* Feat: Validate undeclared parameters in application definitions (#6862)
Add a new feature gate ValidateUndeclaredParameters that rejects
parameters not declared in the CUE definition schema at admission time.
When enabled, any parameter field not present in the template's parameter
stanza will cause a validation error.
Signed-off-by: majiayu000 <1835304752@qq.com>
* Fix: Handle CUE pattern constraints and improve undeclared param validation
- Detect pattern constraints ([string]: T) using LookupPath to avoid
false positives on webservice labels/annotations fields
- Use GetSelectorLabel() for safe selector extraction
- Add klog debug logging when schema compilation fails
- Sort undeclared field names for deterministic error messages
- Add test cases for pattern constraints and sorted output
Signed-off-by: majiayu000 <1835304752@qq.com>
* Fix: go fmt alignment in validate_test.go
Signed-off-by: majiayu000 <1835304752@qq.com>
* fix: address review feedback on PR #7075
- Handle conditional parameter declarations via two-pass schema
compilation: first without params for base fields, then with
declared params to resolve CUE conditionals
- Return nil from findUndeclaredFields when schema.Fields() errors
to prevent false positives from empty declared map
- Recurse into list elements containing structs using cue.AnyIndex
so undeclared fields inside arrays are detected
- Save/restore previous feature gate state in tests instead of
resetting to fixed values
Signed-off-by: majiayu000 <1835304752@qq.com>
---------
Signed-off-by: majiayu000 <1835304752@qq.com>
Introduces application-scoped policies and global auto-applied policies
for KubeVela.
Key changes:
- PolicyDefinition gains `scope`, `global`, and `priority` fields
- Global policies (global=true, scope=Application) are auto-applied to
every Application in their namespace (and vela-system globals apply
cluster-wide) without being listed in spec.policies
- PolicyScopeIndex: in-memory singleton index of PolicyDefinition
metadata, bootstrapped at startup and kept live via watch events.
Follows KubeVela's 2-step lookup (local namespace → vela-system)
- ApplicationPolicyCache: per-app cache of rendered policy results,
invalidated by spec hash, revision hash, or TTL; cleared on deletion
- Policy rendering pipeline extended to inject global policies before
user-specified ones, respecting priority ordering
- Appfile.Context carries context.Context from controller into rendering
- Feature gates: EnableApplicationScopedPolicies and EnableGlobalPolicies
(both Alpha, default false); admission webhook warns when a
PolicyDefinition targets a disabled gate
Signed-off-by: Brian Kane <briankane1@gmail.com>
* feat: add ClosedUnion and ClosedStruct support in defkit
- Introduced ClosedUnionParam and ClosedStructOption to handle closed struct disjunctions in parameters.
- Implemented methods for creating closed structs and adding fields.
- Enhanced CUE generation to support closed unions, allowing for more complex parameter definitions.
- Added tests for ClosedUnion and ClosedStruct to ensure correct functionality and integration.
- Updated existing tests to cover new features and ensure backward compatibility.
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: enhance CUE generation with deduplication and inner braces for array elements
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: enhance WorkflowStep parameter handling in CUE generation
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: add WithDirectFields method to BuiltinActionBuilder for direct field rendering
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: streamline string formatting in CUE generation for improved readability
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: enhance CUE generation with deduplication support and improve test assertions
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: add support for ClosedUnion and condition rendering in CUE generation
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* ci: retrigger checks
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: refactor value rendering in CUE generation to improve builder support
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: add GuardedBlockAction and corresponding CUE generation support
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: update writeOneOfParam and writeStructField to use marker instead of optional
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: add ClosedUnionParam support and update related tests for optionality
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: update parameter definitions to remove required constraints in example code
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: enhance CUE generation with multiline value indentation and improved block handling
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: add baseContainer definition to CUE generation for container patterns
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* fix: update test to expect _baseContainer singular field in PatchContainer output
The _baseContainer: *_|_ | {...} field was intentionally added to CUE
generation but the test was still asserting it should not exist.
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* ci: retrigger checks
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
---------
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
Replace the three-state field marker system (Optional/Mandatory/Required)
with a simpler two-state system where the default behavior produces
`field: type` (no marker), `.Required()` produces `field!: type`, and
`.Optional()` produces `field?: type`.
- Remove Mandatory(), IsMandatory(), ForceOptional(), IsForceOptional()
from all param types, StructField, Param interface, and CUE generator
- Replace `mandatory` and `forceOptional` fields with `optional` field
in baseParam and StructField
- Simplify CUE marker resolution to: default=none, Required="!",
Optional="?"
- Remove BeMandatory() matcher and mandatoryParam interface
- Migrate all test usages: .Mandatory() removed (now default behavior),
.ForceOptional() replaced with .Optional()
Signed-off-by: Jerrin Francis <jerrinfrancis7@gmail.com>
* feat(defkit): introduce Mandatory() API and three-state CUE field markers
Add a new .Mandatory() fluent method to all defkit param types and StructField,
giving callers explicit control over all three CUE field presence semantics:
field?: type — optional, emitted by default (no method call)
field: type — non-optional; must have a value, defaults/merging can satisfy (.Mandatory())
field!: type — required in input; user must explicitly provide it (.Required())
Previously, Required() emitted no marker (identical to a mandatory field), making
it impossible to generate the CUE ! marker at all. Now Required() emits ! and
Mandatory() emits no marker, matching their intuitive meanings.
- Add `mandatory bool` field to baseParam and StructField
- Add IsMandatory() accessor to baseParam, StructField, and Param interface
- Add .Mandatory() builder method to all 10 concrete param types and StructField
- Replace the `optional string` variable in cuegen.go with a typed `marker` variable
backed by named constants (fieldMarkerOptional, fieldMarkerNone, fieldMarkerRequired)
- Update IsOptional() to return !required && !mandatory
- Update Optional() to clear mandatory instead of required
- Update all tests to use .Mandatory() for non-optional fields
Signed-off-by: Jerrin Francis <jerrinfrancis7@gmail.com>
* fix(defkit): correct doc comments after Required/Mandatory semantic swap
Fix misleading comments that still described the pre-swap behaviour.
Mandatory() comments incorrectly referenced the "!" marker, and
Required()/IsRequired() accessors had stale descriptions. Aligned
all doc comments and field annotations with the actual semantics:
Required → "!" marker, Mandatory → non-optional (no ? marker).
Signed-off-by: Jerrin Francis <jerrinfrancis7@gmail.com>
* feat(defkit): add BeMandatory matcher and fix BeOptional for three-state semantics
BeOptional incorrectly returned true for mandatory params by checking
!IsRequired(). Now uses IsOptional() which correctly excludes both
required and mandatory params. Adds BeMandatory() matcher and updates
paramAccessor interface with IsOptional/IsMandatory methods.
Signed-off-by: Jerrin Francis <jerrinfrancis7@gmail.com>
* fix(defkit): clear required flag in Optional() for all param types
The previous commit only fixed StringParam.Optional(). Apply the same
fix to Int, Bool, Float, Array, Map, Struct, StructField, Enum, OneOf,
and StringKeyMap so that Optional() consistently resets both mandatory
and required flags across all parameter types.
Signed-off-by: Jerrin Francis <jerrinfrancis7@gmail.com>
* fix(defkit): make Required() and Mandatory() mutually exclusive and fix missing optional markers in CUE generation
Required() and Mandatory() only set their own flag without clearing
the other, allowing both to be true simultaneously via chaining.
Each method now clears the opposite flag so the last call wins,
matching the reset semantics that Optional() already followed.
Also fix CUE generation for int, bool, float, and enum params where
the optional marker was dropped from format strings when a default
value was present, causing those fields to always render without
the field marker regardless of their optional/mandatory/required state.
Signed-off-by: Jerrin Francis <jerrinfrancis7@gmail.com>
* Empty commit to re-trigger e2e
Signed-off-by: Jerrin Francis <jerrinfrancis7@gmail.com>
---------
Signed-off-by: Jerrin Francis <jerrinfrancis7@gmail.com>
- Use host.docker.internal instead of bridge gateway IP on macOS, which
is unreachable from the host when using Docker Desktop
- Make webhook port configurable via first argument (default 9445) to
avoid conflicts with other processes
Signed-off-by: Brian Kane <briankane1@gmail.com>
* Fix: update duration format handling and enhance StringParam with enum string support
Signed-off-by: Anaswara Suresh M K <anaswarasuresh2212@gmail.com>
Signed-off-by: vishal210893 <vishal210893@gmail.com>
* date build-push-image workflow and improve image handlinggp
Signed-off-by: Anaswara Suresh M K <anaswarasuresh2212@gmail.com>
* chore: commit to re run pipeline
Signed-off-by: Anaswara Suresh M K <anaswarasuresh2212@gmail.com>
* Feat: add deduplication and field order tracking in collections and array elements
Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com>
* Fix: update test expectation for parameter data count in workflow step
Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com>
* Feat: add tests for label handling and template body in workflow steps
Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com>
* Feat: add tests for label handling and template body in workflow steps
Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com>
* Refactor: rename AllowString to OpenEnum for clarity in enum handling
Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com>
* Chore: format StringParam struct for improved readability
Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com>
---------
Signed-off-by: Anaswara Suresh M K <anaswarasuresh2212@gmail.com>
Signed-off-by: vishal210893 <vishal210893@gmail.com>
Signed-off-by: Vaibhav Agrawal <vaibhav.agrawal0096@gmail.com>
* Feat: add MapVariant operation and support for OneOf parameters with default variant
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: enhance string parameter output to include optional prefix in CUE generation
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: add ConditionalOrFieldRef for fallback handling and support inline array values
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: update CUE generation to support inline arrays with conditional wrapping
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: update CUE generation to support inline arrays with conditional wrapping
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: add support for compound optional fields and enhance array builder with guarded filtering
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: add comprehensive tests for ArrayBuilder functionality
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: implement field grouping in StatusBuilder for consolidated CUE output
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: enhance CUE decomposition to support condValues and improve filtering logic
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: add metadata labels to ComponentDefinition and update CUE generation
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: clean up comments and formatting in cuegen and param files
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: enhance CUE generation, trait definitions, and PatchContainer logic
CUE Generation:
- Simplify condition decomposition logic and rename GetDirective method
- Add condition decomposition and lifting logic to improve generated CUE output
- Refactor cueTypeForParamType to use a standalone cueTypeStr function for reusability
Collections:
- Enhance MapVariant operation to merge variant mappings and preserve non-matching items
Trait Definitions:
- Enhance TraitDefinition and PatchContainerConfig with new attributes (MultiContainerCheckField, MultiContainerErrMsg)
- Update emission logic in TraitCUEGenerator for multi-container support
PatchContainer:
- Update error messages to use camelCase for consistency with KubeVela conventions
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: enhance test descriptions for clarity and accuracy in array_builder, collections, and status tests
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: enhance handling of optional fields in collections and improve test descriptions for clarity
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: improve ConditionalOrFieldRef tests for clarity and accuracy in handling primary and fallback fields
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: enhance test descriptions for clarity and accuracy in array_builder and expr tests
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: improve formatting of test data in collections tests for better readability
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
---------
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: Enhance status and health policy CUE generation with field grouping, column alignment, `_isHealth` pattern, and annotation-based health disable.
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat: introduce defkit package for a structured Go API to define KubeVela component and trait templates with outputs, patches, and helpers.
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: Consolidate two `append` calls into one for health expression parts.
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
---------
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Docs(KEP): Go SDK for X-Definition Authoring (defkit)
Introduces KEP proposal for defkit, a Go SDK that enables platform
engineers to author X-Definitions using native Go code instead of CUE.
Key proposed features:
- Fluent builder API for Component, Trait, Policy, and WorkflowStep definitions
- Transparent Go-to-CUE compilation
- IDE support with autocomplete and type checking
- Schema-agnostic resource construction
- Collection operations (map, filter, dedupe)
- Composable health and status expressions
- Addon integration with godef/ folder support
- Module dependencies for definition sharing via go get
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(KEP): Examples and minor api changes given in the document
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(KEP): align defkit examples
- Fix golang version in CI
- Fix variable declaration in example for testing
- Add Is() comparison method to status check
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): add security considerations section
- Add goal #7 for secure code execution model
- Add Security Considerations section covering:
- Code execution model (compile-time only, not runtime)
- Security benefits over CUE (static analysis, dependency scanning)
- Threat model with mitigations
Addresses PR feedback about code execution safety.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): add module versioning and definition placement sections
- Add Module Versioning section explaining git-based version derivation
- Add Definition Placement section covering:
- Motivation for placement constraints in multi-cluster environments
- Fluent API for placement (RunOn, NotRunOn, label conditions)
- Logical combinators (And, Or, Not)
- Module-level placement defaults
- Placement evaluation logic
- CLI experience for managing cluster labels
- Add Module Hooks section for lifecycle callbacks
- Minor fixes and clarifications throughout
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): add module hooks and update addon integration sections
- Add Module Hooks section covering:
- Use cases (CRD installation, setup scripts, post-install samples)
- Hook configuration in module.yaml (pre-apply, post-apply)
- Hook types (path for manifests, script for shell scripts)
- waitFor field with condition names and CUE expressions
- CLI usage (--skip-hooks, --dry-run)
- Update Addon Integration section with implementation details:
- godef/ folder structure with module.yaml
- CLI flags (--godef, --components, --traits, --policies, --workflowsteps)
- Conflict detection and --override-definitions flag
- Development workflow
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): address PR review comments and clarify placement labels
- Fix misleading "Sandboxed Compilation" claim (cubic-ai feedback) -
renamed to "Isolated Compilation" and clarified that security relies
on trust model, not technical sandboxing
- Fix inconsistent apiVersion in module hooks example (defkit.oam.dev/v1
→ core.oam.dev/v1beta1)
- Clarify that placement uses vela-cluster-identity ConfigMap directly,
not the vela cluster labels command (which is planned for future)
- Add --stats flag to apply-module CLI documentation
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(KEP): fix API documentation
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add core fluent API types for Go-based definitions
Introduce the defkit package providing a fluent Go API for defining
KubeVela X-Definitions (components, traits, policies, workflow steps).
Core types added:
- types.go: Value, Condition, Param interfaces
- base.go: Base definition types and interfaces
- param.go: Parameter builders (String, Int, Bool, Array, Map, Struct, Enum)
- expr.go: Expression builders for conditions and comparisons
- resource.go: Resource operations (Set, SetIf, Spread)
- context.go: KubeVela context references (appName, namespace, etc.)
- test_context.go: Test utilities for definition validation
This enables writing type-safe Go definitions that compile to CUE.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add collection operations and helper builders
Add fluent API for array/collection transformations:
- CollectionOp with Filter, Map, Pick, Wrap, Dedupe operations
- From() and Each() entry points for collection pipelines
- FieldRef, FieldEquals, FieldMap for field-level operations
- MultiSource for complex multi-array comprehensions
- Add helper builders for template variables
- Add value transformation utilities
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add CUE code generator
Implement CUEGenerator that transforms Go definitions into CUE code
Added helper methods and writers for conversion
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add status and health policy builders
Add fluent builders for customStatus and healthPolicy CUE generation
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add definition type builders
Add fluent builders for all four KubeVela X-Definition types:
- ComponentDefinition
- TraitDefinition
- PolicyDefinition
- WorkflowStepDefinition
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(goloader): add Go module loader for definitions
- Definition interface and registry for runtime discovery
- Discover and parse Go-based definition files
- Compile Go definitions to CUE at runtime
- Module environment for batch processing
- Parallel generation for better performance
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(cli): add vela def commands for Go-based definitions
- init-module: scaffold a new Go definition module
- apply-module: compile and apply definitions to cluster
- list-module: show definitions in a module
- validate-module: validate definitions without applying
- Also support the cue commands for xdefintions for go code
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add testing utilities and matchers
- CUE comparison matchers for Ginkgo/Gomega tests
- Test helpers for definition validation
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add patch container helpers for container mod operations
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(cli): update the go module to 1.23.8 for defkit init-module command
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Refactor: Add grouped help output for vela def command
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add definition placement for cluster-aware deployments
Enable definitions to specify which clusters they should run on based on
cluster identity labels stored in a well-known ConfigMap.
Also derives module version from git tags and improves init-module to
create directories from --name flag.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add RunOn/NotRunOn fluent API for placement constraints
Add placement methods to all definition builders allowing definitions
to specify cluster eligibility using the placement package's fluent API.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Docs(defkit): add commented placement example to module.yaml template
Show users the placement syntax in generated module.yaml without
setting actual values.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add module-level placement support
Add placement constraints at the module level in module.yaml that
apply to all definitions unless overridden at definition level.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add CLI placement enforcement in apply-module
Add placement constraint checking to `vela def apply-module` command.
Definitions are skipped if cluster labels don't match module placement.
- Add --ignore-placement flag to bypass placement checks
- Display placement status during apply with clear skip reasons
- Track placement-skipped count in summary output
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): show all flags in subcommand help output
Fix custom help function to properly display flags for def subcommands
like init-module and apply-module instead of only showing parent flags.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): apply name prefix to definitions in apply-module
The --prefix flag was not being applied to definition names. The prefix
was set in module loader metadata but not used when creating Kubernetes
objects from parsed CUE.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Chore(defkit): align module command help with standard vela pattern
Remove argument placeholders from command Use field to align with
other vela commands (addon, cluster, workflow). Arguments are shown
in examples and individual --help output instead of the listing.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(goloader): use json.Unmarshal for go mod download output
The downloadGoModule function parses JSON output from 'go mod download -json'
but was incorrectly using yaml.Unmarshal with json struct tags. The yaml.v3
library ignores json tags, resulting in empty field values.
This would cause remote Go module loading (e.g., github.com/foo/bar@v1.0.0)
to fail with "go mod download did not return a directory" because result.Dir
would be empty.
Fix: Use json.Unmarshal instead since the data is JSON from the Go toolchain.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(goloader): use semver for MinVelaVersion comparison
String comparison of version numbers is incorrect for cases like
"v1.10.0" > "v1.9.0" which returns false due to lexicographic ordering.
Use the Masterminds/semver library (already a dependency) for proper
semantic version comparison in ValidateModule().
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(placement): validate operator in module placement conditions
Add validation to catch invalid placement operators at module load time
instead of silently failing at runtime evaluation.
- Add Operator.IsValid() method to check for valid operators
- Add ValidOperators() helper function
- Add validatePlacementConditions() in ValidateModule()
- Provides clear error message with valid operator list
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(cli): validate conflict strategy in apply-module
Invalid --conflict values like "invalid" were silently accepted and
would fall through the switch statement, behaving like "overwrite".
Add ConflictStrategy.IsValid() method and validation at flag parsing
to provide clear error message for invalid values.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(placement): support definition-level placement constraints
Previously only module-level placement was enforced. Now individual
definitions can specify their own placement constraints that override
module defaults.
Changes:
- Add Placement field to DefinitionInfo and DefinitionPlacement types
- Add GetPlacement/HasPlacement to Definition interface
- Update registry ToJSON to include placement in output
- Update goloader to capture definition placement from registry
- Update CLI apply-module to use GetEffectivePlacement() for combining
module-level and definition-level placement
- Add comprehensive tests for definition placement
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Chore(defkit): remove dead PatchTemplate code
PatchTemplate, PatchOp, SetPatchOp, and SetIfPatchOp were defined but
never used anywhere in the codebase. The PatchResource type already
provides the same functionality and is the one actually being used
through Template.Patch().
Removed:
- PatchTemplate struct and its methods (ToCue, SetIf, Set)
- PatchOp interface
- SetPatchOp struct and its ToCue method
- SetIfPatchOp struct and its ToCue method
- NewPatchTemplate constructor
This cleanup reduces maintenance burden without affecting any
functionality.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(cli): pass actual VelaVersion to validate-module command
The help text for `vela def validate-module` promised to check
minVelaVersion requirements but ValidateModule() was called with
an empty string, causing the check to be silently skipped.
Now passes velaversion.VelaVersion so modules specifying a minimum
KubeVela version will be properly validated against the current CLI
version.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): implement WithDetails() and FromTyped() APIs
WithDetails():
- Adds WithDetails(message, details...) method to StatusBuilder
- Allows adding structured key-value details alongside status messages
- Uses existing StatusDetail and statusWithDetailsExpr infrastructure
- Example: s.WithDetails(s.Format("Ready: %v", ...), s.Detail("endpoint", ...))
FromTyped():
- Converts typed Kubernetes objects (runtime.Object) to Resource
- Provides compile-time type safety for building resources
- Requires TypeMeta to be set on the object
- Includes MustFromTyped() variant that panics on error
- Example: defkit.FromTyped(&appsv1.Deployment{...})
Both APIs were documented in the KEP but not implemented.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Style(defkit): apply gofmt formatting
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): fix remote module download with @latest version
When downloading a Go module without an explicit version, always append
@latest to ensure go mod download fetches from the remote repository
instead of skipping the download.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): support running def commands from any directory
Previously, module commands like `vela def list-module` only worked
when run from within the kubevela repository. Now they work from any
directory by honoring replace directives in the source module's go.mod.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): generate doc.go files in init-module
Create doc.go files with package documentation in each definition
directory (components, traits, policies, workflowsteps). This ensures
go mod tidy works correctly by making each directory a valid Go package,
and provides helpful examples for users creating new definitions.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): deduplicate definitions from overlapping directory scans
The module loader scans both conventional directories (components/,
traits/, etc.) and the root directory. Since DiscoverDefinitions uses
recursive filepath.Walk, files in subdirectories were found twice.
Added file tracking to skip already-processed files.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(defkit): validate placement constraints and fix GOWORK interference
Add validation for conflicting placement constraints at registration time.
Definitions with logically impossible placement (e.g., same condition in
both RunOn and NotRunOn) now fail fast with a clear error message.
Also fix placement loading when parent directories contain go.work files
by setting GOWORK=off when running the registry generator.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add parameter schema constraints and runtime condition methods
Extend the parameter fluent API with comprehensive validation and
conditional logic support:
- Schema constraints for input validation (Min/Max, Pattern, MinLen/MaxLen, MinItems/MaxItems)
- Runtime conditions for template logic (In, Contains, Matches, StartsWith/EndsWith, Len*, IsEmpty/IsNotEmpty, HasKey, IsFalse)
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(defkit): add waitFor support with CUE expressions for module hooks
Add the ability to specify custom readiness conditions for module hooks
using the new `waitFor` field. This allows users to define precise
conditions for when resources should be considered ready.
The waitFor field supports two formats:
- Simple condition name (e.g., "Ready", "Established") - checks
status.conditions for the named condition with status "True"
- CUE expression (e.g., "status.replicas == status.readyReplicas") -
evaluated against the full resource for flexible readiness checks
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Feat(addon): add godef support for Go-based definitions in addons
Add support for a godef/ folder in addons that allows writing definitions
in Go instead of CUE. When an addon is enabled, Go definitions are
automatically compiled to CUE and deployed alongside traditional CUE
definitions.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: lint issues and make reviewable
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: lint and build failure
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: lint and ci errors
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: golangci-lint errors for defkit package
- Use standard library errors (errors.Is/As) instead of pkg/errors
- Fix ineffassign issues by scoping variables correctly
- Add nolint comments for intentional nilerr, makezero patterns
- Combine chained appends in addon init.go
- Add gosec nolint for CLI file operations and permissions
- Increase gocyclo threshold to 35, nolint complex CLI commands
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: kubectl installation with retry and fallback version in github actions
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix(ci): hardcode kubectl version to avoid flaky CDN endpoint
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Chore: improve test coverage for codecov
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Chore: add more tests for codecov and CI to pass
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: ci failure on style
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: OperatorNotEquals to fail closed with empty values
Change NotEquals operator to return false when Values slice is empty,
matching the fail-closed behavior of Equals operator. This prevents
silent widening of placement eligibility when a malformed constraint
is created.
Following Kubernetes label selector semantics where In/NotIn operators
require non-empty values, we apply a fail-closed approach for safety
in placement decisions.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: OpenArrayParam field shadowing and remove redundant GetName()
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: path traversal vulnerability in Go definition scaffolding
Validate Go definition names before using them in file paths to prevent
creation of files outside the addon directory. Unsanitized names could
contain path traversal segments (e.g., "../../../etc/passwd") allowing
arbitrary file writes.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: unescaped string interpolation in health_expr CUE generation
Use %q format verb in formatValue() to properly escape quotes and
special characters when generating CUE strings. Update fieldContainsExpr
to use formatValue() instead of raw string interpolation.
This prevents invalid CUE when substring values contain quotes or
backslashes.
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: Guard against typed nil in Gomega matchers to prevent panic
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: Guard against malformed bracket path in parseBracketAccess
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: incomplete AppRevision test to actually verify resolution
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Fix: apply fail-closed behavior to NotIn with empty values
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
* Doc: Added note about RawCUE and some alignment style
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
---------
Signed-off-by: Anoop Gopalakrishnan <anoop2811@aol.in>
Webhook Upgrade Validation / webhook-upgrade-check (push) Failing after 2m0s
- Added GetCUExParameterValue()
function that uses cuex.DefaultCompiler instead
of standard CUE compiler
- Added GetParametersWithCuex() function with cuex support
- Updated GetBaseResourceKinds() to use cuex compiler
- Updated all callers to use cuex-aware functions
Fixes#7012
Signed-off-by: GoGstickGo <janilution@gmail.com>
* Feat(KEP): Nested Definition Rendering (Compositions)
Signed-off-by: Brian Kane <briankane1@gmail.com>
* Feat(KEP) #6990 - Nested Definition Rendering (Compositions) - Minor Updates
Signed-off-by: Brian Kane <briankane1@gmail.com>
---------
Signed-off-by: Brian Kane <briankane1@gmail.com>
* refactor: pre-start hook implementation
- Introduced a new `hook.go` file defining the `PreStartHook` interface for pre-start validation hooks.
- Removed the old `pre_start_hook.go` file which contained the `SystemCRDValidationHook` implementation.
- Updated the server initialization code to use the new hook structure, specifically integrating the `crdvalidation` package for pre-start validation.
- Enhanced logging for pre-start hook execution to improve clarity on hook names and execution results.
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: move color writer implementation to logging package and update usage in server setup
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: rename Hook to CRDValidation for clarity and consistency
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: reorder import statements for consistency
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: replace hardcoded namespace with variable in cleanup function
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: rename CRDValidation type to Hook for consistency
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: enhance CRD validation hook with custom client support and improved error handling
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: extend timeout for CRD validation hook and improve error handling for slow API servers
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: remove redundant comments from PreStartHook definition
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
---------
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Feat: Add integration test setup and cleanup scripts, enhance server testing capabilities
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Refactor: Rename variables for clarity and consistency in core command handling
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* refactor: Remove redundant server test targets and enhance logging in core command execution
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Refactor server tests and enhance E2E testing setup
- Updated server_test.go to improve test organization and clarity, including the addition of BeforeSuite and AfterSuite for environment setup and teardown.
- Enhanced the waitWebhookSecretVolume tests to cover various scenarios including empty directories and files.
- Added new tests for syncConfigurations and logging setup functions to ensure proper configuration handling.
- Introduced a new E2E test for the main function in main_e2e_test.go to validate the core functionality of the application.
- Improved the e2e.mk file to set up a k3d cluster for running main_e2e_test with embedded test binaries and added cleanup steps.
- Removed the setup-integration-tests.sh script as its functionality is now integrated into the Makefile.
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Refactor: improve multicluster test timeouts
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
---------
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat(addon): Store addon registry tokens in Secrets
Previously, addon registry tokens were stored in plaintext within the 'vela-addon-registry' ConfigMap. This is not a secure practice for sensitive data.
This commit refactors the addon registry functionality to store tokens in Kubernetes Secrets. The ConfigMap now only contains a reference to the secret name, while the token itself is stored securely.
This change includes:
- Creating/updating secrets when a registry is added/updated.
- Loading tokens from secrets when a registry is listed/retrieved.
- Deleting secrets when a registry is deleted.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(addon): Add tests for registry token secret storage
This commit introduces a comprehensive test suite for the addon registry feature.
It includes:
- Isolated unit tests for each CRUD operation (Add, Update, List, Get, Delete) to ensure each function works correctly in isolation.
- A stateful integration test to validate the complete lifecycle of an addon registry from creation to deletion.
The tests verify that tokens are handled correctly via Kubernetes Secrets, confirming the implementation of the secure token storage feature.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(addon): improve addon registry robustness and fix bugs
This commit introduces several improvements to the addon registry to make it more robust and fixes several bugs.
- When updating a secret, the existing secret is now fetched and updated to avoid potential conflicts.
- Deleting a non-existent registry now returns no error, making the operation idempotent.
- Getting a non-existent registry now returns a structured not-found error.
- Loading a token from a non-existent secret is now handled gracefully.
- When setting a token directly on a git-based addon source, the token secret reference is now cleared.
- The token secret reference is now correctly copied in `SafeCopy`.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* Refactor(addon): Fix secret deletion and improve registry logic
This commit refactors the addon registry data store to fix a critical bug where deleting an addon registry would not delete its associated token secret.
The root cause was that the `GetRegistry` function, which was used by `DeleteRegistry`, would load the token from the secret and then clear the `TokenSecretRef` field on the in-memory object. This meant that when `DeleteRegistry` tried to find the secret to delete, the reference was already gone.
This has been fixed by:
1. Introducing a central `getRegistries` helper function to read the raw registry data from the ConfigMap.
2. Refactoring all data store methods (`List`, `Get`, `Add`, `Update`, `Delete`) to use this central helper, removing duplicate code.
3. Ensuring `DeleteRegistry` uses the raw, unmodified registry data so that the `TokenSecretRef` is always available for deletion.
Additionally, comprehensive unit tests for the new helper functions (`getRegistries`, `loadTokenFromSecret`, `createOrUpdateTokenSecret`) have been added to verify the fix and improve overall code quality and stability.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(addon): improve addon registry token security and logging
This commit enhances the security and observability of addon registry token handling.
- Adds a warning message to users when an insecure inline token is detected in an addon registry configuration, prompting them to migrate to a more secure secret-based storage.
- Implements info-level logging to create an audit trail for token migrations, providing administrators with visibility into security-related events.
- Refactors the token migration logic into a new `migrateInlineTokenToSecret` function, improving code clarity and maintainability.
- Introduces unit tests for the `TokenSource` interface methods and the `GetTokenSource` function to ensure correctness and prevent regressions.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* Chore: remove comments to triger ci
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* fix(addon): show correct owner in definition conflict error
When enabling an addon, if a definition conflicted with one from another existing addon, the error message would misleadingly cite the addon being installed as the owner, rather than the actual owner of the definition. This made it difficult for users to diagnose the conflict.
This commit corrects the error message generation in `checkConflictDefs` to use the name of the actual owner application. A comprehensive unit test for this function has also been added to verify the corrected behavior and prevent regressions.
Fixes#6898
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* fix(addon): show correct owner name in conflict message
When a definition conflict occurs, the error message attempts to show the addon that owns the existing definition.
However, if the owner is not a KubeVela addon application (i.e., its name doesn't have the 'addon-' prefix), the `AppName2Addon` function returns an empty string. This resulted in a confusing conflict message with a blank owner name, like "already exist in \n".
This patch fixes the issue by checking if the result of `AppName2Addon` is empty. If it is, it falls back to using the full application name of the owner,
ensuring the conflict message is always clear and actionable.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* chore(addon): update comment for addon name
- Add this comment to trigger ci
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* fix(addon): improve conflict message for addon definitions
adjust comment placement and logic to ensure correct addon name display in conflict messages
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(appfile): Enhance unit test coverage and migrate to standard Go testing
This commit significantly enhances the unit test coverage for the `references/appfile` package by introducing a comprehensive suite of new test cases and migrating existing tests to the standard Go `testing` framework with `testify/assert`.
Key additions and improvements include:
- **New Test Cases for `references/appfile/api/appfile.go`**: Added tests for `NewAppFile`, `JSONToYaml`, and `LoadFromBytes` to ensure correct application file initialization, parsing, and loading.
- **New Test Cases for `references/appfile/api/service.go`**: Introduced tests for `GetUserConfigName`, `GetApplicationConfig`, and `ToStringSlice` to validate service configuration extraction and type conversions.
- **Expanded Test Coverage for `references/appfile/app.go`**: Added new tests for `NewApplication`, `Validate`, `GetComponents`, `GetServiceConfig`, `GetApplicationSettings`, `GetWorkload`, and `GetTraits`, ensuring the robustness of application-level operations.
- **Dedicated Test Files for `modify.go` and `run.go`**: Created `modify_test.go` and `run_test.go` to provide specific unit tests for `SetWorkload`, `CreateOrUpdateApplication`, `CreateOrUpdateObjects`, and `Run` functions.
- **Test Framework Migration**: Refactored `addon_suit_test.go` to `main_test.go` and `addon_test.go` to use standard Go `testing` and `testify/assert`, improving consistency and maintainability.
These changes collectively improve the robustness, reliability, and maintainability of the `appfile` package by providing a more comprehensive and standardized testing approach.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* chore(references/appfile): improve test suite robustness and style
This commit introduces two improvements to the test suite in the `references/appfile` package.
First, the `TestMain` function in `main_test.go` is refactored to ensure the `envtest` control-plane is always stopped, even if test setup fails. This is achieved by creating a single exit path that handles cleanup, preventing resource leaks.
Second, a minor linting issue (S1005) in `modify_test.go` is fixed by removing an unnecessary assignment to the blank identifier.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* Chore: remove comment to trigger ci
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(cli): enhance unit test coverage for theme and color config
This commit introduces a comprehensive suite of unit tests for the theme and color configuration functions in `references/cli/top/config`.
Key changes include:
- Refactored existing tests in `color_test.go` to use table-driven sub-tests for improved clarity and maintainability.
- Added new test functions to validate color parsing, hex color detection, and default theme creation.
- Implemented tests for theme file lifecycle management, including creation and loading logic.
These additions significantly increase the test coverage and ensure the robustness and correctness of the CLI's theme and color functionality.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(cli): refactor and enhance tests for top view models and utils
This commit improves the unit test suite for the CLI's top view functionality by refactoring existing tests and adding new ones to increase coverage.
Key changes include:
- In `application_test.go`, `TestApplicationList_ToTableBody` is refactored to be a table-driven test, and new tests are added for `serviceNum`, `workflowMode`, and `workflowStepNum` helpers.
- In `time_test.go`, `TestTimeFormat` is refactored into a table-driven test for better structure and readability.
These changes align the tests with best practices and improve the overall robustness of the CLI top view's data presentation logic.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(cuegen): enhance unit test coverage for CUE generation packages
This commit introduces a comprehensive suite of unit tests and refactors existing tests for the CUE generation packages located in `references/cuegen`.
Key changes include:
- Refactored existing tests in `generator_test.go` and `provider_test.go` to use table-driven sub-tests, improving clarity, maintainability, and coverage of error conditions.
- Added new test functions to `convert_test.go` to validate helper functions for comment generation, type support, and enum field handling.
- Added new tests in `provider_test.go` to cover provider extraction, declaration modification, and panic recovery logic.
These changes significantly increase the test coverage for the `cuegen` libraries, ensuring the correctness and robustness of the CUE code generation functionality.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(docgen): add comprehensive unit tests for doc generation
This commit introduces a comprehensive suite of unit tests for the documentation generation package located in `references/docgen`.
Key changes include:
- Added new test files (`console_test.go`, `convert_test.go`, `openapi_test.go`) to cover the core functions for parsing and generating documentation for CUE, Terraform, and OpenAPI schemas.
- Refactored and enhanced `i18n_test.go` to use sub-tests, resolve race conditions, and improve coverage for fallback logic and error handling.
- Ensured all new and existing tests follow best practices, using table-driven tests for clarity and maintainability.
This effort significantly increases the test coverage for the `docgen` package, improving the reliability and robustness of the documentation generation features.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test: improve test reliability and conventions
This commit introduces several improvements to the test suite to enhance reliability and adhere to best practices.
- **Fix flaky test in `docgen/openapi_test.go`**:
The test for `GenerateConsoleDocument` was flaky because it performed an exact string match on table output generated from a map. Since map iteration order is not guaranteed, this could cause spurious failures. The test is now order-insensitive, comparing sorted sets of lines instead.
- **Improve assertions in `docgen/console_test.go`**:
- Removes an unnecessary `test.EquateErrors()` option, which is not needed for simple string comparisons.
- Corrects the `cmp.Diff` argument order to the standard `(want, got)` convention for clearer failure messages.
- Fixes a typo in an error message.
- **Standardize assertions in `cli/top/config/color_test.go`**:
Swaps `assert.Equal` arguments to the standard `(expected, actual)` convention.
- **Clean up `cuegen/generators/provider/provider_test.go`**:
Removes a redundant error check.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(monitor): Add unit tests for application metrics watcher
This commit introduces a new test file with comprehensive unit tests for the application metrics watcher functionality in pkg/monitor/watcher.
Key additions include:
- Test cases for the application metrics watcher's inc() method covering add, delete, and update operations
- Test cases for report() method that verifies dirty flags are cleared
- Test cases for helper functions getPhase() and getApp()
These additions improve the overall test coverage and ensure the correctness of the application metrics monitoring functionality.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(velaql): Add comprehensive unit tests for ParseVelaQLFromPath
This commit introduces new unit tests for the ParseVelaQLFromPath function in pkg/velaql, along with test data files to improve test coverage and ensure correctness.
Key additions include:
- `pkg/velaql/parse_test.go`: Adds TestParseVelaQLFromPath function with comprehensive test cases covering:
* Valid CUE files with and without export fields
* Nonexistent and empty file paths
* Invalid CUE content
* Files with invalid export types
- Test data files in pkg/velaql/testdata/:
* simple-valid.cue: Valid CUE file with export field
* simple-no-export.cue: Valid CUE file without export field
* empty.cue: Empty CUE file
* invalid-cue-content.cue: CUE file with invalid syntax
* invalid-export.cue: CUE file with invalid export type
These additions improve the overall test coverage and ensure the robustness of the VELAQL parsing functionality.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(webhook): Add unit tests for ValidateDefinitionRevision function
This commit introduces new unit tests for the ValidateDefinitionRevision function in pkg/webhook/utils to improve test coverage and ensure correctness of definition revision validation.
Key additions include:
- `pkg/webhook/utils/utils_test.go`: Adds TestValidateDefinitionRevision function with comprehensive test cases covering:
* Success scenarios with matching definition revisions
* Success scenarios when definition revision does not exist
* Failure scenarios with revision hash mismatches
* Failure scenarios with spec mismatches
* Failure scenarios with invalid definition revision names
These additions improve the overall test coverage and ensure the robustness of the webhook utility functions for validating definition revisions.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(workflow): Add unit tests for OAM apply and query utilities
This commit introduces new unit tests for workflow provider functions in pkg/workflow/providers to improve test coverage and ensure correctness.
Key additions include:
- `pkg/workflow/providers/oam/apply_test.go`: Adds TestRenderComponent function with comprehensive test cases for component rendering
- `pkg/workflow/providers/query/utils_test.go`: Adds:
* TestBuildResourceArray function with comprehensive test cases covering simple, nested, and complex resource tree scenarios
* TestBuildResourceItem function with test cases for resources with and without annotations
These additions improve the overall test coverage and ensure the robustness of the workflow provider functions for OAM applications.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* fix(velaql): Improve error handling in ParseVelaQLFromPath test
This commit addresses an issue in the TestParseVelaQLFromPath function where file read errors were being silently ignored. The changes include:
- Removing the unused expectedView field from test cases
- Replacing conditional error checking with require.NoError to ensure file read operations are properly validated
- Ensuring that test failures are properly reported when file reading fails
This fix improves the reliability of the test suite by making sure that any file I/O errors are properly caught and reported rather than silently ignored.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat: Apply cross-cutting test improvements
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat: Enhance test coverage with file-specific suggestions
This commit applies file-specific suggestions to enhance the test suite's
coverage and robustness.
Key changes include:
- **`pkg/monitor/watcher/application_test.go`**:
- Added a test case for a multi-step workflow with mixed phases to
validate `stepPhaseCounter` aggregation.
- Added a test for idempotence by calling `inc` twice.
- Added test cases for an empty workflow and an unknown application phase.
- Strengthened the `report` test to assert that counters are not cleared.
- **`pkg/velaql/parse_test.go`**:
- Added a test case for `ParseVelaQLFromPath` to handle files with
leading/trailing whitespace.
- Added a test case to ensure consistent error messages for relative paths.
- **`pkg/webhook/utils/utils_test.go`**:
- Added a test case to `TestValidateCueTemplate` for a malformed CUE
template.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
Webhook Upgrade Validation / webhook-upgrade-check (push) Failing after 25s
- Modified the documentation generation logic to keep .md file extensions, enhancing IDE support and compatibility with Docusaurus.
- Updated various documentation headers to include the correct .md references in auto-generated messages, ensuring consistency across multiple components (component, policy, trait, workflow).
Signed-off-by: jguionnet jguionnet@guidewire.com
Signed-off-by: jguionnet jguionnet@guidewire.com
Signed-off-by: Jerome Guionnet <jguionnet@guidewire.com>
Webhook Upgrade Validation / webhook-upgrade-check (push) Failing after 24s
* Fix: Update ingress messages to handle host retrieval more robustly across multiple templates
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Fix: Enhance output handling in k8s-objects template to check for empty objects
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* Fix: Ensure policy selection from envBindingPolicies only occurs if the list is not empty
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
---------
Signed-off-by: Ayush Kumar <ayushshyamkumar888@gmail.com>
* feat(addon): add comprehensive unit tests for addon readers
This commit enhances the test coverage and code quality for the addon reader implementations in the pkg/addon package.
- Refactors all existing addon reader tests (gitee, github, gitlab, local) to use consistent, modern testing patterns like sub-tests.
- Replaces the old memory_reader_test.go with a completely refactored implementation.
- Adds new unit tests for previously untested functions, including various getters, client constructors, and RelativePath helpers.
- Improves http-based tests (gitlab, github, gitee) to use robust mock handlers that correctly simulate API behavior, including pagination and error states.
These changes improve the overall quality and reliability of the addon system and uncovered two minor bugs during the process.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(addon): add more unit tests for addon helpers
This commit continues to improve the test coverage for the pkg/addon package by adding unit tests for several helper and factory functions.
- Adds a test for WrapErrRateLimit to ensure GitHub API rate limit errors are handled correctly.
- Adds a test for ClassifyItemByPattern to verify addon file classification logic.
- Adds a test for the NewAsyncReader factory function to ensure correct reader instantiation.
- Adds tests for various utility functions in utils.go, including IsRegistryFuncs, InstallOptions, ProduceDefConflictError, and GenerateChartMetadata.
These tests increase the reliability of the addon installation and handling logic.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(addon): add unit tests for versioned addon registry
This commit improves test coverage for the versioned addon registry logic in the pkg/addon package.
- Adds a unit test for resolveAddonListFromIndex to verify the logic for parsing Helm index files.
- Introduces a new table-driven test for the internal loadAddon function, covering success and multiple failure scenarios (e.g., version not found, download failure, corrupt data).
- Adds a new test helper, setupAddonTestServer, to create isolated mock HTTP servers for testing addon loading, improving test reliability and clarity.
These tests ensure the core logic for discovering and fetching versioned addons is robust and functions as expected.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* chore(addon): remove unused gitlab testdata path constant
- remove unused gitlab testdata path constant name `gitlabTestdataPath`
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* refactor(addon): improve unit tests based on review feedback
This commit addresses several code review comments to improve the quality, correctness, and robustness of the unit tests in the pkg/addon package.
- Refactors map key assertions in the memory reader test to use the correct "comma ok" idiom instead of assert.NotNil.
- Updates the GitHub reader test to use a compliant addon mock that includes the required template.cue file.
- Modifies the chart metadata test in utils_test.go to use t.TempDir() for better test isolation and automatic cleanup.
- Switches from assert.NotNil to require.NotNil in the versioned registry test to prevent panics on nil pointers.
These changes make the test suite more robust, reliable, and easier to maintain.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* feat(appfile): Add comprehensive unit tests for appfile package
This commit significantly enhances the test coverage for the `pkg/appfile` package by adding a comprehensive suite of new unit tests. These tests improve the reliability of core application parsing, generation, and validation logic.
Key additions include:
- **Parsing:** New tests for policy parsing, legacy application revision handling, and dynamic component loading.
- **Manifest Generation:** Added coverage for `GenerateComponentManifests` and `GeneratePolicyManifests` to ensure correctness of generated resources.
- **OAM Contracts:** New tests for `SetOAMContract` and `setWorkloadRefToTrait` to verify OAM label and reference injection.
- **Template & Context:** Added tests for loading templates from revisions (`LoadTemplateFromRevision`) and preparing the process context (`PrepareProcessContext`).
- **Validation:** Enhanced validation tests for component parameters and uniqueness of output names.
As part of this effort, the existing tests were also migrated from Ginkgo to the standard `testing` package with `testify/assert` to maintain consistency across the codebase.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* refactor(pkg/component): Migrate ref-objects tests to standard Go testing and add new test cases
This commit refactors the unit tests for `pkg/component/ref-objects` from a Ginkgo-based suite to the standard Go `testing` package. Additionally, new unit test cases have been added to further enhance test coverage and ensure the robustness of the `ref-objects` functionality.
Key changes include:
- Deletion of `pkg/component/ref_objects_suite_test.go`.
- Introduction of `pkg/component/main_test.go` to manage test environment setup and teardown using `TestMain`.
- Creation of `pkg/component/ref_objects_test.go` containing all the ref-objects related unit tests, now using standard Go testing functions, along with newly added test cases for improved coverage.
This migration improves consistency with other unit tests in the codebase and leverages the native Go testing framework.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* chore(pkg/component): Reorder imports in ref_objects_test.go
This commit reorders the import statements in `pkg/component/ref_objects_test.go` to adhere to standard Go formatting and import grouping conventions. This change improves code readability and consistency.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
The GetPath method for GitLabItem produced an incorrect path when an addon's base path in the repository was empty. This was caused by an off-by-one error in the string slicing logic that always assumed a base path separator existed, incorrectly truncating the first character of the file path.
This commit corrects the logic by adding a check for an empty base path, ensuring the full path is returned in that case.
Fixes#6899
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
Webhook Upgrade Validation / webhook-upgrade-check (push) Failing after 26s
* feat(common): Enhance unit test coverage for common utilities
This commit significantly enhances the unit test coverage for the `references/common` package, covering a wide range of utilities related to application management, metrics, registry operations, traits, and workloads. Existing tests have also been refactored to improve readability and maintainability.
Key additions and improvements include:
- **Application Utilities**: New tests for `ExportFromAppFile`, `ApplyApp`, `IsAppfile`, `Info`, `SonLeafResource`, `LoadAppFile`, and `ApplyApplication` in `application_test.go`.
- **Metrics Utilities**: Expanded tests for `ToPercentage`, `GetPodStorage`, and `GetPodOfManagedResource` in `metrics_test.go`, with existing tests refactored to use `testify/assert` and table-driven formats.
- **Registry Operations**: New tests for `InstallComponentDefinition` and `InstallTraitDefinition` in `registry_test.go`.
- **Trait Definitions**: New `trait_test.go` file with tests for `ListRawWorkloadDefinitions`.
- **Workload Initialization**: New `workload_test.go` file with tests for `InitApplication` and `BaseComplete`.
These changes collectively improve the robustness, reliability, and maintainability of the `references/common` package by providing a more comprehensive and standardized testing approach.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* test(common): Improve test assertions and error handling
This commit improves the quality and reliability of unit tests in the `references/common` package by addressing several inconsistencies and potential issues.
Key changes include:
- Asserts the error returned by `v1beta1.AddToScheme` across multiple test files (`application_test.go`, `registry_test.go`, `workload_test.go`) to prevent masking scheme registration failures.
- Replaces `strings.Contains` with the more idiomatic `assert.Contains` in `application_test.go`.
- Adds an assertion to check the error returned by `tmpFile.Close()` in `application_test.go`.
- Uses `assert.EqualError` instead of `assert.Equal` for comparing error messages in `registry_test.go` for more precise error checking.
- Removes an unused `strings` import from `application_test.go`.
These changes lead to more robust, readable, and consistent tests.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* fix(common): Fix flaky test in TestExportFromAppFile
The `TestExportFromAppFile` test was passing locally but failing in CI with a "no matches for kind" error.
This was caused by passing an uninitialized `common.Args` object to the `ExportFromAppFile` function. The function was using the client from this object, which was not the correctly configured fake client.
This commit fixes the issue by explicitly setting the fake client on the `common.Args` object before it is used, making the test hermetic and reliable.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
Webhook Upgrade Validation / webhook-upgrade-check (push) Failing after 23s
* Fix: update Homebrew formula action to latest version
Signed-off-by: Chaitanya Reddy Onteddu <chaitanyareddy0702@gmail.com>
* Fix: update Homebrew formula action reference to correct version
Signed-off-by: Chaitanya Reddy Onteddu <chaitanyareddy0702@gmail.com>
* fix: remove redundant Homebrew bump action
- Fixes: https://github.com/kubevela/kubevela/actions/runs/18149681613/job/51659048948
- The kubevela formula in homebrew/core is already configured for automatic updates via BrewTestBot.
- BrewTestBot runs every ~3 hours after a new release to automatically open version bump PRs.
- The manual bump step (dawidd6/action-homebrew-bump-formula) was redundant and caused workflow failures:
'Error: Whoops, the kubevela formula has its version update pull requests automatically opened by BrewTestBot every ~3 hours!'
- Removed the manual bump action to prevent conflicts and rely solely on BrewTestBot for formula updates https://github.com/Homebrew/homebrew-core/blob/master/Formula/k/kubevela.rb.
Signed-off-by: Chaitanya Reddy Onteddu <chaitanyareddy0702@gmail.com>
---------
Signed-off-by: Chaitanya Reddy Onteddu <chaitanyareddy0702@gmail.com>
* fix(references/appfile): correct namespace existence check in addon
The `generateSecretFromTerraformOutput` function was using an incorrect logic to check for namespace existence. It was trying to create the namespace and if it succeeded, it would return an error.
This commit corrects the logic to use `k8sClient.Get` and checks for a `NotFound` error to accurately determine if the namespace exists.
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
* fix(references/appfile): make terraform output parsing robust
The previous implementation for parsing `terraform output` was fragile and could lead to data corruption or errors. It would incorrectly remove all spaces from values and would fail to parse values that contained an equals sign.
This commit refactors the parsing logic to be more robust:
- It no longer removes spaces from output values, preserving them correctly.
- It correctly parses `key=value` pairs by splitting only on the first equals sign in a line.
- It properly handles quoted string values from Terraform.
The corresponding tests in `addon_test.go` have been updated to align with the refactored function signature and verify the new, robust behavior.
Fixes#6916
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
---------
Signed-off-by: Ashvin Bambhaniya <ashvin.bambhaniya@improwised.com>
# This file is a github code protect rule follow the codeowners https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners#example-of-a-codeowners-file
| `featureGates.enableCueValidation` | enable the strict cue validation for cue required parameter fields | `false` |
| `featureGates.enableApplicationStatusMetrics` | enable application status metrics and structured logging | `false` |
| `featureGates.validateResourcesExist` | enable webhook validation to check if resource types referenced in definition templates exist in the cluster | `false` |
| `featureGates.enableApplicationScopedPolicies` | enable Application-scoped PolicyDefinitions that transform Application CR before rendering (Alpha) | `false` |
| `featureGates.enableGlobalPolicies` | enable automatic discovery and application of global PolicyDefinitions to all Applications (Alpha) | `false` |
| `devLogs` | Enable formatted logging support for development purpose | `false` |
| `logFilePath` | If non-empty, write log files in this path | `""` |
| `logFileMaxSize` | Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. | `1024` |
description:Workflow is the Schema for the workflow API
properties:
apiVersion:
description:'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description:|-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type:string
kind:
description:'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description:|-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type:string
metadata:
type:object
@@ -59,6 +63,7 @@ spec:
inputs:
description:Inputs is the inputs of the step
items:
description:InputItem defines an input variable of WorkflowStep
properties:
from:
type:string
@@ -66,7 +71,6 @@ spec:
type:string
required:
- from
- parameterKey
type:object
type:array
meta:
@@ -75,12 +79,18 @@ spec:
alias:
type:string
type:object
mode:
description:Mode is only valid for sub steps, it defines the mode
of the sub steps
nullable:true
type:string
name:
description:Name is the unique name of the workflow step.
type:string
outputs:
description:Outputs is the outputs of the step
items:
description:OutputItem defines an output variable of WorkflowStep
properties:
name:
type:string
@@ -110,6 +120,7 @@ spec:
inputs:
description:Inputs is the inputs of the step
items:
description:InputItem defines an input variable of WorkflowStep
properties:
from:
type:string
@@ -117,7 +128,6 @@ spec:
type:string
required:
- from
- parameterKey
type:object
type:array
meta:
@@ -132,6 +142,7 @@ spec:
outputs:
description:Outputs is the outputs of the step
items:
description:OutputItem defines an output variable of WorkflowStep
properties:
name:
type:string
@@ -153,7 +164,6 @@ spec:
description:Type is the type of the workflow step.
type:string
required:
- name
- type
type:object
type:array
@@ -164,7 +174,6 @@ spec:
description:Type is the type of the workflow step.
if status != _|_ if status.loadBalancer != _|_ if status.loadBalancer.ingress != _|_ if len(status.loadBalancer.ingress) > 0 if status.loadBalancer.ingress[0].ip != _|_ {
##@param featureGates.enableCueValidation enable the strict cue validation for cue required parameter fields
##@param featureGates.enableApplicationStatusMetrics enable application status metrics and structured logging
##@param featureGates.validateResourcesExist enable webhook validation to check if resource types referenced in definition templates exist in the cluster
##@param featureGates.enableApplicationScopedPolicies enable Application-scoped PolicyDefinitions that transform Application CR before rendering (Alpha)
##@param featureGates.enableGlobalPolicies enable automatic discovery and application of global PolicyDefinitions to all Applications (Alpha)
##@param
featureGates:
gzipResourceTracker:false
@@ -144,6 +146,8 @@ featureGates:
enableCueValidation:false
enableApplicationStatusMetrics:false
validateResourcesExist:false
enableApplicationScopedPolicies:false
enableGlobalPolicies:false
## @section MultiCluster parameters
@@ -267,6 +271,9 @@ logFilePath: ""
## @param logFileMaxSize Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited.
logFileMaxSize:1024
## @param admissionWebhookTimeout Timeout seconds for admission webhooks
"application-revision-limit is the maximum number of application useless revisions that will be maintained, if the useless revisions exceed this number, older ones will be GCed first.The default value is 10.")
"definition-revision-limit is the maximum number of component/trait definition useless revisions that will be maintained, if the useless revisions exceed this number, older ones will be GCed first.The default value is 20.")
"If true, trait/component/workflowstep definition controller will not process the definition without 'definition.oam.dev/controller-version-require' annotation")
"Enable loading third-party CUE packages into the default CUE compiler. When enabled, external CUE packages can be imported and used in CUE templates.")
"Enable watching for changes in external CUE packages and automatically reload them when modified. Requires enable-external-package-for-default-compiler to be enabled.")
}
// SyncToCUEGlobals syncs the parsed configuration values to CUE package global variables.
// This should be called after flag parsing to ensure the CUE compiler uses the configured values.
//
// NOTE: This method exists for backward compatibility with legacy code that depends on global
// variables in the cuex package. Ideally, the CUE compiler configuration should be injected
// rather than relying on globals.
//
// The flow is: CLI flags -> CUEConfig struct fields -> cuex globals (via this method)
"the qps for reconcile clients. Low qps may lead to low throughput. High qps may give stress to api-server. Raise this value if concurrent-reconciles is set to be high.")
fs.IntVar(&c.Burst,"kube-api-burst",c.Burst,
"the burst for reconcile clients. Recommend setting it qps*2.")
"Enable cluster-metrics-management to collect metrics from clusters with cluster-gateway, disabled by default. When this param is enabled, enable-cluster-gateway should be enabled")
// Delegates to the external package's flag registration.
func(c*ShardingConfig)AddFlags(fs*pflag.FlagSet){
sharding.AddFlags(fs)
}
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
