Open NissesSenap opened 3 years ago
This is a bug, we are using the wrong globber to match on resources.
There's already globMatch()
function in the same file. Happy to raise a PR with a test
@chetan-rns - @alexmt actually thinks this feature should be working for the example in the description:
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: my-project
namespace: argocd
spec:
namespaceResourceWhitelist:
- group: '*.tekton.dev'
kind: '*'
Have we verified something else (aside from the glob function) is preventing this from working?
@jessesuen @alexmt I think the issue is because of the order of arguments passed to filepath.Match
. It expects (pattern, name)
and the existing function has (name, pattern)
. My unit test with wildcard failed when I used the existing function
@chetan-rns Are you still working on this?
Yeah @rbreeze. I've raised a PR and should fix some e2e tests
Hey, I think the discussion here might have missed an important point.
As far as I understood, the request is about matching a top-level group like tekton.dev
against a pattern comprising more specific groups, such as *.tekton.dev
(notice the .
after the wildcard). So this would basically imply some more logic in the pattern matching function to match the pattern *.tekton.dev
against foo.tekton.dev
, bar.tekton.dev
and also tekton.dev
.
Is that the proposed correct behavior, @NissesSenap ?
Fixing this issue should not change current behavior (i.e. *.tekton.dev
should not match tekton.dev
by default). I think we might want to write a custom matcher that will match **.tekton.dev
against foo.tekton.dev
as well as against tekton.dev
(similar to some new file glob matchers that match **/*
against all files in all sub directories, while */*
only covers first level sub directories)
Yes that is correct @jannfis
Is this still outstanding? I think a common approach to handling wildcards in AppProject fields is needed. Looks like Cluster level whitelist/blacklist is supported, but not namespace. Are '*' supported, what about '**'?
I keep having to look at Issues/Pull Requests to find out what is supported vs. looking at documentation
Summary
Enable wildcard for *ResourceWhitelist/Blacklist
Motivation
Today I let my different application teams sync on specific AppProjects where i define namespaceResourceWhitelist & Blacklist.
But it's kind of a pain to manage. For example I use tekton in my cluster and as you can see bellow it have a few crd:s and thus a rather big number of groups.
I would have to do something like:
Proposal
Enable wildcards on groups. So i can do something like:
*Notice in-front of .tekton.dev**
I know this will potentially issues since we are not being as specific but I think the bad parts/risks will be outweighs by the administrative work being saved.