zarf-dev · AustinAbro321 · Nov 5, 2024 · Nov 5, 2024 · Nov 5, 2024 · Nov 5, 2024
@@ -6,4 +6,4 @@ USER 65532:65532
 
 COPY --chown=65532:65532 "build/zarf-linux-$TARGETARCH" /zarf
 
-CMD ["/zarf", "internal", "agent", "-l=trace", "--no-log-file"]
+CMD ["/zarf", "internal", "agent", "--log-level=debug", "--log-format=text", "--no-log-file"]
@@ -594,12 +594,7 @@ $ zarf tools update-creds artifact --artifact-push-username={USERNAME} --artifac
 // Zarf Agent messages
 // These are only seen in the Kubernetes logs.
 const (
-	AgentInfoWebhookAllowed        = "Webhook [%s - %s] - Allowed: %t"
-	AgentInfoPort                  = "Server running in port: %s"
-	AgentWarnNotOCIType            = "Skipping HelmRepo mutation because the type is not OCI: %s"
-	AgentWarnSemVerRef             = "Detected a semver OCI ref (%s) - continuing but will be unable to guarantee against collisions if multiple OCI artifacts with the same name are brought in from different registries"
 	AgentErrBadRequest             = "could not read request body: %s"
-	AgentErrBindHandler            = "Unable to bind the webhook handler"
 	AgentErrCouldNotDeserializeReq = "could not deserialize request: %s"
 	AgentErrParsePod               = "failed to parse pod: %w"
 	AgentErrHostnameMatch          = "failed to complete hostname matching: %w"

@@ -13,7 +13,7 @@ import (
 	"github.com/zarf-dev/zarf/src/config/lang"
 	"github.com/zarf-dev/zarf/src/internal/agent/operations"
 	"github.com/zarf-dev/zarf/src/pkg/cluster"
-	"github.com/zarf-dev/zarf/src/pkg/message"
+	"github.com/zarf-dev/zarf/src/pkg/logger"
 	"github.com/zarf-dev/zarf/src/pkg/transform"
 	"github.com/zarf-dev/zarf/src/types"
 	v1 "k8s.io/api/admission/v1"
@@ -29,8 +29,8 @@ import (
 //
 // For more information: https://argo-cd.readthedocs.io/en/stable/user-guide/import/
 type Application struct {
-	Spec ApplicationSpec `json:"spec"`
-	metav1.ObjectMeta
+	Spec              ApplicationSpec `json:"spec"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
 }
 
 // ApplicationSpec represents desired application state. Contains link to repository with application definition.
@@ -60,21 +60,24 @@ func NewApplicationMutationHook(ctx context.Context, cluster *cluster.Cluster) o
 
 // mutateApplication mutates the git repository url to point to the repository URL defined in the ZarfState.
 func mutateApplication(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (*operations.Result, error) {
+	l := logger.From(ctx)
 	state, err := cluster.LoadZarfState(ctx)
 	if err != nil {
 		return nil, err
 	}
 
-	message.Debugf("Using the url of (%s) to mutate the ArgoCD Application", state.GitServer.Address)
-
 	app := Application{}
 	if err = json.Unmarshal(r.Object.Raw, &app); err != nil {
 		return nil, fmt.Errorf(lang.ErrUnmarshal, err)
 	}
 
+	l.Info("using the Zarf git server URL to mutate the ArgoCD Application",
+		"name", app.Name,
+		"git-server", state.GitServer.Address)
+
 	patches := make([]operations.PatchOperation, 0)
 	if app.Spec.Source != nil {
-		patchedURL, err := getPatchedRepoURL(app.Spec.Source.RepoURL, state.GitServer, r)
+		patchedURL, err := getPatchedRepoURL(ctx, app.Spec.Source.RepoURL, state.GitServer, r)
 		if err != nil {
 			return nil, err
 		}
@@ -83,7 +86,7 @@ func mutateApplication(ctx context.Context, r *v1.AdmissionRequest, cluster *clu
 
 	if len(app.Spec.Sources) > 0 {
 		for idx, source := range app.Spec.Sources {
-			patchedURL, err := getPatchedRepoURL(source.RepoURL, state.GitServer, r)
+			patchedURL, err := getPatchedRepoURL(ctx, source.RepoURL, state.GitServer, r)
 			if err != nil {
 				return nil, err
 			}
@@ -99,7 +102,8 @@ func mutateApplication(ctx context.Context, r *v1.AdmissionRequest, cluster *clu
 	}, nil
 }
 
-func getPatchedRepoURL(repoURL string, gs types.GitServerInfo, r *v1.AdmissionRequest) (string, error) {
+func getPatchedRepoURL(ctx context.Context, repoURL string, gs types.GitServerInfo, r *v1.AdmissionRequest) (string, error) {
+	l := logger.From(ctx)
 	isCreate := r.Operation == v1.Create
 	isUpdate := r.Operation == v1.Update
 	patchedURL := repoURL
@@ -124,7 +128,7 @@ func getPatchedRepoURL(repoURL string, gs types.GitServerInfo, r *v1.AdmissionRe
 			return "", fmt.Errorf("%s: %w", AgentErrTransformGitURL, err)
 		}
 		patchedURL = transformedURL.String()
-		message.Debugf("original repoURL of (%s) got mutated to (%s)", repoURL, patchedURL)
+		l.Debug("mutated ArgoCD application repoURL to the Zarf URL", "original", repoURL, "mutated", patchedURL)
 	}
 
 	return patchedURL, nil

@@ -38,7 +38,7 @@ func TestArgoAppWebhook(t *testing.T) {
 		PushUsername: "a-push-user",
 	}}
 	c := createTestClientWithZarfState(ctx, t, state)
-	handler := admission.NewHandler().Serve(NewApplicationMutationHook(ctx, c))
+	handler := admission.NewHandler().Serve(ctx, NewApplicationMutationHook(ctx, c))
 
 	tests := []admissionTest{
 		{

@@ -14,7 +14,7 @@ import (
 	"github.com/zarf-dev/zarf/src/config/lang"
 	"github.com/zarf-dev/zarf/src/internal/agent/operations"
 	"github.com/zarf-dev/zarf/src/pkg/cluster"
-	"github.com/zarf-dev/zarf/src/pkg/message"
+	"github.com/zarf-dev/zarf/src/pkg/logger"
 	"github.com/zarf-dev/zarf/src/pkg/transform"
 	"github.com/zarf-dev/zarf/src/types"
 	v1 "k8s.io/api/admission/v1"
@@ -48,6 +48,7 @@ func NewRepositorySecretMutationHook(ctx context.Context, cluster *cluster.Clust
 
 // mutateRepositorySecret mutates the git URL in the ArgoCD repository secret to point to the repository URL defined in the ZarfState.
 func mutateRepositorySecret(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (*operations.Result, error) {
+	l := logger.From(ctx)
 	isCreate := r.Operation == v1.Create
 	isUpdate := r.Operation == v1.Update
 	var isPatched bool
@@ -57,13 +58,15 @@ func mutateRepositorySecret(ctx context.Context, r *v1.AdmissionRequest, cluster
 		return nil, err
 	}
 
-	message.Infof("Using the url of (%s) to mutate the ArgoCD Repository Secret", state.GitServer.Address)
-
 	secret := corev1.Secret{}
 	if err = json.Unmarshal(r.Object.Raw, &secret); err != nil {
 		return nil, fmt.Errorf(lang.ErrUnmarshal, err)
 	}
 
+	l.Info("using the Zarf git server URL to mutate the ArgoCD Repository secret",
+		"name", secret.Name,
+		"git-server", state.GitServer.Address)
+
 	url, exists := secret.Data["url"]
 	if !exists {
 		return nil, fmt.Errorf("url field not found in argocd repository secret data")
@@ -91,7 +94,7 @@ func mutateRepositorySecret(ctx context.Context, r *v1.AdmissionRequest, cluster
 			return nil, fmt.Errorf("unable the git url: %w", err)
 		}
 		patchedURL = transformedURL.String()
-		message.Debugf("original url of (%s) got mutated to (%s)", repoCreds.URL, patchedURL)
+		l.Debug("mutating the ArgoCD repository secret URL to the Zarf URL", "original", repoCreds.URL, "mutated", patchedURL)
 	}
 
 	patches := populateArgoRepositoryPatchOperations(patchedURL, state.GitServer)

@@ -43,7 +43,7 @@ func TestArgoRepoWebhook(t *testing.T) {
 		PullUsername: "a-pull-user",
 	}}
 	c := createTestClientWithZarfState(ctx, t, state)
-	handler := admission.NewHandler().Serve(NewRepositorySecretMutationHook(ctx, c))
+	handler := admission.NewHandler().Serve(ctx, NewRepositorySecretMutationHook(ctx, c))
 
 	tests := []admissionTest{
 		{

@@ -16,7 +16,7 @@ import (
 	"github.com/zarf-dev/zarf/src/config/lang"
 	"github.com/zarf-dev/zarf/src/internal/agent/operations"
 	"github.com/zarf-dev/zarf/src/pkg/cluster"
-	"github.com/zarf-dev/zarf/src/pkg/message"
+	"github.com/zarf-dev/zarf/src/pkg/logger"
 	"github.com/zarf-dev/zarf/src/pkg/transform"
 	v1 "k8s.io/api/admission/v1"
 )
@@ -38,6 +38,7 @@ func NewGitRepositoryMutationHook(ctx context.Context, cluster *cluster.Cluster)
 
 // mutateGitRepoCreate mutates the git repository url to point to the repository URL defined in the ZarfState.
 func mutateGitRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (*operations.Result, error) {
+	l := logger.From(ctx)
 	var (
 		patches   []operations.PatchOperation
 		isPatched bool
@@ -51,13 +52,15 @@ func mutateGitRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster
 		return nil, err
 	}
 
-	message.Debugf("Using the url of (%s) to mutate the flux repository", state.GitServer.Address)
-
 	repo := flux.GitRepository{}
 	if err = json.Unmarshal(r.Object.Raw, &repo); err != nil {
 		return nil, fmt.Errorf(lang.ErrUnmarshal, err)
 	}
 
+	l.Info("using the Zarf git server URL to mutate the Flux GitRepository",
+		"name", repo.Name,
+		"git-server", state.GitServer.Address)
+
 	// Check if this is an update operation and the hostname is different from what we have in the zarfState
 	// NOTE: We mutate on updates IF AND ONLY IF the hostname in the request is different than the hostname in the zarfState
 	// NOTE: We are checking if the hostname is different before because we do not want to potentially mutate a URL that has already been mutated.
@@ -78,7 +81,7 @@ func mutateGitRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster
 			return nil, fmt.Errorf("%s: %w", AgentErrTransformGitURL, err)
 		}
 		patchedURL = transformedURL.String()
-		message.Debugf("original git URL of (%s) got mutated to (%s)", repo.Spec.URL, patchedURL)
+		l.Debug("mutating the Flux GitRepository URL to the Zarf URL", "original", repo.Spec.URL, "mutated", patchedURL)
 	}
 
 	// Patch updates of the repo spec

@@ -42,7 +42,7 @@ func TestFluxMutationWebhook(t *testing.T) {
 		PushUsername: "a-push-user",
 	}}
 	c := createTestClientWithZarfState(ctx, t, state)
-	handler := admission.NewHandler().Serve(NewGitRepositoryMutationHook(ctx, c))
+	handler := admission.NewHandler().Serve(ctx, NewGitRepositoryMutationHook(ctx, c))
 
 	tests := []admissionTest{
 		{

@@ -17,7 +17,7 @@ import (
 	"github.com/zarf-dev/zarf/src/config/lang"
 	"github.com/zarf-dev/zarf/src/internal/agent/operations"
 	"github.com/zarf-dev/zarf/src/pkg/cluster"
-	"github.com/zarf-dev/zarf/src/pkg/message"
+	"github.com/zarf-dev/zarf/src/pkg/logger"
 	"github.com/zarf-dev/zarf/src/pkg/transform"
 	v1 "k8s.io/api/admission/v1"
 )
@@ -36,14 +36,15 @@ func NewHelmRepositoryMutationHook(ctx context.Context, cluster *cluster.Cluster
 
 // mutateHelmRepo mutates the repository url to point to the repository URL defined in the ZarfState.
 func mutateHelmRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (*operations.Result, error) {
+	l := logger.From(ctx)
 	src := &flux.HelmRepository{}
 	if err := json.Unmarshal(r.Object.Raw, &src); err != nil {
 		return nil, fmt.Errorf(lang.ErrUnmarshal, err)
 	}
 
 	// If we see a type of helm repo other than OCI we should flag a warning and return
 	if strings.ToLower(src.Spec.Type) != "oci" {
-		message.Warnf(lang.AgentWarnNotOCIType, src.Spec.Type)
+		l.Warn("skipping HelmRepository mutation because the type is not OCI", "type", src.Spec.Type)
 		return &operations.Result{Allowed: true}, nil
 	}
 
@@ -65,7 +66,9 @@ func mutateHelmRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluste
 		return nil, err
 	}
 
-	message.Debugf("Using the url of (%s) to mutate the flux HelmRepository", registryAddress)
+	l.Info("using the Zarf registry URL to mutate the Flux HelmRepository",
+		"name", src.Name,
+		"registry", registryAddress)
 
 	patchedSrc, err := transform.ImageTransformHost(registryAddress, src.Spec.URL)
 	if err != nil {
@@ -78,7 +81,7 @@ func mutateHelmRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluste
 	}
 	patchedURL := helpers.OCIURLPrefix + patchedRefInfo.Name
 
-	message.Debugf("original HelmRepo URL of (%s) got mutated to (%s)", src.Spec.URL, patchedURL)
+	l.Debug("mutating the Flux HelmRepository URL to the Zarf URL", "original", src.Spec.URL, "mutated", patchedURL)
 
 	patches := populateHelmRepoPatchOperations(patchedURL, zarfState.RegistryInfo.IsInternal())
 

@@ -167,7 +167,7 @@ func TestFluxHelmMutationWebhook(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			c := createTestClientWithZarfState(ctx, t, state)
-			handler := admission.NewHandler().Serve(NewHelmRepositoryMutationHook(ctx, c))
+			handler := admission.NewHandler().Serve(ctx, NewHelmRepositoryMutationHook(ctx, c))
 			if tt.svc != nil {
 				_, err := c.Clientset.CoreV1().Services("zarf").Create(ctx, tt.svc, metav1.CreateOptions{})
 				require.NoError(t, err)

@@ -16,7 +16,7 @@ import (
 	"github.com/zarf-dev/zarf/src/config/lang"
 	"github.com/zarf-dev/zarf/src/internal/agent/operations"
 	"github.com/zarf-dev/zarf/src/pkg/cluster"
-	"github.com/zarf-dev/zarf/src/pkg/message"
+	"github.com/zarf-dev/zarf/src/pkg/logger"
 	"github.com/zarf-dev/zarf/src/pkg/transform"
 	v1 "k8s.io/api/admission/v1"
 )
@@ -35,6 +35,7 @@ func NewOCIRepositoryMutationHook(ctx context.Context, cluster *cluster.Cluster)
 
 // mutateOCIRepo mutates the oci repository url to point to the repository URL defined in the ZarfState.
 func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (*operations.Result, error) {
+	l := logger.From(ctx)
 	src := &flux.OCIRepository{}
 	if err := json.Unmarshal(r.Object.Raw, &src); err != nil {
 		return nil, fmt.Errorf(lang.ErrUnmarshal, err)
@@ -47,7 +48,7 @@ func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster
 	// If we have a semver we want to continue since we wil still have the upstream tag
 	// but should warn that we can't guarantee there won't be collisions
 	if src.Spec.Reference.SemVer != "" {
-		message.Warnf(lang.AgentWarnSemVerRef, src.Spec.Reference.SemVer)
+		l.Warn("Detected a semver OCI ref, continuing but will be unable to guarantee against collisions if multiple OCI artifacts with the same name are brought in from different registries", "ref", src.Spec.Reference.SemVer)
 	}
 
 	if src.Labels != nil && src.Labels["zarf-agent"] == "patched" {
@@ -69,7 +70,9 @@ func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster
 	}
 
 	// For the internal registry this will be the ip & port of the service, it may look like 10.43.36.151:5000
-	message.Debugf("Using the url of (%s) to mutate the flux OCIRepository", registryAddress)
+	l.Info("using the Zarf registry URL to mutate the Flux OCIRepository",
+		"name", src.Name,
+		"registry", registryAddress)
 
 	ref := src.Spec.URL
 	if src.Spec.Reference.Digest != "" {
@@ -97,7 +100,7 @@ func mutateOCIRepo(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster
 		patchedRef.Tag = patchedRefInfo.Tag
 	}
 
-	message.Debugf("original OCIRepo URL of (%s) got mutated to (%s)", src.Spec.URL, patchedURL)
+	l.Debug("mutating the Flux OCIRepository URL to the Zarf URL", "original", src.Spec.URL, "mutated", patchedURL)
 
 	patches := populateOCIRepoPatchOperations(patchedURL, zarfState.RegistryInfo.IsInternal(), patchedRef)
 

@@ -196,7 +196,7 @@ func TestFluxOCIMutationWebhook(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			t.Parallel()
 			c := createTestClientWithZarfState(ctx, t, state)
-			handler := admission.NewHandler().Serve(NewOCIRepositoryMutationHook(ctx, c))
+			handler := admission.NewHandler().Serve(ctx, NewOCIRepositoryMutationHook(ctx, c))
 			if tt.svc != nil {
 				_, err := c.Clientset.CoreV1().Services("zarf").Create(ctx, tt.svc, metav1.CreateOptions{})
 				require.NoError(t, err)

@@ -13,6 +13,7 @@ import (
 	"github.com/zarf-dev/zarf/src/config/lang"
 	"github.com/zarf-dev/zarf/src/internal/agent/operations"
 	"github.com/zarf-dev/zarf/src/pkg/cluster"
+	"github.com/zarf-dev/zarf/src/pkg/logger"
 	"github.com/zarf-dev/zarf/src/pkg/transform"
 	v1 "k8s.io/api/admission/v1"
 
@@ -46,6 +47,7 @@ func getImageAnnotationKey(containerName string) string {
 }
 
 func mutatePod(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Cluster) (*operations.Result, error) {
+	l := logger.From(ctx)
 	pod, err := parsePod(r.Object.Raw)
 	if err != nil {
 		return nil, fmt.Errorf(lang.AgentErrParsePod, err)
@@ -65,6 +67,9 @@ func mutatePod(ctx context.Context, r *v1.AdmissionRequest, cluster *cluster.Clu
 	}
 	registryURL := state.RegistryInfo.Address
 
+	// Pods do not have a metadata.name at the time of admission if from a deployment so we don't log the name
+	l.Info("using the Zarf registry URL to mutate the Pod", "registry", registryURL)
+
 	var patches []operations.PatchOperation
 
 	// Add the zarf secret to the podspec

@@ -39,7 +39,7 @@ func TestPodMutationWebhook(t *testing.T) {
 
 	state := &types.ZarfState{RegistryInfo: types.RegistryInfo{Address: "127.0.0.1:31999"}}
 	c := createTestClientWithZarfState(ctx, t, state)
-	handler := admission.NewHandler().Serve(NewPodMutationHook(ctx, c))
+	handler := admission.NewHandler().Serve(ctx, NewPodMutationHook(ctx, c))
 
 	tests := []admissionTest{
 		{
Original file line number	Diff line number	Diff line change
Expand Up		@@ -6,4 +6,4 @@ USER 65532:65532

		COPY --chown=65532:65532 "build/zarf-linux-$TARGETARCH" /zarf

		CMD ["/zarf", "internal", "agent", "-l=trace", "--no-log-file"]
		CMD ["/zarf", "internal", "agent", "--log-level=debug", "--log-format=text", "--no-log-file"]