Merge pull request #25 from TykTechnologies/feat/TT-10221/envconfig

[TT-10221] Update Config structure

.github/workflows/linter.yaml

@@ -3,28 +3,31 @@ name: golangci-lint
 on:
   push:
     branches:
-      - master
-    paths: 
+      - main
+    paths:
       - '**.go'
 
   pull_request:
     branches:
-      - master
-    paths: 
+      - main
+    paths:
       - '**.go'
 
 jobs:
   golangci:
     name: linter
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
       - name: check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v2.5.2
+        uses: golangci/golangci-lint-action@v3
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
-          version: latest
+          version: v1.50.1
 
           # Optional: golangci-lint command line arguments.
           args: --verbose --timeout=5m

.golangci.yml

@@ -0,0 +1,80 @@
+issues:
+  # Show only new issues created since branching away from default branch on the remote
+  new-from-rev: origin/master
+  exclude-rules:
+    - linters:
+        - lll
+      source: "^// "
+linters:
+  enable:
+    - errcheck
+    - gocritic
+    - gofmt
+    - gofumpt
+    - goimports
+    - govet
+    - lll
+    - whitespace
+    - wsl
+
+linters-settings:
+  errcheck:
+    # Report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`.
+    check-blank: true
+
+    # Report about not checking of errors in type assertions: `a := b.(MyStruct)`.
+    check-type-assertions: true
+
+  gocritic:
+    # See https://go-critic.github.io/overview#checks-overview
+    # To check which checks are enabled run `GL_DEBUG=gocritic golangci-lint run`
+    enabled-tags:
+      - performance
+
+  gofmt:
+    # Simplify code with '-s' option
+    simplify: true
+
+  gofumpt:
+    # Choose whether or not to use the extra rules that are disabled by default
+    extra-rules: true
+
+    # Select the Go version to target.
+    lang-version: "1.19"
+
+  lll:
+    # Max line length; lines longer will be reported
+    # '\t' is counted as 1 character by default, and can be changed with the 'tab-width' option
+    line-length: 120
+    # Tab width in spaces
+    tab-width: 2
+
+  whitespace:
+    multi-if: false # Enforces newlines (or comments) after every multi-line if statement
+    multi-func: false # Enforces newlines (or comments) after every multi-line function signature
+
+  wsl:
+    # Controls if you may cuddle assignments and anything without needing an empty line between them.
+    allow-assign-and-anything: false
+    # Allow calls and assignments to be cuddled as long as the lines have any matching variables, fields or types.
+    # Default is true.
+    allow-assign-and-call: true
+    # Controls if you may end case statements with a whitespace.
+    allow-case-trailing-whitespace: true
+    # Allow declarations (var) to be cuddled.
+    allow-cuddle-declarations: true
+    # Allow multiline assignments to be cuddled. Default is true.
+    allow-multiline-assign: true
+    # This option allows whitespace after each comment group that begins a block.
+    allow-separated-leading-comment: false
+    # Allow trailing comments in ending of blocks
+    allow-trailing-comment: false
+    # Enforces that an if statement checking an error variable is cuddled with the line that assigned that error variable.
+    enforce-err-cuddling: true
+    # Force newlines in end of case at this limit (0 = never).
+    force-case-trailing-whitespace: 0
+    # Enforces that an assignment which is actually a short declaration (using :=) is only allowed to cuddle with other short declarations, and not plain assignments, blocks, etc.
+    force-short-decl-cuddling: false
+    # Append is only allowed to be cuddled if appending value is matching variables, fields or types on line above.
+    # Default is true.
+    strict-append: true

Makefile

@@ -27,3 +27,9 @@ build-bootstrap-pre-delete:
 		"-X main.version=$(MAIN_VERSION)" "$(BOOTSTRAP_CMD_PREDELETE_PATH)"
 
 build-all: build-bootstrap-post build-bootstrap-pre-delete build-bootstrap-pre-install
+
+linters:
+	go fmt ./...
+	gofmt -s -w .
+	go vet ./...
+	golangci-lint run

README.md

@@ -1,39 +1,63 @@
-# Tyk-K8S-bootstrap
+# Tyk-K8S-Bootstrap
 
-This is a standalone app meant to help with bootstrap and deletion of the tyk-stack when installed
-via tyk-helm-charts.
-
-**Note:** 
-<br>This app is needed only for Tyk [Self-managed](https://tyk.io/docs/tyk-on-premises/) deployment!
-<br>[Tyk OSS](https://tyk.io/docs/apim/open-source/) doesn't have a special bootstrap and in [Tyk Cloud](https://tyk.io/docs/tyk-cloud/) it is done for you (being a SaaS).
+Tyk K8s Bootstrap comes with three applications to bootstrap [`tyk-stack`](https://github.com/TykTechnologies/tyk-charts/tree/main/tyk-stack) 
+and to create Kubernetes secrets that can be utilized in [Tyk Operator](https://tyk.io/docs/tyk-operator/) and 
+[`tyk-dev-portal`](https://github.com/TykTechnologies/tyk-charts/tree/main/components/tyk-dev-portal) chart.
 
 ## What it does?
 
-### 1. Tyk post deployment bootstrapping
-a. Creates a basic organization with the values specified in the env vars
-via the tyk-helm charts
-<br>
-b. Creates a user to access the dashboard (values determined as above)
-<br>
-c. Bootstraps tyk-portal with a mock page (only if enabled in tyk-helm-charts)
-<br>
-d. Creates the secret required for the tyk-operator to work (only if enabled in tyk-helm-charts)
+`tyk-k8s-bootstrap` offers three applications functioning as [Chart Hooks](https://helm.sh/docs/topics/charts_hooks/) in Helm charts.
+
+- `bootstrap-pre-install` is a binary functioning as a `pre-install` hook, validating the Tyk Dashboard License key.
+- `bootstrap-post-install` is a binary functioning as a `post-install` hook, bootstrapping the Tyk Dashboard by 
+setting up an organization and an admin user. Additionally, it generates Kubernetes secrets utilized by 
+[Tyk Operator](https://tyk.io/docs/tyk-operator/) and [Tyk Enterprise Portal](https://tyk.io/docs/tyk-stack/tyk-developer-portal/enterprise-developer-portal/install-tyk-enterprise-portal/)
+- `bootstrap-pre-delete` is a binary functioning as a `pre-delete` hook, responsible for system cleanup.
+
+## Environment Variables
+
+| Environment Variable                           | Description                                                                                                                                                                                                           |
+|------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| TYK_K8SBOOTSTRAP_INSECURESKIPVERIFY            | enables InsecureSkipVerify options in HTTP requests sent to Tyk -<br/> might be useful for Tyk Dashboard with self-signed certs                                                                                       |
+| TYK_K8SBOOTSTRAP_BOOTSTRAPDASHBOARD            | controls bootstrapping Tyk Dashboard or not.                                                                                                                                                                          |
+| TYK_K8SBOOTSTRAP_BOOTSTRAPPORTAL               | controls bootstrapping Tyk Classic Portal or not.                                                                                                                                                                     |
+| TYK_K8SBOOTSTRAP_OPERATORKUBERNETESSECRETNAME  | corresponds to the Kubernetes secret name that will be created for Tyk Operator.<br/> Set it to an empty to string to disable bootstrapping Kubernetes secret for Tyk Operator.                                       |
+| TYK_K8SBOOTSTRAP_DEVPORTALKUBERNETESSECRETNAME | corresponds to the Kubernetes secret name that will be created for Tyk Developer Enterprise Portal.<br/> Set it to an empty to string to disable bootstrapping Kubernetes secret for Tyk Developer Enterprise Portal. |
+| TYK_K8SBOOTSTRAP_K8S_DASHBOARDSVCURL           | corresponds to the URL of Tyk Dashboard.                                                                                                                                                                              |
+| TYK_K8SBOOTSTRAP_K8S_DASHBOARDSVCPROTO         | corresponds to Tyk Dashboard Service Protocol (either http or https). By default, it is http.                                                                                                                         |
+| TYK_K8SBOOTSTRAP_K8S_RELEASENAMESPACE          | corresponds to the namespace where Tyk is deployed via Helm Chart.                                                                                                                                                    |
+| TYK_K8SBOOTSTRAP_K8S_DASHBOARDDEPLOYMENTNAME   | corresponds to the name of the Tyk Dashboard Deployment, which is being used to restart<br/> Dashboard pod after bootstrapping.                                                                                       |
+| TYK_K8SBOOTSTRAP_TYK_ADMIN_SECRET              | corresponds to the secret that will be used in Admin APIs.                                                                                                                                                            |
+| TYK_K8SBOOTSTRAP_TYK_ADMIN_FIRSTNAME           | corresponds to the first name of the admin being created.                                                                                                                                                             |
+| TYK_K8SBOOTSTRAP_TYK_ADMIN_LASTNAME            | corresponds to the last name of the admin being created.                                                                                                                                                              |
+| TYK_K8SBOOTSTRAP_TYK_ADMIN_EMAILADDRESS        | corresponds to the email address of the admin being created.                                                                                                                                                          |
+| TYK_K8SBOOTSTRAP_TYK_ADMIN_PASSWORD            | corresponds to the password of the admin being created.                                                                                                                                                               |
+| TYK_K8SBOOTSTRAP_TYK_ADMIN_AUTH                | corresponds to Tyk Dashboard API Access Credentials of the admin user, and it will be used in Authorization <br/>header of the HTTP requests that will be sent to Tyk for bootstrapping.                              |
+| TYK_K8SBOOTSTRAP_TYK_ORG_NAME                  | corresponds to the name for your organization that is going to be bootstrapped in Tyk.                                                                                                                                |
+| TYK_K8SBOOTSTRAP_TYK_ORG_CNAME                 | corresponds to the Organisation CNAME which is going to bind the Portal to.                                                                                                                                           |
+| TYK_K8SBOOTSTRAP_TYK_ORG_ID                    | corresponds to the organisation ID that is being created.                                                                                                                                                             |
+| TYK_K8SBOOTSTRAP_TYK_DASHBOARDLICENSE          | corresponds to the license key of Tyk Dashboard.                                                                                                                                                                      |
 
+## Required RBAC roles for the app to work inside the Kubernetes cluster
 
+Given that the applications operate as Chart Hooks to execute specific actions, such as creating Kubernetes Secrets, 
+validating component health statuses, and performing system cleanup during the deletion of the Helm Release, 
+they require specific RBAC rules for each operation.
 
-### 2. Tyk pre deletion hook
-a. Ensures that no failed jobs are still running by deleting them (as they prevented
-<br>
-b. clean uninstallation of the helm charts)
-<br>
-c. Also detects and deletes an existing tyk-operator-secret on helm charts uninstallation
+The required roles can be found here: 
+[`bootstrap-role.yaml`](https://github.com/TykTechnologies/tyk-charts/blob/main/components/tyk-bootstrap/templates/bootstrap-role.yml)
 
-Required RBAC roles for the app to work inside the k8s cluster:
-- delete
-- list
+## Useful testing tips and commands:
 
+### Load images to Kind Cluster
+
+After making your changes to applications, running the following command loads your local changes into KinD cluster with `tykio/tyk-k8s-boostrap{pre-post}-{delete-install}:testing` image.
+
+```bash
+$ ./hack/load_images.sh
+```
 
-### Useful debug/test tips/commands:
+### KinD with a local image repository
 
 If you want to create a k8s kind cluster that also has a local repository where
 you can push the images generated by the Makefile just run the "local_registry.sh" script.

cmd/bootstrap-post/main.go

@@ -11,7 +11,7 @@ import (
 )
 
 func main() {
-	err := data.InitAppDataPostInstall()
+	err := data.InitPostInstall()
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)
@@ -24,38 +24,41 @@ func main() {
 	}
 
 	tp := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: data.AppConfig.DashboardInsecureSkipVerify},
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: data.BootstrapConf.InsecureSkipVerify},
 	}
 	client := http.Client{Transport: tp}
 
 	fmt.Println("Started creating dashboard org")
+
 	err = helpers.CheckForExistingOrganisation(client)
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)
 	}
-	fmt.Println("Finished creating dashboard org")
 
+	fmt.Println("Finished creating dashboard org")
 	fmt.Println("Generating dashboard credentials")
+
 	err = helpers.GenerateDashboardCredentials(client)
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)
 	}
-	fmt.Println("Finished generating dashboard credentials")
 
+	fmt.Println("Finished generating dashboard credentials")
 	fmt.Println("Started bootstrapping operator secret")
-	if data.AppConfig.OperatorSecretEnabled {
+
+	if data.BootstrapConf.OperatorKubernetesSecretName != "" {
 		err = helpers.BootstrapTykOperatorSecret()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 	}
-	fmt.Println("Finished bootstrapping operator secret")
 
-	fmt.Println("Started bootstrapping portal secret")
-	if data.AppConfig.DeveloperPortalSecretEnabled {
+	fmt.Println("Finished bootstrapping operator secret\nStarted bootstrapping portal secret")
+
+	if data.BootstrapConf.DevPortalKubernetesSecretName != "" {
 		err = helpers.BootstrapTykPortalSecret()
 		if err != nil {
 			fmt.Println(err)
@@ -64,13 +67,14 @@ func main() {
 	}
 
 	fmt.Println("Started bootstrapping portal with requests to dashboard")
-	if data.AppConfig.BootstrapPortal {
+
+	if data.BootstrapConf.BootstrapPortal {
 		err = helpers.BoostrapPortal(client)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
 	}
-	fmt.Println("Finished bootstrapping portal")
 
+	fmt.Println("Finished bootstrapping portal")
 }

cmd/bootstrap-pre-delete/main.go

@@ -8,7 +8,7 @@ import (
 )
 
 func main() {
-	err := data.InitAppDataPreDelete()
+	err := data.InitBootstrapConf()
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(1)

cmd/bootstrap-pre-install/main.go

@@ -3,11 +3,18 @@ package main
 import (
 	"fmt"
 	"os"
+	"tyk/tyk/bootstrap/data"
 	"tyk/tyk/bootstrap/preinstallation"
 )
 
 func main() {
-	err := preinstallation.PreHookInstall()
+	err := data.InitBootstrapConf()
+	if err != nil {
+		fmt.Printf("Failed to parse bootstrap environment variables, err: %v", err)
+		os.Exit(1)
+	}
+
+	err = preinstallation.PreHookInstall()
 	if err != nil {
 		fmt.Printf("Failed to run pre-hook job, err: %v", err)
 		os.Exit(1)