fix: encryption (#700)

chart/otomi/values.yaml

@@ -2,15 +2,16 @@ cluster:
   # domainSuffix: '' # Needs to be set when hasExternalDNS is set to true
   k8sVersion: '1.20'
   name: 'dev'
-  owner: ''
   provider: '' # provider can be one of aws|azure|google|onprem
-otomi:
+  # owner: '' # will be set to 'otomi' if left empty
+otomi: {}
   # adminPassword: '' # Will be automatically generated if not filled-in
-  # Set to true when using an external DNS zone. Use default (false) to get assigned a '*.nip.io' domain.
-  hasExternalDNS: false
-  # Set this to true, when you bring your own IDP such as Azure AD. Then you must also fill in the 'oidc:' settings below. When set to false Keycloak will become the IDP.
+  # Set hasExternalDNS to true when using an external DNS zone. Otherwise a '*.nip.io' domain will be created.
+  # hasExternalDNS: false
+  # Set hasExternalIDP to true,when you bring your own IDP such as Azure AD. When set to false Keycloak will become the IDP.
+  # NOTE: When this is set to true you must also fill in the 'oidc:' settings below. 
   # hasExternalIDP: false
-  # by default the image tag is set to .Chart.AppVersion
+  # By default the image tag is set to .Chart.AppVersion
   # version: master
 charts:
   cert-manager:

helmfile.d/snippets/derived.gotmpl

@@ -17,7 +17,7 @@
   {{- $otomiTag = print "v" $otomiVersion }}
 {{- end }}
 {{- $versions = $versions | merge (dict "core" $otomiVersion) }}
-# Domain suffix may not be present during initial deplyment stage
+# Domain suffix may not be present during initial deployment stage
 {{- $domainSuffix := $v | get "cluster.domainSuffix" nil }}
 {{- $provider := $v.cluster.provider }}
 {{- $droneProvider := $c.drone.sourceControl.provider }}

helmfile.d/snippets/env.gotmpl

@@ -2,7 +2,7 @@
 {{- $teams := readFile (print $ENV_DIR "/env/teams.yaml") | fromYaml }}
 {{- $settings := readFile (print $ENV_DIR "/env/settings.yaml") | fromYaml }}
 {{- $teams := keys $teams.teamConfig.teams}}
-{{- $hasSops := eq (exec "bash" (list "-c" "( test -f $ENV_DIR/.sops.yaml && echo 'true' ) || echo 'false'")) "true" }}
+{{- $hasSops := eq (exec "bash" (list "-c" "( test -f $ENV_DIR/.sops.yaml && echo 'true' ) || echo 'false'") | trim) "true" }}
 {{- $charts := (exec "bash" (list "-c" "find  $ENV_DIR/env/charts -name '*.yaml' -not -name 'secrets.*.yaml'")) | splitList "\n" }}
 {{- $chartsSecret := (exec "bash" (list "-c" "find  $ENV_DIR/env/charts -name 'secrets.*.yaml'")) | splitList "\n" }}
 {{- $ext := ($hasSops | ternary ".dec" "") }}

src/cmd/bootstrap.test.ts

@@ -54,11 +54,15 @@ describe('Bootstrapping values', () => {
     const res = await getStoredClusterSecrets(deps)
     expect(res).toEqual(undefined)
   })
-  it('should set k8sContext if needed', async () => {
+  it('should set apiName, k8sContext and owner if needed', async () => {
     await bootstrapValues(deps)
     expect(deps.writeValues).toHaveBeenCalledWith(
       expect.objectContaining({
-        cluster: { k8sContext: `otomi-${values.cluster.provider}-${values.cluster.name}` },
+        cluster: expect.objectContaining({
+          apiName: expect.any(String),
+          k8sContext: expect.any(String),
+          owner: expect.any(String),
+        }),
       }),
       true,
     )

src/cmd/bootstrap.ts

@@ -240,10 +240,29 @@ export const bootstrapValues = async (
     return
   }
   const finalValues = (await deps.hfValues()) as Record<string, any>
-  if (deps.isCli && !finalValues.cluster.k8sContext) {
-    const k8sContext = `otomi-${providerMap(finalValues.cluster.provider)}-${finalValues.cluster.name}`
-    deps.debug.info(`No value for cluster.k8sContext found, providing default one: ${k8sContext}`)
-    await deps.writeValues({ cluster: { k8sContext } }, true)
+  const {
+    cluster: { apiName, k8sContext, name, owner, provider },
+  } = finalValues
+  // we can set defaults for the following 3 and some derived values
+  // that we want to end up in the files, so the api can access them
+  if (!k8sContext || !apiName || !owner) {
+    const add: Record<string, any> = { cluster: {} }
+    const engine = providerMap(provider)
+    const defaultOwner = 'otomi'
+    const defaultName = `${owner || defaultOwner}-${engine}-${name}`
+    if (!apiName) {
+      deps.debug.info(`No value for cluster.apiName found, providing default one: ${defaultName}`)
+      add.cluster.apiName = defaultName
+    }
+    if (!k8sContext) {
+      deps.debug.info(`No value for cluster.k8sContext found, providing default one: ${defaultName}`)
+      add.cluster.k8sContext = defaultName
+    }
+    if (!owner) {
+      deps.debug.info(`No value for cluster.owner found, providing default one: ${defaultOwner}`)
+      add.cluster.owner = defaultOwner
+    }
+    await deps.writeValues(add, true)
   }
   await deps.genSops()
   if (deps.existsSync(`${ENV_DIR}/.sops.yaml`)) {

src/test-stubs.ts

@@ -1,11 +1,5 @@
 import { createMock } from 'ts-auto-mock'
 import { OtomiDebugger } from './common/debug'
-import { loadYaml } from './common/utils'
-
-let valuesOverrides = {}
-export const setValuesOverrides = (overrides: Record<string, any>): void => {
-  valuesOverrides = overrides
-}
 
 const stubs = {
   terminal: (): OtomiDebugger =>
@@ -16,11 +10,5 @@ const stubs = {
       warn: jest.fn(),
       error: jest.fn(),
     }),
-  utils: {
-    loadYaml: jest.fn(() => {
-      const minimalValues = loadYaml(`${process.cwd()}/src/fixtures/bootstrap/values-full.yaml`)
-      return { ...minimalValues, ...valuesOverrides }
-    }),
-  },
 }
 export default stubs

tests/fixtures/env/cluster.yaml

@@ -1,6 +1,6 @@
 cluster:
     apiName: eks_otomi-cloud_eu-central-1_otomi-eks-demo
-    apiServer: https://mycluster.otomi.io
+    apiServer: https://1.1.1.1:8443
     domainSuffix: demo.eks.otomi.cloud
     k8sContext: otomi-eks-demo
     k8sVersion: '1.19'

tests/kind/env/cluster.yaml

@@ -3,5 +3,4 @@ cluster:
   k8sContext: kubernetes-admin@kind
   k8sVersion: '1.19'
   name: kind
-  owner: redkubes
   provider: kind

tpl/.drone.yml.gotmpl

@@ -22,7 +22,6 @@ trigger:
 environment:
   IN_DOCKER: '1'
   VERBOSITY: '1'
-  ENV_DIR: /home/app/stack/env
 
 steps:
 {{- if eq .provider "slack" }}

values-schema.yaml

@@ -226,7 +226,7 @@ definitions:
         $ref: '#/definitions/wordCharacterPattern'
       apiServer:
         description: Used by kubectl for local deployment to target cluster.
-        $ref: '#/definitions/url'
+        pattern: '^https:\/\/.*'
       domainSuffix:
         $ref: '#/definitions/domain'
         description: Domain suffix for the cluster. Also added to list of dns zones in the Otomi Console.
@@ -2288,7 +2288,7 @@ properties:
         type: boolean
       hasExternalDNS:
         description: Set this to true when an external dns zone is available to manage dns records. (Expects required `dns:` fields to be set.)
-        default: true
+        default: false
         type: boolean
       hasExternalIDP:
         default: false
@@ -2540,6 +2540,8 @@ properties:
         patternProperties:
           ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$:
             $ref: '#/definitions/team'
+  version:
+    type: integer
+    description: DO NOT CHANGE! Holds the values-schema version. For more details, see `otomi migrate`.
 required:
   - cluster
-  - otomi

values/cluster-autoscaler/cluster-autoscaler.gotmpl

@@ -9,7 +9,7 @@ image:
   {{- end }}
   repository: eu.gcr.io/k8s-artifacts-prod/autoscaling/cluster-autoscaler
   tag: v1.18.2
-{{ $map := readFile "../../helmfile.d/snippets/provider-engine-map.gotmpl" | fromYaml }}
+{{- $map := readFile "../../helmfile.d/snippets/provider-engine-map.gotmpl" | fromYaml }}
 autoDiscovery:
   clusterName:  {{ printf "%s-%s-%s" $v.cluster.owner (index $map $v.cluster.provider) $v.cluster.name }}