nyl 0.4.1

Kubernetes manifest generator with Helm integration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

/// RemoteManifest resource definition
///
/// A RemoteManifest fetches YAML/JSON documents from an HTTPS URL and injects
/// them into the normal render pipeline.
use serde::{Deserialize, Serialize};

use crate::constants::API_VERSION;
use crate::resources::ObjectMetadata;
use crate::{NylError, Result};

/// RemoteManifest specification
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct RemoteManifestSpec {
    /// HTTPS URL to fetch manifest documents from
    pub url: String,
    /// Overwrite fetched manifest metadata.namespace with RemoteManifest metadata.namespace
    #[serde(default, rename = "overrideNamespace", skip_serializing_if = "std::ops::Not::not")]
    pub override_namespace: bool,
}

/// RemoteManifest resource
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct RemoteManifest {
    /// API version (must be core Nyl API version)
    #[serde(rename = "apiVersion")]
    pub api_version: String,
    /// Resource kind (always "RemoteManifest")
    pub kind: String,
    /// Kubernetes metadata
    pub metadata: ObjectMetadata,
    /// Remote manifest source configuration
    pub spec: RemoteManifestSpec,
}

impl RemoteManifest {
    /// Check if a manifest is a RemoteManifest resource
    pub fn is_remote_manifest(manifest: &serde_json::Value) -> bool {
        manifest.get("apiVersion").and_then(|v| v.as_str()) == Some(API_VERSION)
            && manifest.get("kind").and_then(|v| v.as_str()) == Some("RemoteManifest")
    }

    /// Parse a RemoteManifest from a JSON value
    pub fn from_value(value: &serde_json::Value) -> Result<Self> {
        serde_json::from_value(value.clone())
            .map_err(|e| NylError::Config(format!("Invalid RemoteManifest resource: {}", e)))
    }

    /// Validate the RemoteManifest configuration
    pub fn validate(&self) -> Result<()> {
        let url = self.spec.url.trim();
        if url.is_empty() {
            return Err(NylError::Config(
                "RemoteManifest spec.url must not be empty".to_string(),
            ));
        }
        if !url.starts_with("https://") {
            return Err(NylError::Config(format!(
                "RemoteManifest spec.url must use https:// scheme, got '{}'",
                self.spec.url
            )));
        }
        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use serde_json::json;

    #[test]
    fn test_is_remote_manifest_true() {
        let manifest = json!({
            "apiVersion": "nyl.niklasrosenstein.github.com/v1",
            "kind": "RemoteManifest",
            "metadata": {"name": "remote"},
            "spec": {"url": "https://example.com/manifests.yaml"}
        });
        assert!(RemoteManifest::is_remote_manifest(&manifest));
    }

    #[test]
    fn test_is_remote_manifest_false() {
        let manifest = json!({
            "apiVersion": "v1",
            "kind": "ConfigMap",
            "metadata": {"name": "cm"}
        });
        assert!(!RemoteManifest::is_remote_manifest(&manifest));
    }

    #[test]
    fn test_remote_manifest_validate_rejects_empty_url() {
        let manifest = json!({
            "apiVersion": "nyl.niklasrosenstein.github.com/v1",
            "kind": "RemoteManifest",
            "metadata": {"name": "remote"},
            "spec": {"url": "   "}
        });
        let remote = RemoteManifest::from_value(&manifest).unwrap();
        let err = remote.validate().unwrap_err();
        assert!(err.to_string().contains("must not be empty"));
    }

    #[test]
    fn test_remote_manifest_validate_rejects_non_https_url() {
        let manifest = json!({
            "apiVersion": "nyl.niklasrosenstein.github.com/v1",
            "kind": "RemoteManifest",
            "metadata": {"name": "remote"},
            "spec": {"url": "http://example.com/manifests.yaml"}
        });
        let remote = RemoteManifest::from_value(&manifest).unwrap();
        let err = remote.validate().unwrap_err();
        assert!(err.to_string().contains("https://"));
    }

    #[test]
    fn test_remote_manifest_override_namespace_defaults_to_false() {
        let manifest = json!({
            "apiVersion": "nyl.niklasrosenstein.github.com/v1",
            "kind": "RemoteManifest",
            "metadata": {"name": "remote"},
            "spec": {"url": "https://example.com/manifests.yaml"}
        });
        let remote = RemoteManifest::from_value(&manifest).unwrap();
        assert!(!remote.spec.override_namespace);
    }

    #[test]
    fn test_remote_manifest_override_namespace_true() {
        let manifest = json!({
            "apiVersion": "nyl.niklasrosenstein.github.com/v1",
            "kind": "RemoteManifest",
            "metadata": {"name": "remote"},
            "spec": {
                "url": "https://example.com/manifests.yaml",
                "overrideNamespace": true
            }
        });
        let remote = RemoteManifest::from_value(&manifest).unwrap();
        assert!(remote.spec.override_namespace);
    }

    #[test]
    fn test_remote_manifest_from_value_rejects_unknown_fields() {
        let manifest = json!({
            "apiVersion": "nyl.niklasrosenstein.github.com/v1",
            "kind": "RemoteManifest",
            "metadata": {"name": "remote"},
            "spec": {"url": "https://example.com/manifests.yaml", "unknownField": true}
        });
        let err = RemoteManifest::from_value(&manifest).unwrap_err();
        assert!(err.to_string().contains("unknown field"));
    }
}