kube_deploy_tools 3.0.5

data/lib/kube_deploy_tools/built_artifacts_file.rb

@@ -0,0 +1,28 @@
+require 'set'
+require 'yaml'
+
+module KubeDeployTools
+  class BuiltArtifactsFile
+    attr_accessor :build_id, :images, :extra_files
+
+    def initialize(file)
+      config = {}
+      if File.exist? file and YAML.load_file file
+        config = YAML.load_file(file)
+      end
+
+      @images = config.fetch('images', []).to_set
+      @extra_files = config.fetch('extra_files', []).to_set
+      @build_id = config['build_id'] # ok to be nil
+    end
+
+    def write(file)
+      config = {
+        'build_id' => build_id,
+        'extra_files' => extra_files.to_a,
+        'images' => images.to_a
+      }
+      file.write(config.to_yaml)
+    end
+  end
+end

data/lib/kube_deploy_tools/concurrency.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module KubernetesDeploy
+  module Concurrency
+    MAX_THREADS = 8
+
+    def self.split_across_threads(all_work, &block)
+      return if all_work.empty?
+      raise ArgumentError, "Block of work is required" unless block_given?
+
+      slice_size = ((all_work.length + MAX_THREADS - 1) / MAX_THREADS)
+      threads = []
+      all_work.each_slice(slice_size) do |work_group|
+        threads << Thread.new { work_group.each(&block) }
+      end
+      threads.each(&:join)
+    end
+  end
+end

data/lib/kube_deploy_tools/deferred_summary_logging.rb

@@ -0,0 +1,69 @@
+require 'colorized_string'
+
+module KubeDeployTools
+  # Adds the methods to your Logger class.
+  # These methods include helpers for logging consistent headings, as well as facilities for
+  # displaying key information later, in a summary section, rather than when it occurred.
+  module DeferredSummaryLogging
+    attr_reader :summary
+    def initialize(*args)
+      reset
+      super
+    end
+
+    def reset
+      @summary = DeferredSummary.new
+      @current_phase = 0
+    end
+
+    def blank_line(level = :info)
+      public_send(level, "")
+    end
+
+    def phase_heading(phase_name)
+      @current_phase += 1
+      heading("Phase #{@current_phase}: #{phase_name}")
+    end
+
+    def heading(text, secondary_msg = '', secondary_msg_color = :cyan)
+      padding = (100.0 - (text.length + secondary_msg.length)) / 2
+      blank_line
+      part1 = ColorizedString.new("#{'-' * padding.floor}#{text}").cyan
+      part2 = ColorizedString.new(secondary_msg).colorize(secondary_msg_color)
+      part3 = ColorizedString.new('-' * padding.ceil).cyan
+      info(part1 + part2 + part3)
+    end
+
+    # Outputs the deferred summary information saved via @logger.summary.add_paragraph
+    def print_summary(success)
+      if success
+        heading("Result: ", "SUCCESS", :green)
+        level = :info
+      else
+        heading("Result: ", "FAILURE", :red)
+        level = :fatal
+      end
+
+      summary.paragraphs.each do |para|
+        blank_line(level)
+        msg_lines = para.split("\n")
+        msg_lines.each { |line| public_send(level, line) }
+      end
+    end
+
+    class DeferredSummary
+      attr_reader :paragraphs
+
+      def initialize
+        @paragraphs = []
+      end
+
+      # Adds a paragraph to be displayed in the summary section
+      # Paragraphs will be printed in the order they were added, separated by a blank line
+      # This can be used to log a block of data on a particular topic, e.g. debug info for a particular failed resource
+      def add_paragraph(paragraph)
+        paragraphs << paragraph
+      end
+    end
+  end
+end

data/lib/kube_deploy_tools/deploy.rb

@@ -0,0 +1,215 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'set'
+require 'yaml'
+require 'date'
+require 'kube_deploy_tools/errors'
+require 'kube_deploy_tools/formatted_logger'
+require 'kube_deploy_tools/kubernetes_resource'
+require 'kube_deploy_tools/kubernetes_resource/deployment'
+require 'kube_deploy_tools/concurrency'
+require 'kube_deploy_tools/file_filter'
+
+# NOTE(jmodes): the order matters, and predeploy resources will be deployed
+# in order.
+# e.g. Namespaces will be deployed before Services and ConfigMaps, which
+# are namespaced resources that may depend on deploying Namespaces first.
+PREDEPLOY_RESOURCES = %w[
+  Namespace
+  StorageClass
+  ServiceAccount
+  ClusterRole
+  Role
+  ClusterRoleBinding
+  RoleBinding
+  CustomResourceDefinition
+  ThirdPartyResource
+  ConfigMap
+  Service
+].freeze
+
+module KubeDeployTools
+  class Deploy
+    def initialize(
+      kubectl:,
+      namespace: nil,
+      input_path:,
+      glob_files: [],
+      max_retries: 3,
+      retry_delay: 1
+    )
+      @kubectl = kubectl
+      @namespace = namespace
+      @input_path = input_path
+
+      if !File.exists?(@input_path)
+        Logger.error("Path doesn't exist: #{@input_path}")
+        raise ArgumentError, "Path doesn't exist #{@input_path}"
+      elsif File.directory?(@input_path)
+        @glob_files = glob_files
+        @filtered_files = FileFilter
+                          .filter_files(filters: @glob_files, files_path: @input_path)
+                          .select { |f| f.end_with?('.yml', '.yaml') }
+      elsif File.file?(@input_path)
+        @filtered_files = [@input_path]
+        if !@glob_files.nil? && @glob_files.length > 0
+          Logger.error("Single-file artifacts do not support glob exclusions: #{@input_path}")
+          raise ArgumentError
+        end
+      end
+
+      @max_retries = max_retries.nil? ? 3 : max_retries.to_i
+      @retry_delay = retry_delay.to_i
+    end
+
+    def do_deploy(dry_run)
+      success = false
+      Logger.reset
+      Logger.phase_heading('Initializing deploy')
+      Logger.warn('Running in dry-run mode') if dry_run
+
+      if !@namespace.nil? && @namespace != 'default'
+        Logger.warn("Deploying to non-default Namespace: #{@namespace}")
+      end
+
+      resources = read_resources(@filtered_files)
+
+      Logger.phase_heading('Checking initial resource statuses')
+      KubernetesDeploy::Concurrency.split_across_threads(resources, &:sync)
+
+      Logger.phase_heading('Checking deployment replicas match')
+      deployments = resources
+                    .select { |resource| resource.definition['kind'] == 'Deployment' }
+      KubernetesDeploy::Concurrency.split_across_threads(deployments, &:warn_replicas_mismatch)
+
+      Logger.phase_heading('Deploying all resources')
+      # Deploy predeploy resources first, in order.
+      # Then deploy the remaining resources in any order.
+      deploy_resources = resources.sort_by do |r|
+        PREDEPLOY_RESOURCES.index(r.definition['kind']) || PREDEPLOY_RESOURCES.length
+      end
+
+      kubectl_apply(deploy_resources, dry_run: dry_run)
+
+      success = true
+    ensure
+      Logger.print_summary(success)
+      success
+    end
+
+    def run(dry_run: true)
+      do_deploy(dry_run)
+    end
+
+    def project_info
+      git_commit, git_project = git_annotations
+      # send a notification about the deployed code
+      {
+        'git_commit': git_commit,
+        'git_project': git_project,
+        'kubernetes-cluster': kubectl_cluster_server,
+        'kubernetes-cluster-name': kubectl_cluster_name,
+        'time': DateTime.now,
+        'user': current_user
+      }
+    end
+
+    def read_resources(filtered_files = Dir[File.join(@input_path, '**', '*')])
+      resources = []
+      filtered_files.each do |filepath|
+        resource_definition(filepath) do |resource|
+          resources << resource
+        end
+      end
+      resources
+    end
+
+    def resource_definition(filepath)
+      read_resource_definition(filepath) do |resource_definition|
+        yield KubeDeployTools::KubernetesResource.build(
+          definition: resource_definition,
+          kubectl: @kubectl
+        )
+      end
+    end
+
+    def git_annotations
+      resource_definition(@filtered_files.first) do |resource|
+        if resource.annotations
+          git_commit  = resource.annotations['git_commit']
+          git_project = resource.annotations['git_project']
+          return [git_commit, git_project]
+        end
+      end
+      [nil, nil]
+    end
+
+    def read_resource_definition(filepath)
+      file_content = File.read(filepath)
+      YAML.load_stream(file_content) do |doc|
+        yield doc if !doc.nil? && !doc.empty?
+      end
+    rescue Psych::SyntaxError => e
+      debug_msg = <<~INFO
+        Error message: #{e}
+        Template content:
+        ---
+      INFO
+      debug_msg += file_content
+      Logger.debug(debug_msg)
+      raise FatalDeploymentError, "Template '#{filepath}' cannot be parsed"
+    end
+
+    def kubectl_apply(resources, dry_run: true)
+      resources.each do |resource|
+        @max_retries.times do |try|
+          args = ['apply', '-f', resource.filepath, "--dry-run=#{dry_run}"]
+          out, _, status = @kubectl.run(*args)
+          if status.success?
+            Logger.info(out)
+            break
+          elsif try < @max_retries - 1
+            sleep(@retry_delay)
+            next
+          end
+          raise FatalDeploymentError, "Failed to apply resource '#{resource.filepath}'"
+        end
+      end
+    end
+
+    def kubectl_cluster_name
+      args = ['config', 'view', '--minify', '--output=jsonpath={..clusters[0].name}']
+      name, _, status = @kubectl.run(*args)
+      unless status.success?
+        raise FatalDeploymentError, 'Failed to determine cluster name'
+      end
+      name
+    end
+
+    def kubectl_cluster_server
+      args = ['config', 'view', '--minify', '--output=jsonpath={..cluster.server}']
+      server, _, status = @kubectl.run(*args)
+      unless status.success?
+        raise FatalDeploymentError, 'Failed to determine cluster server'
+      end
+      server
+    end
+
+    def self.kube_namespace(context:, kubeconfig: nil)
+      args = [
+        'kubectl', 'config', 'view', '--minify', '--output=jsonpath={..namespace}',
+        "--context=#{context}"
+      ]
+      args.push("--kubeconfig=#{kubeconfig}") if kubeconfig.present?
+      namespace, = Shellrunner.check_call(*args)
+      namespace = 'default' if namespace.to_s.empty?
+
+      namespace
+    end
+
+    def current_user
+      Shellrunner.run_call('gcloud', 'config', 'list', 'account', '--format', 'value(core.account)')[0]
+    end
+  end
+end

data/lib/kube_deploy_tools/deploy/options.rb

@@ -0,0 +1,114 @@
+require 'optparse'
+
+require 'kube_deploy_tools/object'
+
+module KubeDeployTools
+  class Deploy::Optparser
+    class Options
+      attr_accessor :kubeconfig,
+        :context,
+        :from_files,
+        :project,
+        :flavor,
+        :artifact,
+        :build_number,
+        :dry_run,
+        :glob_files,
+        :pre_apply_hook,
+        :max_retries,
+        :retry_delay
+
+      def initialize
+        self.project = File.basename(`git config remote.origin.url`.chomp, '.git')
+        self.flavor = 'default'
+        self.dry_run = true
+        self.glob_files = []
+      end
+
+      def define_options(parser)
+        parser.on('-fPATH', '--from-files FILEPATH', 'Filename, directory, or artifact URL that contains the Kubernetes manifests to apply') do |p|
+          self.from_files = p
+        end
+
+        parser.on('--kubeconfig FILEPATH', 'Path to the kubconfig file to use for kubectl requests') do |p|
+          self.kubeconfig = p
+        end
+
+        parser.on('--context CONTEXT', 'The kubeconfig context to use') do |p|
+          self.context = p
+        end
+
+        parser.on('--project PROJECT', "The project to deploy. Default is '#{project}'.") do |p|
+          self.project = p
+        end
+
+        parser.on('--flavor FLAVOR', "The flavor to deploy. Default is '#{flavor}'") do |p|
+          self.flavor = p
+        end
+
+        parser.on('--artifact ARTIFACT', 'The artifact name to deploy') do |p|
+          self.artifact = p
+        end
+
+        parser.on('--build BUILD', 'The Jenkins build number to deploy') do |p|
+          self.build_number = p
+        end
+
+        parser.on('--dry-run DRY_RUN', TrueClass, "If true, will only dry-run apply Kubernetes manifests without sending them to the apiserver. Default is dry-run mode: #{dry_run}.") do |p|
+          self.dry_run = p
+        end
+
+        parser.on('--include INCLUDE', "Include glob pattern. Example: --include=**/* will include every file. Default is ''.") do |p|
+          self.glob_files.push(["include_files", p])
+        end
+
+        parser.on('--exclude EXCLUDE', "Exclude glob pattern. Example: --exclude=**/gazette/* will exclude every file in gazette folder. Default is ''.") do |p|
+          self.glob_files.push(["exclude_files", p])
+        end
+
+        parser.on('--include-dir INCLUDE', "Recursively include all files in a directory and its subdirectories. Example: --include-dir=gazette/ (equivalent of --include=**/gazette/**/*)") do |p|
+          self.glob_files.push(["include_dir", p])
+        end
+
+        parser.on('--exclude-dir EXCLUDE', "Recursively exclude all files in a directory and its subdirectories. Example: --exclude-dir=gazette/ (equivalent of --exclude=**/gazette/**/*)") do |p|
+          self.glob_files.push(["exclude_dir", p])
+        end
+
+        parser.on("--pre-apply-hook CMD", "Shell command to run with the output directory before applying files") do |p|
+          self.pre_apply_hook = p
+        end
+
+        parser.on('--retry NUM', 'Maximum number of times to retry') do |p|
+          self.max_retries = p
+        end
+
+        parser.on('--retry-delay NUM', 'Delay in seconds between retries') do |p|
+          self.retry_delay = p
+        end
+
+        parser.on('-')
+      end
+
+      def require_options
+        raise ArgumentError, 'Expect --context to be provided' if context.blank?
+
+        files_mode = from_files.present? && (artifact.blank? && build_number.blank?)
+        deploy_artifact_mode = from_files.blank? && (artifact.present? && flavor.present? && build_number.present?)
+
+        if !files_mode && !deploy_artifact_mode
+          raise ArgumentError, 'Expect either --from-files or all of [--artifact, --flavor, --build] to be provided'
+        end
+      end
+    end
+
+    def parse(args)
+      @options = Options.new
+      OptionParser.new do |parser|
+        @options.define_options(parser)
+        parser.parse(args)
+        @options.require_options
+      end
+      @options
+    end
+  end
+end

data/lib/kube_deploy_tools/deploy_config_file.rb

@@ -0,0 +1,286 @@
+require 'pathname'
+require 'set'
+require 'yaml'
+
+require 'kube_deploy_tools/deploy_config_file/util'
+require 'kube_deploy_tools/deploy_config_file/deep_merge'
+require 'kube_deploy_tools/formatted_logger'
+require 'kube_deploy_tools/image_registry'
+require 'kube_deploy_tools/shellrunner'
+require 'kube_deploy_tools/artifact_registry'
+
+DEPLOY_YAML = 'deploy.yaml'
+
+module KubeDeployTools
+  PROJECT = ENV['JOB_NAME'] || File.basename(`git config remote.origin.url`.chomp, '.git')
+  BUILD_NUMBER = ENV.fetch('BUILD_ID', 'dev')
+
+  # Read-only model for the deploy.yaml configuration file.
+  class DeployConfigFile
+    attr_accessor :artifacts, :default_flags, :flavors, :hooks, :image_registries, :valid_image_registries, :expiration, :artifact_registries, :artifact_registry
+
+    include DeployConfigFileUtil
+
+    # TODO(joshk): Refactor into initialize(fp) which takes a file-like object;
+    # after this, auto discovery should go into DeployConfigFile.locate
+    # classmethod.  This would require erasing auto-upgrade capability, which
+    # should be possible if we major version bump.
+    def initialize(filename)
+      config = nil
+      if !filename.nil? && Pathname.new(filename).absolute?
+        config = YAML.load_file(filename)
+      else
+        original_dir = Dir.pwd
+        changed_dir = false
+        until Dir.pwd == '/'
+          # Try looking for filename specified by user.
+          # If no filename was specified by the user, then look for
+          # deploy.yml or deploy.yaml.
+          if !filename.nil? && File.exist?(filename)
+            config = YAML.load_file(filename)
+            break
+          elsif filename.nil? && File.exist?(DEPLOY_YAML)
+            filename = DEPLOY_YAML
+            config = YAML.load_file(filename)
+            break
+          end
+
+          # KDT should run in the directory containing the deploy config file.
+          changed_dir = true
+          Dir.chdir('..')
+        end
+        if config.nil?
+          Dir.chdir(original_dir)
+          if ! filename.nil?
+            raise "Could not locate file: config file '#{filename}' in any directory"
+          else
+            raise "Could not locate file: config file '#{DEPLOY_YAML}' in any directory"
+          end
+        end
+        if changed_dir
+          Logger.warn "Changed directory to #{Dir.pwd} (location of #{filename})"
+        end
+      end
+      @filename = filename
+      @original_config = config
+
+      version = config.fetch('version', 1)
+      check_and_warn(
+        config.has_key?('version'),
+        'Expected .version to be specified, but .version is missing. Falling back to version 1 config schema')
+      check_and_err([1, 2].include?(version), "Expected valid version, but received unsupported version '#{version}'")
+
+      case version
+      when 2
+        fetch_and_parse_version2_config!
+      else
+        raise "Unsupported version #{version}"
+      end
+    end
+
+    def fetch_and_parse_version2_config!
+      # The literal contents of your deploy.yaml are now populated into |self|.
+      config = @original_config
+      @image_registries = parse_image_registries(config.fetch('image_registries', []))
+      @default_flags = config.fetch('default_flags', {})
+      @artifacts = config.fetch('artifacts', [])
+      @flavors = config.fetch('flavors', {})
+      @hooks = config.fetch('hooks', ['default'])
+      @expiration = config.fetch('expiration', [])
+      @artifact_registries = parse_artifact_registries(config.fetch('artifact_registries', []))
+      @artifact_registry = parse_artifact_registry(config.fetch('artifact_registry', ''), @artifact_registries)
+
+      validate_default_flags
+      validate_flavors
+      validate_hooks
+      validate_expiration
+
+      # Augment these literal contents by resolving all libraries.
+      # extend! typically gives the current file precedence when merge conflicts occur,
+      # but the expected precedence of library inclusion is the reverse (library 2 should
+      # overwrite what library 1 specifies), so reverse the libraries list first.
+      config.fetch('libraries', []).reverse.each do |libfn|
+        extend!(load_library(libfn))
+      end
+
+      # Now that we have a complete list of image registries, validation is now possible.
+      # Note that this also populates @valid_image_registries.
+      validate_artifacts!
+    end
+
+    def parse_image_registries(image_registries)
+      check_and_err(image_registries.is_a?(Array), '.image_registries is not an Array')
+      image_registries = image_registries.map { |i| ImageRegistry.new(i) }
+
+      # Validate that only one instance of each driver is registered
+      duplicates = select_duplicates(image_registries.map { |i| i.name })
+      check_and_err(
+        duplicates.count == 0,
+        "Expected .image_registries names to be unique, but found duplicates: #{duplicates}"
+      )
+
+      image_registries
+        .map { |i| [i.name, i] }
+        .to_h
+    end
+
+    def map_image_registry(image_registries)
+      valid_image_registries = {}
+      image_registries.each do |reg_name, reg_info|
+        valid_image_registries[reg_name] = reg_info.prefix
+      end
+      valid_image_registries
+    end
+
+    # .artifacts depends on .default_flags and .image_registries
+    def validate_artifacts!
+      check_and_err(artifacts.is_a?(Array), '.artifacts is not an Array')
+
+      duplicates = select_duplicates(artifacts.map { |i| i.fetch('name') })
+      check_and_err(
+        duplicates.count == 0,
+        "Expected .artifacts names to be unique, but found duplicates: #{duplicates}"
+      )
+
+      @valid_image_registries = map_image_registry(@image_registries)
+
+      artifacts.each_with_index { |artifact, index|
+        check_and_err(
+          artifact.key?('name'),
+          "Expected .artifacts[#{index}].name key to exist, but .name is missing"
+        )
+        name = artifact.fetch('name')
+        check_and_err(
+          artifact.key?('image_registry'),
+          "Expected .artifacts[#{index}].image_registry key to exist, but .image_registry is missing"
+        )
+
+        image_registry = artifact.fetch('image_registry')
+        check_and_err(
+          @valid_image_registries.key?(image_registry),
+          "#{image_registry} is not a valid Image Registry. Has to be one of #{@valid_image_registries.keys}"
+        )
+
+        check_and_err(
+          artifact.key?('flags'),
+          "Expected .artifacts.#{name}.flags key to exist, but .flags is missing"
+        )
+      }
+    end
+
+    def validate_default_flags
+      check_and_err(@default_flags.is_a?(Hash), '.default_flags is not a Hash')
+    end
+
+    def validate_flavors
+      check_and_err(@flavors.is_a?(Hash), '.flavors is not a Hash')
+    end
+
+    def validate_hooks
+      check_and_err(@hooks.is_a?(Array), '.hooks is not an Array')
+    end
+
+    def validate_expiration
+      check_and_err(@expiration.is_a?(Array), '.expiration is not an Array')
+    end
+
+    def parse_artifact_registries(artifact_registries)
+      check_and_err(artifact_registries.is_a?(Array), '.artifact_registries is not an Array')
+      artifact_registries = artifact_registries.map { |r| ArtifactRegistry.new(r) }
+
+      # Validate that each artifact registry is named uniquely
+      duplicates = select_duplicates(artifact_registries.map { |r| r.name })
+      check_and_err(
+        duplicates.count == 0,
+        "Expected .artifact_registries names to be unique, but found duplicates: #{duplicates}"
+      )
+
+      unsupported_drivers = artifact_registries.
+        select { |r| !ArtifactRegistry::Driver::MAPPINGS.key? r.driver_name }.
+        map { |r| r.driver_name }
+      check_and_err(
+        unsupported_drivers.count == 0,
+        "Expected .artifact_registries drivers to be valid, but found unsupported drivers: #{unsupported_drivers}. Must be a driver in: #{ArtifactRegistry::Driver::MAPPINGS.keys}",
+      )
+
+      artifact_registries
+        .select { |r| r.driver_name == "gcs" }
+        .select { |r| !r.config.has_key? "bucket" }
+        .each { |r| check_and_err(false, "Expected .artifact_registries['#{r.config.name}'].config.bucket to exist, but no GCS bucket is specified") }
+
+
+      artifact_registries
+        .map { |r| [r.name, r] }
+        .to_h
+    end
+
+    def parse_artifact_registry(artifact_registry, artifact_registries)
+      check_and_err(artifact_registry.is_a?(String), '.artifact_registry is not a String')
+      check_and_err(
+        artifact_registry.empty? || artifact_registries.key?(artifact_registry),
+        "#{artifact_registry} is not a valid Artifact Registry. Has to be one of #{artifact_registries.keys}"
+      )
+
+      artifact_registry
+    end
+
+    # upgrade! converts the config to a YAML string in the format
+    # of the latest supported version
+    # e.g. with the latest supported version as v2,
+    # to_yaml will always print a valid v2 YAML
+    def upgrade!
+      version = @original_config.fetch('version', 1)
+      case version
+      when 2
+        # TODO(joshk): Any required updates to v3 or remove this entire method
+        true
+      end
+    end
+
+    def select_duplicates(array)
+      array.select { |n| array.count(n) > 1 }.uniq
+    end
+
+    # Extend this DeployConfigFile with another instance.
+    def extend!(other)
+      # Any image_registries entry in |self| should take precedence
+      # over any identical key in |other|. The behavior of merge is that
+      # the 'other' hash wins.
+      @image_registries = other.image_registries.merge(@image_registries)
+
+      # Same behavior as above for #default_flags.
+      @default_flags = other.default_flags.merge(@default_flags)
+
+      # artifacts should be merged by 'name'. In other words, if |self| and |other|
+      # specify the same 'name' of a registry, self's config for that registry
+      # should win wholesale (no merging of flags.)
+      @artifacts = (@artifacts + other.artifacts).uniq { |h| h.fetch('name') }
+
+      # Same behavior as for flags and registries, but the flags within the flavor
+      # are in a Hash, so we need a deep merge.
+      @flavors = other.flavors.deep_merge(@flavors)
+
+      # A break from the preceding merging logic - Dependent hooks have to come
+      # first and a given named hook can only be run once. But seriously, you
+      # probably don't want to make a library that specifies hooks.
+      @hooks = (other.hooks + @hooks).uniq
+
+      @expiration = (@expiration + other.expiration).uniq { |h| h.fetch('repository') }
+    end
+
+    def to_h
+      {
+        'image_registries' => @image_registries.values.map(&:to_h),
+        'default_flags' => @default_flags,
+        'artifacts' => @artifacts,
+        'flavors' => @flavors,
+        'hooks' => @hooks,
+        'expiration' => @expiration,
+      }
+    end
+
+    def self.deep_merge(h, other)
+
+    end
+  end
+end