jessesuen
commented
3 years ago This is a bug, we are using the wrong globber to match on resources.
Open NissesSenap opened 3 years ago
jessesuen
commented
3 years ago This is a bug, we are using the wrong globber to match on resources.
chetan-rns
commented
3 years ago There's already globMatch() function in the same file. Happy to raise a PR with a test
jessesuen
commented
3 years ago @chetan-rns - @alexmt actually thinks this feature should be working for the example in the description:
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: my-project
namespace: argocd
spec:
namespaceResourceWhitelist:
- group: '*.tekton.dev'
kind: '*'Have we verified something else (aside from the glob function) is preventing this from working?
chetan-rns
commented
3 years ago @jessesuen @alexmt I think the issue is because of the order of arguments passed to filepath.Match. It expects (pattern, name) and the existing function has (name, pattern). My unit test with wildcard failed when I used the existing function
rbreeze
commented
3 years ago @chetan-rns Are you still working on this?
chetan-rns
commented
3 years ago Yeah @rbreeze. I've raised a PR and should fix some e2e tests
jannfis
commented
3 years ago Hey, I think the discussion here might have missed an important point.
As far as I understood, the request is about matching a top-level group like tekton.dev against a pattern comprising more specific groups, such as *.tekton.dev (notice the . after the wildcard). So this would basically imply some more logic in the pattern matching function to match the pattern *.tekton.dev against foo.tekton.dev, bar.tekton.dev and also tekton.dev.
Is that the proposed correct behavior, @NissesSenap ?
jannfis
commented
3 years ago Fixing this issue should not change current behavior (i.e. *.tekton.dev should not match tekton.dev by default). I think we might want to write a custom matcher that will match **.tekton.dev against foo.tekton.dev as well as against tekton.dev (similar to some new file glob matchers that match **/* against all files in all sub directories, while */* only covers first level sub directories)
NissesSenap
commented
3 years ago Yes that is correct @jannfis
patpicos
commented
1 month ago Is this still outstanding? I think a common approach to handling wildcards in AppProject fields is needed. Looks like Cluster level whitelist/blacklist is supported, but not namespace. Are '*' supported, what about '**'?
I keep having to look at Issues/Pull Requests to find out what is supported vs. looking at documentation
Summary
Enable wildcard for *ResourceWhitelist/Blacklist
Motivation
Today I let my different application teams sync on specific AppProjects where i define namespaceResourceWhitelist & Blacklist.
But it's kind of a pain to manage. For example I use tekton in my cluster and as you can see bellow it have a few crd:s and thus a rather big number of groups.
I would have to do something like:
Proposal
Enable wildcards on groups. So i can do something like:
*Notice in-front of .tekton.dev**
I know this will potentially issues since we are not being as specific but I think the bad parts/risks will be outweighs by the administrative work being saved.