kubevela

mirror of https://github.com/kubevela/kubevela.git synced 2026-05-18 15:27:45 +00:00

Author	SHA1	Message	Date
Amit Singh	5ead6db8d7	Chore: bumps up pkg and workflow dependency versions (#7026 ) Some checks failed Webhook Upgrade Validation / webhook-upgrade-check (push) Failing after 1m29s * chore: bumps up workflow and pkg versions and updates import statements Signed-off-by: Amit Singh <singhamitch@outlook.com> * chore: minor linter fixes Signed-off-by: Amit Singh <singhamitch@outlook.com> --------- Signed-off-by: Amit Singh <singhamitch@outlook.com>	2026-01-20 15:32:03 +00:00
AshvinBambhaniya2003	305a90f428	Feat(addon): Store addon registry tokens in Secrets (#6935 ) * feat(addon): Store addon registry tokens in Secrets Previously, addon registry tokens were stored in plaintext within the 'vela-addon-registry' ConfigMap. This is not a secure practice for sensitive data. This commit refactors the addon registry functionality to store tokens in Kubernetes Secrets. The ConfigMap now only contains a reference to the secret name, while the token itself is stored securely. This change includes: - Creating/updating secrets when a registry is added/updated. - Loading tokens from secrets when a registry is listed/retrieved. - Deleting secrets when a registry is deleted. Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com> * test(addon): Add tests for registry token secret storage This commit introduces a comprehensive test suite for the addon registry feature. It includes: - Isolated unit tests for each CRUD operation (Add, Update, List, Get, Delete) to ensure each function works correctly in isolation. - A stateful integration test to validate the complete lifecycle of an addon registry from creation to deletion. The tests verify that tokens are handled correctly via Kubernetes Secrets, confirming the implementation of the secure token storage feature. Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com> * feat(addon): improve addon registry robustness and fix bugs This commit introduces several improvements to the addon registry to make it more robust and fixes several bugs. - When updating a secret, the existing secret is now fetched and updated to avoid potential conflicts. - Deleting a non-existent registry now returns no error, making the operation idempotent. - Getting a non-existent registry now returns a structured not-found error. - Loading a token from a non-existent secret is now handled gracefully. - When setting a token directly on a git-based addon source, the token secret reference is now cleared. - The token secret reference is now correctly copied in `SafeCopy`. Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com> * Refactor(addon): Fix secret deletion and improve registry logic This commit refactors the addon registry data store to fix a critical bug where deleting an addon registry would not delete its associated token secret. The root cause was that the `GetRegistry` function, which was used by `DeleteRegistry`, would load the token from the secret and then clear the `TokenSecretRef` field on the in-memory object. This meant that when `DeleteRegistry` tried to find the secret to delete, the reference was already gone. This has been fixed by: 1. Introducing a central `getRegistries` helper function to read the raw registry data from the ConfigMap. 2. Refactoring all data store methods (`List`, `Get`, `Add`, `Update`, `Delete`) to use this central helper, removing duplicate code. 3. Ensuring `DeleteRegistry` uses the raw, unmodified registry data so that the `TokenSecretRef` is always available for deletion. Additionally, comprehensive unit tests for the new helper functions (`getRegistries`, `loadTokenFromSecret`, `createOrUpdateTokenSecret`) have been added to verify the fix and improve overall code quality and stability. Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com> * feat(addon): improve addon registry token security and logging This commit enhances the security and observability of addon registry token handling. - Adds a warning message to users when an insecure inline token is detected in an addon registry configuration, prompting them to migrate to a more secure secret-based storage. - Implements info-level logging to create an audit trail for token migrations, providing administrators with visibility into security-related events. - Refactors the token migration logic into a new `migrateInlineTokenToSecret` function, improving code clarity and maintainability. - Introduces unit tests for the `TokenSource` interface methods and the `GetTokenSource` function to ensure correctness and prevent regressions. Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com> * Chore: remove comments to triger ci Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com> --------- Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>	2025-10-31 13:52:30 +00:00
Amit Singh	27965fb8aa	Chore: updates vuln dependencies versions (#6757 ) * chore: updates vuln dependencies versions Signed-off-by: Amit Singh <singhamitch@outlook.com> * fix check-diff tests Signed-off-by: Shivin Gopalani <gopalanishivin@gmail.com> * updated import for deprecated package Signed-off-by: Shivin Gopalani <gopalanishivin@gmail.com> --------- Signed-off-by: Amit Singh <singhamitch@outlook.com> Signed-off-by: Shivin Gopalani <gopalanishivin@gmail.com> Co-authored-by: Gowtham <gowthams316@gmail.com> Co-authored-by: Pushparaj Shetty K S <kspushparajshetty@gmail.com> Co-authored-by: PushparajShetty <116911361+PushparajShetty@users.noreply.github.com>	2025-04-18 10:22:27 +05:30
zhaohuiweixiao	95fa62164a	Fix: addon status list addon info error when there are mulitiple registries (#6073 ) Signed-off-by: zhaohuihui <zhaohuihui_yewu@cmss.chinamobile.com>	2023-06-13 10:34:52 +08:00
merusso	be3b990df0	Feat(#5861 ): Support addon dependencies version ranges (#6002 ) * Feat(#5861): Support addon dependencies version ranges This change enables addon maintainers to define version ranges for dependencies in an addon's metadata.yaml file. This behavior is similar to the version range allowed in the `system` section of the metadata file. The version range expression for `dependencies` follows the same format as for `system`. Example: ```yaml dependencies: - name: addon1 version: ">= 2.3.3, < 3.0.0" - name: addon2 version: ">= 0.1.0, < 1.0.0" ``` When installing an addon, the behavior varies depending on whether the dependency is already installed. If a dependency is already installed, the installed version will be validated against the version range, and installation will fail with an error if there's a mismatch. If a dependency is not installed, the version range will be used to select the addon version to be installed. If no addon version matching the range exists, the installation will fail with an error. Fixes #5861 Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): remove unused ctx parameter Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): Add comment for IsLocalRegistry Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): unexport AddonInfoMap Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): unexport addonInfo Signed-off-by: Michael Russo <merusso@gmail.com> * chore: replace map[string]addonInfo with addonInfoMap for consistency Signed-off-by: Michael Russo <merusso@gmail.com> * fix: add short circuit when dependency version is not specified Signed-off-by: Michael Russo <merusso@gmail.com> * feat: Add test for multiple validation errors Signed-off-by: Michael Russo <merusso@gmail.com> * fix: Run go mod tidy Signed-off-by: Michael Russo <merusso@gmail.com> * feat: add tests for ToVersionedRegistry Signed-off-by: Michael Russo <merusso@gmail.com> * fix: simplify listInstalledAddons loop Signed-off-by: Michael Russo <merusso@gmail.com> * feat: listAvailableAddons returns addons from multiple sources Changes: * implement ListAddonInfo in Registry * add interface to aid testing of listAvailableAddons * add tests for listAvailableAddons Signed-off-by: Michael Russo <merusso@gmail.com> * refactor: simplify validateAddonDependencies move logic from validateAddonDependencies to calculateDependencyVersionToInstall. Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): Implicit memory aliasing in for loop. Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): non-wrapping format verb for fmt.Errorf Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): indent-error-flow: (revive) Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): unexported-return Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): exported type comment format (revive) Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): refactor AddonInfo to ItemInfo, avoid "stutter" (revive) Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): add comment to exported method Registry.ListAddonInfo Signed-off-by: Michael Russo <merusso@gmail.com> * fix(lint): fix stutter, rename AddonInfoLister to ItemInfoLister Signed-off-by: Michael Russo <merusso@gmail.com> * chore: Add suite tests for Registry.ListAddonInfo() Signed-off-by: Michael Russo <merusso@gmail.com> * Test: add test cases for addon.sortVersionsDescending Signed-off-by: Michael Russo <merusso@gmail.com> --------- Signed-off-by: Michael Russo <merusso@gmail.com>	2023-06-07 11:44:54 +08:00
wyike	25b0cb8ee1	Feat: Addon support app template written by cuelang. (#4401 ) * pass tests Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> refactor some codes Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> WIP delete useless workflow Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> add checklegacy addon Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> refactor some logics Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix panic test Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> delete useless addon test Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix empty clusterargs Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix comments Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * rewrite some logic to support parameter ui Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * rename template cue Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix panic test Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> add tests Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix render tests Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix checkdiff Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * add tests Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix add more tests Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> add tests Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * update file header Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * fix comments Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix comments Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com>	2022-07-22 17:58:19 +08:00
TIEDPAG	e37b0276c8	Feat: support addon helm repo skip tls verify (#4122 ) (#4146 ) * Feat: support addon helm repo skip tls verify (#4122) Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: mv http server to BeforeSuite Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: fix ci error Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: fix merge Signed-off-by: damianqin <damianqin@tiedpag.club> * Feat: support addon helm repo skip tls verify (#4122) Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: mv http server to BeforeSuite Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: fix ci error Signed-off-by: damianqin <damianqin@tiedpag.club> * Fix: fix ci Signed-off-by: damianqin <damianqin@tiedpag.club> Co-authored-by: damianqin <damianqin@tiedpag.club> Co-authored-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>	2022-07-19 18:00:28 +08:00
StevenLeiZhang	b260348f30	Fix: sensitive field of addon registry is exposed (#3837 ) Signed-off-by: StevenLeiZhang <zhangleiic@163.com>	2022-05-10 10:08:28 +08:00
StevenLeiZhang	88fb854a26	Feat: Support basic-auth or reuse chartmuseum as addon registry (#3787 ) Signed-off-by: StevenLeiZhang <zhangleiic@163.com>	2022-05-07 23:39:34 +08:00
namo	83fe4a160e	Feat(lang): add addons gitlab support (#3543 ) * add addons gitlab support Signed-off-by: Namo <lgj112113@163.com> * add addons gitlab support Signed-off-by: Namo <lgj112113@163.com> * test file edit Signed-off-by: Namo <lgj112113@163.com> * typo edit Signed-off-by: Namo <lgj112113@163.com> * notes edit Signed-off-by: Namo <lgj112113@163.com> * move third party imports block Signed-off-by: Namo <lgj112113@163.com> * code format edit Signed-off-by: Namo <lgj112113@163.com> * notes edit Signed-off-by: Namo <lgj112113@163.com> * create addon registry bug fix Signed-off-by: Namo <lgj112113@163.com> * add gitlab addon registry bug fix Signed-off-by: Namo <lgj112113@163.com> * add addon gitlab support test file Signed-off-by: Namo <lgj112113@163.com> * add addon gitlab support test note edit Signed-off-by: Namo <lgj112113@163.com> * add addon gitlab branch support and fix bug Signed-off-by: Namo <lgj112113@163.com> * addon gitlab registry repo name invalid Signed-off-by: Namo <lgj112113@163.com> Co-authored-by: Namo <lgj112113@163.com>	2022-04-07 11:05:14 +08:00
wyike	161d2646cb	Feat: helm repo as addon registry to support addon's multi-version (#3523 ) * versioned registry impl add more test Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> * fix ci Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> Signed-off-by: 楚岳 <wangyike.wyk@alibaba-inc.com> fix ui fix fix fix modify addon registry	2022-03-28 21:25:38 +08:00
maxiangbo	52f3636a2d	Feat: support gitee repository in addon registry (#3393 ) * Feat: support gitee repository in addon registry Signed-off-by: fourierr <maxiangboo@163.com> * Feat: support gitee repository in addon registry Signed-off-by: maxiangbo <maxiangboo@cmbchina.com> Signed-off-by: fourierr <maxiangboo@yeah.net> * Feat: support gitee repository in addon registry Signed-off-by: maxiangbo <maxiangboo@cmbchina.com> * Feat: support gitee repository in addon registry Signed-off-by: maxiangbo <maxiangboo@cmbchina.com> Signed-off-by: fourierr <maxiangboo@qq.com> Co-authored-by: fourierr <maxiangboo@yeah.net>	2022-03-10 10:11:45 +08:00
barnettZQG	4a29776e8e	Fix: registry don't have enough info to build a reader (#3237 ) Signed-off-by: barnettZQG <barnett.zqg@gmail.com>	2022-02-14 18:04:34 +08:00
wyike	c170cecd34	fix addon panic bug (#3026 ) Signed-off-by: wangyike <wangyike_wyk@163.com> Fix lint Signed-off-by: wangyike <wangyike_wyk@163.com>	2022-01-05 13:40:51 +08:00
wyike	5210800cac	Fix: add registryName into addon list (#2993 ) * Fix: add registryName into addon list Signed-off-by: wangyike <wangyike_wyk@163.com> * fix congig map Signed-off-by: wangyike <wangyike_wyk@163.com> * fix several comments Signed-off-by: wangyike <wangyike_wyk@163.com> * small fix Signed-off-by: wangyike <wangyike_wyk@163.com>	2021-12-25 12:37:23 +08:00
qiaozp	9317bb1cab	Refactor: addon cache mechanism and code architecture (#2956 ) * Refactor: fix addon cache and code Signed-off-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com> * basic trim Signed-off-by: qiaozp <chivalry.pp@gmail.com> * Fix list OSS bucket addon's meta Signed-off-by: qiaozp <chivalry.pp@gmail.com> * rename listAddonMeta func Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix enable Signed-off-by: qiaozp <chivalry.pp@gmail.com> * rename and trim cache func call Signed-off-by: qiaozp <chivalry.pp@gmail.com> * remove same source code, use Registry to implement Source interface. Keep the compatibility of DeployTo fields. Signed-off-by: qiaozp <chivalry.pp@gmail.com> * complete github reader Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix read from github, fix test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * reviewable Signed-off-by: qiaozp <chivalry.pp@gmail.com> * header Signed-off-by: qiaozp <chivalry.pp@gmail.com> * rename function, restore test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * try CI Signed-off-by: qiaozp <chivalry.pp@gmail.com> * sort out functions name. add detail test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * filter directory without metadata.yaml in oss Signed-off-by: qiaozp <chivalry.pp@gmail.com> * add GitHub reader unit test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * clean up Signed-off-by: qiaozp <chivalry.pp@gmail.com> * reviewable Signed-off-by: qiaozp <chivalry.pp@gmail.com> * header Signed-off-by: qiaozp <chivalry.pp@gmail.com> * add cache arg Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * change field name Signed-off-by: qiaozp <chivalry.pp@gmail.com> * build swagger Signed-off-by: qiaozp <chivalry.pp@gmail.com> * some json tag, revert cache logic Signed-off-by: qiaozp <chivalry.pp@gmail.com> Co-authored-by: Jianbo Sun <jianbo.sjb@alibaba-inc.com>	2021-12-21 09:31:37 +08:00
qiaozp	a67b7e90d0	Feat: add path argument to addon oss source (#2907 ) * add path Signed-off-by: qiaozp <chivalry.pp@gmail.com> * pending test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * reviewable Signed-off-by: qiaozp <chivalry.pp@gmail.com> * reviewable Signed-off-by: qiaozp <chivalry.pp@gmail.com> * license Signed-off-by: qiaozp <chivalry.pp@gmail.com> * keep compatible Signed-off-by: qiaozp <chivalry.pp@gmail.com>	2021-12-13 19:43:15 +08:00
qiaozp	53006b4137	Fix: move addon api to pkg/addon (#2905 ) * move addon api to pkg/addon Signed-off-by: qiaozp <chivalry.pp@gmail.com> * reviewable Signed-off-by: qiaozp <chivalry.pp@gmail.com> * license Signed-off-by: qiaozp <chivalry.pp@gmail.com> * reviewable Signed-off-by: qiaozp <chivalry.pp@gmail.com>	2021-12-13 17:47:53 +08:00
qiaozp	2947da2611	Fix: OSS read data race (#2875 ) * Fix: read oss addon prefix bug This bug is about list OSS bucket by prefix which will cause confusion between `terraform` and `terraform-alibaba` Signed-off-by: qiaozp <chivalry.pp@gmail.com> * add test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix data race Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix channel block add test Signed-off-by: qiaozp <chivalry.pp@gmail.com> * reviewable Signed-off-by: qiaozp <chivalry.pp@gmail.com>	2021-12-07 16:17:11 +08:00
wyike	99757814ab	Feat: algin addon cli and apiserver (#2867 ) Feat: cli aligin with apiserver Fix comments Signed-off-by: wangyike <wangyike_wyk@163.com>	2021-12-07 15:11:52 +08:00
qiaozp	95c2b8ce04	Fix: query addon status api 500 because of secret (#2866 ) * Fix: query addon status api 500 because of secret Signed-off-by: qiaozp <chivalry.pp@gmail.com> * Fix: enable addon failed because the file name of the cue template is used as the component name Signed-off-by: qiaozp <chivalry.pp@gmail.com> * Fix: fix several oss read problem Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix lint Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix Signed-off-by: qiaozp <chivalry.pp@gmail.com> * use oss test endpoint Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix ut Signed-off-by: qiaozp <chivalry.pp@gmail.com>	2021-12-03 10:59:46 +08:00
qiaozp	a6ef0644ff	Feat: oss suppurt for addon (#2848 ) * Add OSS source support for addon Signed-off-by: qiaozp <chivalry.pp@gmail.com> * add unit test for pkg/addon Signed-off-by: qiaozp <chivalry.pp@gmail.com> * fix lint Signed-off-by: qiaozp <chivalry.pp@gmail.com> * add license Signed-off-by: qiaozp <chivalry.pp@gmail.com>	2021-12-01 19:15:48 +08:00

22 Commits