Merge branch 'master' into cli-sdk-secret

vmware-archive · Jun 8, 2018 · 6eeb951 · 6eeb951
2 parents 93e903f + 93a1770
commit 6eeb951
Show file tree

Hide file tree

Showing 36 changed files with 1,457 additions and 342 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file. For more in
 
 ## [Unreleased] - [[Git compare](https://github.com/vmware/dispatch/compare/v0.1.16...HEAD)]
 
+### Added
+
+- New CLI Command `dispatch manage bootstrap` to bootstrap Dispatch with a new organization, service account and policies upon installation. [PR #501](https://github.com/vmware/dispatch/pull/501).
+
+
 ## [0.1.16] - 2017-06-06 - [[Git compare](https://github.com/vmware/dispatch/compare/v0.1.15...v0.1.16)] [[What's new](https://vmware.github.io/dispatch/2018/06/06/v0-1-16-release.html)]
 
 ### Added

diff --git a/Makefile b/Makefile
@@ -1,11 +1,11 @@
 
-VERSION ?= dev
+GIT_VERSION = $(shell git describe --tags --dirty)
+VERSION ?= $(GIT_VERSION)
 
 GO ?= go
 GOVERSIONS ?= go1.9 go1.10
 OS := $(shell uname)
 SHELL := /bin/bash
-GIT_VERSION = $(shell git describe --tags)
 
 .DEFAULT_GOAL := help
 
@@ -22,17 +22,14 @@ GO_LDFLAGS += -X $(VERSION_PACKAGE).commit=$(shell git rev-parse HEAD)
 GO_LDFLAGS +="
 
 PKGS := pkg
-GIT_VERSION = $(shell git describe --tags)
 
 
 # ?= cannot be used for these variables as they should be evaulated only once per Makefile
 ifeq ($(PREFIX),)
 PREFIX := $(shell pwd)
 endif
 
-ifeq ($(BUILD),)
-BUILD := $(shell date +%s)
-endif
+TAG := $(VERSION)
 
 
 
@@ -122,13 +119,13 @@ images: linux ci-images
 
 .PHONY: ci-values
 ci-values:
-	scripts/values.sh $(BUILD)
+	TAG=$(TAG) scripts/values.sh
 
 .PHONY: ci-images $(SERVICES)
 ci-images: ci-values $(SERVICES)
 
 $(SERVICES):
-	scripts/images.sh $@ $(BUILD)
+	TAG=$(TAG) scripts/images.sh $@
 
 .PHONY: generate
 generate: ## run go generate

diff --git a/charts/dispatch/charts/identity-manager/templates/bootstrap-secret.yaml b/charts/dispatch/charts/identity-manager/templates/bootstrap-secret.yaml
@@ -8,8 +8,3 @@ metadata:
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}"
 type: Opaque
-{{- if .Values.enableBootstrapMode }}
-data:
-  bootstrap_user:       {{ default "" .Values.bootstrapUser             | trim | b64enc | quote }}
-  bootstrap_public_key: {{ default "" .Values.bootstrapPublicKey        | trim | b64enc | quote }}
-{{- end }}
diff --git a/charts/dispatch/charts/identity-manager/values.yaml b/charts/dispatch/charts/identity-manager/values.yaml
@@ -5,12 +5,6 @@ replicaCount: 1
 maxUnavailable: 0
 maxSurge: 1
 
-# Bootstrap mode settings
-enableBootstrapMode: false
-bootstrapUser:
-# Base64 Encoded public key for the bootstrap user
-bootstrapPublicKey:
-
 image:
   # host: vmware
   repository: dispatch-identity-manager
@@ -44,6 +38,7 @@ ingress:
   # host: dispatch.vmware.com
   paths:
   - /v1/iam
+  - /v1/version
   tls: {}
     # Secrets must be manually created in the namespace.
     # secretName: dispatch-tls

diff --git a/ci/e2e/configs/dispatch-install-gke.yml b/ci/e2e/configs/dispatch-install-gke.yml
@@ -6,8 +6,6 @@ apiGateway:
 dispatch:
   host: 10.0.0.1
   port: 443
-  bootstrapUser: ci-bootstrap-user
-  bootstrapPublicKey: BOOTSTRAP_PUBLIC_KEY
   faas: FAAS
   eventTransport: EVENT_TRANSPORT
   image:

diff --git a/ci/e2e/configs/dispatch-install-local.yml b/ci/e2e/configs/dispatch-install-local.yml
@@ -3,8 +3,6 @@ apiGateway:
 dispatch:
   host: dispatch.local
   port: 443
-  bootstrapUser: ci-bootstrap-user
-  bootstrapPublicKey: BOOTSTRAP_PUBLIC_KEY
   faas: FAAS
   eventTransport: EVENT_TRANSPORT
   image:

diff --git a/ci/e2e/deploy-dispatch.yml b/ci/e2e/deploy-dispatch.yml
@@ -56,16 +56,9 @@ run:
     # workaround for issue https://github.com/kubernetes/helm/issues/2998
     cp -r dispatch/charts charts
 
-    # Generate required keys for bootstrap mode
-    openssl genrsa -out ci-keys/ci-bootstrap.key 4096
-    openssl rsa -in ci-keys/ci-bootstrap.key -pubout -outform PEM -out ci-keys/ci-bootstrap.key.pub
-    export BOOTSTRAP_PUBLIC_KEY=`base64 -w 0 -i ci-keys/ci-bootstrap.key.pub`
-    sed -i "s#BOOTSTRAP_PUBLIC_KEY#${BOOTSTRAP_PUBLIC_KEY}#g" install.yaml
-
-    # Installs Dispatch in bootstrap mode
+    # Installs Dispatch
     dispatch install --file install.yaml --charts-dir charts
 
-
     # Setup Dispatch Config
     mkdir -p ~/.dispatch
     if [[ -n ${GKE_PROJECT_ID} ]]; then
@@ -81,29 +74,22 @@ run:
         sed -i "s/INGRESS_PORT/$INGRESS_PORT/g" ~/.dispatch/config.json
     fi
 
+    # Bootstrap Dispatch with default org, service-accounts
+    dispatch manage bootstrap
+
     # Generate required keys for ci-user
     openssl genrsa -out ci-keys/ci-user.key 4096
     openssl rsa -in ci-keys/ci-user.key -pubout -outform PEM -out ci-keys/ci-user.key.pub
 
     # Create ci-user service account for e2e tests
     svcCmd="dispatch iam create serviceaccount \
       ci-user \
-      --public-key ci-keys/ci-user.key.pub \
-      --service-account ci-bootstrap-user \
-      --jwt-private-key ci-keys/ci-bootstrap.key"
+      --public-key ci-keys/ci-user.key.pub"
 
     # Temporary workaround until we get to the bottom of the intermittent CI failure with the prev command
     n=5; until $svcCmd; do if [ $n -gt 0 ] ; then echo "Failed - Retrying attempt $((6-n))"; sleep 5; ((n--)); else break; fi; done
 
     # Create admin policy for the service account
     dispatch iam create policy \
       ci-user-admin-policy \
-      --subject ci-user --action "*" --resource "*" \
-      --service-account ci-bootstrap-user \
-      --jwt-private-key ci-keys/ci-bootstrap.key
-
-    # Disable the bootstrap mode
-    dispatch manage --disable-bootstrap-mode
-
-    # Wait for the bootstrap mode to be disabled
-    sleep 30
+      --subject ci-user --action "*" --resource "*"