This repository has been archived by the owner on Jun 14, 2023. It is now read-only.
/
types.go
305 lines (259 loc) · 11.4 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
package types
import (
"fmt"
"strings"
cloudinit "github.com/flanksource/konfigadm/pkg/cloud-init"
"github.com/flanksource/konfigadm/pkg/utils"
)
var (
konfigadm = "konfigadm"
)
//Port maps src and target ports
type Port struct {
Port int `yaml:"port,omitempty" validate:"min=1,max=65536"`
Target int `yaml:"target,omitempty" validate:"min=1,max=65536"`
}
//Container represents a container to be run using systemd
type Container struct {
//The name of the service (e.g systemd unit name or deployment name)
Service string `yaml:"service,omitempty"`
Image string `yaml:"image"`
//A map of environment variables to pass through
Env map[string]string `yaml:"env,omitempty"`
//A map of labels to add to the container
Labels map[string]string `yaml:"labels,omitempty"`
//Additional arguments to the docker run command e.g. -p 8080:8080
DockerOpts string `yaml:"docker_opts,omitempty"`
//Additional options to the docker client e.g. -H unix:///tmp/var/run/docker.sock
DockerClientArgs string `yaml:"docker_client_args,omitempty"`
//Additional arguments to the container
Args string `yaml:"args,omitempty"`
Ports []Port `yaml:"ports,omitempty"`
Commands []string `yaml:"commands,omitempty"`
//Map of files to mount into the container
Files map[string]string `yaml:"files,omitempty"`
//Map of templates to mount into the container
Templates map[string]string `yaml:"templates,omitempty"`
//TODO:
Volumes []string `yaml:"volumes,omitempty"`
//TODO capabilities:
//CPU limit in cores (Defaults to 1 )
CPU int `yaml:"cpu,omitempty" validate:"min=0,max=32"`
// Memory Limit in MB. (Defaults to 1024)
Mem int `yaml:"mem,omitempty" validate:"min=0,max=1048576"`
//default: user-bridge only
Network string `yaml:"network,omitempty"`
// default: 1
Replicas int `yaml:"replicas,omitempty"`
}
func (c Container) Name() string {
if c.Service != "" {
return c.Service
}
name := strings.Split(c.Image, ":")[0]
if strings.Contains(name, "/") {
name = name[strings.LastIndex(name, "/")+1:]
}
return name
}
//File is a primitive representing a single file
type File struct {
Content string `yaml:"content,omitempty"`
ContentFromURL string `yaml:"content_from_url,omitempty"`
Unarchive bool `yaml:"unarchive,omitempty"`
Permissions string `yaml:"permissions,omitempty"`
Owner string `yaml:"owner,omitempty"`
Flags []Flag `yaml:"tags,omitempty"`
}
//User mirrors the CloudInit User struct.
type User struct {
// The user's login name
Name string `yaml:"name,omitempty"`
//The user name's real name, i.e. "Bob B. Smith"
Gecos string `yaml:"gecos,omitempty"`
// Optional. The SELinux user for the user's login, such as
// "staff_u". When this is omitted the system will select the default
// SELinux user.
SeLinuxUser string `yaml:"selinux_user,omitempty"`
ExpireDate string `yaml:"expiredate,omitempty"`
// Defaults to none. Accepts a sudo rule string, a list of sudo rule
// strings or False to explicitly deny sudo usage. Examples:
//
// Allow a user unrestricted sudo access.
// sudo: ALL=(ALL) NOPASSWD:ALL
//
// Adding multiple sudo rule strings.
// sudo:
// - ALL=(ALL) NOPASSWD:/bin/mysql
// - ALL=(ALL) ALL
//
// Prevent sudo access for a user.
// sudo: False
//
// Note: Please double check your syntax and make sure it is valid.
// cloud-init does not parse/check the syntax of the sudo
// directive.
Sudo string `yaml:"sudo,omitempty"`
// The hash -- not the password itself -- of the password you want
// to use for this user. You can generate a safe hash via:
// mkpasswd --method=SHA-512 --rounds=4096
// (the above command would create from stdin an SHA-512 password hash
// with 4096 salt rounds)
//
// Please note: while the use of a hashed password is better than
// plain text, the use of this feature is not ideal. Also,
// using a high number of salting rounds will help, but it should
// not be relied upon.
//
// To highlight this risk, running John the Ripper against the
// example hash above, with a readily available wordlist, revealed
// the true password in 12 seconds on a i7-2620QM.
//
// In other words, this feature is a potential security risk and is
// provided for your convenience only. If you do not fully trust the
// medium over which your cloud-config will be transmitted, then you
// should use SSH authentication only.
//
// You have thus been warned.
Passwd string `yaml:"passwd,omitempty"`
// define the primary group. Defaults to a new group created named after the user.
PrimaryGroup string `yaml:"primary_group,omitempty"`
Groups string `yaml:"groups,omitempty"`
// Optional. Import SSH ids
SSHImportID string `yaml:"ssh_import_id,omitempty"`
//Defaults to true. Lock the password to disable password login
LockPasswd bool `yaml:"lock_passwd,omitempty"`
//When set to true, do not create home directory
NoCreateHome bool `yaml:"no_create_home,omitempty"`
//When set to true, do not create a group named after the user.
NoUserGroup bool `yaml:"no_user_group,omitempty"`
//When set to true, do not initialize lastlog and faillog database.
NoLogInit bool `yaml:"no_log_init,omitempty"`
//Add keys to user's authorized keys file
SSHAuthorizedKeys []string `yaml:"ssh_authorized_keys,omitempty"`
//Create the user as inactive
Inactive bool `yaml:"inactive,omitempty"`
// Create the user as a system user. This means no home directory.
System bool `yaml:"system,omitempty"`
//Create a Snappy (Ubuntu-Core) user via the snap create-user
// command available on Ubuntu systems. If the user has an account
// on the Ubuntu SSO, specifying the email will allow snap to
// request a username and any public ssh keys and will import
// these into the system with username specified by SSO account./
// If 'username' is not set in SSO, then username will be the
// shortname before the email domain.
Snapuser string `yaml:"snapuser,omitempty"`
// Set true to block ssh logins for cloud
// ssh public keys and emit a message redirecting logins to
// use <default_username> instead. This option only disables cloud
// provided public-keys. An error will be raised if ssh_authorized_keys
// or ssh_import_id is provided for the same user.
SSHRedirectUser bool `yaml:"ssh_redirect_user,omitempty"`
Shell string `yaml:"shell,omitempty"`
UID string `yaml:"uid,omitempty"`
}
//Filesystem is a primitive for referencing all files
type Filesystem map[string]File
type Certificate string
//Config is the logical model after runtime tags have been applied
type Config struct {
AppliedFiles Filesystem `yaml:"-"`
AppliedCommands []Command `yaml:"-"`
/** Primitive elements are what all native and operator commands eventually compile down into **/
PreCommands []Command `yaml:"pre_commands,omitempty"`
Commands []Command `yaml:"commands,omitempty"`
PostCommands []Command `yaml:"post_commands,omitempty"`
Filesystem Filesystem `yaml:"filesystem,omitempty"`
/** Native elements are "compiled" into primitive items in order to apply them **/
//Files is a map of destination path to lookup file path
// The lookup path is relative to where konfigadm is run from, not relative to the config file
// The content and permissions of the file will be compiled into primitive Filesystem elements, user and group ownership is ignored
// Both the destination and lookup path can be expressions
Files map[string]string `yaml:"files,omitempty"`
//Templates is a map of destination path to template lookup path
// The lookup path is relative to where konfigadm is run from, not relative to the config file
// Templates are compiled via a Jinja (Ansible-like) rendered into primitive filesystem objects
// Both the destination and lookup path can be expressions
Templates map[string]string `yaml:"templates,omitempty"`
Sysctls map[string]string `yaml:"sysctls,omitempty"`
Packages *[]Package `yaml:"packages,omitempty"`
TarPackages []TarPackage `yaml:"tar_packages,omitempty"`
PackageRepos *[]PackageRepo `yaml:"package_repos,omitempty"`
Images []string `yaml:"images,omitempty"`
Kernel *[]KernelInput `yaml:"kernel,omitempty"`
Containers []Container `yaml:"containers,omitempty"`
ContainerRuntime ContainerRuntime `yaml:"container_runtime,omitempty"`
Kubernetes *KubernetesSpec `yaml:"kubernetes,omitempty"`
Environment map[string]string `yaml:"environment,omitempty"`
Ansible []Ansible `yaml:"ansible,omitempty"`
Timezone string `yaml:"timezone,omitempty"`
NTP []string `yaml:"ntp,omitempty"`
DNS []string `yaml:"dns,omitempty"`
Limits []string `yaml:"limits,omitempty"`
TrustedCA []Certificate `yaml:"ca,omitempty"`
Partitions []string `yaml:"partitions,omitempty"`
Extra *cloudinit.CloudInit `yaml:"extra,omitempty"`
Services map[string]Service `yaml:"services,omitempty"`
Users []User `yaml:"users,omitempty"`
Cleanup *bool `yaml:"cleanup,omitempty"`
Context *SystemContext `yaml:"-"`
}
type TarPackage struct {
URL string `yaml:"url,omitempty"`
Checksum string `yaml:"checksum,omitempty"`
ChecksumType string `yaml:"checksum_type,omitempty"`
Binary string `yaml:"binary,omitempty"`
Destination string `yaml:"destination,omitempty"`
Flags []Flag `yaml:"flags,omitempty"`
}
type Applier interface {
Apply(ctx SystemContext)
}
type SystemContext struct {
Vars map[string]interface{}
Flags []Flag
Name string
CaptureLogs string
}
type Transformer func(cfg *Config, ctx *SystemContext) (commands []Command, files Filesystem, err error)
type FlagProcessor func(cfg *Config, flags ...Flag)
type AllPhases interface {
Phase
ProcessFlagsPhase
}
type Phase interface {
ApplyPhase(cfg *Config, ctx *SystemContext) (commands []Command, files Filesystem, err error)
}
type ProcessFlagsPhase interface {
ProcessFlags(cfg *Config, flags ...Flag)
}
type VerifyPhase interface {
Verify(cfg *Config, results *VerifyResults, flags ...Flag) bool
}
//Results records the results of a test or verification run
type VerifyResults struct {
PassCount int
FailCount int
SkipCount int
}
func (c *VerifyResults) Done() {
fmt.Printf(" %d passed, %d skipped, %d failed\n", c.PassCount, c.SkipCount, c.FailCount)
}
func (c *VerifyResults) Pass(msg string, args ...interface{}) {
c.PassCount++
fmt.Println(utils.Greenf(" [pass] "+msg, args...))
}
func (c *VerifyResults) Fail(msg string, args ...interface{}) {
c.FailCount++
fmt.Println(utils.Redf(" [fail] "+msg, args...))
}
func (c *VerifyResults) Skip(msg string, args ...interface{}) {
c.SkipCount++
fmt.Println(utils.LightCyanf(" [skip] "+msg, args...))
}
type Ansible struct {
Version string `yaml:"version,omitempty"`
Workspace string `yaml:"workspace,omitempty"`
PlaybookPath string `yaml:"playbookPath,omitempty"`
Playbook string `yaml:"playbook,omitempty"`
}