Merge pull request #326 from kube-tarian/featute/provider_config

Added Provider config
kube-tarian · Nov 21, 2023 · 3ac9bfd · 3ac9bfd
2 parents f0e64c0 + 6bd9da1
commit 3ac9bfd
Show file tree

Hide file tree

Showing 5 changed files with 229 additions and 9 deletions.
diff --git a/capten/agent/internal/api/plugin_crossplane_provider_apis.go b/capten/agent/internal/api/plugin_crossplane_provider_apis.go
@@ -139,12 +139,16 @@ func (a *Agent) UpdateCrossplanProvider(ctx context.Context, request *captenplug
 			Status:        captenpluginspb.StatusCode_INTERNAL_ERROR,
 			StatusMessage: "failed to get crossplane provider for " + request.Id,
 		}, nil
-	}
-	if project == nil {
+	} else if project == nil {
 		return &captenpluginspb.UpdateCrossplanProviderResponse{
 			Status:        captenpluginspb.StatusCode_NOT_FOUND,
 			StatusMessage: "Crossplane provider is not available for" + request.Id,
 		}, nil
+	} else if project.CloudType != request.CloudType {
+		return &captenpluginspb.UpdateCrossplanProviderResponse{
+			Status:        captenpluginspb.StatusCode_INVALID_ARGUMENT,
+			StatusMessage: "Crossplane provider cloud type change is not supported for" + request.Id,
+		}, nil
 	}
 
 	provider := model.CrossplaneProvider{

diff --git a/capten/common-pkg/plugins/argocd/clusters.go b/capten/common-pkg/plugins/argocd/clusters.go
@@ -1,2 +1,97 @@
 package argocd
 
+import (
+	"context"
+
+	"github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster"
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v2/util/io"
+)
+
+func (a *ArgoCDClient) CreateCluster(ctx context.Context, clusterReq *Cluster) (*v1alpha1.Cluster, error) {
+	conn, appClient, err := a.client.NewClusterClient()
+	if err != nil {
+		return nil, err
+	}
+	defer io.Close(conn)
+
+	resp, err := appClient.Create(ctx, &cluster.ClusterCreateRequest{
+		Cluster: &v1alpha1.Cluster{
+			Server: clusterReq.Server,
+			Name:   clusterReq.Name,
+			Config: v1alpha1.ClusterConfig{
+				Username: clusterReq.Config.Username,
+				Password: clusterReq.Config.Password,
+				TLSClientConfig: v1alpha1.TLSClientConfig{
+					Insecure:   clusterReq.Config.Insecure,
+					ServerName: clusterReq.Config.ServerName,
+					CertData:   clusterReq.Config.CertData,
+					KeyData:    clusterReq.Config.KeyData,
+					CAData:     clusterReq.Config.CAData,
+				},
+			},
+			ConnectionState: v1alpha1.ConnectionState{
+				Status:  clusterReq.ConnectionState.Status,
+				Message: clusterReq.ConnectionState.Message,
+			},
+			Namespaces: clusterReq.Namespaces,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}
+
+func (a *ArgoCDClient) DeleteCluster(ctx context.Context, clusterURL string) (*cluster.ClusterResponse, error) {
+	conn, appClient, err := a.client.NewClusterClient()
+	if err != nil {
+		return nil, err
+	}
+	defer io.Close(conn)
+
+	resp, err := appClient.Delete(ctx, &cluster.ClusterQuery{
+		Id: &cluster.ClusterID{
+			Value: clusterURL,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+func (a *ArgoCDClient) GetCluster(ctx context.Context, clusterURL string) (*v1alpha1.Cluster, error) {
+	conn, appClient, err := a.client.NewClusterClient()
+	if err != nil {
+		return nil, err
+	}
+	defer io.Close(conn)
+
+	repository, err := appClient.Get(ctx, &cluster.ClusterQuery{
+		Id: &cluster.ClusterID{
+			Value: clusterURL,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return repository, nil
+}
+
+func (a *ArgoCDClient) ListClusters(ctx context.Context) (*v1alpha1.ClusterList, error) {
+	conn, appClient, err := a.client.NewClusterClient()
+	if err != nil {
+		return nil, err
+	}
+	defer io.Close(conn)
+
+	list, err := appClient.List(ctx, &cluster.ClusterQuery{})
+	if err != nil {
+		return nil, err
+	}
+
+	return list, nil
+}
diff --git a/capten/common-pkg/plugins/argocd/config.go b/capten/common-pkg/plugins/argocd/config.go
@@ -26,3 +26,38 @@ type Repository struct {
 	InsecureIgnoreHostKey bool            `json:"InsecureIgnoreHostKey"`
 	ConnectionState       ConnectionState `json:"ConnectionState"`
 }
+
+type TLSClientConfig struct {
+	// Insecure specifies that the server should be accessed without verifying the TLS certificate. For testing only.
+	Insecure bool `json:"insecure" `
+	// ServerName is passed to the server for SNI and is used in the client to check server
+	// certificates against. If ServerName is empty, the hostname used to contact the
+	// server is used.
+	ServerName string `json:"serverName,omitempty" `
+	// CertData holds PEM-encoded bytes (typically read from a client certificate file).
+	// CertData takes precedence over CertFile
+	CertData []byte `json:"certData,omitempty" `
+	// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
+	// KeyData takes precedence over KeyFile
+	KeyData []byte `json:"keyData,omitempty" `
+	// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
+	// CAData takes precedence over CAFile
+	CAData []byte `json:"caData,omitempty" `
+}
+
+type ClusterConfig struct {
+	// Server requires Basic authentication
+	Username string `json:"username,omitempty" `
+	Password string `json:"password,omitempty"`
+
+	// TLSClientConfig contains settings to enable transport layer security
+	TLSClientConfig `json:"tlsClientConfig"`
+}
+
+type Cluster struct {
+	Server          string          `json:"server"`
+	Name            string          `json:"name"`
+	Config          ClusterConfig   `json:"config"`
+	ConnectionState ConnectionState `json:"ConnectionState"`
+	Namespaces      []string        `json:"namespaces,omitempty"`
+}
diff --git a/capten/config-worker/internal/crossplane/config_crossplane_app.go b/capten/config-worker/internal/crossplane/config_crossplane_app.go
@@ -223,12 +223,33 @@ func (cp *CrossPlaneApp) createProviderConfigResource(provider agentmodel.Crossp
 	}
 
 	secretPath := fmt.Sprintf("%s/%s/%s", credentials.GenericCredentialType, cp.cfg.CloudProviderEntityName, provider.CloudProviderId)
-	providerConfigString := fmt.Sprintf(
-		crossplaneProviderTemplate,
-		cloudType, secretPath, secretPath,
-		cloudType, pkg, cloudType,
-	)
-	return providerConfigString, nil
+
+	switch provider.CloudType {
+	case "AWS":
+		providerConfigString := fmt.Sprintf(
+			crossplaneAWSProviderTemplate,
+			cloudType, secretPath, secretPath,
+			cloudType, pkg, cloudType,
+		)
+		return providerConfigString, nil
+	case "GCP":
+		providerConfigString := fmt.Sprintf(
+			crossplaneGCPProviderTemplate,
+			cloudType, secretPath, secretPath,
+			cloudType, pkg, cloudType,
+		)
+		return providerConfigString, nil
+	case "AZUR":
+		providerConfigString := fmt.Sprintf(
+			crossplaneAzureProviderTemplate,
+			cloudType, secretPath, secretPath,
+			cloudType, pkg, cloudType,
+		)
+		return providerConfigString, nil
+	default:
+		return "", fmt.Errorf("cloud type %s not supported", provider.CloudType)
+	}
+
 }
 
 func replaceCaptenUrls(dir string, src, target string) error {

diff --git a/capten/config-worker/internal/crossplane/types.go b/capten/config-worker/internal/crossplane/types.go
@@ -15,7 +15,7 @@ type crossplanePluginConfig struct {
 }
 
 const (
-	crossplaneProviderTemplate = `
+	crossplaneAWSProviderTemplate = `
 apiVersion: pkg.crossplane.io/v1alpha1
 kind: ControllerConfig
 metadata:
@@ -45,3 +45,68 @@ spec:
     name: "%s-vault-config"
 `
 )
+
+const (
+	crossplaneGCPProviderTemplate = `
+apiVersion: pkg.crossplane.io/v1alpha1
+kind: ControllerConfig
+metadata:
+name: "%s-vault-config"
+spec:
+args:
+  - --debug
+metadata:
+  annotations:
+    vault.hashicorp.com/agent-inject: "true"
+    vault.hashicorp.com/role: "vault-role-crossplane"
+    vault.hashicorp.com/agent-inject-secret-creds.txt: "secret/%s"
+    vault.hashicorp.com/agent-inject-template-creds.txt: |
+      {{- with secret "secret/%s" -}}
+        [default]
+        GOOGLE_CLOUD_KEYFILE_JSON="{{ .Data.data.keyfileJSON | toString }}"
+      {{- end -}}
+---
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+name: provider-%s
+spec:
+package: "%s"
+controllerConfigRef:
+  name: "%s-vault-config"
+`
+)
+
+const (
+	crossplaneAzureProviderTemplate = `
+apiVersion: pkg.crossplane.io/v1alpha1
+kind: ControllerConfig
+metadata:
+name: "%s-vault-config"
+spec:
+args:
+  - --debug
+metadata:
+  annotations:
+    vault.hashicorp.com/agent-inject: "true"
+    vault.hashicorp.com/role: "vault-role-crossplane"
+    vault.hashicorp.com/agent-inject-secret-creds.txt: "secret/%s"
+    vault.hashicorp.com/agent-inject-template-creds.txt: |
+      {{- with secret "secret/%s" -}}
+        [default]
+        AZURE_SUBSCRIPTION_ID="{{ .Data.data.subscriptionID }}"
+        AZURE_TENANT_ID="{{ .Data.data.tenantID }}"
+        AZURE_CLIENT_ID="{{ .Data.data.clientID }}"
+        AZURE_CLIENT_SECRET="{{ .Data.data.clientSecret }}"
+      {{- end -}}
+---
+apiVersion: pkg.crossplane.io/v1
+kind: Provider
+metadata:
+name: provider-%s
+spec:
+package: "%s"
+controllerConfigRef:
+  name: "%s-vault-config"
+`
+)