Support a new "Patches" field in the PostRenderer specification.

Tomek Rękawek · Tomek Rękawek · commit 48735f3e335b · 2022-03-11T14:26:15.000+01:00
The new field allows to configure targeted JSON or strategic merge
patches.

Signed-off-by: Tomek Rękawek &lt;rekawek@adobe.com&gt;
diff --git a/api/v2beta1/helmrelease_types.go b/api/v2beta1/helmrelease_types.go
@@ -35,6 +35,11 @@ const HelmReleaseFinalizer = "finalizers.fluxcd.io"
 
 // Kustomize Helm PostRenderer specification.
 type Kustomize struct {
+	// Strategic merge and JSON patches, defined as inline YAML objects,
+	// capable of targeting objects based on kind, label and annotation selectors.
+	// +optional
+	Patches []kustomize.Patch `json:"patches,omitempty"`
+
 	// Strategic merge patches, defined as inline YAML objects.
 	// +optional
 	PatchesStrategicMerge []apiextensionsv1.JSON `json:"patchesStrategicMerge,omitempty"`
diff --git a/api/v2beta1/zz_generated.deepcopy.go b/api/v2beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml b/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml
@@ -299,6 +299,61 @@ spec:
                             - name
                             type: object
                           type: array
+                        patches:
+                          description: Strategic merge and JSON patches, defined as
+                            inline YAML objects, capable of targeting objects based
+                            on kind, label and annotation selectors.
+                          items:
+                            description: Patch contains an inline StrategicMerge or
+                              JSON6902 patch, and the target the patch should be applied
+                              to.
+                            properties:
+                              patch:
+                                description: Patch contains an inline StrategicMerge
+                                  patch or an inline JSON6902 patch with an array
+                                  of operation objects.
+                                type: string
+                              target:
+                                description: Target points to the resources that the
+                                  patch document should be applied to.
+                                properties:
+                                  annotationSelector:
+                                    description: AnnotationSelector is a string that
+                                      follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                                      It matches with the resource annotations.
+                                    type: string
+                                  group:
+                                    description: Group is the API group to select
+                                      resources from. Together with Version and Kind
+                                      it is capable of unambiguously identifying and/or
+                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                                    type: string
+                                  kind:
+                                    description: Kind of the API Group to select resources
+                                      from. Together with Group and Version it is
+                                      capable of unambiguously identifying and/or
+                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                                    type: string
+                                  labelSelector:
+                                    description: LabelSelector is a string that follows
+                                      the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
+                                      It matches with the resource labels.
+                                    type: string
+                                  name:
+                                    description: Name to match resources with.
+                                    type: string
+                                  namespace:
+                                    description: Namespace to select resources from.
+                                    type: string
+                                  version:
+                                    description: Version of the API Group to select
+                                      resources from. Together with Group and Kind
+                                      it is capable of unambiguously identifying and/or
+                                      selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
+                                    type: string
+                                type: object
+                            type: object
+                          type: array
                         patchesJson6902:
                           description: JSON 6902 patches, defined as inline YAML objects.
                           items:
diff --git a/docs/api/helmrelease.md b/docs/api/helmrelease.md
@@ -1427,6 +1427,21 @@ the HelmRelease.</p>
 <tbody>
 <tr>
 <td>
+<code>patches</code><br>
+<em>
+<a href="https://godoc.org/github.com/fluxcd/pkg/apis/kustomize#Patch">
+[]github.com/fluxcd/pkg/apis/kustomize.Patch
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Strategic merge and JSON patches, defined as inline YAML objects,
+capable of targeting objects based on kind, label and annotation selectors.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>patchesStrategicMerge</code><br>
 <em>
 <a href="https://pkg.go.dev/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1?tab=doc#JSON">
diff --git a/docs/spec/v2beta1/helmreleases.md b/docs/spec/v2beta1/helmreleases.md
@@ -1149,6 +1149,7 @@ HelmRelease resources has a built-in [Kustomize](https://kubectl.docs.kubernetes
 compatible [Post Renderer](https://helm.sh/docs/topics/advanced/#post-rendering), which provides
 the following Kustomize directives:
 
+- [patches](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patches/)
 - [patchesStrategicMerge](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesstrategicmerge/)
 - [patchesJson6902](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/patchesjson6902/)
 - [images](https://kubectl.docs.kubernetes.io/references/kustomize/kustomization/images/)
diff --git a/internal/runner/post_renderer_kustomize.go b/internal/runner/post_renderer_kustomize.go
@@ -19,7 +19,6 @@ package runner
 import (
 	"bytes"
 	"encoding/json"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"sync"
 
 	"sigs.k8s.io/kustomize/api/filesys"
@@ -106,23 +105,17 @@ func (k *postRendererKustomize) Run(renderedManifests *bytes.Buffer) (modifiedMa
 		return nil, err
 	}
 
+	// Add patches.
+	for _, m := range k.spec.Patches {
+		cfg.Patches = append(cfg.Patches, kustypes.Patch{
+			Patch:  m.Patch,
+			Target: adaptSelector(&m.Target),
+		})
+	}
+
 	// Add strategic merge patches.
 	for _, m := range k.spec.PatchesStrategicMerge {
-		patchWithTarget := struct {
-			Patch  apiextensionsv1.JSON `json:"patch"`
-			Target kustomize.Selector   `json:"target,omitempty"`
-		}{}
-		if err := json.Unmarshal(m.Raw, &patchWithTarget); err != nil {
-			return nil, err
-		}
-		if len(patchWithTarget.Patch.Raw) == 0 {
-			cfg.PatchesStrategicMerge = append(cfg.PatchesStrategicMerge, kustypes.PatchStrategicMerge(m.Raw))
-		} else {
-			cfg.Patches = append(cfg.Patches, kustypes.Patch{
-				Patch:  string(patchWithTarget.Patch.Raw),
-				Target: adaptSelector(&patchWithTarget.Target),
-			})
-		}
+		cfg.PatchesStrategicMerge = append(cfg.PatchesStrategicMerge, kustypes.PatchStrategicMerge(m.Raw))
 	}
 
 	// Add JSON 6902 patches.
diff --git a/internal/runner/post_renderer_kustomize_test.go b/internal/runner/post_renderer_kustomize_test.go
@@ -63,6 +63,7 @@ func Test_postRendererKustomize_Run(t *testing.T) {
 	tests := []struct {
 		name                  string
 		renderedManifests     string
+		patches               string
 		patchesStrategicMerge string
 		patchesJson6902       string
 		images                string
@@ -146,6 +147,42 @@ spec:
 `,
 			expectManifests: `apiVersion: v1
 kind: Pod
+metadata:
+  annotations:
+    d: "42"
+    e: "42"
+  name: json6902
+`,
+		},
+		{
+			name:              "targeted json 6902",
+			renderedManifests: json6902Mock,
+			patches: `
+- target:
+    version: v1
+    kind: Pod
+    name: json6902
+  patch: |
+    - op: test
+      path: /metadata/annotations/c
+      value: foo
+    - op: remove
+      path: /metadata/annotations/c
+    - op: add
+      path: /metadata/annotations/c
+      value: [ "foo", "bar" ]
+    - op: replace
+      path: /metadata/annotations/c
+      value: 42
+    - op: move
+      from: /metadata/annotations/c
+      path: /metadata/annotations/d
+    - op: copy
+      from: /metadata/annotations/d
+      path: /metadata/annotations/e
+`,
+			expectManifests: `apiVersion: v1
+kind: Pod
 metadata:
   annotations:
     d: "42"
@@ -181,15 +218,15 @@ spec:
 `,
 		},
 		{
-			name:              "strategic merge with target test",
+			name:              "targeted strategic merge test",
 			renderedManifests: strategicMergeMock,
-			patchesStrategicMerge: `
+			patches: `
 - target:
     group: apps
     version: v1
     kind: Deployment
     name: nginx
-  patch:
+  patch: |
     apiVersion: apps/v1
     kind: Deployment
     metadata:
@@ -216,7 +253,11 @@ spec:
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			spec, err := mockKustomize(tt.patchesStrategicMerge, tt.patchesJson6902, tt.images)
+			spec, err := mockKustomize(tt.patches, tt.patchesStrategicMerge, tt.patchesJson6902, tt.images)
+			if err != nil {
+				t.Errorf("Run() mockKustomize returned %v", err)
+				return
+			}
 			k := &postRendererKustomize{
 				spec: spec,
 			}
@@ -232,7 +273,11 @@ spec:
 	}
 }
 
-func mockKustomize(patchesStrategicMerge, patchesJson6902, images string) (*v2.Kustomize, error) {
+func mockKustomize(patches, patchesStrategicMerge, patchesJson6902, images string) (*v2.Kustomize, error) {
+	var targeted []kustomize.Patch
+	if err := yaml.Unmarshal([]byte(patches), &targeted); err != nil {
+		return nil, err
+	}
 	b, err := yaml.YAMLToJSON([]byte(patchesStrategicMerge))
 	if err != nil {
 		return nil, err
@@ -250,6 +295,7 @@ func mockKustomize(patchesStrategicMerge, patchesJson6902, images string) (*v2.K
 		return nil, err
 	}
 	return &v2.Kustomize{
+		Patches:               targeted,
 		PatchesStrategicMerge: strategicMerge,
 		PatchesJSON6902:       json6902,
 		Images:                imgs,
