fixup tests

lib/default.nix

@@ -0,0 +1,7 @@
+{ lib, pkgs }:
+
+{
+  k8s = import ./k8s { inherit lib; };
+  docker = import ./docker { inherit lib pkgs; };
+  helm = import ./helm { inherit pkgs; };
+}

lib/docker/default.nix

@@ -0,0 +1,17 @@
+{ lib, pkgs }:
+
+with lib;
+
+{
+  copyDockerImages = { images, dest, args ? "" }:
+    pkgs.writeScript "copy-docker-images.sh" (concatMapStrings
+      (image: ''
+        #!${pkgs.runtimeShell}
+
+        set -e
+
+        echo "copying '${image.imageName}:${image.imageTag}' to '${dest}/${image.imageName}:${image.imageTag}'"
+        ${pkgs.skopeo}/bin/skopeo copy ${args} $@ docker-archive:${image} ${dest}/${image.imageName}:${image.imageTag}
+      '')
+      images);
+}

lib/helm/chart2json.nix

@@ -0,0 +1,54 @@
+{ stdenvNoCC, lib, kubernetes-helm, gawk, remarshal, jq }:
+
+with lib;
+
+{
+  # chart to template
+  chart
+
+  # release name
+, name
+
+  # namespace to install release into
+, namespace ? null
+
+  # values to pass to chart
+, values ? { }
+
+  # kubernetes version to template chart for
+, kubeVersion ? null
+}:
+let
+  valuesJsonFile = builtins.toFile "${name}-values.json" (builtins.toJSON values);
+in
+stdenvNoCC.mkDerivation {
+  name = "${name}.json";
+  buildCommand = ''
+    # template helm file and write resources to yaml
+    helm template "${name}" \
+      ${optionalString (kubeVersion != null) "--api-versions ${kubeVersion}"} \
+      ${optionalString (namespace != null) "--namespace ${namespace}"} \
+      ${optionalString (values != { }) "-f ${valuesJsonFile}"} \
+      ${chart} >resources.yaml
+
+    # split multy yaml file into multiple files
+    awk 'BEGIN{i=1}{line[i++]=$0}END{j=1;n=0; while (j<i) {if (line[j] ~ /^---/) n++; else print line[j] >>"resource-"n".yaml"; j++}}' resources.yaml
+
+    # join multiple yaml files in jsonl file
+    for file in ./resource-*.yaml
+    do
+      remarshal -i $file -if yaml -of json >>resources.jsonl
+    done
+
+    # convert jsonl file to json array, remove null values and write to $out
+    cat resources.jsonl | jq -Scs 'walk(
+      if type == "object" then
+        with_entries(select(.value != null))
+      elif type == "array" then
+        map(select(. != null))
+      else
+        .
+      end)' > $out
+  '';
+  nativeBuildInputs = [ kubernetes-helm gawk remarshal jq ];
+}

lib/helm/default.nix

@@ -0,0 +1,6 @@
+{ pkgs }:
+
+{
+  chart2json = pkgs.callPackage ./chart2json.nix { };
+  fetch = pkgs.callPackage ./fetchhelm.nix { };
+}

lib/helm/fetchhelm.nix

@@ -0,0 +1,50 @@
+{ stdenvNoCC, lib, kubernetes-helm, cacert }:
+let
+  cleanName = name: lib.replaceStrings [ "/" ] [ "-" ] name;
+
+in
+{
+  # name of the chart
+  chart
+
+  # chart url to fetch from custom location
+, chartUrl ? null
+
+  # version of the chart
+, version ? null
+
+  # chart hash
+, sha256
+
+  # whether to extract chart
+, untar ? true
+
+  # use custom charts repo
+, repo ? null
+
+  # pass --verify to helm chart
+, verify ? false
+
+  # pass --devel to helm chart
+, devel ? false
+}: stdenvNoCC.mkDerivation {
+  name = "${cleanName chart}-${if version == null then "dev" else version}";
+
+  buildCommand = ''
+    export HOME="$PWD"
+    echo "adding helm repo"
+    ${if repo == null then "" else "helm repo add repository ${repo}"}
+    echo "fetching helm chart"
+    helm fetch -d ./chart \
+      ${if untar then "--untar" else ""} \
+      ${if version == null then "" else "--version ${version}"} \
+      ${if devel then "--devel" else ""} \
+      ${if verify then "--verify" else ""} \
+      ${if chartUrl == null then (if repo == null then chart else "repository/${chart}") else chartUrl}
+    cp -r chart/*/ $out
+  '';
+  outputHashMode = "recursive";
+  outputHashAlgo = "sha256";
+  outputHash = sha256;
+  nativeBuildInputs = [ kubernetes-helm cacert ];
+}

lib/helm/test.nix

@@ -0,0 +1,43 @@
+{ pkgs ? import <nixpkgs> { } }:
+let
+  fetchhelm = pkgs.callPackage ./fetchhelm.nix { };
+  chart2json = pkgs.callPackage ./chart2json.nix { };
+in
+rec {
+  postgresql-chart = fetchhelm {
+    chart = "stable/postgresql";
+    version = "0.18.1";
+    sha256 = "1p3gfmaakxrqb4ncj6nclyfr5afv7xvcdw95c6qyazfg72h3zwjn";
+  };
+
+  istio-chart = fetchhelm {
+    chart = "istio";
+    version = "1.1.0";
+    repo = "https://storage.googleapis.com/istio-release/releases/1.1.0-rc.0/charts";
+    sha256 = "0ippv2914hwpsb3kkhk8d839dii5whgrhxjwhpb9vdwgji5s7yfl";
+  };
+
+  istio-official-chart = pkgs.fetchgit {
+    url = "https://github.com/fyery-chen/istio-helm";
+    rev = "47e235e775314daeb88a3a53689ed66c396ecd3f";
+    sha256 = "190sfyvhdskw6ijy8cprp6hxaazn7s7mg5ids4snshk1pfdg2q8h";
+  };
+
+  postgresql-json = chart2json {
+    name = "postgresql";
+    chart = postgresql-chart;
+    values = {
+      networkPolicy.enabled = true;
+    };
+  };
+
+  istio-json = chart2json {
+    name = "istio";
+    chart = istio-chart;
+  };
+
+  istio-official-json = chart2json {
+    name = "istio-official";
+    chart = "${istio-official-chart}/istio-official";
+  };
+}

lib/k8s/default.nix

@@ -0,0 +1,65 @@
+{ lib }:
+
+with lib;
+
+rec {
+  # TODO: refactor with mkOptionType
+  mkSecretOption = { description ? "", default ? { }, allowNull ? true }: mkOption {
+    inherit description;
+    type = (if allowNull then types.nullOr else id) (types.submodule {
+      options = {
+        name = mkOption ({
+          description = "Name of the secret where secret is stored";
+          type = types.str;
+          default = default.name;
+        } // (optionalAttrs (default ? "name") {
+          default = default.name;
+        }));
+
+        key = mkOption ({
+          description = "Name of the key where secret is stored";
+          type = types.str;
+        } // (optionalAttrs (default ? "key") {
+          default = default.key;
+        }));
+      };
+    });
+    default = if default == null then null else { };
+  };
+
+  secretToEnv = value: {
+    valueFrom.secretKeyRef = {
+      inherit (value) name key;
+    };
+  };
+
+  # Creates kubernetes list from a list of kubernetes objects
+  mkList = { items, labels ? { } }: {
+    kind = "List";
+    apiVersion = "v1";
+
+    inherit items labels;
+  };
+
+  # Creates hashed kubernetes list from a list of kubernetes objects
+  mkHashedList = { items, labels ? { } }:
+    let
+      hash = builtins.hashString "sha1" (builtins.toJSON items);
+
+      labeledItems = map
+        (item: recursiveUpdate item {
+          metadata.labels."kubenix/hash" = hash;
+        })
+        items;
+
+    in
+    mkList {
+      items = labeledItems;
+      labels = {
+        "kubenix/hash" = hash;
+      } // labels;
+    };
+
+  toBase64 = lib.toBase64;
+  octalToDecimal = lib.octalToDecimal;
+}

lib/upstreamables.nix

@@ -0,0 +1,36 @@
+{ lib, pkgs }:
+
+with lib;
+
+let self = {
+
+  importYAML = path: importJSON (pkgs.runCommand "yaml-to-json" { } ''
+    ${pkgs.remarshal}/bin/remarshal -i ${path} -if yaml -of json > $out
+  '');
+
+  toYAML = config: builtins.readFile (pkgs.runCommand "to-yaml" { } ''
+    ${pkgs.remarshal}/bin/remarshal -i ${pkgs.writeText "to-json" (builtins.toJSON config)} -if json -of yaml > $out
+  '');
+
+  toMultiDocumentYaml = name: documents: pkgs.runCommand name { }
+    (concatMapStringsSep "\necho --- >> $out\n"
+      (d:
+        "${pkgs.remarshal}/bin/remarshal -i ${builtins.toFile "doc" (builtins.toJSON d)} -if json -of yaml >> $out"
+      )
+      documents);
+
+  toBase64 = value:
+    builtins.readFile
+      (pkgs.runCommand "value-to-b64" { } "echo -n '${value}' | ${pkgs.coreutils}/bin/base64 -w0 > $out");
+
+  exp = base: exp: foldr (value: acc: acc * base) 1 (range 1 exp);
+
+  octalToDecimal = value: (foldr
+    (char: acc: {
+      i = acc.i + 1;
+      value = acc.value + (toInt char) * (self.exp 8 acc.i);
+    })
+    { i = 0; value = 0; }
+    (stringToCharacters value)).value;
+};
+in self