diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index aeca3ed..1d4e39f 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -24,7 +24,7 @@ jobs: - name: Lint uses: golangci/golangci-lint-action@v3 with: - version: v1.52.2 + version: v1.55.2 - name: Test run: make test diff --git a/.golangci.yml b/.golangci.yml index c333c2c..982cf36 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -53,7 +53,6 @@ linters: disable-all: true enable: - bodyclose - - depguard - dogsled - dupl - errcheck diff --git a/.reuse/dep5 b/.reuse/dep5 index 71d5691..53ce7fc 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -40,5 +40,6 @@ Files: vars.json VERSION manifest.yml + k8s-sidecar/* Copyright: 2020-2022 SAP SE or an SAP affiliate company and cloud-authorization-buildpack contributors License: Apache-2.0 diff --git a/k8s-sidecar/Dockerfile b/k8s-sidecar/Dockerfile new file mode 100644 index 0000000..f719ed0 --- /dev/null +++ b/k8s-sidecar/Dockerfile @@ -0,0 +1,16 @@ +FROM alpine + +RUN apk add bash jq +RUN apk add bash tar + +COPY resources/opa.tar.gz /opa.tar.gz + +RUN tar -xzf /opa.tar.gz -C /bin/ --remove-files + +RUN chmod +x /bin/opa + +COPY k8s-sidecar/start.sh / + +COPY k8s-sidecar/config-template.json / + +CMD ["/start.sh"] \ No newline at end of file diff --git a/k8s-sidecar/config-template.json b/k8s-sidecar/config-template.json new file mode 100644 index 0000000..e6e5685 --- /dev/null +++ b/k8s-sidecar/config-template.json @@ -0,0 +1,29 @@ +{ + "bundles": { + ($instanceID): { + "polling": { + "min_delay_seconds": 10, + "max_delay_seconds": 20 + }, + "service": "bundle_storage", + "resource": $instanceResource, + "signing": null, + "persist": false, + "size_limit_bytes": 0 + } + }, + "services": { + "bundle_storage": { + "url": $bundleUrl, + "credentials": { + "client_tls": { + "cert": $iasCertPath, + "private_key": $iasKeyPath + } + } + } + }, + "plugins": { + "dcl": true + } +} \ No newline at end of file diff --git a/k8s-sidecar/start.sh b/k8s-sidecar/start.sh new file mode 100755 index 0000000..6ded308 --- /dev/null +++ b/k8s-sidecar/start.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +if ! ls /etc/secrets/sapbtp/identity; then + >&2 echo "Error: No identity service found at /etc/secrets/sapbtp/identity" + exit 1 +fi +files=(/etc/secrets/sapbtp/identity/*) +if [ ${#files[@]} -gt 1 ]; then + >&2 echo "Error: More than one identity service found at /etc/secrets/sapbtp/identity" + exit 1 +fi + +bundle_url=$(cat "${files[0]}/url")/bundle-gateway +instance_id=$(cat "${files[0]}/authorization_instance_id") +ias_cert_path=$(pwd -P)/"${files[0]}/certificate" +ias_key_path=$(pwd -P)/"${files[0]}/key" + +jq -n --arg bundleUrl "$bundle_url" --arg iasCertPath "$ias_cert_path" --arg iasKeyPath "$ias_key_path" --arg instanceResource "$instance_id.tar.gz" --arg instanceID "$instance_id" -f config-template.json >config.yml + +>&2 echo "INFO: " "$(cat config.yml)" + +opa run -s -c config.yml --addr=[]:8181 diff --git a/pkg/supply/supply_suite_test.go b/pkg/supply/supply_suite_test.go index 04bdd6c..0a84804 100644 --- a/pkg/supply/supply_suite_test.go +++ b/pkg/supply/supply_suite_test.go @@ -1,13 +1,13 @@ package supply_test import ( - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" + "github.com/onsi/ginkgo" + "github.com/onsi/gomega" "testing" ) func TestSupply(t *testing.T) { - RegisterFailHandler(Fail) - RunSpecs(t, "Supply Suite") + gomega.RegisterFailHandler(ginkgo.Fail) + ginkgo.RunSpecs(t, "Supply Suite") } diff --git a/pkg/supply/supply_test.go b/pkg/supply/supply_test.go index 11382ff..ebd95ca 100644 --- a/pkg/supply/supply_test.go +++ b/pkg/supply/supply_test.go @@ -18,8 +18,8 @@ import ( "code.cloudfoundry.org/buildpackapplifecycle/buildpackrunner/resources" "github.com/cloudfoundry/libbuildpack" "github.com/golang/mock/gomock" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" + . "github.com/onsi/ginkgo" //nolint + . "github.com/onsi/gomega" //nolint "github.com/open-policy-agent/opa/config" "github.com/open-policy-agent/opa/plugins/bundle" "github.com/open-policy-agent/opa/plugins/rest"