Skip to content

Commit

Permalink
Merge pull request #539 from equinor/update-radix-common
Browse files Browse the repository at this point in the history
Upgrade Go (1.21) an ApiMachinery(0.27.6) and remove MachineUser
  • Loading branch information
Richard87 authored Sep 29, 2023
2 parents 93c89b5 + 9bfe216 commit 6ae7da6
Show file tree
Hide file tree
Showing 14 changed files with 7,464 additions and 222 deletions.
3 changes: 1 addition & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,10 @@ vendor

debug
swaggerui/statik.go
swaggerui_src/swagger.json

__debug_bin
.dccache
Dockerfile.dev

# binary created by goland with default settings
main
main
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.20-alpine3.18 as builder
FROM golang:1.21-alpine3.18 as builder
ENV GO111MODULE=on

RUN apk update && \
Expand Down Expand Up @@ -42,4 +42,4 @@ COPY --from=builder /usr/local/bin/radix-api /usr/local/bin/radix-api

EXPOSE 3001
USER 1000
ENTRYPOINT ["/usr/local/bin/radix-api"]
ENTRYPOINT ["/usr/local/bin/radix-api"]
5 changes: 3 additions & 2 deletions api/alerting/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ func (h *handler) validateUpdateSlackConfig(slackConfig *alertModels.UpdateSlack
func (h *handler) waitForRadixAlertReconciled(ctx context.Context, source *radixv1.RadixAlert) (*radixv1.RadixAlert, bool) {
var reconciledAlert *radixv1.RadixAlert

hasReconciled := func() (bool, error) {
hasReconciled := func(ctx context.Context) (bool, error) {
radixAlert, err := h.accounts.UserAccount.RadixClient.RadixV1().RadixAlerts(source.Namespace).Get(ctx, source.Name, metav1.GetOptions{})
if err != nil {
return false, err
Expand All @@ -233,9 +233,10 @@ func (h *handler) waitForRadixAlertReconciled(ctx context.Context, source *radix
return radixAlert.Status.Reconciled != nil, nil
}

if err := wait.PollImmediate(h.reconcilePollInterval, h.reconcilePollTimeout, hasReconciled); err != nil {
if err := wait.PollUntilContextTimeout(ctx, h.reconcilePollInterval, h.reconcilePollTimeout, true, hasReconciled); err != nil {
return nil, false
}

return reconciledAlert, true
}

Expand Down
59 changes: 0 additions & 59 deletions api/applications/applications_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ import (
"net/http"
"strings"

log "github.com/sirupsen/logrus"

applicationModels "github.com/equinor/radix-api/api/applications/models"
"github.com/equinor/radix-api/models"
radixhttp "github.com/equinor/radix-common/net/http"
Expand Down Expand Up @@ -115,11 +113,6 @@ func (ac *applicationController) GetRoutes() models.Routes {
Method: "GET",
HandlerFunc: ac.GetDeployKeyAndSecret,
},
models.Route{
Path: appPath + "/regenerate-machine-user-token",
Method: "POST",
HandlerFunc: ac.RegenerateMachineUserTokenHandler,
},
models.Route{
Path: appPath + "/regenerate-deploy-key",
Method: "POST",
Expand Down Expand Up @@ -364,58 +357,6 @@ func (ac *applicationController) IsDeployKeyValidHandler(accounts models.Account
radixhttp.ErrorResponse(w, r, err)
}

// RegenerateMachineUserTokenHandler Deletes the secret holding the token to force refresh and returns the new token
func (ac *applicationController) RegenerateMachineUserTokenHandler(accounts models.Accounts, w http.ResponseWriter, r *http.Request) {
// swagger:operation POST /applications/{appName}/regenerate-machine-user-token application regenerateMachineUserToken
// ---
// summary: Regenerates machine user token
// parameters:
// - name: appName
// in: path
// description: name of application
// type: string
// required: true
// - name: Impersonate-User
// in: header
// description: Works only with custom setup of cluster. Allow impersonation of test users (Required if Impersonate-Group is set)
// type: string
// required: false
// - name: Impersonate-Group
// in: header
// description: Works only with custom setup of cluster. Allow impersonation of test group (Required if Impersonate-User is set)
// type: array
// items:
// type: string
// required: false
// responses:
// "200":
// description: Successful regenerate machine-user token
// schema:
// "$ref": "#/definitions/MachineUser"
// "401":
// description: "Unauthorized"
// "403":
// description: "Forbidden"
// "404":
// description: "Not found"
// "409":
// description: "Conflict"
// "500":
// description: "Internal server error"

appName := mux.Vars(r)["appName"]
handler := ac.applicationHandlerFactory.Create(accounts)
machineUser, err := handler.RegenerateMachineUserToken(r.Context(), appName)

if err != nil {
radixhttp.ErrorResponse(w, r, err)
return
}

log.Debugf("re-generated machine user token for app %s", appName)
radixhttp.JSONResponse(w, r, &machineUser)
}

// RegenerateDeployKeyHandler Regenerates deploy key and secret and returns the new key
func (ac *applicationController) RegenerateDeployKeyHandler(accounts models.Accounts, w http.ResponseWriter, r *http.Request) {
// swagger:operation POST /applications/{appName}/regenerate-deploy-key application regenerateDeployKey
Expand Down
90 changes: 2 additions & 88 deletions api/applications/applications_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,6 @@ import (
"context"
"encoding/json"
"fmt"
"net/http"
"strings"
"time"

applicationModels "github.com/equinor/radix-api/api/applications/models"
"github.com/equinor/radix-api/api/deployments"
"github.com/equinor/radix-api/api/environments"
Expand All @@ -29,13 +25,14 @@ import (
crdUtils "github.com/equinor/radix-operator/pkg/apis/utils"
log "github.com/sirupsen/logrus"
authorizationapi "k8s.io/api/authorization/v1"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/kubernetes/fake"
"net/http"
"strings"
)

type patch struct {
Expand Down Expand Up @@ -120,40 +117,6 @@ func (ah *ApplicationHandler) GetApplication(ctx context.Context, appName string
return application, nil
}

// RegenerateMachineUserToken Deletes the secret holding the token to force refresh and returns the new token
func (ah *ApplicationHandler) RegenerateMachineUserToken(ctx context.Context, appName string) (*applicationModels.MachineUser, error) {
log.Debugf("regenerate machine user token for app: %s", appName)
namespace := crdUtils.GetAppNamespace(appName)
machineUserSA, err := ah.getMachineUserServiceAccount(ctx, appName, namespace)
if err != nil {
return nil, err
}
if len(machineUserSA.Secrets) == 0 {
return nil, fmt.Errorf("unable to get secrets on machine user service account")
}

tokenName := machineUserSA.Secrets[0].Name
log.Debugf("delete service account for app %s and machine user token: %s", appName, tokenName)
if err := ah.getUserAccount().Client.CoreV1().Secrets(namespace).Delete(ctx, tokenName, metav1.DeleteOptions{}); err != nil {
return nil, err
}

queryTimeout := time.NewTimer(time.Duration(5) * time.Second)
queryInterval := time.NewTicker(time.Second)
for {
select {
case <-queryInterval.C:
machineUser, err := ah.getMachineUserForApp(ctx, appName)
if err == nil {
return machineUser, nil
}
log.Debugf("waiting to get machine user for app %s of namespace %s, error: %v", appName, namespace, err)
case <-queryTimeout.C:
return nil, fmt.Errorf("timeout getting user machine token secret")
}
}
}

// RegisterApplication handler for RegisterApplication
func (ah *ApplicationHandler) RegisterApplication(ctx context.Context, applicationRegistrationRequest applicationModels.ApplicationRegistrationRequest) (*applicationModels.ApplicationRegistrationUpsertResponse, error) {
var err error
Expand Down Expand Up @@ -331,15 +294,6 @@ func (ah *ApplicationHandler) ModifyRegistrationDetails(ctx context.Context, app
runUpdate = true
}

if patchRequest.MachineUser != nil && *patchRequest.MachineUser != currentRegistration.Spec.MachineUser {
if *patchRequest.MachineUser {
return nil, fmt.Errorf("machine user token is deprecated. Please use AD Service principal access token https://radix.equinor.com/guides/deploy-only/#ad-service-principal-access-token")
}
updatedRegistration.Spec.MachineUser = *patchRequest.MachineUser
payload = append(payload, patch{Op: "replace", Path: "/spec/machineUser", Value: patchRequest.MachineUser})
runUpdate = true
}

if patchRequest.WBS != nil && *patchRequest.WBS != "" {
updatedRegistration.Spec.WBS = *patchRequest.WBS
payload = append(payload, patch{Op: "replace", Path: "/spec/wbs", Value: *patchRequest.WBS})
Expand Down Expand Up @@ -615,46 +569,6 @@ func (ah *ApplicationHandler) getAdditionalRadixRegistrationUpdateValidators(cur
return validators
}

func (ah *ApplicationHandler) getMachineUserForApp(ctx context.Context, appName string) (*applicationModels.MachineUser, error) {
namespace := crdUtils.GetAppNamespace(appName)

log.Debugf("get service account for machine user in app %s of namespace %s", appName, namespace)
machineUserSA, err := ah.getMachineUserServiceAccount(ctx, appName, namespace)
if err != nil {
return nil, err
}

if len(machineUserSA.Secrets) == 0 {
return nil, fmt.Errorf("unable to get secrets on machine user service account")
}

tokenName := machineUserSA.Secrets[0].Name
log.Debugf("get secrets for machine user token %s in app %s of namespace %s", tokenName, appName, namespace)
token, err := ah.getUserAccount().Client.CoreV1().Secrets(namespace).Get(ctx, tokenName, metav1.GetOptions{})
if err != nil {
return nil, err
}

tokenStringData := string(token.Data["token"])
log.Debugf("token length: %v", len(tokenStringData))
tokenString := &tokenStringData

return &applicationModels.MachineUser{
Token: *tokenString,
}, nil
}

func (ah *ApplicationHandler) getMachineUserServiceAccount(ctx context.Context, appName, namespace string) (*corev1.ServiceAccount, error) {
machineUserName := defaults.GetMachineUserRoleName(appName)
log.Debugf("get service account for app %s in namespace %s and machine user: %s", appName, namespace, machineUserName)
machineUserSA, err := ah.getServiceAccount().Client.CoreV1().ServiceAccounts(namespace).Get(ctx, machineUserName, metav1.GetOptions{})
if err != nil {
return nil, err
}

return machineUserSA, nil
}

// RegenerateDeployKey Regenerates deploy key and secret and returns the new key
func (ah *ApplicationHandler) RegenerateDeployKey(ctx context.Context, appName string, regenerateDeployKeyAndSecretData applicationModels.RegenerateDeployKeyAndSecretData) error {
// Make check that this is an existing application and that the user has access to it
Expand Down
5 changes: 0 additions & 5 deletions api/applications/models/application_registration.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,6 @@ type ApplicationRegistration struct {
// required: true
Creator string `json:"creator"`

// MachineUser is on/off toggle of machine user for the application
//
// required: false
MachineUser bool `json:"machineUser"`

// WBS information
//
// required: false
Expand Down
10 changes: 0 additions & 10 deletions api/applications/models/application_registration_builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ type ApplicationRegistrationBuilder interface {
WithAdGroups([]string) ApplicationRegistrationBuilder
WithReaderAdGroups([]string) ApplicationRegistrationBuilder
WithCloneURL(string) ApplicationRegistrationBuilder
WithMachineUser(bool) ApplicationRegistrationBuilder
WithWBS(string) ApplicationRegistrationBuilder
WithConfigBranch(string) ApplicationRegistrationBuilder
WithConfigurationItem(string) ApplicationRegistrationBuilder
Expand All @@ -35,7 +34,6 @@ type applicationBuilder struct {
adGroups []string
readerAdGroups []string
cloneURL string
machineUser bool
wbs string
configBranch string
configurationItem string
Expand Down Expand Up @@ -64,7 +62,6 @@ func (rb *applicationBuilder) WithRadixRegistration(radixRegistration *v1.RadixR
rb.WithReaderAdGroups(radixRegistration.Spec.ReaderAdGroups)
rb.WithOwner(radixRegistration.Spec.Owner)
rb.WithCreator(radixRegistration.Spec.Creator)
rb.WithMachineUser(radixRegistration.Spec.MachineUser)
rb.WithWBS(radixRegistration.Spec.WBS)
rb.WithConfigBranch(radixRegistration.Spec.ConfigBranch)
rb.WithRadixConfigFullName(radixRegistration.Spec.RadixConfigFullName)
Expand Down Expand Up @@ -114,11 +111,6 @@ func (rb *applicationBuilder) WithReaderAdGroups(readerAdGroups []string) Applic
return rb
}

func (rb *applicationBuilder) WithMachineUser(machineUser bool) ApplicationRegistrationBuilder {
rb.machineUser = machineUser
return rb
}

func (rb *applicationBuilder) WithWBS(wbs string) ApplicationRegistrationBuilder {
rb.wbs = wbs
return rb
Expand Down Expand Up @@ -153,7 +145,6 @@ func (rb *applicationBuilder) Build() ApplicationRegistration {
ReaderAdGroups: rb.readerAdGroups,
Owner: rb.owner,
Creator: rb.creator,
MachineUser: rb.machineUser,
WBS: rb.wbs,
ConfigBranch: rb.configBranch,
RadixConfigFullName: rb.radixConfigFullName,
Expand All @@ -172,7 +163,6 @@ func (rb *applicationBuilder) BuildRR() (*v1.RadixRegistration, error) {
WithReaderAdGroups(rb.readerAdGroups).
WithOwner(rb.owner).
WithCreator(rb.creator).
WithMachineUser(rb.machineUser).
WithWBS(rb.wbs).
WithConfigBranch(rb.configBranch).
WithRadixConfigFullName(rb.radixConfigFullName).
Expand Down
7 changes: 0 additions & 7 deletions api/applications/models/application_registration_patch.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,6 @@ type ApplicationRegistrationPatch struct {
// required: false
Owner *string `json:"owner,omitempty"`

// MachineUser is used for interacting directly with Radix API
//
// required: false
// Extensions:
// x-nullable: true
MachineUser *bool `json:"machineUser,omitempty"`

// Repository the github repository
//
// required: false
Expand Down
10 changes: 0 additions & 10 deletions api/applications/models/machine_user.go

This file was deleted.

1 change: 0 additions & 1 deletion api/environments/environment_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1169,7 +1169,6 @@ func Test_GetEnvironmentEvents_Handler(t *testing.T) {
nsFunc := event.RadixEnvironmentNamespace(raBuilder.BuildRA(), anyEnvironment)
eventHandler.EXPECT().
GetEvents(context.Background(), controllertest.EqualsNamespaceFunc(nsFunc)).
Return(make([]*eventModels.Event, 0), fmt.Errorf("err")).
Return([]*eventModels.Event{{}, {}}, nil).
Times(1)

Expand Down
13 changes: 2 additions & 11 deletions api/test/gomock_matchers.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,17 +31,8 @@ func (m namespaceFuncMatcher) Matches(arg interface{}) bool {
return false
}

// Not equal if function pointer is different
if argv.Pointer() != fv.Pointer() {
return false
}

// Not equal if functions return different value
if m.f() != arg.(event.NamespaceFunc)() {
return false
}

return true
// equal if functions return same value
return m.f() == arg.(event.NamespaceFunc)()
}

func (m namespaceFuncMatcher) String() string {
Expand Down
Loading

0 comments on commit 6ae7da6

Please sign in to comment.