v1.1.1 patch

internal/graphman/bundle.go

@@ -360,13 +360,13 @@ func AddMappings(src []byte, dest []byte) ([]byte, error) {
 }
 
 func matchOptionsLevelFormat(value string) string {
-	re := regexp.MustCompile(`{{(.*)}}`)
+	re := regexp.MustCompile(`^{{(.*)}}`)
 	match := re.FindStringSubmatch(value)
 	if len(match) > 1 {
 		return match[1]
 
 	} else {
-		re := regexp.MustCompile(`{(.*)}`)
+		re := regexp.MustCompile(`^{(.*)}`)
 		match = re.FindStringSubmatch(value)
 		if len(match) > 1 {
 			return match[1]

internal/graphman/generated-modified.go

@@ -2339,7 +2339,7 @@ type PolicyBackedIdpInput struct {
 	// Authentication Policy Name
 	AuthPolicyName string `json:"authPolicyName"`
 	// Default Role
-	DefaultRoleName string `json:"defaultRoleName"`
+	DefaultRoleName string `json:"defaultRoleName,omitempty"`
 	// Additional properties
 	Properties []*EntityPropertyInput `json:"properties,omitempty"`
 }

pkg/repository/reconcile/repository.go

@@ -170,6 +170,10 @@ func syncRepository(ctx context.Context, params Params) error {
 	if err != nil {
 		params.Log.V(2).Info("failed to reconcile storage secret", "name", repository.Name+"-repository", "namespace", repository.Namespace, "error", err.Error())
 		storageSecretName = ""
+		if err.Error() == "exceededMaxSize" {
+			storageSecretName = "_"
+		}
+
 	}
 
 	repoStatus.Commit = commit
@@ -183,7 +187,9 @@ func syncRepository(ctx context.Context, params Params) error {
 		repoStatus.Summary = repository.Spec.Endpoint
 	}
 
-	repoStatus.StorageSecretName = storageSecretName
+	if repoStatus.StorageSecretName != "_" {
+		repoStatus.StorageSecretName = storageSecretName
+	}
 
 	if !reflect.DeepEqual(repoStatus, repository.Status) {
 		params.Log.Info("syncing repository", "name", repository.Name, "namespace", repository.Namespace)

pkg/repository/reconcile/secret.go

@@ -2,9 +2,13 @@ package reconcile
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/url"
+	"os"
+	"path/filepath"
 	"strings"
+	"sync"
 
 	v1 "github.com/caapim/layer7-operator/api/v1"
 	"github.com/caapim/layer7-operator/pkg/repository"
@@ -54,7 +58,12 @@ func StorageSecret(ctx context.Context, params Params) error {
 	if ext == "" {
 		ext = params.Instance.Spec.Tag
 	}
-	switch strings.ToLower(params.Instance.Spec.Type) {
+
+	if params.Instance.Status.StorageSecretName == "_" {
+		return nil
+	}
+
+	switch strings.ToLower(string(params.Instance.Spec.Type)) {
 	case "http":
 		fileURL, err := url.Parse(params.Instance.Spec.Endpoint)
 		if err != nil {
@@ -75,7 +84,14 @@ func StorageSecret(ctx context.Context, params Params) error {
 	default:
 		params.Log.Info("repository type not set", "name", params.Instance.Name, "namespace", params.Instance.Name)
 		return nil
+	}
 
+	dirSize, err := getDirSize("/tmp/" + params.Instance.Name + "-" + params.Instance.Namespace + "-" + ext)
+	if err != nil {
+		return err
+	}
+	if dirSize/1000.0/1000.0/3.5 > 0.9 {
+		return errors.New("exceededMaxSize")
 	}
 
 	bundleGzip, err := util.CompressGraphmanBundle("/tmp/" + params.Instance.Name + "-" + params.Instance.Namespace + "-" + ext)
@@ -96,6 +112,46 @@ func StorageSecret(ctx context.Context, params Params) error {
 	return nil
 }
 
+func getDirSize(path string) (sizef float64, err error) {
+	var size int64
+	var mu sync.Mutex
+
+	var calculateSize func(string) error
+	calculateSize = func(p string) error {
+		fileInfo, err := os.Lstat(p)
+		if err != nil {
+			return err
+		}
+
+		if fileInfo.Mode()&os.ModeSymlink != 0 {
+			return nil
+		}
+
+		if fileInfo.IsDir() {
+			entries, err := os.ReadDir(p)
+			if err != nil {
+				return err
+			}
+			for _, entry := range entries {
+				if err := calculateSize(filepath.Join(p, entry.Name())); err != nil {
+					return err
+				}
+			}
+		} else {
+			mu.Lock()
+			size += fileInfo.Size()
+			mu.Unlock()
+		}
+		return nil
+	}
+
+	if err := calculateSize(path); err != nil {
+		return 0, err
+	}
+
+	return float64(size), nil
+}
+
 func reconcileSecret(ctx context.Context, params Params, desiredSecret *corev1.Secret) error {
 
 	if err := controllerutil.SetControllerReference(params.Instance, desiredSecret, params.Scheme); err != nil {

pkg/util/archive.go

@@ -3,6 +3,7 @@ package util
 import (
 	"archive/tar"
 	"archive/zip"
+	"bytes"
 	"compress/gzip"
 	"fmt"
 	"io"
@@ -150,3 +151,37 @@ func Untar(folderName string, repoName string, tarStream io.Reader, gz bool) err
 	}
 	return nil
 }
+
+func GzipDecompress(gzipBundle []byte) (bundleBytes []byte, err error) {
+	r := bytes.NewReader(gzipBundle)
+	gzr, err := gzip.NewReader(r)
+	if err != nil {
+		return nil, err
+	}
+
+	bundleBytes, err = io.ReadAll(gzr)
+	if err != nil {
+		return nil, err
+	}
+
+	return bundleBytes, nil
+}
+
+func GzipCompress(gzipBundle []byte) (gzipBytes []byte, err error) {
+
+	var buf bytes.Buffer
+	zw := gzip.NewWriter(&buf)
+	_, err = zw.Write(gzipBundle)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := zw.Close(); err != nil {
+		return nil, err
+	}
+
+	gzipBytes = buf.Bytes()
+	buf.Reset()
+
+	return gzipBytes, nil
+}

pkg/util/graphman.go

@@ -347,7 +347,7 @@ func CompressGraphmanBundle(path string) ([]byte, error) {
 	}
 	if buf.Len() > 900000 {
 		buf.Reset()
-		return nil, errors.New("this bundle would exceed the maximum Kubernetes secret size")
+		return nil, errors.New("exceededMaxSize")
 	}
 
 	compressedBundle := buf.Bytes()
@@ -356,40 +356,46 @@ func CompressGraphmanBundle(path string) ([]byte, error) {
 	return compressedBundle, nil
 }
 
-func ConcatBundles(bundleMap map[string][]byte) ([]byte, error) {
-	var combinedBundle []byte
-
+func ConcatBundles(bundleMap map[string][]byte) (combinedBundle []byte, err error) {
 	for k, bundle := range bundleMap {
 		if strings.HasSuffix(k, ".json") {
-			newBundle, err := graphman.ConcatBundle(combinedBundle, bundle)
+			combinedBundle, err = graphman.ConcatBundle(combinedBundle, bundle)
+			if err != nil {
+				return nil, err
+			}
+		}
+		if strings.HasSuffix(k, ".gz") {
+			bundle, err := GzipDecompress(bundle)
+			if err != nil {
+				return nil, err
+			}
+			combinedBundle, err = graphman.ConcatBundle(combinedBundle, bundle)
 			if err != nil {
 				return nil, err
 			}
-			combinedBundle = newBundle
 		}
 		if k == "bundle-properties.json" {
-			newBundle, err := graphman.AddMappings(combinedBundle, bundle)
+			combinedBundle, err = graphman.AddMappings(combinedBundle, bundle)
 			if err != nil {
 				return nil, err
 			}
-			combinedBundle = newBundle
 		}
 	}
 
 	return combinedBundle, nil
 
 }
 
-func BuildAndValidateBundle(path string) ([]byte, error) {
+func BuildAndValidateBundle(path string) (bundleBytes []byte, err error) {
 	if path == "" {
 		return nil, nil
 	}
-	bundle := graphman.Bundle{}
+
 	if _, err := os.Stat(path); err != nil {
 		return nil, err
 	}
 
-	bundleBytes, err := graphman.Implode(path)
+	bundleBytes, err = graphman.Implode(path)
 	if err != nil {
 		return nil, err
 	}
@@ -402,16 +408,27 @@ func BuildAndValidateBundle(path string) ([]byte, error) {
 			segments := strings.Split(d.Name(), ".")
 			ext := segments[len(segments)-1]
 			if ext == "json" && !strings.Contains(strings.ToLower(d.Name()), "sourcesummary.json") && !strings.Contains(strings.ToLower(d.Name()), "bundle-properties.json") {
-				//sbb := bundleBytes
 				srcBundleBytes, err := os.ReadFile(path)
 				if err != nil {
 					return err
 				}
-				sbb, err := graphman.ConcatBundle(srcBundleBytes, bundleBytes)
+				tb := graphman.Bundle{}
+				err = json.Unmarshal(srcBundleBytes, &tb)
 				if err != nil {
 					return nil
 				}
-				bundleBytes = sbb
+				tbb, err := json.Marshal(tb)
+				if err != nil {
+					return nil
+				}
+
+				if len(tbb) > 2 {
+					sbb, err := graphman.ConcatBundle(srcBundleBytes, bundleBytes)
+					if err != nil {
+						return nil
+					}
+					bundleBytes = sbb
+				}
 			}
 		}
 		return nil
@@ -422,12 +439,12 @@ func BuildAndValidateBundle(path string) ([]byte, error) {
 	if len(bundleBytes) <= 2 {
 		return nil, errors.New("no valid graphman bundles were found")
 	}
-
+	bundle := graphman.Bundle{}
 	r := bytes.NewReader(bundleBytes)
 	d := json.NewDecoder(r)
 	d.DisallowUnknownFields()
 	_ = json.Unmarshal(bundleBytes, &bundle)
-	// check the graphman bundle for errors
+
 	err = d.Decode(&bundle)
 	if err != nil {
 		return nil, err