Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store digest of latest image in ImagePolicy status #368

Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

Store digest of latest image in ImagePolicy status #368

Show file tree
Hide file tree
Changes from 14 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
727aff4
Store digest of latest image in ImagePolicy's status
May 5, 2023
ab8a91a
Introduce ImagePolicy.Status.LatestRef field
Aug 16, 2023
111fe05
Add "Never" as a valid value for .spec.digestReflectionPolicy
Aug 30, 2023
5f4903b
Revert introduction of v1beta3
Sep 5, 2023
99b5126
Fix up print columns to reflect changes in ImagePolicy status
Sep 5, 2023
c85404e
Fix comment
Sep 5, 2023
7fa66fb
Add missing license headers
Sep 5, 2023
3cd160b
Address remaining review comments
Sep 5, 2023
efefbd5
Better error message
Sep 5, 2023
6e3a989
Fix test
Sep 5, 2023
a3e050f
Remove noop statements from test
Sep 6, 2023
af0fa03
Some small API changes to ImagePolicy
Sep 7, 2023
b787e9c
Add proper setting of .status.observedPreviousRef
Sep 15, 2023
5cfa766
Bring back updated spec docs
Sep 15, 2023
6c9b87e
Address latest PR comments
Oct 2, 2023
962576b
Generate manifests
Oct 2, 2023
13c2f70
Re-generate API docs
Oct 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion api/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

56 changes: 55 additions & 1 deletion api/v1beta2/imagepolicy_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
Copyright 2022 The Flux authors
Copyright 2023 The Flux authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -42,8 +42,26 @@ type ImagePolicySpec struct {
// ordered and compared.
// +optional
FilterTags *TagFilter `json:"filterTags,omitempty"`
// DigestReflectionPolicy governs the setting of the `.status.latestDigest` field.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should have been

Suggested change
// DigestReflectionPolicy governs the setting of the `.status.latestDigest` field.
// DigestReflectionPolicy governs the setting of the `.status.latestRef` field.

but maybe more specifically .status.latestRef.digest as the description doesn't say anything about the digest. On that point, the description doesn't talk anything about the common/simple meaning of this field. Nor does the description of ReflectionPolicy, the underlying type, provides any relevant information about the tag's digest. It mentions "a value from the registry in a certain resource field".
Wouldn't it be better to describe this field independent of what's in the status, a more general meaning for those who may not be familiar with status or why someone would set this. It's about including the tag digest in the resulting latest image.

Copy link
Contributor

@darkowlzz darkowlzz Oct 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going through the latest changes, the concern about the definition of the field depending on the status is still not addressed.

Wouldn't it be better to describe this field independent of what's in the status, a more general meaning for those who may not be familiar with status or why someone would set this. It's about including the tag digest in the resulting latest image.

?

// +kubebuilder:default:=Never
DigestReflectionPolicy ReflectionPolicy `json:"digestReflectionPolicy,omitempty"`
}

// ReflectionPolicy describes a policy for if/when to reflect a value from the registry in a certain resource field.
// +kubebuilder:validation:Enum=Always;IfNotPresent;Never
type ReflectionPolicy string

const (
// ReflectAlways means that a value is always reflected with the latest value from the registry even if this would
// overwrite an existing value in the object.
ReflectAlways ReflectionPolicy = "Always"
// ReflectIfNotPresent means that the target value is only reflected from the registry if it is empty. It will
// never be overwritten afterwards, even if it changes in the registry.
ReflectIfNotPresent ReflectionPolicy = "IfNotPresent"
// ReflectNever means that no reflection will happen at all.
ReflectNever ReflectionPolicy = "Never"
)

// ImagePolicyChoice is a union of all the types of policy that can be
// supplied.
type ImagePolicyChoice struct {
Expand Down Expand Up @@ -101,16 +119,45 @@ type TagFilter struct {
Extract string `json:"extract"`
}

// ImageRef represents an image reference.
type ImageRef struct {
// Name is the bare image's name.
Name string `json:"image,omitempty"`
// Tag is the image's tag.
Tag string `json:"tag,omitempty"`
// Digest is the image's digest.
// +optional
Digest string `json:"digest,omitempty"`
}

func (r ImageRef) String() string {
res := r.Name + ":" + r.Tag
if r.Digest != "" {
res += "@" + r.Digest
}
return res
}

// ImagePolicyStatus defines the observed state of ImagePolicy
type ImagePolicyStatus struct {
// LatestImage gives the first in the list of images scanned by
// the image repository, when filtered and ordered according to
// the policy.
// Deprecated: Replaced by the composite "latestRef" field.
LatestImage string `json:"latestImage,omitempty"`
// ObservedPreviousImage is the observed previous LatestImage. It is used
// to keep track of the previous and current images.
// Deprecated: Replaced by the composite "observedPreviousRef" field.
// +optional
ObservedPreviousImage string `json:"observedPreviousImage,omitempty"`
// LatestRef gives the first in the list of images scanned by
// the image repository, when filtered and ordered according
// to the policy.
LatestRef *ImageRef `json:"latestRef,omitempty"`
// ObservedPreviousRef is the observed previous LatestRef. It is used
// to keep track of the previous and current images.
// +optional
ObservedPreviousRef *ImageRef `json:"observedPreviousRef,omitempty"`
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// +optional
Expand Down Expand Up @@ -142,6 +189,13 @@ type ImagePolicy struct {
Status ImagePolicyStatus `json:"status,omitempty"`
}

func (p ImagePolicy) GetDigestReflectionPolicy() ReflectionPolicy {
if p.Spec.DigestReflectionPolicy != "" {
return p.Spec.DigestReflectionPolicy
}
return ReflectNever
}

//+kubebuilder:object:root=true

// ImagePolicyList contains a list of ImagePolicy
Expand Down
27 changes: 26 additions & 1 deletion api/v1beta2/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

47 changes: 43 additions & 4 deletions config/crd/bases/image.toolkit.fluxcd.io_imagepolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,15 @@ spec:
description: ImagePolicySpec defines the parameters for calculating the
ImagePolicy.
properties:
digestReflectionPolicy:
default: Never
description: DigestReflectionPolicy governs the setting of the `.status.latestDigest`
field.
enum:
- Always
- IfNotPresent
- Never
type: string
filterTags:
description: FilterTags enables filtering for only a subset of tags
based on a set of rules. If no rules are provided, all the tags
Expand Down Expand Up @@ -383,17 +392,47 @@ spec:
type: object
type: array
latestImage:
description: LatestImage gives the first in the list of images scanned
description: 'LatestImage gives the first in the list of images scanned
by the image repository, when filtered and ordered according to
the policy.
the policy. Deprecated: Replaced by the composite "latestRef" field.'
type: string
latestRef:
description: LatestRef gives the first in the list of images scanned
by the image repository, when filtered and ordered according to
the policy.
properties:
digest:
description: Digest is the image's digest.
type: string
image:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
type: object
observedGeneration:
format: int64
type: integer
observedPreviousImage:
description: ObservedPreviousImage is the observed previous LatestImage.
It is used to keep track of the previous and current images.
description: 'ObservedPreviousImage is the observed previous LatestImage.
It is used to keep track of the previous and current images. Deprecated:
Replaced by the composite "observedPreviousRef" field.'
type: string
observedPreviousRef:
description: ObservedPreviousRef is the observed previous LatestRef.
It is used to keep track of the previous and current images.
properties:
digest:
description: Digest is the image's digest.
type: string
image:
description: Name is the bare image's name.
type: string
tag:
description: Tag is the image's tag.
type: string
type: object
type: object
type: object
served: true
Expand Down
122 changes: 121 additions & 1 deletion docs/api/v1beta2/image-reflector.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,19 @@ rules. If no rules are provided, all the tags from the repository will be
ordered and compared.</p>
</td>
</tr>
<tr>
<td>
<code>digestReflectionPolicy</code><br>
<em>
<a href="#image.toolkit.fluxcd.io/v1beta2.ReflectionPolicy">
ReflectionPolicy
</a>
</em>
</td>
<td>
<p>DigestReflectionPolicy governs the setting of the <code>.status.latestDigest</code> field.</p>
</td>
</tr>
</table>
</td>
</tr>
Expand Down Expand Up @@ -277,6 +290,19 @@ rules. If no rules are provided, all the tags from the repository will be
ordered and compared.</p>
</td>
</tr>
<tr>
<td>
<code>digestReflectionPolicy</code><br>
<em>
<a href="#image.toolkit.fluxcd.io/v1beta2.ReflectionPolicy">
ReflectionPolicy
</a>
</em>
</td>
<td>
<p>DigestReflectionPolicy governs the setting of the <code>.status.latestDigest</code> field.</p>
</td>
</tr>
</tbody>
</table>
</div>
Expand Down Expand Up @@ -308,7 +334,8 @@ string
<td>
<p>LatestImage gives the first in the list of images scanned by
the image repository, when filtered and ordered according to
the policy.</p>
the policy.
Deprecated: Replaced by the composite &ldquo;latestRef&rdquo; field.</p>
</td>
</tr>
<tr>
Expand All @@ -321,6 +348,37 @@ string
<td>
<em>(Optional)</em>
<p>ObservedPreviousImage is the observed previous LatestImage. It is used
to keep track of the previous and current images.
Deprecated: Replaced by the composite &ldquo;observedPreviousRef&rdquo; field.</p>
</td>
</tr>
<tr>
<td>
<code>latestRef</code><br>
<em>
<a href="#image.toolkit.fluxcd.io/v1beta2.ImageRef">
ImageRef
</a>
</em>
</td>
<td>
<p>LatestRef gives the first in the list of images scanned by
the image repository, when filtered and ordered according
to the policy.</p>
</td>
</tr>
<tr>
<td>
<code>observedPreviousRef</code><br>
<em>
<a href="#image.toolkit.fluxcd.io/v1beta2.ImageRef">
ImageRef
</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p>ObservedPreviousRef is the observed previous LatestRef. It is used
to keep track of the previous and current images.</p>
</td>
</tr>
Expand Down Expand Up @@ -352,6 +410,61 @@ int64
</table>
</div>
</div>
<h3 id="image.toolkit.fluxcd.io/v1beta2.ImageRef">ImageRef
</h3>
<p>
(<em>Appears on:</em>
<a href="#image.toolkit.fluxcd.io/v1beta2.ImagePolicyStatus">ImagePolicyStatus</a>)
</p>
<p>ImageRef represents an image reference.</p>
<div class="md-typeset__scrollwrap">
<div class="md-typeset__table">
<table>
<thead>
<tr>
<th>Field</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<code>image</code><br>
<em>
string
</em>
</td>
<td>
<p>Name is the bare image&rsquo;s name.</p>
</td>
</tr>
<tr>
<td>
<code>tag</code><br>
<em>
string
</em>
</td>
<td>
<p>Tag is the image&rsquo;s tag.</p>
</td>
</tr>
<tr>
<td>
<code>digest</code><br>
<em>
string
</em>
</td>
<td>
<em>(Optional)</em>
<p>Digest is the image&rsquo;s digest.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<h3 id="image.toolkit.fluxcd.io/v1beta2.ImageRepository">ImageRepository
</h3>
<p>ImageRepository is the Schema for the imagerepositories API</p>
Expand Down Expand Up @@ -872,6 +985,13 @@ would select 0.</p>
</table>
</div>
</div>
<h3 id="image.toolkit.fluxcd.io/v1beta2.ReflectionPolicy">ReflectionPolicy
(<code>string</code> alias)</h3>
<p>
(<em>Appears on:</em>
<a href="#image.toolkit.fluxcd.io/v1beta2.ImagePolicySpec">ImagePolicySpec</a>)
</p>
<p>ReflectionPolicy describes a policy for if/when to reflect a value from the registry in a certain resource field.</p>
<h3 id="image.toolkit.fluxcd.io/v1beta2.ScanResult">ScanResult
</h3>
<p>
Expand Down
Loading