feat: template lagoon-env secret

uselagoon · Nov 25, 2024 · 089d6c4 · 089d6c4
1 parent cd2ad13
commit 089d6c4
Show file tree

Hide file tree

Showing 102 changed files with 735 additions and 113 deletions.
diff --git a/cmd/template_lagoonenv.go b/cmd/template_lagoonenv.go
@@ -28,22 +28,35 @@ var lagoonEnvGeneration = &cobra.Command{
 		if err != nil {
 			return fmt.Errorf("error reading routes flag: %v", err)
 		}
+		secretName, err := cmd.Flags().GetString("secret-name")
+		if err != nil {
+			return fmt.Errorf("error reading secret-name flag: %v", err)
+		}
 		dbaasCreds, err := rootCmd.PersistentFlags().GetString("dbaas-creds")
 		if err != nil {
-			return fmt.Errorf("error reading images flag: %v", err)
+			return fmt.Errorf("error reading dbaas creds flag: %v", err)
+		}
+		configMapVars, err := cmd.Flags().GetString("configmap-vars")
+		if err != nil {
+			return fmt.Errorf("error reading configmap variables flag: %v", err)
 		}
 		dbaasCredRefs, err := loadCredsFromFile(dbaasCreds)
 		if err != nil {
 			return err
 		}
+		cmVars := map[string]string{}
+		if err := json.Unmarshal([]byte(configMapVars), &cmVars); err != nil {
+			return fmt.Errorf("error unmarshalling lagoon-env configmap variables payload: %v", err)
+		}
+		generator.ConfigMapVars = cmVars
 		dbCreds := map[string]string{}
 		for _, v := range *dbaasCredRefs {
 			for k, v1 := range v {
 				dbCreds[k] = v1
 			}
 		}
 		generator.DBaaSVariables = dbCreds
-		return LagoonEnvTemplateGeneration(generator, routes)
+		return LagoonEnvTemplateGeneration(secretName, generator, routes)
 	},
 }
 
@@ -54,13 +67,14 @@ func loadCredsFromFile(file string) (*DBaaSCredRefs, error) {
 		return nil, fmt.Errorf("couldn't read file %v: %v", file, err)
 	}
 	if err := json.Unmarshal(dbaasCredJSON, dbaasCredRefs); err != nil {
-		return nil, fmt.Errorf("error unmarshalling images payload: %v", err)
+		return nil, fmt.Errorf("error unmarshalling dbaas creds payload: %v", err)
 	}
 	return dbaasCredRefs, nil
 }
 
 // LagoonEnvTemplateGeneration .
 func LagoonEnvTemplateGeneration(
+	name string,
 	g generator.GeneratorInput,
 	routes string,
 ) error {
@@ -79,7 +93,7 @@ func LagoonEnvTemplateGeneration(
 	if routes != "" {
 		lagoonBuild.BuildValues.Routes = strings.Split(routes, ",")
 	}
-	cm, err := lagoonenv.GenerateLagoonEnvSecret(*lagoonBuild.BuildValues)
+	cm, err := lagoonenv.GenerateLagoonEnvSecret(name, *lagoonBuild.BuildValues)
 	if err != nil {
 		return fmt.Errorf("couldn't generate template: %v", err)
 	}
@@ -89,9 +103,9 @@ func LagoonEnvTemplateGeneration(
 	}
 	if len(cmBytes) > 0 {
 		if g.Debug {
-			fmt.Printf("Templating lagoon-env secret %s\n", fmt.Sprintf("%s/%s.yaml", savedTemplates, "lagoon-env-secret"))
+			fmt.Printf("Templating lagoon-env secret %s\n", fmt.Sprintf("%s/%s-secret.yaml", savedTemplates, name))
 		}
-		helpers.WriteTemplateFile(fmt.Sprintf("%s/%s.yaml", savedTemplates, "lagoon-env-secret"), cmBytes)
+		helpers.WriteTemplateFile(fmt.Sprintf("%s/%s-secret.yaml", savedTemplates, name), cmBytes)
 	}
 	return nil
 }
@@ -100,4 +114,8 @@ func init() {
 	templateCmd.AddCommand(lagoonEnvGeneration)
 	lagoonEnvGeneration.Flags().StringP("routes", "R", "",
 		"The routes from the environment")
+	lagoonEnvGeneration.Flags().StringP("secret-name", "S", "",
+		"The name of the secret")
+	lagoonEnvGeneration.Flags().StringP("configmap-vars", "N", "",
+		"Any variables from the legacy configmap that need to be retained")
 }
diff --git a/cmd/template_lagoonenv_test.go b/cmd/template_lagoonenv_test.go
@@ -15,16 +15,19 @@ import (
 
 func TestLagoonEnvTemplateGeneration(t *testing.T) {
 	tests := []struct {
-		name         string
-		description  string
-		args         testdata.TestData
-		templatePath string
-		want         string
-		dbaasCreds   string
-		vars         []helpers.EnvironmentVariable
+		name          string
+		description   string
+		secretName    string
+		args          testdata.TestData
+		configMapVars map[string]string
+		templatePath  string
+		want          string
+		dbaasCreds    string
+		vars          []helpers.EnvironmentVariable
 	}{
 		{
-			name: "test1 basic deployment",
+			name:        "test-basic-deployment-lagoon-env",
+			description: "a basic deployment lagoon-env secret",
 			args: testdata.GetSeedData(
 				testdata.TestData{
 					ProjectName:     "example-project",
@@ -77,10 +80,12 @@ func TestLagoonEnvTemplateGeneration(t *testing.T) {
 					},
 				}, true),
 			templatePath: "testoutput",
-			want:         "internal/testdata/basic/secret-templates/lagoonenv1",
+			secretName:   "lagoon-env",
+			want:         "internal/testdata/basic/secret-templates/test-basic-deployment-lagoon-env",
 		},
 		{
-			name: "test1 basic deployment with mariadb creds",
+			name:        "test-basic-deployment-mariadbcreds-lagoon-env",
+			description: "test a basic deployment with mariadb creds",
 			args: testdata.GetSeedData(
 				testdata.TestData{
 					ProjectName:     "example-project",
@@ -132,9 +137,141 @@ func TestLagoonEnvTemplateGeneration(t *testing.T) {
 						},
 					},
 				}, true),
-			dbaasCreds:   "internal/testdata/basic/lagoonenv2-creds.json",
+			dbaasCreds:   "internal/testdata/basic/basic-mariadb-creds.json",
 			templatePath: "testoutput",
-			want:         "internal/testdata/basic/secret-templates/lagoonenv2",
+			secretName:   "lagoon-env",
+			want:         "internal/testdata/basic/secret-templates/test-basic-deployment-mariadbcreds-lagoon-env",
+		},
+		{
+			name:        "lagoon-env-with-configmap-vars",
+			description: "test generating a lagoon-env secret when an existing configmap exists with variables that aren't in the api",
+			args: testdata.GetSeedData(
+				testdata.TestData{
+					ProjectName:     "example-project",
+					EnvironmentName: "main",
+					Branch:          "main",
+					LagoonYAML:      "internal/testdata/basic/lagoon.yml",
+					ProjectVariables: []lagoon.EnvironmentVariable{
+						{
+							Name:  "MY_SPECIAL_VARIABLE1",
+							Value: "myspecialvariable1",
+							Scope: "global",
+						},
+						{
+							Name:  "MY_SPECIAL_VARIABLE2",
+							Value: "myspecialvariable2",
+							Scope: "runtime",
+						},
+						{
+							Name:  "MY_SPECIAL_VARIABLE3",
+							Value: "myspecialvariable3",
+							Scope: "build",
+						},
+						{
+							Name:  "MY_SPECIAL_VARIABLE",
+							Value: "myspecialvariable",
+							Scope: "global",
+						},
+						{
+							Name:  "LAGOON_SYSTEM_CORE_VERSION",
+							Value: "v2.19.0",
+							Scope: "internal_system",
+						},
+						{
+							Name:  "REGISTRY_PASSWORD",
+							Value: "myenvvarregistrypassword",
+							Scope: "container_registry",
+						},
+					},
+					EnvVariables: []lagoon.EnvironmentVariable{
+						{
+							Name:  "MY_SPECIAL_VARIABLE2",
+							Value: "myspecialvariable2-env-override",
+							Scope: "global",
+						},
+						{
+							Name:  "MY_SPECIAL_VARIABLE4",
+							Value: "myspecialvariable4",
+							Scope: "runtime",
+						},
+					},
+				}, true),
+			configMapVars: map[string]string{
+				"MY_SPECIAL_VARIABLE":  "myspecialvariable",
+				"MY_SPECIAL_VARIABLE1": "myspecialvariable1",
+				"MY_SPECIAL_VARIABLE2": "myspecialvariable2",
+				"MY_SPECIAL_VARIABLE3": "myspecialvariable3",
+				"MY_SPECIAL_VARIABLE4": "myspecialvariable4",
+			},
+			templatePath: "testoutput",
+			secretName:   "lagoon-env",
+			want:         "internal/testdata/basic/secret-templates/lagoon-env-with-configmap-vars",
+		},
+		{
+			name: "lagoon-platform-env-with-configmap-vars",
+			description: `test generating a lagoon-platform-env secret when an existing configmap exists with variables that aren't in the api. 
+			same as lagoon-env-with-configmap-vars, just the the variables not in the API at the time of creation`,
+			args: testdata.GetSeedData(
+				testdata.TestData{
+					ProjectName:     "example-project",
+					EnvironmentName: "main",
+					Branch:          "main",
+					LagoonYAML:      "internal/testdata/basic/lagoon.yml",
+					ProjectVariables: []lagoon.EnvironmentVariable{
+						{
+							Name:  "MY_SPECIAL_VARIABLE1",
+							Value: "myspecialvariable1",
+							Scope: "global",
+						},
+						{
+							Name:  "MY_SPECIAL_VARIABLE2",
+							Value: "myspecialvariable2",
+							Scope: "runtime",
+						},
+						{
+							Name:  "MY_SPECIAL_VARIABLE3",
+							Value: "myspecialvariable3",
+							Scope: "build",
+						},
+						{
+							Name:  "MY_SPECIAL_VARIABLE",
+							Value: "myspecialvariable",
+							Scope: "global",
+						},
+						{
+							Name:  "LAGOON_SYSTEM_CORE_VERSION",
+							Value: "v2.19.0",
+							Scope: "internal_system",
+						},
+						{
+							Name:  "REGISTRY_PASSWORD",
+							Value: "myenvvarregistrypassword",
+							Scope: "container_registry",
+						},
+					},
+					EnvVariables: []lagoon.EnvironmentVariable{
+						{
+							Name:  "MY_SPECIAL_VARIABLE2",
+							Value: "myspecialvariable2-env-override",
+							Scope: "global",
+						},
+						{
+							Name:  "MY_SPECIAL_VARIABLE4",
+							Value: "myspecialvariable4",
+							Scope: "runtime",
+						},
+					},
+				}, true),
+			configMapVars: map[string]string{
+				"MY_SPECIAL_VARIABLE":  "myspecialvariable",
+				"MY_SPECIAL_VARIABLE1": "myspecialvariable1",
+				"MY_SPECIAL_VARIABLE2": "myspecialvariable2",
+				"MY_SPECIAL_VARIABLE3": "myspecialvariable3",
+				"MY_SPECIAL_VARIABLE4": "myspecialvariable4",
+			},
+			templatePath: "testoutput",
+			secretName:   "lagoon-platform-env",
+			want:         "internal/testdata/basic/secret-templates/lagoon-platform-env-with-configmap-vars",
 		},
 	}
 	for _, tt := range tests {
@@ -180,7 +317,8 @@ func TestLagoonEnvTemplateGeneration(t *testing.T) {
 				}
 				generator.DBaaSVariables = dbCreds
 			}
-			err = LagoonEnvTemplateGeneration(generator, "")
+			generator.ConfigMapVars = tt.configMapVars
+			err = LagoonEnvTemplateGeneration(tt.secretName, generator, "")
 			if err != nil {
 				t.Errorf("%v", err)
 			}

diff --git a/internal/generator/buildvalues.go b/internal/generator/buildvalues.go
@@ -88,7 +88,8 @@ type BuildValues struct {
 	ConfigTokenPort               string                       `json:"configTokenPort"`
 	ConfigSSHHost                 string                       `json:"configSSHHost"`
 	ConfigSSHPort                 string                       `json:"configSSHPort"`
-	DBaaSVariables                map[string]string            `json:"dbaasVariables" description:"map of variables provided by dbaas consumers"`
+	LagoonEnvVariables            map[string]string            `json:"lagoonEnvVariables" description:"map of variables that will be saved into the lagoon-env secret"`
+	LagoonPlatformEnvVariables    map[string]string            `json:"agoonPlatformEnvVariables" description:"map of variables that will be saved into the lagoon-platform-env secret"`
 }
 
 type Resources struct {

diff --git a/internal/generator/generator.go b/internal/generator/generator.go
@@ -71,6 +71,7 @@ type GeneratorInput struct {
 	ConfigSSHHost              string
 	ConfigSSHPort              string
 	DBaaSVariables             map[string]string
+	ConfigMapVars              map[string]string
 }
 
 func NewGenerator(
@@ -120,7 +121,7 @@ func NewGenerator(
 	buildValues.IsCI = helpers.GetEnvBool("CI", generator.CI, generator.Debug)
 
 	// add dbaas credentials to build values for injection into configmap
-	buildValues.DBaaSVariables = generator.DBaaSVariables
+	buildValues.LagoonPlatformEnvVariables = generator.ConfigMapVars
 
 	// set the lagoon config variables
 	buildValues.ConfigAPIHost = helpers.GetEnv("LAGOON_CONFIG_API_HOST", generator.ConfigAPIHost, generator.Debug)
@@ -482,6 +483,27 @@ func NewGenerator(
 	// this will later be used to add `runtime|global` scope into the `lagoon-env` configmap
 	buildValues.EnvironmentVariables = lagoon.MergeVariables(buildValues.EnvironmentVariables, configVars)
 
+	// work out the variables to use in the lagoon-env secret
+	lagoonEnv := map[string]string{}
+	for _, v := range buildValues.EnvironmentVariables {
+		if v.Scope == "global" || v.Scope == "runtime" {
+			lagoonEnv[v.Name] = v.Value
+		}
+	}
+	// add dbaas variables to lagoon-env
+	for k, v := range generator.DBaaSVariables {
+		lagoonEnv[k] = v
+	}
+	buildValues.LagoonEnvVariables = lagoonEnv
+	// filter out variables that exist in the lagoon-env secret from the platform-env secret
+	for ck := range buildValues.LagoonEnvVariables {
+		for k := range buildValues.LagoonPlatformEnvVariables {
+			if k == ck {
+				delete(buildValues.LagoonPlatformEnvVariables, k)
+			}
+		}
+	}
+
 	// finally return the generator values, this should be a mostly complete version of the resulting data needed for a build
 	// another step will collect the current or known state of a build.
 	// the output of the generator and the output of that state collector will eventually replace a lot of the legacy BASH script

diff --git a/internal/templating/lagoonenv/template_secret.go b/internal/templating/lagoonenv/template_secret.go
@@ -8,14 +8,15 @@ import (
 
 // GenerateLagoonEnvSecret generates the lagoon template to apply.
 func GenerateLagoonEnvSecret(
+	name string,
 	buildValues generator.BuildValues,
 ) (corev1.Secret, error) {
 
 	// add the default labels
 	labels := map[string]string{
 		"app.kubernetes.io/managed-by": "build-deploy-tool",
-		"app.kubernetes.io/instance":   "lagoon-env",
-		"app.kubernetes.io/name":       "lagoon-env",
+		"app.kubernetes.io/instance":   name,
+		"app.kubernetes.io/name":       name,
 		"lagoon.sh/template":           "lagoon-env-0.1.0",
 		"lagoon.sh/project":            buildValues.Project,
 		"lagoon.sh/environment":        buildValues.Environment,
@@ -35,31 +36,23 @@ func GenerateLagoonEnvSecret(
 		annotations["lagoon.sh/prBaseBranch"] = buildValues.PRBaseBranch
 	}
 
-	variables := map[string]string{}
-
-	// add variables from the project/environment/build created variables
-	for _, v := range buildValues.EnvironmentVariables {
-		if v.Scope == "global" || v.Scope == "runtime" {
-			variables[v.Name] = v.Value
-		}
-	}
-
-	// add dbaas variables to lagoon-env
-	for k, v := range buildValues.DBaaSVariables {
-		variables[k] = v
-	}
-
 	lagoonEnv := corev1.Secret{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "Secret",
 			APIVersion: corev1.SchemeGroupVersion.Version,
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name:        "lagoon-env",
+			Name:        name,
 			Labels:      labels,
 			Annotations: annotations,
 		},
-		StringData: variables,
+	}
+	// pick which values to save into the secret based on the name
+	switch name {
+	case "lagoon-platform-env":
+		lagoonEnv.StringData = buildValues.LagoonPlatformEnvVariables
+	default:
+		lagoonEnv.StringData = buildValues.LagoonEnvVariables
 	}
 
 	return lagoonEnv, nil