add support for gating parameter values by version tag

README.md

@@ -47,8 +47,9 @@ Parameterize the helm install with `--set *` or `--values yourConfig.yaml` to co
 | projectMappings.root.environment | The CloudTruth environment to lookup parameter values for. | string | `default` | yes |
 | projectMappings.root.project_selector | A regexp to limit the projects acted against (client-side).  Supplies any named matches for template evaluation | string | "" | no |
 | projectMappings.root.key_selector | A regexp to limit the keys acted against (client-side).  Supplies any named matches for template evaluation | string | "" | no |
+| projectMappings.root.tag | The version tag used when querying for parameters | string | `none` | no |
 | projectMappings.root.skip | Skips the generation of resources for the selected projects | flag | false | no |
-| projectMappings.root.log_level | Sets the kubetruth logging level while handling the selected projects | enum(debug, info, warn, error, fatal) | as set by cli | no |
+| projectMappings.root.log_level | Sets the kubetruth logging level while handling the selected projects | enum(debug, info, warn, error, fatal) | `as set by cli` | no |
 | projectMappings.root.included_projects | Include the parameters from other projects into the selected ones.  This can be recursive in a depth first fashion, so if A imports B and B imports C, then A will get B's and C's parameters.  For key conflicts, if A includes B and B includes C, then the precendence is A overrides B overrides C.  If A includes \[B, C], then the precendence is A overrides C overrides B. | list | [] | no |
 | projectMappings.root.context | Additional variables made available to the resource templates.  Can also be templates | map | [default](helm/kubetruth/values.yaml#L93-L129) | no |
 | projectMappings.root.resource_templates | The templates to use in generating kubernetes resources (ConfigMap/Secrets/other) | map | [default](helm/kubetruth/values.yaml#L93-L129) | no |

helm/helmv2/templates/projectmapping.yaml

@@ -27,6 +27,9 @@ spec:
         environment:
           type: string
           description: A environment to use to determine parameter values
+        tag:
+          type: string
+          description: The version tag used when querying for parameters
         skip:
           type: boolean
           description: Skips the generation of resources for the selected projects.  Useful for excluding projects that should only be included into others.

helm/kubetruth/crds/projectmapping.yaml

@@ -29,6 +29,9 @@ spec:
                 environment:
                   type: string
                   description: A environment to use to determine parameter values
+                tag:
+                  type: string
+                  description: The version tag used when querying for parameters
                 skip:
                   type: boolean
                   description: Skips the generation of resources for the selected projects

lib/kubetruth/config.rb

@@ -13,6 +13,7 @@ class DuplicateSelection < Kubetruth::Error; end
       :project_selector,
       :key_selector,
       :environment,
+      :tag,
       :skip,
       :log_level,
       :included_projects,
@@ -49,6 +50,7 @@ def convert_types(hash)
       project_selector: '',
       key_selector: '',
       environment: 'default',
+      tag: nil,
       skip: false,
       log_level: nil,
       included_projects: [],

lib/kubetruth/ctapi.rb

@@ -110,10 +110,12 @@ def project_id(project)
       project_id.to_s
     end
 
-    def parameters(project:, environment: "default")
+    def parameters(project:, environment: "default", tag: nil)
       env_id = environment_id(environment)
       proj_id = project_id(project)
-      result = apis[:projects].projects_parameters_list(proj_id, environment: env_id)
+      opts = {environment: env_id}
+      opts[:tag] = tag if tag.present?
+      result = apis[:projects].projects_parameters_list(proj_id, **opts)
       logger.debug do
         cleaned = result&.to_hash&.deep_dup
         cleaned&.[](:results)&.each do |param|

lib/kubetruth/project.rb

@@ -5,7 +5,7 @@ module Kubetruth
 
     def parameters
       @parameters ||= begin
-        params = collection.ctapi.parameters(project: name, environment: spec.environment)
+        params = collection.ctapi.parameters(project: name, environment: spec.environment, tag: spec.tag)
         logger.debug do
           cleaned = params.deep_dup
           cleaned.each {|p| p.value = "<masked>" if p.secret}

spec/kubetruth/ctapi_spec.rb

@@ -12,7 +12,7 @@ module Kubetruth
     let(:ctapi) {
       # Spin up a local dev server and create a user with an api key to use
       # here, or use cloudtruth actual
-      key = ENV['CLOUDTRUTH_API_KEY']
+      key = "JyF0h8u9.xn0iqbVf5r7djhXPWG1jnxdtSVEdSubo" # ENV['CLOUDTRUTH_API_KEY']
       url = ENV['CLOUDTRUTH_API_URL'] || "https://api.cloudtruth.io" # "https://localhost:8000"
       instance = ::Kubetruth::CtApi.new(api_key: key, api_url: url)
       instance.client.config.debugging = false # ssl debug logging is messy, so only turn this on as desired
@@ -134,6 +134,28 @@ def create_project_fixture
         expect(params.collect(&:key)).to eq(["one", "two"])
       end
 
+      it "gets parameters by tag" do
+        one_param_value = ctapi.apis[:projects].projects_parameters_values_create(@one_param.id, @project_id, CloudtruthClient::ValueCreate.new(environment: ctapi.environment_id("default"), external: false, internal_value: "defaultone"))
+        two_param_value = ctapi.apis[:projects].projects_parameters_values_create(@two_param.id, @project_id, CloudtruthClient::ValueCreate.new(environment: ctapi.environment_id("default"), external: false, internal_value: "defaulttwo"))
+        params = ctapi.parameters(project: @project_name)
+        expect(params.collect(&:value).sort).to eq(["defaultone", "defaulttwo"])
+
+        tag = ctapi.apis[:environments].environments_tags_list(ctapi.environment_id("default"), name: "test_tag").results.first
+        if tag
+          ctapi.apis[:environments].environments_tags_partial_update(ctapi.environment_id("default"), tag.id, patched_tag: CloudtruthClient::PatchedTag.new(timestamp: Time.now))
+        else
+          tag = ctapi.apis[:environments].environments_tags_create(ctapi.environment_id("default"), CloudtruthClient::TagCreate.new(name: "test_tag"))
+        end
+
+        ctapi.apis[:projects].projects_parameters_values_partial_update(one_param_value.id, @one_param.id, @project_id, patched_value: CloudtruthClient::PatchedValue.new(internal_value: "newdefaultone"))
+
+        params = ctapi.parameters(project: @project_name)
+        expect(params.collect(&:value).sort).to eq(["defaulttwo", "newdefaultone"])
+
+        params = ctapi.parameters(project: @project_name, tag: "test_tag")
+        expect(params.collect(&:value).sort).to eq(["defaultone", "defaulttwo"])
+      end
+
       it "doesn't expose secret in debug log" do
         three_param = ctapi.apis[:projects].projects_parameters_create(@project_id, CloudtruthClient::ParameterCreate.new(name: "three", secret: true))
         ctapi.apis[:projects].projects_parameters_values_create(three_param.id, @project_id, CloudtruthClient::ValueCreate.new(environment: ctapi.environment_id("default"), external: false, internal_value: "defaultthree"))

spec/kubetruth/project_spec.rb

@@ -31,14 +31,20 @@ module Kubetruth
                                              collection: collection) }
 
       it "handles empty" do
-        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default").and_return([])
+        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default", tag: nil).and_return([])
+        params = project.parameters
+        expect(params).to eq([])
+      end
+
+      it "uses spec versions se" do
+        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default", tag: nil).and_return([])
         params = project.parameters
         expect(params).to eq([])
       end
 
       it "uses simple key_selector" do
         project.spec.key_selector = /svc/
-        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default").and_return([
+        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default", tag: nil).and_return([
           Parameter.new(key: "svc.param1", value: "value1", secret: false),
           Parameter.new(key: "svc.param2", value: "value2", secret: false),
         ])
@@ -49,7 +55,7 @@ module Kubetruth
 
       it "uses complex key_selector" do
         project.spec.key_selector = /foo$/
-        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default").and_return([
+        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default", tag: nil).and_return([
           Parameter.new(key: "svc.param1", value: "value1", secret: false),
           Parameter.new(key: "svc.param2.foo", value: "value2", secret: false),
         ])
@@ -62,7 +68,7 @@ module Kubetruth
       it "doesn't expose secret in debug log" do
         Logging.setup_logging(level: :debug, color: false)
 
-        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default").and_return([
+        expect(@ctapi).to receive(:parameters).with(project: project.name, environment: "default", tag: nil).and_return([
                                                               Parameter.new(key: "param1", value: "value1", secret: false),
                                                               Parameter.new(key: "param2", value: "sekret", secret: true),
                                                               Parameter.new(key: "param3", value: "alsosekret", secret: true),