fix: bootstrap, encryption

redkubes · Aug 10, 2021 · 3582453 · 3582453
1 parent 67712b3
commit 3582453
Show file tree

Hide file tree

Showing 56 changed files with 713 additions and 1,063 deletions.
diff --git a/.values/.secrets.sample b/.values/.secrets.sample
@@ -1,20 +1,18 @@
-export USER_ID=${UID-}
-export GROUP_ID=${GID-}
-export CLUSTER_NAME=      # k8s context
-export CLUSTER_APISERVER= # k8s api server
 # GitOps values repo:
-export GIT_USER=
-export GIT_EMAIL=
-export GIT_PASSWORD=
+GIT_USER=''
+GIT_EMAIL=''
+GIT_PASSWORD=''
 # KMS access from here on
 # Google (paste json key here without newlines)
-export GCLOUD_SERVICE_KEY=''
+GCLOUD_SERVICE_KEY=''
 # Azure:
-export AZURE_TENANT_ID=''
-export AZURE_CLIENT_ID=''
-export AZURE_CLIENT_SECRET=''
+AZURE_TENANT_ID=''
+AZURE_CLIENT_ID=''
+AZURE_CLIENT_SECRET=''
 # AWS:
-export AWS_DEFAULT_REGION=''
-export AWS_REGION=''
-export AWS_ACCESS_KEY_ID=''
-export AWS_SECRET_ACCESS_KEY=''
+AWS_DEFAULT_REGION=''
+AWS_REGION=''
+AWS_ACCESS_KEY_ID=''
+AWS_SECRET_ACCESS_KEY=''
+# Vault:
+VAULT_TOKEN=''
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,18 @@
+{
+  // Use IntelliSense to learn about possible attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "pwa-node",
+      "request": "launch",
+      "name": "Launch Program",
+      "skipFiles": ["<node_internals>/**"],
+      "program": "${workspaceFolder}/src/otomi.ts",
+      "args": ["--experimental-specifier-resolution=node", "bootstrap", "-vvv"],
+      "preLaunchTask": "tsc: build - tsconfig.json",
+      "outFiles": ["${workspaceFolder}/dist/**/*.js"]
+    }
+  ]
+}
diff --git a/bin/ci-tests.sh b/bin/ci-tests.sh
@@ -7,7 +7,7 @@ set -e
 . bin/common.sh
 
 testEnv=$PWD/tests/fixtures
-source $testEnv/env/.env
+source $testEnv/env/.secrets
 echo "Validating $testEnv values"
 
 ln -s $testEnv env

diff --git a/binzx/otomi b/binzx/otomi
@@ -28,7 +28,7 @@ elif [ -z "$ENV_DIR" ]; then
 else
   mkdir -p $ENV_DIR
 fi
-# set -x
+
 silent() {
   if [[ $calling_args == *'-v'* ]] && [ -t 1 ]; then
     "$@"
@@ -152,7 +152,6 @@ check_update() {
 silent echo "Checking for updates"
 [ -z $CI ] && check_update
 
-silent echo "Preparing docker environment variables"
 tmp_env=$(mktemp)
 
 function dump_vars() {
@@ -180,7 +179,6 @@ vars=(
   DEBUG
   ENV_DIR
   GCLOUD_SERVICE_KEY
-  K8S_CONTEXT
   KUBE_VERSION_OVERRIDE
   OTOMI_DRY_RUN
   OTOMI_IN_TERMINAL
@@ -196,6 +194,7 @@ vars=(
   TESTING
   TRACE
   VERBOSITY
+  VALUES_INPUT
   VAULT_TOKEN
 )
 dump_vars "${vars[@]}"

diff --git a/chart/otomi/Chart.yaml b/chart/otomi/Chart.yaml
@@ -4,7 +4,7 @@ description: A Helm chart for installing otomi in Kubernetes
 home: https://otomi.io/
 icon: https://otomi.io/img/otomi-logo.svg
 type: application
-version: '0.2.0'
+version: '0.2.1'
 appVersion: 'APP_VERSION_PLACEHOLDER'
 keywords:
   - otomi

diff --git a/chart/otomi/localtest.sh b/chart/otomi/localtest.sh
@@ -1,16 +1,7 @@
-# Usage:
-# ENV_OUT=$PWD/../ENV_OUT VALUES_DIR=$PWD/../ chart/otomi/localtest.sh
-# With VALUES_DIR holding a file named values.yaml holding the initial chart values
 set -e
 
-docker run --rm -it \
-  --env-file=../.env \
-  -e VERBOSITY=1 \
-  -e OTOMI_VALUES_INPUT=/secret/values.yaml \
-  -e OTOMI_NON_INTERACTIVE='true' \
-  -w ${WORKDIR:-$PWD} \
-  -e ENV_DIR=/home/app/stack/env \
-  -v $ENV_OUT:/home/app/stack/env \
-  -v $PWD:$PWD -v $VALUES_DIR:/secret \
-  -v /tmp:/tmp $image \
-  "binzx/otomi chart bootstrap && binzx/otomi chart merge && binzx/otomi chart push && binzx/otomi apply"
+export OTOMI_VALUES_INPUT=/tmp/otomi/secret/values.yaml
+export CI=1
+
+binzx/otomi bootstrap
+binzx/otomi apply
diff --git a/chart/otomi/templates/job.yaml b/chart/otomi/templates/job.yaml
@@ -29,9 +29,11 @@ spec:
           command: [bash, -c]
           args:
             - |
-              binzx/otomi bootstrap values
+              binzx/otomi bootstrap
               binzx/otomi apply
           env:
+            - name: CI
+              value: '1'
             - name: VERBOSITY
               value: '1'
             - name: OTOMI_NON_INTERACTIVE

diff --git a/chart/otomi/values.yaml b/chart/otomi/values.yaml
@@ -2,8 +2,10 @@ cluster:
   apiName: ''
   apiServer: ''
   domainSuffix: ''
+  k8sContext: ''
   k8sVersion: '1.20'
   name: 'dev'
+  owner: ''
   provider: ''
   region: ''
 # kms:
@@ -30,11 +32,9 @@ oidc:
   clientID: ''
   clientSecret: ''
   adminGroupID: ''
-  authUrl: ''
   issuer: ''
   teamAdminGroupID: ''
   tenantID: ''
-  tokenUrl: ''
 otomi:
   adminPassword: ''
   isMultitenant: true

diff --git a/src/ci-tests.ts b/src/ci-tests.ts
@@ -6,9 +6,8 @@ import { hf } from './cmd/hf'
 import { validateTemplates } from './cmd/validate-templates'
 import { validateValues } from './cmd/validate-values'
 import { x } from './cmd/x'
-import { OtomiDebugger, terminal } from './common/debug'
 import { cleanupHandler } from './common/setup'
-import { BasicArguments, getFilename, setParsedArgs, startingDir } from './common/utils'
+import { BasicArguments, getFilename, OtomiDebugger, setParsedArgs, startingDir, terminal } from './common/utils'
 import { basicOptions } from './common/yargs-opts'
 
 const cmdName = getFilename(import.meta.url)

diff --git a/src/cmd/EXAMPLE.ts b/src/cmd/EXAMPLE.ts
diff --git a/src/cmd/apply.ts b/src/cmd/apply.ts
@@ -1,10 +1,9 @@
 import { mkdirSync, rmdirSync, writeFileSync } from 'fs'
 import { Argv, CommandModule } from 'yargs'
 import { $ } from 'zx'
-import { OtomiDebugger, terminal } from '../common/debug'
 import { hf, hfStream } from '../common/hf'
-import { cleanupHandler, otomi, PrepareEnvironmentOptions } from '../common/setup'
-import { getFilename, logLevelString, setParsedArgs } from '../common/utils'
+import { cleanupHandler, prepareEnvironment, PrepareEnvironmentOptions } from '../common/setup'
+import { getFilename, getParsedArgs, logLevelString, OtomiDebugger, setParsedArgs, terminal } from '../common/utils'
 import { Arguments as HelmArgs, helmOptions } from '../common/yargs-opts'
 import { ProcessOutputTrimmed } from '../common/zx-enhance'
 import { Arguments as DroneArgs } from './gen-drone'
@@ -27,11 +26,12 @@ const setup = async (argv: Arguments, options?: PrepareEnvironmentOptions): Prom
   if (argv._[0] === cmdName) cleanupHandler(() => cleanup(argv))
   debug = terminal(cmdName)
 
-  if (options) await otomi.prepareEnvironment(options)
+  if (options) await prepareEnvironment(options)
   mkdirSync(dir, { recursive: true })
 }
 
-const deployAll = async (argv: Arguments) => {
+const applyAll = async (argv: Arguments) => {
+  debug.info('Start apply all')
   const output: ProcessOutputTrimmed = await hf(
     { fileOpts: 'helmfile.tpl/helmfile-init.yaml', args: 'template' },
     { streams: { stdout: debug.stream.log, stderr: debug.stream.error } },
@@ -57,24 +57,23 @@ const deployAll = async (argv: Arguments) => {
   )
 }
 
-export const apply = async (argv: Arguments, options?: PrepareEnvironmentOptions): Promise<void> => {
-  await setup(argv, options)
-  if (argv._[0] === 'deploy' || (!argv.label && !argv.file)) {
-    debug.info('Start deploy')
-    await deployAll(argv)
-  } else {
-    debug.info('Start apply')
-    const skipCleanup = argv.skipCleanup ? '--skip-cleanup' : ''
-    await hfStream(
-      {
-        fileOpts: argv.file,
-        labelOpts: argv.label,
-        logLevel: logLevelString(),
-        args: ['apply', '--skip-deps', skipCleanup],
-      },
-      { trim: true, streams: { stdout: debug.stream.log, stderr: debug.stream.error } },
-    )
+export const apply = async (): Promise<void> => {
+  const argv: Arguments = getParsedArgs()
+  if (!argv.label && !argv.file) {
+    await applyAll(argv)
+    return
   }
+  debug.info('Start apply')
+  const skipCleanup = argv.skipCleanup ? '--skip-cleanup' : ''
+  await hfStream(
+    {
+      fileOpts: argv.file,
+      labelOpts: argv.label,
+      logLevel: logLevelString(),
+      args: ['apply', '--skip-deps', skipCleanup],
+    },
+    { trim: true, streams: { stdout: debug.stream.log, stderr: debug.stream.error } },
+  )
 }
 
 export const module: CommandModule = {
@@ -84,7 +83,8 @@ export const module: CommandModule = {
 
   handler: async (argv: Arguments): Promise<void> => {
     setParsedArgs(argv)
-    await apply(argv, {})
+    await setup(argv, {})
+    await apply()
   },
 }
 

diff --git a/src/cmd/bash.ts b/src/cmd/bash.ts
@@ -1,8 +1,7 @@
 import { Argv, CommandModule } from 'yargs'
 import { $, nothrow } from 'zx'
-import { OtomiDebugger, terminal } from '../common/debug'
-import { cleanupHandler, otomi, PrepareEnvironmentOptions } from '../common/setup'
-import { BasicArguments, getFilename, parser, setParsedArgs } from '../common/utils'
+import { cleanupHandler, prepareEnvironment, PrepareEnvironmentOptions } from '../common/setup'
+import { BasicArguments, getFilename, OtomiDebugger, parser, setParsedArgs, terminal } from '../common/utils'
 
 const cmdName = getFilename(import.meta.url)
 let debug: OtomiDebugger
@@ -17,7 +16,7 @@ const setup = async (argv: BasicArguments, options?: PrepareEnvironmentOptions):
   if (argv._[0] === cmdName) cleanupHandler(() => cleanup(argv))
   debug = terminal(cmdName)
 
-  if (options) await otomi.prepareEnvironment(options)
+  if (options) await prepareEnvironment(options)
 }
 
 export const bash = async (argv: BasicArguments, options?: PrepareEnvironmentOptions): Promise<void> => {