feat: rely solely on metadata name (#2040)

Co-authored-by: Matthias Erll <[email protected]>

Author: j-zimnowoda

.vscode/launch.json

@@ -78,6 +78,16 @@
       "console": "integratedTerminal",
       "cwd": "${workspaceRoot}"
     },
+    {
+      "name": "Bootstrap-test-fixtures",
+      "request": "launch",
+      "runtimeArgs": ["run", "bootstrap-tests-fixtures"],
+      "runtimeExecutable": "npm",
+      "type": "node",
+      "envFile": ".env",
+      "console": "integratedTerminal",
+      "cwd": "${workspaceRoot}"
+    },
     {
       "name": "Migrate values",
       "request": "launch",

bin/dyff.sh

@@ -22,6 +22,6 @@ echo "$diff_output" | while read -r line; do
     # Use dyff to compare the files
     dyff between "$second_path" "$first_path" --omit-header \
       --exclude "data.tls.key" --exclude "/data/ca.crt" --exclude "/data/tls.crt" --exclude "/data/tls.key" \
-      --exclude-regexp "/checksum" --exclude-regexp "/webhooks.*"
+      --exclude-regexp "/checksum" --exclude-regexp "/webhooks.*" --ignore-order-changes
   fi
 done

charts/team-ns/templates/argocd/argocd-applicationset.yaml

@@ -89,6 +89,7 @@ spec:
           jqPathExpressions:
             - ".spec.volumeClaimTemplates[].apiVersion"
             - ".spec.volumeClaimTemplates[].kind"
+            - ".spec.volumeClaimTemplates[].spec"
         {{- end }}
       destination:
         server: 'https://kubernetes.default.svc'

package.json

@@ -163,7 +163,8 @@
     "validate-templates:all": "set -e; i=29; while [ $i -le 32 ]; do NODE_ENV=test binzx/otomi validate-templates -k 1.$i; i=$(($i+1)); done",
     "validate-values": "ENV_DIR=$PWD/tests/fixtures NODE_ENV=test binzx/otomi validate-values",
     "bootstrap-dev": "rm -rf /tmp/otomi-bootstrap-dev; CI=1 VALUES_INPUT=$PWD/tests/bootstrap/input-local-dev.yaml ENV_DIR=/tmp/otomi-bootstrap-dev binzx/otomi bootstrap",
-    "bootstrap-dev-with-repo": "CI=1 ENV_DIR=/tmp/otomi-bootstrap-dev binzx/otomi bootstrap"
+    "bootstrap-dev-with-repo": "CI=1 ENV_DIR=/tmp/otomi-bootstrap-dev binzx/otomi bootstrap",
+    "bootstrap-tests-fixtures": "CI=1 ENV_DIR=$PWD/tests/fixtures binzx/otomi bootstrap"
   },
   "standard-version": {
     "skip": {

src/cmd/bootstrap.ts

@@ -224,7 +224,7 @@ export const getUsers = (originalInput: any, deps = { generatePassword, addIniti
   }
   deps.addInitialPasswords(users)
   users.forEach((user) => {
-    set(user, 'id', user.id || randomUUID())
+    set(user, 'name', user.name || randomUUID())
   })
   return users
 }

src/cmd/migrate.ts

@@ -5,6 +5,7 @@ import { randomUUID } from 'crypto'
 import { diff } from 'deep-diff'
 import { copy, createFileSync, move, pathExists, renameSync, rm } from 'fs-extra'
 import { mkdir, readFile, writeFile } from 'fs/promises'
+import { glob } from 'glob'
 import { cloneDeep, each, get, isObject, isUndefined, mapKeys, mapValues, omit, pick, pull, set, unset } from 'lodash'
 import { basename, dirname, join } from 'path'
 import { prepareEnvironment } from 'src/common/cli'
@@ -19,7 +20,7 @@ import { BasicArguments, getParsedArgs, setParsedArgs } from 'src/common/yargs'
 import { v4 as uuidv4 } from 'uuid'
 import { parse } from 'yaml'
 import { Argv } from 'yargs'
-import { $, cd, glob } from 'zx'
+import { $, cd } from 'zx'
 const cmdName = getFilename(__filename)
 
 interface Arguments extends BasicArguments {
@@ -544,7 +545,7 @@ export const migrateLegacyValues = async (envDir: string, deps = { writeFile }):
   })
   const users = get(oldValues, 'users', [])
   users.forEach((user) => {
-    set(user, 'id', user.id || randomUUID())
+    set(user, 'name', user.id || randomUUID())
   })
   oldValues.versions = { specVersion: 1 }
   const teamNames = await getTeamNames(env.ENV_DIR)

src/common/crypt.ts

@@ -81,6 +81,8 @@ const processFileChunk = async (crypt: CR, files: string[]): Promise<(ProcessOut
           await writeFile(file, res.stdout)
           if (crypt.post) await crypt.post(file)
           return res
+        } else {
+          d.error(error.message)
         }
       }
     }

src/common/repo.test.ts

@@ -7,12 +7,26 @@ import {
   getResourceFileName,
   getResourceName,
   getTeamNameFromJsonPath,
+  getUniqueIdentifierFromFilePath,
   hasCorrespondingDecryptedFile,
 } from 'src/common/repo'
 import stubs from 'src/test-stubs'
 
 const { terminal } = stubs
 
+describe('getUniqueIdentifierFromFilePath', () => {
+  it('should get user name from .dec file', () => {
+    expect(getUniqueIdentifierFromFilePath('secrets.7f5d1670-ea3d-48b5-aa48-0f9d62f80fdb.yaml.dec')).toEqual(
+      '7f5d1670-ea3d-48b5-aa48-0f9d62f80fdb',
+    )
+  })
+  it('should get user name', () => {
+    expect(getUniqueIdentifierFromFilePath('secrets.7f5d1670-ea3d-48b5-aa48-0f9d62f80fdb.yaml')).toEqual(
+      '7f5d1670-ea3d-48b5-aa48-0f9d62f80fdb',
+    )
+  })
+})
+
 describe('getFilePath', () => {
   it('should get path for apps', () => {
     const fileMap: FileMap = {

src/common/repo.ts

@@ -400,28 +400,36 @@ export async function saveValues(
 
 export function renderManifest(fileMap: FileMap, jsonPath: jsonpath.PathComponent[], data: Record<string, any>) {
   //TODO remove this custom workaround for workloadValues
-  const manifest =
-    fileMap.kind === 'AplTeamWorkloadValues'
-      ? omit(data, ['id', 'name', 'teamId'])
-      : {
-          kind: fileMap.kind,
-          metadata: {
-            name: getResourceName(fileMap, jsonPath, data),
-            labels: {},
-          },
-          spec: data,
-        }
-  if (fileMap.resourceGroup === 'team' && fileMap.kind !== 'AplTeamWorkloadValues') {
+  let spec = data
+  if (fileMap.resourceGroup === 'team') {
+    spec = omit(data, ['id', 'name', 'teamId'])
+  }
+  const manifest = {
+    kind: fileMap.kind,
+    metadata: {
+      name: getResourceName(fileMap, jsonPath, data),
+      labels: {},
+    },
+    spec,
+  }
+  if (fileMap.resourceGroup === 'team') {
     manifest.metadata.labels['apl.io/teamId'] = getTeamNameFromJsonPath(jsonPath)
   }
 
   return manifest
 }
 
-export function renderManifestForSecrets(fileMap: FileMap, data: Record<string, any>) {
+export function renderManifestForSecrets(fileMap: FileMap, resourceName: string, data: Record<string, any>) {
+  let spec = data
+  if (fileMap.resourceGroup === 'users') {
+    spec = omit(data, ['id', 'name'])
+  }
   return {
     kind: fileMap.kind,
-    spec: data,
+    metadata: {
+      name: resourceName,
+    },
+    spec,
   }
 }
 
@@ -461,7 +469,8 @@ export async function saveResourceGroupToFiles(
       const nodeValue = node.value
       try {
         const filePath = getFilePath(fileMap, nodePath, nodeValue, 'secrets.')
-        const manifest = renderManifestForSecrets(fileMap, nodeValue)
+        const resourceName = getResourceName(fileMap, nodePath, nodeValue)
+        const manifest = renderManifestForSecrets(fileMap, resourceName, nodeValue)
         await deps.writeValuesToFile(filePath, manifest)
       } catch (e) {
         console.log(nodePath)
@@ -472,6 +481,14 @@ export async function saveResourceGroupToFiles(
   )
 }
 
+export function getUniqueIdentifierFromFilePath(filePath: string): string {
+  return path
+    .basename(filePath)
+    .replace(/^secrets\./, '')
+    .replace(/\.yaml\.dec$/, '')
+    .replace(/\.yaml$/, '')
+}
+
 export async function setValuesFile(envDir: string, deps = { pathExists, loadValues, writeFile }): Promise<string> {
   const valuesPath = path.join(envDir, 'values-repo.yaml')
   // if (await deps.pathExists(valuesPath)) return valuesPath
@@ -554,7 +571,6 @@ export async function loadToSpec(
     if (hasCorrespondingDecryptedFile(filePath, files)) return
     promises.push(deps.loadFileToSpec(filePath, fileMap, spec))
   })
-
   await Promise.all(promises)
 }
 
@@ -565,18 +581,32 @@ export async function loadFileToSpec(
   deps = { loadYaml },
 ): Promise<void> {
   const jsonPath = getJsonPath(fileMap, filePath)
-  const data = await deps.loadYaml(filePath)
-  if (fileMap.processAs === 'arrayItem') {
-    const ref: Record<string, any>[] = get(spec, jsonPath)
-    ref.push(data?.spec)
-  } else {
-    const ref: Record<string, any> = get(spec, jsonPath)
-    // Decrypted secrets may need to be merged with plain text specs
-    const newRef = merge(cloneDeep(ref), data?.spec)
-    set(spec, jsonPath, newRef)
+  try {
+    const data = (await deps.loadYaml(filePath)) || {}
+
+    if (!filePath.includes('secrets.')) {
+      if (fileMap.resourceGroup === 'team' && fileMap.processAs === 'arrayItem') {
+        data.spec.name = data.metadata.name
+      }
+    }
+    if (fileMap.resourceGroup === 'users') {
+      data.spec.name = getUniqueIdentifierFromFilePath(filePath)
+    }
+    if (fileMap.processAs === 'arrayItem') {
+      const ref: Record<string, any>[] = get(spec, jsonPath)
+      ref.push(data?.spec)
+    } else {
+      const ref: Record<string, any> = get(spec, jsonPath)
+      // Decrypted secrets may need to be merged with plain text specs
+      const newRef = merge(cloneDeep(ref), data?.spec)
+      set(spec, jsonPath, newRef)
+    }
+  } catch (e) {
+    console.log(filePath)
+    console.log(fileMap)
+    throw e
   }
 }
-
 export async function getKmsSettings(envDir: string, deps = { loadToSpec }): Promise<Record<string, any>> {
   const kmsFiles = getFileMap('AplKms', envDir)
   const spec = {}

tests/fixtures/.gitignore

@@ -11,4 +11,5 @@ core.yaml
 *.sample
 .env
 env/status.yaml
-values-repo.yaml
+env/bootstrap.yaml
+values-repo.yaml

tests/fixtures/env/apps/alertmanager.yaml

@@ -4,3 +4,12 @@ metadata:
     labels: {}
 spec:
     enabled: true
+    _rawValues: {}
+    resources:
+        alertmanager:
+            limits:
+                cpu: 200m
+                memory: 256Mi
+            requests:
+                cpu: 10m
+                memory: 64Mi

tests/fixtures/env/apps/apl-gitea-operator.yaml

@@ -0,0 +1,14 @@
+kind: AplApp
+metadata:
+    name: apl-gitea-operator
+    labels: {}
+spec:
+    _rawValues: {}
+    resources:
+        operator:
+            limits:
+                cpu: '1'
+                memory: 1Gi
+            requests:
+                cpu: 50m
+                memory: 128Mi

tests/fixtures/env/apps/apl-harbor-operator.yaml

@@ -0,0 +1,14 @@
+kind: AplApp
+metadata:
+    name: apl-harbor-operator
+    labels: {}
+spec:
+    _rawValues: {}
+    resources:
+        operator:
+            limits:
+                cpu: '1'
+                memory: 1Gi
+            requests:
+                cpu: 50m
+                memory: 128Mi

tests/fixtures/env/apps/apl-keycloak-operator.yaml

@@ -0,0 +1,14 @@
+kind: AplApp
+metadata:
+    name: apl-keycloak-operator
+    labels: {}
+spec:
+    _rawValues: {}
+    resources:
+        operator:
+            limits:
+                cpu: '1'
+                memory: 1Gi
+            requests:
+                cpu: 50m
+                memory: 128Mi

tests/fixtures/env/apps/argocd.yaml

@@ -8,10 +8,14 @@ spec:
             enabled: true
             maxReplicas: 5
             minReplicas: 1
+            targetCPUUtilizationPercentage: 80
+            targetMemoryUtilizationPercentage: 80
         server:
             enabled: true
             maxReplicas: 5
             minReplicas: 1
+            targetCPUUtilizationPercentage: 80
+            targetMemoryUtilizationPercentage: 80
     resources:
         applicationSet:
             limits:
@@ -62,3 +66,10 @@ spec:
             requests:
                 cpu: 50m
                 memory: 256M
+    _rawValues: {}
+    applicationSet:
+        replicas: 1
+    controller:
+        replicas: 1
+    controllerOperationProcessors: 10
+    controllerStatusProcessors: 20

tests/fixtures/env/apps/cert-manager.yaml

@@ -5,3 +5,33 @@ metadata:
 spec:
     externallyManagedTlsSecretName: mysecret
     issuer: externally-managed-tls-secret
+    _rawValues: {}
+    resources:
+        cainjector:
+            limits:
+                cpu: 200m
+                memory: 1Gi
+            requests:
+                cpu: 50m
+                memory: 384Mi
+        certManager:
+            limits:
+                cpu: '1'
+                memory: 512Mi
+            requests:
+                cpu: 50m
+                memory: 128Mi
+        startupapicheck:
+            limits:
+                cpu: 200m
+                memory: 384Mi
+            requests:
+                cpu: 50m
+                memory: 64Mi
+        webhook:
+            limits:
+                cpu: 100m
+                memory: 256Mi
+            requests:
+                cpu: 50m
+                memory: 64Mi

tests/fixtures/env/apps/cnpg.yaml

@@ -10,3 +10,4 @@ spec:
         requests:
             cpu: 100m
             memory: 200Mi
+    _rawValues: {}

tests/fixtures/env/apps/drone.yaml

@@ -13,3 +13,5 @@ spec:
             server: https://gitea.demo.eks.otomi.cloud
         github: {}
         provider: gitea
+        username: otomi-admin
+    trace: false

tests/fixtures/env/apps/external-dns.yaml

@@ -0,0 +1,13 @@
+kind: AplApp
+metadata:
+    name: external-dns
+    labels: {}
+spec:
+    logLevel: info
+    resources:
+        limits:
+            cpu: 100m
+            memory: 128Mi
+        requests:
+            cpu: 10m
+            memory: 64Mi