feat: added email+home receiver, moved cloud settings to own props

.cspell.json

@@ -26,8 +26,6 @@
     "mkilled",
     "nindent",
     "nslookup",
-    "oo",
-    "oo mkilled",
     "RAGRS",
     "jwks",
     "RAGZRS",

.demo/env/clouds/azure/overrides.azure.yaml

@@ -4,8 +4,5 @@ charts:
             - aks.otomi.cloud
         azure:
             region: westeurope
-clouds:
-    azure:
-        diskType: Standard_LRS
 otomi:
     hasCloudLB: true

.demo/env/clouds/azure/secrets.overrides.azure.yaml

@@ -1,8 +1,3 @@
-clouds:
-    azure:
-        resourceGroup: somesecretvalue
-        tenantId: somesecretvalue
-        subscriptionId: somesecretvalue
 charts:
     cert-manager:
         azureClientSecret: somesecretvalue

.demo/env/clusters.yaml

@@ -10,7 +10,6 @@ clouds:
                 otomiVersion: 'master'
                 region: eu-central-1
     google:
-        projectId: otomi-cloud
         domain: gke.otomi.cloud
         clusters:
             demo:

.demo/env/secrets.settings.yaml

@@ -1,28 +1,30 @@
 oidc:
     clientSecret: somesecretvalue
-    idp:
-        clientSecret: somesecretvalue
 otomi:
     pullSecret: c29tZXNlY3JldHZhbHVlCg==
-
-clouds:
-    google:
-        cloudDnsKey: |
-            {
-              "type": "service_account",
-              "project_id": "project_id-cloud",
-              "private_key_id": "private_key_id",
-              "private_key": "-----BEGIN PRIVATE KEY-----\n private_key ----END PRIVATE KEY-----\n",
-              "client_email": "client_email",
-              "client_id": "client_id",
-              "auth_uri": "https://accounts.google.com/o/oauth2/auth",
-              "token_uri": "https://oauth2.googleapis.com/token",
-              "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-              "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dnsmanager%40otomi-cloud.iam.gserviceaccount.com"
-            }
+azure:
+    monitor:
+        clientId: somesecretvalue
+        clientSecret: somesecretvalue
+google:
+    cloudDnsKey: |
+        {
+          "type": "service_account",
+          "project_id": "project_id-cloud",
+          "private_key_id": "private_key_id",
+          "private_key": "-----BEGIN PRIVATE KEY-----\n private_key ----END PRIVATE KEY-----\n",
+          "client_email": "client_email",
+          "client_id": "client_id",
+          "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+          "token_uri": "https://oauth2.googleapis.com/token",
+          "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+          "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/dnsmanager%40otomi-cloud.iam.gserviceaccount.com"
+        }
 home:
     slack:
         url: https://hooks.slack.com/services/id
 alerts:
     slack:
         url: https://hooks.slack.com/services/id
+    email:
+        to: admins@yourdoma.in

.demo/env/secrets.teams.yaml

@@ -1,7 +1,6 @@
 teamConfig:
     teams:
         demo:
-            azure: {}
             oidc:
                 groupMapping: somesecretvalue
             password: somesecretvalue

.demo/env/settings.yaml

@@ -1,28 +1,38 @@
-otomi:
-    mode: ce
-    isManaged: true
-    isMultitenant: true
-    isHomeMonitored: true
-    teamPrefix: team-
-    hasCloudLB: false
+alerts:
+    drone: slack
+    email:
+        from: admins@your.cloud
+        smarthost: some.smtp.host
+    receivers:
+        - slack
+        - email
+azure:
+    diskType: Standard_LRS
+    resourceGroup: somevalue
+    subscriptionId: somevalue
+    tenantId: somevalue
 customer:
     name: demo
-oidc:
-    clientID: someClientID
-    clientSecret: someClientSecret
-    issuer: https://login.microsoftonline.com/57a3f6ea-7e70-4260-acb4-e06ce452f695
-    tenantID: 57a3f6ea-7e70-4260-acb4-e06ce452f695
-    adminGroupID: someAdminGroupID
-    teamAdminGroupID: someTeamAdminGroupID
-    scope: openid email profile
+google:
+    projectId: otomi-cloud
 home:
-    receivers: [slack]
+    receivers:
+        - slack
     slack:
         channel: mon-otomi
         channelCrit: mon-otomi-crit
-alerts:
-    drone: slack
-    receivers: [slack, email]
-    email:
-        from: admins@your.cloud
-        smarthost: some.smtp.host
+oidc:
+    adminGroupID: someAdminGroupID
+    clientID: someClientID
+    clientSecret: someClientSecret
+    issuer: 'https://login.microsoftonline.com/57a3f6ea-7e70-4260-acb4-e06ce452f695'
+    scope: openid email profile
+    teamAdminGroupID: someTeamAdminGroupID
+    tenantID: 57a3f6ea-7e70-4260-acb4-e06ce452f695
+otomi:
+    hasCloudLB: false
+    isHomeMonitored: true
+    isManaged: true
+    isMultitenant: true
+    mode: ce
+    teamPrefix: team-

.demo/env/teams.yaml

@@ -2,3 +2,8 @@ teamConfig:
     teams:
         demo:
             id: demo
+            clusters:
+                - aws/demo
+                - azure/demo
+                - google/demo
+                - onprem/demo

.values/.vscode/settings.json

@@ -18,7 +18,6 @@
   "sops.defaults.gcpCredentialsPath": "gcp-key.json",
   "sops.enabled": true,
   "yaml.schemas": {
-    "http://json-schema.org/draft/2019-09/schema#": ".vscode/values-schema.yaml",
     ".vscode/values-schema.yaml": "env/*.yaml"
   }
 }

.vscode/settings.json

@@ -24,8 +24,8 @@
     "CONTRIBUTING": "markdown"
   },
   "yaml.schemas": {
-    "http://json-schema.org/draft/2019-09/schema#": "./values-schema.yaml",
-    "http://json-schema.org/draft/2019-09/schema#": ".vscode/values-schema.yaml",
+    // "http://json-schema.org/draft/2019-09/schema#": "./values-schema.yaml",
+    // "http://json-schema.org/draft/2019-09/schema#": ".vscode/values-schema.yaml",
     ".values/values-schema.yaml": ".demo/env/*.yaml"
   },
   "shellformat.flag": "-i 2 -ci"

Dockerfile

@@ -1,30 +1,34 @@
-FROM node:14-slim as ci
+FROM node:14-slim as npm
 
 ARG SKIP_TESTS='false'
-ENV EXIT_FAST='true'
+ENV CI=true
 
 ENV APP_HOME=/home/app/stack
 RUN mkdir -p $APP_HOME
 WORKDIR $APP_HOME
 
-COPY package*.json ./
 COPY . .
 COPY ./.cspell.json .
-RUN cp -r .demo/ env/ 
 
-RUN [ "$SKIP_TESTS" = 'false' ] && \
-  npm install && \
-  npm run spellcheck && \
-  bin/validate-values.sh && \
-  bin/validate-templates.sh || true
+RUN if [ "$SKIP_TESTS" = 'false' ]; then \
+  npm install cspell && npm run spellcheck; fi
 
 #-----------------------------
 FROM otomi/tools:1.4.8 as prod
 
+ARG SKIP_TESTS='false'
+ENV CI=true
+
 ENV APP_HOME=/home/app/stack
 RUN mkdir -p $APP_HOME
 WORKDIR $APP_HOME
 
 COPY . .
 
+RUN if [ "$SKIP_TESTS" = 'false' ]; then \
+  cp -r .demo/ env/ && \
+  bin/validate-values.sh && \
+  bin/validate-templates.sh && \
+  rm -rf env/*; fi
+
 CMD ["bin/otomi"]

bin/common.sh

@@ -50,10 +50,9 @@ for_each_cluster() {
   executable=$1
   [[ -z "$executable" ]] && echo "ERROR: the positional argument is not set"
   local clustersPath="$ENV_DIR/env/clusters.yaml"
-  clouds=($(yq r -j $clustersPath clouds | jq -r '.|keys[]'))
-
-  for cloud in "${clouds[@]}"; do
-    clusters=($(yq r -j $clustersPath clouds.${cloud}.clusters | jq -r '. | keys[]'))
+  clouds=$(yq r -j $clustersPath clouds | jq -rc '.|keys[]')
+  for cloud in $clouds; do
+    clusters=($(yq r -j $clustersPath clouds.${cloud}.clusters | jq -rc '. | keys[]'))
     for cluster in "${clusters[@]}"; do
       CLOUD=$cloud CLUSTER=$cluster $executable
     done

bin/otomi

@@ -14,7 +14,8 @@
 set -e
 
 command=$1
-[ "$ENV_DIR" = "" ] && env_unset=1
+env_unset='false'
+[ "$ENV_DIR" = "" ] && env_unset='true'
 ENV_DIR=${ENV_DIR:-$PWD}
 [ "$ENV_DIR" = "/home/app/stack" ] && ENV_DIR=$ENV_DIR/env
 
@@ -32,10 +33,8 @@ function verbose_env() {
   echo "command=$command"
 }
 
-# VERBOSE - export this varibale to run this script in verbose mode
-VERBOSE=${VERBOSE:-'true'}
-# EXIT_FAST - export this varaibale to exit the script on error
-EXIT_FAST=${EXIT_FAST:-'true'}
+# VERBOSE - set this variable to run this script in verbose mode
+VERBOSE=${VERBOSE:-''}
 
 # check_kube_context - a flag to indicate to use kube context and to refresh kube access token before running command in docker
 check_kube_context=1
@@ -55,10 +54,10 @@ readme_url='https://github.com/redkubes/otomi-core'
 
 function set_env_and_stack_dir() {
   local cwd=$(basename "$PWD")
-  [ "$VERBOSE" = "1" ] && echo "CWD: $cwd"
+  [ "$VERBOSE" != "" ] && echo "CWD: $cwd"
   if [ "$cwd" = "otomi-core" ]; then
-    [ "$env_unset" = "1" ] && echo "Error: The ENV_DIR environment variable is not set" >&2 && exit 1
-    [ "$VERBOSE" = "1" ] && echo "Mounting otomi-core dir"
+    [ "$env_unset" = 'true' ] && echo "Error: The ENV_DIR environment variable is not set" >&2 && exit 1
+    [ "$VERBOSE" != "" ] && echo "Mounting otomi-core dir"
     stack_dir=$PWD
     mount_stack_dir=1
   fi
@@ -95,7 +94,7 @@ function show_usage() {
 
   Env flags:
     VERBOSE=1;          Run otomi CLI in verbose mode
-    EXIT_FAST=1         Exit the script after first error
+    CI=true             Exit the script after first error
   "
 }
 
@@ -121,9 +120,7 @@ function evaluate_k8s_context() {
 function validate_k8s_context() {
   local context=$(kubectl config current-context)
   if [[ "$K8S_CONTEXT" != "$context" ]]; then
-    echo "Warning: Your current kubernetes context does not match target context: $K8S_CONTEXT"
-    echo ""
-    read -p "Would you like to switch kube context to target first? Yn" oki
+    read -p "Warning: Your current kubernetes context does not match target context: $K8S_CONTEXT. Would you like to switch kube context to target first? Yn" oki
     if [ "${oki:-y}" = "y" ]; then
       kubectl config use $K8S_CONTEXT
       drun bin/bootstrap.sh 1
@@ -189,8 +186,8 @@ function drun() {
   local stack_volume=''
   local socket_volume=''
 
+  [ "$VERBOSE" != "" ] && echo "Running in CI: $CI"
   if [ "$CI" != "" ]; then
-    [ "$VERBOSE" = "1" ] && echo "Running in CI: $CI"
     check_kube_context=0
   else
     socket_volume="-v /var/run/docker.sock:/var/run/docker.sock"
@@ -214,7 +211,7 @@ function drun() {
   # use docker run if has_docker AND either:
   # - not in docker
   # - in docker AND force docker
-  if [[ ("$CI" = "") && $has_docker -eq 1 && ("$IN_DOCKER" != "1" || $dind -eq 1) ]]; then
+  if [[ $has_docker -eq 1 && ("$IN_DOCKER" != "1" || $dind -eq 1) ]]; then
     [ "$VERBOSE" = "1" ] && echo "Running dockerized version of command: $command"
     docker run $docker_terminal_params --rm \
       $stack_volume $socket_volume -v /tmp:/tmp \
@@ -234,7 +231,7 @@ function drun() {
       -e GCLOUD_SERVICE_KEY="$GCLOUD_SERVICE_KEY" \
       -e CLUSTER="$CLUSTER" \
       -e K8S_CONTEXT="$K8S_CONTEXT" \
-      -e EXIT_FAST="$EXIT_FAST" \
+      -e CI="$CI" \
       -w $stack_dir \
       $cmd_image \
       $command
@@ -269,7 +266,7 @@ function execute() {
       ;;
     bash)
       check_kube_context=0
-      docker_terminal_params='-it'
+      docker_terminal_params='-t'
       drun bash
       ;;
     bootstrap)
@@ -286,7 +283,7 @@ function execute() {
       check_sops_file
       check_kube_context=0
       evaluate_secrets
-      if [ "$@" != "" ]; then
+      if [[ "$@" != "" ]]; then
         for f in $@; do
           echo "Decrypting $f"
           drun helm secrets dec ./env/$f >/dev/null

bin/validate-templates.sh

@@ -1,8 +1,7 @@
 #!/usr/bin/env bash
 
+[ "$CI" != "" ] && set -e
 set -uo pipefail
-EXIT_FAST=${EXIT_FAST:-'true'}
-[ $EXIT_FAST = 'true' ] && set -e
 
 schemaOutputPath="/tmp/otomi/kubernetes-json-schema/master"
 outputPath="/tmp/otomi/generated-crd-schemas"
@@ -62,7 +61,7 @@ process_crd() {
       jq -S -c --raw-output -f "$extractCrdSchemaJQFile" >>"$schemasBundleFile"
   } || {
     echo "ERROR Processing: $document"
-    [ $EXIT_FAST = 'true' ] && exit 1
+    [ "$CI" != "" ] && exit 1
   }
 }
 

bin/validate-values.sh

@@ -1,8 +1,7 @@
 #!/usr/bin/env bash
 
+[ "$CI" != "" ] && set -e
 set -uo pipefail
-EXIT_FAST=${EXIT_FAST:-'true'}
-[ $EXIT_FAST = 'true' ] && set -e
 
 . bin/common.sh
 
@@ -18,9 +17,8 @@ trap cleanup EXIT ERR
 
 validate_values() {
   local values_path="$tmp_path/$CLOUD-$CLUSTER.yaml"
-
   hf_values >$values_path
-  ajv validate -s './values-schema.yaml' -d $values_path --all-errors --extend-refs=fail >/dev/null
+  ajv test -s './values-schema.yaml' -d $values_path --all-errors --extend-refs=fail --valid
 }
 
 for_each_cluster validate_values

charts/keycloak/values.yaml

@@ -25,7 +25,7 @@ keycloak:
   image:
     repository: docker.io/jboss/keycloak
     # Overrides the image tag whose default is the chart version.
-    tag: ""
+    tag: "10.0.2"
     pullPolicy: IfNotPresent
 
     ## Optionally specify an array of imagePullSecrets.