diff --git a/.github/workflows/lint-compass-runtime-agent.yml b/.github/workflows/lint-compass-runtime-agent.yml deleted file mode 100644 index ce3e91cca6ff..000000000000 --- a/.github/workflows/lint-compass-runtime-agent.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Run golangci-lint on compass-runtime-agent - -permissions: - contents: read - -on: - push: - paths: - - 'components/compass-runtime-agent/**' - branches: [ "main" ] - pull_request: - paths: - - 'components/compass-runtime-agent/**' - -jobs: - golangci-lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: "./.github/workflows/template/golangci-lint" - with: - GO_VERSION: '1.21' - LINTER_VERSION: v1.56.2 - LINTER_WORKING_DIRECTORY: 'components/compass-runtime-agent' diff --git a/components/compass-runtime-agent/cmd/main.go b/components/compass-runtime-agent/cmd/main.go index 58437d79c6bc..af1ba2668037 100755 --- a/components/compass-runtime-agent/cmd/main.go +++ b/components/compass-runtime-agent/cmd/main.go @@ -2,7 +2,6 @@ package main import ( "context" - "encoding/json" "github.com/google/uuid" "github.com/kyma-incubator/compass/components/director/pkg/correlation" "github.com/kyma-incubator/compass/components/director/pkg/str" @@ -21,7 +20,6 @@ import ( "github.com/pkg/errors" log "github.com/sirupsen/logrus" "github.com/vrischmann/envconfig" - "k8s.io/apimachinery/pkg/types" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" "sigs.k8s.io/controller-runtime/pkg/client/config" "sigs.k8s.io/controller-runtime/pkg/manager" @@ -42,7 +40,6 @@ func main() { cfg, err := config.GetConfig() exitOnError(err, "Failed to set up client config") - log.Info("Migrating certificate if needed") k8sResourceClientSets, err := k8sResourceClients(cfg) exitOnError(err, "Failed to initialize K8s resource clients") @@ -51,24 +48,11 @@ func main() { } caCertSecret := parseNamespacedName(options.CaCertificatesSecret) - caCertSecretToMigrate := parseNamespacedName(options.CaCertSecretToMigrate) secretsRepository := secrets.NewRepository(secretsManagerConstructor) - err = migrateSecret(secretsRepository, caCertSecretToMigrate, caCertSecret, options.CaCertSecretKeysToMigrate) - exitOnError(err, "Failed to migrate ") - - log.Info("Migrating credentials if needed") clusterCertSecret := parseNamespacedName(options.ClusterCertificatesSecret) agentConfigSecret := parseNamespacedName(options.AgentConfigurationSecret) - oldClusterCertSecret := parseNamespacedName(options.ClusterCertificatesSecretToMigrate) - oldAgentConfigSecret := parseNamespacedName(options.AgentConfigurationSecretToMigrate) - - err = migrateSecretAllKeys(secretsRepository, oldClusterCertSecret, clusterCertSecret) - exitOnError(err, "Failed to migrate ") - - err = migrateSecretAllKeys(secretsRepository, oldAgentConfigSecret, agentConfigSecret) - exitOnError(err, "Failed to migrate ") log.Info("Setting up manager") mgr, err := manager.New(cfg, manager.Options{SyncPeriod: &options.ControllerSyncPeriod}) @@ -132,56 +116,6 @@ func main() { exitOnError(err, "Failed to run the manager") } -func migrateSecretAllKeys(secretRepo secrets.Repository, sourceSecret, targetSecret types.NamespacedName) error { - - includeAllKeysFunc := func(k string) bool { - return true - } - - migrator := certificates.NewMigrator(secretRepo, includeAllKeysFunc) - return migrator.Do(sourceSecret, targetSecret) -} - -func migrateSecret(secretRepo secrets.Repository, sourceSecret, targetSecret types.NamespacedName, keysToInclude string) error { - unmarshallKeysList := func(keys string) (keysArray []string, err error) { - err = json.Unmarshal([]byte(keys), &keysArray) - - return keysArray, err - } - - keys, err := unmarshallKeysList(keysToInclude) - if err != nil { - log.Errorf("Failed to read secret keys to be migrated") - return err - } - - migrator := getMigrator(secretRepo, keys) - - return migrator.Do(sourceSecret, targetSecret) -} - -func getMigrator(secretRepo secrets.Repository, keysToInclude []string) certificates.Migrator { - getIncludeSourceKeyFunc := func() certificates.IncludeKeyFunc { - if len(keysToInclude) == 0 { - return func(string) bool { - return true - } - } - - return func(key string) bool { - for _, k := range keysToInclude { - if k == key { - return true - } - } - - return false - } - } - - return certificates.NewMigrator(secretRepo, getIncludeSourceKeyFunc()) -} - func createSynchronisationService(k8sResourceClients *k8sResourceClientSets, options Config) (kyma.Service, error) { var syncService kyma.Service diff --git a/components/compass-runtime-agent/cmd/options.go b/components/compass-runtime-agent/cmd/options.go index e97b1d924abe..7cb914cbbea9 100644 --- a/components/compass-runtime-agent/cmd/options.go +++ b/components/compass-runtime-agent/cmd/options.go @@ -15,25 +15,21 @@ const ( ) type Config struct { - AgentConfigurationSecret string `envconfig:"default=kyma-system/compass-agent-configuration"` - ControllerSyncPeriod time.Duration `envconfig:"default=20s"` - MinimalCompassSyncTime time.Duration `envconfig:"default=10s"` - CertValidityRenewalThreshold float64 `envconfig:"default=0.3"` - ClusterCertificatesSecret string `envconfig:"default=kyma-system/cluster-client-certificates"` - CaCertificatesSecret string `envconfig:"default=istio-system/ca-certificates"` - SkipCompassTLSVerify bool `envconfig:"default=false"` - GatewayPort int `envconfig:"default=8080"` - SkipAppsTLSVerify bool `envconfig:"default=false"` - CentralGatewayServiceUrl string `envconfig:"default=http://central-application-gateway.kyma-system.svc.cluster.local:8082"` - QueryLogging bool `envconfig:"default=false"` - MetricsLoggingTimeInterval time.Duration `envconfig:"default=30m"` - HealthPort string `envconfig:"default=8090"` - IntegrationNamespace string `envconfig:"default=kyma-system"` - CaCertSecretToMigrate string `envconfig:"optional"` - CaCertSecretKeysToMigrate string `envconfig:"default='cacert'"` - ClusterCertificatesSecretToMigrate string `envconfig:"optional"` - AgentConfigurationSecretToMigrate string `envconfig:"optional"` - Runtime director.RuntimeURLsConfig + AgentConfigurationSecret string `envconfig:"default=kyma-system/compass-agent-configuration"` + ControllerSyncPeriod time.Duration `envconfig:"default=20s"` + MinimalCompassSyncTime time.Duration `envconfig:"default=10s"` + CertValidityRenewalThreshold float64 `envconfig:"default=0.3"` + ClusterCertificatesSecret string `envconfig:"default=kyma-system/cluster-client-certificates"` + CaCertificatesSecret string `envconfig:"default=istio-system/ca-certificates"` + SkipCompassTLSVerify bool `envconfig:"default=false"` + GatewayPort int `envconfig:"default=8080"` + SkipAppsTLSVerify bool `envconfig:"default=false"` + CentralGatewayServiceUrl string `envconfig:"default=http://central-application-gateway.kyma-system.svc.cluster.local:8082"` + QueryLogging bool `envconfig:"default=false"` + MetricsLoggingTimeInterval time.Duration `envconfig:"default=30m"` + HealthPort string `envconfig:"default=8090"` + IntegrationNamespace string `envconfig:"default=kyma-system"` + Runtime director.RuntimeURLsConfig } func (o *Config) String() string { @@ -44,9 +40,7 @@ func (o *Config) String() string { "SkipAppTLSVerify=%v, "+ "QueryLogging=%v, MetricsLoggingTimeInterval=%s, "+ "RuntimeEventsURL=%s, RuntimeConsoleURL=%s, "+ - "HealthPort=%s, IntegrationNamespace=%s, CaCertSecretToMigrate=%s, caCertificateSecretKeysToMigrate=%s, "+ - "ClusterCertificatesSecretToMigrate=%s, AgentConfigurationSecretToMigrate=%s, "+ - "CentralGatewayServiceUrl=%v", + "HealthPort=%s, IntegrationNamespace=%s, CentralGatewayServiceUrl=%v", o.AgentConfigurationSecret, o.ControllerSyncPeriod.String(), o.MinimalCompassSyncTime.String(), o.CertValidityRenewalThreshold, o.ClusterCertificatesSecret, o.CaCertificatesSecret, @@ -54,9 +48,8 @@ func (o *Config) String() string { o.SkipAppsTLSVerify, o.QueryLogging, o.MetricsLoggingTimeInterval, o.Runtime.EventsURL, o.Runtime.ConsoleURL, - o.HealthPort, o.IntegrationNamespace, o.CaCertSecretToMigrate, o.CaCertSecretKeysToMigrate, - o.ClusterCertificatesSecretToMigrate, o.AgentConfigurationSecretToMigrate, - o.CentralGatewayServiceUrl) + o.HealthPort, o.IntegrationNamespace, o.CentralGatewayServiceUrl, + ) } func parseNamespacedName(value string) types.NamespacedName { diff --git a/components/compass-runtime-agent/internal/certificates/migrator.go b/components/compass-runtime-agent/internal/certificates/migrator.go deleted file mode 100644 index 43338b08307a..000000000000 --- a/components/compass-runtime-agent/internal/certificates/migrator.go +++ /dev/null @@ -1,98 +0,0 @@ -package certificates - -import ( - "context" - - "github.com/kyma-project/kyma/components/compass-runtime-agent/internal/secrets" - - "github.com/sirupsen/logrus" - - k8serrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/types" -) - -type Migrator struct { - ctx context.Context - secretRepository secrets.Repository - includeSourceKeyFunc IncludeKeyFunc -} - -func NewMigrator(secretRepository secrets.Repository, includeSourceKeyFunc IncludeKeyFunc) Migrator { - return Migrator{ - ctx: context.Background(), - secretRepository: secretRepository, - includeSourceKeyFunc: includeSourceKeyFunc, - } -} - -type IncludeKeyFunc func(string) bool - -func (m Migrator) Do(source, target types.NamespacedName) error { - logrus.Info("Checking if secret needs to be migrated.") - if source.Name == "" { - logrus.Infof("Skipping secret migration. Source secret name is empty.") - return nil - } - - logrus.Infof("Migrating secret. Source: %s , target=%s.", source.String(), target.String()) - - sourceData, sourceExists, err := m.getSecret(source) - if err != nil { - logrus.Errorf("Failed to read source secret: %v", err) - return err - } - - if !sourceExists { - logrus.Infof("Skipping secret migration. Source secret %s doesn't exist in %s namespace.", source.Name, source.Namespace) - return nil - } - - _, targetExists, err := m.getSecret(target) - if err != nil { - logrus.Errorf("Failed to read target secret: %v", err) - return err - } - - if !targetExists { - err = m.createSecret(target, filterOut(sourceData, m.includeSourceKeyFunc)) - if err != nil { - logrus.Errorf("Failed to create target secret: %v", err) - return err - } - } - - return m.deleteSecret(source) -} - -func (m Migrator) getSecret(name types.NamespacedName) (map[string][]byte, bool, error) { - data, err := m.secretRepository.Get(name) - if err != nil { - if k8serrors.IsNotFound(err) { - return map[string][]byte{}, false, nil - } - - return map[string][]byte{}, false, err - } - - return data, true, nil -} - -func (m Migrator) createSecret(name types.NamespacedName, data map[string][]byte) error { - return m.secretRepository.UpsertWithReplace(name, data) -} - -func (m Migrator) deleteSecret(name types.NamespacedName) error { - return m.secretRepository.Delete(name) -} - -func filterOut(data map[string][]byte, includeKeyFunc IncludeKeyFunc) map[string][]byte { - newData := make(map[string][]byte) - - for k, v := range data { - if includeKeyFunc(k) { - newData[k] = v - } - } - - return newData -} diff --git a/components/compass-runtime-agent/internal/certificates/migrator_test.go b/components/compass-runtime-agent/internal/certificates/migrator_test.go deleted file mode 100644 index 17e9024f44fe..000000000000 --- a/components/compass-runtime-agent/internal/certificates/migrator_test.go +++ /dev/null @@ -1,204 +0,0 @@ -package certificates - -import ( - "errors" - "testing" - - "github.com/kyma-project/kyma/components/compass-runtime-agent/internal/secrets/mocks" - "github.com/stretchr/testify/assert" - k8serrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" -) - -func TestMigrator(t *testing.T) { - - includeAllSourceKeysFunc := func(k string) bool { - return true - } - - namespace := "istio-system" - - t.Run("Should rename secret when source and target specified", func(t *testing.T) { - // given - sourceSecret := types.NamespacedName{Name: "source", Namespace: namespace} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - secret := map[string][]byte{"key": []byte("value")} - - secretsRepositoryMock := &mocks.Repository{} - secretsRepositoryMock.On("Get", sourceSecret).Return(secret, nil) - secretsRepositoryMock.On("Get", targetSecret).Return(map[string][]byte{}, k8serrors.NewNotFound(schema.GroupResource{}, "target")) - secretsRepositoryMock.On("UpsertWithReplace", targetSecret, secret).Return(nil) - secretsRepositoryMock.On("Delete", sourceSecret).Return(nil) - - // when - migrator := NewMigrator(secretsRepositoryMock, includeAllSourceKeysFunc) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Nil(t, err) - secretsRepositoryMock.AssertExpectations(t) - - }) - - t.Run("Should copy specified keys from source to target secret ", func(t *testing.T) { - // given - sourceSecret := types.NamespacedName{Name: "source", Namespace: namespace} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - secret := map[string][]byte{"key1": []byte("value1"), "key2": []byte("value2")} - - secretsRepositoryMock := &mocks.Repository{} - secretsRepositoryMock.On("Get", sourceSecret).Return(secret, nil) - secretsRepositoryMock.On("Get", targetSecret).Return(map[string][]byte{}, k8serrors.NewNotFound(schema.GroupResource{}, "target")) - secretsRepositoryMock.On("UpsertWithReplace", targetSecret, map[string][]byte{"key2": []byte("value2")}).Return(nil) - secretsRepositoryMock.On("Delete", sourceSecret).Return(nil) - - // when - migrator := NewMigrator(secretsRepositoryMock, func(key string) bool { - return key == "key2" - }) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Nil(t, err) - secretsRepositoryMock.AssertExpectations(t) - - }) - - t.Run("Should skip copying when source secret name is emppty", func(t *testing.T) { - // given - sourceSecret := types.NamespacedName{Name: "", Namespace: ""} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - secretsRepositoryMock := &mocks.Repository{} - - // when - migrator := NewMigrator(secretsRepositoryMock, includeAllSourceKeysFunc) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Nil(t, err) - secretsRepositoryMock.AssertExpectations(t) - }) - - t.Run("Should skip copying when source secret name is not-emppty but secret doesn't exist", func(t *testing.T) { - - sourceSecret := types.NamespacedName{Name: "source", Namespace: namespace} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - secretsRepositoryMock := &mocks.Repository{} - secretsRepositoryMock.On("Get", sourceSecret).Return(map[string][]byte{}, k8serrors.NewNotFound(schema.GroupResource{}, "source")) - - // when - migrator := NewMigrator(secretsRepositoryMock, includeAllSourceKeysFunc) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Nil(t, err) - secretsRepositoryMock.AssertExpectations(t) - }) - - t.Run("Should return error when failed to get source secret", func(t *testing.T) { - // given - sourceSecret := types.NamespacedName{Name: "source", Namespace: namespace} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - secretsRepositoryMock := &mocks.Repository{} - secretsRepositoryMock.On("Get", sourceSecret).Return(map[string][]byte{}, errors.New("failed to get")) - - // when - migrator := NewMigrator(secretsRepositoryMock, includeAllSourceKeysFunc) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Error(t, err) - secretsRepositoryMock.AssertExpectations(t) - }) - - t.Run("Should return error when failed to get target secret", func(t *testing.T) { - // given - sourceSecret := types.NamespacedName{Name: "source", Namespace: namespace} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - secret := map[string][]byte{"key": []byte("value")} - - secretsRepositoryMock := &mocks.Repository{} - secretsRepositoryMock.On("Get", sourceSecret).Return(secret, nil) - secretsRepositoryMock.On("Get", targetSecret).Return(map[string][]byte{}, errors.New("failed to get")) - - // when - migrator := NewMigrator(secretsRepositoryMock, includeAllSourceKeysFunc) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Error(t, err) - secretsRepositoryMock.AssertExpectations(t) - }) - - t.Run("Should return error when failed to create target secret", func(t *testing.T) { - // given - sourceSecret := types.NamespacedName{Name: "source", Namespace: namespace} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - secret := map[string][]byte{"key": []byte("value")} - - secretsRepositoryMock := &mocks.Repository{} - secretsRepositoryMock.On("Get", sourceSecret).Return(secret, nil) - secretsRepositoryMock.On("Get", targetSecret).Return(map[string][]byte{}, k8serrors.NewNotFound(schema.GroupResource{}, "target")) - secretsRepositoryMock.On("UpsertWithReplace", targetSecret, secret).Return(errors.New("failed to upsert")) - - // when - migrator := NewMigrator(secretsRepositoryMock, includeAllSourceKeysFunc) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Error(t, err) - secretsRepositoryMock.AssertExpectations(t) - }) - - t.Run("Should return error when failed to remove source secret", func(t *testing.T) { - // given - sourceSecret := types.NamespacedName{Name: "source", Namespace: namespace} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - secret := map[string][]byte{"key": []byte("value")} - - secretsRepositoryMock := &mocks.Repository{} - secretsRepositoryMock.On("Get", sourceSecret).Return(secret, nil) - secretsRepositoryMock.On("Get", targetSecret).Return(map[string][]byte{}, k8serrors.NewNotFound(schema.GroupResource{}, "target")) - secretsRepositoryMock.On("UpsertWithReplace", targetSecret, secret).Return(nil) - secretsRepositoryMock.On("Delete", sourceSecret).Return(errors.New("failed to upsert")) - - // when - migrator := NewMigrator(secretsRepositoryMock, includeAllSourceKeysFunc) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Error(t, err) - secretsRepositoryMock.AssertExpectations(t) - }) - - t.Run("Should remove source secret and do not modify target secret when it already exists", func(t *testing.T) { - // given - sourceSecret := types.NamespacedName{Name: "source", Namespace: namespace} - targetSecret := types.NamespacedName{Name: "target", Namespace: namespace} - - sourceSecretData := map[string][]byte{"key": []byte("value")} - targetSecretData := map[string][]byte{"key": []byte("value")} - - secretsRepositoryMock := &mocks.Repository{} - secretsRepositoryMock.On("Get", sourceSecret).Return(sourceSecretData, nil) - secretsRepositoryMock.On("Get", targetSecret).Return(targetSecretData, nil) - secretsRepositoryMock.On("Delete", sourceSecret).Return(nil) - - // when - migrator := NewMigrator(secretsRepositoryMock, includeAllSourceKeysFunc) - err := migrator.Do(sourceSecret, targetSecret) - - // then - assert.Nil(t, err) - secretsRepositoryMock.AssertExpectations(t) - }) -}