fix: migrate to connect

postfinance · Jun 13, 2024 · 654a93c · 654a93c
1 parent ee5fdac
commit 654a93c
Show file tree

Hide file tree

Showing 28 changed files with 424 additions and 1,677 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,5 @@ dist/
 .a*
 discovery*.yml
 bin/
+.task
+bin/
diff --git a/Makefile b/Makefile
@@ -12,11 +12,10 @@ GO_VERSION := $(shell (go version | awk '{print $$3;}'))
 BINARIES := $(shell find ./dist ! -name '*goreleaserdocker*' -path '*_linux_*' -type f -executable)
 GORELEASER := 0.156.1
 GOLANGCI := 1.36.0
-PROTOC_BUF := 1.12.0
-PROTOC := 21.12
-PROTOC_GEN_GO := 1.28.1
-PROTOC_GEN_GRPC_GO := 1.2.0
-PROTOC_GEN_GRPC_GATEWAY := 2.15.0
+
+
+PROTOC_BUF := 1.31.0
+PROTOC := 26.1
 
 ## build: build the binaries only
 build:

diff --git a/Taskfile.yaml b/Taskfile.yaml
@@ -0,0 +1,263 @@
+version: '3'
+
+vars:
+  PROTOC_BUF: 1.32.0
+  PROTOC: 26.1
+
+env:
+  FLUFFY_MANAGER_NAMESPACE: default
+
+tasks:
+  default:
+    aliases:
+      - run
+    desc: run the controller
+    cmds:
+      # - kubectx kind-{{ .CLUSTER_ID_01 }}
+      - make run
+
+  buf-lint:
+    desc: Lints protobuffer files
+    deps:
+      - download-buf
+    cmds:
+      - bin/buf lint
+
+  buf-generate:
+    desc: Lints protobuffer files
+    deps:
+      - download-buf
+      - download-protoc
+      - download-tools
+    cmds:
+      - bin/buf generate --path proto/postfinance/
+    sources:
+      - proto/**/*.proto
+    generates:
+      - pkg/discoverypb/postfinance/discovery/v1/*.go
+
+  download-protoc:
+    cmds:
+      - mkdir -p bin
+      - curl -sLo /tmp/protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v{{ .PROTOC}}/protoc-{{ .PROTOC }}-linux-x86_64.zip
+      - unzip -o /tmp/protoc.zip bin/protoc
+      - rm /tmp/protoc.zip
+    sources:
+      - Taskfile.yaml
+    generates:
+      - bin/protoc
+
+  download-buf:
+    cmds:
+      - mkdir -p bin
+      - curl -sLo - https://github.com/bufbuild/buf/releases/download/v{{ .PROTOC_BUF}}/buf-Linux-x86_64.tar.gz | tar -C bin --strip-components=2 -xvzf - buf/bin/buf
+      - chmod +x bin/buf
+    sources:
+      - Taskfile.yaml
+    generates:
+      - bin/buf
+
+  download-tools:
+   env:
+     GOPATH: /tmp/go
+   cmds:
+     - mkdir ${GOPATH}
+     - echo $GOPATH
+     - go install google.golang.org/protobuf/cmd/protoc-gen-go
+     - go install google.golang.org/grpc/cmd/protoc-gen-go-grpc
+     - mkdir -p bin
+     - mv /tmp/go/bin/* bin/
+     - sudo rm -rf /tmp/go
+   sources:
+     - tools.go
+   generates:
+      - bin/protoc-gen-go
+      - bin/protoc-gen-go-grpc
+
+  run-e1:
+    deps:
+      - vault-create-token-e1
+    env:
+      FLUFFY_MANAGER_CLUSTERACCESS: 'false'
+      FLUFFY_MANAGER_CLUSTER_ID: '{{ .CLUSTER_ID_02 }}'
+      FLUFFY_MANAGER_METRICS_ADDR: ":8082"
+      FLUFFY_MANAGER_PROBE_ADDR: ":8083"
+    desc: run the controller on e1-k8s-pfnet-a cluster
+    cmds:
+      - kubectx kind-{{ .CLUSTER_ID_02 }}
+      - make run
+
+  kind-create-cluster-01:
+    cmds:
+      - http_proxy={{ .PROXY }} https_proxy={{ .PROXY }} kind create cluster --name {{ .CLUSTER_ID_01 }}
+    status:
+      - kind get clusters | grep -q {{ .CLUSTER_ID_01 }}
+
+  kind-create-cluster-02:
+    cmds:
+      - http_proxy={{ .PROXY }} https_proxy={{ .PROXY }} kind create cluster --name {{ .CLUSTER_ID_02 }}
+    status:
+      - kind get clusters | grep -q {{ .CLUSTER_ID_02 }}
+
+  kind-delete-clusters:
+    cmds:
+      - task: kind-delete-cluster-01
+      - task: kind-delete-cluster-02
+
+  kind-delete-cluster-01:
+    cmds:
+      - kind delete cluster --name {{ .CLUSTER_ID_01 }}
+
+  kind-delete-cluster-02:
+    cmds:
+      - kind delete cluster --name {{ .CLUSTER_ID_02 }}
+
+  k8s-setup-kubeconfig:
+    cmds:
+      - ./dist/fluffyctl_linux_amd64_v1/fluffyctl setup -i '^kind-[ept]1.*' --source=kubeconfig --remove=kind- -o {{ .TMP_KUBECONFIG }}
+
+  k8s-setup-cluster-01:
+    deps:
+      - kind-load-images-cluster-01
+    vars:
+      DEST_CONTEXT: kind-{{ .CLUSTER_ID_01 }}
+      VAULT_ADDRS: http://{{ .LISTEN_ADDR }}:{{ .VAULT_SERVER_01_PORT }},http://{{ .LISTEN_ADDR }}:{{ .VAULT_SERVER_02_PORT }}
+
+      CONTEXT: kind-{{ .CLUSTER_ID_01 }}
+      RESOURCE_NAME: '{{ .CLUSTER_ID_01 }}'
+    cmds: &k8s-setup-cluster-cmd
+      - kubectx {{ .CONTEXT }}
+      - make install
+      - |
+        cat << EOF > /tmp/ns.yaml
+        apiVersion: v1
+        kind: Namespace
+        metadata:
+          name: appl-vault-test-e1
+        EOF
+      - kubectl apply -f /tmp/ns.yaml
+      - grep -v "{" config/helm/templates/secret_admin_clusterrole.yaml | kubectl apply -f -
+      - rm -f /tmp/ns.yaml
+
+  k8s-setup-cluster-02:
+    deps:
+      - kind-load-images-cluster-02
+    vars:
+      DEST_CONTEXT: kind-{{ .CLUSTER_ID_01 }}
+      VAULT_ADDRS: http://{{ .LISTEN_ADDR }}:{{ .VAULT_SERVER_01_PORT }},http://{{ .LISTEN_ADDR }}:{{ .VAULT_SERVER_02_PORT }}
+
+      CONTEXT: kind-{{ .CLUSTER_ID_02 }}
+      RESOURCE_NAME: '{{ .CLUSTER_ID_02 }}'
+    cmds: *k8s-setup-cluster-cmd
+
+  k8s-setup-clusters:
+    desc: create two clusters and adds secrets to access them to first cluster in default namespace
+    cmds:
+      - task: k8s-setup-cluster-01
+      - task: k8s-setup-cluster-02
+
+  k8s-setup-vault-clientconfig-01:
+    vars:
+      CONTEXT: kind-{{ .CLUSTER_ID_01 }}
+
+      PORT: '{{ .VAULT_SERVER_01_PORT }}'
+      RESOURCE_NAME: vault-server-{{ .PORT }}
+      TOKEN_PATH: '{{ .DEV_TOKEN_PREFIX}}{{.CLUSTER_ID_01}}-{{ .PORT }}'
+    cmds:
+      - kubectx {{ .CONTEXT }}
+      - ./dist/fluffyctl_linux_amd64_v1/fluffyctl vault-config -n {{ .RESOURCE_NAME }} -t {{ .TOKEN_PATH }} -u http://{{ .LISTEN_ADDR }}:{{ .PORT }}
+
+  k8s-setup-vault-clientconfig-02:
+    vars:
+      CONTEXT: kind-{{ .CLUSTER_ID_02 }}
+
+      PORT: '{{ .VAULT_SERVER_01_PORT }}'
+      RESOURCE_NAME: vault-server-{{ .PORT }}
+      TOKEN_PATH: '{{ .DEV_TOKEN_PREFIX}}{{.CLUSTER_ID_02}}-{{ .PORT }}'
+    cmds:
+      - kubectx {{ .CONTEXT }}
+      - ./dist/fluffyctl_linux_amd64_v1/fluffyctl vault-config -n {{ .RESOURCE_NAME }} -t {{ .TOKEN_PATH }} -u http://{{ .LISTEN_ADDR }}:{{ .PORT }}
+
+  k8s-setup-vault-clientconfig:
+    desc: configures the vault client config
+    cmds:
+      - task: k8s-setup-vault-clientconfig-02
+      - task: k8s-setup-vault-clientconfig-01
+
+
+  k8s-configure-clusteraccess:
+    desc: create the necessary clusteraccess resources and secrets
+    deps:
+      - k8s-setup-kubeconfig
+    vars:
+      VAULT_ADDR: http://{{ .LISTEN_ADDR }}:{{ .VAULT_SERVER_01_PORT }}
+    cmds:
+      - KUBECONFIG={{.TMP_KUBECONFIG }} ./dist/fluffyctl_linux_amd64_v1/fluffyctl cluster-config --dest-context={{ .CLUSTER_ID_01 }} --bound-service-accounts=fluffy-master --bound-namespaces=fluffy-master --vault-addr={{ .VAULT_ADDR }}
+
+  vault-start-server-01:
+    dir: /tmp
+    env:
+      VAULT_DEV_ROOT_TOKEN_ID: '{{ .VAULT_SERVER_01_ROOT_TOKEN }}'
+      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:{{ .VAULT_SERVER_01_PORT }}
+    cmds:
+      - vault server -dev -log-level=debug
+
+  vault-start-server-02:
+    dir: /tmp
+    env:
+      VAULT_DEV_ROOT_TOKEN_ID: '{{ .VAULT_SERVER_02_ROOT_TOKEN }}'
+      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:{{ .VAULT_SERVER_02_PORT }}
+    cmds:
+      - vault server -dev -log-level=debug
+
+  vault-start-server:
+    desc: start two vault servers on port 8200 and 8201
+    deps:
+      - vault-start-server-01
+      - vault-start-server-02
+
+  vault-create-token-e1:
+    env:
+      VAULT_TOKEN: '{{ .VAULT_SERVER_01_ROOT_TOKEN }}'
+      VAULT_ADDR: http://{{ .LISTEN_ADDR }}:{{ .VAULT_SERVER_01_PORT}}
+      TOKEN_PATH: '{{ .DEV_TOKEN_PREFIX }}{{ .CLUSTER_ID_02 }}-{{ .VAULT_SERVER_01_PORT }}'
+      MOUNTPATH: k8s_{{ .CLUSTER_ID_02 }}
+    cmds:
+      - vault token create -policy=default -policy=k8s_clusteraccess_{{ .CLUSTER_ID_02 }} --field=token > ${TOKEN_PATH}
+
+  vault-setup-server-01:
+    env:
+      VAULT_TOKEN: '{{ .VAULT_SERVER_01_ROOT_TOKEN }}'
+      VAULT_ADDR: http://{{ .LISTEN_ADDR }}:{{ .VAULT_SERVER_01_PORT}}
+      TOKEN_PATH: '{{ .DEV_TOKEN_PREFIX }}{{ .CLUSTER_ID_01 }}-{{ .VAULT_SERVER_01_PORT }}'
+      MOUNTPATH: k8s_{{ .CLUSTER_ID_01 }}
+    cmds: &vault-setup-server-cmd
+      - vault auth enable -path=${MOUNTPATH} kubernetes
+      - cat config/vault/k8s-vault-authorizer.hcl | vault policy write tf_fluffy -
+      - vault write auth/${MOUNTPATH}/role/tf_fluffy bound_service_account_names=default bound_service_account_namespaces=default token_ttl=300 token_policies=default,tf_fluffy
+      - vault token create -policy=default -policy=tf_fluffy --field=token > ${TOKEN_PATH}
+    status:
+      - vault auth list | grep -q ${MOUNTPATH}/
+
+  vault-setup-server-02:
+    env:
+      VAULT_TOKEN: '{{ .VAULT_SERVER_02_ROOT_TOKEN }}'
+      VAULT_ADDR: http://{{ .LISTEN_ADDR }}:{{ .VAULT_SERVER_02_PORT}}
+      TOKEN_PATH: '{{ .DEV_TOKEN_PREFIX }}{{ .CLUSTER_ID_01 }}-{{ .VAULT_SERVER_02_PORT }}'
+      MOUNTPATH: k8s_{{ .CLUSTER_ID_01 }}
+    cmds: *vault-setup-server-cmd
+    status:
+      - echo ${VAULT_ADDR}
+      - vault auth list | grep -q ${MOUNTPATH}/
+
+  vault-setup-server:
+    desc: creates kubernetes auth methods and the necessary policies
+    deps:
+      - vault-setup-server-01
+      - vault-setup-server-02
+
+  clean:
+    desc: deletes all created resources
+    cmds:
+      - rm -rf bin
+
diff --git a/buf.gen.yaml b/buf.gen.yaml
@@ -1,17 +1,8 @@
----
-version: v1beta1
+version: v2
 plugins:
-  - name: go
+  - local: ./bin/protoc-gen-go
     out: pkg/discoverypb
     opt: paths=source_relative
-    path: ./bin/protoc-gen-go
-  - name: go-grpc
+  - local: ./bin/protoc-gen-go-grpc
     out: pkg/discoverypb
     opt: paths=source_relative
-    path: ./bin/protoc-gen-go-grpc
-  - name: grpc-gateway
-    out: pkg/discoverypb
-    opt:
-      - paths=source_relative
-      - allow_repeated_fields_in_body=true
-    path: ./bin/protoc-gen-grpc-gateway
diff --git a/buf.yaml b/buf.yaml
@@ -1,18 +1,26 @@
----
-version: v1beta1
-build:
-  roots:
-    - proto/
-  # excludes:
-    # - google/api
+version: v2
+modules:
+  - path: proto
 lint:
-  ignore:
-    - google
   use:
     - DEFAULT
+    # - FIELD_NO_DESCRIPTOR
   except:
-    - ENUM_ZERO_VALUE_SUFFIX
-    - ENUM_VALUE_UPPER_SNAKE_CASE
+    - ENUM_FIRST_VALUE_ZERO
     - ENUM_VALUE_PREFIX
+    - ENUM_VALUE_UPPER_SNAKE_CASE
+    - ENUM_ZERO_VALUE_SUFFIX
+    - FIELD_NOT_REQUIRED
+    - IMPORT_USED
+    - PACKAGE_NO_IMPORT_CYCLE
+    - PROTOVALIDATE
+    # - SYNTAX_SPECIFIED
+  ignore:
+    - proto/google
   enum_zero_value_suffix: _INVALID
   service_suffix: API
+  disallow_comment_ignores: true
+breaking:
+  except:
+    - EXTENSION_NO_DELETE
+    - FIELD_SAME_DEFAULT
diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/postfinance/discovery
 go 1.16
 
 require (
+	connectrpc.com/connect v1.16.2
 	github.com/alecthomas/kong v0.7.1
 	github.com/coreos/go-oidc/v3 v3.5.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
@@ -24,10 +25,11 @@ require (
 	github.com/zbindenren/sfmt v0.1.0
 	go.uber.org/zap v1.24.0
 	golang.org/x/oauth2 v0.5.0
-	golang.org/x/term v0.5.0
+	golang.org/x/term v0.18.0
 	google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2
 	google.golang.org/grpc v1.53.0
-	google.golang.org/protobuf v1.28.1
+	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0
+	google.golang.org/protobuf v1.33.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.26.1
 )
-Original file line number
+Diff line change
@@ Expand Up / @@ -3,3 +3,5 @@ dist/ @@
     .a*
     discovery*.yml
     bin/
+    .task
+    bin/