From 1c9ae357b5bdda5503250f3eb67849e858a545fd Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Fri, 14 Jul 2023 09:36:27 -0600 Subject: [PATCH 01/21] working version with hardcoded values Signed-off-by: Meredith Lancaster --- hack/local-dev.sh | 105 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100755 hack/local-dev.sh diff --git a/hack/local-dev.sh b/hack/local-dev.sh new file mode 100755 index 000000000..841c1e8c0 --- /dev/null +++ b/hack/local-dev.sh @@ -0,0 +1,105 @@ +#!/bin/bash + +# Copyright 2022 The Sigstore Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The script can take two optional arguments: +# 1. cluster-name - default value is 'policy-controller-demo' +# 2. ko-docker-repo - if no value is provided, the local Kind registry is used +# + +LOCAL_REGISTRY_NAME="registry.local" +LOCAL_REGISTRY_PORT=5001 +K8S_VERSION="1.24.7" +KIND_IMAGE_SHA="sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315" +KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} + +if [ -z "$1" ] +then + echo "cluster-name argument not provided, using default name 'policy-controller-demo'" + CLUSTER_NAME="policy-controller-demo" +else + CLUSTER_NAME="$1" +fi + +if [ -z "$2" ] +then + echo "ko-docker-repo arugment not provided, the local Kind registry will be used" + USE_LOCAL_REGISTRY=true + export KO_DOCKER_REPO="registry.local:5001/sigstore" +else + USE_LOCAL_REGISTRY=false + export KO_DOCKER_REPO="$2" +fi + +cat > kind.yaml < 127.0.0.1, to tell `ko` to publish to + # local reigstry, even when pushing $LOCAL_REGISTRY_NAME:$LOCAL_REGISTRY_PORT/some/image + echo "127.0.0.1 $LOCAL_REGISTRY_NAME" | sudo tee -a /etc/hosts + fi +fi + +GIT_HASH=$(git rev-parse HEAD) +GIT_VERSION=$(git describe --tags --always --dirty) + +CONFIG_FILES=$(find ../config -name "*.yaml" ! -name 'kustomization.yaml' | sort) + +for i in ${CONFIG_FILES[@]} +do + ko apply -f $i +done From 6e4baab5f928af0806a7a99b1a501ff8c52373cf Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Fri, 14 Jul 2023 11:31:54 -0600 Subject: [PATCH 02/21] set kind image Signed-off-by: Meredith Lancaster --- hack/local-dev.sh | 115 +++++++++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 47 deletions(-) diff --git a/hack/local-dev.sh b/hack/local-dev.sh index 841c1e8c0..354d5f475 100755 --- a/hack/local-dev.sh +++ b/hack/local-dev.sh @@ -21,9 +21,8 @@ LOCAL_REGISTRY_NAME="registry.local" LOCAL_REGISTRY_PORT=5001 -K8S_VERSION="1.24.7" -KIND_IMAGE_SHA="sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315" -KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} +K8S_VERSION="v1.24.x" +KIND_VERSION="v0.15.0" if [ -z "$1" ] then @@ -36,62 +35,84 @@ fi if [ -z "$2" ] then echo "ko-docker-repo arugment not provided, the local Kind registry will be used" - USE_LOCAL_REGISTRY=true - export KO_DOCKER_REPO="registry.local:5001/sigstore" + export KO_DOCKER_REPO="$LOCAL_REGISTRY_NAME:$LOCAL_REGISTRY_PORT/sigstore" else - USE_LOCAL_REGISTRY=false export KO_DOCKER_REPO="$2" fi +if [ -z "$3" ] +then + echo "K8s version not provided, using default ${K8S_VERSION}" +else + export K8S_VERSION="$3" +fi + +# Map the Kind image version to this version of Kind and K8s +case ${K8S_VERSION} in + v1.23.x) + K8S_VERSION="1.23.13" + KIND_IMAGE_SHA="sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61" + KIND_IMAGE="kindest/node:v${K8S_VERSION}@${KIND_IMAGE_SHA}" + ;; + v1.24.x) + K8S_VERSION="1.24.7" + KIND_IMAGE_SHA="sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315" + KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} + ;; + v1.25.x) + K8S_VERSION="1.25.3" + KIND_IMAGE_SHA="sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1" + KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} + ;; + v1.26.x) + K8S_VERSION="1.26.0" + KIND_IMAGE_SHA="sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352" + KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} + ;; + *) echo "Unsupported version: ${K8S_VERSION}"; exit 1 ;; +esac + +# Create a basic Kind cluster configuration cat > kind.yaml <> kind.yaml < 127.0.0.1, to tell `ko` to publish to - # local reigstry, even when pushing $LOCAL_REGISTRY_NAME:$LOCAL_REGISTRY_PORT/some/image - echo "127.0.0.1 $LOCAL_REGISTRY_NAME" | sudo tee -a /etc/hosts - fi + if ! grep -q "$LOCAL_REGISTRY_NAME" /etc/hosts; then + # Make the $LOCAL_REGISTRY_NAME -> 127.0.0.1, to tell `ko` to publish to + # local reigstry, even when pushing $LOCAL_REGISTRY_NAME:$LOCAL_REGISTRY_PORT/some/image + echo "127.0.0.1 $LOCAL_REGISTRY_NAME" | sudo tee -a /etc/hosts + fi +else + echo "Configuring a cluster to use the provided registry $KO_DOCKER_REPO..." + + echo "Creating Kind cluster $CLUSTER_NAME..." + kind create cluster --config kind.yaml fi GIT_HASH=$(git rev-parse HEAD) From 382323446c587cbce801ada923906a855d4b6b01 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Fri, 14 Jul 2023 12:07:25 -0600 Subject: [PATCH 03/21] cleanup file Signed-off-by: Meredith Lancaster --- hack/local-dev.sh | 71 ++++++++++++++++++++++++----------------------- 1 file changed, 36 insertions(+), 35 deletions(-) diff --git a/hack/local-dev.sh b/hack/local-dev.sh index 354d5f475..7b9b60d8e 100755 --- a/hack/local-dev.sh +++ b/hack/local-dev.sh @@ -19,32 +19,40 @@ # 2. ko-docker-repo - if no value is provided, the local Kind registry is used # -LOCAL_REGISTRY_NAME="registry.local" -LOCAL_REGISTRY_PORT=5001 +CLUSTER_NAME="policy-controller-demo" K8S_VERSION="v1.24.x" KIND_VERSION="v0.15.0" +LOCAL_REGISTRY_NAME="registry.local" +LOCAL_REGISTRY_PORT=5001 +REGISTRY_NAME=$LOCAL_REGISTRY_NAME +REGISTRY_PORT=$LOCAL_REGISTRY_PORT + +while [[ $# -ne 0 ]]; do + parameter="$1" + case "${parameter}" in + --cluster-name) + shift + CLUSTER_NAME="$1" + ;; + --k8s-version) + shift + K8S_VERSION="$1" + ;; + --registry-url) + shift + REGISTRY_NAME="$(echo "$1" | cut -d':' -f 1)" + REGISTRY_PORT="$(echo "$1" | cut -d':' -f 2)" + ;; + *) echo "unknown option ${parameter}"; exit 1 ;; + esac + shift +done -if [ -z "$1" ] -then - echo "cluster-name argument not provided, using default name 'policy-controller-demo'" - CLUSTER_NAME="policy-controller-demo" -else - CLUSTER_NAME="$1" -fi - -if [ -z "$2" ] +if [ $REGISTRY_NAME = $LOCAL_REGISTRY_NAME ]; then - echo "ko-docker-repo arugment not provided, the local Kind registry will be used" export KO_DOCKER_REPO="$LOCAL_REGISTRY_NAME:$LOCAL_REGISTRY_PORT/sigstore" else - export KO_DOCKER_REPO="$2" -fi - -if [ -z "$3" ] -then - echo "K8s version not provided, using default ${K8S_VERSION}" -else - export K8S_VERSION="$3" + export KO_DOCKER_REPO="$REGISTRY_NAME" fi # Map the Kind image version to this version of Kind and K8s @@ -80,21 +88,16 @@ cat > kind.yaml <> kind.yaml < Date: Fri, 14 Jul 2023 12:23:56 -0600 Subject: [PATCH 04/21] remove old local dev tooling and docs Signed-off-by: Meredith Lancaster --- .gitignore | 3 + README.md | 20 ++++++- cmd/local-dev/clean.go | 64 --------------------- cmd/local-dev/main.go | 20 ------- cmd/local-dev/root.go | 36 ------------ cmd/local-dev/setup.go | 127 ----------------------------------------- hack/local-dev.sh | 6 +- 7 files changed, 23 insertions(+), 253 deletions(-) delete mode 100644 cmd/local-dev/clean.go delete mode 100644 cmd/local-dev/main.go delete mode 100644 cmd/local-dev/root.go delete mode 100644 cmd/local-dev/setup.go diff --git a/.gitignore b/.gitignore index a4925f8fc..0a3dcda9b 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,6 @@ policy-tester *.swp gha-creds-*.json + +# Kind cluster configuration produced by hack/local-dev.sh +kind.yaml diff --git a/README.md b/README.md index 3d02140a1..11c06e510 100644 --- a/README.md +++ b/README.md @@ -46,10 +46,24 @@ Then run it pointing to a YAML file containing a ClusterImagePolicy, and an imag ## Local Development -You can spin up a local [Kind](https://kind.sigs.k8s.io/) K8s cluster to test local changes to the policy controller using the `` -CLI tool. Build the tool with `make local-dev` and then run it with `./bin/local-dev setup --cluster-name= --ko-docker-repo=`. +You can spin up a local [Kind](https://kind.sigs.k8s.io/) K8s cluster to test local changes to the policy controller using the `./hack/local-dev.sh` script. It optionally accepts the following flags: +``` +--cluster-name +--k8s-version +--registry-url +``` + +If no registry URL is provided, a local registry will be used. -You can clean up the cluster with `./bin/local-dev clean --cluster-name=`. +### Cleaning Up + +Clean up the Kind cluster with `kind delete cluster --name=` + +If the local registry was used, clean it up with: +```bash +docker stop registry.local +docker rm registry.local +``` You will need to have the following tools installed to use this: - [Docker](https://docs.docker.com/get-docker/) diff --git a/cmd/local-dev/clean.go b/cmd/local-dev/clean.go deleted file mode 100644 index 19cca9ad6..000000000 --- a/cmd/local-dev/clean.go +++ /dev/null @@ -1,64 +0,0 @@ -// -// Copyright 2023 The Sigstore Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package main - -import ( - "bytes" - "fmt" - "log" - "os/exec" - - "github.com/spf13/cobra" - "github.com/spf13/viper" -) - -func addCleanFlags(cmd *cobra.Command) { - cmd.Flags().String("cluster-name", "policy-controller-demo", "name of the dev policy controller cluster") -} - -func init() { - addCleanFlags(cleanCmd) - rootCmd.AddCommand(cleanCmd) -} - -var cleanCmd = &cobra.Command{ - Use: "clean", - Short: "cleanup the local k8s cluster", - Long: "Cleanup the local k8s cluster", - PreRunE: func(cmd *cobra.Command, args []string) error { - if err := viper.BindPFlags(cmd.Flags()); err != nil { - log.Fatal("Error initializing cmd line args: ", err) - } - return nil - }, - Run: func(cmd *cobra.Command, args []string) { - clean() - }, -} - -func clean() { - var stderr bytes.Buffer - - // clean up the local cluster - clusterName := viper.GetString("cluster-name") - fmt.Printf("Cleaning up the kind cluster %s...", clusterName) - - removeCluster := exec.Command("kind", "delete", "cluster", "--name", clusterName) - removeCluster.Stderr = &stderr - if err := removeCluster.Run(); err != nil { - log.Fatal(buildFatalMessage(err, stderr)) - } -} diff --git a/cmd/local-dev/main.go b/cmd/local-dev/main.go deleted file mode 100644 index 511261e56..000000000 --- a/cmd/local-dev/main.go +++ /dev/null @@ -1,20 +0,0 @@ -// -// Copyright 2023 The Sigstore Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package main - -func main() { - Execute() -} diff --git a/cmd/local-dev/root.go b/cmd/local-dev/root.go deleted file mode 100644 index 43e491f8b..000000000 --- a/cmd/local-dev/root.go +++ /dev/null @@ -1,36 +0,0 @@ -// -// Copyright 2023 The Sigstore Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package main - -import ( - "fmt" - "os" - - "github.com/spf13/cobra" -) - -var rootCmd = &cobra.Command{ - Use: "local-dev", - Short: "Create, manage, and destroy a local k8s cluster for testing the policy controller", - Long: "Create, manage, and destroy a local k8s cluster for testing the policy controller", -} - -func Execute() { - if err := rootCmd.Execute(); err != nil { - fmt.Fprintln(os.Stderr, err) - os.Exit(1) - } -} diff --git a/cmd/local-dev/setup.go b/cmd/local-dev/setup.go deleted file mode 100644 index 5d6db5cb8..000000000 --- a/cmd/local-dev/setup.go +++ /dev/null @@ -1,127 +0,0 @@ -// -// Copyright 2023 The Sigstore Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package main - -import ( - "bytes" - "fmt" - "io/fs" - "log" - "os" - "os/exec" - "path/filepath" - - "github.com/spf13/cobra" - "github.com/spf13/viper" -) - -func addSetupFlags(cmd *cobra.Command) { - cmd.Flags().String("cluster-name", "policy-controller-demo", "name of the dev policy controller cluster") - cmd.Flags().String("ko-docker-repo", "", "name of the Ko Docker repository to use") - cmd.MarkFlagRequired("ko-docker-repo") //nolint:errcheck -} - -var setupCmd = &cobra.Command{ - Use: "setup", - Short: "setup local k8s cluster for testing policy controller", - Long: "Setup a local k8s cluster for testing policy controller", - PreRunE: func(cmd *cobra.Command, args []string) error { - if err := viper.BindPFlags(cmd.Flags()); err != nil { - log.Fatal("Error initializing cmd line args: ", err) - } - return nil - }, - Run: func(cmd *cobra.Command, args []string) { - setup() - }, -} - -func buildFatalMessage(err error, stderr bytes.Buffer) string { - return fmt.Sprintf("%v: %s", err, stderr.String()) -} - -func setup() { - var stderr bytes.Buffer - - koDockerRepo := viper.GetString("ko-docker-repo") - err := os.Setenv("KO_DOCKER_REPO", koDockerRepo) - if err != nil { - log.Fatal(buildFatalMessage(err, stderr)) - } - - // Create the new Kind cluster - clusterName := viper.GetString("cluster-name") - fmt.Println("Creating Kind cluster " + clusterName) - startKindCluster := exec.Command("kind", "create", "cluster", "--name", clusterName) - startKindCluster.Stderr = &stderr - if err = startKindCluster.Run(); err != nil { - log.Fatal(buildFatalMessage(err, stderr)) - } - - setGitHash := exec.Command("git", "rev-parse", "HEAD") - setGitHash.Stderr = &stderr - outBytes, err := setGitHash.Output() - if err != nil { - log.Fatal(buildFatalMessage(err, stderr)) - } - - err = os.Setenv("GIT_HASH", string(outBytes)) - if err != nil { - log.Fatal(buildFatalMessage(err, stderr)) - } - - setGitVersion := exec.Command("git", "describe", "--tags", "--always", "--dirty") - setGitVersion.Stderr = &stderr - outBytes, err = setGitVersion.Output() - if err != nil { - log.Fatal(buildFatalMessage(err, stderr)) - } - - err = os.Setenv("GIT_VERSION", string(outBytes)) - if err != nil { - log.Fatal(buildFatalMessage(err, stderr)) - } - - var configFiles []string - err = filepath.WalkDir("config", func(path string, d fs.DirEntry, err error) error { - if err != nil { - return err - } - - if filepath.Ext(d.Name()) == ".yaml" && d.Name() != "kustomization.yaml" { - configFiles = append(configFiles, path) - } - return nil - }) - if err != nil { - log.Fatal(err) - } - - fmt.Println("Applying local policy controller manifests...") - for _, configFile := range configFiles { - koApply := exec.Command("ko", "apply", "-f", configFile) - koApply.Stderr = &stderr - _, err = koApply.Output() - if err != nil { - log.Fatal(buildFatalMessage(err, stderr)) - } - } -} - -func init() { - addSetupFlags(setupCmd) - rootCmd.AddCommand(setupCmd) -} diff --git a/hack/local-dev.sh b/hack/local-dev.sh index 7b9b60d8e..31d745855 100755 --- a/hack/local-dev.sh +++ b/hack/local-dev.sh @@ -116,10 +116,10 @@ else kind create cluster --config kind.yaml fi -GIT_HASH=$(git rev-parse HEAD) -GIT_VERSION=$(git describe --tags --always --dirty) +export GIT_HASH=$(git rev-parse HEAD) +export GIT_VERSION=$(git describe --tags --always --dirty) -CONFIG_FILES=$(find ../config -name "*.yaml" ! -name 'kustomization.yaml' | sort) +CONFIG_FILES=$(find config -name "*.yaml" ! -name 'kustomization.yaml' | sort) for i in ${CONFIG_FILES[@]} do From d23542293ffce1e09f471a30f747064225fca155 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Fri, 14 Jul 2023 12:35:50 -0600 Subject: [PATCH 05/21] update comments Signed-off-by: Meredith Lancaster --- hack/local-dev.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hack/local-dev.sh b/hack/local-dev.sh index 31d745855..ea6ce0f13 100755 --- a/hack/local-dev.sh +++ b/hack/local-dev.sh @@ -14,11 +14,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -# The script can take two optional arguments: +# The script accepts the following optional arguments: # 1. cluster-name - default value is 'policy-controller-demo' -# 2. ko-docker-repo - if no value is provided, the local Kind registry is used +# 2. k8s-version - default value is 'v1.24.x' +# 3. registry-url - if no value is provided, the local Kind registry is used # +set -o errexit + CLUSTER_NAME="policy-controller-demo" K8S_VERSION="v1.24.x" KIND_VERSION="v0.15.0" From 535ad2dcbb93f2618a8409544d0b208dab3f6212 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Fri, 14 Jul 2023 12:59:55 -0600 Subject: [PATCH 06/21] remove local-dev target Signed-off-by: Meredith Lancaster --- Makefile | 5 ----- 1 file changed, 5 deletions(-) diff --git a/Makefile b/Makefile index 409f8f69a..b08fd7a4d 100644 --- a/Makefile +++ b/Makefile @@ -93,11 +93,6 @@ policy-controller: policy-tester: CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o $@ ./cmd/tester -## Build local-dev binary -.PHONY: local-dev -local-dev: - CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o bin/$@ ./cmd/local-dev - ##################### # lint / test section ##################### From 369b586bc89870dc91468a9b90407136643cc78a Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Fri, 14 Jul 2023 13:00:08 -0600 Subject: [PATCH 07/21] go mod tidy Signed-off-by: Meredith Lancaster --- go.mod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index f9b196828..5328cc666 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,7 @@ require ( sigs.k8s.io/yaml v1.3.0 ) -require github.com/spf13/cobra v1.7.0 +require github.com/spf13/cobra v1.7.0 // indirect require ( github.com/go-jose/go-jose/v3 v3.0.0 @@ -64,7 +64,6 @@ require ( github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.1 github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.1 github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.1 - github.com/spf13/viper v1.16.0 ) require ( @@ -232,6 +231,7 @@ require ( github.com/spf13/cast v1.5.1 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect + github.com/spf13/viper v1.16.0 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect From ec53e666192801eda6fb7834e1903c94a2ab8760 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Fri, 14 Jul 2023 13:14:48 -0600 Subject: [PATCH 08/21] codgen update Signed-off-by: Meredith Lancaster --- .../sdk/security/keyvault/azkeys/LICENSE.txt | 21 ++ .../security/keyvault/internal/LICENSE.txt | 21 ++ third_party/VENDOR-LICENSE/github.com/LICENSE | 201 +++++++++++++++++ .../github.com/nozzle/throttler/LICENSE | 202 ++++++++++++++++++ 4 files changed, 445 insertions(+) create mode 100644 third_party/VENDOR-LICENSE/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys/LICENSE.txt create mode 100644 third_party/VENDOR-LICENSE/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/LICENSE.txt create mode 100644 third_party/VENDOR-LICENSE/github.com/LICENSE create mode 100644 third_party/VENDOR-LICENSE/github.com/nozzle/throttler/LICENSE diff --git a/third_party/VENDOR-LICENSE/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys/LICENSE.txt b/third_party/VENDOR-LICENSE/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys/LICENSE.txt new file mode 100644 index 000000000..d1ca00f20 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys/LICENSE.txt @@ -0,0 +1,21 @@ + MIT License + + Copyright (c) Microsoft Corporation. All rights reserved. + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE \ No newline at end of file diff --git a/third_party/VENDOR-LICENSE/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/LICENSE.txt b/third_party/VENDOR-LICENSE/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/LICENSE.txt new file mode 100644 index 000000000..d1ca00f20 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal/LICENSE.txt @@ -0,0 +1,21 @@ + MIT License + + Copyright (c) Microsoft Corporation. All rights reserved. + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE \ No newline at end of file diff --git a/third_party/VENDOR-LICENSE/github.com/LICENSE b/third_party/VENDOR-LICENSE/github.com/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/third_party/VENDOR-LICENSE/github.com/nozzle/throttler/LICENSE b/third_party/VENDOR-LICENSE/github.com/nozzle/throttler/LICENSE new file mode 100644 index 000000000..e06d20818 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/nozzle/throttler/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + From 3a3a61cb63bb00557c435173db1c82b67822723f Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Fri, 14 Jul 2023 16:37:04 -0600 Subject: [PATCH 09/21] pr feedback Signed-off-by: Meredith Lancaster --- hack/local-dev.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hack/local-dev.sh b/hack/local-dev.sh index ea6ce0f13..03ca59dc5 100755 --- a/hack/local-dev.sh +++ b/hack/local-dev.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2022 The Sigstore Authors +# Copyright 2023 The Sigstore Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ set -o errexit CLUSTER_NAME="policy-controller-demo" -K8S_VERSION="v1.24.x" +K8S_VERSION="v1.26.x" KIND_VERSION="v0.15.0" LOCAL_REGISTRY_NAME="registry.local" LOCAL_REGISTRY_PORT=5001 From faa6f3fb8a619e93d0f12179ebb7264d13b5f1cf Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 17 Jul 2023 08:49:36 -0600 Subject: [PATCH 10/21] support local registry use with the CLI Signed-off-by: Meredith Lancaster --- Makefile | 5 + README.md | 26 ++--- cmd/local-dev/clean.go | 93 +++++++++++++++++ cmd/local-dev/main.go | 20 ++++ cmd/local-dev/root.go | 36 +++++++ cmd/local-dev/setup.go | 229 +++++++++++++++++++++++++++++++++++++++++ go.mod | 9 +- go.sum | 9 ++ 8 files changed, 407 insertions(+), 20 deletions(-) create mode 100644 cmd/local-dev/clean.go create mode 100644 cmd/local-dev/main.go create mode 100644 cmd/local-dev/root.go create mode 100644 cmd/local-dev/setup.go diff --git a/Makefile b/Makefile index b08fd7a4d..409f8f69a 100644 --- a/Makefile +++ b/Makefile @@ -93,6 +93,11 @@ policy-controller: policy-tester: CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o $@ ./cmd/tester +## Build local-dev binary +.PHONY: local-dev +local-dev: + CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o bin/$@ ./cmd/local-dev + ##################### # lint / test section ##################### diff --git a/README.md b/README.md index 11c06e510..a7cc11b68 100644 --- a/README.md +++ b/README.md @@ -46,24 +46,10 @@ Then run it pointing to a YAML file containing a ClusterImagePolicy, and an imag ## Local Development -You can spin up a local [Kind](https://kind.sigs.k8s.io/) K8s cluster to test local changes to the policy controller using the `./hack/local-dev.sh` script. It optionally accepts the following flags: -``` ---cluster-name ---k8s-version ---registry-url -``` - -If no registry URL is provided, a local registry will be used. - -### Cleaning Up +You can spin up a local [Kind](https://kind.sigs.k8s.io/) K8s cluster to test local changes to the policy controller using the `` +CLI tool. Build the tool with `make local-dev` and then run it with `./bin/local-dev setup --cluster-name= --registry-url=`. -Clean up the Kind cluster with `kind delete cluster --name=` - -If the local registry was used, clean it up with: -```bash -docker stop registry.local -docker rm registry.local -``` +You can clean up the cluster with `./bin/local-dev clean --cluster-name=`. You will need to have the following tools installed to use this: - [Docker](https://docs.docker.com/get-docker/) @@ -71,6 +57,12 @@ You will need to have the following tools installed to use this: - [ko](https://ko.build/install/) - [kubectl](https://kubernetes.io/docs/tasks/tools/) +### Use local registry + +If you would like to use the local Kind registry instead of a live one, +do not include the `registry-url` flag when calling the CLI. It will default to using the local registry. But before running the CLI, you must add the following line to your `/etc/hosts` file first: +`127.0.0.1 registry.local` + ## Support Policy This policy-controller's versions are able to run in the following versions of Kubernetes: diff --git a/cmd/local-dev/clean.go b/cmd/local-dev/clean.go new file mode 100644 index 000000000..5b16db25e --- /dev/null +++ b/cmd/local-dev/clean.go @@ -0,0 +1,93 @@ +// +// Copyright 2023 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "bytes" + "context" + "fmt" + "log" + "os/exec" + + "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" + "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/client" + "github.com/spf13/cobra" + "github.com/spf13/viper" +) + +func addCleanFlags(cmd *cobra.Command) { + cmd.Flags().String("cluster-name", "policy-controller-demo", "name of the dev policy controller cluster") +} + +func init() { + addCleanFlags(cleanCmd) + rootCmd.AddCommand(cleanCmd) +} + +var cleanCmd = &cobra.Command{ + Use: "clean", + Short: "cleanup the local k8s cluster", + Long: "Cleanup the local k8s cluster", + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := viper.BindPFlags(cmd.Flags()); err != nil { + log.Fatal("Error initializing cmd line args: ", err) + } + return nil + }, + Run: func(cmd *cobra.Command, args []string) { + clean() + }, +} + +func clean() { + var stderr bytes.Buffer + + // clean up the local cluster + clusterName := viper.GetString("cluster-name") + fmt.Printf("Cleaning up the kind cluster %s...\n", clusterName) + + removeCluster := exec.Command("kind", "delete", "cluster", "--name", clusterName) + removeCluster.Stderr = &stderr + if err := removeCluster.Run(); err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + + cli, err := client.NewClientWithOpts( + client.FromEnv, + client.WithAPIVersionNegotiation(), + ) + if err != nil { + panic(err) + } + defer cli.Close() + + containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{Filters: filters.NewArgs(filters.KeyValuePair{Key: "name", Value: "registry.local"})}) + if err != nil { + panic(err) + } + + if containers != nil { + fmt.Println("Cleaning up registry.local...") + if err := cli.ContainerStop(context.Background(), containers[0].ID, container.StopOptions{}); err != nil { + panic(err) + } + if err := cli.ContainerRemove(context.Background(), containers[0].ID, types.ContainerRemoveOptions{}); err != nil { + panic(err) + } + } +} diff --git a/cmd/local-dev/main.go b/cmd/local-dev/main.go new file mode 100644 index 000000000..511261e56 --- /dev/null +++ b/cmd/local-dev/main.go @@ -0,0 +1,20 @@ +// +// Copyright 2023 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +func main() { + Execute() +} diff --git a/cmd/local-dev/root.go b/cmd/local-dev/root.go new file mode 100644 index 000000000..43e491f8b --- /dev/null +++ b/cmd/local-dev/root.go @@ -0,0 +1,36 @@ +// +// Copyright 2023 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "fmt" + "os" + + "github.com/spf13/cobra" +) + +var rootCmd = &cobra.Command{ + Use: "local-dev", + Short: "Create, manage, and destroy a local k8s cluster for testing the policy controller", + Long: "Create, manage, and destroy a local k8s cluster for testing the policy controller", +} + +func Execute() { + if err := rootCmd.Execute(); err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } +} diff --git a/cmd/local-dev/setup.go b/cmd/local-dev/setup.go new file mode 100644 index 000000000..c3d004746 --- /dev/null +++ b/cmd/local-dev/setup.go @@ -0,0 +1,229 @@ +// +// Copyright 2023 The Sigstore Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "bytes" + "context" + "fmt" + "io/fs" + "log" + "os" + "os/exec" + "path/filepath" + + "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/container" + "github.com/docker/docker/client" + "github.com/docker/go-connections/nat" + "github.com/spf13/cobra" + "github.com/spf13/viper" +) + +const ( + localRegistryName = "registry.local" + localRegistryPort = 5001 +) + +var kindClusterConfig = ` +apiVersion: kind.x-k8s.io/v1alpha4 +kind: Cluster +name: "%s" +nodes: +- role: control-plane + image: "%s" +# Configure registry for KinD. +containerdConfigPatches: +- |- + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."%s:%d"] + endpoint = ["http://%s:%d"] +` + +func addSetupFlags(cmd *cobra.Command) { + cmd.Flags().String("cluster-name", "policy-controller-demo", "name of the dev policy controller cluster") + cmd.Flags().String("registry-url", "registry.local", "URL of the Ko Docker registry to use. If no registry is provided, the local Kind registry will be used") + cmd.Flags().String("k8s-version", "v1.26.x", "name of the Ko Docker repository to use") +} + +var setupCmd = &cobra.Command{ + Use: "setup", + Short: "setup local k8s cluster for testing policy controller", + Long: "Setup a local k8s cluster for testing policy controller", + PreRunE: func(cmd *cobra.Command, args []string) error { + if err := viper.BindPFlags(cmd.Flags()); err != nil { + log.Fatal("Error initializing cmd line args: ", err) + } + return nil + }, + Run: func(cmd *cobra.Command, args []string) { + setup() + }, +} + +func buildFatalMessage(err error, stderr bytes.Buffer) string { + return fmt.Sprintf("%v: %s", err, stderr.String()) +} + +func setup() { + var stderr bytes.Buffer + + registryURL := viper.GetString("registry-url") + if registryURL == localRegistryName { + fullLocalRegistryURL := fmt.Sprintf("%s:%d/sigstore", localRegistryName, localRegistryPort) + err := os.Setenv("KO_DOCKER_REPO", fullLocalRegistryURL) + if err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + } else { + err := os.Setenv("KO_DOCKER_REPO", registryURL) + if err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + } + + // Create the new Kind cluster + clusterName := viper.GetString("cluster-name") + fmt.Println("Creating Kind cluster " + clusterName) + + k8sVersion := viper.GetString("k8s-version") + kindImage := getKindImage(k8sVersion) + + clusterConfig := fmt.Sprintf(kindClusterConfig, clusterName, kindImage, localRegistryName, localRegistryPort, localRegistryName, localRegistryPort) + d1 := []byte(clusterConfig) + err := os.WriteFile("kind.yaml", d1, 0644) + if err != nil { + panic(err) + } + + startKindCluster := exec.Command("kind", "create", "cluster", "--config", "kind.yaml") + startKindCluster.Stderr = &stderr + if err := startKindCluster.Run(); err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + + if registryURL == localRegistryName { + cli, err := client.NewClientWithOpts( + client.FromEnv, + client.WithAPIVersionNegotiation(), + ) + if err != nil { + panic(err) + } + defer cli.Close() + + fmt.Printf("\nStarting local registry %s...\n", localRegistryName) + + resp, err := cli.ContainerCreate(context.Background(), &container.Config{ + Image: "registry:2", + Env: []string{fmt.Sprintf("REGISTRY_HTTP_ADDR=0.0.0.0:%d", localRegistryPort)}, + ExposedPorts: nat.PortSet{"5001/tcp": struct{}{}}, + }, &container.HostConfig{ + RestartPolicy: container.RestartPolicy{Name: "always"}, + PortBindings: nat.PortMap{ + "5001/tcp": []nat.PortBinding{ + {HostIP: "127.0.0.1", HostPort: "5001"}, + }, + }, + }, nil, nil, localRegistryName) + + if err := cli.ContainerStart(context.Background(), resp.ID, types.ContainerStartOptions{}); err != nil { + panic(err) + } + + fmt.Println("Connecting network between kind with local registry ...") + + cli.NetworkConnect(context.Background(), "kind", localRegistryName, nil) + } + + setGitHash := exec.Command("git", "rev-parse", "HEAD") + setGitHash.Stderr = &stderr + outBytes, err := setGitHash.Output() + if err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + + err = os.Setenv("GIT_HASH", string(outBytes)) + if err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + + setGitVersion := exec.Command("git", "describe", "--tags", "--always", "--dirty") + setGitVersion.Stderr = &stderr + outBytes, err = setGitVersion.Output() + if err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + + err = os.Setenv("GIT_VERSION", string(outBytes)) + if err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + + var configFiles []string + err = filepath.WalkDir("config", func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + + if filepath.Ext(d.Name()) == ".yaml" && d.Name() != "kustomization.yaml" { + configFiles = append(configFiles, path) + } + return nil + }) + if err != nil { + log.Fatal(err) + } + + fmt.Println("Applying local policy controller manifests...") + for _, configFile := range configFiles { + koApply := exec.Command("ko", "apply", "-f", configFile) + koApply.Stderr = &stderr + _, err = koApply.Output() + if err != nil { + log.Fatal(buildFatalMessage(err, stderr)) + } + } +} + +func getKindImage(k8sVersion string) string { + switch k8sVersion { + case "v1.23.x": + k8sVersionPatch := "1.23.13" + kindImageSHA := "sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61" + return fmt.Sprintf("kindest/node:v%s@%s", k8sVersionPatch, kindImageSHA) + case "v1.24.x": + k8sVersionPatch := "1.24.7" + kindImageSHA := "sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315" + return fmt.Sprintf("kindest/node:v%s@%s", k8sVersionPatch, kindImageSHA) + case "v1.25.x": + k8sVersionPatch := "1.25.3" + kindImageSHA := "sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1" + return fmt.Sprintf("kindest/node:v%s@%s", k8sVersionPatch, kindImageSHA) + + case "v1.26.x": + k8sVersionPatch := "1.26.0" + kindImageSHA := "sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352" + return fmt.Sprintf("kindest/node:v%s@%s", k8sVersionPatch, kindImageSHA) + default: + fmt.Println("Unsupported version: " + k8sVersion) + } + return "" +} + +func init() { + addSetupFlags(setupCmd) + rootCmd.AddCommand(setupCmd) +} diff --git a/go.mod b/go.mod index 5328cc666..c5c834619 100644 --- a/go.mod +++ b/go.mod @@ -56,14 +56,17 @@ require ( sigs.k8s.io/yaml v1.3.0 ) -require github.com/spf13/cobra v1.7.0 // indirect +require github.com/spf13/cobra v1.7.0 require ( + github.com/docker/docker v24.0.0+incompatible + github.com/docker/go-connections v0.4.0 github.com/go-jose/go-jose/v3 v3.0.0 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.7.1 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.7.1 github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.7.1 github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.7.1 + github.com/spf13/viper v1.16.0 ) require ( @@ -90,6 +93,7 @@ require ( github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect github.com/ThalesIgnite/crypto11 v1.2.5 // indirect @@ -141,8 +145,8 @@ require ( github.com/dimchansky/utfbom v1.1.1 // indirect github.com/docker/cli v24.0.0+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.0+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect + github.com/docker/go-units v0.5.0 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect @@ -231,7 +235,6 @@ require ( github.com/spf13/cast v1.5.1 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.16.0 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect diff --git a/go.sum b/go.sum index 1ad98687a..6dbe79bf0 100644 --- a/go.sum +++ b/go.sum @@ -67,6 +67,7 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.12.0 h1:4Kynh6 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v0.12.0/go.mod h1:Q28U+75mpCaSCDowNEmhIo/rmgdkqmkmzI7N6TGR4UY= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 h1:T028gtTPiYt/RMUfs8nVsAL7FDQrfLlrm/NnRG/zcC4= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0/go.mod h1:cw4zVQgBby0Z5f2v0itn6se2dDP17nTjbZFXW5uPyHA= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= @@ -94,6 +95,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDm github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= @@ -287,6 +290,10 @@ github.com/docker/docker v24.0.0+incompatible h1:z4bf8HvONXX9Tde5lGBMQ7yCJgNahmJ github.com/docker/docker v24.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= +github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= +github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= +github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= @@ -672,6 +679,7 @@ github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -680,6 +688,7 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= +github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Olw+G07u1hCq1EOVCDZZjCIBI= github.com/mozillazg/docker-credential-acr-helper v0.3.0/go.mod h1:cZlu3tof523ujmLuiNUb6JsjtHcNA70u1jitrrdnuyA= github.com/mpvl/unique v0.0.0-20150818121801-cbe035fff7de h1:D5x39vF5KCwKQaw+OC9ZPiLVHXz3UFw2+psEX+gYcto= From 7913d6c26b17631b2492c14de49e03e09c7ccee8 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 17 Jul 2023 10:52:07 -0600 Subject: [PATCH 11/21] update logging Signed-off-by: Meredith Lancaster --- cmd/local-dev/clean.go | 8 ++++---- cmd/local-dev/setup.go | 15 ++++++++------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/cmd/local-dev/clean.go b/cmd/local-dev/clean.go index 5b16db25e..0d5dff03c 100644 --- a/cmd/local-dev/clean.go +++ b/cmd/local-dev/clean.go @@ -72,22 +72,22 @@ func clean() { client.WithAPIVersionNegotiation(), ) if err != nil { - panic(err) + log.Fatal(err) } defer cli.Close() containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{Filters: filters.NewArgs(filters.KeyValuePair{Key: "name", Value: "registry.local"})}) if err != nil { - panic(err) + log.Fatal(err) } if containers != nil { fmt.Println("Cleaning up registry.local...") if err := cli.ContainerStop(context.Background(), containers[0].ID, container.StopOptions{}); err != nil { - panic(err) + log.Fatal(err) } if err := cli.ContainerRemove(context.Background(), containers[0].ID, types.ContainerRemoveOptions{}); err != nil { - panic(err) + log.Fatal(err) } } } diff --git a/cmd/local-dev/setup.go b/cmd/local-dev/setup.go index c3d004746..c9b19c832 100644 --- a/cmd/local-dev/setup.go +++ b/cmd/local-dev/setup.go @@ -24,6 +24,7 @@ import ( "os" "os/exec" "path/filepath" + "strconv" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" @@ -102,10 +103,10 @@ func setup() { kindImage := getKindImage(k8sVersion) clusterConfig := fmt.Sprintf(kindClusterConfig, clusterName, kindImage, localRegistryName, localRegistryPort, localRegistryName, localRegistryPort) - d1 := []byte(clusterConfig) - err := os.WriteFile("kind.yaml", d1, 0644) + configBytes := []byte(clusterConfig) + err := os.WriteFile("kind.yaml", configBytes, 0644) if err != nil { - panic(err) + log.Fatal(err) } startKindCluster := exec.Command("kind", "create", "cluster", "--config", "kind.yaml") @@ -120,7 +121,7 @@ func setup() { client.WithAPIVersionNegotiation(), ) if err != nil { - panic(err) + log.Fatal(err) } defer cli.Close() @@ -134,13 +135,13 @@ func setup() { RestartPolicy: container.RestartPolicy{Name: "always"}, PortBindings: nat.PortMap{ "5001/tcp": []nat.PortBinding{ - {HostIP: "127.0.0.1", HostPort: "5001"}, + {HostIP: "127.0.0.1", HostPort: strconv.Itoa(localRegistryPort)}, }, }, }, nil, nil, localRegistryName) if err := cli.ContainerStart(context.Background(), resp.ID, types.ContainerStartOptions{}); err != nil { - panic(err) + log.Fatal(err) } fmt.Println("Connecting network between kind with local registry ...") @@ -220,7 +221,7 @@ func getKindImage(k8sVersion string) string { default: fmt.Println("Unsupported version: " + k8sVersion) } - return "" + return fmt.Sprint("Unsupported version: " + k8sVersion) } func init() { From 2a265b5e3b8277020b9f3bd10261feaad365efd7 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 17 Jul 2023 10:52:31 -0600 Subject: [PATCH 12/21] remove local-dev bash script Signed-off-by: Meredith Lancaster --- hack/local-dev.sh | 130 ---------------------------------------------- 1 file changed, 130 deletions(-) delete mode 100755 hack/local-dev.sh diff --git a/hack/local-dev.sh b/hack/local-dev.sh deleted file mode 100755 index 03ca59dc5..000000000 --- a/hack/local-dev.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -# Copyright 2023 The Sigstore Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The script accepts the following optional arguments: -# 1. cluster-name - default value is 'policy-controller-demo' -# 2. k8s-version - default value is 'v1.24.x' -# 3. registry-url - if no value is provided, the local Kind registry is used -# - -set -o errexit - -CLUSTER_NAME="policy-controller-demo" -K8S_VERSION="v1.26.x" -KIND_VERSION="v0.15.0" -LOCAL_REGISTRY_NAME="registry.local" -LOCAL_REGISTRY_PORT=5001 -REGISTRY_NAME=$LOCAL_REGISTRY_NAME -REGISTRY_PORT=$LOCAL_REGISTRY_PORT - -while [[ $# -ne 0 ]]; do - parameter="$1" - case "${parameter}" in - --cluster-name) - shift - CLUSTER_NAME="$1" - ;; - --k8s-version) - shift - K8S_VERSION="$1" - ;; - --registry-url) - shift - REGISTRY_NAME="$(echo "$1" | cut -d':' -f 1)" - REGISTRY_PORT="$(echo "$1" | cut -d':' -f 2)" - ;; - *) echo "unknown option ${parameter}"; exit 1 ;; - esac - shift -done - -if [ $REGISTRY_NAME = $LOCAL_REGISTRY_NAME ]; -then - export KO_DOCKER_REPO="$LOCAL_REGISTRY_NAME:$LOCAL_REGISTRY_PORT/sigstore" -else - export KO_DOCKER_REPO="$REGISTRY_NAME" -fi - -# Map the Kind image version to this version of Kind and K8s -case ${K8S_VERSION} in - v1.23.x) - K8S_VERSION="1.23.13" - KIND_IMAGE_SHA="sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61" - KIND_IMAGE="kindest/node:v${K8S_VERSION}@${KIND_IMAGE_SHA}" - ;; - v1.24.x) - K8S_VERSION="1.24.7" - KIND_IMAGE_SHA="sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315" - KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} - ;; - v1.25.x) - K8S_VERSION="1.25.3" - KIND_IMAGE_SHA="sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1" - KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} - ;; - v1.26.x) - K8S_VERSION="1.26.0" - KIND_IMAGE_SHA="sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352" - KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} - ;; - *) echo "Unsupported version: ${K8S_VERSION}"; exit 1 ;; -esac - -# Create a basic Kind cluster configuration -cat > kind.yaml < 127.0.0.1, to tell `ko` to publish to - # local reigstry, even when pushing $LOCAL_REGISTRY_NAME:$LOCAL_REGISTRY_PORT/some/image - echo "127.0.0.1 $LOCAL_REGISTRY_NAME" | sudo tee -a /etc/hosts - fi -else - echo "Creating Kind cluster $CLUSTER_NAME with provided registry..." - kind create cluster --config kind.yaml -fi - -export GIT_HASH=$(git rev-parse HEAD) -export GIT_VERSION=$(git describe --tags --always --dirty) - -CONFIG_FILES=$(find config -name "*.yaml" ! -name 'kustomization.yaml' | sort) - -for i in ${CONFIG_FILES[@]} -do - ko apply -f $i -done From 2d251b296d512f47a8a736ee6be5b678699e1177 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 17 Jul 2023 10:59:07 -0600 Subject: [PATCH 13/21] fix linting Signed-off-by: Meredith Lancaster --- cmd/local-dev/setup.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/cmd/local-dev/setup.go b/cmd/local-dev/setup.go index c9b19c832..64faef26e 100644 --- a/cmd/local-dev/setup.go +++ b/cmd/local-dev/setup.go @@ -104,7 +104,7 @@ func setup() { clusterConfig := fmt.Sprintf(kindClusterConfig, clusterName, kindImage, localRegistryName, localRegistryPort, localRegistryName, localRegistryPort) configBytes := []byte(clusterConfig) - err := os.WriteFile("kind.yaml", configBytes, 0644) + err := os.WriteFile("kind.yaml", configBytes, 0600) if err != nil { log.Fatal(err) } @@ -139,14 +139,22 @@ func setup() { }, }, }, nil, nil, localRegistryName) + if err != nil { + cli.Close() + log.Fatal(err) + } if err := cli.ContainerStart(context.Background(), resp.ID, types.ContainerStartOptions{}); err != nil { + cli.Close() log.Fatal(err) } fmt.Println("Connecting network between kind with local registry ...") - cli.NetworkConnect(context.Background(), "kind", localRegistryName, nil) + if err = cli.NetworkConnect(context.Background(), "kind", localRegistryName, nil); err != nil { + cli.Close() + log.Fatal(err) + } } setGitHash := exec.Command("git", "rev-parse", "HEAD") From b6d33cd3894d4c5112bff6b972c293a4cc1c54ee Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 17 Jul 2023 11:26:59 -0600 Subject: [PATCH 14/21] update codegen Signed-off-by: Meredith Lancaster --- .../client/auth/challenge => }/LICENSE | 0 .../docker/docker/{pkg/homedir => }/LICENSE | 0 .../docker/docker/{pkg/homedir => }/NOTICE | 0 .../github.com/docker/go-connections/LICENSE | 191 ++++++++++++++++++ .../github.com/docker/go-units/LICENSE | 191 ++++++++++++++++++ 5 files changed, 382 insertions(+) rename third_party/VENDOR-LICENSE/github.com/docker/distribution/{registry/client/auth/challenge => }/LICENSE (100%) rename third_party/VENDOR-LICENSE/github.com/docker/docker/{pkg/homedir => }/LICENSE (100%) rename third_party/VENDOR-LICENSE/github.com/docker/docker/{pkg/homedir => }/NOTICE (100%) create mode 100644 third_party/VENDOR-LICENSE/github.com/docker/go-connections/LICENSE create mode 100644 third_party/VENDOR-LICENSE/github.com/docker/go-units/LICENSE diff --git a/third_party/VENDOR-LICENSE/github.com/docker/distribution/registry/client/auth/challenge/LICENSE b/third_party/VENDOR-LICENSE/github.com/docker/distribution/LICENSE similarity index 100% rename from third_party/VENDOR-LICENSE/github.com/docker/distribution/registry/client/auth/challenge/LICENSE rename to third_party/VENDOR-LICENSE/github.com/docker/distribution/LICENSE diff --git a/third_party/VENDOR-LICENSE/github.com/docker/docker/pkg/homedir/LICENSE b/third_party/VENDOR-LICENSE/github.com/docker/docker/LICENSE similarity index 100% rename from third_party/VENDOR-LICENSE/github.com/docker/docker/pkg/homedir/LICENSE rename to third_party/VENDOR-LICENSE/github.com/docker/docker/LICENSE diff --git a/third_party/VENDOR-LICENSE/github.com/docker/docker/pkg/homedir/NOTICE b/third_party/VENDOR-LICENSE/github.com/docker/docker/NOTICE similarity index 100% rename from third_party/VENDOR-LICENSE/github.com/docker/docker/pkg/homedir/NOTICE rename to third_party/VENDOR-LICENSE/github.com/docker/docker/NOTICE diff --git a/third_party/VENDOR-LICENSE/github.com/docker/go-connections/LICENSE b/third_party/VENDOR-LICENSE/github.com/docker/go-connections/LICENSE new file mode 100644 index 000000000..b55b37bc3 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/docker/go-connections/LICENSE @@ -0,0 +1,191 @@ + + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2015 Docker, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/third_party/VENDOR-LICENSE/github.com/docker/go-units/LICENSE b/third_party/VENDOR-LICENSE/github.com/docker/go-units/LICENSE new file mode 100644 index 000000000..b55b37bc3 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/docker/go-units/LICENSE @@ -0,0 +1,191 @@ + + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2015 Docker, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. From bfd1be40bf9e63fcb31551113170e3bf936b0fc6 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 17 Jul 2023 11:50:44 -0600 Subject: [PATCH 15/21] move local registry creation to func Signed-off-by: Meredith Lancaster --- cmd/local-dev/setup.go | 78 ++++++++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 37 deletions(-) diff --git a/cmd/local-dev/setup.go b/cmd/local-dev/setup.go index 64faef26e..cbcc788ee 100644 --- a/cmd/local-dev/setup.go +++ b/cmd/local-dev/setup.go @@ -116,43 +116,7 @@ func setup() { } if registryURL == localRegistryName { - cli, err := client.NewClientWithOpts( - client.FromEnv, - client.WithAPIVersionNegotiation(), - ) - if err != nil { - log.Fatal(err) - } - defer cli.Close() - - fmt.Printf("\nStarting local registry %s...\n", localRegistryName) - - resp, err := cli.ContainerCreate(context.Background(), &container.Config{ - Image: "registry:2", - Env: []string{fmt.Sprintf("REGISTRY_HTTP_ADDR=0.0.0.0:%d", localRegistryPort)}, - ExposedPorts: nat.PortSet{"5001/tcp": struct{}{}}, - }, &container.HostConfig{ - RestartPolicy: container.RestartPolicy{Name: "always"}, - PortBindings: nat.PortMap{ - "5001/tcp": []nat.PortBinding{ - {HostIP: "127.0.0.1", HostPort: strconv.Itoa(localRegistryPort)}, - }, - }, - }, nil, nil, localRegistryName) - if err != nil { - cli.Close() - log.Fatal(err) - } - - if err := cli.ContainerStart(context.Background(), resp.ID, types.ContainerStartOptions{}); err != nil { - cli.Close() - log.Fatal(err) - } - - fmt.Println("Connecting network between kind with local registry ...") - - if err = cli.NetworkConnect(context.Background(), "kind", localRegistryName, nil); err != nil { - cli.Close() + if err = setupLocalRegistry(); err != nil { log.Fatal(err) } } @@ -207,6 +171,46 @@ func setup() { } } +func setupLocalRegistry() error { + cli, err := client.NewClientWithOpts( + client.FromEnv, + client.WithAPIVersionNegotiation(), + ) + if err != nil { + return nil + } + defer cli.Close() + + fmt.Printf("\nStarting local registry %s...\n", localRegistryName) + + resp, err := cli.ContainerCreate(context.Background(), &container.Config{ + Image: "registry:2", + Env: []string{fmt.Sprintf("REGISTRY_HTTP_ADDR=0.0.0.0:%d", localRegistryPort)}, + ExposedPorts: nat.PortSet{"5001/tcp": struct{}{}}, + }, &container.HostConfig{ + RestartPolicy: container.RestartPolicy{Name: "always"}, + PortBindings: nat.PortMap{ + "5001/tcp": []nat.PortBinding{ + {HostIP: "127.0.0.1", HostPort: strconv.Itoa(localRegistryPort)}, + }, + }, + }, nil, nil, localRegistryName) + if err != nil { + return err + } + + if err := cli.ContainerStart(context.Background(), resp.ID, types.ContainerStartOptions{}); err != nil { + return err + } + + fmt.Println("Connecting network between kind with local registry ...") + + if err = cli.NetworkConnect(context.Background(), "kind", localRegistryName, nil); err != nil { + return err + } + return nil +} + func getKindImage(k8sVersion string) string { switch k8sVersion { case "v1.23.x": From f31aa8c2d1d329f43cb73a11f0739968336d9b92 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 17 Jul 2023 20:32:59 -0600 Subject: [PATCH 16/21] linter Signed-off-by: Meredith Lancaster --- cmd/local-dev/clean.go | 15 +++++++++++---- cmd/local-dev/setup.go | 5 +---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/cmd/local-dev/clean.go b/cmd/local-dev/clean.go index 0d5dff03c..bc63b0ffd 100644 --- a/cmd/local-dev/clean.go +++ b/cmd/local-dev/clean.go @@ -67,27 +67,34 @@ func clean() { log.Fatal(buildFatalMessage(err, stderr)) } + if err := cleanUpRegistry(); err != nil { + log.Fatal(err) + } +} + +func cleanUpRegistry() error { cli, err := client.NewClientWithOpts( client.FromEnv, client.WithAPIVersionNegotiation(), ) if err != nil { - log.Fatal(err) + return err } defer cli.Close() containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{Filters: filters.NewArgs(filters.KeyValuePair{Key: "name", Value: "registry.local"})}) if err != nil { - log.Fatal(err) + return err } if containers != nil { fmt.Println("Cleaning up registry.local...") if err := cli.ContainerStop(context.Background(), containers[0].ID, container.StopOptions{}); err != nil { - log.Fatal(err) + return err } if err := cli.ContainerRemove(context.Background(), containers[0].ID, types.ContainerRemoveOptions{}); err != nil { - log.Fatal(err) + return err } } + return nil } diff --git a/cmd/local-dev/setup.go b/cmd/local-dev/setup.go index cbcc788ee..82c22fcfc 100644 --- a/cmd/local-dev/setup.go +++ b/cmd/local-dev/setup.go @@ -205,10 +205,7 @@ func setupLocalRegistry() error { fmt.Println("Connecting network between kind with local registry ...") - if err = cli.NetworkConnect(context.Background(), "kind", localRegistryName, nil); err != nil { - return err - } - return nil + return cli.NetworkConnect(context.Background(), "kind", localRegistryName, nil) } func getKindImage(k8sVersion string) string { From 7d231b9d0baef3cbe13faddb3fb3b78e2a1c3719 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Tue, 18 Jul 2023 05:30:44 -0600 Subject: [PATCH 17/21] comment Signed-off-by: Meredith Lancaster --- README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a7cc11b68..c2f7fb60f 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,15 @@ Then run it pointing to a YAML file containing a ClusterImagePolicy, and an imag ## Local Development You can spin up a local [Kind](https://kind.sigs.k8s.io/) K8s cluster to test local changes to the policy controller using the `` -CLI tool. Build the tool with `make local-dev` and then run it with `./bin/local-dev setup --cluster-name= --registry-url=`. +CLI tool. Build the tool with `make local-dev` and then run it with `./bin/local-dev setup`. + +It optionally accepts the following: + +``` +--cluster-name +--k8s-version +--registry-url +``` You can clean up the cluster with `./bin/local-dev clean --cluster-name=`. From 469e5078448c471495da02344a4e324641de715d Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Tue, 18 Jul 2023 05:40:26 -0600 Subject: [PATCH 18/21] fix whitespace Signed-off-by: Meredith Lancaster --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c2f7fb60f..46708605a 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ Then run it pointing to a YAML file containing a ClusterImagePolicy, and an imag ## Local Development You can spin up a local [Kind](https://kind.sigs.k8s.io/) K8s cluster to test local changes to the policy controller using the `` -CLI tool. Build the tool with `make local-dev` and then run it with `./bin/local-dev setup`. +CLI tool. Build the tool with `make local-dev` and then run it with `./bin/local-dev setup`. It optionally accepts the following: From 26e22f5eaafcacf3ccf47456ea31091ab4f50b77 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 24 Jul 2023 10:44:46 -0600 Subject: [PATCH 19/21] support optionally providing a k8s version Signed-off-by: Meredith Lancaster --- cmd/local-dev/clean.go | 13 ++++---- cmd/local-dev/setup.go | 76 ++++++++++++++++++++---------------------- 2 files changed, 44 insertions(+), 45 deletions(-) diff --git a/cmd/local-dev/clean.go b/cmd/local-dev/clean.go index bc63b0ffd..78d5e5c0b 100644 --- a/cmd/local-dev/clean.go +++ b/cmd/local-dev/clean.go @@ -73,26 +73,27 @@ func clean() { } func cleanUpRegistry() error { - cli, err := client.NewClientWithOpts( + ctx := context.Background() + dockerCLI, err := client.NewClientWithOpts( client.FromEnv, client.WithAPIVersionNegotiation(), ) if err != nil { return err } - defer cli.Close() + defer dockerCLI.Close() - containers, err := cli.ContainerList(context.Background(), types.ContainerListOptions{Filters: filters.NewArgs(filters.KeyValuePair{Key: "name", Value: "registry.local"})}) + containers, err := dockerCLI.ContainerList(ctx, types.ContainerListOptions{Filters: filters.NewArgs(filters.KeyValuePair{Key: "name", Value: "registry.local"})}) if err != nil { return err } - if containers != nil { + if containers != nil && len(containers) > 0 { fmt.Println("Cleaning up registry.local...") - if err := cli.ContainerStop(context.Background(), containers[0].ID, container.StopOptions{}); err != nil { + if err := dockerCLI.ContainerStop(ctx, containers[0].ID, container.StopOptions{}); err != nil { return err } - if err := cli.ContainerRemove(context.Background(), containers[0].ID, types.ContainerRemoveOptions{}); err != nil { + if err := dockerCLI.ContainerRemove(ctx, containers[0].ID, types.ContainerRemoveOptions{}); err != nil { return err } } diff --git a/cmd/local-dev/setup.go b/cmd/local-dev/setup.go index 82c22fcfc..91e471af8 100644 --- a/cmd/local-dev/setup.go +++ b/cmd/local-dev/setup.go @@ -24,6 +24,7 @@ import ( "os" "os/exec" "path/filepath" + "regexp" "strconv" "github.com/docker/docker/api/types" @@ -35,8 +36,9 @@ import ( ) const ( - localRegistryName = "registry.local" - localRegistryPort = 5001 + localRegistryName = "registry.local" + localRegistryPort = 5001 + defaultKindestNodeVersionTag = "v1.27.3" ) var kindClusterConfig = ` @@ -53,10 +55,16 @@ containerdConfigPatches: endpoint = ["http://%s:%d"] ` +// check that a supplied image version is in the expected semver format: v.. +var semverRegexp = regexp.MustCompile("^v[0-9]+.[0-9]+.[0-9]+$") + +// check that registry URLs are in the expected format : +var registryURLRegexp = regexp.MustCompile("^[a-zA-Z0-9]+.[a-z]+:[0-9]+$") + func addSetupFlags(cmd *cobra.Command) { cmd.Flags().String("cluster-name", "policy-controller-demo", "name of the dev policy controller cluster") - cmd.Flags().String("registry-url", "registry.local", "URL of the Ko Docker registry to use. If no registry is provided, the local Kind registry will be used") - cmd.Flags().String("k8s-version", "v1.26.x", "name of the Ko Docker repository to use") + cmd.Flags().String("k8s-version", defaultKindestNodeVersionTag, "name of the Ko Docker repository to use") + cmd.Flags().String("registry-url", "registry.local", "URL and port of the Ko Docker registry to use. Expected format: :. If no registry is provided, the local Kind registry will be used") } var setupCmd = &cobra.Command{ @@ -89,6 +97,9 @@ func setup() { log.Fatal(buildFatalMessage(err, stderr)) } } else { + if !registryURLRegexp.Match([]byte(registryURL)) { + log.Fatal(fmt.Errorf("provided registry URL is not in the expected format: :")) + } err := os.Setenv("KO_DOCKER_REPO", registryURL) if err != nil { log.Fatal(buildFatalMessage(err, stderr)) @@ -97,14 +108,15 @@ func setup() { // Create the new Kind cluster clusterName := viper.GetString("cluster-name") - fmt.Println("Creating Kind cluster " + clusterName) + fmt.Printf("Creating Kind cluster %s...\n", clusterName) - k8sVersion := viper.GetString("k8s-version") - kindImage := getKindImage(k8sVersion) + clusterConfig, err := createKindConfig(clusterName, viper.GetString("k8s-version")) + if err != nil { + log.Fatal(err) + } - clusterConfig := fmt.Sprintf(kindClusterConfig, clusterName, kindImage, localRegistryName, localRegistryPort, localRegistryName, localRegistryPort) configBytes := []byte(clusterConfig) - err := os.WriteFile("kind.yaml", configBytes, 0600) + err = os.WriteFile("kind.yaml", configBytes, 0600) if err != nil { log.Fatal(err) } @@ -171,19 +183,30 @@ func setup() { } } +func createKindConfig(clusterName, k8sVersion string) (string, error) { + // check that the provided version is in the expected format and use it + if !semverRegexp.Match([]byte(k8sVersion)) { + return "", fmt.Errorf("provided k8s version %s is not in the expected semver format v..", k8sVersion) + } + + kindImage := fmt.Sprintf("kindest/node:%s", k8sVersion) + return fmt.Sprintf(kindClusterConfig, clusterName, kindImage, localRegistryName, localRegistryPort, localRegistryName, localRegistryPort), nil +} + func setupLocalRegistry() error { - cli, err := client.NewClientWithOpts( + dockerCLI, err := client.NewClientWithOpts( client.FromEnv, client.WithAPIVersionNegotiation(), ) if err != nil { return nil } - defer cli.Close() + defer dockerCLI.Close() fmt.Printf("\nStarting local registry %s...\n", localRegistryName) - resp, err := cli.ContainerCreate(context.Background(), &container.Config{ + ctx := context.Background() + resp, err := dockerCLI.ContainerCreate(ctx, &container.Config{ Image: "registry:2", Env: []string{fmt.Sprintf("REGISTRY_HTTP_ADDR=0.0.0.0:%d", localRegistryPort)}, ExposedPorts: nat.PortSet{"5001/tcp": struct{}{}}, @@ -199,38 +222,13 @@ func setupLocalRegistry() error { return err } - if err := cli.ContainerStart(context.Background(), resp.ID, types.ContainerStartOptions{}); err != nil { + if err := dockerCLI.ContainerStart(ctx, resp.ID, types.ContainerStartOptions{}); err != nil { return err } fmt.Println("Connecting network between kind with local registry ...") - return cli.NetworkConnect(context.Background(), "kind", localRegistryName, nil) -} - -func getKindImage(k8sVersion string) string { - switch k8sVersion { - case "v1.23.x": - k8sVersionPatch := "1.23.13" - kindImageSHA := "sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61" - return fmt.Sprintf("kindest/node:v%s@%s", k8sVersionPatch, kindImageSHA) - case "v1.24.x": - k8sVersionPatch := "1.24.7" - kindImageSHA := "sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315" - return fmt.Sprintf("kindest/node:v%s@%s", k8sVersionPatch, kindImageSHA) - case "v1.25.x": - k8sVersionPatch := "1.25.3" - kindImageSHA := "sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1" - return fmt.Sprintf("kindest/node:v%s@%s", k8sVersionPatch, kindImageSHA) - - case "v1.26.x": - k8sVersionPatch := "1.26.0" - kindImageSHA := "sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352" - return fmt.Sprintf("kindest/node:v%s@%s", k8sVersionPatch, kindImageSHA) - default: - fmt.Println("Unsupported version: " + k8sVersion) - } - return fmt.Sprint("Unsupported version: " + k8sVersion) + return dockerCLI.NetworkConnect(ctx, "kind", localRegistryName, nil) } func init() { From 4bb09afaeb7d5c9aa8d88dd9f2671dbbdea31c31 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 24 Jul 2023 11:00:03 -0600 Subject: [PATCH 20/21] lint fix Signed-off-by: Meredith Lancaster --- cmd/local-dev/clean.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/local-dev/clean.go b/cmd/local-dev/clean.go index 78d5e5c0b..fea0fb8fd 100644 --- a/cmd/local-dev/clean.go +++ b/cmd/local-dev/clean.go @@ -88,7 +88,7 @@ func cleanUpRegistry() error { return err } - if containers != nil && len(containers) > 0 { + if len(containers) > 0 { fmt.Println("Cleaning up registry.local...") if err := dockerCLI.ContainerStop(ctx, containers[0].ID, container.StopOptions{}); err != nil { return err From 4847634ce2da4bc9578ee8dbe5079c4431655dfc Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Mon, 24 Jul 2023 11:07:32 -0600 Subject: [PATCH 21/21] comment Signed-off-by: Meredith Lancaster --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 0a3dcda9b..78ff0d66d 100644 --- a/.gitignore +++ b/.gitignore @@ -37,5 +37,5 @@ policy-tester gha-creds-*.json -# Kind cluster configuration produced by hack/local-dev.sh +# Kind cluster configuration produced by the local-dev tool kind.yaml