Skip to content

Commit

Permalink
feat: Add label to the secret gerrit-ciuser-sshkey (#14)
Browse files Browse the repository at this point in the history
We need this label app.edp.epam.com/secret-type=repository to show secret on the UI.

Change-Id: I4d3033ede0068ef39244a1cb050724b8693a4769
  • Loading branch information
zmotso committed Nov 1, 2023
1 parent 668f8ca commit 66b2b6b
Show file tree
Hide file tree
Showing 8 changed files with 145 additions and 50 deletions.
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ require (
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.8.1
golang.org/x/crypto v0.14.0
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
gopkg.in/resty.v1 v1.12.0
k8s.io/api v0.26.1
k8s.io/apimachinery v0.26.1
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4
golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
Expand Down
8 changes: 4 additions & 4 deletions mock/platform/mock_platform_service.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

74 changes: 54 additions & 20 deletions pkg/service/gerrit/gerrit.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,15 @@ func (s ComponentService) Configure(instance *gerritApi.Gerrit) (*gerritApi.Gerr
gerritScriptsPath = filepath.FromSlash(fmt.Sprintf("%v/../%v/%v", executableFilePath, platformHelper.LocalConfigsRelativePath, platformHelper.DefaultScriptsDirectory))
}

err = s.PlatformService.CreateSecret(instance, instance.Name+"-admin-password", map[string][]byte{
user: []byte(spec.GerritDefaultAdminUser),
password: []byte(uniuri.New()),
})
err = s.PlatformService.CreateSecret(
instance,
instance.Name+"-admin-password",
map[string][]byte{
user: []byte(spec.GerritDefaultAdminUser),
password: []byte(uniuri.New()),
},
map[string]string{},
)
if err != nil {
return instance, false, errors.Wrapf(err, "failed to create admin Secret %s for Gerrit", instance.Name+"-admin-password")
}
Expand Down Expand Up @@ -303,10 +308,15 @@ func (s ComponentService) ExposeConfiguration(ctx context.Context, instance *ger
ciUserSecretName := formatSecretName(instance.Name, spec.GerritDefaultCiUserSecretPostfix)
ciUserSshSecretName := fmt.Sprintf("%s-ciuser%s", instance.Name, spec.SshKeyPostfix)

if err = s.PlatformService.CreateSecret(instance, ciUserSecretName, map[string][]byte{
user: []byte(spec.GerritDefaultCiUserUser),
password: []byte(uniuri.New()),
}); err != nil {
if err = s.PlatformService.CreateSecret(
instance,
ciUserSecretName,
map[string][]byte{
user: []byte(spec.GerritDefaultCiUserUser),
password: []byte(uniuri.New()),
},
map[string]string{},
); err != nil {
return instance, errors.Wrapf(err, "Failed to create ci user Secret %v for Gerrit", ciUserSecretName)
}

Expand All @@ -324,11 +334,18 @@ func (s ComponentService) ExposeConfiguration(ctx context.Context, instance *ger
return instance, errors.Wrapf(err, "Unable to generate SSH key pairs for Gerrit")
}

err = s.PlatformService.CreateSecret(instance, ciUserSshSecretName, map[string][]byte{
"username": []byte(spec.GerritDefaultCiUserUser),
rsaID: privateKey,
rsaIDFile: publicKey,
})
err = s.PlatformService.CreateSecret(
instance,
ciUserSshSecretName,
map[string][]byte{
"username": []byte(spec.GerritDefaultCiUserUser),
rsaID: privateKey,
rsaIDFile: publicKey,
},
map[string]string{
"app.edp.epam.com/secret-type": "repository",
},
)
if err != nil {
return instance, errors.Wrapf(err, "Failed to create Secret with SSH key pairs for Gerrit")
}
Expand Down Expand Up @@ -380,7 +397,12 @@ func (s ComponentService) ExposeConfiguration(ctx context.Context, instance *ger

identityServiceSecretName := formatSecretName(instance.Name, spec.IdentityServiceCredentialsSecretPostfix)

err = s.PlatformService.CreateSecret(instance, identityServiceSecretName, identityServiceClientCredentials)
err = s.PlatformService.CreateSecret(
instance,
identityServiceSecretName,
identityServiceClientCredentials,
map[string]string{},
)
if err != nil {
return instance, errors.Wrapf(err, fmt.Sprintf("Failed to create secret %v", identityServiceSecretName))
}
Expand Down Expand Up @@ -638,10 +660,15 @@ func (s ComponentService) createSSHKeyPairs(instance *gerritApi.Gerrit, secretNa
return nil, nil, errors.Wrapf(err, "Unable to generate SSH key pairs for Gerrit")
}

if err := s.PlatformService.CreateSecret(instance, secretName, map[string][]byte{
rsaID: privateKey,
rsaIDFile: publicKey,
}); err != nil {
if err := s.PlatformService.CreateSecret(
instance,
secretName,
map[string][]byte{
rsaID: privateKey,
rsaIDFile: publicKey,
},
map[string]string{},
); err != nil {
return nil, nil, errors.Wrapf(err, "Failed to create Secret with SSH key pairs for Gerrit")
}

Expand Down Expand Up @@ -733,7 +760,12 @@ func (s *ComponentService) exposeArgoCDConfiguration(_ context.Context, gerrit *
password: []byte(uniuri.New()),
}

err := s.PlatformService.CreateSecret(gerrit, argoUserSecretName, argoUserSecretData)
err := s.PlatformService.CreateSecret(
gerrit,
argoUserSecretName,
argoUserSecretData,
map[string]string{},
)
if err != nil {
return fmt.Errorf("failed to create secret %s: %w", argoUserSecretName, err)
}
Expand All @@ -755,7 +787,9 @@ func (s *ComponentService) exposeArgoCDConfiguration(_ context.Context, gerrit *
"username": []byte(spec.GerritArgoUser),
rsaID: privateKey,
rsaIDFile: publicKey,
})
},
map[string]string{},
)
if err != nil {
return fmt.Errorf("unable to create secret for Gerrit ArgoCD user: %w", err)
}
Expand Down
46 changes: 23 additions & 23 deletions pkg/service/gerrit/gerrit_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ func TestComponentService_Configure_CreateSecretErr(t *testing.T) {
errTest := errors.New("test")

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(errTest)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(errTest)

configure, b, err := CS.Configure(instance)
assert.Error(t, err)
Expand All @@ -256,7 +256,7 @@ func TestComponentService_Configure_GetServicePortErr(t *testing.T) {
errTest := errors.New("test")

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, errTest)

configure, b, err := CS.Configure(instance)
Expand All @@ -276,7 +276,7 @@ func TestComponentService_Configure_GetDeploymentSSHPortErr(t *testing.T) {
errTest := errors.New("test")

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetDeploymentSSHPort", instance).Return(port, errTest)

Expand All @@ -297,7 +297,7 @@ func TestComponentService_Configure_GetServiceErr(t *testing.T) {
errTest := errors.New("test")

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil).Once()
ps.On("GetService", instance.Namespace, instance.Name).Return(service, errTest)
ps.On("GetDeploymentSSHPort", instance).Return(port, nil)
Expand All @@ -319,7 +319,7 @@ func TestComponentService_Configure_UpdateServiceErr(t *testing.T) {
errTest := errors.New("test")

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetDeploymentSSHPort", instance).Return(port, nil)
ps.On("UpdateService", service, port).Return(errTest)
Expand Down Expand Up @@ -347,7 +347,7 @@ func TestComponentService_Configure_updateDeploymentConfigPortErr(t *testing.T)
errTest := errors.New("test")

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetDeploymentSSHPort", instance).Return(port, nil)
ps.On("UpdateService", service, servicePort).Return(nil)
Expand Down Expand Up @@ -375,7 +375,7 @@ func TestComponentService_Configure_updateDeploymentConfigPortTrue(t *testing.T)
}

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetDeploymentSSHPort", instance).Return(port, nil)
ps.On("UpdateService", service, servicePort).Return(nil)
Expand All @@ -402,7 +402,7 @@ func TestComponentService_Configure_GetPodsErr(t *testing.T) {
errTest := errors.New("test")

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetDeploymentSSHPort", instance).Return(port, nil)
ps.On("UpdateService", service, port).Return(nil)
Expand Down Expand Up @@ -439,7 +439,7 @@ func TestComponentService_Configure_createSSHKeyPairsAdminErr(t *testing.T) {
errTest := errors.New("test")

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetDeploymentSSHPort", instance).Return(port, nil)
ps.On("UpdateService", service, port).Return(nil)
Expand Down Expand Up @@ -476,7 +476,7 @@ func TestComponentService_Configure_CheckCredentialsErr(t *testing.T) {
}

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetDeploymentSSHPort", instance).Return(port, nil)
ps.On("UpdateService", service, port).Return(nil)
Expand Down Expand Up @@ -673,8 +673,8 @@ func TestComponentService_ExposeConfiguration_CreateUserErr(t *testing.T) {
ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return(h, sc, nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetSecret", instance.Namespace, instance.Name+"-admin").Return(secretData, nil)
ps.On("CreateSecret", instance, ciUserSecretName, mock.Anything).Return(nil)
ps.On("CreateSecret", instance, ciUserSshSecretName, mock.Anything).Return(nil)
ps.On("CreateSecret", instance, ciUserSecretName, mock.Anything, mock.Anything).Return(nil)
ps.On("CreateSecret", instance, ciUserSshSecretName, mock.Anything, mock.Anything).Return(nil)
ps.On("GetSecretData", instance.Namespace, ciUserSecretName).Return(secretData, nil)

_, err = CS.ExposeConfiguration(context.Background(), instance)
Expand Down Expand Up @@ -744,7 +744,7 @@ func TestComponentService_ExposeConfiguration_FirstCreateSecretErr(t *testing.T)
ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return(h, sc, nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetSecret", instance.Namespace, instance.Name+"-admin").Return(secretData, nil)
ps.On("CreateSecret", instance, ciUserSecretName, mock.Anything).Return(errTest)
ps.On("CreateSecret", instance, ciUserSecretName, mock.Anything, mock.Anything).Return(errTest)

_, err = CS.ExposeConfiguration(context.Background(), instance)
assert.Error(t, err)
Expand Down Expand Up @@ -773,7 +773,7 @@ func TestComponentService_ExposeConfiguration_GetSecretErr(t *testing.T) {
ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return(h, sc, nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetSecret", instance.Namespace, instance.Name+"-admin").Return(secretData, nil)
ps.On("CreateSecret", instance, ciUserSecretName, mock.Anything).Return(nil)
ps.On("CreateSecret", instance, ciUserSecretName, mock.Anything, mock.Anything).Return(nil)
ps.On("GetSecretData", instance.Namespace, ciUserSecretName).Return(secretData, errTest)

_, err = CS.ExposeConfiguration(context.Background(), instance)
Expand Down Expand Up @@ -804,9 +804,9 @@ func TestComponentService_ExposeConfiguration_CreateSecretErr(t *testing.T) {
ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return(h, sc, nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetSecret", instance.Namespace, instance.Name+"-admin").Return(secretData, nil)
ps.On("CreateSecret", instance, ciUserSecretName, mock.Anything).Return(nil)
ps.On("CreateSecret", instance, ciUserSecretName, mock.Anything, mock.Anything).Return(nil)
ps.On("GetSecretData", instance.Namespace, ciUserSecretName).Return(secretData, nil)
ps.On("CreateSecret", instance, ciUserSshSecretName, mock.Anything).Return(errTest)
ps.On("CreateSecret", instance, ciUserSshSecretName, mock.Anything, mock.Anything).Return(errTest)

_, err = CS.ExposeConfiguration(context.Background(), instance)
assert.Error(t, err)
Expand Down Expand Up @@ -835,7 +835,7 @@ func TestComponentService_Configure_CreateGroups(t *testing.T) {
}

ps.On("GetExternalEndpoint", instance.Namespace, instance.Name).Return("", "", nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything).Return(nil)
ps.On("CreateSecret", instance, instance.Name+"-admin-password", mock.Anything, mock.Anything).Return(nil)
ps.On("GetService", instance.Namespace, instance.Name).Return(service, nil)
ps.On("GetDeploymentSSHPort", instance).Return(port, nil)
ps.On("UpdateService", service, port).Return(nil)
Expand Down Expand Up @@ -918,7 +918,7 @@ func TestComponentService_exposeArgoCDConfiguration(t *testing.T) {
name: "success expose argocd configuration",
PlatformService: func(t *testing.T) platform.PlatformService {
serviceMock := &pmock.PlatformService{}
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything).
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
Return(nil)

return serviceMock
Expand All @@ -938,7 +938,7 @@ func TestComponentService_exposeArgoCDConfiguration(t *testing.T) {
name: "failed to create user secret",
PlatformService: func(t *testing.T) platform.PlatformService {
serviceMock := &pmock.PlatformService{}
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything).
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
Return(errors.New("failed to create secret"))

return serviceMock
Expand All @@ -955,10 +955,10 @@ func TestComponentService_exposeArgoCDConfiguration(t *testing.T) {
name: "failed to create ssh secret",
PlatformService: func(t *testing.T) platform.PlatformService {
serviceMock := &pmock.PlatformService{}
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything).
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
Once().
Return(nil).
On("CreateSecret", mock.Anything, mock.Anything, mock.Anything).
On("CreateSecret", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
Once().
Return(errors.New("failed to create ssh secret"))

Expand All @@ -976,7 +976,7 @@ func TestComponentService_exposeArgoCDConfiguration(t *testing.T) {
name: "failed to create user",
PlatformService: func(t *testing.T) platform.PlatformService {
serviceMock := &pmock.PlatformService{}
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything).
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
Return(nil)

return serviceMock
Expand All @@ -995,7 +995,7 @@ func TestComponentService_exposeArgoCDConfiguration(t *testing.T) {
name: "failed to add user to groups",
PlatformService: func(t *testing.T) platform.PlatformService {
serviceMock := &pmock.PlatformService{}
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything).
serviceMock.On("CreateSecret", mock.Anything, mock.Anything, mock.Anything, mock.Anything).
Return(nil)

return serviceMock
Expand Down
7 changes: 5 additions & 2 deletions pkg/service/platform/k8s/k8s.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"strconv"

"github.com/pkg/errors"
"golang.org/x/exp/maps"
coreV1Api "k8s.io/api/core/v1"
k8sErrors "k8s.io/apimachinery/pkg/api/errors"
metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down Expand Up @@ -44,7 +45,7 @@ var log = ctrl.Log.WithName("platform")
// K8SService implements platform.Service interface (k8s platform integration).
type K8SService struct {
Scheme *runtime.Scheme
CoreClient *coreV1Client.CoreV1Client
CoreClient coreV1Client.CoreV1Interface
appsV1Client *appsV1Client.AppsV1Client
networkingClient networkingClient.NetworkingV1Interface
client k8sClient.Client
Expand Down Expand Up @@ -388,7 +389,7 @@ func (s *K8SService) ExecInPod(namespace, podName string, command []string) (std
}

// CreateSecret creates a new Secret Resource for a Gerrit EDP Component.
func (s *K8SService) CreateSecret(gerrit *gerritApi.Gerrit, secretName string, data map[string][]byte) error {
func (s *K8SService) CreateSecret(gerrit *gerritApi.Gerrit, secretName string, data map[string][]byte, labels map[string]string) error {
ctx := context.Background()
vLog := log.WithValues(nameKey, secretName)
vLog.Info("creating secret")
Expand All @@ -406,6 +407,8 @@ func (s *K8SService) CreateSecret(gerrit *gerritApi.Gerrit, secretName string, d

gerritSecretObject := newGerritSecret(secretName, gerrit.Name, gerrit.Namespace, data)

maps.Copy(gerritSecretObject.Labels, labels)

err = controllerutil.SetControllerReference(gerrit, gerritSecretObject, s.Scheme)
if err != nil {
return fmt.Errorf("failed to set owner %q (Gerrit resource) as a controller OwnerReference on %q (Gerrit Secret resource): %w", gerrit.Name, gerritSecretObject.Name, err)
Expand Down
Loading

0 comments on commit 66b2b6b

Please sign in to comment.