Merge branch 'main' into mc/require-ssl-mod

Author: miguel-crespo-fdc

README.md

@@ -97,8 +97,3 @@ See [Remove Env From Service](./docs/remove-env-from-service.md)
 
 ### Remove a service entirely
 See [Remove Service Entirely](./docs/remove-service.md)
-
-## Notes for Upgrading to version 12.x.y
-From version 12 the custom migrations are removed.
-If you were using git and now you need to migrate to db mode, first you need to upgrade to version 11.20.0, and wait for the custom migrations to be applied and then you can upgrade to versions greater than 12.x.y.
-

charts/kuberpult/templates/cd-service.yaml

@@ -270,6 +270,8 @@ spec:
           value: "{{ .Values.db.connections.cd.maxOpen }}"
         - name: KUBERPULT_DB_MAX_IDLE_CONNECTIONS
           value: "{{ .Values.db.connections.cd.maxIdle }}"
+        - name: KUBERPULT_CHECK_CUSTOM_MIGRATIONS
+          value: "{{ .Values.db.checkCustomMigrations }}"
 {{- end }}
         - name: KUBERPULT_ALLOW_LONG_APP_NAMES
           value: "{{ .Values.cd.allowLongAppNames }}"
@@ -281,6 +283,10 @@ spec:
         - name: KUBERPULT_MINOR_REGEXES
           value: {{ .Values.cd.minorRegexes | join "," | quote }}
 {{- end }}
+        - name: KUBERPULT_MIGRATION_SERVER
+          value: kuberpult-manifest-repo-export-service:8443
+        - name: KUBERPULT_MIGRATION_SERVER_SECURE
+          value: "false"
         - name: KUBERPULT_GRPC_MAX_RECV_MSG_SIZE
           value: "{{ .Values.cd.grpcMaxRecvMsgSize }}"
         volumeMounts:

charts/kuberpult/templates/manifest-repo-export-service.yaml

@@ -18,8 +18,8 @@
 {{ fail ".Values.db.dbOption does not contain a valid value (postgreSQL)."}}
 {{ end -}}
 
-# the export service is only enabled, if the DB is enabled
-{{- if (eq .Values.db.dbOption "postgreSQL") }}
+# the export service is only enabled, if the DB is enabled and the `enabled` flag is true
+{{- if (and (eq .Values.db.dbOption "postgreSQL") (.Values.manifestRepoExport.enabled))}}
 
 ---
 apiVersion: apps/v1
@@ -235,6 +235,8 @@ spec:
           value: "{{ .Values.git.releaseVersionsLimit }}"
         - name: KUBERPULT_MINIMIZE_EXPORTED_DATA
           value: "{{ .Values.git.minimizeExportedData }}"
+        - name: KUBERPULT_CHECK_CUSTOM_MIGRATIONS
+          value: "{{ .Values.db.checkCustomMigrations }}"
         volumeMounts:
         - name: repository
           # The repository volume, an emptyDir, is mounted to the kp directory.

charts/kuberpult/tests/charts_test.go

@@ -181,6 +181,14 @@ ingress:
 					Name:  "KUBERPULT_DB_OPTION",
 					Value: "postgreSQL",
 				},
+				{
+					Name:  "KUBERPULT_MIGRATION_SERVER",
+					Value: "kuberpult-manifest-repo-export-service:8443",
+				},
+				{
+					Name:  "KUBERPULT_MIGRATION_SERVER_SECURE",
+					Value: "false",
+				},
 				{
 					Name:  "KUBERPULT_GRPC_MAX_RECV_MSG_SIZE",
 					Value: "4",
@@ -639,6 +647,44 @@ db:
 			},
 			ExpectedMissing: []core.EnvVar{},
 		},
+		{
+			Name: "Check for custom Migrations",
+			Values: `
+git:
+  url:  "testURL"
+ingress:
+  domainName: "kuberpult-example.com"
+db:
+  dbOption: "postgreSQL"
+  checkCustomMigrations: false
+`,
+			ExpectedEnvs: []core.EnvVar{
+				{
+					Name:  "KUBERPULT_CHECK_CUSTOM_MIGRATIONS",
+					Value: "false",
+				},
+			},
+			ExpectedMissing: []core.EnvVar{},
+		},
+		{
+			Name: "Check for custom Migrations",
+			Values: `
+git:
+  url:  "testURL"
+ingress:
+  domainName: "kuberpult-example.com"
+db:
+  dbOption: "postgreSQL"
+  checkCustomMigrations: true
+`,
+			ExpectedEnvs: []core.EnvVar{
+				{
+					Name:  "KUBERPULT_CHECK_CUSTOM_MIGRATIONS",
+					Value: "true",
+				},
+			},
+			ExpectedMissing: []core.EnvVar{},
+		},
 	}
 
 	for _, tc := range tcs {
@@ -1942,3 +1988,60 @@ func makeAllIngressPaths(withDex, withUi, withOldApi, withNewApi bool) []network
 	}
 	return result
 }
+func TestManifestExportServiceDisabled(t *testing.T) {
+	tcs := []struct {
+		Name        string
+		Values      string
+		ShouldExist bool
+	}{
+		{
+			Name: "Disabled Export Service",
+			Values: `
+git:
+  url:  "checkThisValue"
+ingress:
+  domainName: "kuberpult-example.com"
+db:
+  dbOption: "postgreSQL"
+  writeEslTableOnly: false
+manifestRepoExport:
+  enabled: false
+`,
+			ShouldExist: false,
+		},
+		{
+			Name: "Enabled Export Service",
+			Values: `
+git:
+  url:  "checkThisValue"
+ingress:
+  domainName: "kuberpult-example.com"
+db:
+  dbOption: "postgreSQL"
+  writeEslTableOnly: false
+manifestRepoExport:
+  enabled: true
+`,
+			ShouldExist: true,
+		},
+	}
+
+	for _, tc := range tcs {
+		tc := tc
+		t.Run(tc.Name, func(t *testing.T) {
+			testDirName := t.TempDir()
+			outputFile, err := runHelm(t, []byte(tc.Values), testDirName)
+			if err != nil {
+				t.Fatalf(fmt.Sprintf("%v", err))
+			}
+			if out, err := getDeployments(outputFile); err != nil {
+				t.Fatalf(fmt.Sprintf("%v", err))
+			} else {
+				_, found := out["kuberpult-manifest-repo-export-service"]
+				if found != tc.ShouldExist {
+					t.Fatalf("Expected existence: %t, got: %t", tc.ShouldExist, found)
+				}
+			}
+		})
+	}
+}

charts/kuberpult/values.yaml

@@ -162,7 +162,13 @@ db:
     rollout:
       maxOpen: 100
       maxIdle: 20
+  # Kuberpult only checks for custom migrations if this flag is enabled. Otherwise, it skips them entirely, assuming
+  # that there is no information we want to migrate from an existing manifest repository to the database.
+  # You should only enable this flag, if you want to do a one-step upgrade of kuberpult from a (relatively old) version that still uses git as storage.
+  # If you are already using the database, ignore this flag.
+  checkCustomMigrations: false
 manifestRepoExport:
+  enabled: true
   image: kuberpult-manifest-repo-export-service
   service:
     annotations: {}

cli/pkg/cmd/cli.go

@@ -88,6 +88,8 @@ func RunCLI() ReturnCode {
 		return handleReleaseTrain(*kpClientParams, subflags)
 	case "get-commit-deployments":
 		return handleGetCommitDeployments(*kpClientParams, subflags)
+	case "delete-environment":
+		return handleDeleteEnvironment(*kpClientParams, subflags)
 	default:
 		log.Printf("unknown subcommand %s\n", subcommand)
 		return ReturnCodeInvalidArguments

cli/pkg/cmd/handlers.go

@@ -21,6 +21,7 @@ import (
 
 	"github.com/freiheit-com/kuberpult/cli/pkg/cli_utils"
 	"github.com/freiheit-com/kuberpult/cli/pkg/deployments"
+	"github.com/freiheit-com/kuberpult/cli/pkg/environments"
 	"github.com/freiheit-com/kuberpult/cli/pkg/locks"
 	"github.com/freiheit-com/kuberpult/cli/pkg/releasetrain"
 
@@ -212,3 +213,31 @@ func handleGetCommitDeployments(kpClientParams kuberpultClientParameters, args [
 	}
 	return ReturnCodeSuccess
 }
+
+func handleDeleteEnvironment(kpClientParams kuberpultClientParameters, args []string) ReturnCode {
+	parsedArgs, err := environments.ParseArgsDeleteEnvironment(args)
+	if err != nil {
+		log.Printf("error while parsing command line args, error: %v", err)
+		return ReturnCodeInvalidArguments
+	}
+
+	authParams := kutil.AuthenticationParameters{
+		IapToken:    kpClientParams.iapToken,
+		DexToken:    kpClientParams.dexToken,
+		AuthorName:  kpClientParams.authorName,
+		AuthorEmail: kpClientParams.authorEmail,
+	}
+
+	requestParameters := kutil.RequestParameters{
+		Url:         &kpClientParams.url,
+		Retries:     kpClientParams.retries,
+		HttpTimeout: cli_utils.HttpDefaultTimeout,
+	}
+
+	if err = environments.HandleDeleteEnvironment(requestParameters, authParams, parsedArgs); err != nil {
+		log.Printf("error on delete environment, error: %v", err)
+		return ReturnCodeFailure
+	}
+
+	return ReturnCodeSuccess
+}

cli/pkg/environments/delete.go

@@ -0,0 +1,83 @@
+/*This file is part of kuberpult.
+
+Kuberpult is free software: you can redistribute it and/or modify
+it under the terms of the Expat(MIT) License as published by
+the Free Software Foundation.
+
+Kuberpult is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+MIT License for more details.
+
+You should have received a copy of the MIT License
+along with kuberpult. If not, see <https://directory.fsf.org/wiki/License:Expat>.
+
+Copyright freiheit.com*/
+/*
+This file is part of kuberpult.
+
+Kuberpult is free software: you can redistribute it and/or modify
+it under the terms of the Expat(MIT) License as published by
+the Free Software Foundation.
+
+Kuberpult is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+MIT License for more details.
+
+You should have received a copy of the MIT License
+along with kuberpult. If not, see <https://directory.fsf.org/wiki/License:Expat>.
+
+Copyright freiheit.com
+*/
+package environments
+
+import (
+	"fmt"
+	"net/http"
+	urllib "net/url"
+
+	"github.com/freiheit-com/kuberpult/cli/pkg/cli_utils"
+	kutil "github.com/freiheit-com/kuberpult/cli/pkg/kuberpult_utils"
+)
+
+type DeleteEnvironmentParameters struct {
+	Environment string
+}
+
+func HandleDeleteEnvironment(requestParams kutil.RequestParameters, authParams kutil.AuthenticationParameters, params *DeleteEnvironmentParameters) error {
+	req, err := createHttpRequest(*requestParams.Url, authParams, params)
+	if err != nil {
+		return fmt.Errorf("error while preparing HTTP request, error: %w", err)
+	}
+
+	if err = cli_utils.IssueHttpRequest(*req, requestParams.Retries, requestParams.HttpTimeout); err != nil {
+		return fmt.Errorf("error while issuing HTTP request, error: %v", err)
+	}
+
+	return nil
+}
+
+func createHttpRequest(url string, authParams kutil.AuthenticationParameters, parameters *DeleteEnvironmentParameters) (*http.Request, error) {
+	urlStruct, err := urllib.Parse(url)
+	if err != nil {
+		return nil, fmt.Errorf("the provided url %s is invalid, error: %w", url, err)
+	}
+
+	path := "/api/environments/" + parameters.Environment
+
+	req, err := http.NewRequest(http.MethodDelete, urlStruct.JoinPath(path).String(), nil)
+	if err != nil {
+		return nil, fmt.Errorf("error creating the HTTP request, error: %w", err)
+	}
+
+	if authParams.IapToken != nil {
+		req.Header.Add("Proxy-Authorization", "Bearer "+*authParams.IapToken)
+	}
+
+	if authParams.DexToken != nil {
+		req.Header.Add("Authorization", "Bearer "+*authParams.DexToken)
+	}
+
+	return req, nil
+}