v1alpha5: add validators (#357)

holos-run · Nov 25, 2024 · 2184bda · 2184bda
1 parent a8ab4da
commit 2184bda
Show file tree

Hide file tree

Showing 16 changed files with 227 additions and 124 deletions.
diff --git a/api/author/v1alpha5/definitions.go b/api/author/v1alpha5/definitions.go
@@ -65,8 +65,10 @@ type ComponentConfig struct {
 
 	// Resources represents kubernetes resources mixed into the rendered manifest.
 	Resources core.Resources
-	// KustomizeConfig represents the configuration kustomize.
+	// KustomizeConfig represents the kustomize configuration.
 	KustomizeConfig KustomizeConfig
+	// Validators represent checks that must pass for output to be written.
+	Validators map[NameLabel]core.Validator
 	// Artifacts represents additional artifacts to mix in.  Useful for adding
 	// GitOps resources.  Each Artifact is unified without modification into the
 	// BuildPlan.

diff --git a/api/core/v1alpha5/types.go b/api/core/v1alpha5/types.go
@@ -40,14 +40,6 @@ type BuildPlanSpec struct {
 	Disabled bool `json:"disabled,omitempty" yaml:"disabled,omitempty"`
 }
 
-// BuildPlanSource reflects the origin of a [BuildPlan].  Useful to save a build
-// plan to a file, then re-generate it without needing to process a [Platform]
-// component collection.
-type BuildPlanSource struct {
-	// Component reflects the component that produced the build plan.
-	Component Component `json:"component,omitempty" yaml:"component,omitempty"`
-}
-
 // Artifact represents one fully rendered manifest produced by a [Transformer]
 // sequence, which transforms a [Generator] collection.  A [BuildPlan] produces
 // an [Artifact] collection.
@@ -72,6 +64,7 @@ type Artifact struct {
 	Artifact     FilePath      `json:"artifact,omitempty" yaml:"artifact,omitempty"`
 	Generators   []Generator   `json:"generators,omitempty" yaml:"generators,omitempty"`
 	Transformers []Transformer `json:"transformers,omitempty" yaml:"transformers,omitempty"`
+	Validators   []Validator   `json:"validators,omitempty" yaml:"validators,omitempty"`
 	Skip         bool          `json:"skip,omitempty" yaml:"skip,omitempty"`
 }
 
@@ -206,15 +199,34 @@ type Kustomize struct {
 // is expected to happen in CUE against the kubectl version the user prefers.
 type Kustomization map[string]any
 
-// FileContent represents file contents.
-type FileContent string
-
 // FileContentMap represents a mapping of file paths to file contents.
 type FileContentMap map[FilePath]FileContent
 
 // FilePath represents a file path.
 type FilePath string
 
+// FileContent represents file contents.
+type FileContent string
+
+// Validator validates files.  Useful to validate an [Artifact] prior to writing
+// it out to the final destination.  Validators may be executed concurrently.
+type Validator struct {
+	// Kind represents the kind of transformer. Must be Kustomize, or Join.
+	Kind string `json:"kind" yaml:"kind" cue:"\"Command\""`
+	// Inputs represents the files to validate.  Usually the final Artifact.
+	Inputs []FilePath `json:"inputs" yaml:"inputs"`
+	// Command represents a validation command.  Ignored unless kind is Command.
+	Command Command `json:"command,omitempty" yaml:"command,omitempty"`
+}
+
+// Command represents a command vetting one or more artifacts.  Holos appends
+// fully qualified input file paths to the end of the args list, then executes
+// the command.  Inputs are written into a temporary directory prior to
+// executing the command and removed afterwards.
+type Command struct {
+	Args []string `json:"args,omitempty" yaml:"args,omitempty"`
+}
+
 // InternalLabel is an arbitrary unique identifier internal to holos itself.
 // The holos cli is expected to never write a InternalLabel value to rendered
 // output files, therefore use a InternalLabel when the identifier must be

diff --git a/cmd/holos/tests/v1alpha5/issues/holos-show.txt b/cmd/holos/tests/v1alpha5/issues/holos-show.txt
@@ -106,9 +106,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 ---
@@ -135,9 +132,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 ---
@@ -164,9 +158,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 ---
@@ -193,9 +184,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 -- want/buildplans.1.yaml --
@@ -222,9 +210,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 -- want/buildplans.2.yaml --
@@ -251,9 +236,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 -- want/buildplans.3.yaml --
@@ -280,9 +262,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 ---
@@ -309,9 +288,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 ---
@@ -338,9 +314,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 -- want/buildplans.4.yaml --
@@ -367,9 +340,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 ---
@@ -396,9 +366,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 ---
@@ -425,9 +392,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
 ---
@@ -454,8 +418,5 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
diff --git a/cmd/holos/tests/v1alpha5/issues/issue348-kustomize-patch-name.txt b/cmd/holos/tests/v1alpha5/issues/issue348-kustomize-patch-name.txt
@@ -52,9 +52,6 @@ spec:
             kustomization:
               apiVersion: kustomize.config.k8s.io/v1beta1
               kind: Kustomization
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               patches:
                 - patch: |
                     - op: add

diff --git a/cmd/holos/tests/v1alpha5/schemas/kubernetes.txt b/cmd/holos/tests/v1alpha5/schemas/kubernetes.txt
@@ -31,16 +31,14 @@ spec:
         - kind: Resources
           output: resources.gen.yaml
           resources: {}
+      validators: []
       transformers:
         - kind: Kustomize
           inputs:
             - resources.gen.yaml
           output: components/no-name/no-name.gen.yaml
           kustomize:
             kustomization:
-              labels:
-                - includeSelectors: false
-                  pairs: {}
               resources:
                 - resources.gen.yaml
               kind: Kustomization

diff --git a/cmd/holos/tests/v1alpha5/schemas/validators.txt b/cmd/holos/tests/v1alpha5/schemas/validators.txt
@@ -0,0 +1,37 @@
+# https://github.com/holos-run/holos/issues/357
+exec holos init platform v1alpha5 --force
+! exec holos render platform
+stderr 'secret.kind: conflicting values "Forbidden. Use an ExternalSecret instead." and "Secret"'
+
+-- validators.cue --
+package holos
+
+import "github.com/holos-run/holos/api/author/v1alpha5:author"
+
+#ComponentConfig: author.#ComponentConfig & {
+	Validators: cue: {
+		kind: "Command"
+		command: args: ["holos", "cue", "vet", "./policy", "--path", "strings.ToLower(kind)"]
+	}
+}
+-- policy/validations.cue --
+package validations
+
+secret: kind: "Forbidden. Use an ExternalSecret instead."
+-- platform/example.cue --
+package holos
+
+Platform: Components: example: {
+	name: "example"
+	path: "components/example"
+}
+-- components/example/secret.cue --
+package holos
+
+holos: Component.BuildPlan
+
+Component: #Kubernetes & {
+	Resources: Secret: test: {
+		metadata: name: "test"
+	}
+}
diff --git a/doc/md/api/author.md b/doc/md/api/author.md
@@ -62,8 +62,10 @@ type ComponentConfig struct {
 
     // Resources represents kubernetes resources mixed into the rendered manifest.
     Resources core.Resources
-    // KustomizeConfig represents the configuration kustomize.
+    // KustomizeConfig represents the kustomize configuration.
     KustomizeConfig KustomizeConfig
+    // Validators represent checks that must pass for output to be written.
+    Validators map[NameLabel]core.Validator
     // Artifacts represents additional artifacts to mix in.  Useful for adding
     // GitOps resources.  Each Artifact is unified without modification into the
     // BuildPlan.

diff --git a/doc/md/api/core.md b/doc/md/api/core.md
@@ -16,9 +16,9 @@ Package core contains schemas for a [Platform](<#Platform>) and [BuildPlan](<#Bu
 
 - [type Artifact](<#Artifact>)
 - [type BuildPlan](<#BuildPlan>)
-- [type BuildPlanSource](<#BuildPlanSource>)
 - [type BuildPlanSpec](<#BuildPlanSpec>)
 - [type Chart](<#Chart>)
+- [type Command](<#Command>)
 - [type Component](<#Component>)
 - [type File](<#File>)
 - [type FileContent](<#FileContent>)
@@ -38,6 +38,7 @@ Package core contains schemas for a [Platform](<#Platform>) and [BuildPlan](<#Bu
 - [type Resource](<#Resource>)
 - [type Resources](<#Resources>)
 - [type Transformer](<#Transformer>)
+- [type Validator](<#Validator>)
 - [type Values](<#Values>)
 
 
@@ -59,6 +60,7 @@ type Artifact struct {
     Artifact     FilePath      `json:"artifact,omitempty" yaml:"artifact,omitempty"`
     Generators   []Generator   `json:"generators,omitempty" yaml:"generators,omitempty"`
     Transformers []Transformer `json:"transformers,omitempty" yaml:"transformers,omitempty"`
+    Validators   []Validator   `json:"validators,omitempty" yaml:"validators,omitempty"`
     Skip         bool          `json:"skip,omitempty" yaml:"skip,omitempty"`
 }
 ```
@@ -85,18 +87,6 @@ type BuildPlan struct {
 }
 ```
 
-<a name="BuildPlanSource"></a>
-## type BuildPlanSource {#BuildPlanSource}
-
-BuildPlanSource reflects the origin of a [BuildPlan](<#BuildPlan>). Useful to save a build plan to a file, then re\-generate it without needing to process a [Platform](<#Platform>) component collection.
-
-```go
-type BuildPlanSource struct {
-    // Component reflects the component that produced the build plan.
-    Component Component `json:"component,omitempty" yaml:"component,omitempty"`
-}
-```
-
 <a name="BuildPlanSpec"></a>
 ## type BuildPlanSpec {#BuildPlanSpec}
 
@@ -129,6 +119,17 @@ type Chart struct {
 }
 ```
 
+<a name="Command"></a>
+## type Command {#Command}
+
+Command represents a command vetting one or more artifacts. Holos appends fully qualified input file paths to the end of the args list, then executes the command. Inputs are written into a temporary directory prior to executing the command and removed afterwards.
+
+```go
+type Command struct {
+    Args []string `json:"args,omitempty" yaml:"args,omitempty"`
+}
+```
+
 <a name="Component"></a>
 ## type Component {#Component}
 
@@ -414,6 +415,22 @@ type Transformer struct {
 }
 ```
 
+<a name="Validator"></a>
+## type Validator {#Validator}
+
+Validator validates files. Useful to validate an [Artifact](<#Artifact>) prior to writing it out to the final destination. Validators may be executed concurrently.
+
+```go
+type Validator struct {
+    // Kind represents the kind of transformer. Must be Kustomize, or Join.
+    Kind string `json:"kind" yaml:"kind" cue:"\"Command\""`
+    // Inputs represents the files to validate.  Usually the final Artifact.
+    Inputs []FilePath `json:"inputs" yaml:"inputs"`
+    // Command represents a validation command.  Ignored unless kind is Command.
+    Command Command `json:"command,omitempty" yaml:"command,omitempty"`
+}
+```
+
 <a name="Values"></a>
 ## type Values {#Values}