diff --git a/argo-application-field-validation/kcl.mod b/argo-application-field-validation/kcl.mod index e58e4cb6..bf5d3c57 100644 --- a/argo-application-field-validation/kcl.mod +++ b/argo-application-field-validation/kcl.mod @@ -1,5 +1,5 @@ [package] name = "argo-application-field-validation" -version = "0.1.0" +version = "0.1.1" description = "`argo-application-field-validation` is a kcl validation module, which can be used to perform some validation on Argo `Application` fields." diff --git a/argo-application-field-validation/main.k b/argo-application-field-validation/main.k index ff2746a6..1a9daf5d 100644 --- a/argo-application-field-validation/main.k +++ b/argo-application-field-validation/main.k @@ -5,7 +5,10 @@ validate = lambda item { if item.kind == "Application" and item.apiVersion.startswith("argoproj.io"): path = item?.spec?.source?.path chart = item?.spec?.source?.chart + server = item?.destination?.server + name = item?.spec?.destination?.name assert (path or chart) and not (path and chart), "`spec.source.path` OR `spec.source.chart` should be specified but never both." + assert (server or name) and not (server and name), "`spec.destination.server` OR `spec.destination.name` should be specified but never both." item } # Validate All resource diff --git a/argo-application-prevent-default-project/README.md b/argo-application-prevent-default-project/README.md new file mode 100644 index 00000000..346ad362 --- /dev/null +++ b/argo-application-prevent-default-project/README.md @@ -0,0 +1,7 @@ +## Introduction + +`argo-application-prevent-default-project` is a KCL validation module, which can be used to perform some validation on Argo `Application` fields. + +## Resource + +The code source and document are [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-application-prevent-default-project) diff --git a/argo-application-prevent-default-project/kcl.mod b/argo-application-prevent-default-project/kcl.mod new file mode 100644 index 00000000..7827500c --- /dev/null +++ b/argo-application-prevent-default-project/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "argo-application-prevent-default-project" +edition = "0.0.1" +version = "0.0.1" + diff --git a/argo-application-prevent-default-project/main.k b/argo-application-prevent-default-project/main.k new file mode 100644 index 00000000..a6649f40 --- /dev/null +++ b/argo-application-prevent-default-project/main.k @@ -0,0 +1,29 @@ +import yaml + +# Define the validation function +validate = lambda item { + if item.kind == "Application" and item.apiVersion.startswith("argoproj.io"): + project = item?.spec?.project or "default" + assert project != "default", "The default project may not be used in an Application." + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] + +if option("__test__"): + validate(yaml.decode("""\ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: goodapp + namespace: default +spec: + project: biz + source: + repoURL: https://github.com/argoproj/argocd-example-apps.git + targetRevision: HEAD + path: guestbook + destination: + server: https://kubernetes.default.svc + namespace: guestbook + """)) diff --git a/argo-applicationset-name-matches-project/README.md b/argo-applicationset-name-matches-project/README.md new file mode 100644 index 00000000..4adbdcca --- /dev/null +++ b/argo-applicationset-name-matches-project/README.md @@ -0,0 +1,7 @@ +## Introduction + +`argo-applicationset-name-matches-project` is a KCL validation module, which can be used to perform some validation on Argo `Application` fields. + +## Resource + +The code source and document are [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-applicationset-name-matches-project) diff --git a/argo-applicationset-name-matches-project/kcl.mod b/argo-applicationset-name-matches-project/kcl.mod new file mode 100644 index 00000000..86f01ecd --- /dev/null +++ b/argo-applicationset-name-matches-project/kcl.mod @@ -0,0 +1,4 @@ +[package] +name = "argo-applicationset-name-matches-project" +version = "0.0.1" + diff --git a/argo-applicationset-name-matches-project/kcl.mod.lock b/argo-applicationset-name-matches-project/kcl.mod.lock new file mode 100644 index 00000000..e69de29b diff --git a/argo-applicationset-name-matches-project/main.k b/argo-applicationset-name-matches-project/main.k new file mode 100644 index 00000000..0b4b7bdc --- /dev/null +++ b/argo-applicationset-name-matches-project/main.k @@ -0,0 +1,39 @@ +import yaml + +# Define the validation function +validate = lambda item { + if item.kind == "ApplicationSet" and item.apiVersion.startswith("argoproj.io"): + project = item?.spec?.template?.spec?.project + assert project == item.metadata.name, "The name must match the project." + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] + +if option("__test__"): + validate(yaml.decode("""\ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: guestbook +spec: + generators: + - list: + elements: + - cluster: engineering-dev + url: https://1.2.3.4 + - cluster: engineering-prod + url: https://2.4.6.8 + template: + metadata: + name: '{{cluster}}-guestbook' + spec: + project: guestbook + source: + repoURL: https://github.com/infra-team/cluster-deployments.git + targetRevision: HEAD + path: guestbook/{{cluster}} + destination: + server: '{{url}}' + namespace: guestbook + """)) diff --git a/argo-appproject-clusterresourceblacklist/README.md b/argo-appproject-clusterresourceblacklist/README.md new file mode 100644 index 00000000..b2a0a474 --- /dev/null +++ b/argo-appproject-clusterresourceblacklist/README.md @@ -0,0 +1,7 @@ +## Introduction + +`argo-appproject-clusterresourceblacklist` is a KCL validation module, which can be used to perform some validation on Argo `Application` fields. + +## Resource + +The code source and document are [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-appproject-clusterresourceblacklist) diff --git a/argo-appproject-clusterresourceblacklist/kcl.mod b/argo-appproject-clusterresourceblacklist/kcl.mod new file mode 100644 index 00000000..13deac2d --- /dev/null +++ b/argo-appproject-clusterresourceblacklist/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "argo-appproject-clusterresourceblacklist" +edition = "0.0.1" +version = "0.0.1" + diff --git a/argo-appproject-clusterresourceblacklist/main.k b/argo-appproject-clusterresourceblacklist/main.k new file mode 100644 index 00000000..e9ff0dab --- /dev/null +++ b/argo-appproject-clusterresourceblacklist/main.k @@ -0,0 +1,35 @@ +"""An AppProject may optionally specify clusterResourceBlacklist which is a blacklisted +group of cluster resources. This is often a good practice to ensure AppProjects do +not allow more access than needed. This policy is a combination of two rules which +enforce that all AppProjects specify clusterResourceBlacklist and that their group +and kind have wildcards as values. +""" +import yaml + +# Define the validation function +validate = lambda item { + if item.kind == "AppProject" and item.apiVersion.startswith("argoproj.io"): + assert item.spec.clusterResourceBlacklist, "AppProject must specify clusterResourceBlacklist." + assert any l in item.spec.clusterResourceBlacklist { + "*" in l.group + }, "Wildcards must be present in group and kind for clusterResourceBlacklist." + item +} +# Validate All resource +items = [validate(i) for i in option("items") or []] + +if option("__test__"): + validate(yaml.decode("""\ +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: goodappproj +spec: + description: Test Project + destinations: + - namespace: default + server: https://kubernetes.default.svc + clusterResourceBlacklist: + - group: '*' + kind: '*' + """)) diff --git a/argo-workflow/README.md b/argo-workflow/README.md index d83abe6b..48d5e204 100644 --- a/argo-workflow/README.md +++ b/argo-workflow/README.md @@ -4,4 +4,4 @@ ## Resource -Code source and document is [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-workflow) +The code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/argo-workflow) diff --git a/argo-workflow/kcl.mod b/argo-workflow/kcl.mod index 1e998b8b..dd60774b 100644 --- a/argo-workflow/kcl.mod +++ b/argo-workflow/kcl.mod @@ -1,7 +1,7 @@ [package] name = "argo-workflow" edition = "*" -version = "0.0.1" +version = "0.0.2" description = "`argo-workflow` is the argo-workflow spec definition" [dependencies]