Add handling for Kustomize directories

- Add handling for directories with a `kustomization.yaml` file
- Add Kustomize directory example
- Update reference YAML
  - Add note about supporting Kustomize directories
  - Add deprecation tag to patching

Signed-off-by: Dale Haiducek <[email protected]>

Author: dhaiducek

docs/policygenerator-reference.yaml

@@ -122,8 +122,9 @@ policies:
     manifests:
         # Required. Path to a single file or a flat directory of files relative to the
         # kustomization.yaml file. This path cannot be in a directory outside of the directory with
-        # the kustomization.yaml file. Subdirectories within the directory with kustomization.yaml
-        # file are allowed.
+        # the kustomization.yaml file. Subdirectories within the directory of the kustomization.yaml
+        # file are allowed. Kustomization subdirectories are also supported and will not process any
+        # YAML files in the subdirectory if a kustomization.yaml file is found.
         # Supported manifests:
         #   1) Non-root policy type manifests such as IamPolicy, CertificatePolicy, and ConfigurationPolicy
         #      that have a "Policy" suffix. These are not modified except for patches and are directly added 
@@ -137,10 +138,10 @@ policies:
         metadataComplianceType: ""
          # Optional. (See policyDefaults.evaluationInterval for description.)
         evaluationInterval: {}
-        # Optional. A Kustomize patch to apply to the manifest(s) at the path. If there
-        # are multiple manifests, the patch requires the apiVersion, kind, metadata.name,
-        # and metadata.namespace (if applicable) fields to be set so Kustomize
-        # can identify the manifest the patch applies to.
+        # (Note: a path to a directory containing a Kustomize manifest is a supported alternative.) Optional. A
+        # Kustomize patch to apply to the manifest(s) at the path. If there are multiple manifests, the patch requires
+        # the apiVersion, kind, metadata.name, and metadata.namespace (if applicable) fields to be set so Kustomize can
+        # identify the manifest the patch applies to.
         patches:
             # Optional: Only required when there are multiple manifests in the path.
           - apiVersion: ""

examples/input-kustomize/base/kustomization.yaml

@@ -0,0 +1,5 @@
+resources:
+- nginx-pod.yaml
+labels:
+  - pairs:
+      app: myapp

examples/input-kustomize/base/nginx-pod.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: myapp-pod
+spec:
+  containers:
+    - name: nginx
+      image: nginx:1.8.0

examples/input-kustomize/dev/kustomization.yml

@@ -0,0 +1,10 @@
+resources:
+- ../base
+namePrefix: dev-
+namespace: myapp-dev
+labels:
+- pairs:
+    env: dev
+images:
+- name: nginx
+  newTag: latest

examples/input-kustomize/kustomization.yml

@@ -0,0 +1,4 @@
+resources:
+- dev
+- prod
+

examples/input-kustomize/prod/kustomization.yml

@@ -0,0 +1,9 @@
+resources:
+- ../base
+namePrefix: prod-
+labels:
+- pairs:
+    env: prod
+images:
+- name: nginx
+  newTag: latest

examples/kustomization.yml

@@ -1,5 +1,6 @@
 generators:
 - ./policyGenerator.yaml
+- ./policyGenerator-kustomize.yaml
 patchesStrategicMerge:
 - input/patch.yaml
 commonLabels:

examples/policyGenerator-kustomize.yaml

@@ -0,0 +1,15 @@
+apiVersion: policy.open-cluster-management.io/v1
+kind: PolicyGenerator
+metadata:
+  name: policy-generator-kustomize
+policyDefaults:
+  namespace: my-policies
+  # Put each object in its own ConfigurationPolicy in the Policy
+  consolidateManifests: false
+  # Use the name of an existing placement rule
+  placement:
+    placementRuleName: placement-red-hat-cloud
+policies:
+- name: myapp
+  manifests:
+    - path: input-kustomize/

internal/utils.go

@@ -16,13 +16,16 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"open-cluster-management.io/ocm-kustomize-generator-plugins/internal/expanders"
 	"open-cluster-management.io/ocm-kustomize-generator-plugins/internal/types"
+	"sigs.k8s.io/kustomize/api/krusty"
+	"sigs.k8s.io/kustomize/kyaml/filesys"
 )
 
 // getManifests will get all of the manifest files associated with the input policy configuration
 // separated by policyConf.Manifests entries. An error is returned if a manifest path cannot
 // be read.
 func getManifests(policyConf *types.PolicyConfig) ([][]map[string]interface{}, error) {
 	manifests := [][]map[string]interface{}{}
+	hasKustomize := map[string]bool{}
 
 	for _, manifest := range policyConf.Manifests {
 		manifestPaths := []string{}
@@ -34,6 +37,8 @@ func getManifests(policyConf *types.PolicyConfig) ([][]map[string]interface{}, e
 			return nil, readErr
 		}
 
+		resolvedFiles := []string{}
+
 		if manifestPathInfo.IsDir() {
 			files, err := ioutil.ReadDir(manifest.Path)
 			if err != nil {
@@ -45,14 +50,26 @@ func getManifests(policyConf *types.PolicyConfig) ([][]map[string]interface{}, e
 					continue
 				}
 
-				ext := path.Ext(f.Name())
+				filepath := f.Name()
+				ext := path.Ext(filepath)
+
 				if ext != ".yaml" && ext != ".yml" {
 					continue
 				}
+				// Handle when a Kustomization directory is specified
+				_, filename := path.Split(filepath)
+				if filename == "kustomization.yml" || filename == "kustomization.yaml" {
+					hasKustomize[manifest.Path] = true
+					resolvedFiles = []string{manifest.Path}
+
+					break
+				}
 
 				yamlPath := path.Join(manifest.Path, f.Name())
-				manifestPaths = append(manifestPaths, yamlPath)
+				resolvedFiles = append(resolvedFiles, yamlPath)
 			}
+
+			manifestPaths = append(manifestPaths, resolvedFiles...)
 		} else {
 			// Unmarshal the manifest in order to check for metadata patch replacement
 			manifestFile, err := unmarshalManifestFile(manifest.Path)
@@ -85,7 +102,15 @@ func getManifests(policyConf *types.PolicyConfig) ([][]map[string]interface{}, e
 		}
 
 		for _, manifestPath := range manifestPaths {
-			manifestFile, err := unmarshalManifestFile(manifestPath)
+			var manifestFile *[]map[string]interface{}
+			var err error
+
+			if hasKustomize[manifestPath] {
+				manifestFile, err = processKustomizeDir(manifestPath)
+			} else {
+				manifestFile, err = unmarshalManifestFile(manifestPath)
+			}
+
 			if err != nil {
 				return nil, err
 			}
@@ -245,6 +270,28 @@ func setNamespaceSelector(policyConf *types.PolicyConfig, policyTemplate *map[st
 	}
 }
 
+// processKustomizeDir runs a provided directory through Kustomize in order to generate the manifests within it.
+func processKustomizeDir(path string) (*[]map[string]interface{}, error) {
+	k := krusty.MakeKustomizer(krusty.MakeDefaultOptions())
+
+	resourceMap, err := k.Run(filesys.MakeFsOnDisk(), path)
+	if err != nil {
+		return nil, fmt.Errorf("failed to process provided kustomize directory '%s': %w", path, err)
+	}
+
+	manifestsYAML, err := resourceMap.AsYaml()
+	if err != nil {
+		return nil, fmt.Errorf("failed to convert the kustomize manifest(s) to YAML from directory '%s': %w", path, err)
+	}
+
+	manifests, err := unmarshalManifestBytes(manifestsYAML)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read the kustomize manifest(s) from directory '%s': %w", path, err)
+	}
+
+	return manifests, nil
+}
+
 // buildPolicyTemplate generates single policy template by using objectTemplates with manifests.
 // policyNum defines which number the configuration policy is in the policy. If it is greater than
 // one then the configuration policy name will have policyNum appended to it.