From 74a2fd7b199af5863b14c5f6afc2e523ab9aa614 Mon Sep 17 00:00:00 2001 From: Richard Kovacs Date: Mon, 4 Jul 2022 14:57:16 +0200 Subject: [PATCH] Split Taskfile to sections (#129) --- .task/cluster.yml | 12 ++ .task/docker.yml | 110 +++++++++++ .task/fetch.yml | 98 ++++++++++ .task/go.yml | 248 +++++++++++++++++++++++++ Taskfile.yml | 462 +--------------------------------------------- 5 files changed, 473 insertions(+), 457 deletions(-) create mode 100644 .task/cluster.yml create mode 100644 .task/docker.yml create mode 100644 .task/fetch.yml create mode 100644 .task/go.yml diff --git a/.task/cluster.yml b/.task/cluster.yml new file mode 100644 index 0000000..8bd2702 --- /dev/null +++ b/.task/cluster.yml @@ -0,0 +1,12 @@ +version: 3 +tasks: + create: + desc: create kind cluster + deps: + - delete + cmds: + - ./bin/kind create cluster --retain --name "{{.KIND_CLUSTER_NAME}}" --wait 2m --config ./tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kind.yaml + delete: + desc: destroy kind cluster + cmds: + - ./bin/kind delete cluster --name "{{.KIND_CLUSTER_NAME}}" \ No newline at end of file diff --git a/.task/docker.yml b/.task/docker.yml new file mode 100644 index 0000000..76acbf9 --- /dev/null +++ b/.task/docker.yml @@ -0,0 +1,110 @@ +version: 3 +vars: + NOW: + sh: date +'%s' + BASE_IMAGE: + sh: '([ -z "$BASE_IMAGE" ] && head -1 Dockerfile | cut -d= -f2) || echo $BASE_IMAGE' +tasks: + build: + desc: build docker images + cmds: + - task: build:proxy + - task: build:debug + - task: build:vault + - task: build:awskms + - task: build:trousseau + build:proxy: + cmds: + - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=proxy -t $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION . + status: + - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" + build:debug: + cmds: + - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/debug -t $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION . + status: + - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" + build:vault: + cmds: + - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/vault -t $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION . + status: + - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" + build:awskms: + cmds: + - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/awskms -t $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION . + status: + - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" + build:trousseau: + cmds: + - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=trousseau -t $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION . + status: + - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" + push: + desc: push docker image + cmds: + - task: push:proxy + - task: push:debug + - task: push:vault + - task: push:awskms + - task: push:trousseau + push:proxy: + cmds: + - docker push $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION + push:debug: + cmds: + - docker push $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION + push:vault: + cmds: + - docker push $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION + push:awskms: + cmds: + - docker push $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION + push:trousseau: + cmds: + - docker push $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION + run: + desc: run docker image + cmds: + - task: run:proxy + - task: run:debug + - task: run:vault + - task: run:awskms + - task: run:trousseau + run:proxy: + deps: + - :bin-dir:init + cmds: + - docker rm -f trousseau-proxy || true + - docker run -d --name trousseau-proxy --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION + run:debug: + deps: + - :bin-dir:init + cmds: + - docker rm -f trousseau-debug || true + - docker run -d --name trousseau-debug --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION + run:vault: + deps: + - :bin-dir:init + cmds: + - docker rm -f trousseau-local-vault || true + - docker run -d --name=trousseau-local-vault --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=vault-kms-demo' vault + - sleep 5 + - docker exec -e VAULT_ADDR=http://127.0.0.1:8200 trousseau-local-vault vault login vault-kms-demo + - docker exec -e VAULT_ADDR=http://127.0.0.1:8200 trousseau-local-vault vault secrets enable transit + - docker rm -f trousseau-vault || true + - docker run -d --name trousseau-vault --rm --network=container:trousseau-local-vault -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/vault.yaml:/etc/config.yaml -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION --config-file-path=/etc/config.yaml -v=3 + run:awskms: + deps: + - :bin-dir:init + cmds: + - docker rm -f trousseau-local-aws || true + - docker run --name trousseau-local-aws --rm --hostname localhost.localstack.cloud -d -e SERVICES=kms -e HOSTNAME=localhost.localstack.cloud -e HOSTNAME_EXTERNAL=localhost.localstack.cloud -e DEFAULT_REGION=eu-west-1 -e KMS_PROVIDER=kms-local -p 4566:4566 -p 4510-4559:4510-4559 localstack/localstack:0.14.4 + - sleep 5 + - 'printf %"s\n" "endpoint: https://localhost.localstack.cloud:4566" "profile: trousseau-local-aws" "keyArn: $(docker exec trousseau-local-aws awslocal kms create-key | grep Arn | cut -d''"'' -f4)" > tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/awskms.yaml' + - docker rm -f trousseau-awskms || true + - docker run -d --name trousseau-awskms --rm --network=container:trousseau-local-aws -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/aws-credentials.ini:/.aws/credentials -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/awskms.yaml:/etc/config.yaml -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION --config-file-path=/etc/config.yaml -v=3 + run:trousseau: + deps: + - :bin-dir:init + cmds: + - docker rm -f trousseau-core || true + - docker run -d --name trousseau-core --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION {{.ENABLED_PROVIDERS}} -v=3 diff --git a/.task/fetch.yml b/.task/fetch.yml new file mode 100644 index 0000000..cf6aba5 --- /dev/null +++ b/.task/fetch.yml @@ -0,0 +1,98 @@ +version: 3 +vars: + KIND_VERSION: 0.14.0 + GOSEC_VERSION: 2.11.0 + GOLANGCI_VERSION: 1.46.2 + HELM_VERSION: 3.6.3 + VAULT_VERSION: 1.8.1 + KUBECTL_VERSION: 1.21.1 + KUTTL_VERSION: 0.12.1 + HUSKY_VERSION: 0.2.8 +tasks: + all: + desc: fetch all tools + cmds: + - task: kubectl + - task: kind + - task: kuttl + golangci: + deps: + - :bin-dir:init + desc: install golanci + cmds: + - curl -L https://github.com/golangci/golangci-lint/releases/download/v{{.GOLANGCI_VERSION}}/golangci-lint-{{.GOLANGCI_VERSION}}-{{OS}}-{{ARCH}}.tar.gz | tar xvz --one-top-level=golangcitmp + - mv golangcitmp/golangci-lint-{{.GOLANGCI_VERSION}}-{{OS}}-{{ARCH}}/golangci-lint ./bin/golangci-lint + - chmod 755 bin/golangci-lint + - rm -rf golangcitmp + status: + - test -f ./bin/golangci-lint + gosec: + deps: + - :bin-dir:init + desc: install gosec + cmds: + - curl -L https://github.com/securego/gosec/releases/download/v{{.GOSEC_VERSION}}/gosec_{{.GOSEC_VERSION}}_{{OS}}_{{ARCH}}.tar.gz | tar xvz --one-top-level=gosectmp + - mv gosectmp/gosec ./bin/gosec + - chmod 755 bin/gosec + - rm -rf gosectmp + status: + - test -f ./bin/gosec + kind: + deps: + - :bin-dir:init + desc: install kind + cmds: + - curl -L https://github.com/kubernetes-sigs/kind/releases/download/v{{.KIND_VERSION}}/kind-{{OS}}-{{ARCH}} --output ./bin/kind && chmod +x ./bin/kind + status: + - test -f ./bin/kind + helm: + deps: + - :bin-dir:init + desc: install helm + cmds: + - curl -L https://get.helm.sh/helm-v{{.HELM_VERSION}}-{{OS}}-{{ARCH}}.tar.gz | tar xvz -C ./ + - mv {{OS}}-{{ARCH}}/helm ./bin/helm + - chmod 755 bin/helm + - rm -rf {{OS}}-{{ARCH}} + status: + - test -f ./bin/helm + vault: + desc: install vault + cmds: + - curl "https://releases.hashicorp.com/vault/{{.VAULT_VERSION}}/vault_{{.VAULT_VERSION}}_{{OS}}_{{ARCH}}.zip" -o "vault.zip" + - unzip vault.zip + - mv vault bin/vault + - chmod 755 bin/vault + - rm vault.zip + status: + - test -f bin/vault + kubectl: + deps: + - :bin-dir:init + desc: install kubectl + cmds: + - curl -Lo ./bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v{{.KUBECTL_VERSION}}/bin/{{OS}}/{{ARCH}}/kubectl + - chmod +x ./bin/kubectl + status: + - test -f ./bin/kubectl + kuttl: + deps: + - :bin-dir:init + desc: install kuttl + cmds: + - cd bin ; curl -L https://github.com/kudobuilder/kuttl/releases/download/v{{.KUTTL_VERSION}}/kuttl_{{.KUTTL_VERSION}}_{{OS}}_x86_64.tar.gz | tar -xz kubectl-kuttl + status: + - test -f ./bin/kuttl + husky: + deps: + - :bin-dir:init + desc: install husky + cmds: + - cd bin ; curl -L https://github.com/automation-co/husky/releases/download/v{{.HUSKY_VERSION}}/husky_{{.HUSKY_VERSION}}_{{.CAP_ARCH}}_x86_64.tar.gz | tar -xz husky + - chmod +x ./bin/husky + - ./bin/husky install + vars: + CAP_ARCH: + sh: uname + status: + - test -f ./bin/husky \ No newline at end of file diff --git a/.task/go.yml b/.task/go.yml new file mode 100644 index 0000000..84004a3 --- /dev/null +++ b/.task/go.yml @@ -0,0 +1,248 @@ +version: 3 +silent: true +tasks: + tidy: + desc: go tidy + cmds: + - task: tidy:proxy + - task: tidy:debug + - task: tidy:vault + - task: tidy:awskms + - task: tidy:trousseau + tidy:proxy: + dir: proxy + cmds: + - go mod tidy + tidy:debug: + dir: providers/debug + cmds: + - go mod tidy + tidy:vault: + dir: providers/vault + cmds: + - go mod tidy + tidy:awskms: + dir: providers/awskms + cmds: + - go mod tidy + tidy:trousseau: + dir: trousseau + cmds: + - go mod tidy + fmt: + desc: go fmt + cmds: + - task: fmt:proxy + - task: fmt:debug + - task: fmt:vault + - task: fmt:awskms + - task: fmt:trousseau + fmt:proxy: + dir: proxy + cmds: + - go fmt ./... + fmt:debug: + dir: providers/debug + cmds: + - go fmt ./... + fmt:vault: + dir: providers/vault + cmds: + - go fmt ./... + fmt:awskms: + dir: providers/awskms + cmds: + - go fmt ./... + fmt:trousseau: + dir: trousseau + cmds: + - go fmt ./... + vet: + desc: go vet + cmds: + - task: vet:proxy + - task: vet:debug + - task: vet:vault + - task: vet:awskms + - task: vet:trousseau + vet:proxy: + dir: proxy + cmds: + - go vet ./... + vet:debug: + dir: providers/debug + cmds: + - go vet ./... + vet:vault: + dir: providers/vault + cmds: + - go vet ./... + vet:awskms: + dir: providers/awskms + cmds: + - go vet ./... + vet:trousseau: + dir: trousseau + cmds: + - go vet ./... + gosec: + desc: go gosec + cmds: + - task: gosec:proxy + - task: gosec:debug + - task: gosec:vault + - task: gosec:awskms + - task: gosec:trousseau + gosec:proxy: + dir: proxy + cmds: + - gosec ./... + gosec:debug: + dir: providers/debug + cmds: + - gosec ./... + gosec:vault: + dir: providers/vault + cmds: + - gosec ./... + gosec:awskms: + dir: providers/awskms + cmds: + - gosec ./... + gosec:trousseau: + dir: trousseau + cmds: + - gosec ./... + golangci: + desc: golangci + cmds: + - task: golangci:proxy + - task: golangci:debug + - task: golangci:vault + - task: golangci:awskms + - task: golangci:trousseau + golangci:proxy: + dir: proxy + cmds: + - golangci-lint run -c ../.golangci.yaml + golangci:debug: + dir: providers/debug + cmds: + - golangci-lint run -c ../../.golangci.yaml + golangci:vault: + dir: providers/vault + cmds: + - golangci-lint run -c ../../.golangci.yaml + golangci:awskms: + dir: providers/awskms + cmds: + - golangci-lint run -c ../../.golangci.yaml + golangci:trousseau: + dir: trousseau + cmds: + - golangci-lint run -c ../.golangci.yaml + unit-tests: + desc: go unit test + cmds: + - task: unit-tests:proxy + - task: unit-tests:debug + - task: unit-tests:vault + - task: unit-tests:awskms + - task: unit-tests:trousseau + unit-tests:proxy: + dir: proxy + cmds: + - go test -coverprofile cover.out -race -timeout 30s ./... + unit-tests:debug: + dir: providers/debug + cmds: + - go test -coverprofile cover.out -race -timeout 30s ./... + unit-tests:vault: + dir: providers/vault + cmds: + - go test -coverprofile cover.out -race -timeout 30s ./... + unit-tests:awskms: + dir: providers/awskms + cmds: + - go test -coverprofile cover.out -race -timeout 30s ./... + unit-tests:trousseau: + dir: trousseau + cmds: + - go test -coverprofile cover.out -race -timeout 30s ./... + run:proxy: + dir: proxy + deps: + - :bin-dir:init + - tidy:proxy + cmds: + - go run main.go --listen-addr unix://../bin/run/proxy.socket --trousseau-addr ../bin/run/trousseau.socket + run:debug: + dir: providers/debug + deps: + - :bin-dir:init + - tidy:debug + cmds: + - go run main.go --listen-addr unix://../../bin/run/debug/debug.socket + run:vault: + dir: providers/vault + deps: + - :bin-dir:init + - tidy:vault + cmds: + - go run -ldflags '-X github.com/ondat/trousseau/pkg/utils.SecretLogDivider=1' main.go --config-file-path ../../tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/vault.yaml --listen-addr unix://../../bin/run/vault/vault.socket --zap-encoder=console --v=5 + run:awskms: + dir: providers/awskms + deps: + - :bin-dir:init + - tidy:awskms + cmds: + - go run -ldflags '-X github.com/ondat/trousseau/pkg/utils.SecretLogDivider=1' main.go --config-file-path ../../tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/awskms.yaml --listen-addr unix://../../bin/run/awskms/awskms.socket --zap-encoder=console --v=5 + run:trousseau: + dir: trousseau + deps: + - :bin-dir:init + - tidy:trousseau + cmds: + - go run -ldflags '-X github.com/ondat/trousseau/pkg/utils.SecretLogDivider=1' main.go {{.ENABLED_PROVIDERS}} --socket-location ../bin/run --listen-addr unix://../bin/run/trousseau.socket --zap-encoder=console --v=5 + e2e-tests: + desc: e2e tests + cmds: + - task: e2e-tests:debug + - task: e2e-tests:vault + - task: e2e-tests:awskms + e2e-tests:vault: + deps: + - :docker:build:proxy + - :docker:build:vault + - :docker:build:trousseau + cmds: + - task: :docker:run:proxy + - task: :docker:run:vault + - ENABLED_PROVIDERS="--enabled-providers vault" task docker:run:trousseau + - task: :cluster:create + - ./bin/kubectl-kuttl test --config tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kuttl.yaml + - task: :cluster:delete + e2e-tests:awskms: + deps: + - :docker:build:proxy + - :docker:build:awskms + - :docker:build:trousseau + cmds: + - task: :docker:run:proxy + - task: :docker:run:awskms + - ENABLED_PROVIDERS="--enabled-providers awskms" task docker:run:trousseau + - task: :cluster:create + - ./bin/kubectl-kuttl test --config tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kuttl.yaml + - task: :cluster:delete + e2e-tests:debug: + deps: + - :docker:build:proxy + - :docker:build:debug + - :docker:build:trousseau + cmds: + - task: :docker:run:proxy + - task: :docker:run:debug + - task: :docker:run:trousseau + - task: :cluster:create + - ./bin/kubectl-kuttl test --config tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kuttl.yaml + - task: :cluster:delete \ No newline at end of file diff --git a/Taskfile.yml b/Taskfile.yml index f10c90d..8f1d21e 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -1,23 +1,16 @@ version: 3 vars: - NOW: - sh: date +'%s' KIND_CLUSTER_NAME: kms-vault KIND_CLUSTER_VERSION: 1.24 - KIND_VERSION: 0.14.0 - GOSEC_VERSION: 2.11.0 - GOLANGCI_VERSION: 1.46.2 - HELM_VERSION: 3.6.3 - VAULT_VERSION: 1.8.1 - KUBECTL_VERSION: 1.21.1 - KUTTL_VERSION: 0.12.1 - HUSKY_VERSION: 0.2.8 - BASE_IMAGE: - sh: '([ -z "$BASE_IMAGE" ] && head -1 Dockerfile | cut -d= -f2) || echo $BASE_IMAGE' ENABLED_PROVIDERS: sh: '([ -z "$ENABLED_PROVIDERS" ] && echo --enabled-providers debug) || echo $ENABLED_PROVIDERS' SCRIPT: scripts/hcvault/archives/testing silent: true +includes: + cluster: .task/cluster.yml + docker: .task/docker.yml + fetch: .task/fetch.yml + go: .task/go.yml tasks: default: cmds: @@ -36,103 +29,6 @@ tasks: - test -d ./bin/run/debug - test -d ./bin/run/vault - test -d ./bin/run/awskms - fetch:all: - desc: fetch all tools - cmds: - - task: fetch:kubectl - - task: fetch:kind - - task: fetch:kuttl - fetch:golangci: - deps: - - bin-dir:init - desc: install golanci - cmds: - - curl -L https://github.com/golangci/golangci-lint/releases/download/v{{.GOLANGCI_VERSION}}/golangci-lint-{{.GOLANGCI_VERSION}}-{{OS}}-{{ARCH}}.tar.gz | tar xvz --one-top-level=golangcitmp - - mv golangcitmp/golangci-lint-{{.GOLANGCI_VERSION}}-{{OS}}-{{ARCH}}/golangci-lint ./bin/golangci-lint - - chmod 755 bin/golangci-lint - - rm -rf golangcitmp - status: - - test -f ./bin/golangci-lint - fetch:gosec: - deps: - - bin-dir:init - desc: install gosec - cmds: - - curl -L https://github.com/securego/gosec/releases/download/v{{.GOSEC_VERSION}}/gosec_{{.GOSEC_VERSION}}_{{OS}}_{{ARCH}}.tar.gz | tar xvz --one-top-level=gosectmp - - mv gosectmp/gosec ./bin/gosec - - chmod 755 bin/gosec - - rm -rf gosectmp - status: - - test -f ./bin/gosec - fetch:kind: - deps: - - bin-dir:init - desc: install kind - cmds: - - curl -L https://github.com/kubernetes-sigs/kind/releases/download/v{{.KIND_VERSION}}/kind-{{OS}}-{{ARCH}} --output ./bin/kind && chmod +x ./bin/kind - status: - - test -f ./bin/kind - fetch:helm: - deps: - - bin-dir:init - desc: install helm - cmds: - - curl -L https://get.helm.sh/helm-v{{.HELM_VERSION}}-{{OS}}-{{ARCH}}.tar.gz | tar xvz -C ./ - - mv {{OS}}-{{ARCH}}/helm ./bin/helm - - chmod 755 bin/helm - - rm -rf {{OS}}-{{ARCH}} - status: - - test -f ./bin/helm - fetch:vault: - desc: install vault - cmds: - - curl "https://releases.hashicorp.com/vault/{{.VAULT_VERSION}}/vault_{{.VAULT_VERSION}}_{{OS}}_{{ARCH}}.zip" -o "vault.zip" - - unzip vault.zip - - mv vault bin/vault - - chmod 755 bin/vault - - rm vault.zip - status: - - test -f bin/vault - fetch:kubectl: - deps: - - bin-dir:init - desc: install kubectl - cmds: - - curl -Lo ./bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v{{.KUBECTL_VERSION}}/bin/{{OS}}/{{ARCH}}/kubectl - - chmod +x ./bin/kubectl - status: - - test -f ./bin/kubectl - fetch:kuttl: - deps: - - bin-dir:init - desc: install kuttl - cmds: - - cd bin ; curl -L https://github.com/kudobuilder/kuttl/releases/download/v{{.KUTTL_VERSION}}/kuttl_{{.KUTTL_VERSION}}_{{OS}}_x86_64.tar.gz | tar -xz kubectl-kuttl - status: - - test -f ./bin/kuttl - fetch:husky: - deps: - - bin-dir:init - desc: install husky - cmds: - - cd bin ; curl -L https://github.com/automation-co/husky/releases/download/v{{.HUSKY_VERSION}}/husky_{{.HUSKY_VERSION}}_{{.CAP_ARCH}}_x86_64.tar.gz | tar -xz husky - - chmod +x ./bin/husky - - ./bin/husky install - vars: - CAP_ARCH: - sh: uname - status: - - test -f ./bin/husky - cluster:create: - desc: create kind cluster - deps: - - cluster:delete - cmds: - - ./bin/kind create cluster --retain --name "{{.KIND_CLUSTER_NAME}}" --wait 2m --config ./tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kind.yaml - cluster:delete: - desc: destroy kind cluster - cmds: - - ./bin/kind delete cluster --name "{{.KIND_CLUSTER_NAME}}" prometheus:deploy: deps: - task: fetch:helm @@ -155,354 +51,6 @@ tasks: desc: open grafana (admin/prom-operator) cmds: - ./bin/kubectl port-forward svc/prometheus-grafana 8300:80 - docker:build: - desc: build docker images - cmds: - - task: docker:build:proxy - - task: docker:build:debug - - task: docker:build:vault - - task: docker:build:awskms - - task: docker:build:trousseau - docker:build:proxy: - cmds: - - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=proxy -t $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION . - status: - - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" - docker:build:debug: - cmds: - - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/debug -t $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION . - status: - - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" - docker:build:vault: - cmds: - - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/vault -t $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION . - status: - - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" - docker:build:awskms: - cmds: - - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=providers/awskms -t $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION . - status: - - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" - docker:build:trousseau: - cmds: - - docker build --label buildtime={{.NOW}} --build-arg BASE_IMAGE={{.BASE_IMAGE}} --build-arg PROJECT=trousseau -t $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION . - status: - - test "{{.NOW}}" == "$(docker inspect $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION --format='{{"{{"}}.Config.Labels.buildtime{{"}}"}}' 2>/dev/null)" - docker:push: - desc: push docker image - cmds: - - task: docker:push:proxy - - task: docker:push:debug - - task: docker:push:vault - - task: docker:push:awskms - - task: docker:push:trousseau - docker:push:proxy: - cmds: - - docker push $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION - docker:push:debug: - cmds: - - docker push $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION - docker:push:vault: - cmds: - - docker push $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION - docker:push:awskms: - cmds: - - docker push $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION - docker:push:trousseau: - cmds: - - docker push $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION - docker:run: - desc: run docker image - cmds: - - task: docker:run:proxy - - task: docker:run:debug - - task: docker:run:vault - - task: docker:run:awskms - - task: docker:run:trousseau - docker:run:proxy: - deps: - - bin-dir:init - cmds: - - docker rm -f trousseau-proxy || true - - docker run -d --name trousseau-proxy --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:proxy-$IMAGE_VERSION - docker:run:debug: - deps: - - bin-dir:init - cmds: - - docker rm -f trousseau-debug || true - - docker run -d --name trousseau-debug --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:debug-$IMAGE_VERSION - docker:run:vault: - deps: - - bin-dir:init - cmds: - - docker rm -f trousseau-local-vault || true - - docker run -d --name=trousseau-local-vault --cap-add=IPC_LOCK -e 'VAULT_DEV_ROOT_TOKEN_ID=vault-kms-demo' vault - - sleep 5 - - docker exec -e VAULT_ADDR=http://127.0.0.1:8200 trousseau-local-vault vault login vault-kms-demo - - docker exec -e VAULT_ADDR=http://127.0.0.1:8200 trousseau-local-vault vault secrets enable transit - - docker rm -f trousseau-vault || true - - docker run -d --name trousseau-vault --rm --network=container:trousseau-local-vault -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/vault.yaml:/etc/config.yaml -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:vault-$IMAGE_VERSION --config-file-path=/etc/config.yaml -v=3 - docker:run:awskms: - deps: - - bin-dir:init - cmds: - - docker rm -f trousseau-local-aws || true - - docker run --name trousseau-local-aws --rm --hostname localhost.localstack.cloud -d -e SERVICES=kms -e HOSTNAME=localhost.localstack.cloud -e HOSTNAME_EXTERNAL=localhost.localstack.cloud -e DEFAULT_REGION=eu-west-1 -e KMS_PROVIDER=kms-local -p 4566:4566 -p 4510-4559:4510-4559 localstack/localstack:0.14.4 - - sleep 5 - - 'printf %"s\n" "endpoint: https://localhost.localstack.cloud:4566" "profile: trousseau-local-aws" "keyArn: $(docker exec trousseau-local-aws awslocal kms create-key | grep Arn | cut -d''"'' -f4)" > tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/awskms.yaml' - - docker rm -f trousseau-awskms || true - - docker run -d --name trousseau-awskms --rm --network=container:trousseau-local-aws -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/aws-credentials.ini:/.aws/credentials -v $PWD/tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/awskms.yaml:/etc/config.yaml -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:awskms-$IMAGE_VERSION --config-file-path=/etc/config.yaml -v=3 - docker:run:trousseau: - deps: - - bin-dir:init - cmds: - - docker rm -f trousseau-core || true - - docker run -d --name trousseau-core --rm -v $PWD/bin/run:/opt/vault-kms $DOCKER_REGISTRY/$IMAGE_NAME:trousseau-$IMAGE_VERSION {{.ENABLED_PROVIDERS}} -v=3 - go:tidy: - desc: go tidy - cmds: - - task: go:tidy:proxy - - task: go:tidy:debug - - task: go:tidy:vault - - task: go:tidy:awskms - - task: go:tidy:trousseau - go:tidy:proxy: - dir: proxy - cmds: - - go mod tidy - go:tidy:debug: - dir: providers/debug - cmds: - - go mod tidy - go:tidy:vault: - dir: providers/vault - cmds: - - go mod tidy - go:tidy:awskms: - dir: providers/awskms - cmds: - - go mod tidy - go:tidy:trousseau: - dir: trousseau - cmds: - - go mod tidy - go:fmt: - desc: go fmt - cmds: - - task: go:fmt:proxy - - task: go:fmt:debug - - task: go:fmt:vault - - task: go:fmt:awskms - - task: go:fmt:trousseau - go:fmt:proxy: - dir: proxy - cmds: - - go fmt ./... - go:fmt:debug: - dir: providers/debug - cmds: - - go fmt ./... - go:fmt:vault: - dir: providers/vault - cmds: - - go fmt ./... - go:fmt:awskms: - dir: providers/awskms - cmds: - - go fmt ./... - go:fmt:trousseau: - dir: trousseau - cmds: - - go fmt ./... - go:vet: - desc: go vet - cmds: - - task: go:vet:proxy - - task: go:vet:debug - - task: go:vet:vault - - task: go:vet:awskms - - task: go:vet:trousseau - go:vet:proxy: - dir: proxy - cmds: - - go vet ./... - go:vet:debug: - dir: providers/debug - cmds: - - go vet ./... - go:vet:vault: - dir: providers/vault - cmds: - - go vet ./... - go:vet:awskms: - dir: providers/awskms - cmds: - - go vet ./... - go:vet:trousseau: - dir: trousseau - cmds: - - go vet ./... - go:gosec: - desc: go gosec - cmds: - - task: go:gosec:proxy - - task: go:gosec:debug - - task: go:gosec:vault - - task: go:gosec:awskms - - task: go:gosec:trousseau - go:gosec:proxy: - dir: proxy - cmds: - - gosec ./... - go:gosec:debug: - dir: providers/debug - cmds: - - gosec ./... - go:gosec:vault: - dir: providers/vault - cmds: - - gosec ./... - go:gosec:awskms: - dir: providers/awskms - cmds: - - gosec ./... - go:gosec:trousseau: - dir: trousseau - cmds: - - gosec ./... - go:golangci: - desc: golangci - cmds: - - task: go:golangci:proxy - - task: go:golangci:debug - - task: go:golangci:vault - - task: go:golangci:awskms - - task: go:golangci:trousseau - go:golangci:proxy: - dir: proxy - cmds: - - golangci-lint run -c ../.golangci.yaml - go:golangci:debug: - dir: providers/debug - cmds: - - golangci-lint run -c ../../.golangci.yaml - go:golangci:vault: - dir: providers/vault - cmds: - - golangci-lint run -c ../../.golangci.yaml - go:golangci:awskms: - dir: providers/awskms - cmds: - - golangci-lint run -c ../../.golangci.yaml - go:golangci:trousseau: - dir: trousseau - cmds: - - golangci-lint run -c ../.golangci.yaml - go:unit-tests: - desc: go unit test - cmds: - - task: go:unit-tests:proxy - - task: go:unit-tests:debug - - task: go:unit-tests:vault - - task: go:unit-tests:awskms - - task: go:unit-tests:trousseau - go:unit-tests:proxy: - dir: proxy - cmds: - - go test -coverprofile cover.out -race -timeout 30s ./... - go:unit-tests:debug: - dir: providers/debug - cmds: - - go test -coverprofile cover.out -race -timeout 30s ./... - go:unit-tests:vault: - dir: providers/vault - cmds: - - go test -coverprofile cover.out -race -timeout 30s ./... - go:unit-tests:awskms: - dir: providers/awskms - cmds: - - go test -coverprofile cover.out -race -timeout 30s ./... - go:unit-tests:trousseau: - dir: trousseau - cmds: - - go test -coverprofile cover.out -race -timeout 30s ./... - go:run:proxy: - dir: proxy - deps: - - bin-dir:init - - go:tidy:proxy - cmds: - - go run main.go --listen-addr unix://../bin/run/proxy.socket --trousseau-addr ../bin/run/trousseau.socket - go:run:debug: - dir: providers/debug - deps: - - bin-dir:init - - go:tidy:debug - cmds: - - go run main.go --listen-addr unix://../../bin/run/debug/debug.socket - go:run:vault: - dir: providers/vault - deps: - - bin-dir:init - - go:tidy:vault - cmds: - - go run -ldflags '-X github.com/ondat/trousseau/pkg/utils.SecretLogDivider=1' main.go --config-file-path ../../tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/vault.yaml --listen-addr unix://../../bin/run/vault/vault.socket --zap-encoder=console --v=5 - go:run:awskms: - dir: providers/awskms - deps: - - bin-dir:init - - go:tidy:awskms - cmds: - - go run -ldflags '-X github.com/ondat/trousseau/pkg/utils.SecretLogDivider=1' main.go --config-file-path ../../tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/awskms.yaml --listen-addr unix://../../bin/run/awskms/awskms.socket --zap-encoder=console --v=5 - go:run:trousseau: - dir: trousseau - deps: - - bin-dir:init - - go:tidy:trousseau - cmds: - - go run -ldflags '-X github.com/ondat/trousseau/pkg/utils.SecretLogDivider=1' main.go {{.ENABLED_PROVIDERS}} --socket-location ../bin/run --listen-addr unix://../bin/run/trousseau.socket --zap-encoder=console --v=5 - go:e2e-tests: - desc: e2e tests - cmds: - - task: go:e2e-tests:debug - - task: go:e2e-tests:vault - - task: go:e2e-tests:awskms - go:e2e-tests:vault: - deps: - - docker:build:proxy - - docker:build:vault - - docker:build:trousseau - cmds: - - task: docker:run:proxy - - task: docker:run:vault - - ENABLED_PROVIDERS="--enabled-providers vault" task docker:run:trousseau - - task: cluster:create - - ./bin/kubectl-kuttl test --config tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kuttl.yaml - - task: cluster:delete - go:e2e-tests:awskms: - deps: - - docker:build:proxy - - docker:build:awskms - - docker:build:trousseau - cmds: - - task: docker:run:proxy - - task: docker:run:awskms - - ENABLED_PROVIDERS="--enabled-providers awskms" task docker:run:trousseau - - task: cluster:create - - ./bin/kubectl-kuttl test --config tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kuttl.yaml - - task: cluster:delete - go:e2e-tests:debug: - deps: - - docker:build:proxy - - docker:build:debug - - docker:build:trousseau - cmds: - - task: docker:run:proxy - - task: docker:run:debug - - task: docker:run:trousseau - - task: cluster:create - - ./bin/kubectl-kuttl test --config tests/e2e/kuttl/kube-v{{.KIND_CLUSTER_VERSION}}/kuttl.yaml - - task: cluster:delete example:load: desc: load demo data cmds: