fix: renames dev et prod (#63)

SocialGouv · Jul 26, 2021 · 9d06a01 · 9d06a01
1 parent bd91bb2
commit 9d06a01
Show file tree

Hide file tree

Showing 11 changed files with 20 additions and 60 deletions.
diff --git a/README.md b/README.md
@@ -1,11 +1,11 @@
 # sre-tools
 
-To use `sre-seal` and `sre-secrets`, you'll need `kubectl` configured with existing `dev2` and `prod2` contexts. [kubeseal](https://github.com/bitnami-labs/sealed-secrets) is also required for generating secrets.
+To use `sre-seal` and `sre-secrets`, you'll need `kubectl` configured with existing `dev` and `prod` contexts. [kubeseal](https://github.com/bitnami-labs/sealed-secrets) is also required for generating secrets.
 
 | Tool                                               | Usage                                   |
 | -------------------------------------------------- | --------------------------------------- |
 | [sre-seal](./packages/sre-seal)                    | Seal single k8s secrets                 |
 | [sre-secrets](./packages/sre-secrets)              | Create all sealed secrets files at once |
 | [azure-db](./packages/azure-db)                    | Create/Drop databases and users         |
 | [k8strip](./packages/k8strip)                      | Strip sensitive data from k8s manifests |
-| [WebSeal](https://socialgouv.github.io/sre-tools/) | Online sealed-secrets generator |
+| [WebSeal](https://socialgouv.github.io/sre-tools/) | Online sealed-secrets generator         |
diff --git a/packages/azure-db/README.md b/packages/azure-db/README.md
@@ -17,7 +17,7 @@ Commands:
   azure-db drop-autodevops-dbs   destroy all generated databases
 
 Options:
-  --cluster      k8s cluster               [required] [choices: "prod2", "dev2"]
+  --cluster      k8s cluster               [required] [choices: "prod", "dev"]
   --application  gitlab application name                              [required]
   --database     database name
   --user         user name
@@ -32,7 +32,7 @@ Options:
 azure-db create --application sample-next-app
 
 # Create a database in PROD
-azure-db create --cluster prod2 --application sample-next-app --database demo42 --user demo42
+azure-db create --cluster prod --application sample-next-app --database demo42 --user demo42
 
 # Destroy a database in DEV
 azure-db drop --application sample-next-app --database demo42 --user demo42

diff --git a/packages/azure-db/bin/index.js b/packages/azure-db/bin/index.js
@@ -23,8 +23,8 @@ const getDetaultYargs = () =>
   yargs
     .nargs("cluster", 1)
     .describe("cluster", "k8s cluster")
-    .choices("cluster", ["prod2", "dev2"])
-    .default("cluster", "dev2")
+    .choices("cluster", ["prod", "dev"])
+    .default("cluster", "dev")
     .nargs("application", 1)
     .describe("application", "gitlab application name")
     .nargs("database", 1)
@@ -66,10 +66,10 @@ const args = yargs
         "You must provide a valid command : create, drop or drop-autodevops-dbs"
       );
     }
-    if (argv._[0] === "drop" && argv.cluster === "prod2") {
+    if (argv._[0] === "drop" && argv.cluster === "prod") {
       throw new Error("One cannot drop PROD databases :)");
     }
-    if (argv._[0] === "drop-autodevops-dbs" && argv.cluster === "prod2") {
+    if (argv._[0] === "drop-autodevops-dbs" && argv.cluster === "prod") {
       throw new Error("One cannot drop PROD databases :)");
     }
     return true;
@@ -92,7 +92,7 @@ const run = async () => {
     });
     const dbHost = getPgServerHostname(
       argv.pgName || argv.application,
-      argv.cluster === "prod2" ? "prod" : "dev"
+      argv.cluster === "prod" ? "prod" : "dev"
     );
     console.log(
       `Created create-db job in namespace ${namespace} on cluster ${argv.cluster}`

diff --git a/packages/sre-seal/README.md b/packages/sre-seal/README.md
@@ -12,7 +12,7 @@ Usage: sre-seal [options] <KEY=someSecretMessage>
 Options:
   --namespace  k8s namespace (optional in dev)                   [default: null]
   --name       k8s secret name (optional in dev)   [default: "some-secret-name"]
-  --context    k8s context                                     [default: "dev2"]
+  --context    k8s context                                     [default: "dev"]
   --from       path to existing seal file
 ```
 
@@ -26,7 +26,7 @@ cat values.yml | sre-seal > sealed.yml
 echo "PASSWORD=pouet" | sre-seal > sealed.yml
 
 # Prod secrets have mandatories namespace and secret name
-cat values.yml | sre-seal --context prod2 --namespace project --name secret-name > sealed.yml
+cat values.yml | sre-seal --context prod --namespace project --name secret-name > sealed.yml
 
 # Add new secret to some existing secret file with `--from`
 echo "PASSWORD=pouet" | sre-seal --from current-seal.yml > sealed.yml
@@ -42,7 +42,7 @@ const { cryptFromSecrets } = require("@socialgouv/sre-seal");
 cryptFromSecrets({
   name: "some-secret-name",
   //namespace: "cdtn-admin",
-  context: "dev2", // or prod2 with namespace
+  context: "dev", // or prod with namespace
   secrets: {
     PGRST_JWT_SECRET: "FyH2ETW8zulPobZ9j6wr3jWM5OtsK2zR84NLBIb0",
     KIKOO: "Bjd9ddeR84NLBIb0",

diff --git a/packages/sre-seal/bin/index.js b/packages/sre-seal/bin/index.js
@@ -36,14 +36,14 @@ const args = yargs
   // context
   .nargs("context", 1)
   .describe("context", "k8s context")
-  .default("context", "dev2")
+  .default("context", "dev")
   // use existing seal file
   .nargs("from", 1)
   .describe("from", "path to existing seal file")
   // checks
   .check((argv, options) => {
-    if (argv.context === "prod2" && (!argv.namespace || !argv.name)) {
-      throw new Error("--name and --namespace are mandatory for prod2");
+    if (argv.context === "prod" && (!argv.namespace || !argv.name)) {
+      throw new Error("--name and --namespace are mandatory for prod");
       return false;
     }
     if (argv._ && argv._.length === 0) {

diff --git a/packages/sre-seal/src/crypt.js b/packages/sre-seal/src/crypt.js
@@ -3,14 +3,14 @@ const execa = require("execa");
 const flatify = (arr) => arr.flatMap((a, c) => a);
 
 const sealedSecretsUrls = {
-  prod2: "https://kubeseal.prod2.fabrique.social.gouv.fr/v1/cert.pem",
-  dev2: "https://kubeseal.dev2.fabrique.social.gouv.fr/v1/cert.pem",
+  prod: "https://kubeseal.prod2.fabrique.social.gouv.fr/v1/cert.pem",
+  dev: "https://kubeseal.dev2.fabrique.social.gouv.fr/v1/cert.pem",
 };
 
 // build kubeseal args and execute kubeseal
 const crypt = async ({ context, namespace, name, input }) => {
   const args = [["--raw", "--context", context]];
-  if (context === "prod2") {
+  if (context === "prod") {
     args.push(["--name", name]);
     args.push(["--namespace", namespace]);
   } else {

diff --git a/packages/sre-seal/src/cryptFromSecrets.js b/packages/sre-seal/src/cryptFromSecrets.js
@@ -17,7 +17,7 @@ const cryptFromSecrets = ({ context, namespace, name, secrets }) =>
       }).then((value) => ({ key, value }))
     )
   ).then((encrypteds) => {
-    const annotations = context === "prod2" ? {} : clusterWideAnnotations;
+    const annotations = context === "prod" ? {} : clusterWideAnnotations;
     return createSealedSecret({
       namespace,
       name,

diff --git a/packages/sre-secrets/__tests__/__snapshots__/index.ts.snap b/packages/sre-secrets/__tests__/__snapshots__/index.ts.snap
@@ -29,35 +29,6 @@ Object {
 }
 `;
 
-exports[`Test sealed secrets generation Check preprod snapshot 1`] = `
-Object {
-  "apiVersion": "bitnami.com/v1alpha1",
-  "kind": "SealedSecret",
-  "metadata": Object {
-    "annotations": Object {
-      "sealedsecrets.bitnami.com/cluster-wide": "true",
-    },
-    "name": "app-sealed-secret",
-    "namespace": "my-app-namespace",
-  },
-  "spec": Object {
-    "encryptedData": Object {
-      "tata": Any<String>,
-      "toto": Any<String>,
-    },
-    "template": Object {
-      "metadata": Object {
-        "annotations": Object {
-          "sealedsecrets.bitnami.com/cluster-wide": "true",
-        },
-        "name": "app-sealed-secret",
-      },
-      "type": "Opaque",
-    },
-  },
-}
-`;
-
 exports[`Test sealed secrets generation Check prod snapshot 1`] = `
 Object {
   "apiVersion": "bitnami.com/v1alpha1",

diff --git a/packages/sre-secrets/__tests__/data/.secrets.yaml b/packages/sre-secrets/__tests__/data/.secrets.yaml
@@ -6,10 +6,6 @@ services:
         secrets: # List of secrets to seal
           toto: "titi"
           tata: "tutu"
-      preprod:
-        secrets:
-          toto: "titi"
-          tata: "tutu"
       prod:
         fileName: "app-prod"
         secretsName: "app-prod-sealed-secret"

diff --git a/packages/sre-secrets/__tests__/index.ts b/packages/sre-secrets/__tests__/index.ts
@@ -35,12 +35,6 @@ describe("Test sealed secrets generation", () => {
     expect(content).toMatchSnapshot(matchers);
   });
 
-  test("Check preprod snapshot", () => {
-    const path = `${folderPath}/environments/preprod/app.sealed-secret.yaml`;
-    const content = load(readFileSync(path, "utf8"));
-    expect(content).toMatchSnapshot(matchers);
-  });
-
   test("Check prod snapshot", () => {
     const path = `${folderPath}/environments/prod/app-prod.sealed-secret.yaml`;
     const content = load(readFileSync(path, "utf8"));

diff --git a/packages/sre-secrets/src/environments.ts b/packages/sre-secrets/src/environments.ts
@@ -16,10 +16,9 @@ const processEnvironment =
     environmentName: string,
     { fileName, secretsName, secrets }: ServiceEnvironment
   ) => {
-    const context = environmentName === "prod" ? "prod2" : "dev2";
     const name = secretsName ?? `${serviceName}-${baseName}`;
     const sealed = await cryptFromSecrets({
-      context,
+      context: environmentName,
       name,
       namespace,
       secrets,