diff --git a/capten/agent/internal/api/capten_skd_db_apis.go b/capten/agent/internal/api/capten_sdk_db_apis.go similarity index 95% rename from capten/agent/internal/api/capten_skd_db_apis.go rename to capten/agent/internal/api/capten_sdk_db_apis.go index 8188bb61..a51a82d6 100644 --- a/capten/agent/internal/api/capten_skd_db_apis.go +++ b/capten/agent/internal/api/capten_sdk_db_apis.go @@ -74,8 +74,9 @@ func setupPostgresDatabase(log logging.Logger, req *captensdkpb.DBSetupRequest) UserName: conf.DBServiceUsername, Password: conf.Password, AdditionalData: map[string]string{ - "db-url": conf.DBAddress, - "db-name": conf.DBName, + "db-url": conf.DBAddress, + "db-name": conf.DBName, + "service-user": req.ServiceUserName, }, }) return fmt.Sprintf("%s/%s/%s", credentials.CertCredentialType, req.PluginName, conf.EntityName), diff --git a/capten/agent/internal/pb/captenpluginspb/capten_plugins.pb.go b/capten/agent/internal/pb/captenpluginspb/capten_plugins.pb.go index bb47c2cc..9ac60c0e 100644 --- a/capten/agent/internal/pb/captenpluginspb/capten_plugins.pb.go +++ b/capten/agent/internal/pb/captenpluginspb/capten_plugins.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v3.12.4 +// protoc-gen-go v1.33.0 +// protoc v3.19.6 // source: capten_plugins.proto package captenpluginspb diff --git a/capten/agent/internal/pb/captenpluginspb/capten_plugins_grpc.pb.go b/capten/agent/internal/pb/captenpluginspb/capten_plugins_grpc.pb.go index 0539244a..fbeac222 100644 --- a/capten/agent/internal/pb/captenpluginspb/capten_plugins_grpc.pb.go +++ b/capten/agent/internal/pb/captenpluginspb/capten_plugins_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v3.12.4 +// - protoc v3.19.6 // source: capten_plugins.proto package captenpluginspb diff --git a/capten/common-pkg/agentpb/agent.pb.go b/capten/common-pkg/agentpb/agent.pb.go index 60577a62..94029424 100644 --- a/capten/common-pkg/agentpb/agent.pb.go +++ b/capten/common-pkg/agentpb/agent.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v3.12.4 +// protoc-gen-go v1.33.0 +// protoc v3.19.6 // source: agent.proto package agentpb diff --git a/capten/common-pkg/agentpb/agent_grpc.pb.go b/capten/common-pkg/agentpb/agent_grpc.pb.go index 712c8441..68fae477 100644 --- a/capten/common-pkg/agentpb/agent_grpc.pb.go +++ b/capten/common-pkg/agentpb/agent_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v3.12.4 +// - protoc v3.19.6 // source: agent.proto package agentpb diff --git a/capten/common-pkg/capten-sdk/captensdkpb/capten_sdk.pb.go b/capten/common-pkg/capten-sdk/captensdkpb/capten_sdk.pb.go index edbe07c1..491a7d12 100644 --- a/capten/common-pkg/capten-sdk/captensdkpb/capten_sdk.pb.go +++ b/capten/common-pkg/capten-sdk/captensdkpb/capten_sdk.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v3.12.4 +// protoc-gen-go v1.33.0 +// protoc v3.19.6 // source: capten_sdk.proto package captensdkpb diff --git a/capten/common-pkg/capten-sdk/captensdkpb/capten_sdk_grpc.pb.go b/capten/common-pkg/capten-sdk/captensdkpb/capten_sdk_grpc.pb.go index 77675e3b..34a57c99 100644 --- a/capten/common-pkg/capten-sdk/captensdkpb/capten_sdk_grpc.pb.go +++ b/capten/common-pkg/capten-sdk/captensdkpb/capten_sdk_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v3.12.4 +// - protoc v3.19.6 // source: capten_sdk.proto package captensdkpb diff --git a/capten/common-pkg/cluster-plugins/clusterpluginspb/cluster_plugins.pb.go b/capten/common-pkg/cluster-plugins/clusterpluginspb/cluster_plugins.pb.go index 13c76577..97f3b07c 100644 --- a/capten/common-pkg/cluster-plugins/clusterpluginspb/cluster_plugins.pb.go +++ b/capten/common-pkg/cluster-plugins/clusterpluginspb/cluster_plugins.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v3.12.4 +// protoc-gen-go v1.33.0 +// protoc v3.19.6 // source: cluster_plugins.proto package clusterpluginspb diff --git a/capten/common-pkg/cluster-plugins/clusterpluginspb/cluster_plugins_grpc.pb.go b/capten/common-pkg/cluster-plugins/clusterpluginspb/cluster_plugins_grpc.pb.go index f984c037..eefffde6 100644 --- a/capten/common-pkg/cluster-plugins/clusterpluginspb/cluster_plugins_grpc.pb.go +++ b/capten/common-pkg/cluster-plugins/clusterpluginspb/cluster_plugins_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v3.12.4 +// - protoc v3.19.6 // source: cluster_plugins.proto package clusterpluginspb diff --git a/capten/common-pkg/credential/client.go b/capten/common-pkg/credential/client.go index c8a9009d..d8fa5a4e 100644 --- a/capten/common-pkg/credential/client.go +++ b/capten/common-pkg/credential/client.go @@ -15,7 +15,6 @@ const ( oauthClientSecretKey = "CLIENT_SECRET" captenConfigEntityName = "capten-config" globalValuesCredIdentifier = "global-values" - PluginCredentialType = "plugin" ) func GetServiceUserCredential(ctx context.Context, svcEntity, userName string) (cred credentials.ServiceCredential, err error) { @@ -202,7 +201,7 @@ func PutPluginCredential(ctx context.Context, pluginName, svcEntity string, cred return errors.WithMessage(err, "error in initializing credential admin") } - err = credAdmin.PutCredential(context.Background(), PluginCredentialType, + err = credAdmin.PutCredential(context.Background(), credentials.PluginCredentialType, pluginName, svcEntity, cred) if err != nil { return errors.WithMessagef(err, "error in put generic cred for %s/%s", pluginName, svcEntity) @@ -217,7 +216,7 @@ func GetPluginCredential(ctx context.Context, pluginName, svcEntity string) (cre return } - data, err := credReader.GetCredential(ctx, PluginCredentialType, pluginName, svcEntity) + data, err := credReader.GetCredential(ctx, credentials.PluginCredentialType, pluginName, svcEntity) if err != nil { err = errors.WithMessagef(err, "error while reading cluster global values %s/%s from the vault", captenConfigEntityName, globalValuesCredIdentifier) diff --git a/capten/common-pkg/k8s/client.go b/capten/common-pkg/k8s/client.go index 7c17cbd2..657702aa 100644 --- a/capten/common-pkg/k8s/client.go +++ b/capten/common-pkg/k8s/client.go @@ -113,9 +113,9 @@ func (k *K8SClient) ListPods(namespace string) ([]corev1.Pod, error) { return pods.Items, nil } -func (k *K8SClient) CreateConfigmap(namespace, cmName string, data map[string]string, annotation map[string]string) error { +func (k *K8SClient) CreateConfigmap(ctx context.Context, namespace, cmName string, data map[string]string, annotation map[string]string) error { _, err := k.Clientset.CoreV1().ConfigMaps(namespace).Create( - context.TODO(), + ctx, &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{Name: cmName, Annotations: annotation}, Data: data, @@ -124,9 +124,9 @@ func (k *K8SClient) CreateConfigmap(namespace, cmName string, data map[string]st return err } -func (k *K8SClient) UpdateConfigmap(namespace, cmName string, data map[string]string) error { +func (k *K8SClient) UpdateConfigmap(ctx context.Context, namespace, cmName string, data map[string]string) error { _, err := k.Clientset.CoreV1().ConfigMaps(namespace).Update( - context.TODO(), + ctx, &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{Name: cmName}, Data: data, @@ -135,16 +135,16 @@ func (k *K8SClient) UpdateConfigmap(namespace, cmName string, data map[string]st return err } -func (k *K8SClient) DeleteConfigmap(namespace, cmName string) error { - cm, _ := k.Clientset.CoreV1().ConfigMaps(namespace).Get(context.TODO(), cmName, metav1.GetOptions{}) +func (k *K8SClient) DeleteConfigmap(ctx context.Context, namespace, cmName string) error { + cm, _ := k.Clientset.CoreV1().ConfigMaps(namespace).Get(ctx, cmName, metav1.GetOptions{}) if cm != nil { - return k.Clientset.CoreV1().ConfigMaps(namespace).Delete(context.TODO(), cmName, metav1.DeleteOptions{}) + return k.Clientset.CoreV1().ConfigMaps(namespace).Delete(ctx, cmName, metav1.DeleteOptions{}) } return nil } -func (k *K8SClient) GetConfigmap(namespace, cmName string) (map[string]string, error) { - cm, err := k.Clientset.CoreV1().ConfigMaps(namespace).Get(context.TODO(), cmName, metav1.GetOptions{}) +func (k *K8SClient) GetConfigmap(ctx context.Context, namespace, cmName string) (map[string]string, error) { + cm, err := k.Clientset.CoreV1().ConfigMaps(namespace).Get(ctx, cmName, metav1.GetOptions{}) if err != nil { return nil, err } @@ -222,8 +222,8 @@ func (k *K8SClient) GetServiceData(namespace, serviceName string) (*ServiceData, }, nil } -func (k *K8SClient) CreateNamespace(namespace string) error { - _, err := k.Clientset.CoreV1().Namespaces().Create(context.TODO(), &v1.Namespace{ +func (k *K8SClient) CreateNamespace(ctx context.Context, namespace string) error { + _, err := k.Clientset.CoreV1().Namespaces().Create(ctx, &v1.Namespace{ TypeMeta: metav1.TypeMeta{ Kind: "Namespace", APIVersion: "v1", @@ -238,3 +238,7 @@ func (k *K8SClient) CreateNamespace(namespace string) error { } return nil } + +func (k *K8SClient) DeleteNamespace(ctx context.Context, namespace string) error { + return k.Clientset.CoreV1().Namespaces().Delete(ctx, namespace, metav1.DeleteOptions{}) +} diff --git a/capten/common-pkg/plugins/helm/delete.go b/capten/common-pkg/plugins/helm/delete.go index 0720a1ea..2b68cfe8 100644 --- a/capten/common-pkg/plugins/helm/delete.go +++ b/capten/common-pkg/plugins/helm/delete.go @@ -3,13 +3,14 @@ package helm import ( "encoding/json" "fmt" + "time" helmclient "github.com/kube-tarian/kad/capten/common-pkg/plugins/helm/go-helm-client" "github.com/kube-tarian/kad/capten/model" ) func (h *HelmCLient) Delete(req *model.DeleteRequestPayload) (json.RawMessage, error) { - h.logger.Infof("Helm client Install invoke started") + h.logger.Infof("Helm client Delete invoke started") helmClient, err := h.getHelmClient(req.Namespace) if err != nil { @@ -22,6 +23,7 @@ func (h *HelmCLient) Delete(req *model.DeleteRequestPayload) (json.RawMessage, e ReleaseName: req.ReleaseName, Namespace: req.Namespace, Wait: true, + Timeout: time.Duration(req.Timeout) * time.Minute, } // Uninstall the chart release. @@ -33,6 +35,6 @@ func (h *HelmCLient) Delete(req *model.DeleteRequestPayload) (json.RawMessage, e } h.logger.Infof("helm uninstall of app %s successful in namespace: %v", req.ReleaseName, req.Namespace) - h.logger.Infof("Helm client Install invoke finished") + h.logger.Infof("Helm client Delete invoke finished") return json.RawMessage(fmt.Sprintf("{\"status\": \"Application %s successful with helm client\"}", req.ReleaseName)), nil } diff --git a/capten/common-pkg/plugins/helm/go-helm-client/client.go b/capten/common-pkg/plugins/helm/go-helm-client/client.go index 292189b1..e050dbbd 100644 --- a/capten/common-pkg/plugins/helm/go-helm-client/client.go +++ b/capten/common-pkg/plugins/helm/go-helm-client/client.go @@ -908,4 +908,5 @@ func mergeUpgradeOptions(chartSpec *ChartSpec, upgradeOptions *action.Upgrade) { func mergeUninstallReleaseOptions(chartSpec *ChartSpec, uninstallReleaseOptions *action.Uninstall) { uninstallReleaseOptions.DisableHooks = chartSpec.DisableHooks uninstallReleaseOptions.Timeout = chartSpec.Timeout + uninstallReleaseOptions.Wait = chartSpec.Wait } diff --git a/capten/common-pkg/vault-cred/vault_cred_client.go b/capten/common-pkg/vault-cred/vault_cred_client.go index 195da333..da14dc9d 100644 --- a/capten/common-pkg/vault-cred/vault_cred_client.go +++ b/capten/common-pkg/vault-cred/vault_cred_client.go @@ -47,6 +47,35 @@ func GetAppRoleToken(appRoleName string, credentialPaths []string) (string, erro return tokenData.Token, nil } +func DeleteAppRole(appRoleName string) error { + conf := &config{} + if err := envconfig.Process("", conf); err != nil { + return fmt.Errorf("vault cred config read failed, %v", err) + } + + vc, err := grpc.Dial(conf.VaultCredAddress, + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithUnaryInterceptor(timeout.UnaryClientInterceptor(60*time.Second)), + grpc.WithKeepaliveParams(keepalive.ClientParameters{ + Time: 30, // seconds + Timeout: 10, // seconds + })) + if err != nil { + return fmt.Errorf("failed to connect vauld-cred server, %v", err) + } + vcClient := vaultcredpb.NewVaultCredClient(vc) + + resp, err := vcClient.DeleteAppRole(context.Background(), &vaultcredpb.DeleteAppRoleRequest{ + RoleName: appRoleName, + }) + if err != nil { + return fmt.Errorf("failed to delete app role %s, reason %v", appRoleName, err) + } else if resp.Status != vaultcredpb.StatusCode_OK { + return fmt.Errorf("failed to delete app role %s, stauts %v, message: %v", appRoleName, resp.Status, resp.StatusMessage) + } + return nil +} + func RegisterClusterVaultAuth(clusterID, clusterName string) error { conf := &config{} if err := envconfig.Process("", conf); err != nil { diff --git a/capten/common-pkg/vault-cred/vaultcredpb/vault_cred.pb.go b/capten/common-pkg/vault-cred/vaultcredpb/vault_cred.pb.go index 57a56e31..1d6c6a6f 100644 --- a/capten/common-pkg/vault-cred/vaultcredpb/vault_cred.pb.go +++ b/capten/common-pkg/vault-cred/vaultcredpb/vault_cred.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v3.12.4 +// protoc-gen-go v1.33.0 +// protoc v3.19.6 // source: vault_cred.proto package vaultcredpb diff --git a/capten/common-pkg/vault-cred/vaultcredpb/vault_cred_grpc.pb.go b/capten/common-pkg/vault-cred/vaultcredpb/vault_cred_grpc.pb.go index 945c113b..dcdcd5a2 100644 --- a/capten/common-pkg/vault-cred/vaultcredpb/vault_cred_grpc.pb.go +++ b/capten/common-pkg/vault-cred/vaultcredpb/vault_cred_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v3.12.4 +// - protoc v3.19.6 // source: vault_cred.proto package vaultcredpb diff --git a/capten/deployment-worker/internal/activities/plugin_activity.go b/capten/deployment-worker/internal/activities/plugin_activity.go index 37d4c9ac..5c5d281e 100644 --- a/capten/deployment-worker/internal/activities/plugin_activity.go +++ b/capten/deployment-worker/internal/activities/plugin_activity.go @@ -4,13 +4,43 @@ import ( "context" "encoding/json" "fmt" + "strings" "github.com/kelseyhightower/envconfig" "github.com/kube-tarian/kad/capten/common-pkg/capten-sdk/db" "github.com/kube-tarian/kad/capten/common-pkg/cluster-plugins/clusterpluginspb" "github.com/kube-tarian/kad/capten/common-pkg/k8s" pluginconfigstore "github.com/kube-tarian/kad/capten/common-pkg/pluginconfig-store" + vaultcred "github.com/kube-tarian/kad/capten/common-pkg/vault-cred" "github.com/kube-tarian/kad/capten/model" + v1 "k8s.io/api/core/v1" +) + +const ( + postgresStoreInitializingStatus = "postgres-" + "initializing" + postgresStoreInitializedStatus = "postgres-" + "initialized" + postgresStoreInitializeFailedStatus = "postgres-" + "initialize-faield" + postgresStoreUninitializingStatus = "postgres-" + "uninitializing" + postgresStoreUninitializedStatus = "postgres-" + "uninitialized" + postgresStoreUninitializeFailedStatus = "postgres-" + "uninitialize-failed" + vaultStoreInitializingStatus = "vaultstore-" + "initializing" + vaultStoreInitializedStatus = "vaultstore-" + "initialized" + vaultStoreInitializeFailedStatus = "vaultstore-" + "initialize-failed" + vaultStoreUnitializingStatus = "vaultstore-" + "uninitializing" + vaultStoreUninitializedStatus = "vaultstore-" + "uninitialized" + vaultStoreUninitializeFailedStatus = "vaultstore-" + "uninitialize-failed" + mtlsInitializingStatus = "mtls-" + "initializing" + mtlsInitializedStatus = "mtls-" + "initialized" + mtlsInitializeFailedStatus = "mtls-" + "initialize-failed" + mtlsUnitializingStatus = "mtls-" + "uninitializing" + mtlsUnitializedStatus = "mtls-" + "uninitialized" + mtlsUnitializeFailedStatus = "mtls-" + "uninitialize-failed" + deleteUnitiazingStatus = "delete-" + "uninitializing" + deleteSuccessStatus = "delete-" + "success" + deleteFailedStatus = "delete-" + "failed" + deployedStatus = "deployed" + + pluginConfigmapNameTemplate = "-init-config" ) type Configuration struct { @@ -49,7 +79,8 @@ func NewPluginActivities() (*PluginActivities, error) { } func (p *PluginActivities) PluginDeployPreActionPostgresStoreActivity(ctx context.Context, req *clusterpluginspb.Plugin) (*model.ResponsePayload, error) { - err := p.updateStatus(req.PluginName, "postgres-"+"initializing") + logger.Infof("Deploy postgres store started") + err := p.updateStatus(req.PluginName, postgresStoreInitializingStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", @@ -73,7 +104,8 @@ func (p *PluginActivities) PluginDeployPreActionPostgresStoreActivity(ctx contex }, err } - err = p.createUpdateConfigmap(req.DefaultNamespace, req.PluginName+"-init-config", map[string]string{ + pluginInitConfigmapName := req.PluginName + pluginConfigmapNameTemplate + err = p.createUpdateConfigmap(ctx, req.DefaultNamespace, pluginInitConfigmapName, map[string]string{ "vault-path": vaultPath, }) if err != nil { @@ -83,7 +115,7 @@ func (p *PluginActivities) PluginDeployPreActionPostgresStoreActivity(ctx contex }, err } - err = p.updateStatus(req.PluginName, "postgres-"+"initialized") + err = p.updateStatus(req.PluginName, postgresStoreInitializedStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", @@ -96,7 +128,7 @@ func (p *PluginActivities) PluginDeployPreActionPostgresStoreActivity(ctx contex } func (p *PluginActivities) PluginUndeployPreActionPostgresStoreActivity(ctx context.Context, req *pluginconfigstore.PluginConfig) (*model.ResponsePayload, error) { - err := p.updateStatus(req.PluginName, "postgres-"+"uninitializing") + err := p.updateStatus(req.PluginName, postgresStoreUninitializingStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", @@ -113,13 +145,19 @@ func (p *PluginActivities) PluginUndeployPreActionPostgresStoreActivity(ctx cont }) // TODO: Invoke captensdk DBDestroy - err = p.pas.DeletePluginConfigByPluginName(req.DefaultNamespace) + err = p.pas.DeletePluginConfigByPluginName(req.PluginName) if err != nil { return &model.ResponsePayload{ Status: "FAILED", Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"update status: %s\"}", err.Error())), }, err } + + err = p.updateStatus(req.PluginName, postgresStoreUninitializedStatus) + if err != nil { + logger.Errorf("failed to update uninitialized status, %v", err) + } + return &model.ResponsePayload{ Status: "SUCCESS", }, nil @@ -129,27 +167,51 @@ func (p *PluginActivities) PluginDeployPreActionVaultStoreActivity( ctx context.Context, req *clusterpluginspb.Plugin, ) (*model.ResponsePayload, error) { - err := p.updateStatus(req.PluginName, "vaultstore-"+"initializing") + err := p.updateStatus(req.PluginName, vaultStoreInitializingStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"update status: %s\"}", err.Error())), }, err } - // TODO: Call vault policy creation and path authorizations - // Write the credentials in the vault - logger.Infof("vault store activity Not implemented yet") - err = p.createUpdateConfigmap(req.DefaultNamespace, req.PluginName+"-init-config", map[string]string{}) + // Get vault token to access vault secret path + vaultPaths := []string{"plugin/" + req.PluginName + "/*", "generic/" + req.PluginName + "/*"} + token, err := vaultcred.GetAppRoleToken(req.PluginName, vaultPaths) + if err != nil { + logger.Errorf("failed to get vault token for the path, %v", err) + return &model.ResponsePayload{ + Status: "FAILED", + Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"vault token status: %s\"}", err.Error())), + }, err + } + + // Create a secret with token data + err = p.k8sClient.CreateOrUpdateSecret(ctx, req.DefaultNamespace, req.PluginName+"-vault-token", v1.SecretTypeOpaque, map[string][]byte{ + "token": []byte(token), + "secret-path": []byte(strings.Join(vaultPaths, ",")), + }, nil) + if err != nil { + logger.Errorf("failed to create secret %s with vault token, %v", req.PluginName+"-vault-token", err) + return &model.ResponsePayload{ + Status: "FAILED", + Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"vault token secret status: %s\"}", err.Error())), + }, err + } + + pluginInitConfigmapName := req.PluginName + pluginConfigmapNameTemplate + err = p.createUpdateConfigmap(ctx, req.DefaultNamespace, pluginInitConfigmapName, map[string]string{ + "vault-token-secret-name": req.PluginName + "-vault-token", + }) if err != nil { logger.Errorf("createupdate configmap failed: %v", err) return &model.ResponsePayload{ Status: "FAILED", - Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"update configmap: %s\"}", req.PluginName+"-init-config")), + Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"update configmap: %s\"}", pluginInitConfigmapName)), }, err } - err = p.updateStatus(req.PluginName, "vaultstore-"+"initialized") + err = p.updateStatus(req.PluginName, vaultStoreInitializedStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", @@ -165,31 +227,39 @@ func (p *PluginActivities) PluginUndeployPreActionVaultStoreActivity( ctx context.Context, req *pluginconfigstore.PluginConfig, ) (*model.ResponsePayload, error) { - err := p.updateStatus(req.PluginName, "vaultstore-"+"uninitializing") + // If any failure log error and should not return error + err := p.updateStatus(req.PluginName, vaultStoreUnitializingStatus) if err != nil { - return &model.ResponsePayload{ - Status: "FAILED", - Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"%s\"}", err.Error())), - }, err + logger.Errorf("failed to update undeploy status to vaultstore-uninitializing, %v", err) } - // TODO: Call vault policy creation and path authorizations - // Write the credentials in the vault - logger.Infof("vault store activity Not implemented yet") - err = p.updateStatus(req.PluginName, "vaultstore-"+"uninitialized") + // Delete App role + err = vaultcred.DeleteAppRole(req.PluginName) if err != nil { + logger.Errorf("failed to delete vault app role, %v", err) return &model.ResponsePayload{ Status: "FAILED", Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"%s\"}", err.Error())), }, err } + + // Delete a secret with token data + err = p.k8sClient.DeleteSecret(ctx, req.DefaultNamespace, req.PluginName+"-vault-token") + if err != nil { + logger.Errorf("failed to delete secret %s, %v", req.PluginName+"-vault-token", err) + } + + err = p.updateStatus(req.PluginName, vaultStoreUninitializedStatus) + if err != nil { + logger.Errorf("failed to update undeploy status to vaultstore-uninitialized, %v", err) + } return &model.ResponsePayload{ Status: "SUCCESS", }, nil } func (p *PluginActivities) PluginDeployPreActionMTLSActivity(ctx context.Context, req *clusterpluginspb.Plugin) (*model.ResponsePayload, error) { - err := p.updateStatus(req.PluginName, "mtls-"+"initializing") + err := p.updateStatus(req.PluginName, mtlsInitializingStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", @@ -200,16 +270,17 @@ func (p *PluginActivities) PluginDeployPreActionMTLSActivity(ctx context.Context // Write the mtls in the vault/conigmap logger.Infof("MTLS activity Not implemented yet") - err = p.createUpdateConfigmap(req.DefaultNamespace, req.PluginName+"-init-config", map[string]string{}) + pluginInitConfigmapName := req.PluginName + pluginConfigmapNameTemplate + err = p.createUpdateConfigmap(ctx, req.DefaultNamespace, pluginInitConfigmapName, map[string]string{}) if err != nil { logger.Errorf("createupdate configmap failed: %v", err) return &model.ResponsePayload{ Status: "FAILED", - Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"update configmap failed, %s\"}", req.PluginName+"-init-config")), + Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"update configmap failed, %s\"}", pluginInitConfigmapName)), }, err } - err = p.updateStatus(req.PluginName, "mtls-"+"initialized") + err = p.updateStatus(req.PluginName, mtlsInitializedStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", @@ -222,7 +293,7 @@ func (p *PluginActivities) PluginDeployPreActionMTLSActivity(ctx context.Context } func (p *PluginActivities) PluginUndeployPreActionMTLSActivity(ctx context.Context, req *pluginconfigstore.PluginConfig) (*model.ResponsePayload, error) { - err := p.updateStatus(req.PluginName, "mtls-"+"uninitializing") + err := p.updateStatus(req.PluginName, mtlsUnitializingStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", @@ -233,7 +304,7 @@ func (p *PluginActivities) PluginUndeployPreActionMTLSActivity(ctx context.Conte // Write the mtls in the vault/conigmap logger.Infof("MTLS activity Not implemented yet") - err = p.updateStatus(req.PluginName, "mtls-"+"uninitialized") + err = p.updateStatus(req.PluginName, mtlsUnitializedStatus) if err != nil { return &model.ResponsePayload{ Status: "FAILED", @@ -246,46 +317,61 @@ func (p *PluginActivities) PluginUndeployPreActionMTLSActivity(ctx context.Conte } // PluginDeployPostActionActivity... Updates the plugin deployment as "installed" -func (p *PluginActivities) PluginDeployPostActionActivity(ctx context.Context, req *clusterpluginspb.Plugin) (model.ResponsePayload, error) { - err := p.updateStatus(req.PluginName, "deployed") +func (p *PluginActivities) PluginDeployPostActionActivity(ctx context.Context, req *clusterpluginspb.Plugin) (*model.ResponsePayload, error) { + pluginInitConfigmapName := req.PluginName + pluginConfigmapNameTemplate + err := p.createUpdateConfigmap(ctx, req.DefaultNamespace, pluginInitConfigmapName, map[string]string{ + "capten-agent-address": p.config.AgentAddress, + }) if err != nil { - return model.ResponsePayload{ + logger.Errorf("update configmap failed to add agent address: %v", err) + return &model.ResponsePayload{ + Status: "FAILED", + Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"update configmap failed, %s\"}", pluginInitConfigmapName)), + }, err + } + + err = p.updateStatus(req.PluginName, deployedStatus) + if err != nil { + return &model.ResponsePayload{ Status: "FAILED", Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"%s\"}", err.Error())), }, err } - return model.ResponsePayload{ + return &model.ResponsePayload{ Status: "SUCCESS", }, nil } // PluginDeployPostActionActivity... Updates the plugin deployment as "installed" -func (p *PluginActivities) PluginUndeployPostActionActivity(ctx context.Context, req *pluginconfigstore.PluginConfig) (model.ResponsePayload, error) { - err := p.k8sClient.DeleteConfigmap(req.DefaultNamespace, req.PluginName+"-init-config") +func (p *PluginActivities) PluginUndeployPostActionActivity(ctx context.Context, req *pluginconfigstore.PluginConfig) (*model.ResponsePayload, error) { + pluginInitConfigmapName := req.PluginName + pluginConfigmapNameTemplate + err := p.k8sClient.DeleteConfigmap(ctx, req.DefaultNamespace, pluginInitConfigmapName) if err != nil { - return model.ResponsePayload{ + return &model.ResponsePayload{ Status: "FAILED", - Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"delete configmap %s faled\"}", req.PluginName+"-init-config")), + Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"delete configmap %s faled\"}", pluginInitConfigmapName)), }, err } err = p.pas.DeletePluginConfigByPluginName(req.PluginName) if err != nil { - return model.ResponsePayload{ + return &model.ResponsePayload{ Status: "FAILED", Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"%s\"}", err.Error())), }, err } - return model.ResponsePayload{ + // TODO: Is delete namespace to be invoked? + + return &model.ResponsePayload{ Status: "SUCCESS", }, nil } -func (p *PluginActivities) PluginUndeployActivity(ctx context.Context, req *model.DeployerDeleteRequest) (model.ResponsePayload, error) { - err := p.updateStatus(req.ReleaseName, "delete-"+"uninitialized") +func (p *PluginActivities) PluginUndeployActivity(ctx context.Context, req *model.DeployerDeleteRequest) (*model.ResponsePayload, error) { + err := p.updateStatus(req.ReleaseName, deleteUnitiazingStatus) if err != nil { - return model.ResponsePayload{ + return &model.ResponsePayload{ Status: "FAILED", Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"%s\"}", err.Error())), }, err @@ -293,20 +379,19 @@ func (p *PluginActivities) PluginUndeployActivity(ctx context.Context, req *mode resp, err := uninstallApplication(req) if err != nil { - status := "delete-" + "failed" - _ = p.updateStatus(req.ReleaseName, status) - return resp, err + _ = p.updateStatus(req.ReleaseName, deleteFailedStatus) + return &resp, err } - err = p.updateStatus(req.ReleaseName, "delete-"+"success") + err = p.updateStatus(req.ReleaseName, deleteSuccessStatus) if err != nil { - return model.ResponsePayload{ + return &model.ResponsePayload{ Status: "FAILED", Message: json.RawMessage(fmt.Sprintf("{ \"reason\": \"%s\"}", err.Error())), }, err } - return model.ResponsePayload{ + return &model.ResponsePayload{ Status: "SUCCESS", }, nil } @@ -321,24 +406,28 @@ func (p *PluginActivities) updateStatus(releaseName, status string) error { return nil } -func (p *PluginActivities) createUpdateConfigmap(namespace, cmName string, data map[string]string) error { - err := p.k8sClient.CreateNamespace(namespace) +func (p *PluginActivities) createUpdateConfigmap(ctx context.Context, namespace, cmName string, data map[string]string) error { + err := p.k8sClient.CreateNamespace(ctx, namespace) if err != nil { logger.Errorf("Creation of namespace failed: %v", err) return fmt.Errorf("creation of namespace faield") } - cm, err := p.k8sClient.GetConfigmap(namespace, cmName) + cm, err := p.k8sClient.GetConfigmap(ctx, namespace, cmName) if err != nil { logger.Infof("plugin configmap %s not found", cmName) - err = p.k8sClient.CreateConfigmap(namespace, cmName, data, nil) + err = p.k8sClient.CreateConfigmap(ctx, namespace, cmName, data, map[string]string{}) if err != nil { return fmt.Errorf("failed to create configmap %v", cmName) } } + // configmap found but data is empty/nil + if cm == nil { + cm = map[string]string{} + } for k, v := range data { cm[k] = v } - err = p.k8sClient.UpdateConfigmap(namespace, cmName, cm) + err = p.k8sClient.UpdateConfigmap(ctx, namespace, cmName, cm) if err != nil { return fmt.Errorf("plugin configmap %s not found", cmName) } diff --git a/capten/deployment-worker/internal/workflows/plugin_workflow.go b/capten/deployment-worker/internal/workflows/plugin_workflow.go index bb9dc705..a539c61e 100644 --- a/capten/deployment-worker/internal/workflows/plugin_workflow.go +++ b/capten/deployment-worker/internal/workflows/plugin_workflow.go @@ -73,7 +73,7 @@ func hanldeDeployWorkflow(ctx workflow.Context, payload json.RawMessage, log log }, err } - log.Infof("Started plugin workflow for %s", req.PluginName) + log.Infof("Started plugin workflow for %s with capabilities: %v", req.PluginName, req.Capabilities) for _, capability := range req.Capabilities { switch capability { case "capten-sdk": diff --git a/capten/go.mod b/capten/go.mod index 39c513c7..f75fad15 100644 --- a/capten/go.mod +++ b/capten/go.mod @@ -10,15 +10,13 @@ require ( github.com/google/uuid v1.3.1 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0 github.com/hashicorp/go-multierror v1.1.1 - github.com/intelops/go-common v1.0.22 + github.com/intelops/go-common v1.0.23 github.com/kelseyhightower/envconfig v1.4.0 github.com/kube-tarian/kad/integrator v0.0.0-20230520105805-73f03d9dcfcc github.com/ory/client-go v1.1.49 github.com/pkg/errors v0.9.1 - github.com/sigstore/sigstore v1.8.2 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 - github.com/theupdateframework/go-tuf v0.7.0 go.temporal.io/api v1.13.0 go.temporal.io/sdk v1.19.0 go.uber.org/atomic v1.9.0 @@ -44,6 +42,7 @@ require ( github.com/cloudflare/circl v1.3.3 // indirect github.com/coreos/go-oidc/v3 v3.9.0 // indirect github.com/go-redis/cache/v9 v9.0.0 // indirect + github.com/go-test/deep v1.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-github/v53 v53.0.0 // indirect @@ -58,19 +57,16 @@ require ( github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.1 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect + github.com/poy/onpar v1.1.2 // indirect github.com/redis/go-redis/v9 v9.1.0 // indirect - github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect github.com/skeema/knownhosts v1.2.1 // indirect - github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect go.opentelemetry.io/otel/metric v1.17.0 // indirect golang.org/x/mod v0.12.0 // indirect golang.org/x/tools v0.13.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect - gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect oras.land/oras-go/v2 v2.2.0 // indirect ) diff --git a/capten/go.sum b/capten/go.sum index 9b1125af..f2298b34 100644 --- a/capten/go.sum +++ b/capten/go.sum @@ -464,6 +464,7 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= +github.com/a8m/expect v1.0.0/go.mod h1:4IwSCMumY49ScypDnjNbYEjgVeqy1/U2cEs3Lat96eA= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -854,6 +855,7 @@ github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a/go.mod h1:7Ga40eg github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= @@ -1253,8 +1255,8 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= -github.com/intelops/go-common v1.0.22 h1:NMu4N12J2ZCMOu2uL663Hu6RrPqkKuKHJCWZETxzZ9k= -github.com/intelops/go-common v1.0.22/go.mod h1:mxWXDclCU5PYafm6xwetolYwT7SftsNr0+WNa0P4LGE= +github.com/intelops/go-common v1.0.23 h1:cR60kI/h6AXNoH3xAj7fKq9TedfrzNVpGAlHGg3JMww= +github.com/intelops/go-common v1.0.23/go.mod h1:mxWXDclCU5PYafm6xwetolYwT7SftsNr0+WNa0P4LGE= github.com/ishidawataru/sctp v0.0.0-20190723014705-7c296d48a2b5/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= @@ -1321,8 +1323,6 @@ github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= -github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks= github.com/jmoiron/sqlx v1.3.1/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= @@ -1400,8 +1400,6 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= -github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e h1:RLTpX495BXToqxpM90Ws4hXEo4Wfh81jr9DX1n/4WOo= -github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e/go.mod h1:EAuqr9VFWxBi9nD5jc/EA2MT1RFty9288TF6zdtYoCU= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -1450,6 +1448,7 @@ github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= +github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= @@ -1545,6 +1544,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nakagami/firebirdsql v0.0.0-20190310045651-3c02a58cfed8/go.mod h1:86wM1zFnC6/uDBfZGNwB65O+pR2OFi5q/YQaEUid1qA= github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= +github.com/nelsam/hel/v2 v2.3.2/go.mod h1:1ZTGfU2PFTOd5mx22i5O0Lc2GY933lQ2wb/ggy+rL3w= github.com/neo4j/neo4j-go-driver v1.8.1-0.20200803113522-b626aa943eba/go.mod h1:ncO5VaFWh0Nrt+4KT4mOZboaczBZcLuHrG+/sUeP8gI= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= @@ -1664,6 +1664,7 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/poy/onpar v0.0.0-20190519213022-ee068f8ea4d1/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU= +github.com/poy/onpar v0.0.0-20200406201722-06f95a1c68e8/go.mod h1:nSbFQvMj97ZyhFRSJYtut+msi4sOY6zJDGCdSc+/rZU= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= @@ -1759,8 +1760,6 @@ github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= -github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= -github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= @@ -1771,8 +1770,6 @@ github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR github.com/showa-93/go-mask v0.6.0 h1:nNW3dgEocYB7QCGzgRx9wlYrepEg+tRw/keg7u1ftY8= github.com/showa-93/go-mask v0.6.0/go.mod h1:aswIj007gm0EPAzOGES9ACy1jDm3QT08/LPSClMp410= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sigstore/sigstore v1.8.2 h1:0Ttjcn3V0fVQXlYq7+oHaaHkGFIt3ywm7SF4JTU/l8c= -github.com/sigstore/sigstore v1.8.2/go.mod h1:CHVcSyknCcjI4K2ZhS1SI28r0tcQyBlwtALG536x1DY= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -1805,6 +1802,7 @@ github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk= @@ -1848,11 +1846,7 @@ github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= -github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= -github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= @@ -2485,6 +2479,7 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200313205530-4303120df7d8/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2808,8 +2803,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.0/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= -gopkg.in/go-jose/go-jose.v2 v2.6.1 h1:qEzJlIDmG9q5VO0M/o8tGS65QMHMS1w01TQJB1VPJ4U= -gopkg.in/go-jose/go-jose.v2 v2.6.1/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= diff --git a/charts/kad/values.yaml b/charts/kad/values.yaml index f19ff2b4..57c6b6fe 100644 --- a/charts/kad/values.yaml +++ b/charts/kad/values.yaml @@ -47,7 +47,7 @@ DomainName: capten vault: address: http://vault:8200 role: vault-role-capten-agent - policyNames: "vault-policy-certs-admin,vault-policy-service-cred-admin,vault-policy-generic-cred-admin" + policyNames: "vault-policy-certs-admin,vault-policy-service-cred-admin,vault-policy-generic-cred-admin,vault-policy-plugin-cred-admin" vaultCred: address: http://vault-cred:8080