From f2a8e6e614c207d492e89c7ebd734c11a655bf26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jacob=20L=C3=A4rfors?= <1135394+jlarfors@users.noreply.github.com> Date: Thu, 11 Apr 2024 13:56:49 +0300 Subject: [PATCH] update terragen to use structure that has directory per resource/data source This change is to "solve" the long compilation times. By splitting generated code into a pkg per type, it avoids one massive pkg with all the resources. --- cmd/terragen/cli.go | 10 +- docs/.gitignore | 2 + docs/go.mod | 37 +- docs/go.sum | 139 ---- docs/kubernetes/crd/out/app.go | 9 +- .../4_team_graph_microsoft_service_entry.yaml | 15 - ...onboarding_auth_secret_provider_class.yaml | 97 --- .../crd/out/secret-provider-class.go | 40 +- docs/kubernetes/crd/out/service-entry.go | 2 +- docs/platypus/.gitignore | 12 - docs/platypus/cmd/platypus/cli.go | 428 ----------- docs/platypus/cmd/platypus/destroy.go | 39 - docs/platypus/cmd/platypus/kubectl.go | 239 ------ docs/platypus/cmd/platypus/migrate.go | 114 --- docs/platypus/cmd/platypus/stacks.go | 135 ---- docs/platypus/hack/gen.go | 7 - docs/platypus/pkg/infra/awsvpc/vpc.go | 279 ------- docs/platypus/pkg/infra/cluster_eks/eks.go | 203 ------ .../pkg/infra/cluster_eks/eks_test.go | 97 --- docs/platypus/pkg/infra/rds/.keep | 0 docs/platypus/pkg/infra/s3/s3.go | 86 --- docs/platypus/pkg/infra/s3/validate.go | 142 ---- .../pkg/platform/awsauth/configmap.go | 69 -- docs/platypus/pkg/platform/cilium/app.go | 131 ---- docs/platypus/pkg/platform/cilium/config.go | 195 ----- docs/platypus/pkg/platform/cilium/daemon.go | 639 ---------------- .../pkg/platform/cilium/hubble_svc.go | 32 - docs/platypus/pkg/platform/cilium/iam.go | 124 ---- .../platypus/pkg/platform/cilium/node-init.go | 151 ---- docs/platypus/pkg/platform/cilium/operator.go | 152 ---- .../pkg/platform/cilium/operator_iam.go | 194 ----- docs/platypus/pkg/platform/cilium/ptr.go | 9 - docs/platypus/pkg/platform/doc.go | 5 - docs/platypus/pkg/platform/grafana/app.go | 115 --- docs/platypus/pkg/platform/grafana/cm.go | 111 --- .../platform/grafana/dashboardsdefaultcm.go | 26 - docs/platypus/pkg/platform/grafana/deploy.go | 209 ------ docs/platypus/pkg/platform/grafana/iam.go | 17 - docs/platypus/pkg/platform/grafana/p.go | 10 - docs/platypus/pkg/platform/grafana/rds.go | 100 --- docs/platypus/pkg/platform/grafana/secret.go | 28 - docs/platypus/pkg/platform/grafana/svc.go | 36 - .../pkg/platform/karpenter/app_test.go | 28 - .../pkg/platform/karpenter/awsauth.go | 25 - .../pkg/platform/karpenter/clusterroles.go | 187 ----- .../platypus/pkg/platform/karpenter/config.go | 87 --- .../awsnodetemplates.karpenter.k8s.aws_crd.go | 253 ------- .../crd/provisioners.karpenter.sh_crd.go | 406 ----------- .../platypus/pkg/platform/karpenter/deploy.go | 216 ------ .../pkg/platform/karpenter/fargateprofile.go | 102 --- docs/platypus/pkg/platform/karpenter/infra.go | 262 ------- .../pkg/platform/karpenter/instanceprofile.go | 89 --- .../pkg/platform/karpenter/karpenter.go | 169 ----- .../pkg/platform/karpenter/provisioners.go | 107 --- docs/platypus/pkg/platform/karpenter/roles.go | 96 --- docs/platypus/pkg/platform/karpenter/svc.go | 44 -- .../pkg/platform/karpenter/webhooks.go | 203 ------ docs/platypus/pkg/platform/tekton/app.go | 393 ---------- .../pkg/platform/tekton/cluster-role.go | 316 -------- .../pkg/platform/tekton/config-map.go | 634 ---------------- docs/platypus/pkg/platform/tekton/crd.go | 683 ------------------ .../pkg/platform/tekton/deployment.go | 441 ----------- .../tekton/horizontal-pod-autoscaler.go | 47 -- docs/platypus/pkg/platform/tekton/role.go | 143 ---- docs/platypus/pkg/platform/tekton/secret.go | 22 - docs/platypus/pkg/platform/tekton/service.go | 106 --- docs/platypus/pkg/platform/tekton/webhook.go | 79 -- docs/platypus/pkg/terraclient/client.go | 325 --------- docs/platypus/pkg/terraclient/plan.go | 42 -- docs/platypus/pkg/terraclient/stack.go | 85 --- docs/platypus/pkg/updater/registry.go | 47 -- docs/platypus/pkg/updater/registry_test.go | 17 - docs/platypus/readme.md | 42 -- docs/platypus2/cmd/bootstrap/bucket.go | 19 +- docs/platypus2/cmd/platypus/stacks.go | 19 +- docs/platypus2/generate.go | 10 + docs/platypus2/go.mod | 63 +- docs/platypus2/go.sum | 179 +++-- docs/platypus2/infra/csi_ebs.go | 55 +- docs/platypus2/infra/eks.go | 78 +- docs/platypus2/infra/eks_test.go | 4 +- docs/platypus2/infra/s3.go | 39 +- docs/platypus2/infra/vpc.go | 97 +-- docs/platypus2/karpenter/infra.go | 65 +- .../karpenter/infra_fargateprofile.go | 42 +- .../karpenter/infra_instanceprofile.go | 39 +- docs/terraform/aws_test.go | 70 +- docs/terraform/generate.go | 3 + docs/terraform/localfile/localfile.go | 15 +- .../localfile/out/local/data_file.go | 100 --- .../out/local/data_sensitive_file.go | 100 --- docs/terraform/localfile/out/local/file.go | 195 ----- .../out/local/local_file/data_local_file.go | 101 +++ .../out/local/local_file/local_file.go | 195 +++++ .../data_local_sensitive_file.go | 101 +++ .../local_sensitive_file.go | 187 +++++ .../terraform/localfile/out/local/provider.go | 16 +- .../localfile/out/local/sensitive_file.go | 187 ----- docs/terraform/readme.md | 70 +- docs/terraform/types_test.go | 6 +- pkg/internal/terrajen/const.go | 2 + pkg/internal/terrajen/data.go | 3 +- pkg/internal/terrajen/funcs.go | 9 +- pkg/internal/terrajen/generator.go | 200 +++-- pkg/internal/terrajen/generator_test.go | 16 - pkg/internal/terrajen/graph.go | 85 ++- pkg/internal/terrajen/provider.go | 65 +- pkg/internal/terrajen/resource.go | 13 +- pkg/internal/terrajen/structs.go | 26 +- pkg/internal/terrajen/subpkg.go | 57 +- pkg/terragen/gowrapper.go | 40 +- pkg/terragen/gowrapper_test.go | 9 + 112 files changed, 1395 insertions(+), 11366 deletions(-) create mode 100644 docs/.gitignore delete mode 100644 docs/kubernetes/crd/out/manifests/4_team_graph_microsoft_service_entry.yaml delete mode 100644 docs/kubernetes/crd/out/manifests/4_team_onboarding_auth_secret_provider_class.yaml delete mode 100644 docs/platypus/.gitignore delete mode 100644 docs/platypus/cmd/platypus/cli.go delete mode 100644 docs/platypus/cmd/platypus/destroy.go delete mode 100644 docs/platypus/cmd/platypus/kubectl.go delete mode 100644 docs/platypus/cmd/platypus/migrate.go delete mode 100644 docs/platypus/cmd/platypus/stacks.go delete mode 100644 docs/platypus/hack/gen.go delete mode 100644 docs/platypus/pkg/infra/awsvpc/vpc.go delete mode 100644 docs/platypus/pkg/infra/cluster_eks/eks.go delete mode 100644 docs/platypus/pkg/infra/cluster_eks/eks_test.go delete mode 100644 docs/platypus/pkg/infra/rds/.keep delete mode 100644 docs/platypus/pkg/infra/s3/s3.go delete mode 100644 docs/platypus/pkg/infra/s3/validate.go delete mode 100644 docs/platypus/pkg/platform/awsauth/configmap.go delete mode 100644 docs/platypus/pkg/platform/cilium/app.go delete mode 100644 docs/platypus/pkg/platform/cilium/config.go delete mode 100644 docs/platypus/pkg/platform/cilium/daemon.go delete mode 100644 docs/platypus/pkg/platform/cilium/hubble_svc.go delete mode 100644 docs/platypus/pkg/platform/cilium/iam.go delete mode 100644 docs/platypus/pkg/platform/cilium/node-init.go delete mode 100644 docs/platypus/pkg/platform/cilium/operator.go delete mode 100644 docs/platypus/pkg/platform/cilium/operator_iam.go delete mode 100644 docs/platypus/pkg/platform/cilium/ptr.go delete mode 100644 docs/platypus/pkg/platform/doc.go delete mode 100644 docs/platypus/pkg/platform/grafana/app.go delete mode 100644 docs/platypus/pkg/platform/grafana/cm.go delete mode 100644 docs/platypus/pkg/platform/grafana/dashboardsdefaultcm.go delete mode 100644 docs/platypus/pkg/platform/grafana/deploy.go delete mode 100644 docs/platypus/pkg/platform/grafana/iam.go delete mode 100644 docs/platypus/pkg/platform/grafana/p.go delete mode 100644 docs/platypus/pkg/platform/grafana/rds.go delete mode 100644 docs/platypus/pkg/platform/grafana/secret.go delete mode 100644 docs/platypus/pkg/platform/grafana/svc.go delete mode 100644 docs/platypus/pkg/platform/karpenter/app_test.go delete mode 100644 docs/platypus/pkg/platform/karpenter/awsauth.go delete mode 100644 docs/platypus/pkg/platform/karpenter/clusterroles.go delete mode 100644 docs/platypus/pkg/platform/karpenter/config.go delete mode 100644 docs/platypus/pkg/platform/karpenter/crd/awsnodetemplates.karpenter.k8s.aws_crd.go delete mode 100644 docs/platypus/pkg/platform/karpenter/crd/provisioners.karpenter.sh_crd.go delete mode 100644 docs/platypus/pkg/platform/karpenter/deploy.go delete mode 100644 docs/platypus/pkg/platform/karpenter/fargateprofile.go delete mode 100644 docs/platypus/pkg/platform/karpenter/infra.go delete mode 100644 docs/platypus/pkg/platform/karpenter/instanceprofile.go delete mode 100644 docs/platypus/pkg/platform/karpenter/karpenter.go delete mode 100644 docs/platypus/pkg/platform/karpenter/provisioners.go delete mode 100644 docs/platypus/pkg/platform/karpenter/roles.go delete mode 100644 docs/platypus/pkg/platform/karpenter/svc.go delete mode 100644 docs/platypus/pkg/platform/karpenter/webhooks.go delete mode 100644 docs/platypus/pkg/platform/tekton/app.go delete mode 100644 docs/platypus/pkg/platform/tekton/cluster-role.go delete mode 100644 docs/platypus/pkg/platform/tekton/config-map.go delete mode 100644 docs/platypus/pkg/platform/tekton/crd.go delete mode 100644 docs/platypus/pkg/platform/tekton/deployment.go delete mode 100644 docs/platypus/pkg/platform/tekton/horizontal-pod-autoscaler.go delete mode 100644 docs/platypus/pkg/platform/tekton/role.go delete mode 100644 docs/platypus/pkg/platform/tekton/secret.go delete mode 100644 docs/platypus/pkg/platform/tekton/service.go delete mode 100644 docs/platypus/pkg/platform/tekton/webhook.go delete mode 100644 docs/platypus/pkg/terraclient/client.go delete mode 100644 docs/platypus/pkg/terraclient/plan.go delete mode 100644 docs/platypus/pkg/terraclient/stack.go delete mode 100644 docs/platypus/pkg/updater/registry.go delete mode 100644 docs/platypus/pkg/updater/registry_test.go delete mode 100644 docs/platypus/readme.md create mode 100644 docs/platypus2/generate.go delete mode 100644 docs/terraform/localfile/out/local/data_file.go delete mode 100644 docs/terraform/localfile/out/local/data_sensitive_file.go delete mode 100644 docs/terraform/localfile/out/local/file.go create mode 100644 docs/terraform/localfile/out/local/local_file/data_local_file.go create mode 100644 docs/terraform/localfile/out/local/local_file/local_file.go create mode 100644 docs/terraform/localfile/out/local/local_sensitive_file/data_local_sensitive_file.go create mode 100644 docs/terraform/localfile/out/local/local_sensitive_file/local_sensitive_file.go delete mode 100644 docs/terraform/localfile/out/local/sensitive_file.go delete mode 100644 pkg/internal/terrajen/generator_test.go diff --git a/cmd/terragen/cli.go b/cmd/terragen/cli.go index 433e2ff..bcbcf03 100644 --- a/cmd/terragen/cli.go +++ b/cmd/terragen/cli.go @@ -14,7 +14,7 @@ Usage: The flags are: -force - override any existing generated Go files (required) + override any existing generated Go files -out string directory to generate Go files in (required) -pkg string @@ -49,6 +49,7 @@ func main() { pkgPath string providerStr string force bool + clean bool v bool ) @@ -72,6 +73,12 @@ func main() { false, "override any existing generated Go files", ) + flag.BoolVar( + &clean, + "clean", + false, + "clean the out directory before generating Go files", + ) flag.BoolVar(&v, "v", false, "show version") flag.Parse() @@ -125,6 +132,7 @@ func main() { OutDir: outDir, PkgPath: pkgPath, Force: force, + Clean: clean, }, schemas, ); err != nil { diff --git a/docs/.gitignore b/docs/.gitignore new file mode 100644 index 0000000..f79035b --- /dev/null +++ b/docs/.gitignore @@ -0,0 +1,2 @@ +**/.lingon/ +**/out/ diff --git a/docs/go.mod b/docs/go.mod index 96628d6..98ea9a2 100644 --- a/docs/go.mod +++ b/docs/go.mod @@ -1,27 +1,16 @@ module github.com/golingon/lingon/docs -go 1.21 +go 1.21.7 replace github.com/golingon/lingon => ../ require ( - github.com/Masterminds/semver/v3 v3.2.1 - github.com/aws/karpenter v0.29.2 - github.com/aws/karpenter-core v0.29.2 github.com/eidolon/wordwrap v0.0.0-20161011182207-e0f54129b8bb github.com/fatih/color v1.15.0 - github.com/go-playground/validator/v10 v10.19.0 - github.com/golingon/lingon v0.0.0-20230821085204-81fbacc93e96 - github.com/golingon/terraproviders/aws/4.60.0 v0.0.0-20230821062044-8717820dd713 - github.com/golingon/terraproviders/tls/4.0.4 v0.0.0-20230821062044-8717820dd713 - github.com/google/go-containerregistry v0.16.1 + github.com/golingon/lingon v0.0.0-20240410151041-d6e1fef1f2a8 github.com/hashicorp/hcl/v2 v2.20.1 - github.com/hashicorp/terraform-exec v0.20.0 github.com/hashicorp/terraform-json v0.19.0 - github.com/hexops/valast v1.4.4 - github.com/invopop/yaml v0.2.0 github.com/rogpeppe/go-internal v1.12.0 - github.com/stretchr/testify v1.8.4 github.com/zegl/kube-score v1.17.0 istio.io/api v1.19.0-beta.1 istio.io/client-go v1.18.1 @@ -35,53 +24,34 @@ require ( require ( github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/aws/aws-sdk-go v1.44.329 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/dave/jennifer v1.7.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/cli v24.0.5+incompatible // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.5+incompatible // indirect - github.com/docker/docker-credential-helpers v0.8.0 // indirect github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/go-logr/logr v1.3.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect + github.com/go-playground/validator/v10 v10.19.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/hashicorp/go-version v1.6.0 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.16.7 // indirect github.com/leodido/go-urn v1.4.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.19 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc4 // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/samber/lo v1.38.1 // indirect - github.com/sirupsen/logrus v1.9.3 // indirect github.com/tidwall/gjson v1.17.1 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect - github.com/vbatts/tar-split v0.11.5 // indirect github.com/veggiemonk/strcase v0.0.0-20230627213939-a882c834bcab // indirect - github.com/volvo-cars/lingon v0.0.0-20230814121704-8832578d7bbf // indirect github.com/zclconf/go-cty v1.14.1 // indirect - go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.19.0 // indirect golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.21.0 // indirect - golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/tools v0.17.0 // indirect @@ -93,7 +63,6 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.110.1 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect - knative.dev/pkg v0.0.0-20230821102121-81e4ee140363 // indirect mvdan.cc/gofumpt v0.6.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/docs/go.sum b/docs/go.sum index 120e911..81d1f37 100644 --- a/docs/go.sum +++ b/docs/go.sum @@ -1,62 +1,20 @@ -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Pallinder/go-randomdata v1.2.0 h1:DZ41wBchNRb/0GfsePLiSwb0PHZmT67XY00lCDlaYPg= -github.com/Pallinder/go-randomdata v1.2.0/go.mod h1:yHmJgulpD2Nfrm0cR9tI/+oAgRqCQQixsA8HyRZfV9Y= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aws/aws-sdk-go v1.44.329 h1:Rqy+wYI8h+iq+FphR59KKTsHR1Lz7YiwRqFzWa7xoYU= -github.com/aws/aws-sdk-go v1.44.329/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/karpenter v0.29.2 h1:D3gdIJE2zCPLN/NYdDBXeBd8lq16PiZ+ZVSCGvTYQxw= -github.com/aws/karpenter v0.29.2/go.mod h1:djD7u2FbiUoeZga4J0Gg3j2oovLnGR3lL2NMPTN7sbY= -github.com/aws/karpenter-core v0.29.2 h1:iS8bjC1911LA459gLEl7Jkr0QRbyKMeXB2b4NEVGQIE= -github.com/aws/karpenter-core v0.29.2/go.mod h1:GzFITbd2ijUiV4UJ0wox4RJQsFD2ncyJYtLmUlYnmJY= -github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= -github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/blendle/zapdriver v1.3.1 h1:C3dydBOWYRiOk+B8X9IVZ5IOe+7cl+tGOexN4QqHfpE= -github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= -github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/dave/jennifer v1.7.0 h1:uRbSBH9UTS64yXbh4FrMHfgfY762RD+C7bUPKODpSJE= github.com/dave/jennifer v1.7.0/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc= -github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.5+incompatible h1:WmgcE4fxyI6EEXxBRxsHnZXrO1pQ3smi0k/jho4HLeY= -github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8= -github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40= github.com/eidolon/wordwrap v0.0.0-20161011182207-e0f54129b8bb h1:ioQwBmKdOCpMVS/bDaESqNWXIE/aw4+gsVtysCGMWZ4= github.com/eidolon/wordwrap v0.0.0-20161011182207-e0f54129b8bb/go.mod h1:ZAPs+OyRzeVJFGvXVDVffgCzQfjg3qU9Ig8G/MU3zZ4= -github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= -github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= -github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= -github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= -github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -github.com/go-git/go-git/v5 v5.10.1 h1:tu8/D8i+TWxgKpzQ3Vc43e+kkhXqtsZCKI/egajKnxk= -github.com/go-git/go-git/v5 v5.10.1/go.mod h1:uEuHjxkHap8kAl//V5F/nNWwqIYtP/402ddd05mp0wg= github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= @@ -67,64 +25,28 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= github.com/go-playground/validator/v10 v10.19.0 h1:ol+5Fu+cSq9JD7SoSqe04GMI92cbn0+wvQ3bZ8b/AU4= github.com/go-playground/validator/v10 v10.19.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/golingon/terraproviders/aws/4.60.0 v0.0.0-20230821062044-8717820dd713 h1:XRtAn3+wOivnjL3qkT3i/zrei08NytvRqaSDkXA+KUU= -github.com/golingon/terraproviders/aws/4.60.0 v0.0.0-20230821062044-8717820dd713/go.mod h1:d52RzNXiyaY4BYYOEggS1x9U5UVslt6Tu4HU2fpG/1M= -github.com/golingon/terraproviders/tls/4.0.4 v0.0.0-20230821062044-8717820dd713 h1:mo/ovOct14q3nI7b58TjqkSQB2yXUYVajoBr7KUPEz8= -github.com/golingon/terraproviders/tls/4.0.4 v0.0.0-20230821062044-8717820dd713/go.mod h1:9YiA/6+3k63yk5XMFLrTkD3nK2i1J04V8umfvyyBIxA= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-containerregistry v0.16.1 h1:rUEt426sR6nyrL3gt+18ibRcvYpKYdpsa5ZW7MA08dQ= -github.com/google/go-containerregistry v0.16.1/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= -github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/hc-install v0.6.2 h1:V1k+Vraqz4olgZ9UzKiAcbman9i9scg9GgSt/U3mw/M= -github.com/hashicorp/hc-install v0.6.2/go.mod h1:2JBpd+NCFKiHiu/yYCGaPyPHhZLxXTpz8oreHa/a3Ps= github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= -github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= -github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= github.com/hashicorp/terraform-json v0.19.0 h1:e9DBKC5sxDfiJT7Zoi+yRIwqLVtFur/fwK/FuE6AWsA= github.com/hashicorp/terraform-json v0.19.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= -github.com/hexops/autogold v0.8.1 h1:wvyd/bAJ+Dy+DcE09BoLk6r4Fa5R5W+O+GUzmR985WM= -github.com/hexops/autogold v0.8.1/go.mod h1:97HLDXyG23akzAoRYJh/2OBs3kd80eHyKPvZw0S5ZBY= -github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= -github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= -github.com/hexops/valast v1.4.4 h1:rETyycw+/L2ZVJHHNxEBgh8KUn+87WugH9MxcEv9PGs= -github.com/hexops/valast v1.4.4/go.mod h1:Jcy1pNH7LNraVaAZDLyv21hHg2WBv9Nf9FL6fGxU7o4= -github.com/invopop/yaml v0.2.0 h1:7zky/qH+O0DwAyoobXUqvVBwgBFRxKoQ/3FjcVpjTMY= -github.com/invopop/yaml v0.2.0/go.mod h1:2XuRLgs/ouIrW3XNzuNj7J3Nvu/Dig5MXvbCEdiBN3Q= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= -github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= -github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -136,8 +58,6 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -145,36 +65,14 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= -github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= -github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= -github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= -github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= -github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= -github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= -github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= -github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= -github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= -github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= @@ -187,82 +85,53 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= -github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= -github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= github.com/veggiemonk/strcase v0.0.0-20230627213939-a882c834bcab h1:XFqIqepU0qLA2+oK9XEjZE4yuh33T4Mc/v4uurLBrSI= github.com/veggiemonk/strcase v0.0.0-20230627213939-a882c834bcab/go.mod h1:FhMPOXYKshhGzQYJHiD5+zsWaVMP2NGpi/HfPu14QPA= -github.com/volvo-cars/lingon v0.0.0-20230814121704-8832578d7bbf h1:I6lyZsl8gkM5L+5bOspOLMoE3GoGeW504oETFHlNPjk= -github.com/volvo-cars/lingon v0.0.0-20230814121704-8832578d7bbf/go.mod h1:DPIM+w2TT8BCQwcoHA7+8qv2ZUbNiSLe6ixsuntQDfE= -github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= -github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA= github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= github.com/zegl/kube-score v1.17.0 h1:vedzK0pm5yOb1ocm5gybMNYsJRG8iTAatbo3LFIWbUc= github.com/zegl/kube-score v1.17.0/go.mod h1:0pt4Lt36uTKPiCQbXQFow29eaAbgMLI9RoESjBoGSq0= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= -go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -280,17 +149,11 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= -gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= istio.io/api v1.19.0-beta.1 h1:KtCeYz4mUfE5e/A19l4XUzKTwQYNfxvitFmRLqHzMy0= istio.io/api v1.19.0-beta.1/go.mod h1:KstZe4bKbXouALUJ5PqpjNEhu5nj90HrDFitZfpNhlU= istio.io/client-go v1.18.1 h1:qSpKeJ0+3L9wAEfs30KaTWkifhz7YRmyXsOPnC+zMqk= @@ -307,8 +170,6 @@ k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -knative.dev/pkg v0.0.0-20230821102121-81e4ee140363 h1:TI2hMwTM5Bl+yaWu1gN5bXAHSvc+FtH9cqm3NzmDBtY= -knative.dev/pkg v0.0.0-20230821102121-81e4ee140363/go.mod h1:dA3TdhFTRm4KmmpvfknpGV43SbGNFkLHySjC8/+NczM= mvdan.cc/gofumpt v0.6.0 h1:G3QvahNDmpD+Aek/bNOLrFR2XC6ZAdo62dZu65gmwGo= mvdan.cc/gofumpt v0.6.0/go.mod h1:4L0wf+kgIPZtcCWXynNS2e6bhmj73umwnuXSZarixzA= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/docs/kubernetes/crd/out/app.go b/docs/kubernetes/crd/out/app.go index b27ed18..7305175 100644 --- a/docs/kubernetes/crd/out/app.go +++ b/docs/kubernetes/crd/out/app.go @@ -5,12 +5,10 @@ package team import ( "context" "errors" - "os" - "os/exec" - kube "github.com/golingon/lingon/pkg/kube" networkingv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1" - + "os" + "os/exec" secretsstorecsidriverapisv1 "sigs.k8s.io/secrets-store-csi-driver/apis/v1" ) @@ -29,8 +27,7 @@ type Team struct { func New() *Team { return &Team{ TeamGraphMicrosoftServiceEntry: TeamGraphMicrosoftServiceEntry, - TeamOnboardingAuthSecretProviderClass: TeamOnboardingAuthSecretProviderClass, - } + TeamOnboardingAuthSecretProviderClass: TeamOnboardingAuthSecretProviderClass} } // Apply applies the kubernetes objects to the cluster diff --git a/docs/kubernetes/crd/out/manifests/4_team_graph_microsoft_service_entry.yaml b/docs/kubernetes/crd/out/manifests/4_team_graph_microsoft_service_entry.yaml deleted file mode 100644 index 814fbb0..0000000 --- a/docs/kubernetes/crd/out/manifests/4_team_graph_microsoft_service_entry.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: networking.istio.io/v1beta1 -kind: ServiceEntry -metadata: - name: team-graph-microsoft - namespace: team-onboarding -spec: - exportTo: - - . - hosts: - - graph.microsoft.com - ports: - - name: https - number: 443 - protocol: HTTPS - resolution: DNS diff --git a/docs/kubernetes/crd/out/manifests/4_team_onboarding_auth_secret_provider_class.yaml b/docs/kubernetes/crd/out/manifests/4_team_onboarding_auth_secret_provider_class.yaml deleted file mode 100644 index 71789a8..0000000 --- a/docs/kubernetes/crd/out/manifests/4_team_onboarding_auth_secret_provider_class.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: secrets-store.csi.x-k8s.io/v1 -kind: SecretProviderClass -metadata: - name: team-onboarding-auth -spec: - parameters: - objects: |2+ - - - objectName: "xxx-gh-token" - secretPath: "team-onboarding-kv/data/github-xxx-bot" - secretKey: "token" - - objectName: "xxx-gh-username" - secretPath: "team-onboarding-kv/data/github-xxx-bot" - secretKey: "username" - - objectName: "harbor-username" - secretPath: "team-onboarding-kv/data/harbor" - secretKey: "username" - - objectName: "harbor-password" - secretPath: "team-onboarding-kv/data/harbor" - secretKey: "password" - - objectName: "sendgrid-api-key" - secretPath: "team-onboarding-kv/data/sendgrid-api-key" - secretKey: "token" - - objectName: "key-id" - secretPath: "team-onboarding-kv/data/lakefs-xxx-admin" - secretKey: "access-key-id" - - objectName: "secret-key" - secretPath: "team-onboarding-kv/data/lakefs-xxx-admin" - secretKey: "secret-access-key" - - objectName: "abk-vcc-test-xxx-xxx-gh-dev-token" - secretPath: "team-onboarding-kv/data/abk-vcc-test-xxx-bot" - secretKey: "token" - - objectName: "abk-vcc-test-xxx-gh-dev-username" - secretPath: "team-onboarding-kv/data/abk-vcc-test-xxx-bot" - secretKey: "username" - - objectName: "scim-auth-token" - secretPath: "team-onboarding-kv/data/scim-token" - secretKey: "token" - - objectName: "team-az-group-management-prod" - secretPath: "team-onboarding-kv/data/team-az-group-management-prod" - secretKey: "client-secret" - - objectName: "team-az-group-management-qa" - secretPath: "team-onboarding-kv/data/team-az-group-management-qa" - secretKey: "client-secret" - - roleName: team-onboarding-policy-read - vaultAddress: https://vault.secretstore.company.com - provider: vault - secretObjects: - - data: - - key: token - objectName: xxx-gh-token - - key: username - objectName: xxx-gh-username - secretName: github-auth - type: Opaque - - data: - - key: token - objectName: abk-vcc-test-xxx-xxx-gh-dev-token - - key: username - objectName: abk-vcc-test-xxx-gh-dev-username - secretName: github-abk-vcc-test-auth - type: Opaque - - data: - - key: token - objectName: scim-auth-token - secretName: scim-auth - type: Opaque - - data: - - key: username - objectName: harbor-username - - key: password - objectName: harbor-password - secretName: harbor-auth - type: Opaque - - data: - - key: access-key-id - objectName: key-id - - key: secret-access-key - objectName: secret-key - secretName: lakefs-auth - type: Opaque - - data: - - key: token - objectName: sendgrid-api-key - secretName: sendgrid-api-key - type: Opaque - - data: - - key: client-secret - objectName: team-az-group-management-prod - secretName: team-az-group-management-prod - type: Opaque - - data: - - key: client-secret - objectName: team-az-group-management-qa - secretName: team-az-group-management-qa - type: Opaque diff --git a/docs/kubernetes/crd/out/secret-provider-class.go b/docs/kubernetes/crd/out/secret-provider-class.go index efceae3..471d3a3 100644 --- a/docs/kubernetes/crd/out/secret-provider-class.go +++ b/docs/kubernetes/crd/out/secret-provider-class.go @@ -54,69 +54,69 @@ var TeamOnboardingAuthSecretProviderClass = &v1.SecretProviderClass{ "vaultAddress": "https://vault.secretstore.company.com", }, Provider: v1.Provider("vault"), - SecretObjects: []*v1.SecretObject{{ - Data: []*v1.SecretObjectData{{ + SecretObjects: []*v1.SecretObject{&v1.SecretObject{ + Data: []*v1.SecretObjectData{&v1.SecretObjectData{ Key: "token", ObjectName: "xxx-gh-token", - }, { + }, &v1.SecretObjectData{ Key: "username", ObjectName: "xxx-gh-username", }}, SecretName: "github-auth", Type: "Opaque", - }, { - Data: []*v1.SecretObjectData{{ + }, &v1.SecretObject{ + Data: []*v1.SecretObjectData{&v1.SecretObjectData{ Key: "token", ObjectName: "abk-vcc-test-xxx-xxx-gh-dev-token", - }, { + }, &v1.SecretObjectData{ Key: "username", ObjectName: "abk-vcc-test-xxx-gh-dev-username", }}, SecretName: "github-abk-vcc-test-auth", Type: "Opaque", - }, { - Data: []*v1.SecretObjectData{{ + }, &v1.SecretObject{ + Data: []*v1.SecretObjectData{&v1.SecretObjectData{ Key: "token", ObjectName: "scim-auth-token", }}, SecretName: "scim-auth", Type: "Opaque", - }, { - Data: []*v1.SecretObjectData{{ + }, &v1.SecretObject{ + Data: []*v1.SecretObjectData{&v1.SecretObjectData{ Key: "username", ObjectName: "harbor-username", - }, { + }, &v1.SecretObjectData{ Key: "password", ObjectName: "harbor-password", }}, SecretName: "harbor-auth", Type: "Opaque", - }, { - Data: []*v1.SecretObjectData{{ + }, &v1.SecretObject{ + Data: []*v1.SecretObjectData{&v1.SecretObjectData{ Key: "access-key-id", ObjectName: "key-id", - }, { + }, &v1.SecretObjectData{ Key: "secret-access-key", ObjectName: "secret-key", }}, SecretName: "lakefs-auth", Type: "Opaque", - }, { - Data: []*v1.SecretObjectData{{ + }, &v1.SecretObject{ + Data: []*v1.SecretObjectData{&v1.SecretObjectData{ Key: "token", ObjectName: "sendgrid-api-key", }}, SecretName: "sendgrid-api-key", Type: "Opaque", - }, { - Data: []*v1.SecretObjectData{{ + }, &v1.SecretObject{ + Data: []*v1.SecretObjectData{&v1.SecretObjectData{ Key: "client-secret", ObjectName: "team-az-group-management-prod", }}, SecretName: "team-az-group-management-prod", Type: "Opaque", - }, { - Data: []*v1.SecretObjectData{{ + }, &v1.SecretObject{ + Data: []*v1.SecretObjectData{&v1.SecretObjectData{ Key: "client-secret", ObjectName: "team-az-group-management-qa", }}, diff --git a/docs/kubernetes/crd/out/service-entry.go b/docs/kubernetes/crd/out/service-entry.go index de89dca..1a3a4d6 100644 --- a/docs/kubernetes/crd/out/service-entry.go +++ b/docs/kubernetes/crd/out/service-entry.go @@ -16,7 +16,7 @@ var TeamGraphMicrosoftServiceEntry = &v1beta1.ServiceEntry{ Spec: v1beta11.ServiceEntry{ ExportTo: []string{"."}, Hosts: []string{"graph.microsoft.com"}, - Ports: []*v1beta11.ServicePort{{ + Ports: []*v1beta11.ServicePort{&v1beta11.ServicePort{ Name: "https", Number: uint32(0x1bb), Protocol: "HTTPS", diff --git a/docs/platypus/.gitignore b/docs/platypus/.gitignore deleted file mode 100644 index 67bbaed..0000000 --- a/docs/platypus/.gitignore +++ /dev/null @@ -1,12 +0,0 @@ -.terriyaki -gen/ -out - -scripts/*.yaml -scripts/*.values -k8s - -dump/ -bin/ - -kubeconfig diff --git a/docs/platypus/cmd/platypus/cli.go b/docs/platypus/cmd/platypus/cli.go deleted file mode 100644 index 7e8894c..0000000 --- a/docs/platypus/cmd/platypus/cli.go +++ /dev/null @@ -1,428 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package main - -import ( - "context" - "flag" - "fmt" - "io" - "log/slog" - "os" - "os/exec" - - "github.com/golingon/lingon/docs/platypus/pkg/infra/awsvpc" - "github.com/golingon/lingon/docs/platypus/pkg/infra/cluster_eks" - "github.com/golingon/lingon/docs/platypus/pkg/platform/awsauth" - "github.com/golingon/lingon/docs/platypus/pkg/platform/grafana" - "github.com/golingon/lingon/docs/platypus/pkg/platform/karpenter" - "github.com/golingon/lingon/docs/platypus/pkg/terraclient" - - "github.com/golingon/lingon/pkg/terra" -) - -var ( - S = terra.String - N = terra.Number -) - -func main() { - var apply bool - var destroy bool - var plan bool - var migrate bool - flag.BoolVar( - &apply, - "apply", - false, - "Apply the terraform changes (default: false)", - ) - flag.BoolVar( - &destroy, - "destroy", - false, - "Destroy the terraform resources (default: false)", - ) - flag.BoolVar( - &plan, - "plan", - false, - "Plan the terraform changes (default: false)", - ) - flag.BoolVar( - &migrate, - "migrate", - false, - "Migrate Grafana (default: false)", - ) - flag.Parse() - - ap := AWSParams{ - BackendS3Key: "terriyaki-tf-experiment", - Region: "eu-north-1", - Profile: "vcc-cdds-prod-legacy", - } - p := runParams{ - Apply: apply, - Destroy: destroy, - Plan: plan, - Migrate: migrate, - AWSParams: ap, - KubeconfigPath: "kubeconfig", - ManifestPath: ".lingon/k8s", - ClusterParams: ClusterParams{ - Name: "platypus-1", - Version: "1.24", - ID: 1, - }, - TFLabels: map[string]string{ - "environment": "dev", - "terraform": "true", - }, - KLabels: map[string]string{ - "environment": "development", - }, - } - - if err := run(p); err != nil { - slog.Error("run", "err", err) - os.Exit(1) - } - slog.Info("done") -} - -type runParams struct { - AWSParams AWSParams - KubeconfigPath string - ManifestPath string - ClusterParams ClusterParams - TFLabels map[string]string - KLabels map[string]string - Apply bool - Destroy bool - Plan bool - Migrate bool -} -type AWSParams struct { - BackendS3Key string - Region string - Profile string -} -type ClusterParams struct { - Name string - Version string - ID int -} - -func run(p runParams) error { - slog.Info("run", "params", p) - ctx := context.Background() - uniqueName := p.ClusterParams.Name - vpcOpts := awsvpc.Opts{ - Name: uniqueName, - AZs: [3]string{ - "eu-north-1a", "eu-north-1b", "eu-north-1c", - }, - CIDR: "10.0.0.0/16", - PublicSubnetCIDRs: [3]string{ - "10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24", - }, - PrivateSubnetCIDRs: [3]string{ - "10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24", - }, - } - - tf := terraclient.NewClient( - terraclient.WithDefaultPlan(p.Plan), - terraclient.WithDefaultApply(p.Apply), - ) - - vpc := vpcStack{ - AWSStackConfig: newAWSStackConfig(uniqueName+"-vpc", p), - AWSVPC: *awsvpc.NewAWSVPC(vpcOpts), - } - - if err := tf.Run(ctx, &vpc); err != nil { - return fmt.Errorf("tfrun: handling vpc: %w", err) - } - if !vpc.IsStateComplete() { - slog.Info("VPC state not in sync, finishing here") - return finishAndDestroy(ctx, p, tf) - } - - vpcState := vpc.AWSVPC.VPC.StateMust() - privateSubnetIDs := [3]string{} - for i, subnet := range vpc.AWSVPC.PrivateSubnets { - privateSubnetIDs[i] = subnet.StateMust().Id - } - vpcID := vpcState.Id - eks := eksStack{ - AWSStackConfig: newAWSStackConfig(uniqueName+"-eks", p), - Cluster: *cluster_eks.NewEKSCluster( - cluster_eks.ClusterOpts{ - Name: p.ClusterParams.Name, - Version: p.ClusterParams.Version, - VPCID: vpcID, - PrivateSubnetIDs: privateSubnetIDs, - }, - ), - } - if err := tf.Run(ctx, &eks); err != nil { - return fmt.Errorf("tfrun: handling cluster: %w", err) - } - if !eks.IsStateComplete() { - slog.Info("EKS cluster state not in sync, finishing here") - return finishAndDestroy(ctx, p, tf) - } - - eksSGID := eks.SecurityGroup.StateMust().Id - eksState := eks.EKSCluster.StateMust() - oidcState := eks.IAMOIDCProvider.StateMust() - ks := karpenterStack{ - AWSStackConfig: newAWSStackConfig(uniqueName+"-karpenter", p), - Infra: karpenter.NewInfra( - karpenter.InfraOpts{ - Name: eksState.Name + "-karpenter", - ClusterName: eksState.Name, - ClusterARN: eksState.Arn, - PrivateSubnetIDs: privateSubnetIDs, - OIDCProviderArn: oidcState.Arn, - OIDCProviderURL: oidcState.Url, - }, - ), - } - if err := tf.Run(ctx, &ks); err != nil { - return fmt.Errorf("terraforming karpenter: %w", err) - } - if !ks.IsStateComplete() { - slog.Info( - "stack state not in sync", - slog.String("stack", ks.StackName()), - ) - return finishAndDestroy(ctx, p, tf) - } - - gmRDS, err := grafana.NewRDSPostgres( - grafana.RDSOpts{ - Name: uniqueName + "-grafana", - VPCID: vpcID, - EKSSGID: eksSGID, - PrivateSubnetIDs: privateSubnetIDs, - }, - ) - if err != nil { - return fmt.Errorf("creating grafana rds infra: %w", err) - } - gs := grafanaStack{ - AWSStackConfig: newAWSStackConfig(uniqueName+"-grafana", p), - RDSPostgres: gmRDS, - } - if err := tf.Run(ctx, &gs); err != nil { - return fmt.Errorf("terraforming grafana: %w", err) - } - if !gs.IsStateComplete() { - slog.Info( - "stack state not in sync", - slog.String("stack", gs.StackName()), - ) - return finishAndDestroy(ctx, p, tf) - } - - slog.Info("getting kubeconfig from aws") - if err := kubeconfigFromAWSCmd( - ctx, - p.AWSParams.Profile, - p.ClusterParams.Name, - p.AWSParams.Region, - p.KubeconfigPath, - ); err != nil { - return fmt.Errorf("kubeconfig from aws: %w", err) - } - - k, err := NewClient( - WithClientKubeconfig(p.KubeconfigPath), - WithClientContext(p.ClusterParams.Name), - ) - if err != nil { - return fmt.Errorf("creating kubectl: %w", err) - } - - clusterName := eks.EKSCluster.StateMust().Name - clusterEndpoint := eks.EKSCluster.StateMust().Endpoint - controllerIAMRoleArn := ks.Controller.Role.StateMust().Arn - defaultInstanceProfile := ks.InstanceProfile.InstanceProfile.StateMust().Name - interruptQueueName := ks.SimpleQueue.StateMust().Name - kap := karpenter.New( - karpenter.Opts{ - ClusterName: clusterName, - ClusterEndpoint: clusterEndpoint, - IAMRoleArn: controllerIAMRoleArn, - DefaultInstanceProfile: defaultInstanceProfile, - InterruptQueue: interruptQueueName, - }, - ) - if err := k.Apply(ctx, kap); err != nil { - return fmt.Errorf("applying karpenter app: %w", err) - } - // Wait for Karpenter to start before applying CRDs otherwise the webhooks - // fail - objID := fmt.Sprintf( - "%s/%s", - kap.Deploy.TypeMeta.GetObjectKind(). - GroupVersionKind(). - GroupKind(). - String(), - kap.Deploy.ObjectMeta.Name, - ) - timeout := "5m" - slog.Info( - "waiting for karpenter deployment", - slog.String("timeout", timeout), - ) - if err := k.Cmd( - ctx, "wait", "--namespace", kap.Deploy.Namespace, objID, - "--for=condition=available", - // Could take a while for the Fargate nodes to become available. - // Usually it happens within 2 minutes, but just to be sure... - "--timeout="+timeout, - ); err != nil { - return fmt.Errorf("waiting for karpenter deployment: %w", err) - } - kapProvisioners := karpenter.NewProvisioners( - karpenter.ProvisionersOpts{ - ClusterName: clusterName, - AvailabilityZones: vpcOpts.AZs, - }, - ) - if err := k.Apply(ctx, &kapProvisioners); err != nil { - return fmt.Errorf("applying karpenter provisioners app: %w", err) - } - - db := gs.RDSPostgres.Postgres.StateMust() - - graf := grafana.New( - grafana.AppOpts{ - Name: grafana.AppName, - Version: grafana.Version, - Env: "prod", - }, - grafana.KubeOpts{ - PostgresHost: db.Address, - PostgresDBName: db.DbName, - PostgresUser: db.Username, - PostgresPassword: db.Password, - }, - ) - if err := k.Apply(ctx, graf); err != nil { - return fmt.Errorf("applying grafana app: %w", err) - } - - kmNodeRoleARN := ks.InstanceProfile.IAMRole.StateMust().Arn - kmFargateRoleARN := ks.FargateProfile.IAMRole.StateMust().Arn - // Apply the aws-auth configmap - awsAuth, err := awsauth.NewConfigMap( - &awsauth.Data{ - MapRoles: karpenter.AWSAuthMapRoles( - kmNodeRoleARN, - kmFargateRoleARN, - ), - }, - ) - if err != nil { - return fmt.Errorf("creating aws-auth configmap: %w", err) - } - if err := k.Apply( - ctx, - awsAuth, - // Required to become owner - WithApplyForceConflicts(true), - ); err != nil { - return fmt.Errorf("applying aws-auth: %w", err) - } - - if p.Migrate { - if err := migrateGrafana(ctx, p, tf, vpc, eks, gs); err != nil { - slog.Error("migrate grafana", err) - os.Exit(1) - } - } - - // This needs to come last, in case state is in sync but destroy flag was - // passed - if p.Destroy { - return finishAndDestroy(ctx, p, tf) - } - - fmt.Printf("\nTerriyaki Summary:\n") - for _, mod := range tf.Stacks() { - diff := "no plan" - if plan := mod.Plan(); plan != nil { - diff = fmt.Sprintf( - "add: %d, destroy: %d", - len(plan.AddResources), len(plan.DestroyResources), - ) - } - fmt.Printf( - "%s: resources: %s\n", - mod.StackName(), - diff, - ) - } - fmt.Println("") - fmt.Println("") - - return nil -} - -func kubectl( - ctx context.Context, - stdout io.Writer, - stderr io.Writer, - args ...string, -) error { - cmd := exec.CommandContext(ctx, "kubectl", args...) - cmd.Env = os.Environ() // inherit environment in case we need to use kubectl from a container - - cmd.Stdout = stdout - cmd.Stderr = stderr - - if err := cmd.Start(); err != nil { - return err - } - - // waits for the command to exit and waits for any copying - // to stdin or copying from stdout or stderr to complete - return cmd.Wait() -} - -func installCilium( - ctx context.Context, - co ClusterParams, - kubeconfigPath string, -) error { - cmd := exec.CommandContext( - ctx, "cilium", "install", - "--context", co.Name, - "--cluster-name", co.Name, - "--cluster-id", fmt.Sprintf("%d", co.ID), - "--helm-set", "kubeProxyReplacement=strict", - "--datapath-mode=aws-eni", - "--version=v1.12.5", - "--wait-duration=5m0s", - "--wait", - ) - path := os.Getenv("PATH") - cmd.Env = append(cmd.Env, fmt.Sprintf("KUBECONFIG=%s", kubeconfigPath)) - cmd.Env = append(cmd.Env, fmt.Sprintf("PATH=%s", path)) - - fmt.Printf("%+v\n", cmd.Env) - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - - if err := cmd.Start(); err != nil { - return err - } - - return cmd.Wait() -} diff --git a/docs/platypus/cmd/platypus/destroy.go b/docs/platypus/cmd/platypus/destroy.go deleted file mode 100644 index d944441..0000000 --- a/docs/platypus/cmd/platypus/destroy.go +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package main - -import ( - "context" - "fmt" - "log/slog" - - "github.com/golingon/lingon/docs/platypus/pkg/terraclient" -) - -func finishAndDestroy( - ctx context.Context, p runParams, - runner *terraclient.Client, -) error { - if !p.Destroy { - return nil - } - stacks := runner.Stacks() - // Iterate in reverse - for i := len(stacks) - 1; i >= 0; i-- { - stack := stacks[i] - if err := runner.Run( - ctx, stack, - terraclient.WithRunDestroy(p.Destroy), - terraclient.WithRunPlan(true), - terraclient.WithRunApply(true), - ); err != nil { - return fmt.Errorf( - "destroying %s: %w", - stack.StackName(), err, - ) - } - } - slog.Info("EVERYTHING DESTROYED!!") - return nil -} diff --git a/docs/platypus/cmd/platypus/kubectl.go b/docs/platypus/cmd/platypus/kubectl.go deleted file mode 100644 index 6020266..0000000 --- a/docs/platypus/cmd/platypus/kubectl.go +++ /dev/null @@ -1,239 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package main - -import ( - "bytes" - "context" - "fmt" - "io" - "log" - "log/slog" - "os" - "os/exec" - - "github.com/golingon/lingon/pkg/kube" -) - -func Kubectl( - ctx context.Context, - out io.Writer, - errw io.Writer, - args ...string, -) error { - slog.Info("kubectl", slog.Any("args", args)) - cmd := exec.CommandContext(ctx, "kubectl", args...) - - cmd.Env = os.Environ() - - cmd.Stdin = os.Stdin - cmd.Stdout = out - cmd.Stderr = errw - - err := cmd.Start() - if err != nil { - return err - } - // waits for the command to exit and waits for any copying - // to stdin or copying from stdout or stderr to complete - return cmd.Wait() -} - -func WithClientKubeconfig(kubeconfig string) func(o *clientOpts) { - return func(o *clientOpts) { - o.kubeconfig = kubeconfig - } -} - -func WithClientContext(context string) func(o *clientOpts) { - return func(o *clientOpts) { - o.context = context - } -} - -type clientOpts struct { - kubeconfig string - context string -} - -func NewClient(optParams ...func(o *clientOpts)) (*Client, error) { - opts := clientOpts{} - for _, opt := range optParams { - opt(&opts) - } - // TODO: do we want to get kubeconfig/context from env vars? - if opts.kubeconfig == "" { - return nil, fmt.Errorf("kubeconfig required") - } - if opts.context == "" { - return nil, fmt.Errorf("context required") - } - // TODO: can we validate the context and the kubeconfig? - - return &Client{ - opts: opts, - }, nil -} - -// Client rerepsents a kubectl client setup to communicate with a single -// Kubernetes cluster -type Client struct { - opts clientOpts -} - -func WithApplyForceConflicts(b bool) func(o *applyOpts) { - return func(o *applyOpts) { - o.forceConflicts = b - } -} - -type applyOpts struct { - forceConflicts bool -} - -// Apply performs a kubectl apply for the given manifest -func (k *Client) Apply( - ctx context.Context, - km kube.Exporter, - opts ...func(o *applyOpts), -) error { - ao := applyOpts{} - for _, opt := range opts { - opt(&ao) - } - - args := k.baseArgs() - args = append( - args, - "apply", - "--server-side=true", - "-f", - "-", - ) - - if ao.forceConflicts { - args = append(args, "--force-conflicts") - } - - cmd := exec.CommandContext( - ctx, - "kubectl", - args..., - ) - cmd.Env = os.Environ() // inherit environment in case we need to use kubectl from a container - stdin, err := cmd.StdinPipe() // pipe to pass data to kubectl - if err != nil { - log.Fatal(err) - } - - go func() { - defer stdin.Close() - var buf bytes.Buffer - if err := kube.Export( - km, - kube.WithExportWriter(&buf), - kube.WithExportAsSingleFile("karpenter.yaml"), - ); err != nil { - log.Fatal("export", err) - } - log.Printf("kubectl apply: %s", buf.String()) - if _, err := io.Copy(stdin, &buf); err != nil { - log.Fatal("copy", err) - } - }() - - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - - if err := cmd.Start(); err != nil { - return err - } - // waits for the command to exit and waits for any copying - // to stdin or copying from stdout or stderr to complete - return cmd.Wait() -} - -// Diff performs a kubectl diff to see if the manifests have changed -func (k *Client) Diff(ctx context.Context, km kube.Exporter) error { - args := k.baseArgs() - args = append( - args, - "diff", - "--server-side=true", - "-f", - "-", - ) - cmd := exec.CommandContext( - ctx, - "kubectl", - args..., - ) - cmd.Env = os.Environ() // inherit environment in case we need to use kubectl from a container - stdin, err := cmd.StdinPipe() // pipe to pass data to kubectl - if err != nil { - log.Fatal(err) - } - - if err := kube.Export( - km, - kube.WithExportOutputDirectory("karpenter"), - ); err != nil { - return err - } - - go func() { - defer stdin.Close() - if err := kube.Export( - km, - kube.WithExportWriter(stdin), - kube.WithExportAsSingleFile("stdin"), - ); err != nil { - log.Fatal(err) - } - }() - - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - - if err := cmd.Start(); err != nil { - return err - } - // waits for the command to exit and waits for any copying - // to stdin or copying from stdout or stderr to complete - return cmd.Wait() -} - -func (k *Client) Cmd( - ctx context.Context, - args ...string, -) error { - baseArgs := []string{ - "--kubeconfig", k.opts.kubeconfig, "--context", k.opts.context, - } - cmd := exec.CommandContext( - ctx, - "kubectl", - append(baseArgs, args...)..., - ) - cmd.Env = os.Environ() // inherit environment in case we need to use kubectl from a container - - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - - if err := cmd.Start(); err != nil { - return err - } - // waits for the command to exit and waits for any copying - // to stdin or copying from stdout or stderr to complete - return cmd.Wait() -} - -func (k *Client) baseArgs() []string { - return []string{ - "--kubeconfig", - k.opts.kubeconfig, - "--context", - k.opts.context, - } -} diff --git a/docs/platypus/cmd/platypus/migrate.go b/docs/platypus/cmd/platypus/migrate.go deleted file mode 100644 index 61b1d2d..0000000 --- a/docs/platypus/cmd/platypus/migrate.go +++ /dev/null @@ -1,114 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package main - -import ( - "context" - "fmt" - "log/slog" - - "github.com/golingon/lingon/docs/platypus/pkg/platform/grafana" - "github.com/golingon/lingon/docs/platypus/pkg/terraclient" - aws "github.com/golingon/terraproviders/aws/4.60.0" - - "github.com/golingon/lingon/pkg/terra" -) - -func migrateGrafana( - ctx context.Context, - p runParams, - tf *terraclient.Client, - vpcProd vpcStack, - eksProd eksStack, - grafanaProd grafanaStack, -) error { - // E.g. some PR - env := "test-pr-12345" - uniqueName := p.ClusterParams.Name + "-" + env - - vpcState := vpcProd.VPC.StateMust() - dbState := grafanaProd.Postgres.StateMust() - sgState := eksProd.SecurityGroup.StateMust() - privateSubnetIDs := [3]string{ - vpcProd.PrivateSubnets[0].StateMust().Id, - vpcProd.PrivateSubnets[1].StateMust().Id, - vpcProd.PrivateSubnets[2].StateMust().Id, - } - - snapshot := rdsSnapshotStack{ - AWSStackConfig: newAWSStackConfig(uniqueName+"-grafana-snapshot", p), - Snapshot: aws.NewDbSnapshot( - "grafana", aws.DbSnapshotArgs{ - DbInstanceIdentifier: terra.String(dbState.Identifier), - DbSnapshotIdentifier: terra.String(uniqueName + "-grafana"), - }, - ), - } - - if err := tf.Run(ctx, &snapshot); err != nil { - return fmt.Errorf("handling snapshot: %w", err) - } - - if !snapshot.IsStateComplete() { - slog.Info("snapshot not sync'd") - return nil - } - - snapshotID := snapshot.Snapshot.StateMust().Id - // - // Create new Grafana instance - // - gmRDS, err := grafana.NewRDSPostgres( - grafana.RDSOpts{ - Name: uniqueName + "-grafana", - VPCID: vpcState.Id, - EKSSGID: sgState.Id, - PrivateSubnetIDs: privateSubnetIDs, - SnapshotID: snapshotID, - }, - ) - if err != nil { - return fmt.Errorf("creating grafana rds infra: %w", err) - } - gm := grafanaStack{ - AWSStackConfig: newAWSStackConfig(uniqueName+"-grafana", p), - RDSPostgres: gmRDS, - } - if err := tf.Run(ctx, &gm); err != nil { - return fmt.Errorf("handling grafana: %w", err) - } - if !gm.IsStateComplete() { - slog.Info("grafana not sync'd") - return nil - } - // return nil - - k, err := NewClient( - WithClientKubeconfig(p.KubeconfigPath), - WithClientContext(p.ClusterParams.Name), - ) - if err != nil { - return fmt.Errorf("creating kubectl client: %w", err) - } - - db := gm.RDSPostgres.Postgres.StateMust() - graf := grafana.New( - grafana.AppOpts{ - Name: uniqueName + "-grafana", - Version: "9.3.8", - Env: env, - }, - grafana.KubeOpts{ - PostgresHost: db.Address, - PostgresDBName: db.DbName, - PostgresUser: db.Username, - PostgresPassword: db.Password, - }, - ) - if err := k.Apply(ctx, graf); err != nil { - return fmt.Errorf("applying grafana app: %w", err) - } - - return nil -} diff --git a/docs/platypus/cmd/platypus/stacks.go b/docs/platypus/cmd/platypus/stacks.go deleted file mode 100644 index f83e2ea..0000000 --- a/docs/platypus/cmd/platypus/stacks.go +++ /dev/null @@ -1,135 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package main - -import ( - "context" - "os" - "os/exec" - - "github.com/golingon/lingon/docs/platypus/pkg/infra/awsvpc" - "github.com/golingon/lingon/docs/platypus/pkg/infra/cluster_eks" - "github.com/golingon/lingon/docs/platypus/pkg/platform/grafana" - "github.com/golingon/lingon/docs/platypus/pkg/platform/karpenter" - "github.com/golingon/lingon/docs/platypus/pkg/terraclient" - aws "github.com/golingon/terraproviders/aws/4.60.0" - "github.com/golingon/terraproviders/aws/4.60.0/provider" - - "github.com/golingon/lingon/pkg/terra" -) - -func newAWSStackConfig(name string, p runParams) AWSStackConfig { - return AWSStackConfig{ - Stack: terraclient.Stack{ - Name: name, - }, - Backend: newBackend(p.AWSParams, name), - Provider: newProv(p.AWSParams, p.TFLabels), - } -} - -type AWSStackConfig struct { - terraclient.Stack - Backend *backendS3 `validate:"required"` - Provider *aws.Provider `validate:"required"` -} - -type vpcStack struct { - AWSStackConfig - awsvpc.AWSVPC -} - -type eksStack struct { - AWSStackConfig - cluster_eks.Cluster -} - -type rdsSnapshotStack struct { - AWSStackConfig - Snapshot *aws.DbSnapshot `validate:"required"` -} - -type grafanaStack struct { - AWSStackConfig - grafana.RDSPostgres -} - -type karpenterStack struct { - AWSStackConfig - karpenter.Infra -} - -func newBackend(p AWSParams, stateFile string) *backendS3 { - return &backendS3{ - Bucket: p.BackendS3Key, - Key: stateFile, - Profile: p.Profile, - Region: p.Region, - } -} - -var _ terra.Backend = (*backendS3)(nil) - -type backendS3 struct { - Bucket string `hcl:"bucket"` - Key string `hcl:"key"` - Profile string `hcl:"profile"` - Region string `hcl:"region"` -} - -func (b *backendS3) BackendType() string { - return "s3" -} - -func newProv(p AWSParams, labels map[string]string) *aws.Provider { - l := make(map[string]terra.StringValue, len(labels)) - for k, v := range labels { - l[k] = S(v) - } - - return aws.NewProvider( - aws.ProviderArgs{ - Profile: S(p.Profile), - Region: S(p.Region), - DefaultTags: []provider.DefaultTags{ - { - Tags: terra.Map(l), - }, - }, - }, - ) -} - -func kubeconfigFromAWSCmd( - ctx context.Context, - profile string, - clusterName, region string, - kubeconfigPath string, -) error { - cmd := exec.CommandContext( - ctx, - "aws", - "--profile", - profile, - "eks", - "update-kubeconfig", - "--name", - clusterName, - "--kubeconfig", - kubeconfigPath, - "--alias", - clusterName, - "--region", - region, - ) - - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - - if err := cmd.Start(); err != nil { - return err - } - - return cmd.Wait() -} diff --git a/docs/platypus/hack/gen.go b/docs/platypus/hack/gen.go deleted file mode 100644 index 7d6bd35..0000000 --- a/docs/platypus/hack/gen.go +++ /dev/null @@ -1,7 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package main - -//go:generate go run -mod=readonly github.com/golingon/lingon/cmd/terragen -out ../gen/providers/aws -pkg github.com/golingon/lingon/docs/platypus/gen/providers/aws -force -provider aws=hashicorp/aws:4.49.0 -//go:generate go run -mod=readonly github.com/golingon/lingon/cmd/terragen -out ../gen/providers/tls -pkg github.com/golingon/lingon/docs/platypus/gen/providers/tls -force -provider tls=hashicorp/tls:4.0.4 diff --git a/docs/platypus/pkg/infra/awsvpc/vpc.go b/docs/platypus/pkg/infra/awsvpc/vpc.go deleted file mode 100644 index e8457c0..0000000 --- a/docs/platypus/pkg/infra/awsvpc/vpc.go +++ /dev/null @@ -1,279 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package awsvpc - -import ( - "fmt" - - aws "github.com/golingon/terraproviders/aws/4.60.0" - - "github.com/golingon/lingon/pkg/terra" -) - -var ( - S = terra.String - N = terra.Number - B = terra.Bool - Anywhere = S("0.0.0.0/0") -) - -type Opts struct { - Name string - AZs [3]string - CIDR string - PublicSubnetCIDRs [3]string - PrivateSubnetCIDRs [3]string - CommonTags map[string]string -} - -type AWSVPC struct { - VPC *aws.Vpc `validate:"required"` - - PublicSubnets [3]*aws.Subnet `validate:"required,dive,required"` - PublicRT *aws.RouteTable `validate:"required"` - PublicRoute *aws.Route `validate:"required"` - PublicRTAssocs [3]*aws.RouteTableAssociation `validate:"required,dive,required"` - - PrivateSubnets [3]*aws.Subnet `validate:"required,dive,required"` - PrivateRTs [3]*aws.RouteTable `validate:"required,dive,required"` - PrivateRoutes [3]*aws.Route `validate:"required,dive,required"` - PrivateRTAssocs [3]*aws.RouteTableAssociation `validate:"required,dive,required"` - - InternetGateway *aws.InternetGateway `validate:"required"` - EIPNat [3]*aws.Eip `validate:"required,dive,required"` - NatGateways [3]*aws.NatGateway `validate:"required,dive,required"` -} - -const ( - TagManagedBy = "ManagedBy" - TagManagedByValue = "Lingon" - // TagName human-readable resource name. Note that the AWS Console UI - // displays the case-sensitive "Name" tag. - TagName = "Name" - // TagAppID is a tag specifying the application identifier, application - // using the resource. - TagAppID = "app-id" - // TagAppRole is a tag specifying the resource's technical function, e.g. - // webserver, database, etc. - TagAppRole = "app-role" - // TagPurpose is a tag specifying the resource's business purpose, e.g. - // "frontend ui", "payment processor", etc. - TagPurpose = "purpose" - // TagEnv is a tag specifying the environment. - TagEnv = "environment" - // TagProject is a tag specifying the project. - TagProject = "project" - // TagOwner is a tag specifying the person of contact. - TagOwner = "owner" - // TagCostCenter is a tag specifying the cost center that will receive the - // bill. - TagCostCenter = "cost-center" - // TagAutomationExclude is a tag specifying if the resource should be - // excluded from automation. - // Value: true/false - TagAutomationExclude = "automation-exclude" - // TagPII is a tag specifying if the resource contains Personally - // Identifiable Information. - // Value: true/false - TagPII = "pii" -) - -func stags(ss ...string) terra.MapValue[terra.StringValue] { - sv := make(map[string]terra.StringValue, 0) - for i := 0; i < len(ss); i += 2 { - if i+1 >= len(ss) { - panic("odd number of strings") - } - sv[ss[i]] = S(ss[i+1]) - } - sv[TagManagedBy] = S(TagManagedByValue) - - return terra.Map(sv) -} - -func ttags(m map[string]string) terra.MapValue[terra.StringValue] { - sv := make(map[string]terra.StringValue, 0) - for k, v := range m { - sv[k] = S(v) - } - sv[TagManagedBy] = S(TagManagedByValue) - return terra.Map(sv) -} - -func mergeTags(m ...map[string]string) terra.MapValue[terra.StringValue] { - sv := make(map[string]terra.StringValue, 0) - for _, mm := range m { - for k, v := range mm { - sv[k] = S(v) - } - } - sv[TagManagedBy] = S(TagManagedByValue) - return terra.Map(sv) -} - -func mergeSTags( - m map[string]string, - ss ...string, -) terra.MapValue[terra.StringValue] { - sv := make(map[string]terra.StringValue, 0) - for k, v := range m { - sv[k] = S(v) - } - for i := 0; i < len(ss); i += 2 { - if i+1 >= len(ss) { - sv[ss[i]] = S("") - break - } - sv[ss[i]] = S(ss[i+1]) - } - sv[TagManagedBy] = S(TagManagedByValue) - return terra.Map(sv) -} - -func NewAWSVPC(opts Opts) *AWSVPC { - name := opts.Name - - tags := func(name string, tags ...string) terra.MapValue[terra.StringValue] { - ss := []string{TagName, name} - ss = append(ss, tags...) - return mergeSTags(opts.CommonTags, ss...) - } - - vpc := aws.NewVpc( - name, aws.VpcArgs{ - CidrBlock: S(opts.CIDR), - // Tags: ttags(map[string]string{TagName: opts.Name}), - InstanceTenancy: S("default"), - EnableDnsSupport: B(true), - Tags: tags(opts.Name), - }, - ) - - igw := aws.NewInternetGateway( - name, aws.InternetGatewayArgs{ - VpcId: vpc.Attributes().Id(), - Tags: tags(name + "-igw"), - }, - ) - - eipNats := [3]*aws.Eip{} - for i := 0; i < 3; i++ { - eipNats[i] = aws.NewEip( - fmt.Sprintf("nats_%d", i), aws.EipArgs{ - Vpc: B(true), - Tags: tags("nat-" + opts.AZs[i]), - }, - ) - } - - publicSubnets := [3]*aws.Subnet{} - for i := 0; i < 3; i++ { - publicSubnets[i] = aws.NewSubnet( - fmt.Sprintf("public_%d", i), aws.SubnetArgs{ - VpcId: vpc.Attributes().Id(), - AvailabilityZone: S(opts.AZs[i]), - CidrBlock: S(opts.PublicSubnetCIDRs[i]), - MapPublicIpOnLaunch: terra.Bool(true), - Tags: tags(name + "-public"), - }, - ) - } - - publicRT := aws.NewRouteTable( - "public", aws.RouteTableArgs{ - VpcId: vpc.Attributes().Id(), - Tags: tags(name + "-public"), - }, - ) - publicRoute := aws.NewRoute( - "public", aws.RouteArgs{ - DestinationCidrBlock: Anywhere, - RouteTableId: publicRT.Attributes().Id(), - GatewayId: igw.Attributes().Id(), - }, - ) - - pubRTAssocs := [3]*aws.RouteTableAssociation{} - for i := 0; i < 3; i++ { - pubRTAssocs[i] = aws.NewRouteTableAssociation( - fmt.Sprintf("public_%d", i), aws.RouteTableAssociationArgs{ - SubnetId: publicSubnets[i].Attributes().Id(), - RouteTableId: publicRT.Attributes().Id(), - }, - ) - } - - natGateways := [3]*aws.NatGateway{} - for i := 0; i < 3; i++ { - ng := aws.NewNatGateway( - fmt.Sprintf("nat_gateway_%d", i), aws.NatGatewayArgs{ - SubnetId: publicSubnets[i].Attributes().Id(), - AllocationId: eipNats[i].Attributes().Id(), - Tags: tags(fmt.Sprintf("ng-%d", i)), - }, - ) - ng.DependsOn = terra.DependsOn(igw) - natGateways[i] = ng - } - - privateSubnets := [3]*aws.Subnet{} - for i := 0; i < 3; i++ { - privateSubnets[i] = aws.NewSubnet( - fmt.Sprintf("private_%d", i), aws.SubnetArgs{ - VpcId: vpc.Attributes().Id(), - AvailabilityZone: S(opts.AZs[i]), - CidrBlock: S(opts.PrivateSubnetCIDRs[i]), - Tags: mergeSTags(opts.CommonTags, - TagName, name+"-private", - "karpenter.sh/discovery", "platypus-1", - ), - }, - ) - } - - privateRTs := [3]*aws.RouteTable{} - for i := 0; i < 3; i++ { - privateRTs[i] = aws.NewRouteTable( - fmt.Sprintf("private_%d", i), aws.RouteTableArgs{ - VpcId: vpc.Attributes().Id(), - Tags: tags(fmt.Sprintf("platypus-private-%d", i)), - }, - ) - } - privateRoutes := [3]*aws.Route{} - for i := 0; i < 3; i++ { - privateRoutes[i] = aws.NewRoute( - fmt.Sprintf("private_%d", i), aws.RouteArgs{ - RouteTableId: privateRTs[i].Attributes().Id(), - DestinationCidrBlock: Anywhere, - NatGatewayId: natGateways[i].Attributes().Id(), - }, - ) - } - - privateRTAssocs := [3]*aws.RouteTableAssociation{} - for i := 0; i < 3; i++ { - privateRTAssocs[i] = aws.NewRouteTableAssociation( - fmt.Sprintf("private_%d", i), aws.RouteTableAssociationArgs{ - SubnetId: privateSubnets[i].Attributes().Id(), - RouteTableId: privateRTs[i].Attributes().Id(), - }, - ) - } - return &AWSVPC{ - VPC: vpc, - InternetGateway: igw, - EIPNat: eipNats, - PublicSubnets: publicSubnets, - PublicRT: publicRT, - PublicRoute: publicRoute, - PublicRTAssocs: pubRTAssocs, - - NatGateways: natGateways, - PrivateSubnets: privateSubnets, - PrivateRTs: privateRTs, - PrivateRoutes: privateRoutes, - PrivateRTAssocs: privateRTAssocs, - } -} diff --git a/docs/platypus/pkg/infra/cluster_eks/eks.go b/docs/platypus/pkg/infra/cluster_eks/eks.go deleted file mode 100644 index ab76d93..0000000 --- a/docs/platypus/pkg/infra/cluster_eks/eks.go +++ /dev/null @@ -1,203 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cluster_eks - -import ( - "fmt" - - "github.com/golingon/lingon/pkg/terra" - aws "github.com/golingon/terraproviders/aws/4.60.0" - "github.com/golingon/terraproviders/aws/4.60.0/dataiampolicydocument" - "github.com/golingon/terraproviders/aws/4.60.0/ekscluster" - tls "github.com/golingon/terraproviders/tls/4.0.4" -) - -var ( - S = terra.String - N = terra.Number -) - -var ( - arnClusterPolicy = S( - "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - ) - arnVPCResourceController = S( - "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", - ) - PORT_HTTPS = N(443) - PORT_DNS = N(53) - PROTOCOL_TCP = S("tcp") - INGRESS = S("ingress") - EGRESS = S("egress") -) - -type ClusterOpts struct { - Name string - Version string - VPCID string - PrivateSubnetIDs [3]string -} - -type Cluster struct { - EKSCluster *aws.EksCluster `validate:"required"` - IAMPolicyDocument *aws.DataIamPolicyDocument `validate:"required"` - IAMRole *aws.IamRole `validate:"required"` - IAMRoleClusterPolicy *aws.IamRolePolicyAttachment `validate:"required"` - IAMRoleVPCController *aws.IamRolePolicyAttachment `validate:"required"` - // SecurityGroup is the AWS security group for both the EKS control plane - // and worker nodes - SecurityGroup *aws.SecurityGroup `validate:"required"` - IngressAllowAll *aws.SecurityGroupRule `validate:"required"` - EgressAllowAll *aws.SecurityGroupRule `validate:"required"` - - TLSCert *tls.DataCertificate `validate:"required"` - IAMOIDCProvider *aws.IamOpenidConnectProvider `validate:"required"` -} - -func NewEKSCluster(opts ClusterOpts) *Cluster { - sg := aws.NewSecurityGroup( - "eks", aws.SecurityGroupArgs{ - Name: S("eks-" + opts.Name), - Description: S( - fmt.Sprintf( - "Main security group for EKS cluster %s", opts.Name, - ), - ), - VpcId: S(opts.VPCID), - Tags: terra.Map( - map[string]terra.StringValue{ - "karpenter.sh/discovery": S("platypus-1"), - }, - ), - }, - ) - - sgAttrs := sg.Attributes() - - ingressAllowAll := aws.NewSecurityGroupRule( - "eks", aws.SecurityGroupRuleArgs{ - SecurityGroupId: sgAttrs.Id(), - SourceSecurityGroupId: sgAttrs.Id(), - Description: S( - "Allow all for EKS control plane and managed worker nodes", - ), - Protocol: S("-1"), - FromPort: N(0), - ToPort: N(0), - Type: INGRESS, - }, - ) - egressAllowAll := aws.NewSecurityGroupRule( - "node_egress_all", aws.SecurityGroupRuleArgs{ - SecurityGroupId: sgAttrs.Id(), - Description: S("Allow all egress"), - Protocol: S("-1"), - FromPort: N(0), - ToPort: N(0), - Type: EGRESS, - CidrBlocks: terra.List(S("0.0.0.0/0")), - }, - ) - - iamPolicyDocument := aws.NewDataIamPolicyDocument( - "eks", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ - { - Sid: S("EKSClusterAssumeRole"), - Actions: terra.Set(S("sts:AssumeRole")), - Principals: []dataiampolicydocument.Principals{ - { - Type: S("Service"), - Identifiers: terra.Set(S("eks.amazonaws.com")), - }, - }, - }, - }, - }, - ) - iamRole := aws.NewIamRole( - "eks", aws.IamRoleArgs{ - Name: S("eks-" + opts.Name), - AssumeRolePolicy: iamPolicyDocument.Attributes().Json(), - }, - ) - clusterPolicy := aws.NewIamRolePolicyAttachment( - "cluster_policy", aws.IamRolePolicyAttachmentArgs{ - PolicyArn: arnClusterPolicy, - Role: iamRole.Attributes().Name(), - }, - ) - vpcController := aws.NewIamRolePolicyAttachment( - "vpc_controller", aws.IamRolePolicyAttachmentArgs{ - PolicyArn: arnVPCResourceController, - Role: iamRole.Attributes().Name(), - }, - ) - - eksCluster := aws.NewEksCluster( - "eks", aws.EksClusterArgs{ - Name: S(opts.Name), - RoleArn: iamRole.Attributes().Arn(), - VpcConfig: &ekscluster.VpcConfig{ - SecurityGroupIds: terra.Set(sgAttrs.Id()), - SubnetIds: terra.SetString(opts.PrivateSubnetIDs[:]...), - }, - Version: S(opts.Version), - }, - ) - eksCluster.DependsOn = terra.DependsOn( - sg, - iamRole, - clusterPolicy, - vpcController, - ) - // How to add lifecycle to platform_version - // eksCluster.Lifecycle = &terra.Lifecycle{ - // IgnoreChanges: terra.IgnoreChanges( - // eksCluster.Attributes().PlatformVersion(), - // ), - // } - - tlsCert := tls.NewDataCertificate( - "eks", tls.DataCertificateArgs{ - Url: eksCluster.Attributes(). - Identity(). - Index(0). - Oidc(). - Index(0). - Issuer(), - }, - ) - iamOIDCProvider := aws.NewIamOpenidConnectProvider( - "eks", aws.IamOpenidConnectProviderArgs{ - ClientIdList: terra.List(terra.String("sts.amazonaws.com")), - ThumbprintList: terra.CastAsList( - tlsCert.Attributes(). - Certificates(). - Splat().Sha1Fingerprint(), - ), - Url: eksCluster.Attributes(). - Identity(). - Index(0). - Oidc(). - Index(0). - Issuer(), - }, - ) - - return &Cluster{ - EKSCluster: eksCluster, - IAMPolicyDocument: iamPolicyDocument, - IAMRole: iamRole, - IAMRoleClusterPolicy: clusterPolicy, - IAMRoleVPCController: vpcController, - - SecurityGroup: sg, - IngressAllowAll: ingressAllowAll, - EgressAllowAll: egressAllowAll, - - TLSCert: tlsCert, - IAMOIDCProvider: iamOIDCProvider, - } -} diff --git a/docs/platypus/pkg/infra/cluster_eks/eks_test.go b/docs/platypus/pkg/infra/cluster_eks/eks_test.go deleted file mode 100644 index d27e0c7..0000000 --- a/docs/platypus/pkg/infra/cluster_eks/eks_test.go +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -//go:build inttest - -package cluster_eks - -import ( - "context" - "os" - "path/filepath" - "testing" - - "github.com/hashicorp/terraform-exec/tfexec" - - tu "github.com/golingon/lingon/pkg/testutil" - - aws "github.com/golingon/terraproviders/aws/4.60.0" - - "github.com/golingon/lingon/pkg/terra" -) - -func testExportValidateStack( - t *testing.T, ctx context.Context, - stack terra.Exporter, -) { - workdir := filepath.Join(os.TempDir(), t.Name()) - if err := os.RemoveAll(workdir); err != nil { - t.Errorf( - "failed removing temporary work dir %s: %s", - workdir, - err.Error(), - ) - return - } - if err := os.MkdirAll(workdir, os.ModePerm); err != nil { - t.Errorf( - "failed creating temporary work dir %s: %s", - workdir, err.Error(), - ) - } - file, err := os.CreateTemp(workdir, "main_*.tf") - if err != nil { - t.Errorf( - "failed creating temporary file in %s: %s", - workdir, - err.Error(), - ) - return - } - defer os.Remove(file.Name()) // clean up - - if err := terra.Export(stack, terra.WithExportWriter(file)); err != nil { - t.Errorf( - "failed exporting stack to %s: %s", - file.Name(), - err.Error(), - ) - return - } - tf, err := tfexec.NewTerraform(workdir, "terraform") - tu.AssertNoError(t, err, "creating terraform runtime") - if err := tf.Init(ctx); err != nil { - tu.AssertNoError(t, err, "initialising terraform config") - } - tfValidate, err := tf.Validate(ctx) - tu.AssertNoError(t, err, "validating terraform config") - tu.AssertEqual(t, 0, len(tfValidate.Diagnostics)) - for _, diag := range tfValidate.Diagnostics { - t.Log(diag.Summary) - } -} - -func TestEKS(t *testing.T) { - type awsStack struct { - terra.Stack - - Provider *aws.Provider - Cluster `validate:"required"` - } - eks := NewEKSCluster( - ClusterOpts{ - Name: "test", - Version: "1.24", - VPCID: "123456", - PrivateSubnetIDs: [3]string{ - "a", "b", "c", - }, - }, - ) - stack := awsStack{ - Provider: aws.NewProvider(aws.ProviderArgs{}), - Cluster: *eks, - } - ctx := context.Background() - testExportValidateStack(t, ctx, &stack) -} diff --git a/docs/platypus/pkg/infra/rds/.keep b/docs/platypus/pkg/infra/rds/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/docs/platypus/pkg/infra/s3/s3.go b/docs/platypus/pkg/infra/s3/s3.go deleted file mode 100644 index 2d6f18f..0000000 --- a/docs/platypus/pkg/infra/s3/s3.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package s3 - -import ( - aws "github.com/golingon/terraproviders/aws/4.60.0" - "github.com/golingon/terraproviders/aws/4.60.0/s3bucketserversideencryptionconfiguration" - "github.com/golingon/terraproviders/aws/4.60.0/s3bucketversioning" - - "github.com/golingon/lingon/pkg/terra" -) - -type Bucket struct { - S3 *aws.S3Bucket `validate:"required"` - ACL *aws.S3BucketAcl `validate:"required"` - Versioning *aws.S3BucketVersioning `validate:"required"` - PublicAccess *aws.S3BucketPublicAccessBlock `validate:"required"` - SSE *aws.S3BucketServerSideEncryptionConfiguration `validate:"required"` -} - -func NewBucket(bucketName string) *Bucket { - b := aws.NewS3Bucket( - "s3", aws.S3BucketArgs{ - Bucket: terra.String(bucketName), - Tags: terra.Map( - map[string]terra.StringValue{ - "Name": terra.String("DataOps TF EKS Experiment"), - }, - ), - }, - ) - - bucketID := b.Attributes().Id() - - acl := aws.NewS3BucketAcl( - "s3", aws.S3BucketAclArgs{ - Bucket: bucketID, - Acl: terra.String("private"), - }, - ) - - vv := aws.NewS3BucketVersioning( - "s3", aws.S3BucketVersioningArgs{ - Bucket: bucketID, - VersioningConfiguration: &s3bucketversioning.VersioningConfiguration{ - Status: terra.String("Enabled"), - }, - }, - ) - - pab := aws.NewS3BucketPublicAccessBlock( - "s3", aws.S3BucketPublicAccessBlockArgs{ - Bucket: bucketID, - BlockPublicAcls: terra.Bool(true), - BlockPublicPolicy: terra.Bool(true), - IgnorePublicAcls: terra.Bool(true), - RestrictPublicBuckets: terra.Bool(true), - }, - ) - - enc := aws.NewS3BucketServerSideEncryptionConfiguration( - "s3", aws.S3BucketServerSideEncryptionConfigurationArgs{ - Bucket: bucketID, - Rule: RuleEncryptKMS(), - }, - ) - - return &Bucket{ - S3: b, - ACL: acl, - Versioning: vv, - PublicAccess: pab, - SSE: enc, - } -} - -func RuleEncryptKMS() []s3bucketserversideencryptionconfiguration.Rule { - return []s3bucketserversideencryptionconfiguration.Rule{ - { - ApplyServerSideEncryptionByDefault: &s3bucketserversideencryptionconfiguration.ApplyServerSideEncryptionByDefault{ - SseAlgorithm: terra.String("aws:kms"), - }, - }, - } -} diff --git a/docs/platypus/pkg/infra/s3/validate.go b/docs/platypus/pkg/infra/s3/validate.go deleted file mode 100644 index 4072e35..0000000 --- a/docs/platypus/pkg/infra/s3/validate.go +++ /dev/null @@ -1,142 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package s3 - -import ( - "bytes" - "errors" - "fmt" - "net" - "strings" -) - -// ValidateName validates the bucket name. -// https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html -func ValidateName(bucketName string) error { - var errs []error - // Bucket names must be between 3 (min) and 63 (max) characters long. - if err := validateLength(bucketName); err != nil { - errs = append(errs, err) - } - // Bucket names can consist only of lowercase letters, numbers, dots (.), and hyphens (-). - if err := isOnlyLowercaseLettersNumbersDotsOrHyphens(bucketName); err != nil { - errs = append(errs, err) - } - // Bucket names must begin and end with a letter or number. - if err := beginOrEndWithLetterOrNumber(bucketName); err != nil { - errs = append(errs, err) - } - // Bucket names must not contain two adjacent periods. - if err := hasAdjacentPeriods(bucketName); err != nil { - errs = append(errs, err) - } - // Bucket names must not be formatted as an IP address (for example, 192.168.5.4). - if err := isIPAddress(bucketName); err != nil { - errs = append(errs, err) - } - // Bucket names must not start with the prefix xn--. - if strings.HasPrefix(bucketName, "xn--") { - errs = append( - errs, - fmt.Errorf("bucket name cannot start with the prefix xn--"), - ) - } - // Bucket names must not end with the suffix -s3alias. This suffix is reserved for access point alias names. - // For more information, see Using a bucket-style alias for your S3 bucket access point. - if strings.HasSuffix(bucketName, "-s3alias") { - errs = append( - errs, - fmt.Errorf("bucket name cannot end with the suffix -s3alias"), - ) - } - // Bucket names must be unique across all AWS accounts in all the AWS Regions within a partition. - // A partition is a grouping of Regions. - // AWS currently has three partitions: aws (Standard Regions), aws-cn (China Regions), and aws-us-gov (AWS GovCloud (US)). - // -> CANNOT BE TESTED - - // A bucket name cannot be used by another AWS account in the same partition until the bucket is deleted. - // -> CANNOT BE TESTED - - // Buckets used with Amazon S3 Transfer Acceleration can't have dots (.) in their names. - // For more information about Transfer Acceleration, see Configuring fast, secure file transfers using Amazon S3 Transfer Acceleration. - // -> EDGE CASE TOO FAR OUT OF SCOPE - - if len(errs) == 0 { - return nil - } - - var buf bytes.Buffer - - if len(errs) > 1 { - _, _ = fmt.Fprintf(&buf, "%d errors: ", len(errs)) - } - for i, err := range errs { - if i != 0 { - buf.WriteString("; ") - } - buf.WriteString(fmt.Sprintf("%d: %s", i+1, err.Error())) - } - - return errors.New(buf.String()) -} - -func isOnlyLowercaseLettersNumbersDotsOrHyphens(name string) error { - for _, c := range name { - if !isLowercaseLetterOrNumber(c) && c != '.' && c != '-' { - return fmt.Errorf( - "name must only contain letters, numbers, dots, or hyphens", - ) - } - } - return nil -} - -func isIPAddress(name string) error { - if r := net.ParseIP(name); r != nil { - return fmt.Errorf("name must not be formatted as an IP address") - } - return nil -} - -func validateLength(name string) error { - length := len(name) - if length < 3 || length > 63 { - return fmt.Errorf( - "name must be between 3 and 63 characters long: length = %d", - length, - ) - } - return nil -} - -func beginOrEndWithLetterOrNumber(name string) error { - // get the first rune - rname := []rune(name) - length := len(rname) - if !isLowercaseLetterOrNumber(rname[0]) || !isLowercaseLetterOrNumber(rname[length-1]) { - return fmt.Errorf("name must begin and end with a lowercase letter or number") - } - return nil -} - -func hasAdjacentPeriods(name string) error { - length := len(name) - for i := 0; i < length-1; i++ { - if name[i] == '.' && name[i+1] == '.' { - return fmt.Errorf("bucket name must not contain two adjacent periods") - } - } - return nil -} - -func isLowercaseLetterOrNumber(r rune) bool { - switch { - case r >= 'a' && r <= 'z': - return true - case r >= '0' && r <= '9': - return true - default: - return false - } -} diff --git a/docs/platypus/pkg/platform/awsauth/configmap.go b/docs/platypus/pkg/platform/awsauth/configmap.go deleted file mode 100644 index 20af34c..0000000 --- a/docs/platypus/pkg/platform/awsauth/configmap.go +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package awsauth - -import ( - "fmt" - - "github.com/golingon/lingon/pkg/kube" - "github.com/invopop/yaml" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// ConfigMap is an application to manage the aws-auth ConfigMap. -// The AWS EKS kube-system/aws-auth ConfigMap manages access to the Kubernetes -// cluster and AWS Roles and Users need to be added to grant access -type ConfigMap struct { - kube.App - - ConfigMap *corev1.ConfigMap -} - -func NewConfigMap(data *Data) (*ConfigMap, error) { - mapRoles, err := yaml.Marshal(data.MapRoles) - if err != nil { - return nil, fmt.Errorf("marshalling mapRoles: %w", err) - } - mapUsers, err := yaml.Marshal(data.MapUsers) - if err != nil { - return nil, fmt.Errorf("marshalling mapUsers: %w", err) - } - return &ConfigMap{ - ConfigMap: &corev1.ConfigMap{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "v1", - Kind: "ConfigMap", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "aws-auth", - Namespace: "kube-system", - }, - Data: map[string]string{ - "mapRoles": string(mapRoles), - "mapUsers": string(mapUsers), - }, - }, - }, nil -} - -// Data represents the data of the aws-auth configmap -type Data struct { - MapRoles []*RolesAuth `json:"mapRoles"` - MapUsers []*UsersAuth `json:"mapUsers"` -} - -// RolesAuth is the basic structure of a mapRoles authentication object -type RolesAuth struct { - RoleARN string `json:"rolearn"` - Username string `json:"username"` - Groups []string `json:"groups,omitempty"` -} - -// UsersAuth is the basic structure of a mapUsers authentication object -type UsersAuth struct { - UserARN string `json:"userarn"` - Username string `json:"username"` - Groups []string `json:"groups,omitempty"` -} diff --git a/docs/platypus/pkg/platform/cilium/app.go b/docs/platypus/pkg/platform/cilium/app.go deleted file mode 100644 index b8544d1..0000000 --- a/docs/platypus/pkg/platform/cilium/app.go +++ /dev/null @@ -1,131 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -import ( - "fmt" - - "github.com/golingon/lingon/pkg/kube" - "github.com/golingon/lingon/pkg/kubeutil" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" -) - -var _ kube.Exporter = (*CiliumApp)(nil) - -// todo: -// - generate certificate -// - Hubble + Hubble UI + hubble certificates - -type CiliumApp struct { - kube.App - - CACertSecret *corev1.Secret - Config *corev1.ConfigMap - - MattDamon *appsv1.DaemonSet - NodeInit *appsv1.DaemonSet - AppSA *corev1.ServiceAccount - AppBinding *rbacv1.ClusterRoleBinding - AppRole *rbacv1.ClusterRole - - Operator *appsv1.Deployment - OpSA *corev1.ServiceAccount - OpBinding *rbacv1.ClusterRoleBinding - OpRole *rbacv1.ClusterRole - - HubbleSecret *corev1.Secret - HubbleCert *corev1.Secret - HubbleSvc *corev1.Service -} - -type ClusterConfig struct { - ClusterName string - ClusterID int -} - -func New(config ClusterConfig) *CiliumApp { - ciliumCM := map[string]string{ - "cluster-name": config.ClusterName, - "cluster-id": fmt.Sprintf("%d", config.ClusterID), - } - - ns := "kube-system" - - // HACK: this is freckin' horrible!!!!!!!! - // Must remove and generate once and store somewhere, e.g. Vault - caCerts := map[string][]byte{ - "ca.crt": []byte( - "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUlKUnROOEV0SFY3b3Vxci8ySnZoYUV3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEl5TVRJeE5qQTVNVGd6TmxvWERUSTFNVEl4TlRBNQpNVGd6Tmxvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUExR2Z1M00zQzVlK3dFYnNWSkxYQ2ExdVBiWjJYWXBDQUZPWHQ2UmZEYzhzM2p2MjUKRFFlU2Z6VFdQNE1oZkkvQk1BbUZreHRTcjhmZUtHS2RIcndLN1B5bEhhRTQ3Y09aZ3VPMzdiR0tZWXhEVml4dQorSW5yTnJXRWhlMlR0MWNhM3h3MFp2d3orNkZWeFNJZEFFU1BwcVNxdlY2OEpkS2JZQkRmV2oveERoSUFwdGdGCmVSM2F5U3V3aGZ6Slk0WE4xQkFxeWhoWmFaZUdjRC9seUdmcmRhZmtDdmVQRk5jRVV6Q1pHdHA0ZXFsOXVTdXEKNjJhdXBDcUJuTzBnZkJ0Q0NVUW5tZDRnMXlYMTErRUFmQXFVVmE2QWUxYnlIVlorRTI0dFgveXhwNU9yNGtRWApJUUVuUlUvYTJ5RDJ0NWNYZTZrWGQxWi8xWXJzcE9XV0l4cXRsUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGRHgyZTkrblRKNUVFYWFiakxJRUV3N2w1ZWw4TUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQmRMRXRTZkFCWlRSTUhoeVk0Nmd2QnNBRnVSTzY5V2xOSmNCUnlyNE9FSDVZRGpYOGU4L2hWCkFmY0NFMU5WaGxoN2JOMTg4TVNkaTY5eHMzOFpmMVc4c0d1UHpxaisrQmZPNlRKTWhxTUVZbkk5VWtodHFQNXYKNVRpR3JscGY3MCtVQXZyYkpXVXI5VHV1UHN3NTk5T25Tb3NST2hwbkxQNDIzL1lSaWhKbDFMdGNsdmhBMGNiVgphSEtHZHNjekxuNGpHeW8ydnRRcnJFTFVJb1BWOW5Mb2x0cGNGOFcyeVJhNEp5b2JZY294WHorWmxrWTNRanlkClB3dnp5blc5cEZQWWtHL0I1YS9SNGtPNHpzR0tZbWZnc0Z1cG94WW5iMXpyVzkxTS9TSm5OZTRyNXl5Qkw0NS8KN1hzbWdnUWFQV1A2ckZ3N3FhVHdhZk5rU0twcHVMY3gKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", - ), - "ca.key": []byte( - "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMUdmdTNNM0M1ZSt3RWJzVkpMWENhMXVQYloyWFlwQ0FGT1h0NlJmRGM4czNqdjI1CkRRZVNmelRXUDRNaGZJL0JNQW1Ga3h0U3I4ZmVLR0tkSHJ3SzdQeWxIYUU0N2NPWmd1TzM3YkdLWVl4RFZpeHUKK0luck5yV0VoZTJUdDFjYTN4dzBadnd6KzZGVnhTSWRBRVNQcHFTcXZWNjhKZEtiWUJEZldqL3hEaElBcHRnRgplUjNheVN1d2hmekpZNFhOMUJBcXloaFphWmVHY0QvbHlHZnJkYWZrQ3ZlUEZOY0VVekNaR3RwNGVxbDl1U3VxCjYyYXVwQ3FCbk8wZ2ZCdENDVVFubWQ0ZzF5WDExK0VBZkFxVVZhNkFlMWJ5SFZaK0UyNHRYL3l4cDVPcjRrUVgKSVFFblJVL2EyeUQydDVjWGU2a1hkMVovMVlyc3BPV1dJeHF0bFFJREFRQUJBb0lCQUUzdFE2a21wRmFQdFYwTAo4aG5oeFU1MTdRMGVRQ2dkTTZCM0t1M1ZsaE9wZnR5cklYVXlUZ0QxZFpVZm11MkVJREJyamVJR3FETnRkSWdFCmhmaDhyTlY5YTJhUGU3OWZmN2FSclMwN2NiV1FMRFExWVJFMktHR04vdXpUMk5udXp5RUR6QVhzaVhYTUh4ZVEKQ0d2TXU1YzcycGhYWlZmTENNNFo0cGZOMWJaL0lNZWphTEF1b3RDSW1LWFQ3SW9CQjJwenQ2SlBVT0N2ekI1eQpZazZCS3ZQdzA3c3RWa09hbGFIbzVjOVErMUVYMXhsQmVYK1dYeElacURaVkl3UVI5MWtva3drN2RvUitXYm50ClU2dlNGN01kR3orVUduR0oyYjZtRHNBSldJNW9KWDFDZW5JbGVWajV3ME83eGQyQnBRQmcvcE9sa1l5dDZhWUEKKy9kUnBZRUNnWUVBK3NXZkZHckRWWGxkRWQ4SVpQa1Bud1NHNHQxMG5QaVlMOWxZTzJlSDVpRmx5ZmFKSmQwTQplQ2M1LzBhcFFrNG9pWDJZU2thZDZIaTFBSnhLYkIyUGtnWVRyR0wvWm81aEdwU25vcGtEUlBkcCtiWnRVbS9LCitzdGtNaVJRQXcxc0I1MHZiRTVGRFcyRU1hbDk2RW8vMjk3a2hqNjVOTXdpM0p3cURZY0R2UDBDZ1lFQTJOV04KRjl2TzRpbm8xM3RzUytncW5aYlJScXJ2dysvY2s4N1c5bm1LR3FkNmlRWGxyN0VvM2p3VDBkU2hpRU0yWVI2OApzNk0xdXVEMnZGUVlSdjB0Zk45MVdGQ204SFVZTGNEMHA0S2h2Y21mKzBqR0ZWVXJwMDVZSGRYWUhiZnFzdEgyCjBOa2Z1SlpOeERqQ2JWZnNoWkUwZ0U2QTM3Q0hvM29JWXBNcjRua0NnWUVBaFMydzExSC8zUVB3Tm82QlVjYW4KMGliQVQvbVdkY3JjWUFVSWc3dnZBM3ZYS0JRak1CV2VDcTJpY24wZlpOUkhXUVYzZkhMV1orQzdGOURwQVZRTgpyRnBIMW5SWStTbENUckNGK3FkU2dpejNmaU94R1dlL244T211YTVwUThXOENxc2l4VjBuOVFLbGd3NWxqSmpxCkl5WFRyYXZnQmpjbmlJdnpGVzRQd1MwQ2dZQS81Z2F6UGpwa1diZGRNT2tFSVlIVmVPbHBLdHlIWURzZmI3ZlgKWUkrN05SbWVJWmZEUTdEb2RNbmVid3UvTFJkc1hYTjhlSjlQMkJXK0FBWTdmVWFYWXY2Z3JQdlZKcHllZHh0aAo5ZFFXS3NHemVvbXRKYkU4bDVET0VnT2pGbHphbjVkZGltNlhwZXQ2NU1NZkYrY0NvWHpZUnNvaG9WTUhjT0hoCnNyOGUrUUtCZ1FEd2ZnSFkwZmRZYkYwWExVcndGUTVONUJlNTFmM05tTVorSjhNS3NsajF2ZUF2dHc4V1VsOGcKY3BRck9UY1FXSTQwQ3FkU3lFL1BSTlJhcUo3TXpWM3JVWlpyS2hjbUU5S0V0emdIQUl2VWl2MUZlb0ZBZ1Q2SQpZOEtXS2lhck9oVi9TQXhidFg3QVFTT21nMzhRbDYxeWVPNm8zakMzQVlrOVhkMHl4dUpkamc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=", - ), - } - hubbleCACerts := map[string][]byte{ - "ca.crt": []byte( - "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUlKUnROOEV0SFY3b3Vxci8ySnZoYUV3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEl5TVRJeE5qQTVNVGd6TmxvWERUSTFNVEl4TlRBNQpNVGd6Tmxvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUExR2Z1M00zQzVlK3dFYnNWSkxYQ2ExdVBiWjJYWXBDQUZPWHQ2UmZEYzhzM2p2MjUKRFFlU2Z6VFdQNE1oZkkvQk1BbUZreHRTcjhmZUtHS2RIcndLN1B5bEhhRTQ3Y09aZ3VPMzdiR0tZWXhEVml4dQorSW5yTnJXRWhlMlR0MWNhM3h3MFp2d3orNkZWeFNJZEFFU1BwcVNxdlY2OEpkS2JZQkRmV2oveERoSUFwdGdGCmVSM2F5U3V3aGZ6Slk0WE4xQkFxeWhoWmFaZUdjRC9seUdmcmRhZmtDdmVQRk5jRVV6Q1pHdHA0ZXFsOXVTdXEKNjJhdXBDcUJuTzBnZkJ0Q0NVUW5tZDRnMXlYMTErRUFmQXFVVmE2QWUxYnlIVlorRTI0dFgveXhwNU9yNGtRWApJUUVuUlUvYTJ5RDJ0NWNYZTZrWGQxWi8xWXJzcE9XV0l4cXRsUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGRHgyZTkrblRKNUVFYWFiakxJRUV3N2w1ZWw4TUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQmRMRXRTZkFCWlRSTUhoeVk0Nmd2QnNBRnVSTzY5V2xOSmNCUnlyNE9FSDVZRGpYOGU4L2hWCkFmY0NFMU5WaGxoN2JOMTg4TVNkaTY5eHMzOFpmMVc4c0d1UHpxaisrQmZPNlRKTWhxTUVZbkk5VWtodHFQNXYKNVRpR3JscGY3MCtVQXZyYkpXVXI5VHV1UHN3NTk5T25Tb3NST2hwbkxQNDIzL1lSaWhKbDFMdGNsdmhBMGNiVgphSEtHZHNjekxuNGpHeW8ydnRRcnJFTFVJb1BWOW5Mb2x0cGNGOFcyeVJhNEp5b2JZY294WHorWmxrWTNRanlkClB3dnp5blc5cEZQWWtHL0I1YS9SNGtPNHpzR0tZbWZnc0Z1cG94WW5iMXpyVzkxTS9TSm5OZTRyNXl5Qkw0NS8KN1hzbWdnUWFQV1A2ckZ3N3FhVHdhZk5rU0twcHVMY3gKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", - ), - "ca.key": []byte( - "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMUdmdTNNM0M1ZSt3RWJzVkpMWENhMXVQYloyWFlwQ0FGT1h0NlJmRGM4czNqdjI1CkRRZVNmelRXUDRNaGZJL0JNQW1Ga3h0U3I4ZmVLR0tkSHJ3SzdQeWxIYUU0N2NPWmd1TzM3YkdLWVl4RFZpeHUKK0luck5yV0VoZTJUdDFjYTN4dzBadnd6KzZGVnhTSWRBRVNQcHFTcXZWNjhKZEtiWUJEZldqL3hEaElBcHRnRgplUjNheVN1d2hmekpZNFhOMUJBcXloaFphWmVHY0QvbHlHZnJkYWZrQ3ZlUEZOY0VVekNaR3RwNGVxbDl1U3VxCjYyYXVwQ3FCbk8wZ2ZCdENDVVFubWQ0ZzF5WDExK0VBZkFxVVZhNkFlMWJ5SFZaK0UyNHRYL3l4cDVPcjRrUVgKSVFFblJVL2EyeUQydDVjWGU2a1hkMVovMVlyc3BPV1dJeHF0bFFJREFRQUJBb0lCQUUzdFE2a21wRmFQdFYwTAo4aG5oeFU1MTdRMGVRQ2dkTTZCM0t1M1ZsaE9wZnR5cklYVXlUZ0QxZFpVZm11MkVJREJyamVJR3FETnRkSWdFCmhmaDhyTlY5YTJhUGU3OWZmN2FSclMwN2NiV1FMRFExWVJFMktHR04vdXpUMk5udXp5RUR6QVhzaVhYTUh4ZVEKQ0d2TXU1YzcycGhYWlZmTENNNFo0cGZOMWJaL0lNZWphTEF1b3RDSW1LWFQ3SW9CQjJwenQ2SlBVT0N2ekI1eQpZazZCS3ZQdzA3c3RWa09hbGFIbzVjOVErMUVYMXhsQmVYK1dYeElacURaVkl3UVI5MWtva3drN2RvUitXYm50ClU2dlNGN01kR3orVUduR0oyYjZtRHNBSldJNW9KWDFDZW5JbGVWajV3ME83eGQyQnBRQmcvcE9sa1l5dDZhWUEKKy9kUnBZRUNnWUVBK3NXZkZHckRWWGxkRWQ4SVpQa1Bud1NHNHQxMG5QaVlMOWxZTzJlSDVpRmx5ZmFKSmQwTQplQ2M1LzBhcFFrNG9pWDJZU2thZDZIaTFBSnhLYkIyUGtnWVRyR0wvWm81aEdwU25vcGtEUlBkcCtiWnRVbS9LCitzdGtNaVJRQXcxc0I1MHZiRTVGRFcyRU1hbDk2RW8vMjk3a2hqNjVOTXdpM0p3cURZY0R2UDBDZ1lFQTJOV04KRjl2TzRpbm8xM3RzUytncW5aYlJScXJ2dysvY2s4N1c5bm1LR3FkNmlRWGxyN0VvM2p3VDBkU2hpRU0yWVI2OApzNk0xdXVEMnZGUVlSdjB0Zk45MVdGQ204SFVZTGNEMHA0S2h2Y21mKzBqR0ZWVXJwMDVZSGRYWUhiZnFzdEgyCjBOa2Z1SlpOeERqQ2JWZnNoWkUwZ0U2QTM3Q0hvM29JWXBNcjRua0NnWUVBaFMydzExSC8zUVB3Tm82QlVjYW4KMGliQVQvbVdkY3JjWUFVSWc3dnZBM3ZYS0JRak1CV2VDcTJpY24wZlpOUkhXUVYzZkhMV1orQzdGOURwQVZRTgpyRnBIMW5SWStTbENUckNGK3FkU2dpejNmaU94R1dlL244T211YTVwUThXOENxc2l4VjBuOVFLbGd3NWxqSmpxCkl5WFRyYXZnQmpjbmlJdnpGVzRQd1MwQ2dZQS81Z2F6UGpwa1diZGRNT2tFSVlIVmVPbHBLdHlIWURzZmI3ZlgKWUkrN05SbWVJWmZEUTdEb2RNbmVid3UvTFJkc1hYTjhlSjlQMkJXK0FBWTdmVWFYWXY2Z3JQdlZKcHllZHh0aAo5ZFFXS3NHemVvbXRKYkU4bDVET0VnT2pGbHphbjVkZGltNlhwZXQ2NU1NZkYrY0NvWHpZUnNvaG9WTUhjT0hoCnNyOGUrUUtCZ1FEd2ZnSFkwZmRZYkYwWExVcndGUTVONUJlNTFmM05tTVorSjhNS3NsajF2ZUF2dHc4V1VsOGcKY3BRck9UY1FXSTQwQ3FkU3lFL1BSTlJhcUo3TXpWM3JVWlpyS2hjbUU5S0V0emdIQUl2VWl2MUZlb0ZBZ1Q2SQpZOEtXS2lhck9oVi9TQXhidFg3QVFTT21nMzhRbDYxeWVPNm8zakMzQVlrOVhkMHl4dUpkamc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=", - ), - } - hubbleServerCerts := map[string][]byte{ - "ca.crt": []byte( - "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUlKUnROOEV0SFY3b3Vxci8ySnZoYUV3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEl5TVRJeE5qQTVNVGd6TmxvWERUSTFNVEl4TlRBNQpNVGd6Tmxvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUExR2Z1M00zQzVlK3dFYnNWSkxYQ2ExdVBiWjJYWXBDQUZPWHQ2UmZEYzhzM2p2MjUKRFFlU2Z6VFdQNE1oZkkvQk1BbUZreHRTcjhmZUtHS2RIcndLN1B5bEhhRTQ3Y09aZ3VPMzdiR0tZWXhEVml4dQorSW5yTnJXRWhlMlR0MWNhM3h3MFp2d3orNkZWeFNJZEFFU1BwcVNxdlY2OEpkS2JZQkRmV2oveERoSUFwdGdGCmVSM2F5U3V3aGZ6Slk0WE4xQkFxeWhoWmFaZUdjRC9seUdmcmRhZmtDdmVQRk5jRVV6Q1pHdHA0ZXFsOXVTdXEKNjJhdXBDcUJuTzBnZkJ0Q0NVUW5tZDRnMXlYMTErRUFmQXFVVmE2QWUxYnlIVlorRTI0dFgveXhwNU9yNGtRWApJUUVuUlUvYTJ5RDJ0NWNYZTZrWGQxWi8xWXJzcE9XV0l4cXRsUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGRHgyZTkrblRKNUVFYWFiakxJRUV3N2w1ZWw4TUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQmRMRXRTZkFCWlRSTUhoeVk0Nmd2QnNBRnVSTzY5V2xOSmNCUnlyNE9FSDVZRGpYOGU4L2hWCkFmY0NFMU5WaGxoN2JOMTg4TVNkaTY5eHMzOFpmMVc4c0d1UHpxaisrQmZPNlRKTWhxTUVZbkk5VWtodHFQNXYKNVRpR3JscGY3MCtVQXZyYkpXVXI5VHV1UHN3NTk5T25Tb3NST2hwbkxQNDIzL1lSaWhKbDFMdGNsdmhBMGNiVgphSEtHZHNjekxuNGpHeW8ydnRRcnJFTFVJb1BWOW5Mb2x0cGNGOFcyeVJhNEp5b2JZY294WHorWmxrWTNRanlkClB3dnp5blc5cEZQWWtHL0I1YS9SNGtPNHpzR0tZbWZnc0Z1cG94WW5iMXpyVzkxTS9TSm5OZTRyNXl5Qkw0NS8KN1hzbWdnUWFQV1A2ckZ3N3FhVHdhZk5rU0twcHVMY3gKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", - ), - "tls.crt": []byte( - "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWekNDQWorZ0F3SUJBZ0lSQUkwZ3NqSjgzSHZaQUpsOHNsZUdXVEV3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEl5TVRJeE5qQTVNVGd6TjFvWERUSTFNVEl4TlRBNQpNVGd6TjFvd0tqRW9NQ1lHQTFVRUF3d2ZLaTVrWldaaGRXeDBMbWgxWW1Kc1pTMW5jbkJqTG1OcGJHbDFiUzVwCmJ6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUwrZ3BqcWlSYzlYSE1ScUt3NWsKR1dVZHpsN2hvaThpcmU4M0JpeHhJb3NjQWN4R0tZTFhBUytFRTB3R05ZbmFZMHhmTHNNbU8vM29OZ3FyTzM4aQp4OHB3eVRPeHZ2Sk83dXhaYU41U1U1ZnEyaVJwSHZ3UmtsZkJVblhsYmhrdFo2Vkg4bkZrRVZSdWpzVnd4alh3CktGV0xHWTA4YTl6K1dKbUs5eHN1NUt2bnZKQmV3WWFvUjdUcGN2UTBWYk40L0hXSVFsTWt1VyszcjU2azRYYk0KNHBESWdhUmplbzh2dkZzS1VVbWVlVU5tczlsUTdEWm53K2Y0bW10NUZmWjRGdDhiTlNiTmhER2J0OU5OT3puWgpKME1keWRrUmFJUHM2NVZRUWI5eS9WVks4SjBrODZUY3FKZnpuSzRPMm5Ua3Z1bHBNVXJLdktwUldTeEhXYUxKCnN1c0NBd0VBQWFPQmpUQ0JpakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUgKQXdFR0NDc0dBUVVGQndNQ01Bd0dBMVVkRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVVBIWjczNmRNbmtRUgpwcHVNc2dRVER1WGw2WHd3S2dZRFZSMFJCQ013SVlJZktpNWtaV1poZFd4MExtaDFZbUpzWlMxbmNuQmpMbU5wCmJHbDFiUzVwYnpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVRlQmFwL0x5Rk5xV2lUL1NhbDRwMUt2UmM3cEUKaU5tWmtNZ3o0N0d3TERCaXNpamRZNEpWV1BERyt3ME1zb3Q4RDArUkJSUThMRVU1K0dsUXFHNWhUdk50QktVYwpNYWJ0d083R1VWNHF6ZElEMUdUMzRibEtUWHNlZVpCZ1ppY2VUYWRlR2JoZVZ1QS9JbEt2WTFZeEtucWhZbmlmCmExSlBLK1h5QUdDcHBZRjludnBUQWMyY1Q4dlpZeG93Rm9IKzllcXZ2Wm9YVzVsYjdDM3V5RDlWakgyZk55MHMKMUFkdmNpZ1duTmVRaEh6ZlI1d2xXMlNrcE0vQXlOYUNWZFZ2RHRhNnE5MitiSmxnZ0VKKzFnRUI2bUJBRi91YQo5U2FqQXhSQWE3YWVOaWtMeGd3ZVVIU0RBeVg5a3NraXNnOVVpTjYwNmRNLzY3VGsrQWxUeXFxWi93PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", - ), - "tls.key": []byte( - "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdjZDbU9xSkZ6MWNjeEdvckRtUVpaUjNPWHVHaUx5S3Q3emNHTEhFaWl4d0J6RVlwCmd0Y0JMNFFUVEFZMWlkcGpURjh1d3lZNy9lZzJDcXM3ZnlMSHluREpNN0crOGs3dTdGbG8zbEpUbCtyYUpHa2UKL0JHU1Y4RlNkZVZ1R1MxbnBVZnljV1FSVkc2T3hYREdOZkFvVllzWmpUeHIzUDVZbVlyM0d5N2txK2U4a0Y3QgpocWhIdE9seTlEUlZzM2o4ZFloQ1V5UzViN2V2bnFUaGRzemlrTWlCcEdONmp5KzhXd3BSU1o1NVEyYXoyVkRzCk5tZkQ1L2lhYTNrVjluZ1czeHMxSnMyRU1adTMwMDA3T2RrblF4M0oyUkZvZyt6cmxWQkJ2M0w5VlVyd25TVHoKcE55b2wvT2NyZzdhZE9TKzZXa3hTc3E4cWxGWkxFZFpvc215NndJREFRQUJBb0lCQVFDVkdybDlVaHFqdEpLcgp1amg2WUNUcWF3RFREeG9WTnhURDE3cTBCZXZzOWdQb0lJZllTTmVoVTFGNGpEUklhV2R1VzNtVlcwQysxbHFHCmZxb3l5S3RRdCtXMmxZMlFHUjhMUko2MnJyUmd0dHE2RGhtUDVWUkxlQjlqb1B2RUYzSllSdDA4b2JKaVVneEIKVVBqSnEyNlc4VDhXaUhjZFk4TW81ZHBVaW01ZjJ2NUdGWitZNTdtdlg5RkxUOWFZODd3c1A0d0dkNUZqWVErUgoyQmJEZnVzRFlUL0xVeGJvVC9DYTk5b2NsWkRQakh2cnlPUzRLQXExZ0ViU0JnbnlrVTRmY3NLMTNJbFdzQmFPCm9TYWdQcTBLUzZza1J1aVZYK3dVNVVXSXd0WFd0SHZUOFVyOWptYmdib3RvbzdYY3QwRFFkWk0rOFV1QXM5NjIKYWVqU3d1dWhBb0dCQU5xZXlpRkhOM0dQZTFqUFlTdEdiaTUxNmJheXpMUnBuU1IxR25VaEVrcGwwdjlCRFVmYwpKaGZqaUtDZkNHOHJZRzk1UlRtNkFULzFZRGtuWXY4Z2M1QXRLTHNZSm91NGJyc1NTOGZNTGcvbGRXWXZZaTFzCkFTZ2JNeWpqMkdDcGN3eDNHd3pvL28rQkJrNlVKRUFGNHd0ODA5Z2Fsb3hnbktUeUFQN1BtdlZwQW9HQkFPQmsKWE9kQ3lhRjlKVDdpMHRyY283bHRBc2Ird1hidis0RUVWUzBJUWo5bUw1NEVMZTlVMEhmRExjUmRDU0t5ZitFSQp2WWU2aVdHaHdVcityc2lnMlBVWWRJZDgrRWdnc1Uydm0yeVM1dEN0TkV1R3B6NlE1U2prRlZCS2F2OVhMbHMrCjRnNXJWaXMvbW9DeTZwbko5UDM1dlVmUTJQV1hmZkpXQ3g3S1AzY3pBb0dCQU1lUUM1TTFIemRhY280dlA5UHgKQnNNQ2Y4VjJrY1plWWtQVlljRnAzdmhxMnFDSEVVaDNmWTV3OVZjcDFOa21EM0d5a2E2UVRIUEYyWUJTbzl1ZwpFOTJZVzRYdUZjR1ZLZjg2UkZLdDM1NURKMWVRQ1Y3TktJRWoweCtRWFFSZnFkWEhJN28xTmFwcGJRaHQwbWxlCjlsS1dNQXNrdWlpS1NIT0pOYjlrWTErQkFvR0FjenMyOWsrMjZhWXhsVXk0Q1VxYkRXTHN0VElvT2FMZG5oQ1MKaVJDZnJKMFdRT2hXaW53Y25oUHVFZFBSR0M5Z09qalowN1M0VGhuYUFHQXZjN29lRUNkaDJCNFdCanc3c1BCSQpPWVpxMzZqQ25USmwrbHhBUWpKMnU0ZXIwTHA5aE1BVEtHSjRtcmNMNmFGM2xrZys5cG5rV05mb1FwNXNRQ0Z0CmpuOC8vajhDZ1lBanA2VFU5M2dUdTBROE5BdXY0Yy8zSHMvS0JFVitDSm0rY2hRdUpnNFpFZjVVaDBucXhQb0YKb1JRT3JaZW5jRy8zOHVsci9nVFpSSG5yMGRmR0NoQjgxVUNOZndyKzlCRkFnM25CeGxCR3VFM2Y1aEhCRHkreQp6MkJZNEt4YzE0em1xZXVtUTJGWElsS01hUVhFNW1vWTM3VXo1Zk9Sam81U0ZtdHFIdGUzdWc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=", - ), - } - - opSA := kubeutil.SimpleSA("cilium-operator", ns) - cSA := kubeutil.SimpleSA("cilium", ns) - - cas := kubeutil.Secret("cilium-ca", ns, caCerts) - hus := kubeutil.Secret("hubble-ca-secret", ns, hubbleCACerts) - huCert := kubeutil.Secret( - "hubble-server-certs", - ns, - hubbleServerCerts, - ) - - return &CiliumApp{ - CACertSecret: cas, - Config: Config( - mergeConfigMapData( - DefaultConfigData, - ciliumCM, - ), - ), - - MattDamon: Daemon, - NodeInit: NodeInit, - AppSA: cSA, - AppBinding: kubeutil.SimpleCRB(cSA, CR), - AppRole: CR, - - OpSA: opSA, - OpBinding: kubeutil.SimpleCRB(opSA, OperatorCR), - OpRole: OperatorCR, - Operator: Operator, - - HubbleSecret: hus, - HubbleSvc: HubblePeerSvc, - HubbleCert: huCert, - } -} - -func mergeConfigMapData(orig, extra map[string]string) map[string]string { - for k, v := range extra { - orig[k] = v - } - - return orig -} diff --git a/docs/platypus/pkg/platform/cilium/config.go b/docs/platypus/pkg/platform/cilium/config.go deleted file mode 100644 index 02dc9ef..0000000 --- a/docs/platypus/pkg/platform/cilium/config.go +++ /dev/null @@ -1,195 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func Config(data map[string]string) *corev1.ConfigMap { - return &corev1.ConfigMap{ - TypeMeta: kubeutil.TypeConfigMapV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "cilium-config", - Namespace: "kube-system", - }, - Data: data, - } -} - -var DefaultConfigData = map[string]string{ - // Identity allocation mode selects how identities are shared between cilium - // nodes by setting how they are stored. The options are "crd" or "kvstore". - // - "crd" stores identities in kubernetes as CRDs (custom resource - // definition). - // These can be queried with: - // kubectl get ciliumid - // - "kvstore" stores identities in an etcd kvstore, that is - // configured below. Cilium versions before 1.6 supported only the kvstore - // backend. Upgrades from these older cilium versions should continue using - // the kvstore by commenting out the identity-allocation-mode below, or - // setting it to "kvstore". - "identity-allocation-mode": "crd", - "cilium-endpoint-gc-interval": "5m0s", - "nodes-gc-interval": "5m0s", - "skip-cnp-status-startup-clean": "false", - // Disable the usage of CiliumEndpoint CRD - "disable-endpoint-crd": "false", - - // If you want to run cilium in debug mode change this value to true - "debug": "false", - // The agent can be put into the following three policy enforcement modes - // default, always and never. - // https://docs.cilium.io/en/latest/policy/intro///policy-enforcement-modes - "enable-policy": "default", - - // Enable IPv4 addressing. If enabled, all endpoints are allocated an IPv4 - // address. - "enable-ipv4": "true", - - // Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6 - // address. - "enable-ipv6": "false", - // Users who wish to specify their own custom CNI configuration file must - // set custom-cni-conf to "true", otherwise Cilium may overwrite the - // configuration. - "custom-cni-conf": "false", - "enable-bpf-clock-probe": "true", - // If you want cilium monitor to aggregate tracing for packets, set this - // level - // to "low", "medium", or "maximum". The higher the level, the less packets - // that will be seen in monitor output. - "monitor-aggregation": "medium", - - // The monitor aggregation interval governs the typical time between monitor - // notification events for each allowed connection. - // - // Only effective when monitor aggregation is set to "medium" or higher. - "monitor-aggregation-interval": "5s", - - // The monitor aggregation flags determine which TCP flags which, upon the - // first observation, cause monitor notifications to be generated. - // - // Only effective when monitor aggregation is set to "medium" or higher. - "monitor-aggregation-flags": "all", - // Specifies the ratio (0.0-1.0) of total system memory to use for dynamic - // sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps. - "bpf-map-dynamic-size-ratio": "0.0025", - // bpf-policy-map-max specifies the maximum number of entries in endpoint - // policy map (per endpoint) - "bpf-policy-map-max": "16384", - // bpf-lb-map-max specifies the maximum number of entries in bpf lb service, - // backend and affinity maps. - "bpf-lb-map-max": "65536", - // bpf-lb-bypass-fib-lookup instructs Cilium to enable the FIB lookup bypass - // optimization for nodeport reverse NAT handling. - "bpf-lb-external-clusterip": "false", - - // Pre-allocation of map entries allows per-packet latency to be reduced, at - // the expense of up-front memory allocation for the entries in the maps. - // The default value below will minimize memory usage in the default - // installation; - // users who are sensitive to latency may consider setting this to "true". - // - // This option was introduced in Cilium 1.4. Cilium 1.3 and earlier ignore - // this option and behave as though it is set to "true". - // - // If this value is modified, then during the next Cilium startup the - // restore of existing endpoints and tracking of ongoing connections may be - // disrupted. As a result, reply packets may be dropped and the - // load-balancing decisions - // for established connections may change. - // - // If this option is set to "false" during an upgrade from 1.3 or earlier to - // 1.4 or later, then it may cause one-time disruptions during the upgrade. - "preallocate-bpf-maps": "false", - - // Regular expression matching compatible Istio sidecar istio-proxy - // container image names - "sidecar-istio-proxy-image": "cilium/istio_proxy", - - // Name of the cluster. Only relevant when building a mesh of clusters. - "cluster-name": "go-terriyaki-test-1", - // Unique ID of the cluster. Must be unique across all conneted clusters and - // in the range of 1 and 255. Only relevant when building a mesh of - // clusters. - "cluster-id": "1", - - // Encapsulation mode for communication between nodes - // Possible values: - // - disabled - // - vxlan (default) - // - geneve - "tunnel": "disabled", - "enable-endpoint-routes": "true", - "auto-create-cilium-node-resource": "true", - "ec2-api-endpoint": "", - "eni-tags": "{}", - "subnet-ids-filter": "", - "subnet-tags-filter": "", - "instance-tags-filter": "", - // Enables L7 proxy for L7 policy enforcement and visibility - "enable-l7-proxy": "true", - - "enable-ipv4-masquerade": "true", - "enable-ipv6-masquerade": "true", - "egress-masquerade-interfaces": "eth0", - - "enable-xt-socket-fallback": "true", - "install-iptables-rules": "true", - "install-no-conntrack-iptables-rules": "false", - - "auto-direct-node-routes": "false", - "enable-local-redirect-policy": "false", - - "kube-proxy-replacement": "disabled", - "bpf-lb-sock": "false", - "enable-health-check-nodeport": "true", - "node-port-bind-protection": "true", - "enable-auto-protect-node-port-range": "true", - "enable-svc-source-range-check": "true", - "enable-l2-neigh-discovery": "true", - "arping-refresh-period": "30s", - "enable-endpoint-health-checking": "true", - "enable-health-checking": "true", - "enable-well-known-identities": "false", - "enable-remote-node-identity": "true", - "synchronize-k8s-nodes": "true", - "operator-api-serve-addr": "127.0.0.1:9234", - // Enable Hubble gRPC service. - "enable-hubble": "true", - // UNIX domain socket for Hubble server to listen to. - "hubble-socket-path": "/var/run/cilium/hubble.sock", - // An additional address for Hubble server to listen to (e.g. ":4244"). - "hubble-listen-address": "4244", - "hubble-disable-tls": "false", - "hubble-tls-cert-file": "/var/lib/cilium/tls/hubble/server.crt", - "hubble-tls-key-file": "/var/lib/cilium/tls/hubble/server.key", - "hubble-tls-client-ca-files": "/var/lib/cilium/tls/hubble/client-ca.crt", - "ipam": "eni", - "disable-cnp-status-updates": "true", - "enable-vtep": "false", - "vtep-endpoint": "", - "vtep-cidr": "", - "vtep-mask": "", - "vtep-mac": "", - "enable-bgp-control-plane": "false", - "procfs": "/host/proc", - "bpf-root": "/sys/fs/bpf", - "cgroup-root": "/run/cilium/cgroupv2", - "enable-k8s-terminating-endpoint": "true", - "remove-cilium-node-taints": "true", - "set-cilium-is-up-condition": "true", - "unmanaged-pod-watcher-interval": "15", - "tofqdns-dns-reject-response-code": "refused", - "tofqdns-enable-dns-compression": "true", - "tofqdns-endpoint-max-ip-per-hostname": "50", - "tofqdns-idle-connection-grace-period": "0s", - "tofqdns-max-deferred-connection-deletes": "10000", - "tofqdns-min-ttl": "3600", - "tofqdns-proxy-response-max-delay": "100ms", - "agent-not-ready-taint-key": "node.cilium.io/agent-not-ready", -} diff --git a/docs/platypus/pkg/platform/cilium/daemon.go b/docs/platypus/pkg/platform/cilium/daemon.go deleted file mode 100644 index 791c916..0000000 --- a/docs/platypus/pkg/platform/cilium/daemon.go +++ /dev/null @@ -1,639 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - appsv1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -var Daemon = &appsv1.DaemonSet{ - TypeMeta: kubeutil.TypeDaemonSetV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "cilium", - Namespace: "kube-system", - Labels: map[string]string{"k8s-app": "cilium"}, - }, - Spec: appsv1.DaemonSetSpec{ - Selector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "k8s-app": "cilium", - }, - }, - Template: v1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{"k8s-app": "cilium"}, - Annotations: map[string]string{ - "container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites": "unconfined", - "container.apparmor.security.beta.kubernetes.io/cilium-agent": "unconfined", - "container.apparmor.security.beta.kubernetes.io/clean-cilium-state": "unconfined", - "container.apparmor.security.beta.kubernetes.io/mount-cgroup": "unconfined", - }, - }, - Spec: v1.PodSpec{ - Volumes: []v1.Volume{ - { - Name: "cilium-run", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/var/run/cilium", - Type: P(v1.HostPathDirectoryOrCreate), - }, - }, - }, - { - Name: "bpf-maps", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/sys/fs/bpf", - Type: P(v1.HostPathDirectoryOrCreate), - }, - }, - }, - { - Name: "hostproc", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/proc", - Type: P(v1.HostPathDirectory), - }, - }, - }, - { - Name: "cilium-cgroup", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/run/cilium/cgroupv2", - Type: P( - v1.HostPathDirectoryOrCreate, - ), // v1.HostPathType("DirectoryOrCreate")), - }, - }, - }, - { - Name: "cni-path", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/opt/cni/bin", - Type: P(v1.HostPathDirectoryOrCreate), - }, - }, - }, - { - Name: "etc-cni-netd", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/etc/cni/net.d", - Type: P(v1.HostPathDirectoryOrCreate), - }, - }, - }, - { - Name: "lib-modules", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/lib/modules", - }, - }, - }, - { - Name: "xtables-lock", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/run/xtables.lock", - Type: P(v1.HostPathFileOrCreate), - }, - }, - }, - { - Name: "clustermesh-secrets", - VolumeSource: v1.VolumeSource{ - Secret: &v1.SecretVolumeSource{ - SecretName: "cilium-clustermesh", - DefaultMode: P(int32(256)), - Optional: P(true), - }, - }, - }, - { - Name: "cilium-config-path", - VolumeSource: v1.VolumeSource{ - ConfigMap: &v1.ConfigMapVolumeSource{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "cilium-config", - }, - }, - }, - }, - { - Name: "host-proc-sys-net", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/proc/sys/net", - Type: P(v1.HostPathDirectory), - }, - }, - }, - { - Name: "host-proc-sys-kernel", - VolumeSource: v1.VolumeSource{ - HostPath: &v1.HostPathVolumeSource{ - Path: "/proc/sys/kernel", - Type: P(v1.HostPathDirectory), - }, - }, - }, - { - Name: "hubble-tls", - VolumeSource: v1.VolumeSource{ - Projected: &v1.ProjectedVolumeSource{ - Sources: []v1.VolumeProjection{ - { - Secret: &v1.SecretProjection{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "hubble-server-certs", - }, - Items: []v1.KeyToPath{ - { - Key: "ca.crt", - Path: "client-ca.crt", - }, - { - Key: "tls.crt", - Path: "server.crt", - }, - { - Key: "tls.key", - Path: "server.key", - }, - }, - Optional: P(true), - }, - }, - }, - DefaultMode: P(int32(256)), - }, - }, - }, - }, - InitContainers: []v1.Container{ - { - Name: "mount-cgroup", - Image: "quay.io/cilium/cilium:v1.12.4@sha256:4b074fcfba9325c18e97569ed1988464309a5ebf64bbc79bec6f3d58cafcb8cf", - Command: []string{ - "sh", - "-ec", - ciliumMountScript, - }, - Env: []v1.EnvVar{ - { - Name: "CGROUP_ROOT", - Value: "/run/cilium/cgroupv2", - }, - { - Name: "BIN_PATH", - Value: "/opt/cni/bin", - }, - }, - VolumeMounts: []v1.VolumeMount{ - { - Name: "hostproc", - MountPath: "/hostproc", - }, - { - Name: "cni-path", - MountPath: "/hostbin", - }, - }, - TerminationMessagePolicy: v1.TerminationMessagePolicy( - "FallbackToLogsOnError", - ), - ImagePullPolicy: v1.PullPolicy("IfNotPresent"), - SecurityContext: &v1.SecurityContext{ - Capabilities: &v1.Capabilities{ - Add: []v1.Capability{ - v1.Capability("SYS_ADMIN"), - v1.Capability("SYS_CHROOT"), - v1.Capability("SYS_PTRACE"), - }, - Drop: []v1.Capability{v1.Capability("ALL")}, - }, - SELinuxOptions: &v1.SELinuxOptions{ - Type: "spc_t", - Level: "s0", - }, - }, - }, - { - Name: "apply-sysctl-overwrites", - Image: "quay.io/cilium/cilium:v1.12.4@sha256:4b074fcfba9325c18e97569ed1988464309a5ebf64bbc79bec6f3d58cafcb8cf", - Command: []string{ - "sh", - "-ec", - ciliumSysctlScript, - }, - Env: []v1.EnvVar{ - { - Name: "BIN_PATH", - Value: "/opt/cni/bin", - }, - }, - VolumeMounts: []v1.VolumeMount{ - { - Name: "hostproc", - MountPath: "/hostproc", - }, - { - Name: "cni-path", - MountPath: "/hostbin", - }, - }, - TerminationMessagePolicy: v1.TerminationMessagePolicy( - "FallbackToLogsOnError", - ), - ImagePullPolicy: v1.PullPolicy("IfNotPresent"), - SecurityContext: &v1.SecurityContext{ - Capabilities: &v1.Capabilities{ - Add: []v1.Capability{ - v1.Capability("SYS_ADMIN"), - v1.Capability("SYS_CHROOT"), - v1.Capability("SYS_PTRACE"), - }, - Drop: []v1.Capability{v1.Capability("ALL")}, - }, - SELinuxOptions: &v1.SELinuxOptions{ - Type: "spc_t", - Level: "s0", - }, - }, - }, - { - Name: "mount-bpf-fs", - Image: "quay.io/cilium/cilium:v1.12.4@sha256:4b074fcfba9325c18e97569ed1988464309a5ebf64bbc79bec6f3d58cafcb8cf", - Command: []string{ - "/bin/bash", - "-c", - "--", - }, - Args: []string{ - `mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf`, - }, - VolumeMounts: []v1.VolumeMount{ - { - Name: "bpf-maps", - MountPath: "/sys/fs/bpf", - MountPropagation: P( - v1.MountPropagationMode("Bidirectional"), - ), - }, - }, - TerminationMessagePolicy: v1.TerminationMessagePolicy( - "FallbackToLogsOnError", - ), - ImagePullPolicy: v1.PullPolicy("IfNotPresent"), - SecurityContext: &v1.SecurityContext{ - Privileged: P(true), - }, - }, - { - Name: "clean-cilium-state", - Image: "quay.io/cilium/cilium:v1.12.4@sha256:4b074fcfba9325c18e97569ed1988464309a5ebf64bbc79bec6f3d58cafcb8cf", - Command: []string{"/init-container.sh"}, - Env: []v1.EnvVar{ - { - Name: "CILIUM_ALL_STATE", - ValueFrom: &v1.EnvVarSource{ - ConfigMapKeyRef: &v1.ConfigMapKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "cilium-config", - }, - Key: "clean-cilium-state", - Optional: P(true), - }, - }, - }, - { - Name: "CILIUM_BPF_STATE", - ValueFrom: &v1.EnvVarSource{ - ConfigMapKeyRef: &v1.ConfigMapKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "cilium-config", - }, - Key: "clean-cilium-bpf-state", - Optional: P(true), - }, - }, - }, - }, - Resources: v1.ResourceRequirements{ - Requests: v1.ResourceList{ - v1.ResourceName("cpu"): resource.MustParse( - "100m", - ), - v1.ResourceName("memory"): resource.MustParse( - "100Mi", - ), - }, - }, - VolumeMounts: []v1.VolumeMount{ - { - Name: "bpf-maps", - MountPath: "/sys/fs/bpf", - }, - { - Name: "cilium-cgroup", - MountPath: "/run/cilium/cgroupv2", - MountPropagation: P( - v1.MountPropagationMode("HostToContainer"), - ), - }, - { - Name: "cilium-run", - MountPath: "/var/run/cilium", - }, - }, - TerminationMessagePolicy: v1.TerminationMessagePolicy( - "FallbackToLogsOnError", - ), - ImagePullPolicy: v1.PullPolicy("IfNotPresent"), - SecurityContext: &v1.SecurityContext{ - Capabilities: &v1.Capabilities{ - Add: []v1.Capability{ - v1.Capability("NET_ADMIN"), - v1.Capability("SYS_MODULE"), - v1.Capability("SYS_ADMIN"), - v1.Capability("SYS_RESOURCE"), - }, - Drop: []v1.Capability{v1.Capability("ALL")}, - }, - SELinuxOptions: &v1.SELinuxOptions{ - Type: "spc_t", - Level: "s0", - }, - }, - }, - }, - Containers: []v1.Container{ - { - Name: "cilium-agent", - Image: "quay.io/cilium/cilium:v1.12.4@sha256:4b074fcfba9325c18e97569ed1988464309a5ebf64bbc79bec6f3d58cafcb8cf", - Command: []string{"cilium-agent"}, - Args: []string{ - "--config-dir=/tmp/cilium/config-map", - }, - Env: []v1.EnvVar{ - { - Name: "K8S_NODE_NAME", - ValueFrom: &v1.EnvVarSource{ - FieldRef: &v1.ObjectFieldSelector{ - APIVersion: "v1", - FieldPath: "spec.nodeName", - }, - }, - }, - { - Name: "CILIUM_K8S_NAMESPACE", - ValueFrom: &v1.EnvVarSource{ - FieldRef: &v1.ObjectFieldSelector{ - APIVersion: "v1", - FieldPath: "metadata.namespace", - }, - }, - }, - { - Name: "CILIUM_CLUSTERMESH_CONFIG", - Value: "/var/lib/cilium/clustermesh/", - }, - { - Name: "CILIUM_CNI_CHAINING_MODE", - ValueFrom: &v1.EnvVarSource{ - ConfigMapKeyRef: &v1.ConfigMapKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "cilium-config", - }, - Key: "cni-chaining-mode", - Optional: P(true), - }, - }, - }, - { - Name: "CILIUM_CUSTOM_CNI_CONF", - ValueFrom: &v1.EnvVarSource{ - ConfigMapKeyRef: &v1.ConfigMapKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "cilium-config", - }, - Key: "custom-cni-conf", - Optional: P(true), - }, - }, - }, - }, - VolumeMounts: []v1.VolumeMount{ - { - Name: "host-proc-sys-net", - MountPath: "/host/proc/sys/net", - }, - { - Name: "host-proc-sys-kernel", - MountPath: "/host/proc/sys/kernel", - }, - { - Name: "bpf-maps", - MountPath: "/sys/fs/bpf", - MountPropagation: P( - v1.MountPropagationMode("HostToContainer"), - ), - }, - { - Name: "cilium-run", - MountPath: "/var/run/cilium", - }, - { - Name: "cni-path", - MountPath: "/host/opt/cni/bin", - }, - { - Name: "etc-cni-netd", - MountPath: "/host/etc/cni/net.d", - }, - { - Name: "clustermesh-secrets", - ReadOnly: true, - MountPath: "/var/lib/cilium/clustermesh", - }, - { - Name: "cilium-config-path", - ReadOnly: true, - MountPath: "/tmp/cilium/config-map", - }, - { - Name: "lib-modules", - ReadOnly: true, - MountPath: "/lib/modules", - }, - { - Name: "xtables-lock", - MountPath: "/run/xtables.lock", - }, - { - Name: "hubble-tls", - ReadOnly: true, - MountPath: "/var/lib/cilium/tls/hubble", - }, - }, - LivenessProbe: &v1.Probe{ - ProbeHandler: v1.ProbeHandler{ - HTTPGet: &v1.HTTPGetAction{ - Path: "/healthz", - Port: intstr.IntOrString{IntVal: 9879}, - Host: "127.0.0.1", - Scheme: v1.URIScheme("HTTP"), - HTTPHeaders: []v1.HTTPHeader{ - { - Name: "brief", - Value: "true", - }, - }, - }, - }, - TimeoutSeconds: 5, - PeriodSeconds: 30, - SuccessThreshold: 1, - FailureThreshold: 10, - }, - ReadinessProbe: &v1.Probe{ - ProbeHandler: v1.ProbeHandler{ - HTTPGet: &v1.HTTPGetAction{ - Path: "/healthz", - Port: intstr.IntOrString{IntVal: 9879}, - Host: "127.0.0.1", - Scheme: v1.URIScheme("HTTP"), - HTTPHeaders: []v1.HTTPHeader{ - { - Name: "brief", - Value: "true", - }, - }, - }, - }, - TimeoutSeconds: 5, - PeriodSeconds: 30, - SuccessThreshold: 1, - FailureThreshold: 3, - }, - StartupProbe: &v1.Probe{ - ProbeHandler: v1.ProbeHandler{ - HTTPGet: &v1.HTTPGetAction{ - Path: "/healthz", - Port: intstr.IntOrString{IntVal: 9879}, - Host: "127.0.0.1", - Scheme: v1.URIScheme("HTTP"), - HTTPHeaders: []v1.HTTPHeader{ - { - Name: "brief", - Value: "true", - }, - }, - }, - }, - PeriodSeconds: 2, - SuccessThreshold: 1, - FailureThreshold: 105, - }, - Lifecycle: &v1.Lifecycle{ - PostStart: &v1.LifecycleHandler{ - Exec: &v1.ExecAction{ - Command: []string{ - "/cni-install.sh", - "--enable-debug=false", - "--cni-exclusive=true", - "--log-file=/var/run/cilium/cilium-cni.log", - }, - }, - }, - PreStop: &v1.LifecycleHandler{ - Exec: &v1.ExecAction{ - Command: []string{"/cni-uninstall.sh"}, - }, - }, - }, - TerminationMessagePolicy: v1.TerminationMessagePolicy( - "FallbackToLogsOnError", - ), - ImagePullPolicy: v1.PullPolicy("IfNotPresent"), - SecurityContext: &v1.SecurityContext{ - Capabilities: &v1.Capabilities{ - Add: []v1.Capability{ - v1.Capability("CHOWN"), - v1.Capability("KILL"), - v1.Capability("NET_ADMIN"), - v1.Capability("NET_RAW"), - v1.Capability("IPC_LOCK"), - v1.Capability("SYS_MODULE"), - v1.Capability("SYS_ADMIN"), - v1.Capability("SYS_RESOURCE"), - v1.Capability("DAC_OVERRIDE"), - v1.Capability("FOWNER"), - v1.Capability("SETGID"), - v1.Capability("SETUID"), - }, - Drop: []v1.Capability{v1.Capability("ALL")}, - }, - SELinuxOptions: &v1.SELinuxOptions{ - Type: "spc_t", - Level: "s0", - }, - }, - }, - }, - RestartPolicy: v1.RestartPolicy("Always"), - TerminationGracePeriodSeconds: P(int64(1)), - NodeSelector: map[string]string{ - "kubernetes.io/os": "linux", - }, - ServiceAccountName: "cilium", - HostNetwork: true, - Affinity: &v1.Affinity{ - PodAntiAffinity: &v1.PodAntiAffinity{ - RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{ - { - LabelSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "k8s-app": "cilium", - }, - }, - TopologyKey: "kubernetes.io/hostname", - }, - }, - }, - }, - Tolerations: []v1.Toleration{ - {Operator: v1.TolerationOperator("Exists")}, - }, - PriorityClassName: "system-node-critical", - }, - }, - UpdateStrategy: appsv1.DaemonSetUpdateStrategy{ - Type: appsv1.DaemonSetUpdateStrategyType("RollingUpdate"), - RollingUpdate: &appsv1.RollingUpdateDaemonSet{ - MaxUnavailable: &intstr.IntOrString{IntVal: 2}, - }, - }, - }, -} - -var ciliumMountScript = `cp /usr/bin/cilium-mount /hostbin/cilium-mount; -nsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-mount" $CGROUP_ROOT; -rm /hostbin/cilium-mount -` - -var ciliumSysctlScript = `cp /usr/bin/cilium-sysctlfix /hostbin/cilium-sysctlfix; -nsenter --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-sysctlfix"; -rm /hostbin/cilium-sysctlfix -` diff --git a/docs/platypus/pkg/platform/cilium/hubble_svc.go b/docs/platypus/pkg/platform/cilium/hubble_svc.go deleted file mode 100644 index 963aec9..0000000 --- a/docs/platypus/pkg/platform/cilium/hubble_svc.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -var HubblePeerSvc = &v1.Service{ - TypeMeta: kubeutil.TypeServiceV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "hubble-peer", - Namespace: "kube-system", - Labels: map[string]string{"k8s-app": "cilium"}, - }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{ - { - Name: "peer-service", - Protocol: v1.ProtocolTCP, - Port: 443, - TargetPort: intstr.IntOrString{IntVal: 4244}, - }, - }, - Selector: map[string]string{"k8s-app": "cilium"}, - InternalTrafficPolicy: P(v1.ServiceInternalTrafficPolicyLocal), - }, -} diff --git a/docs/platypus/pkg/platform/cilium/iam.go b/docs/platypus/pkg/platform/cilium/iam.go deleted file mode 100644 index d5af997..0000000 --- a/docs/platypus/pkg/platform/cilium/iam.go +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var CR = &rbacv1.ClusterRole{ - TypeMeta: kubeutil.TypeClusterRoleV1, - ObjectMeta: metav1.ObjectMeta{Name: "cilium"}, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{"networking.k8s.io"}, - Resources: []string{"networkpolicies"}, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{"discovery.k8s.io"}, - Resources: []string{"endpointslices"}, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{""}, - Resources: []string{ - "namespaces", - "services", - "pods", - "endpoints", - "nodes", - }, - }, - { - Verbs: []string{ - "list", - "watch", - "get", - }, - APIGroups: []string{"apiextensions.k8s.io"}, - Resources: []string{"customresourcedefinitions"}, - }, - { - Verbs: []string{ - "list", - "watch", - }, - APIGroups: []string{"cilium.io"}, - Resources: []string{ - "ciliumbgploadbalancerippools", - "ciliumbgppeeringpolicies", - "ciliumclusterwideenvoyconfigs", - "ciliumclusterwidenetworkpolicies", - "ciliumegressgatewaypolicies", - "ciliumegressnatpolicies", - "ciliumendpoints", - "ciliumendpointslices", - "ciliumenvoyconfigs", - "ciliumidentities", - "ciliumlocalredirectpolicies", - "ciliumnetworkpolicies", - "ciliumnodes", - }, - }, - { - Verbs: []string{"create"}, - APIGroups: []string{"cilium.io"}, - Resources: []string{ - "ciliumidentities", - "ciliumendpoints", - "ciliumnodes", - }, - }, - { - Verbs: []string{"update"}, - APIGroups: []string{"cilium.io"}, - Resources: []string{"ciliumidentities"}, - }, - { - Verbs: []string{ - "delete", - "get", - }, - APIGroups: []string{"cilium.io"}, - Resources: []string{"ciliumendpoints"}, - }, - { - Verbs: []string{ - "get", - "update", - }, - APIGroups: []string{"cilium.io"}, - Resources: []string{ - "ciliumnodes", - "ciliumnodes/status", - }, - }, - { - Verbs: []string{"patch"}, - APIGroups: []string{"cilium.io"}, - Resources: []string{ - "ciliumnetworkpolicies/status", - "ciliumclusterwidenetworkpolicies/status", - "ciliumendpoints/status", - "ciliumendpoints", - }, - }, - }, -} diff --git a/docs/platypus/pkg/platform/cilium/node-init.go b/docs/platypus/pkg/platform/cilium/node-init.go deleted file mode 100644 index 4f66151..0000000 --- a/docs/platypus/pkg/platform/cilium/node-init.go +++ /dev/null @@ -1,151 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - "github.com/hexops/valast" - appsv1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var NodeInit = &appsv1.DaemonSet{ - TypeMeta: kubeutil.TypeDaemonSetV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "cilium-node-init", - Namespace: "kube-system", - Labels: map[string]string{"app": "cilium-node-init"}, - }, - Spec: appsv1.DaemonSetSpec{ - Selector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app": "cilium-node-init", - }, - }, - Template: v1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{"app": "cilium-node-init"}, - Annotations: map[string]string{ - "container.apparmor.security.beta.kubernetes.io/node-init": "unconfined", - }, - }, - Spec: v1.PodSpec{ - Containers: []v1.Container{ - { - Name: "node-init", - Image: "quay.io/cilium/startup-script:d69851597ea019af980891a4628fb36b7880ec26", - Env: []v1.EnvVar{ - { - Name: "STARTUP_SCRIPT", - Value: startUpScript, - }, - }, - Resources: v1.ResourceRequirements{ - Requests: v1.ResourceList{ - v1.ResourceName("cpu"): resource.MustParse( - "100m", - ), - v1.ResourceName("memory"): resource.MustParse( - "100Mi", - ), - }, - }, - Lifecycle: &v1.Lifecycle{ - PostStart: &v1.LifecycleHandler{ - Exec: &v1.ExecAction{ - Command: []string{ - "nsenter", - "--target=1", - "--mount", - "--", - "/bin/bash", - "-c", - editIPTableScript, - }, - }, - }, - }, - TerminationMessagePolicy: v1.TerminationMessagePolicy( - "FallbackToLogsOnError", - ), - ImagePullPolicy: v1.PullPolicy("IfNotPresent"), - SecurityContext: &v1.SecurityContext{ - Capabilities: &v1.Capabilities{ - Add: []v1.Capability{ - v1.Capability("SYS_MODULE"), - v1.Capability("NET_ADMIN"), - v1.Capability("SYS_ADMIN"), - v1.Capability("SYS_CHROOT"), - v1.Capability("SYS_PTRACE"), - }, - }, - Privileged: valast.Addr(false).(*bool), - SELinuxOptions: &v1.SELinuxOptions{ - Type: "spc_t", - Level: "s0", - }, - }, - }, - }, - NodeSelector: map[string]string{ - "kubernetes.io/os": "linux", - }, - HostNetwork: true, - HostPID: true, - Tolerations: []v1.Toleration{ - {Operator: v1.TolerationOperator("Exists")}, - }, - PriorityClassName: "system-node-critical", - }, - }, - UpdateStrategy: appsv1.DaemonSetUpdateStrategy{ - Type: appsv1.DaemonSetUpdateStrategyType("RollingUpdate"), - }, - }, -} - -var startUpScript = `#!/bin/bash - -set -o errexit -set -o pipefail -set -o nounset - -echo "Link information:" -ip link - -echo "Routing table:" -ip route - -echo "Addressing:" -ip -4 a -ip -6 a -mkdir -p "/tmp/cilium-bootstrap.d" -date > "/tmp/cilium-bootstrap.d/cilium-bootstrap-time" -echo "Node initialization complete" -` - -var editIPTableScript = `#!/bin/bash - -set -o errexit -set -o pipefail -set -o nounset - -# When running in AWS ENI mode, it's likely that 'aws-node' has -# had a chance to install SNAT iptables rules. These can result -# in dropped traffic, so we should attempt to remove them. -# We do it using a 'postStart' hook since this may need to run -# for nodes which might have already been init'ed but may still -# have dangling rules. This is safe because there are no -# dependencies on anything that is part of the startup script -# itself, and can be safely run multiple times per node (e.g. in -# case of a restart). -if [[ "$(iptables-save | grep -c AWS-SNAT-CHAIN)" != "0" ]]; -then - echo 'Deleting iptables rules created by the AWS CNI VPC plugin' - iptables-save | grep -v AWS-SNAT-CHAIN | iptables-restore -fi -echo 'Done!' -` diff --git a/docs/platypus/pkg/platform/cilium/operator.go b/docs/platypus/pkg/platform/cilium/operator.go deleted file mode 100644 index 42e6cd7..0000000 --- a/docs/platypus/pkg/platform/cilium/operator.go +++ /dev/null @@ -1,152 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - appsv1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -var opMeta = kubeutil.ObjectMeta( - "cilium-operator", - "kube-system", - map[string]string{ - "io.cilium/app": "operator", - "name": "cilium-operator", - }, - nil, -) - -var Operator = &appsv1.Deployment{ - TypeMeta: kubeutil.TypeDeploymentV1, - ObjectMeta: opMeta, - Spec: appsv1.DeploymentSpec{ - Replicas: P(int32(2)), - Selector: &metav1.LabelSelector{ - MatchLabels: opMeta.Labels, - }, - Template: v1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: opMeta.Labels, - }, - Spec: v1.PodSpec{ - Volumes: []v1.Volume{ - { - Name: "cilium-config-path", - VolumeSource: v1.VolumeSource{ - ConfigMap: &v1.ConfigMapVolumeSource{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "cilium-config", - }, - }, - }, - }, - }, - Containers: []v1.Container{ - { - Name: "cilium-operator", - Image: "quay.io/cilium/operator-generic:v1.12.4@sha256:071089ec5bca1f556afb8e541d9972a0dfb09d1e25504ae642ced021ecbedbd1", - Command: []string{"cilium-operator-generic"}, - Args: []string{ - "--config-dir=/tmp/cilium/config-map", - "--debug=$(CILIUM_DEBUG)", - }, - Env: []v1.EnvVar{ - { - Name: "K8S_NODE_NAME", - ValueFrom: &v1.EnvVarSource{ - FieldRef: &v1.ObjectFieldSelector{ - APIVersion: "v1", - FieldPath: "spec.nodeName", - }, - }, - }, - { - Name: "CILIUM_K8S_NAMESPACE", - ValueFrom: &v1.EnvVarSource{ - FieldRef: &v1.ObjectFieldSelector{ - APIVersion: "v1", - FieldPath: "metadata.namespace", - }, - }, - }, - { - Name: "CILIUM_DEBUG", - ValueFrom: &v1.EnvVarSource{ - ConfigMapKeyRef: &v1.ConfigMapKeySelector{ - LocalObjectReference: v1.LocalObjectReference{ - Name: "cilium-config", - }, - Key: "debug", - Optional: P(true), - }, - }, - }, - }, - VolumeMounts: []v1.VolumeMount{ - { - Name: "cilium-config-path", - ReadOnly: true, - MountPath: "/tmp/cilium/config-map", - }, - }, - LivenessProbe: liveness, - TerminationMessagePolicy: v1.TerminationMessagePolicy( - "FallbackToLogsOnError", - ), - ImagePullPolicy: v1.PullPolicy("IfNotPresent"), - }, - }, - RestartPolicy: v1.RestartPolicy("Always"), - NodeSelector: map[string]string{ - "kubernetes.io/os": "linux", - }, - ServiceAccountName: "cilium-operator", - HostNetwork: true, - Affinity: &v1.Affinity{ - PodAntiAffinity: &v1.PodAntiAffinity{ - RequiredDuringSchedulingIgnoredDuringExecution: []v1.PodAffinityTerm{ - { - LabelSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "io.cilium/app": "operator", - }, - }, - TopologyKey: "kubernetes.io/hostname", - }, - }, - }, - }, - Tolerations: []v1.Toleration{ - {Operator: v1.TolerationOperator("Exists")}, - }, - PriorityClassName: "system-cluster-critical", - }, - }, - Strategy: appsv1.DeploymentStrategy{ - Type: appsv1.DeploymentStrategyType("RollingUpdate"), - RollingUpdate: &appsv1.RollingUpdateDeployment{ - MaxUnavailable: &intstr.IntOrString{IntVal: 1}, - MaxSurge: &intstr.IntOrString{IntVal: 1}, - }, - }, - }, -} - -var liveness = &v1.Probe{ - ProbeHandler: v1.ProbeHandler{ - HTTPGet: &v1.HTTPGetAction{ - Path: "/healthz", - Port: intstr.IntOrString{IntVal: 9234}, - Host: "127.0.0.1", - Scheme: v1.URIScheme("HTTP"), - }, - }, - InitialDelaySeconds: 60, - TimeoutSeconds: 3, - PeriodSeconds: 10, -} diff --git a/docs/platypus/pkg/platform/cilium/operator_iam.go b/docs/platypus/pkg/platform/cilium/operator_iam.go deleted file mode 100644 index be34abf..0000000 --- a/docs/platypus/pkg/platform/cilium/operator_iam.go +++ /dev/null @@ -1,194 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var OperatorCR = &rbacv1.ClusterRole{ - TypeMeta: kubeutil.TypeClusterRoleV1, - ObjectMeta: metav1.ObjectMeta{Name: "cilium-operator"}, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{ - "get", - "list", - "watch", - "delete", - }, - APIGroups: []string{""}, - Resources: []string{"pods"}, - }, - { - Verbs: []string{ - "list", - "watch", - }, - APIGroups: []string{""}, - Resources: []string{"nodes"}, - }, - { - Verbs: []string{"patch"}, - APIGroups: []string{""}, - Resources: []string{ - "nodes", - "nodes/status", - }, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{"discovery.k8s.io"}, - Resources: []string{"endpointslices"}, - }, - { - Verbs: []string{"update"}, - APIGroups: []string{""}, - Resources: []string{"services/status"}, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{""}, - Resources: []string{"namespaces"}, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{""}, - Resources: []string{ - "services", - "endpoints", - }, - }, - { - Verbs: []string{ - "create", - "update", - "deletecollection", - "patch", - "get", - "list", - "watch", - }, - APIGroups: []string{"cilium.io"}, - Resources: []string{ - "ciliumnetworkpolicies", - "ciliumclusterwidenetworkpolicies", - }, - }, - { - Verbs: []string{ - "patch", - "update", - }, - APIGroups: []string{"cilium.io"}, - Resources: []string{ - "ciliumnetworkpolicies/status", - "ciliumclusterwidenetworkpolicies/status", - }, - }, - { - Verbs: []string{ - "delete", - "list", - "watch", - }, - APIGroups: []string{"cilium.io"}, - Resources: []string{ - "ciliumendpoints", - "ciliumidentities", - }, - }, - { - Verbs: []string{"update"}, - APIGroups: []string{"cilium.io"}, - Resources: []string{"ciliumidentities"}, - }, - { - Verbs: []string{ - "create", - "update", - "get", - "list", - "watch", - "delete", - }, - APIGroups: []string{"cilium.io"}, - Resources: []string{"ciliumnodes"}, - }, - { - Verbs: []string{"update"}, - APIGroups: []string{"cilium.io"}, - Resources: []string{"ciliumnodes/status"}, - }, - { - Verbs: []string{ - "create", - "update", - "get", - "list", - "watch", - "delete", - }, - APIGroups: []string{"cilium.io"}, - Resources: []string{ - "ciliumendpointslices", - "ciliumenvoyconfigs", - }, - }, - { - Verbs: []string{ - "create", - "get", - "list", - "watch", - }, - APIGroups: []string{"apiextensions.k8s.io"}, - Resources: []string{"customresourcedefinitions"}, - }, - { - Verbs: []string{"update"}, - APIGroups: []string{"apiextensions.k8s.io"}, - Resources: []string{"customresourcedefinitions"}, - ResourceNames: []string{ - "ciliumbgploadbalancerippools.cilium.io", - "ciliumbgppeeringpolicies.cilium.io", - "ciliumclusterwideenvoyconfigs.cilium.io", - "ciliumclusterwidenetworkpolicies.cilium.io", - "ciliumegressgatewaypolicies.cilium.io", - "ciliumegressnatpolicies.cilium.io", - "ciliumendpoints.cilium.io", - "ciliumendpointslices.cilium.io", - "ciliumenvoyconfigs.cilium.io", - "ciliumexternalworkloads.cilium.io", - "ciliumidentities.cilium.io", - "ciliumlocalredirectpolicies.cilium.io", - "ciliumnetworkpolicies.cilium.io", - "ciliumnodes.cilium.io", - }, - }, - { - Verbs: []string{ - "create", - "get", - "update", - }, - APIGroups: []string{"coordination.k8s.io"}, - Resources: []string{"leases"}, - }, - }, -} diff --git a/docs/platypus/pkg/platform/cilium/ptr.go b/docs/platypus/pkg/platform/cilium/ptr.go deleted file mode 100644 index 4640cc5..0000000 --- a/docs/platypus/pkg/platform/cilium/ptr.go +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package cilium - -// P returns a pointer to the given value. -func P[T any](t T) *T { - return &t -} diff --git a/docs/platypus/pkg/platform/doc.go b/docs/platypus/pkg/platform/doc.go deleted file mode 100644 index 2286603..0000000 --- a/docs/platypus/pkg/platform/doc.go +++ /dev/null @@ -1,5 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Package platform provides the kubernetes application to build and deploy -package platform diff --git a/docs/platypus/pkg/platform/grafana/app.go b/docs/platypus/pkg/platform/grafana/app.go deleted file mode 100644 index ba451d4..0000000 --- a/docs/platypus/pkg/platform/grafana/app.go +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package grafana - -import ( - "fmt" - - "github.com/golingon/lingon/pkg/kube" - "github.com/golingon/lingon/pkg/kubeutil" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" -) - -type AppOpts struct { - Name string `validate:"required"` - Version string `validate:"required"` - Env string `validate:"required"` -} - -func (a AppOpts) NameEnv() string { - return fmt.Sprintf( - "%s-%s", - a.Name, - a.Env, - ) -} - -type KubeOpts struct { - Name string - Namespace string - CommonLabels map[string]string - - PostgresHost string - PostgresDBName string - PostgresUser string - // TODO: cannot actually store password here... - PostgresPassword string -} - -var _ kube.Exporter = (*KubeApp)(nil) - -type KubeApp struct { - kube.App - Ns *corev1.Namespace - Svc *corev1.Service - Sa *corev1.ServiceAccount - Cm *corev1.ConfigMap - ClusterroleCr *rbacv1.ClusterRole - ClusterrolebindingCrb *rbacv1.ClusterRoleBinding - Rb *rbacv1.RoleBinding - Secret *corev1.Secret - DashboardsDefaultCm *corev1.ConfigMap - Role *rbacv1.Role - Deploy *appsv1.Deployment -} - -const ( - AppName = "grafana" - Version = "9.3.6" -) - -func commonLabels(opts AppOpts) map[string]string { - return map[string]string{ - kubeutil.AppLabelName: opts.Name, - kubeutil.AppLabelInstance: opts.Name, - kubeutil.AppLabelVersion: opts.Version, - kubeutil.AppLabelManagedBy: "lingon", - } -} - -func New(opts AppOpts, kOpts KubeOpts) *KubeApp { - kOpts.Name = opts.NameEnv() - kOpts.Namespace = opts.NameEnv() - kOpts.CommonLabels = commonLabels(opts) - - SA := kubeutil.ServiceAccount( - AppName, - kOpts.Namespace, - kOpts.CommonLabels, - nil, - ) - CR := kubeutil.ClusterRole(kOpts.Name, kOpts.CommonLabels, nil) - - Role := kubeutil.Role( - AppName, - kOpts.Namespace, - kOpts.CommonLabels, - RoleRules, - ) - - return &KubeApp{ - Ns: kubeutil.Namespace( - kOpts.Name, - kOpts.CommonLabels, - nil, - ), - Secret: Secret(kOpts), - Cm: Config(kOpts), - DashboardsDefaultCm: DashboardsDefaultCm(kOpts), - ClusterroleCr: CR, - ClusterrolebindingCrb: kubeutil.BindClusterRole( - kOpts.Name+"-crb", - SA, - CR, - kOpts.CommonLabels, - ), - Role: Role, - Rb: kubeutil.BindRole(AppName+"-rb", SA, Role, kOpts.CommonLabels), - Deploy: Deployment(kOpts), - Sa: SA, - Svc: Service(kOpts), - } -} diff --git a/docs/platypus/pkg/platform/grafana/cm.go b/docs/platypus/pkg/platform/grafana/cm.go deleted file mode 100644 index 496cda6..0000000 --- a/docs/platypus/pkg/platform/grafana/cm.go +++ /dev/null @@ -1,111 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package grafana - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func Config(opts KubeOpts) *corev1.ConfigMap { - data := map[string]string{ - "grafana.ini": ConfigINI, - "download_dashboards.sh": DownloadDashboardsSh, - "dashboardproviders.yaml": DashboardProviders, - "datasources.yaml": DataSources, - } - return &corev1.ConfigMap{ - TypeMeta: kubeutil.TypeConfigMapV1, - ObjectMeta: metav1.ObjectMeta{ - Labels: opts.CommonLabels, - Name: AppName, - Namespace: opts.Namespace, - }, - Data: data, - } -} - -var ConfigINI = ` -[analytics] -check_for_updates = true -[log] -mode = console -[paths] -data = /var/lib/grafana/ -logs = /var/log/grafana -plugins = /var/lib/grafana/plugins -provisioning = /etc/grafana/provisioning -` - -var DownloadDashboardsSh = ` -#!/usr/bin/env sh -set -euf -mkdir -p /var/lib/grafana/dashboards/default - -curl -skf \ ---connect-timeout 60 \ ---max-time 60 \ --H "Accept: application/json" \ --H "Content-Type: application/json;charset=UTF-8" \ - "https://karpenter.sh/v0.24.0/getting-started/getting-started-with-eksctl/karpenter-capacity-dashboard.json" \ -> "/var/lib/grafana/dashboards/default/capacity-dashboard.json" - -curl -skf \ ---connect-timeout 60 \ ---max-time 60 \ --H "Accept: application/json" \ --H "Content-Type: application/json;charset=UTF-8" \ - "https://karpenter.sh/v0.24.0/getting-started/getting-started-with-eksctl/karpenter-performance-dashboard.json" \ -> "/var/lib/grafana/dashboards/default/performance-dashboard.json" -` - -var DashboardProviders = ` -apiVersion: 1 -providers: - - disableDeletion: false - editable: true - folder: "" - name: default - options: - path: /var/lib/grafana/dashboards/default - orgId: 1 - type: file -` - -var DataSources = ` -apiVersion: 1 -datasources: - - access: proxy - name: Prometheus - type: prometheus - url: http://prometheus-server:80 - version: 1 -` - -// var GrafanaCm = &corev1.ConfigMap{ -// Data: map[string]string{ -// "dashboardproviders.yaml": "apiVersion: 1\nproviders:\n- disableDeletion: false\n editable: true\n folder: \"\"\n name: default\n options:\n path: /var/lib/grafana/dashboards/default\n orgId: 1\n type: file\n", -// "datasources.yaml": "apiVersion: 1\ndatasources:\n- access: proxy\n name: Prometheus\n type: prometheus\n url: http://prometheus-server:80\n version: 1\n", -// "download_dashboards.sh": "#!/usr/bin/env sh\nset -euf\nmkdir -p /var/lib/grafana/dashboards/default\n\ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\" \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n \"https://karpenter.sh/v0.24.0/getting-started/getting-started-with-eksctl/karpenter-capacity-dashboard.json\" \\\n> \"/var/lib/grafana/dashboards/default/capacity-dashboard.json\"\n \ncurl -skf \\\n--connect-timeout 60 \\\n--max-time 60 \\\n-H \"Accept: application/json\" \\\n-H \"Content-Type: application/json;charset=UTF-8\" \\\n \"https://karpenter.sh/v0.24.0/getting-started/getting-started-with-eksctl/karpenter-performance-dashboard.json\" \\\n> \"/var/lib/grafana/dashboards/default/performance-dashboard.json\"\n", -// "grafana.ini": "[analytics]\ncheck_for_updates = true\n[grafana_net]\nurl = https://grafana.net\n[log]\nmode = console\n[paths]\ndata = /var/lib/grafana/\nlogs = /var/log/grafana\nplugins = /var/lib/grafana/plugins\nprovisioning = /etc/grafana/provisioning\n[server]\ndomain = ''\n", -// }, -// ObjectMeta: metav1.ObjectMeta{ -// Labels: map[string]string{ -// "app.kubernetes.io/instance": "grafana", -// "app.kubernetes.io/managed-by": "Helm", -// "app.kubernetes.io/name": "grafana", -// "app.kubernetes.io/version": "9.3.6", -// "helm.sh/chart": "grafana-6.50.7", -// }, -// Name: "grafana", -// Namespace: "monitoring", -// }, -// TypeMeta: metav1.TypeMeta{ -// APIVersion: "v1", -// Kind: "ConfigMap", -// }, -// } diff --git a/docs/platypus/pkg/platform/grafana/dashboardsdefaultcm.go b/docs/platypus/pkg/platform/grafana/dashboardsdefaultcm.go deleted file mode 100644 index 987d690..0000000 --- a/docs/platypus/pkg/platform/grafana/dashboardsdefaultcm.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package grafana - -import ( - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func DashboardsDefaultCm(opts KubeOpts) *corev1.ConfigMap { - return &corev1.ConfigMap{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "v1", - Kind: "ConfigMap", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "grafana-dashboards-default", - Namespace: opts.Namespace, - Labels: opts.CommonLabels, - }, - Data: map[string]string{}, - } -} diff --git a/docs/platypus/pkg/platform/grafana/deploy.go b/docs/platypus/pkg/platform/grafana/deploy.go deleted file mode 100644 index 394dea9..0000000 --- a/docs/platypus/pkg/platform/grafana/deploy.go +++ /dev/null @@ -1,209 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package grafana - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -func Deployment(opts KubeOpts) *appsv1.Deployment { - return &appsv1.Deployment{ - TypeMeta: kubeutil.TypeDeploymentV1, - ObjectMeta: metav1.ObjectMeta{ - Name: opts.Name, - Namespace: opts.Namespace, - Labels: opts.CommonLabels, - }, - Spec: appsv1.DeploymentSpec{ - Replicas: P(int32(2)), - RevisionHistoryLimit: P(int32(10)), - Selector: &metav1.LabelSelector{ - MatchLabels: opts.CommonLabels, - }, - Strategy: appsv1.DeploymentStrategy{Type: appsv1.RollingUpdateDeploymentStrategyType}, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: opts.CommonLabels, - }, - Spec: corev1.PodSpec{ - AutomountServiceAccountToken: P(true), - Containers: []corev1.Container{ - { - Env: []corev1.EnvVar{ - { - Name: "POD_IP", - ValueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{FieldPath: "status.podIP"}}, - }, - { - Name: "GF_SECURITY_ADMIN_USER", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - Key: "admin-user", - LocalObjectReference: corev1.LocalObjectReference{Name: "grafana"}, - }, - }, - }, - { - Name: "GF_SECURITY_ADMIN_PASSWORD", - ValueFrom: &corev1.EnvVarSource{ - SecretKeyRef: &corev1.SecretKeySelector{ - Key: "admin-password", - LocalObjectReference: corev1.LocalObjectReference{Name: "grafana"}, - }, - }, - }, - { - Name: "GF_PATHS_DATA", - Value: "/var/lib/grafana/", - }, - { - Name: "GF_PATHS_LOGS", - Value: "/var/log/grafana", - }, - { - Name: "GF_PATHS_PLUGINS", - Value: "/var/lib/grafana/plugins", - }, - { - Name: "GF_PATHS_PROVISIONING", - Value: "/etc/grafana/provisioning", - }, - { - Name: "GF_ROOT_URL", - Value: "", - }, - { - Name: "GF_SERVER_DOMAIN", - Value: "", - }, - { - Name: "GF_DATABASE_TYPE", - Value: "postgres", - }, - { - Name: "GF_DATABASE_HOST", - Value: opts.PostgresHost, - }, - { - Name: "GF_DATABASE_NAME", - Value: opts.PostgresDBName, - }, - { - Name: "GF_DATABASE_USER", - Value: opts.PostgresUser, - }, - { - Name: "GF_DATABASE_PASSWORD", - Value: opts.PostgresPassword, - }, - }, - Image: "grafana/grafana:" + Version, - ImagePullPolicy: corev1.PullPolicy("IfNotPresent"), - LivenessProbe: &corev1.Probe{ - FailureThreshold: int32(10), - InitialDelaySeconds: int32(60), - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/api/health", - Port: intstr.IntOrString{IntVal: int32(3000)}, - }, - }, - TimeoutSeconds: int32(30), - }, - Name: AppName, - Ports: []corev1.ContainerPort{ - { - ContainerPort: int32(3000), - Name: "grafana", - Protocol: corev1.ProtocolTCP, - }, { - ContainerPort: int32(9094), - Name: "gossip-tcp", - Protocol: corev1.ProtocolTCP, - }, { - ContainerPort: int32(9094), - Name: "gossip-udp", - Protocol: corev1.ProtocolUDP, - }, - }, - ReadinessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/api/health", - Port: intstr.IntOrString{IntVal: int32(3000)}, - }, - }, - }, - VolumeMounts: []corev1.VolumeMount{ - { - MountPath: "/etc/grafana/grafana.ini", - Name: "config", - SubPath: "grafana.ini", - }, { - MountPath: "/var/lib/grafana", - Name: "storage", - }, { - MountPath: "/etc/grafana/provisioning/datasources/datasources.yaml", - Name: "config", - SubPath: "datasources.yaml", - }, { - MountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml", - Name: "config", - SubPath: "dashboardproviders.yaml", - }, - }, - }, - }, - EnableServiceLinks: P(true), - InitContainers: []corev1.Container{ - { - Args: []string{ - "-c", - "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh", - }, - Command: []string{"/bin/sh"}, - Image: "curlimages/curl:7.85.0", - ImagePullPolicy: corev1.PullPolicy("IfNotPresent"), - Name: "download-dashboards", - VolumeMounts: []corev1.VolumeMount{ - { - MountPath: "/etc/grafana/download_dashboards.sh", - Name: "config", - SubPath: "download_dashboards.sh", - }, { - MountPath: "/var/lib/grafana", - Name: "storage", - }, - }, - }, - }, - SecurityContext: &corev1.PodSecurityContext{ - FSGroup: P(int64(472)), - RunAsGroup: P(int64(472)), - RunAsUser: P(int64(472)), - }, - ServiceAccountName: AppName, - Volumes: []corev1.Volume{ - { - Name: "config", - VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: AppName}}}, - }, { - Name: "dashboards-default", - VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: "grafana-dashboards-default"}}}, - }, { - Name: "storage", - VolumeSource: corev1.VolumeSource{}, - }, - }, - }, - }, - }, - } -} diff --git a/docs/platypus/pkg/platform/grafana/iam.go b/docs/platypus/pkg/platform/grafana/iam.go deleted file mode 100644 index e1d46b9..0000000 --- a/docs/platypus/pkg/platform/grafana/iam.go +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package grafana - -import rbacv1 "k8s.io/api/rbac/v1" - -var RoleRules = []rbacv1.PolicyRule{ - { - APIGroups: []string{"extensions"}, - ResourceNames: []string{"grafana"}, - Resources: []string{"podsecuritypolicies"}, - Verbs: []string{"use"}, - }, -} diff --git a/docs/platypus/pkg/platform/grafana/p.go b/docs/platypus/pkg/platform/grafana/p.go deleted file mode 100644 index 9e2f7de..0000000 --- a/docs/platypus/pkg/platform/grafana/p.go +++ /dev/null @@ -1,10 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package grafana - -func P[T any](t T) *T { - return &t -} diff --git a/docs/platypus/pkg/platform/grafana/rds.go b/docs/platypus/pkg/platform/grafana/rds.go deleted file mode 100644 index 3e02914..0000000 --- a/docs/platypus/pkg/platform/grafana/rds.go +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package grafana - -import ( - "fmt" - - "github.com/go-playground/validator/v10" - aws "github.com/golingon/terraproviders/aws/4.60.0" - "github.com/golingon/terraproviders/aws/4.60.0/securitygroup" - - "github.com/golingon/lingon/pkg/terra" -) - -var ( - B = terra.Bool - N = terra.Number - S = terra.String -) - -type RDSOpts struct { - Name string `validate:"required"` - VPCID string `validate:"required"` - EKSSGID string `validate:"required"` - PrivateSubnetIDs [3]string `validate:"required,dive,required"` - // SnapshotID (optional) to restore the database from - SnapshotID string -} - -func NewRDSPostgres( - opts RDSOpts, -) (RDSPostgres, error) { - if err := validator.New().Struct(opts); err != nil { - return RDSPostgres{}, fmt.Errorf("validating opts: %w", err) - } - sg := aws.NewSecurityGroup( - "grafana", aws.SecurityGroupArgs{ - VpcId: S(opts.VPCID), - Name: S(opts.Name), - Description: S("Security group for access to Grafana RDS"), - Ingress: []securitygroup.Ingress{ - { - FromPort: N(5432), - ToPort: N(5432), - Protocol: S("tcp"), - Description: S("Allow access from Grafana pods to RDS"), - SecurityGroups: terra.Set(S(opts.EKSSGID)), - }, - }, - }, - ) - dbSubnetGroup := aws.NewDbSubnetGroup( - "grafana", aws.DbSubnetGroupArgs{ - Name: S(opts.Name), - Description: S("Grafana RDS subnet group"), - SubnetIds: terra.SetString(opts.PrivateSubnetIDs[:]...), - }, - ) - - rds := aws.NewDbInstance( - "grafana", aws.DbInstanceArgs{ - Identifier: S(opts.Name), - Engine: S("postgres"), - EngineVersion: S("14.4"), - AutoMinorVersionUpgrade: B(false), - - InstanceClass: S("db.t4g.micro"), - AllocatedStorage: N(20), - MaxAllocatedStorage: N(50), - - // TODO: need to do something better here - DbName: S("grafana"), - Username: S("grafana"), - Password: S("platypusgrafana"), - - DbSubnetGroupName: dbSubnetGroup.Attributes().Id(), - VpcSecurityGroupIds: terra.Set(sg.Attributes().Id()), - - PubliclyAccessible: B(false), - MultiAz: B(false), - - SkipFinalSnapshot: B(true), - }, - ) - if opts.SnapshotID != "" { - rds.Args.SnapshotIdentifier = S(opts.SnapshotID) - } - return RDSPostgres{ - SecurityGroup: sg, - SubnetGroup: dbSubnetGroup, - Postgres: rds, - }, nil -} - -type RDSPostgres struct { - SecurityGroup *aws.SecurityGroup `validate:"required"` - SubnetGroup *aws.DbSubnetGroup `validate:"required"` - Postgres *aws.DbInstance `validate:"required"` -} diff --git a/docs/platypus/pkg/platform/grafana/secret.go b/docs/platypus/pkg/platform/grafana/secret.go deleted file mode 100644 index 14586e0..0000000 --- a/docs/platypus/pkg/platform/grafana/secret.go +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package grafana - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func Secret(opts KubeOpts) *corev1.Secret { - return &corev1.Secret{ - TypeMeta: kubeutil.TypeSecretV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "grafana", - Namespace: opts.Namespace, - Labels: opts.CommonLabels, - }, - Type: corev1.SecretTypeOpaque, - Data: map[string][]byte{ - "admin-password": []byte("admin"), - "admin-user": []byte("admin"), - }, - } -} diff --git a/docs/platypus/pkg/platform/grafana/svc.go b/docs/platypus/pkg/platform/grafana/svc.go deleted file mode 100644 index 79b1ce5..0000000 --- a/docs/platypus/pkg/platform/grafana/svc.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package grafana - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -func Service(opts KubeOpts) *corev1.Service { - return &corev1.Service{ - TypeMeta: kubeutil.TypeServiceV1, - ObjectMeta: metav1.ObjectMeta{ - Name: opts.Name, - Namespace: opts.Namespace, - Labels: opts.CommonLabels, - }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ - { - Name: "service", - Port: int32(80), - Protocol: corev1.ProtocolTCP, - TargetPort: intstr.IntOrString{IntVal: int32(3000)}, - }, - }, - Selector: opts.CommonLabels, - Type: corev1.ServiceTypeClusterIP, - }, - } -} diff --git a/docs/platypus/pkg/platform/karpenter/app_test.go b/docs/platypus/pkg/platform/karpenter/app_test.go deleted file mode 100644 index 4d880c4..0000000 --- a/docs/platypus/pkg/platform/karpenter/app_test.go +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "os" - "testing" - - "github.com/golingon/lingon/pkg/kube" - "github.com/stretchr/testify/require" -) - -func TestExport(t *testing.T) { - _ = os.RemoveAll("out") - - app := New( - Opts{ - ClusterName: "CLUSTER_NAME", - ClusterEndpoint: "CLUSTER_ENDPOINT", - IAMRoleArn: "ROLE_ARN", - DefaultInstanceProfile: "DEFAULT_INSTANCE_PROFILE", - InterruptQueue: "INTERRUPT_QUEUE", - }, - ) - err := kube.Export(app, kube.WithExportOutputDirectory("out")) - require.NoError(t, err) -} diff --git a/docs/platypus/pkg/platform/karpenter/awsauth.go b/docs/platypus/pkg/platform/karpenter/awsauth.go deleted file mode 100644 index b4a6f4f..0000000 --- a/docs/platypus/pkg/platform/karpenter/awsauth.go +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import "github.com/golingon/lingon/docs/platypus/pkg/platform/awsauth" - -func AWSAuthMapRoles(nodeRoleARN, fargateRoleARN string) []*awsauth.RolesAuth { - return []*awsauth.RolesAuth{ - { - RoleARN: nodeRoleARN, - Username: "system:node:{{EC2PrivateDNSName}}", - Groups: []string{ - "system:bootstrappers", "system:nodes", - }, - }, - { - RoleARN: fargateRoleARN, - Username: "system:node:{{SessionName}}", - Groups: []string{ - "system:bootstrappers", "system:nodes", "system:node-proxier", - }, - }, - } -} diff --git a/docs/platypus/pkg/platform/karpenter/clusterroles.go b/docs/platypus/pkg/platform/karpenter/clusterroles.go deleted file mode 100644 index fd557a5..0000000 --- a/docs/platypus/pkg/platform/karpenter/clusterroles.go +++ /dev/null @@ -1,187 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var CanUpdateWebhooks = &rbacv1.ClusterRole{ - TypeMeta: metav1.TypeMeta{ - Kind: "ClusterRole", - APIVersion: "rbac.authorization.k8s.io/v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter", - Labels: commonLabels, - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{ - "get", - "list", - "watch", - }, - APIGroups: []string{"karpenter.k8s.aws"}, - Resources: []string{"awsnodetemplates"}, - }, - { - Verbs: []string{"update"}, - APIGroups: []string{"admissionregistration.k8s.io"}, - Resources: []string{"validatingwebhookconfigurations"}, - ResourceNames: []string{"validation.webhook.karpenter.k8s.aws"}, - }, - { - Verbs: []string{"update"}, - APIGroups: []string{"admissionregistration.k8s.io"}, - Resources: []string{"mutatingwebhookconfigurations"}, - ResourceNames: []string{"defaulting.webhook.karpenter.k8s.aws"}, - }, - { - Verbs: []string{"patch", "update"}, - APIGroups: []string{"karpenter.k8s.aws"}, - Resources: []string{"awsnodetemplates/status"}, - }, - }, -} - -var CoreCr = &rbacv1.ClusterRole{ - TypeMeta: kubeutil.TypeClusterRoleV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter-core", - Labels: commonLabels, - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{"karpenter.sh"}, - Resources: []string{ - "provisioners", - "provisioners/status", - "machines", - "machines/status", - }, - Verbs: []string{"get", "list", "watch"}, - }, - { - APIGroups: []string{""}, - Resources: []string{ - "pods", - "nodes", - "persistentvolumes", - "persistentvolumeclaims", - "replicationcontrollers", - "namespaces", - }, - Verbs: []string{"get", "list", "watch"}, - }, - { - APIGroups: []string{"storage.k8s.io"}, - Resources: []string{"storageclasses", "csinodes"}, - Verbs: []string{"get", "watch", "list"}, - }, - { - APIGroups: []string{"apps"}, - Resources: []string{ - "daemonsets", - "deployments", - "replicasets", - "statefulsets", - }, - Verbs: []string{"list", "watch"}, - }, - { - APIGroups: []string{"admissionregistration.k8s.io"}, - Resources: []string{ - "validatingwebhookconfigurations", - "mutatingwebhookconfigurations", - }, - Verbs: []string{"get", "watch", "list"}, - }, - { - APIGroups: []string{"policy"}, - Resources: []string{"poddisruptionbudgets"}, - Verbs: []string{"get", "list", "watch"}, - }, - { - APIGroups: []string{"karpenter.sh"}, - Resources: []string{ - "provisioners/status", - "machines", - "machines/status", - }, - Verbs: []string{"create", "delete", "patch"}, - }, - { - APIGroups: []string{""}, - Resources: []string{"events"}, - Verbs: []string{"create", "patch"}, - }, - { - APIGroups: []string{""}, - Resources: []string{"nodes"}, - Verbs: []string{"create", "patch", "delete"}, - }, - { - APIGroups: []string{""}, - Resources: []string{"pods/eviction"}, - Verbs: []string{"create"}, - }, - { - APIGroups: []string{"admissionregistration.k8s.io"}, - ResourceNames: []string{ - "validation.webhook.karpenter.sh", - "validation.webhook.config.karpenter.sh", - }, - Resources: []string{"validatingwebhookconfigurations"}, - Verbs: []string{"update"}, - }, - { - APIGroups: []string{"admissionregistration.k8s.io"}, - ResourceNames: []string{"defaulting.webhook.karpenter.sh"}, - Resources: []string{"mutatingwebhookconfigurations"}, - Verbs: []string{"update"}, - }, - }, -} - -var AdminCr = &rbacv1.ClusterRole{ - TypeMeta: kubeutil.TypeClusterRoleV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter-admin", - Labels: appendCommonLabels( - map[string]string{ - // Add these permissions to the "admin" default roles - "rbac.authorization.k8s.io/aggregate-to-admin": "true", - }, - ), - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{ - "get", - "list", - "watch", - "create", - "delete", - "patch", - }, - APIGroups: []string{"karpenter.sh"}, - Resources: []string{"provisioners", "provisioners/status"}, - }, - { - Verbs: []string{ - "get", - "list", - "watch", - "create", - "delete", - "patch", - }, - APIGroups: []string{"karpenter.k8s.aws"}, - Resources: []string{"awsnodetemplates"}, - }, - }, -} diff --git a/docs/platypus/pkg/platform/karpenter/config.go b/docs/platypus/pkg/platform/karpenter/config.go deleted file mode 100644 index b33de0a..0000000 --- a/docs/platypus/pkg/platform/karpenter/config.go +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var CertSecret = &corev1.Secret{ - TypeMeta: metav1.TypeMeta{ - Kind: "Secret", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter-cert", - Namespace: "karpenter", - Labels: commonLabels, - }, - Data: map[string][]uint8{}, // Injected by karpenter-webhook -} - -func GlobalSettings( - opts Opts, -) *corev1.ConfigMap { - return &corev1.ConfigMap{ - TypeMeta: kubeutil.TypeConfigMapV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter-global-settings", - Namespace: "karpenter", - Labels: commonLabels, - }, - Data: map[string]string{ - "aws.clusterEndpoint": opts.ClusterEndpoint, - "aws.clusterName": opts.ClusterName, - "aws.defaultInstanceProfile": opts.DefaultInstanceProfile, - "aws.enableENILimitedPodDensity": "true", - "aws.enablePodENI": "false", - "aws.interruptionQueueName": opts.InterruptQueue, - "aws.isolatedVPC": "false", - "aws.nodeNameConvention": "ip-name", - "aws.vmMemoryOverheadPercent": "0.075", - "batchIdleDuration": "1s", - "batchMaxDuration": "10s", - }, - } -} - -var LoggingConfig = &corev1.ConfigMap{ - TypeMeta: kubeutil.TypeConfigMapV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "config-logging", - Namespace: "karpenter", - Labels: commonLabels, - }, - Data: map[string]string{ - "loglevel.webhook": "error", - "zap-logger-config": ZapLoggerConfig, - }, -} - -var ZapLoggerConfig = `{ - "level": "debug", - "development": false, - "disableStacktrace": true, - "disableCaller": true, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "console", - "encoderConfig": { - "timeKey": "time", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "levelEncoder": "capital", - "timeEncoder": "iso8601" - } -} -` diff --git a/docs/platypus/pkg/platform/karpenter/crd/awsnodetemplates.karpenter.k8s.aws_crd.go b/docs/platypus/pkg/platform/karpenter/crd/awsnodetemplates.karpenter.k8s.aws_crd.go deleted file mode 100644 index 0ca65da..0000000 --- a/docs/platypus/pkg/platform/karpenter/crd/awsnodetemplates.karpenter.k8s.aws_crd.go +++ /dev/null @@ -1,253 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// CODE GENERATED. - -package crd - -import ( - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var AwsnodetemplatesKarpenterK8SAwsCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{"controller-gen.kubebuilder.io/version": "v0.11.3"}, - Name: "awsnodetemplates.karpenter.k8s.aws", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Group: "karpenter.k8s.aws", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"karpenter"}, - Kind: "AWSNodeTemplate", - ListKind: "AWSNodeTemplateList", - Plural: "awsnodetemplates", - Singular: "awsnodetemplate", - }, - Scope: apiextensionsv1.ResourceScope("Cluster"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - Name: "v1alpha1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Description: "AWSNodeTemplate is the Schema for the AWSNodeTemplate API", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "apiVersion": { - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: "string", - }, - "kind": { - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: "string", - }, - "metadata": {Type: "object"}, - "spec": { - Description: "AWSNodeTemplateSpec is the top level specification for the AWS Karpenter Provider. This will contain configuration necessary to launch instances in AWS.", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "amiFamily": { - Description: "AMIFamily is the AMI family that instances use.", - Type: "string", - }, - "amiSelector": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "AMISelector discovers AMIs to be used by Amazon EC2 tags.", - Type: "object", - }, - "apiVersion": { - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: "string", - }, - "blockDeviceMappings": { - Description: "BlockDeviceMappings to be applied to provisioned nodes.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{ - Schema: &apiextensionsv1.JSONSchemaProps{ - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "deviceName": { - Description: "The device name (for example, /dev/sdh or xvdh).", - Type: "string", - }, - "ebs": { - Description: "EBS contains parameters used to automatically set up EBS volumes when an instance is launched.", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "deleteOnTermination": { - Description: "DeleteOnTermination indicates whether the EBS volume is deleted on instance termination.", - Type: "boolean", - }, - "encrypted": { - Description: "Encrypted indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you are creating a volume from a snapshot, you can't specify an encryption value.", - Type: "boolean", - }, - "iops": { - Description: "IOPS is the number of I/O operations per second (IOPS). For gp3, io1, and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. \n The following are the supported values for each volume type: \n * gp3: 3,000-16,000 IOPS \n * io1: 100-64,000 IOPS \n * io2: 100-64,000 IOPS \n For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). Other instance families guarantee performance up to 32,000 IOPS. \n This parameter is supported for io1, io2, and gp3 volumes only. This parameter is not supported for gp2, st1, sc1, or standard volumes.", - Format: "int64", - Type: "integer", - }, - "kmsKeyID": { - Description: "KMSKeyID (ARN) of the symmetric Key Management Service (KMS) CMK used for encryption.", - Type: "string", - }, - "snapshotID": { - Description: "SnapshotID is the ID of an EBS snapshot", - Type: "string", - }, - "throughput": { - Description: "Throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s. Valid Range: Minimum value of 125. Maximum value of 1000.", - Format: "int64", - Type: "integer", - }, - "volumeSize": { - AnyOf: []apiextensionsv1.JSONSchemaProps{ - {Type: "integer"}, - {Type: "string"}, - }, - Description: "VolumeSize in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type: \n * gp2 and gp3: 1-16,384 \n * io1 and io2: 4-16,384 \n * st1 and sc1: 125-16,384 \n * standard: 1-1,024", - Pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - XIntOrString: true, - }, - "volumeType": { - Description: "VolumeType of the block device. For more information, see Amazon EBS volume types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.", - Type: "string", - }, - }, - Type: "object", - }, - }, - Type: "object", - }, - }, - Type: "array", - }, - "context": { - Description: "Context is a Reserved field in EC2 APIs https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html", - Type: "string", - }, - "detailedMonitoring": { - Description: "DetailedMonitoring controls if detailed monitoring is enabled for instances that are launched", - Type: "boolean", - }, - "instanceProfile": { - Description: "InstanceProfile is the AWS identity that instances use.", - Type: "string", - }, - "kind": { - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: "string", - }, - "launchTemplate": { - Description: "LaunchTemplateName for the node. If not specified, a launch template will be generated. NOTE: This field is for specifying a custom launch template and is exposed in the Spec as `launchTemplate` for backwards compatibility.", - Type: "string", - }, - "metadataOptions": { - Description: "MetadataOptions for the generated launch template of provisioned nodes. \n This specifies the exposure of the Instance Metadata Service to provisioned EC2 nodes. For more information, see Instance Metadata and User Data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) in the Amazon Elastic Compute Cloud User Guide. \n Refer to recommended, security best practices (https://aws.github.io/aws-eks-best-practices/security/docs/iam/#restrict-access-to-the-instance-profile-assigned-to-the-worker-node) for limiting exposure of Instance Metadata and User Data to pods. If omitted, defaults to httpEndpoint enabled, with httpProtocolIPv6 disabled, with httpPutResponseLimit of 2, and with httpTokens required.", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "httpEndpoint": { - Description: "HTTPEndpoint enables or disables the HTTP metadata endpoint on provisioned nodes. If metadata options is non-nil, but this parameter is not specified, the default state is \"enabled\". \n If you specify a value of \"disabled\", instance metadata will not be accessible on the node.", - Type: "string", - }, - "httpProtocolIPv6": { - Description: "HTTPProtocolIPv6 enables or disables the IPv6 endpoint for the instance metadata service on provisioned nodes. If metadata options is non-nil, but this parameter is not specified, the default state is \"disabled\".", - Type: "string", - }, - "httpPutResponseHopLimit": { - Description: "HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Possible values are integers from 1 to 64. If metadata options is non-nil, but this parameter is not specified, the default value is 1.", - Format: "int64", - Type: "integer", - }, - "httpTokens": { - Description: "HTTPTokens determines the state of token usage for instance metadata requests. If metadata options is non-nil, but this parameter is not specified, the default state is \"optional\". \n If the state is optional, one can choose to retrieve instance metadata with or without a signed token header on the request. If one retrieves the IAM role credentials without a token, the version 1.0 role credentials are returned. If one retrieves the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned. \n If the state is \"required\", one must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.", - Type: "string", - }, - }, - Type: "object", - }, - "securityGroupSelector": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "SecurityGroups specify the names of the security groups.", - Type: "object", - }, - "subnetSelector": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "SubnetSelector discovers subnets by tags. A value of \"\" is a wildcard.", - Type: "object", - }, - "tags": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "Tags to be applied on ec2 resources like instances and launch templates.", - Type: "object", - }, - "userData": { - Description: "UserData to be applied to the provisioned nodes. It must be in the appropriate format based on the AMIFamily in use. Karpenter will merge certain fields into this UserData to ensure nodes are being provisioned with the correct configuration.", - Type: "string", - }, - }, - Type: "object", - }, - "status": { - Description: "AWSNodeTemplateStatus contains the resolved state of the AWSNodeTemplate", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "securityGroups": { - Description: "SecurityGroups contains the current Security Groups values that are available to the cluster under the SecurityGroups selectors.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{ - Schema: &apiextensionsv1.JSONSchemaProps{ - Description: "SecurityGroupStatus contains resolved SecurityGroup selector values utilized for node launch", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "id": { - Description: "Id of the security group", - Type: "string", - }, - }, - Type: "object", - }, - }, - Type: "array", - }, - "subnets": { - Description: "Subnets contains the current Subnet values that are available to the cluster under the subnet selectors.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{ - Schema: &apiextensionsv1.JSONSchemaProps{ - Description: "SubnetStatus contains resolved Subnet selector values utilized for node launch", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "id": { - Description: "Id of the subnet", - Type: "string", - }, - "zone": { - Description: "The associated availability zone", - Type: "string", - }, - }, - Type: "object", - }, - }, - Type: "array", - }, - }, - Type: "object", - }, - }, - Type: "object", - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} diff --git a/docs/platypus/pkg/platform/karpenter/crd/provisioners.karpenter.sh_crd.go b/docs/platypus/pkg/platform/karpenter/crd/provisioners.karpenter.sh_crd.go deleted file mode 100644 index 9b2622f..0000000 --- a/docs/platypus/pkg/platform/karpenter/crd/provisioners.karpenter.sh_crd.go +++ /dev/null @@ -1,406 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// CODE GENERATED. - -package crd - -import ( - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// P returns a pointer to the given value. -func P[T any](t T) *T { - return &t -} - -var ProvisionersKarpenterShCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{"controller-gen.kubebuilder.io/version": "v0.11.3"}, - Name: "provisioners.karpenter.sh", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Group: "karpenter.sh", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"karpenter"}, - Kind: "Provisioner", - ListKind: "ProvisionerList", - Plural: "provisioners", - Singular: "provisioner", - }, - Scope: apiextensionsv1.ResourceScope("Cluster"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - Name: "v1alpha5", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Description: "Provisioner is the Schema for the Provisioners API", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "apiVersion": { - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: "string", - }, - "kind": { - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: "string", - }, - "metadata": {Type: "object"}, - "spec": { - Description: "ProvisionerSpec is the top level provisioner specification. Provisioners launch nodes in response to pods that are unschedulable. A single provisioner is capable of managing a diverse set of nodes. Node properties are determined from a combination of provisioner and pod scheduling constraints.", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "annotations": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "Annotations are applied to every node.", - Type: "object", - }, - "consolidation": { - Description: "Consolidation are the consolidation parameters", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "enabled": { - Description: "Enabled enables consolidation if it has been set", - Type: "boolean", - }, - }, - Type: "object", - }, - "kubeletConfiguration": { - Description: "KubeletConfiguration are options passed to the kubelet when provisioning nodes", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "clusterDNS": { - Description: "clusterDNS is a list of IP addresses for the cluster DNS server. Note that not all providers may use all addresses.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}}, - Type: "array", - }, - "containerRuntime": { - Description: "ContainerRuntime is the container runtime to be used with your worker nodes.", - Type: "string", - }, - "cpuCFSQuota": { - Description: "CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits.", - Type: "boolean", - }, - "evictionHard": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "EvictionHard is the map of signal names to quantities that define hard eviction thresholds", - Type: "object", - }, - "evictionMaxPodGracePeriod": { - Description: "EvictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use when terminating pods in response to soft eviction thresholds being met.", - Format: "int32", - Type: "integer", - }, - "evictionSoft": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "EvictionSoft is the map of signal names to quantities that define soft eviction thresholds", - Type: "object", - }, - "evictionSoftGracePeriod": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "EvictionSoftGracePeriod is the map of signal names to quantities that define grace periods for each eviction signal", - Type: "object", - }, - "imageGCHighThresholdPercent": { - Description: "ImageGCHighThresholdPercent is the percent of disk usage after which image garbage collection is always run. The percent is calculated by dividing this field value by 100, so this field must be between 0 and 100, inclusive. When specified, the value must be greater than ImageGCLowThresholdPercent.", - Format: "int32", - Maximum: P(100.0), - Type: "integer", - }, - "imageGCLowThresholdPercent": { - Description: "ImageGCLowThresholdPercent is the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The percent is calculated by dividing this field value by 100, so the field value must be between 0 and 100, inclusive. When specified, the value must be less than imageGCHighThresholdPercent", - Format: "int32", - Maximum: P(100.0), - Type: "integer", - }, - "kubeReserved": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{ - AnyOf: []apiextensionsv1.JSONSchemaProps{ - {Type: "integer"}, - {Type: "string"}, - }, - Pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - XIntOrString: true, - }, - }, - Description: "KubeReserved contains resources reserved for Kubernetes system components.", - Type: "object", - }, - "maxPods": { - Description: "MaxPods is an override for the maximum number of pods that can run on a worker node instance.", - Format: "int32", - Type: "integer", - }, - "podsPerCore": { - Description: "PodsPerCore is an override for the number of pods that can run on a worker node instance based on the number of cpu cores. This value cannot exceed MaxPods, so, if MaxPods is a lower value, that value will be used.", - Format: "int32", - Type: "integer", - }, - "systemReserved": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{ - AnyOf: []apiextensionsv1.JSONSchemaProps{ - {Type: "integer"}, - {Type: "string"}, - }, - Pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - XIntOrString: true, - }, - }, - Description: "SystemReserved contains resources reserved for OS system daemons and kernel memory.", - Type: "object", - }, - }, - Type: "object", - }, - "labels": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}, - }, - Description: "Labels are layered with Requirements and applied to every node.", - Type: "object", - }, - "limits": { - Description: "Limits define a set of bounds for provisioning capacity.", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "resources": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{ - AnyOf: []apiextensionsv1.JSONSchemaProps{ - {Type: "integer"}, - {Type: "string"}, - }, - Pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - XIntOrString: true, - }, - }, - Description: "Resources contains all the allocatable resources that Karpenter supports for limiting.", - Type: "object", - }, - }, - Type: "object", - }, - "provider": { - Description: "Provider contains fields specific to your cloudprovider.", - Type: "object", - XPreserveUnknownFields: P(true), - }, - "providerRef": { - Description: "ProviderRef is a reference to a dedicated CRD for the chosen provider, that holds additional configuration options", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "apiVersion": { - Description: "API version of the referent", - Type: "string", - }, - "kind": { - Description: "Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds\"", - Type: "string", - }, - "name": { - Description: "Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names", - Type: "string", - }, - }, - Required: []string{"name"}, - Type: "object", - }, - "requirements": { - Description: "Requirements are layered with Labels and applied to every node.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{ - Schema: &apiextensionsv1.JSONSchemaProps{ - Description: "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "key": { - Description: "The label key that the selector applies to.", - Type: "string", - }, - "operator": { - Description: "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", - Type: "string", - }, - "values": { - Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{Schema: &apiextensionsv1.JSONSchemaProps{Type: "string"}}, - Type: "array", - }, - }, - Required: []string{"key", "operator"}, - Type: "object", - }, - }, - Type: "array", - }, - "startupTaints": { - Description: "StartupTaints are taints that are applied to nodes upon startup which are expected to be removed automatically within a short period of time, typically by a DaemonSet that tolerates the taint. These are commonly used by daemonsets to allow initialization and enforce startup ordering. StartupTaints are ignored for provisioning purposes in that pods are not required to tolerate a StartupTaint in order to have nodes provisioned for them.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{ - Schema: &apiextensionsv1.JSONSchemaProps{ - Description: "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "effect": { - Description: "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", - Type: "string", - }, - "key": { - Description: "Required. The taint key to be applied to a node.", - Type: "string", - }, - "timeAdded": { - Description: "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", - Format: "date-time", - Type: "string", - }, - "value": { - Description: "The taint value corresponding to the taint key.", - Type: "string", - }, - }, - Required: []string{"effect", "key"}, - Type: "object", - }, - }, - Type: "array", - }, - "taints": { - Description: "Taints will be applied to every node launched by the Provisioner. If specified, the provisioner will not provision nodes for pods that do not have matching tolerations. Additional taints will be created that match pod tolerations on a per-node basis.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{ - Schema: &apiextensionsv1.JSONSchemaProps{ - Description: "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "effect": { - Description: "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.", - Type: "string", - }, - "key": { - Description: "Required. The taint key to be applied to a node.", - Type: "string", - }, - "timeAdded": { - Description: "TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.", - Format: "date-time", - Type: "string", - }, - "value": { - Description: "The taint value corresponding to the taint key.", - Type: "string", - }, - }, - Required: []string{"effect", "key"}, - Type: "object", - }, - }, - Type: "array", - }, - "ttlSecondsAfterEmpty": { - Description: "TTLSecondsAfterEmpty is the number of seconds the controller will wait before attempting to delete a node, measured from when the node is detected to be empty. A Node is considered to be empty when it does not have pods scheduled to it, excluding daemonsets. \n Termination due to no utilization is disabled if this field is not set.", - Format: "int64", - Type: "integer", - }, - "ttlSecondsUntilExpired": { - Description: "TTLSecondsUntilExpired is the number of seconds the controller will wait before terminating a node, measured from when the node is created. This is useful to implement features like eventually consistent node upgrade, memory leak protection, and disruption testing. \n Termination due to expiration is disabled if this field is not set.", - Format: "int64", - Type: "integer", - }, - "weight": { - Description: "Weight is the priority given to the provisioner during scheduling. A higher numerical weight indicates that this provisioner will be ordered ahead of other provisioners with lower weights. A provisioner with no weight will be treated as if it is a provisioner with a weight of 0.", - Format: "int32", - Maximum: P(100.0), - Minimum: P(1.0), - Type: "integer", - }, - }, - Type: "object", - }, - "status": { - Description: "ProvisionerStatus defines the observed state of Provisioner", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "conditions": { - Description: "Conditions is the set of conditions required for this provisioner to scale its target, and indicates whether or not those conditions are met.", - Items: &apiextensionsv1.JSONSchemaPropsOrArray{ - Schema: &apiextensionsv1.JSONSchemaProps{ - Description: "Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties", - Properties: map[string]apiextensionsv1.JSONSchemaProps{ - "lastTransitionTime": { - Description: "LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).", - Type: "string", - }, - "message": { - Description: "A human readable message indicating details about the transition.", - Type: "string", - }, - "reason": { - Description: "The reason for the condition's last transition.", - Type: "string", - }, - "severity": { - Description: "Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.", - Type: "string", - }, - "status": { - Description: "Status of the condition, one of True, False, Unknown.", - Type: "string", - }, - "type": { - Description: "Type of condition.", - Type: "string", - }, - }, - Required: []string{"status", "type"}, - Type: "object", - }, - }, - Type: "array", - }, - "lastScaleTime": { - Description: "LastScaleTime is the last time the Provisioner scaled the number of nodes", - Format: "date-time", - Type: "string", - }, - "resources": { - AdditionalProperties: &apiextensionsv1.JSONSchemaPropsOrBool{ - Allows: true, - Schema: &apiextensionsv1.JSONSchemaProps{ - AnyOf: []apiextensionsv1.JSONSchemaProps{ - {Type: "integer"}, - {Type: "string"}, - }, - Pattern: "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", - XIntOrString: true, - }, - }, - Description: "Resources is the list of resources that have been provisioned.", - Type: "object", - }, - }, - Type: "object", - }, - }, - Type: "object", - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} diff --git a/docs/platypus/pkg/platform/karpenter/deploy.go b/docs/platypus/pkg/platform/karpenter/deploy.go deleted file mode 100644 index 018c7e6..0000000 --- a/docs/platypus/pkg/platform/karpenter/deploy.go +++ /dev/null @@ -1,216 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - policyv1 "k8s.io/api/policy/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -// P returns a pointer to the given value. -func P[T any](t T) *T { - return &t -} - -var Pdb = &policyv1.PodDisruptionBudget{ - TypeMeta: metav1.TypeMeta{ - Kind: "PodDisruptionBudget", - APIVersion: "policy/v1", - }, - ObjectMeta: metav1.ObjectMeta{Name: "karpenter", Namespace: "karpenter"}, - Spec: policyv1.PodDisruptionBudgetSpec{ - Selector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": "karpenter", - "app.kubernetes.io/name": "karpenter", - }, - }, MaxUnavailable: &intstr.IntOrString{IntVal: 1}, - }, -} - -var matchLabels = map[string]string{ - "app.kubernetes.io/instance": "karpenter", - "app.kubernetes.io/name": "karpenter", -} - -var ContainerPorts = []corev1.ContainerPort{ - { - Name: "http-metrics", - ContainerPort: 8080, - Protocol: corev1.Protocol("TCP"), - }, - { - Name: "http", - ContainerPort: 8081, - Protocol: corev1.Protocol("TCP"), - }, - { - Name: "https-webhook", - ContainerPort: 8443, - Protocol: corev1.Protocol("TCP"), - }, -} - -var SetNodeAffinity = &corev1.Affinity{ - NodeAffinity: &corev1.NodeAffinity{ - RequiredDuringSchedulingIgnoredDuringExecution: &corev1.NodeSelector{ - NodeSelectorTerms: []corev1.NodeSelectorTerm{ - { - MatchExpressions: []corev1.NodeSelectorRequirement{ - { - Key: "karpenter.sh/provisioner-name", - Operator: corev1.NodeSelectorOperator( - "DoesNotExist", - ), - }, - }, - }, - }, - }, - }, -} - -var Environment = []corev1.EnvVar{ - { - Name: "KUBERNETES_MIN_VERSION", - Value: "1.19.0-0", - }, - { - Name: "KARPENTER_SERVICE", - Value: "karpenter", - }, - {Name: "WEBHOOK_PORT", Value: "8443"}, - {Name: "METRICS_PORT", Value: "8080"}, - { - Name: "HEALTH_PROBE_PORT", - Value: "8081", - }, - { - Name: "SYSTEM_NAMESPACE", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ - FieldPath: "metadata.namespace", - }, - }, - }, - { - Name: "MEMORY_LIMIT", - ValueFrom: &corev1.EnvVarSource{ - ResourceFieldRef: &corev1.ResourceFieldSelector{ - ContainerName: "controller", - Resource: "limits.memory", - Divisor: resource.MustParse("0"), - }, - }, - }, -} - -var Deploy = &appsv1.Deployment{ - TypeMeta: kubeutil.TypeDeploymentV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter", - Namespace: "karpenter", - Labels: commonLabels, - }, - Spec: appsv1.DeploymentSpec{ - Replicas: P(int32(2)), - Selector: &metav1.LabelSelector{ - MatchLabels: matchLabels, - }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: matchLabels, - }, Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "controller", - Image: "public.ecr.aws/karpenter/controller:v" + Version, - Ports: ContainerPorts, - Env: Environment, - Resources: corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceName("cpu"): resource.MustParse( - "1", - ), - corev1.ResourceName("memory"): resource.MustParse( - "1Gi", - ), - }, - Requests: corev1.ResourceList{ - corev1.ResourceName("cpu"): resource.MustParse( - "1", - ), - corev1.ResourceName("memory"): resource.MustParse( - "1Gi", - ), - }, - }, - LivenessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/healthz", - Port: intstr.IntOrString{ - Type: intstr.Type(1), - StrVal: "http", - }, - }, - }, InitialDelaySeconds: 30, TimeoutSeconds: 30, - }, - ReadinessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/readyz", - Port: intstr.IntOrString{ - Type: intstr.Type(1), - StrVal: "http", - }, - }, - }, TimeoutSeconds: 30, - }, - ImagePullPolicy: corev1.PullPolicy("IfNotPresent"), - }, - }, - DNSPolicy: corev1.DNSPolicy("Default"), - NodeSelector: map[string]string{ - "kubernetes.io/os": "linux", - }, - ServiceAccountName: "karpenter", - SecurityContext: &corev1.PodSecurityContext{ - FSGroup: P(int64(1000)), - }, - Affinity: SetNodeAffinity, - Tolerations: []corev1.Toleration{ - { - Key: "CriticalAddonsOnly", - Operator: corev1.TolerationOperator("Exists"), - }, - }, - PriorityClassName: "system-cluster-critical", - TopologySpreadConstraints: []corev1.TopologySpreadConstraint{ - { - MaxSkew: 1, - TopologyKey: "topology.kubernetes.io/zone", - WhenUnsatisfiable: corev1.UnsatisfiableConstraintAction( - "ScheduleAnyway", - ), - LabelSelector: &metav1.LabelSelector{ - MatchLabels: matchLabels, - }, - }, - }, - }, - }, - Strategy: appsv1.DeploymentStrategy{ - RollingUpdate: &appsv1.RollingUpdateDeployment{ - MaxUnavailable: &intstr.IntOrString{IntVal: 1}, - }, - }, - RevisionHistoryLimit: P(int32(10)), - }, -} diff --git a/docs/platypus/pkg/platform/karpenter/fargateprofile.go b/docs/platypus/pkg/platform/karpenter/fargateprofile.go deleted file mode 100644 index 42b2130..0000000 --- a/docs/platypus/pkg/platform/karpenter/fargateprofile.go +++ /dev/null @@ -1,102 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "fmt" - - aws "github.com/golingon/terraproviders/aws/4.60.0" - "github.com/golingon/terraproviders/aws/4.60.0/dataiampolicydocument" - "github.com/golingon/terraproviders/aws/4.60.0/eksfargateprofile" - - "github.com/golingon/lingon/pkg/terra" -) - -const ( - awsPolicyARNPrefix = "arn:aws:iam::aws:policy/" - awsEKSWorkerNodePolicy = "AmazonEKSWorkerNodePolicy" - awsEC2ContainerRegistryReadOnly = "AmazonEC2ContainerRegistryReadOnly" - awsEKSFargatePodExecutionRolePolicy = "AmazonEKSFargatePodExecutionRolePolicy" - awsEKSCNIPolicy = "AmazonEKS_CNI_Policy" - awsSSMManagedInstanceCore = "AmazonSSMManagedInstanceCore" -) - -// FargateProfile is the AWS EKS Fargate profile for the Karpenter pods to -// run on -type FargateProfile struct { - FargateProfile *aws.EksFargateProfile `validate:"required"` - IAMRole *aws.IamRole `validate:"required"` - AssumeRole *aws.DataIamPolicyDocument `validate:"required"` - PolicyAttachments []*aws.IamRolePolicyAttachment `validate:"required,dive,required"` -} - -func newFargateProfile( - opts InfraOpts, -) FargateProfile { - arPolicy := aws.NewDataIamPolicyDocument( - "fargate", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ - { - Effect: S("Allow"), - Actions: terra.SetString("sts:AssumeRole"), - Principals: []dataiampolicydocument.Principals{ - { - Type: S("Service"), - Identifiers: terra.SetString( - "eks-fargate-pods." + - "amazonaws.com", - ), - }, - }, - }, - }, - }, - ) - - iamRole := aws.NewIamRole( - "fargate", aws.IamRoleArgs{ - Name: S(opts.Name + "-fargate"), - Description: S( - "IAM Role for Fargate profile for Karpenter pods to run", - ), - AssumeRolePolicy: arPolicy.Attributes().Json(), - }, - ) - - policies := []string{ - awsEKSFargatePodExecutionRolePolicy, - awsEKSCNIPolicy, - } - - policyAttachments := make([]*aws.IamRolePolicyAttachment, len(policies)) - for i, policy := range policies { - policyAttachments[i] = aws.NewIamRolePolicyAttachment( - fmt.Sprintf("%s_attach_%s", "fargate", policy), - aws.IamRolePolicyAttachmentArgs{ - PolicyArn: S(awsPolicyARNPrefix + policy), - Role: iamRole.Attributes().Name(), - }, - ) - } - - fargateProfile := aws.NewEksFargateProfile( - "karpenter", aws.EksFargateProfileArgs{ - ClusterName: S(opts.ClusterName), - FargateProfileName: S("karpenter"), - PodExecutionRoleArn: iamRole.Attributes().Arn(), - SubnetIds: terra.SetString(opts.PrivateSubnetIDs[:]...), - Selector: []eksfargateprofile.Selector{ - { - Namespace: S(Namespace), - }, - }, - }, - ) - return FargateProfile{ - FargateProfile: fargateProfile, - IAMRole: iamRole, - AssumeRole: arPolicy, - PolicyAttachments: policyAttachments, - } -} diff --git a/docs/platypus/pkg/platform/karpenter/infra.go b/docs/platypus/pkg/platform/karpenter/infra.go deleted file mode 100644 index 223aedd..0000000 --- a/docs/platypus/pkg/platform/karpenter/infra.go +++ /dev/null @@ -1,262 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "fmt" - - aws "github.com/golingon/terraproviders/aws/4.60.0" - "github.com/golingon/terraproviders/aws/4.60.0/dataiampolicydocument" - "github.com/golingon/terraproviders/aws/4.60.0/iamrole" - - "github.com/golingon/lingon/pkg/terra" -) - -var S = terra.String - -type InfraOpts struct { - Name string - ClusterName string - ClusterARN string - PrivateSubnetIDs [3]string - OIDCProviderArn string - OIDCProviderURL string -} - -func NewInfra( - opts InfraOpts, -) Infra { - ip := newInstanceProfile(opts.ClusterName) - return Infra{ - FargateProfile: newFargateProfile( - opts, - ), - InstanceProfile: ip, - Controller: newController( - opts, - ip.IAMRole, - ), - } -} - -// Infra is all the cloud resources for Karpenter to run on a pre-existing EKS -// cluster with an OIDC provider -type Infra struct { - FargateProfile - InstanceProfile - Controller -} - -// Controller contains all the resources for the Karpenter controller. -// This includes the IAM role used to manage EC2 nodes (and more) via IRSA -// (IAM Roles for ServiceAccounts) and the SQS (Simple Queue Service) for being -// notified about nodes being terminated (typically spot instances). -type Controller struct { - NodeTerminationQueue - IAMRole -} - -func newController( - opts InfraOpts, - ipRole *aws.IamRole, -) Controller { - queue := newNodeTerminationQueue(opts) - return Controller{ - IAMRole: newIAMRole( - opts, - ipRole, - queue.SimpleQueue, - ), - NodeTerminationQueue: queue, - } -} - -type IAMRole struct { - AssumeRolePolicy *aws.DataIamPolicyDocument `validate:"required"` - Role *aws.IamRole `validate:"required"` - RolePolicy *aws.DataIamPolicyDocument `validate:"required"` -} - -func newIAMRole( - opts InfraOpts, - ipRole *aws.IamRole, - queue *aws.SqsQueue, -) IAMRole { - assumeRolePolicy := aws.NewDataIamPolicyDocument( - "karpenter_assume_role", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ - { - Actions: terra.Set(S("sts:AssumeRoleWithWebIdentity")), - Principals: []dataiampolicydocument.Principals{ - { - Type: S("Federated"), - Identifiers: terra.Set(S(opts.OIDCProviderArn)), - }, - }, - Condition: []dataiampolicydocument.Condition{ - { - Test: S("StringEquals"), - Variable: S(opts.OIDCProviderURL + ":sub"), - Values: terra.ListString( - fmt.Sprintf( - "system:serviceaccount:%s:%s", - Namespace, - AppName, - ), - ), - }, - { - Test: S("StringEquals"), - Variable: S(opts.OIDCProviderURL + ":aud"), - Values: terra.ListString("sts.amazonaws.com"), - }, - }, - }, - }, - }, - ) - policy := aws.NewDataIamPolicyDocument( - "karpenter", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ - { - Actions: terra.SetString( - "ec2:DescribeImages", - "ec2:RunInstances", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeAvailabilityZones", - "ec2:DeleteLaunchTemplate", - "ec2:CreateTags", - "ec2:CreateLaunchTemplate", - "ec2:CreateFleet", - "ec2:DescribeSpotPriceHistory", - "pricing:GetProducts", - "ssm:GetParameter", - ), - Effect: S("Allow"), - Resources: terra.SetString("*"), - }, - { - Actions: terra.SetString( - "ec2:TerminateInstances", - "ec2:DeleteLaunchTemplate", - ), - Effect: S("Allow"), - Resources: terra.SetString("*"), - Condition: []dataiampolicydocument.Condition{ - { - Test: S("StringEquals"), - Variable: S( - "ec2:ResourceTag/karpenter.sh/discovery", - ), - Values: terra.ListString(opts.ClusterName), - }, - }, - }, - { - Actions: terra.SetString( - "eks:DescribeCluster", - ), - Effect: S("Allow"), - Resources: terra.SetString(opts.ClusterARN), - }, - - // The Karpenter IRSA role has to have permission to pass on the - // InstanceProfile IAM Role - { - Actions: terra.SetString( - "iam:PassRole", - ), - Effect: S("Allow"), - Resources: terra.Set(ipRole.Attributes().Arn()), - }, - - // For AWS SQS spot interruption queue - { - Actions: terra.SetString( - "sqs:DeleteMessage", - "sqs:GetQueueUrl", - "sqs:GetQueueAttributes", - "sqs:ReceiveMessage", - ), - Effect: S("Allow"), - Resources: terra.Set(queue.Attributes().Arn()), - }, - }, - }, - ) - role := aws.NewIamRole( - "karpenter", aws.IamRoleArgs{ - Name: terra.String( - opts.Name + "-controller", - ), - Description: S( - "IAM Role for Karpenter Controller (pod) to assume", - ), - AssumeRolePolicy: assumeRolePolicy.Attributes().Json(), - - InlinePolicy: []iamrole.InlinePolicy{ - { - Name: S(AppName), - Policy: policy.Attributes().Json(), - }, - }, - }, - ) - return IAMRole{ - AssumeRolePolicy: assumeRolePolicy, - Role: role, - RolePolicy: policy, - } -} - -func newNodeTerminationQueue(opts InfraOpts) NodeTerminationQueue { - queue := aws.NewSqsQueue( - "karpenter", aws.SqsQueueArgs{ - Name: S(opts.Name), - MessageRetentionSeconds: terra.Number(300), - }, - ) - policyDoc := aws.NewDataIamPolicyDocument( - "node_termination_queue", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ - { - Sid: S("SQSWrite"), - Resources: terra.Set(queue.Attributes().Arn()), - Actions: terra.SetString("sqs:SendMessage"), - Principals: []dataiampolicydocument.Principals{ - { - Type: S("Service"), - Identifiers: terra.SetString( - "events.amazonaws.com", - "sqs.amazonaws.com", - ), - }, - }, - }, - }, - }, - ) - queuePolicy := aws.NewSqsQueuePolicy( - "karpenter", aws.SqsQueuePolicyArgs{ - QueueUrl: queue.Attributes().Url(), - Policy: policyDoc.Attributes().Json(), - }, - ) - return NodeTerminationQueue{ - SimpleQueue: queue, - QueuePolicy: queuePolicy, - QueuePolicyDocument: policyDoc, - } -} - -type NodeTerminationQueue struct { - SimpleQueue *aws.SqsQueue `validate:"required"` - QueuePolicy *aws.SqsQueuePolicy `validate:"required"` - QueuePolicyDocument *aws.DataIamPolicyDocument `validate:"required"` -} diff --git a/docs/platypus/pkg/platform/karpenter/instanceprofile.go b/docs/platypus/pkg/platform/karpenter/instanceprofile.go deleted file mode 100644 index 98c2b6e..0000000 --- a/docs/platypus/pkg/platform/karpenter/instanceprofile.go +++ /dev/null @@ -1,89 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "fmt" - - aws "github.com/golingon/terraproviders/aws/4.60.0" - "github.com/golingon/terraproviders/aws/4.60.0/dataiampolicydocument" - - "github.com/golingon/lingon/pkg/terra" -) - -// InstanceProfile is the AWS EC2 Instance Profile for the nodes provisioned by -// Karpenter to use. -type InstanceProfile struct { - InstanceProfile *aws.IamInstanceProfile `validate:"required"` - IAMRole *aws.IamRole `validate:"required"` - AssumeRole *aws.DataIamPolicyDocument `validate:"required"` - PolicyAttachments []*aws.IamRolePolicyAttachment `validate:"required,dive,required"` -} - -func newInstanceProfile( - clusterName string, -) InstanceProfile { - arPolicy := aws.NewDataIamPolicyDocument( - "eks_node", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ - { - Sid: S("EKSNodeAssumeRole"), - Effect: S("Allow"), - Actions: terra.SetString("sts:AssumeRole"), - Principals: []dataiampolicydocument.Principals{ - { - Type: S("Service"), - Identifiers: terra.SetString( - "ec2.amazonaws.com", - ), - }, - }, - }, - }, - }, - ) - - iamRole := aws.NewIamRole( - "eks_node", aws.IamRoleArgs{ - Name: S("platypus-karpenter-node"), - Description: S( - "IAM Role for Karpenter's InstanceProfile to use when" + - " launching nodes", - ), - AssumeRolePolicy: arPolicy.Attributes().Json(), - }, - ) - - policies := []string{ - awsEKSWorkerNodePolicy, - awsEC2ContainerRegistryReadOnly, - awsEKSCNIPolicy, - awsSSMManagedInstanceCore, - } - - policyAttachments := make([]*aws.IamRolePolicyAttachment, len(policies)) - for i, policy := range policies { - policyAttachments[i] = aws.NewIamRolePolicyAttachment( - fmt.Sprintf("eks_node_attach_%s", policy), - aws.IamRolePolicyAttachmentArgs{ - PolicyArn: S(awsPolicyARNPrefix + policy), - Role: iamRole.Attributes().Name(), - }, - ) - } - - instanceProfile := aws.NewIamInstanceProfile( - "karpenter", aws.IamInstanceProfileArgs{ - Name: S("platypus-karpenter-instance-profile"), - Role: iamRole.Attributes().Name(), - }, - ) - - return InstanceProfile{ - InstanceProfile: instanceProfile, - IAMRole: iamRole, - AssumeRole: arPolicy, - PolicyAttachments: policyAttachments, - } -} diff --git a/docs/platypus/pkg/platform/karpenter/karpenter.go b/docs/platypus/pkg/platform/karpenter/karpenter.go deleted file mode 100644 index 1fc1cc6..0000000 --- a/docs/platypus/pkg/platform/karpenter/karpenter.go +++ /dev/null @@ -1,169 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "github.com/golingon/lingon/docs/platypus/pkg/platform/karpenter/crd" - - "github.com/golingon/lingon/pkg/kube" - "github.com/golingon/lingon/pkg/kubeutil" - ar "k8s.io/api/admissionregistration/v1" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - policyv1 "k8s.io/api/policy/v1" - rbacv1 "k8s.io/api/rbac/v1" - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var _ kube.Exporter = (*Karpenter)(nil) - -const ( - AppName = "karpenter" - Namespace = "karpenter" - Version = "0.25.0" -) - -var commonLabels = map[string]string{ - kubeutil.AppLabelInstance: AppName, - kubeutil.AppLabelManagedBy: "lingon", - kubeutil.AppLabelName: AppName, - kubeutil.AppLabelVersion: Version, -} - -func appendCommonLabels(items map[string]string) map[string]string { - m := map[string]string{} - for n, v := range commonLabels { - m[n] = v - } - for n, v := range items { - m[n] = v - } - return m -} - -type Karpenter struct { - kube.App - - CustomResourceDefinitions - - Ns *corev1.Namespace - // Configuration - CertSecret *corev1.Secret - Settings *corev1.ConfigMap - // LoggingConfig is not mounted but can be modified thanks to Role - LoggingConfig *corev1.ConfigMap - - // Application - Deploy *appsv1.Deployment - Svc *corev1.Service - Pdb *policyv1.PodDisruptionBudget - - // IAM - SA *corev1.ServiceAccount - - DNSRole *rbacv1.Role - DNSRb *rbacv1.RoleBinding - Role *rbacv1.Role - Rb *rbacv1.RoleBinding - - // IAM cluster - CR *rbacv1.ClusterRole - CRB *rbacv1.ClusterRoleBinding - CoreCR *rbacv1.ClusterRole - CoreCRB *rbacv1.ClusterRoleBinding - AdminCR *rbacv1.ClusterRole - // AdminCRB *rbacv1.ClusterRoleBinding // ??? - - // Webhooks - WHValidation *ar.ValidatingWebhookConfiguration - WHValidationAWS *ar.ValidatingWebhookConfiguration - WHValidationConfig *ar.ValidatingWebhookConfiguration - - WHMutation *ar.MutatingWebhookConfiguration - WHMutationAWS *ar.MutatingWebhookConfiguration -} - -type CustomResourceDefinitions struct { - AWSNodeTemplates *apiextensionsv1.CustomResourceDefinition - Provisioner *apiextensionsv1.CustomResourceDefinition -} - -type Opts struct { - ClusterName string - ClusterEndpoint string - IAMRoleArn string - DefaultInstanceProfile string - InterruptQueue string -} - -func New( - opts Opts, -) *Karpenter { - sacc := &corev1.ServiceAccount{ - TypeMeta: kubeutil.TypeServiceAccountV1, - ObjectMeta: kubeutil.ObjectMeta( - AppName, - Namespace, - commonLabels, - map[string]string{"eks.amazonaws.com/role-arn": opts.IAMRoleArn}, - ), - } - - return &Karpenter{ - CustomResourceDefinitions: CustomResourceDefinitions{ - AWSNodeTemplates: crd.AwsnodetemplatesKarpenterK8SAwsCRD, - Provisioner: crd.ProvisionersKarpenterShCRD, - }, - - Ns: &corev1.Namespace{ - TypeMeta: kubeutil.TypeNamespaceV1, - ObjectMeta: metav1.ObjectMeta{ - Name: Namespace, - Labels: commonLabels, - }, - Spec: corev1.NamespaceSpec{}, - }, - CertSecret: CertSecret, - Settings: GlobalSettings(opts), - LoggingConfig: LoggingConfig, - - Deploy: kubeutil.SetDeploySA(Deploy, sacc.Name), - Svc: Svc, - Pdb: Pdb, - - SA: sacc, - DNSRole: DnsRole, - DNSRb: DnsRoleBinding, - Role: Role, - Rb: kubeutil.BindRole( - "karpenter-rb", - sacc, - Role, - commonLabels, - ), - - CR: CanUpdateWebhooks, - CRB: kubeutil.BindClusterRole( - "karpenter-crb-hook", - sacc, - CanUpdateWebhooks, - commonLabels, - ), - CoreCR: CoreCr, - CoreCRB: kubeutil.BindClusterRole( - "karpenter-crb-core", - sacc, - CoreCr, - commonLabels, - ), - AdminCR: AdminCr, - - WHValidation: WebhookValidationKarpenter, - WHValidationAWS: WebhookValidationKarpenterAWS, - WHValidationConfig: WebhookValidationKarpenterConfig, - WHMutation: WebhookMutatingKarpenter, - WHMutationAWS: WebhookMutatingKarpenterAws, - } -} diff --git a/docs/platypus/pkg/platform/karpenter/provisioners.go b/docs/platypus/pkg/platform/karpenter/provisioners.go deleted file mode 100644 index 639ec8d..0000000 --- a/docs/platypus/pkg/platform/karpenter/provisioners.go +++ /dev/null @@ -1,107 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "github.com/aws/karpenter-core/pkg/apis/v1alpha5" - "github.com/aws/karpenter/pkg/apis/v1alpha1" - "github.com/golingon/lingon/pkg/kube" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -type Provisioners struct { - kube.App - - AWSNodeTemplate *v1alpha1.AWSNodeTemplate - Default *v1alpha5.Provisioner -} - -type ProvisionersOpts struct { - ClusterName string - AvailabilityZones [3]string -} - -func NewProvisioners( - opts ProvisionersOpts, -) Provisioners { - var ttlSecondsAfterEmpty int64 = 30 - // Kill each node after one hour, testing this feature a bit - var ttlSecondsUntilExpired int64 = 3600 - - nodeTmpl := v1alpha1.AWSNodeTemplate{ - TypeMeta: metav1.TypeMeta{ - Kind: "AWSNodeTemplate", - APIVersion: "karpenter.k8s.aws/v1alpha1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "default", - }, - Spec: v1alpha1.AWSNodeTemplateSpec{ - AWS: v1alpha1.AWS{ - SubnetSelector: map[string]string{ - "karpenter.sh/discovery": opts.ClusterName, - }, - SecurityGroupSelector: map[string]string{ - "karpenter.sh/discovery": opts.ClusterName, - }, - Tags: map[string]string{ - "karpenter.sh/discovery": opts.ClusterName, - }, - }, - }, - } - - defaultProvisioner := v1alpha5.Provisioner{ - TypeMeta: metav1.TypeMeta{ - Kind: "Provisioner", - APIVersion: "karpenter.sh/v1alpha5", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "default", - }, - Spec: v1alpha5.ProvisionerSpec{ - ProviderRef: &v1alpha5.MachineTemplateRef{ - Name: nodeTmpl.Name, - }, - // TODO: cilium taints - // StartupTaints: []corev1.Taint{ - // { - // Key: "node.cilium.io/agent-not-ready", - // Effect: "NoExecute", - // }, - // }, - Requirements: []corev1.NodeSelectorRequirement{ - { - Key: "karpenter.k8s.aws/instance-category", - Operator: corev1.NodeSelectorOpIn, - Values: []string{"m"}, - }, - { - Key: "karpenter.k8s.aws/instance-cpu", - Operator: corev1.NodeSelectorOpIn, - Values: []string{"4"}, - }, - { - Key: "topology.kubernetes.io/zone", - Operator: corev1.NodeSelectorOpIn, - // TODO: get values from terraform - Values: opts.AvailabilityZones[:], - }, - { - Key: "karpenter.sh/capacity-type", - Operator: corev1.NodeSelectorOpIn, - Values: []string{"spot"}, - }, - }, - TTLSecondsAfterEmpty: &ttlSecondsAfterEmpty, - TTLSecondsUntilExpired: &ttlSecondsUntilExpired, - // Limits: nil, - }, - } - return Provisioners{ - AWSNodeTemplate: &nodeTmpl, - Default: &defaultProvisioner, - } -} diff --git a/docs/platypus/pkg/platform/karpenter/roles.go b/docs/platypus/pkg/platform/karpenter/roles.go deleted file mode 100644 index c85521b..0000000 --- a/docs/platypus/pkg/platform/karpenter/roles.go +++ /dev/null @@ -1,96 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var DnsRole = &rbacv1.Role{ - TypeMeta: kubeutil.TypeRoleV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter-dns", - Namespace: "kube-system", - Labels: commonLabels, - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{"get"}, - APIGroups: []string{""}, - Resources: []string{"services"}, - ResourceNames: []string{"kube-dns"}, - }, - }, -} - -var DnsRoleBinding = &rbacv1.RoleBinding{ - TypeMeta: kubeutil.TypeRoleBindingV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter-dns", - Namespace: "kube-system", - Labels: commonLabels, - }, - Subjects: kubeutil.RoleSubject("karpenter", "karpenter"), - RoleRef: kubeutil.RoleRef("karpenter-dns"), -} - -var Role = &rbacv1.Role{ - TypeMeta: kubeutil.TypeRoleV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter", - Namespace: "karpenter", - Labels: commonLabels, - }, - Rules: []rbacv1.PolicyRule{ - { - Verbs: []string{"get", "watch"}, - APIGroups: []string{"coordination.k8s.io"}, - Resources: []string{"leases"}, - }, - { - Verbs: []string{"get", "list", "watch"}, - APIGroups: []string{""}, - Resources: []string{"configmaps", "namespaces", "secrets"}, - }, - { - Verbs: []string{"update"}, - APIGroups: []string{""}, - Resources: []string{"secrets"}, - ResourceNames: []string{"karpenter-cert"}, - }, - { - Verbs: []string{"update", "patch", "delete"}, - APIGroups: []string{""}, - Resources: []string{"configmaps"}, - ResourceNames: []string{ - "karpenter-global-settings", - "config-logging", - }, - }, - { - Verbs: []string{"patch", "update"}, - APIGroups: []string{"coordination.k8s.io"}, - Resources: []string{"leases"}, - ResourceNames: []string{ - "karpenter-leader-election", - "webhook.configmapwebhook.00-of-01", - "webhook.defaultingwebhook.00-of-01", - "webhook.validationwebhook.00-of-01", - "webhook.webhookcertificates.00-of-01", - }, - }, - { - Verbs: []string{"create"}, - APIGroups: []string{"coordination.k8s.io"}, - Resources: []string{"leases"}, - }, - { - Verbs: []string{"create"}, - APIGroups: []string{""}, - Resources: []string{"configmaps"}, - }, - }, -} diff --git a/docs/platypus/pkg/platform/karpenter/svc.go b/docs/platypus/pkg/platform/karpenter/svc.go deleted file mode 100644 index a3b2b65..0000000 --- a/docs/platypus/pkg/platform/karpenter/svc.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -var Svc = &corev1.Service{ - TypeMeta: kubeutil.TypeServiceV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "karpenter", - Namespace: "karpenter", - Labels: commonLabels, - }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceType("ClusterIP"), - Selector: matchLabels, - Ports: []corev1.ServicePort{ - { - Name: "http-metrics", - Protocol: corev1.ProtocolTCP, - Port: 8080, - TargetPort: intstr.IntOrString{ - Type: intstr.Type(1), - StrVal: "http-metrics", - }, - }, - { - Name: "https-webhook", - Protocol: corev1.ProtocolTCP, - Port: 443, - TargetPort: intstr.IntOrString{ - Type: intstr.Type(1), - StrVal: "https-webhook", - }, - }, - }, - }, -} diff --git a/docs/platypus/pkg/platform/karpenter/webhooks.go b/docs/platypus/pkg/platform/karpenter/webhooks.go deleted file mode 100644 index ef430f2..0000000 --- a/docs/platypus/pkg/platform/karpenter/webhooks.go +++ /dev/null @@ -1,203 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package karpenter - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - ar "k8s.io/api/admissionregistration/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var WebhookMutatingKarpenterAws = &ar.MutatingWebhookConfiguration{ - TypeMeta: kubeutil.TypeMutatingWebhookConfigurationV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "defaulting.webhook.karpenter.k8s.aws", - Labels: commonLabels, - }, - Webhooks: []ar.MutatingWebhook{ - { - Name: "defaulting.webhook.karpenter.k8s.aws", - ClientConfig: webHookClientConfig, - Rules: []ar.RuleWithOperations{ - awsRuleWithNoDeleteOp, - karpenterRuleWithNoDeleteOp, - }, - FailurePolicy: P(ar.Fail), - SideEffects: P(ar.SideEffectClassNone), - AdmissionReviewVersions: []string{"v1"}, - }, - }, -} - -var awsRuleWithNoDeleteOp = ar.RuleWithOperations{ - Operations: createUpdateOps, - Rule: awsNodeTemplateRule, -} - -var WebhookMutatingKarpenter = &ar.MutatingWebhookConfiguration{ - TypeMeta: kubeutil.TypeMutatingWebhookConfigurationV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "defaulting.webhook.karpenter.sh", - Labels: commonLabels, - }, - Webhooks: []ar.MutatingWebhook{ - { - Name: "defaulting.webhook.karpenter.sh", - ClientConfig: webHookClientConfig, - Rules: []ar.RuleWithOperations{ - karpenterRuleWithNoDeleteOp, - }, - FailurePolicy: P(ar.Fail), - SideEffects: P(ar.SideEffectClassNone), - AdmissionReviewVersions: []string{"v1"}, - }, - }, -} - -var karpenterRuleWithAllOperations = ar.RuleWithOperations{ - Operations: allOperations, - Rule: provisionersRule, -} - -var karpenterRuleWithNoDeleteOp = ar.RuleWithOperations{ - Operations: createUpdateOps, - Rule: provisionersRule, -} - -var webHookClientConfig = ar.WebhookClientConfig{ - Service: &ar.ServiceReference{ - Namespace: AppName, - Name: Namespace, - }, -} - -var createUpdateOps = []ar.OperationType{ - ar.Create, - ar.Update, -} - -var allOperations = []ar.OperationType{ - ar.Create, - ar.Update, - ar.Delete, -} - -var provisionersRule = ar.Rule{ - APIGroups: []string{"karpenter.sh"}, - APIVersions: []string{"v1alpha5"}, - Resources: []string{ - "provisioners", - "provisioners/status", - }, -} - -var awsNodeTemplateRule = ar.Rule{ - APIGroups: []string{"karpenter.k8s.aws"}, - APIVersions: []string{"v1alpha1"}, - Resources: []string{ - "awsnodetemplates", - "awsnodetemplates/status", - }, - Scope: P(ar.AllScopes), -} - -var WebhookValidationKarpenter = &ar.ValidatingWebhookConfiguration{ - TypeMeta: kubeutil.TypeValidatingWebhookConfigurationV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "validation.webhook.karpenter.sh", - Labels: commonLabels, - }, - Webhooks: []ar.ValidatingWebhook{ - { - Name: "validation.webhook.karpenter.sh", - ClientConfig: webHookClientConfig, - Rules: []ar.RuleWithOperations{ - { - Operations: createUpdateOps, - Rule: provisionersRule, - }, - }, - FailurePolicy: P(ar.Fail), - SideEffects: P(ar.SideEffectClassNone), - AdmissionReviewVersions: []string{"v1"}, - }, - }, -} - -var WebhookValidationKarpenterAWS = &ar.ValidatingWebhookConfiguration{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "admissionregistration.k8s.io/v1", - Kind: "ValidatingWebhookConfiguration", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "validation.webhook.karpenter.k8s.aws", - Labels: commonLabels, - }, - Webhooks: []ar.ValidatingWebhook{ - { - AdmissionReviewVersions: []string{"v1"}, - ClientConfig: ar.WebhookClientConfig{ - Service: &ar.ServiceReference{ - Name: "karpenter", - Namespace: "karpenter", - }, - }, - FailurePolicy: P(ar.FailurePolicyType("Fail")), - Name: "validation.webhook.karpenter.k8s.aws", - Rules: []ar.RuleWithOperations{ - { - Operations: []ar.OperationType{ - ar.OperationType("CREATE"), - ar.OperationType("UPDATE"), - }, - Rule: ar.Rule{ - APIGroups: []string{"karpenter.k8s.aws"}, - APIVersions: []string{"v1alpha1"}, - Resources: []string{ - "awsnodetemplates", - "awsnodetemplates/status", - }, - Scope: P(ar.ScopeType("*")), - }, - }, { - Operations: []ar.OperationType{ - ar.OperationType("CREATE"), - ar.OperationType("UPDATE"), - }, - Rule: ar.Rule{ - APIGroups: []string{"karpenter.sh"}, - APIVersions: []string{"v1alpha5"}, - Resources: []string{ - "provisioners", - "provisioners/status", - }, - }, - }, - }, - SideEffects: P(ar.SideEffectClass("None")), - }, - }, -} - -var WebhookValidationKarpenterConfig = &ar.ValidatingWebhookConfiguration{ - TypeMeta: kubeutil.TypeValidatingWebhookConfigurationV1, - ObjectMeta: metav1.ObjectMeta{ - Name: "validation.webhook.config.karpenter.sh", - Labels: commonLabels, - }, - Webhooks: []ar.ValidatingWebhook{ - { - Name: "validation.webhook.config.karpenter.sh", - ClientConfig: webHookClientConfig, - ObjectSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/part-of": "karpenter", - }, - }, - FailurePolicy: P(ar.Fail), - SideEffects: P(ar.SideEffectClassNone), - AdmissionReviewVersions: []string{"v1"}, - }, - }, -} diff --git a/docs/platypus/pkg/platform/tekton/app.go b/docs/platypus/pkg/platform/tekton/app.go deleted file mode 100644 index 7c71752..0000000 --- a/docs/platypus/pkg/platform/tekton/app.go +++ /dev/null @@ -1,393 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - "context" - "errors" - "os" - "os/exec" - - "github.com/golingon/lingon/pkg/kube" - "github.com/golingon/lingon/pkg/kubeutil" - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - appsv1 "k8s.io/api/apps/v1" - autoscalingv2 "k8s.io/api/autoscaling/v2" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - AppName = "tekton-pipelines" - WebhookName = "webhook" - WebhookFullName = AppName + "-" + WebhookName - ControllerName = "controller" - ControllerFullName = AppName + "-" + ControllerName - ResolversName = "resolvers" - ResolversFullName = AppName + "-" + ResolversName - - Version = "v0.46.0" - WebhookPort = 8443 - WebhookImage = "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.46.0@sha256:5dc383dc1bd71d81180e0e4da68be966ebf383cfd0ac9f53a72cff11463e7f59" - ControllerImage = "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.46.0@sha256:d67fb2fb69ec38571ce3f71ce09571154e4b5db9b4cf71d69c2cb32455a4f8b4" - ResolversImage = "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.46.0@sha256:f57448b914c72c03cbf36228134cc9ed24e28fef6d2e0d6d72c34908f38d8742" -) - -var ( - PipelinesNS = kubeutil.Namespace( - AppName, kubeutil.MergeLabels( - labelsPipelines, map[string]string{ - kubeutil.NSLabelPodSecurityEnforce: kubeutil.NSValuePodSecurityRestricted, - }, - ), nil, - ) - - ResolversNS = kubeutil.Namespace( - ResolversFullName, - kubeutil.MergeLabels( - labelsResolvers, map[string]string{ - kubeutil.NSLabelPodSecurityEnforce: kubeutil.NSValuePodSecurityRestricted, - }, - ), nil, - ) -) - -// validate the struct implements the interface -var _ kube.Exporter = (*Tekton)(nil) - -// Tekton contains kubernetes manifests -type Tekton struct { - kube.App - CRD - - PipelinesNS *corev1.Namespace - ResolversNS *corev1.Namespace - - AggregateEditCR *rbacv1.ClusterRole - AggregateViewCR *rbacv1.ClusterRole - BundleResolverConfigCM *corev1.ConfigMap - ClusterResolverConfigCM *corev1.ConfigMap - ConfigDefaultsCM *corev1.ConfigMap - ConfigLeaderElectionCM *corev1.ConfigMap - ConfigLeaderElectionResolversCM *corev1.ConfigMap - ConfigLoggingCM *corev1.ConfigMap - ConfigLoggingResolversCM *corev1.ConfigMap - ConfigObservabilityCM *corev1.ConfigMap - ConfigObservabilityResolversCM *corev1.ConfigMap - ConfigRegistryCertCM *corev1.ConfigMap - ConfigSpireCM *corev1.ConfigMap - FeatureFlagsCM *corev1.ConfigMap - GitResolverConfigCM *corev1.ConfigMap - HubResolverConfigCM *corev1.ConfigMap - PipelinesControllerClusterAccessCR *rbacv1.ClusterRole - PipelinesControllerClusterAccessCRB *rbacv1.ClusterRoleBinding - PipelinesControllerDeploy *appsv1.Deployment - PipelinesControllerLeaderElectionRB *rbacv1.RoleBinding - PipelinesControllerRB *rbacv1.RoleBinding - PipelinesControllerRole *rbacv1.Role - PipelinesControllerSA *corev1.ServiceAccount - PipelinesControllerSVC *corev1.Service - PipelinesControllerTenantAccessCR *rbacv1.ClusterRole - PipelinesControllerTenantAccessCRB *rbacv1.ClusterRoleBinding - PipelinesInfoCM *corev1.ConfigMap - PipelinesInfoRB *rbacv1.RoleBinding - PipelinesInfoRole *rbacv1.Role - PipelinesLeaderElectionRole *rbacv1.Role - PipelinesRemoteResolversDeploy *appsv1.Deployment - PipelinesResolversCRB *rbacv1.ClusterRoleBinding - PipelinesResolversNamespaceRbacRB *rbacv1.RoleBinding - PipelinesResolversNamespaceRbacRole *rbacv1.Role - PipelinesResolversResolutionRequestUpdatesCR *rbacv1.ClusterRole - PipelinesResolversSA *corev1.ServiceAccount - PipelinesWebhookClusterAccessCR *rbacv1.ClusterRole - PipelinesWebhookClusterAccessCRB *rbacv1.ClusterRoleBinding - PipelinesWebhookDeploy *appsv1.Deployment - PipelinesWebhookHPA *autoscalingv2.HorizontalPodAutoscaler - PipelinesWebhookLeaderelectionRB *rbacv1.RoleBinding - PipelinesWebhookRB *rbacv1.RoleBinding - PipelinesWebhookRole *rbacv1.Role - PipelinesWebhookSA *corev1.ServiceAccount - PipelinesWebhookSVC *corev1.Service - ResolversFeatureFlagsCM *corev1.ConfigMap - WebhookCertsSecrets *corev1.Secret - ValidatePipelineWebhook *admissionregistrationv1.ValidatingWebhookConfiguration - ValidateConfigPipelineWebhook *admissionregistrationv1.ValidatingWebhookConfiguration - MutatePipelineWebhook *admissionregistrationv1.MutatingWebhookConfiguration -} - -type CRD struct { - ClusterTasksDevCRD *apiextensionsv1.CustomResourceDefinition - CustomRunsDevCRD *apiextensionsv1.CustomResourceDefinition - PipelineRunsDevCRD *apiextensionsv1.CustomResourceDefinition - PipelinesDevCRD *apiextensionsv1.CustomResourceDefinition - ResolutionRequestsResolutionDevCRD *apiextensionsv1.CustomResourceDefinition - RunsDevCRD *apiextensionsv1.CustomResourceDefinition - TaskRunsDevCRD *apiextensionsv1.CustomResourceDefinition - TasksDevCRD *apiextensionsv1.CustomResourceDefinition - VerificationPoliciesDevCRD *apiextensionsv1.CustomResourceDefinition -} - -var labelsPipelines = map[string]string{ - kubeutil.AppLabelInstance: "default", - kubeutil.AppLabelPartOf: AppName, -} - -var labelsVersion = map[string]string{ - kubeutil.AppLabelVersion: Version, - "pipeline.tekton.dev/release": Version, - // labels below are related to istio and should not be used for resource lookup - "version": Version, -} - -var labelsResolvers = map[string]string{ - kubeutil.AppLabelComponent: ResolversName, - kubeutil.AppLabelInstance: "default", - kubeutil.AppLabelPartOf: AppName, -} - -var PipelinesResolversSA = kubeutil.ServiceAccount( - ResolversFullName, - ResolversNS.Name, - labelsResolvers, - nil, -) - -var labelsController = map[string]string{ - kubeutil.AppLabelComponent: ControllerName, - kubeutil.AppLabelInstance: "default", - kubeutil.AppLabelPartOf: AppName, -} - -var PipelinesControllerSA = kubeutil.ServiceAccount( - ControllerFullName, - PipelinesNS.Name, - labelsController, - nil, -) - -var labelsWebhook = map[string]string{ - kubeutil.AppLabelComponent: WebhookName, - kubeutil.AppLabelInstance: "default", - kubeutil.AppLabelPartOf: AppName, -} - -var PipelinesWebhookSA = kubeutil.ServiceAccount( - WebhookFullName, - PipelinesNS.Name, - labelsWebhook, - nil, -) - -// New creates a new Tekton -func New() *Tekton { - return &Tekton{ - CRD: CRD{ - ClusterTasksDevCRD: ClusterTasksDevCRD, - CustomRunsDevCRD: CustomRunsDevCRD, - PipelineRunsDevCRD: PipelineRunsDevCRD, - PipelinesDevCRD: PipelinesDevCRD, - ResolutionRequestsResolutionDevCRD: ResolutionRequestsCRD, - RunsDevCRD: RunsDevCRD, - TaskRunsDevCRD: TaskRunsDevCRD, - TasksDevCRD: TasksDevCRD, - VerificationPoliciesDevCRD: VerificationPoliciesDevCRD, - }, - - PipelinesNS: PipelinesNS, - ResolversNS: ResolversNS, - - AggregateEditCR: AggregateEditCR, - AggregateViewCR: AggregateViewCR, - PipelinesInfoCM: PipelinesInfoCM, - PipelinesInfoRB: &rbacv1.RoleBinding{ - // DO NOT REPLACE WITH kubeutil.BindRole, see Subjects! - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "tekton-pipelines-info", - Namespace: PipelinesNS.Name, - }, - RoleRef: rbacv1.RoleRef{ - APIGroup: "rbac.authorization.k8s.io", - Kind: "Role", - Name: "tekton-pipelines-info", - }, - Subjects: []rbacv1.Subject{ - { - APIGroup: "rbac.authorization.k8s.io", - Kind: "Group", - Name: "system:authenticated", - }, - }, - TypeMeta: kubeutil.TypeRoleBindingV1, - }, - PipelinesInfoRole: PipelinesInfoRole, - PipelinesRemoteResolversDeploy: PipelinesRemoteResolversDeploy, - - /* - CONFIGS - */ - - BundleResolverConfigCM: BundleResolverConfigCM, - ClusterResolverConfigCM: ClusterResolverConfigCM, - ConfigDefaultsCM: ConfigDefaultsCM, - ConfigLeaderElectionCM: ConfigLeaderElectionCM, - ConfigLeaderElectionResolversCM: ConfigLeaderElectionResolversCM, - ConfigLoggingCM: ConfigLoggingCM, - ConfigLoggingResolversCM: ConfigLoggingResolversCM, - ConfigObservabilityCM: ConfigObservabilityCM, - ConfigObservabilityResolversCM: ConfigObservabilityResolversCM, - ConfigRegistryCertCM: ConfigRegistryCertCM, - ConfigSpireCM: ConfigSpireCM, - FeatureFlagsCM: FeatureFlagsCM, - GitResolverConfigCM: GitResolverConfigCM, - HubResolverConfigCM: HubresolverConfigCM, - - /* - RESOLVERS - */ - PipelinesResolversSA: PipelinesResolversSA, - PipelinesResolversResolutionRequestUpdatesCR: PipelinesResolversResolutionRequestUpdatesCR, - PipelinesResolversCRB: kubeutil.BindClusterRole( - ResolversFullName, - PipelinesResolversSA, - PipelinesResolversResolutionRequestUpdatesCR, - labelsResolvers, - ), - PipelinesResolversNamespaceRbacRole: PipelinesResolversNamespaceRbacRole, - PipelinesResolversNamespaceRbacRB: kubeutil.BindRole( - ResolversFullName+"-namespace-rbac", - PipelinesResolversSA, - PipelinesResolversNamespaceRbacRole, - labelsResolvers, - ), - ResolversFeatureFlagsCM: ResolversFeatureFlagsCM, - - /* - CONTROLLER - */ - PipelinesControllerDeploy: PipelinesControllerDeploy, - PipelinesControllerSVC: PipelinesControllerSVC, - - PipelinesControllerSA: PipelinesControllerSA, - PipelinesControllerRole: PipelinesControllerRole, - PipelinesControllerRB: kubeutil.BindRole( - ControllerFullName, - PipelinesControllerSA, - PipelinesControllerRole, - labelsController, - ), - PipelinesControllerClusterAccessCR: PipelinesControllerClusterAccessCR, - PipelinesControllerClusterAccessCRB: kubeutil.BindClusterRole( - ControllerFullName+"-cluster-access", - PipelinesControllerSA, - PipelinesControllerClusterAccessCR, - labelsController, - ), - PipelinesControllerLeaderElectionRB: kubeutil.BindRole( - ControllerFullName+"-leaderelection", - PipelinesControllerSA, - PipelinesLeaderElectionRole, - labelsController, - ), - PipelinesControllerTenantAccessCR: PipelinesControllerTenantAccessCR, - PipelinesControllerTenantAccessCRB: kubeutil.BindClusterRole( - ControllerFullName+"-tenant-access", - PipelinesControllerSA, - PipelinesControllerTenantAccessCR, - labelsController, - ), - - PipelinesLeaderElectionRole: PipelinesLeaderElectionRole, - - /* - WEBHOOK - */ - PipelinesWebhookDeploy: kubeutil.SetDeploySA( - PipelinesWebhookDeploy, - PipelinesWebhookSA.Name, - ), - PipelinesWebhookHPA: PipelinesWebhookHPA, - PipelinesWebhookSA: PipelinesWebhookSA, - PipelinesWebhookSVC: PipelinesWebhookSVC, - - PipelinesWebhookClusterAccessCR: PipelinesWebhookClusterAccessCR, - PipelinesWebhookClusterAccessCRB: kubeutil.BindClusterRole( - PipelinesWebhookClusterAccessCR.Name, - PipelinesWebhookSA, - PipelinesWebhookClusterAccessCR, - labelsWebhook, - ), - - PipelinesWebhookRole: PipelinesWebhookRole, - PipelinesWebhookRB: kubeutil.BindRole( - WebhookFullName, - PipelinesWebhookSA, - PipelinesWebhookRole, - labelsWebhook, - ), - PipelinesWebhookLeaderelectionRB: kubeutil.BindRole( - WebhookFullName+"-leaderelection", - PipelinesWebhookSA, - PipelinesLeaderElectionRole, - labelsWebhook, - ), - - WebhookCertsSecrets: WebhookCertsSecrets, - ValidatePipelineWebhook: ValidationWebhookPipelineDevValidatingwebhookconfigurations, - ValidateConfigPipelineWebhook: ConfigWebhookPipelineDevValidatingwebhookconfigurations, - MutatePipelineWebhook: WebhookPipelineDevMutatingwebhookconfigurations, - } -} - -// Apply applies the kubernetes objects to the cluster -func (a *Tekton) Apply(ctx context.Context) error { - return Apply(ctx, a) -} - -// Export exports the kubernetes objects to YAML files in the given directory -func (a *Tekton) Export(dir string) error { - return kube.Export(a, kube.WithExportOutputDirectory(dir)) -} - -// P converts T to *T, useful for basic types -func P[T any](t T) *T { - return &t -} - -// Apply applies the kubernetes objects contained in Exporter to the cluster -func Apply(ctx context.Context, km kube.Exporter) error { - cmd := exec.CommandContext(ctx, "kubectl", "apply", "-f", "-") - cmd.Env = os.Environ() // inherit environment in case we need to use kubectl from a container - stdin, err := cmd.StdinPipe() // pipe to pass data to kubectl - if err != nil { - return err - } - - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - - go func() { - defer func() { - err = errors.Join(err, stdin.Close()) - }() - if errEW := kube.Export( - km, - kube.WithExportWriter(stdin), - ); errEW != nil { - err = errors.Join(err, errEW) - } - }() - - if errS := cmd.Start(); errS != nil { - return errors.Join(err, errS) - } - - // waits for the command to exit and waits for any copying - // to stdin or copying from stdout or stderr to complete - return errors.Join(err, cmd.Wait()) -} diff --git a/docs/platypus/pkg/platform/tekton/cluster-role.go b/docs/platypus/pkg/platform/tekton/cluster-role.go deleted file mode 100644 index 966da74..0000000 --- a/docs/platypus/pkg/platform/tekton/cluster-role.go +++ /dev/null @@ -1,316 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var PipelinesControllerClusterAccessCR = &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsController, - Name: "tekton-pipelines-controller-cluster-access", - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{}, - Resources: []string{"pods"}, - Verbs: []string{"list", "watch"}, - }, { - APIGroups: []string{"tekton.dev"}, - Resources: []string{ - "tasks", - "clustertasks", - "taskruns", - "pipelines", - "pipelineruns", - "pipelineresources", - "runs", - "customruns", - }, - Verbs: []string{ - "get", - "list", - "create", - "update", - "delete", - "patch", - "watch", - }, - }, { - APIGroups: []string{"tekton.dev"}, - Resources: []string{"verificationpolicies"}, - Verbs: []string{"get", "list", "watch"}, - }, { - APIGroups: []string{"tekton.dev"}, - Resources: []string{ - "taskruns/finalizers", - "pipelineruns/finalizers", - "runs/finalizers", - "customruns/finalizers", - }, - Verbs: []string{ - "get", - "list", - "create", - "update", - "delete", - "patch", - "watch", - }, - }, { - APIGroups: []string{"tekton.dev"}, - Resources: []string{ - "tasks/status", - "clustertasks/status", - "taskruns/status", - "pipelines/status", - "pipelineruns/status", - "pipelineresources/status", - "runs/status", - "customruns/status", - "verificationpolicies/status", - }, - Verbs: []string{ - "get", - "list", - "create", - "update", - "delete", - "patch", - "watch", - }, - }, { - APIGroups: []string{"resolution.tekton.dev"}, - Resources: []string{ - "resolutionrequests", - "resolutionrequests/status", - }, - Verbs: []string{ - "get", - "list", - "create", - "update", - "delete", - "patch", - "watch", - }, - }, - }, - TypeMeta: kubeutil.TypeClusterRoleV1, -} - -var PipelinesResolversResolutionRequestUpdatesCR = &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "tekton-pipelines-resolvers-resolution-request-updates", - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{"resolution.tekton.dev"}, - Resources: []string{ - "resolutionrequests", - "resolutionrequests/status", - }, - Verbs: []string{"get", "list", "watch", "update", "patch"}, - }, { - APIGroups: []string{"tekton.dev"}, - Resources: []string{"tasks", "pipelines"}, - Verbs: []string{"get", "list"}, - }, { - APIGroups: []string{}, - Resources: []string{"secrets"}, - Verbs: []string{"get", "list", "watch"}, - }, - }, - TypeMeta: kubeutil.TypeClusterRoleV1, -} - -var PipelinesWebhookClusterAccessCR = &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsWebhook, - Name: "tekton-pipelines-webhook-cluster-access", - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{"apiextensions.k8s.io"}, - ResourceNames: []string{ - PipelinesDevCRD.Name, - // "pipelineruns.tekton.dev", - RunsDevCRD.Name, - // "runs.tekton.dev", - TasksDevCRD.Name, - // "tasks.tekton.dev", - ClusterTasksDevCRD.Name, - // "clustertasks.tekton.dev", - TaskRunsDevCRD.Name, - // "taskruns.tekton.dev", - PipelineResourcesDevCRD.Name, - // "pipelineresources.tekton.dev", - ResolutionRequestsCRD.Name, - // "resolutionrequests.resolution.tekton.dev", - CustomRunsDevCRD.Name, - // "customruns.tekton.dev", - VerificationPoliciesDevCRD.Name, - // "verificationpolicies.tekton.dev", - }, - Resources: []string{ - "customresourcedefinitions", - "customresourcedefinitions/status", - }, - Verbs: []string{"get", "update", "patch"}, - }, { - APIGroups: []string{"apiextensions.k8s.io"}, - Resources: []string{"customresourcedefinitions"}, - Verbs: []string{"list", "watch"}, - }, { - APIGroups: []string{"admissionregistration.k8s.io"}, - Resources: []string{ - "mutatingwebhookconfigurations", - "validatingwebhookconfigurations", - }, - Verbs: []string{"list", "watch"}, - }, { - APIGroups: []string{"admissionregistration.k8s.io"}, - ResourceNames: []string{"webhook.pipeline.tekton.dev"}, - Resources: []string{"mutatingwebhookconfigurations"}, - Verbs: []string{"get", "update", "delete"}, - }, { - APIGroups: []string{"admissionregistration.k8s.io"}, - ResourceNames: []string{ - "validation.webhook.pipeline.tekton.dev", - "config.webhook.pipeline.tekton.dev", - }, - Resources: []string{"validatingwebhookconfigurations"}, - Verbs: []string{"get", "update", "delete"}, - }, { - APIGroups: []string{}, - ResourceNames: []string{"tekton-pipelines"}, - Resources: []string{"namespaces"}, - Verbs: []string{"get"}, - }, { - APIGroups: []string{}, - ResourceNames: []string{"tekton-pipelines"}, - Resources: []string{"namespaces/finalizers"}, - Verbs: []string{"update"}, - }, - }, - TypeMeta: kubeutil.TypeClusterRoleV1, -} - -var PipelinesControllerTenantAccessCR = &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsController, - Name: "tekton-pipelines-controller-tenant-access", - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{}, - Resources: []string{"pods", "persistentvolumeclaims"}, - Verbs: []string{ - "get", - "list", - "create", - "update", - "delete", - "patch", - "watch", - }, - }, { - APIGroups: []string{}, - Resources: []string{"events"}, - Verbs: []string{"create", "update", "patch"}, - }, { - APIGroups: []string{}, - Resources: []string{ - "configmaps", - "limitranges", - "secrets", - "serviceaccounts", - }, - Verbs: []string{"get", "list", "watch"}, - }, { - APIGroups: []string{"apps"}, - Resources: []string{"statefulsets"}, - Verbs: []string{ - "get", - "list", - "create", - "update", - "delete", - "patch", - "watch", - }, - }, - }, - TypeMeta: kubeutil.TypeClusterRoleV1, -} - -var AggregateEditCR = &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - labelsPipelines, map[string]string{ - kubeutil.LabelRbacAggregateToAdmin: "true", - kubeutil.LabelRbacAggregateToEdit: "true", - }, - ), - Name: "tekton-aggregate-edit", - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{"tekton.dev"}, - Resources: []string{ - "tasks", - "taskruns", - "pipelines", - "pipelineruns", - "pipelineresources", - "runs", - "customruns", - }, - Verbs: []string{ - "create", - "delete", - "deletecollection", - "get", - "list", - "patch", - "update", - "watch", - }, - }, - }, - TypeMeta: kubeutil.TypeClusterRoleV1, -} - -var AggregateViewCR = &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - labelsPipelines, map[string]string{ - kubeutil.LabelRbacAggregateToView: "true", - }, - ), - Name: "tekton-aggregate-view", - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{"tekton.dev"}, - Resources: []string{ - "tasks", - "taskruns", - "pipelines", - "pipelineruns", - "pipelineresources", - "runs", - "customruns", - }, - Verbs: []string{"get", "list", "watch"}, - }, - }, - TypeMeta: kubeutil.TypeClusterRoleV1, -} diff --git a/docs/platypus/pkg/platform/tekton/config-map.go b/docs/platypus/pkg/platform/tekton/config-map.go deleted file mode 100644 index 88a14cf..0000000 --- a/docs/platypus/pkg/platform/tekton/config-map.go +++ /dev/null @@ -1,634 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var GitResolverConfigCM = &corev1.ConfigMap{ - Data: map[string]string{ - // The key in the API token secret containing the actual token. Required when using the authenticated API. - "api-token-secret-key": "", - // The Kubernetes secret containing the API token for the SCM provider. Required when using the authenticated API. - "api-token-secret-name": "", - // The namespace containing the API token secret. Defaults to "default". - "api-token-secret-namespace": "default", - /* - The default organization to look for repositories under when using the authenticated API, - if not specified in the resolver parameters. Optional. - */ - "default-org": "", - // The git revision to fetch the remote resource from with either anonymous cloning or the authenticated API. - "default-revision": "main", - // The git url to fetch the remote resource from when using anonymous cloning. - "default-url": "https://github.com/tektoncd/catalog.git", - // The maximum amount of time a single anonymous cloning resolution may take. - "fetch-timeout": "1m", - // The SCM type to use with the authenticated API. Can be github, gitlab, gitea, bitbucketserver, bitbucketcloud - "scm-type": "github", - // The SCM server URL to use with the authenticated API. Not needed when using github.com, gitlab.com, or BitBucket Cloud - "server-url": "", - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "git-resolver-config", - Namespace: ResolversNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var PipelinesInfoCM = &corev1.ConfigMap{ - Data: map[string]string{ - /* - Contains pipelines version which can be queried by external - tools such as CLI. Elevated permissions are already given to - this ConfigMap such that even if we don't have access to - other resources in the namespace we still can have access to - this ConfigMap. - */ - "version": "v0.45.0", - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "pipelines-info", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var BundleResolverConfigCM = &corev1.ConfigMap{ - Data: map[string]string{ - // The default layer kind in the bundle image. - "default-kind": "task", - // the default service account name to use for bundle requests. - "default-service-account": "default", - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "bundleresolver-config", - Namespace: ResolversNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigObservabilityCM = &corev1.ConfigMap{ - Data: map[string]string{ - "_example": ` -################################ -# # -# EXAMPLE CONFIGURATION # -# # -################################ - -# This block is not actually functional configuration, -# but serves to illustrate the available configuration -# options and document them in a way that is accessible -# to users that "kubectl edit" this config map. -# -# These sample configuration options may be copied out of -# this example block and unindented to be in the data block -# to actually change the configuration. - -# metrics.backend-destination field specifies the system metrics destination. -# It supports either prometheus (the default) or stackdriver. -# Note: Using Stackdriver will incur additional charges. -metrics.backend-destination: prometheus - -# metrics.stackdriver-project-id field specifies the Stackdriver project ID. This -# field is optional. When running on GCE, application default credentials will be -# used and metrics will be sent to the cluster's project if this field is -# not provided. -metrics.stackdriver-project-id: "" - -# metrics.allow-stackdriver-custom-metrics indicates whether it is allowed -# to send metrics to Stackdriver using "global" resource type and custom -# metric type. Setting this flag to "true" could cause extra Stackdriver -# charge. If metrics.backend-destination is not Stackdriver, this is -# ignored. -metrics.allow-stackdriver-custom-metrics: "false" -metrics.taskrun.level: "task" -metrics.taskrun.duration-type: "histogram" -metrics.pipelinerun.level: "pipeline" -metrics.pipelinerun.duration-type: "histogram" - -`, - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "config-observability", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var FeatureFlagsCM = &corev1.ConfigMap{ - Data: map[string]string{ - /* - Setting this flag to "false" will stop Tekton from waiting for a - TaskRun's sidecar containers to be running before starting the first - step. This will allow Tasks to be run in environments that don't - support the DownwardAPI volume type, but may lead to unintended - behaviour if sidecars are used. - # - See https://github.com/tektoncd/pipeline/issues/4937 for more info. - */ - "await-sidecar-readiness": "true", - /* - Setting this flag will determine the version for custom tasks created by PipelineRuns. - Acceptable values are "v1beta1" and "v1alpha1". - The default is "v1beta1". - */ - "custom-task-version": "v1beta1", - /* - Setting this flag to "true" will prevent Tekton to create an - Affinity Assistant for every TaskRun sharing a PVC workspace - # - The default behaviour is for Tekton to create Affinity Assistants - # - See more in the workspace documentation about Affinity Assistant - https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline - or https://github.com/tektoncd/pipeline/pull/2630 for more info. - */ - "disable-affinity-assistant": "false", - /* - Setting this flag to "true" will prevent Tekton scanning attached - service accounts and injecting any credentials it finds into your - Steps. - # - The default behaviour currently is for Tekton to search service - accounts for secrets matching a specified format and automatically - mount those into your Steps. - # - Note: setting this to "true" will prevent PipelineResources from - working. - # - See https://github.com/tektoncd/pipeline/issues/2791 for more - info. - */ - "disable-creds-init": "false", - /* - Setting this flag will determine which gated features are enabled. - Acceptable values are "stable", "beta", or "alpha". - */ - "enable-api-fields": "stable", - /* - Setting this flag to "true" enables populating the "provenance" field in TaskRun - and PipelineRun status. This field contains metadata about resources used - in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline - definition was fetched. - */ - "enable-provenance-in-status": "false", - /* - Setting this flag to "true" enables the use of Tekton OCI bundle. - This is an experimental feature and thus should still be considered - an alpha feature. - */ - "enable-tekton-oci-bundles": "false", - /* - Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. - If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. - If set to "none", then Tekton will not have non-falsifiable provenance. - This is an experimental feature and thus should still be considered an alpha feature. - */ - "enforce-nonfalsifiablity": "none", - /* - Setting this flag to "true" will require that any Git SSH Secret - offered to Tekton must have known_hosts included. - # - See https://github.com/tektoncd/pipeline/issues/2981 for more - info. - */ - "require-git-ssh-secret-known-hosts": "false", - /* - Setting this flag to "enforce" will enforce verification of tasks/pipeline. Failing to verify - will fail the taskrun/pipelinerun. "warn" will only log the err message and "skip" - will skip the whole verification - */ - "resource-verification-mode": "skip", - /* - This option should be set to false when Pipelines is running in a - cluster that does not use injected sidecars such as Istio. Setting - it to false should decrease the time it takes for a TaskRun to start - running. For clusters that use injected sidecars, setting this - option to false can lead to unexpected behavior. - # - See https://github.com/tektoncd/pipeline/issues/2080 for more info. - */ - "running-in-environment-with-injected-sidecars": "true", - /* - Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a - CloudEvents sink is configured in the config-defaults config map - */ - "send-cloudevents-for-runs": "false", - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "feature-flags", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ClusterResolverConfigCM = &corev1.ConfigMap{ - Data: map[string]string{ - // An optional comma-separated list of namespaces which the resolver is allowed to access. Defaults to empty, meaning all namespaces are allowed. - "allowed-namespaces": "", - // An optional comma-separated list of namespaces which the resolver is blocked from accessing. Defaults to empty, meaning all namespaces are allowed. - "blocked-namespaces": "", - // The default kind to fetch. - "default-kind": "task", - // The default namespace to look for resources in. - "default-namespace": "", - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "cluster-resolver-config", - Namespace: ResolversNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigLeaderElectionResolversCM = &corev1.ConfigMap{ - Data: map[string]string{ - "_example": ` -################################ -# # -# EXAMPLE CONFIGURATION # -# # -################################ -# This block is not actually functional configuration, -# but serves to illustrate the available configuration -# options and document them in a way that is accessible -# to users that "kubectl edit" this config map. -# -# These sample configuration options may be copied out of -# this example block and unindented to be in the data block -# to actually change the configuration. -# lease-duration is how long non-leaders will wait to try to acquire the -# lock; 15 seconds is the value used by core kubernetes controllers. -lease-duration: "60s" -# renew-deadline is how long a leader will try to renew the lease before -# giving up; 10 seconds is the value used by core kubernetes controllers. -renew-deadline: "40s" -# retry-period is how long the leader election client waits between tries of -# actions; 2 seconds is the value used by core kubernetes controllers. -retry-period: "10s" -# buckets is the number of buckets used to partition key space of each -# Reconciler. If this number is M and the replica number of the controller -# is N, the N replicas will compete for the M buckets. The owner of a -# bucket will take care of the reconciling for the keys partitioned into -# that bucket. -buckets: "1" - -`, - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "config-leader-election", - Namespace: ResolversNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var HubresolverConfigCM = &corev1.ConfigMap{ - Data: map[string]string{ - // the default Artifact Hub Pipeline catalog from where to pull the resource. - "default-artifact-hub-pipeline-catalog": "tekton-catalog-pipelines", - // the default Artifact Hub Task catalog from where to pull the resource. - "default-artifact-hub-task-catalog": "tekton-catalog-tasks", - // the default layer kind in the hub image. - "default-kind": "task", - // the default Tekton Hub catalog from where to pull the resource. - "default-tekton-hub-catalog": "Tekton", - // the default hub source to pull the resource from. - "default-type": "artifact", - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "hubresolver-config", - Namespace: ResolversNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigSpireCM = &corev1.ConfigMap{ - Data: map[string]string{ - "_example": ` -################################ -# # -# EXAMPLE CONFIGURATION # -# # -################################ -# This block is not actually functional configuration, -# but serves to illustrate the available configuration -# options and document them in a way that is accessible -# to users that "kubectl edit" this config map. -# -# These sample configuration options may be copied out of -# this example block and unindented to be in the data block -# to actually change the configuration. -# -# spire-trust-domain specifies the SPIRE trust domain to use. -# spire-trust-domain: "example.org" -# -# spire-socket-path specifies the SPIRE agent socket for SPIFFE workload API. -# spire-socket-path: "unix:///spiffe-workload-api/spire-agent.sock" -# -# spire-server-addr specifies the SPIRE server address for workload/node registration. -# spire-server-addr: "spire-server.spire.svc.cluster.local:8081" -# -# spire-node-alias-prefix specifies the SPIRE node alias prefix to use. -# spire-node-alias-prefix: "/tekton-node/" - -`, - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "config-spire", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigLoggingCM = &corev1.ConfigMap{ - Data: map[string]string{ - // Log level overrides - "loglevel.controller": "info", - "loglevel.webhook": "info", - "zap-logger-config": ` -{ - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } -} - -`, - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "config-logging", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigRegistryCertCM = &corev1.ConfigMap{ - Data: nil, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "config-registry-cert", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigLeaderElectionCM = &corev1.ConfigMap{ - Data: map[string]string{ - "_example": ` -################################ -# # -# EXAMPLE CONFIGURATION # -# # -################################ -# This block is not actually functional configuration, -# but serves to illustrate the available configuration -# options and document them in a way that is accessible -# to users that "kubectl edit" this config map. -# -# These sample configuration options may be copied out of -# this example block and unindented to be in the data block -# to actually change the configuration. -# lease-duration is how long non-leaders will wait to try to acquire the -# lock; 15 seconds is the value used by core kubernetes controllers. -lease-duration: "60s" -# renew-deadline is how long a leader will try to renew the lease before -# giving up; 10 seconds is the value used by core kubernetes controllers. -renew-deadline: "40s" -# retry-period is how long the leader election client waits between tries of -# actions; 2 seconds is the value used by core kubernetes controllers. -retry-period: "10s" -# buckets is the number of buckets used to partition key space of each -# Reconciler. If this number is M and the replica number of the controller -# is N, the N replicas will compete for the M buckets. The owner of a -# bucket will take care of the reconciling for the keys partitioned into -# that bucket. -buckets: "1" - -`, - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "config-leader-election", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigLoggingResolversCM = &corev1.ConfigMap{ - Data: map[string]string{ - // Log level overrides - "loglevel.controller": "info", - "loglevel.webhook": "info", - "zap-logger-config": ` -{ - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } -} - -`, - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "config-logging", - Namespace: ResolversNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigObservabilityResolversCM = &corev1.ConfigMap{ - Data: map[string]string{ - "_example": ` -################################ -# # -# EXAMPLE CONFIGURATION # -# # -################################ - -# This block is not actually functional configuration, -# but serves to illustrate the available configuration -# options and document them in a way that is accessible -# to users that "kubectl edit" this config map. -# -# These sample configuration options may be copied out of -# this example block and unindented to be in the data block -# to actually change the configuration. - -# metrics.backend-destination field specifies the system metrics destination. -# It supports either prometheus (the default) or stackdriver. -# Note: Using stackdriver will incur additional charges -metrics.backend-destination: prometheus - -# metrics.request-metrics-backend-destination specifies the request metrics -# destination. If non-empty, it enables queue proxy to send request metrics. -# Currently supported values: prometheus, stackdriver. -metrics.request-metrics-backend-destination: prometheus - -# metrics.stackdriver-project-id field specifies the stackdriver project ID. This -# field is optional. When running on GCE, application default credentials will be -# used if this field is not provided. -metrics.stackdriver-project-id: "" - -# metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to -# Stackdriver using "global" resource type and custom metric type if the -# metrics are not supported by "knative_revision" resource type. Setting this -# flag to "true" could cause extra Stackdriver charge. -# If metrics.backend-destination is not Stackdriver, this is ignored. -metrics.allow-stackdriver-custom-metrics: "false" - -`, - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "config-observability", - Namespace: ResolversNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ConfigDefaultsCM = &corev1.ConfigMap{ - Data: map[string]string{ - "_example": ` -################################ -# # -# EXAMPLE CONFIGURATION # -# # -################################ - -# This block is not actually functional configuration, -# but serves to illustrate the available configuration -# options and document them in a way that is accessible -# to users that "kubectl edit" this config map. -# -# These sample configuration options may be copied out of -# this example block and unindented to be in the data block -# to actually change the configuration. - -# default-timeout-minutes contains the default number of -# minutes to use for TaskRun and PipelineRun, if none is specified. -default-timeout-minutes: "60" # 60 minutes - -# default-service-account contains the default service account name -# to use for TaskRun and PipelineRun, if none is specified. -default-service-account: "default" - -# default-managed-by-label-value contains the default value given to the -# "app.kubernetes.io/managed-by" label applied to all Pods created for -# TaskRuns. If a user's requested TaskRun specifies another value for this -# label, the user's request supercedes. -default-managed-by-label-value: "tekton-pipelines" - -# default-pod-template contains the default pod template to use for -# TaskRun and PipelineRun. If a pod template is specified on the -# PipelineRun, the default-pod-template is merged with that one. -# default-pod-template: - -# default-affinity-assistant-pod-template contains the default pod template -# to use for affinity assistant pods. If a pod template is specified on the -# PipelineRun, the default-affinity-assistant-pod-template is merged with -# that one. -# default-affinity-assistant-pod-template: - -# default-cloud-events-sink contains the default CloudEvents sink to be -# used for TaskRun and PipelineRun, when no sink is specified. -# Note that right now it is still not possible to set a PipelineRun or -# TaskRun specific sink, so the default is the only option available. -# If no sink is specified, no CloudEvent is generated -# default-cloud-events-sink: - -# default-task-run-workspace-binding contains the default workspace -# configuration provided for any Workspaces that a Task declares -# but that a TaskRun does not explicitly provide. -# default-task-run-workspace-binding: | -# emptyDir: {} - -# default-max-matrix-combinations-count contains the default maximum number -# of combinations from a Matrix, if none is specified. -default-max-matrix-combinations-count: "256" - -# default-forbidden-env contains comma seperated environment variables that cannot be -# overridden by podTemplate. -default-forbidden-env: - -`, - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "config-defaults", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} - -var ResolversFeatureFlagsCM = &corev1.ConfigMap{ - Data: map[string]string{ - // Setting this flag to "true" enables remote resolution of Tekton OCI bundles. - "enable-bundles-resolver": "true", - // Setting this flag to "true" enables remote resolution of tasks and pipelines from other namespaces within the cluster. - "enable-cluster-resolver": "true", - // Setting this flag to "true" enables remote resolution of tasks and pipelines from Git repositories. - "enable-git-resolver": "true", - // Setting this flag to "true" enables remote resolution of tasks and pipelines via the Tekton Hub. - "enable-hub-resolver": "true", - }, - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "resolvers-feature-flags", - Namespace: ResolversNS.Name, - }, - TypeMeta: kubeutil.TypeConfigMapV1, -} diff --git a/docs/platypus/pkg/platform/tekton/crd.go b/docs/platypus/pkg/platform/tekton/crd.go deleted file mode 100644 index b8097bd..0000000 --- a/docs/platypus/pkg/platform/tekton/crd.go +++ /dev/null @@ -1,683 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var PipelineRunsDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "pipelineruns.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Conversion: &apiextensionsv1.CustomResourceConversion{ - Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), - Webhook: &apiextensionsv1.WebhookConversion{ - ClientConfig: &apiextensionsv1.WebhookClientConfig{ - Service: &apiextensionsv1.ServiceReference{ - Name: "tekton-pipelines-webhook", - Namespace: "tekton-pipelines", - }, - }, - ConversionReviewVersions: []string{"v1beta1", "v1"}, - }, - }, - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "PipelineRun", - Plural: "pipelineruns", - ShortNames: []string{"pr", "prs"}, - Singular: "pipelinerun", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ - { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", - Name: "Succeeded", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", - Name: "Reason", - Type: "string", - }, { - JSONPath: ".status.startTime", - Name: "StartTime", - Type: "date", - }, { - JSONPath: ".status.completionTime", - Name: "CompletionTime", - Type: "date", - }, - }, - Name: "v1beta1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, { - AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ - { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", - Name: "Succeeded", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", - Name: "Reason", - Type: "string", - }, { - JSONPath: ".status.startTime", - Name: "StartTime", - Type: "date", - }, { - JSONPath: ".status.completionTime", - Name: "CompletionTime", - Type: "date", - }, - }, - Name: "v1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var PipelinesDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "pipelines.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Conversion: &apiextensionsv1.CustomResourceConversion{ - Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), - Webhook: &apiextensionsv1.WebhookConversion{ - ClientConfig: &apiextensionsv1.WebhookClientConfig{ - Service: &apiextensionsv1.ServiceReference{ - Name: "tekton-pipelines-webhook", - Namespace: "tekton-pipelines", - }, - }, - ConversionReviewVersions: []string{"v1beta1", "v1"}, - }, - }, - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "Pipeline", - Plural: "pipelines", - Singular: "pipeline", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - Name: "v1beta1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, { - Name: "v1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var ResolutionRequestsCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{"resolution.tekton.dev/release": "devel"}, - Name: "resolutionrequests.resolution.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Conversion: &apiextensionsv1.CustomResourceConversion{ - Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), - Webhook: &apiextensionsv1.WebhookConversion{ - ClientConfig: &apiextensionsv1.WebhookClientConfig{ - Service: &apiextensionsv1.ServiceReference{ - Name: "tekton-pipelines-webhook", - Namespace: "tekton-pipelines", - }, - }, - ConversionReviewVersions: []string{"v1alpha1", "v1beta1"}, - }, - }, - Group: "resolution.tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "ResolutionRequest", - Plural: "resolutionrequests", - ShortNames: []string{"resolutionrequest", "resolutionrequests"}, - Singular: "resolutionrequest", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ - { - JSONPath: ".status.conditions[?(@.type=='Succeeded')].status", - Name: "Succeeded", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type=='Succeeded')].reason", - Name: "Reason", - Type: "string", - }, - }, - Deprecated: true, - Name: "v1alpha1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, { - AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ - { - JSONPath: ".metadata.ownerReferences[0].kind", - Name: "OwnerKind", - Type: "string", - }, { - JSONPath: ".metadata.ownerReferences[0].name", - Name: "Owner", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type=='Succeeded')].status", - Name: "Succeeded", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type=='Succeeded')].reason", - Name: "Reason", - Type: "string", - }, { - JSONPath: ".metadata.creationTimestamp", - Name: "StartTime", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type=='Succeeded')].lastTransitionTime", - Name: "EndTime", - Type: "string", - }, - }, - Name: "v1beta1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var ClusterTasksDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "clustertasks.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Conversion: &apiextensionsv1.CustomResourceConversion{ - Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), - Webhook: &apiextensionsv1.WebhookConversion{ - ClientConfig: &apiextensionsv1.WebhookClientConfig{ - Service: &apiextensionsv1.ServiceReference{ - Name: "tekton-pipelines-webhook", - Namespace: "tekton-pipelines", - }, - }, - ConversionReviewVersions: []string{"v1beta1"}, - }, - }, - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "ClusterTask", - Plural: "clustertasks", - Singular: "clustertask", - }, - Scope: apiextensionsv1.ResourceScope("Cluster"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - Name: "v1beta1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var RunsDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "runs.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "Run", - Plural: "runs", - Singular: "run", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ - { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", - Name: "Succeeded", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", - Name: "Reason", - Type: "string", - }, { - JSONPath: ".status.startTime", - Name: "StartTime", - Type: "date", - }, { - JSONPath: ".status.completionTime", - Name: "CompletionTime", - Type: "date", - }, - }, - Name: "v1alpha1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var PipelineResourcesDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "pipelineresources.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "PipelineResource", - Plural: "pipelineresources", - Singular: "pipelineresource", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - Name: "v1alpha1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var TasksDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "tasks.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Conversion: &apiextensionsv1.CustomResourceConversion{ - Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), - Webhook: &apiextensionsv1.WebhookConversion{ - ClientConfig: &apiextensionsv1.WebhookClientConfig{ - Service: &apiextensionsv1.ServiceReference{ - Name: "tekton-pipelines-webhook", - Namespace: "tekton-pipelines", - }, - }, - ConversionReviewVersions: []string{"v1beta1", "v1"}, - }, - }, - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "Task", - Plural: "tasks", - Singular: "task", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - Name: "v1beta1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, { - Name: "v1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var VerificationPoliciesDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "verificationpolicies.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "VerificationPolicy", - Plural: "verificationpolicies", - Singular: "verificationpolicy", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - Name: "v1alpha1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var TaskRunsDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "taskruns.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Conversion: &apiextensionsv1.CustomResourceConversion{ - Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), - Webhook: &apiextensionsv1.WebhookConversion{ - ClientConfig: &apiextensionsv1.WebhookClientConfig{ - Service: &apiextensionsv1.ServiceReference{ - Name: "tekton-pipelines-webhook", - Namespace: "tekton-pipelines", - }, - }, - ConversionReviewVersions: []string{"v1beta1", "v1"}, - }, - }, - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "TaskRun", - Plural: "taskruns", - ShortNames: []string{"tr", "trs"}, - Singular: "taskrun", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ - { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", - Name: "Succeeded", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", - Name: "Reason", - Type: "string", - }, { - JSONPath: ".status.startTime", - Name: "StartTime", - Type: "date", - }, { - JSONPath: ".status.completionTime", - Name: "CompletionTime", - Type: "date", - }, - }, - Name: "v1beta1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, { - AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ - { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", - Name: "Succeeded", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", - Name: "Reason", - Type: "string", - }, { - JSONPath: ".status.startTime", - Name: "StartTime", - Type: "date", - }, { - JSONPath: ".status.completionTime", - Name: "CompletionTime", - Type: "date", - }, - }, - Name: "v1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} - -var CustomRunsDevCRD = &apiextensionsv1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/part-of": "tekton-pipelines", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "customruns.tekton.dev", - }, - Spec: apiextensionsv1.CustomResourceDefinitionSpec{ - Group: "tekton.dev", - Names: apiextensionsv1.CustomResourceDefinitionNames{ - Categories: []string{"tekton", "tekton-pipelines"}, - Kind: "CustomRun", - Plural: "customruns", - Singular: "customrun", - }, - Scope: apiextensionsv1.ResourceScope("Namespaced"), - Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ - { - AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ - { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", - Name: "Succeeded", - Type: "string", - }, { - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", - Name: "Reason", - Type: "string", - }, { - JSONPath: ".status.startTime", - Name: "StartTime", - Type: "date", - }, { - JSONPath: ".status.completionTime", - Name: "CompletionTime", - Type: "date", - }, - }, - Name: "v1beta1", - Schema: &apiextensionsv1.CustomResourceValidation{ - OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ - Type: "object", - XPreserveUnknownFields: P(true), - }, - }, - Served: true, - Storage: true, - Subresources: &apiextensionsv1.CustomResourceSubresources{}, - }, - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "apiextensions.k8s.io/v1", - Kind: "CustomResourceDefinition", - }, -} diff --git a/docs/platypus/pkg/platform/tekton/deployment.go b/docs/platypus/pkg/platform/tekton/deployment.go deleted file mode 100644 index 0f03b5b..0000000 --- a/docs/platypus/pkg/platform/tekton/deployment.go +++ /dev/null @@ -1,441 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - "fmt" - - "github.com/golingon/lingon/pkg/kubeutil" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -var PipelinesWebhookDeploy = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: WebhookName}, - labelsWebhook, - labelsVersion, - ), - Name: WebhookFullName, - Namespace: PipelinesNS.Name, - }, - Spec: appsv1.DeploymentSpec{ - Selector: &metav1.LabelSelector{ - MatchLabels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: WebhookName}, - labelsWebhook, - ), - }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - map[string]string{ - "app": WebhookFullName, - kubeutil.AppLabelName: WebhookName, - }, - labelsWebhook, - labelsVersion, - ), - }, - Spec: corev1.PodSpec{ - Affinity: &corev1.Affinity{ - NodeAffinity: &corev1.NodeAffinity{ - RequiredDuringSchedulingIgnoredDuringExecution: &corev1.NodeSelector{ - NodeSelectorTerms: []corev1.NodeSelectorTerm{ - kubeutil.NotInWindows, - }, - }, - }, - PodAntiAffinity: &corev1.PodAntiAffinity{ - PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ - { - PodAffinityTerm: corev1.PodAffinityTerm{ - LabelSelector: &metav1.LabelSelector{ - MatchLabels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: WebhookName}, - labelsWebhook, - ), - }, - TopologyKey: kubeutil.LabelHostname, - }, - Weight: int32(100), - }, - }, - }, - }, - Containers: []corev1.Container{ - { - Env: []corev1.EnvVar{ - { - Name: "SYSTEM_NAMESPACE", - ValueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.namespace"}}, - }, { - Name: "CONFIG_LOGGING_NAME", - Value: ConfigLoggingCM.Name, - }, { - Name: "CONFIG_OBSERVABILITY_NAME", - Value: ConfigObservabilityCM.Name, - }, { - Name: "CONFIG_LEADERELECTION_NAME", - Value: ConfigLeaderElectionCM.Name, - }, { - Name: "CONFIG_FEATURE_FLAGS_NAME", - Value: FeatureFlagsCM.Name, - }, { - Name: "WEBHOOK_PORT", - Value: fmt.Sprintf("%d", WebhookPort), - }, { - Name: "WEBHOOK_ADMISSION_CONTROLLER_NAME", - Value: "webhook.pipeline.tekton.dev", - }, { - Name: "WEBHOOK_SERVICE_NAME", - Value: WebhookFullName, - }, { - Name: "WEBHOOK_SECRET_NAME", - Value: WebhookCertsSecrets.Name, - }, { - Name: "METRICS_DOMAIN", - Value: "tekton.dev/pipeline", - }, - }, - Image: WebhookImage, - LivenessProbe: &corev1.Probe{ - InitialDelaySeconds: int32(5), - PeriodSeconds: int32(10), - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/health", - Port: intstr.IntOrString{ - StrVal: "probes", - Type: intstr.Type(int64(1)), - }, - Scheme: corev1.URISchemeHTTP, - }, - }, - TimeoutSeconds: int32(5), - }, - Name: WebhookName, - Ports: []corev1.ContainerPort{ - { - ContainerPort: int32(9090), - Name: "metrics", - }, { - ContainerPort: int32(8008), - Name: "profiling", - }, { - ContainerPort: int32(WebhookPort), - Name: "https-webhook", - }, { - ContainerPort: int32(8080), - Name: "probes", - }, - }, - ReadinessProbe: &corev1.Probe{ - InitialDelaySeconds: int32(5), - PeriodSeconds: int32(10), - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/readiness", - Port: intstr.IntOrString{ - StrVal: "probes", - Type: intstr.Type(int64(1)), - }, - Scheme: corev1.URISchemeHTTP, - }, - }, - TimeoutSeconds: int32(5), - }, - Resources: kubeutil.Resources( - "100m", - "100Mi", - "500m", - "500Mi", - ), - SecurityContext: &corev1.SecurityContext{ - Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{corev1.Capability("ALL")}}, - RunAsGroup: P(int64(65532)), - RunAsNonRoot: P(true), - RunAsUser: P(int64(65532)), - SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, - }, - }, - }, - ServiceAccountName: WebhookFullName, - }, - }, - }, - TypeMeta: kubeutil.TypeDeploymentV1, -} - -var PipelinesControllerDeploy = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: ControllerName}, - labelsController, - labelsVersion, - ), - Name: ControllerFullName, - Namespace: PipelinesNS.Name, - }, - Spec: appsv1.DeploymentSpec{ - Replicas: P(int32(1)), - Selector: &metav1.LabelSelector{ - MatchLabels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: ControllerName}, - labelsController, - ), - }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - map[string]string{ - "app": ControllerFullName, - kubeutil.AppLabelName: ControllerName, - }, - labelsController, - labelsVersion, - ), - }, - Spec: corev1.PodSpec{ - Affinity: &corev1.Affinity{ - NodeAffinity: &corev1.NodeAffinity{ - RequiredDuringSchedulingIgnoredDuringExecution: &corev1.NodeSelector{ - NodeSelectorTerms: []corev1.NodeSelectorTerm{kubeutil.NotInWindows}, - }, - }, - }, - Containers: []corev1.Container{ - { - Args: []string{ - "-entrypoint-image", - "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.46.0@sha256:36114bab6037563667aa0620037e7a063ffe00f432866a293807f8029eddd645", - "-nop-image", - "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.46.0@sha256:1b9ad2522b5a5ea0c51ac43e2838ea1535de9d9c82c7864ed9a88553db434a29", - "-sidecarlogresults-image", - "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.46.0@sha256:4bc1d0dc796a2a85a72d431344b80a2ac93f259fdd199d17ebc6d31b52a571d6", - "-workingdirinit-image", - "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.46.0@sha256:b066c05c1565675a573563557d2cd91bea48217091a3beda639f0dbdea5910bc", - "-shell-image", - "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791", - "-shell-image-win", - "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6", - }, - Env: []corev1.EnvVar{ - { - Name: "SYSTEM_NAMESPACE", - ValueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.namespace"}}, - }, { - Name: "CONFIG_DEFAULTS_NAME", - Value: ConfigDefaultsCM.Name, - }, { - Name: "CONFIG_LOGGING_NAME", - Value: ConfigLoggingCM.Name, - }, { - Name: "CONFIG_OBSERVABILITY_NAME", - Value: ConfigObservabilityCM.Name, - }, { - Name: "CONFIG_FEATURE_FLAGS_NAME", - Value: FeatureFlagsCM.Name, - }, { - Name: "CONFIG_LEADERELECTION_NAME", - Value: ConfigLeaderElectionCM.Name, - }, { - Name: "CONFIG_SPIRE", - Value: ConfigSpireCM.Name, - }, { - Name: "SSL_CERT_FILE", - Value: "/etc/config-registry-cert/cert", - }, { - Name: "SSL_CERT_DIR", - Value: "/etc/ssl/certs", - }, { - Name: "METRICS_DOMAIN", - Value: "tekton.dev/pipeline", - }, - }, - Image: ControllerImage, - LivenessProbe: &corev1.Probe{ - InitialDelaySeconds: int32(5), - PeriodSeconds: int32(10), - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/health", - Port: intstr.IntOrString{ - StrVal: "probes", - Type: intstr.Type(int64(1)), - }, - Scheme: corev1.URISchemeHTTP, - }, - }, - TimeoutSeconds: int32(5), - }, - Name: ControllerFullName, - Ports: []corev1.ContainerPort{ - { - ContainerPort: int32(9090), - Name: "metrics", - }, { - ContainerPort: int32(8008), - Name: "profiling", - }, { - ContainerPort: int32(8080), - Name: "probes", - }, - }, - ReadinessProbe: &corev1.Probe{ - InitialDelaySeconds: int32(5), - PeriodSeconds: int32(10), - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Path: "/readiness", - Port: intstr.IntOrString{ - StrVal: "probes", - Type: intstr.Type(int64(1)), - }, - Scheme: corev1.URISchemeHTTP, - }, - }, - TimeoutSeconds: int32(5), - }, - SecurityContext: &corev1.SecurityContext{ - Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{corev1.Capability("ALL")}}, - RunAsGroup: P(int64(65532)), - RunAsNonRoot: P(true), - RunAsUser: P(int64(65532)), - SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, - }, - VolumeMounts: []corev1.VolumeMount{ - { - MountPath: "/etc/config-logging", - Name: ConfigLoggingCM.Name, - }, { - MountPath: "/etc/config-registry-cert", - Name: ConfigRegistryCertCM.Name, - }, - }, - }, - }, - ServiceAccountName: PipelinesControllerSA.Name, - Volumes: []corev1.Volume{ - { - Name: ConfigLoggingCM.Name, - VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: ConfigLoggingCM.Name}}}, - }, { - Name: ConfigRegistryCertCM.Name, - VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: ConfigRegistryCertCM.Name}}}, - }, - }, - }, - }, - }, - TypeMeta: kubeutil.TypeDeploymentV1, -} - -var PipelinesRemoteResolversDeploy = &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: ResolversName}, - labelsResolvers, - labelsVersion, - ), - Name: ResolversFullName, - Namespace: ResolversNS.Name, - }, - Spec: appsv1.DeploymentSpec{ - Replicas: P(int32(1)), - Selector: &metav1.LabelSelector{ - MatchLabels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: ResolversName}, - labelsResolvers, - ), - }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - map[string]string{ - "app": ResolversFullName, - kubeutil.AppLabelName: ResolversName, - }, - labelsResolvers, - labelsVersion, - ), - }, - Spec: corev1.PodSpec{ - Affinity: &corev1.Affinity{ - PodAntiAffinity: &corev1.PodAntiAffinity{ - PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ - { - PodAffinityTerm: corev1.PodAffinityTerm{ - LabelSelector: &metav1.LabelSelector{ - MatchLabels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: ResolversName}, - labelsResolvers, - ), - }, - TopologyKey: kubeutil.LabelHostname, - }, - Weight: int32(100), - }, - }, - }, - }, - Containers: []corev1.Container{ - { - Env: []corev1.EnvVar{ - { - Name: "SYSTEM_NAMESPACE", - ValueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.namespace"}}, - }, { - Name: "CONFIG_LOGGING_NAME", - Value: ConfigLoggingResolversCM.Name, - }, { - Name: "CONFIG_OBSERVABILITY_NAME", - Value: ConfigObservabilityResolversCM.Name, - }, { - Name: "CONFIG_FEATURE_FLAGS_NAME", - Value: ResolversFeatureFlagsCM.Name, - }, { - Name: "CONFIG_LEADERELECTION_NAME", - Value: ConfigLeaderElectionResolversCM.Name, - }, { - Name: "METRICS_DOMAIN", - Value: "tekton.dev/resolution", - }, { - Name: "ARTIFACT_HUB_API", - Value: "https://artifacthub.io/", - }, - }, - Image: ResolversImage, - Name: ResolversName, - Ports: []corev1.ContainerPort{ - { - ContainerPort: int32(9090), - Name: "metrics", - }, - }, - Resources: kubeutil.Resources( - "100m", - "100Mi", - "1000m", - "4Gi", - ), - SecurityContext: &corev1.SecurityContext{ - Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{corev1.Capability("ALL")}}, - ReadOnlyRootFilesystem: P(true), - RunAsNonRoot: P(true), - SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, - }, - }, - }, - ServiceAccountName: PipelinesResolversSA.Name, - }, - }, - }, - TypeMeta: kubeutil.TypeDeploymentV1, -} diff --git a/docs/platypus/pkg/platform/tekton/horizontal-pod-autoscaler.go b/docs/platypus/pkg/platform/tekton/horizontal-pod-autoscaler.go deleted file mode 100644 index 5e9aa77..0000000 --- a/docs/platypus/pkg/platform/tekton/horizontal-pod-autoscaler.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - autoscalingv2 "k8s.io/api/autoscaling/v2" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var PipelinesWebhookHPA = &autoscalingv2.HorizontalPodAutoscaler{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels( - map[string]string{kubeutil.AppLabelName: WebhookName}, - labelsWebhook, - labelsVersion, - ), - Name: WebhookFullName, - Namespace: PipelinesNS.Name, - }, - Spec: autoscalingv2.HorizontalPodAutoscalerSpec{ - MaxReplicas: int32(5), - Metrics: []autoscalingv2.MetricSpec{ - { - Resource: &autoscalingv2.ResourceMetricSource{ - Name: corev1.ResourceCPU, - Target: autoscalingv2.MetricTarget{ - AverageUtilization: P(int32(100)), - Type: autoscalingv2.UtilizationMetricType, - }, - }, - Type: autoscalingv2.ResourceMetricSourceType, - }, - }, - MinReplicas: P(int32(1)), - ScaleTargetRef: autoscalingv2.CrossVersionObjectReference{ - APIVersion: PipelinesWebhookDeploy.APIVersion, - Kind: PipelinesWebhookDeploy.Kind, - Name: PipelinesWebhookDeploy.Name, - }, - }, - TypeMeta: kubeutil.TypeHorizontalPodAutoscalerV2, -} diff --git a/docs/platypus/pkg/platform/tekton/role.go b/docs/platypus/pkg/platform/tekton/role.go deleted file mode 100644 index 85061c3..0000000 --- a/docs/platypus/pkg/platform/tekton/role.go +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var PipelinesLeaderElectionRole = &rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "tekton-pipelines-leader-election", - Namespace: PipelinesNS.Name, - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{"coordination.k8s.io"}, - Resources: []string{"leases"}, - Verbs: []string{ - "get", - "list", - "create", - "update", - "delete", - "patch", - "watch", - }, - }, - }, - TypeMeta: kubeutil.TypeRoleV1, -} - -var PipelinesResolversNamespaceRbacRole = &rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsResolvers, - Name: "tekton-pipelines-resolvers-namespace-rbac", - Namespace: ResolversNS.Name, - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{}, - Resources: []string{"configmaps", "secrets"}, - Verbs: []string{"get", "list", "update", "watch"}, - }, { - APIGroups: []string{"coordination.k8s.io"}, - Resources: []string{"leases"}, - Verbs: []string{ - "get", - "list", - "create", - "update", - "delete", - "patch", - "watch", - }, - }, - }, - TypeMeta: kubeutil.TypeRoleV1, -} - -var PipelinesInfoRole = &rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsPipelines, - Name: "tekton-pipelines-info", - Namespace: PipelinesNS.Name, - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{}, - ResourceNames: []string{"pipelines-info"}, - Resources: []string{"configmaps"}, - Verbs: []string{"get"}, - }, - }, - TypeMeta: kubeutil.TypeRoleV1, -} - -var PipelinesWebhookRole = &rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsWebhook, - Name: WebhookFullName, - Namespace: PipelinesNS.Name, - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{}, - Resources: []string{"configmaps"}, - Verbs: []string{"list", "watch"}, - }, { - APIGroups: []string{}, - ResourceNames: []string{ - ConfigLoggingCM.Name, - ConfigObservabilityCM.Name, - ConfigLeaderElectionCM.Name, - FeatureFlagsCM.Name, - }, - Resources: []string{"configmaps"}, - Verbs: []string{"get"}, - }, { - APIGroups: []string{}, - Resources: []string{"secrets"}, - Verbs: []string{"list", "watch"}, - }, { - APIGroups: []string{}, - ResourceNames: []string{WebhookCertsSecrets.Name}, - Resources: []string{"secrets"}, - Verbs: []string{"get", "update"}, - }, - }, - TypeMeta: kubeutil.TypeRoleV1, -} - -var PipelinesControllerRole = &rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{ - Labels: labelsController, - Name: ControllerFullName, - Namespace: PipelinesNS.Name, - }, - Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{}, - Resources: []string{"configmaps"}, - Verbs: []string{"list", "watch"}, - }, { - APIGroups: []string{}, - ResourceNames: []string{ - ConfigLoggingCM.Name, - ConfigObservabilityCM.Name, - ConfigLeaderElectionCM.Name, - ConfigRegistryCertCM.Name, - FeatureFlagsCM.Name, - }, - Resources: []string{"configmaps"}, - Verbs: []string{"get"}, - }, - }, - TypeMeta: kubeutil.TypeRoleV1, -} diff --git a/docs/platypus/pkg/platform/tekton/secret.go b/docs/platypus/pkg/platform/tekton/secret.go deleted file mode 100644 index a9111ec..0000000 --- a/docs/platypus/pkg/platform/tekton/secret.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var WebhookCertsSecrets = &corev1.Secret{ - Data: nil, - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels(labelsWebhook, labelsVersion), - Name: "webhook-certs", - Namespace: PipelinesNS.Name, - }, - TypeMeta: kubeutil.TypeSecretV1, -} // TODO: SECRETS SHOULD BE STORED ELSEWHERE THAN IN THE CODE!!!! diff --git a/docs/platypus/pkg/platform/tekton/service.go b/docs/platypus/pkg/platform/tekton/service.go deleted file mode 100644 index 620c35f..0000000 --- a/docs/platypus/pkg/platform/tekton/service.go +++ /dev/null @@ -1,106 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -var PipelinesWebhookSVC = &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app": "tekton-pipelines-webhook", - "app.kubernetes.io/component": "webhook", - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/name": "webhook", - "app.kubernetes.io/part-of": "tekton-pipelines", - "app.kubernetes.io/version": "v0.45.0", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "tekton-pipelines-webhook", - Namespace: "tekton-pipelines", - }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ - { - Name: "http-metrics", - Port: int32(9090), - TargetPort: intstr.IntOrString{IntVal: int32(9090)}, - }, { - Name: "http-profiling", - Port: int32(8008), - TargetPort: intstr.IntOrString{IntVal: int32(8008)}, - }, { - Name: "https-webhook", - Port: int32(443), - TargetPort: intstr.IntOrString{ - StrVal: "https-webhook", - Type: intstr.Type(int64(1)), - }, - }, { - Name: "probes", - Port: int32(8080), - }, - }, - Selector: map[string]string{ - "app.kubernetes.io/component": "webhook", - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/name": "webhook", - "app.kubernetes.io/part-of": "tekton-pipelines", - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "v1", - Kind: "Service", - }, -} - -var PipelinesControllerSVC = &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Labels: map[string]string{ - "app": "tekton-pipelines-controller", - "app.kubernetes.io/component": "controller", - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/name": "controller", - "app.kubernetes.io/part-of": "tekton-pipelines", - "app.kubernetes.io/version": "v0.45.0", - "pipeline.tekton.dev/release": "v0.45.0", - "version": "v0.45.0", - }, - Name: "tekton-pipelines-controller", - Namespace: "tekton-pipelines", - }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ - { - Name: "http-metrics", - Port: int32(9090), - Protocol: corev1.Protocol("TCP"), - TargetPort: intstr.IntOrString{IntVal: int32(9090)}, - }, { - Name: "http-profiling", - Port: int32(8008), - TargetPort: intstr.IntOrString{IntVal: int32(8008)}, - }, { - Name: "probes", - Port: int32(8080), - }, - }, - Selector: map[string]string{ - "app.kubernetes.io/component": "controller", - "app.kubernetes.io/instance": "default", - "app.kubernetes.io/name": "controller", - "app.kubernetes.io/part-of": "tekton-pipelines", - }, - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "v1", - Kind: "Service", - }, -} diff --git a/docs/platypus/pkg/platform/tekton/webhook.go b/docs/platypus/pkg/platform/tekton/webhook.go deleted file mode 100644 index 6307e38..0000000 --- a/docs/platypus/pkg/platform/tekton/webhook.go +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -// Code generated by lingon. EDIT AS MUCH AS YOU LIKE. - -package tekton - -import ( - "github.com/golingon/lingon/pkg/kubeutil" - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -var WebhookPipelineDevMutatingwebhookconfigurations = &admissionregistrationv1.MutatingWebhookConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels(labelsWebhook, labelsVersion), - Name: "webhook.pipeline.tekton.dev", - }, - TypeMeta: kubeutil.TypeMutatingWebhookConfigurationV1, - Webhooks: []admissionregistrationv1.MutatingWebhook{ - { - AdmissionReviewVersions: []string{"v1"}, - ClientConfig: admissionregistrationv1.WebhookClientConfig{ - Service: &admissionregistrationv1.ServiceReference{ - Name: WebhookFullName, - Namespace: PipelinesNS.Name, - }, - }, - FailurePolicy: P(admissionregistrationv1.Fail), - Name: "webhook.pipeline.tekton.dev", - SideEffects: P(admissionregistrationv1.SideEffectClassNone), - }, - }, -} - -var ConfigWebhookPipelineDevValidatingwebhookconfigurations = &admissionregistrationv1.ValidatingWebhookConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels(labelsWebhook, labelsVersion), - Name: "config.webhook.pipeline.tekton.dev", - }, - TypeMeta: kubeutil.TypeValidatingWebhookConfigurationV1, - Webhooks: []admissionregistrationv1.ValidatingWebhook{ - { - AdmissionReviewVersions: []string{"v1"}, - ClientConfig: admissionregistrationv1.WebhookClientConfig{ - Service: &admissionregistrationv1.ServiceReference{ - Name: WebhookFullName, - Namespace: PipelinesNS.Name, - }, - }, - FailurePolicy: P(admissionregistrationv1.Fail), - Name: "config.webhook.pipeline.tekton.dev", - ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{kubeutil.AppLabelPartOf: "tekton-pipelines"}}, - SideEffects: P(admissionregistrationv1.SideEffectClassNone), - }, - }, -} - -var ValidationWebhookPipelineDevValidatingwebhookconfigurations = &admissionregistrationv1.ValidatingWebhookConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Labels: kubeutil.MergeLabels(labelsWebhook, labelsVersion), - Name: "validation.webhook.pipeline.tekton.dev", - }, - TypeMeta: kubeutil.TypeValidatingWebhookConfigurationV1, - Webhooks: []admissionregistrationv1.ValidatingWebhook{ - { - AdmissionReviewVersions: []string{"v1"}, - ClientConfig: admissionregistrationv1.WebhookClientConfig{ - Service: &admissionregistrationv1.ServiceReference{ - Name: WebhookFullName, - Namespace: PipelinesNS.Name, - }, - }, - FailurePolicy: P(admissionregistrationv1.Fail), - Name: "validation.webhook.pipeline.tekton.dev", - SideEffects: P(admissionregistrationv1.SideEffectClassNone), - }, - }, -} diff --git a/docs/platypus/pkg/terraclient/client.go b/docs/platypus/pkg/terraclient/client.go deleted file mode 100644 index b533493..0000000 --- a/docs/platypus/pkg/terraclient/client.go +++ /dev/null @@ -1,325 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package terraclient - -import ( - "context" - "errors" - "fmt" - "io" - "log/slog" - "os" - "path/filepath" - "sync" - - "github.com/golingon/lingon/pkg/terra" - "github.com/hashicorp/terraform-exec/tfexec" - tfjson "github.com/hashicorp/terraform-json" -) - -const ( - tfSuffix = ".tf" - tfExec = "terraform" - tfPlanFile = "tfplan" - tfWorkDir = ".terra" -) - -var ( - ErrNoStackName = errors.New("no stack name") - ErrDuplicateStackName = errors.New("duplicate stack name") -) - -func NewClient(opts ...func(*clientOpts)) *Client { - var rOpt clientOpts - for _, opt := range opts { - opt(&rOpt) - } - return &Client{ - stacks: make([]Stacker, 0), - opts: rOpt, - } -} - -func WithDefaultPlan(b bool) func(o *clientOpts) { - return func(o *clientOpts) { - o.plan = b - } -} - -func WithDefaultApply(b bool) func(o *clientOpts) { - return func(o *clientOpts) { - o.apply = b - } -} - -func WithDefaultDestroy(b bool) func(o *clientOpts) { - return func(o *clientOpts) { - o.destroy = b - } -} - -type clientOpts struct { - plan bool - apply bool - destroy bool -} - -// Client runs Terraform stacks and keeps a record of the runs in order to -// provide a summary of -// the changes -type Client struct { - mu sync.Mutex - stacks []Stacker - opts clientOpts -} - -func WithRunPlan(b bool) func(o *runOpts) { - return func(o *runOpts) { - o.plan = b - } -} - -func WithRunApply(b bool) func(o *runOpts) { - return func(o *runOpts) { - o.apply = b - } -} - -func WithRunDestroy(b bool) func(o *runOpts) { - return func(o *runOpts) { - o.destroy = b - } -} - -type runOpts struct { - plan bool - apply bool - destroy bool -} - -func (r *Client) Run( - ctx context.Context, - stack Stacker, - opts ...func(*runOpts), -) error { - rOpts := runOpts{ - plan: r.opts.plan, - apply: r.opts.apply, - destroy: r.opts.destroy, - } - - for _, opt := range opts { - opt(&rOpts) - } - - if err := r.addStackToRunner(stack); err != nil { - return err - } - if err := r.initStack(ctx, stack, rOpts); err != nil { - return fmt.Errorf( - "initializing stack %s: %w", - stack.StackName(), err, - ) - } - var diff bool - if rOpts.plan || rOpts.apply { - var err error - diff, err = r.planStack(ctx, stack, rOpts) - if err != nil { - return fmt.Errorf( - "planning stack %s: %w", stack.StackName(), err, - ) - } - } - if diff && rOpts.apply { - if err := r.applyStack(ctx, stack); err != nil { - return fmt.Errorf( - "applying stack %s: %w", stack.StackName(), err, - ) - } - } - if err := r.showStack(ctx, stack); err != nil { - return fmt.Errorf( - "getting state for stack %s: %w", - stack.StackName(), err, - ) - } - - return nil -} - -func (r *Client) Stacks() []Stacker { - return r.stacks -} - -func (r *Client) planStack( - ctx context.Context, stack Stacker, - opts runOpts, -) (bool, error) { - tf, err := r.newTerraform(stack) - if err != nil { - return false, fmt.Errorf("creating terraform runtime") - } - slog.Info( - "Running Terraform Plan", - slog.String("working_dir", tf.WorkingDir()), - slog.String("out", tfPlanFile), - ) - tf.SetStdout(os.Stdout) - diff, err := tf.Plan( - ctx, - tfexec.Out(tfPlanFile), - tfexec.Destroy(opts.destroy), - ) - if err != nil { - return false, err - } - tf.SetStdout(io.Discard) - - plan, err := tf.ShowPlanFile(ctx, tfPlanFile) - if err != nil { - return false, err - } - r.setPlan(stack, plan) - - return diff, nil -} - -func (r *Client) applyStack(ctx context.Context, stack Stacker) error { - tf, err := r.newTerraform(stack) - if err != nil { - return err - } - - slog.Info( - "Running Terraform Apply", - slog.String("working_dir", tf.WorkingDir()), - slog.String("plan", tfPlanFile), - ) - tf.SetStdout(os.Stdout) - if err := tf.Apply(ctx, tfexec.DirOrPlan(tfPlanFile)); err != nil { - return fmt.Errorf("terraform apply command failed: %w", err) - } - tf.SetStdout(io.Discard) - - return nil -} - -func (r *Client) showStack(ctx context.Context, stack Stacker) error { - tf, err := r.newTerraform(stack) - if err != nil { - return err - } - - slog.Info( - "Importing Terraform state into stack", - slog.String("stack", stack.StackName()), - slog.String("working_dir", tf.WorkingDir()), - ) - tfState, err := tf.Show(ctx) - if err != nil { - return fmt.Errorf("terraform show command failed: %w", err) - } - - if len(tfState.Values.RootModule.Resources) == 0 { - stack.SetStateMode(StateModeEmpty) - return nil - } - - fullState, err := terra.StackImportState(stack, tfState) - if err != nil { - return fmt.Errorf("importing state: %w", err) - } - if fullState { - stack.SetStateMode(StateModeComplete) - } else { - stack.SetStateMode(StateModePartial) - } - - return nil -} - -func (r *Client) initStack( - ctx context.Context, - stack Stacker, - opts runOpts, -) error { - if stack.StackName() == "" { - return ErrNoStackName - } - - if err := terra.Export( - stack, terra.WithExportOutputDirectory(r.workingDir(stack)), - ); err != nil { - return fmt.Errorf("terra export: %w", err) - } - tf, err := r.newTerraform(stack) - if err != nil { - return fmt.Errorf("creating terraform runtime: %w", err) - } - - if err = tf.Init(ctx, tfexec.Upgrade(true)); err != nil { - return fmt.Errorf("terraform init command failed: %w", err) - } - - tfv, err := tf.Validate(ctx) - if err != nil { - return fmt.Errorf("terraform validate command failed: %w", err) - } - if !tfv.Valid { - return fmt.Errorf( - "terraform stack is not valid: %+v", - tfv.Diagnostics, - ) - } - - return nil -} - -// addStackToRunner appends the given stack to the runner's internal list -// This ensures there are not stacks with duplicate names being -// run and the list can be used by the caller, if needed, for things like -// destroying/infrastructure in reverse order -func (r *Client) addStackToRunner(stack Stacker) error { - for _, stk := range r.stacks { - if stk.StackName() == stack.StackName() { - // If it's the same stack being run twice then it's ok - if stk == stack { - return nil - } - return fmt.Errorf( - "%w: %s", - ErrDuplicateStackName, - stack.StackName(), - ) - } - } - r.mu.Lock() - r.stacks = append( - r.stacks, stack, - ) - r.mu.Unlock() - return nil -} - -func (r *Client) setPlan(stack Stacker, plan *tfjson.Plan) { - stack.SetPlan(plan) -} - -// func NewTerraform(s Stacker) (*tfexec.Terraform, error) { -// wd := filepath.Join(tfWorkDir, s.StackName()) -// tf, err := tfexec.NewTerraform(wd, tfExec) -// } -func (r *Client) newTerraform(stack Stacker) (*tfexec.Terraform, error) { - workingDir := r.workingDir(stack) - tf, err := tfexec.NewTerraform(workingDir, tfExec) - if err != nil { - return nil, fmt.Errorf("creating terraform runtime: %w", err) - } - return tf, nil -} - -func (r *Client) workingDir(stack Stacker) string { - return filepath.Join(tfWorkDir, stack.StackName()) -} diff --git a/docs/platypus/pkg/terraclient/plan.go b/docs/platypus/pkg/terraclient/plan.go deleted file mode 100644 index 6fa7b8c..0000000 --- a/docs/platypus/pkg/terraclient/plan.go +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package terraclient - -import ( - tfjson "github.com/hashicorp/terraform-json" -) - -func parseTfPlan(plan *tfjson.Plan) *Plan { - var drift Plan - for _, change := range plan.ResourceChanges { - for _, action := range change.Change.Actions { - switch action { - case tfjson.ActionCreate: - drift.AddResources = append(drift.AddResources, change) - case tfjson.ActionDelete: - drift.DestroyResources = append(drift.DestroyResources, change) - case tfjson.ActionUpdate: - drift.ChangeResources = append(drift.ChangeResources, change) - default: - // We don't care about other actions for the summary - } - } - } - - return &drift -} - -type Plan struct { - AddResources []*tfjson.ResourceChange - ChangeResources []*tfjson.ResourceChange - DestroyResources []*tfjson.ResourceChange -} - -func (p *Plan) HasDrift() bool { - if len(p.AddResources) == 0 && len(p.ChangeResources) == 0 && len(p.DestroyResources) == 0 { - return false - } - - return true -} diff --git a/docs/platypus/pkg/terraclient/stack.go b/docs/platypus/pkg/terraclient/stack.go deleted file mode 100644 index 1c1544f..0000000 --- a/docs/platypus/pkg/terraclient/stack.go +++ /dev/null @@ -1,85 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package terraclient - -import ( - "github.com/golingon/lingon/pkg/terra" - tfjson "github.com/hashicorp/terraform-json" -) - -type StateMode int - -const ( - // StateModeUnknown the state mode has not been determined yet (no - // plan/apply) - StateModeUnknown StateMode = 0 - // StateModeEmpty there is no state (no apply yet) - StateModeEmpty StateMode = 1 - // StateModePartial there is a state, but there are resources in the Stack - // that are not in the state yet (need to be applied) - StateModePartial StateMode = 2 - // StateModeComplete the Stack and Terraform state are in complete sync - StateModeComplete StateMode = 3 -) - -var _ terra.Exporter = (Stacker)(nil) - -// Stacker represents a Terraform Stack. -// Embed the Stack struct into your struct -// to implement the interface, e.g. -// -// type EKSCluster struct { -// terra.Stack - -// IAMRole aws.IamRole -// EKSCluster aws.EksCluster -// ... -// } -type Stacker interface { - terra.Exporter - StackName() string - SetPlan(*tfjson.Plan) - SetStateMode(StateMode) - IsStateComplete() bool - Plan() *Plan -} - -var _ Stacker = (*Stack)(nil) - -type Stack struct { - // Name is the unique name of the Stack. - // It is used for the working directory where the Terraform code is - // generated and the Terraform CLI is executed. - Name string `lingon:"-" validate:"required"` - stateMode StateMode `lingon:"-"` - plan *Plan `lingon:"-"` - tfplan *tfjson.Plan `lingon:"-"` -} - -func (*Stack) Terriyaki() {} - -func (r *Stack) StackName() string { - return r.Name -} - -func (r *Stack) SetPlan(tfplan *tfjson.Plan) { - r.plan = parseTfPlan(tfplan) - r.tfplan = tfplan -} - -func (r *Stack) SetStateMode(sm StateMode) { - r.stateMode = sm -} - -func (r *Stack) StateMode() StateMode { - return r.stateMode -} - -func (r *Stack) IsStateComplete() bool { - return r.stateMode == StateModeComplete -} - -func (r *Stack) Plan() *Plan { - return r.plan -} diff --git a/docs/platypus/pkg/updater/registry.go b/docs/platypus/pkg/updater/registry.go deleted file mode 100644 index 81bf77b..0000000 --- a/docs/platypus/pkg/updater/registry.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package updater - -import ( - "errors" - "fmt" - "sort" - - "github.com/Masterminds/semver/v3" - "github.com/google/go-containerregistry/pkg/name" - "github.com/google/go-containerregistry/pkg/v1/remote" -) - -func GetLatestVersion(repository, constraint string) (string, error) { - c, err := semver.NewConstraint(constraint) - if err != nil { - return "", fmt.Errorf("parsing constraint: %w", err) - } - - repo, err := name.NewRepository(repository) - if err != nil { - return "", fmt.Errorf("parsing repository: %w", err) - } - remoteVersions, err := remote.List(repo) - if err != nil { - return "", fmt.Errorf("listing repository versions: %w", err) - } - - semVersions := make([]*semver.Version, 0) - for _, v := range remoteVersions { - sv, err := semver.NewVersion(v) - if err != nil { - continue - } - if c.Check(sv) { - semVersions = append(semVersions, sv) - } - } - sort.Sort(semver.Collection(semVersions)) - - if len(semVersions) == 0 { - return "", errors.New("no new versions") - } - return semVersions[len(semVersions)-1].String(), nil -} diff --git a/docs/platypus/pkg/updater/registry_test.go b/docs/platypus/pkg/updater/registry_test.go deleted file mode 100644 index eec88a5..0000000 --- a/docs/platypus/pkg/updater/registry_test.go +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright (c) 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package updater - -import ( - "fmt" - "testing" - - "github.com/stretchr/testify/require" -) - -func TestGetLatestVersion(t *testing.T) { - lv, err := GetLatestVersion("grafana/grafana", ">9.3.6, <9.4") - require.NoError(t, err) - fmt.Println(lv) -} diff --git a/docs/platypus/readme.md b/docs/platypus/readme.md deleted file mode 100644 index e0bb8fd..0000000 --- a/docs/platypus/readme.md +++ /dev/null @@ -1,42 +0,0 @@ -# Platypus - -## ⚠️ experimental ⚠️ - -This is a test case we use to test new concepts and get a feel for the APIs. - -The Terraform code is in `pkg/infra` while the kubernetes manifestss are in `pkg/platform`. - -The code entrypoint is in `cmd/platypus/cli.go`. - -## Getting started - -### Prerequisites - -- [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) -- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) -- [terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) - -### Setup - -Authenticate: Follow the instructions [here](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) to configure your AWS credentials. - - ```bash - # if SSO - aws sso login --profile=platypus-xxx - # get the identity - aws sts get-caller-identity --profile platypus-xxx - ``` - -### Run - -Terraform plan - - ```bash - go run ./cmd/platypus/ --plan - ``` - -Terraform apply - - ```bash - go run ./cmd/platypus/ --apply - ``` diff --git a/docs/platypus2/cmd/bootstrap/bucket.go b/docs/platypus2/cmd/bootstrap/bucket.go index cde5f8b..f39a13d 100644 --- a/docs/platypus2/cmd/bootstrap/bucket.go +++ b/docs/platypus2/cmd/bootstrap/bucket.go @@ -12,9 +12,8 @@ import ( "github.com/golingon/lingon/pkg/terra" "github.com/golingon/lingoneks/infra" + "github.com/golingon/lingoneks/out/aws" "github.com/golingon/lingoneks/terraclient" - aws "github.com/golingon/terraproviders/aws/5.13.1" - "github.com/golingon/terraproviders/aws/5.13.1/provider" ) const ( @@ -125,17 +124,15 @@ func run(p runParams) error { s3 := s3Stack{ StackConfig: StackConfig{ Stack: terraclient.Stack{Name: bucketName}, - Provider: aws.NewProvider( - aws.ProviderArgs{ - Profile: S(p.AWSParams.Profile), - Region: S(p.AWSParams.Region), - DefaultTags: []provider.DefaultTags{ - { - Tags: infra.Ttags(p.TFLabels), - }, + Provider: &aws.Provider{ + Profile: S(p.AWSParams.Profile), + Region: S(p.AWSParams.Region), + DefaultTags: []aws.DefaultTags{ + { + Tags: infra.Ttags(p.TFLabels), }, }, - ), + }, }, Bucket: *infra.NewBucket(bucketName), } diff --git a/docs/platypus2/cmd/platypus/stacks.go b/docs/platypus2/cmd/platypus/stacks.go index 2e9ed17..ac719d3 100644 --- a/docs/platypus2/cmd/platypus/stacks.go +++ b/docs/platypus2/cmd/platypus/stacks.go @@ -10,9 +10,8 @@ import ( "github.com/golingon/lingoneks/infra" "github.com/golingon/lingoneks/karpenter" + "github.com/golingon/lingoneks/out/aws" "github.com/golingon/lingoneks/terraclient" - aws "github.com/golingon/terraproviders/aws/5.13.1" - "github.com/golingon/terraproviders/aws/5.13.1/provider" "github.com/golingon/lingon/pkg/terra" ) @@ -80,17 +79,15 @@ func newProv(p AWSParams, labels map[string]string) *aws.Provider { l[k] = S(v) } - return aws.NewProvider( - aws.ProviderArgs{ - Profile: S(p.Profile), - Region: S(p.Region), - DefaultTags: []provider.DefaultTags{ - { - Tags: terra.Map(l), - }, + return &aws.Provider{ + Profile: S(p.Profile), + Region: S(p.Region), + DefaultTags: []aws.DefaultTags{ + { + Tags: terra.Map(l), }, }, - ) + } } func kubeconfigFromAWSCmd( diff --git a/docs/platypus2/generate.go b/docs/platypus2/generate.go new file mode 100644 index 0000000..3693311 --- /dev/null +++ b/docs/platypus2/generate.go @@ -0,0 +1,10 @@ +// Copyright (c) 2023 Volvo Car Corporation +// SPDX-License-Identifier: Apache-2.0 + +package main + +//go:generate echo "\n>>>> docs/platypus2: generating hashicorp/aws terra provider\n" +//go:generate go run -mod=readonly github.com/golingon/lingon/cmd/terragen -out ./out/aws -pkg github.com/golingon/lingon/docs/terraform/out/aws -clean -provider aws=hashicorp/aws:5.44.0 + +//go:generate echo "\n>>>> docs/platypus2: generating hashicorp/tls terra provider\n" +//go:generate go run -mod=readonly github.com/golingon/lingon/cmd/terragen -out ./out/tls -pkg github.com/golingon/lingon/docs/terraform/out/tls -clean -provider tls=hashicorp/tls:4.0.5 diff --git a/docs/platypus2/go.mod b/docs/platypus2/go.mod index 8fc5d37..c8a9b1b 100644 --- a/docs/platypus2/go.mod +++ b/docs/platypus2/go.mod @@ -1,6 +1,6 @@ module github.com/golingon/lingoneks -go 1.21 +go 1.21.7 replace github.com/golingon/lingon => ../../ @@ -10,29 +10,27 @@ require ( github.com/ardanlabs/conf/v3 v3.1.6 github.com/aws/karpenter v0.29.2 github.com/aws/karpenter-core v0.29.2 - github.com/golingon/terraproviders/aws/5.13.1 v0.0.0-20230821062044-8717820dd713 - github.com/golingon/terraproviders/tls/4.0.4 v0.0.0-20230821062044-8717820dd713 + github.com/golingon/lingon v0.0.0-20240410151041-d6e1fef1f2a8 + github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c github.com/grafana/dashboard-linter v0.0.0-20230622143601-02e2cd156626 - github.com/hashicorp/terraform-exec v0.18.1 - github.com/hashicorp/terraform-json v0.17.1 + github.com/hashicorp/terraform-exec v0.20.0 + github.com/hashicorp/terraform-json v0.21.0 github.com/nats-io/nats.go v1.28.0 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.67.1 github.com/prometheus/client_golang v1.16.0 - github.com/rogpeppe/go-internal v1.11.0 - github.com/tidwall/gjson v1.16.0 - github.com/golingon/lingon v0.0.0-20230821085204-81fbacc93e96 + github.com/rogpeppe/go-internal v1.12.0 + github.com/tidwall/gjson v1.17.1 github.com/zeitlinger/conflate v0.0.0-20230622100834-279724abda8c go.uber.org/automaxprocs v1.5.3 - golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 google.golang.org/grpc v1.57.0 google.golang.org/protobuf v1.31.0 - k8s.io/api v0.28.0 - k8s.io/apiextensions-apiserver v0.28.0 - k8s.io/apimachinery v0.28.0 + k8s.io/api v0.29.3 + k8s.io/apiextensions-apiserver v0.29.3 + k8s.io/apimachinery v0.29.3 k8s.io/client-go v1.5.2 k8s.io/kube-aggregator v0.28.0 sigs.k8s.io/kind v0.20.0 - sigs.k8s.io/yaml v1.3.0 + sigs.k8s.io/yaml v1.4.0 ) replace ( @@ -57,7 +55,7 @@ require ( github.com/VictoriaMetrics/metrics v1.24.0 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alessio/shellescape v1.4.1 // indirect - github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect + github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/aws/aws-sdk-go v1.44.329 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect @@ -68,22 +66,22 @@ require ( github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.2 // indirect + github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-kit/log v0.2.1 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect + github.com/go-logr/logr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.20.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.4 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.15.1 // indirect + github.com/go-playground/validator/v10 v10.19.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/gnostic v0.6.9 // indirect - github.com/google/go-cmp v0.5.9 // indirect + github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/s2a-go v0.1.5 // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect @@ -92,14 +90,14 @@ require ( github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd // indirect github.com/hashicorp/go-version v1.6.0 // indirect - github.com/hashicorp/hcl/v2 v2.17.0 // indirect + github.com/hashicorp/hcl/v2 v2.20.1 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.16.7 // indirect - github.com/leodido/go-urn v1.2.4 // indirect + github.com/leodido/go-urn v1.4.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-isatty v0.0.19 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect @@ -134,21 +132,22 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - github.com/zclconf/go-cty v1.13.2 // indirect + github.com/zclconf/go-cty v1.14.4 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/goleak v1.2.1 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.12.0 // indirect - golang.org/x/mod v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.11.0 // indirect - golang.org/x/sync v0.3.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/term v0.11.0 // indirect - golang.org/x/text v0.12.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect + golang.org/x/tools v0.20.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.138.0 // indirect @@ -160,12 +159,12 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/component-base v0.28.0 // indirect - k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/klog/v2 v2.110.1 // indirect k8s.io/kube-openapi v0.0.0-20230816210353-14e408962443 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect knative.dev/pkg v0.0.0-20230821102121-81e4ee140363 // indirect - mvdan.cc/gofumpt v0.5.0 // indirect + mvdan.cc/gofumpt v0.6.0 // indirect sigs.k8s.io/controller-runtime v0.16.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/docs/platypus2/go.sum b/docs/platypus2/go.sum index 8079cde..fe127d6 100644 --- a/docs/platypus2/go.sum +++ b/docs/platypus2/go.sum @@ -46,24 +46,33 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/storage v1.32.0 h1:5w6DxEGOnktmJHarxAOUywxVW9lbNWIzlzzUltG/3+o= cloud.google.com/go/storage v1.32.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/OxflYkiD8= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v65.0.0+incompatible h1:HzKLt3kIwMm4KeJYTdx9EbjRYTySD/t8i1Ee/W5EGXw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0 h1:8q4SaHjFsClSvuVne0ID/5Ka8u3fcIHyqkLjcFpNRHQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.0 h1:HCc0+LpPfpCKs6LGGLAhwBARt9632unrVcI6i8s/8os= +github.com/AzureAD/microsoft-authentication-library-for-go v1.1.0/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Pallinder/go-randomdata v1.2.0 h1:DZ41wBchNRb/0GfsePLiSwb0PHZmT67XY00lCDlaYPg= -github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= +github.com/Pallinder/go-randomdata v1.2.0/go.mod h1:yHmJgulpD2Nfrm0cR9tI/+oAgRqCQQixsA8HyRZfV9Y= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/VictoriaMetrics/VictoriaMetrics v1.93.0 h1:7Lsysu5Rzi7ZQPmBNa8ap7Yge1+7enmkHCtTSr0a9i8= @@ -76,7 +85,6 @@ github.com/VictoriaMetrics/metricsql v0.63.0 h1:RRu3lln7uhQwSRkzAknOUyB0uP9LwymF github.com/VictoriaMetrics/metricsql v0.63.0/go.mod h1:k4UaP/+CjuZslIjd+kCigNG9TQmUqh5v0TP/nMEy90I= github.com/VictoriaMetrics/operator/api v0.0.0-20230818073123-76d5956610b7 h1:UC2egryv5Rw143EovMqM73533K1o4D/yDQ45fJvJsxE= github.com/VictoriaMetrics/operator/api v0.0.0-20230818073123-76d5956610b7/go.mod h1:9xOZrc3kjanpgasau9iMeUM6vYIm37bdTpBRYB0nccY= -github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -85,14 +93,15 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc= +github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0= github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.0.3/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= -github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= +github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/ardanlabs/conf/v3 v3.1.6 h1:t6AkG131ncy21ko18KQvBIc6+fWGZHTho12fd8JaUo8= github.com/ardanlabs/conf/v3 v3.1.6/go.mod h1:zclexWKe0NVj6LHQ8NgDDZ7bQ1spE0KeKPFficdtAjU= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -109,6 +118,7 @@ github.com/aws/karpenter-core v0.29.2/go.mod h1:GzFITbd2ijUiV4UJ0wox4RJQsFD2ncyJ github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= +github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -118,6 +128,7 @@ github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJm github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blendle/zapdriver v1.3.1 h1:C3dydBOWYRiOk+B8X9IVZ5IOe+7cl+tGOexN4QqHfpE= +github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc= github.com/bmatcuk/doublestar/v4 v4.6.0 h1:HTuxyug8GyFbRkrffIpzNCSK4luc0TY3wzXvzIZhEXc= github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= @@ -132,6 +143,8 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -155,6 +168,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= +github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/dave/jennifer v1.7.0 h1:uRbSBH9UTS64yXbh4FrMHfgfY762RD+C7bUPKODpSJE= github.com/dave/jennifer v1.7.0/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -173,7 +188,8 @@ github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= +github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= +github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -191,19 +207,23 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= -github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= +github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= +github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= -github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= +github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +github.com/go-git/go-git/v5 v5.10.1 h1:tu8/D8i+TWxgKpzQ3Vc43e+kkhXqtsZCKI/egajKnxk= +github.com/go-git/go-git/v5 v5.10.1/go.mod h1:uEuHjxkHap8kAl//V5F/nNWwqIYtP/402ddd05mp0wg= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -221,10 +241,11 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= +github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= @@ -241,16 +262,19 @@ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+ github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= +github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.15.1 h1:BSe8uhN+xQ4r5guV/ywQI4gO59C2raYcGffYWZEjZzM= -github.com/go-playground/validator/v10 v10.15.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= +github.com/go-playground/validator/v10 v10.19.0 h1:ol+5Fu+cSq9JD7SoSqe04GMI92cbn0+wvQ3bZ8b/AU4= +github.com/go-playground/validator/v10 v10.19.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= +github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= @@ -258,6 +282,7 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= +github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -295,10 +320,15 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/golingon/terraproviders/aws/5.13.1 v0.0.0-20230821062044-8717820dd713 h1:7EekNI6bSKCOXAUWHS+jAhIG5O2EK0r3BCLu+cLD2KY= -github.com/golingon/terraproviders/aws/5.13.1 v0.0.0-20230821062044-8717820dd713/go.mod h1:jgGVqPd1MNY6kL2MR19FdB4G7BscuvNJ3NbU8x1btq4= -github.com/golingon/terraproviders/tls/4.0.4 v0.0.0-20230821062044-8717820dd713 h1:mo/ovOct14q3nI7b58TjqkSQB2yXUYVajoBr7KUPEz8= -github.com/golingon/terraproviders/tls/4.0.4 v0.0.0-20230821062044-8717820dd713/go.mod h1:9YiA/6+3k63yk5XMFLrTkD3nK2i1J04V8umfvyyBIxA= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golingon/terra-aws v0.0.0-20240411092819-1b44e89cb239 h1:vqnH3XOdT1FTebLSz2vDe+BB1q6c2CQOvly1WG5g1aM= +github.com/golingon/terra-aws v0.0.0-20240411092819-1b44e89cb239/go.mod h1:QoUmwquPXMpAMAp36k0TYAwMmyKKj1xr4FltzHD75kY= +github.com/golingon/terra-aws v0.0.0-20240412061705-12f221c7f462 h1:fZEzgoxPn+VEdefCUJ3xcEKA/fXigq2/0QOM1bE44oo= +github.com/golingon/terra-aws v0.0.0-20240412061705-12f221c7f462/go.mod h1:QoUmwquPXMpAMAp36k0TYAwMmyKKj1xr4FltzHD75kY= +github.com/golingon/terra_tls v0.0.0-20240411093921-49711ab41872 h1:9H3VZ/Eq51t2W3Aycfk7wvgLTM7fokuo4jqq0wmBcis= +github.com/golingon/terra_tls v0.0.0-20240411093921-49711ab41872/go.mod h1:IPr5Pavvt7gG2WDKK7E/v0nNe+0fu5k+b3q0i/Vr6AA= +github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c h1:9HhF/oFSptpg9lmXsJGXE3PBe8CAnWGcYkdY1vAXV3A= +github.com/golingon/terra_tls v0.0.0-20240412065029-004d8973b97c/go.mod h1:IPr5Pavvt7gG2WDKK7E/v0nNe+0fu5k+b3q0i/Vr6AA= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= @@ -319,8 +349,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= @@ -330,6 +361,7 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= +github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -343,6 +375,7 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 h1:n6vlPhxsA+BW/XsS5+uqi7GyzaLa5MH7qlSLBZtRdiA= +github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.5 h1:8IYp3w9nysqv3JH+NJgXJzGbDHzLOTj43BmSkp+O7qg= github.com/google/s2a-go v0.1.5/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= @@ -375,6 +408,7 @@ github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= @@ -388,18 +422,19 @@ github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hc-install v0.5.0 h1:D9bl4KayIYKEeJ4vUDe9L5huqxZXczKaykSRcmQ0xY0= +github.com/hashicorp/hc-install v0.6.2 h1:V1k+Vraqz4olgZ9UzKiAcbman9i9scg9GgSt/U3mw/M= +github.com/hashicorp/hc-install v0.6.2/go.mod h1:2JBpd+NCFKiHiu/yYCGaPyPHhZLxXTpz8oreHa/a3Ps= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl/v2 v2.17.0 h1:z1XvSUyXd1HP10U4lrLg5e0JMVz6CPaJvAgxM0KNZVY= -github.com/hashicorp/hcl/v2 v2.17.0/go.mod h1:gJyW2PTShkJqQBKpAmPO3yxMxIuoXkOF2TpqXzrQyx4= +github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= +github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hashicorp/terraform-exec v0.18.1 h1:LAbfDvNQU1l0NOQlTuudjczVhHj061fNX5H8XZxHlH4= -github.com/hashicorp/terraform-exec v0.18.1/go.mod h1:58wg4IeuAJ6LVsLUeD2DWZZoc/bYi6dzhLHzxM41980= -github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA= -github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o= +github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= +github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= +github.com/hashicorp/terraform-json v0.21.0 h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U= +github.com/hashicorp/terraform-json v0.21.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -410,6 +445,7 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -431,7 +467,8 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck= +github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= +github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= @@ -448,13 +485,15 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= -github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= +github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -473,9 +512,9 @@ github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zk github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA/g= +github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= @@ -502,6 +541,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nats-io/jwt/v2 v2.4.1 h1:Y35W1dgbbz2SQUYDPCaclXcuqleVmpbRa7646Jf2EX4= +github.com/nats-io/jwt/v2 v2.4.1/go.mod h1:24BeQtRwxRV8ruvC4CojXlx/WQ/VjuwlYiH+vu/+ibI= github.com/nats-io/nats-server/v2 v2.9.17 h1:gFpUQ3hqIDJrnqog+Bl5vaXg+RhhYEZIElasEuRn2tw= github.com/nats-io/nats-server/v2 v2.9.17/go.mod h1:eQysm3xDZmIjfkjr7DuD9DjRFpnxQc2vKVxtEg0Dp6s= github.com/nats-io/nats.go v1.28.0 h1:Th4G6zdsz2d0OqXdfzKLClo6bOfoI/b1kInhRtFIy5c= @@ -526,6 +566,7 @@ github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7 github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= @@ -535,6 +576,7 @@ github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8lu github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= +github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -542,7 +584,10 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= +github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -554,6 +599,7 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= +github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.67.1 h1:u1Mw9irznvsBPxQxjUmCel1ufP3UgzA1CILj7/2tpNw= github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.67.1/go.mod h1:KZHvrby65G+rA4V/vMTUXDV22TI+GgLIrCigYClpjzk= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -578,6 +624,7 @@ github.com/prometheus/common v0.28.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4= +github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -591,8 +638,8 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= @@ -600,12 +647,15 @@ github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= +github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= +github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -642,13 +692,12 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.16.0 h1:SyXa+dsSPpUlcwEDuKuEBJEz5vzTvOea+9rjyYodQFg= -github.com/tidwall/gjson v1.16.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= +github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -674,7 +723,8 @@ github.com/valyala/quicktemplate v1.7.0/go.mod h1:sqKJnoaOF88V07vkO+9FL8fb9uZg/V github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= github.com/veggiemonk/strcase v0.0.0-20230627213939-a882c834bcab h1:XFqIqepU0qLA2+oK9XEjZE4yuh33T4Mc/v4uurLBrSI= github.com/veggiemonk/strcase v0.0.0-20230627213939-a882c834bcab/go.mod h1:FhMPOXYKshhGzQYJHiD5+zsWaVMP2NGpi/HfPu14QPA= -github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= +github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= +github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -691,8 +741,10 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0= -github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= +github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= +github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= github.com/zeitlinger/conflate v0.0.0-20230622100834-279724abda8c h1:PtECnCzGLw8MuQ0tmPRaN5c95ZfNTFZOobvgC6A83zk= github.com/zeitlinger/conflate v0.0.0-20230622100834-279724abda8c/go.mod h1:KsJBt1tGR0Q7u+3T7CLN+zITAI06GiXVi/cgP9Xrpb8= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -742,6 +794,7 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= +go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -756,8 +809,8 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -799,8 +852,8 @@ golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -860,8 +913,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -891,8 +944,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -971,15 +1024,15 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -993,8 +1046,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= -golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1065,8 +1118,8 @@ golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1220,6 +1273,7 @@ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1262,8 +1316,8 @@ k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= k8s.io/kube-aggregator v0.26.2 h1:WtcLGisa5aCKBbBI1/Xe7gdjPlVb5Xhvs4a8Rdk8EXs= k8s.io/kube-aggregator v0.26.2/go.mod h1:swDTw0k/XghVLR+PCWnP6Y36wR2+DsqL2HUVq8eu0RI= k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= @@ -1275,8 +1329,8 @@ k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSn k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/pkg v0.0.0-20230821102121-81e4ee140363 h1:TI2hMwTM5Bl+yaWu1gN5bXAHSvc+FtH9cqm3NzmDBtY= knative.dev/pkg v0.0.0-20230821102121-81e4ee140363/go.mod h1:dA3TdhFTRm4KmmpvfknpGV43SbGNFkLHySjC8/+NczM= -mvdan.cc/gofumpt v0.5.0 h1:0EQ+Z56k8tXjj/6TQD25BFNKQXpCvT0rnansIc7Ug5E= -mvdan.cc/gofumpt v0.5.0/go.mod h1:HBeVDtMKRZpXyxFciAirzdKklDlGu8aAy1wEbH5Y9js= +mvdan.cc/gofumpt v0.6.0 h1:G3QvahNDmpD+Aek/bNOLrFR2XC6ZAdo62dZu65gmwGo= +mvdan.cc/gofumpt v0.6.0/go.mod h1:4L0wf+kgIPZtcCWXynNS2e6bhmj73umwnuXSZarixzA= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -1291,8 +1345,9 @@ sigs.k8s.io/kind v0.20.0 h1:f0sc3v9mQbGnjBUaqSFST1dwIuiikKVGgoTwpoP33a8= sigs.k8s.io/kind v0.20.0/go.mod h1:aBlbxg08cauDgZ612shr017/rZwqd7AS563FvpWKPVs= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= -sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/docs/platypus2/infra/csi_ebs.go b/docs/platypus2/infra/csi_ebs.go index fb00164..daaa0a3 100644 --- a/docs/platypus2/infra/csi_ebs.go +++ b/docs/platypus2/infra/csi_ebs.go @@ -5,13 +5,14 @@ package infra import ( "github.com/golingon/lingon/pkg/terra" - aws "github.com/golingon/terraproviders/aws/5.13.1" - "github.com/golingon/terraproviders/aws/5.13.1/dataiampolicydocument" - "github.com/golingon/terraproviders/aws/5.13.1/iamrole" + "github.com/golingon/lingoneks/out/aws/aws_eks_addon" + "github.com/golingon/lingoneks/out/aws/aws_iam_policy_document" + "github.com/golingon/lingoneks/out/aws/aws_iam_role" + "github.com/golingon/lingoneks/out/aws/aws_iam_role_policy_attachment" ) type CSI struct { - CSIDriver *aws.EksAddon `validate:"required"` + CSIDriver *aws_eks_addon.Resource `validate:"required"` IAMRole `validate:"required"` } @@ -22,17 +23,17 @@ type CSIOpts struct { } type IAMRole struct { - AssumeRolePolicy *aws.DataIamPolicyDocument `validate:"required"` - Role *aws.IamRole `validate:"required"` - RolePolicy *aws.DataIamPolicyDocument `validate:"required"` - PolicyAttach *aws.IamRolePolicyAttachment `validate:"required"` + AssumeRolePolicy *aws_iam_policy_document.DataSource `validate:"required"` + Role *aws_iam_role.Resource `validate:"required"` + RolePolicy *aws_iam_policy_document.DataSource `validate:"required"` + PolicyAttach *aws_iam_role_policy_attachment.Resource `validate:"required"` } func NewCSIEBS(opts CSIOpts) *CSI { ir := newIAMRole(opts) return &CSI{ - CSIDriver: aws.NewEksAddon( - opts.ClusterName+"-csiebs", aws.EksAddonArgs{ + CSIDriver: aws_eks_addon.New( + opts.ClusterName+"-csiebs", aws_eks_addon.Args{ AddonName: S("aws-ebs-csi-driver"), // AddonVersion: S("v1.19.0-eksbuild.1"), AddonVersion: S("v1.21.0-eksbuild.1"), @@ -47,14 +48,14 @@ func NewCSIEBS(opts CSIOpts) *CSI { } func newIAMRole(opts CSIOpts) *IAMRole { - assumeRolePolicy := aws.NewDataIamPolicyDocument( - "csi_assume_role", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ + assumeRolePolicy := aws_iam_policy_document.Data( + "csi_assume_role", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Actions: terra.Set(S("sts:AssumeRoleWithWebIdentity")), Effect: S("Allow"), - Condition: []dataiampolicydocument.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringEquals"), Variable: S(opts.OIDCProviderURL + ":sub"), @@ -70,7 +71,7 @@ func newIAMRole(opts CSIOpts) *IAMRole { Values: terra.ListString("sts.amazonaws.com"), }, }, - Principals: []dataiampolicydocument.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Federated"), Identifiers: terra.Set(S(opts.OIDCProviderArn)), @@ -82,12 +83,12 @@ func newIAMRole(opts CSIOpts) *IAMRole { ) // small utility function to avoid repeting fields in the policy - cond := func(action, v, val string) dataiampolicydocument.Statement { - return dataiampolicydocument.Statement{ + cond := func(action, v, val string) aws_iam_policy_document.DataStatement { + return aws_iam_policy_document.DataStatement{ Effect: S("Allow"), Actions: terra.SetString(action), Resources: terra.SetString("*"), - Condition: []dataiampolicydocument.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringLike"), Variable: S(v), @@ -100,9 +101,9 @@ func newIAMRole(opts CSIOpts) *IAMRole { // converted from // https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/example-iam-policy.json // - policy := aws.NewDataIamPolicyDocument( - "csiebs", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ + policy := aws_iam_policy_document.Data( + "csiebs", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Effect: S("Allow"), Actions: terra.SetString( @@ -126,7 +127,7 @@ func newIAMRole(opts CSIOpts) *IAMRole { "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", ), - Condition: []dataiampolicydocument.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringEquals"), Variable: S("ec2:CreateAction"), @@ -177,13 +178,13 @@ func newIAMRole(opts CSIOpts) *IAMRole { }, ) - csiRole := aws.NewIamRole( - "csiebs_role", aws.IamRoleArgs{ + csiRole := aws_iam_role.New( + "csiebs_role", aws_iam_role.Args{ Name: S(opts.ClusterName + "-csi"), Description: S("IAM Role for CSI EBS driver"), AssumeRolePolicy: assumeRolePolicy.Attributes().Json(), - InlinePolicy: []iamrole.InlinePolicy{ + InlinePolicy: []aws_iam_role.InlinePolicy{ { Name: S("csi-ebs-driver"), Policy: policy.Attributes().Json(), @@ -191,9 +192,9 @@ func newIAMRole(opts CSIOpts) *IAMRole { }, }, ) - pa := aws.NewIamRolePolicyAttachment( + pa := aws_iam_role_policy_attachment.New( "csiebs_attach_AmazonEBSCSIDriverPolicy", - aws.IamRolePolicyAttachmentArgs{ + aws_iam_role_policy_attachment.Args{ PolicyArn: S( "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", ), diff --git a/docs/platypus2/infra/eks.go b/docs/platypus2/infra/eks.go index 997e2cb..5269839 100644 --- a/docs/platypus2/infra/eks.go +++ b/docs/platypus2/infra/eks.go @@ -7,10 +7,14 @@ import ( "fmt" "github.com/golingon/lingon/pkg/terra" - aws "github.com/golingon/terraproviders/aws/5.13.1" - "github.com/golingon/terraproviders/aws/5.13.1/dataiampolicydocument" - "github.com/golingon/terraproviders/aws/5.13.1/ekscluster" - tls "github.com/golingon/terraproviders/tls/4.0.4" + "github.com/golingon/lingoneks/out/aws/aws_eks_cluster" + "github.com/golingon/lingoneks/out/aws/aws_iam_openid_connect_provider" + "github.com/golingon/lingoneks/out/aws/aws_iam_policy_document" + "github.com/golingon/lingoneks/out/aws/aws_iam_role" + "github.com/golingon/lingoneks/out/aws/aws_iam_role_policy_attachment" + "github.com/golingon/lingoneks/out/aws/aws_security_group" + "github.com/golingon/lingoneks/out/aws/aws_security_group_rule" + "github.com/golingon/terra_tls/tls_certificate" ) var ( @@ -32,25 +36,25 @@ type ClusterOpts struct { } type Cluster struct { - EKSCluster *aws.EksCluster `validate:"required"` - IAMPolicyDocument *aws.DataIamPolicyDocument `validate:"required"` - IAMRole *aws.IamRole `validate:"required"` - IAMRoleClusterPolicy *aws.IamRolePolicyAttachment `validate:"required"` - IAMRoleVPCController *aws.IamRolePolicyAttachment `validate:"required"` + EKSCluster *aws_eks_cluster.Resource `validate:"required"` + IAMPolicyDocument *aws_iam_policy_document.DataSource `validate:"required"` + IAMRole *aws_iam_role.Resource `validate:"required"` + IAMRoleClusterPolicy *aws_iam_role_policy_attachment.Resource `validate:"required"` + IAMRoleVPCController *aws_iam_role_policy_attachment.Resource `validate:"required"` // SecurityGroup is the AWS security group for both the EKS control plane // and worker nodes - SecurityGroup *aws.SecurityGroup `validate:"required"` - IngressAllowAll *aws.SecurityGroupRule `validate:"required"` - EgressAllowAll *aws.SecurityGroupRule `validate:"required"` + SecurityGroup *aws_security_group.Resource `validate:"required"` + IngressAllowAll *aws_security_group_rule.Resource `validate:"required"` + EgressAllowAll *aws_security_group_rule.Resource `validate:"required"` - TLSCert *tls.DataCertificate `validate:"required"` - IAMOIDCProvider *aws.IamOpenidConnectProvider `validate:"required"` + TLSCert *tls_certificate.DataSource `validate:"required"` + IAMOIDCProvider *aws_iam_openid_connect_provider.Resource `validate:"required"` } func NewCluster(opts ClusterOpts) *Cluster { - sg := aws.NewSecurityGroup( - "eks", aws.SecurityGroupArgs{ + sg := aws_security_group.New( + "eks", aws_security_group.Args{ Name: S("eks-" + opts.Name), Description: S( fmt.Sprintf( @@ -67,8 +71,8 @@ func NewCluster(opts ClusterOpts) *Cluster { sgAttrs := sg.Attributes() - ingressAllowAll := aws.NewSecurityGroupRule( - "eks", aws.SecurityGroupRuleArgs{ + ingressAllowAll := aws_security_group_rule.New( + "eks", aws_security_group_rule.Args{ SecurityGroupId: sgAttrs.Id(), SourceSecurityGroupId: sgAttrs.Id(), Description: S( @@ -80,8 +84,8 @@ func NewCluster(opts ClusterOpts) *Cluster { Type: INGRESS, }, ) - egressAllowAll := aws.NewSecurityGroupRule( - "node_egress_all", aws.SecurityGroupRuleArgs{ + egressAllowAll := aws_security_group_rule.New( + "node_egress_all", aws_security_group_rule.Args{ SecurityGroupId: sgAttrs.Id(), Description: S("Allow all egress"), Protocol: S("-1"), @@ -92,13 +96,13 @@ func NewCluster(opts ClusterOpts) *Cluster { }, ) - iamPolicyDocument := aws.NewDataIamPolicyDocument( - "eks", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ + iamPolicyDocument := aws_iam_policy_document.Data( + "eks", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Sid: S("EKSClusterAssumeRole"), Actions: terra.Set(S("sts:AssumeRole")), - Principals: []dataiampolicydocument.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Service"), Identifiers: terra.Set(S("eks.amazonaws.com")), @@ -109,31 +113,31 @@ func NewCluster(opts ClusterOpts) *Cluster { }, ) - iamRole := aws.NewIamRole( - "eks", aws.IamRoleArgs{ + iamRole := aws_iam_role.New( + "eks", aws_iam_role.Args{ Name: S("eks-" + opts.Name), AssumeRolePolicy: iamPolicyDocument.Attributes().Json(), }, ) - clusterPolicy := aws.NewIamRolePolicyAttachment( - "cluster_policy", aws.IamRolePolicyAttachmentArgs{ + clusterPolicy := aws_iam_role_policy_attachment.New( + "cluster_policy", aws_iam_role_policy_attachment.Args{ PolicyArn: arnClusterPolicy, Role: iamRole.Attributes().Name(), }, ) - vpcController := aws.NewIamRolePolicyAttachment( - "vpc_controller", aws.IamRolePolicyAttachmentArgs{ + vpcController := aws_iam_role_policy_attachment.New( + "vpc_controller", aws_iam_role_policy_attachment.Args{ PolicyArn: arnVPCResourceController, Role: iamRole.Attributes().Name(), }, ) - eksCluster := aws.NewEksCluster( - "eks", aws.EksClusterArgs{ + eksCluster := aws_eks_cluster.New( + "eks", aws_eks_cluster.Args{ Name: S(opts.Name), RoleArn: iamRole.Attributes().Arn(), - VpcConfig: &ekscluster.VpcConfig{ + VpcConfig: &aws_eks_cluster.VpcConfig{ SecurityGroupIds: terra.Set(sgAttrs.Id()), SubnetIds: terra.SetString(opts.PrivateSubnetIDs[:]...), }, @@ -153,8 +157,8 @@ func NewCluster(opts ClusterOpts) *Cluster { // ), // } - tlsCert := tls.NewDataCertificate( - "eks", tls.DataCertificateArgs{ + tlsCert := tls_certificate.Data( + "eks", tls_certificate.DataArgs{ Url: eksCluster.Attributes(). Identity(). Index(0). @@ -163,8 +167,8 @@ func NewCluster(opts ClusterOpts) *Cluster { Issuer(), }, ) - iamOIDCProvider := aws.NewIamOpenidConnectProvider( - "eks", aws.IamOpenidConnectProviderArgs{ + iamOIDCProvider := aws_iam_openid_connect_provider.New( + "eks", aws_iam_openid_connect_provider.Args{ ClientIdList: terra.Set(terra.String("sts.amazonaws.com")), ThumbprintList: terra.CastAsList( tlsCert.Attributes(). diff --git a/docs/platypus2/infra/eks_test.go b/docs/platypus2/infra/eks_test.go index 953cfa7..7162a96 100644 --- a/docs/platypus2/infra/eks_test.go +++ b/docs/platypus2/infra/eks_test.go @@ -11,7 +11,7 @@ import ( "github.com/golingon/lingon/pkg/terra" tu "github.com/golingon/lingon/pkg/testutil" - aws "github.com/golingon/terraproviders/aws/5.13.1" + "github.com/golingon/lingoneks/out/aws" "github.com/hashicorp/terraform-exec/tfexec" ) @@ -84,7 +84,7 @@ func TestEKS(t *testing.T) { }, ) stack := awsStack{ - Provider: aws.NewProvider(aws.ProviderArgs{}), + Provider: &aws.Provider{}, Cluster: *eks, } ctx := context.Background() diff --git a/docs/platypus2/infra/s3.go b/docs/platypus2/infra/s3.go index 37717c0..3aa3068 100644 --- a/docs/platypus2/infra/s3.go +++ b/docs/platypus2/infra/s3.go @@ -5,23 +5,24 @@ package infra import ( "github.com/golingon/lingon/pkg/terra" - aws "github.com/golingon/terraproviders/aws/5.13.1" - "github.com/golingon/terraproviders/aws/5.13.1/s3bucketserversideencryptionconfiguration" - "github.com/golingon/terraproviders/aws/5.13.1/s3bucketversioning" + "github.com/golingon/lingoneks/out/aws/aws_s3_bucket" + "github.com/golingon/lingoneks/out/aws/aws_s3_bucket_public_access_block" + "github.com/golingon/lingoneks/out/aws/aws_s3_bucket_server_side_encryption_configuration" + "github.com/golingon/lingoneks/out/aws/aws_s3_bucket_versioning" ) type Bucket struct { - S3 *aws.S3Bucket `validate:"required"` + S3 *aws_s3_bucket.Resource `validate:"required"` // ACL *aws.S3BucketAcl // `validate:"required"` - Versioning *aws.S3BucketVersioning `validate:"required"` - PublicAccess *aws.S3BucketPublicAccessBlock `validate:"required"` - SSE *aws.S3BucketServerSideEncryptionConfiguration `validate:"required"` + Versioning *aws_s3_bucket_versioning.Resource `validate:"required"` + PublicAccess *aws_s3_bucket_public_access_block.Resource `validate:"required"` + SSE *aws_s3_bucket_server_side_encryption_configuration.Resource `validate:"required"` } func NewBucket(bucketName string) *Bucket { - b := aws.NewS3Bucket( - "s3", aws.S3BucketArgs{ + b := aws_s3_bucket.New( + "s3", aws_s3_bucket.Args{ Bucket: S(bucketName), Tags: Stags("Name", "Lingon Experiment"), }, @@ -40,17 +41,17 @@ func NewBucket(bucketName string) *Bucket { // }, // ) - vv := aws.NewS3BucketVersioning( - "s3", aws.S3BucketVersioningArgs{ + vv := aws_s3_bucket_versioning.New( + "s3", aws_s3_bucket_versioning.Args{ Bucket: bucketID, - VersioningConfiguration: &s3bucketversioning.VersioningConfiguration{ + VersioningConfiguration: &aws_s3_bucket_versioning.VersioningConfiguration{ Status: S("Enabled"), }, }, ) - pab := aws.NewS3BucketPublicAccessBlock( - "s3", aws.S3BucketPublicAccessBlockArgs{ + pab := aws_s3_bucket_public_access_block.New( + "s3", aws_s3_bucket_public_access_block.Args{ Bucket: bucketID, BlockPublicAcls: terra.Bool(true), BlockPublicPolicy: terra.Bool(true), @@ -59,8 +60,8 @@ func NewBucket(bucketName string) *Bucket { }, ) - enc := aws.NewS3BucketServerSideEncryptionConfiguration( - "s3", aws.S3BucketServerSideEncryptionConfigurationArgs{ + enc := aws_s3_bucket_server_side_encryption_configuration.New( + "s3", aws_s3_bucket_server_side_encryption_configuration.Args{ Bucket: bucketID, Rule: RuleEncryptKMS(), }, @@ -75,10 +76,10 @@ func NewBucket(bucketName string) *Bucket { } } -func RuleEncryptKMS() []s3bucketserversideencryptionconfiguration.Rule { - return []s3bucketserversideencryptionconfiguration.Rule{ +func RuleEncryptKMS() []aws_s3_bucket_server_side_encryption_configuration.Rule { + return []aws_s3_bucket_server_side_encryption_configuration.Rule{ { - ApplyServerSideEncryptionByDefault: &s3bucketserversideencryptionconfiguration.ApplyServerSideEncryptionByDefault{ + ApplyServerSideEncryptionByDefault: &aws_s3_bucket_server_side_encryption_configuration.RuleApplyServerSideEncryptionByDefault{ SseAlgorithm: S("aws:kms"), }, }, diff --git a/docs/platypus2/infra/vpc.go b/docs/platypus2/infra/vpc.go index e9cbe0c..dc6b6c4 100644 --- a/docs/platypus2/infra/vpc.go +++ b/docs/platypus2/infra/vpc.go @@ -7,7 +7,14 @@ import ( "fmt" "github.com/golingon/lingon/pkg/terra" - aws "github.com/golingon/terraproviders/aws/5.13.1" + "github.com/golingon/lingoneks/out/aws/aws_eip" + "github.com/golingon/lingoneks/out/aws/aws_internet_gateway" + "github.com/golingon/lingoneks/out/aws/aws_nat_gateway" + "github.com/golingon/lingoneks/out/aws/aws_route" + "github.com/golingon/lingoneks/out/aws/aws_route_table" + "github.com/golingon/lingoneks/out/aws/aws_route_table_association" + "github.com/golingon/lingoneks/out/aws/aws_subnet" + "github.com/golingon/lingoneks/out/aws/aws_vpc" ) type Opts struct { @@ -21,21 +28,21 @@ type Opts struct { } type AWSVPC struct { - VPC *aws.Vpc `validate:"required"` + VPC *aws_vpc.Resource `validate:"required"` - PublicSubnets [3]*aws.Subnet `validate:"required,dive,required"` - PublicRT *aws.RouteTable `validate:"required"` - PublicRoute *aws.Route `validate:"required"` - PublicRTAssocs [3]*aws.RouteTableAssociation `validate:"required,dive,required"` + PublicSubnets [3]*aws_subnet.Resource `validate:"required,dive,required"` + PublicRT *aws_route_table.Resource `validate:"required"` + PublicRoute *aws_route.Resource `validate:"required"` + PublicRTAssocs [3]*aws_route_table_association.Resource `validate:"required,dive,required"` - PrivateSubnets [3]*aws.Subnet `validate:"required,dive,required"` - PrivateRTs [3]*aws.RouteTable `validate:"required,dive,required"` - PrivateRoutes [3]*aws.Route `validate:"required,dive,required"` - PrivateRTAssocs [3]*aws.RouteTableAssociation `validate:"required,dive,required"` + PrivateSubnets [3]*aws_subnet.Resource `validate:"required,dive,required"` + PrivateRTs [3]*aws_route_table.Resource `validate:"required,dive,required"` + PrivateRoutes [3]*aws_route.Resource `validate:"required,dive,required"` + PrivateRTAssocs [3]*aws_route_table_association.Resource `validate:"required,dive,required"` - InternetGateway *aws.InternetGateway `validate:"required"` - EIPNat [3]*aws.Eip `validate:"required,dive,required"` - NatGateways [3]*aws.NatGateway `validate:"required,dive,required"` + InternetGateway *aws_internet_gateway.Resource `validate:"required"` + EIPNat [3]*aws_eip.Resource `validate:"required,dive,required"` + NatGateways [3]*aws_nat_gateway.Resource `validate:"required,dive,required"` } func NewAWSVPC(opts Opts) *AWSVPC { @@ -50,8 +57,8 @@ func NewAWSVPC(opts Opts) *AWSVPC { return MergeSTags(opts.CommonTags, ss...) } - vpc := aws.NewVpc( - name, aws.VpcArgs{ + vpc := aws_vpc.New( + name, aws_vpc.Args{ CidrBlock: S(opts.CIDR), // Tags: ttags(map[string]string{TagName: opts.Name}), InstanceTenancy: S("default"), @@ -61,17 +68,17 @@ func NewAWSVPC(opts Opts) *AWSVPC { }, ) - igw := aws.NewInternetGateway( - name, aws.InternetGatewayArgs{ + igw := aws_internet_gateway.New( + name, aws_internet_gateway.Args{ VpcId: vpc.Attributes().Id(), Tags: tags(name + "-igw"), }, ) - eipNats := [3]*aws.Eip{} + eipNats := [3]*aws_eip.Resource{} for i := 0; i < 3; i++ { - eipNats[i] = aws.NewEip( - fmt.Sprintf("nats_%d", i), aws.EipArgs{ + eipNats[i] = aws_eip.New( + fmt.Sprintf("nats_%d", i), aws_eip.Args{ // Vpc: B(true), // deprecated Domain: S("vpc"), Tags: tags("nat-" + opts.AZs[i]), @@ -79,10 +86,10 @@ func NewAWSVPC(opts Opts) *AWSVPC { ) } - publicSubnets := [3]*aws.Subnet{} + publicSubnets := [3]*aws_subnet.Resource{} for i := 0; i < 3; i++ { - publicSubnets[i] = aws.NewSubnet( - fmt.Sprintf("public_%d", i), aws.SubnetArgs{ + publicSubnets[i] = aws_subnet.New( + fmt.Sprintf("public_%d", i), aws_subnet.Args{ VpcId: vpc.Attributes().Id(), AvailabilityZone: S(opts.AZs[i]), CidrBlock: S(opts.PublicSubnetCIDRs[i]), @@ -92,34 +99,34 @@ func NewAWSVPC(opts Opts) *AWSVPC { ) } - publicRT := aws.NewRouteTable( - "public", aws.RouteTableArgs{ + publicRT := aws_route_table.New( + "public", aws_route_table.Args{ VpcId: vpc.Attributes().Id(), Tags: tags(name + "-public"), }, ) - publicRoute := aws.NewRoute( - "public", aws.RouteArgs{ + publicRoute := aws_route.New( + "public", aws_route.Args{ DestinationCidrBlock: Anywhere, RouteTableId: publicRT.Attributes().Id(), GatewayId: igw.Attributes().Id(), }, ) - pubRTAssocs := [3]*aws.RouteTableAssociation{} + pubRTAssocs := [3]*aws_route_table_association.Resource{} for i := 0; i < 3; i++ { - pubRTAssocs[i] = aws.NewRouteTableAssociation( - fmt.Sprintf("public_%d", i), aws.RouteTableAssociationArgs{ + pubRTAssocs[i] = aws_route_table_association.New( + fmt.Sprintf("public_%d", i), aws_route_table_association.Args{ SubnetId: publicSubnets[i].Attributes().Id(), RouteTableId: publicRT.Attributes().Id(), }, ) } - natGateways := [3]*aws.NatGateway{} + natGateways := [3]*aws_nat_gateway.Resource{} for i := 0; i < 3; i++ { - ng := aws.NewNatGateway( - fmt.Sprintf("nat_gateway_%d", i), aws.NatGatewayArgs{ + ng := aws_nat_gateway.New( + fmt.Sprintf("nat_gateway_%d", i), aws_nat_gateway.Args{ SubnetId: publicSubnets[i].Attributes().Id(), AllocationId: eipNats[i].Attributes().Id(), Tags: tags(fmt.Sprintf("ng-%d", i)), @@ -129,10 +136,10 @@ func NewAWSVPC(opts Opts) *AWSVPC { natGateways[i] = ng } - privateSubnets := [3]*aws.Subnet{} + privateSubnets := [3]*aws_subnet.Resource{} for i := 0; i < 3; i++ { - privateSubnets[i] = aws.NewSubnet( - fmt.Sprintf("private_%d", i), aws.SubnetArgs{ + privateSubnets[i] = aws_subnet.New( + fmt.Sprintf("private_%d", i), aws_subnet.Args{ VpcId: vpc.Attributes().Id(), AvailabilityZone: S(opts.AZs[i]), CidrBlock: S(opts.PrivateSubnetCIDRs[i]), @@ -145,19 +152,19 @@ func NewAWSVPC(opts Opts) *AWSVPC { ) } - privateRTs := [3]*aws.RouteTable{} + privateRTs := [3]*aws_route_table.Resource{} for i := 0; i < 3; i++ { - privateRTs[i] = aws.NewRouteTable( - fmt.Sprintf("private_%d", i), aws.RouteTableArgs{ + privateRTs[i] = aws_route_table.New( + fmt.Sprintf("private_%d", i), aws_route_table.Args{ VpcId: vpc.Attributes().Id(), Tags: tags(fmt.Sprintf("platypus-private-%d", i)), }, ) } - privateRoutes := [3]*aws.Route{} + privateRoutes := [3]*aws_route.Resource{} for i := 0; i < 3; i++ { - privateRoutes[i] = aws.NewRoute( - fmt.Sprintf("private_%d", i), aws.RouteArgs{ + privateRoutes[i] = aws_route.New( + fmt.Sprintf("private_%d", i), aws_route.Args{ RouteTableId: privateRTs[i].Attributes().Id(), DestinationCidrBlock: Anywhere, NatGatewayId: natGateways[i].Attributes().Id(), @@ -165,10 +172,10 @@ func NewAWSVPC(opts Opts) *AWSVPC { ) } - privateRTAssocs := [3]*aws.RouteTableAssociation{} + privateRTAssocs := [3]*aws_route_table_association.Resource{} for i := 0; i < 3; i++ { - privateRTAssocs[i] = aws.NewRouteTableAssociation( - fmt.Sprintf("private_%d", i), aws.RouteTableAssociationArgs{ + privateRTAssocs[i] = aws_route_table_association.New( + fmt.Sprintf("private_%d", i), aws_route_table_association.Args{ SubnetId: privateSubnets[i].Attributes().Id(), RouteTableId: privateRTs[i].Attributes().Id(), }, diff --git a/docs/platypus2/karpenter/infra.go b/docs/platypus2/karpenter/infra.go index 63af242..0a9ba19 100644 --- a/docs/platypus2/karpenter/infra.go +++ b/docs/platypus2/karpenter/infra.go @@ -6,9 +6,10 @@ package karpenter import ( "fmt" - aws "github.com/golingon/terraproviders/aws/5.13.1" - "github.com/golingon/terraproviders/aws/5.13.1/dataiampolicydocument" - "github.com/golingon/terraproviders/aws/5.13.1/iamrole" + "github.com/golingon/lingoneks/out/aws/aws_iam_policy_document" + "github.com/golingon/lingoneks/out/aws/aws_iam_role" + "github.com/golingon/lingoneks/out/aws/aws_sqs_queue" + "github.com/golingon/lingoneks/out/aws/aws_sqs_queue_policy" "github.com/golingon/lingon/pkg/terra" ) @@ -42,9 +43,9 @@ type Controller struct { } type NodeTerminationQueue struct { - SimpleQueue *aws.SqsQueue `validate:"required"` - QueuePolicy *aws.SqsQueuePolicy `validate:"required"` - QueuePolicyDocument *aws.DataIamPolicyDocument `validate:"required"` + SimpleQueue *aws_sqs_queue.Resource `validate:"required"` + QueuePolicy *aws_sqs_queue_policy.Resource `validate:"required"` + QueuePolicyDocument *aws_iam_policy_document.DataSource `validate:"required"` } func NewInfra(opts InfraOpts) Infra { @@ -56,7 +57,7 @@ func NewInfra(opts InfraOpts) Infra { } } -func newController(opts InfraOpts, ipRole *aws.IamRole) Controller { +func newController(opts InfraOpts, ipRole *aws_iam_role.Resource) Controller { queue := newNodeTerminationQueue(opts) return Controller{ IAMRole: newIAMRole(opts, ipRole, queue.SimpleQueue), @@ -65,28 +66,28 @@ func newController(opts InfraOpts, ipRole *aws.IamRole) Controller { } type IAMRole struct { - AssumeRolePolicy *aws.DataIamPolicyDocument `validate:"required"` - Role *aws.IamRole `validate:"required"` - RolePolicy *aws.DataIamPolicyDocument `validate:"required"` + AssumeRolePolicy *aws_iam_policy_document.DataSource `validate:"required"` + Role *aws_iam_role.Resource `validate:"required"` + RolePolicy *aws_iam_policy_document.DataSource `validate:"required"` } func newIAMRole( opts InfraOpts, - ipRole *aws.IamRole, - queue *aws.SqsQueue, + ipRole *aws_iam_role.Resource, + queue *aws_sqs_queue.Resource, ) IAMRole { - assumeRolePolicy := aws.NewDataIamPolicyDocument( - KA.Name+"_assume_role", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ + assumeRolePolicy := aws_iam_policy_document.Data( + KA.Name+"_assume_role", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Actions: terra.Set(S("sts:AssumeRoleWithWebIdentity")), - Principals: []dataiampolicydocument.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Federated"), Identifiers: terra.Set(S(opts.OIDCProviderArn)), }, }, - Condition: []dataiampolicydocument.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringEquals"), Variable: S(opts.OIDCProviderURL + ":sub"), @@ -108,9 +109,9 @@ func newIAMRole( }, }, ) - policy := aws.NewDataIamPolicyDocument( - KA.Name, aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ + policy := aws_iam_policy_document.Data( + KA.Name, aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Actions: terra.SetString( "ec2:DescribeImages", @@ -140,7 +141,7 @@ func newIAMRole( ), Effect: S("Allow"), Resources: terra.SetString("*"), - Condition: []dataiampolicydocument.Condition{ + Condition: []aws_iam_policy_document.DataStatementCondition{ { Test: S("StringEquals"), Variable: S( @@ -178,15 +179,15 @@ func newIAMRole( }, }, ) - role := aws.NewIamRole( - KA.Name, aws.IamRoleArgs{ + role := aws_iam_role.New( + KA.Name, aws_iam_role.Args{ Name: S(opts.Name + "-controller"), Description: S( "IAM Role for Karpenter Controller (pod) to assume", ), AssumeRolePolicy: assumeRolePolicy.Attributes().Json(), - InlinePolicy: []iamrole.InlinePolicy{ + InlinePolicy: []aws_iam_role.InlinePolicy{ { Name: S(KA.Name), Policy: policy.Attributes().Json(), @@ -202,20 +203,20 @@ func newIAMRole( } func newNodeTerminationQueue(opts InfraOpts) NodeTerminationQueue { - queue := aws.NewSqsQueue( - KA.Name, aws.SqsQueueArgs{ + queue := aws_sqs_queue.New( + KA.Name, aws_sqs_queue.Args{ Name: S(opts.Name), MessageRetentionSeconds: terra.Number(300), }, ) - policyDoc := aws.NewDataIamPolicyDocument( - "node_termination_queue", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ + policyDoc := aws_iam_policy_document.Data( + "node_termination_queue", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Sid: S("SQSWrite"), Resources: terra.Set(queue.Attributes().Arn()), Actions: terra.SetString("sqs:SendMessage"), - Principals: []dataiampolicydocument.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Service"), Identifiers: terra.SetString( @@ -228,8 +229,8 @@ func newNodeTerminationQueue(opts InfraOpts) NodeTerminationQueue { }, }, ) - queuePolicy := aws.NewSqsQueuePolicy( - KA.Name, aws.SqsQueuePolicyArgs{ + queuePolicy := aws_sqs_queue_policy.New( + KA.Name, aws_sqs_queue_policy.Args{ QueueUrl: queue.Attributes().Url(), Policy: policyDoc.Attributes().Json(), }, diff --git a/docs/platypus2/karpenter/infra_fargateprofile.go b/docs/platypus2/karpenter/infra_fargateprofile.go index 7f95303..f53b76b 100644 --- a/docs/platypus2/karpenter/infra_fargateprofile.go +++ b/docs/platypus2/karpenter/infra_fargateprofile.go @@ -6,9 +6,10 @@ package karpenter import ( "fmt" - aws "github.com/golingon/terraproviders/aws/5.13.1" - "github.com/golingon/terraproviders/aws/5.13.1/dataiampolicydocument" - "github.com/golingon/terraproviders/aws/5.13.1/eksfargateprofile" + "github.com/golingon/lingoneks/out/aws/aws_eks_fargate_profile" + "github.com/golingon/lingoneks/out/aws/aws_iam_policy_document" + "github.com/golingon/lingoneks/out/aws/aws_iam_role" + "github.com/golingon/lingoneks/out/aws/aws_iam_role_policy_attachment" "github.com/golingon/lingon/pkg/terra" ) @@ -25,20 +26,20 @@ const ( // FargateProfile is the AWS EKS Fargate profile for the Karpenter pods to // run on type FargateProfile struct { - FargateProfile *aws.EksFargateProfile `validate:"required"` - IAMRole *aws.IamRole `validate:"required"` - AssumeRole *aws.DataIamPolicyDocument `validate:"required"` - PolicyAttachments []*aws.IamRolePolicyAttachment `validate:"required,dive,required"` + FargateProfile *aws_eks_fargate_profile.Resource `validate:"required"` + IAMRole *aws_iam_role.Resource `validate:"required"` + AssumeRole *aws_iam_policy_document.DataSource `validate:"required"` + PolicyAttachments []*aws_iam_role_policy_attachment.Resource `validate:"required,dive,required"` } func newFargateProfile(opts InfraOpts) FargateProfile { - arPolicy := aws.NewDataIamPolicyDocument( - "fargate", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ + arPolicy := aws_iam_policy_document.Data( + "fargate", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Effect: S("Allow"), Actions: terra.SetString("sts:AssumeRole"), - Principals: []dataiampolicydocument.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Service"), Identifiers: terra.SetString( @@ -51,8 +52,8 @@ func newFargateProfile(opts InfraOpts) FargateProfile { }, ) - iamRole := aws.NewIamRole( - "fargate", aws.IamRoleArgs{ + iamRole := aws_iam_role.New( + "fargate", aws_iam_role.Args{ Name: S(opts.Name + "-fargate"), Description: S( "IAM Role for Fargate profile for Karpenter pods to run", @@ -66,24 +67,27 @@ func newFargateProfile(opts InfraOpts) FargateProfile { awsEKSCNIPolicy, } - policyAttachments := make([]*aws.IamRolePolicyAttachment, len(policies)) + policyAttachments := make( + []*aws_iam_role_policy_attachment.Resource, + len(policies), + ) for i, policy := range policies { - policyAttachments[i] = aws.NewIamRolePolicyAttachment( + policyAttachments[i] = aws_iam_role_policy_attachment.New( fmt.Sprintf("%s_attach_%s", "fargate", policy), - aws.IamRolePolicyAttachmentArgs{ + aws_iam_role_policy_attachment.Args{ PolicyArn: S(awsPolicyARNPrefix + policy), Role: iamRole.Attributes().Name(), }, ) } - fargateProfile := aws.NewEksFargateProfile( - KA.Name, aws.EksFargateProfileArgs{ + fargateProfile := aws_eks_fargate_profile.New( + KA.Name, aws_eks_fargate_profile.Args{ ClusterName: S(opts.ClusterName), FargateProfileName: S(KA.Name), PodExecutionRoleArn: iamRole.Attributes().Arn(), SubnetIds: terra.SetString(opts.PrivateSubnetIDs[:]...), - Selector: []eksfargateprofile.Selector{ + Selector: []aws_eks_fargate_profile.Selector{ { Namespace: S(KA.Namespace), }, diff --git a/docs/platypus2/karpenter/infra_instanceprofile.go b/docs/platypus2/karpenter/infra_instanceprofile.go index 98f6562..93fc5f8 100644 --- a/docs/platypus2/karpenter/infra_instanceprofile.go +++ b/docs/platypus2/karpenter/infra_instanceprofile.go @@ -6,8 +6,10 @@ package karpenter import ( "fmt" - aws "github.com/golingon/terraproviders/aws/5.13.1" - "github.com/golingon/terraproviders/aws/5.13.1/dataiampolicydocument" + "github.com/golingon/lingoneks/out/aws/aws_iam_instance_profile" + "github.com/golingon/lingoneks/out/aws/aws_iam_policy_document" + "github.com/golingon/lingoneks/out/aws/aws_iam_role" + "github.com/golingon/lingoneks/out/aws/aws_iam_role_policy_attachment" "github.com/golingon/lingon/pkg/terra" ) @@ -15,21 +17,21 @@ import ( // InstanceProfile is the AWS EC2 Instance Profile for the nodes provisioned by // Karpenter to use. type InstanceProfile struct { - InstanceProfile *aws.IamInstanceProfile `validate:"required"` - IAMRole *aws.IamRole `validate:"required"` - AssumeRole *aws.DataIamPolicyDocument `validate:"required"` - PolicyAttachments []*aws.IamRolePolicyAttachment `validate:"required,dive,required"` + InstanceProfile *aws_iam_instance_profile.Resource `validate:"required"` + IAMRole *aws_iam_role.Resource `validate:"required"` + AssumeRole *aws_iam_policy_document.DataSource `validate:"required"` + PolicyAttachments []*aws_iam_role_policy_attachment.Resource `validate:"required,dive,required"` } func newInstanceProfile() InstanceProfile { - arPolicy := aws.NewDataIamPolicyDocument( - "eks_node", aws.DataIamPolicyDocumentArgs{ - Statement: []dataiampolicydocument.Statement{ + arPolicy := aws_iam_policy_document.Data( + "eks_node", aws_iam_policy_document.DataArgs{ + Statement: []aws_iam_policy_document.DataStatement{ { Sid: S("EKSNodeAssumeRole"), Effect: S("Allow"), Actions: terra.SetString("sts:AssumeRole"), - Principals: []dataiampolicydocument.Principals{ + Principals: []aws_iam_policy_document.DataStatementPrincipals{ { Type: S("Service"), Identifiers: terra.SetString( @@ -42,8 +44,8 @@ func newInstanceProfile() InstanceProfile { }, ) - iamRole := aws.NewIamRole( - "eks_node", aws.IamRoleArgs{ + iamRole := aws_iam_role.New( + "eks_node", aws_iam_role.Args{ Name: S("platypus-karpenter-node"), Description: S( "IAM Role for Karpenter's InstanceProfile to use when launching nodes", @@ -59,19 +61,22 @@ func newInstanceProfile() InstanceProfile { awsSSMManagedInstanceCore, } - policyAttachments := make([]*aws.IamRolePolicyAttachment, len(policies)) + policyAttachments := make( + []*aws_iam_role_policy_attachment.Resource, + len(policies), + ) for i, policy := range policies { - policyAttachments[i] = aws.NewIamRolePolicyAttachment( + policyAttachments[i] = aws_iam_role_policy_attachment.New( fmt.Sprintf("eks_node_attach_%s", policy), - aws.IamRolePolicyAttachmentArgs{ + aws_iam_role_policy_attachment.Args{ PolicyArn: S(awsPolicyARNPrefix + policy), Role: iamRole.Attributes().Name(), }, ) } - instanceProfile := aws.NewIamInstanceProfile( - KA.Name, aws.IamInstanceProfileArgs{ + instanceProfile := aws_iam_instance_profile.New( + KA.Name, aws_iam_instance_profile.Args{ Name: S("platypus-karpenter-instance-profile"), Role: iamRole.Attributes().Name(), }, diff --git a/docs/terraform/aws_test.go b/docs/terraform/aws_test.go index 6decbc4..538ec48 100644 --- a/docs/terraform/aws_test.go +++ b/docs/terraform/aws_test.go @@ -10,8 +10,10 @@ import ( tfjson "github.com/hashicorp/terraform-json" + aws "github.com/golingon/lingon/docs/terraform/out/aws" + "github.com/golingon/lingon/docs/terraform/out/aws/aws_subnet" + "github.com/golingon/lingon/docs/terraform/out/aws/aws_vpc" "github.com/golingon/lingon/pkg/terra" - aws "github.com/golingon/terraproviders/aws/4.60.0" ) func Example_awsProvider() { @@ -22,30 +24,26 @@ func Example_awsProvider() { // Initialise a stack with the AWS provider configuration _ = AWSStack{ - Provider: aws.NewProvider( - aws.ProviderArgs{ - Region: terra.String("eu-north-1"), - }, - ), + Provider: &aws.Provider{ + Region: terra.String("eu-north-1"), + }, } } func Example_awsVPC() { type AWSStack struct { terra.Stack - Provider *aws.Provider `validate:"required"` - VPC *aws.Vpc `validate:"required"` + Provider *aws.Provider `validate:"required"` + VPC *aws_vpc.Resource `validate:"required"` } // Initialise a stack with the AWS provider configuration stack := AWSStack{ - Provider: aws.NewProvider( - aws.ProviderArgs{ - Region: terra.String("eu-north-1"), - }, - ), - VPC: aws.NewVpc( - "vpc", aws.VpcArgs{ + Provider: &aws.Provider{ + Region: terra.String("eu-north-1"), + }, + VPC: aws_vpc.New( + "vpc", aws_vpc.Args{ CidrBlock: terra.String("10.0.0.0/16"), EnableDnsSupport: terra.Bool(true), }, @@ -64,7 +62,7 @@ func Example_awsVPC() { // required_providers { // aws = { // source = "hashicorp/aws" - // version = "4.60.0" + // version = "5.44.0" // } // } // } @@ -84,19 +82,19 @@ func Example_awsVPC() { func Example_awsVPCWithSubnet() { type AWSStack struct { terra.Stack - Provider *aws.Provider `validate:"required"` - VPC *aws.Vpc `validate:"required"` - Subnet *aws.Subnet `validate:"required"` + Provider *aws.Provider `validate:"required"` + VPC *aws_vpc.Resource `validate:"required"` + Subnet *aws_subnet.Resource `validate:"required"` } - vpc := aws.NewVpc( - "vpc", aws.VpcArgs{ + vpc := aws_vpc.New( + "vpc", aws_vpc.Args{ CidrBlock: terra.String("10.0.0.0/16"), EnableDnsSupport: terra.Bool(true), }, ) - subnet := aws.NewSubnet( - "subnet", aws.SubnetArgs{ + subnet := aws_subnet.New( + "subnet", aws_subnet.Args{ // Reference the VPC's ID, which will translate into a reference // in the Terraform configuration VpcId: vpc.Attributes().Id(), @@ -105,11 +103,9 @@ func Example_awsVPCWithSubnet() { // Initialise a stack with the AWS provider configuration stack := AWSStack{ - Provider: aws.NewProvider( - aws.ProviderArgs{ - Region: terra.String("eu-north-1"), - }, - ), + Provider: &aws.Provider{ + Region: terra.String("eu-north-1"), + }, VPC: vpc, Subnet: subnet, } @@ -126,7 +122,7 @@ func Example_awsVPCWithSubnet() { // required_providers { // aws = { // source = "hashicorp/aws" - // version = "4.60.0" + // version = "5.44.0" // } // } // } @@ -150,19 +146,17 @@ func Example_awsVPCWithSubnet() { func Example_awsVPCImportState() { type AWSStack struct { terra.Stack - Provider *aws.Provider `validate:"required"` - VPC *aws.Vpc `validate:"required"` + Provider *aws.Provider `validate:"required"` + VPC *aws_vpc.Resource `validate:"required"` } // Initialise a stack with the AWS provider configuration stack := AWSStack{ - Provider: aws.NewProvider( - aws.ProviderArgs{ - Region: terra.String("eu-north-1"), - }, - ), - VPC: aws.NewVpc( - "vpc", aws.VpcArgs{ + Provider: &aws.Provider{ + Region: terra.String("eu-north-1"), + }, + VPC: aws_vpc.New( + "vpc", aws_vpc.Args{ CidrBlock: terra.String("10.0.0.0/16"), EnableDnsSupport: terra.Bool(true), }, diff --git a/docs/terraform/generate.go b/docs/terraform/generate.go index fdd243c..7379192 100644 --- a/docs/terraform/generate.go +++ b/docs/terraform/generate.go @@ -3,5 +3,8 @@ package terraform +//go:generate echo "\n>>>> docs/terraform: generating hashicorp/aws terra provider\n" +//go:generate go run -mod=readonly github.com/golingon/lingon/cmd/terragen -out ./out/aws -pkg github.com/golingon/lingon/docs/terraform/out/aws -clean -provider aws=hashicorp/aws:5.44.0 + //go:generate echo "\n>>>> generating terraform readme\n" //go:generate go run github.com/dave/rebecca/cmd/becca@v0.9.2 -package=github.com/golingon/lingon/docs/terraform -input readme.md.tpl diff --git a/docs/terraform/localfile/localfile.go b/docs/terraform/localfile/localfile.go index 8b7bb06..8b23f4a 100644 --- a/docs/terraform/localfile/localfile.go +++ b/docs/terraform/localfile/localfile.go @@ -4,10 +4,11 @@ package localfile //go:generate echo "\n>>>> LOCALFILE: generating hashicorp/local terra provider\n" -//go:generate go run -mod=readonly github.com/golingon/lingon/cmd/terragen -out ./out/local -pkg github.com/golingon/lingon/examples/localfile/out/local -force -provider local=hashicorp/local:2.4.0 +//go:generate go run -mod=readonly github.com/golingon/lingon/cmd/terragen -out ./out/local -pkg github.com/golingon/lingon/examples/localfile/out/local -clean -provider local=hashicorp/local:2.4.0 import ( "github.com/golingon/lingon/docs/terraform/localfile/out/local" + "github.com/golingon/lingon/docs/terraform/localfile/out/local/local_file" "github.com/golingon/lingon/pkg/terra" ) @@ -19,9 +20,9 @@ func NewLocalFileStack(filename string) *LocalFileStack { Backend: LocalBackend{ Path: "terraform.tfstate", }, - Provider: local.NewProvider(local.ProviderArgs{}), - File: local.NewFile( - "file", local.FileArgs{ + Provider: &local.Provider{}, + File: local_file.New( + "file", local_file.Args{ Filename: terra.String(filename), Content: terra.String("contents"), }, @@ -32,9 +33,9 @@ func NewLocalFileStack(filename string) *LocalFileStack { type LocalFileStack struct { terra.Stack - Backend LocalBackend `validate:"required"` - Provider *local.Provider `validate:"required"` - File *local.File `validate:"required"` + Backend LocalBackend `validate:"required"` + Provider *local.Provider `validate:"required"` + File *local_file.Resource `validate:"required"` } var _ terra.Backend = (*LocalBackend)(nil) diff --git a/docs/terraform/localfile/out/local/data_file.go b/docs/terraform/localfile/out/local/data_file.go deleted file mode 100644 index 5c4076b..0000000 --- a/docs/terraform/localfile/out/local/data_file.go +++ /dev/null @@ -1,100 +0,0 @@ -// CODE GENERATED BY github.com/golingon/lingon. DO NOT EDIT. - -package local - -import "github.com/golingon/lingon/pkg/terra" - -// NewDataFile creates a new instance of [DataFile]. -func NewDataFile(name string, args DataFileArgs) *DataFile { - return &DataFile{ - Args: args, - Name: name, - } -} - -var _ terra.DataResource = (*DataFile)(nil) - -// DataFile represents the Terraform data resource local_file. -type DataFile struct { - Name string - Args DataFileArgs -} - -// DataSource returns the Terraform object type for [DataFile]. -func (f *DataFile) DataSource() string { - return "local_file" -} - -// LocalName returns the local name for [DataFile]. -func (f *DataFile) LocalName() string { - return f.Name -} - -// Configuration returns the configuration (args) for [DataFile]. -func (f *DataFile) Configuration() interface{} { - return f.Args -} - -// Attributes returns the attributes for [DataFile]. -func (f *DataFile) Attributes() dataFileAttributes { - return dataFileAttributes{ref: terra.ReferenceDataResource(f)} -} - -// DataFileArgs contains the configurations for local_file. -type DataFileArgs struct { - // Filename: string, required - Filename terra.StringValue `hcl:"filename,attr" validate:"required"` -} -type dataFileAttributes struct { - ref terra.Reference -} - -// Content returns a reference to field content of local_file. -func (f dataFileAttributes) Content() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content")) -} - -// ContentBase64 returns a reference to field content_base64 of local_file. -func (f dataFileAttributes) ContentBase64() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_base64")) -} - -// ContentBase64Sha256 returns a reference to field content_base64sha256 of local_file. -func (f dataFileAttributes) ContentBase64Sha256() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_base64sha256")) -} - -// ContentBase64Sha512 returns a reference to field content_base64sha512 of local_file. -func (f dataFileAttributes) ContentBase64Sha512() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_base64sha512")) -} - -// ContentMd5 returns a reference to field content_md5 of local_file. -func (f dataFileAttributes) ContentMd5() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_md5")) -} - -// ContentSha1 returns a reference to field content_sha1 of local_file. -func (f dataFileAttributes) ContentSha1() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_sha1")) -} - -// ContentSha256 returns a reference to field content_sha256 of local_file. -func (f dataFileAttributes) ContentSha256() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_sha256")) -} - -// ContentSha512 returns a reference to field content_sha512 of local_file. -func (f dataFileAttributes) ContentSha512() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_sha512")) -} - -// Filename returns a reference to field filename of local_file. -func (f dataFileAttributes) Filename() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("filename")) -} - -// Id returns a reference to field id of local_file. -func (f dataFileAttributes) Id() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("id")) -} diff --git a/docs/terraform/localfile/out/local/data_sensitive_file.go b/docs/terraform/localfile/out/local/data_sensitive_file.go deleted file mode 100644 index c4d7bbd..0000000 --- a/docs/terraform/localfile/out/local/data_sensitive_file.go +++ /dev/null @@ -1,100 +0,0 @@ -// CODE GENERATED BY github.com/golingon/lingon. DO NOT EDIT. - -package local - -import "github.com/golingon/lingon/pkg/terra" - -// NewDataSensitiveFile creates a new instance of [DataSensitiveFile]. -func NewDataSensitiveFile(name string, args DataSensitiveFileArgs) *DataSensitiveFile { - return &DataSensitiveFile{ - Args: args, - Name: name, - } -} - -var _ terra.DataResource = (*DataSensitiveFile)(nil) - -// DataSensitiveFile represents the Terraform data resource local_sensitive_file. -type DataSensitiveFile struct { - Name string - Args DataSensitiveFileArgs -} - -// DataSource returns the Terraform object type for [DataSensitiveFile]. -func (sf *DataSensitiveFile) DataSource() string { - return "local_sensitive_file" -} - -// LocalName returns the local name for [DataSensitiveFile]. -func (sf *DataSensitiveFile) LocalName() string { - return sf.Name -} - -// Configuration returns the configuration (args) for [DataSensitiveFile]. -func (sf *DataSensitiveFile) Configuration() interface{} { - return sf.Args -} - -// Attributes returns the attributes for [DataSensitiveFile]. -func (sf *DataSensitiveFile) Attributes() dataSensitiveFileAttributes { - return dataSensitiveFileAttributes{ref: terra.ReferenceDataResource(sf)} -} - -// DataSensitiveFileArgs contains the configurations for local_sensitive_file. -type DataSensitiveFileArgs struct { - // Filename: string, required - Filename terra.StringValue `hcl:"filename,attr" validate:"required"` -} -type dataSensitiveFileAttributes struct { - ref terra.Reference -} - -// Content returns a reference to field content of local_sensitive_file. -func (sf dataSensitiveFileAttributes) Content() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content")) -} - -// ContentBase64 returns a reference to field content_base64 of local_sensitive_file. -func (sf dataSensitiveFileAttributes) ContentBase64() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_base64")) -} - -// ContentBase64Sha256 returns a reference to field content_base64sha256 of local_sensitive_file. -func (sf dataSensitiveFileAttributes) ContentBase64Sha256() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_base64sha256")) -} - -// ContentBase64Sha512 returns a reference to field content_base64sha512 of local_sensitive_file. -func (sf dataSensitiveFileAttributes) ContentBase64Sha512() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_base64sha512")) -} - -// ContentMd5 returns a reference to field content_md5 of local_sensitive_file. -func (sf dataSensitiveFileAttributes) ContentMd5() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_md5")) -} - -// ContentSha1 returns a reference to field content_sha1 of local_sensitive_file. -func (sf dataSensitiveFileAttributes) ContentSha1() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_sha1")) -} - -// ContentSha256 returns a reference to field content_sha256 of local_sensitive_file. -func (sf dataSensitiveFileAttributes) ContentSha256() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_sha256")) -} - -// ContentSha512 returns a reference to field content_sha512 of local_sensitive_file. -func (sf dataSensitiveFileAttributes) ContentSha512() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_sha512")) -} - -// Filename returns a reference to field filename of local_sensitive_file. -func (sf dataSensitiveFileAttributes) Filename() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("filename")) -} - -// Id returns a reference to field id of local_sensitive_file. -func (sf dataSensitiveFileAttributes) Id() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("id")) -} diff --git a/docs/terraform/localfile/out/local/file.go b/docs/terraform/localfile/out/local/file.go deleted file mode 100644 index a0cf436..0000000 --- a/docs/terraform/localfile/out/local/file.go +++ /dev/null @@ -1,195 +0,0 @@ -// CODE GENERATED BY github.com/golingon/lingon. DO NOT EDIT. - -package local - -import ( - "encoding/json" - "fmt" - "io" - - "github.com/golingon/lingon/pkg/terra" -) - -// NewFile creates a new instance of [File]. -func NewFile(name string, args FileArgs) *File { - return &File{ - Args: args, - Name: name, - } -} - -var _ terra.Resource = (*File)(nil) - -// File represents the Terraform resource local_file. -type File struct { - Name string - Args FileArgs - state *fileState - DependsOn terra.Dependencies - Lifecycle *terra.Lifecycle -} - -// Type returns the Terraform object type for [File]. -func (f *File) Type() string { - return "local_file" -} - -// LocalName returns the local name for [File]. -func (f *File) LocalName() string { - return f.Name -} - -// Configuration returns the configuration (args) for [File]. -func (f *File) Configuration() interface{} { - return f.Args -} - -// DependOn is used for other resources to depend on [File]. -func (f *File) DependOn() terra.Reference { - return terra.ReferenceResource(f) -} - -// Dependencies returns the list of resources [File] depends_on. -func (f *File) Dependencies() terra.Dependencies { - return f.DependsOn -} - -// LifecycleManagement returns the lifecycle block for [File]. -func (f *File) LifecycleManagement() *terra.Lifecycle { - return f.Lifecycle -} - -// Attributes returns the attributes for [File]. -func (f *File) Attributes() fileAttributes { - return fileAttributes{ref: terra.ReferenceResource(f)} -} - -// ImportState imports the given attribute values into [File]'s state. -func (f *File) ImportState(av io.Reader) error { - f.state = &fileState{} - if err := json.NewDecoder(av).Decode(f.state); err != nil { - return fmt.Errorf("decoding state into resource %s.%s: %w", f.Type(), f.LocalName(), err) - } - return nil -} - -// State returns the state and a bool indicating if [File] has state. -func (f *File) State() (*fileState, bool) { - return f.state, f.state != nil -} - -// StateMust returns the state for [File]. Panics if the state is nil. -func (f *File) StateMust() *fileState { - if f.state == nil { - panic(fmt.Sprintf("state is nil for resource %s.%s", f.Type(), f.LocalName())) - } - return f.state -} - -// FileArgs contains the configurations for local_file. -type FileArgs struct { - // Content: string, optional - Content terra.StringValue `hcl:"content,attr"` - // ContentBase64: string, optional - ContentBase64 terra.StringValue `hcl:"content_base64,attr"` - // DirectoryPermission: string, optional - DirectoryPermission terra.StringValue `hcl:"directory_permission,attr"` - // FilePermission: string, optional - FilePermission terra.StringValue `hcl:"file_permission,attr"` - // Filename: string, required - Filename terra.StringValue `hcl:"filename,attr" validate:"required"` - // SensitiveContent: string, optional - SensitiveContent terra.StringValue `hcl:"sensitive_content,attr"` - // Source: string, optional - Source terra.StringValue `hcl:"source,attr"` -} -type fileAttributes struct { - ref terra.Reference -} - -// Content returns a reference to field content of local_file. -func (f fileAttributes) Content() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content")) -} - -// ContentBase64 returns a reference to field content_base64 of local_file. -func (f fileAttributes) ContentBase64() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_base64")) -} - -// ContentBase64Sha256 returns a reference to field content_base64sha256 of local_file. -func (f fileAttributes) ContentBase64Sha256() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_base64sha256")) -} - -// ContentBase64Sha512 returns a reference to field content_base64sha512 of local_file. -func (f fileAttributes) ContentBase64Sha512() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_base64sha512")) -} - -// ContentMd5 returns a reference to field content_md5 of local_file. -func (f fileAttributes) ContentMd5() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_md5")) -} - -// ContentSha1 returns a reference to field content_sha1 of local_file. -func (f fileAttributes) ContentSha1() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_sha1")) -} - -// ContentSha256 returns a reference to field content_sha256 of local_file. -func (f fileAttributes) ContentSha256() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_sha256")) -} - -// ContentSha512 returns a reference to field content_sha512 of local_file. -func (f fileAttributes) ContentSha512() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("content_sha512")) -} - -// DirectoryPermission returns a reference to field directory_permission of local_file. -func (f fileAttributes) DirectoryPermission() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("directory_permission")) -} - -// FilePermission returns a reference to field file_permission of local_file. -func (f fileAttributes) FilePermission() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("file_permission")) -} - -// Filename returns a reference to field filename of local_file. -func (f fileAttributes) Filename() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("filename")) -} - -// Id returns a reference to field id of local_file. -func (f fileAttributes) Id() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("id")) -} - -// SensitiveContent returns a reference to field sensitive_content of local_file. -func (f fileAttributes) SensitiveContent() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("sensitive_content")) -} - -// Source returns a reference to field source of local_file. -func (f fileAttributes) Source() terra.StringValue { - return terra.ReferenceAsString(f.ref.Append("source")) -} - -type fileState struct { - Content string `json:"content"` - ContentBase64 string `json:"content_base64"` - ContentBase64Sha256 string `json:"content_base64sha256"` - ContentBase64Sha512 string `json:"content_base64sha512"` - ContentMd5 string `json:"content_md5"` - ContentSha1 string `json:"content_sha1"` - ContentSha256 string `json:"content_sha256"` - ContentSha512 string `json:"content_sha512"` - DirectoryPermission string `json:"directory_permission"` - FilePermission string `json:"file_permission"` - Filename string `json:"filename"` - Id string `json:"id"` - SensitiveContent string `json:"sensitive_content"` - Source string `json:"source"` -} diff --git a/docs/terraform/localfile/out/local/local_file/data_local_file.go b/docs/terraform/localfile/out/local/local_file/data_local_file.go new file mode 100644 index 0000000..e7c63e9 --- /dev/null +++ b/docs/terraform/localfile/out/local/local_file/data_local_file.go @@ -0,0 +1,101 @@ +// CODE GENERATED BY github.com/golingon/lingon. DO NOT EDIT. + +package local_file + +import "github.com/golingon/lingon/pkg/terra" + +// Data creates a new instance of [DataSource]. +func Data(name string, args DataArgs) *DataSource { + return &DataSource{ + Args: args, + Name: name, + } +} + +var _ terra.DataResource = (*DataSource)(nil) + +// DataSource represents the Terraform data resource local_file. +type DataSource struct { + Name string + Args DataArgs +} + +// DataSource returns the Terraform object type for [DataSource]. +func (lf *DataSource) DataSource() string { + return "local_file" +} + +// LocalName returns the local name for [DataSource]. +func (lf *DataSource) LocalName() string { + return lf.Name +} + +// Configuration returns the configuration (args) for [DataSource]. +func (lf *DataSource) Configuration() interface{} { + return lf.Args +} + +// Attributes returns the attributes for [DataSource]. +func (lf *DataSource) Attributes() dataLocalFileAttributes { + return dataLocalFileAttributes{ref: terra.ReferenceDataResource(lf)} +} + +// DataArgs contains the configurations for local_file. +type DataArgs struct { + // Filename: string, required + Filename terra.StringValue `hcl:"filename,attr" validate:"required"` +} + +type dataLocalFileAttributes struct { + ref terra.Reference +} + +// Content returns a reference to field content of local_file. +func (lf dataLocalFileAttributes) Content() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content")) +} + +// ContentBase64 returns a reference to field content_base64 of local_file. +func (lf dataLocalFileAttributes) ContentBase64() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_base64")) +} + +// ContentBase64Sha256 returns a reference to field content_base64sha256 of local_file. +func (lf dataLocalFileAttributes) ContentBase64Sha256() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_base64sha256")) +} + +// ContentBase64Sha512 returns a reference to field content_base64sha512 of local_file. +func (lf dataLocalFileAttributes) ContentBase64Sha512() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_base64sha512")) +} + +// ContentMd5 returns a reference to field content_md5 of local_file. +func (lf dataLocalFileAttributes) ContentMd5() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_md5")) +} + +// ContentSha1 returns a reference to field content_sha1 of local_file. +func (lf dataLocalFileAttributes) ContentSha1() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_sha1")) +} + +// ContentSha256 returns a reference to field content_sha256 of local_file. +func (lf dataLocalFileAttributes) ContentSha256() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_sha256")) +} + +// ContentSha512 returns a reference to field content_sha512 of local_file. +func (lf dataLocalFileAttributes) ContentSha512() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_sha512")) +} + +// Filename returns a reference to field filename of local_file. +func (lf dataLocalFileAttributes) Filename() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("filename")) +} + +// Id returns a reference to field id of local_file. +func (lf dataLocalFileAttributes) Id() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("id")) +} diff --git a/docs/terraform/localfile/out/local/local_file/local_file.go b/docs/terraform/localfile/out/local/local_file/local_file.go new file mode 100644 index 0000000..b35fee1 --- /dev/null +++ b/docs/terraform/localfile/out/local/local_file/local_file.go @@ -0,0 +1,195 @@ +// CODE GENERATED BY github.com/golingon/lingon. DO NOT EDIT. + +package local_file + +import ( + "encoding/json" + "fmt" + "github.com/golingon/lingon/pkg/terra" + "io" +) + +// New creates a new instance of [Resource]. +func New(name string, args Args) *Resource { + return &Resource{ + Args: args, + Name: name, + } +} + +var _ terra.Resource = (*Resource)(nil) + +// Resource represents the Terraform resource local_file. +type Resource struct { + Name string + Args Args + state *localFileState + DependsOn terra.Dependencies + Lifecycle *terra.Lifecycle +} + +// Type returns the Terraform object type for [Resource]. +func (lf *Resource) Type() string { + return "local_file" +} + +// LocalName returns the local name for [Resource]. +func (lf *Resource) LocalName() string { + return lf.Name +} + +// Configuration returns the configuration (args) for [Resource]. +func (lf *Resource) Configuration() interface{} { + return lf.Args +} + +// DependOn is used for other resources to depend on [Resource]. +func (lf *Resource) DependOn() terra.Reference { + return terra.ReferenceResource(lf) +} + +// Dependencies returns the list of resources [Resource] depends_on. +func (lf *Resource) Dependencies() terra.Dependencies { + return lf.DependsOn +} + +// LifecycleManagement returns the lifecycle block for [Resource]. +func (lf *Resource) LifecycleManagement() *terra.Lifecycle { + return lf.Lifecycle +} + +// Attributes returns the attributes for [Resource]. +func (lf *Resource) Attributes() localFileAttributes { + return localFileAttributes{ref: terra.ReferenceResource(lf)} +} + +// ImportState imports the given attribute values into [Resource]'s state. +func (lf *Resource) ImportState(state io.Reader) error { + lf.state = &localFileState{} + if err := json.NewDecoder(state).Decode(lf.state); err != nil { + return fmt.Errorf("decoding state into resource %s.%s: %w", lf.Type(), lf.LocalName(), err) + } + return nil +} + +// State returns the state and a bool indicating if [Resource] has state. +func (lf *Resource) State() (*localFileState, bool) { + return lf.state, lf.state != nil +} + +// StateMust returns the state for [Resource]. Panics if the state is nil. +func (lf *Resource) StateMust() *localFileState { + if lf.state == nil { + panic(fmt.Sprintf("state is nil for resource %s.%s", lf.Type(), lf.LocalName())) + } + return lf.state +} + +// Args contains the configurations for local_file. +type Args struct { + // Content: string, optional + Content terra.StringValue `hcl:"content,attr"` + // ContentBase64: string, optional + ContentBase64 terra.StringValue `hcl:"content_base64,attr"` + // DirectoryPermission: string, optional + DirectoryPermission terra.StringValue `hcl:"directory_permission,attr"` + // FilePermission: string, optional + FilePermission terra.StringValue `hcl:"file_permission,attr"` + // Filename: string, required + Filename terra.StringValue `hcl:"filename,attr" validate:"required"` + // SensitiveContent: string, optional + SensitiveContent terra.StringValue `hcl:"sensitive_content,attr"` + // Source: string, optional + Source terra.StringValue `hcl:"source,attr"` +} + +type localFileAttributes struct { + ref terra.Reference +} + +// Content returns a reference to field content of local_file. +func (lf localFileAttributes) Content() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content")) +} + +// ContentBase64 returns a reference to field content_base64 of local_file. +func (lf localFileAttributes) ContentBase64() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_base64")) +} + +// ContentBase64Sha256 returns a reference to field content_base64sha256 of local_file. +func (lf localFileAttributes) ContentBase64Sha256() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_base64sha256")) +} + +// ContentBase64Sha512 returns a reference to field content_base64sha512 of local_file. +func (lf localFileAttributes) ContentBase64Sha512() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_base64sha512")) +} + +// ContentMd5 returns a reference to field content_md5 of local_file. +func (lf localFileAttributes) ContentMd5() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_md5")) +} + +// ContentSha1 returns a reference to field content_sha1 of local_file. +func (lf localFileAttributes) ContentSha1() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_sha1")) +} + +// ContentSha256 returns a reference to field content_sha256 of local_file. +func (lf localFileAttributes) ContentSha256() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_sha256")) +} + +// ContentSha512 returns a reference to field content_sha512 of local_file. +func (lf localFileAttributes) ContentSha512() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("content_sha512")) +} + +// DirectoryPermission returns a reference to field directory_permission of local_file. +func (lf localFileAttributes) DirectoryPermission() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("directory_permission")) +} + +// FilePermission returns a reference to field file_permission of local_file. +func (lf localFileAttributes) FilePermission() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("file_permission")) +} + +// Filename returns a reference to field filename of local_file. +func (lf localFileAttributes) Filename() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("filename")) +} + +// Id returns a reference to field id of local_file. +func (lf localFileAttributes) Id() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("id")) +} + +// SensitiveContent returns a reference to field sensitive_content of local_file. +func (lf localFileAttributes) SensitiveContent() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("sensitive_content")) +} + +// Source returns a reference to field source of local_file. +func (lf localFileAttributes) Source() terra.StringValue { + return terra.ReferenceAsString(lf.ref.Append("source")) +} + +type localFileState struct { + Content string `json:"content"` + ContentBase64 string `json:"content_base64"` + ContentBase64Sha256 string `json:"content_base64sha256"` + ContentBase64Sha512 string `json:"content_base64sha512"` + ContentMd5 string `json:"content_md5"` + ContentSha1 string `json:"content_sha1"` + ContentSha256 string `json:"content_sha256"` + ContentSha512 string `json:"content_sha512"` + DirectoryPermission string `json:"directory_permission"` + FilePermission string `json:"file_permission"` + Filename string `json:"filename"` + Id string `json:"id"` + SensitiveContent string `json:"sensitive_content"` + Source string `json:"source"` +} diff --git a/docs/terraform/localfile/out/local/local_sensitive_file/data_local_sensitive_file.go b/docs/terraform/localfile/out/local/local_sensitive_file/data_local_sensitive_file.go new file mode 100644 index 0000000..d7af6eb --- /dev/null +++ b/docs/terraform/localfile/out/local/local_sensitive_file/data_local_sensitive_file.go @@ -0,0 +1,101 @@ +// CODE GENERATED BY github.com/golingon/lingon. DO NOT EDIT. + +package local_sensitive_file + +import "github.com/golingon/lingon/pkg/terra" + +// Data creates a new instance of [DataSource]. +func Data(name string, args DataArgs) *DataSource { + return &DataSource{ + Args: args, + Name: name, + } +} + +var _ terra.DataResource = (*DataSource)(nil) + +// DataSource represents the Terraform data resource local_sensitive_file. +type DataSource struct { + Name string + Args DataArgs +} + +// DataSource returns the Terraform object type for [DataSource]. +func (lsf *DataSource) DataSource() string { + return "local_sensitive_file" +} + +// LocalName returns the local name for [DataSource]. +func (lsf *DataSource) LocalName() string { + return lsf.Name +} + +// Configuration returns the configuration (args) for [DataSource]. +func (lsf *DataSource) Configuration() interface{} { + return lsf.Args +} + +// Attributes returns the attributes for [DataSource]. +func (lsf *DataSource) Attributes() dataLocalSensitiveFileAttributes { + return dataLocalSensitiveFileAttributes{ref: terra.ReferenceDataResource(lsf)} +} + +// DataArgs contains the configurations for local_sensitive_file. +type DataArgs struct { + // Filename: string, required + Filename terra.StringValue `hcl:"filename,attr" validate:"required"` +} + +type dataLocalSensitiveFileAttributes struct { + ref terra.Reference +} + +// Content returns a reference to field content of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) Content() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content")) +} + +// ContentBase64 returns a reference to field content_base64 of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) ContentBase64() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_base64")) +} + +// ContentBase64Sha256 returns a reference to field content_base64sha256 of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) ContentBase64Sha256() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_base64sha256")) +} + +// ContentBase64Sha512 returns a reference to field content_base64sha512 of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) ContentBase64Sha512() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_base64sha512")) +} + +// ContentMd5 returns a reference to field content_md5 of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) ContentMd5() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_md5")) +} + +// ContentSha1 returns a reference to field content_sha1 of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) ContentSha1() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_sha1")) +} + +// ContentSha256 returns a reference to field content_sha256 of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) ContentSha256() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_sha256")) +} + +// ContentSha512 returns a reference to field content_sha512 of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) ContentSha512() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_sha512")) +} + +// Filename returns a reference to field filename of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) Filename() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("filename")) +} + +// Id returns a reference to field id of local_sensitive_file. +func (lsf dataLocalSensitiveFileAttributes) Id() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("id")) +} diff --git a/docs/terraform/localfile/out/local/local_sensitive_file/local_sensitive_file.go b/docs/terraform/localfile/out/local/local_sensitive_file/local_sensitive_file.go new file mode 100644 index 0000000..c780c5c --- /dev/null +++ b/docs/terraform/localfile/out/local/local_sensitive_file/local_sensitive_file.go @@ -0,0 +1,187 @@ +// CODE GENERATED BY github.com/golingon/lingon. DO NOT EDIT. + +package local_sensitive_file + +import ( + "encoding/json" + "fmt" + "github.com/golingon/lingon/pkg/terra" + "io" +) + +// New creates a new instance of [Resource]. +func New(name string, args Args) *Resource { + return &Resource{ + Args: args, + Name: name, + } +} + +var _ terra.Resource = (*Resource)(nil) + +// Resource represents the Terraform resource local_sensitive_file. +type Resource struct { + Name string + Args Args + state *localSensitiveFileState + DependsOn terra.Dependencies + Lifecycle *terra.Lifecycle +} + +// Type returns the Terraform object type for [Resource]. +func (lsf *Resource) Type() string { + return "local_sensitive_file" +} + +// LocalName returns the local name for [Resource]. +func (lsf *Resource) LocalName() string { + return lsf.Name +} + +// Configuration returns the configuration (args) for [Resource]. +func (lsf *Resource) Configuration() interface{} { + return lsf.Args +} + +// DependOn is used for other resources to depend on [Resource]. +func (lsf *Resource) DependOn() terra.Reference { + return terra.ReferenceResource(lsf) +} + +// Dependencies returns the list of resources [Resource] depends_on. +func (lsf *Resource) Dependencies() terra.Dependencies { + return lsf.DependsOn +} + +// LifecycleManagement returns the lifecycle block for [Resource]. +func (lsf *Resource) LifecycleManagement() *terra.Lifecycle { + return lsf.Lifecycle +} + +// Attributes returns the attributes for [Resource]. +func (lsf *Resource) Attributes() localSensitiveFileAttributes { + return localSensitiveFileAttributes{ref: terra.ReferenceResource(lsf)} +} + +// ImportState imports the given attribute values into [Resource]'s state. +func (lsf *Resource) ImportState(state io.Reader) error { + lsf.state = &localSensitiveFileState{} + if err := json.NewDecoder(state).Decode(lsf.state); err != nil { + return fmt.Errorf("decoding state into resource %s.%s: %w", lsf.Type(), lsf.LocalName(), err) + } + return nil +} + +// State returns the state and a bool indicating if [Resource] has state. +func (lsf *Resource) State() (*localSensitiveFileState, bool) { + return lsf.state, lsf.state != nil +} + +// StateMust returns the state for [Resource]. Panics if the state is nil. +func (lsf *Resource) StateMust() *localSensitiveFileState { + if lsf.state == nil { + panic(fmt.Sprintf("state is nil for resource %s.%s", lsf.Type(), lsf.LocalName())) + } + return lsf.state +} + +// Args contains the configurations for local_sensitive_file. +type Args struct { + // Content: string, optional + Content terra.StringValue `hcl:"content,attr"` + // ContentBase64: string, optional + ContentBase64 terra.StringValue `hcl:"content_base64,attr"` + // DirectoryPermission: string, optional + DirectoryPermission terra.StringValue `hcl:"directory_permission,attr"` + // FilePermission: string, optional + FilePermission terra.StringValue `hcl:"file_permission,attr"` + // Filename: string, required + Filename terra.StringValue `hcl:"filename,attr" validate:"required"` + // Source: string, optional + Source terra.StringValue `hcl:"source,attr"` +} + +type localSensitiveFileAttributes struct { + ref terra.Reference +} + +// Content returns a reference to field content of local_sensitive_file. +func (lsf localSensitiveFileAttributes) Content() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content")) +} + +// ContentBase64 returns a reference to field content_base64 of local_sensitive_file. +func (lsf localSensitiveFileAttributes) ContentBase64() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_base64")) +} + +// ContentBase64Sha256 returns a reference to field content_base64sha256 of local_sensitive_file. +func (lsf localSensitiveFileAttributes) ContentBase64Sha256() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_base64sha256")) +} + +// ContentBase64Sha512 returns a reference to field content_base64sha512 of local_sensitive_file. +func (lsf localSensitiveFileAttributes) ContentBase64Sha512() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_base64sha512")) +} + +// ContentMd5 returns a reference to field content_md5 of local_sensitive_file. +func (lsf localSensitiveFileAttributes) ContentMd5() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_md5")) +} + +// ContentSha1 returns a reference to field content_sha1 of local_sensitive_file. +func (lsf localSensitiveFileAttributes) ContentSha1() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_sha1")) +} + +// ContentSha256 returns a reference to field content_sha256 of local_sensitive_file. +func (lsf localSensitiveFileAttributes) ContentSha256() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_sha256")) +} + +// ContentSha512 returns a reference to field content_sha512 of local_sensitive_file. +func (lsf localSensitiveFileAttributes) ContentSha512() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("content_sha512")) +} + +// DirectoryPermission returns a reference to field directory_permission of local_sensitive_file. +func (lsf localSensitiveFileAttributes) DirectoryPermission() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("directory_permission")) +} + +// FilePermission returns a reference to field file_permission of local_sensitive_file. +func (lsf localSensitiveFileAttributes) FilePermission() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("file_permission")) +} + +// Filename returns a reference to field filename of local_sensitive_file. +func (lsf localSensitiveFileAttributes) Filename() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("filename")) +} + +// Id returns a reference to field id of local_sensitive_file. +func (lsf localSensitiveFileAttributes) Id() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("id")) +} + +// Source returns a reference to field source of local_sensitive_file. +func (lsf localSensitiveFileAttributes) Source() terra.StringValue { + return terra.ReferenceAsString(lsf.ref.Append("source")) +} + +type localSensitiveFileState struct { + Content string `json:"content"` + ContentBase64 string `json:"content_base64"` + ContentBase64Sha256 string `json:"content_base64sha256"` + ContentBase64Sha512 string `json:"content_base64sha512"` + ContentMd5 string `json:"content_md5"` + ContentSha1 string `json:"content_sha1"` + ContentSha256 string `json:"content_sha256"` + ContentSha512 string `json:"content_sha512"` + DirectoryPermission string `json:"directory_permission"` + FilePermission string `json:"file_permission"` + Filename string `json:"filename"` + Id string `json:"id"` + Source string `json:"source"` +} diff --git a/docs/terraform/localfile/out/local/provider.go b/docs/terraform/localfile/out/local/provider.go index 2d8342e..33121ac 100644 --- a/docs/terraform/localfile/out/local/provider.go +++ b/docs/terraform/localfile/out/local/provider.go @@ -4,15 +4,10 @@ package local import "github.com/golingon/lingon/pkg/terra" -func NewProvider(args ProviderArgs) *Provider { - return &Provider{Args: args} -} - var _ terra.Provider = (*Provider)(nil) -type Provider struct { - Args ProviderArgs -} +// Provider contains the configurations for provider. +type Provider struct{} // LocalName returns the provider local name for [Provider]. func (p *Provider) LocalName() string { @@ -29,10 +24,7 @@ func (p *Provider) Version() string { return "2.4.0" } -// Configuration returns the configuration (args) for [Provider]. +// Configuration returns the provider configuration for [Provider]. func (p *Provider) Configuration() interface{} { - return p.Args + return p } - -// ProviderArgs contains the configurations for provider. -type ProviderArgs struct{} diff --git a/docs/terraform/localfile/out/local/sensitive_file.go b/docs/terraform/localfile/out/local/sensitive_file.go deleted file mode 100644 index bd7058b..0000000 --- a/docs/terraform/localfile/out/local/sensitive_file.go +++ /dev/null @@ -1,187 +0,0 @@ -// CODE GENERATED BY github.com/golingon/lingon. DO NOT EDIT. - -package local - -import ( - "encoding/json" - "fmt" - "io" - - "github.com/golingon/lingon/pkg/terra" -) - -// NewSensitiveFile creates a new instance of [SensitiveFile]. -func NewSensitiveFile(name string, args SensitiveFileArgs) *SensitiveFile { - return &SensitiveFile{ - Args: args, - Name: name, - } -} - -var _ terra.Resource = (*SensitiveFile)(nil) - -// SensitiveFile represents the Terraform resource local_sensitive_file. -type SensitiveFile struct { - Name string - Args SensitiveFileArgs - state *sensitiveFileState - DependsOn terra.Dependencies - Lifecycle *terra.Lifecycle -} - -// Type returns the Terraform object type for [SensitiveFile]. -func (sf *SensitiveFile) Type() string { - return "local_sensitive_file" -} - -// LocalName returns the local name for [SensitiveFile]. -func (sf *SensitiveFile) LocalName() string { - return sf.Name -} - -// Configuration returns the configuration (args) for [SensitiveFile]. -func (sf *SensitiveFile) Configuration() interface{} { - return sf.Args -} - -// DependOn is used for other resources to depend on [SensitiveFile]. -func (sf *SensitiveFile) DependOn() terra.Reference { - return terra.ReferenceResource(sf) -} - -// Dependencies returns the list of resources [SensitiveFile] depends_on. -func (sf *SensitiveFile) Dependencies() terra.Dependencies { - return sf.DependsOn -} - -// LifecycleManagement returns the lifecycle block for [SensitiveFile]. -func (sf *SensitiveFile) LifecycleManagement() *terra.Lifecycle { - return sf.Lifecycle -} - -// Attributes returns the attributes for [SensitiveFile]. -func (sf *SensitiveFile) Attributes() sensitiveFileAttributes { - return sensitiveFileAttributes{ref: terra.ReferenceResource(sf)} -} - -// ImportState imports the given attribute values into [SensitiveFile]'s state. -func (sf *SensitiveFile) ImportState(av io.Reader) error { - sf.state = &sensitiveFileState{} - if err := json.NewDecoder(av).Decode(sf.state); err != nil { - return fmt.Errorf("decoding state into resource %s.%s: %w", sf.Type(), sf.LocalName(), err) - } - return nil -} - -// State returns the state and a bool indicating if [SensitiveFile] has state. -func (sf *SensitiveFile) State() (*sensitiveFileState, bool) { - return sf.state, sf.state != nil -} - -// StateMust returns the state for [SensitiveFile]. Panics if the state is nil. -func (sf *SensitiveFile) StateMust() *sensitiveFileState { - if sf.state == nil { - panic(fmt.Sprintf("state is nil for resource %s.%s", sf.Type(), sf.LocalName())) - } - return sf.state -} - -// SensitiveFileArgs contains the configurations for local_sensitive_file. -type SensitiveFileArgs struct { - // Content: string, optional - Content terra.StringValue `hcl:"content,attr"` - // ContentBase64: string, optional - ContentBase64 terra.StringValue `hcl:"content_base64,attr"` - // DirectoryPermission: string, optional - DirectoryPermission terra.StringValue `hcl:"directory_permission,attr"` - // FilePermission: string, optional - FilePermission terra.StringValue `hcl:"file_permission,attr"` - // Filename: string, required - Filename terra.StringValue `hcl:"filename,attr" validate:"required"` - // Source: string, optional - Source terra.StringValue `hcl:"source,attr"` -} -type sensitiveFileAttributes struct { - ref terra.Reference -} - -// Content returns a reference to field content of local_sensitive_file. -func (sf sensitiveFileAttributes) Content() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content")) -} - -// ContentBase64 returns a reference to field content_base64 of local_sensitive_file. -func (sf sensitiveFileAttributes) ContentBase64() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_base64")) -} - -// ContentBase64Sha256 returns a reference to field content_base64sha256 of local_sensitive_file. -func (sf sensitiveFileAttributes) ContentBase64Sha256() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_base64sha256")) -} - -// ContentBase64Sha512 returns a reference to field content_base64sha512 of local_sensitive_file. -func (sf sensitiveFileAttributes) ContentBase64Sha512() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_base64sha512")) -} - -// ContentMd5 returns a reference to field content_md5 of local_sensitive_file. -func (sf sensitiveFileAttributes) ContentMd5() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_md5")) -} - -// ContentSha1 returns a reference to field content_sha1 of local_sensitive_file. -func (sf sensitiveFileAttributes) ContentSha1() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_sha1")) -} - -// ContentSha256 returns a reference to field content_sha256 of local_sensitive_file. -func (sf sensitiveFileAttributes) ContentSha256() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_sha256")) -} - -// ContentSha512 returns a reference to field content_sha512 of local_sensitive_file. -func (sf sensitiveFileAttributes) ContentSha512() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("content_sha512")) -} - -// DirectoryPermission returns a reference to field directory_permission of local_sensitive_file. -func (sf sensitiveFileAttributes) DirectoryPermission() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("directory_permission")) -} - -// FilePermission returns a reference to field file_permission of local_sensitive_file. -func (sf sensitiveFileAttributes) FilePermission() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("file_permission")) -} - -// Filename returns a reference to field filename of local_sensitive_file. -func (sf sensitiveFileAttributes) Filename() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("filename")) -} - -// Id returns a reference to field id of local_sensitive_file. -func (sf sensitiveFileAttributes) Id() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("id")) -} - -// Source returns a reference to field source of local_sensitive_file. -func (sf sensitiveFileAttributes) Source() terra.StringValue { - return terra.ReferenceAsString(sf.ref.Append("source")) -} - -type sensitiveFileState struct { - Content string `json:"content"` - ContentBase64 string `json:"content_base64"` - ContentBase64Sha256 string `json:"content_base64sha256"` - ContentBase64Sha512 string `json:"content_base64sha512"` - ContentMd5 string `json:"content_md5"` - ContentSha1 string `json:"content_sha1"` - ContentSha256 string `json:"content_sha256"` - ContentSha512 string `json:"content_sha512"` - DirectoryPermission string `json:"directory_permission"` - FilePermission string `json:"file_permission"` - Filename string `json:"filename"` - Id string `json:"id"` - Source string `json:"source"` -} diff --git a/docs/terraform/readme.md b/docs/terraform/readme.md index 7894609..bb07f4c 100644 --- a/docs/terraform/readme.md +++ b/docs/terraform/readme.md @@ -176,11 +176,9 @@ type AWSStack struct { // Initialise a stack with the AWS provider configuration _ = AWSStack{ - Provider: aws.NewProvider( - aws.ProviderArgs{ - Region: terra.String("eu-north-1"), - }, - ), + Provider: &aws.Provider{ + Region: terra.String("eu-north-1"), + }, } ``` @@ -189,19 +187,17 @@ Let's add an example AWS VPC to this stack. ```go type AWSStack struct { terra.Stack - Provider *aws.Provider `validate:"required"` - VPC *aws.Vpc `validate:"required"` + Provider *aws.Provider `validate:"required"` + VPC *aws_vpc.Resource `validate:"required"` } // Initialise a stack with the AWS provider configuration stack := AWSStack{ - Provider: aws.NewProvider( - aws.ProviderArgs{ - Region: terra.String("eu-north-1"), - }, - ), - VPC: aws.NewVpc( - "vpc", aws.VpcArgs{ + Provider: &aws.Provider{ + Region: terra.String("eu-north-1"), + }, + VPC: aws_vpc.New( + "vpc", aws_vpc.Args{ CidrBlock: terra.String("10.0.0.0/16"), EnableDnsSupport: terra.Bool(true), }, @@ -220,7 +216,7 @@ fmt.Println(b.String()) // required_providers { // aws = { // source = "hashicorp/aws" -// version = "4.60.0" +// version = "5.44.0" // } // } // } @@ -248,19 +244,19 @@ Let's add a subnet to our VPC we created earlier, which requires us to use the V ```go type AWSStack struct { terra.Stack - Provider *aws.Provider `validate:"required"` - VPC *aws.Vpc `validate:"required"` - Subnet *aws.Subnet `validate:"required"` + Provider *aws.Provider `validate:"required"` + VPC *aws_vpc.Resource `validate:"required"` + Subnet *aws_subnet.Resource `validate:"required"` } -vpc := aws.NewVpc( - "vpc", aws.VpcArgs{ +vpc := aws_vpc.New( + "vpc", aws_vpc.Args{ CidrBlock: terra.String("10.0.0.0/16"), EnableDnsSupport: terra.Bool(true), }, ) -subnet := aws.NewSubnet( - "subnet", aws.SubnetArgs{ +subnet := aws_subnet.New( + "subnet", aws_subnet.Args{ // Reference the VPC's ID, which will translate into a reference // in the Terraform configuration VpcId: vpc.Attributes().Id(), @@ -269,11 +265,9 @@ subnet := aws.NewSubnet( // Initialise a stack with the AWS provider configuration stack := AWSStack{ - Provider: aws.NewProvider( - aws.ProviderArgs{ - Region: terra.String("eu-north-1"), - }, - ), + Provider: &aws.Provider{ + Region: terra.String("eu-north-1"), + }, VPC: vpc, Subnet: subnet, } @@ -290,7 +284,7 @@ fmt.Println(b.String()) // required_providers { // aws = { // source = "hashicorp/aws" -// version = "4.60.0" +// version = "5.44.0" // } // } // } @@ -325,19 +319,17 @@ Here is an example using the AWS VPC. ```go type AWSStack struct { terra.Stack - Provider *aws.Provider `validate:"required"` - VPC *aws.Vpc `validate:"required"` + Provider *aws.Provider `validate:"required"` + VPC *aws_vpc.Resource `validate:"required"` } // Initialise a stack with the AWS provider configuration stack := AWSStack{ - Provider: aws.NewProvider( - aws.ProviderArgs{ - Region: terra.String("eu-north-1"), - }, - ), - VPC: aws.NewVpc( - "vpc", aws.VpcArgs{ + Provider: &aws.Provider{ + Region: terra.String("eu-north-1"), + }, + VPC: aws_vpc.New( + "vpc", aws_vpc.Args{ CidrBlock: terra.String("10.0.0.0/16"), EnableDnsSupport: terra.Bool(true), }, @@ -403,8 +395,8 @@ var ( B = terra.Bool ) -_ = aws.NewVpc( - "vpc", aws.VpcArgs{ +_ = aws_vpc.New( + "vpc", aws_vpc.Args{ CidrBlock: S("10.0.0.0/16"), EnableDnsSupport: B(true), }, diff --git a/docs/terraform/types_test.go b/docs/terraform/types_test.go index e0565ff..e6b4e3e 100644 --- a/docs/terraform/types_test.go +++ b/docs/terraform/types_test.go @@ -4,8 +4,8 @@ package terraform import ( + "github.com/golingon/lingon/docs/terraform/out/aws/aws_vpc" "github.com/golingon/lingon/pkg/terra" - aws "github.com/golingon/terraproviders/aws/4.60.0" ) func Example_typesVars() { @@ -14,8 +14,8 @@ func Example_typesVars() { B = terra.Bool ) - _ = aws.NewVpc( - "vpc", aws.VpcArgs{ + _ = aws_vpc.New( + "vpc", aws_vpc.Args{ CidrBlock: S("10.0.0.0/16"), EnableDnsSupport: B(true), }, diff --git a/pkg/internal/terrajen/const.go b/pkg/internal/terrajen/const.go index 42fe404..a4bd966 100644 --- a/pkg/internal/terrajen/const.go +++ b/pkg/internal/terrajen/const.go @@ -19,6 +19,8 @@ const ( suffixArgs = "Args" suffixAttributes = "Attributes" suffixState = "State" + + prefixStructDataSource = "Data" ) const ( diff --git a/pkg/internal/terrajen/data.go b/pkg/internal/terrajen/data.go index 89057fe..a4b7fe4 100644 --- a/pkg/internal/terrajen/data.go +++ b/pkg/internal/terrajen/data.go @@ -9,7 +9,8 @@ import ( "github.com/dave/jennifer/jen" ) -// DataSourceFile generates a Go file for a Terraform data source configuration based on the given +// DataSourceFile generates a Go file for a Terraform data source configuration +// based on the given // Schema func DataSourceFile(s *Schema) *jen.File { f := jen.NewFile(s.PackageName) diff --git a/pkg/internal/terrajen/funcs.go b/pkg/internal/terrajen/funcs.go index 2955773..e5693d5 100644 --- a/pkg/internal/terrajen/funcs.go +++ b/pkg/internal/terrajen/funcs.go @@ -188,7 +188,7 @@ func funcAttributes(s *Schema) *jen.Statement { } func funcResourceImportState(s *Schema) *jen.Statement { - attributesArgs := jen.Id("av").Clone + attributesArgs := jen.Id("state").Clone return jen.Comment( fmt.Sprintf( "%s imports the given attribute values into [%s]'s state.", @@ -207,7 +207,12 @@ func funcResourceImportState(s *Schema) *jen.Statement { // Body Block( // Initialise the state - jen.Id(s.Receiver).Dot(idFieldState).Op("=").Op("&").Id(s.StateStructName).Block(), + jen.Id(s.Receiver). + Dot(idFieldState). + Op("="). + Op("&"). + Id(s.StateStructName). + Block(), jen.If( jen.Id("err").Op(":=").Qual( "encoding/json", diff --git a/pkg/internal/terrajen/generator.go b/pkg/internal/terrajen/generator.go index 40aa9b2..97e5e88 100644 --- a/pkg/internal/terrajen/generator.go +++ b/pkg/internal/terrajen/generator.go @@ -48,9 +48,9 @@ type ProviderGenerator struct { type SchemaType string const ( - SchemaTypeProvider SchemaType = "provider" - SchemaTypeResource SchemaType = "resource" - SchemaTypeData SchemaType = "data" + SchemaTypeProvider SchemaType = "provider" + SchemaTypeResource SchemaType = "resource" + SchemaTypeDataSource SchemaType = "data" ) // SchemaProvider creates a schema for the provider config block for the @@ -58,21 +58,25 @@ const ( // represented by ProviderGenerator func (a *ProviderGenerator) SchemaProvider(sb *tfjson.SchemaBlock) *Schema { return &Schema{ - SchemaType: SchemaTypeProvider, - GoProviderPkgPath: a.GoProviderPkgPath, // github.com/golingon/lingon/gen/aws - GeneratedPackageLocation: a.GeneratedPackageLocation, // gen/aws - ProviderName: a.ProviderName, // aws - ProviderSource: a.ProviderSource, // registry.terraform.io/hashicorp/aws - ProviderVersion: a.ProviderVersion, // 4.49.0 - PackageName: a.ProviderName, // aws - ShortName: "provider", - Type: "provider", - StructName: "Provider", - ArgumentStructName: "ProviderArgs", - Receiver: structReceiverFromName("provider"), - - NewFuncName: "NewProvider", - SubPackageName: "provider", + SchemaType: SchemaTypeProvider, + GoProviderPkgPath: a.GoProviderPkgPath, // github.com/golingon/lingon/gen/aws + GeneratedPkgLocation: a.GeneratedPackageLocation, // gen/aws + ProviderName: a.ProviderName, // aws + ProviderSource: a.ProviderSource, // registry.terraform.io/hashicorp/aws + ProviderVersion: a.ProviderVersion, // 4.49.0 + PackageName: a.ProviderName, // aws + Type: "provider", + StructName: "Provider", + ArgumentStructName: "Provider", // Edge case for provider: args struct *is* the provider struct. + StateStructName: "n/a", // Providers do not have a state. + Receiver: structReceiverFromName("provider"), + + NewFuncName: "n/a", // Not used. + SubPkgName: a.ProviderName, + SubPkgPath: filepath.Join( + a.GeneratedPackageLocation, + "provider_types"+fileExtension, + ), FilePath: filepath.Join( a.GeneratedPackageLocation, "provider"+fileExtension, @@ -87,40 +91,41 @@ func (a *ProviderGenerator) SchemaResource( name string, sb *tfjson.SchemaBlock, ) *Schema { - shortName := providerShortName(name) - spn := strings.ReplaceAll(shortName, "_", "") - fp := filepath.Join(a.GeneratedPackageLocation, shortName+fileExtension) rs := &Schema{ - SchemaType: SchemaTypeResource, - GoProviderPkgPath: a.GoProviderPkgPath, // github.com/golingon/lingon/gen/aws - GeneratedPackageLocation: a.GeneratedPackageLocation, // gen/aws - ProviderName: a.ProviderName, // aws - ProviderSource: a.ProviderSource, // hashicorp/aws - ProviderVersion: a.ProviderVersion, // 4.49.0 - ShortName: shortName, // aws_iam_role => iam_role - PackageName: a.ProviderName, // aws - Type: name, // aws - - StructName: strcase.Pascal( - shortName, - ), // iam_role => IamRole - ArgumentStructName: strcase.Pascal( - shortName, - ) + suffixArgs, // iam_role => IamRoleArgs + SchemaType: SchemaTypeResource, + GoProviderPkgPath: a.GoProviderPkgPath, // github.com/golingon/lingon/gen/aws + GeneratedPkgLocation: a.GeneratedPackageLocation, // gen/aws + ProviderName: a.ProviderName, // aws + ProviderSource: a.ProviderSource, // hashicorp/aws + ProviderVersion: a.ProviderVersion, // 4.49.0 + PackageName: name, // aws_iam_role + Type: name, // aws_iam_role + + StructName: "Resource", + ArgumentStructName: suffixArgs, // Args AttributesStructName: strcase.Camel( - shortName, - ) + suffixAttributes, // iam_role => iamRoleAttributes + name, + ) + suffixAttributes, // iam_role => awsIamRoleAttributes StateStructName: strcase.Camel( - shortName, - ) + suffixState, // iam_role => IamRoleOut + name, + ) + suffixState, // aws_iam_role => awsIamRoleState Receiver: structReceiverFromName( - shortName, + name, ), // iam_role => ir - NewFuncName: "New" + strcase.Pascal(shortName), - SubPackageName: spn, // iam_role => iamrole - FilePath: fp, - graph: newGraph(sb), + NewFuncName: "New", + SubPkgName: name, // aws_iam_role => aws_iam_role + SubPkgPath: filepath.Join( + a.GeneratedPackageLocation, + name, + name+"_types"+fileExtension, + ), + FilePath: filepath.Join( + a.GeneratedPackageLocation, + name, + name+fileExtension, + ), + graph: newGraph(sb), } return rs } @@ -131,50 +136,45 @@ func (a *ProviderGenerator) SchemaData( name string, sb *tfjson.SchemaBlock, ) *Schema { - shortName := providerShortName(name) - spn := strings.ReplaceAll(shortName, "_", "") - dataName := "data_" + shortName - fp := filepath.Join(a.GeneratedPackageLocation, dataName+fileExtension) - pn := strcase.Pascal(shortName) - + dataName := "data_" + name ds := &Schema{ - SchemaType: SchemaTypeData, - GoProviderPkgPath: a.GoProviderPkgPath, // github.com/golingon/lingon/gen/aws - GeneratedPackageLocation: a.GeneratedPackageLocation, // gen/aws - ProviderName: a.ProviderName, // aws - ProviderSource: a.ProviderSource, // hashicorp/aws - ProviderVersion: a.ProviderVersion, // 4.49.0 - ShortName: shortName, // aws_iam_role => iam_role - PackageName: a.ProviderName, // aws - Type: name, // aws_iam_role - - StructName: "Data" + pn, // iam_role => DataIamRole - ArgumentStructName: "Data" + pn + suffixArgs, // iam_role => DataIamRoleArgs - AttributesStructName: "data" + pn + suffixAttributes, // iam_role => dataIamRoleAttributes + SchemaType: SchemaTypeDataSource, + GoProviderPkgPath: a.GoProviderPkgPath, // github.com/golingon/lingon/gen/aws + GeneratedPkgLocation: a.GeneratedPackageLocation, // gen/aws + ProviderName: a.ProviderName, // aws + ProviderSource: a.ProviderSource, // hashicorp/aws + ProviderVersion: a.ProviderVersion, // 4.49.0 + PackageName: name, // aws_iam_role + Type: name, // aws_iam_role + + StructName: "DataSource", + ArgumentStructName: prefixStructDataSource + suffixArgs, // aws_iam_role => DataArgs + AttributesStructName: strcase.Camel( + dataName, + ) + suffixAttributes, // iam_role => dataAwsIamRoleAttributes + StateStructName: "n/a", // Data sources do not have a state. Receiver: structReceiverFromName( - shortName, + name, ), // iam_role => ir - NewFuncName: "NewData" + pn, // iam_role => NewDataIamRole - SubPackageName: "data" + spn, // iam_role => dataiamrole - FilePath: fp, - graph: newGraph(sb), + NewFuncName: "Data", + SubPkgName: name, // aws_iam_role => aws_iam_role + SubPkgPath: filepath.Join( + a.GeneratedPackageLocation, + name, + dataName+"_types"+fileExtension, + ), // gen/aws/aws_iam_role/data_aws_iam_role_types.go + FilePath: filepath.Join( + a.GeneratedPackageLocation, + name, + dataName+fileExtension, + ), // gen/aws/aws_iam_role/data_aws_iam_role.go + graph: newGraph(sb), } return ds } -// providerShortName takes a name like "aws_iam_role" and returns the name -// without -// the leading provider prefix, i.e. it returns "iam_role" -func providerShortName(name string) string { - underscoreIndex := strings.Index(name, "_") - if underscoreIndex == -1 { - return name - } - return name[underscoreIndex+1:] -} - // structReceiverFromName calculates a suitable receiver from the name of the // object. It gets the first character of each word separated by underscores, // e.g. iam_role => ir @@ -197,15 +197,14 @@ func structReceiverFromName(name string) string { // A schema can represent a resource, a data object or the provider // configuration. type Schema struct { - SchemaType SchemaType // resource / provider / data - GoProviderPkgPath string // github.com/golingon/lingon/gen/providers - GeneratedPackageLocation string // gen/providers/aws - ProviderName string // aws - ProviderSource string // registry.terraform.io/hashicorp/aws - ProviderVersion string // 4.49.0 - ShortName string // aws_iam_role => iam_role - PackageName string // aws - Type string // aws_iam_role + SchemaType SchemaType // resource / provider / data + GoProviderPkgPath string // github.com/golingon/lingon/gen/providers + GeneratedPkgLocation string // gen/providers/aws + ProviderName string // aws + ProviderSource string // registry.terraform.io/hashicorp/aws + ProviderVersion string // 4.49.0 + PackageName string // aws + Type string // aws_iam_role // Structs StructName string // iam_role => IamRole @@ -215,20 +214,15 @@ type Schema struct { Receiver string // iam_role => ir - NewFuncName string // iam_role => NewIamRole - SubPackageName string // iam_role => iamrole - FilePath string // gen/providers/aws/ xxx - graph *graph + NewFuncName string // iam_role => NewIamRole + SubPkgName string // iam_role => iamrole + // SubPkgPath is the filepath for the schema entities types (args, + // attributes, state). + SubPkgPath string + FilePath string // gen/providers/aws/ xxx + graph *graph } func (s *Schema) SubPkgQualPath() string { - return s.GoProviderPkgPath + "/" + s.SubPackageName -} - -func (s *Schema) SubPkgPath() string { - return filepath.Join( - s.GeneratedPackageLocation, - s.SubPackageName, - s.ShortName+fileExtension, - ) + return s.GoProviderPkgPath + "/" + s.SubPkgName } diff --git a/pkg/internal/terrajen/generator_test.go b/pkg/internal/terrajen/generator_test.go deleted file mode 100644 index c133fb6..0000000 --- a/pkg/internal/terrajen/generator_test.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2023 Volvo Car Corporation -// SPDX-License-Identifier: Apache-2.0 - -package terrajen - -import ( - "testing" - - tu "github.com/golingon/lingon/pkg/testutil" -) - -func TestProviderShortName(t *testing.T) { - expectedName := "some_resource" - trimmedName := providerShortName("aws_" + expectedName) - tu.AssertEqual(t, expectedName, trimmedName) -} diff --git a/pkg/internal/terrajen/graph.go b/pkg/internal/terrajen/graph.go index 3386aea..e822cb9 100644 --- a/pkg/internal/terrajen/graph.go +++ b/pkg/internal/terrajen/graph.go @@ -4,8 +4,11 @@ package terrajen import ( + "crypto/sha256" + "encoding/hex" "fmt" "sort" + "strings" "github.com/veggiemonk/strcase" @@ -50,12 +53,13 @@ func newGraph(schema *tfjson.SchemaBlock) *graph { ) } - g.calculateUniqueNames() + g.calculateUniqueTypeNames() return &g } -// graph is used to decouple the tfjson.SchemaBlock type from the code generator. +// graph is used to decouple the tfjson.SchemaBlock type from the code +// generator. // A graph is created by supplying a tfjson.SchemaBlock. type graph struct { // attributes are the top-level attributes for a terraform configuration @@ -109,18 +113,6 @@ type node struct { receiver string } -func (n *node) argsStructName() string { - return strcase.Pascal(n.uniqueName) -} - -func (n *node) attributesStructName() string { - return strcase.Pascal(n.uniqueName) + suffixAttributes -} - -func (n *node) stateStructName() string { - return strcase.Pascal(n.uniqueName) + suffixState -} - func (n *node) isSingularArg() bool { return len(n.nestingPath) == 0 || n.maxItems == 1 } @@ -255,7 +247,8 @@ func (g *graph) traverseCtyType( obj, _ := ctyTypeElementObject(ct) for _, atName := range sortMapKeys(obj.AttributeTypes()) { at := obj.AttributeType(atName) - // If there are objects within the attributes of this object, traverse those objects + // If there are objects within the attributes of this object, traverse + // those objects // and make them children of this object if _, ok := ctyTypeElementObject(at); ok { n.children = append( @@ -276,33 +269,48 @@ func (g *graph) traverseCtyType( return &n } -func (g *graph) calculateUniqueNames() { - // We hate this function - uniq := false - for !uniq { - uniq = true - dict := make(map[string][]*node) - for _, n := range g.nodes { - dict[n.uniqueName] = append(dict[n.uniqueName], n) - } +// calculateUniqueTypeNames iterates over all nodes in the graph and calculates +// unique type names for each node. +// For most cases, this will be the path to the node with the node name itself +// appended on the end. +// +// To avoid generating incredibly long type names, if the node path is +// longer than 5 take the first 2 elements and generate a short hash of +// the rest as a suffix. +// +// This will provide strong uniqueness guarantees and should not affect +// the developer experience because Go's auto-complete type suggestions +// will find the right type for you. +// And if you accidently use the wrong type you will get a compile +// error. +// +// This was the lesser evil compared with struct names that are 50+ characters +// of words in PascalCase. +func (g *graph) calculateUniqueTypeNames() { + for _, node := range g.nodes { + nodePath := make([]string, len(node.path)+1) + copy(nodePath, node.path) + nodePath[len(node.path)] = node.name + + if len(nodePath) >= 5 { + prefix := strings.Join(nodePath[:2], ".") + suffix := strings.Join(nodePath[2:], ".") + + hash := shortHash(suffix) + node.uniqueName = fmt.Sprintf("%s.%s", prefix, hash) + continue - for _, nodes := range dict { - if len(nodes) == 1 { - continue - } - uniq = false - - for _, n := range nodes { - if len(n.path) > n.uniqueDepth { - pathIndex := len(n.path) - n.uniqueDepth - 1 - n.uniqueName = n.path[pathIndex] + "." + n.uniqueName - n.uniqueDepth += 1 - } - } } + node.uniqueName = strings.Join(nodePath, ".") } } +func shortHash(s string) string { + hash := sha256.New() + hash.Write([]byte(s)) + return hex.EncodeToString(hash.Sum(nil))[0:8] +} + func appendPath(path []string, name string) []string { newPath := make([]string, len(path)+1) copy(newPath, path) @@ -326,7 +334,8 @@ func blockNodeNestingMode(block *tfjson.SchemaBlockType) []nodeNestingMode { case tfjson.SchemaNestingModeSingle, tfjson.SchemaNestingModeGroup: return nil case tfjson.SchemaNestingModeList, tfjson.SchemaNestingModeMap: - // Unintuitively, tfjson.SchemaNestingModeMap is not actually a map, just a list, + // Unintuitively, tfjson.SchemaNestingModeMap is not actually a map, + // just a list, // but they get keyed by the block labels into a Map. // For our use case, we therefore treat it like a list. return []nodeNestingMode{nodeNestingModeList} diff --git a/pkg/internal/terrajen/provider.go b/pkg/internal/terrajen/provider.go index a7baf3c..c14db69 100644 --- a/pkg/internal/terrajen/provider.go +++ b/pkg/internal/terrajen/provider.go @@ -4,40 +4,23 @@ package terrajen import ( + "fmt" + "github.com/dave/jennifer/jen" ) -// ProviderFile generates a Go file for a Terraform provider configuration based on the given Schema +// ProviderFile generates a Go file for a Terraform provider configuration based +// on the given Schema func ProviderFile(s *Schema) *jen.File { f := jen.NewFile(s.ProviderName) f.ImportName(pkgTerra, pkgTerraAlias) f.HeaderComment(HeaderComment) - f.Add(providerNewFunc(s)) f.Add(providerStructCompileCheck(s)) f.Add(providerStruct(s)) - f.Add(argsStruct(s)) return f } -func providerNewFunc(s *Schema) *jen.Statement { - return jen.Func().Id(s.NewFuncName).Params( - jen.Id("args").Id(s.ArgumentStructName), - ). - // Return - Op("*").Id(s.StructName). - // Block - Block( - jen.Return( - jen.Op("&").Id(s.StructName).Values( - jen.Dict{ - jen.Id(idFieldArgs): jen.Id("args"), - }, - ), - ), - ) -} - func providerStructCompileCheck(s *Schema) *jen.Statement { return jen.Var().Op("_").Qual(pkgTerra, "Provider").Op("="). Params( @@ -48,10 +31,16 @@ func providerStructCompileCheck(s *Schema) *jen.Statement { } func providerStruct(s *Schema) *jen.Statement { - stmt := jen.Type().Id(s.StructName).Struct( - jen.Id(idFieldArgs).Id(s.ArgumentStructName), - jen.Line(), - ) + // stmt := jen.Type().Id(s.StructName).Struct( + // jen.Id(idFieldArgs).Id(s.ArgumentStructName), + // jen.Line(), + // ) + // stmt.Line() + // stmt.Line() + + // Use the args struct as the main struct, because there is nothing else to + // go in the provider. + stmt := argsStruct(s) stmt.Line() stmt.Line() @@ -68,9 +57,33 @@ func providerStruct(s *Schema) *jen.Statement { stmt.Line() stmt.Line() // Configuration - stmt.Add(funcConfiguration(s)) + stmt.Add(funcProviderConfiguration(s)) stmt.Line() stmt.Line() return stmt } + +func funcProviderConfiguration(s *Schema) *jen.Statement { + return jen.Comment( + fmt.Sprintf( + "%s returns the provider configuration for [%s].", + idFuncConfiguration, + s.StructName, + ), + ). + Line(). + Func(). + // Receiver + Params(jen.Id(s.Receiver).Op("*").Id(s.StructName)). + // Name + Id(idFuncConfiguration).Call(). + // Return type + Interface(). + // Body + Block( + jen.Return( + jen.Id(s.Receiver), + ), + ) +} diff --git a/pkg/internal/terrajen/resource.go b/pkg/internal/terrajen/resource.go index fb4e10a..a0bd71b 100644 --- a/pkg/internal/terrajen/resource.go +++ b/pkg/internal/terrajen/resource.go @@ -10,7 +10,8 @@ import ( "github.com/veggiemonk/strcase" ) -// ResourceFile generates a Go file for a Terraform resource configuration based on the given Schema +// ResourceFile generates a Go file for a Terraform resource configuration based +// on the given Schema func ResourceFile(s *Schema) *jen.File { f := jen.NewFile(s.PackageName) f.ImportAlias(pkgHCL, pkgHCLAlias) @@ -152,7 +153,8 @@ func resourceStateStruct(s *Schema) *jen.Statement { stmt.Index() } - stmt.Qual(s.SubPkgQualPath(), strcase.Pascal(child.name)+suffixState) + stmt.Id(strcase.Pascal(child.uniqueName) + suffixState) + // stmt.Qual(s.SubPkgQualPath(), strcase.Pascal(child.name)+suffixState) stmt.Tag( map[string]string{ tagJSON: child.name, @@ -160,5 +162,10 @@ func resourceStateStruct(s *Schema) *jen.Statement { ) fields = append(fields, stmt) } - return jen.Type().Id(s.StateStructName).Struct(fields...) + return jen. + Type(). + Id(s.StateStructName). + Struct(fields...). + Line(). + Line() } diff --git a/pkg/internal/terrajen/structs.go b/pkg/internal/terrajen/structs.go index 082a2ac..ad82e28 100644 --- a/pkg/internal/terrajen/structs.go +++ b/pkg/internal/terrajen/structs.go @@ -10,8 +10,9 @@ import ( "github.com/veggiemonk/strcase" ) -// argsStruct takes a schema and generates the Args struct that is used by the user to specify the arguments -// for the object that the schema represents (e.g. provider, resource, data resource) +// argsStruct takes a schema and generates the Args struct that is used by the +// user to specify the arguments for the object that the schema represents (e.g. +// provider, resource, data resource) func argsStruct(s *Schema) *jen.Statement { fields := make([]jen.Code, 0) for _, attr := range s.graph.attributes { @@ -34,6 +35,9 @@ func argsStruct(s *Schema) *jen.Statement { } for _, child := range s.graph.children { + if !child.isArg { + continue + } tags := map[string]string{ tagHCL: child.uniqueName + ",block", } @@ -50,7 +54,8 @@ func argsStruct(s *Schema) *jen.Statement { } tags[tagValidate] = nodeBlockListValidateTags(child) } - stmt.Qual(s.SubPkgQualPath(), strcase.Pascal(child.uniqueName)) + + stmt.Id(subPkgArgStructName(child, s.SchemaType)) stmt.Tag(tags) fields = append(fields, stmt) } @@ -65,11 +70,14 @@ func argsStruct(s *Schema) *jen.Statement { Line(). Type(). Id(s.ArgumentStructName). - Struct(fields...) + Struct(fields...). + Line(). + Line() } -// attributesStruct takes a schema and generates the Attributes struct that is used by the user to creates references to -// attributes for the object that the schema represents (e.g. provider, resource, data resource) +// attributesStruct takes a schema and generates the Attributes struct that is +// used by the user to creates references to attributes for the object that the +// schema represents (e.g. provider, resource, data resource) func attributesStruct(s *Schema) *jen.Statement { var stmt jen.Statement @@ -124,8 +132,10 @@ func attributesStruct(s *Schema) *jen.Statement { } for _, child := range s.graph.children { - structName := strcase.Pascal(child.uniqueName) + suffixAttributes - qualStruct := jen.Qual(s.SubPkgQualPath(), structName).Clone + structName := subPkgAttributeStructName(child, s.SchemaType) + // structName := strcase.Pascal(child.uniqueName) + suffixAttributes + qualStruct := jen.Id(structName).Clone + // qualStruct := jen.Qual(s.SubPkgQualPath(), structName).Clone stmt.Add( jen.Func(). // Receiver diff --git a/pkg/internal/terrajen/subpkg.go b/pkg/internal/terrajen/subpkg.go index c1a3fc9..82a41dc 100644 --- a/pkg/internal/terrajen/subpkg.go +++ b/pkg/internal/terrajen/subpkg.go @@ -22,27 +22,29 @@ func SubPkgFile(s *Schema) (*jen.File, bool) { if s.graph.isEmpty() { return nil, false } - f := jen.NewFile(s.SubPackageName) + f := jen.NewFile(s.SubPkgName) f.ImportAlias(pkgHCL, "hcl") f.HeaderComment(HeaderComment) for _, n := range s.graph.nodes { - f.Add(subPkgArgStruct(n)) + if n.isArg { + f.Add(subPkgArgStruct(n, s.SchemaType)) + } } for _, n := range s.graph.nodes { - f.Add(subPkgAttributeStruct(n)) + f.Add(subPkgAttributeStruct(n, s.SchemaType)) } for _, n := range s.graph.nodes { - f.Add(subPkgStateStruct(n)) + f.Add(subPkgStateStruct(n, s.SchemaType)) } return f, true } -func subPkgArgStruct(n *node) *jen.Statement { +func subPkgArgStruct(n *node, schemaType SchemaType) *jen.Statement { fields := make([]jen.Code, 0) for _, attr := range n.attributes { - // Skip attributes that are not arguments + // Skip attributes that are not arguments. if !attr.isArg { continue } @@ -61,6 +63,10 @@ func subPkgArgStruct(n *node) *jen.Statement { } for _, child := range n.children { + // Skip attributes that are not arguments. + if !child.isArg { + continue + } stmt := jen.Comment(child.comment()).Line() stmt.Add(jen.Id(strcase.Pascal(child.name))) tags := map[string]string{ @@ -88,13 +94,13 @@ func subPkgArgStruct(n *node) *jen.Statement { } tags[tagValidate] = nodeBlockListValidateTags(child) } - stmt.Id(strcase.Pascal(child.uniqueName)) + stmt.Id(subPkgArgStructName(child, schemaType)) stmt.Tag(tags) fields = append(fields, stmt) } stmt := jen. - Type().Id(n.argsStructName()). + Type().Id(subPkgArgStructName(n, schemaType)). Struct(fields...) stmt.Line() stmt.Line() @@ -102,8 +108,15 @@ func subPkgArgStruct(n *node) *jen.Statement { return stmt } -func subPkgAttributeStruct(n *node) *jen.Statement { - structName := n.attributesStructName() +func subPkgArgStructName(n *node, schemaType SchemaType) string { + if schemaType == SchemaTypeDataSource { + return prefixStructDataSource + strcase.Pascal(n.uniqueName) + } + return strcase.Pascal(n.uniqueName) +} + +func subPkgAttributeStruct(n *node, schemaType SchemaType) *jen.Statement { + structName := subPkgAttributeStructName(n, schemaType) structFieldRef := "ref" refArg := "ref" @@ -217,7 +230,7 @@ func subPkgAttributeStruct(n *node) *jen.Statement { } for _, child := range n.children { - childStructName := child.attributesStructName() + childStructName := subPkgAttributeStructName(child, schemaType) appendRef := jen.Id(n.receiver). Dot(refArg). Dot("Append"). @@ -249,7 +262,15 @@ func subPkgAttributeStruct(n *node) *jen.Statement { return stmt } -func subPkgStateStruct(n *node) *jen.Statement { +func subPkgAttributeStructName(n *node, schemaType SchemaType) string { + structName := strcase.Pascal(n.uniqueName) + suffixAttributes + if schemaType == SchemaTypeDataSource { + return prefixStructDataSource + structName + } + return structName +} + +func subPkgStateStruct(n *node, schemaType SchemaType) *jen.Statement { fields := make([]jen.Code, 0) for _, attr := range n.attributes { @@ -272,7 +293,7 @@ func subPkgStateStruct(n *node) *jen.Statement { } else { stmt.Index() } - stmt.Id(child.stateStructName()) + stmt.Id(subPkgStateStructName(child, schemaType)) stmt.Tag( map[string]string{ tagJSON: child.name, @@ -282,10 +303,18 @@ func subPkgStateStruct(n *node) *jen.Statement { } stmt := jen. - Type().Id(n.stateStructName()). + Type().Id(subPkgStateStructName(n, schemaType)). Struct(fields...) stmt.Line() stmt.Line() return stmt } + +func subPkgStateStructName(n *node, schemaType SchemaType) string { + structName := strcase.Pascal(n.uniqueName) + suffixState + if schemaType == SchemaTypeDataSource { + return prefixStructDataSource + structName + } + return structName +} diff --git a/pkg/terragen/gowrapper.go b/pkg/terragen/gowrapper.go index 7e6e774..1c22c30 100644 --- a/pkg/terragen/gowrapper.go +++ b/pkg/terragen/gowrapper.go @@ -40,6 +40,9 @@ type GenerateGoArgs struct { PkgPath string // Force enables overriding any existing generated files per-provider. Force bool + // Clean enables cleaning the generated files location before generating the + // new files. + Clean bool } // GenerateGoCode generates Go code for creating Terraform objects for the given @@ -73,7 +76,7 @@ func GenerateGoCode( if err != nil { return err } - if err := createDirIfNotEmpty(args.OutDir, args.Force); err != nil { + if err := createDirIfNotEmpty(args.OutDir, args.Force, args.Clean); err != nil { return fmt.Errorf( "creating providers pkg directory %q: %w", args.OutDir, @@ -130,7 +133,7 @@ func generateProviderTxtar( return nil, fmt.Errorf("rendering sub package file: %w", err) } ar.Files = append(ar.Files, txtar.File{ - Name: providerSchema.SubPkgPath(), + Name: providerSchema.SubPkgPath, Data: subPkgBuf.Bytes(), }) } @@ -138,19 +141,19 @@ func generateProviderTxtar( // Generate Resources // for name, resource := range schema.ResourceSchemas { - rs := provider.SchemaResource(name, resource.Block) - rsf := terrajen.ResourceFile(rs) + resourceSchema := provider.SchemaResource(name, resource.Block) + rsf := terrajen.ResourceFile(resourceSchema) resourceBuf := bytes.Buffer{} if err := rsf.Render(&resourceBuf); err != nil { terrajen.JenDebug(err) return nil, fmt.Errorf("rendering resource file: %w", err) } ar.Files = append(ar.Files, txtar.File{ - Name: rs.FilePath, + Name: resourceSchema.FilePath, Data: resourceBuf.Bytes(), }) - rsSubPkgFile, ok := terrajen.SubPkgFile(rs) + rsSubPkgFile, ok := terrajen.SubPkgFile(resourceSchema) if !ok { continue } @@ -160,7 +163,7 @@ func generateProviderTxtar( return nil, fmt.Errorf("rendering sub package file: %w", err) } ar.Files = append(ar.Files, txtar.File{ - Name: rs.SubPkgPath(), + Name: resourceSchema.SubPkgPath, Data: rsSubPkgBuf.Bytes(), }) } @@ -169,19 +172,19 @@ func generateProviderTxtar( // Generate Data blocks // for name, data := range schema.DataSourceSchemas { - ds := provider.SchemaData(name, data.Block) - df := terrajen.DataSourceFile(ds) + dataSchema := provider.SchemaData(name, data.Block) + df := terrajen.DataSourceFile(dataSchema) dataBuf := bytes.Buffer{} if err := df.Render(&dataBuf); err != nil { terrajen.JenDebug(err) return nil, fmt.Errorf("rendering data file: %w", err) } ar.Files = append(ar.Files, txtar.File{ - Name: ds.FilePath, + Name: dataSchema.FilePath, Data: dataBuf.Bytes(), }) - dataSubPkgFile, ok := terrajen.SubPkgFile(ds) + dataSubPkgFile, ok := terrajen.SubPkgFile(dataSchema) if !ok { continue } @@ -191,14 +194,14 @@ func generateProviderTxtar( return nil, fmt.Errorf("rendering sub package file: %w", err) } ar.Files = append(ar.Files, txtar.File{ - Name: ds.SubPkgPath(), + Name: dataSchema.SubPkgPath, Data: dataSubPkgBuf.Bytes(), }) } return &ar, nil } -func createDirIfNotEmpty(path string, force bool) error { +func createDirIfNotEmpty(path string, force, clean bool) error { f, err := os.Open(path) if err != nil { if !os.IsNotExist(err) { @@ -222,16 +225,19 @@ func createDirIfNotEmpty(path string, force bool) error { } return err } - // The directory is not empty. If force flag is provided, clean the - // directory, else error - if !force { + // The directory is not empty. If force or clean flags are not provided, we + // have a problem. + if !force && !clean { return ErrPackageLocationNotEmpty } + if !clean { + return nil + } if err := os.RemoveAll(path); err != nil { return fmt.Errorf("cleaning directory: %w", err) } // Create the directory again now that it's gone - return createDirIfNotEmpty(path, false) + return createDirIfNotEmpty(path, false, false) } // ParseProvider takes a provider as a string and returns a Provider object. diff --git a/pkg/terragen/gowrapper_test.go b/pkg/terragen/gowrapper_test.go index 43ed1dd..09e482d 100644 --- a/pkg/terragen/gowrapper_test.go +++ b/pkg/terragen/gowrapper_test.go @@ -60,6 +60,15 @@ func TestGenerateProvider(t *testing.T) { FilterResources: []string{"aws_iam_role"}, FilterDataSources: []string{"aws_iam_role"}, }, + { + Name: "aws_securitylake_subscriber", + ProviderName: "aws", + ProviderSource: "hashicorp/aws", + ProviderVersion: "5.44.0", + + FilterResources: []string{"aws_securitylake_subscriber"}, + FilterDataSources: []string{"aws_securitylake_subscriber"}, + }, } if *update { t.Log("running update")