chore: expunge fastly api secrets templating

Dockerfile

@@ -105,8 +105,6 @@ COPY legacy/build-deploy-docker-compose.sh /kubectl-build-deploy/build-deploy-do
 
 COPY legacy/scripts /kubectl-build-deploy/scripts
 
-COPY legacy/helmcharts  /kubectl-build-deploy/helmcharts
-
 ENV DBAAS_OPERATOR_HTTP=dbaas.lagoon.svc:5000
 ENV DOCKER_HOST=docker-host.lagoon.svc
 ENV LAGOON_FEATURE_FLAG_DEFAULT_DOCUMENTATION_URL=https://docs.lagoon.sh

cmd/config_fastly.go

@@ -36,10 +36,6 @@ func FastlyConfigGeneration(debug bool, domain string) (lagoon.Fastly, error) {
 	if err != nil {
 		return lagoon.Fastly{}, fmt.Errorf("error reading fastly-cache-no-cache-id flag: %v", err)
 	}
-	fastlyAPISecretPrefix, err := rootCmd.PersistentFlags().GetString("fastly-api-secret-prefix")
-	if err != nil {
-		return lagoon.Fastly{}, fmt.Errorf("error reading fastly-api-secret-prefix flag: %v", err)
-	}
 	fastlyServiceID, err := rootCmd.PersistentFlags().GetString("fastly-service-id")
 	if err != nil {
 		return lagoon.Fastly{}, fmt.Errorf("error reading fastly-service-id flag: %v", err)
@@ -55,7 +51,6 @@ func FastlyConfigGeneration(debug bool, domain string) (lagoon.Fastly, error) {
 
 	fastlyCacheNoCahce = helpers.GetEnv("LAGOON_FASTLY_NOCACHE_SERVICE_ID", fastlyCacheNoCahce, debug)
 	fastlyServiceID = helpers.GetEnv("ROUTE_FASTLY_SERVICE_ID", fastlyServiceID, debug)
-	fastlyAPISecretPrefix = helpers.GetEnv("FASTLY_API_SECRET_PREFIX", fastlyAPISecretPrefix, debug)
 
 	// get the project and environment variables
 	projectVariables = helpers.GetEnv("LAGOON_PROJECT_VARIABLES", projectVariables, debug)
@@ -70,7 +65,7 @@ func FastlyConfigGeneration(debug bool, domain string) (lagoon.Fastly, error) {
 
 	// generate the fastly configuration from the provided flags/variables
 	f := &lagoon.Fastly{}
-	err = lagoon.GenerateFastlyConfiguration(f, fastlyCacheNoCahce, fastlyServiceID, domain, fastlyAPISecretPrefix, lagoonEnvVars)
+	err = lagoon.GenerateFastlyConfiguration(f, fastlyCacheNoCahce, fastlyServiceID, domain, lagoonEnvVars)
 	if err != nil {
 		return lagoon.Fastly{}, err
 	}

cmd/config_fastly_test.go

@@ -16,7 +16,6 @@ func TestGenerateFastlyConfig(t *testing.T) {
 		cacheNoCache string
 		serviceID    string
 		domain       string
-		secretPrefix string
 	}
 	tests := []struct {
 		name string
@@ -31,12 +30,10 @@ func TestGenerateFastlyConfig(t *testing.T) {
 				cacheNoCache: "",
 				serviceID:    "",
 				domain:       "example.com",
-				secretPrefix: "fastly-api-",
 			},
 			want: lagoon.Fastly{
-				ServiceID:     "service-id",
-				APISecretName: "",
-				Watch:         true,
+				ServiceID: "service-id",
+				Watch:     true,
 			},
 		},
 		{
@@ -47,44 +44,10 @@ func TestGenerateFastlyConfig(t *testing.T) {
 				cacheNoCache: "",
 				serviceID:    "",
 				domain:       "example.com",
-				secretPrefix: "fastly-api-",
-			},
-			want: lagoon.Fastly{
-				ServiceID:     "service-id",
-				APISecretName: "",
-				Watch:         true,
-			},
-		},
-		{
-			name: "test3 check LAGOON_FASTLY_SERVICE_ID with secret",
-			args: args{
-				projectVars:  `[{"name":"LAGOON_SYSTEM_ROUTER_PATTERN","value":"${service}-${project}-${environment}.example.com","scope":"internal_system"},{"name":"LAGOON_FASTLY_SERVICE_ID","value":"service-id:true:secret","scope":"global"}]`,
-				envVars:      `[]`,
-				cacheNoCache: "",
-				serviceID:    "",
-				domain:       "example.com",
-				secretPrefix: "fastly-api-",
 			},
 			want: lagoon.Fastly{
-				ServiceID:     "service-id",
-				APISecretName: "fastly-api-secret",
-				Watch:         true,
-			},
-		},
-		{
-			name: "test4 check LAGOON_FASTLY_SERVICE_IDS with secret",
-			args: args{
-				projectVars:  `[{"name":"LAGOON_SYSTEM_ROUTER_PATTERN","value":"${service}-${project}-${environment}.example.com","scope":"internal_system"},{"name":"LAGOON_FASTLY_SERVICE_IDS","value":"example.com:service-id:true:secret","scope":"global"}]`,
-				envVars:      `[]`,
-				cacheNoCache: "",
-				serviceID:    "",
-				domain:       "example.com",
-				secretPrefix: "fastly-api-",
-			},
-			want: lagoon.Fastly{
-				ServiceID:     "service-id",
-				APISecretName: "fastly-api-secret",
-				Watch:         true,
+				ServiceID: "service-id",
+				Watch:     true,
 			},
 		},
 		{
@@ -95,7 +58,6 @@ func TestGenerateFastlyConfig(t *testing.T) {
 				cacheNoCache: "",
 				serviceID:    "dedicated-service-id",
 				domain:       "example.com",
-				secretPrefix: "fastly-api-",
 			},
 			want: lagoon.Fastly{
 				ServiceID: "dedicated-service-id",
@@ -110,7 +72,6 @@ func TestGenerateFastlyConfig(t *testing.T) {
 				cacheNoCache: "",
 				serviceID:    "dedicated-service-id",
 				domain:       "example.com",
-				secretPrefix: "fastly-api-",
 			},
 			want: lagoon.Fastly{
 				ServiceID: "service-id",
@@ -130,10 +91,6 @@ func TestGenerateFastlyConfig(t *testing.T) {
 			if err != nil {
 				t.Errorf("%v", err)
 			}
-			err = os.Setenv("FASTLY_API_SECRET_PREFIX", tt.args.secretPrefix)
-			if err != nil {
-				t.Errorf("%v", err)
-			}
 			err = os.Setenv("LAGOON_PROJECT_VARIABLES", tt.args.projectVars)
 			if err != nil {
 				t.Errorf("%v", err)

cmd/template_autogen_ingress_test.go

@@ -186,30 +186,6 @@ func TestAutogeneratedIngressGeneration(t *testing.T) {
 			templatePath: "testoutput",
 			want:         "internal/testdata/node/autogen-templates/ingress-7",
 		},
-		{
-			name: "test10 autogenerated routes with fastly and specific secret",
-			args: testdata.GetSeedData(
-				testdata.TestData{
-					ProjectName:     "example-project",
-					EnvironmentName: "main",
-					Branch:          "main",
-					LagoonYAML:      "internal/testdata/node/lagoon.yml",
-					ProjectVariables: []lagoon.EnvironmentVariable{
-						{
-							Name:  "LAGOON_FASTLY_SERVICE_ID",
-							Value: "service-id:true:secretname",
-							Scope: "build",
-						},
-						{
-							Name:  "LAGOON_FASTLY_AUTOGENERATED",
-							Value: "enabled",
-							Scope: "build",
-						},
-					},
-				}, true),
-			templatePath: "testoutput",
-			want:         "internal/testdata/node/autogen-templates/ingress-8",
-		},
 		{
 			name: "test11 autogenerated route development environment",
 			args: testdata.GetSeedData(

cmd/template_ingress_test.go

@@ -26,25 +26,6 @@ func TestTemplateRoutes(t *testing.T) {
 		wantErr      bool
 		wantErrMsg   string
 	}{
-		{
-			name: "test1 check LAGOON_FASTLY_SERVICE_IDS with secret no values",
-			args: testdata.GetSeedData(
-				testdata.TestData{
-					ProjectName:     "example-project",
-					EnvironmentName: "main",
-					Branch:          "main",
-					LagoonYAML:      "internal/testdata/node/lagoon.yml",
-					ProjectVariables: []lagoon.EnvironmentVariable{
-						{
-							Name:  "LAGOON_FASTLY_SERVICE_IDS",
-							Value: "example.com:service-id:true:annotationscom",
-							Scope: "build",
-						},
-					},
-				}, true),
-			templatePath: "testoutput",
-			want:         "internal/testdata/node/ingress-templates/ingress-1",
-		},
 		{
 			name: "test2 check LAGOON_FASTLY_SERVICE_IDS no secret and no values",
 			args: testdata.GetSeedData(
@@ -289,7 +270,7 @@ func TestTemplateRoutes(t *testing.T) {
 					ProjectVariables: []lagoon.EnvironmentVariable{
 						{
 							Name:  "LAGOON_FASTLY_SERVICE_IDS",
-							Value: "example.com:service-id:true:annotationscom",
+							Value: "example.com:service-id:true",
 							Scope: "build",
 						},
 					},
@@ -308,7 +289,7 @@ func TestTemplateRoutes(t *testing.T) {
 					ProjectVariables: []lagoon.EnvironmentVariable{
 						{
 							Name:  "LAGOON_FASTLY_SERVICE_IDS",
-							Value: "example.com:service-id:true:annotationscom",
+							Value: "example.com:service-id:true",
 							Scope: "build",
 						},
 					},

internal/generator/buildvalues.go

@@ -38,7 +38,6 @@ type BuildValues struct {
 	PrivateRegistryURLS           []string                     `json:"privateRegistryURLS" description:"this stores all the private registry urls used by this environment"`
 	Fastly                        Fastly                       `json:"fastly" deprecated:"true" description:"this is the configuration of fastly for this environment"`
 	FastlyCacheNoCache            string                       `json:"fastlyCacheNoCahce" deprecated:"true" description:"this is the service id of a fastly cache-no-cache service"`
-	FastlyAPISecretPrefix         string                       `json:"fastlyAPISecretPrefix" deprecated:"true" description:"this is the fastly-api-secret prefix to use"`
 	ConfigMapSha                  string                       `json:"configMapSha" description:"this is the computed sha of the lagoon-env configmap, it is used to determine if changes are required to deployments"`
 	Route                         string                       `json:"route" description:"this stores the primary determiend route after all have been calculated"`
 	Routes                        []string                     `json:"routes" description:"this stores all routes after they are calculated"`

internal/generator/generator.go

@@ -48,7 +48,6 @@ type GeneratorInput struct {
 	MonitoringContact          string
 	MonitoringStatusPageID     string
 	FastlyCacheNoCahce         string
-	FastlyAPISecretPrefix      string
 	SavedTemplatesPath         string
 	ConfigMapSha               string
 	BackupConfiguration        BackupConfiguration
@@ -97,7 +96,6 @@ func NewGenerator(
 	activeEnvironment := helpers.GetEnv("ACTIVE_ENVIRONMENT", generator.ActiveEnvironment, generator.Debug)
 	standbyEnvironment := helpers.GetEnv("STANDBY_ENVIRONMENT", generator.StandbyEnvironment, generator.Debug)
 	fastlyCacheNoCahce := helpers.GetEnv("LAGOON_FASTLY_NOCACHE_SERVICE_ID", generator.FastlyCacheNoCahce, generator.Debug)
-	fastlyAPISecretPrefix := helpers.GetEnv("ROUTE_FASTLY_SERVICE_ID", generator.FastlyAPISecretPrefix, generator.Debug)
 	lagoonVersion := helpers.GetEnv("LAGOON_VERSION", generator.LagoonVersion, generator.Debug)
 	configMapSha := helpers.GetEnv("CONFIG_MAP_SHA", generator.ConfigMapSha, generator.Debug)
 	imageRegistry := helpers.GetEnv("REGISTRY", generator.ImageRegistry, generator.Debug)
@@ -174,7 +172,6 @@ func NewGenerator(
 	buildValues.ActiveEnvironment = activeEnvironment
 	buildValues.StandbyEnvironment = standbyEnvironment
 	buildValues.FastlyCacheNoCache = fastlyCacheNoCahce
-	buildValues.FastlyAPISecretPrefix = fastlyAPISecretPrefix
 	switch buildType {
 	case "branch", "promote":
 		buildValues.Branch = branch

internal/generator/helpers_generator.go

@@ -93,10 +93,6 @@ func GenerateInput(rootCmd cobra.Command, debug bool) (GeneratorInput, error) {
 	if err != nil {
 		return GeneratorInput{}, fmt.Errorf("error reading fastly-cache-no-cache-id flag: %v", err)
 	}
-	fastlyAPISecretPrefix, err := rootCmd.PersistentFlags().GetString("fastly-api-secret-prefix")
-	if err != nil {
-		return GeneratorInput{}, fmt.Errorf("error reading fastly-api-secret-prefix flag: %v", err)
-	}
 	ignoreMissingEnvFiles, err := rootCmd.PersistentFlags().GetBool("ignore-missing-env-files")
 	if err != nil {
 		return GeneratorInput{}, fmt.Errorf("error reading ignore-missing-env-files flag: %v", err)
@@ -136,7 +132,6 @@ func GenerateInput(rootCmd cobra.Command, debug bool) (GeneratorInput, error) {
 		MonitoringContact:        monitoringContact,
 		MonitoringStatusPageID:   monitoringStatusPageID,
 		FastlyCacheNoCahce:       fastlyCacheNoCahce,
-		FastlyAPISecretPrefix:    fastlyAPISecretPrefix,
 		SavedTemplatesPath:       savedTemplates,
 		IgnoreMissingEnvFiles:    ignoreMissingEnvFiles,
 		IgnoreNonStringKeyErrors: ignoreNonStringKeyErrors,

internal/generator/ingress.go

@@ -155,7 +155,7 @@ func generateAutogenRoutes(
 				}
 				fastlyConfig := &lagoon.Fastly{}
 				if buildValues.AutogeneratedRoutesFastly {
-					err := lagoon.GenerateFastlyConfiguration(fastlyConfig, buildValues.FastlyCacheNoCache, buildValues.Fastly.ServiceID, domain, buildValues.FastlyAPISecretPrefix, envVars)
+					err := lagoon.GenerateFastlyConfiguration(fastlyConfig, buildValues.FastlyCacheNoCache, buildValues.Fastly.ServiceID, domain, envVars)
 					if err != nil {
 						return err
 					}
@@ -287,7 +287,7 @@ func generateActiveStandbyRoutes(
 			if buildValues.LagoonYAML.ProductionRoutes.Active != nil {
 				if buildValues.LagoonYAML.ProductionRoutes.Active.Routes != nil {
 					for _, routeMap := range buildValues.LagoonYAML.ProductionRoutes.Active.Routes {
-						err := lagoon.GenerateRoutesV2(activeStanbyRoutes, routeMap, envVars, buildValues.IngressClass, buildValues.FastlyAPISecretPrefix, true)
+						err := lagoon.GenerateRoutesV2(activeStanbyRoutes, routeMap, envVars, buildValues.IngressClass, true)
 						if err != nil {
 							return *activeStanbyRoutes, err
 						}
@@ -299,7 +299,7 @@ func generateActiveStandbyRoutes(
 			if buildValues.LagoonYAML.ProductionRoutes.Standby != nil {
 				if buildValues.LagoonYAML.ProductionRoutes.Standby.Routes != nil {
 					for _, routeMap := range buildValues.LagoonYAML.ProductionRoutes.Standby.Routes {
-						err := lagoon.GenerateRoutesV2(activeStanbyRoutes, routeMap, envVars, buildValues.IngressClass, buildValues.FastlyAPISecretPrefix, true)
+						err := lagoon.GenerateRoutesV2(activeStanbyRoutes, routeMap, envVars, buildValues.IngressClass, true)
 						if err != nil {
 							return *activeStanbyRoutes, err
 						}
@@ -346,13 +346,13 @@ func generateAndMerge(
 
 	// otherwise it just uses the default environment name
 	for _, routeMap := range buildValues.LagoonYAML.Environments[buildValues.Branch].Routes {
-		err := lagoon.GenerateRoutesV2(n, routeMap, envVars, buildValues.IngressClass, buildValues.FastlyAPISecretPrefix, false)
+		err := lagoon.GenerateRoutesV2(n, routeMap, envVars, buildValues.IngressClass, false)
 		if err != nil {
 			return *n, err
 		}
 	}
 	// merge routes from the API on top of the routes from the `.lagoon.yml`
-	mainRoutes, err := lagoon.MergeRoutesV2(*n, api, envVars, buildValues.IngressClass, buildValues.FastlyAPISecretPrefix)
+	mainRoutes, err := lagoon.MergeRoutesV2(*n, api, envVars, buildValues.IngressClass)
 	if err != nil {
 		return *n, err
 	}

internal/lagoon/fastly.go

@@ -8,13 +8,12 @@ import (
 
 // Fastly represents the fastly configuration for a Lagoon route
 type Fastly struct {
-	ServiceID     string `json:"service-id,omitempty"`
-	APISecretName string `json:"api-secret-name,omitempty"`
-	Watch         bool   `json:"watch,omitempty"`
+	ServiceID string `json:"service-id,omitempty"`
+	Watch     bool   `json:"watch,omitempty"`
 }
 
 // GenerateFastlyConfiguration generates the fastly configuration for a specific route from Lagoon variables.
-func GenerateFastlyConfiguration(f *Fastly, noCacheServiceID, serviceID, route, secretPrefix string, variables []EnvironmentVariable) error {
+func GenerateFastlyConfiguration(f *Fastly, noCacheServiceID, serviceID, route string, variables []EnvironmentVariable) error {
 	f.ServiceID = serviceID
 	if serviceID == "" {
 		if noCacheServiceID != "" {
@@ -38,10 +37,6 @@ func GenerateFastlyConfiguration(f *Fastly, noCacheServiceID, serviceID, route,
 		}
 		f.ServiceID = lfsIDSplit[0]
 		f.Watch = watch
-		if len(lfsIDSplit) == 3 {
-			// the optional secret has been defined
-			f.APISecretName = fmt.Sprintf("%s%s", secretPrefix, lfsIDSplit[2])
-		}
 	}
 	// check the `LAGOON_FASTLY_SERVICE_IDS` to see if we have a domain specific override
 	// this is useful if all domains are using the nocache service, but you have a specific domain that should use a different service
@@ -72,21 +67,8 @@ func GenerateFastlyConfiguration(f *Fastly, noCacheServiceID, serviceID, route,
 				}
 				f.ServiceID = lfsIDSplit[1]
 				f.Watch = watch
-				// unset the apisecret name if this point is reached
-				// this is because this particular ingress may not have one defined
-				// it will get checked next
-				f.APISecretName = ""
-				if len(lfsIDSplit) == 4 {
-					// the optional secret has been defined
-					f.APISecretName = fmt.Sprintf("%s%s", secretPrefix, lfsIDSplit[3])
-				}
 			}
 		}
 	}
-	if f.APISecretName != "" {
-		if !strings.HasPrefix(f.APISecretName, secretPrefix) {
-			f.APISecretName = fmt.Sprintf("%s%s", secretPrefix, f.APISecretName)
-		}
-	}
 	return nil
 }

internal/lagoon/fastly_test.go

@@ -51,16 +51,15 @@ func TestGenerateFastlyConfiguration(t *testing.T) {
 				variables: []EnvironmentVariable{
 					{
 						Name:  "LAGOON_FASTLY_SERVICE_ID",
-						Value: "1234567:true:secretname",
+						Value: "1234567:true",
 						Scope: "global",
 					},
 				},
 			},
 			provide: &Fastly{},
 			want: Fastly{
-				Watch:         true,
-				ServiceID:     "1234567",
-				APISecretName: "secretname",
+				Watch:     true,
+				ServiceID: "1234567",
 			},
 		},
 		{
@@ -73,22 +72,21 @@ func TestGenerateFastlyConfiguration(t *testing.T) {
 				variables: []EnvironmentVariable{
 					{
 						Name:  "LAGOON_FASTLY_SERVICE_IDS",
-						Value: "www.example.com:abcdefg:true:secretname,example.com:1234567:true:secretname",
+						Value: "www.example.com:abcdefg:true,example.com:1234567:true",
 						Scope: "global",
 					},
 				},
 			},
 			provide: &Fastly{},
 			want: Fastly{
-				Watch:         true,
-				ServiceID:     "abcdefg",
-				APISecretName: "api-secret-secretname",
+				Watch:     true,
+				ServiceID: "abcdefg",
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := GenerateFastlyConfiguration(tt.provide, tt.args.noCacheServiceID, tt.args.serviceID, tt.args.route, tt.args.secretPrefix, tt.args.variables)
+			err := GenerateFastlyConfiguration(tt.provide, tt.args.noCacheServiceID, tt.args.serviceID, tt.args.route, tt.args.variables)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("generateFastlyAnnotations() error = %v, wantErr %v", err, tt.wantErr)
 				return