From 4edd3c2d86b299208c3c03996615b0bceac65f85 Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 17:26:51 -0400 Subject: [PATCH 1/3] fixes for vault unseal --- cmd/createUtils.go | 8 +++++--- internal/vault/vault.go | 33 +++++++-------------------------- 2 files changed, 12 insertions(+), 29 deletions(-) diff --git a/cmd/createUtils.go b/cmd/createUtils.go index 496860876..e132d6fb2 100644 --- a/cmd/createUtils.go +++ b/cmd/createUtils.go @@ -161,12 +161,14 @@ func loopUntilPodIsReady() { log.Printf("vault is availbale but the body is not what is expected %s", err) continue } - isInitialized := responseJson["initialized"] - if !isInitialized.(bool) { + + _, ok := responseJson["initialized"] + if ok { log.Printf("vault is initialized and is in the expected state") - break + return } } + log.Panic("vault was never initialized") } type VaultInitResponse struct { diff --git a/internal/vault/vault.go b/internal/vault/vault.go index b96345fe8..8cdd677b6 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -5,20 +5,18 @@ import ( "context" "encoding/json" "fmt" + "log" + "os" + "os/exec" + "syscall" + vault "github.com/hashicorp/vault/api" "github.com/kubefirst/kubefirst/configs" - "github.com/kubefirst/kubefirst/internal/k8s" "github.com/kubefirst/kubefirst/pkg" "github.com/spf13/viper" gitlab "github.com/xanzy/go-gitlab" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" coreV1Types "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/client-go/tools/clientcmd" - "log" - "os" - "os/exec" - "syscall" ) // GetVaultRootToken get `vault-unseal-keys` token on Vault. @@ -61,29 +59,12 @@ func ConfigureVault(dryRun bool) { // ``` // ... obviously keep the sensitive values bound to vars - k8sClient, err := clientcmd.BuildConfigFromFlags("", config.KubeConfigPath) - if err != nil { - log.Panicf("error: getting k8sClient %s", err) - } - clientset, err := kubernetes.NewForConfig(k8sClient) - if err != nil { - log.Panicf("error: getting k8sClient &s", err) - } - - k8s.VaultSecretClient = clientset.CoreV1().Secrets("vault") - vaultToken, err := GetVaultRootToken(k8s.VaultSecretClient) - if err != nil { - log.Panicf("unable to get vault root token, error: %s", err) - } - - viper.Set("vault.token", vaultToken) - viper.WriteConfig() - + vaultToken := viper.GetString("vault.token") var kPortForwardOutb, kPortForwardErrb bytes.Buffer kPortForward := exec.Command(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "vault", "port-forward", "svc/vault", "8200:8200") kPortForward.Stdout = &kPortForwardOutb kPortForward.Stderr = &kPortForwardErrb - err = kPortForward.Start() + err := kPortForward.Start() defer kPortForward.Process.Signal(syscall.SIGTERM) if err != nil { log.Println("Commad Execution STDOUT: %s", kPortForwardOutb.String()) From c51c2011f46d74735840a0c6c89ebc2dfd97dfbe Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 18:52:03 -0400 Subject: [PATCH 2/3] not my favorite commit --- cmd/create.go | 40 ++++++++++++++++++++++++++------------- internal/gitlab/gitlab.go | 8 +++++++- 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index d923ad563..f2ed49321 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -13,7 +13,6 @@ import ( "github.com/kubefirst/kubefirst/internal/gitlab" "github.com/kubefirst/kubefirst/internal/helm" "github.com/kubefirst/kubefirst/internal/progressPrinter" - "github.com/kubefirst/kubefirst/internal/reports" "github.com/kubefirst/kubefirst/internal/softserve" "github.com/kubefirst/kubefirst/internal/terraform" "github.com/kubefirst/kubefirst/internal/vault" @@ -21,6 +20,11 @@ import ( "github.com/spf13/viper" ) +const trackerStage20 = "0 - Apply Base" +const trackerStage21 = "1 - Temporary SCM Install" +const trackerStage22 = "2 - Argo/Final SCM Install" +const trackerStage23 = "3 - Final Setup" + // createCmd represents the create command var createCmd = &cobra.Command{ Use: "create", @@ -49,11 +53,7 @@ to quickly create a Cobra application.`, log.Panic(err) } - // todo: - // isolate commands, in case we want to run some validations on the create, it would be a good idea to call the - // functions that does the validations infoCmd.Run(cmd, args) - progressPrinter.IncrementTracker("step-0", 1) progressPrinter.AddTracker("step-softserve", "Prepare Temporary Repo ", 4) @@ -208,13 +208,15 @@ to quickly create a Cobra application.`, progressPrinter.AddTracker("step-vault", "Configure Vault", 4) informUser("waiting for vault unseal") + /** - informUser("Vault initialized") + */ + waitVaultToBeRunning(dryRun) + informUser("Vault running") progressPrinter.IncrementTracker("step-vault", 1) - // todo need to make sure this is not needed - // waitForVaultUnseal(dryRun, config) - // informUser("Vault unseal") + waitForVaultUnseal(dryRun, config) + informUser("Vault unseal") progressPrinter.IncrementTracker("step-vault", 1) log.Println("configuring vault") @@ -226,7 +228,9 @@ to quickly create a Cobra application.`, createVaultConfiguredSecret(dryRun, config) informUser("Vault secret created") progressPrinter.IncrementTracker("step-vault", 1) + } + if !viper.GetBool("gitlab.oidc-created") { progressPrinter.AddTracker("step-post-gitlab", "Finalize Gitlab updates", 5) vault.AddGitlabOidcApplications(dryRun) informUser("Added Gitlab OIDC") @@ -238,24 +242,34 @@ to quickly create a Cobra application.`, informUser("Pushing gitops repo to origin gitlab") // refactor: sounds like a new functions, should PushGitOpsToGitLab be renamed/update signature? - + viper.Set("gitlab.oidc-created", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.gitops-pushed") { gitlab.PushGitRepo(dryRun, config, "gitlab", "gitops") // todo: need to handle if this was already pushed, errors on failure) progressPrinter.IncrementTracker("step-post-gitlab", 1) // todo: keep one of the two git push functions, they're similar, but not exactly the same //gitlab.PushGitOpsToGitLab(dryRun) - + viper.Set("gitlab.gitops-pushed", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.metaphor-pushed") { informUser("Pushing metaphor repo to origin gitlab") gitlab.PushGitRepo(dryRun, config, "gitlab", "metaphor") progressPrinter.IncrementTracker("step-post-gitlab", 1) // todo: keep one of the two git push functions, they're similar, but not exactly the same //gitlab.PushGitOpsToGitLab(dryRun) - + viper.Set("gitlab.metaphor-pushed", true) + viper.WriteConfig() + } + if !viper.GetBool("gitlab.registered") { informUser("Changing registry to Gitlab") gitlab.ChangeRegistryToGitLab(dryRun) progressPrinter.IncrementTracker("step-post-gitlab", 1) - // todo triage / force apply the contents adjusting // todo kind: Application .repoURL: + viper.Set("gitlab.registered", true) + viper.WriteConfig() } } sendCompleteInstallTelemetry(dryRun) diff --git a/internal/gitlab/gitlab.go b/internal/gitlab/gitlab.go index 265d32e90..c2ae2f84c 100644 --- a/internal/gitlab/gitlab.go +++ b/internal/gitlab/gitlab.go @@ -560,7 +560,13 @@ func PushGitRepo(dryRun bool, config *configs.Config, gitOrigin, repoName string } if gitOrigin == "gitlab" { - + pkg.Detokenize(repoDir) + os.RemoveAll(repoDir + "/terraform/base/.terraform") + os.RemoveAll(repoDir + "/terraform/gitlab/.terraform") + os.RemoveAll(repoDir + "/terraform/vault/.terraform") + os.Remove(repoDir + "/terraform/base/.terraform.lock.hcl") + os.Remove(repoDir + "/terraform/gitlab/.terraform.lock.hcl") + CommitToRepo(repo, repoName) auth := &gitHttp.BasicAuth{ Username: "root", Password: viper.GetString("gitlab.token"), From 6600555ea1d9750a5fb7efbac2d8470db478311b Mon Sep 17 00:00:00 2001 From: johndietz Date: Fri, 15 Jul 2022 18:54:07 -0400 Subject: [PATCH 3/3] remove not my stuff --- cmd/create.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cmd/create.go b/cmd/create.go index f2ed49321..28cd03cb8 100644 --- a/cmd/create.go +++ b/cmd/create.go @@ -20,10 +20,6 @@ import ( "github.com/spf13/viper" ) -const trackerStage20 = "0 - Apply Base" -const trackerStage21 = "1 - Temporary SCM Install" -const trackerStage22 = "2 - Argo/Final SCM Install" -const trackerStage23 = "3 - Final Setup" // createCmd represents the create command var createCmd = &cobra.Command{