This is an automated email from the ASF dual-hosted git repository.
pcongiusti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 776ef4f5a7e649b6968ed66b904aa776f62b86c5
Author: Pasquale Congiusti <pasquale.congiu...@gmail.com>
AuthorDate: Sat Nov 23 10:13:06 2024 +0100
feat(builder): dependencies privileges
We need to have the dependencies as publicly readable and executable in
order to let any container user to run the application properly. So far we
could only have root when using Jib publishing strategy.
Ref #5462
---
docs/modules/ROOT/pages/installation/installation.adoc | 3 ++-
pkg/builder/image.go | 2 +-
pkg/builder/jib.go | 1 +
pkg/builder/jib_test.go | 4 ++--
pkg/controller/integrationplatform/kamelets.go | 6 ++++--
pkg/controller/integrationplatform/kamelets_test.go | 3 ++-
pkg/trait/deployer.go | 4 ++--
pkg/util/jib/configuration.go | 2 +-
pkg/util/util.go | 5 ++---
script/Makefile | 12 ++++--------
10 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/docs/modules/ROOT/pages/installation/installation.adoc
b/docs/modules/ROOT/pages/installation/installation.adoc
index 2fe46b8f0..d54bdef8a 100644
--- a/docs/modules/ROOT/pages/installation/installation.adoc
+++ b/docs/modules/ROOT/pages/installation/installation.adoc
@@ -14,10 +14,11 @@ The first step is to install and run the Camel K operator.
You can do it via any
https://kustomize.io[Kustomize] provides a declarative approach to the
configuration customization of a Camel-K installation. Kustomize works either
with a standalone executable or as a built-in to `kubectl`. The
https://github.com/apache/camel-k/tree/main/install[/install] directory
provides a series of base and overlays configuration that you can use. You can
create your own overlays or customize the one available in the repository to
accommodate your need.
```
+$ kubectl create ns camel-k
$ kubectl apply -k
github.com/apache/camel-k/install/overlays/kubernetes/descoped?ref=v2.4.0
--server-side
```
-You can specify as `ref` parameter the version you're willing to install (ie,
`v2.4.0`). The command above will install a descoped (global) operator in the
camel-k namespace.
+You can specify as `ref` parameter the version you're willing to install (ie,
`v2.4.0`). The command above will install a descoped (global) operator in the
camel-k namespace. This is the suggested configuration in order to manage
Integrations in all namespaces.
[[helm]]
=== Installation via Helm Hub
diff --git a/pkg/builder/image.go b/pkg/builder/image.go
index deaf0eaf3..addc859fd 100644
--- a/pkg/builder/image.go
+++ b/pkg/builder/image.go
@@ -160,7 +160,7 @@ func imageContext(ctx *builderContext, selector
artifactsSelector) error {
contextDir := filepath.Join(ctx.Path, ContextDir)
- err = os.MkdirAll(contextDir, io.FilePerm700)
+ err = os.MkdirAll(contextDir, io.FilePerm755)
if err != nil {
return err
}
diff --git a/pkg/builder/jib.go b/pkg/builder/jib.go
index bc587785b..97ac20446 100644
--- a/pkg/builder/jib.go
+++ b/pkg/builder/jib.go
@@ -156,6 +156,7 @@ func buildJibMavenArgs(mavenDir, image, baseImage string,
insecureRegistry bool,
mavenArgs = append(mavenArgs, jib.JibMavenToImageParam+image)
mavenArgs = append(mavenArgs, jib.JibMavenFromImageParam+baseImage)
mavenArgs = append(mavenArgs,
jib.JibMavenBaseImageCache+mavenDir+"/jib")
+ mavenArgs = append(mavenArgs, "-Djib.container.user=1000")
if imagePlatforms != nil {
platforms := strings.Join(imagePlatforms, ",")
diff --git a/pkg/builder/jib_test.go b/pkg/builder/jib_test.go
index d2b87a569..3038f7239 100644
--- a/pkg/builder/jib_test.go
+++ b/pkg/builder/jib_test.go
@@ -42,7 +42,7 @@ func TestJibBuildMavenArgs(t *testing.T) {
require.NoError(t, err)
expectedParams := strings.Split(
fmt.Sprintf("jib:build -Djib.disableUpdateChecks=true -x
some-maven-option -P jib -Djib.to.image=my-image "+
- "-Djib.from.image=my-base-image -Djib.baseImageCache=%s
-Djib.allowInsecureRegistries=true", tmpMvnCtxDir+"/jib"),
+ "-Djib.from.image=my-base-image -Djib.baseImageCache=%s
-Djib.container.user=1000 -Djib.allowInsecureRegistries=true",
tmpMvnCtxDir+"/jib"),
" ")
assert.Equal(t, expectedParams, args)
}
@@ -55,7 +55,7 @@ func TestJibBuildMavenArgsWithPlatforms(t *testing.T) {
require.NoError(t, err)
expectedParams := strings.Split(
fmt.Sprintf("jib:build -Djib.disableUpdateChecks=true -x
some-maven-option -P jib -Djib.to.image=my-image "+
- "-Djib.from.image=my-base-image -Djib.baseImageCache=%s
-Djib.from.platforms=amd64,arm64 -Djib.allowInsecureRegistries=true",
+ "-Djib.from.image=my-base-image -Djib.baseImageCache=%s
-Djib.container.user=1000 -Djib.from.platforms=amd64,arm64
-Djib.allowInsecureRegistries=true",
tmpMvnCtxDir+"/jib"),
" ")
assert.Equal(t, expectedParams, args)
diff --git a/pkg/controller/integrationplatform/kamelets.go
b/pkg/controller/integrationplatform/kamelets.go
index 9ff27c956..4713c1a15 100644
--- a/pkg/controller/integrationplatform/kamelets.go
+++ b/pkg/controller/integrationplatform/kamelets.go
@@ -61,7 +61,7 @@ func installKameletCatalog(ctx context.Context, c
client.Client, platform *v1.In
return -1, -1, err
}
// Download Kamelet dependency
- if err := downloadKameletDependency(ctx, version, kameletDir); err !=
nil {
+ if err := downloadKameletDependency(ctx, platform, version,
kameletDir); err != nil {
return -1, -1, err
}
// Extract Kamelets files
@@ -100,11 +100,13 @@ func prepareKameletDirectory() (string, error) {
return kameletDir, nil
}
-func downloadKameletDependency(ctx context.Context, version, kameletsDir
string) error {
+func downloadKameletDependency(ctx context.Context, platform
*v1.IntegrationPlatform, version, kameletsDir string) error {
// TODO: we may want to add the maven settings coming from the platform
// in order to cover any user security setting in place
p := maven.NewProjectWithGAV("org.apache.camel.k.kamelets",
"kamelets-catalog", defaults.Version)
mc := maven.NewContext(kameletsDir)
+ mc.LocalRepository = platform.Status.Build.Maven.LocalRepository
+ mc.AdditionalArguments = platform.Status.Build.Maven.CLIOptions
mc.AddArgument("-q")
mc.AddArgument("dependency:copy")
mc.AddArgument(fmt.Sprintf("-Dartifact=org.apache.camel.kamelets:camel-kamelets:%s:jar",
version))
diff --git a/pkg/controller/integrationplatform/kamelets_test.go
b/pkg/controller/integrationplatform/kamelets_test.go
index fdbb416e0..7bf3efddf 100644
--- a/pkg/controller/integrationplatform/kamelets_test.go
+++ b/pkg/controller/integrationplatform/kamelets_test.go
@@ -112,6 +112,7 @@ func TestPrepareKameletsDirectory(t *testing.T) {
}
func TestDownloadKameletDependencyAndExtract(t *testing.T) {
+ itp := v1.NewIntegrationPlatform("itp-ns", "my-itp")
// use local Maven executable in tests
t.Setenv("MAVEN_WRAPPER", boolean.FalseString)
_, ok := os.LookupEnv("MAVEN_CMD")
@@ -126,7 +127,7 @@ func TestDownloadKameletDependencyAndExtract(t *testing.T) {
assert.NoError(t, err)
camelVersion := c.Runtime.Metadata["camel.version"]
assert.NotEqual(t, "", camelVersion)
- err = downloadKameletDependency(context.TODO(), camelVersion, tmpDir)
+ err = downloadKameletDependency(context.TODO(), &itp, camelVersion,
tmpDir)
assert.NoError(t, err)
downloadedDependency, err := os.Stat(path.Join(tmpDir,
fmt.Sprintf("camel-kamelets-%s.jar", camelVersion)))
assert.NoError(t, err)
diff --git a/pkg/trait/deployer.go b/pkg/trait/deployer.go
index f88670ee4..49d24a1dd 100644
--- a/pkg/trait/deployer.go
+++ b/pkg/trait/deployer.go
@@ -52,7 +52,7 @@ func newDeployerTrait() Trait {
func (t *deployerTrait) Configure(e *Environment) (bool, *TraitCondition,
error) {
var condition *TraitCondition
- //nolint: staticcheck
+ //nolint:staticcheck
if !ptr.Deref(t.UseSSA, true) {
condition = NewIntegrationCondition(
"Deployer",
@@ -70,7 +70,7 @@ func (t *deployerTrait) Apply(e *Environment) error {
e.PostActions = append(e.PostActions, func(env *Environment) error {
applier := e.Client.ServerOrClientSideApplier()
for _, resource := range env.Resources.Items() {
- //nolint: staticcheck
+ //nolint:staticcheck
if ptr.Deref(t.UseSSA, true) {
if err := applier.Apply(e.Ctx, resource); err
!= nil {
return err
diff --git a/pkg/util/jib/configuration.go b/pkg/util/jib/configuration.go
index 8a74ce003..38e42ff93 100644
--- a/pkg/util/jib/configuration.go
+++ b/pkg/util/jib/configuration.go
@@ -134,7 +134,7 @@ func JibMavenProfile(jibMavenPluginVersion string,
jibLayerFilterExtensionMavenV
Permissions: []v1.Permission{
{
File: "/deployments/*",
- Mode: "544",
+ Mode: "755",
},
},
},
diff --git a/pkg/util/util.go b/pkg/util/util.go
index 96fdcd815..3a53b21ca 100644
--- a/pkg/util/util.go
+++ b/pkg/util/util.go
@@ -240,8 +240,7 @@ func CopyFile(src, dst string) (int64, error) {
}
if !stat.Mode().IsRegular() {
- err = fmt.Errorf("%s is not a regular file", src)
- return 0, err
+ return 0, fmt.Errorf("%s is not a regular file", src)
}
source, err := Open(src)
@@ -504,7 +503,7 @@ func WriteFileWithContent(filePath string, content []byte)
error {
fileDir := path.Dir(filePath)
// Create dir if not present
- err := os.MkdirAll(fileDir, io2.FilePerm700)
+ err := os.MkdirAll(fileDir, io2.FilePerm755)
if err != nil {
return fmt.Errorf("could not create dir for file "+filePath+":
%w", err)
}
diff --git a/script/Makefile b/script/Makefile
index 7399de483..834cf3601 100644
--- a/script/Makefile
+++ b/script/Makefile
@@ -355,9 +355,13 @@ build-resources:
./script/get_catalog.sh $(DEFAULT_RUNTIME_VERSION)
build-compile-integration-tests:
+ifndef NOTEST
@echo "####### Compiling integration tests..."
export CAMEL_K_E2E_JUST_COMPILE="true"; \
go test -run nope -tags="integration" ./e2e/...
+else
+ @echo "####### Skipping integration tests compilation..."
+endif
clean:
# disable gomodules when executing go clean:
@@ -789,14 +793,6 @@ install-k8s-ns: DEFAULT_NS="default"
install-k8s-ns: KUSTOMIZE_DIR="install/overlays/kubernetes/namespaced"
install-k8s-ns: clone-kustomize-dir set-operator-id set-operator-env
install-operator install-registry
-install-openshift-global: DEFAULT_NS="camel-k"
-install-openshift-global: KUSTOMIZE_DIR="install/overlays/openshift/descoped"
-install-openshift-global: clone-kustomize-dir set-operator-id set-operator-env
install-operator
-
-install-openshift-ns: DEFAULT_NS="default"
-install-openshift-ns: KUSTOMIZE_DIR="install/overlays/openshift/namespaced"
-install-openshift-ns: clone-kustomize-dir set-operator-id set-operator-env
install-operator
-
uninstall:
ifdef NAMESPACE
kubectl delete deploy -l app=camel-k -n $(NAMESPACE)
