Merge pull request #129 from fluxcd/fluxcd/pkg/runtime-v0.8.0

Update fluxcd/pkg/runtime to v0.8.0

api/go.mod

@@ -3,7 +3,7 @@ module github.com/fluxcd/notification-controller/api
 go 1.15
 
 require (
-	github.com/fluxcd/pkg/apis/meta v0.6.0
+	github.com/fluxcd/pkg/apis/meta v0.7.0
 	k8s.io/api v0.20.2
 	k8s.io/apimachinery v0.20.2
 	sigs.k8s.io/controller-runtime v0.8.0

api/go.sum

@@ -88,8 +88,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluxcd/pkg/apis/meta v0.6.0 h1:3ETc/Yz4qXGKLj+Iti6vKFwVE024WX+Jr+jIHlxj7zs=
-github.com/fluxcd/pkg/apis/meta v0.6.0/go.mod h1:yHuY8kyGHYz22I0jQzqMMGCcHViuzC/WPdo9Gisk8Po=
+github.com/fluxcd/pkg/apis/meta v0.7.0 h1:5e8gm4OLqjuKWdrOIY5DEEsjcwzyJFK8rCDesJ+V8IY=
+github.com/fluxcd/pkg/apis/meta v0.7.0/go.mod h1:yHuY8kyGHYz22I0jQzqMMGCcHViuzC/WPdo9Gisk8Po=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=

api/v1beta1/alert_types.go

@@ -17,7 +17,7 @@ limitations under the License.
 package v1beta1
 
 import (
-	corev1 "k8s.io/api/core/v1"
+	"github.com/fluxcd/pkg/apis/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -25,7 +25,7 @@ import (
 type AlertSpec struct {
 	// Send events using this provider
 	// +required
-	ProviderRef corev1.LocalObjectReference `json:"providerRef"`
+	ProviderRef meta.LocalObjectReference `json:"providerRef"`
 
 	// Filter events based on severity, defaults to ('info').
 	// If set to 'info' no events will be filtered.

api/v1beta1/provider_types.go

@@ -17,7 +17,7 @@ limitations under the License.
 package v1beta1
 
 import (
-	corev1 "k8s.io/api/core/v1"
+	"github.com/fluxcd/pkg/apis/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -51,7 +51,7 @@ type ProviderSpec struct {
 	// Secret reference containing the provider webhook URL
 	// using "address" as data key
 	// +optional
-	SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty"`
+	SecretRef *meta.LocalObjectReference `json:"secretRef,omitempty"`
 }
 
 const (

api/v1beta1/receiver_types.go

@@ -17,7 +17,6 @@ limitations under the License.
 package v1beta1
 
 import (
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/fluxcd/pkg/apis/meta"
@@ -43,7 +42,7 @@ type ReceiverSpec struct {
 	// Secret reference containing the token used
 	// to validate the payload authenticity
 	// +required
-	SecretRef corev1.LocalObjectReference `json:"secretRef,omitempty"`
+	SecretRef meta.LocalObjectReference `json:"secretRef,omitempty"`
 
 	// This flag tells the controller to suspend subsequent events handling.
 	// Defaults to false.

api/v1beta1/zz_generated.deepcopy.go

@@ -21,7 +21,7 @@ limitations under the License.
 package v1beta1
 
 import (
-	corev1 "k8s.io/api/core/v1"
+	"github.com/fluxcd/pkg/apis/meta"
 	"k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
@@ -207,7 +207,7 @@ func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec) {
 	*out = *in
 	if in.SecretRef != nil {
 		in, out := &in.SecretRef, &out.SecretRef
-		*out = new(corev1.LocalObjectReference)
+		*out = new(meta.LocalObjectReference)
 		**out = **in
 	}
 }

config/crd/bases/notification.toolkit.fluxcd.io_alerts.yaml

@@ -95,9 +95,10 @@ spec:
                 description: Send events using this provider
                 properties:
                   name:
-                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    description: Name of the referent
                     type: string
+                required:
+                - name
                 type: object
               summary:
                 description: Short description of the impact and affected cluster.

config/crd/bases/notification.toolkit.fluxcd.io_providers.yaml

@@ -62,9 +62,10 @@ spec:
                   using "address" as data key
                 properties:
                   name:
-                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    description: Name of the referent
                     type: string
+                required:
+                - name
                 type: object
               type:
                 description: Type of provider

config/crd/bases/notification.toolkit.fluxcd.io_receivers.yaml

@@ -93,9 +93,10 @@ spec:
                   the payload authenticity
                 properties:
                   name:
-                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      TODO: Add other useful fields. apiVersion, kind, uid?'
+                    description: Name of the referent
                     type: string
+                required:
+                - name
                 type: object
               suspend:
                 description: This flag tells the controller to suspend subsequent

docs/api/notification.md

@@ -76,9 +76,7 @@ AlertSpec
 <td>
 <code>providerRef</code><br>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core">
-Kubernetes core/v1.LocalObjectReference
-</a>
+github.com/fluxcd/pkg/apis/meta.LocalObjectReference
 </em>
 </td>
 <td>
@@ -275,9 +273,7 @@ string
 <td>
 <code>secretRef</code><br>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core">
-Kubernetes core/v1.LocalObjectReference
-</a>
+github.com/fluxcd/pkg/apis/meta.LocalObjectReference
 </em>
 </td>
 <td>
@@ -404,9 +400,7 @@ e.g. &lsquo;push&rsquo; for GitHub or &lsquo;Push Hook&rsquo; for GitLab.</p>
 <td>
 <code>secretRef</code><br>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core">
-Kubernetes core/v1.LocalObjectReference
-</a>
+github.com/fluxcd/pkg/apis/meta.LocalObjectReference
 </em>
 </td>
 <td>
@@ -467,9 +461,7 @@ ReceiverStatus
 <td>
 <code>providerRef</code><br>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core">
-Kubernetes core/v1.LocalObjectReference
-</a>
+github.com/fluxcd/pkg/apis/meta.LocalObjectReference
 </em>
 </td>
 <td>
@@ -714,9 +706,7 @@ string
 <td>
 <code>secretRef</code><br>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core">
-Kubernetes core/v1.LocalObjectReference
-</a>
+github.com/fluxcd/pkg/apis/meta.LocalObjectReference
 </em>
 </td>
 <td>
@@ -822,9 +812,7 @@ e.g. &lsquo;push&rsquo; for GitHub or &lsquo;Push Hook&rsquo; for GitLab.</p>
 <td>
 <code>secretRef</code><br>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core">
-Kubernetes core/v1.LocalObjectReference
-</a>
+github.com/fluxcd/pkg/apis/meta.LocalObjectReference
 </em>
 </td>
 <td>

docs/spec/v1beta1/README.md

@@ -11,4 +11,4 @@ This is the v1alpha1 API specification for defining events handling and dispatch
 
 ## Go Client
 
-* [github.com/fluxcd/pkg/recorder](https://github.com/fluxcd/pkg/tree/master/recorder)
+* [github.com/fluxcd/pkg/recorder](https://github.com/fluxcd/pkg/tree/main/recorder)

docs/spec/v1beta1/alert.md

@@ -10,7 +10,7 @@ Spec:
 type AlertSpec struct {
 	// Send events using this provider
 	// +required
-	ProviderRef corev1.LocalObjectReference `json:"providerRef"`
+	ProviderRef meta.LocalObjectReference `json:"providerRef"`
 
 	// Filter events based on severity, defaults to ('info').
 	// +kubebuilder:validation:Enum=info;error

docs/spec/v1beta1/provider.md

@@ -33,7 +33,7 @@ type ProviderSpec struct {
 
 	// Secret reference containing the provider webhook URL
 	// +optional
-	SecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty"`
+	SecretRef *meta.LocalObjectReference `json:"secretRef,omitempty"`
 }
 ```
 
@@ -133,11 +133,15 @@ spec:
 ```
 
 #### Authentication
-GitHub. GitLab, and Azure DevOps use personal access tokens to authenticate with their API.
-  - [GitHub personal access token](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token)
-  - [GitLab personal access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
-  - [Azure DevOps personal access token](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=preview-page)
-Both provider types require a secret in the same format, with the personal access token as the value for the token key.
+
+GitHub. GitLab, and Azure DevOps use personal access tokens to authenticate with their API:
+
+- [GitHub personal access token](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token)
+- [GitLab personal access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)
+- [Azure DevOps personal access token](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=preview-page)
+
+The providers require a secret in the same format, with the personal access token as the value for the token key:
+
 ```yaml
 apiVersion: v1
 kind: Secret
@@ -148,9 +152,11 @@ data:
   token: <personal-access-tokens>
 ```
 
-Bitbucket authenticates using an [app password](https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/). It requires
-both the username and the password when authenticating. There for the token needs to be passed with the format `<username>:<app-password>`.
+Bitbucket authenticates using an [app password](https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/).
+It requires both the username and the password when authenticating.
+There for the token needs to be passed with the format `<username>:<app-password>`.
 A token that is not in this format will cause the provider to fail.
+
 ```yaml
 apiVersion: v1
 kind: Secret

docs/spec/v1beta1/receiver.md

@@ -9,7 +9,7 @@ reconciliation for a group of resources.
 type ReceiverSpec struct {
 	// Type of webhook sender, used to determine
 	// the validation procedure and payload deserialization.
-	// +kubebuilder:validation:Enum=generic;github;gitlab;harbor;dockerhub;quay
+	// +kubebuilder:validation:Enum=generic;generic-hmac;github;gitlab;bitbucket;harbor;dockerhub;quay;gcr;nexus
 	// +required
 	Type string `json:"type"`
 
@@ -25,7 +25,7 @@ type ReceiverSpec struct {
 	// Secret reference containing the token used
 	// to validate the payload authenticity
 	// +required
-	SecretRef corev1.LocalObjectReference `json:"secretRef,omitempty"`
+	SecretRef meta.LocalObjectReference `json:"secretRef,omitempty"`
 
 	// This flag tells the controller to suspend subsequent events handling.
 	// Defaults to false.
@@ -121,51 +121,38 @@ spec:
       namespace: default
 ```
 
-This generic receiver performs token validation. The controller uses the `X-Signature` header to get
-the hash signature. The signature should be prefixed with the hash function(`sha1`, `sha256`, or `sha512`) like this:
+This generic receiver verifies that the request is legitimate using HMAC.
+The controller uses the `X-Signature` header to get the hash signature.
+The signature should be prefixed with the hash function(`sha1`, `sha256`, or `sha512`) like this:
 `<hash-function>=<hash-signation>`.
 
-1. Generate hash using open ssl and sha1
+1. Generate hash signature using OpenSSL:
+
 ```sh
-echo -n '<body-of-request>' | openssl dgst -sha1 -hmac "aHR0cHM6Ly9ob29rcy5zbGFjay5jb20vc2VydmljZXMv"
+echo -n '<request-body>' | openssl dgst -sha1 -hmac "<secret-key>"
 ```
-You can use the flag `sha256` or `sha512` if you want a different hash function
 
-This would output the hash.
+You can use the flag `sha256` or `sha512` if you want a different hash function.
 
-2. Send a POST request to the webhook url
-```
-curl <webhook-url> \
--X POST \
- -H "X-Signature: sha1=<generated-hash>" \
--d '<body-of-request>' 
+2. Send a HTTP POST request to the webhook URL:
+
+```sh
+curl <webhook-url> -X POST -H "X-Signature: sha1=<generated-hash>" -d '<request-body>' 
 ```
 
 Generate hash signature using Go:
 
 ```go
-package main
-
-import (
-    "crypto/hmac"
-    "fmt"
-    "crypto/sha1" 
-)
-
-// input is the body of the request
-// key is your secret token
-func GetSignature(input, key string) string {
-	key_for_sign := []byte(key)
-	h := hmac.New(sha1.New, key_for_sign) 
-	h.Write([]byte(input))
+func sign(payload, key string) string {
+	h := hmac.New(sha1.New, []byte(key)) 
+	h.Write([]byte(payload))
 	return fmt.Sprintf("%x", h.Sum(nil))
 }
 
-// Don't forget to set request Headers
-// req.Header.Set("X-Signature", fmt.Sprintf("sha1=%s", <returned string>))
+// set headers
+req.Header.Set("X-Signature", fmt.Sprintf("sha1=%s", sign(payload, key)))
 ```
 
-
 ### GitHub receiver
 
 ```yaml

go.mod

@@ -5,12 +5,12 @@ go 1.15
 replace github.com/fluxcd/notification-controller/api => ./api
 
 require (
-	github.com/fluxcd/image-reflector-controller/api v0.3.0
+	github.com/fluxcd/image-reflector-controller/api v0.4.0
 	github.com/fluxcd/notification-controller/api v0.6.2
-	github.com/fluxcd/pkg/apis/meta v0.6.0
+	github.com/fluxcd/pkg/apis/meta v0.7.0
 	github.com/fluxcd/pkg/recorder v0.0.6
-	github.com/fluxcd/pkg/runtime v0.7.0
-	github.com/fluxcd/source-controller/api v0.6.2
+	github.com/fluxcd/pkg/runtime v0.8.0
+	github.com/fluxcd/source-controller/api v0.7.0
 	github.com/go-logr/logr v0.3.0
 	github.com/google/go-github/v32 v32.1.0
 	github.com/hashicorp/go-retryablehttp v0.6.8

go.sum

@@ -97,16 +97,16 @@ github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi
 github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluxcd/image-reflector-controller/api v0.3.0 h1:ZG/gb+XUQWX6FSvuzpvxz4kgdRp1mfRJIQyaHx4XMrQ=
-github.com/fluxcd/image-reflector-controller/api v0.3.0/go.mod h1:tE+oSbiM0bXDhmt1Jrg5o9pdFmXCBxlpPn1GQSCzXv0=
-github.com/fluxcd/pkg/apis/meta v0.6.0 h1:3ETc/Yz4qXGKLj+Iti6vKFwVE024WX+Jr+jIHlxj7zs=
-github.com/fluxcd/pkg/apis/meta v0.6.0/go.mod h1:yHuY8kyGHYz22I0jQzqMMGCcHViuzC/WPdo9Gisk8Po=
+github.com/fluxcd/image-reflector-controller/api v0.4.0 h1:/7mxmTsjmwmzTchWG06FaTki4hbN4qrVXdT5l/Yio5A=
+github.com/fluxcd/image-reflector-controller/api v0.4.0/go.mod h1:MS3mGjZLnzZsfSqVLGbp0WNJr/k8XRFpw4G6ApLFTbc=
+github.com/fluxcd/pkg/apis/meta v0.7.0 h1:5e8gm4OLqjuKWdrOIY5DEEsjcwzyJFK8rCDesJ+V8IY=
+github.com/fluxcd/pkg/apis/meta v0.7.0/go.mod h1:yHuY8kyGHYz22I0jQzqMMGCcHViuzC/WPdo9Gisk8Po=
 github.com/fluxcd/pkg/recorder v0.0.6 h1:me/n8syeeGXz50OXoPX3jgIj9AtinvhHdKT9Dy+MbHs=
 github.com/fluxcd/pkg/recorder v0.0.6/go.mod h1:IfQxfVRSNsWs3B0Yp5B6ObEWwKHILlAx8N7XkoDdhFg=
-github.com/fluxcd/pkg/runtime v0.7.0 h1:AMzqHGae0zqDQAmKwa1htjStk2wphwWF0xQw/zD3FY4=
-github.com/fluxcd/pkg/runtime v0.7.0/go.mod h1:1dzGFwtowST5AIW5i9f0Pn0fMhCmOHFyBizuPJSKX+s=
-github.com/fluxcd/source-controller/api v0.6.2 h1:xgKZg0Ajeh/jPPePZJriDUgzxgCXIFBPqZso9obtpko=
-github.com/fluxcd/source-controller/api v0.6.2/go.mod h1:LzLXD6RfQ+4Es+gUuIZE4NCSW2WkWIK91EnVBCMvbQw=
+github.com/fluxcd/pkg/runtime v0.8.0 h1:cnSBZJLcXlKgjXpFFFExu+4ZncIxmPgNIx+ErLcCLnA=
+github.com/fluxcd/pkg/runtime v0.8.0/go.mod h1:tQwEN+RESjJmtwSSv7I+6bkNM9raIXpGsCjruaIVX6A=
+github.com/fluxcd/source-controller/api v0.7.0 h1:QDpr6ZjHtTxw+mc+mZ1p9qRujHb+PzPdoQP3YgWlqOA=
+github.com/fluxcd/source-controller/api v0.7.0/go.mod h1:u2sdc/QDm0tzXHL7mZVj928hc3MMU+4mKCuAQg+94Bk=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=

main.go

@@ -17,7 +17,6 @@ limitations under the License.
 package main
 
 import (
-	goflag "flag"
 	"os"
 
 	flag "github.com/spf13/pflag"
@@ -28,6 +27,7 @@ import (
 	crtlmetrics "sigs.k8s.io/controller-runtime/pkg/metrics"
 
 	imagev1 "github.com/fluxcd/image-reflector-controller/api/v1alpha1"
+	"github.com/fluxcd/pkg/runtime/client"
 	"github.com/fluxcd/pkg/runtime/logger"
 	"github.com/fluxcd/pkg/runtime/metrics"
 	"github.com/fluxcd/pkg/runtime/probes"
@@ -62,6 +62,7 @@ func main() {
 		enableLeaderElection bool
 		concurrent           int
 		watchAllNamespaces   bool
+		clientOptions        client.Options
 		logOptions           logger.Options
 	)
 
@@ -77,11 +78,8 @@ func main() {
 		"Watch for custom resources in all namespaces, if set to false it will only watch the runtime namespace.")
 	flag.Bool("log-json", false, "Set logging to JSON format.")
 	flag.CommandLine.MarkDeprecated("log-json", "Please use --log-encoding=json instead.")
-	{
-		var fs goflag.FlagSet
-		logOptions.BindFlags(&fs)
-		flag.CommandLine.AddGoFlagSet(&fs)
-	}
+	clientOptions.BindFlags(flag.CommandLine)
+	logOptions.BindFlags(flag.CommandLine)
 	flag.Parse()
 
 	log := logger.NewLogger(logOptions)
@@ -95,7 +93,8 @@ func main() {
 		watchNamespace = os.Getenv("RUNTIME_NAMESPACE")
 	}
 
-	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+	restConfig := client.GetConfigOrDie(clientOptions)
+	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
 		Scheme:                 scheme,
 		MetricsBindAddress:     metricsAddr,
 		HealthProbeBindAddress: healthAddr,