Skip to content

Commit

Permalink
feat: add more argo application validation modules
Browse files Browse the repository at this point in the history
Signed-off-by: peefy <[email protected]>
  • Loading branch information
Peefy committed Nov 9, 2023
1 parent d6dc017 commit 208d830
Show file tree
Hide file tree
Showing 14 changed files with 144 additions and 3 deletions.
2 changes: 1 addition & 1 deletion argo-application-field-validation/kcl.mod
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[package]
name = "argo-application-field-validation"
version = "0.1.0"
version = "0.1.1"
description = "`argo-application-field-validation` is a kcl validation module, which can be used to perform some validation on Argo `Application` fields."

3 changes: 3 additions & 0 deletions argo-application-field-validation/main.k
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ validate = lambda item {
if item.kind == "Application" and item.apiVersion.startswith("argoproj.io"):
path = item?.spec?.source?.path
chart = item?.spec?.source?.chart
server = item?.destination?.server
name = item?.spec?.destination?.name
assert (path or chart) and not (path and chart), "`spec.source.path` OR `spec.source.chart` should be specified but never both."
assert (server or name) and not (server and name), "`spec.destination.server` OR `spec.destination.name` should be specified but never both."
item
}
# Validate All resource
Expand Down
7 changes: 7 additions & 0 deletions argo-application-prevent-default-project/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
## Introduction

`argo-application-prevent-default-project` is a KCL validation module, which can be used to perform some validation on Argo `Application` fields.

## Resource

The code source and document are [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-application-prevent-default-project)
5 changes: 5 additions & 0 deletions argo-application-prevent-default-project/kcl.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[package]
name = "argo-application-prevent-default-project"
edition = "0.0.1"
version = "0.0.1"

29 changes: 29 additions & 0 deletions argo-application-prevent-default-project/main.k
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
import yaml

# Define the validation function
validate = lambda item {
if item.kind == "Application" and item.apiVersion.startswith("argoproj.io"):
project = item?.spec?.project or "default"
assert project != "default", "The default project may not be used in an Application."
item
}
# Validate All resource
items = [validate(i) for i in option("items") or []]

if option("__test__"):
validate(yaml.decode("""\
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: goodapp
namespace: default
spec:
project: biz
source:
repoURL: https://github.com/argoproj/argocd-example-apps.git
targetRevision: HEAD
path: guestbook
destination:
server: https://kubernetes.default.svc
namespace: guestbook
"""))
7 changes: 7 additions & 0 deletions argo-applicationset-name-matches-project/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
## Introduction

`argo-applicationset-name-matches-project` is a KCL validation module, which can be used to perform some validation on Argo `Application` fields.

## Resource

The code source and document are [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-applicationset-name-matches-project)
4 changes: 4 additions & 0 deletions argo-applicationset-name-matches-project/kcl.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[package]
name = "argo-applicationset-name-matches-project"
version = "0.0.1"

Empty file.
39 changes: 39 additions & 0 deletions argo-applicationset-name-matches-project/main.k
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
import yaml

# Define the validation function
validate = lambda item {
if item.kind == "ApplicationSet" and item.apiVersion.startswith("argoproj.io"):
project = item?.spec?.template?.spec?.project
assert project == item.metadata.name, "The name must match the project."
item
}
# Validate All resource
items = [validate(i) for i in option("items") or []]

if option("__test__"):
validate(yaml.decode("""\
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: guestbook
spec:
generators:
- list:
elements:
- cluster: engineering-dev
url: https://1.2.3.4
- cluster: engineering-prod
url: https://2.4.6.8
template:
metadata:
name: '{{cluster}}-guestbook'
spec:
project: guestbook
source:
repoURL: https://github.com/infra-team/cluster-deployments.git
targetRevision: HEAD
path: guestbook/{{cluster}}
destination:
server: '{{url}}'
namespace: guestbook
"""))
7 changes: 7 additions & 0 deletions argo-appproject-clusterresourceblacklist/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
## Introduction

`argo-appproject-clusterresourceblacklist` is a KCL validation module, which can be used to perform some validation on Argo `Application` fields.

## Resource

The code source and document are [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-appproject-clusterresourceblacklist)
5 changes: 5 additions & 0 deletions argo-appproject-clusterresourceblacklist/kcl.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[package]
name = "argo-appproject-clusterresourceblacklist"
edition = "0.0.1"
version = "0.0.1"

35 changes: 35 additions & 0 deletions argo-appproject-clusterresourceblacklist/main.k
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
"""An AppProject may optionally specify clusterResourceBlacklist which is a blacklisted
group of cluster resources. This is often a good practice to ensure AppProjects do
not allow more access than needed. This policy is a combination of two rules which
enforce that all AppProjects specify clusterResourceBlacklist and that their group
and kind have wildcards as values.
"""
import yaml

# Define the validation function
validate = lambda item {
if item.kind == "AppProject" and item.apiVersion.startswith("argoproj.io"):
assert item.spec.clusterResourceBlacklist, "AppProject must specify clusterResourceBlacklist."
assert any l in item.spec.clusterResourceBlacklist {
"*" in l.group
}, "Wildcards must be present in group and kind for clusterResourceBlacklist."
item
}
# Validate All resource
items = [validate(i) for i in option("items") or []]

if option("__test__"):
validate(yaml.decode("""\
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: goodappproj
spec:
description: Test Project
destinations:
- namespace: default
server: https://kubernetes.default.svc
clusterResourceBlacklist:
- group: '*'
kind: '*'
"""))
2 changes: 1 addition & 1 deletion argo-workflow/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@

## Resource

Code source and document is [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-workflow)
The code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-workflow)
2 changes: 1 addition & 1 deletion argo-workflow/kcl.mod
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
name = "argo-workflow"
edition = "*"
version = "0.0.1"
version = "0.0.2"
description = "`argo-workflow` is the argo-workflow spec definition"

[dependencies]
Expand Down

0 comments on commit 208d830

Please sign in to comment.