add k8s sidecar docker dir (#76)

* add k8s sidecar docker dir * fix license * remove depguard from go-clilint * update golang-cli-lint version * ignore dot imports in tests
SAP · Jan 4, 2024 · 4ffaa24 · 4ffaa24
1 parent e5146bb
commit 4ffaa24
Show file tree

Hide file tree

Showing 8 changed files with 75 additions and 8 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -24,7 +24,7 @@ jobs:
     - name: Lint
       uses: golangci/golangci-lint-action@v3
       with:
-        version: v1.52.2
+        version: v1.55.2
 
     - name: Test
       run: make test
diff --git a/.golangci.yml b/.golangci.yml
@@ -53,7 +53,6 @@ linters:
   disable-all: true
   enable:
     - bodyclose
-    - depguard
     - dogsled
     - dupl
     - errcheck

diff --git a/.reuse/dep5 b/.reuse/dep5
@@ -40,5 +40,6 @@ Files:
     vars.json
     VERSION
     manifest.yml
+    k8s-sidecar/*
 Copyright: 2020-2022 SAP SE or an SAP affiliate company and cloud-authorization-buildpack contributors
 License: Apache-2.0
diff --git a/k8s-sidecar/Dockerfile b/k8s-sidecar/Dockerfile
@@ -0,0 +1,16 @@
+FROM alpine
+
+RUN apk add bash jq
+RUN apk add bash tar
+
+COPY resources/opa.tar.gz /opa.tar.gz
+
+RUN tar -xzf /opa.tar.gz -C /bin/ --remove-files
+
+RUN chmod +x /bin/opa
+
+COPY k8s-sidecar/start.sh /
+
+COPY k8s-sidecar/config-template.json /
+
+CMD ["/start.sh"]
diff --git a/k8s-sidecar/config-template.json b/k8s-sidecar/config-template.json
@@ -0,0 +1,29 @@
+{
+  "bundles": {
+	($instanceID): {
+	  "polling": {
+		"min_delay_seconds": 10,
+		"max_delay_seconds": 20
+	  },
+	  "service": "bundle_storage",
+	  "resource": $instanceResource,
+	  "signing": null,
+	  "persist": false,
+	  "size_limit_bytes": 0
+	}
+  },
+  "services": {
+	"bundle_storage": {
+	  "url": $bundleUrl,
+	  "credentials": {
+		"client_tls": {
+		  "cert": $iasCertPath,
+		  "private_key": $iasKeyPath
+		}
+	  }
+	}
+  },
+  "plugins": {
+	"dcl": true
+  }
+}
diff --git a/k8s-sidecar/start.sh b/k8s-sidecar/start.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+if ! ls /etc/secrets/sapbtp/identity; then
+    >&2 echo "Error: No identity service found at /etc/secrets/sapbtp/identity"
+    exit 1
+fi
+files=(/etc/secrets/sapbtp/identity/*)
+if [ ${#files[@]} -gt 1 ]; then
+  >&2 echo "Error: More than one identity service found at /etc/secrets/sapbtp/identity"
+  exit 1
+fi
+
+bundle_url=$(cat "${files[0]}/url")/bundle-gateway
+instance_id=$(cat "${files[0]}/authorization_instance_id")
+ias_cert_path=$(pwd -P)/"${files[0]}/certificate"
+ias_key_path=$(pwd -P)/"${files[0]}/key"
+
+jq -n --arg bundleUrl "$bundle_url" --arg iasCertPath "$ias_cert_path" --arg iasKeyPath "$ias_key_path" --arg instanceResource "$instance_id.tar.gz" --arg instanceID "$instance_id" -f config-template.json >config.yml
+
+>&2 echo "INFO: " "$(cat config.yml)"
+
+opa run -s -c config.yml --addr=[]:8181
diff --git a/pkg/supply/supply_suite_test.go b/pkg/supply/supply_suite_test.go
@@ -1,13 +1,13 @@
 package supply_test
 
 import (
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	"github.com/onsi/ginkgo"
+	"github.com/onsi/gomega"
 
 	"testing"
 )
 
 func TestSupply(t *testing.T) {
-	RegisterFailHandler(Fail)
-	RunSpecs(t, "Supply Suite")
+	gomega.RegisterFailHandler(ginkgo.Fail)
+	ginkgo.RunSpecs(t, "Supply Suite")
 }
diff --git a/pkg/supply/supply_test.go b/pkg/supply/supply_test.go
@@ -18,8 +18,8 @@ import (
 	"code.cloudfoundry.org/buildpackapplifecycle/buildpackrunner/resources"
 	"github.com/cloudfoundry/libbuildpack"
 	"github.com/golang/mock/gomock"
-	. "github.com/onsi/ginkgo"
-	. "github.com/onsi/gomega"
+	. "github.com/onsi/ginkgo" //nolint
+	. "github.com/onsi/gomega" //nolint
 	"github.com/open-policy-agent/opa/config"
 	"github.com/open-policy-agent/opa/plugins/bundle"
 	"github.com/open-policy-agent/opa/plugins/rest"