Merge pull request #96 from mstg/peridot-yumrepofsupdater-1

Yumrepofsupdater now supports updateinfo.xml, and delete works better…

ci/resfdeploy.jsonnet

@@ -274,7 +274,7 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu
       ]),
       [svcVsDr]:
         manifestYamlStream(
-          [kubernetes.define_service(
+          ([kubernetes.define_service(
             metadata {
               name: srv.name,
               annotations: {
@@ -286,8 +286,8 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu
             portName=srv.portName,
             selector=metadata.name,
             env=mappings.get_env_from_svc(srv.name)
-          ) for srv in services] +
-          if istio_mode then [] else [if std.objectHas(srv, 'expose') && srv.expose then kubernetes.define_ingress(
+          ) for srv in services]) +
+          (if istio_mode then [] else [if std.objectHas(srv, 'expose') && srv.expose then kubernetes.define_ingress(
             metadata {
               name: srv.name,
               annotations: ingress_annotations + {
@@ -301,8 +301,8 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu
             host=if helm_mode then '{{ .Values.%s.ingressHost }}' % srv.portName else mappings.get(srv.name, user),
             port=srv.port,
             srvName=srv.name + '-service',
-          ) else null for srv in services] +
-          if !istio_mode then [] else [kubernetes.define_virtual_service(metadata { name: srv.name + '-internal' }, {
+          ) else null for srv in services]) +
+          (if !istio_mode then [] else [kubernetes.define_virtual_service(metadata { name: srv.name + '-internal' }, {
             hosts: [vshost(srv)],
             gateways: [],
             http: [
@@ -318,8 +318,8 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu
                 } + (if std.objectHas(info, 'internal_route_options') then info.internal_route_options else {})],
               },
             ],
-          },) for srv in services] +
-          if !istio_mode then [] else [if std.objectHas(srv, 'expose') && srv.expose then kubernetes.define_virtual_service(
+          },) for srv in services]) +
+          (if !istio_mode then [] else [if std.objectHas(srv, 'expose') && srv.expose then kubernetes.define_virtual_service(
             metadata {
               name: srv.name,
               annotations: {
@@ -343,8 +343,8 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu
                 },
               ],
             }
-          ) else null for srv in services] +
-          if !istio_mode then [] else [{
+          ) else null for srv in services]) +
+          (if !istio_mode then [] else [{
               apiVersion: 'security.istio.io/v1beta1',
               kind: 'RequestAuthentication',
               metadata: metadata {
@@ -364,8 +364,8 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu
                   fromHeaders: [{ name: 'x-goog-iap-jwt-assertion' }],
                 }] else [],
             },
-          } for srv in services] +
-          if !istio_mode then [] else [{
+          } for srv in services]) +
+          (if !istio_mode then [] else [{
             apiVersion: 'security.istio.io/v1beta1',
             kind: 'AuthorizationPolicy',
             metadata: metadata {
@@ -389,8 +389,8 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu
                 }]
               }],
             },
-          } for srv in services] +
-          if !istio_mode then [] else [kubernetes.define_destination_rule(metadata { name: srv.name }, {
+          } for srv in services]) +
+          (if !istio_mode then [] else [kubernetes.define_destination_rule(metadata { name: srv.name }, {
             host: vshost(srv),
             trafficPolicy: {
               tls: {
@@ -406,7 +406,7 @@ local manifestYamlStream = function (value, indent_array_in_object=false, c_docu
                 },
               },
             ],
-          },) for srv in services]
+          },) for srv in services])
         ),
       [if std.objectHas(info, 'custom_job_items') then custom else null]:
         manifestYamlStream(if std.objectHas(info, 'custom_job_items') then info.custom_job_items(metadata, extra_info) else [{}]),

go.mod

@@ -60,9 +60,9 @@ require (
 	k8s.io/apimachinery v0.22.1
 	k8s.io/client-go v0.22.1
 	openapi.peridot.resf.org/peridotopenapi v0.0.0-00010101000000-000000000000
-	peridot.resf.org/apollo/pb v0.0.0-00010101000000-000000000000
 	peridot.resf.org/common v0.0.0-00010101000000-000000000000
 	peridot.resf.org/obsidian/pb v0.0.0-00010101000000-000000000000
+	peridot.resf.org/peridot/admin/pb v0.0.0-00010101000000-000000000000 // indirect
 	peridot.resf.org/peridot/keykeeper/pb v0.0.0-00010101000000-000000000000
 	peridot.resf.org/peridot/pb v0.0.0-00010101000000-000000000000
 	peridot.resf.org/peridot/yumrepofs/pb v0.0.0-00010101000000-000000000000
@@ -76,12 +76,12 @@ replace (
 
 // sync-replace-start
 replace (
-	peridot.resf.org/apollo/pb => ./bazel-bin/apollo/proto/v1/apollopb_go_proto_/peridot.resf.org/apollo/pb
 	bazel.build/protobuf => ./bazel-bin/build/bazel/protobuf/bazelbuild_go_proto_/bazel.build/protobuf
 	bazel.build/remote/execution/v2 => ./bazel-bin/build/bazel/remote/execution/v2/remoteexecution_go_proto_/bazel.build/remote/execution/v2
 	bazel.build/semver => ./bazel-bin/build/bazel/semver/semver_go_proto_/bazel.build/semver
 	peridot.resf.org/obsidian/pb => ./bazel-bin/obsidian/proto/v1/obsidianpb_go_proto_/peridot.resf.org/obsidian/pb
 	peridot.resf.org/peridot/pb => ./bazel-bin/peridot/proto/v1/peridotpb_go_proto_/peridot.resf.org/peridot/pb
+	peridot.resf.org/peridot/admin/pb => ./bazel-bin/peridot/proto/v1/admin/adminpb_go_proto_/peridot.resf.org/peridot/admin/pb
 	peridot.resf.org/peridot/keykeeper/pb => ./bazel-bin/peridot/proto/v1/keykeeper/keykeeperpb_go_proto_/peridot.resf.org/peridot/keykeeper/pb
 	peridot.resf.org/peridot/yumrepofs/pb => ./bazel-bin/peridot/proto/v1/yumrepofs/yumrepofspb_go_proto_/peridot.resf.org/peridot/yumrepofs/pb
 	peridot.resf.org/common => ./bazel-bin/proto/commonpb_go_proto_/peridot.resf.org/common

hack/push_peridot

@@ -46,3 +46,7 @@ targets=(
 for target in "${targets[@]}"; do
   br "$target" amd64
 done
+
+for target in "${targets[@]}"; do
+  GIT_COMMIT="$(git rev-parse HEAD)-arm64" br "$target" arm64
+done

hydra/pkg/hydra/autosignup.mjs

@@ -36,35 +36,43 @@
 import {
   svcNameHttp,
   endpointHttp,
-  NS,
   envOverridable,
+  NS,
 } from '../../../common/frontend_server/upstream.mjs';
 import pkg from '@ory/hydra-client';
-import os from 'os';
 
-const { Configuration, PublicApi, AdminApi } = pkg;
+const { Configuration, OidcApi, OAuth2Api } = pkg;
 
 export function hydraPublicUrl() {
   return envOverridable('hydra_public', 'http', () => {
+    if (!process.env['RESF_ENV']) {
+      if (process.env['HYDRA_PUBLIC_URL']) {
+        return process.env['HYDRA_PUBLIC_URL'];
+      }
+      return 'https://hdr-dev.internal.rdev.ciq.localhost';
+    }
     const svc = svcNameHttp('hydra-public');
     return endpointHttp(svc, NS('hydra-public'), ':4444');
   });
 }
 
 function hydraAdminUrl() {
   return envOverridable('hydra_admin', 'http', () => {
+    if (!process.env['RESF_ENV']) {
+      return 'https://hdr-admin-dev.internal.rdev.ciq.localhost';
+    }
     const svc = svcNameHttp('hydra-admin');
     return endpointHttp(svc, NS('hydra-admin'), ':4445');
   });
 }
 
-const hydraAdmin = new AdminApi(
+const hydraAdmin = new OAuth2Api(
   new Configuration({
     basePath: hydraAdminUrl(),
   })
 );
 
-export const hydraPublic = new PublicApi(
+export const hydraPublic = new OidcApi(
   new Configuration({
     basePath: hydraPublicUrl(),
   })
@@ -85,6 +93,16 @@ function secret() {
 }
 
 export async function hydraAutoSignup(req) {
+  const envNameClientID = `${req.client.toUpperCase()}_CLIENT_ID`;
+  const envNameClientSecret = `${req.client.toUpperCase()}_CLIENT_SECRET`;
+
+  if (process.env[envNameClientID] && process.env[envNameClientSecret]) {
+    return {
+      clientID: process.env[envNameClientID],
+      secret: process.env[envNameClientSecret],
+    };
+  }
+
   let ns = process.env['RESF_NS'];
   if (!ns || ns === '') {
     ns = 'dev';
@@ -96,35 +114,32 @@ export async function hydraAutoSignup(req) {
   }
   const clientModel = {
     client_name: name,
-    client_id: serviceName,
     scope: req.scopes,
     client_secret: secret(),
     redirect_uris: null,
     grant_types: ['authorization_code', 'refresh_token'],
+    owner: serviceName,
   };
   if (req.frontend) {
     clientModel.redirect_uris = [req.redirectUri];
     clientModel.post_logout_redirect_uris = [req.postLogoutRedirectUri];
   }
 
   const ret = {
-    clientID: serviceName,
     secret: secret(),
   };
 
-  try {
-    await hydraAdmin.getOAuth2Client(serviceName);
-    try {
-      console.log(`Updated client ${name}`);
-      await hydraAdmin.updateOAuth2Client(serviceName, clientModel);
-    } catch (e) {
-      // noinspection ExceptionCaughtLocallyJS
-      throw e;
-    }
-  } catch (e) {
-    console.log(`Created client ${name}`);
-    await hydraAdmin.createOAuth2Client(clientModel);
+  const resp = await hydraAdmin.listOAuth2Clients(undefined, undefined, undefined, serviceName);
+
+  let client;
+  if (resp.data.length <= 0) {
+    client = await hydraAdmin.createOAuth2Client(clientModel);
+  } else {
+    client = resp.data[0];
+    await hydraAdmin.setOAuth2Client(client.client_id, clientModel);
   }
+  ret.clientID = client.client_id;
 
   return ret;
 }
+

package.json

@@ -34,7 +34,7 @@
     "@mui/styles": "^5.2.3",
     "@mui/system": "^5.10.6",
     "@mui/x-data-grid": "^5.2.0",
-    "@ory/hydra-client": "^1.10.6",
+    "@ory/hydra-client": "^2.0.2",
     "@pmmmwh/react-refresh-webpack-plugin": "^0.5.1",
     "@tailwindcss/forms": "^0.5.3",
     "@types/classnames": "^2.2.11",

peridot/admin/v1/BUILD.bazel

@@ -0,0 +1,26 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "admin",
+    srcs = [
+        "server.go",
+        "updateinfo.go",
+    ],
+    importpath = "peridot.resf.org/peridot/admin/v1",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//peridot/builder/v1:builder",
+        "//peridot/db",
+        "//peridot/impl/v1:impl",
+        "//peridot/proto/v1:pb",
+        "//peridot/proto/v1/admin:pb",
+        "//proto:common",
+        "//utils",
+        "//vendor/github.com/sirupsen/logrus",
+        "//vendor/go.temporal.io/sdk/client",
+        "@org_golang_google_grpc//:go_default_library",
+        "@org_golang_google_grpc//codes",
+        "@org_golang_google_grpc//credentials/insecure",
+        "@org_golang_google_grpc//status",
+    ],
+)

peridot/admin/v1/server.go

@@ -0,0 +1,120 @@
+// Copyright (c) All respective contributors to the Peridot Project. All rights reserved.
+// Copyright (c) 2021-2022 Rocky Enterprise Software Foundation, Inc. All rights reserved.
+// Copyright (c) 2021-2022 Ctrl IQ, Inc. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+// POSSIBILITY OF SUCH DAMAGE.
+
+package peridotadminv1
+
+import (
+	"context"
+	"github.com/sirupsen/logrus"
+	"go.temporal.io/sdk/client"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+	commonpb "peridot.resf.org/common"
+	peridotadminpb "peridot.resf.org/peridot/admin/pb"
+	builderv1 "peridot.resf.org/peridot/builder/v1"
+	peridotdb "peridot.resf.org/peridot/db"
+	peridotimplv1 "peridot.resf.org/peridot/impl/v1"
+	"peridot.resf.org/utils"
+)
+
+type Server struct {
+	peridotadminpb.UnimplementedPeridotAdminServiceServer
+
+	log            *logrus.Logger
+	db             peridotdb.Access
+	temporal       client.Client
+	temporalWorker *builderv1.Worker
+}
+
+var adminUser = &utils.ContextUser{
+	ID:        "peridot-errata",
+	AuthToken: "",
+	Name:      "Peridot Errata",
+	Email:     "[email protected]",
+}
+
+func NewServer(db peridotdb.Access, c client.Client) (*Server, error) {
+	temporalWorker, err := builderv1.NewWorker(db, c, peridotimplv1.MainTaskQueue, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Server{
+		log:            logrus.New(),
+		db:             db,
+		temporal:       c,
+		temporalWorker: temporalWorker,
+	}, nil
+}
+
+func (s *Server) interceptor(ctx context.Context, req interface{}, usi *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+	n := utils.EndInterceptor
+
+	return n(ctx, req, usi, handler)
+}
+
+func (s *Server) serverInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+	n := utils.ServerEndInterceptor
+
+	return n(srv, ss, info, handler)
+}
+
+func (s *Server) Run() {
+	res := utils.NewGRPCServer(
+		&utils.GRPCOptions{
+			DialOptions: []grpc.DialOption{
+				grpc.WithTransportCredentials(insecure.NewCredentials()),
+			},
+			Interceptor:       s.interceptor,
+			ServerInterceptor: s.serverInterceptor,
+		},
+		func(r *utils.Register) {
+			endpoints := []utils.GrpcEndpointRegister{
+				commonpb.RegisterHealthCheckServiceHandlerFromEndpoint,
+				peridotadminpb.RegisterPeridotAdminServiceHandlerFromEndpoint,
+			}
+
+			for _, endpoint := range endpoints {
+				err := endpoint(r.Context, r.Mux, r.Endpoint, r.Options)
+				if err != nil {
+					s.log.Fatalf("could not register handler - %v", err)
+				}
+			}
+		},
+		func(r *utils.RegisterServer) {
+			commonpb.RegisterHealthCheckServiceServer(r.Server, &utils.HealthServer{})
+
+			peridotadminpb.RegisterPeridotAdminServiceServer(r.Server, s)
+		},
+	)
+
+	defer res.Cancel()
+	res.WaitGroup.Wait()
+}