Merge pull request #1 from gburges/image

Image

.github/workflows/imageupdate.yml

@@ -0,0 +1,43 @@
+name: Base image auto update
+on:
+  schedule:
+    - cron: "5 0 * * *"
+  workflow_dispatch:
+
+jobs:
+  checkout:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up skopeo
+        run: sudo apt-get install -y skopeo    
+      - name: Check ubi8-minimal change
+        run: |
+          UBIVERSION=$(skopeo inspect docker://registry.access.redhat.com/ubi8/ubi-minimal:latest |jq '.Labels.url' |sed 's/"//g' |awk -F/ '{print $NF}')
+          echo "ubiversion=$UBIVERSION" >> "$GITHUB_ENV"
+      - name: Check go-toolset change
+        run: |
+          GOTOOLSETVER=$(skopeo inspect docker://registry.access.redhat.com/ubi8/go-toolset:latest |jq '.Labels.url' |sed 's/"//g' |awk -F/ '{print $NF}')
+          echo "gotoolsetver=$GOTOOLSETVER" >> "$GITHUB_ENV"
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.SIGN_KEY }}
+          passphrase: ${{ secrets.SIGN_KEY_PHRASE }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
+      - name: Do change if the version changed
+        run: |
+          git config user.name 'DevProdBot'
+          git config user.email '[email protected]>'
+          git checkout -b update
+          sed -i "s/registry.access.redhat.com\/ubi8\/ubi-minimal:[0-9.-]*/registry.access.redhat.com\/ubi8\/ubi-minimal:$ubiversion/" Dockerfile
+          sed -i "s/registry.access.redhat.com\/ubi8\/go-toolset:[0-9.-]*/registry.access.redhat.com\/ubi8\/go-toolset:$gotoolsetver/" Dockerfile.base
+          git add -A
+          git commit -S -m "Update to ubi-minimal or go-toolset image" || echo "No changes to commit"
+          git push -u origin update || git push -f origin update
+      - name: Create pull request
+        run: gh pr create --title 'Regular docker image update' --body 'Automation \o/' --reviewer addrew
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yml

@@ -18,7 +18,7 @@ jobs:
       - uses: actions/setup-go@v3
         name: Set up Go 1.x
         with:
-          go-version: 1.18
+          go-version: 1.19
 
       - uses: actions/checkout@v3
         name: Checkout frontend-operator

.github/workflows/package.yml

@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/setup-go@v2
-        name: Set up golang 1.17
+        name: Set up golang 1.19
         with:
-          go-version: '1.17.7'
+          go-version: '1.19.10'
       - name: Check out source code
         uses: actions/checkout@v2
       - name: Install package and dependencies

.github/workflows/platsec.yml

@@ -0,0 +1,44 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# The default values used in the docker build commands are the root
+# directory '.' and the dockerfile name of 'Dockerfile'. If there is 
+# a need to change these do so in your local workflow template (this file) and
+# change them there. HINT: Look at the bottom of this file.
+
+# This workflow checks out code, builds an image, performs a container image
+# vulnerability scan with Anchore's Grype tool, and generates an
+# SBOM via Anchore's Syft tool
+
+# For more information on Anchore's container image scanning tool Grype, see
+# https://github.com/anchore/grype
+
+# For more information about the Anchore SBOM tool, Syft, see
+# https://github.com/anchore/syft
+
+name: ConsoleDot Platform Security Scan
+
+on:
+  push:
+    branches: [ "main", "security-compliance" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main", "security-compliance" ]
+
+jobs:
+  PlatSec-Security-Workflow:
+    uses: RedHatInsights/platform-security-gh-workflow/.github/workflows/platsec-security-scan-reusable-workflow.yml@master
+    ## The optional parameters below are used if you are using something other than the
+    ## the defaults of root '.' for the path and 'Dockerfile' for the Dockerfile name.
+    ## Additionally, if you have a Dockerfile you use as your BASE_IMG or you need to
+    ## use '--build-arg', those can be define below as well.
+
+    with:
+    #   dockerfile_path: './test'
+    #   dockerfile_name: 'Dockerfile.main'
+      base_image_build: true
+    #   base_dockerfile_path: './test'
+      base_dockerfile_name: 'Dockerfile.base'
+      build_arg: '--build-arg BASE_IMAGE="localbuild/baseimage:latest"'

.gitignore

@@ -9,6 +9,8 @@ bin
 testbin/*
 __debug_bin
 
+kubeconfig
+
 # Test binary, build with `go test -c`
 *.test
 

Dockerfile

@@ -1,10 +1,13 @@
 # Build the manager binary
-FROM registry.access.redhat.com/ubi8/go-toolset:1.18.4-8.1669838000 as builder
+ARG BASE_IMAGE=
+FROM $BASE_IMAGE as builder
 
 WORKDIR /workspace
+
 # Copy the Go Modules manifests
 COPY go.mod go.mod
 COPY go.sum go.sum
+
 # cache deps before building and copying source so that we don't need to re-download as much
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download
@@ -14,12 +17,10 @@ COPY main.go main.go
 COPY api/ api/
 COPY controllers/ controllers/
 
-USER 0
-
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux go build -o manager main.go
 
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7-1031
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8-1072.1697626218
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65534:65534

Dockerfile.base

@@ -0,0 +1,23 @@
+# Build the manager binary
+FROM registry.access.redhat.com/ubi8/go-toolset:1.19.13-2.1698062273  as builder
+
+WORKDIR /workspace
+
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+
+RUN go mod download
+
+COPY main.go main.go
+COPY api/ api/
+COPY controllers/ controllers/
+
+USER 0
+
+RUN CGO_ENABLED=0 GOOS=linux go build -o manager main.go
+
+RUN rm main.go
+RUN rm -rf api
+RUN rm -rf controllers
+

Jenkinsfile

@@ -0,0 +1,46 @@
+def secrets = [
+    [path: params.VAULT_PATH_SVC_ACCOUNT_EPHEMERAL, engineVersion: 1, secretValues: [
+        [envVar: 'OC_LOGIN_TOKEN_DEV', vaultKey: 'oc-login-token-dev'],
+        [envVar: 'OC_LOGIN_SERVER_DEV', vaultKey: 'oc-login-server-dev']]],
+    [path: params.VAULT_PATH_QUAY_PUSH, engineVersion: 1, secretValues: [
+        [envVar: 'QUAY_USER', vaultKey: 'user'],
+        [envVar: 'QUAY_TOKEN', vaultKey: 'token']]],
+    [path: params.VAULT_PATH_RHR_PULL, engineVersion: 1, secretValues: [
+        [envVar: 'RH_REGISTRY_USER', vaultKey: 'user'],
+        [envVar: 'RH_REGISTRY_TOKEN', vaultKey: 'token']]]
+]
+
+def configuration = [vaultUrl: params.VAULT_ADDRESS, vaultCredentialId: params.VAULT_CREDS_ID, engineVersion: 1]
+
+pipeline {
+    agent { label 'insights' }
+    options {
+        timestamps()
+    }
+
+    environment {
+        FEO_CONTAINER_NAME="frontend-operator-pr-check-pipeline-$ghprbPullId"
+    }
+
+    stages {
+        stage('PR Checks') {
+            steps {
+                withVault([configuration: configuration, vaultSecrets: secrets]) {
+                    sh '''
+                    source ./pr_check.sh
+                    '''
+                }
+            }
+        }
+
+        stage('KUTTL Tests'){
+            steps {
+                withVault([configuration: configuration, vaultSecrets: secrets]) {
+                    sh '''
+                    source ./kuttl_test.sh
+                    '''
+                }
+            }
+        }
+    }
+}

Makefile

@@ -33,7 +33,6 @@ ENVTEST_K8S_VERSION = 1.23
 # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
 # cloud.redhat.com/frontend-operator-bundle:$VERSION and cloud.redhat.com/frontend-operator-catalog:$VERSION.
 IMAGE_TAG_BASE ?= cloud.redhat.com/frontend-operator
-
 # BUNDLE_IMG defines the image:tag used for the bundle.
 # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>)
 BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION)
@@ -83,6 +82,7 @@ release: manifests kustomize controller-gen
 	cd ../..
 	$(KUSTOMIZE) build config/default >> manifest.yaml
 
+
 ##@ Development
 
 pre-push: manifests generate fmt vet build-template api-docs
@@ -107,13 +107,17 @@ ENVTEST = $(shell pwd)/testbin/bin/setup-envtest
 envtest: ## Download envtest-setup locally if necessary.
 	$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
 
-test: manifests envtest generate fmt vet
+test: manifests envtest generate fmt vet	
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out
 
 # gotestsum is used to generate xml for the tests. Embedded in the Dockerfile.pr
 junit: gotestsum manifests envtest generate fmt vet
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" $(PROJECT_DIR)/testbin/bin/gotestsum --junitfile artifacts/junit-ginko.xml -- ./... -coverprofile cover.out
 
+# entry point for testing kuttl with kind
+kuttl: manifests envtest generate fmt vet
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" kubectl kuttl test --config kuttl-config.yml  ./tests/e2e
+
 ##@ Build
 
 build: generate fmt vet ## Build manager binary.
@@ -123,7 +127,7 @@ run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
 docker-build: test ## Build docker image with the manager.
-	docker build -t ${IMG} .
+	docker build -t ${IMG} .	
 
 docker-push: ## Push docker image with the manager.
 	docker push ${IMG}

README.md

@@ -83,3 +83,25 @@ If you want to access the app from your computer, you have to update /etc/hosts
 ```
 
 Once you update it you can access the app from `https://env-boot/insights/inventory`
+
+
+## E2E testing with kuttl
+
+[Kuttl](https://kuttl.dev/) is an end to end testing framework for Kubernetes operators. We hope to provide full test coverage for the Frontend Operator with kuttl.
+
+To run the kuttl tests you'll need to be running the operator and Clowder in minikube as shown in the directions above. You also need to make sure you [have kuttl installed on your machine](https://kuttl.dev/docs/cli.html#setup-the-kuttl-kubectl-plugin).
+
+Once all that is in place you can run the kuttl tests:
+
+```bash
+$ make kuttl
+```
+Friendly reminder: make sure you have the frontend operator runnning (`make run-local`) before you run the tests or they will never work and you'll go nuts trying to figure out why.
+
+If you want to run a single test you can do this:
+```bash
+$ kubectl kuttl test --config kuttl-config.yml  ./tests/e2e --test bundles
+```
+where `bundles` is the name of the directory that contains the test you want to run.
+
+

api/v1alpha1/frontend_types.go

@@ -54,6 +54,10 @@ type FrontendSpec struct {
 	Module         *FedModule           `json:"module,omitempty" yaml:"module,omitempty"`
 	NavItems       []*BundleNavItem     `json:"navItems,omitempty" yaml:"navItems,omitempty"`
 	AssetsPrefix   string               `json:"assetsPrefix,omitempty" yaml:"assetsPrefix,omitempty"`
+	// Akamai cache bust opt-out
+	AkamaiCacheBustDisable bool `json:"akamaiCacheBustDisable,omitempty" yaml:"akamaiCacheBustDisable,omitempty"`
+	// Files to cache bust
+	AkamaiCacheBustPaths []string `json:"akamaiCacheBustPaths,omitempty" yaml:"akamaiCacheBustPaths,omitempty"`
 }
 
 var ReconciliationSuccessful clusterv1.ConditionType = "ReconciliationSuccessful"
@@ -77,6 +81,7 @@ type FedModule struct {
 	Modules          []Module            `json:"modules,omitempty" yaml:"modules,omitempty"`
 	ModuleID         string              `json:"moduleID,omitempty" yaml:"moduleID,omitempty"`
 	Config           *apiextensions.JSON `json:"config,omitempty" yaml:"config,omitempty"`
+	FullProfile      *bool               `json:"fullProfile,omitempty" yaml:"fullProfile,omitempty"`
 }
 
 type Module struct {
@@ -88,9 +93,10 @@ type Module struct {
 }
 
 type Route struct {
-	Pathname string `json:"pathname" yaml:"pathname"`
-	Dynamic  bool   `json:"dynamic,omitempty" yaml:"dynamic,omitempty"`
-	Exact    bool   `json:"exact,omitempty" yaml:"exact,omitempty"`
+	Pathname string              `json:"pathname" yaml:"pathname"`
+	Dynamic  bool                `json:"dynamic,omitempty" yaml:"dynamic,omitempty"`
+	Exact    bool                `json:"exact,omitempty" yaml:"exact,omitempty"`
+	Props    *apiextensions.JSON `json:"props,omitempty" yaml:"props,omitempty"`
 }
 
 // +kubebuilder:object:root=true
@@ -148,6 +154,12 @@ func TruePtr() *bool {
 	return &t
 }
 
+// FalsePtr returns a pointer to False
+func FalsePtr() *bool {
+	t := false
+	return &t
+}
+
 // GetIdent returns an ident <env>.<app> that should be unique across the cluster.
 func (i *Frontend) GetIdent() string {
 	return fmt.Sprintf("%v.%v", i.Spec.EnvName, i.Name)

api/v1alpha1/frontendenvironment_types.go

@@ -45,6 +45,23 @@ type FrontendEnvironmentSpec struct {
 	// local will add it to the frontend's namespace
 	// app-interface will add it to "openshift-customer-monitoring"
 	Monitoring *MonitoringConfig `json:"monitoring,omitempty"`
+
+	// SSL mode requests SSL from the services in openshift and k8s and then applies them to the
+	// pod, the route is also set to reencrypt in the case of OpenShift
+	SSL bool `json:"ssl,omitempty"`
+
+	// GenerateNavJSON determines if the nav json configmap
+	// parts should be generated for the bundles. We want to do
+	// do this in epehemeral environments but not in production
+	GenerateNavJSON bool `json:"generateNavJSON,omitempty"`
+	// Enable Akamai Cache Bust
+	EnableAkamaiCacheBust bool `json:"enableAkamaiCacheBust,omitempty"`
+	// Set Akamai Cache Bust Image
+	AkamaiCacheBustImage string `json:"akamaiCacheBustImage,omitempty"`
+	// Set Akamai Cache Bust URL that the files will hang off of
+	AkamaiCacheBustURL string `json:"akamaiCacheBustURL,omitempty"`
+	// The name of the secret we will use to get the akamai credentials
+	AkamaiSecretName string `json:"akamaiSecretName,omitempty"`
 }
 
 type MonitoringConfig struct {

api/v1alpha1/groupversion_info.go

@@ -15,8 +15,8 @@ limitations under the License.
 */
 
 // Package v1alpha1 contains API Schema definitions for the  v1alpha1 API group
-//+kubebuilder:object:generate=true
-//+groupName=cloud.redhat.com
+// +kubebuilder:object:generate=true
+// +groupName=cloud.redhat.com
 package v1alpha1
 
 import (