Merge pull request #1344 from Liujingfang1/fix

include nameprefix and namesuffix to find matched reference for cluster level kinds

README.md

@@ -1,5 +1,7 @@
 # kustomize
 
+_[v3.0.0](https://github.com/kubernetes-sigs/kustomize/releases/tag/v3.0.0) is the latest release._
+
 `kustomize` lets you customize raw, template-free YAML
 files for multiple purposes, leaving the original YAML
 untouched and usable as is.

docs/plugins/goPluginGuidedExample.md

@@ -1,10 +1,15 @@
 # Go Plugin Guided Example for Linux
 
-This is a (no reading allowed!) 60 second copy/paste guided
-example.  Full plugin docs [here](README.md).
-
 [SopsEncodedSecrets repository]: https://github.com/monopole/sopsencodedsecrets
 [Go plugin]: https://golang.org/pkg/plugin
+[Go plugin caveats]: goPluginCaveats.md
+
+This is a (no reading allowed!) 60 second copy/paste guided
+example. 
+
+Full plugin docs [here](README.md).
+Be sure to read the [Go plugin caveats].
+
 
 This demo uses a Go plugin, `SopsEncodedSecrets`,
 that lives in the [sopsencodedsecrets repository].
@@ -25,15 +30,18 @@ current setup.
 ## Make a place to work
 
 ```
+# Keeping these separate to avoid cluttering the DEMO dir.
 DEMO=$(mktemp -d)
+tmpGoPath=$(mktemp -d)
 ```
 
 ## Install kustomize
 
-Need v3.0.0 for what follows:
+Need v3.0.0 for what follows, and you must _compile_
+it (not download the binary from the release page):
 
 ```
-GOBIN=$DEMO/bin go get sigs.k8s.io/kustomize/v3/cmd/kustomize@v3.0.0-pre
+GOPATH=$tmpGoPath go install sigs.k8s.io/kustomize/v3/cmd/kustomize
 ```
 
 ## Make a home for plugins
@@ -147,7 +155,7 @@ Build the object code for use by kustomize:
 
 ```
 cd $MY_PLUGIN_DIR
-go build -buildmode plugin -o ${kind}.so ${kind}.go
+GOPATH=$tmpGoPath go build -buildmode plugin -o ${kind}.so ${kind}.go
 ```
 
 This step may succeed, but kustomize might
@@ -199,7 +207,8 @@ cat <<EOF >$MYAPP/secGenerator.yaml
 apiVersion: ${apiVersion}
 kind: ${kind}
 metadata:
-  name: forbiddenValues
+  name: mySecretGenerator
+name: forbiddenValues
 namespace: production
 file: myEncryptedData.yaml
 keys:
@@ -257,7 +266,7 @@ echo $keyLocation
 ### Install `sops`
 
 ```
-GOBIN=$DEMO/bin go install go.mozilla.org/sops/cmd/sops
+GOPATH=$tmpGoPath go install go.mozilla.org/sops/cmd/sops
 ```
 
 ### Create data encrypted with your Google Cloud key
@@ -270,13 +279,12 @@ ROCKET: saturn-v
 FRUIT: apple
 CAR: dymaxion
 EOF
-
 ```
 
 Encrypt the data into file the plugin wants to read:
 
 ```
-$DEMO/bin/sops --encrypt \
+$tmpGoPath/bin/sops --encrypt \
   --gcp-kms $keyLocation \
   $MYAPP/myClearData.yaml >$MYAPP/myEncryptedData.yaml
 ```
@@ -287,11 +295,32 @@ Review the files
 tree $DEMO
 ```
 
+This should look something like:
+
+> ```
+> /tmp/tmp.0kIE9VclPt
+> ├── kustomize
+> │   └── plugin
+> │       └── mygenerators
+> │           └── sopsencodedsecrets
+> │               ├── go.mod
+> │               ├── go.sum
+> │               ├── LICENSE
+> │               ├── README.md
+> │               ├── SopsEncodedSecrets.go
+> │               ├── SopsEncodedSecrets.so
+> │               └── SopsEncodedSecrets_test.go
+> └── myapp
+>     ├── kustomization.yaml
+>     ├── myClearData.yaml
+>     ├── myEncryptedData.yaml
+>     └── secGenerator.yaml
+> ```
 
 ## Build your app, using the plugin:
 
 ```
-XDG_CONFIG_HOME=$DEMO $DEMO/bin/kustomize build --enable_alpha_plugins $MYAPP
+XDG_CONFIG_HOME=$DEMO $tmpGoPath/bin/kustomize build --enable_alpha_plugins $MYAPP
 ```
 
 This should emit a kubernetes secret, with

docs/v3.0.0.md

@@ -1,18 +1,15 @@
 # kustomize 3.0.0
 
 This release is basically [v2.1.0](v2.1.0.md),
-with some post-v2.1.0 bugs fixed and a `v3` in Go
-package paths.
+with many post-v2.1.0 bugs fixed (in about 150
+commits) and a `v3` in Go package paths.
 
 [plugin]: https://github.com/kubernetes-sigs/kustomize/tree/master/docs/plugins
 
 The major version increment to `v3` puts a new
 floor on a stable API for [plugin] developers
 (both _Go_ plugin developers and _exec_ plugin
-developers who happen to use Go), to carry them
-through the coming series of minor releases and
-patches.
-
+developers who happen to use Go).
 
 ### Why so soon after v2.1.0?
 

go.sum

@@ -149,6 +149,7 @@ k8s.io/klog v0.3.3 h1:niceAagH1tzskmaie/icWd7ci1wbG7Bf2c6YGcQv+3c=
 k8s.io/klog v0.3.3/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/kube-openapi v0.0.0-20190603182131-db7b694dc208 h1:5sW+fEHvlJI3Ngolx30CmubFulwH28DhKjGf70Xmtco=
 k8s.io/kube-openapi v0.0.0-20190603182131-db7b694dc208/go.mod h1:nfDlWeOsu3pUf4yWGL+ERqohP4YsZcBJXWMK+gkzOA4=
+sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

k8sdeps/kunstruct/kunstruct.go

@@ -20,6 +20,10 @@ package kunstruct
 import (
 	"encoding/json"
 	"fmt"
+	jsonpatch "github.com/evanphx/json-patch"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/util/strategicpatch"
+	"k8s.io/client-go/kubernetes/scheme"
 
 	"k8s.io/apimachinery/pkg/labels"
 	"sigs.k8s.io/kustomize/v3/pkg/types"
@@ -285,3 +289,59 @@ func (fs *UnstructAdapter) MatchesAnnotationSelector(selector string) (bool, err
 	}
 	return s.Matches(labels.Set(fs.GetAnnotations())), nil
 }
+
+func (fs *UnstructAdapter) Patch(patch ifc.Kunstructured) error {
+	versionedObj, err := scheme.Scheme.New(
+		toSchemaGvk(patch.GetGvk()))
+	merged := map[string]interface{}{}
+	saveName := fs.GetName()
+	switch {
+	case runtime.IsNotRegisteredError(err):
+		baseBytes, err := json.Marshal(fs.Map())
+		if err != nil {
+			return err
+		}
+		patchBytes, err := json.Marshal(patch.Map())
+		if err != nil {
+			return err
+		}
+		mergedBytes, err := jsonpatch.MergePatch(baseBytes, patchBytes)
+		if err != nil {
+			return err
+		}
+		err = json.Unmarshal(mergedBytes, &merged)
+		if err != nil {
+			return err
+		}
+	case err != nil:
+		return err
+	default:
+		// Use Strategic-Merge-Patch to handle types w/ schema
+		// TODO: Change this to use the new Merge package.
+		// Store the name of the target object, because this name may have been munged.
+		// Apply this name to the patched object.
+		lookupPatchMeta, err := strategicpatch.NewPatchMetaFromStruct(versionedObj)
+		if err != nil {
+			return err
+		}
+		merged, err = strategicpatch.StrategicMergeMapPatchUsingLookupPatchMeta(
+			fs.Map(),
+			patch.Map(),
+			lookupPatchMeta)
+		if err != nil {
+			return err
+		}
+	}
+	fs.SetMap(merged)
+	fs.SetName(saveName)
+	return nil
+}
+
+// toSchemaGvk converts to a schema.GroupVersionKind.
+func toSchemaGvk(x gvk.Gvk) schema.GroupVersionKind {
+	return schema.GroupVersionKind{
+		Group:   x.Group,
+		Version: x.Version,
+		Kind:    x.Kind,
+	}
+}

k8sdeps/transformer/factory.go

@@ -6,8 +6,8 @@ package transformer
 
 import (
 	"sigs.k8s.io/kustomize/v3/k8sdeps/transformer/patch"
+	"sigs.k8s.io/kustomize/v3/pkg/resmap"
 	"sigs.k8s.io/kustomize/v3/pkg/resource"
-	"sigs.k8s.io/kustomize/v3/pkg/transformers"
 )
 
 // FactoryImpl makes patch transformer and name hash transformer
@@ -18,9 +18,8 @@ func NewFactoryImpl() *FactoryImpl {
 	return &FactoryImpl{}
 }
 
-// MakePatchTransformer makes a new patch transformer
-func (p *FactoryImpl) MakePatchTransformer(
-	slice []*resource.Resource,
-	rf *resource.Factory) (transformers.Transformer, error) {
-	return patch.NewTransformer(slice, rf)
+func (p *FactoryImpl) MergePatches(patches []*resource.Resource,
+	rf *resource.Factory) (
+	resmap.ResMap, error) {
+	return patch.MergePatches(patches, rf)
 }

k8sdeps/transformer/patch/conflictdetector.go

@@ -5,6 +5,11 @@ package patch
 
 import (
 	"encoding/json"
+	"fmt"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/kustomize/v3/pkg/gvk"
+	"sigs.k8s.io/kustomize/v3/pkg/resmap"
 
 	"github.com/evanphx/json-patch"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -122,3 +127,64 @@ func (smp *strategicMergePatch) mergePatches(patch1, patch2 *resource.Resource)
 		smp.lookupPatchMeta, patch1.Map(), patch2.Map())
 	return smp.rf.FromMap(mergeJSONMap), err
 }
+
+// mergePatches merge and index patches by OrgId.
+// It errors out if there is conflict between patches.
+func MergePatches(patches []*resource.Resource,
+	rf *resource.Factory) (resmap.ResMap, error) {
+	rc := resmap.New()
+	for ix, patch := range patches {
+		id := patch.OrgId()
+		existing := rc.GetMatchingResourcesByOriginalId(id.GvknEquals)
+		if len(existing) == 0 {
+			rc.Append(patch)
+			continue
+		}
+		if len(existing) > 1 {
+			return nil, fmt.Errorf("self conflict in patches")
+		}
+
+		versionedObj, err := scheme.Scheme.New(toSchemaGvk(id.Gvk))
+		if err != nil && !runtime.IsNotRegisteredError(err) {
+			return nil, err
+		}
+		var cd conflictDetector
+		if err != nil {
+			cd = newJMPConflictDetector(rf)
+		} else {
+			cd, err = newSMPConflictDetector(versionedObj, rf)
+			if err != nil {
+				return nil, err
+			}
+		}
+
+		conflict, err := cd.hasConflict(existing[0], patch)
+		if err != nil {
+			return nil, err
+		}
+		if conflict {
+			conflictingPatch, err := cd.findConflict(ix, patches)
+			if err != nil {
+				return nil, err
+			}
+			return nil, fmt.Errorf(
+				"conflict between %#v and %#v",
+				conflictingPatch.Map(), patch.Map())
+		}
+		merged, err := cd.mergePatches(existing[0], patch)
+		if err != nil {
+			return nil, err
+		}
+		rc.Replace(merged)
+	}
+	return rc, nil
+}
+
+// toSchemaGvk converts to a schema.GroupVersionKind.
+func toSchemaGvk(x gvk.Gvk) schema.GroupVersionKind {
+	return schema.GroupVersionKind{
+		Group:   x.Group,
+		Version: x.Version,
+		Kind:    x.Kind,
+	}
+}

k8sdeps/transformer/patch/transformer.go

@@ -1,156 +0,0 @@
-// Copyright 2019 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package patch
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/evanphx/json-patch"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/util/strategicpatch"
-	"k8s.io/client-go/kubernetes/scheme"
-	"sigs.k8s.io/kustomize/v3/pkg/gvk"
-	"sigs.k8s.io/kustomize/v3/pkg/resmap"
-	"sigs.k8s.io/kustomize/v3/pkg/resource"
-	"sigs.k8s.io/kustomize/v3/pkg/transformers"
-)
-
-// transformer applies strategic merge patches.
-type transformer struct {
-	patches []*resource.Resource
-	rf      *resource.Factory
-}
-
-var _ transformers.Transformer = &transformer{}
-
-// NewTransformer constructs a strategic merge patch transformer.
-func NewTransformer(
-	slice []*resource.Resource, rf *resource.Factory) (transformers.Transformer, error) {
-	if len(slice) == 0 {
-		return transformers.NewNoOpTransformer(), nil
-	}
-	return &transformer{patches: slice, rf: rf}, nil
-}
-
-// Transform apply the patches on top of the base resources.
-// nolint:ineffassign
-func (tf *transformer) Transform(m resmap.ResMap) error {
-	patches, err := tf.mergePatches()
-	if err != nil {
-		return err
-	}
-	for _, patch := range patches.Resources() {
-		target, err := m.GetById(patch.OrgId())
-		if err != nil {
-			return err
-		}
-		merged := map[string]interface{}{}
-		versionedObj, err := scheme.Scheme.New(
-			toSchemaGvk(patch.OrgId().Gvk))
-		saveName := target.GetName()
-		switch {
-		case runtime.IsNotRegisteredError(err):
-			// Use JSON merge patch to handle types w/o schema
-			baseBytes, err := json.Marshal(target.Map())
-			if err != nil {
-				return err
-			}
-			patchBytes, err := json.Marshal(patch.Map())
-			if err != nil {
-				return err
-			}
-			mergedBytes, err := jsonpatch.MergePatch(baseBytes, patchBytes)
-			if err != nil {
-				return err
-			}
-			err = json.Unmarshal(mergedBytes, &merged)
-			if err != nil {
-				return err
-			}
-		case err != nil:
-			return err
-		default:
-			// Use Strategic-Merge-Patch to handle types w/ schema
-			// TODO: Change this to use the new Merge package.
-			// Store the name of the target object, because this name may have been munged.
-			// Apply this name to the patched object.
-			lookupPatchMeta, err := strategicpatch.NewPatchMetaFromStruct(versionedObj)
-			if err != nil {
-				return err
-			}
-			merged, err = strategicpatch.StrategicMergeMapPatchUsingLookupPatchMeta(
-				target.Map(),
-				patch.Map(),
-				lookupPatchMeta)
-			if err != nil {
-				return err
-			}
-		}
-		target.SetMap(merged)
-		target.SetName(saveName)
-	}
-	return nil
-}
-
-// mergePatches merge and index patches by OrgId.
-// It errors out if there is conflict between patches.
-func (tf *transformer) mergePatches() (resmap.ResMap, error) {
-	rc := resmap.New()
-	for ix, patch := range tf.patches {
-		id := patch.OrgId()
-		existing := rc.GetMatchingResourcesByOriginalId(id.GvknEquals)
-		if len(existing) == 0 {
-			rc.Append(patch)
-			continue
-		}
-		if len(existing) > 1 {
-			return nil, fmt.Errorf("self conflict in patches")
-		}
-
-		versionedObj, err := scheme.Scheme.New(toSchemaGvk(id.Gvk))
-		if err != nil && !runtime.IsNotRegisteredError(err) {
-			return nil, err
-		}
-		var cd conflictDetector
-		if err != nil {
-			cd = newJMPConflictDetector(tf.rf)
-		} else {
-			cd, err = newSMPConflictDetector(versionedObj, tf.rf)
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		conflict, err := cd.hasConflict(existing[0], patch)
-		if err != nil {
-			return nil, err
-		}
-		if conflict {
-			conflictingPatch, err := cd.findConflict(ix, tf.patches)
-			if err != nil {
-				return nil, err
-			}
-			return nil, fmt.Errorf(
-				"conflict between %#v and %#v",
-				conflictingPatch.Map(), patch.Map())
-		}
-		merged, err := cd.mergePatches(existing[0], patch)
-		if err != nil {
-			return nil, err
-		}
-		rc.Replace(merged)
-	}
-	return rc, nil
-}
-
-// toSchemaGvk converts to a schema.GroupVersionKind.
-func toSchemaGvk(x gvk.Gvk) schema.GroupVersionKind {
-	return schema.GroupVersionKind{
-		Group:   x.Group,
-		Version: x.Version,
-		Kind:    x.Kind,
-	}
-}

k8sdeps/transformer/patch/transformer_test.go

@@ -1,579 +0,0 @@
-// Copyright 2019 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-package patch
-
-import (
-	"reflect"
-	"strings"
-	"testing"
-
-	"sigs.k8s.io/kustomize/v3/k8sdeps/kunstruct"
-	"sigs.k8s.io/kustomize/v3/pkg/resmaptest"
-	"sigs.k8s.io/kustomize/v3/pkg/resource"
-)
-
-var rf = resource.NewFactory(
-	kunstruct.NewKunstructuredFactoryImpl())
-
-func TestOverlayRun(t *testing.T) {
-	base := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"metadata": map[string]interface{}{
-						"labels": map[string]interface{}{
-							"old-label": "old-value",
-						},
-					},
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx",
-							},
-						},
-					},
-				},
-			},
-		}).ResMap()
-	patch := []*resource.Resource{
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"metadata": map[string]interface{}{
-						"labels": map[string]interface{}{
-							"another-label": "foo",
-						},
-					},
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx:latest",
-								"env": []interface{}{
-									map[string]interface{}{
-										"name":  "SOMEENV",
-										"value": "BAR",
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}),
-	}
-	expected := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"metadata": map[string]interface{}{
-						"labels": map[string]interface{}{
-							"old-label":     "old-value",
-							"another-label": "foo",
-						},
-					},
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx:latest",
-								"env": []interface{}{
-									map[string]interface{}{
-										"name":  "SOMEENV",
-										"value": "BAR",
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}).ResMap()
-	lt, err := NewTransformer(patch, rf)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	err = lt.Transform(base)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if !reflect.DeepEqual(base, expected) {
-		err = expected.ErrorIfNotEqualLists(base)
-		t.Fatalf("actual doesn't match expected: %v", err)
-	}
-}
-
-func TestMultiplePatches(t *testing.T) {
-	base := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx",
-							},
-						},
-					},
-				},
-			},
-		}).ResMap()
-	patch := []*resource.Resource{
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx:latest",
-								"env": []interface{}{
-									map[string]interface{}{
-										"name":  "SOMEENV",
-										"value": "BAR",
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}),
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name": "nginx",
-								"env": []interface{}{
-									map[string]interface{}{
-										"name":  "ANOTHERENV",
-										"value": "HELLO",
-									},
-								},
-							},
-							map[string]interface{}{
-								"name":  "busybox",
-								"image": "busybox",
-							},
-						},
-					},
-				},
-			},
-		}),
-	}
-	expected := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx:latest",
-								"env": []interface{}{
-									map[string]interface{}{
-										"name":  "ANOTHERENV",
-										"value": "HELLO",
-									},
-									map[string]interface{}{
-										"name":  "SOMEENV",
-										"value": "BAR",
-									},
-								},
-							},
-							map[string]interface{}{
-								"name":  "busybox",
-								"image": "busybox",
-							},
-						},
-					},
-				},
-			},
-		}).ResMap()
-	lt, err := NewTransformer(patch, rf)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	err = lt.Transform(base)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if !reflect.DeepEqual(base, expected) {
-		err = expected.ErrorIfNotEqualLists(base)
-		t.Fatalf("actual doesn't match expected: %v", err)
-	}
-}
-
-func TestMultiplePatchesWithConflict(t *testing.T) {
-	base := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx",
-							},
-						},
-					},
-				},
-			},
-		}).ResMap()
-
-	patch := []*resource.Resource{
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx:latest",
-								"env": []interface{}{
-									map[string]interface{}{
-										"name":  "SOMEENV",
-										"value": "BAR",
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}),
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name": "deploy1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx:1.7.9",
-							},
-						},
-					},
-				},
-			},
-		}),
-	}
-
-	lt, err := NewTransformer(patch, rf)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	err = lt.Transform(base)
-	if err == nil {
-		t.Fatalf("did not get expected error")
-	}
-	if !strings.Contains(err.Error(), "conflict") {
-		t.Fatalf("expected error to contain %q but get %v", "conflict", err)
-	}
-}
-
-func TestPatchesWithWrongNamespace(t *testing.T) {
-	base := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name":      "deploy1",
-				"namespace": "namespace1",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx",
-							},
-						},
-					},
-				},
-			},
-		}).ResMap()
-
-	patch := []*resource.Resource{
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "apps/v1",
-			"kind":       "Deployment",
-			"metadata": map[string]interface{}{
-				"name":      "deploy1",
-				"namespace": "namespace2",
-			},
-			"spec": map[string]interface{}{
-				"template": map[string]interface{}{
-					"spec": map[string]interface{}{
-						"containers": []interface{}{
-							map[string]interface{}{
-								"name":  "nginx",
-								"image": "nginx:1.7.9",
-							},
-						},
-					},
-				},
-			},
-		}),
-	}
-
-	lt, err := NewTransformer(patch, rf)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	err = lt.Transform(base)
-	if err == nil {
-		t.Fatalf("did not get expected error")
-	}
-	if !strings.Contains(err.Error(), "failed to find unique target for patch") {
-		t.Fatalf("expected error to contain %q but get %v", "failed to find target for patch", err)
-	}
-}
-
-func TestNoSchemaOverlayRun(t *testing.T) {
-	base := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"A": "X",
-					"B": "Y",
-				},
-			},
-		}).ResMap()
-	patch := []*resource.Resource{
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"B": nil,
-					"C": "Z",
-				},
-			},
-		}),
-	}
-	expected := resmaptest_test.NewRmBuilder(t, rf).
-		Add(
-			map[string]interface{}{
-				"apiVersion": "example.com/v1",
-				"kind":       "Foo",
-				"metadata": map[string]interface{}{
-					"name": "my-foo",
-				},
-				"spec": map[string]interface{}{
-					"bar": map[string]interface{}{
-						"A": "X",
-						"C": "Z",
-					},
-				},
-			}).ResMap()
-
-	lt, err := NewTransformer(patch, rf)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	err = lt.Transform(base)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if err = expected.ErrorIfNotEqualLists(base); err != nil {
-		t.Fatalf("actual doesn't match expected: %v", err)
-	}
-}
-
-func TestNoSchemaMultiplePatches(t *testing.T) {
-	base := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"A": "X",
-					"B": "Y",
-				},
-			},
-		}).ResMap()
-	patch := []*resource.Resource{
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"B": nil,
-					"C": "Z",
-				},
-			},
-		}),
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"C": "Z",
-					"D": "W",
-				},
-				"baz": map[string]interface{}{
-					"hello": "world",
-				},
-			},
-		}),
-	}
-	expected := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"A": "X",
-					"C": "Z",
-					"D": "W",
-				},
-				"baz": map[string]interface{}{
-					"hello": "world",
-				},
-			},
-		}).ResMap()
-
-	lt, err := NewTransformer(patch, rf)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	err = lt.Transform(base)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if err = expected.ErrorIfNotEqualLists(base); err != nil {
-		t.Fatalf("actual doesn't match expected: %v", err)
-	}
-}
-
-func TestNoSchemaMultiplePatchesWithConflict(t *testing.T) {
-	base := resmaptest_test.NewRmBuilder(t, rf).
-		Add(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"A": "X",
-					"B": "Y",
-				},
-			},
-		}).ResMap()
-	patch := []*resource.Resource{
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"B": nil,
-					"C": "Z",
-				},
-			},
-		}),
-		rf.FromMap(map[string]interface{}{
-			"apiVersion": "example.com/v1",
-			"kind":       "Foo",
-			"metadata": map[string]interface{}{
-				"name": "my-foo",
-			},
-			"spec": map[string]interface{}{
-				"bar": map[string]interface{}{
-					"C": "NOT_Z",
-				},
-			},
-		}),
-	}
-
-	lt, err := NewTransformer(patch, rf)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	err = lt.Transform(base)
-	if err == nil {
-		t.Fatalf("did not get expected error")
-	}
-	if !strings.Contains(err.Error(), "conflict") {
-		t.Fatalf("expected error to contain %q but get %v", "conflict", err)
-	}
-}

pkg/commands/build/build.go

@@ -12,7 +12,6 @@ import (
 	"github.com/spf13/cobra"
 	"sigs.k8s.io/kustomize/v3/pkg/fs"
 	"sigs.k8s.io/kustomize/v3/pkg/ifc"
-	"sigs.k8s.io/kustomize/v3/pkg/ifc/transformer"
 	"sigs.k8s.io/kustomize/v3/pkg/loader"
 	"sigs.k8s.io/kustomize/v3/pkg/pgmconfig"
 	"sigs.k8s.io/kustomize/v3/pkg/plugins"
@@ -61,7 +60,7 @@ https://github.com/hashicorp/go-getter#url-format
 func NewCmdBuild(
 	out io.Writer, fSys fs.FileSystem,
 	v ifc.Validator, rf *resmap.Factory,
-	ptf transformer.Factory) *cobra.Command {
+	ptf resmap.PatchFactory) *cobra.Command {
 	var o Options
 
 	pluginConfig := plugins.DefaultPluginConfig()
@@ -115,7 +114,7 @@ func (o *Options) Validate(args []string) (err error) {
 // RunBuild runs build command.
 func (o *Options) RunBuild(
 	out io.Writer, v ifc.Validator, fSys fs.FileSystem,
-	rf *resmap.Factory, ptf transformer.Factory,
+	rf *resmap.Factory, ptf resmap.PatchFactory,
 	pl *plugins.Loader) error {
 	ldr, err := loader.NewLoader(
 		o.loadRestrictor, v, o.kustomizationPath, fSys)
@@ -136,7 +135,7 @@ func (o *Options) RunBuild(
 
 func (o *Options) RunBuildPrune(
 	out io.Writer, v ifc.Validator, fSys fs.FileSystem,
-	rf *resmap.Factory, ptf transformer.Factory,
+	rf *resmap.Factory, ptf resmap.PatchFactory,
 	pl *plugins.Loader) error {
 	ldr, err := loader.NewLoader(
 		o.loadRestrictor, v, o.kustomizationPath, fSys)
@@ -180,7 +179,7 @@ func (o *Options) emitResources(
 
 func NewCmdBuildPrune(
 	out io.Writer, v ifc.Validator, fSys fs.FileSystem,
-	rf *resmap.Factory, ptf transformer.Factory,
+	rf *resmap.Factory, ptf resmap.PatchFactory,
 	pl *plugins.Loader) *cobra.Command {
 	var o Options
 

pkg/commands/commands.go

@@ -36,12 +36,13 @@ See https://sigs.k8s.io/kustomize
 	}
 
 	uf := kunstruct.NewKunstructuredFactoryImpl()
-	rf := resmap.NewFactory(resource.NewFactory(uf))
+	pf := transformer.NewFactoryImpl()
+	rf := resmap.NewFactory(resource.NewFactory(uf), pf)
 	v := validator.NewKustValidator()
 	c.AddCommand(
 		build.NewCmdBuild(
 			stdOut, fSys, v,
-			rf, transformer.NewFactoryImpl()),
+			rf, pf),
 		edit.NewCmdEdit(fSys, v, uf),
 		misc.NewCmdConfig(fSys),
 		misc.NewCmdVersion(stdOut),

pkg/ifc/ifc.go

@@ -57,12 +57,14 @@ type Kunstructured interface {
 	GetKind() string
 	GetName() string
 	SetName(string)
+	SetNamespace(string)
 	GetLabels() map[string]string
 	SetLabels(map[string]string)
 	GetAnnotations() map[string]string
 	SetAnnotations(map[string]string)
 	MatchesLabelSelector(selector string) (bool, error)
 	MatchesAnnotationSelector(selector string) (bool, error)
+	Patch(Kunstructured) error
 }
 
 // KunstructuredFactory makes instances of Kunstructured.

pkg/ifc/transformer/factory.go

@@ -1,17 +0,0 @@
-/// Copyright 2019 The Kubernetes Authors.
-// SPDX-License-Identifier: Apache-2.0
-
-// Package patch holds miscellaneous interfaces used by kustomize.
-package transformer
-
-import (
-	"sigs.k8s.io/kustomize/v3/pkg/resource"
-	"sigs.k8s.io/kustomize/v3/pkg/transformers"
-)
-
-// Factory makes transformers that require k8sdeps.
-type Factory interface {
-	MakePatchTransformer(
-		slice []*resource.Resource,
-		rf *resource.Factory) (transformers.Transformer, error)
-}

pkg/kusttest/kusttestharness.go

@@ -49,7 +49,7 @@ func NewKustTestHarnessFull(
 	t *testing.T, path string,
 	lr loader.LoadRestrictorFunc, pc *types.PluginConfig) *KustTestHarness {
 	rf := resmap.NewFactory(resource.NewFactory(
-		kunstruct.NewKunstructuredFactoryImpl()))
+		kunstruct.NewKunstructuredFactoryImpl()), transformer.NewFactoryImpl())
 	return &KustTestHarness{
 		t:   t,
 		rf:  rf,

pkg/plugins/execplugin_test.go

@@ -30,7 +30,7 @@ func TestExecPluginConfig(t *testing.T) {
 	path := "/app"
 	rf := resmap.NewFactory(
 		resource.NewFactory(
-			kunstruct.NewKunstructuredFactoryImpl()))
+			kunstruct.NewKunstructuredFactoryImpl()), nil)
 	ldr := loadertest.NewFakeLoader(path)
 	pluginConfig := rf.RF().FromMap(
 		map[string]interface{}{

pkg/plugins/loader_test.go

@@ -50,7 +50,7 @@ func TestLoader(t *testing.T) {
 		"someteam.example.com", "v1", "SomeServiceGenerator")
 
 	rmF := resmap.NewFactory(resource.NewFactory(
-		kunstruct.NewKunstructuredFactoryImpl()))
+		kunstruct.NewKunstructuredFactoryImpl()), nil)
 
 	l := NewLoader(ActivePluginConfig(), rmF)
 	if l == nil {

pkg/resmap/factory.go

@@ -14,11 +14,12 @@ import (
 // Factory makes instances of ResMap.
 type Factory struct {
 	resF *resource.Factory
+	tf   PatchFactory
 }
 
 // NewFactory returns a new resmap.Factory.
-func NewFactory(rf *resource.Factory) *Factory {
-	return &Factory{resF: rf}
+func NewFactory(rf *resource.Factory, tf PatchFactory) *Factory {
+	return &Factory{resF: rf, tf: tf}
 }
 
 // RF returns a resource.Factory.
@@ -118,6 +119,11 @@ func (rmF *Factory) FromSecretArgs(
 	return rmF.FromResource(res), nil
 }
 
+func (rmF *Factory) MergePatches(patches []*resource.Resource) (
+	ResMap, error) {
+	return rmF.tf.MergePatches(patches, rmF.resF)
+}
+
 func newResMapFromResourceSlice(resources []*resource.Resource) (ResMap, error) {
 	result := New()
 	for _, res := range resources {

pkg/resmap/patchfactory.go

@@ -0,0 +1,15 @@
+/// Copyright 2019 The Kubernetes Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+// Package patch holds miscellaneous interfaces used by kustomize.
+package resmap
+
+import (
+	"sigs.k8s.io/kustomize/v3/pkg/resource"
+)
+
+// PatchFactory makes transformers that require k8sdeps.
+type PatchFactory interface {
+	MergePatches(patches []*resource.Resource,
+		rf *resource.Factory) (ResMap, error)
+}

pkg/resmap/resmap.go

@@ -530,7 +530,20 @@ func (m *resWrangler) SubsetThatCouldBeReferencedByResource(
 	inputRes *resource.Resource) ResMap {
 	inputId := inputRes.OrgId()
 	if !inputId.IsNamespaceableKind() {
-		return m
+		if inputRes.GetOutermostNamePrefix() == "" {
+			return m
+		}
+		result := New()
+		for _, r := range m.Resources() {
+			if r.GetOutermostNamePrefix() == inputRes.GetOutermostNamePrefix() &&
+				r.GetOutermostNameSuffix() == inputRes.GetOutermostNameSuffix() {
+				err := result.Append(r)
+				if err != nil {
+					panic(err)
+				}
+			}
+		}
+		return result
 	}
 	result := New()
 	for _, r := range m.Resources() {

pkg/resmap/resmap_test.go

@@ -19,7 +19,7 @@ import (
 
 var rf = resource.NewFactory(
 	kunstruct.NewKunstructuredFactoryImpl())
-var rmF = NewFactory(rf)
+var rmF = NewFactory(rf, nil)
 
 func doAppend(t *testing.T, w ResMap, r *resource.Resource) {
 	err := w.Append(r)

pkg/resource/resource.go

@@ -42,6 +42,7 @@ func (r *Resource) Replace(other *Resource) {
 	r.SetAnnotations(
 		mergeStringMaps(other.GetAnnotations(), r.GetAnnotations()))
 	r.SetName(other.GetName())
+	r.SetNamespace(other.GetNamespace())
 	r.copyOtherFields(other)
 }
 

pkg/target/kusttarget.go

@@ -14,7 +14,6 @@ import (
 	"github.com/pkg/errors"
 	"sigs.k8s.io/kustomize/v3/pkg/accumulator"
 	"sigs.k8s.io/kustomize/v3/pkg/ifc"
-	"sigs.k8s.io/kustomize/v3/pkg/ifc/transformer"
 	"sigs.k8s.io/kustomize/v3/pkg/pgmconfig"
 	"sigs.k8s.io/kustomize/v3/pkg/plugins"
 	"sigs.k8s.io/kustomize/v3/pkg/resmap"
@@ -30,7 +29,7 @@ type KustTarget struct {
 	kustomization *types.Kustomization
 	ldr           ifc.Loader
 	rFactory      *resmap.Factory
-	tFactory      transformer.Factory
+	tFactory      resmap.PatchFactory
 	pLdr          *plugins.Loader
 }
 
@@ -38,7 +37,7 @@ type KustTarget struct {
 func NewKustTarget(
 	ldr ifc.Loader,
 	rFactory *resmap.Factory,
-	tFactory transformer.Factory,
+	tFactory resmap.PatchFactory,
 	pLdr *plugins.Loader) (*KustTarget, error) {
 	content, err := loadKustFile(ldr)
 	if err != nil {
@@ -293,19 +292,7 @@ func (kt *KustTarget) configureExternalGenerators() ([]transformers.Generator, e
 }
 
 func (kt *KustTarget) runTransformers(ra *accumulator.ResAccumulator) error {
-	patches, err := kt.rFactory.RF().SliceFromPatches(
-		kt.ldr, kt.kustomization.PatchesStrategicMerge)
-	if err != nil {
-		return errors.Wrapf(
-			err, "reading strategic merge patches %v",
-			kt.kustomization.PatchesStrategicMerge)
-	}
 	var r []transformers.Transformer
-	t, err := kt.tFactory.MakePatchTransformer(patches, kt.rFactory.RF())
-	if err != nil {
-		return err
-	}
-	r = append(r, t)
 	tConfig := ra.GetTransformerConfig()
 	lts, err := kt.configureBuiltinTransformers(tConfig)
 	if err != nil {
@@ -317,7 +304,7 @@ func (kt *KustTarget) runTransformers(ra *accumulator.ResAccumulator) error {
 		return err
 	}
 	r = append(r, lts...)
-	t = transformers.NewMultiTransformer(r)
+	t := transformers.NewMultiTransformer(r)
 	return ra.Transform(t)
 }
 

pkg/target/kusttarget_configplugin.go

@@ -63,6 +63,7 @@ func (kt *KustTarget) configureBuiltinTransformers(
 	//   with tests:
 	//   - patch SMP
 	configurators := []transformerConfigurator{
+		kt.configureBuiltinPatchStrategicMergeTransformer,
 		kt.configureBuiltinNamespaceTransformer,
 		kt.configureBuiltinNameTransformer,
 		kt.configureBuiltinLabelTransformer,
@@ -165,6 +166,28 @@ func (kt *KustTarget) configureBuiltinPatchJson6902Transformer(
 	return
 }
 
+func (kt *KustTarget) configureBuiltinPatchStrategicMergeTransformer(
+	tConfig *config.TransformerConfig) (
+	result []transformers.Transformer, err error) {
+	if len(kt.kustomization.PatchesStrategicMerge) == 0 {
+		result = append(result, transformers.NewNoOpTransformer())
+		return
+	}
+	var c struct {
+		Paths   []types.PatchStrategicMerge `json:"paths,omitempty" yaml:"paths,omitempty"`
+		Patches string                      `json:"patches,omitempty" yaml:"patches,omitempty"`
+	}
+	c.Paths = kt.kustomization.PatchesStrategicMerge
+	c.Patches = "" // Not implemented for kustomization file yet
+	p := builtin.NewPatchStrategicMergeTransformerPlugin()
+	err = kt.configureBuiltinPlugin(p, c, "patchStrategicMerge")
+	if err != nil {
+		return nil, err
+	}
+	result = append(result, p)
+	return
+}
+
 func (kt *KustTarget) configureBuiltinLabelTransformer(
 	tConfig *config.TransformerConfig) (
 	result []transformers.Transformer, err error) {

pkg/target/namespacedgenerators_test.go

@@ -87,3 +87,43 @@ metadata:
 type: Opaque
 `)
 }
+
+func TestNamespacedGeneratorWithOverlays(t *testing.T) {
+	th := kusttest_test.NewKustTestHarness(t, "/app/overlay")
+	th.WriteK("/app/base", `
+namespace: base
+
+configMapGenerator:
+- name: testCase
+  literals:
+    - base=true
+`)
+	th.WriteK("/app/overlay", `
+resources:
+  - ../base
+
+namespace: overlay
+
+configMapGenerator:
+  - name: testCase
+    behavior: merge
+    literals:
+      - overlay=true
+`)
+	m, err := th.MakeKustTarget().MakeCustomizedResMap()
+	if err != nil {
+		t.Fatalf("Err: %v", err)
+	}
+	th.AssertActualEqualsExpected(m, `
+apiVersion: v1
+data:
+  base: "true"
+  overlay: "true"
+kind: ConfigMap
+metadata:
+  annotations: {}
+  labels: {}
+  name: testCase-4g75kbk6gm
+  namespace: overlay
+`)
+}

pkg/target/plugindir_test.go

@@ -62,7 +62,7 @@ metadata:
 		t.Fatalf("Err: %v", err)
 	}
 	rf := resmap.NewFactory(resource.NewFactory(
-		kunstruct.NewKunstructuredFactoryImpl()))
+		kunstruct.NewKunstructuredFactoryImpl()), nil)
 
 	pl := plugins.NewLoader(plugins.ActivePluginConfig(), rf)
 	tg, err := target.NewKustTarget(ldr, rf, transformer.NewFactoryImpl(), pl)

pkg/target/resourceconflict_test.go

@@ -15,6 +15,7 @@ func writeBase(th *kusttest_test.KustTestHarness) {
 resources:
 - serviceaccount.yaml
 - rolebinding.yaml
+- clusterrolebinding.yaml
 namePrefix: pfx-
 nameSuffix: -sfx
 `)
@@ -34,6 +35,19 @@ roleRef:
   kind: Role
   name: role
 subjects:
+- kind: ServiceAccount
+  name: serviceaccount
+`)
+	th.WriteF("/app/base/clusterrolebinding.yaml", `
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: role
+subjects:
 - kind: ServiceAccount
   name: serviceaccount
 `)
@@ -86,6 +100,18 @@ roleRef:
   kind: Role
   name: role
 subjects:
+- kind: ServiceAccount
+  name: pfx-serviceaccount-sfx
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: pfx-rolebinding-sfx
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: role
+subjects:
 - kind: ServiceAccount
   name: pfx-serviceaccount-sfx
 `)
@@ -114,6 +140,18 @@ roleRef:
   kind: Role
   name: role
 subjects:
+- kind: ServiceAccount
+  name: a-pfx-serviceaccount-sfx-suffixA
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: a-pfx-rolebinding-sfx-suffixA
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: role
+subjects:
 - kind: ServiceAccount
   name: a-pfx-serviceaccount-sfx-suffixA
 `)
@@ -142,6 +180,18 @@ roleRef:
   kind: Role
   name: role
 subjects:
+- kind: ServiceAccount
+  name: b-pfx-serviceaccount-sfx-suffixB
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: b-pfx-rolebinding-sfx-suffixB
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: role
+subjects:
 - kind: ServiceAccount
   name: b-pfx-serviceaccount-sfx-suffixB
 `)
@@ -174,6 +224,18 @@ subjects:
 - kind: ServiceAccount
   name: a-pfx-serviceaccount-sfx-suffixA
 ---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: a-pfx-rolebinding-sfx-suffixA
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: role
+subjects:
+- kind: ServiceAccount
+  name: a-pfx-serviceaccount-sfx-suffixA
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -188,6 +250,18 @@ roleRef:
   kind: Role
   name: role
 subjects:
+- kind: ServiceAccount
+  name: b-pfx-serviceaccount-sfx-suffixB
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: b-pfx-rolebinding-sfx-suffixB
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: role
+subjects:
 - kind: ServiceAccount
   name: b-pfx-serviceaccount-sfx-suffixB
 `)

pkg/transformers/config/defaultconfig/namereference.go

@@ -52,6 +52,9 @@ nameReference:
   - path: spec/initContainers/envFrom/configMapRef/name
     version: v1
     kind: Pod
+  - path: spec/volumes/projected/sources/configMap/name
+    version: v1
+    kind: Pod
   - path: spec/template/spec/volumes/configMap/name
     kind: Deployment
   - path: spec/template/spec/containers/env/valueFrom/configMapKeyRef/name
@@ -74,6 +77,8 @@ nameReference:
     kind: ReplicaSet
   - path: spec/template/spec/initContainers/envFrom/configMapRef/name
     kind: ReplicaSet
+  - path: spec/template/spec/volumes/projected/sources/configMap/name
+    kind: ReplicaSet
   - path: spec/template/spec/volumes/configMap/name
     kind: DaemonSet
   - path: spec/template/spec/containers/env/valueFrom/configMapKeyRef/name
@@ -84,6 +89,8 @@ nameReference:
     kind: DaemonSet
   - path: spec/template/spec/initContainers/envFrom/configMapRef/name
     kind: DaemonSet
+  - path: spec/template/spec/volumes/projected/sources/configMap/name
+    kind: DaemonSet
   - path: spec/template/spec/volumes/configMap/name
     kind: StatefulSet
   - path: spec/template/spec/containers/env/valueFrom/configMapKeyRef/name
@@ -106,6 +113,8 @@ nameReference:
     kind: Job
   - path: spec/template/spec/initContainers/envFrom/configMapRef/name
     kind: Job
+  - path: spec/template/spec/volumes/projected/sources/configMap/name
+    kind: Job
   - path: spec/jobTemplate/spec/template/spec/volumes/configMap/name
     kind: CronJob
   - path: spec/jobTemplate/spec/template/spec/volumes/projected/sources/configMap/name
@@ -140,6 +149,9 @@ nameReference:
   - path: spec/imagePullSecrets/name
     version: v1
     kind: Pod
+  - path: spec/volumes/projected/sources/secret/name
+    version: v1
+    kind: Pod
   - path: spec/template/spec/volumes/secret/secretName
     kind: Deployment
   - path: spec/template/spec/containers/env/valueFrom/secretKeyRef/name
@@ -166,6 +178,8 @@ nameReference:
     kind: ReplicaSet
   - path: spec/template/spec/imagePullSecrets/name
     kind: ReplicaSet
+  - path: spec/template/spec/volumes/projected/sources/secret/name
+    kind: ReplicaSet
   - path: spec/template/spec/volumes/secret/secretName
     kind: DaemonSet
   - path: spec/template/spec/containers/env/valueFrom/secretKeyRef/name
@@ -178,6 +192,8 @@ nameReference:
     kind: DaemonSet
   - path: spec/template/spec/imagePullSecrets/name
     kind: DaemonSet
+  - path: spec/template/spec/volumes/projected/sources/secret/name
+    kind: DaemonSet
   - path: spec/template/spec/volumes/secret/secretName
     kind: StatefulSet
   - path: spec/template/spec/containers/env/valueFrom/secretKeyRef/name
@@ -204,6 +220,8 @@ nameReference:
     kind: Job
   - path: spec/template/spec/imagePullSecrets/name
     kind: Job
+  - path: spec/template/spec/volumes/projected/sources/secret/name
+    kind: Job
   - path: spec/jobTemplate/spec/template/spec/volumes/secret/secretName
     kind: CronJob
   - path: spec/jobTemplate/spec/template/spec/volumes/projected/sources/secret/name

plugin/builtin/NamespaceTransformer.go

@@ -52,6 +52,7 @@ func (p *NamespaceTransformerPlugin) Transform(m resmap.ResMap) error {
 		}
 	}
 	p.updateClusterRoleBinding(m)
+	p.updateServiceReference(m)
 	return nil
 }
 
@@ -125,3 +126,40 @@ func (p *NamespaceTransformerPlugin) updateClusterRoleBinding(m resmap.ResMap) {
 		objMap["subjects"] = subjects
 	}
 }
+
+func (p *NamespaceTransformerPlugin) updateServiceReference(m resmap.ResMap) {
+	svc := gvk.Gvk{Version: "v1", Kind: "Service"}
+	svcMap := map[string]bool{}
+	for _, id := range m.AllIds() {
+		if id.Gvk.Equals(svc) {
+			svcMap[id.Name] = true
+		}
+	}
+
+	for _, res := range m.Resources() {
+		if res.OrgId().Kind != "ValidatingWebhookConfiguration" &&
+			res.OrgId().Kind != "MutatingWebhookConfiguration" {
+			continue
+		}
+		objMap := res.Map()
+		webhooks, ok := objMap["webhooks"].([]interface{})
+		if webhooks == nil || !ok {
+			continue
+		}
+		for i := range webhooks {
+			webhook := webhooks[i].(map[string]interface{})
+			transformers.MutateField(
+				webhook, []string{"clientConfig", "service"},
+				false, func(obj interface{}) (interface{}, error) {
+					svc := obj.(map[string]interface{})
+					svcName, foundN := svc["name"]
+					if foundN && svcMap[svcName.(string)] {
+						svc["namespace"] = p.Namespace
+					}
+					return svc, nil
+				})
+			webhooks[i] = webhook
+		}
+		objMap["webhooks"] = webhooks
+	}
+}

plugin/builtin/PatchStrategicMergeTransformer.go

@@ -0,0 +1,75 @@
+// Code generated by pluginator on PatchStrategicMergeTransformer; DO NOT EDIT.
+package builtin
+
+import (
+	"fmt"
+	"sigs.k8s.io/kustomize/v3/pkg/ifc"
+	"sigs.k8s.io/kustomize/v3/pkg/resmap"
+	"sigs.k8s.io/kustomize/v3/pkg/resource"
+	"sigs.k8s.io/kustomize/v3/pkg/types"
+	"sigs.k8s.io/yaml"
+)
+
+type PatchStrategicMergeTransformerPlugin struct {
+	ldr           ifc.Loader
+	rf            *resmap.Factory
+	loadedPatches []*resource.Resource
+	Paths         []types.PatchStrategicMerge `json:"paths,omitempty" yaml:"paths,omitempty"`
+	Patches       string                      `json:patches,omitempty" yaml:"patches,omitempty"`
+}
+
+//noinspection GoUnusedGlobalVariable
+func NewPatchStrategicMergeTransformerPlugin() *PatchStrategicMergeTransformerPlugin {
+	return &PatchStrategicMergeTransformerPlugin{}
+}
+
+func (p *PatchStrategicMergeTransformerPlugin) Config(
+	ldr ifc.Loader, rf *resmap.Factory, c []byte) (err error) {
+	p.ldr = ldr
+	p.rf = rf
+	err = yaml.Unmarshal(c, p)
+	if err != nil {
+		return err
+	}
+	if len(p.Paths) == 0 && p.Patches == "" {
+		return fmt.Errorf("empty file path and empty patch content")
+	}
+	if len(p.Paths) != 0 {
+		res, err := p.rf.RF().SliceFromPatches(ldr, p.Paths)
+		if err != nil {
+			return err
+		}
+		p.loadedPatches = res
+	}
+	if p.Patches != "" {
+		res, err := p.rf.RF().SliceFromBytes([]byte(p.Patches))
+		if err != nil {
+			return err
+		}
+		p.loadedPatches = append(p.loadedPatches, res...)
+	}
+
+	if len(p.loadedPatches) == 0 {
+		return fmt.Errorf(
+			"patch appears to be empty; files=%v, Patch=%s", p.Paths, p.Patches)
+	}
+	return err
+}
+
+func (p *PatchStrategicMergeTransformerPlugin) Transform(m resmap.ResMap) error {
+	patches, err := p.rf.MergePatches(p.loadedPatches)
+	if err != nil {
+		return err
+	}
+	for _, patch := range patches.Resources() {
+		target, err := m.GetById(patch.OrgId())
+		if err != nil {
+			return err
+		}
+		err = target.Patch(patch.Kunstructured)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

plugin/builtin/namespacetransformer/NamespaceTransformer.go

@@ -53,6 +53,7 @@ func (p *plugin) Transform(m resmap.ResMap) error {
 		}
 	}
 	p.updateClusterRoleBinding(m)
+	p.updateServiceReference(m)
 	return nil
 }
 
@@ -126,3 +127,40 @@ func (p *plugin) updateClusterRoleBinding(m resmap.ResMap) {
 		objMap["subjects"] = subjects
 	}
 }
+
+func (p *plugin) updateServiceReference(m resmap.ResMap) {
+	svc := gvk.Gvk{Version: "v1", Kind: "Service"}
+	svcMap := map[string]bool{}
+	for _, id := range m.AllIds() {
+		if id.Gvk.Equals(svc) {
+			svcMap[id.Name] = true
+		}
+	}
+
+	for _, res := range m.Resources() {
+		if res.OrgId().Kind != "ValidatingWebhookConfiguration" &&
+			res.OrgId().Kind != "MutatingWebhookConfiguration" {
+			continue
+		}
+		objMap := res.Map()
+		webhooks, ok := objMap["webhooks"].([]interface{})
+		if webhooks == nil || !ok {
+			continue
+		}
+		for i := range webhooks {
+			webhook := webhooks[i].(map[string]interface{})
+			transformers.MutateField(
+				webhook, []string{"clientConfig", "service"},
+				false, func(obj interface{}) (interface{}, error) {
+					svc := obj.(map[string]interface{})
+					svcName, foundN := svc["name"]
+					if foundN && svcMap[svcName.(string)] {
+						svc["namespace"] = p.Namespace
+					}
+					return svc, nil
+				})
+			webhooks[i] = webhook
+		}
+		objMap["webhooks"] = webhooks
+	}
+}

plugin/builtin/namespacetransformer/NamespaceTransformer_test.go

@@ -41,6 +41,11 @@ metadata:
   namespace: foo
 ---
 apiVersion: v1
+kind: Service
+metadata:
+  name: svc1
+---
+apiVersion: v1
 kind: Namespace
 metadata:
   name: ns1
@@ -72,6 +77,22 @@ subjects:
   name: another
   namespace: random
 ---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: example
+webhooks:
+  - name: example1
+    clientConfig:
+      service:
+        name: svc1
+        namespace: system
+  - name: example2
+    clientConfig:
+      service:
+        name: svc2
+        namespace: system
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -92,6 +113,12 @@ metadata:
   namespace: test
 ---
 apiVersion: v1
+kind: Service
+metadata:
+  name: svc1
+  namespace: test
+---
+apiVersion: v1
 kind: Namespace
 metadata:
   name: ns1
@@ -123,6 +150,22 @@ subjects:
   name: another
   namespace: random
 ---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: example
+webhooks:
+- clientConfig:
+    service:
+      name: svc1
+      namespace: test
+  name: example1
+- clientConfig:
+    service:
+      name: svc2
+      namespace: system
+  name: example2
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:

plugin/builtin/patchstrategicmergetransformer/PatchStrategicMergeTransformer.go

@@ -0,0 +1,76 @@
+// Copyright 2019 The Kubernetes Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+//go:generate go run sigs.k8s.io/kustomize/v3/cmd/pluginator
+package main
+
+import (
+	"fmt"
+	"sigs.k8s.io/kustomize/v3/pkg/ifc"
+	"sigs.k8s.io/kustomize/v3/pkg/resmap"
+	"sigs.k8s.io/kustomize/v3/pkg/resource"
+	"sigs.k8s.io/kustomize/v3/pkg/types"
+	"sigs.k8s.io/yaml"
+)
+
+type plugin struct {
+	ldr           ifc.Loader
+	rf            *resmap.Factory
+	loadedPatches []*resource.Resource
+	Paths         []types.PatchStrategicMerge `json:"paths,omitempty" yaml:"paths,omitempty"`
+	Patches       string                      `json:patches,omitempty" yaml:"patches,omitempty"`
+}
+
+//noinspection GoUnusedGlobalVariable
+var KustomizePlugin plugin
+
+func (p *plugin) Config(
+	ldr ifc.Loader, rf *resmap.Factory, c []byte) (err error) {
+	p.ldr = ldr
+	p.rf = rf
+	err = yaml.Unmarshal(c, p)
+	if err != nil {
+		return err
+	}
+	if len(p.Paths) == 0 && p.Patches == "" {
+		return fmt.Errorf("empty file path and empty patch content")
+	}
+	if len(p.Paths) != 0 {
+		res, err := p.rf.RF().SliceFromPatches(ldr, p.Paths)
+		if err != nil {
+			return err
+		}
+		p.loadedPatches = res
+	}
+	if p.Patches != "" {
+		res, err := p.rf.RF().SliceFromBytes([]byte(p.Patches))
+		if err != nil {
+			return err
+		}
+		p.loadedPatches = append(p.loadedPatches, res...)
+	}
+
+	if len(p.loadedPatches) == 0 {
+		return fmt.Errorf(
+			"patch appears to be empty; files=%v, Patch=%s", p.Paths, p.Patches)
+	}
+	return err
+}
+
+func (p *plugin) Transform(m resmap.ResMap) error {
+	patches, err := p.rf.MergePatches(p.loadedPatches)
+	if err != nil {
+		return err
+	}
+	for _, patch := range patches.Resources() {
+		target, err := m.GetById(patch.OrgId())
+		if err != nil {
+			return err
+		}
+		err = target.Patch(patch.Kunstructured)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

plugin/builtin/patchstrategicmergetransformer/PatchStrategicMergeTransformer_test.go

@@ -0,0 +1,535 @@
+// Copyright 2019 The Kubernetes Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package main_test
+
+import (
+	"strings"
+	"testing"
+
+	"sigs.k8s.io/kustomize/v3/pkg/kusttest"
+	"sigs.k8s.io/kustomize/v3/pkg/plugins"
+)
+
+const (
+	target = `
+apiVersion: apps/v1
+metadata:
+  name: myDeploy
+kind: Deployment
+spec:
+  replica: 2
+  template:
+    metadata:
+      labels:
+        old-label: old-value
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+`
+	targetWithNamespace = `
+apiVersion: apps/v1
+metadata:
+  name: myDeploy
+  namespace: namespace1
+kind: Deployment
+spec:
+  replica: 2
+  template:
+    metadata:
+      labels:
+        old-label: old-value
+    spec:
+      containers:
+      - name: nginx
+        image: nginx
+`
+	targetNoschema = `
+apiVersion: example.com/v1
+kind: Foo
+metadata:
+  name: my-foo
+spec:
+  bar:
+    A: X
+    B: Y
+`
+)
+
+func TestPatchStrategicMergeTransformerMissingFile(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	_, err := th.RunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+paths:
+- patch.yaml
+`, target)
+	if err == nil {
+		t.Fatalf("expected error")
+	}
+	if !strings.Contains(err.Error(),
+		"cannot read file \"/app/patch.yaml\"") {
+		t.Fatalf("unexpected err: %v", err)
+	}
+}
+
+func TestBadPatchStrategicMergeTransformer(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	_, err := th.RunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+patches: 'thisIsNotAPatch'
+`, target)
+	if err == nil {
+		t.Fatalf("expected error")
+	}
+	if !strings.Contains(err.Error(),
+		"cannot unmarshal string into Go value of type map[string]interface {}") {
+		t.Fatalf("unexpected err: %v", err)
+	}
+}
+
+func TestBothEmptyPatchStrategicMergeTransformer(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	_, err := th.RunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+`, target)
+	if err == nil {
+		t.Fatalf("expected error")
+	}
+	if !strings.Contains(err.Error(), "empty file path and empty patch content") {
+		t.Fatalf("unexpected err: %v", err)
+	}
+}
+
+func TestPatchStrategicMergeTransformerFromFiles(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	th.WriteF("/app/patch.yaml", `
+apiVersion: apps/v1
+metadata:
+  name: myDeploy
+kind: Deployment
+spec:
+  template:
+    metadata:
+      labels:
+        new-label: new-value
+  replica: 3
+`)
+
+	rm := th.LoadAndRunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+paths:
+- patch.yaml
+`, target)
+
+	th.AssertActualEqualsExpected(rm, `
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myDeploy
+spec:
+  replica: 3
+  template:
+    metadata:
+      labels:
+        new-label: new-value
+        old-label: old-value
+    spec:
+      containers:
+      - image: nginx
+        name: nginx
+`)
+}
+
+func TestPatchStrategicMergeTransformerWithInline(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	rm := th.LoadAndRunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+patches: '{"apiVersion": "apps/v1", "metadata": {"name": "myDeploy"}, "kind": "Deployment", "spec": {"replica": 3}}'
+`, target)
+
+	th.AssertActualEqualsExpected(rm, `
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myDeploy
+spec:
+  replica: 3
+  template:
+    metadata:
+      labels:
+        old-label: old-value
+    spec:
+      containers:
+      - image: nginx
+        name: nginx
+`)
+}
+
+func TestPatchStrategicMergeTransformerMultiplePatches(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	th.WriteF("/app/patch1.yaml", `
+apiVersion: apps/v1
+metadata:
+  name: myDeploy
+kind: Deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:latest
+        env:
+        - name: SOMEENV
+          value: BAR
+`)
+
+	th.WriteF("/app/patch2.yaml", `
+apiVersion: apps/v1
+metadata:
+  name: myDeploy
+kind: Deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: nginx
+        env:
+        - name: ANOTHERENV
+          value: HELLO
+      - name: busybox
+        image: busybox
+`)
+
+	rm := th.LoadAndRunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+paths:
+- patch1.yaml
+- patch2.yaml
+`, target)
+
+	th.AssertActualEqualsExpected(rm, `
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: myDeploy
+spec:
+  replica: 2
+  template:
+    metadata:
+      labels:
+        old-label: old-value
+    spec:
+      containers:
+      - env:
+        - name: ANOTHERENV
+          value: HELLO
+        - name: SOMEENV
+          value: BAR
+        image: nginx:latest
+        name: nginx
+      - image: busybox
+        name: busybox
+`)
+}
+
+func TestStrategicMergeTransformerMultiplePatchesWithConflicts(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	th.WriteF("/app/patch1.yaml", `
+apiVersion: apps/v1
+metadata:
+  name: myDeploy
+kind: Deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:latest
+        env:
+        - name: SOMEENV
+          value: BAR
+`)
+
+	th.WriteF("/app/patch2.yaml", `
+apiVersion: apps/v1
+metadata:
+  name: myDeploy
+kind: Deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.7.9
+        env:
+        - name: ANOTHERENV
+          value: HELLO
+      - name: busybox
+        image: busybox
+`)
+
+	err := th.ErrorFromLoadAndRunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+paths:
+- patch1.yaml
+- patch2.yaml
+`, target)
+
+	if err == nil {
+		t.Fatalf("did not get expected error")
+	}
+	if !strings.Contains(err.Error(), "conflict") {
+		t.Fatalf("expected error to contain %q but get %v", "conflict", err)
+	}
+}
+
+func TestStrategicMergeTransformerWrongNamespace(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	th.WriteF("/app/patch.yaml", `
+apiVersion: apps/v1
+metadata:
+  name: myDeploy
+  namespace: namespace2
+kind: Deployment
+spec:
+  template:
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:latest
+        env:
+        - name: SOMEENV
+          value: BAR
+`)
+
+	err := th.ErrorFromLoadAndRunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+paths:
+- patch.yaml
+`, targetWithNamespace)
+
+	if err == nil {
+		t.Fatalf("did not get expected error")
+	}
+	if !strings.Contains(err.Error(), "failed to find unique target for patch") {
+		t.Fatalf("expected error to contain %q but get %v", "failed to find target for patch", err)
+	}
+}
+
+func TestStrategicMergeTransformerNoSchema(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	th.WriteF("/app/patch.yaml", `
+apiVersion: example.com/v1
+kind: Foo
+metadata:
+  name: my-foo
+spec:
+  bar:
+    B:
+    C: Z
+`)
+	rm := th.LoadAndRunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+paths:
+- patch.yaml
+`, targetNoschema)
+
+	th.AssertActualEqualsExpected(rm, `
+apiVersion: example.com/v1
+kind: Foo
+metadata:
+  name: my-foo
+spec:
+  bar:
+    A: X
+    C: Z
+`)
+}
+
+func TestStrategicMergeTransformerNoSchemaMultiPatches(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	th.WriteF("/app/patch1.yaml", `
+apiVersion: example.com/v1
+kind: Foo
+metadata:
+  name: my-foo
+spec:
+  bar:
+    B:
+    C: Z
+`)
+	th.WriteF("/app/patch2.yaml", `
+apiVersion: example.com/v1
+kind: Foo
+metadata:
+  name: my-foo
+spec:
+  bar:
+    C: Z
+    D: W
+  baz:
+    hello: world
+`)
+	rm := th.LoadAndRunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+paths:
+- patch1.yaml
+- patch2.yaml
+`, targetNoschema)
+
+	th.AssertActualEqualsExpected(rm, `
+apiVersion: example.com/v1
+kind: Foo
+metadata:
+  name: my-foo
+spec:
+  bar:
+    A: X
+    C: Z
+    D: W
+  baz:
+    hello: world
+`)
+}
+
+func TestStrategicMergeTransformerNoSchemaMultiPatchesWithConflict(t *testing.T) {
+	tc := plugins.NewEnvForTest(t).Set()
+	defer tc.Reset()
+
+	tc.BuildGoPlugin(
+		"builtin", "", "PatchStrategicMergeTransformer")
+
+	th := kusttest_test.NewKustTestPluginHarness(t, "/app")
+
+	th.WriteF("/app/patch1.yaml", `
+apiVersion: example.com/v1
+kind: Foo
+metadata:
+  name: my-foo
+spec:
+  bar:
+    C: Z
+`)
+	th.WriteF("/app/patch2.yaml", `
+apiVersion: example.com/v1
+kind: Foo
+metadata:
+  name: my-foo
+spec:
+  bar:
+    C: NOT_Z
+
+`)
+	err := th.ErrorFromLoadAndRunTransformer(`
+apiVersion: builtin
+kind: PatchStrategicMergeTransformer
+metadata:
+  name: notImportantHere
+paths:
+- patch1.yaml
+- patch2.yaml
+`, targetNoschema)
+	if !strings.Contains(err.Error(), "conflict") {
+		t.Fatalf("expected error to contain %q but get %v", "conflict", err)
+	}
+}

releasing/README.md

@@ -75,14 +75,14 @@ git tag -a $version -m "Release $version"
 ```
 
 ### trigger the cloud build
-
-Pushing the tag will trigger a job in [Google Cloud
-Build] to put a new release on the [releases page].
-
+Push the tag:
 ```
 git push upstream $version
 ```
 
+This triggers a job in [Google Cloud Build] to
+put a new release on the [release page].
+
 ###  Update release notes
 
 Visit the [release page] and edit the release notes as desired.