v0.3.5

Bug fix 🐛

Fix conversion webhook

The conversion webhook embedded in the chart was calling the wrong Service.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.5

Helm chart:
https://syngit-org.github.io/syngit version 0.3.5

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.5 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> --version 0.3.5 syngit syngit/syngit

v0.3.4

Improvement 🌱

Prevent unauthorized impersonation on RemoteUserBinding

Before, user A was able to turn off the RemoteUserBinding association on a RemoteUser that belongs to user B (syngit.io/associated-remoteuserbinding: "false"). Now, the association webhook prevents this action.

Internal features 🛠️

Refactor cert-injection architecture

The injection scripts are located in /hack. The custom resources related to the custom certificate injection are now located in config/local.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.4

Helm chart:
https://syngit-org.github.io/syngit version 0.3.4

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.4 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> --version 0.3.4 syngit syngit/syngit

v0.3.3

Improvement 🌱

RemoteUserBindings managed by label selector #64

The RemoteUserBinding managed by syngit (with the syngit.io/associated-remote-userbinding: "true" annotation on RemoteUser) were retrieved by name selector (if the name of the RUB starts with associated-rub-). That was a bad way of getting the RemoteUserBindings managed by syngit.

Now, the RemoteUserBindings managed by Syngit have two labels:
"managed-by": "syngit.io" and "syngit.io/k8s-user": "username".

The RemoteUser association webhook selects the corresponding RemoteUserBinding using these label as selectors.

RemoteUser association annotation change #64

syngit.io/associated-remote-userbinding: "true" -> syngit.io/associated-remoteuserbinding: "true"

Better RemoteUserBinding management #65

If an user already created an associated-rub-username RemoteUserBinding, then the one managed by syngit will be called associated-rub-username-1 (and selected with the labels). If the ..-1 already exists, then the one managed by syngit will be ..-2 and so on.

Internal features 🛠️

Automatic dev webhook management #66

The make run command automatically generate development purpose certificates. Therefore, we can test webhook logic by using make run.

Others 👀

Change behavior test command name #65

make test-e2e -> make test-behavior

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.3

Helm chart:
https://syngit-org.github.io/syngit version 0.3.3

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.3 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

v0.3.2

Features ✨

Dynamic webhook lifecycle management

• The dynamic webhook (that handle the RemoteSyncers interception) is now created/deleted on operator's creation/deletion.
• The dynamic webhook is automatically reconciled when manually updating or deleting it. The only way to get rid of it is to uninstall the Syngit operator.

Dynamic webhook server registered with the default server

The dynamic webhook server was running in parallel as the main controller-runtime's webhook server. It was served on the port 9444.
Now, the dynamic webhook server is served by the main controller-runtime's webhook server.

Helm chart startup checker

The chart has been fully reviewed to be cleaner. When installing or upgrading the chart, the process is blocked until the operator is fully deployed:

• the controller has its state set to Ready
• the certificate is Ready

Internal features 🛠️

Clean Makefile

Commands are placed in the right section. Make the commands name simpler.

Bug fixes 🐛

• Fix a memory issue in the webhook interceptor that was calling an empty Log object.

Others 👀

Add new tests

• helm install test
• helm upgrade test

Test coverage

The end-to-end tests are now executed using the coverage option.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.2

Helm chart:
https://syngit-org.github.io/syngit version 0.3.2

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.2 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

v0.3.1

End-users features ✨

RemoteUser RBAC checker

When creating, updating or deleting a RemoteUser, a webhook will take care of checking if the user who has made the operation has the permission to get the referenced secret.

RemoteUserBinding RBAC checker

When creating, updating or deleting a RemoteUserBinding, a webhook will take care of checking if the user who has made the operation has the permission to get the referenced remoteusers.

Internal features 🛠️

Commands refinement

Rename some commands to make them more intuitive to use.

• make dev-deploy -> make deploy-all
• make cleanup-deploy -> make undeploy-all

Add some commands:

• make chart-install
• make chart-upgrade
• make chart-uninstall
• make fast-e2e

See the 💻 Commands documentation for more information.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.1

Helm chart:
https://syngit-org.github.io/syngit version 0.3.1

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.1 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

v0.3.0

End-users features ✨

Add authentication checker for Github & Gitlab

The main goal is to use features that are specific to these platforms (such as PR/MR, forks, etc...). For this version, we implement the v0.1.0 version of each of them. This version implement an authentication check against the Gitlab/Github API.

To use this feature, add github.syngit.io/auth.test= "true" / gitlab.syngit.io/auth.test= "true" annotation to the RemoteUser. Then check the status of the RemoteUser. The test is performed when updating the RemoteUser or the referenced Secret.

Last Transition Time:  2024-12-24T12:49:08Z
Message:               Authentication was successful with the user damsien
Reason:                AuthenticationSucceded
Status:                True
Type:                  Authenticated

These providers act as a micro-operator that are plugged to Syngit. They do not have their own api. They reconcile on the Syngit's CRD instead. Access to the providers projects by following these links:

• https://github.com/syngit-org/syngit-provider-github
• https://github.com/syngit-org/syngit-provider-gitlab

Bug fixes 🐛

• Fix wrong default image used in the helm chart for the providers.

Others 👀

• Change the demo gif (quality increased).
• Restructure the files architecture in order to have a more convenient coding space. Also, it is important to export the rights variables & functions to be used in the providers projects.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.3.0

Helm chart:
https://syngit-org.github.io/syngit version 0.3.0

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.3.0 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

v0.2.1

End-users features ✨

Add Github & Gitlab providers alpha feature

The main final goal is to use features that are specific to these platforms (such as PR/MR, forks, etc...). For this version, we implement the v0.0.1 version of each of them.

Bug fixes 🐛

• Fix deprecated kube-rbac-proxy image

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.2.1

Helm chart:
https://syngit-org.github.io/syngit version 0.2.1

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.2.1 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

v0.2.0

End-users features ✨

RemoteSyncer RBAC checker

When creating, updating or deleting a RemoteSyncer, a webhook will take care of checking if the user who has made the operation has the permission to access the resources listed in scopedResources (for create, update or delete).

Add short names for CRDs

• ru & rus for RemoteUser
• rub & rubs for RemoteUserBinding
• rsy & rsys for RemoteSyncer

Migrating from the syngit.syngit.io apiVersion to syngit.io

If the operator is upgraded using helm, then the process is fully automated.
⚠️ The "syngit.syngit.io/associated-remote-userbinding": "true" annotation (used in RemoteUser) must be changed to "syngit.io/associated-remote-userbinding": "true".

Internal features 🌱

Linter

Add a linter job to the github workflow

Implement more tests

1. Multiple concurrent RemoteSyncer test (9.)
   When exactly two same remotesyncers exist (same target repo/branch, same scoped resources), it check that the webhook failed because the commit hash are not the same. The validation webhooks run in parallel. This behavior is intended (locked mutex). In a future version, a retry behavior will be implemented (see 📜 Roadmap).
2. RemoteUser update does not automatically add a new entry in the remoteRefs of the associated RemoteUserBinding

Add test utilities make fast-e2e & make cleanup-e2e (see 🚀 Tests)

Bug fixes 🐛

• When an update was made on a RemoteUser, then a new entry was added to the remoteRefs of the associated RemoteUserBinding.
• There was an error in the conversion webhook of the RemoteUser which was spamming the log of the controller. Now a default value is set instead of returning an error.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:v0.2.0

Helm chart:
https://syngit-org.github.io/syngit version 0.2.0

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.2.0 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

0.1.1

Internal features 🌱

Full e2e environment implementation

This environment includes:

• 2 git platforms with 2 repos in each of them (using gitea).
• 3 personas having different access on the git repositories.
• Utilities functions to quickly check k8s objects in a git repository
• Impersonation function to act on the cluster as one of the personas

Major use-case tests implementation

• Test RemoteUser & RemoteUserBinding dependency
• Test RemoteSyncer & ValidationWebhook dependency
• Test CommitOnly & CommitApply mode
• Test excludedFields
• Test default RemoteUser when RemoteUserBinding does not exist
• Test bypass interception subject

kubebuilder v3 to kubebuilder v4 migration

Add CRD markers for a better manifest generation

End-users features ✨

CRD version managment

Skip versions v1alpha1, v1alpha2, v1alpha3 & v1alpha4 so their CRDs are not generated and taken into account for the next releases.

CRD new api version: v1beta2

Moving associatedRemoteUserBinding out of the specs and place it as an annotation instead (syngit.syngit.io/associated-remote-userbinding).

Bug fixes 🐛

• The webhook responsible of the association between RemoteUser & RemoteUserBinding was not deleting the RemoteUserBinding when no remoteusers were associated to it anymore.

Others 👀

• Change the README for a better end-users on boarding.
• Enhance the wiki for a better contributors on boarding.

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:0.1.1

Helm chart:
https://syngit-org.github.io/syngit version 0.1.1

Helm install

helm repo add syngit https://syngit-org.github.io/syngit
helm repo update syngit
helm install syngit syngit/syngit --version 0.1.1 -n <SYNGIT_NAMESPACE>

Helm upgrade

helm repo update syngit
helm upgrade -n <SYNGIT_NAMESPACE> syngit syngit/syngit

0.1.0

First beta release ✨

Thanks to all the tests made in different environments, the tool is now considered as beta. Conversion are enabled between crd's apis with v1beta1 as Hub version. Basic tests related to controllers have been created.

Features ✨

Implement default block applied message

It is now possible to use the defaultBlockAppliedMessage field in the RemoteSyncer object. The value of this field is the message that will be returned to the user when the webhook does not allow to apply the resource on the cluster (request to the kube-api rejected).
Therefore, this field can only be used when using the CommitOnly option in the commitProcess field. Because if the webhook allows the request (with the CommitApply option), then there is no returned message given to the user.

Bug fixes 🐛

• The dynamic webhook was not deleted on the application deletion. Now, if the pod of the controller-manager is deleted, then the dynamic RemoteSyncer webhook is deleted as well. If the pod is recreated, then the dynamic webhook is recreated. It prevents the requests (to the kube-api) to be blocked when syngit is uninstalled.

Others 👀

• Add minimized icons default size (and keep the old icons in a large size).

Package release 📦

Docker image:
ghcr.io/syngit-org/syngit:0.1.0

Helm chart:
https://syngit-org.github.io/syngit version 0.1.0