Merge pull request #449 from kube-tarian/preaction-vaultstore

Preaction vaultstore

capten/agent/internal/api/capten_skd_db_apis.go → capten/agent/internal/api/capten_sdk_db_apis.go

@@ -74,8 +74,9 @@ func setupPostgresDatabase(log logging.Logger, req *captensdkpb.DBSetupRequest)
 		UserName: conf.DBServiceUsername,
 		Password: conf.Password,
 		AdditionalData: map[string]string{
-			"db-url":  conf.DBAddress,
-			"db-name": conf.DBName,
+			"db-url":       conf.DBAddress,
+			"db-name":      conf.DBName,
+			"service-user": req.ServiceUserName,
 		},
 	})
 	return fmt.Sprintf("%s/%s/%s", credentials.CertCredentialType, req.PluginName, conf.EntityName),

capten/common-pkg/credential/client.go

@@ -15,7 +15,6 @@ const (
 	oauthClientSecretKey         = "CLIENT_SECRET"
 	captenConfigEntityName       = "capten-config"
 	globalValuesCredIdentifier   = "global-values"
-	PluginCredentialType         = "plugin"
 )
 
 func GetServiceUserCredential(ctx context.Context, svcEntity, userName string) (cred credentials.ServiceCredential, err error) {
@@ -202,7 +201,7 @@ func PutPluginCredential(ctx context.Context, pluginName, svcEntity string, cred
 		return errors.WithMessage(err, "error in initializing credential admin")
 	}
 
-	err = credAdmin.PutCredential(context.Background(), PluginCredentialType,
+	err = credAdmin.PutCredential(context.Background(), credentials.PluginCredentialType,
 		pluginName, svcEntity, cred)
 	if err != nil {
 		return errors.WithMessagef(err, "error in put generic cred for %s/%s", pluginName, svcEntity)
@@ -217,7 +216,7 @@ func GetPluginCredential(ctx context.Context, pluginName, svcEntity string) (cre
 		return
 	}
 
-	data, err := credReader.GetCredential(ctx, PluginCredentialType, pluginName, svcEntity)
+	data, err := credReader.GetCredential(ctx, credentials.PluginCredentialType, pluginName, svcEntity)
 	if err != nil {
 		err = errors.WithMessagef(err, "error while reading cluster global values %s/%s from the vault",
 			captenConfigEntityName, globalValuesCredIdentifier)

capten/common-pkg/k8s/client.go

@@ -113,9 +113,9 @@ func (k *K8SClient) ListPods(namespace string) ([]corev1.Pod, error) {
 	return pods.Items, nil
 }
 
-func (k *K8SClient) CreateConfigmap(namespace, cmName string, data map[string]string, annotation map[string]string) error {
+func (k *K8SClient) CreateConfigmap(ctx context.Context, namespace, cmName string, data map[string]string, annotation map[string]string) error {
 	_, err := k.Clientset.CoreV1().ConfigMaps(namespace).Create(
-		context.TODO(),
+		ctx,
 		&v1.ConfigMap{
 			ObjectMeta: metav1.ObjectMeta{Name: cmName, Annotations: annotation},
 			Data:       data,
@@ -124,9 +124,9 @@ func (k *K8SClient) CreateConfigmap(namespace, cmName string, data map[string]st
 	return err
 }
 
-func (k *K8SClient) UpdateConfigmap(namespace, cmName string, data map[string]string) error {
+func (k *K8SClient) UpdateConfigmap(ctx context.Context, namespace, cmName string, data map[string]string) error {
 	_, err := k.Clientset.CoreV1().ConfigMaps(namespace).Update(
-		context.TODO(),
+		ctx,
 		&v1.ConfigMap{
 			ObjectMeta: metav1.ObjectMeta{Name: cmName},
 			Data:       data,
@@ -135,16 +135,16 @@ func (k *K8SClient) UpdateConfigmap(namespace, cmName string, data map[string]st
 	return err
 }
 
-func (k *K8SClient) DeleteConfigmap(namespace, cmName string) error {
-	cm, _ := k.Clientset.CoreV1().ConfigMaps(namespace).Get(context.TODO(), cmName, metav1.GetOptions{})
+func (k *K8SClient) DeleteConfigmap(ctx context.Context, namespace, cmName string) error {
+	cm, _ := k.Clientset.CoreV1().ConfigMaps(namespace).Get(ctx, cmName, metav1.GetOptions{})
 	if cm != nil {
-		return k.Clientset.CoreV1().ConfigMaps(namespace).Delete(context.TODO(), cmName, metav1.DeleteOptions{})
+		return k.Clientset.CoreV1().ConfigMaps(namespace).Delete(ctx, cmName, metav1.DeleteOptions{})
 	}
 	return nil
 }
 
-func (k *K8SClient) GetConfigmap(namespace, cmName string) (map[string]string, error) {
-	cm, err := k.Clientset.CoreV1().ConfigMaps(namespace).Get(context.TODO(), cmName, metav1.GetOptions{})
+func (k *K8SClient) GetConfigmap(ctx context.Context, namespace, cmName string) (map[string]string, error) {
+	cm, err := k.Clientset.CoreV1().ConfigMaps(namespace).Get(ctx, cmName, metav1.GetOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -222,8 +222,8 @@ func (k *K8SClient) GetServiceData(namespace, serviceName string) (*ServiceData,
 	}, nil
 }
 
-func (k *K8SClient) CreateNamespace(namespace string) error {
-	_, err := k.Clientset.CoreV1().Namespaces().Create(context.TODO(), &v1.Namespace{
+func (k *K8SClient) CreateNamespace(ctx context.Context, namespace string) error {
+	_, err := k.Clientset.CoreV1().Namespaces().Create(ctx, &v1.Namespace{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Namespace",
 			APIVersion: "v1",
@@ -238,3 +238,7 @@ func (k *K8SClient) CreateNamespace(namespace string) error {
 	}
 	return nil
 }
+
+func (k *K8SClient) DeleteNamespace(ctx context.Context, namespace string) error {
+	return k.Clientset.CoreV1().Namespaces().Delete(ctx, namespace, metav1.DeleteOptions{})
+}

capten/common-pkg/plugins/helm/delete.go

@@ -3,13 +3,14 @@ package helm
 import (
 	"encoding/json"
 	"fmt"
+	"time"
 
 	helmclient "github.com/kube-tarian/kad/capten/common-pkg/plugins/helm/go-helm-client"
 	"github.com/kube-tarian/kad/capten/model"
 )
 
 func (h *HelmCLient) Delete(req *model.DeleteRequestPayload) (json.RawMessage, error) {
-	h.logger.Infof("Helm client Install invoke started")
+	h.logger.Infof("Helm client Delete invoke started")
 
 	helmClient, err := h.getHelmClient(req.Namespace)
 	if err != nil {
@@ -22,6 +23,7 @@ func (h *HelmCLient) Delete(req *model.DeleteRequestPayload) (json.RawMessage, e
 		ReleaseName: req.ReleaseName,
 		Namespace:   req.Namespace,
 		Wait:        true,
+		Timeout:     time.Duration(req.Timeout) * time.Minute,
 	}
 
 	// Uninstall the chart release.
@@ -33,6 +35,6 @@ func (h *HelmCLient) Delete(req *model.DeleteRequestPayload) (json.RawMessage, e
 	}
 
 	h.logger.Infof("helm uninstall of app %s successful in namespace: %v", req.ReleaseName, req.Namespace)
-	h.logger.Infof("Helm client Install invoke finished")
+	h.logger.Infof("Helm client Delete invoke finished")
 	return json.RawMessage(fmt.Sprintf("{\"status\": \"Application %s successful with helm client\"}", req.ReleaseName)), nil
 }

capten/common-pkg/plugins/helm/go-helm-client/client.go

@@ -908,4 +908,5 @@ func mergeUpgradeOptions(chartSpec *ChartSpec, upgradeOptions *action.Upgrade) {
 func mergeUninstallReleaseOptions(chartSpec *ChartSpec, uninstallReleaseOptions *action.Uninstall) {
 	uninstallReleaseOptions.DisableHooks = chartSpec.DisableHooks
 	uninstallReleaseOptions.Timeout = chartSpec.Timeout
+	uninstallReleaseOptions.Wait = chartSpec.Wait
 }

capten/common-pkg/vault-cred/vault_cred_client.go

@@ -47,6 +47,35 @@ func GetAppRoleToken(appRoleName string, credentialPaths []string) (string, erro
 	return tokenData.Token, nil
 }
 
+func DeleteAppRole(appRoleName string) error {
+	conf := &config{}
+	if err := envconfig.Process("", conf); err != nil {
+		return fmt.Errorf("vault cred config read failed, %v", err)
+	}
+
+	vc, err := grpc.Dial(conf.VaultCredAddress,
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithUnaryInterceptor(timeout.UnaryClientInterceptor(60*time.Second)),
+		grpc.WithKeepaliveParams(keepalive.ClientParameters{
+			Time:    30, // seconds
+			Timeout: 10, // seconds
+		}))
+	if err != nil {
+		return fmt.Errorf("failed to connect vauld-cred server, %v", err)
+	}
+	vcClient := vaultcredpb.NewVaultCredClient(vc)
+
+	resp, err := vcClient.DeleteAppRole(context.Background(), &vaultcredpb.DeleteAppRoleRequest{
+		RoleName: appRoleName,
+	})
+	if err != nil {
+		return fmt.Errorf("failed to delete app role %s, reason %v", appRoleName, err)
+	} else if resp.Status != vaultcredpb.StatusCode_OK {
+		return fmt.Errorf("failed to delete app role %s, stauts %v, message: %v", appRoleName, resp.Status, resp.StatusMessage)
+	}
+	return nil
+}
+
 func RegisterClusterVaultAuth(clusterID, clusterName string) error {
 	conf := &config{}
 	if err := envconfig.Process("", conf); err != nil {