 +81,20 @@ func (prd *providerResourceData) GetGitClient(ctx context.Context) (*gogit.Clien
  clientOpts = append(clientOpts, gogit.WithInsecureCredentialsOverHTTP())
  }
 
+ gitClient, err := gogit.NewClient(tmpDir, authOpts, clientOpts...)
+ if err != nil {
+ return nil, fmt.Errorf("could not create git client: %w", err)
+ }
+
+ return gitClient, nil
+}
+
+func (prd *providerResourceData) CloneRepository(ctx context.Context) (*gogit.Client, error) {
  tmpDir, err := manifestgen.MkdirTempAbs("", "flux-bootstrap-")
  if err != nil {
  return nil, fmt.Errorf("could not create temporary working directory for git repository: %w", err)
  }
- gitClient, err := gogit.NewClient(tmpDir, authOpts, clientOpts...)
+ gitClient, err := prd.GetGitClient(tmpDir)
  if err != nil {
  return nil, fmt.Errorf("could not create git client: %w", err)
  }
@@ -102,6 +110,25 @@ func (prd *providerResourceData) GetGitClient(ctx context.Context) (*gogit.Clien
  return gitClient, nil
 }
 
+func (prd *providerResourceData) GetBootstrapProvider(tmpDir string) (*bootstrap.PlainGitBootstrapper, error) {
+ gitClient, err := prd.GetGitClient(tmpDir)
+ if err != nil {
+ return nil, fmt.Errorf("could not create git client: %w", err)
+ }
+
+ kubeClient, err := prd.GetKubernetesClient()
+ if err != nil {
+ return nil, fmt.Errorf("could not get Kubernetes client: %w", err)
+ }
+
+ bootstrapOpts, err := prd.GetBootstrapOptions()
+ if err != nil {
+ return nil, fmt.Errorf("could not get bootstrap options: %w", err)
+ }
+
+ return bootstrap.NewPlainGitProvider(gitClient, kubeClient, bootstrapOpts...)
+}
+
 func (prd *providerResourceData) GetBootstrapOptions() ([]bootstrap.GitOption, error) {
  entityList, err := prd.GetEntityList()
  if err != nil {