feat: make git config operations thread safe (#7)

flanksource · Aug 28, 2023 · 497ea5d · 497ea5d
1 parent 6914399
commit 497ea5d
Show file tree

Hide file tree

Showing 11 changed files with 69 additions and 64 deletions.
diff --git a/api/v1/config.go b/api/v1/config.go
@@ -14,22 +14,22 @@ const (
 type Config struct {
 	Git   *GitopsAPISpec `json:"git,omitempty" yaml:"git,omitempty"`
 	AWS   *AWSConfig     `json:"aws,omitempty" yaml:"aws,omitempty"`
-	Azure *AZUREConfig   `json:"azure,omitempty" yaml:"azure,omitempty"`
+	Azure *AzureConfig   `json:"azure,omitempty" yaml:"azure,omitempty"`
 }
 
 type AWSConfig struct {
 	// ARN of the key to use for encryption
 	Key string `json:"key" yaml:"key"`
 }
 
-type AZUREConfig struct {
+type AzureConfig struct {
 	TenantID     string `json:"tenant_id" yaml:"tenant_id"`
 	ClientID     string `json:"client_id" yaml:"client_id"`
 	ClientSecret string `json:"client_secret" yaml:"client_secret"`
 	VaultURI     string `json:"vault_uri" yaml:"vault_url"`
 }
 
-func (a *AZUREConfig) SetEnvs() {
+func (a *AzureConfig) SetEnvs() {
 	os.Setenv("AZURE_CLIENT_SECRET", a.ClientSecret)
 	os.Setenv("AZURE_CLIENT_ID", a.ClientID)
 	os.Setenv("AZURE_TENANT_ID", a.TenantID)

diff --git a/api/v1/gitopsapi_types.go b/api/v1/gitopsapi_types.go
@@ -1,20 +1,11 @@
 package v1
 
-import (
-	"github.com/gosimple/slug"
-	"github.com/labstack/gommon/random"
-)
-
 // GitopsAPISpec defines the desired state of GitopsAPI
 type GitopsAPISpec struct {
 	// The repository URL, can be a HTTP or SSH address.
 	Repository string `json:"repository,omitempty"`
 	User       string `json:"user,omitempty"`
 	Email      string `json:"email,omitempty"`
-	// The branch to use as a baseline for the new branch, defaults to master
-	Base string `json:"base,omitempty"`
-	// The branch to push updates back to, defaults to master
-	Branch string `json:"branch,omitempty"`
 
 	// Open a new Pull request from the branch back to the base
 	PullRequest *PullRequestTemplate `json:"pull_request,omitempty"`
@@ -37,18 +28,9 @@ type PullRequestTemplate struct {
 	Reviewers []string `json:"reviewers,omitempty"`
 	Assignees []string `json:"assignees,omitempty"`
 	Tags      []string `json:"tags,omitempty"`
-}
 
-func (in *GitopsAPISpec) SetDefaults(title string) {
-	if in.Base == "" {
-		in.Base = "main"
-	}
-	if in.PullRequest.Title == "" {
-		in.PullRequest.Title = title
-	}
-	if in.PullRequest != nil {
-		in.Branch = slug.Make(in.PullRequest.Title) + "-" + random.String(4)
-	} else {
-		in.Branch = in.Base
-	}
+	// The branch to use as a baseline for the new branch, defaults to master
+	Base string `json:"base,omitempty"`
+	// The branch to push updates back to, defaults to master
+	Branch string `json:"branch,omitempty"`
 }
diff --git a/pkg/api/tenant.go b/pkg/api/tenant.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/flanksource/tenant-controller/pkg"
 	"github.com/flanksource/tenant-controller/pkg/git"
+	"github.com/flanksource/tenant-controller/pkg/secrets"
 	"github.com/gosimple/slug"
 	"github.com/labstack/echo/v4"
 )
@@ -26,15 +27,13 @@ func CreateTenant(c echo.Context) error {
 		tenant.Slug = slug.Make(tenant.Name)
 	}
 
-	// TODO: Remove side-effects
-	// This sets certain parameters that are used
-	// by sc.GenrateSealedSecret
-	// Use `SealedSecretParams` struct to pass into that func
-	tenant.GenerateDBCredentials()
-
 	// TODO: Webhook does not tell which cloud provider
 	sc := GetSecretControllerFromCloud(tenant.Cloud)
-	sealedSecretRaw, err := sc.GenerateSealedSecret(tenant)
+	sealedSecretRaw, err := sc.GenerateSealedSecret(secrets.SealedSecretParams{
+		Slug:     tenant.Slug,
+		Username: tenant.GenerateDBUsername(),
+		Password: tenant.GenerateDBPassword(),
+	})
 	if err != nil {
 		return errorResonse(c, err, http.StatusInternalServerError)
 	}

diff --git a/pkg/git/connectors/connector.go b/pkg/git/connectors/connector.go
@@ -13,7 +13,7 @@ import (
 type Connector interface {
 	Clone(ctx context.Context, branch, local string) (billy.Filesystem, *git.Worktree, error)
 	Push(ctx context.Context, branch string) error
-	OpenPullRequest(ctx context.Context, base string, head string, spec *v1.PullRequestTemplate) (int, error)
+	OpenPullRequest(ctx context.Context, spec v1.PullRequestTemplate) (int, error)
 	ClosePullRequest(ctx context.Context, id int) error
 }
 

diff --git a/pkg/git/connectors/github.go b/pkg/git/connectors/github.go
@@ -56,19 +56,19 @@ func (g *Github) Push(ctx context.Context, branch string) error {
 	return nil
 }
 
-func (g *Github) OpenPullRequest(ctx context.Context, base string, head string, spec *v1.PullRequestTemplate) (int, error) {
+func (g *Github) OpenPullRequest(ctx context.Context, spec v1.PullRequestTemplate) (int, error) {
 	if spec.Title == "" {
-		spec.Title = head
+		spec.Title = spec.Branch
 	}
 	pr, _, err := g.scm.PullRequests.Create(ctx, g.repository, &scm.PullRequestInput{
 		Title: spec.Title,
 		Body:  spec.Body,
-		Head:  head,
-		Base:  base,
+		Head:  spec.Branch,
+		Base:  spec.Base,
 	})
 
 	if err != nil {
-		return 0, errors.Wrapf(err, "failed to create pr repo=%s title=%s, head=%s base=%s", g.repository, spec.Title, head, base)
+		return 0, errors.Wrapf(err, "failed to create pr repo=%s title=%s, head=%s base=%s", g.repository, spec.Title, spec.Branch, spec.Base)
 	}
 
 	if len(spec.Reviewers) > 0 {

diff --git a/pkg/git/connectors/gitssh.go b/pkg/git/connectors/gitssh.go
@@ -23,7 +23,7 @@ type GitSSH struct {
 	auth transport.AuthMethod
 }
 
-func (g *GitSSH) OpenPullRequest(ctx context.Context, base string, head string, spec *v1.PullRequestTemplate) (int, error) {
+func (g *GitSSH) OpenPullRequest(ctx context.Context, spec v1.PullRequestTemplate) (int, error) {
 	return 0, fmt.Errorf("open pull request  not implemented for git ssh")
 }
 

diff --git a/pkg/git/git.go b/pkg/git/git.go
@@ -10,26 +10,29 @@ import (
 	"strings"
 	"time"
 
+	v1 "github.com/flanksource/tenant-controller/api/v1"
 	"github.com/flanksource/tenant-controller/pkg"
 	"github.com/flanksource/tenant-controller/pkg/git/connectors"
 	"github.com/go-git/go-billy/v5"
 	gitv5 "github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing/object"
+	"github.com/gosimple/slug"
+	"github.com/labstack/gommon/random"
 	"github.com/pkg/errors"
 	"gopkg.in/yaml.v2"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/kustomize/api/types"
 )
 
 func OpenPRWithTenantResources(tenant *pkg.Tenant, tenantObjs []*unstructured.Unstructured) (pr int, hash string, err error) {
-	// TODO: Git config should be passed as arg, not taken from global
 	connector, err := connectors.NewConnector(pkg.Config.Git)
 	if err != nil {
 		return
 	}
 
 	title := fmt.Sprintf("feat: add %s tenant resources", tenant.Name)
-	work, title, err := CreateTenantResources(connector, tenant, tenantObjs)
+	prTemplate := getTenantPRTemplate(title)
+	work, title, err := CreateTenantResources(connector, tenant, tenantObjs, prTemplate)
 	if err != nil {
 		return
 	}
@@ -39,23 +42,43 @@ func OpenPRWithTenantResources(tenant *pkg.Tenant, tenantObjs []*unstructured.Un
 		return
 	}
 
-	if err = connector.Push(context.Background(), fmt.Sprintf("%s:%s", pkg.Config.Git.Branch, pkg.Config.Git.Base)); err != nil {
+	if err = connector.Push(context.Background(), prTemplate.Branch); err != nil {
 		return
 	}
 
-	pr, err = connector.OpenPullRequest(context.Background(), pkg.Config.Git.Base, pkg.Config.Git.Branch, pkg.Config.Git.PullRequest)
+	pr, err = connector.OpenPullRequest(context.Background(), prTemplate)
 	if err != nil {
 		return
 	}
 
 	return
 }
 
-func CreateTenantResources(connector connectors.Connector, tenant *pkg.Tenant, tenantObjs []*unstructured.Unstructured) (work *gitv5.Worktree, title string, err error) {
-	// TODO: This is not thread safe
-	pkg.Config.Git.SetDefaults(title)
+func getTenantPRTemplate(title string) v1.PullRequestTemplate {
+	base := pkg.Config.Git.PullRequest.Base
+	if base == "" {
+		base = "main"
+	}
+	prtitle := pkg.Config.Git.PullRequest.Title
+	if prtitle == "" {
+		prtitle = title
+	}
+
+	branch := slug.Make(title) + "-" + random.String(4)
+
+	return v1.PullRequestTemplate{
+		Base:      base,
+		Branch:    branch,
+		Body:      pkg.Config.Git.PullRequest.Body,
+		Title:     pkg.Config.Git.PullRequest.Title,
+		Reviewers: pkg.Config.Git.PullRequest.Reviewers,
+		Assignees: pkg.Config.Git.PullRequest.Assignees,
+		Tags:      pkg.Config.Git.PullRequest.Tags,
+	}
+}
 
-	fs, work, err := connector.Clone(context.Background(), pkg.Config.Git.Base, pkg.Config.Git.Branch)
+func CreateTenantResources(connector connectors.Connector, tenant *pkg.Tenant, tenantObjs []*unstructured.Unstructured, prTemplate v1.PullRequestTemplate) (work *gitv5.Worktree, title string, err error) {
+	fs, work, err := connector.Clone(context.Background(), prTemplate.Base, prTemplate.Branch)
 	if err != nil {
 		return
 	}
@@ -124,6 +147,7 @@ func getContentsPath(tenant *pkg.Tenant) string {
 }
 
 func getClusterName(tenant *pkg.Tenant) string {
+	// TODO: Take this from config
 	switch tenant.Cloud {
 	case pkg.Azure:
 		return "azure-internal-prod"

diff --git a/pkg/secrets/azure.go b/pkg/secrets/azure.go
@@ -9,8 +9,8 @@ import (
 
 type AzureSealedSecret struct{}
 
-func (s *AzureSealedSecret) GenerateSealedSecret(tenant *pkg.Tenant) ([]byte, error) {
-	fileName, err := createDBSecretFile(tenant.Slug, tenant.DB.Username, tenant.DB.Password)
+func (s *AzureSealedSecret) GenerateSealedSecret(params SealedSecretParams) ([]byte, error) {
+	fileName, err := createDBSecretFile(params.Slug, params.Username, params.Password)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/secrets/secret.go b/pkg/secrets/secret.go
@@ -3,13 +3,18 @@ package secrets
 import (
 	"os"
 
-	"github.com/flanksource/tenant-controller/pkg"
 	"gopkg.in/yaml.v2"
 )
 
+type SealedSecretParams struct {
+	Slug     string
+	Username string
+	Password string
+}
+
 type Secrets interface {
 	// GenerateSealedSecret generates a sealed secret from the tenant authenticating using the configured cloud provider
-	GenerateSealedSecret(tenant *pkg.Tenant) ([]byte, error)
+	GenerateSealedSecret(params SealedSecretParams) ([]byte, error)
 }
 
 // create a function that creates a kubernetes secret object structure and write it into a file

diff --git a/pkg/tenant.go b/pkg/tenant.go
@@ -34,7 +34,8 @@ spec:
           - --out-kube-config-server=https://{{.tenant}}.{{.tenant}}.svc
     missionControl:
       flanksource-ui:
-        oryKratosURL: https://{{.tenant}}.internal-prod.flanksource.com/api/.ory`
+        oryKratosURL: https://{{.tenant}}.internal-prod.flanksource.com/api/.ory
+`
 
 	NAMESPACE_TEMPLATE = `apiVersion: v1
 kind: Namespace

diff --git a/pkg/tenant_api.go b/pkg/tenant_api.go
@@ -19,26 +19,20 @@ type Tenant struct {
 	Name  string         `json:"name"`
 	Cloud CloudProvider  `json:"cloud"`
 	Slug  string         `json:"slug,omitempty"`
-	Azure v1.AZUREConfig `json:"-"`
-	DB    DBCredentials  `json:"-"`
+	Azure v1.AzureConfig `json:"-"`
 }
 
 type DBCredentials struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
 }
 
-func (tenant *Tenant) GenerateDBCredentials() *Tenant {
-	// Generate a random username and password
-	username := fmt.Sprintf("%s_%d", strings.ToLower(tenant.Slug), rand.Intn(1000))
-	password := generateRandomPassword()
-
-	// Set the username and password on the tenant object
-	tenant.DB.Username = username
-	tenant.DB.Password = password
+func (tenant Tenant) GenerateDBUsername() string {
+	return fmt.Sprintf("%s_%d", strings.ToLower(tenant.Slug), rand.Intn(1000))
+}
 
-	// Return the updated tenant object
-	return tenant
+func (tenant Tenant) GenerateDBPassword() string {
+	return generateRandomPassword()
 }
 
 func generateRandomPassword() string {