diff --git a/data/kubemacpool/kubemacpool.yaml b/data/kubemacpool/kubemacpool.yaml index 618f1b1187..ae5d7a1007 100644 --- a/data/kubemacpool/kubemacpool.yaml +++ b/data/kubemacpool/kubemacpool.yaml @@ -126,7 +126,7 @@ subjects: apiVersion: v1 data: RANGE_END: '{{ .RangeEnd }}' - RANGE_START: '{{ .RangeStart }}' + RANGE_START: "{{ .RangeStart }}" kind: ConfigMap metadata: labels: diff --git a/data/kubevirt-ipam-controller/001-kubevirtipamcontroller.yaml b/data/kubevirt-ipam-controller/001-kubevirtipamcontroller.yaml index 2809cdf2d5..c8006144d4 100644 --- a/data/kubevirt-ipam-controller/001-kubevirtipamcontroller.yaml +++ b/data/kubevirt-ipam-controller/001-kubevirtipamcontroller.yaml @@ -183,13 +183,13 @@ spec: containers: - args: - --leader-elect - - "--certificates-dir={{ .CertDir }}" + - --certificates-dir={{ .CertDir }} {{- if ne .DefaultNetNADNs "" }} - - "--default-network-nad-namespace={{ .DefaultNetNADNs }}" + - --default-network-nad-namespace={{ .DefaultNetNADNs }} {{ end }} - - "--tls-min-version={{ .TLSMinVersion }}" + - --tls-min-version={{ .TLSMinVersion }} {{ if index . "TLSSecurityProfileCiphers" }} - - "--tls-cipher-suites={{ .TLSSecurityProfileCiphers }}" + - --tls-cipher-suites={{ .TLSSecurityProfileCiphers }} {{ end }} command: - /manager diff --git a/data/multus/001-multus.yaml b/data/multus/001-multus.yaml index c67f73805d..eb59e21191 100644 --- a/data/multus/001-multus.yaml +++ b/data/multus/001-multus.yaml @@ -156,8 +156,8 @@ spec: - name: cni mountPath: /host/etc/cni/net.d # multus-daemon expects that cnibin path must be identical between pod and container host. - # e.g. if the cni bin is in /opt/cni/bin on the container host side, then it should be mount to /opt/cni/bin in multus-daemon, - # not to any other directory, like /opt/bin or /usr/bin. + # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, + # not to any other directory, like '/opt/bin' or '/usr/bin'. - name: cnibin mountPath: /opt/cni/bin - name: host-run diff --git a/data/ovs/001-ovs-cni.yaml b/data/ovs/001-ovs-cni.yaml index 50e673739b..394a9fede8 100644 --- a/data/ovs/001-ovs-cni.yaml +++ b/data/ovs/001-ovs-cni.yaml @@ -81,7 +81,7 @@ spec: - sh - -c - >- - find /tmp/healthy -mmin -2 | grep -q /tmp/healthy + find /tmp/healthy -mmin -2 | grep -q '/tmp/healthy' initialDelaySeconds: 60 periodSeconds: 60 terminationMessagePolicy: FallbackToLogsOnError diff --git a/hack/components/bump-bridge-marker.sh b/hack/components/bump-bridge-marker.sh index 184511a781..f078705bbd 100755 --- a/hack/components/bump-bridge-marker.sh +++ b/hack/components/bump-bridge-marker.sh @@ -12,11 +12,11 @@ function __parametize_by_object() { case "${f}" in ./ClusterRoleBinding_bridge-marker-crb.yaml) yaml-utils::update_param ${f} subjects[0].namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ServiceAccount_bridge-marker.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./DaemonSet_bridge-marker.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' @@ -33,7 +33,7 @@ function __parametize_by_object() { yaml-utils::set_param ${f} spec.template.spec.securityContext.runAsNonRoot 'true' yaml-utils::set_param ${f} spec.template.spec.securityContext.runAsUser '1001' yaml-utils::set_param ${f} spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem 'true' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; esac done diff --git a/hack/components/bump-kube-secondary-dns.sh b/hack/components/bump-kube-secondary-dns.sh index df3c598861..a3b8a84fae 100755 --- a/hack/components/bump-kube-secondary-dns.sh +++ b/hack/components/bump-kube-secondary-dns.sh @@ -11,17 +11,17 @@ function __parametize_by_object() { case "${f}" in ./Namespace_secondary.yaml) yaml-utils::update_param ${f} metadata.name '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ConfigMap_secondary-dns.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' yaml-utils::set_param ${f} data.DOMAIN '{{ .Domain }}' yaml-utils::set_param ${f} data.NAME_SERVER_IP '{{ .NameServerIp }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ClusterRoleBinding_secondary.yaml) yaml-utils::update_param ${f} subjects[0].namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./Deployment_secondary-dns.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' @@ -36,11 +36,11 @@ function __parametize_by_object() { yaml-utils::set_param ${f} spec.template.spec.tolerations '{{ toYaml .Placement.Tolerations | nindent 8 }}' yaml-utils::set_param ${f} 'spec.template.metadata.annotations."openshift.io/required-scc"' '"restricted-v2"' yaml-utils::set_param ${f} 'spec.template.metadata.labels."allow-access-cluster-services"' '""' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ServiceAccount_secondary.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./NetworkPolicy_allow-ingress-to-secondary-dns.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' diff --git a/hack/components/bump-kubevirt-ipam-controller.sh b/hack/components/bump-kubevirt-ipam-controller.sh index e50c74e699..b4eeedb074 100755 --- a/hack/components/bump-kubevirt-ipam-controller.sh +++ b/hack/components/bump-kubevirt-ipam-controller.sh @@ -13,64 +13,64 @@ function __parametize_by_object() { case "${f}" in ./Namespace_kubevirt-ipam-controller-system.yaml) yaml-utils::update_param ${f} metadata.name '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ClusterRoleBinding_kubevirt-ipam-controller-manager-rolebinding.yaml) yaml-utils::update_param ${f} subjects[0].namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./Deployment_kubevirt-ipam-controller-manager.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' yaml-utils::update_param ${f} spec.template.spec.containers[0].image '{{ .KubevirtIpamControllerImage }}' yaml-utils::set_param ${f} spec.template.spec.containers[0].imagePullPolicy '{{ .ImagePullPolicy }}' - yaml-utils::set_param ${f} spec.template.spec.containers[0].args[1] '"--certificates-dir={{ .CertDir }}"' + yaml-utils::set_param ${f} spec.template.spec.containers[0].args[1] '--certificates-dir={{ .CertDir }}' yaml-utils::set_param ${f} spec.template.spec.containers[0].volumeMounts[0].mountPath '{{ .MountPath }}' yaml-utils::set_param ${f} spec.template.spec.volumes[0].secret.secretName '{{ .SecretName }}' yaml-utils::set_param ${f} spec.template.spec.nodeSelector '{{ toYaml .Placement.NodeSelector | nindent 8 }}' yaml-utils::set_param ${f} spec.template.spec.affinity '{{ toYaml .Placement.Affinity | nindent 8 }}' yaml-utils::set_param ${f} spec.template.spec.tolerations '{{ toYaml .Placement.Tolerations | nindent 8 }}' yaml-utils::set_param ${f} 'spec.template.metadata.labels."allow-access-cluster-services"' '""' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} # sed operation is done after all yq operations to avoid unexpected yq error - sed -i '/ - "--certificates-dir={{ .CertDir }}"/a{{ if index . "TLSSecurityProfileCiphers" }}\n - "--tls-cipher-suites={{ .TLSSecurityProfileCiphers }}"\n{{ end }}' ${f} - sed -i '/ - "--certificates-dir={{ .CertDir }}"/a\\ - "--tls-min-version={{ .TLSMinVersion }}"' ${f} - sed -i '/ - "--certificates-dir={{ .CertDir }}"/a{{- if ne .DefaultNetNADNs "" }}\n - "--default-network-nad-namespace={{ .DefaultNetNADNs }}"\n{{ end }}' ${f} + sed -i '/ - --certificates-dir={{ .CertDir }}/a{{ if index . "TLSSecurityProfileCiphers" }}\n - --tls-cipher-suites={{ .TLSSecurityProfileCiphers }}\n{{ end }}' ${f} + sed -i '/ - --certificates-dir={{ .CertDir }}/a\ - --tls-min-version={{ .TLSMinVersion }}' ${f} + sed -i '/ - --certificates-dir={{ .CertDir }}/a{{- if ne .DefaultNetNADNs "" }}\n - --default-network-nad-namespace={{ .DefaultNetNADNs }}\n{{ end }}' ${f} ;; ./Service_kubevirt-ipam-controller-webhook-service.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./Certificate_kubevirt-ipam-controller-serving-cert.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' yaml-utils::update_param ${f} spec.dnsNames[0] 'kubevirt-ipam-controller-webhook-service.{{ .Namespace }}.svc' yaml-utils::update_param ${f} spec.dnsNames[1] 'kubevirt-ipam-controller-webhook-service.{{ .Namespace }}.svc.cluster.local' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./Issuer_kubevirt-ipam-controller-selfsigned-issuer.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./MutatingWebhookConfiguration_kubevirt-ipam-controller-mutating-webhook-configuration.yaml) yaml-utils::update_param ${f} webhooks[0].clientConfig.service.namespace '{{ .Namespace }}' sed -i '/cert-manager.io\/inject-ca-from/c\ {{ .WebhookAnnotation }}' ${f} - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./RoleBinding_kubevirt-ipam-controller-leader-election-rolebinding.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' yaml-utils::update_param ${f} subjects[0].namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./Role_kubevirt-ipam-controller-leader-election-role.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ServiceAccount_kubevirt-ipam-controller-manager.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./Service_kubevirt-ipam-controller-webhook-service.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./NetworkPolicy_kubevirt-ipam-controller-allow-ingress-to-ipam-ext-webhook.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' diff --git a/hack/components/bump-macvtap-cni.sh b/hack/components/bump-macvtap-cni.sh index 82e3643b88..e765d162c3 100755 --- a/hack/components/bump-macvtap-cni.sh +++ b/hack/components/bump-macvtap-cni.sh @@ -14,7 +14,7 @@ function __parametize_by_object() { yaml-utils::set_param ${f} spec.template.spec.affinity '{{ toYaml .Placement.Affinity | nindent 8 }}' yaml-utils::set_param ${f} spec.template.spec.nodeSelector '{{ toYaml .Placement.NodeSelector | nindent 8 }}' yaml-utils::set_param ${f} spec.template.spec.tolerations '{{ toYaml .Placement.Tolerations | nindent 8 }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; esac done diff --git a/hack/components/bump-multus-dynamic-networks.sh b/hack/components/bump-multus-dynamic-networks.sh index 0807b63ebd..6e77d38839 100755 --- a/hack/components/bump-multus-dynamic-networks.sh +++ b/hack/components/bump-multus-dynamic-networks.sh @@ -14,25 +14,25 @@ function __parametize_by_object() { json_content=$(yaml-utils::get_param ${f} 'data."dynamic-networks-config.json"') updated_json=$(echo "${json_content}" | sed -E "s|\"criSocketPath\": *\"[^\"]*\"|\"criSocketPath\": \"/host{{ .HostCRISocketPath }}\"|") yaml-utils::set_param ${f} 'data."dynamic-networks-config.json"' "${updated_json}"$'\n' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ClusterRoleBinding_dynamic-networks-controller.yaml) yaml-utils::update_param ${f} subjects[0].namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./DaemonSet_dynamic-networks-controller-ds.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' yaml-utils::set_param ${f} spec.template.spec.containers[0].imagePullPolicy '{{ .ImagePullPolicy }}' yaml-utils::update_param ${f} spec.template.spec.containers[0].image '{{ .MultusDynamicNetworksControllerImage }}' - yaml-utils::update_param ${f} spec.template.spec.containers[0].volumeMounts\(name=="cri-socket"\).mountPath '/host{{ .HostCRISocketPath }}' + yaml-utils::update_param ${f} '(.spec.template.spec.containers[0].volumeMounts[] | select(.name == "cri-socket")).mountPath' '/host{{ .HostCRISocketPath }}' yaml-utils::set_param ${f} spec.template.spec.affinity '{{ toYaml .Placement.Affinity | nindent 8 }}' yaml-utils::update_param ${f} spec.template.spec.tolerations '{{ toYaml .Placement.Tolerations | nindent 8 }}' - yaml-utils::update_param ${f} spec.template.spec.volumes\(name=="cri-socket"\).hostPath.path '{{ .HostCRISocketPath }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::update_param ${f} '(.spec.template.spec.volumes[] | select(.name == "cri-socket")).hostPath.path' '{{ .HostCRISocketPath }}' + yaml-utils::unquote_template_variables ${f} ;; ./ServiceAccount_dynamic-networks-controller.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; esac done diff --git a/hack/components/bump-multus.sh b/hack/components/bump-multus.sh index 03c369daef..98cd646f40 100755 --- a/hack/components/bump-multus.sh +++ b/hack/components/bump-multus.sh @@ -12,11 +12,11 @@ function __parametize_by_object() { case "${f}" in ./ClusterRoleBinding_multus.yaml) yaml-utils::update_param ${f} subjects[0].namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ServiceAccount_multus.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ConfigMap_multus-daemon-config.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' @@ -33,13 +33,13 @@ function __parametize_by_object() { yaml-utils::update_param ${f} spec.template.spec.volumes[0].hostPath.path '{{ .CNIConfigDir }}' yaml-utils::update_param ${f} spec.template.spec.volumes[1].hostPath.path '{{ .CNIBinDir }}' yaml-utils::delete_param ${f} spec.template.spec.containers[0].resources.limits - yaml-utils::update_param ${f} spec.template.spec.containers[0].resources.requests.cpu '"10m"' - yaml-utils::update_param ${f} spec.template.spec.containers[0].resources.requests.memory '"15Mi"' + yaml-utils::update_param ${f} spec.template.spec.containers[0].resources.requests.cpu '10m' + yaml-utils::update_param ${f} spec.template.spec.containers[0].resources.requests.memory '15Mi' yaml-utils::set_param ${f} spec.template.spec.nodeSelector '{{ toYaml .Placement.NodeSelector | nindent 8 }}' yaml-utils::set_param ${f} spec.template.spec.containers[0].lifecycle.preStop.exec.command '["/bin/sh", "-c", "rm -rf /host/etc/cni/net.d/00-multus.conf /host/var/lib/cni/*"]' yaml-utils::set_param ${f} spec.template.spec.affinity '{{ toYaml .Placement.Affinity | nindent 8 }}' yaml-utils::update_param ${f} spec.template.spec.tolerations '{{ toYaml .Placement.Tolerations | nindent 8 }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; esac done diff --git a/hack/components/bump-ovs-cni.sh b/hack/components/bump-ovs-cni.sh index 15fc8e78fb..55e33ae057 100755 --- a/hack/components/bump-ovs-cni.sh +++ b/hack/components/bump-ovs-cni.sh @@ -12,11 +12,11 @@ function __parametize_by_object() { case "${f}" in ./ClusterRoleBinding_ovs-cni-marker-crb.yaml) yaml-utils::update_param ${f} subjects[0].namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./ServiceAccount_ovs-cni-marker.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; ./DaemonSet_ovs-cni-amd64.yaml) yaml-utils::update_param ${f} metadata.namespace '{{ .Namespace }}' @@ -29,7 +29,7 @@ function __parametize_by_object() { yaml-utils::update_param ${f} spec.template.spec.nodeSelector '{{ toYaml .Placement.NodeSelector | nindent 8 }}' yaml-utils::set_param ${f} spec.template.spec.affinity '{{ toYaml .Placement.Affinity | nindent 8 }}' yaml-utils::update_param ${f} spec.template.spec.tolerations '{{ toYaml .Placement.Tolerations | nindent 8 }}' - yaml-utils::remove_single_quotes_from_yaml ${f} + yaml-utils::unquote_template_variables ${f} ;; esac done diff --git a/hack/components/yaml-utils.sh b/hack/components/yaml-utils.sh index d6e27aa306..485e89150c 100644 --- a/hack/components/yaml-utils.sh +++ b/hack/components/yaml-utils.sh @@ -7,13 +7,18 @@ source hack/components/docker-utils.sh export OCI_BIN=${OCI_BIN:-$(docker-utils::determine_cri_bin)} function __yq() { - ${OCI_BIN} run --rm -v ${PWD}:/workdir:Z docker.io/mikefarah/yq:3.3.4 yq "$@" + yq "$@" } function yaml-utils::get_param() { local yaml_file=$1 local arg=$2 - __yq r ${yaml_file} ${arg} + # Add leading dot if not present (unless it starts with '(' for filter expressions) + local yq_path="${arg}" + if [[ "${yq_path}" != .* ]] && [[ "${yq_path}" != \(* ]]; then + yq_path=".${yq_path}" + fi + __yq eval "${yq_path}" "${yaml_file}" } function yaml-utils::set_param() { @@ -21,10 +26,36 @@ function yaml-utils::set_param() { local path=$2 local value="$3" - __yq w -i ${yaml_file} ${path} "${value}" + # Add leading dot if not present (unless it starts with '(' for filter expressions) + local yq_path="${path}" + if [[ "${yq_path}" != .* ]] && [[ "${yq_path}" != \(* ]]; then + yq_path=".${yq_path}" + fi + + # Check if value is empty object or empty array + if [[ "$value" == "{}" ]] || [[ "$value" == "[]" ]]; then + # Empty objects/arrays should not use strenv + __yq eval "${yq_path} = ${value}" -i "${yaml_file}" + elif [[ "$value" == "true" ]] || [[ "$value" == "false" ]]; then + # Boolean values - use directly without strenv to preserve type + __yq eval "${yq_path} = ${value}" -i "${yaml_file}" + elif [[ "$value" =~ ^[0-9]+$ ]]; then + # Numeric values - use directly without strenv to preserve type + __yq eval "${yq_path} = ${value}" -i "${yaml_file}" + elif { [[ "$value" == "["* ]] || [[ "$value" == "{"* ]]; } && [[ "$value" != *"{{"* ]]; then + # Non-empty JSON array or object without Go templates - use from_json to parse it + export YQ_VALUE="${value}" + __yq eval "${yq_path} = (strenv(YQ_VALUE) | from_json)" -i "${yaml_file}" + unset YQ_VALUE + else + # Regular value (including JSON with Go templates) - use strenv + export YQ_VALUE="${value}" + __yq eval "${yq_path} = strenv(YQ_VALUE)" -i "${yaml_file}" + unset YQ_VALUE + fi # yq write removes the heading --- from the yaml, so we re-add it. - yaml-utils::append_delimiter ${yaml_file} + yaml-utils::append_delimiter "${yaml_file}" } function yaml-utils::update_param() { @@ -32,9 +63,9 @@ function yaml-utils::update_param() { local path=$2 local new_value="$3" - local old_value=$(yaml-utils::get_param ${yaml_file} ${path}) + local old_value=$(yaml-utils::get_param "${yaml_file}" "${path}") if [ ! -z "${old_value}" ]; then - yaml-utils::set_param ${yaml_file} ${path} "${new_value}" + yaml-utils::set_param "${yaml_file}" "${path}" "${new_value}" else echo Error: ${path} is not found in ${yaml_file} exit 1 @@ -45,22 +76,27 @@ function yaml-utils::delete_param() { local yaml_file=$1 local path=$2 - __yq d -i ${yaml_file} ${path} "${3}" + # Add leading dot if not present (unless it starts with '(' for filter expressions) + local yq_path="${path}" + if [[ "${yq_path}" != .* ]] && [[ "${yq_path}" != \(* ]]; then + yq_path=".${yq_path}" + fi + __yq eval "del(${yq_path})" -i "${yaml_file}" # yq write removes the heading --- from the yaml, so we re-add it. - yaml-utils::append_delimiter ${yaml_file} + yaml-utils::append_delimiter "${yaml_file}" } function yaml-utils::get_component_url() { local component=$1 arg=components.\"${component}\".url - yaml-utils::get_param components.yaml ${arg} + yaml-utils::get_param components.yaml "${arg}" } function yaml-utils::get_component_commit() { local component=$1 arg=components.\"${component}\".commit - yaml-utils::get_param components.yaml ${arg} + yaml-utils::get_param components.yaml "${arg}" } function yaml-utils::get_component_repo() { @@ -93,9 +129,9 @@ function yaml-utils::rename_files_by_object() { local output_dir=$1 for f in ${output_dir}/*; do - local kind=$(yaml-utils::get_param ${f} kind) - local name=$(yaml-utils::get_param ${f} metadata.name) - mv ${f} ${output_dir}/${kind}_${name}.yaml + local kind=$(yaml-utils::get_param "${f}" kind) + local name=$(yaml-utils::get_param "${f}" metadata.name) + mv "${f}" "${output_dir}/${kind}_${name}.yaml" done } @@ -105,3 +141,23 @@ function yaml-utils::remove_single_quotes_from_yaml() { sed -i "s/'//g" ${yaml_file} } + +function yaml-utils::unquote_template_variables() { + local yaml_file=$1 + + # Remove quotes from template variables like {{ .Var }} + # Template variables must be unquoted to work with Go templates + sed -i 's/: *"\({{[^}]*}}\)"/: \1/g' "${yaml_file}" + sed -i "s/: *'\({{[^}]*}}\)'/: \1/g" "${yaml_file}" + + # Remove outer single quotes from double-quoted strings + # This handles cases like '""' -> "" and '"restricted-v2"' -> "restricted-v2" + # For key-value pairs + sed -i "s/: *'\\(\"[^\"]*\"\\)'/: \\1/g" "${yaml_file}" + # For array items + sed -i "s/- *'\\(\"[^\"]*\"\\)'/- \\1/g" "${yaml_file}" + + # Remove quotes from template variables in array items + sed -i 's/- *"\({{[^}]*}}\)"/- \1/g' "${yaml_file}" + sed -i "s/- *'\({{[^}]*}}\)'/- \1/g" "${yaml_file}" +} diff --git a/hack/install-tls-compliance-operator.sh b/hack/install-tls-compliance-operator.sh index b0fc10beb5..b030ec538a 100755 --- a/hack/install-tls-compliance-operator.sh +++ b/hack/install-tls-compliance-operator.sh @@ -17,7 +17,7 @@ echo "Installing TLS Compliance Operator ${VERSION} from: ${URL}.." # To allow the operator reach and check all services the network-policy is deleted. # [1] https://github.com/sebrandon1/tls-compliance-operator/blob/v0.0.10/docs/troubleshooting.md#:~:text=Check%20for%20NetworkPolicy%20restrictions echo "Deleting the operator's network-policy to allow egress all services.." -./cluster/kubectl.sh -n $NAMESPACE delete networkpolicy $NP_NAME +./cluster/kubectl.sh -n $NAMESPACE delete networkpolicy $NP_NAME echo "Patching the operator's Deployment for fine tuning reporting intervals.." ./cluster/kubectl.sh -n $NAMESPACE patch deployment $DEPLOY_NAME --type='json' -p='[ diff --git a/test/releases/0.102.0.go b/test/releases/0.102.0.go index 5d43539959..fd41ac5b30 100644 --- a/test/releases/0.102.0.go +++ b/test/releases/0.102.0.go @@ -12,7 +12,7 @@ func init() { ParentName: "multus", ParentKind: "DaemonSet", Name: "kube-multus", - Image: "ghcr.io/k8snetworkplumbingwg/multus-cni@sha256:3c20900b5381fac7f9cbbdfac8370ea10a2f6ed7fbecc678384a9db57047abb1", + Image: "ghcr.io/k8snetworkplumbingwg/multus-cni@sha256:2b9671447f3ea4e7e56730843dbf59445b9307246f393b61386b896d56ae51c9", }, { ParentName: "dynamic-networks-controller-ds", @@ -24,7 +24,7 @@ func init() { ParentName: "multus", ParentKind: "DaemonSet", Name: "install-multus-binary", - Image: "ghcr.io/k8snetworkplumbingwg/multus-cni@sha256:3c20900b5381fac7f9cbbdfac8370ea10a2f6ed7fbecc678384a9db57047abb1", + Image: "ghcr.io/k8snetworkplumbingwg/multus-cni@sha256:2b9671447f3ea4e7e56730843dbf59445b9307246f393b61386b896d56ae51c9", }, { ParentName: "bridge-marker",