From 33433a953e6a3fffad1dcc424b9d12c72e543770 Mon Sep 17 00:00:00 2001
From: Antonio Gurgel <antonio@goorzhel.com>
Date: Sun, 19 Nov 2023 13:19:32 -0800
Subject: [PATCH] Build namespaces

I initially thought this would be just another release in
`releases/common/namespaces`, but there's a lot more potential
than that.
---
 flake.nix              | 14 ++++++++++----
 lib/default.nix        |  1 +
 lib/flake-builders.nix |  7 +++++++
 lib/output.sh          | 15 +++++++++------
 lib/rake.nix           | 22 ++++++++++++++++++++--
 lib/resources.nix      |  7 +++++++
 namespaces.nix         |  9 +++++++++
 7 files changed, 63 insertions(+), 12 deletions(-)
 create mode 100644 lib/resources.nix
 create mode 100644 namespaces.nix

diff --git a/flake.nix b/flake.nix
index b69f0cf..f8ce267 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,11 +26,15 @@
     nixhelm,
     devshell,
   }: let
-    rakeLeaves = (import ./lib/rake.nix).rakeLeaves;
+    rake = import ./lib/rake.nix;
   in
     {
-      releaseData = rakeLeaves ./releases;
-      repos = rakeLeaves ./charts;
+      releaseData = rake.leaves ./releases;
+      repos = rake.leaves ./charts;
+      namespaces = rake.namespaces {
+        root = ./releases;
+        extraMetadata = import ./namespaces.nix;
+      };
     }
     // flake-utils.lib.eachDefaultSystem (system: let
       pkgs = import nixpkgs {
@@ -49,6 +53,7 @@
       charts = flake-builders.fetchCharts self.repos;
       releases = flake-builders.buildReleases self.releaseData;
       extras = flake-builders.buildExtras self.releaseData;
+      namespaces = flake-builders.buildNamespaces self.namespaces;
 
       collectDerivations = with pkgs.lib; attrsets.collect isDerivation;
     in {
@@ -56,7 +61,7 @@
         inherit charts;
 
         # Useful for debugging; will go to own flake eventually.
-        inherit releases extras;
+        inherit releases extras namespaces;
         inherit (self) releaseData;
 
         # Each of the leaves of the `releases` and `extras` attrsets
@@ -69,6 +74,7 @@
 
           release_drvs = collectDerivations releases;
           extra_drvs = collectDerivations extras;
+          namespace_drv = namespaces;
 
           src = builtins.path {
             path = ./.;
diff --git a/lib/default.nix b/lib/default.nix
index 363c98e..790edc1 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -6,5 +6,6 @@
   app-template = import ./app-template.nix {inherit charts kubelib pkgs;};
   builders = import ./builders.nix {inherit kubelib pkgs;};
   fetchers = import ./fetchers.nix {inherit kubelib pkgs;};
+  resources = import ./resources.nix;
   eureka = import ./eureka {inherit app-template pkgs;};
 }
diff --git a/lib/flake-builders.nix b/lib/flake-builders.nix
index de29873..0388732 100644
--- a/lib/flake-builders.nix
+++ b/lib/flake-builders.nix
@@ -60,4 +60,11 @@ with builtins; {
           else {}
       ))
       releases);
+
+  buildNamespaces = namespaces:
+    lib.builders.buildYAMLStream {
+      name = "namespaces";
+      namespace = "CLUSTER";
+      objs = namespaces;
+    };
 }
diff --git a/lib/output.sh b/lib/output.sh
index 3973af8..932efd3 100644
--- a/lib/output.sh
+++ b/lib/output.sh
@@ -3,9 +3,10 @@
 # Silence shellcheck SC2154 for these vars but not all others.
 : "${src:-}"
 : "${out:-}"
-# packages.*.default environment inputs:
+# `packages.*.default` environment inputs:
 : "${release_drvs:-}"
 : "${extra_drvs:-}"
+: "${namespace_drv:-}"
 
 copy_drv_output(){
   drvs=$1
@@ -25,6 +26,12 @@ copy_drv_output(){
   done
 }
 
+find_for_kustomization() {
+  find . -mindepth 1 -maxdepth 1 \( -type d -o -name '*.yaml' \) \
+  | grep -Ev "(values|sops|kustomization).yaml$" \
+  | sed 's|^./||'  # redundant in Kustomizations
+}
+
 find "$src/releases" -type d \
 | grep -v "^${src}/releases$" \
 | cut -d/ -f6- \
@@ -46,11 +53,7 @@ do
   fi
 done
 
-find_for_kustomization() {
-  find . -mindepth 1 -maxdepth 1 \( -type d -o -name '*.yaml' \) \
-  | grep -Ev "(values|sops|kustomization).yaml$" \
-  | sed 's|^./||'  # redundant in Kustomizations
-}
+cp "$namespace_drv" "$out/releases/namespaces.yaml"
 
 find "$out/releases" -type d \
 | while read -r dir;
diff --git a/lib/rake.nix b/lib/rake.nix
index 08a3cf0..92a812b 100644
--- a/lib/rake.nix
+++ b/lib/rake.nix
@@ -1,5 +1,5 @@
 let
-  ls = dir: builtins.attrNames (builtins.readDir dir);
+  ls = dir: with builtins; attrNames (readDir dir);
 
   # e.g.: `dirToAttrs ./src "svc"` renders
   # {name = "svc"; value = {"sota-slack-spotter" = <lambda>, ...};}
@@ -18,9 +18,27 @@ let
         })
         (ls dir));
   };
+
+  mkNamespace = (import ./resources.nix).mkNamespace;
 in {
-  rakeLeaves = root:
+  leaves = root:
     builtins.listToAttrs (
       map (dirToAttrs root) (ls root)
     );
+
+  namespaces = {
+    root,
+    extraMetadata ? {},
+  }:
+    map
+    (name: let
+      metadata = with builtins;
+      # Can't use `set?name` or `set.name`
+      # because "name" is taken literally.
+        if hasAttr name extraMetadata
+        then getAttr name extraMetadata
+        else {};
+    in
+      mkNamespace name metadata)
+    (ls root);
 }
diff --git a/lib/resources.nix b/lib/resources.nix
new file mode 100644
index 0000000..71a30c5
--- /dev/null
+++ b/lib/resources.nix
@@ -0,0 +1,7 @@
+{
+  mkNamespace = name: extraMetadata: {
+    apiVersion = "v1";
+    kind = "Namespace";
+    metadata = {inherit name;} // extraMetadata;
+  };
+}
diff --git a/namespaces.nix b/namespaces.nix
new file mode 100644
index 0000000..1d7b281
--- /dev/null
+++ b/namespaces.nix
@@ -0,0 +1,9 @@
+# Assign extra metadata here. For example,
+# `svc = {labels."istio.io/rev" = "1-18-1"}`
+# is the equivalent of
+# `k label ns/svc istio.io/rev=1-18-1`
+let
+  istioNs = rev: {labels."istio.io/rev" = rev;};
+in {
+  svc = istioNs "1-18-1";
+}