diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a5de7599..76cfaa30 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,27 +7,16 @@ on: jobs: build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: "1.21" - - uses: actions/cache@v2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-go- - - - uses: actions/cache@v2 - with: - path: ./testbin - key: ${{ runner.os }}-testbin - - - uses: actions/cache@v2 + - uses: actions/cache@v4 with: path: ./bin key: ${{ runner.os }}-bin @@ -35,6 +24,9 @@ jobs: - name: Run tests run: make test + - name: Run e2e tests + run: make test-e2e + - name: Build image run: make docker-build @@ -44,7 +36,7 @@ jobs: - name: Login to quay.io/3scale if: ${{ env.NEW_RELEASE != '' }} - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: quay.io username: ${{ secrets.REGISTRY_USER }} diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml deleted file mode 100644 index 2c28b5de..00000000 --- a/.github/workflows/test-e2e.yaml +++ /dev/null @@ -1,25 +0,0 @@ -name: test-e2e - -on: - pull_request: - branches: - - main - -jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: Setup Go - uses: actions/setup-go@v2 - with: - go-version: "1.21" - - - uses: actions/cache@v2 - with: - path: ./bin - key: ${{ runner.os }}-bin - - - name: Run test-e2e - run: make test-e2e \ No newline at end of file diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 24b4908e..228ed442 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -6,31 +6,22 @@ on: - main jobs: test: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: "1.21" - - uses: actions/cache@v2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-go- - - - uses: actions/cache@v2 - with: - path: ./testbin - key: ${{ runner.os }}-testbin - - - uses: actions/cache@v2 + - uses: actions/cache@v4 with: path: ./bin key: ${{ runner.os }}-bin - name: Run tests - run: | - make test + run: make test + + - name: Run e2e tests + run: make test-e2e diff --git a/Makefile b/Makefile index 7b0d4497..d86cb3f5 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.22.0 +VERSION ?= 0.23.0-alpha.9 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # To re-generate a bundle for other specific channels without changing the standard setup, you can: @@ -283,8 +283,16 @@ kind-refresh-controller: manifests kind docker-build ## Reloads the controller i $(KIND) load docker-image $(IMG) kubectl delete pod -l control-plane=controller-manager +LOCAL_SETUP_INPUTS_PATH=config/local-setup/env-inputs +$(LOCAL_SETUP_INPUTS_PATH)/seed-secret.yaml: $(LOCAL_SETUP_INPUTS_PATH)/seed.env + source $(@D)/seed.env && envsubst < $@.envsubst > $@ + +kind-deploy-saas-inputs: export KUBECONFIG = $(PWD)/kubeconfig +kind-deploy-saas-inputs: $(LOCAL_SETUP_INPUTS_PATH)/seed-secret.yaml $(LOCAL_SETUP_INPUTS_PATH)/pull-secrets.json + $(KUSTOMIZE) build $(LOCAL_SETUP_INPUTS_PATH) | kubectl apply -f - + kind-deploy-databases: export KUBECONFIG = $(PWD)/kubeconfig -kind-deploy-databases: kind-deploy-controller +kind-deploy-databases: kind-deploy-controller kind-deploy-saas-inputs $(KUSTOMIZE) build config/local-setup/databases | kubectl apply -f - sleep 10 kubectl wait --for condition=ready --timeout=300s pod --all @@ -298,37 +306,27 @@ kind-load-redis-with-ssh: docker build -t $(REDIS_WITH_SSH_IMG) test/assets/redis-with-ssh $(KIND) load docker-image $(REDIS_WITH_SSH_IMG) -kind-deploy-saas: export KUBECONFIG = ${PWD}/kubeconfig -kind-deploy-saas: kind-load-redis-with-ssh ## Deploys a 3scale SaaS dev environment - $(KUSTOMIZE) build config/local-setup | kubectl apply -f - - sleep 5 - kubectl wait --for condition=ready --timeout=300s pod system-console-0 +kind-deploy-saas-workloads: export KUBECONFIG = ${PWD}/kubeconfig +kind-deploy-saas-workloads: kind-deploy-controller $(LOCAL_SETUP_INPUTS_PATH)/seed-secret.yaml $(LOCAL_SETUP_INPUTS_PATH)/pull-secrets.json kind-load-redis-with-ssh ## Deploys the 3scale SaaS dev environment workloads + $(KUSTOMIZE) build config/local-setup | $(YQ) 'select(.kind!="Zync")' | kubectl apply -f - + sleep 10 kubectl get pods --no-headers -o name | grep -v system | xargs kubectl wait --for condition=ready --timeout=300s - kubectl -ti exec system-console-0 -c system-console -- bash -c '\ - MASTER_DOMAIN=multitenant-admin \ - MASTER_ACCESS_TOKEN=mtoken \ - MASTER_PASSWORD=mpass \ - MASTER_USER=admin \ - TENANT_NAME=provider \ - PROVIDER_NAME="3scale SaaS Dev Provider" \ - USER_LOGIN=admin \ - USER_PASSWORD=ppass \ - ADMIN_ACCESS_TOKEN=ptoken \ - USER_EMAIL="admin@cluster.local" \ - DISABLE_DATABASE_ENVIRONMENT_CHECK=1 \ - bundle exec rake db:setup' - kubectl get pods --no-headers -o name | grep system | xargs kubectl wait --for condition=ready --timeout=300s + $(KUSTOMIZE) build config/local-setup | $(YQ) 'select(.kind=="Zync")' | kubectl apply -f - + kubectl get pods --no-headers -o name | grep -v system | xargs kubectl wait --for condition=ready --timeout=300s + +kind-deploy-saas-run-db-setup: export KUBECONFIG = ${PWD}/kubeconfig +kind-deploy-saas-run-db-setup: + kubectl create -f config/local-setup/workloads/db-setup-pipelinerun.yaml kind-cleanup-saas: export KUBECONFIG = ${PWD}/kubeconfig kind-cleanup-saas: - -$(KUSTOMIZE) build config/local-setup/databases | kubectl delete -f - -$(KUSTOMIZE) build config/local-setup | kubectl delete -f - -kubectl get pod --no-headers -o name | grep -v saas-operator | xargs kubectl delete --grace-period=0 --force -kubectl get pvc --no-headers -o name | xargs kubectl delete -LOCAL_SETUP_DEPS = metallb cert-manager marin3r prometheus-crds tekton-crds grafana-crds external-secrets-crds minio +LOCAL_SETUP_DEPS = metallb cert-manager marin3r prometheus-crds tekton grafana-crds external-secrets-crds minio kind-local-setup: export KUBECONFIG = ${PWD}/kubeconfig -kind-local-setup: $(foreach elem,$(LOCAL_SETUP_DEPS),install-$(elem)) kind-deploy-controller kind-deploy-databases kind-deploy-saas +kind-local-setup: $(foreach elem,$(LOCAL_SETUP_DEPS),install-$(elem)) kind-deploy-controller kind-deploy-saas-workloads kind-deploy-saas-run-db-setup ##@ Build Dependencies diff --git a/api/v1alpha1/common_types.go b/api/v1alpha1/common_types.go index d278aac5..a2093282 100644 --- a/api/v1alpha1/common_types.go +++ b/api/v1alpha1/common_types.go @@ -37,6 +37,8 @@ const ( // AnnotationsDomain is a common prefix for all "rollout triggering" // annotation keys AnnotationsDomain string = "saas.3scale.net" + // The name for the default seed Secret + DefaultSeedSecret string = "saas-seed" ) var ( @@ -567,6 +569,11 @@ type SecretReference struct { // +operator-sdk:csv:customresourcedefinitions:type=spec // +optional Override *string `json:"override,omitempty"` + // FromSeed will try to retrieve the secret value from + // the default seed Secret. + // +operator-sdk:csv:customresourcedefinitions:type=spec + // +optional + FromSeed *SeedSecretReference `json:"fromSeed,omitempty"` } // VaultSecretReference is a reference to a secret stored in @@ -580,8 +587,12 @@ type VaultSecretReference struct { Key string `json:"key"` } -func (spec *VaultSecretReference) Default() { -} +func (spec *VaultSecretReference) Default() {} + +// SeedSecretReference represents options to +// retrieve the secret value from the default seed Secret. +// There are no configurable options at this point. +type SeedSecretReference struct{} // ExternalSecretSecretStoreReferenceSpec is a reference to a secret store type ExternalSecretSecretStoreReferenceSpec struct { diff --git a/api/v1alpha1/system_types.go b/api/v1alpha1/system_types.go index bf70c46e..d70dcb51 100644 --- a/api/v1alpha1/system_types.go +++ b/api/v1alpha1/system_types.go @@ -482,6 +482,8 @@ type SystemConfig struct { Backend SystemBackendSpec `json:"backend"` // Assets has configuration to access assets in AWS s3 Assets AssetsSpec `json:"assets"` + // Apicast can be used to pass down apicast endpoints configuration + Apicast *SystemApicastEndpointsSpec `json:"apicast,omitempty"` } // Default applies default values to a SystemConfig struct @@ -668,6 +670,10 @@ type AssetsSpec struct { // +operator-sdk:csv:customresourcedefinitions:type=spec // +optional Host *string `json:"host,omitempty"` + // Assets custom S3 endpoint + // +operator-sdk:csv:customresourcedefinitions:type=spec + // +optional + S3Endpoint *string `json:"s3Endpoint,omitempty"` } // SystemRailsSpec configures rails for system components @@ -687,6 +693,18 @@ type SystemRailsSpec struct { LogLevel *string `json:"logLevel,omitempty"` } +// ApicastSpec holds properties to configure Apicast endpoints +type SystemApicastEndpointsSpec struct { + // Apicast Staging endpoint + StagingDomain string `json:"stagingDomain"` + // Apicast Production endpoint + ProductionDomain string `json:"productionDomain"` + // Policies registry URL for Apicast Cloud Hosteed + CloudHostedRegistryURL string `json:"cloudHostedRegistryURL"` + // Policies registry URL for Apicast Self Managed (on-prem) + SelfManagedRegistryURL string `json:"selfManagedRegistryURL"` +} + // Default applies defaults for SystemRailsSpec func (srs *SystemRailsSpec) Default() { srs.Console = boolOrDefault(srs.Console, util.Pointer(systemDefaultRailsConsole)) diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index f2902046..5cbf08c4 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -323,6 +323,11 @@ func (in *AssetsSpec) DeepCopyInto(out *AssetsSpec) { *out = new(string) **out = **in } + if in.S3Endpoint != nil { + in, out := &in.S3Endpoint, &out.S3Endpoint + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AssetsSpec. @@ -2557,6 +2562,11 @@ func (in *SecretReference) DeepCopyInto(out *SecretReference) { *out = new(string) **out = **in } + if in.FromSeed != nil { + in, out := &in.FromSeed, &out.FromSeed + *out = new(SeedSecretReference) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretReference. @@ -2569,6 +2579,21 @@ func (in *SecretReference) DeepCopy() *SecretReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SeedSecretReference) DeepCopyInto(out *SeedSecretReference) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeedSecretReference. +func (in *SeedSecretReference) DeepCopy() *SeedSecretReference { + if in == nil { + return nil + } + out := new(SeedSecretReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SegmentSpec) DeepCopyInto(out *SegmentSpec) { *out = *in @@ -3001,6 +3026,21 @@ func (in *System) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SystemApicastEndpointsSpec) DeepCopyInto(out *SystemApicastEndpointsSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SystemApicastEndpointsSpec. +func (in *SystemApicastEndpointsSpec) DeepCopy() *SystemApicastEndpointsSpec { + if in == nil { + return nil + } + out := new(SystemApicastEndpointsSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SystemAppSpec) DeepCopyInto(out *SystemAppSpec) { *out = *in @@ -3154,6 +3194,11 @@ func (in *SystemConfig) DeepCopyInto(out *SystemConfig) { in.Zync.DeepCopyInto(&out.Zync) in.Backend.DeepCopyInto(&out.Backend) in.Assets.DeepCopyInto(&out.Assets) + if in.Apicast != nil { + in, out := &in.Apicast, &out.Apicast + *out = new(SystemApicastEndpointsSpec) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SystemConfig. diff --git a/bundle.Dockerfile b/bundle.Dockerfile index e44312a4..b80837a0 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -5,8 +5,7 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=saas-operator -LABEL operators.operatorframework.io.bundle.channels.v1=alpha,stable -LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.bundle.channels.v1=alpha LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.27.0 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 diff --git a/bundle/manifests/saas-operator.clusterserviceversion.yaml b/bundle/manifests/saas-operator.clusterserviceversion.yaml index 673eacf2..741f8648 100644 --- a/bundle/manifests/saas-operator.clusterserviceversion.yaml +++ b/bundle/manifests/saas-operator.clusterserviceversion.yaml @@ -598,7 +598,7 @@ metadata: capabilities: Basic Install categories: Integration & Delivery containerImage: quay.io/3scale/saas-operator - createdAt: "2024-01-23T13:46:39Z" + createdAt: "2024-05-06T14:15:35Z" description: |- The 3scale SaaS Operator creates and maintains a SaaS-ready deployment of the Red Hat 3scale API Management on OpenShift. @@ -606,7 +606,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/3scale-ops/saas-operator support: Red Hat - name: saas-operator.v0.22.0 + name: saas-operator.v0.23.0-alpha.9 namespace: placeholder spec: apiservicedefinitions: {} @@ -1308,6 +1308,10 @@ spec: key displayName: Error Monitoring Key path: config.errorMonitoringKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.errorMonitoringKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -1325,6 +1329,10 @@ spec: service displayName: Error Monitoring Service path: config.errorMonitoringService + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.errorMonitoringService.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -1358,6 +1366,10 @@ spec: - description: A reference to the secret holding the backend-internal-api password displayName: Internal APIPassword path: config.internalAPIPassword + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.internalAPIPassword.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -1374,6 +1386,10 @@ spec: - description: A reference to the secret holding the backend-internal-api user displayName: Internal APIUser path: config.internalAPIUser + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.internalAPIUser.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -1403,6 +1419,10 @@ spec: password displayName: System Events Hook Password path: config.systemEventsHookPassword + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.systemEventsHookPassword.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -1420,6 +1440,10 @@ spec: URL displayName: System Events Hook URL path: config.systemEventsHookURL + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.systemEventsHookURL.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -1940,6 +1964,10 @@ spec: - description: System database connection string displayName: System Database DSN path: config.systemDatabaseDSN + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.systemDatabaseDSN.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2293,6 +2321,10 @@ spec: - description: A reference to the secret holding the system admin token displayName: System Admin Token path: config.systemAdminToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.systemAdminToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2794,6 +2826,10 @@ spec: - description: AccessCode to protect admin urls displayName: Access Code path: config.accessCode + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.accessCode.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2810,6 +2846,10 @@ spec: - description: AWS access key displayName: Access Key path: config.assets.accessKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.assets.accessKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2832,9 +2872,16 @@ spec: - description: AWS S3 region displayName: Region path: config.assets.region + - description: Assets custom S3 endpoint + displayName: S3 Endpoint + path: config.assets.s3Endpoint - description: AWS secret access key displayName: Secret Key path: config.assets.secretKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.assets.secretKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2857,6 +2904,10 @@ spec: - description: Internal API password displayName: Internal APIPassword path: config.backend.internalAPIPassword + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.backend.internalAPIPassword.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2873,6 +2924,10 @@ spec: - description: Internal API user displayName: Internal APIUser path: config.backend.internalAPIUser + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.backend.internalAPIUser.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2898,6 +2953,10 @@ spec: - description: API key displayName: APIKey path: config.bugsnag.apiKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.bugsnag.apiKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2921,6 +2980,10 @@ spec: - description: DSN of system's main database displayName: Database DSN path: config.databaseDSN + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.databaseDSN.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2934,9 +2997,14 @@ spec: - description: Override allows to directly specify a string value. displayName: Override path: config.databaseDSN.override - - description: Database secret + - description: DatabaseSecret is a site key stored off-database for improved + more secure password hashing See https://github.com/3scale/porta/blob/ae498814cef3d856613f60d29330882fa870271d/config/initializers/site_keys.rb#L2-L19 displayName: Database Secret path: config.databaseSecret + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.databaseSecret.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2950,9 +3018,14 @@ spec: - description: Override allows to directly specify a string value. displayName: Override path: config.databaseSecret.override - - description: EventsSharedSecret + - description: EventsSharedSecret is a password that protects System's event + hooks endpoint. displayName: Events Shared Secret path: config.eventsSharedSecret + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.eventsSharedSecret.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2992,6 +3065,10 @@ spec: - description: Client ID displayName: Client ID path: config.github.clientID + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.github.clientID.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3008,6 +3085,10 @@ spec: - description: Client secret displayName: Client Secret path: config.github.clientSecret + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.github.clientSecret.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3024,6 +3105,10 @@ spec: - description: Mapping Service access token displayName: Mapping Service Access Token path: config.mappingServiceAccessToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.mappingServiceAccessToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3058,6 +3143,10 @@ spec: - description: Private key displayName: Private Key path: config.recaptcha.privateKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.recaptcha.privateKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3074,6 +3163,10 @@ spec: - description: Public key displayName: Public Key path: config.recaptcha.publicKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.recaptcha.publicKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3093,6 +3186,10 @@ spec: - description: Client ID displayName: Client ID path: config.redhatCustomerPortal.clientID + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.redhatCustomerPortal.clientID.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3109,6 +3206,10 @@ spec: - description: Client secret displayName: Client Secret path: config.redhatCustomerPortal.clientSecret + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.redhatCustomerPortal.clientSecret.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3146,9 +3247,14 @@ spec: - description: Defines the address port displayName: Port path: config.searchServer.port - - description: SecretKeyBase + - description: 'SecretKeyBase: https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base + You can generate one random key using ''bundle exec rake secret''' displayName: Secret Key Base path: config.secretKeyBase + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.secretKeyBase.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3168,6 +3274,10 @@ spec: - description: Deletion token displayName: Deletion Token path: config.segment.deletionToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.segment.deletionToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3187,6 +3297,10 @@ spec: - description: Write key displayName: Write Key path: config.segment.writeKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.segment.writeKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3215,6 +3329,10 @@ spec: - description: Password displayName: Password path: config.smtp.password + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.smtp.password.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3240,6 +3358,10 @@ spec: - description: User displayName: User path: config.smtp.user + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.smtp.user.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3268,6 +3390,10 @@ spec: - description: Zync authentication token displayName: Auth Token path: config.zync.authToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.zync.authToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -4155,6 +4281,10 @@ spec: - description: API key displayName: APIKey path: config.bugsnag.apiKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.bugsnag.apiKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -4174,6 +4304,10 @@ spec: - description: A reference to the secret holding the database DSN displayName: Database DSN path: config.databaseDSN + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.databaseDSN.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -4219,6 +4353,10 @@ spec: - description: A reference to the secret holding the secret-key-base displayName: Secret Key Base path: config.secretKeyBase + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.secretKeyBase.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -4235,6 +4373,10 @@ spec: - description: A reference to the secret holding the zync authentication token displayName: Zync Auth Token path: config.zyncAuthToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.zyncAuthToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -4468,7 +4610,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: quay.io/3scale/saas-operator:v0.22.0 + image: quay.io/3scale/saas-operator:v0.23.0-alpha.9 livenessProbe: httpGet: path: /healthz @@ -4622,7 +4764,7 @@ spec: - update - watch - apiGroups: - - integreatly.org + - grafana.integreatly.org resources: - grafanadashboards verbs: @@ -5032,4 +5174,4 @@ spec: provider: name: Red Hat url: https://www.3scale.net/ - version: 0.22.0 + version: 0.23.0-alpha.9 diff --git a/bundle/manifests/saas.3scale.net_apicasts.yaml b/bundle/manifests/saas.3scale.net_apicasts.yaml index 950291e0..798b9b8f 100644 --- a/bundle/manifests/saas.3scale.net_apicasts.yaml +++ b/bundle/manifests/saas.3scale.net_apicasts.yaml @@ -153,18 +153,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -182,7 +182,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -210,18 +210,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -239,7 +239,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -1078,18 +1078,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -1107,7 +1107,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -1135,18 +1135,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -1164,7 +1164,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than diff --git a/bundle/manifests/saas.3scale.net_autossls.yaml b/bundle/manifests/saas.3scale.net_autossls.yaml index df9090fa..6f31dc05 100644 --- a/bundle/manifests/saas.3scale.net_autossls.yaml +++ b/bundle/manifests/saas.3scale.net_autossls.yaml @@ -152,18 +152,18 @@ spec: must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -181,7 +181,7 @@ spec: used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than @@ -208,18 +208,18 @@ spec: must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -237,7 +237,7 @@ spec: used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than diff --git a/bundle/manifests/saas.3scale.net_backends.yaml b/bundle/manifests/saas.3scale.net_backends.yaml index 734a589d..30bd2bab 100644 --- a/bundle/manifests/saas.3scale.net_backends.yaml +++ b/bundle/manifests/saas.3scale.net_backends.yaml @@ -41,6 +41,10 @@ spec: description: A reference to the secret holding the backend-error-monitoring key properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -64,6 +68,10 @@ spec: description: A reference to the secret holding the backend-error-monitoring service properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -106,6 +114,10 @@ spec: description: A reference to the secret holding the backend-internal-api password properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -129,6 +141,10 @@ spec: description: A reference to the secret holding the backend-internal-api user properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -165,6 +181,10 @@ spec: description: A reference to the secret holding the backend-system-events-hook password properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -188,6 +208,10 @@ spec: description: A reference to the secret holding the backend-system-events-hook URL properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -638,18 +662,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -667,7 +691,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -695,18 +719,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -724,7 +748,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -1640,18 +1664,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -1669,7 +1693,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -1697,18 +1721,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -1726,7 +1750,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than diff --git a/bundle/manifests/saas.3scale.net_corsproxies.yaml b/bundle/manifests/saas.3scale.net_corsproxies.yaml index 3faa2d86..d6ad032f 100644 --- a/bundle/manifests/saas.3scale.net_corsproxies.yaml +++ b/bundle/manifests/saas.3scale.net_corsproxies.yaml @@ -59,6 +59,10 @@ spec: systemDatabaseDSN: description: System database connection string properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -119,18 +123,18 @@ spec: must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -148,7 +152,7 @@ spec: used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than @@ -175,18 +179,18 @@ spec: must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -204,7 +208,7 @@ spec: used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than diff --git a/bundle/manifests/saas.3scale.net_echoapis.yaml b/bundle/manifests/saas.3scale.net_echoapis.yaml index 4454c5e7..f5b7c6f6 100644 --- a/bundle/manifests/saas.3scale.net_echoapis.yaml +++ b/bundle/manifests/saas.3scale.net_echoapis.yaml @@ -71,18 +71,18 @@ spec: must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -100,7 +100,7 @@ spec: used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than @@ -127,18 +127,18 @@ spec: must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -156,7 +156,7 @@ spec: used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than diff --git a/bundle/manifests/saas.3scale.net_mappingservices.yaml b/bundle/manifests/saas.3scale.net_mappingservices.yaml index b4238b4a..52710a22 100644 --- a/bundle/manifests/saas.3scale.net_mappingservices.yaml +++ b/bundle/manifests/saas.3scale.net_mappingservices.yaml @@ -69,6 +69,10 @@ spec: description: A reference to the secret holding the system admin token properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -130,18 +134,18 @@ spec: must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -159,7 +163,7 @@ spec: used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than @@ -186,18 +190,18 @@ spec: must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -215,7 +219,7 @@ spec: used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than or equal to zero and less than diff --git a/bundle/manifests/saas.3scale.net_systems.yaml b/bundle/manifests/saas.3scale.net_systems.yaml index 2c2adee9..f0595fe1 100644 --- a/bundle/manifests/saas.3scale.net_systems.yaml +++ b/bundle/manifests/saas.3scale.net_systems.yaml @@ -139,18 +139,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -168,7 +168,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -196,18 +196,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -225,7 +225,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -656,6 +656,10 @@ spec: accessCode: description: AccessCode to protect admin urls properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -675,6 +679,29 @@ spec: value. type: string type: object + apicast: + description: Apicast can be used to pass down apicast endpoints + configuration + properties: + cloudHostedRegistryURL: + description: Policies registry URL for Apicast Cloud Hosteed + type: string + productionDomain: + description: Apicast Production endpoint + type: string + selfManagedRegistryURL: + description: Policies registry URL for Apicast Self Managed + (on-prem) + type: string + stagingDomain: + description: Apicast Staging endpoint + type: string + required: + - cloudHostedRegistryURL + - productionDomain + - selfManagedRegistryURL + - stagingDomain + type: object assets: description: Assets has configuration to access assets in AWS s3 @@ -682,6 +709,10 @@ spec: accessKey: description: AWS access key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -710,9 +741,16 @@ spec: region: description: AWS S3 region type: string + s3Endpoint: + description: Assets custom S3 endpoint + type: string secretKey: description: AWS secret access key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -748,6 +786,10 @@ spec: internalAPIPassword: description: Internal API password properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -770,6 +812,10 @@ spec: internalAPIUser: description: Internal API user properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -808,6 +854,10 @@ spec: apiKey: description: API key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -840,6 +890,10 @@ spec: databaseDSN: description: DSN of system's main database properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -860,8 +914,13 @@ spec: type: string type: object databaseSecret: - description: Database secret + description: DatabaseSecret is a site key stored off-database + for improved more secure password hashing See https://github.com/3scale/porta/blob/ae498814cef3d856613f60d29330882fa870271d/config/initializers/site_keys.rb#L2-L19 properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -882,8 +941,13 @@ spec: type: string type: object eventsSharedSecret: - description: EventsSharedSecret + description: EventsSharedSecret is a password that protects System's + event hooks endpoint. properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -931,6 +995,10 @@ spec: clientID: description: Client ID properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -953,6 +1021,10 @@ spec: clientSecret: description: Client secret properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -979,6 +1051,10 @@ spec: mappingServiceAccessToken: description: Mapping Service access token properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1028,6 +1104,10 @@ spec: privateKey: description: Private key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1050,6 +1130,10 @@ spec: publicKey: description: Public key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1079,6 +1163,10 @@ spec: clientID: description: Client ID properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1101,6 +1189,10 @@ spec: clientSecret: description: Client secret properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1155,8 +1247,13 @@ spec: type: integer type: object secretKeyBase: - description: SecretKeyBase + description: 'SecretKeyBase: https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base + You can generate one random key using ''bundle exec rake secret''' properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1182,6 +1279,10 @@ spec: deletionToken: description: Deletion token properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1207,6 +1308,10 @@ spec: writeKey: description: Write key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1246,6 +1351,10 @@ spec: password: description: Password properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1278,6 +1387,10 @@ spec: user: description: User properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1321,6 +1434,10 @@ spec: authToken: description: Zync authentication token properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -2234,18 +2351,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -2263,7 +2380,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -2291,18 +2408,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -2320,7 +2437,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -2864,18 +2981,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -2893,7 +3010,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -2921,18 +3038,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -2950,7 +3067,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -3494,18 +3611,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -3523,7 +3640,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -3551,18 +3668,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -3580,7 +3697,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than diff --git a/bundle/manifests/saas.3scale.net_zyncs.yaml b/bundle/manifests/saas.3scale.net_zyncs.yaml index 963c9ed2..0132d5b5 100644 --- a/bundle/manifests/saas.3scale.net_zyncs.yaml +++ b/bundle/manifests/saas.3scale.net_zyncs.yaml @@ -63,18 +63,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -92,7 +92,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -120,18 +120,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -149,7 +149,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -578,6 +578,10 @@ spec: apiKey: description: API key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -606,6 +610,10 @@ spec: databaseDSN: description: A reference to the secret holding the database DSN properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -669,6 +677,10 @@ spec: secretKeyBase: description: A reference to the secret holding the secret-key-base properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -692,6 +704,10 @@ spec: description: A reference to the secret holding the zync authentication token properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1093,18 +1109,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -1122,7 +1138,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than @@ -1150,18 +1166,18 @@ spec: which must hold true for a specified past interval. properties: periodSeconds: - description: PeriodSeconds specifies the window + description: periodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). format: int32 type: integer type: - description: Type is used to specify the scaling + description: type is used to specify the scaling policy. type: string value: - description: Value contains the amount of change + description: value contains the amount of change which is permitted by the policy. It must be greater than zero format: int32 @@ -1179,7 +1195,7 @@ spec: Max is used. type: string stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the number + description: 'stabilizationWindowSeconds is the number of seconds for which past recommendations should be considered while scaling up or scaling down. StabilizationWindowSeconds must be greater than diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 5d8597be..77fadbff 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -4,8 +4,7 @@ annotations: operators.operatorframework.io.bundle.manifests.v1: manifests/ operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: saas-operator - operators.operatorframework.io.bundle.channels.v1: alpha,stable - operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.bundle.channels.v1: alpha operators.operatorframework.io.metrics.builder: operator-sdk-v1.27.0 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 diff --git a/config/crd/bases/saas.3scale.net_backends.yaml b/config/crd/bases/saas.3scale.net_backends.yaml index ce5f2758..5aee1f62 100644 --- a/config/crd/bases/saas.3scale.net_backends.yaml +++ b/config/crd/bases/saas.3scale.net_backends.yaml @@ -42,6 +42,10 @@ spec: description: A reference to the secret holding the backend-error-monitoring key properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -65,6 +69,10 @@ spec: description: A reference to the secret holding the backend-error-monitoring service properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -107,6 +115,10 @@ spec: description: A reference to the secret holding the backend-internal-api password properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -130,6 +142,10 @@ spec: description: A reference to the secret holding the backend-internal-api user properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -166,6 +182,10 @@ spec: description: A reference to the secret holding the backend-system-events-hook password properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -189,6 +209,10 @@ spec: description: A reference to the secret holding the backend-system-events-hook URL properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault diff --git a/config/crd/bases/saas.3scale.net_corsproxies.yaml b/config/crd/bases/saas.3scale.net_corsproxies.yaml index 9b715376..bc1e95b2 100644 --- a/config/crd/bases/saas.3scale.net_corsproxies.yaml +++ b/config/crd/bases/saas.3scale.net_corsproxies.yaml @@ -60,6 +60,10 @@ spec: systemDatabaseDSN: description: System database connection string properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault diff --git a/config/crd/bases/saas.3scale.net_mappingservices.yaml b/config/crd/bases/saas.3scale.net_mappingservices.yaml index 570a80af..7cc52237 100644 --- a/config/crd/bases/saas.3scale.net_mappingservices.yaml +++ b/config/crd/bases/saas.3scale.net_mappingservices.yaml @@ -70,6 +70,10 @@ spec: description: A reference to the secret holding the system admin token properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault diff --git a/config/crd/bases/saas.3scale.net_systems.yaml b/config/crd/bases/saas.3scale.net_systems.yaml index 09b5dea7..46f40000 100644 --- a/config/crd/bases/saas.3scale.net_systems.yaml +++ b/config/crd/bases/saas.3scale.net_systems.yaml @@ -657,6 +657,10 @@ spec: accessCode: description: AccessCode to protect admin urls properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -676,6 +680,29 @@ spec: value. type: string type: object + apicast: + description: Apicast can be used to pass down apicast endpoints + configuration + properties: + cloudHostedRegistryURL: + description: Policies registry URL for Apicast Cloud Hosteed + type: string + productionDomain: + description: Apicast Production endpoint + type: string + selfManagedRegistryURL: + description: Policies registry URL for Apicast Self Managed + (on-prem) + type: string + stagingDomain: + description: Apicast Staging endpoint + type: string + required: + - cloudHostedRegistryURL + - productionDomain + - selfManagedRegistryURL + - stagingDomain + type: object assets: description: Assets has configuration to access assets in AWS s3 @@ -683,6 +710,10 @@ spec: accessKey: description: AWS access key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -711,9 +742,16 @@ spec: region: description: AWS S3 region type: string + s3Endpoint: + description: Assets custom S3 endpoint + type: string secretKey: description: AWS secret access key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -749,6 +787,10 @@ spec: internalAPIPassword: description: Internal API password properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -771,6 +813,10 @@ spec: internalAPIUser: description: Internal API user properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -809,6 +855,10 @@ spec: apiKey: description: API key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -841,6 +891,10 @@ spec: databaseDSN: description: DSN of system's main database properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -864,6 +918,10 @@ spec: description: DatabaseSecret is a site key stored off-database for improved more secure password hashing See https://github.com/3scale/porta/blob/ae498814cef3d856613f60d29330882fa870271d/config/initializers/site_keys.rb#L2-L19 properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -887,6 +945,10 @@ spec: description: EventsSharedSecret is a password that protects System's event hooks endpoint. properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -934,6 +996,10 @@ spec: clientID: description: Client ID properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -956,6 +1022,10 @@ spec: clientSecret: description: Client secret properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -982,6 +1052,10 @@ spec: mappingServiceAccessToken: description: Mapping Service access token properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1031,6 +1105,10 @@ spec: privateKey: description: Private key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1053,6 +1131,10 @@ spec: publicKey: description: Public key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1082,6 +1164,10 @@ spec: clientID: description: Client ID properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1104,6 +1190,10 @@ spec: clientSecret: description: Client secret properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1161,6 +1251,10 @@ spec: description: 'SecretKeyBase: https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base You can generate one random key using ''bundle exec rake secret''' properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1186,6 +1280,10 @@ spec: deletionToken: description: Deletion token properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1211,6 +1309,10 @@ spec: writeKey: description: Write key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1250,6 +1352,10 @@ spec: password: description: Password properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1282,6 +1388,10 @@ spec: user: description: User properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -1325,6 +1435,10 @@ spec: authToken: description: Zync authentication token properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault diff --git a/config/crd/bases/saas.3scale.net_zyncs.yaml b/config/crd/bases/saas.3scale.net_zyncs.yaml index e318297d..f2e62521 100644 --- a/config/crd/bases/saas.3scale.net_zyncs.yaml +++ b/config/crd/bases/saas.3scale.net_zyncs.yaml @@ -579,6 +579,10 @@ spec: apiKey: description: API key properties: + fromSeed: + description: FromSeed will try to retrieve the secret + value from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -607,6 +611,10 @@ spec: databaseDSN: description: A reference to the secret holding the database DSN properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -670,6 +678,10 @@ spec: secretKeyBase: description: A reference to the secret holding the secret-key-base properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault @@ -693,6 +705,10 @@ spec: description: A reference to the secret holding the zync authentication token properties: + fromSeed: + description: FromSeed will try to retrieve the secret value + from the default seed Secret. + type: object fromVault: description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault diff --git a/config/dependencies/tekton/kustomization.yaml b/config/dependencies/tekton/kustomization.yaml new file mode 100644 index 00000000..a9c0a49f --- /dev/null +++ b/config/dependencies/tekton/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.49.0/release.yaml diff --git a/config/local-setup/README.md b/config/local-setup/README.md index e5d059be..747c5802 100644 --- a/config/local-setup/README.md +++ b/config/local-setup/README.md @@ -1,6 +1,6 @@ # Instructions -1. Create the file `config/local-setup/secrets/pull-secrets.json` with the registry auths required (for private repositories used). Example: +1. Create the file `config/local-setup/env-inputs/pull-secrets.json` with the registry auths required (for private repositories used). Example: ```json { @@ -15,7 +15,51 @@ } ``` -1. Issue the following commands +2. Create the file `config/local-setup/env-inputs/seed.env` with the following contents. Change the values to your heart's content: + +```bash +MYSQL_ROOT_PASSWORD=password +MYSQL_DATABASE=system_enterprise +MYSQL_USER=app +MYSQL_PASSWORD=password +POSTGRES_USER=app +POSTGRES_PASSWORD=password +POSTGRES_DB=zync +BACKEND_INTERNAL_API_USER=user +BACKEND_INTERNAL_API_PASSWORD=password +SYSTEM_MASTER_USER=admin +SYSTEM_MASTER_PASSWORD=master-pass +SYSTEM_MASTER_ACCESS_TOKEN=mtoken +SYSTEM_TENANT_USER=admin +SYSTEM_TENANT_PASSWORD=provider-pass +SYSTEM_TENANT_TOKEN=ptoken +SYSTEM_APICAST_TOKEN=atoken +SYSTEM_EVENTS_SHARED_SECRET=password +SYSTEM_ASSETS_S3_ACCESS_KEY=admin +SYSTEM_ASSETS_S3_SECRET_KEY=admin1234 +SYSTEM_SECRET_KEY_BASE=xxxxx +SYSTEM_DATABASE_SECRET=xxxxx +SYSTEM_SMTP_USER="" +SYSTEM_SMTP_PASSWORD="" +SYSTEM_ACCESS_CODE="" +SYSTEM_SEGMENT_DELETION_TOKEN="" +SYSTEM_SEGMENT_WRITE_KEY="" +SYSTEM_GITHUB_CLIENT_ID="" +SYSTEM_GITHUB_CLIENT_SECRET="" +SYSTEM_RH_CUSTOMER_PORTAL_CLIENT_ID="" +SYSTEM_RH_CUSTOMER_PORTAL_CLIENT_SECRET="" +SYSTEM_BUGSNAG_API_KEY="" +SYSTEM_RECAPTCHA_PUBLIC_KEY="" +SYSTEM_RECAPTCHA_PRIVATE_KEY="" +ZYNC_SECRET_KEY_BASE=xxxxx +ZYNC_AUTH_TOKEN=ztoken +ZYNC_BUGSNAG_API_KEY="" +``` + +3. You can tweak configurations in `config/local-setup/env-inputs/configuration.yaml`. + + +4. Issue the following commands ```bash make kind-create diff --git a/config/local-setup/databases/kustomization.yaml b/config/local-setup/databases/kustomization.yaml index d73c1c48..39b55a20 100644 --- a/config/local-setup/databases/kustomization.yaml +++ b/config/local-setup/databases/kustomization.yaml @@ -1,5 +1,5 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component namespace: default resources: - autossl-redis diff --git a/config/local-setup/databases/system-mysql/resources.yaml b/config/local-setup/databases/system-mysql/resources.yaml index 6f314cb0..84e31855 100644 --- a/config/local-setup/databases/system-mysql/resources.yaml +++ b/config/local-setup/databases/system-mysql/resources.yaml @@ -24,13 +24,25 @@ spec: # - --default-authentication-plugin=mysql_native_password env: - name: MYSQL_ROOT_PASSWORD - value: password + valueFrom: + secretKeyRef: + name: saas-seed + key: MYSQL_ROOT_PASSWORD - name: MYSQL_DATABASE - value: system_enterprise + valueFrom: + secretKeyRef: + name: saas-seed + key: MYSQL_DATABASE - name: MYSQL_USER - value: app + valueFrom: + secretKeyRef: + name: saas-seed + key: MYSQL_USER - name: MYSQL_PASSWORD - value: password + valueFrom: + secretKeyRef: + name: saas-seed + key: MYSQL_PASSWORD ports: - name: mysql containerPort: 3306 diff --git a/config/local-setup/databases/zync-postgresql/resources.yaml b/config/local-setup/databases/zync-postgresql/resources.yaml index db90e5a4..96a53bd6 100644 --- a/config/local-setup/databases/zync-postgresql/resources.yaml +++ b/config/local-setup/databases/zync-postgresql/resources.yaml @@ -24,11 +24,20 @@ spec: containerPort: 5432 env: - name: POSTGRES_USER - value: app + valueFrom: + secretKeyRef: + name: saas-seed + key: POSTGRES_USER - name: POSTGRES_PASSWORD - value: password + valueFrom: + secretKeyRef: + name: saas-seed + key: POSTGRES_PASSWORD - name: POSTGRES_DB - value: zync + valueFrom: + secretKeyRef: + name: saas-seed + key: POSTGRES_DB - name: PGDATA value: /var/lib/postgresql/data/pgdata - name: POD_IP diff --git a/config/local-setup/env-inputs/.gitignore b/config/local-setup/env-inputs/.gitignore new file mode 100644 index 00000000..97ad430d --- /dev/null +++ b/config/local-setup/env-inputs/.gitignore @@ -0,0 +1,3 @@ +pull-secrets.json +seed.env +seed-secret.yaml diff --git a/config/local-setup/configuration.yaml b/config/local-setup/env-inputs/configuration.yaml similarity index 72% rename from config/local-setup/configuration.yaml rename to config/local-setup/env-inputs/configuration.yaml index c0a306cb..445321d3 100644 --- a/config/local-setup/configuration.yaml +++ b/config/local-setup/env-inputs/configuration.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: config + annotations: + config.kubernetes.io/local-config: "true" data: # APICAST CONFIGURATION APICAST_IMAGE_NAME: quay.io/3scale/apicast-cloud-hosted @@ -39,3 +41,14 @@ data: # ENVOY CONFIGURATION ENVOY_IMAGE: envoyproxy/envoy:v1.22.11 + + # DOMAIN CONFIGURATION + SYSTEM_ENDPOINT: multitenant-admin.system-172-27-27-105.nip.io + BACKEND_ENDPOINT: backend-172-27-27-100.nip.io + APICAST_STAGING_DOMAIN: staging-172-27-27-102.nip.io + APICAST_PRODUCTION_DOMAIN: production-172-27-27-101.nip.io + AUTOSSL_ENDPOINT: autossl-172-27-27-104.nip.io + ECHOAPI_ENDPOINT: echo-api-172-27-27-103.nip.io + + # CERTIFICATE CONFIG + CERT_MANAGER_ISSUER: selfsigned-cluster-issuer \ No newline at end of file diff --git a/config/local-setup/secrets/kustomization.yaml b/config/local-setup/env-inputs/kustomization.yaml similarity index 66% rename from config/local-setup/secrets/kustomization.yaml rename to config/local-setup/env-inputs/kustomization.yaml index 968c6e33..bea206d4 100644 --- a/config/local-setup/secrets/kustomization.yaml +++ b/config/local-setup/env-inputs/kustomization.yaml @@ -1,7 +1,9 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component namespace: default - +resources: +- configuration.yaml +- seed-secret.yaml secretGenerator: - name: pull-secrets behavior: create diff --git a/config/local-setup/env-inputs/seed-secret.yaml.envsubst b/config/local-setup/env-inputs/seed-secret.yaml.envsubst new file mode 100644 index 00000000..1b91cc41 --- /dev/null +++ b/config/local-setup/env-inputs/seed-secret.yaml.envsubst @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: Secret +metadata: + name: saas-seed +type: Opaque +stringData: + # MYSQL + MYSQL_ROOT_PASSWORD: "${MYSQL_ROOT_PASSWORD}" + MYSQL_DATABASE: "${MYSQL_DATABASE}" + MYSQL_USER: "${MYSQL_USER}" + MYSQL_PASSWORD: "${MYSQL_PASSWORD}" + # POSTGRESQL + POSTGRES_USER: "${POSTGRES_USER}" + POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}" + POSTGRES_DB: "${POSTGRES_DB}" + # SaaS secret config + backend-internal-api-user: "${BACKEND_INTERNAL_API_USER}" + backend-internal-api-password: "${BACKEND_INTERNAL_API_PASSWORD}" + system-master-user: "${SYSTEM_MASTER_USER}" + system-master-password: "${SYSTEM_MASTER_PASSWORD}" + system-master-access-token: "${SYSTEM_MASTER_ACCESS_TOKEN}" + system-tenant-user: "${SYSTEM_TENANT_USER}" + system-tenant-password: "${SYSTEM_TENANT_PASSWORD}" + system-tenant-token: "${SYSTEM_TENANT_TOKEN}" + system-apicast-access-token: "${SYSTEM_APICAST_TOKEN}" + system-database-dsn: "mysql2://${MYSQL_USER}:${MYSQL_PASSWORD}@system-mysql:3306/${MYSQL_DATABASE}" + system-events-shared-secret: "${SYSTEM_EVENTS_SHARED_SECRET}" + system-assets-s3-aws-access-key: "${SYSTEM_ASSETS_S3_ACCESS_KEY}" + system-assets-s3-aws-secret-key: "${SYSTEM_ASSETS_S3_SECRET_KEY}" + system-secret-key-base: "${SYSTEM_SECRET_KEY_BASE}" + system-database-secret: "${SYSTEM_DATABASE_SECRET}" + system-smpt-user: "${SYSTEM_SMTP_USER}" + system-smpt-password: "${SYSTEM_SMTP_PASSWORD}" + system-access-code: "${SYSTEM_ACCESS_CODE}" + system-segment-deletion-token: "${SYSTEM_SEGMENT_DELETION_TOKEN}" + system-segment-write-key: "${SYSTEM_SEGMENT_WRITE_KEY}" + system-github-client-id: "${SYSTEM_GITHUB_CLIENT_ID}" + system-github-client-secret: "${SYSTEM_GITHUB_CLIENT_SECRET}" + system-rh-customer-portal-client-id: "${SYSTEM_RH_CUSTOMER_PORTAL_CLIENT_ID}" + system-rh-customer-portal-client-secret: "${SYSTEM_RH_CUSTOMER_PORTAL_CLIENT_SECRET}" + system-bugsnag-api-key: "${SYSTEM_BUGSNAG_API_KEY}" + system-recaptcha-public-key: "${SYSTEM_RECAPTCHA_PUBLIC_KEY}" + system-recaptcha-private-key: "${SYSTEM_RECAPTCHA_PRIVATE_KEY}" + zync-database-url: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@zync-psql:5432/${POSTGRES_DB}" + zync-secret-key-base: "${ZYNC_SECRET_KEY_BASE}" + zync-auth-token: "${ZYNC_AUTH_TOKEN}" + zync-bugsnag-api-key: "${ZYNC_BUGSNAG_API_KEY}" \ No newline at end of file diff --git a/config/local-setup/kustomization.yaml b/config/local-setup/kustomization.yaml index 2299fa44..4cda311b 100644 --- a/config/local-setup/kustomization.yaml +++ b/config/local-setup/kustomization.yaml @@ -1,54 +1,4 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: default - -resources: - - discoveryservice.yaml - - configuration.yaml - - secrets - - apicast.yaml - - mappingservice.yaml - - autossl.yaml - - backend.yaml - - corsproxy.yaml - - echoapi.yaml - - zync.yaml - - system.yaml - - mt-ingress.yaml - -secretGenerator: - - name: system-config - files: - - system-config/amazon_s3.yml - - system-config/backend.yml - - system-config/backend_redis.yml - # - system-config/banned_domains.yml - - system-config/cache_store.yml - - system-config/core.yml - - system-config/cors.yml - - system-config/currencies.yml - - system-config/database.yml - - system-config/features.yml - # - system-config/internal_domains.yml - - system-config/oauth2.yml - - system-config/paperclip.yml - # - system-config/plan_rules.yml - - system-config/redhat_customer_portal.yml - - system-config/redis.yml - # - system-config/rolling_updates.yml - - system-config/sandbox_proxy.yml - - system-config/secrets.yml - - system-config/segment.yml - - system-config/service_discovery.yml - - system-config/settings.yml - - system-config/sidekiq_schedule.yml - - system-config/smtp.yml - - system-config/web_hooks.yml - - system-config/zync.yml - options: - disableNameSuffixHash: true - labels: - threescale_component_element: config - -replacements: - - path: replacements/images.yaml +components: + - env-inputs + - databases + - workloads \ No newline at end of file diff --git a/config/local-setup/secrets/.gitignore b/config/local-setup/secrets/.gitignore deleted file mode 100644 index c491cbed..00000000 --- a/config/local-setup/secrets/.gitignore +++ /dev/null @@ -1 +0,0 @@ -pull-secrets.json \ No newline at end of file diff --git a/config/local-setup/system-config/sandbox_proxy.yml b/config/local-setup/system-config/sandbox_proxy.yml deleted file mode 100644 index 67846898..00000000 --- a/config/local-setup/system-config/sandbox_proxy.yml +++ /dev/null @@ -1,10 +0,0 @@ -production: - test_api_hosts: - - echo-api-172-27-27-103.nip.io - ignore_test_failures: [] - apicast_staging_endpoint: https://%{system_name}-%{account_id}.staging-172-27-27-102.nip.io - apicast_production_endpoint: https://%{system_name}-%{account_id}.production-172-27-27-101.nip.io - apicast_registry_url: http://apicast-staging-management:8090/policies - self_managed_apicast_registry_url: http://policies.apicast.io/latest/policies.json - backend_endpoint: <%= ENV.fetch('BACKEND_PUBLIC_URL') %> - verify_mode: <%= ::OpenSSL::SSL::VERIFY_PEER %> diff --git a/config/local-setup/system.yaml b/config/local-setup/system.yaml deleted file mode 100644 index e1626be7..00000000 --- a/config/local-setup/system.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: saas.3scale.net/v1alpha1 -kind: System -metadata: - name: system -spec: - image: - name: REPLACE - tag: REPLACE - pullSecretName: pull-secrets - pullPolicy: Always - config: - configFilesSecret: system-config - threescaleSuperdomain: system-172-27-27-105.nip.io - rails: - console: true - environment: production - logLevel: info - redis: - queuesDSN: "redis://system-redis:6379" - backend: - externalEndpoint: "http://backend-172-27-27-100.nip.io" - internalAPIPassword: - override: backend-internal-api-password - internalAPIUser: - override: backend-internal-api-user - internalEndpoint: "http://backend-listener-internal" - redisDSN: "redis://backend-redis:6379/0" - assets: - bucket: system-assets # check config/amazon_s3.yml for the specific minio configuration (https://github.com/3scale/porta/blob/master/openshift/system/config/amazon_s3.yml) - region: us-east-1 - accessKey: - override: admin - secretKey: - override: admin123 - databaseDSN: - override: mysql2://app:password@system-mysql/system_enterprise - databaseSecret: - override: databasesecret - secretKeyBase: - override: 7f3b35479601a66da53071175c4833c888c2630fcafa496dc4046d143ea38666e075116bb4bac3c287b6e5d925815d5958c361786f89dc4211f6ca713ef3487e - eventsSharedSecret: - override: system-events-shared-secret - searchServer: - host: system-searchd - zync: - authToken: - override: zync-auth-token - endpoint: "http://zync:8080" - smtp: - address: smtp.sendgrid.net - authProtocol: plain - opensslVerifyMode: peer - password: - override: "" - port: 587 - starttls: true - starttlsAuto: false - user: - override: "" - github: - clientID: - override: "" - clientSecret: - override: "" - mappingServiceAccessToken: - override: apicast-mtoken - memcachedServers: system-memcached:11211 - recaptcha: - privateKey: - override: "" - publicKey: - override: "" - redhatCustomerPortal: - clientID: - override: "" - clientSecret: - override: "" - realm: "" - segment: - deletionToken: - override: "" - deletionWorkspace: "" - writeKey: - override: "" - app: - hpa: {} - pdb: {} - replicas: 1 - console: {} - searchd: - enabled: true - image: - name: REPLACE - tag: REPLACE - pullSecretName: pull-secrets - pullPolicy: Always - config: - databaseStorageSize: 1Gi - sidekiqBilling: - config: - maxThreads: 5 - hpa: {} - pdb: {} - resources: {} - replicas: 1 - sidekiqDefault: - config: - maxThreads: 5 - hpa: {} - pdb: {} - resources: {} - replicas: 1 - sidekiqLow: - config: - maxThreads: 5 - hpa: {} - pdb: {} - resources: {} - replicas: 1 diff --git a/config/local-setup/apicast.yaml b/config/local-setup/workloads/apicast.yaml similarity index 89% rename from config/local-setup/apicast.yaml rename to config/local-setup/workloads/apicast.yaml index b18f541f..029caf89 100644 --- a/config/local-setup/apicast.yaml +++ b/config/local-setup/workloads/apicast.yaml @@ -12,8 +12,10 @@ spec: config: configurationCache: 300 threescalePortalEndpoint: "http://mapping-service/config" - endpoint: {dns: []} + endpoint: {dns: ['*.REPLACE']} hpa: {} + loadBalancer: + proxyProtocol: false marin3r: dynamicConfigs: gateway_cluster: @@ -60,8 +62,10 @@ spec: config: configurationCache: 60 threescalePortalEndpoint: "http://mapping-service/config" - endpoint: {dns: []} + endpoint: {dns: ['*.REPLACE']} hpa: {} + loadBalancer: + proxyProtocol: false marin3r: dynamicConfigs: gateway_cluster: @@ -80,13 +84,6 @@ spec: router: routeConfiguration: virtualHosts: - - domains: [policies.staging-172-27-27-102.nip.io] - name: policies - routes: - - match: - prefix: /policies - route: - cluster: mgmt_cluster - domains: ["*"] name: gateway routes: diff --git a/config/local-setup/autossl.yaml b/config/local-setup/workloads/autossl.yaml similarity index 64% rename from config/local-setup/autossl.yaml rename to config/local-setup/workloads/autossl.yaml index 884bc80a..9961ee2a 100644 --- a/config/local-setup/autossl.yaml +++ b/config/local-setup/workloads/autossl.yaml @@ -12,10 +12,10 @@ spec: contactEmail: 3scale-operations@redhat.com domainWhitelist: [] logLevel: debug - proxyEndpoint: "https://multitenant-admin.system-172-27-27-105.nip.io" + proxyEndpoint: https://REPLACE redisHost: autossl-redis - verificationEndpoint: "https://multitenant-admin.system-172-27-27-105.nip.io/swagger/spec.json" - endpoint: {dns: []} + verificationEndpoint: https://REPLACE/swagger/spec.json + endpoint: {dns: [REPLACE]} hpa: {} pdb: {} replicas: 1 diff --git a/config/local-setup/backend.yaml b/config/local-setup/workloads/backend.yaml similarity index 86% rename from config/local-setup/backend.yaml rename to config/local-setup/workloads/backend.yaml index 43ebb83e..bc311b1b 100644 --- a/config/local-setup/backend.yaml +++ b/config/local-setup/workloads/backend.yaml @@ -11,23 +11,21 @@ spec: pullPolicy: Always config: masterServiceID: 1 - internalAPIPassword: - override: backend-internal-api-password - internalAPIUser: - override: backend-internal-api-user + internalAPIPassword: {fromSeed: {}} + internalAPIUser: {fromSeed: {}} rackEnv: preview redisQueuesDSN: "redis://backend-redis:6379/1" redisStorageDSN: "redis://backend-redis:6379/0" - systemEventsHookPassword: - override: system-events-shared-secret - systemEventsHookURL: - override: "https://system-172-27-27-105.nip.io/master/events/import" + systemEventsHookPassword: {} + systemEventsHookURL: {override: https://REPLACE/master/events/import } listener: config: listenerWorkers: 1 redisAsync: true - endpoint: {dns: []} + endpoint: {dns: [REPLACE]} hpa: {} + loadBalancer: + proxyProtocol: false marin3r: dynamicConfigs: backend_listener_cluster: diff --git a/config/local-setup/corsproxy.yaml b/config/local-setup/workloads/corsproxy.yaml similarity index 72% rename from config/local-setup/corsproxy.yaml rename to config/local-setup/workloads/corsproxy.yaml index 9d243b50..4cfcd447 100644 --- a/config/local-setup/corsproxy.yaml +++ b/config/local-setup/workloads/corsproxy.yaml @@ -9,8 +9,7 @@ spec: pullSecretName: pull-secrets pullPolicy: Always config: - systemDatabaseDSN: - override: mysql://app:password@system-mysql:3306/system_enterprise + systemDatabaseDSN: {fromSeed: {}} hpa: {} pdb: {} replicas: 1 diff --git a/config/local-setup/workloads/db-setup-pipelinerun.yaml b/config/local-setup/workloads/db-setup-pipelinerun.yaml new file mode 100644 index 00000000..9166500d --- /dev/null +++ b/config/local-setup/workloads/db-setup-pipelinerun.yaml @@ -0,0 +1,7 @@ +apiVersion: tekton.dev/v1beta1 +kind: PipelineRun +metadata: + generateName: run-system-db-setup- +spec: + pipelineRef: + name: system-db-setup diff --git a/config/local-setup/discoveryservice.yaml b/config/local-setup/workloads/discoveryservice.yaml similarity index 100% rename from config/local-setup/discoveryservice.yaml rename to config/local-setup/workloads/discoveryservice.yaml diff --git a/config/local-setup/echoapi.yaml b/config/local-setup/workloads/echoapi.yaml similarity index 93% rename from config/local-setup/echoapi.yaml rename to config/local-setup/workloads/echoapi.yaml index 0124ed0c..b39f8616 100644 --- a/config/local-setup/echoapi.yaml +++ b/config/local-setup/workloads/echoapi.yaml @@ -3,13 +3,15 @@ kind: EchoAPI metadata: name: echo-api spec: - endpoint: {dns: []} + endpoint: {dns: [REPLACE]} hpa: {} image: name: REPLACE tag: REPLACE pullSecretName: pull-secrets pullPolicy: Always + loadBalancer: + proxyProtocol: false marin3r: dynamicConfigs: echo_api_cluster: diff --git a/config/local-setup/workloads/kustomization.yaml b/config/local-setup/workloads/kustomization.yaml new file mode 100644 index 00000000..dd105ecf --- /dev/null +++ b/config/local-setup/workloads/kustomization.yaml @@ -0,0 +1,53 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +namespace: default + +resources: + - discoveryservice.yaml + - apicast.yaml + - mappingservice.yaml + - autossl.yaml + - backend.yaml + - corsproxy.yaml + - echoapi.yaml + - zync.yaml + - system.yaml + - mt-ingress.yaml + +secretGenerator: + - name: system-config + files: + - system-config/amazon_s3.yml + - system-config/backend.yml + - system-config/backend_redis.yml + # - system-config/banned_domains.yml + - system-config/cache_store.yml + - system-config/core.yml + - system-config/cors.yml + - system-config/currencies.yml + - system-config/database.yml + - system-config/features.yml + # - system-config/internal_domains.yml + - system-config/oauth2.yml + - system-config/paperclip.yml + # - system-config/plan_rules.yml + - system-config/redhat_customer_portal.yml + - system-config/redis.yml + # - system-config/rolling_updates.yml + - system-config/sandbox_proxy.yml + - system-config/secrets.yml + - system-config/segment.yml + - system-config/service_discovery.yml + - system-config/settings.yml + - system-config/sidekiq_schedule.yml + - system-config/smtp.yml + - system-config/web_hooks.yml + - system-config/zync.yml + options: + disableNameSuffixHash: true + labels: + threescale_component_element: config + +replacements: + - path: replacements/images.yaml + - path: replacements/domains.yaml diff --git a/config/local-setup/mappingservice.yaml b/config/local-setup/workloads/mappingservice.yaml similarity index 68% rename from config/local-setup/mappingservice.yaml rename to config/local-setup/workloads/mappingservice.yaml index 74eed694..2db2f553 100644 --- a/config/local-setup/mappingservice.yaml +++ b/config/local-setup/workloads/mappingservice.yaml @@ -4,9 +4,8 @@ metadata: name: mapping-service spec: config: - apiHost: https://multitenant-admin.system-172-27-27-105.nip.io - systemAdminToken: - override: apicast-mtoken + apiHost: https://REPLACE + systemAdminToken: {fromSeed: {}} image: name: REPLACE tag: REPLACE diff --git a/config/local-setup/mt-ingress.yaml b/config/local-setup/workloads/mt-ingress.yaml similarity index 89% rename from config/local-setup/mt-ingress.yaml rename to config/local-setup/workloads/mt-ingress.yaml index cbadd9bd..ca256c95 100644 --- a/config/local-setup/mt-ingress.yaml +++ b/config/local-setup/workloads/mt-ingress.yaml @@ -3,7 +3,7 @@ kind: Certificate metadata: name: mt-ingress-cert spec: - dnsNames: ["*.system-172-27-27-105.nip.io"] + dnsNames: ['*.REPLACE'] issuerRef: kind: ClusterIssuer name: selfsigned-cluster-issuer @@ -35,6 +35,15 @@ spec: apiVersion: v1 kind: Service metadata: + annotations: + external-dns.alpha.kubernetes.io/hostname: '*.REPLACE' + service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled: "true" + service.beta.kubernetes.io/aws-load-balancer-connection-draining-timeout: "60" + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" + service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: "2" + service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: "5" + service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: "3" + service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: "2" labels: app: mt-ingress name: mt-ingress diff --git a/config/local-setup/workloads/replacements/domains.yaml b/config/local-setup/workloads/replacements/domains.yaml new file mode 100644 index 00000000..e6f2cad2 --- /dev/null +++ b/config/local-setup/workloads/replacements/domains.yaml @@ -0,0 +1,146 @@ +# CONFIGURE APICAST ENDPOINTS +- source: + kind: ConfigMap + name: config + fieldPath: data.APICAST_STAGING_DOMAIN + targets: + - select: + kind: Apicast + fieldPaths: + - spec.staging.endpoint.dns.0 + options: + delimiter: "." + index: 1 + - select: + kind: System + fieldPaths: + - spec.config.apicast.stagingDomain +- source: + kind: ConfigMap + name: config + fieldPath: data.APICAST_PRODUCTION_DOMAIN + targets: + - select: + kind: Apicast + fieldPaths: + - spec.production.endpoint.dns.0 + options: + delimiter: "." + index: 1 + - select: + kind: System + fieldPaths: + - spec.config.apicast.productionDomain + +# CONFIGURE AUTOSSL ENDPOINT +- source: + kind: ConfigMap + name: config + fieldPath: data.SYSTEM_ENDPOINT + targets: + - select: + kind: AutoSSL + fieldPaths: + - spec.config.proxyEndpoint + - spec.config.verificationEndpoint + options: + delimiter: "/" + index: 2 +- source: + kind: ConfigMap + name: config + fieldPath: data.AUTOSSL_ENDPOINT + targets: + - select: + kind: AutoSSL + fieldPaths: + - spec.endpoint.dns.0 + +# CONFIGURE ECHOAPI ENDPOINT +- source: + kind: ConfigMap + name: config + fieldPath: data.ECHOAPI_ENDPOINT + targets: + - select: + kind: EchoAPI + fieldPaths: + - spec.endpoint.dns.0 + +# CONFIGURE BACKEND ENDPOINT +- source: + kind: ConfigMap + name: config + fieldPath: data.BACKEND_ENDPOINT + targets: + - select: + kind: Backend + fieldPaths: + - spec.listener.endpoint.dns.0 + - select: + kind: System + fieldPaths: + - spec.config.backend.externalEndpoint + options: + delimiter: "/" + index: 2 + +# CONFIGURE SYSTEM ENDPOINT +- source: + kind: ConfigMap + name: config + fieldPath: data.SYSTEM_ENDPOINT + targets: + - select: + kind: Backend + fieldPaths: + - spec.config.systemEventsHookURL.override + options: + delimiter: "/" + index: 2 + - select: + kind: MappingService + fieldPaths: + - spec.config.apiHost + options: + delimiter: "/" + index: 2 +- source: + kind: ConfigMap + name: config + fieldPath: data.SYSTEM_ENDPOINT + options: + delimiter: "multitenant-admin." + index: 1 + targets: + - select: + kind: System + fieldPaths: + - spec.config.threescaleSuperdomain + - select: + kind: Service + name: mt-ingress + fieldPaths: + - metadata.annotations.[external-dns.alpha.kubernetes.io/hostname] + options: + delimiter: "." + index: 1 + - select: + kind: Certificate + name: mt-ingress-cert + fieldPaths: + - spec.dnsNames.0 + options: + delimiter: "." + index: 1 + +# CERT-MANAGER +- source: + kind: ConfigMap + name: config + fieldPath: data.CERT_MANAGER_ISSUER + targets: + - select: + kind: Certificate + fieldPaths: + - spec.issuerRef.name diff --git a/config/local-setup/replacements/images.yaml b/config/local-setup/workloads/replacements/images.yaml similarity index 100% rename from config/local-setup/replacements/images.yaml rename to config/local-setup/workloads/replacements/images.yaml diff --git a/config/local-setup/system-config/amazon_s3.yml b/config/local-setup/workloads/system-config/amazon_s3.yml similarity index 53% rename from config/local-setup/system-config/amazon_s3.yml rename to config/local-setup/workloads/system-config/amazon_s3.yml index 27070209..02fe1fbf 100644 --- a/config/local-setup/system-config/amazon_s3.yml +++ b/config/local-setup/workloads/system-config/amazon_s3.yml @@ -1,17 +1,14 @@ default: &default {} s3: &s3 - # access_key_id: "<%= ENV['AWS_ACCESS_KEY_ID'] %>" -> can't pass custom envvars to System, not supported - access_key_id: admin - # secret_access_key: "<%= ENV['AWS_SECRET_ACCESS_KEY'] %>" -> can't pass custom envvars to System, not supported - secret_access_key: admin123 + access_key_id: "<%= ENV['AWS_ACCESS_KEY_ID'] %>" + secret_access_key: "<%= ENV['AWS_SECRET_ACCESS_KEY'] %>" role_arn: "<%= ENV['AWS_ROLE_ARN'] %>" web_identity_token_file: "<%= ENV['AWS_WEB_IDENTITY_TOKEN_FILE'] %>" role_session_name: <%= ENV['AWS_ROLE_SESSION_NAME'].presence || '3scale-porta' %> bucket: "<%= ENV['AWS_BUCKET'] %>" region: "<%= ENV['AWS_REGION'] %>" - # hostname: "<%= ENV['AWS_HOSTNAME'] %>" -> can't pass custom envvars to System, not supported - hostname: "http://minio.minio.svc.cluster.local:9000" + hostname: "<%= ENV['AWS_S3_HOSTNAME'] %>" protocol: "<%= ENV['AWS_PROTOCOL'] %>" force_path_style: <%= ENV['AWS_PATH_STYLE'].presence || false %> diff --git a/config/local-setup/system-config/backend.yml b/config/local-setup/workloads/system-config/backend.yml similarity index 100% rename from config/local-setup/system-config/backend.yml rename to config/local-setup/workloads/system-config/backend.yml diff --git a/config/local-setup/system-config/backend_redis.yml b/config/local-setup/workloads/system-config/backend_redis.yml similarity index 100% rename from config/local-setup/system-config/backend_redis.yml rename to config/local-setup/workloads/system-config/backend_redis.yml diff --git a/config/local-setup/system-config/cache_store.yml b/config/local-setup/workloads/system-config/cache_store.yml similarity index 100% rename from config/local-setup/system-config/cache_store.yml rename to config/local-setup/workloads/system-config/cache_store.yml diff --git a/config/local-setup/system-config/core.yml b/config/local-setup/workloads/system-config/core.yml similarity index 100% rename from config/local-setup/system-config/core.yml rename to config/local-setup/workloads/system-config/core.yml diff --git a/config/local-setup/system-config/cors.yml b/config/local-setup/workloads/system-config/cors.yml similarity index 100% rename from config/local-setup/system-config/cors.yml rename to config/local-setup/workloads/system-config/cors.yml diff --git a/config/local-setup/system-config/currencies.yml b/config/local-setup/workloads/system-config/currencies.yml similarity index 100% rename from config/local-setup/system-config/currencies.yml rename to config/local-setup/workloads/system-config/currencies.yml diff --git a/config/local-setup/system-config/database.yml b/config/local-setup/workloads/system-config/database.yml similarity index 100% rename from config/local-setup/system-config/database.yml rename to config/local-setup/workloads/system-config/database.yml diff --git a/config/local-setup/system-config/features.yml b/config/local-setup/workloads/system-config/features.yml similarity index 100% rename from config/local-setup/system-config/features.yml rename to config/local-setup/workloads/system-config/features.yml diff --git a/config/local-setup/system-config/oauth2.yml b/config/local-setup/workloads/system-config/oauth2.yml similarity index 100% rename from config/local-setup/system-config/oauth2.yml rename to config/local-setup/workloads/system-config/oauth2.yml diff --git a/config/local-setup/system-config/paperclip.yml b/config/local-setup/workloads/system-config/paperclip.yml similarity index 100% rename from config/local-setup/system-config/paperclip.yml rename to config/local-setup/workloads/system-config/paperclip.yml diff --git a/config/local-setup/system-config/redhat_customer_portal.yml b/config/local-setup/workloads/system-config/redhat_customer_portal.yml similarity index 100% rename from config/local-setup/system-config/redhat_customer_portal.yml rename to config/local-setup/workloads/system-config/redhat_customer_portal.yml diff --git a/config/local-setup/system-config/redis.yml b/config/local-setup/workloads/system-config/redis.yml similarity index 100% rename from config/local-setup/system-config/redis.yml rename to config/local-setup/workloads/system-config/redis.yml diff --git a/config/local-setup/system-config/removed/banned_domains.yml b/config/local-setup/workloads/system-config/removed/banned_domains.yml similarity index 100% rename from config/local-setup/system-config/removed/banned_domains.yml rename to config/local-setup/workloads/system-config/removed/banned_domains.yml diff --git a/config/local-setup/system-config/removed/internal_domains.yml b/config/local-setup/workloads/system-config/removed/internal_domains.yml similarity index 100% rename from config/local-setup/system-config/removed/internal_domains.yml rename to config/local-setup/workloads/system-config/removed/internal_domains.yml diff --git a/config/local-setup/system-config/removed/plan_rules.yml b/config/local-setup/workloads/system-config/removed/plan_rules.yml similarity index 100% rename from config/local-setup/system-config/removed/plan_rules.yml rename to config/local-setup/workloads/system-config/removed/plan_rules.yml diff --git a/config/local-setup/system-config/removed/rolling_updates.yml b/config/local-setup/workloads/system-config/removed/rolling_updates.yml similarity index 100% rename from config/local-setup/system-config/removed/rolling_updates.yml rename to config/local-setup/workloads/system-config/removed/rolling_updates.yml diff --git a/config/local-setup/workloads/system-config/sandbox_proxy.yml b/config/local-setup/workloads/system-config/sandbox_proxy.yml new file mode 100644 index 00000000..acd5ac48 --- /dev/null +++ b/config/local-setup/workloads/system-config/sandbox_proxy.yml @@ -0,0 +1,12 @@ +production: + test_api_hosts: + - echo-api.3scale.net + ignore_test_failures: [] + apicast_staging_endpoint: 'https://%{system_name}-%{account_id}.<%=ENV.fetch('APICAST_STAGING_DOMAIN')%>:%{port}' + apicast_production_endpoint: 'https://%{system_name}-%{account_id}.<%=ENV.fetch('APICAST_PRODUCTION_DOMAIN')%>:%{port}' + sandbox_endpoint: 'https://%{system_name}-%{account_id}.<%=ENV.fetch('APICAST_STAGING_DOMAIN')%>:%{port}' + hosted_proxy_endpoint: 'https://%{system_name}-%{account_id}.<%=ENV.fetch('APICAST_PRODUCTION_DOMAIN')%>:%{port}' + apicast_registry_url: <%= ENV.fetch('APICAST_CLOUD_HOSTED_REGISTRY_URL') %> + self_managed_apicast_registry_url: <%= ENV.fetch('APICAST_SELF_MANAGED_REGISTRY_URL') %> + backend_endpoint: <%= ENV.fetch('BACKEND_PUBLIC_URL') %> + verify_mode: <%= OpenSSL::SSL.const_get(ENV.fetch('THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE', 'VERIFY_NONE')) %> \ No newline at end of file diff --git a/config/local-setup/system-config/secrets.yml b/config/local-setup/workloads/system-config/secrets.yml similarity index 100% rename from config/local-setup/system-config/secrets.yml rename to config/local-setup/workloads/system-config/secrets.yml diff --git a/config/local-setup/system-config/segment.yml b/config/local-setup/workloads/system-config/segment.yml similarity index 100% rename from config/local-setup/system-config/segment.yml rename to config/local-setup/workloads/system-config/segment.yml diff --git a/config/local-setup/system-config/service_discovery.yml b/config/local-setup/workloads/system-config/service_discovery.yml similarity index 100% rename from config/local-setup/system-config/service_discovery.yml rename to config/local-setup/workloads/system-config/service_discovery.yml diff --git a/config/local-setup/system-config/settings.yml b/config/local-setup/workloads/system-config/settings.yml similarity index 97% rename from config/local-setup/system-config/settings.yml rename to config/local-setup/workloads/system-config/settings.yml index 380cec4d..cfc54af6 100644 --- a/config/local-setup/system-config/settings.yml +++ b/config/local-setup/workloads/system-config/settings.yml @@ -30,7 +30,7 @@ production: zync_authentication_token: <%= ENV.fetch('ZYNC_AUTHENTICATION_TOKEN') %> sysadmin_email: "admin@cluster.local" impersonation_admin: - username: saas_impersonation_admin + username: 3scaleadmin domain: 3scale.redhat.com active_merchant_mode: :test bulk_indexing_queue: bulk_indexing diff --git a/config/local-setup/system-config/sidekiq_schedule.yml b/config/local-setup/workloads/system-config/sidekiq_schedule.yml similarity index 100% rename from config/local-setup/system-config/sidekiq_schedule.yml rename to config/local-setup/workloads/system-config/sidekiq_schedule.yml diff --git a/config/local-setup/system-config/smtp.yml b/config/local-setup/workloads/system-config/smtp.yml similarity index 100% rename from config/local-setup/system-config/smtp.yml rename to config/local-setup/workloads/system-config/smtp.yml diff --git a/config/local-setup/system-config/web_hooks.yml b/config/local-setup/workloads/system-config/web_hooks.yml similarity index 100% rename from config/local-setup/system-config/web_hooks.yml rename to config/local-setup/workloads/system-config/web_hooks.yml diff --git a/config/local-setup/system-config/zync.yml b/config/local-setup/workloads/system-config/zync.yml similarity index 100% rename from config/local-setup/system-config/zync.yml rename to config/local-setup/workloads/system-config/zync.yml diff --git a/config/local-setup/workloads/system.yaml b/config/local-setup/workloads/system.yaml new file mode 100644 index 00000000..98191d91 --- /dev/null +++ b/config/local-setup/workloads/system.yaml @@ -0,0 +1,164 @@ +apiVersion: saas.3scale.net/v1alpha1 +kind: System +metadata: + name: system +spec: + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + configFilesSecret: system-config + threescaleSuperdomain: REPLACE + rails: + console: true + environment: production + logLevel: info + redis: + queuesDSN: "redis://system-redis:6379" + backend: + externalEndpoint: http://REPLACE + internalAPIPassword: {fromSeed: {}} + internalAPIUser: {fromSeed: {}} + internalEndpoint: "http://backend-listener-internal" + redisDSN: "redis://backend-redis:6379/0" + assets: + bucket: system-assets # check config/amazon_s3.yml for the specific minio configuration (https://github.com/3scale/porta/blob/master/openshift/system/config/amazon_s3.yml) + region: us-east-1 + accessKey: {fromSeed: {}} + secretKey: {fromSeed: {}} + s3Endpoint: http://minio.minio.svc.cluster.local:9000 + databaseDSN: {fromSeed: {}} + databaseSecret: {fromSeed: {}} + secretKeyBase: {fromSeed: {}} + eventsSharedSecret: {fromSeed: {}} + searchServer: + host: system-searchd + zync: + authToken: {fromSeed: {}} + endpoint: "http://zync:8080" + smtp: + address: smtp.sendgrid.net + authProtocol: plain + opensslVerifyMode: peer + password: {fromSeed: {}} + user: {fromSeed: {}} + port: 587 + starttls: true + starttlsAuto: false + github: + clientID: {fromSeed: {}} + clientSecret: {fromSeed: {}} + mappingServiceAccessToken: {fromSeed: {}} + memcachedServers: system-memcached:11211 + recaptcha: + privateKey: {fromSeed: {}} + publicKey: {fromSeed: {}} + redhatCustomerPortal: + clientID: {fromSeed: {}} + clientSecret: {fromSeed: {}} + realm: "" + segment: + deletionWorkspace: "" + deletionToken: {fromSeed: {}} + writeKey: {fromSeed: {}} + apicast: + stagingDomain: REPLACE + productionDomain: REPLACE + cloudHostedRegistryURL: http://apicast-staging-management:8090/policies + selfManagedRegistryURL: https://policies.apicast.io/latest/policies.json + app: + hpa: {} + pdb: {} + replicas: 1 + # the default cpu limit is low, so container + # startup is slower. Change the liveness to account + # for it. + livenessProbe: + initialDelaySeconds: 150 + timeoutSeconds: 5 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + console: {} + searchd: + enabled: true + image: + name: REPLACE + tag: REPLACE + pullSecretName: pull-secrets + pullPolicy: Always + config: + databaseStorageSize: 1Gi + sidekiqBilling: + config: + maxThreads: 5 + hpa: {} + pdb: {} + resources: {} + replicas: 1 + sidekiqDefault: + config: + maxThreads: 5 + hpa: {} + pdb: {} + resources: {} + replicas: 1 + sidekiqLow: + config: + maxThreads: 5 + hpa: {} + pdb: {} + resources: {} + replicas: 1 + tasks: + - name: system-db-setup + description: |- + Creates the database, loads the schema, and initializes with the + seed data (use system-db-drop to drop the database first). It drops + the current database if one exists. + config: + command: ["container-entrypoint"] + args: ["bundle", "exec", "rake", "db:drop", "db:setup"] + extraEnv: + - name: MASTER_DOMAIN + value: multitenant-admin + - name: MASTER_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: saas-seed + key: system-master-access-token + - name: MASTER_PASSWORD + valueFrom: + secretKeyRef: + name: saas-seed + key: system-master-password + - name: MASTER_USER + valueFrom: + secretKeyRef: + name: saas-seed + key: system-master-user + - name: TENANT_NAME + value: provider + - name: PROVIDER_NAME + value: "3scale SaaS Dev Provider" + - name: USER_LOGIN + valueFrom: + secretKeyRef: + name: saas-seed + key: system-tenant-user + - name: USER_PASSWORD + valueFrom: + secretKeyRef: + name: saas-seed + key: system-tenant-password + - name: ADMIN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: saas-seed + key: system-tenant-token + - name: USER_EMAIL + value: "admin@cluster.local" + - name: DISABLE_DATABASE_ENVIRONMENT_CHECK + value: "1" diff --git a/config/local-setup/zync.yaml b/config/local-setup/workloads/zync.yaml similarity index 59% rename from config/local-setup/zync.yaml rename to config/local-setup/workloads/zync.yaml index e37f89e6..ada5d242 100644 --- a/config/local-setup/zync.yaml +++ b/config/local-setup/workloads/zync.yaml @@ -10,15 +10,12 @@ spec: pullSecretName: pull-secrets pullPolicy: Always config: - databaseDSN: - override: postgresql://app:password@zync-psql:5432/zync + databaseDSN: {fromSeed: {}} rails: environment: production logLevel: info - secretKeyBase: - override: b0b7de6526e9ea4ad5fabea2d6ccb7d16759c4e07522ea0b7a605e5f84f14b5b45a0aac2418c45810d2fa1e7abeeb33870b0592fbea9aeaf5361ab590ee2600b - zyncAuthToken: - override: zync-auth-token + secretKeyBase: {fromSeed: {}} + zyncAuthToken: {fromSeed: {}} api: hpa: {} pdb: {} diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 3f40346a..e28b324e 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: quay.io/3scale/saas-operator - newTag: v0.22.0 + newTag: v0.23.0-alpha.9 diff --git a/config/manifests/bases/saas-operator.clusterserviceversion.yaml b/config/manifests/bases/saas-operator.clusterserviceversion.yaml index f4122de3..2f1aadbd 100644 --- a/config/manifests/bases/saas-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/saas-operator.clusterserviceversion.yaml @@ -849,6 +849,10 @@ spec: key displayName: Error Monitoring Key path: config.errorMonitoringKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.errorMonitoringKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -866,6 +870,10 @@ spec: service displayName: Error Monitoring Service path: config.errorMonitoringService + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.errorMonitoringService.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -899,6 +907,10 @@ spec: - description: A reference to the secret holding the backend-internal-api password displayName: Internal APIPassword path: config.internalAPIPassword + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.internalAPIPassword.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -915,6 +927,10 @@ spec: - description: A reference to the secret holding the backend-internal-api user displayName: Internal APIUser path: config.internalAPIUser + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.internalAPIUser.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -944,6 +960,10 @@ spec: password displayName: System Events Hook Password path: config.systemEventsHookPassword + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.systemEventsHookPassword.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -961,6 +981,10 @@ spec: URL displayName: System Events Hook URL path: config.systemEventsHookURL + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.systemEventsHookURL.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -1481,6 +1505,10 @@ spec: - description: System database connection string displayName: System Database DSN path: config.systemDatabaseDSN + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.systemDatabaseDSN.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -1834,6 +1862,10 @@ spec: - description: A reference to the secret holding the system admin token displayName: System Admin Token path: config.systemAdminToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.systemAdminToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2335,6 +2367,10 @@ spec: - description: AccessCode to protect admin urls displayName: Access Code path: config.accessCode + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.accessCode.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2351,6 +2387,10 @@ spec: - description: AWS access key displayName: Access Key path: config.assets.accessKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.assets.accessKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2373,9 +2413,16 @@ spec: - description: AWS S3 region displayName: Region path: config.assets.region + - description: Assets custom S3 endpoint + displayName: S3 Endpoint + path: config.assets.s3Endpoint - description: AWS secret access key displayName: Secret Key path: config.assets.secretKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.assets.secretKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2398,6 +2445,10 @@ spec: - description: Internal API password displayName: Internal APIPassword path: config.backend.internalAPIPassword + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.backend.internalAPIPassword.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2414,6 +2465,10 @@ spec: - description: Internal API user displayName: Internal APIUser path: config.backend.internalAPIUser + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.backend.internalAPIUser.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2439,6 +2494,10 @@ spec: - description: API key displayName: APIKey path: config.bugsnag.apiKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.bugsnag.apiKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2462,6 +2521,10 @@ spec: - description: DSN of system's main database displayName: Database DSN path: config.databaseDSN + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.databaseDSN.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2475,9 +2538,14 @@ spec: - description: Override allows to directly specify a string value. displayName: Override path: config.databaseDSN.override - - description: Database secret + - description: DatabaseSecret is a site key stored off-database for improved + more secure password hashing See https://github.com/3scale/porta/blob/ae498814cef3d856613f60d29330882fa870271d/config/initializers/site_keys.rb#L2-L19 displayName: Database Secret path: config.databaseSecret + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.databaseSecret.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2491,9 +2559,14 @@ spec: - description: Override allows to directly specify a string value. displayName: Override path: config.databaseSecret.override - - description: EventsSharedSecret + - description: EventsSharedSecret is a password that protects System's event + hooks endpoint. displayName: Events Shared Secret path: config.eventsSharedSecret + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.eventsSharedSecret.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2533,6 +2606,10 @@ spec: - description: Client ID displayName: Client ID path: config.github.clientID + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.github.clientID.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2549,6 +2626,10 @@ spec: - description: Client secret displayName: Client Secret path: config.github.clientSecret + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.github.clientSecret.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2565,6 +2646,10 @@ spec: - description: Mapping Service access token displayName: Mapping Service Access Token path: config.mappingServiceAccessToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.mappingServiceAccessToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2599,6 +2684,10 @@ spec: - description: Private key displayName: Private Key path: config.recaptcha.privateKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.recaptcha.privateKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2615,6 +2704,10 @@ spec: - description: Public key displayName: Public Key path: config.recaptcha.publicKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.recaptcha.publicKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2634,6 +2727,10 @@ spec: - description: Client ID displayName: Client ID path: config.redhatCustomerPortal.clientID + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.redhatCustomerPortal.clientID.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2650,6 +2747,10 @@ spec: - description: Client secret displayName: Client Secret path: config.redhatCustomerPortal.clientSecret + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.redhatCustomerPortal.clientSecret.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2687,9 +2788,14 @@ spec: - description: Defines the address port displayName: Port path: config.searchServer.port - - description: SecretKeyBase + - description: 'SecretKeyBase: https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secret_key_base + You can generate one random key using ''bundle exec rake secret''' displayName: Secret Key Base path: config.secretKeyBase + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.secretKeyBase.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2709,6 +2815,10 @@ spec: - description: Deletion token displayName: Deletion Token path: config.segment.deletionToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.segment.deletionToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2728,6 +2838,10 @@ spec: - description: Write key displayName: Write Key path: config.segment.writeKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.segment.writeKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2756,6 +2870,10 @@ spec: - description: Password displayName: Password path: config.smtp.password + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.smtp.password.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2781,6 +2899,10 @@ spec: - description: User displayName: User path: config.smtp.user + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.smtp.user.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -2809,6 +2931,10 @@ spec: - description: Zync authentication token displayName: Auth Token path: config.zync.authToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.zync.authToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3696,6 +3822,10 @@ spec: - description: API key displayName: APIKey path: config.bugsnag.apiKey + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.bugsnag.apiKey.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3715,6 +3845,10 @@ spec: - description: A reference to the secret holding the database DSN displayName: Database DSN path: config.databaseDSN + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.databaseDSN.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3760,6 +3894,10 @@ spec: - description: A reference to the secret holding the secret-key-base displayName: Secret Key Base path: config.secretKeyBase + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.secretKeyBase.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault @@ -3776,6 +3914,10 @@ spec: - description: A reference to the secret holding the zync authentication token displayName: Zync Auth Token path: config.zyncAuthToken + - description: FromSeed will try to retrieve the secret value from the default + seed Secret. + displayName: From Seed + path: config.zyncAuthToken.fromSeed - description: FromVault is a reference to a secret key/value stored in a Hashicorp Vault displayName: From Vault diff --git a/hack/apply-kustomize.sh b/hack/apply-kustomize.sh index a6260177..f8629536 100755 --- a/hack/apply-kustomize.sh +++ b/hack/apply-kustomize.sh @@ -18,27 +18,28 @@ function filter_resources() { function resource_names() { local RESFILE=${1} local FILTER=${2} - filter_resources ${RESFILE} "${FILTER}" | ${YQ_BIN} -N .metadata.name + filter_resources ${RESFILE} "${FILTER}" | ${YQ_BIN} -N '[.metadata.namespace,.metadata.name] | join("/")' } function deploy_crds() { local RESFILE=${1} local FILTER=".kind == \"CustomResourceDefinition\"" - if [[ $(resource_names ${RESFILE} "${FILTER}") != "null" ]]; then + if [[ $(resource_names ${RESFILE} "${FILTER}") != "/" ]]; then echo; echo "#################### > Deploying CRDs for ${NAME}" filter_resources ${RESFILE} "${FILTER}" | kubectl apply -f - - resource_names ${RESFILE} "${FILTER}" | xargs kubectl wait --for condition=established --timeout=60s crd + resource_names ${RESFILE} "${FILTER}" | cut -f2 -d/ | xargs kubectl wait --for condition=established --timeout=60s crd fi } function wait_for() { local KIND=${1} - local NS=${2} FILTER=".kind == \"${KIND}\"" - if [[ $(resource_names ${RESFILE} "${FILTER}") != "null" ]]; then + if [[ $(resource_names ${RESFILE} "${FILTER}") != "/" ]]; then for ITEM in $(resource_names ${RESFILE} "${FILTER}"); do - echo; echo "#################### > Waiting for ${KIND} ${ITEM} in namespace ${NS}" - local SELECTOR=$(kubectl -n ${NS} describe ${KIND} ${ITEM} | awk '/Selector/{print $2}') + local NAME=${ITEM#*/} + local NS=${ITEM%/*} + echo; echo "#################### > Waiting for ${KIND} ${NAME} in namespace ${NS}" + local SELECTOR=$(kubectl -n ${NS} describe ${KIND} ${NAME} | awk '/^Selector:/{print $2}') kubectl -n ${NS} get pods -l ${SELECTOR} --no-headers -o name | xargs kubectl -n ${NS} wait --for condition=ready done fi @@ -47,17 +48,17 @@ function wait_for() { function deploy_controller() { local RESFILE=${1} local FILTER=".kind != \"CustomResourceDefinition\" and .apiVersion != \"*${NAME}*\"" - if [[ $(resource_names ${RESFILE} "${FILTER}") != "null" ]]; then + if [[ $(resource_names ${RESFILE} "${FILTER}") != "/" ]]; then echo; echo "#################### > Deploying controller for ${NAME}" filter_resources ${RESFILE} "${FILTER}" | kubectl apply -f - - for KIND in "Deployment" "StatefulSet"; do wait_for ${KIND} ${NAME}; done + for KIND in "Deployment" "StatefulSet"; do wait_for ${KIND}; done fi } function deploy_custom_resources() { local RESFILE=${1} local FILTER=".kind != \"CustomResourceDefinition\" and .apiVersion == \"*${NAME}*\"" - if [[ $(resource_names ${RESFILE} "${FILTER}") != "null" ]]; then + if [[ $(resource_names ${RESFILE} "${FILTER}") != "/" ]]; then echo; echo "#################### > Deploying custom resources for ${NAME}" filter_resources ${RESFILE} "${FILTER}" | kubectl apply -f - fi diff --git a/pkg/generators/apicast/config/options.go b/pkg/generators/apicast/config/options.go index 9a4bca28..5730e03a 100644 --- a/pkg/generators/apicast/config/options.go +++ b/pkg/generators/apicast/config/options.go @@ -8,14 +8,14 @@ import ( func NewEnvOptions(spec saasv1alpha1.ApicastEnvironmentSpec, env string) pod.Options { opts := pod.Options{} - opts.Unpack("lazy").IntoEnvvar("APICAST_CONFIGURATION_LOADER") - opts.Unpack(spec.Config.ConfigurationCache).IntoEnvvar("APICAST_CONFIGURATION_CACHE") - opts.Unpack("true").IntoEnvvar("APICAST_EXTENDED_METRICS") - opts.Unpack(env).IntoEnvvar("THREESCALE_DEPLOYMENT_ENV") - opts.Unpack(spec.Config.ThreescalePortalEndpoint).IntoEnvvar("THREESCALE_PORTAL_ENDPOINT") - opts.Unpack(spec.Config.LogLevel).IntoEnvvar("APICAST_LOG_LEVEL") - opts.Unpack(spec.Config.OIDCLogLevel).IntoEnvvar("APICAST_OIDC_LOG_LEVEL") - opts.Unpack("true").IntoEnvvar("APICAST_RESPONSE_CODES") + opts.AddEnvvar("APICAST_CONFIGURATION_LOADER").Unpack("lazy") + opts.AddEnvvar("APICAST_CONFIGURATION_CACHE").Unpack(spec.Config.ConfigurationCache) + opts.AddEnvvar("APICAST_EXTENDED_METRICS").Unpack("true") + opts.AddEnvvar("THREESCALE_DEPLOYMENT_ENV").Unpack(env) + opts.AddEnvvar("THREESCALE_PORTAL_ENDPOINT").Unpack(spec.Config.ThreescalePortalEndpoint) + opts.AddEnvvar("APICAST_LOG_LEVEL").Unpack(spec.Config.LogLevel) + opts.AddEnvvar("APICAST_OIDC_LOG_LEVEL").Unpack(spec.Config.OIDCLogLevel) + opts.AddEnvvar("APICAST_RESPONSE_CODES").Unpack("true") return opts } diff --git a/pkg/generators/autossl/config/options.go b/pkg/generators/autossl/config/options.go index a29b9283..2c5dfa3d 100644 --- a/pkg/generators/autossl/config/options.go +++ b/pkg/generators/autossl/config/options.go @@ -14,21 +14,21 @@ const ( func NewOptions(spec saasv1alpha1.AutoSSLSpec) pod.Options { opts := pod.Options{} - opts.Unpack(func() string { + opts.AddEnvvar("ACME_STAGING").Unpack(func() string { if *spec.Config.ACMEStaging { return leACMEStagingEndpoint } return "" - }()).IntoEnvvar("ACME_STAGING") - opts.Unpack(spec.Config.ContactEmail).IntoEnvvar("CONTACT_EMAIL") - opts.Unpack(spec.Config.ProxyEndpoint).IntoEnvvar("PROXY_ENDPOINT") - opts.Unpack("redis").IntoEnvvar("STORAGE_ADAPTER") - opts.Unpack(spec.Config.RedisHost).IntoEnvvar("REDIS_HOST") - opts.Unpack(spec.Config.RedisPort).IntoEnvvar("REDIS_PORT") - opts.Unpack(spec.Config.VerificationEndpoint).IntoEnvvar("VERIFICATION_ENDPOINT") - opts.Unpack(spec.Config.LogLevel).IntoEnvvar("LOG_LEVEL") - opts.Unpack(strings.Join(spec.Config.DomainWhitelist, ",")).IntoEnvvar("DOMAIN_WHITELIST") - opts.Unpack(strings.Join(spec.Config.DomainBlacklist, ",")).IntoEnvvar("DOMAIN_BLACKLIST") + }()) + opts.AddEnvvar("CONTACT_EMAIL").Unpack(spec.Config.ContactEmail) + opts.AddEnvvar("PROXY_ENDPOINT").Unpack(spec.Config.ProxyEndpoint) + opts.AddEnvvar("STORAGE_ADAPTER").Unpack("redis") + opts.AddEnvvar("REDIS_HOST").Unpack(spec.Config.RedisHost) + opts.AddEnvvar("REDIS_PORT").Unpack(spec.Config.RedisPort) + opts.AddEnvvar("VERIFICATION_ENDPOINT").Unpack(spec.Config.VerificationEndpoint) + opts.AddEnvvar("LOG_LEVEL").Unpack(spec.Config.LogLevel) + opts.AddEnvvar("DOMAIN_WHITELIST").Unpack(strings.Join(spec.Config.DomainWhitelist, ",")) + opts.AddEnvvar("DOMAIN_BLACKLIST").Unpack(strings.Join(spec.Config.DomainBlacklist, ",")) return opts } diff --git a/pkg/generators/backend/config/cron_options.go b/pkg/generators/backend/config/cron_options.go index cf724805..276ab8fd 100644 --- a/pkg/generators/backend/config/cron_options.go +++ b/pkg/generators/backend/config/cron_options.go @@ -2,6 +2,7 @@ package config import ( saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" + "github.com/3scale-ops/saas-operator/pkg/generators/seed" "github.com/3scale-ops/saas-operator/pkg/resource_builders/pod" ) @@ -9,15 +10,17 @@ import ( func NewCronOptions(spec saasv1alpha1.BackendSpec) pod.Options { opts := pod.Options{} - opts.Unpack(spec.Config.RackEnv).IntoEnvvar("RACK_ENV") - opts.Unpack(spec.Config.RedisStorageDSN).IntoEnvvar("CONFIG_REDIS_PROXY") - opts.Unpack("").IntoEnvvar("CONFIG_REDIS_SENTINEL_HOSTS") - opts.Unpack("").IntoEnvvar("CONFIG_REDIS_SENTINEL_ROLE") - opts.Unpack(spec.Config.RedisQueuesDSN).IntoEnvvar("CONFIG_QUEUES_MASTER_NAME") - opts.Unpack("").IntoEnvvar("CONFIG_QUEUES_SENTINEL_HOSTS") - opts.Unpack("").IntoEnvvar("CONFIG_QUEUES_SENTINEL_ROLE") - opts.Unpack(spec.Config.ErrorMonitoringService).IntoEnvvar("CONFIG_HOPTOAD_SERVICE").AsSecretRef("backend-error-monitoring") - opts.Unpack(spec.Config.ErrorMonitoringKey).IntoEnvvar("CONFIG_HOPTOAD_API_KEY").AsSecretRef("backend-error-monitoring") + opts.AddEnvvar("RACK_ENV").Unpack(spec.Config.RackEnv) + opts.AddEnvvar("CONFIG_REDIS_PROXY").Unpack(spec.Config.RedisStorageDSN) + opts.AddEnvvar("CONFIG_REDIS_SENTINEL_HOSTS").Unpack("") + opts.AddEnvvar("CONFIG_REDIS_SENTINEL_ROLE").Unpack("") + opts.AddEnvvar("CONFIG_QUEUES_MASTER_NAME").Unpack(spec.Config.RedisQueuesDSN) + opts.AddEnvvar("CONFIG_QUEUES_SENTINEL_HOSTS").Unpack("") + opts.AddEnvvar("CONFIG_QUEUES_SENTINEL_ROLE").Unpack("") + opts.AddEnvvar("CONFIG_HOPTOAD_SERVICE").AsSecretRef(BackendErrorMonitoringSecret).WithSeedKey(seed.BackendErrorMonitoringService). + Unpack(spec.Config.ErrorMonitoringService) + opts.AddEnvvar("CONFIG_HOPTOAD_API_KEY").AsSecretRef(BackendErrorMonitoringSecret).WithSeedKey(seed.BackendErrorMonitoringApiKey). + Unpack(spec.Config.ErrorMonitoringKey) return opts } diff --git a/pkg/generators/backend/config/listener_options.go b/pkg/generators/backend/config/listener_options.go index 834b04bb..7575ceae 100644 --- a/pkg/generators/backend/config/listener_options.go +++ b/pkg/generators/backend/config/listener_options.go @@ -2,6 +2,7 @@ package config import ( saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" + "github.com/3scale-ops/saas-operator/pkg/generators/seed" "github.com/3scale-ops/saas-operator/pkg/resource_builders/pod" ) @@ -9,23 +10,27 @@ import ( func NewListenerOptions(spec saasv1alpha1.BackendSpec) pod.Options { opts := pod.Options{} - opts.Unpack(spec.Config.RackEnv).IntoEnvvar("RACK_ENV") - opts.Unpack(spec.Config.RedisStorageDSN).IntoEnvvar("CONFIG_REDIS_PROXY") - opts.Unpack("").IntoEnvvar("CONFIG_REDIS_SENTINEL_HOSTS") - opts.Unpack("").IntoEnvvar("CONFIG_REDIS_SENTINEL_ROLE") - opts.Unpack(spec.Config.RedisQueuesDSN).IntoEnvvar("CONFIG_QUEUES_MASTER_NAME") - opts.Unpack("").IntoEnvvar("CONFIG_QUEUES_SENTINEL_HOSTS") - opts.Unpack("").IntoEnvvar("CONFIG_QUEUES_SENTINEL_ROLE") - opts.Unpack(spec.Config.MasterServiceID).IntoEnvvar("CONFIG_MASTER_SERVICE_ID") - opts.Unpack(spec.Listener.Config.LogFormat).IntoEnvvar("CONFIG_REQUEST_LOGGERS") - opts.Unpack(spec.Listener.Config.RedisAsync).IntoEnvvar("CONFIG_REDIS_ASYNC") - opts.Unpack(spec.Listener.Config.ListenerWorkers).IntoEnvvar("LISTENER_WORKERS") - opts.Unpack(spec.Listener.Config.LegacyReferrerFilters).IntoEnvvar("CONFIG_LEGACY_REFERRER_FILTERS") - opts.Unpack("true").IntoEnvvar("CONFIG_LISTENER_PROMETHEUS_METRICS_ENABLED") - opts.Unpack(spec.Config.InternalAPIUser).IntoEnvvar("CONFIG_INTERNAL_API_USER").AsSecretRef("backend-internal-api") - opts.Unpack(spec.Config.InternalAPIPassword).IntoEnvvar("CONFIG_INTERNAL_API_PASSWORD").AsSecretRef("backend-internal-api") - opts.Unpack(spec.Config.ErrorMonitoringService).IntoEnvvar("CONFIG_HOPTOAD_SERVICE").AsSecretRef("backend-error-monitoring") - opts.Unpack(spec.Config.ErrorMonitoringKey).IntoEnvvar("CONFIG_HOPTOAD_API_KEY").AsSecretRef("backend-error-monitoring") + opts.AddEnvvar("RACK_ENV").Unpack(spec.Config.RackEnv) + opts.AddEnvvar("CONFIG_REDIS_PROXY").Unpack(spec.Config.RedisStorageDSN) + opts.AddEnvvar("CONFIG_REDIS_SENTINEL_HOSTS").Unpack("") + opts.AddEnvvar("CONFIG_REDIS_SENTINEL_ROLE").Unpack("") + opts.AddEnvvar("CONFIG_QUEUES_MASTER_NAME").Unpack(spec.Config.RedisQueuesDSN) + opts.AddEnvvar("CONFIG_QUEUES_SENTINEL_HOSTS").Unpack("") + opts.AddEnvvar("CONFIG_QUEUES_SENTINEL_ROLE").Unpack("") + opts.AddEnvvar("CONFIG_MASTER_SERVICE_ID").Unpack(spec.Config.MasterServiceID) + opts.AddEnvvar("CONFIG_REQUEST_LOGGERS").Unpack(spec.Listener.Config.LogFormat) + opts.AddEnvvar("CONFIG_REDIS_ASYNC").Unpack(spec.Listener.Config.RedisAsync) + opts.AddEnvvar("LISTENER_WORKERS").Unpack(spec.Listener.Config.ListenerWorkers) + opts.AddEnvvar("CONFIG_LEGACY_REFERRER_FILTERS").Unpack(spec.Listener.Config.LegacyReferrerFilters) + opts.AddEnvvar("CONFIG_LISTENER_PROMETHEUS_METRICS_ENABLED").Unpack("true") + opts.AddEnvvar("CONFIG_INTERNAL_API_USER").AsSecretRef(BackendInternalApiSecret).WithSeedKey(seed.BackendInternalApiUser). + Unpack(spec.Config.InternalAPIUser) + opts.AddEnvvar("CONFIG_INTERNAL_API_PASSWORD").AsSecretRef(BackendInternalApiSecret).WithSeedKey(seed.BackendInternalApiPassword). + Unpack(spec.Config.InternalAPIPassword) + opts.AddEnvvar("CONFIG_HOPTOAD_SERVICE").AsSecretRef(BackendErrorMonitoringSecret).WithSeedKey(seed.BackendErrorMonitoringService). + Unpack(spec.Config.ErrorMonitoringService) + opts.AddEnvvar("CONFIG_HOPTOAD_API_KEY").AsSecretRef(BackendErrorMonitoringSecret).WithSeedKey(seed.BackendErrorMonitoringApiKey). + Unpack(spec.Config.ErrorMonitoringKey) return opts } diff --git a/pkg/generators/backend/config/types.go b/pkg/generators/backend/config/types.go new file mode 100644 index 00000000..007769cf --- /dev/null +++ b/pkg/generators/backend/config/types.go @@ -0,0 +1,11 @@ +package config + +type Secret string + +func (s Secret) String() string { return string(s) } + +const ( + BackendInternalApiSecret Secret = "backend-internal-api" + BackendErrorMonitoringSecret Secret = "backend-error-monitoring" + BackendSystemEventsSecret Secret = "backend-system-events-hook" +) diff --git a/pkg/generators/backend/config/worker_options.go b/pkg/generators/backend/config/worker_options.go index 1a49bec6..4701777a 100644 --- a/pkg/generators/backend/config/worker_options.go +++ b/pkg/generators/backend/config/worker_options.go @@ -2,6 +2,7 @@ package config import ( saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" + "github.com/3scale-ops/saas-operator/pkg/generators/seed" "github.com/3scale-ops/saas-operator/pkg/resource_builders/pod" ) @@ -9,22 +10,26 @@ import ( func NewWorkerOptions(spec saasv1alpha1.BackendSpec) pod.Options { opts := pod.Options{} - opts.Unpack(spec.Config.RackEnv).IntoEnvvar("RACK_ENV") - opts.Unpack(spec.Config.RedisStorageDSN).IntoEnvvar("CONFIG_REDIS_PROXY") - opts.Unpack("").IntoEnvvar("CONFIG_REDIS_SENTINEL_HOSTS") - opts.Unpack("").IntoEnvvar("CONFIG_REDIS_SENTINEL_ROLE") - opts.Unpack(spec.Config.RedisQueuesDSN).IntoEnvvar("CONFIG_QUEUES_MASTER_NAME") - opts.Unpack("").IntoEnvvar("CONFIG_QUEUES_SENTINEL_HOSTS") - opts.Unpack("").IntoEnvvar("CONFIG_QUEUES_SENTINEL_ROLE") - opts.Unpack(spec.Config.MasterServiceID).IntoEnvvar("CONFIG_MASTER_SERVICE_ID") - opts.Unpack(spec.Worker.Config.RedisAsync).IntoEnvvar("CONFIG_REDIS_ASYNC") - opts.Unpack(spec.Worker.Config.LogFormat).IntoEnvvar("CONFIG_WORKERS_LOGGER_FORMATTER") - opts.Unpack("true").IntoEnvvar("CONFIG_WORKER_PROMETHEUS_METRICS_ENABLED") - opts.Unpack("9421").IntoEnvvar("CONFIG_WORKER_PROMETHEUS_METRICS_PORT") - opts.Unpack(spec.Config.SystemEventsHookURL).IntoEnvvar("CONFIG_EVENTS_HOOK").AsSecretRef("backend-system-events-hook") - opts.Unpack(spec.Config.SystemEventsHookPassword).IntoEnvvar("CONFIG_EVENTS_HOOK_SHARED_SECRET").AsSecretRef("backend-system-events-hook") - opts.Unpack(spec.Config.ErrorMonitoringService).IntoEnvvar("CONFIG_HOPTOAD_SERVICE").AsSecretRef("backend-error-monitoring") - opts.Unpack(spec.Config.ErrorMonitoringKey).IntoEnvvar("CONFIG_HOPTOAD_API_KEY").AsSecretRef("backend-error-monitoring") + opts.AddEnvvar("RACK_ENV").Unpack(spec.Config.RackEnv) + opts.AddEnvvar("CONFIG_REDIS_PROXY").Unpack(spec.Config.RedisStorageDSN) + opts.AddEnvvar("CONFIG_REDIS_SENTINEL_HOSTS").Unpack("") + opts.AddEnvvar("CONFIG_REDIS_SENTINEL_ROLE").Unpack("") + opts.AddEnvvar("CONFIG_QUEUES_MASTER_NAME").Unpack(spec.Config.RedisQueuesDSN) + opts.AddEnvvar("CONFIG_QUEUES_SENTINEL_HOSTS").Unpack("") + opts.AddEnvvar("CONFIG_QUEUES_SENTINEL_ROLE").Unpack("") + opts.AddEnvvar("CONFIG_MASTER_SERVICE_ID").Unpack(spec.Config.MasterServiceID) + opts.AddEnvvar("CONFIG_REDIS_ASYNC").Unpack(spec.Worker.Config.RedisAsync) + opts.AddEnvvar("CONFIG_WORKERS_LOGGER_FORMATTER").Unpack(spec.Worker.Config.LogFormat) + opts.AddEnvvar("CONFIG_WORKER_PROMETHEUS_METRICS_ENABLED").Unpack("true") + opts.AddEnvvar("CONFIG_WORKER_PROMETHEUS_METRICS_PORT").Unpack("9421") + opts.AddEnvvar("CONFIG_EVENTS_HOOK").AsSecretRef(BackendSystemEventsSecret).WithSeedKey(seed.SystemEventsHookURL). + Unpack(spec.Config.SystemEventsHookURL) + opts.AddEnvvar("CONFIG_EVENTS_HOOK_SHARED_SECRET").AsSecretRef(BackendSystemEventsSecret).WithSeedKey(seed.SystemEventsHookSharedSecret). + Unpack(spec.Config.SystemEventsHookPassword) + opts.AddEnvvar("CONFIG_HOPTOAD_SERVICE").AsSecretRef(BackendErrorMonitoringSecret).WithSeedKey(seed.BackendErrorMonitoringService). + Unpack(spec.Config.ErrorMonitoringService) + opts.AddEnvvar("CONFIG_HOPTOAD_API_KEY").AsSecretRef(BackendErrorMonitoringSecret).WithSeedKey(seed.BackendErrorMonitoringApiKey). + Unpack(spec.Config.ErrorMonitoringKey) return opts } diff --git a/pkg/generators/backend/generator.go b/pkg/generators/backend/generator.go index cfa767dd..034c01eb 100644 --- a/pkg/generators/backend/generator.go +++ b/pkg/generators/backend/generator.go @@ -6,7 +6,6 @@ import ( "github.com/3scale-ops/basereconciler/mutators" "github.com/3scale-ops/basereconciler/resource" - "github.com/3scale-ops/basereconciler/util" saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" "github.com/3scale-ops/saas-operator/pkg/generators" "github.com/3scale-ops/saas-operator/pkg/generators/backend/config" @@ -216,8 +215,7 @@ func (gen *ListenerGenerator) Labels() map[string]string { func (gen *ListenerGenerator) Deployment() *resource.Template[*appsv1.Deployment] { return resource.NewTemplateFromObjectFunction(gen.deployment). WithMutation(mutators.SetDeploymentReplicas(gen.ListenerSpec.HPA.IsDeactivated())). - WithMutation(mutators.RolloutTrigger{Name: "backend-internal-api", SecretName: util.Pointer("backend-internal-api")}.Add()). - WithMutation(mutators.RolloutTrigger{Name: "backend-error-monitoring", SecretName: util.Pointer("backend-error-monitoring")}.Add()) + WithMutations(gen.Options.GenerateRolloutTriggers()) } func (gen *ListenerGenerator) HPASpec() *saasv1alpha1.HorizontalPodAutoscalerSpec { @@ -270,8 +268,7 @@ var _ deployment_workload.DeploymentWorkload = &WorkerGenerator{} func (gen *WorkerGenerator) Deployment() *resource.Template[*appsv1.Deployment] { return resource.NewTemplateFromObjectFunction(gen.deployment). WithMutation(mutators.SetDeploymentReplicas(gen.WorkerSpec.HPA.IsDeactivated())). - WithMutation(mutators.RolloutTrigger{Name: "backend-system-events-hook", SecretName: util.Pointer("backend-system-events-hook")}.Add()). - WithMutation(mutators.RolloutTrigger{Name: "backend-error-monitoring", SecretName: util.Pointer("backend-error-monitoring")}.Add()) + WithMutations(gen.Options.GenerateRolloutTriggers()) } func (gen *WorkerGenerator) HPASpec() *saasv1alpha1.HorizontalPodAutoscalerSpec { return gen.WorkerSpec.HPA @@ -303,7 +300,7 @@ var _ deployment_workload.DeploymentWorkload = &CronGenerator{} func (gen *CronGenerator) Deployment() *resource.Template[*appsv1.Deployment] { return resource.NewTemplateFromObjectFunction(gen.deployment). - WithMutation(mutators.RolloutTrigger{Name: "backend-error-monitoring", SecretName: util.Pointer("backend-error-monitoring")}.Add()) + WithMutations(gen.Options.GenerateRolloutTriggers()) } func (gen *CronGenerator) HPASpec() *saasv1alpha1.HorizontalPodAutoscalerSpec { return &saasv1alpha1.HorizontalPodAutoscalerSpec{} diff --git a/pkg/generators/corsproxy/config/options.go b/pkg/generators/corsproxy/config/options.go index ac5aaee0..9e741a5b 100644 --- a/pkg/generators/corsproxy/config/options.go +++ b/pkg/generators/corsproxy/config/options.go @@ -2,12 +2,22 @@ package config import ( saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" + "github.com/3scale-ops/saas-operator/pkg/generators/seed" "github.com/3scale-ops/saas-operator/pkg/resource_builders/pod" ) +type Secret string + +func (s Secret) String() string { return string(s) } + +const ( + CorsProxySystemDatabaseSecret Secret = "cors-proxy-system-database" +) + // NewOptions returns cors-proxy options the given saasv1alpha1.CORSProxySpec func NewOptions(spec saasv1alpha1.CORSProxySpec) pod.Options { opts := pod.Options{} - opts.Unpack(spec.Config.SystemDatabaseDSN).IntoEnvvar("DATABASE_URL").AsSecretRef("cors-proxy-system-database") + opts.AddEnvvar("DATABASE_URL").AsSecretRef(CorsProxySystemDatabaseSecret).WithSeedKey(seed.SystemDatabaseDsn). + Unpack(spec.Config.SystemDatabaseDSN) return opts } diff --git a/pkg/generators/corsproxy/generator.go b/pkg/generators/corsproxy/generator.go index c8906530..c098f346 100644 --- a/pkg/generators/corsproxy/generator.go +++ b/pkg/generators/corsproxy/generator.go @@ -5,7 +5,6 @@ import ( "github.com/3scale-ops/basereconciler/mutators" "github.com/3scale-ops/basereconciler/resource" - "github.com/3scale-ops/basereconciler/util" saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" "github.com/3scale-ops/saas-operator/pkg/generators" "github.com/3scale-ops/saas-operator/pkg/generators/corsproxy/config" @@ -92,7 +91,7 @@ var _ deployment_workload.DeploymentWorkload = &Generator{} func (gen *Generator) Deployment() *resource.Template[*appsv1.Deployment] { return resource.NewTemplateFromObjectFunction(gen.deployment). WithMutation(mutators.SetDeploymentReplicas(gen.Spec.HPA.IsDeactivated())). - WithMutation(mutators.RolloutTrigger{Name: "cors-proxy-system-database", SecretName: util.Pointer("cors-proxy-system-database")}.Add()) + WithMutations(gen.Options.GenerateRolloutTriggers()) } func (gen *Generator) HPASpec() *saasv1alpha1.HorizontalPodAutoscalerSpec { diff --git a/pkg/generators/mappingservice/config/options.go b/pkg/generators/mappingservice/config/options.go index 17bc90b1..0dc09ec4 100644 --- a/pkg/generators/mappingservice/config/options.go +++ b/pkg/generators/mappingservice/config/options.go @@ -2,18 +2,28 @@ package config import ( saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" + "github.com/3scale-ops/saas-operator/pkg/generators/seed" "github.com/3scale-ops/saas-operator/pkg/resource_builders/pod" ) +type Secret string + +func (s Secret) String() string { return string(s) } + +const ( + MappingServiceSystemMasterAccessTokenSecret Secret = "mapping-service-system-master-access-token" +) + // NewOptions returns mapping-service options for the given saasv1alpha1.CORSProxySpec func NewOptions(spec saasv1alpha1.MappingServiceSpec) pod.Options { opts := pod.Options{} - opts.Unpack(spec.Config.SystemAdminToken).IntoEnvvar("MASTER_ACCESS_TOKEN").AsSecretRef("mapping-service-system-master-access-token") - opts.Unpack(spec.Config.APIHost).IntoEnvvar("API_HOST") - opts.Unpack("lazy").IntoEnvvar("APICAST_CONFIGURATION_LOADER") - opts.Unpack(spec.Config.LogLevel).IntoEnvvar("APICAST_LOG_LEVEL") - opts.Unpack(spec.Config.PreviewBaseDomain).IntoEnvvar("PREVIEW_BASE_DOMAIN") + opts.AddEnvvar("MASTER_ACCESS_TOKEN").AsSecretRef(MappingServiceSystemMasterAccessTokenSecret).WithSeedKey(seed.SystemApicastAccessToken). + Unpack(spec.Config.SystemAdminToken) + opts.AddEnvvar("API_HOST").Unpack(spec.Config.APIHost) + opts.AddEnvvar("APICAST_CONFIGURATION_LOADER").Unpack("lazy") + opts.AddEnvvar("APICAST_LOG_LEVEL").Unpack(spec.Config.LogLevel) + opts.AddEnvvar("PREVIEW_BASE_DOMAIN").Unpack(spec.Config.PreviewBaseDomain) return opts } diff --git a/pkg/generators/mappingservice/generator.go b/pkg/generators/mappingservice/generator.go index 72338b33..271a0d6e 100644 --- a/pkg/generators/mappingservice/generator.go +++ b/pkg/generators/mappingservice/generator.go @@ -5,7 +5,6 @@ import ( "github.com/3scale-ops/basereconciler/mutators" "github.com/3scale-ops/basereconciler/resource" - "github.com/3scale-ops/basereconciler/util" saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" "github.com/3scale-ops/saas-operator/pkg/generators" "github.com/3scale-ops/saas-operator/pkg/generators/mappingservice/config" @@ -92,7 +91,7 @@ var _ deployment_workload.DeploymentWorkload = &Generator{} func (gen *Generator) Deployment() *resource.Template[*appsv1.Deployment] { return resource.NewTemplateFromObjectFunction(gen.deployment). WithMutation(mutators.SetDeploymentReplicas(gen.Spec.HPA.IsDeactivated())). - WithMutation(mutators.RolloutTrigger{Name: "mapping-service-system-master-access-token", SecretName: util.Pointer("mapping-service-system-master-access-token")}.Add()) + WithMutations(gen.Options.GenerateRolloutTriggers()) } func (gen *Generator) HPASpec() *saasv1alpha1.HorizontalPodAutoscalerSpec { diff --git a/pkg/generators/seed/types.go b/pkg/generators/seed/types.go new file mode 100644 index 00000000..bde62c94 --- /dev/null +++ b/pkg/generators/seed/types.go @@ -0,0 +1,42 @@ +package seed + +type SeedKey string + +func (s SeedKey) String() string { return string(s) } + +const ( + // Backend + BackendInternalApiUser SeedKey = "backend-internal-api-user" + BackendInternalApiPassword SeedKey = "backend-internal-api-password" + BackendErrorMonitoringService SeedKey = "backend-error-monitoring-service" + BackendErrorMonitoringApiKey SeedKey = "backend-error-monitoring-api-key" + + // System + SystemDatabaseDsn SeedKey = "system-database-dsn" + SystemRecaptchaPublicKey SeedKey = "system-recaptcha-public-key" + SystemRecaptchaPrivateKey SeedKey = "system-recaptcha-private-key" + SystemEventsHookURL SeedKey = "system-events-url" + SystemEventsHookSharedSecret SeedKey = "system-events-shared-secret" + SystemSmtpUser SeedKey = "system-smpt-user" + SystemSmtpPassword SeedKey = "system-smpt-password" + SystemMasterAccessToken SeedKey = "system-master-access-token" + SystemApicastAccessToken SeedKey = "system-apicast-access-token" + SystemAssetsS3AwsAccessKey SeedKey = "system-assets-s3-aws-access-key" + SystemAssetsS3AwsSecretKey SeedKey = "system-assets-s3-aws-secret-key" + SystemSecretKeyBase SeedKey = "system-secret-key-base" + SystemAccessCode SeedKey = "system-access-code" + SystemSegmentDeletionToken SeedKey = "system-segment-deletion-token" + SystemSegmentWriteKey SeedKey = "system-segment-write-key" + SystemGithubClientId SeedKey = "system-github-client-id" + SystemGithubClientSecret SeedKey = "system-github-client-secret" + SystemRHCustomerPortalClientId SeedKey = "system-rh-customer-portal-client-id" + SystemRHCustomerPortalClientSecret SeedKey = "system-rh-customer-portal-client-secret" + SystemBugsnagApiKey SeedKey = "system-bugsnag-api-key" + SystemDatabaseSecret SeedKey = "system-database-secret" + + // Zync + ZyncDatabaseUrl SeedKey = "zync-database-url" + ZyncSecretKeyBase SeedKey = "zync-secret-key-base" + ZyncAuthToken SeedKey = "zync-auth-token" + ZyncBugsnagApiKey SeedKey = "zync-bugsnag-api-key" +) diff --git a/pkg/generators/system/config/options.go b/pkg/generators/system/config/options.go index 024f6de8..7a650b99 100644 --- a/pkg/generators/system/config/options.go +++ b/pkg/generators/system/config/options.go @@ -2,81 +2,128 @@ package config import ( saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" + "github.com/3scale-ops/saas-operator/pkg/generators/seed" "github.com/3scale-ops/saas-operator/pkg/resource_builders/pod" ) +type Secret string + +func (s Secret) String() string { return string(s) } + +const ( + SystemDatabaseSecret Secret = "system-database" + SystemRecaptchaSecret Secret = "system-recaptcha" + SystemEventsHookSecret Secret = "system-events-hook" + SystemSmptSecret Secret = "system-smtp" + SystemMasterApicastSecret Secret = "system-master-apicast" + SystemZyncSecret Secret = "system-zync" + SystemBackendSecret Secret = "system-backend" + SystemMultitenantAssetsS3Secret Secret = "system-multitenant-assets-s3" + SystemAppSecret Secret = "system-app" +) + func NewOptions(spec saasv1alpha1.SystemSpec) pod.Options { opts := pod.Options{} - opts.Unpack(spec.Config.ForceSSL).IntoEnvvar("FORCE_SSL") - opts.Unpack(spec.Config.ThreescaleProviderPlan).IntoEnvvar("PROVIDER_PLAN") - opts.Unpack(spec.Config.SSLCertsDir).IntoEnvvar("SSL_CERT_DIR") - opts.Unpack(spec.Config.SandboxProxyOpensslVerifyMode).IntoEnvvar("THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE") - opts.Unpack(spec.Config.ThreescaleSuperdomain).IntoEnvvar("THREESCALE_SUPERDOMAIN") - - opts.Unpack(spec.Config.Rails.Environment).IntoEnvvar("RAILS_ENV") - opts.Unpack(spec.Config.Rails.LogLevel).IntoEnvvar("RAILS_LOG_LEVEL") - opts.Unpack("true").IntoEnvvar("RAILS_LOG_TO_STDOUT") - - opts.Unpack(spec.Config.SearchServer.Host).IntoEnvvar("THINKING_SPHINX_ADDRESS") - opts.Unpack(spec.Config.SearchServer.Port).IntoEnvvar("THINKING_SPHINX_PORT") - opts.Unpack(spec.Config.SearchServer.BatchSize).IntoEnvvar("THINKING_SPHINX_BATCH_SIZE") - - opts.Unpack(spec.Config.DatabaseDSN).IntoEnvvar("DATABASE_URL").AsSecretRef("system-database") - - opts.Unpack(spec.Config.MemcachedServers).IntoEnvvar("MEMCACHE_SERVERS") - - opts.Unpack(spec.Config.Recaptcha.PublicKey).IntoEnvvar("RECAPTCHA_PUBLIC_KEY").AsSecretRef("system-recaptcha") - opts.Unpack(spec.Config.Recaptcha.PrivateKey).IntoEnvvar("RECAPTCHA_PRIVATE_KEY").AsSecretRef("system-recaptcha") - - opts.Unpack(spec.Config.EventsSharedSecret).IntoEnvvar("EVENTS_SHARED_SECRET").AsSecretRef("system-events-hook") - - opts.Unpack(spec.Config.Redis.QueuesDSN).IntoEnvvar("REDIS_URL") - opts.Unpack("").IntoEnvvar("REDIS_NAMESPACE") - opts.Unpack("").IntoEnvvar("REDIS_SENTINEL_HOSTS") - opts.Unpack("").IntoEnvvar("REDIS_SENTINEL_ROLE") - - opts.Unpack(spec.Config.SMTP.Address).IntoEnvvar("SMTP_ADDRESS") - opts.Unpack(spec.Config.SMTP.User).IntoEnvvar("SMTP_USER_NAME").AsSecretRef("system-smtp") - opts.Unpack(spec.Config.SMTP.Password).IntoEnvvar("SMTP_PASSWORD").AsSecretRef("system-smtp") - opts.Unpack(spec.Config.SMTP.Port).IntoEnvvar("SMTP_PORT") - opts.Unpack(spec.Config.SMTP.AuthProtocol).IntoEnvvar("SMTP_AUTHENTICATION") - opts.Unpack(spec.Config.SMTP.OpenSSLVerifyMode).IntoEnvvar("SMTP_OPENSSL_VERIFY_MODE") - opts.Unpack(spec.Config.SMTP.STARTTLS).IntoEnvvar("SMTP_STARTTLS") - opts.Unpack(spec.Config.SMTP.STARTTLSAuto).IntoEnvvar("SMTP_STARTTLS_AUTO") - - opts.Unpack(spec.Config.MappingServiceAccessToken).IntoEnvvar("APICAST_ACCESS_TOKEN").AsSecretRef("system-master-apicast") - - opts.Unpack(spec.Config.Zync.Endpoint).IntoEnvvar("ZYNC_ENDPOINT") - opts.Unpack(spec.Config.Zync.AuthToken).IntoEnvvar("ZYNC_AUTHENTICATION_TOKEN").AsSecretRef("system-zync") - - opts.Unpack(spec.Config.Backend.RedisDSN).IntoEnvvar("BACKEND_REDIS_URL") - opts.Unpack("").IntoEnvvar("BACKEND_REDIS_SENTINEL_HOSTS") - opts.Unpack("").IntoEnvvar("BACKEND_REDIS_SENTINEL_ROLE") - opts.Unpack(spec.Config.Backend.InternalEndpoint).IntoEnvvar("BACKEND_URL") - opts.Unpack(spec.Config.Backend.ExternalEndpoint).IntoEnvvar("BACKEND_PUBLIC_URL") - opts.Unpack(spec.Config.Backend.InternalAPIUser).IntoEnvvar("CONFIG_INTERNAL_API_USER").AsSecretRef("system-backend") - opts.Unpack(spec.Config.Backend.InternalAPIPassword).IntoEnvvar("CONFIG_INTERNAL_API_PASSWORD").AsSecretRef("system-backend") - - opts.Unpack(spec.Config.Assets.AccessKey).IntoEnvvar("AWS_ACCESS_KEY_ID").AsSecretRef("system-multitenant-assets-s3") - opts.Unpack(spec.Config.Assets.SecretKey).IntoEnvvar("AWS_SECRET_ACCESS_KEY").AsSecretRef("system-multitenant-assets-s3") - opts.Unpack(spec.Config.Assets.Bucket).IntoEnvvar("AWS_BUCKET") - opts.Unpack(spec.Config.Assets.Region).IntoEnvvar("AWS_REGION") - opts.Unpack(spec.Config.Assets.Host).IntoEnvvar("RAILS_ASSET_HOST") - - opts.Unpack(spec.Config.SecretKeyBase).IntoEnvvar("SECRET_KEY_BASE").AsSecretRef("system-app") - opts.Unpack(spec.Config.AccessCode).IntoEnvvar("ACCESS_CODE").AsSecretRef("system-app") - opts.Unpack(spec.Config.Segment.DeletionToken).IntoEnvvar("SEGMENT_DELETION_TOKEN").AsSecretRef("system-app") - opts.Unpack(spec.Config.Segment.DeletionWorkspace).IntoEnvvar("SEGMENT_DELETION_WORKSPACE") - opts.Unpack(spec.Config.Segment.WriteKey).IntoEnvvar("SEGMENT_WRITE_KEY").AsSecretRef("system-app") - opts.Unpack(spec.Config.Github.ClientID).IntoEnvvar("GITHUB_CLIENT_ID").AsSecretRef("system-app") - opts.Unpack(spec.Config.Github.ClientSecret).IntoEnvvar("GITHUB_CLIENT_SECRET").AsSecretRef("system-app") - opts.Unpack(spec.Config.RedHatCustomerPortal.ClientID).IntoEnvvar("RH_CUSTOMER_PORTAL_CLIENT_ID").AsSecretRef("system-app") - opts.Unpack(spec.Config.RedHatCustomerPortal.ClientSecret).IntoEnvvar("RH_CUSTOMER_PORTAL_CLIENT_SECRET").AsSecretRef("system-app") - opts.Unpack(spec.Config.RedHatCustomerPortal.Realm).IntoEnvvar("RH_CUSTOMER_PORTAL_REALM") - opts.Unpack(spec.Config.Bugsnag.APIKey).IntoEnvvar("BUGSNAG_API_KEY").AsSecretRef("system-app").EmptyIf(!spec.Config.Bugsnag.Enabled()) - opts.Unpack(spec.Config.Bugsnag.ReleaseStage).IntoEnvvar("BUGSNAG_RELEASE_STAGE") - opts.Unpack(spec.Config.DatabaseSecret).IntoEnvvar("DB_SECRET").AsSecretRef("system-app") + opts.AddEnvvar("FORCE_SSL").Unpack(spec.Config.ForceSSL) + opts.AddEnvvar("PROVIDER_PLAN").Unpack(spec.Config.ThreescaleProviderPlan) + opts.AddEnvvar("SSL_CERT_DIR").Unpack(spec.Config.SSLCertsDir) + opts.AddEnvvar("THREESCALE_SANDBOX_PROXY_OPENSSL_VERIFY_MODE").Unpack(spec.Config.SandboxProxyOpensslVerifyMode) + opts.AddEnvvar("THREESCALE_SUPERDOMAIN").Unpack(spec.Config.ThreescaleSuperdomain) + + opts.AddEnvvar("RAILS_ENV").Unpack(spec.Config.Rails.Environment) + opts.AddEnvvar("RAILS_LOG_LEVEL").Unpack(spec.Config.Rails.LogLevel) + opts.AddEnvvar("RAILS_LOG_TO_STDOUT").Unpack("true") + + opts.AddEnvvar("THINKING_SPHINX_ADDRESS").Unpack(spec.Config.SearchServer.Host) + opts.AddEnvvar("THINKING_SPHINX_PORT").Unpack(spec.Config.SearchServer.Port) + opts.AddEnvvar("THINKING_SPHINX_BATCH_SIZE").Unpack(spec.Config.SearchServer.BatchSize) + + opts.AddEnvvar("DATABASE_URL").AsSecretRef(SystemDatabaseSecret).WithSeedKey(seed.SystemDatabaseDsn). + Unpack(spec.Config.DatabaseDSN) + + opts.AddEnvvar("MEMCACHE_SERVERS").Unpack(spec.Config.MemcachedServers) + + opts.AddEnvvar("RECAPTCHA_PUBLIC_KEY").AsSecretRef(SystemRecaptchaSecret).WithSeedKey(seed.SystemRecaptchaPublicKey). + Unpack(spec.Config.Recaptcha.PublicKey) + opts.AddEnvvar("RECAPTCHA_PRIVATE_KEY").AsSecretRef(SystemRecaptchaSecret).WithSeedKey(seed.SystemRecaptchaPrivateKey). + Unpack(spec.Config.Recaptcha.PrivateKey) + + opts.AddEnvvar("EVENTS_SHARED_SECRET").AsSecretRef(SystemEventsHookSecret).WithSeedKey(seed.SystemEventsHookSharedSecret). + Unpack(spec.Config.EventsSharedSecret) + + opts.AddEnvvar("REDIS_URL").Unpack(spec.Config.Redis.QueuesDSN) + opts.AddEnvvar("REDIS_NAMESPACE").Unpack("") + opts.AddEnvvar("REDIS_SENTINEL_HOSTS").Unpack("") + opts.AddEnvvar("REDIS_SENTINEL_ROLE").Unpack("") + + opts.AddEnvvar("SMTP_ADDRESS").Unpack(spec.Config.SMTP.Address) + opts.AddEnvvar("SMTP_USER_NAME").AsSecretRef(SystemSmptSecret).WithSeedKey(seed.SystemSmtpUser). + Unpack(spec.Config.SMTP.User) + opts.AddEnvvar("SMTP_PASSWORD").AsSecretRef(SystemSmptSecret).WithSeedKey(seed.SystemSmtpPassword). + Unpack(spec.Config.SMTP.Password) + opts.AddEnvvar("SMTP_PORT").Unpack(spec.Config.SMTP.Port) + opts.AddEnvvar("SMTP_AUTHENTICATION").Unpack(spec.Config.SMTP.AuthProtocol) + opts.AddEnvvar("SMTP_OPENSSL_VERIFY_MODE").Unpack(spec.Config.SMTP.OpenSSLVerifyMode) + opts.AddEnvvar("SMTP_STARTTLS").Unpack(spec.Config.SMTP.STARTTLS) + opts.AddEnvvar("SMTP_STARTTLS_AUTO").Unpack(spec.Config.SMTP.STARTTLSAuto) + + opts.AddEnvvar("APICAST_ACCESS_TOKEN").AsSecretRef(SystemMasterApicastSecret).WithSeedKey(seed.SystemApicastAccessToken). + Unpack(spec.Config.MappingServiceAccessToken) + + opts.AddEnvvar("ZYNC_ENDPOINT").Unpack(spec.Config.Zync.Endpoint) + opts.AddEnvvar("ZYNC_AUTHENTICATION_TOKEN").AsSecretRef(SystemZyncSecret).WithSeedKey(seed.ZyncAuthToken). + Unpack(spec.Config.Zync.AuthToken) + + opts.AddEnvvar("BACKEND_REDIS_URL").Unpack(spec.Config.Backend.RedisDSN) + opts.AddEnvvar("BACKEND_REDIS_SENTINEL_HOSTS").Unpack("") + opts.AddEnvvar("BACKEND_REDIS_SENTINEL_ROLE").Unpack("") + opts.AddEnvvar("BACKEND_URL").Unpack(spec.Config.Backend.InternalEndpoint) + opts.AddEnvvar("BACKEND_PUBLIC_URL").Unpack(spec.Config.Backend.ExternalEndpoint) + opts.AddEnvvar("CONFIG_INTERNAL_API_USER").AsSecretRef(SystemBackendSecret).WithSeedKey(seed.BackendInternalApiUser). + Unpack(spec.Config.Backend.InternalAPIUser) + opts.AddEnvvar("CONFIG_INTERNAL_API_PASSWORD").AsSecretRef(SystemBackendSecret).WithSeedKey(seed.BackendInternalApiPassword). + Unpack(spec.Config.Backend.InternalAPIPassword) + + opts.AddEnvvar("AWS_ACCESS_KEY_ID").AsSecretRef(SystemMultitenantAssetsS3Secret).WithSeedKey(seed.SystemAssetsS3AwsAccessKey). + Unpack(spec.Config.Assets.AccessKey) + opts.AddEnvvar("AWS_SECRET_ACCESS_KEY").AsSecretRef(SystemMultitenantAssetsS3Secret).WithSeedKey(seed.SystemAssetsS3AwsSecretKey). + Unpack(spec.Config.Assets.SecretKey) + opts.AddEnvvar("AWS_BUCKET").Unpack(spec.Config.Assets.Bucket) + opts.AddEnvvar("AWS_REGION").Unpack(spec.Config.Assets.Region) + opts.AddEnvvar("AWS_S3_HOSTNAME").Unpack(spec.Config.Assets.S3Endpoint) + opts.AddEnvvar("RAILS_ASSET_HOST").Unpack(spec.Config.Assets.Host) + + opts.AddEnvvar("SECRET_KEY_BASE").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemSecretKeyBase). + Unpack(spec.Config.SecretKeyBase) + opts.AddEnvvar("ACCESS_CODE").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemAccessCode). + Unpack(spec.Config.AccessCode) + opts.AddEnvvar("SEGMENT_DELETION_TOKEN").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemSegmentDeletionToken). + Unpack(spec.Config.Segment.DeletionToken) + opts.AddEnvvar("SEGMENT_DELETION_WORKSPACE").Unpack(spec.Config.Segment.DeletionWorkspace) + opts.AddEnvvar("SEGMENT_WRITE_KEY").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemSegmentWriteKey). + Unpack(spec.Config.Segment.WriteKey) + opts.AddEnvvar("GITHUB_CLIENT_ID").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemGithubClientId). + Unpack(spec.Config.Github.ClientID) + opts.AddEnvvar("GITHUB_CLIENT_SECRET").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemGithubClientSecret). + Unpack(spec.Config.Github.ClientSecret) + opts.AddEnvvar("RH_CUSTOMER_PORTAL_CLIENT_ID").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemRHCustomerPortalClientId). + Unpack(spec.Config.RedHatCustomerPortal.ClientID) + opts.AddEnvvar("RH_CUSTOMER_PORTAL_CLIENT_SECRET").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemRHCustomerPortalClientSecret). + Unpack(spec.Config.RedHatCustomerPortal.ClientSecret) + opts.AddEnvvar("RH_CUSTOMER_PORTAL_REALM").Unpack(spec.Config.RedHatCustomerPortal.Realm) + opts.AddEnvvar("BUGSNAG_API_KEY").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemBugsnagApiKey).EmptyIf(!spec.Config.Bugsnag.Enabled()). + Unpack(spec.Config.Bugsnag.APIKey) + opts.AddEnvvar("BUGSNAG_RELEASE_STAGE").Unpack(spec.Config.Bugsnag.ReleaseStage) + opts.AddEnvvar("DB_SECRET").AsSecretRef(SystemAppSecret).WithSeedKey(seed.SystemDatabaseSecret). + Unpack(spec.Config.DatabaseSecret) + + if spec.Config.Apicast != nil { + opts.AddEnvvar("APICAST_STAGING_DOMAIN").Unpack(spec.Config.Apicast.StagingDomain) + opts.AddEnvvar("APICAST_PRODUCTION_DOMAIN").Unpack(spec.Config.Apicast.ProductionDomain) + opts.AddEnvvar("APICAST_CLOUD_HOSTED_REGISTRY_URL").Unpack(spec.Config.Apicast.CloudHostedRegistryURL) + opts.AddEnvvar("APICAST_SELF_MANAGED_REGISTRY_URL").Unpack(spec.Config.Apicast.SelfManagedRegistryURL) + } return opts } diff --git a/pkg/generators/zync/config/api_options.go b/pkg/generators/zync/config/api_options.go index 6eb853bd..e9271917 100644 --- a/pkg/generators/zync/config/api_options.go +++ b/pkg/generators/zync/config/api_options.go @@ -2,6 +2,7 @@ package config import ( saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" + "github.com/3scale-ops/saas-operator/pkg/generators/seed" "github.com/3scale-ops/saas-operator/pkg/resource_builders/pod" ) @@ -9,15 +10,20 @@ import ( func NewAPIOptions(spec saasv1alpha1.ZyncSpec) pod.Options { opts := pod.Options{} - opts.Unpack(spec.Config.Rails.Environment).IntoEnvvar("RAILS_ENV") - opts.Unpack(spec.Config.Rails.LogLevel).IntoEnvvar("RAILS_LOG_LEVEL") - opts.Unpack("true").IntoEnvvar("RAILS_LOG_TO_STDOUT") - opts.Unpack(spec.Config.Rails.MaxThreads).IntoEnvvar("RAILS_MAX_THREADS") - opts.Unpack(spec.Config.DatabaseDSN).IntoEnvvar("DATABASE_URL").AsSecretRef("zync") - opts.Unpack(spec.Config.SecretKeyBase).IntoEnvvar("SECRET_KEY_BASE").AsSecretRef("zync") - opts.Unpack(spec.Config.ZyncAuthToken).IntoEnvvar("ZYNC_AUTHENTICATION_TOKEN").AsSecretRef("zync") - opts.Unpack(spec.Config.Bugsnag.APIKey).IntoEnvvar("BUGSNAG_API_KEY").AsSecretRef("zync").EmptyIf(!spec.Config.Bugsnag.Enabled()) - opts.Unpack(spec.Config.Bugsnag.ReleaseStage).IntoEnvvar("BUGSNAG_RELEASE_STAGE") + opts.AddEnvvar("RAILS_ENV").Unpack(spec.Config.Rails.Environment) + opts.AddEnvvar("RAILS_LOG_LEVEL").Unpack(spec.Config.Rails.LogLevel) + opts.AddEnvvar("RAILS_LOG_TO_STDOUT").Unpack("true") + opts.AddEnvvar("RAILS_MAX_THREADS").Unpack(spec.Config.Rails.MaxThreads) + opts.AddEnvvar("DATABASE_URL").AsSecretRef(ZyncSecret).WithSeedKey(seed.ZyncDatabaseUrl). + Unpack(spec.Config.DatabaseDSN) + opts.AddEnvvar("SECRET_KEY_BASE").AsSecretRef(ZyncSecret).WithSeedKey(seed.ZyncSecretKeyBase). + Unpack(spec.Config.SecretKeyBase) + opts.AddEnvvar("ZYNC_AUTHENTICATION_TOKEN").AsSecretRef(ZyncSecret).WithSeedKey(seed.ZyncAuthToken). + Unpack(spec.Config.ZyncAuthToken) + opts.AddEnvvar("BUGSNAG_API_KEY").AsSecretRef(ZyncSecret).WithSeedKey(seed.ZyncBugsnagApiKey). + EmptyIf(!spec.Config.Bugsnag.Enabled()). + Unpack(spec.Config.Bugsnag.APIKey) + opts.AddEnvvar("BUGSNAG_RELEASE_STAGE").Unpack(spec.Config.Bugsnag.ReleaseStage) return opts } diff --git a/pkg/generators/zync/config/que_options.go b/pkg/generators/zync/config/que_options.go index 85648f4b..bbdde868 100644 --- a/pkg/generators/zync/config/que_options.go +++ b/pkg/generators/zync/config/que_options.go @@ -2,6 +2,7 @@ package config import ( saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" + "github.com/3scale-ops/saas-operator/pkg/generators/seed" "github.com/3scale-ops/saas-operator/pkg/resource_builders/pod" ) @@ -9,14 +10,18 @@ import ( func NewQueOptions(spec saasv1alpha1.ZyncSpec) pod.Options { opts := pod.Options{} - opts.Unpack(spec.Config.Rails.Environment).IntoEnvvar("RAILS_ENV") - opts.Unpack(spec.Config.Rails.LogLevel).IntoEnvvar("RAILS_LOG_LEVEL") - opts.Unpack("true").IntoEnvvar("RAILS_LOG_TO_STDOUT") - opts.Unpack(spec.Config.DatabaseDSN).IntoEnvvar("DATABASE_URL").AsSecretRef("zync") - opts.Unpack(spec.Config.SecretKeyBase).IntoEnvvar("SECRET_KEY_BASE").AsSecretRef("zync") - opts.Unpack(spec.Config.ZyncAuthToken).IntoEnvvar("ZYNC_AUTHENTICATION_TOKEN").AsSecretRef("zync") - opts.Unpack(spec.Config.Bugsnag.APIKey).IntoEnvvar("BUGSNAG_API_KEY").AsSecretRef("zync").EmptyIf(!spec.Config.Bugsnag.Enabled()) - opts.Unpack(spec.Config.Bugsnag.ReleaseStage).IntoEnvvar("BUGSNAG_RELEASE_STAGE") + opts.AddEnvvar("RAILS_ENV").Unpack(spec.Config.Rails.Environment) + opts.AddEnvvar("RAILS_LOG_LEVEL").Unpack(spec.Config.Rails.LogLevel) + opts.AddEnvvar("RAILS_LOG_TO_STDOUT").Unpack("true") + opts.AddEnvvar("DATABASE_URL").AsSecretRef(ZyncSecret).WithSeedKey(seed.ZyncDatabaseUrl). + Unpack(spec.Config.DatabaseDSN) + opts.AddEnvvar("SECRET_KEY_BASE").AsSecretRef(ZyncSecret).WithSeedKey(seed.ZyncSecretKeyBase). + Unpack(spec.Config.SecretKeyBase) + opts.AddEnvvar("ZYNC_AUTHENTICATION_TOKEN").AsSecretRef(ZyncSecret).WithSeedKey(seed.ZyncAuthToken). + Unpack(spec.Config.ZyncAuthToken) + opts.AddEnvvar("BUGSNAG_API_KEY").AsSecretRef(ZyncSecret).EmptyIf(!spec.Config.Bugsnag.Enabled()).WithSeedKey(seed.ZyncBugsnagApiKey). + Unpack(spec.Config.Bugsnag.APIKey) + opts.AddEnvvar("BUGSNAG_RELEASE_STAGE").Unpack(spec.Config.Bugsnag.ReleaseStage) return opts } diff --git a/pkg/generators/zync/config/types.go b/pkg/generators/zync/config/types.go new file mode 100644 index 00000000..113c3e94 --- /dev/null +++ b/pkg/generators/zync/config/types.go @@ -0,0 +1,9 @@ +package config + +type Secret string + +func (s Secret) String() string { return string(s) } + +const ( + ZyncSecret Secret = "zync" +) diff --git a/pkg/generators/zync/generator.go b/pkg/generators/zync/generator.go index 26a0c095..1d7fa973 100644 --- a/pkg/generators/zync/generator.go +++ b/pkg/generators/zync/generator.go @@ -6,7 +6,6 @@ import ( "github.com/3scale-ops/basereconciler/mutators" "github.com/3scale-ops/basereconciler/resource" - "github.com/3scale-ops/basereconciler/util" saasv1alpha1 "github.com/3scale-ops/saas-operator/api/v1alpha1" "github.com/3scale-ops/saas-operator/pkg/generators" "github.com/3scale-ops/saas-operator/pkg/generators/zync/config" @@ -154,7 +153,7 @@ func (gen *APIGenerator) Labels() map[string]string { func (gen *APIGenerator) Deployment() *resource.Template[*appsv1.Deployment] { return resource.NewTemplateFromObjectFunction(gen.deployment). WithMutation(mutators.SetDeploymentReplicas(gen.APISpec.HPA.IsDeactivated())). - WithMutation(mutators.RolloutTrigger{Name: "zync", SecretName: util.Pointer("zync")}.Add()) + WithMutations(gen.Options.GenerateRolloutTriggers()) } func (gen *APIGenerator) HPASpec() *saasv1alpha1.HorizontalPodAutoscalerSpec { @@ -195,7 +194,7 @@ var _ deployment_workload.DeploymentWorkload = &QueGenerator{} func (gen *QueGenerator) Deployment() *resource.Template[*appsv1.Deployment] { return resource.NewTemplateFromObjectFunction(gen.deployment). WithMutation(mutators.SetDeploymentReplicas(gen.QueSpec.HPA.IsDeactivated())). - WithMutation(mutators.RolloutTrigger{Name: "zync", SecretName: util.Pointer("zync")}.Add()) + WithMutations(gen.Options.GenerateRolloutTriggers()) } func (gen *QueGenerator) HPASpec() *saasv1alpha1.HorizontalPodAutoscalerSpec { return gen.QueSpec.HPA @@ -222,6 +221,6 @@ func (gen *ConsoleGenerator) StatefulSet() []resource.TemplateInterface { return []resource.TemplateInterface{ resource.NewTemplateFromObjectFunction(gen.statefulset). WithEnabled(gen.Enabled). - WithMutation(mutators.RolloutTrigger{Name: "zync", SecretName: util.Pointer("zync")}.Add()), + WithMutations(gen.Options.GenerateRolloutTriggers()), } } diff --git a/pkg/resource_builders/pod/environment.go b/pkg/resource_builders/pod/environment.go index 92ab1bed..39f9c0d2 100644 --- a/pkg/resource_builders/pod/environment.go +++ b/pkg/resource_builders/pod/environment.go @@ -21,23 +21,115 @@ import ( type Option struct { value *string - rawValue *corev1.EnvVarSource - secretValue *saasv1alpha1.SecretReference + valueFrom *corev1.EnvVarSource envVariable string secretName string - set bool + seedKey string + vaultKey string + vaultPath string + isSet bool + isEmpty bool } -func (o *Option) IntoEnvvar(e string) *Option { o.envVariable = e; return o } -func (o *Option) AsSecretRef(s string) *Option { o.secretName = s; return o } +func (o *Option) IntoEnvvar(e string) *Option { o.envVariable = e; return o } +func (o *Option) AsSecretRef(s fmt.Stringer) *Option { o.secretName = s.String(); return o } +func (o *Option) WithSeedKey(key fmt.Stringer) *Option { o.seedKey = key.String(); return o } func (o *Option) EmptyIf(empty bool) *Option { if empty { - o.secretValue = nil - o.value = util.Pointer("") + o.isEmpty = true } return o } +// Unpack retrieves the value specified from the API and adds a matching option to the +// list of options. It handles both values and pointers seamlessly. +// Considers a nil value as an unset option. +// It always unpacks into an string representation of the value so it can be stored as +// an environment variable. +// A parameter indicating the format (as in a call to fmt.Sprintf()) can be optionally passed. +func (opt *Option) Unpack(o any, params ...string) *Option { + if len(params) > 1 { + panic(fmt.Errorf("too many params in call to Unpack")) + } + + if opt.isEmpty { + opt.isSet = true + opt.value = util.Pointer("") + return opt + } + + var val any + + if reflect.ValueOf(o).Kind() == reflect.Ptr { + if lo.IsNil(o) { + // underlying value is nil so option is unset + return &Option{isSet: false} + } else { + val = reflect.ValueOf(o).Elem().Interface() + } + } else { + val = o + } + + switch v := val.(type) { + + case saasv1alpha1.SecretReference: + if opt.envVariable == "" { + panic("AddEnvvar must be invoked to add a new option") + } + opt.isSet = true + + // is a secret with override + if v.Override != nil { + opt.value = v.Override + + // is a secret with value from vault + } else if v.FromVault != nil { + if opt.secretName == "" { + panic("AsSecretRef must be invoked when using 'SecretReference.FromVault'") + } + opt.vaultKey = v.FromVault.Key + opt.vaultPath = v.FromVault.Path + opt.valueFrom = &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: opt.envVariable, + LocalObjectReference: corev1.LocalObjectReference{ + Name: opt.secretName, + }, + }} + + // is a secret retrieved ffom the default seed Secret + } else if v.FromSeed != nil { + if opt.seedKey == "" { + panic("WithSeedKey must be invoked when using 'SecretReference.FromSeed'") + } + opt.valueFrom = &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: saasv1alpha1.DefaultSeedSecret, + }, + Key: opt.seedKey, + }} + } + + default: + opt.isSet = true + opt.value = unpackValue(v, params...) + } + + return opt +} + +func unpackValue(o any, params ...string) *string { + var format string + if len(params) > 0 { + format = params[0] + } else { + format = "%v" + } + return util.Pointer(fmt.Sprintf(format, o)) +} + type Options []*Option func NewOptions() *Options { return &Options{} } @@ -50,14 +142,22 @@ func (options *Options) DeepCopy() *Options { // FilterSecretOptions returns a list of options that will generate a Secret resource func (options *Options) FilterSecretOptions() Options { - return lo.Filter[*Option](*options, func(item *Option, index int) bool { - return item.secretValue != nil && item.secretValue.Override == nil && item.secretName != "" + return lo.Filter(*options, func(item *Option, index int) bool { + return item.valueFrom != nil && item.valueFrom.SecretKeyRef != nil + }) +} + +// FilterSecretOptions returns a list of options that will generate a Secret resource +// with a Vault secret store as its source (via an ExternalSecret) +func (options *Options) FilterFromVaultOptions() Options { + return lo.Filter(*options, func(item *Option, index int) bool { + return item.vaultKey != "" && item.vaultPath != "" }) } func (options *Options) ListSecretResourceNames() []string { list := lo.Reduce(options.FilterSecretOptions(), func(agg []string, item *Option, _ int) []string { - return append(agg, item.secretName) + return append(agg, item.valueFrom.SecretKeyRef.Name) }, []string{}) return lo.Uniq(list) @@ -75,46 +175,8 @@ func (options *Options) GenerateRolloutTriggers(additionalSecrets ...string) []r return triggers } -// Unpack retrieves the value specified from the API and adds a matching option to the -// list of options. It handles both values and pointers seamlessly. -// Considers a nil value as an unset option. -// It always unpacks into an string representation of the value so it can be stored as -// an environment variable. -// A parameter indicating the format (as in a call to fmt.Sprintf()) can be optionally passed. -func (options *Options) Unpack(o any, params ...string) *Option { - if len(params) > 1 { - panic(fmt.Errorf("too many params in call to Unpack")) - } - - var opt *Option - var val any - - if reflect.ValueOf(o).Kind() == reflect.Ptr { - if lo.IsNil(o) { - // underlying value is nil so option is unset - return &Option{set: false} - } else { - val = reflect.ValueOf(o).Elem().Interface() - } - } else { - val = o - } - - switch v := val.(type) { - - case saasv1alpha1.SecretReference: - opt = &Option{secretValue: &v, set: true} - - default: - var format string - if len(params) > 0 { - format = params[0] - } else { - format = "%v" - } - opt = &Option{value: util.Pointer(fmt.Sprintf(format, v)), set: true} - } - +func (options *Options) AddEnvvar(e string) *Option { + opt := &Option{envVariable: e} *options = append(*options, opt) return opt } @@ -130,9 +192,8 @@ func (options *Options) WithExtraEnv(extra []corev1.EnvVar) *Options { if exists { o.value = util.Pointer(envvar.Value) - o.rawValue = envvar.ValueFrom - o.secretValue = nil - o.set = true + o.valueFrom = envvar.ValueFrom + o.isSet = true o.secretName = "" } else { var v *string @@ -141,9 +202,9 @@ func (options *Options) WithExtraEnv(extra []corev1.EnvVar) *Options { } *out = append(*out, &Option{ value: v, - rawValue: envvar.ValueFrom, + valueFrom: envvar.ValueFrom, envVariable: envvar.Name, - set: true, + isSet: true, }) } } @@ -157,40 +218,26 @@ func (opts *Options) BuildEnvironment() []corev1.EnvVar { env := []corev1.EnvVar{} for _, opt := range *opts { - if !opt.set { + if !opt.isSet { continue } - if opt.secretValue != nil { - - if opt.secretValue.Override != nil { - opt.value = opt.secretValue.Override - } else { - env = append(env, corev1.EnvVar{ - Name: opt.envVariable, - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - Key: opt.envVariable, - LocalObjectReference: corev1.LocalObjectReference{ - Name: opt.secretName, - }, - }}}) - continue - } - } - + // Direct value (if both value and valueFrom are set, value takes precedence and + // valueFrom will be ignored) if opt.value != nil { env = append(env, corev1.EnvVar{ Name: opt.envVariable, Value: *opt.value, }) continue + } - if opt.rawValue != nil { + // ValueFrom + if opt.valueFrom != nil { env = append(env, corev1.EnvVar{ Name: opt.envVariable, - ValueFrom: opt.rawValue, + ValueFrom: opt.valueFrom, }) continue } @@ -203,15 +250,15 @@ func (opts *Options) BuildEnvironment() []corev1.EnvVar { func (opts *Options) GenerateExternalSecrets(namespace string, labels map[string]string, secretStoreName, secretStoreKind string, refreshInterval metav1.Duration) []resource.TemplateInterface { list := []resource.TemplateInterface{} - for _, group := range lo.PartitionBy[*Option, string](opts.FilterSecretOptions(), func(item *Option) string { return item.secretName }) { + for _, group := range lo.PartitionBy(opts.FilterFromVaultOptions(), func(item *Option) string { return item.secretName }) { data := []externalsecretsv1beta1.ExternalSecretData{} name := group[0].secretName for _, opt := range group { data = append(data, externalsecretsv1beta1.ExternalSecretData{ SecretKey: opt.envVariable, RemoteRef: externalsecretsv1beta1.ExternalSecretDataRemoteRef{ - Key: strings.TrimPrefix(opt.secretValue.FromVault.Path, "secret/data/"), - Property: opt.secretValue.FromVault.Key, + Key: strings.TrimPrefix(opt.vaultPath, "secret/data/"), + Property: opt.vaultKey, ConversionStrategy: "Default", DecodingStrategy: "None", }, @@ -226,7 +273,7 @@ func (opts *Options) GenerateExternalSecrets(namespace string, labels map[string } func Union(lists ...[]*Option) *Options { - all := operatorutil.ConcatSlices[*Option](lists...) + all := operatorutil.ConcatSlices(lists...) all = lo.UniqBy(all, func(item *Option) string { return item.envVariable }) diff --git a/pkg/resource_builders/pod/environment_test.go b/pkg/resource_builders/pod/environment_test.go index d8fda453..326c38ca 100644 --- a/pkg/resource_builders/pod/environment_test.go +++ b/pkg/resource_builders/pod/environment_test.go @@ -16,6 +16,14 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/fake" ) +type TSecret string + +func (s TSecret) String() string { return string(s) } + +type TSeedKey string + +func (s TSeedKey) String() string { return string(s) } + func TestOptions_BuildEnvironment(t *testing.T) { type args struct { extra []corev1.EnvVar @@ -30,7 +38,7 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "Text value", opts: func() *Options { o := NewOptions() - o.Unpack("value").IntoEnvvar("envvar") + o.AddEnvvar("envvar").Unpack("value") return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -43,7 +51,7 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "Text value with custom format", opts: func() *Options { o := NewOptions() - o.Unpack(8080, ":%d").IntoEnvvar("envvar") + o.AddEnvvar("envvar").Unpack(8080, ":%d") return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -56,7 +64,7 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "Pointer to text value", opts: func() *Options { o := NewOptions() - o.Unpack(util.Pointer("value")).IntoEnvvar("envvar") + o.AddEnvvar("envvar").Unpack(util.Pointer("value")) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -70,7 +78,7 @@ func TestOptions_BuildEnvironment(t *testing.T) { opts: func() *Options { o := NewOptions() var v *string - o.Unpack(v).IntoEnvvar("envvar") + o.AddEnvvar("envvar").Unpack(v) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -80,10 +88,11 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "SecretReference", opts: func() *Options { o := &Options{} - o.Unpack(saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ - Path: "path", - Key: "key", - }}).IntoEnvvar("envvar").AsSecretRef("secret") + o.AddEnvvar("envvar").AsSecretRef(TSecret("secret")). + Unpack(saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ + Path: "path", + Key: "key", + }}) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -103,10 +112,11 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "Pointer to SecretReference", opts: func() *Options { o := &Options{} - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ - Path: "path", - Key: "key", - }}).IntoEnvvar("envvar").AsSecretRef("secret") + o.AddEnvvar("envvar").AsSecretRef(TSecret("secret")). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ + Path: "path", + Key: "key", + }}) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -127,7 +137,7 @@ func TestOptions_BuildEnvironment(t *testing.T) { opts: func() *Options { o := &Options{} var v *saasv1alpha1.SecretReference - o.Unpack(v).IntoEnvvar("envvar").AsSecretRef("secret") + o.AddEnvvar("envvar").AsSecretRef(TSecret("secret")).Unpack(v) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -137,7 +147,8 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "SecretReference with override", opts: func() *Options { o := &Options{} - o.Unpack(saasv1alpha1.SecretReference{Override: util.Pointer("value")}).IntoEnvvar("envvar") + o.AddEnvvar("envvar"). + Unpack(saasv1alpha1.SecretReference{Override: util.Pointer("value")}) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -150,10 +161,11 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "EmptyIf", opts: func() *Options { o := &Options{} - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ - Path: "path", - Key: "key", - }}).IntoEnvvar("envvar").AsSecretRef("secret").EmptyIf(true) + o.AddEnvvar("envvar").AsSecretRef(TSecret("secret")).EmptyIf(true). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ + Path: "path", + Key: "key", + }}) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -166,11 +178,12 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "Adds/overwrites extra envvars", opts: func() *Options { o := &Options{} - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ - Path: "path", - Key: "key", - }}).IntoEnvvar("envvar1").AsSecretRef("secret").EmptyIf(true) - o.Unpack("value2").IntoEnvvar("envvar2") + o.AddEnvvar("envvar1").AsSecretRef(TSecret("secret")).EmptyIf(true). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ + Path: "path", + Key: "key", + }}) + o.AddEnvvar("envvar2").Unpack("value2") return o }(), args: args{extra: []corev1.EnvVar{ @@ -214,7 +227,7 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "bool value", opts: func() *Options { o := NewOptions() - o.Unpack(true).IntoEnvvar("envvar") + o.AddEnvvar("envvar").Unpack(true) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -227,7 +240,7 @@ func TestOptions_BuildEnvironment(t *testing.T) { name: "Pointer to int value", opts: func() *Options { o := NewOptions() - o.Unpack(util.Pointer(100)).IntoEnvvar("envvar") + o.AddEnvvar("envvar").Unpack(util.Pointer(100)) return o }(), args: args{extra: []corev1.EnvVar{}}, @@ -236,6 +249,65 @@ func TestOptions_BuildEnvironment(t *testing.T) { Value: "100", }}, }, + { + name: "SecretReference from seed", + opts: func() *Options { + o := &Options{} + o.AddEnvvar("envvar1").Unpack(saasv1alpha1.SecretReference{Override: util.Pointer("value1")}) + o.AddEnvvar("envvar2").AsSecretRef(TSecret("some-secret")).WithSeedKey(TSeedKey("seed-key")). + Unpack(saasv1alpha1.SecretReference{FromSeed: &saasv1alpha1.SeedSecretReference{}}) + return o + }(), + args: args{extra: []corev1.EnvVar{}}, + want: []corev1.EnvVar{ + { + Name: "envvar1", + Value: "value1", + }, + { + Name: "envvar2", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: saasv1alpha1.DefaultSeedSecret, + }, + Key: "seed-key", + }, + }, + }, + }, + }, + { + name: "SecretReference from vault, but with seed configured", + opts: func() *Options { + o := &Options{} + o.AddEnvvar("envvar1").Unpack(saasv1alpha1.SecretReference{Override: util.Pointer("value1")}) + o.AddEnvvar("envvar2").AsSecretRef(TSecret("some-secret")).WithSeedKey(TSeedKey("seed-key")). + Unpack(saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ + Path: "path", + Key: "key", + }}) + return o + }(), + args: args{extra: []corev1.EnvVar{}}, + want: []corev1.EnvVar{ + { + Name: "envvar1", + Value: "value1", + }, + { + Name: "envvar2", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "some-secret", + }, + Key: "envvar2", + }, + }, + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -265,8 +337,8 @@ func TestOptions_GenerateExternalSecrets(t *testing.T) { name: "Does not generate any external secret", opts: func() *Options { o := NewOptions() - o.Unpack("value1").IntoEnvvar("envvar1") - o.Unpack("value2").IntoEnvvar("envvar2") + o.AddEnvvar("envvar1").Unpack("value1") + o.AddEnvvar("envvar2").Unpack("value2") return o }(), args: args{}, @@ -276,18 +348,21 @@ func TestOptions_GenerateExternalSecrets(t *testing.T) { name: "Generates external secrets for the secret options", opts: func() *Options { o := NewOptions() - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ - Path: "path1", - Key: "key1", - }}).IntoEnvvar("envvar1").AsSecretRef("secret1") - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ - Path: "path2", - Key: "key2", - }}).IntoEnvvar("envvar2").AsSecretRef("secret1") - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ - Path: "path3", - Key: "key3", - }}).IntoEnvvar("envvar3").AsSecretRef("secret2") + o.AddEnvvar("envvar1").AsSecretRef(TSecret("secret1")). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ + Path: "path1", + Key: "key1", + }}) + o.AddEnvvar("envvar2").AsSecretRef(TSecret("secret1")). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ + Path: "path2", + Key: "key2", + }}) + o.AddEnvvar("envvar3").AsSecretRef(TSecret("secret2")). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{ + Path: "path3", + Key: "key3", + }}) return o }(), args: args{ @@ -373,7 +448,8 @@ func TestOptions_GenerateExternalSecrets(t *testing.T) { name: "Skips secret options with override", opts: func() *Options { o := NewOptions() - o.Unpack(&saasv1alpha1.SecretReference{Override: util.Pointer("override")}).IntoEnvvar("envvar1").AsSecretRef("secret") + o.AddEnvvar("envvar1").AsSecretRef(TSecret("secret")). + Unpack(&saasv1alpha1.SecretReference{Override: util.Pointer("override")}) return o }(), args: args{}, @@ -384,7 +460,18 @@ func TestOptions_GenerateExternalSecrets(t *testing.T) { opts: func() *Options { o := NewOptions() var v *saasv1alpha1.SecretReference - o.Unpack(v).IntoEnvvar("envvar1").AsSecretRef("secret") + o.AddEnvvar("envvar1").AsSecretRef(TSecret("secret")).Unpack(v) + return o + }(), + args: args{}, + want: []client.Object{}, + }, + { + name: "Skips 'fromSeed' secret options", + opts: func() *Options { + o := NewOptions() + o.AddEnvvar("envvar1").AsSecretRef(TSecret("secret")).WithSeedKey(TSeedKey("key")). + Unpack(&saasv1alpha1.SecretReference{FromSeed: &saasv1alpha1.SeedSecretReference{}}) return o }(), args: args{}, @@ -423,12 +510,12 @@ func TestOptions_WithExtraEnv(t *testing.T) { { value: util.Pointer("value1"), envVariable: "envvar1", - set: true, + isSet: true, }, { value: util.Pointer("value2"), envVariable: "envvar2", - set: true, + isSet: true, }, }, args: args{ @@ -445,34 +532,34 @@ func TestOptions_WithExtraEnv(t *testing.T) { { value: util.Pointer("aaaa"), envVariable: "envvar1", - set: true, + isSet: true, }, { value: util.Pointer("value2"), envVariable: "envvar2", - set: true, + isSet: true, }, { value: util.Pointer("bbbb"), envVariable: "envvar3", - set: true, + isSet: true, }, { - rawValue: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "metadata.name"}}, + valueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{APIVersion: "v1", FieldPath: "metadata.name"}}, envVariable: "envvar4", - set: true, + isSet: true, }, }, wantOld: &Options{ { value: util.Pointer("value1"), envVariable: "envvar1", - set: true, + isSet: true, }, { value: util.Pointer("value2"), envVariable: "envvar2", - set: true, + isSet: true, }, }, }, @@ -501,21 +588,28 @@ func TestOptions_ListSecretResourceNames(t *testing.T) { options: func() *Options { o := &Options{} // ok - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{}}).IntoEnvvar("envvar1").AsSecretRef("secret1") + o.AddEnvvar("envvar1").AsSecretRef(TSecret("secret1")). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{}}) // not ok: not a secret value - o.Unpack("value").IntoEnvvar("envvar2") + o.AddEnvvar("envvar2").Unpack("value") // not ok: secret value with override - o.Unpack(&saasv1alpha1.SecretReference{Override: util.Pointer("value")}).IntoEnvvar("envvar3").AsSecretRef("secret2") - var v *saasv1alpha1.SecretReference + o.AddEnvvar("envvar3").AsSecretRef(TSecret("secret2")). + Unpack(&saasv1alpha1.SecretReference{Override: util.Pointer("value")}) // not ok: secret value is nil - o.Unpack(v).IntoEnvvar("envvar1").AsSecretRef("secret3") + var v *saasv1alpha1.SecretReference + o.AddEnvvar("envvar1").AsSecretRef(TSecret("secret3")).Unpack(v) // ok - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{}}).IntoEnvvar("envvar2").AsSecretRef("secret1") + o.AddEnvvar("envvar2").AsSecretRef(TSecret("secret1")). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{}}) // ok - o.Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{}}).IntoEnvvar("envvar3").AsSecretRef("secret2") + o.AddEnvvar("envvar3").AsSecretRef(TSecret("secret2")). + Unpack(&saasv1alpha1.SecretReference{FromVault: &saasv1alpha1.VaultSecretReference{}}) + // ok: secret from seed + o.AddEnvvar("envvar4").AsSecretRef(TSecret("secret3")).WithSeedKey(TSeedKey("seed-key")). + Unpack(&saasv1alpha1.SecretReference{FromSeed: &saasv1alpha1.SeedSecretReference{}}) return o }(), - want: []string{"secret1", "secret2"}, + want: []string{"secret1", "secret2", "saas-seed"}, }, } for _, tt := range tests { @@ -544,29 +638,29 @@ func TestUnion(t *testing.T) { { value: util.Pointer("value1"), envVariable: "ENVVAR1", - set: false, + isSet: false, }, { value: util.Pointer("value2"), envVariable: "ENVVAR2", - set: false, + isSet: false, }, }, { { value: util.Pointer("value1"), envVariable: "ENVVAR1", - set: false, + isSet: false, }, { value: util.Pointer("value3"), envVariable: "ENVVAR3", - set: false, + isSet: false, }, { value: util.Pointer("value4"), envVariable: "ENVVAR4", - set: false, + isSet: false, }, }, }, @@ -575,22 +669,22 @@ func TestUnion(t *testing.T) { { value: util.Pointer("value1"), envVariable: "ENVVAR1", - set: false, + isSet: false, }, { value: util.Pointer("value2"), envVariable: "ENVVAR2", - set: false, + isSet: false, }, { value: util.Pointer("value3"), envVariable: "ENVVAR3", - set: false, + isSet: false, }, { value: util.Pointer("value4"), envVariable: "ENVVAR4", - set: false, + isSet: false, }, }, }, diff --git a/pkg/resource_builders/twemproxy/options.go b/pkg/resource_builders/twemproxy/options.go index 49073e1b..d9369c08 100644 --- a/pkg/resource_builders/twemproxy/options.go +++ b/pkg/resource_builders/twemproxy/options.go @@ -13,10 +13,10 @@ const ( func NewOptions(spec saasv1alpha1.TwemproxySpec) *pod.Options { opts := pod.NewOptions() - opts.Unpack(TwemproxyConfigFile).IntoEnvvar("TWEMPROXY_CONFIG_FILE") - opts.Unpack(spec.Options.MetricsPort, ":%d").IntoEnvvar("TWEMPROXY_METRICS_ADDRESS") - opts.Unpack(spec.Options.StatsInterval.Milliseconds()).IntoEnvvar("TWEMPROXY_STATS_INTERVAL") - opts.Unpack(spec.Options.LogLevel).IntoEnvvar("TWEMPROXY_LOG_LEVEL") + opts.AddEnvvar("TWEMPROXY_CONFIG_FILE").Unpack(TwemproxyConfigFile) + opts.AddEnvvar("TWEMPROXY_METRICS_ADDRESS").Unpack(spec.Options.MetricsPort, ":%d") + opts.AddEnvvar("TWEMPROXY_STATS_INTERVAL").Unpack(spec.Options.StatsInterval.Milliseconds()) + opts.AddEnvvar("TWEMPROXY_LOG_LEVEL").Unpack(spec.Options.LogLevel) return opts } diff --git a/pkg/version/version.go b/pkg/version/version.go index e2276715..08394576 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -1,7 +1,7 @@ package version const ( - version string = "v0.22.0" + version string = "v0.23.0-alpha.9" ) // Current returns the current marin3r operator version