Minor fixes for least privilege environments #209

Getting it always might cause the following error on clusters with non-admin privileges: nodes is forbidden: User "xyz" cannot list resource "nodes" in API group "" at the cluster scope The change removes the need to query the clusterBindAddress at the beginning. This way envs with less privileges get the option to either run GOP inside k8s or pass external jenkins and scmm urls.

Otherwise, applying GOP fails with 404.

Failed on Jenkins, likely due to a network glitch. [2024-08-08T08:30:48.982Z] 139 | >>> RUN gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 5ED46A6721D365587791E2AA783FCD8E58BCAFBA # madler@alumni.caltech.edu [2024-08-08T08:30:48.982Z] 140 | RUN gpg --batch --verify zlib.tar.gz.asc zlib.tar.gz [2024-08-08T08:30:48.982Z] 141 | RUN mkdir zlib && tar -xvzf zlib.tar.gz -C zlib --strip-components 1 && \ [2024-08-08T08:30:48.982Z] -------------------- [2024-08-08T08:30:48.982Z] ERROR: failed to solve: process "/bin/sh -c gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 5ED46A6721D365587791E2AA783FCD8E58BCAFBA # madler@alumni.caltech.edu" did not complete successfully: exit code: 2

That is, run groovy scrips in dev image without prior compilation, overcoming the issue that Micronaut's dependency injection relies on statically compiled class files with seems incompatible with groovy scripting/interpretation (without prior compilation). The Micronaut Classloader relies on compiled classes being loaded by java classloader. ApplicationContext.run() .. SoftServiceLocader.collectDynamicServices() Class.forName() This uses the Java classloader which does not know the Groovy-only classes when interpreting (scripting) without prior compilation. This can be overcome by keeping the $xyz classes created by Micronaut's annotation processor inside the dev image and setting the Groovy classloader like so: ApplicationContext.run(Thread.currentThread().contextClassLoader). However, with TRACE logs enabled for "io.micronaut.context" we can then see stacktraces like this in the log. NoClassDefFoundError: com/cloudogu/gitops/jenkins/GlobalPropertyManager at com.cloudogu.gitops.jenkins.$GlobalPropertyManager$Definition$Reference.getBeanType(Unknown Source) Eventually we fail with No bean of type [com.cloudogu.gitops.config.ApplicationConfigurator] exists. Make sure the bean is not disabled by bean requirements (enable trace logging for 'io.micronaut.context.condition' to check) and if the bean is enabled then ensure the class is declared a bean and annotation processing is enabled (for Java and Kotlin the 'micronaut-inject-java' dependency should be configured as an annotation processor). at io.micronaut.context.DefaultBeanContext.newNoSuchBeanException(DefaultBeanContext.java:2773) at io.micronaut.context.DefaultApplicationContext.newNoSuchBeanException(DefaultApplicationContext.java:292) at io.micronaut.context.DefaultBeanContext.resolveBeanRegistration(DefaultBeanContext.java:2735) So we choose the pragmatic workaround of instantiating all classes manually when running the dev image. Harder to maintain, but at least a working solution.

This is helpful when running GOP as scripts from dev image but the JAR resides somewhere else. For example, when applying GOP from a Jenkins job with docker.image .inside but mounting your own Groovy Scripts or when running locally CLASSPATH=target/xyz.jar scripts/apply-ng.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Minor fixes for least privilege environments #209

Minor fixes for least privilege environments #209

Commits on Aug 14, 2024