From 564f07e2b87d6d07b07c4677b00eff0712ab8617 Mon Sep 17 00:00:00 2001 From: Philippe Scorsolini Date: Sat, 25 May 2024 20:19:16 +0100 Subject: [PATCH 1/8] fix(trace): set default qps and burst back Signed-off-by: Philippe Scorsolini (cherry picked from commit 685ed5a3e3d1d6976dbb478de0c7e486d81d9ca0) --- cmd/crank/beta/trace/trace.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/cmd/crank/beta/trace/trace.go b/cmd/crank/beta/trace/trace.go index 943f6d732..98704c9c0 100644 --- a/cmd/crank/beta/trace/trace.go +++ b/cmd/crank/beta/trace/trace.go @@ -124,6 +124,19 @@ func (c *Cmd) Run(k *kong.Context, logger logging.Logger) error { if err != nil { return errors.Wrap(err, errKubeConfig) } + + // NOTE(phisco): We used to get them set as part of + // https://github.com/kubernetes-sigs/controller-runtime/blob/2e9781e9fc6054387cf0901c70db56f0b0a63083/pkg/client/config/config.go#L96, + // this new approach doesn't set them, so we need to set them here to avoid + // being utterly slow. + // TODO(phisco): make this configurable. + if kubeconfig.QPS == 0 { + kubeconfig.QPS = 20 + } + if kubeconfig.Burst == 0 { + kubeconfig.Burst = 30 + } + logger.Debug("Found kubeconfig") client, err := client.New(kubeconfig, client.Options{ From 06b2b7ea140a71b828bf57a43f2da72d43f05e97 Mon Sep 17 00:00:00 2001 From: "crossplane-renovate[bot]" <166709878+crossplane-renovate[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 08:12:43 +0000 Subject: [PATCH 2/8] fix(deps): update module github.com/docker/docker to v25.0.6+incompatible [security] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5306a6a27..ea5fcaf34 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/Masterminds/semver v1.5.0 github.com/alecthomas/kong v0.8.1 github.com/crossplane/crossplane-runtime v1.16.0 - github.com/docker/docker v25.0.5+incompatible + github.com/docker/docker v25.0.6+incompatible github.com/docker/go-connections v0.5.0 github.com/emicklei/dot v1.6.1 github.com/go-git/go-billy/v5 v5.5.0 diff --git a/go.sum b/go.sum index d5161b509..df4c090cf 100644 --- a/go.sum +++ b/go.sum @@ -150,8 +150,8 @@ github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1x github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v25.0.5+incompatible h1:UmQydMduGkrD5nQde1mecF/YnSbTOaPeFIeP5C4W+DE= -github.com/docker/docker v25.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.6+incompatible h1:5cPwbwriIcsua2REJe8HqQV+6WlWc1byg2QSXzBxBGg= +github.com/docker/docker v25.0.6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo= github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= From 300ae44f053dde625291b5816ebc9959c262baed Mon Sep 17 00:00:00 2001 From: Jonathan Oddy Date: Sun, 18 Aug 2024 21:25:58 +0100 Subject: [PATCH 3/8] Fix race condition creating certs in init. Using Update instead of CreateOrUpdate avoids a race by failing with a conflict if the underlying Secret changed between the call to Get and the call to Update. Signed-off-by: Jonathan Oddy (cherry picked from commit 9eca638e6aa6c2bc92ad00dce284c6fc3f20b7fe) --- internal/initializer/tls.go | 65 +++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/internal/initializer/tls.go b/internal/initializer/tls.go index 04330c01f..24c387dd5 100644 --- a/internal/initializer/tls.go +++ b/internal/initializer/tls.go @@ -26,7 +26,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - controllerruntime "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/crossplane/crossplane-runtime/pkg/errors" @@ -128,7 +127,9 @@ func (e *TLSCertificateGenerator) loadOrGenerateCA(ctx context.Context, kube cli return nil, errors.Wrapf(err, errFmtGetTLSSecret, nn.Name) } + create := true if err == nil { + create = false kd := caSecret.Data[corev1.TLSPrivateKeyKey] cd := caSecret.Data[corev1.TLSCertKey] if len(kd) != 0 && len(cd) != 0 { @@ -157,13 +158,15 @@ func (e *TLSCertificateGenerator) loadOrGenerateCA(ctx context.Context, kube cli caSecret.Name = nn.Name caSecret.Namespace = nn.Namespace - _, err = controllerruntime.CreateOrUpdate(ctx, kube, caSecret, func() error { - caSecret.Data = map[string][]byte{ - corev1.TLSCertKey: caCrtByte, - corev1.TLSPrivateKeyKey: caKeyByte, - } - return nil - }) + caSecret.Data = map[string][]byte{ + corev1.TLSCertKey: caCrtByte, + corev1.TLSPrivateKeyKey: caKeyByte, + } + if create { + err = kube.Create(ctx, caSecret) + } else { + err = kube.Update(ctx, caSecret) + } if err != nil { return nil, errors.Wrapf(err, errFmtCannotCreateOrUpdate, nn.Name) } @@ -179,7 +182,9 @@ func (e *TLSCertificateGenerator) ensureClientCertificate(ctx context.Context, k return errors.Wrapf(err, errFmtGetTLSSecret, nn.Name) } + create := true if err == nil { + create = false if len(sec.Data[corev1.TLSPrivateKeyKey]) != 0 || len(sec.Data[corev1.TLSCertKey]) != 0 || len(sec.Data[SecretKeyCACert]) != 0 { e.log.Info("TLS secret contains client certificate.", "secret", nn.Name) return nil @@ -212,17 +217,18 @@ func (e *TLSCertificateGenerator) ensureClientCertificate(ctx context.Context, k if e.owner != nil { sec.OwnerReferences = e.owner } - _, err = controllerruntime.CreateOrUpdate(ctx, kube, sec, func() error { - if sec.Data == nil { - sec.Data = make(map[string][]byte) - } - sec.Data[corev1.TLSCertKey] = certData - sec.Data[corev1.TLSPrivateKeyKey] = keyData - sec.Data[SecretKeyCACert] = signer.certificatePEM - - return nil - }) + if sec.Data == nil { + sec.Data = make(map[string][]byte) + } + sec.Data[corev1.TLSCertKey] = certData + sec.Data[corev1.TLSPrivateKeyKey] = keyData + sec.Data[SecretKeyCACert] = signer.certificatePEM + if create { + err = kube.Create(ctx, sec) + } else { + err = kube.Update(ctx, sec) + } return errors.Wrapf(err, errFmtCannotCreateOrUpdate, nn.Name) } @@ -234,7 +240,9 @@ func (e *TLSCertificateGenerator) ensureServerCertificate(ctx context.Context, k return errors.Wrapf(err, errFmtGetTLSSecret, nn.Name) } + create := true if err == nil { + create = false if len(sec.Data[corev1.TLSCertKey]) != 0 || len(sec.Data[corev1.TLSPrivateKeyKey]) != 0 || len(sec.Data[SecretKeyCACert]) != 0 { e.log.Info("TLS secret contains server certificate.", "secret", nn.Name) return nil @@ -268,17 +276,18 @@ func (e *TLSCertificateGenerator) ensureServerCertificate(ctx context.Context, k if e.owner != nil { sec.OwnerReferences = e.owner } - _, err = controllerruntime.CreateOrUpdate(ctx, kube, sec, func() error { - if sec.Data == nil { - sec.Data = make(map[string][]byte) - } - sec.Data[corev1.TLSCertKey] = certData - sec.Data[corev1.TLSPrivateKeyKey] = keyData - sec.Data[SecretKeyCACert] = signer.certificatePEM - - return nil - }) + if sec.Data == nil { + sec.Data = make(map[string][]byte) + } + sec.Data[corev1.TLSCertKey] = certData + sec.Data[corev1.TLSPrivateKeyKey] = keyData + sec.Data[SecretKeyCACert] = signer.certificatePEM + if create { + err = kube.Create(ctx, sec) + } else { + err = kube.Update(ctx, sec) + } return errors.Wrapf(err, errFmtCannotCreateOrUpdate, nn.Name) } From 958e236a9ff9e37e5eee2bc2b98042c0e7d342e0 Mon Sep 17 00:00:00 2001 From: Hasan Turken Date: Mon, 19 Aug 2024 13:11:15 +0300 Subject: [PATCH 4/8] Fix linter for tls cert fix Signed-off-by: Hasan Turken --- internal/initializer/tls.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/initializer/tls.go b/internal/initializer/tls.go index 24c387dd5..481b58a3a 100644 --- a/internal/initializer/tls.go +++ b/internal/initializer/tls.go @@ -174,7 +174,7 @@ func (e *TLSCertificateGenerator) loadOrGenerateCA(ctx context.Context, kube cli return parseCertificateSigner(caKeyByte, caCrtByte) } -func (e *TLSCertificateGenerator) ensureClientCertificate(ctx context.Context, kube client.Client, nn types.NamespacedName, signer *CertificateSigner) error { +func (e *TLSCertificateGenerator) ensureClientCertificate(ctx context.Context, kube client.Client, nn types.NamespacedName, signer *CertificateSigner) error { //nolint:gocyclo // slightly over the limit, 11 vs 10 sec := &corev1.Secret{} err := kube.Get(ctx, nn, sec) @@ -232,7 +232,7 @@ func (e *TLSCertificateGenerator) ensureClientCertificate(ctx context.Context, k return errors.Wrapf(err, errFmtCannotCreateOrUpdate, nn.Name) } -func (e *TLSCertificateGenerator) ensureServerCertificate(ctx context.Context, kube client.Client, nn types.NamespacedName, signer *CertificateSigner) error { +func (e *TLSCertificateGenerator) ensureServerCertificate(ctx context.Context, kube client.Client, nn types.NamespacedName, signer *CertificateSigner) error { //nolint:gocyclo // slightly over the limit, 11 vs 10 sec := &corev1.Secret{} err := kube.Get(ctx, nn, sec) From d9442042865780e6c746875631f8e16535f6e662 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lucas=20K=C3=A4ldstr=C3=B6m?= Date: Wed, 14 Aug 2024 16:56:59 +0300 Subject: [PATCH 5/8] Add secrets.crossplane.io grant rules to RBAC manager roles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Lucas Käldström (cherry picked from commit 81074a1e1d21eeedacdc3593c0b2ecf3d67c4dc6) --- .../templates/rbac-manager-managed-clusterroles.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cluster/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml b/cluster/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml index 2ddd200c7..c8ad21be5 100644 --- a/cluster/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml +++ b/cluster/charts/crossplane/templates/rbac-manager-managed-clusterroles.yaml @@ -103,6 +103,10 @@ rules: - pkg.crossplane.io resources: ["*"] verbs: ["*"] +- apiGroups: + - secrets.crossplane.io + resources: ["*"] + verbs: ["*"] # Crossplane administrators have access to view CRDs in order to debug XRDs. - apiGroups: [apiextensions.k8s.io] resources: [customresourcedefinitions] @@ -139,6 +143,10 @@ rules: - pkg.crossplane.io resources: ["*"] verbs: ["*"] +- apiGroups: + - secrets.crossplane.io + resources: ["*"] + verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -166,6 +174,10 @@ rules: - pkg.crossplane.io resources: ["*"] verbs: [get, list, watch] +- apiGroups: + - secrets.crossplane.io + resources: ["*"] + verbs: [get, list, watch] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole From 3b2ba1707b38d6f59c77b022e3a3ea81d3ce148c Mon Sep 17 00:00:00 2001 From: Nic Cope Date: Fri, 9 Aug 2024 17:29:06 -0700 Subject: [PATCH 6/8] Delete resources that don't have a controller but appear in resourceRefs Previously if a composed resource appeared in an XR's spec.resourceRefs but didn't have a controller reference the XR would refuse to garbage collect it. The XR would then remove the composed resource from its resource refs, effectively orphaning it. Now if the composed resource has _no_ controller, the XR will delete it. Most likely it was owned by the XR, then had its controller ref stripped (e.g. due to being backed up and restored using a tool like Velero). If the composed resource is controlled by another resource, we'll now return an error rather than silently orphaning it. Signed-off-by: Nic Cope --- .../composite/composition_functions.go | 15 ++++++++++++--- .../composite/composition_functions_test.go | 14 ++++++++++++-- .../apiextensions/composite/composition_pt.go | 14 +++++++++++--- .../composite/composition_pt_test.go | 9 ++++++--- 4 files changed, 41 insertions(+), 11 deletions(-) diff --git a/internal/controller/apiextensions/composite/composition_functions.go b/internal/controller/apiextensions/composite/composition_functions.go index a126dac18..4554ca262 100644 --- a/internal/controller/apiextensions/composite/composition_functions.go +++ b/internal/controller/apiextensions/composite/composition_functions.go @@ -72,6 +72,7 @@ const ( errFmtUnmarshalPipelineStepInput = "cannot unmarshal input for Composition pipeline step %q" errFmtGetCredentialsFromSecret = "cannot get Composition pipeline step %q credential %q from Secret" errFmtRunPipelineStep = "cannot run Composition pipeline step %q" + errFmtControllerMismatch = "refusing to delete composed resource %q that is controlled by %s %q" errFmtDeleteCD = "cannot delete composed resource %q (a %s named %s)" errFmtUnmarshalDesiredCD = "cannot unmarshal desired composed resource %q from RunFunctionResponse" errFmtCDAsStruct = "cannot encode composed resource %q to protocol buffer Struct well-known type" @@ -828,9 +829,17 @@ func (d *DeletingComposedResourceGarbageCollector) GarbageCollectComposedResourc } for name, cd := range del { - // We want to garbage collect this resource, but we don't control it. - if c := metav1.GetControllerOf(cd.Resource); c == nil || c.UID != owner.GetUID() { - continue + // Don't garbage collect composed resources that someone else controls. + // + // We do garbage collect composed resources that no-one controls. If a + // composed resource appears in observed (i.e. appears in the XR's + // spec.resourceRefs) but doesn't have a controller ref, most likely we + // created it but its controller ref was stripped. In this situation it + // would be permissible for us to adopt the composed resource by setting + // our XR as the controller ref, then delete it. So we may as well just + // go straight to deleting it. + if c := metav1.GetControllerOf(cd.Resource); c != nil && c.UID != owner.GetUID() { + return errors.Errorf(errFmtControllerMismatch, name, c.Kind, c.Name) } if err := d.client.Delete(ctx, cd.Resource); resource.IgnoreNotFound(err) != nil { diff --git a/internal/controller/apiextensions/composite/composition_functions_test.go b/internal/controller/apiextensions/composite/composition_functions_test.go index 0c5d524d0..519e5712b 100644 --- a/internal/controller/apiextensions/composite/composition_functions_test.go +++ b/internal/controller/apiextensions/composite/composition_functions_test.go @@ -1283,11 +1283,21 @@ func TestGarbageCollectComposedResources(t *testing.T) { }, }, observed: ComposedResourceStates{ - "undesired-resource": ComposedResourceState{Resource: &fake.Composed{}}, + "undesired-resource": ComposedResourceState{Resource: &fake.Composed{ + ObjectMeta: metav1.ObjectMeta{ + // This resource isn't controlled by the XR. + OwnerReferences: []metav1.OwnerReference{{ + Controller: ptr.To(true), + UID: "a-different-xr", + Kind: "XR", + Name: "different", + }}, + }, + }}, }, }, want: want{ - err: nil, + err: errors.New(`refusing to delete composed resource "undesired-resource" that is controlled by XR "different"`), }, }, "DeleteError": { diff --git a/internal/controller/apiextensions/composite/composition_pt.go b/internal/controller/apiextensions/composite/composition_pt.go index 023afa2fa..29b9fc512 100644 --- a/internal/controller/apiextensions/composite/composition_pt.go +++ b/internal/controller/apiextensions/composite/composition_pt.go @@ -509,9 +509,17 @@ func (a *GarbageCollectingAssociator) AssociateTemplates(ctx context.Context, cr continue } - // We want to garbage collect this resource, but we don't control it. - if c := metav1.GetControllerOf(cd); c == nil || c.UID != cr.GetUID() { - continue + // Don't garbage collect composed resources that someone else controls. + // + // We do garbage collect composed resources that no-one controls. If a + // composed resource appears in observed (i.e. appears in the XR's + // spec.resourceRefs) but doesn't have a controller ref, most likely we + // created it but its controller ref was stripped. In this situation it + // would be permissible for us to adopt the composed resource by setting + // our XR as the controller ref, then delete it. So we may as well just + // go straight to deleting it. + if c := metav1.GetControllerOf(cd); c != nil && c.UID != cr.GetUID() { + return nil, errors.Errorf(errFmtControllerMismatch, name, c.Kind, c.Name) } // This existing resource does not correspond to an extant template. It diff --git a/internal/controller/apiextensions/composite/composition_pt_test.go b/internal/controller/apiextensions/composite/composition_pt_test.go index 52558ab59..6eb3b5f52 100644 --- a/internal/controller/apiextensions/composite/composition_pt_test.go +++ b/internal/controller/apiextensions/composite/composition_pt_test.go @@ -646,7 +646,7 @@ func TestGarbageCollectingAssociator(t *testing.T) { }, }, "ResourceControlledBySomeoneElse": { - reason: "We should not garbage colle_ a resource that is controlled by another resource.", + reason: "We should not garbage collect a resource that is controlled by another resource.", c: &test.MockClient{ MockGet: test.NewMockGetFn(nil, func(obj client.Object) error { // The template used to create this resource is no longer known to us. @@ -658,6 +658,8 @@ func TestGarbageCollectingAssociator(t *testing.T) { Controller: &ctrl, BlockOwnerDeletion: &ctrl, UID: types.UID("who-dat"), + Kind: "XR", + Name: "different", }}) return nil }), @@ -670,11 +672,11 @@ func TestGarbageCollectingAssociator(t *testing.T) { ct: []v1.ComposedTemplate{t0}, }, want: want{ - tas: []TemplateAssociation{{Template: t0}}, + err: errors.New(`refusing to delete composed resource "unknown" that is controlled by XR "different"`), }, }, "ResourceNotControlled": { - reason: "We should not garbage colle_ a resource that has no controller reference.", + reason: "We should garbage collect a resource that has no controller reference.", c: &test.MockClient{ MockGet: test.NewMockGetFn(nil, func(obj client.Object) error { // The template used to create this resource is no longer known to us. @@ -683,6 +685,7 @@ func TestGarbageCollectingAssociator(t *testing.T) { // This resource is not controlled by anyone. return nil }), + MockDelete: test.NewMockDeleteFn(nil), }, args: args{ cr: &fake.Composite{ From 72371e899005f68a2d4085fe0525c8aa5799fd62 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 9 Sep 2024 15:02:02 +0000 Subject: [PATCH 7/8] Fix "Missing node in tree error" after updating a package source Delete packages in lock having same name and distinct identifier. Signed-off-by: Jose Francisco Dillet Alfonso (cherry picked from commit 519e70726ebfabf30f54c9852af779d7095672e7) --- .../controller/pkg/revision/dependency.go | 18 ++++++ .../pkg/revision/dependency_test.go | 60 +++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/internal/controller/pkg/revision/dependency.go b/internal/controller/pkg/revision/dependency.go index 9da209088..69e381d87 100644 --- a/internal/controller/pkg/revision/dependency.go +++ b/internal/controller/pkg/revision/dependency.go @@ -137,6 +137,24 @@ func (m *PackageDependencyManager) Resolve(ctx context.Context, pkg runtime.Obje Dependencies: sources, } + // Delete packages in lock with same name and distinct source + // This is a corner case when source is updated but image SHA is not (i.e. relocate same image + // to another registry) + for _, lp := range lock.Packages { + if self.Name == lp.Name && + self.Type == lp.Type && + self.Source != lp.Identifier() { + if err := m.RemoveSelf(ctx, pr); err != nil { + return found, installed, invalid, err + } + // refresh the lock to be in sync with the contents + if err = m.client.Get(ctx, types.NamespacedName{Name: lockName}, lock); err != nil { + return found, installed, invalid, err + } + break + } + } + prExists := false for _, lp := range lock.Packages { if lp.Name == pr.GetName() { diff --git a/internal/controller/pkg/revision/dependency_test.go b/internal/controller/pkg/revision/dependency_test.go index 9b3dd0ee2..f8e79d009 100644 --- a/internal/controller/pkg/revision/dependency_test.go +++ b/internal/controller/pkg/revision/dependency_test.go @@ -42,6 +42,7 @@ var _ DependencyManager = &PackageDependencyManager{} func TestResolve(t *testing.T) { errBoom := errors.New("boom") + mockUpdateCallCount := 0 type args struct { dep *PackageDependencyManager @@ -553,9 +554,68 @@ func TestResolve(t *testing.T) { invalid: 0, }, }, + "SuccessfulLockPackageSourceMismatch": { + reason: "Should not return error if source in packages does not match provider revision package.", + args: args{ + dep: &PackageDependencyManager{ + client: &test.MockClient{ + MockGet: test.NewMockGetFn(nil, func(obj client.Object) error { + l := obj.(*v1beta1.Lock) + if mockUpdateCallCount < 1 { + l.Packages = []v1beta1.LockPackage{ + { + Name: "config-nop-a-abc123", + // Source mistmatch provider revision package + Source: "hasheddan/config-nop-b", + }, + } + } else { + l.Packages = []v1beta1.LockPackage{} + } + return nil + }), + MockUpdate: func(_ context.Context, _ client.Object, _ ...client.UpdateOption) error { + mockUpdateCallCount++ + return nil + }, + }, + newDag: func() dag.DAG { + return &dagfake.MockDag{ + MockInit: func(_ []dag.Node) ([]dag.Node, error) { + return []dag.Node{}, nil + }, + MockTraceNode: func(s string) (map[string]dag.Node, error) { + if s == "hasheddan/config-nop-a" { + return map[string]dag.Node{ + s: &v1beta1.Dependency{}, + }, nil + } + return nil, errors.New("missing node in tree") + }, + MockAddOrUpdateNodes: func(_ ...dag.Node) {}, + } + }, + }, + meta: &pkgmetav1.Configuration{}, + pr: &v1.ConfigurationRevision{ + ObjectMeta: metav1.ObjectMeta{ + Name: "config-nop-a-abc123", + }, + Spec: v1.PackageRevisionSpec{ + Package: "hasheddan/config-nop-a:v0.0.1", + DesiredState: v1.PackageRevisionActive, + }, + }, + }, + want: want{ + total: 1, + installed: 1, + }, + }, } for name, tc := range cases { + mockUpdateCallCount = 0 t.Run(name, func(t *testing.T) { total, installed, invalid, err := tc.args.dep.Resolve(context.TODO(), tc.args.meta, tc.args.pr) From cb79995442cc188084666f2ac24d5afc2ad48c0c Mon Sep 17 00:00:00 2001 From: Jose Francisco Dillet Alfonso Date: Tue, 10 Sep 2024 09:00:09 +0000 Subject: [PATCH 8/8] Do not wrap line Signed-off-by: Jose Francisco Dillet Alfonso (cherry picked from commit 991ac5fbd0c0b7edd56c2b1ac9912867dff022f6) --- internal/controller/pkg/revision/dependency.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/internal/controller/pkg/revision/dependency.go b/internal/controller/pkg/revision/dependency.go index 69e381d87..af7b76f0b 100644 --- a/internal/controller/pkg/revision/dependency.go +++ b/internal/controller/pkg/revision/dependency.go @@ -141,9 +141,7 @@ func (m *PackageDependencyManager) Resolve(ctx context.Context, pkg runtime.Obje // This is a corner case when source is updated but image SHA is not (i.e. relocate same image // to another registry) for _, lp := range lock.Packages { - if self.Name == lp.Name && - self.Type == lp.Type && - self.Source != lp.Identifier() { + if self.Name == lp.Name && self.Type == lp.Type && self.Source != lp.Identifier() { if err := m.RemoveSelf(ctx, pr); err != nil { return found, installed, invalid, err }