Refactor to support modular routing

.github/workflows/README.md

@@ -2,7 +2,7 @@
 This monorepo consists of 3 artifacts that are versioned, built, and released separately.
 - minimal-app
 - operator
-- operator/webhook
+- operator/webapp
 
 ## PR builds
 When a PR is opened or updated, it will determine if any files changed in each of the sub-project directories.

.github/workflows/operator.yml

@@ -6,15 +6,15 @@ on:
       - operator/**
       - .github/workflows/operator.yml
       - .github/workflows/scripts
-      - "!operator/webhook/**"
+      - "!operator/webapp/**"
       - '!**.md'
       - '!operator/examples/**'
   push:
     branches:
       - main
     paths:
       - operator/**
-      - "!operator/webhook/**"
+      - "!operator/webapp/**"
       - '!**.md'
       - '!operator/examples/**'
 

.github/workflows/scripts/shared/verify_current_webapp_img.sh

@@ -0,0 +1,15 @@
+OPERATOR_DIR=operator
+OPERATOR_CONTROLLER_YAML=$OPERATOR_DIR/controller/core-controller.yaml
+
+verify_current_webapp_img() {
+  current_webapp_img=$(make --no-print-directory -C operator/webapp get-image-name)
+  webapp_image_used=$(yq eval '.spec.template.spec.containers[].image' $OPERATOR_CONTROLLER_YAML)
+
+  test -n "$current_webapp_img"
+  test -n "$webapp_image_used"
+
+  error_message="Operator is using $webapp_image_used but should be using the most recent $current_webapp_img."
+  test "$webapp_image_used" = "$current_webapp_img" || (echo $error_message && exit 1)
+}
+
+verify_current_webapp_img

.github/workflows/scripts/verify_operator_releasable.sh

@@ -7,8 +7,8 @@ verify_version_bump() {
   sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $OPERATOR_DIR \
   '-e ^operator/examples/
   -e ^operator/example/
-  -e ^operator/webhook/'
+  -e ^operator/webapp/'
 }
 
-sh .github/workflows/scripts/shared/verify_current_webhook_img.sh
+sh .github/workflows/scripts/shared/verify_current_webapp_img.sh
 verify_version_bump

.github/workflows/scripts/verify_webapp_releasable.sh

@@ -0,0 +1,13 @@
+set -eux
+
+WEBAPP_DIR=operator/webapp
+
+verify_version_bump() {
+  potential_tag=$(make --no-print-directory -C $WEBAPP_DIR get-tag)
+
+  # Changes to the Makefile are excluded since they will not change the webhook image
+  sh .github/workflows/scripts/shared/verify_changes_update_version.sh $potential_tag $WEBAPP_DIR '-e Makefile$'
+}
+
+sh .github/workflows/scripts/shared/verify_current_webapp_img.sh
+verify_version_bump

.github/workflows/webhook.yml → .github/workflows/webapp.yml

@@ -1,31 +1,31 @@
-name: webhook
+name: webapp
 on:
   workflow_dispatch:
   pull_request:
     paths:
-      - operator/webhook/**
-      - .github/workflows/webhook.yml
+      - operator/webapp/**
+      - .github/workflows/webapp.yml
       - .github/workflows/scripts
       - '!**.md'
   push:
     branches:
       - main
     paths:
-      - operator/webhook/**
+      - operator/webapp/**
       - '!**.md'
 
 env:
   PYTHON_VERSION: 3.11
-  WORKING_DIR: ./operator/webhook
+  WORKING_DIR: ./operator/webapp
 
 jobs:
   verify-versions:
     if: github.ref != 'refs/heads/main'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - run: sh .github/workflows/scripts/verify_webhook_releasable.sh
-        name: Verify webhook is in a state to be released on merge
+      - run: sh .github/workflows/scripts/verify_webapp_releasable.sh
+        name: Verify webapp is in a state to be released on merge
   test:
     name: unit test
     runs-on: ubuntu-latest

operator/Makefile

@@ -1,4 +1,4 @@
-VERSION ?= 0.13.0
+VERSION ?= 0.13.1
 GIT_TAG := operator_v$(VERSION)
 KEIP_INTEGRATION_IMAGE ?= ghcr.io/codice/keip/minimal-app:latest
 

operator/controller/core-controller.yaml

@@ -31,7 +31,7 @@ spec:
   hooks:
     sync:
       webhook:
-        url: http://integrationroute-webhook.keip/sync
+        url: http://integrationroute-webhook.keip/webhook/sync
         timeout: 10s
 ---
 apiVersion: v1
@@ -56,7 +56,7 @@ spec:
     spec:
       containers:
         - name: webhook
-          image: ghcr.io/codice/keip/route-webhook:0.15.0
+          image: ghcr.io/codice/keip/webapp:0.16.0
           ports:
             - containerPort: 7080
               name: webhook-http

operator/webhook/Dockerfile → operator/webapp/Dockerfile

@@ -2,11 +2,11 @@ FROM python:3.11.5-slim
 
 LABEL org.opencontainers.image.source=https://github.com/codice/keip
 
-WORKDIR /code/webhook
+WORKDIR /code/webapp
 
 COPY requirements.txt ./
 RUN pip install --no-cache-dir -r requirements.txt
 
 COPY . .
 
-ENTRYPOINT ["python", "-m", "uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7080", "--app-dir", "/code"]
+ENTRYPOINT ["python", "-m", "uvicorn", "webapp.app:app", "--host", "0.0.0.0", "--port", "7080", "--app-dir", "/code"]

operator/webhook/Makefile → operator/webapp/Makefile

@@ -1,11 +1,11 @@
-VERSION ?= 0.15.0
+VERSION ?= 0.16.0
 HOST_PORT ?= 7080
-GIT_TAG := webhook_v$(VERSION)
+GIT_TAG := webapp_v$(VERSION)
 
 IMG_REGISTRY := ghcr.io/codice
-IMG_NAME := keip/route-webhook
+IMG_NAME := keip/webapp
 FULL_IMAGE_NAME := $(IMG_REGISTRY)/$(IMG_NAME):$(VERSION)
-CONTAINER_NAME := integration-route-webhook
+CONTAINER_NAME := integration-route-webapp
 TEST_COVERAGE_DIR := .test_coverage
 TEST_COVERAGE_FILE := $(TEST_COVERAGE_DIR)/.coverage
 EXTRA_PYTEST_ARGS ?=
@@ -114,11 +114,11 @@ win-precommit: win-test win-format win-lint
 
 .PHONY: start-dev-server
 start-dev-server:
-	$(PYTHON) -m uvicorn --port 7080 --reload --app-dir .. webhook.app:app
+	$(PYTHON) -m uvicorn --port 7080 --reload --app-dir .. app:app
 
 .PHONY: win-start-dev-server
 win-start-dev-server:
-	$(WIN_PYTHON) -m uvicorn --port 7080 --reload --app-dir .. webhook.app:app
+	$(WIN_PYTHON) -m uvicorn --port 7080 --reload --app-dir .. app:app
 
 .PHONY: deploy
 deploy: build

operator/webhook/README.md → operator/webapp/README.md

@@ -1,19 +1,19 @@
-# Keip Integration Route Webhook
+# Keip Integration Route App
 
-A Python web server that implements
-a [lambda controller from the Metacontroller API](https://metacontroller.github.io/metacontroller/concepts.html#lambda-controller).
+A Python web server that implements the following endpoints:
+- `/webhook`: A [lambda controller from the Metacontroller API](https://metacontroller.github.io/metacontroller/concepts.html#lambda-controller).
 The webhook will be called as part of the Metacontroller control loop when `IntegrationRoute` parent
 resources are detected.
 
-The webhook contains two endpoints, `/sync` and `/addons/certmanager/sync`.
+  The webhook contains two endpoints, `/webhook/sync` and `/webhook/addons/certmanager/sync`.
 
-- `/sync`: The core logic that creates a `Deployment` from `IntegrationRoute` resources.
-- `/addons/certmanager/sync`: An add-on that creates
-  a [cert-manager.io/v1.Certificate](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Certificate)
-  based on annotations in an `IntegrationRoute`.
+  - `/webhook/sync`: The core logic that creates a `Deployment` from `IntegrationRoute` resources.
+  - `/webhook/addons/certmanager/sync`: An add-on that creates
+    a [cert-manager.io/v1.Certificate](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.Certificate)
+    based on annotations in an `IntegrationRoute`.
 
-The format for the request and response JSON payloads can be
-seen [here](https://metacontroller.github.io/metacontroller/api/compositecontroller.html#sync-hook)
+  The format for the request and response JSON payloads can be
+  seen [here](https://metacontroller.github.io/metacontroller/api/compositecontroller.html#sync-hook)
 
 ## Developer Guide
 

operator/webhook/addons/certmanager/README.md → operator/webapp/addons/certmanager/README.md

@@ -1,20 +1,20 @@
-# Certmanager Addon
-
-The Certmanager Addon creates certificates for `IntegrationRoute`s based off of annotations in the `IntegrationRoute`.
-
-See the example `IntegrationRoute` in the [README](../../../example/README.md#example-integrationroute-using-tls-and-the-certmanager-addon).
-
-## Supported Annotations
-- **cert-manager.io/issuer:** The name of an `Issuer` to acquire the `Certificate` required for this `IntegrationRoute`. The `Issuer` must be in the same namespace as the `IntegrationRoute` resource.
-- **cert-manager.io/cluster-issuer:** The name of a `ClusterIssuer` to acquire the `Certificate` required for this `IntegrationRoute`. It does not matter which namespace your `IntegrationRoute` resides, as `ClusterIssuer`s are non-namespaced resources.
-- **cert-manager.io/common-name:** (optional) This annotation allows you to configure `spec.commonName` for the `Certificate` to be generated.
-- **cert-manager.io/subject-countries:** (optional) This annotation allows you to configure the `spec.subject.countries` field for the `Certificate` to be generated. Supports comma-separated values e.g. "Country 1,Country 2".
-- **cert-manager.io/subject-localities:** (optional) This annotation allows you to configure the `spec.subject.localities` field for the `Certificate` to be generated. Supports comma-separated values e.g. "City 1,City 2".
-- **cert-manager.io/subject-provinces:** (optional) This annotation allows you to configure the `spec.subject.provinces` field for the `Certificate` to be generated. Supports comma-separated values e.g. "Province 1,Province 2".
-- **cert-manager.io/subject-organizationalunits:** (optional) This annotation allows you to configure the `spec.subject.organizationalUnits` field for the `Certificate` to be generated. Supports comma-separated values e.g. "IT Services,Cloud Services".
-- **cert-manager.io/alt-names:** (optional) This annotation allows you to configure subject alternative names (SANs). Supports comma-separated values e.g. "san1,san2".
-
-> **_NOTE:_**  `IntegrationRoute`s cannot have both `cert-manager.io/issuer` and `cert-manager.io/cluster-issuer` annotations.
-
-## See Also
-- [Cert-manager.io Supported Annotations](https://cert-manager.io/docs/usage/ingress/#supported-annotations)
+# Certmanager Addon
+
+The Certmanager Addon creates certificates for `IntegrationRoute`s based off of annotations in the `IntegrationRoute`.
+
+See the example `IntegrationRoute` in the [README](../../../example/README.md#example-integrationroute-using-tls-and-the-certmanager-addon).
+
+## Supported Annotations
+- **cert-manager.io/issuer:** The name of an `Issuer` to acquire the `Certificate` required for this `IntegrationRoute`. The `Issuer` must be in the same namespace as the `IntegrationRoute` resource.
+- **cert-manager.io/cluster-issuer:** The name of a `ClusterIssuer` to acquire the `Certificate` required for this `IntegrationRoute`. It does not matter which namespace your `IntegrationRoute` resides, as `ClusterIssuer`s are non-namespaced resources.
+- **cert-manager.io/common-name:** (optional) This annotation allows you to configure `spec.commonName` for the `Certificate` to be generated.
+- **cert-manager.io/subject-countries:** (optional) This annotation allows you to configure the `spec.subject.countries` field for the `Certificate` to be generated. Supports comma-separated values e.g. "Country 1,Country 2".
+- **cert-manager.io/subject-localities:** (optional) This annotation allows you to configure the `spec.subject.localities` field for the `Certificate` to be generated. Supports comma-separated values e.g. "City 1,City 2".
+- **cert-manager.io/subject-provinces:** (optional) This annotation allows you to configure the `spec.subject.provinces` field for the `Certificate` to be generated. Supports comma-separated values e.g. "Province 1,Province 2".
+- **cert-manager.io/subject-organizationalunits:** (optional) This annotation allows you to configure the `spec.subject.organizationalUnits` field for the `Certificate` to be generated. Supports comma-separated values e.g. "IT Services,Cloud Services".
+- **cert-manager.io/alt-names:** (optional) This annotation allows you to configure subject alternative names (SANs). Supports comma-separated values e.g. "san1,san2".
+
+> **_NOTE:_**  `IntegrationRoute`s cannot have both `cert-manager.io/issuer` and `cert-manager.io/cluster-issuer` annotations.
+
+## See Also
+- [Cert-manager.io Supported Annotations](https://cert-manager.io/docs/usage/ingress/#supported-annotations)