From 1052eea13ffdeeac83b8702b62ed0617ef5fc68d Mon Sep 17 00:00:00 2001
From: Maarten Dirkse <mdirkse@bol.com>
Date: Mon, 9 Oct 2017 16:18:15 +0200
Subject: [PATCH] feat(provider/kubernetes): Enable annotations, labels and
 secrets for security groups (aka ingress resources) (#2000)

---
 .../kubernetes/help/kubernetes.help.ts        |  2 ++
 .../configure/configure.kubernetes.module.js  |  1 +
 .../configure/wizard/advancedSettings.html    |  8 +++++
 .../configure/wizard/createWizard.html        |  6 ++++
 .../configure/wizard/editWizard.html          |  6 ++++
 .../configure/wizard/tls.controller.js        | 16 +++++++++
 .../securityGroup/configure/wizard/tls.html   | 34 +++++++++++++++++++
 .../configure/wizard/upsert.controller.js     | 10 ++++++
 .../details/details.controller.js             |  6 ++++
 .../securityGroup/details/details.html        | 23 +++++++++++++
 .../kubernetes/securityGroup/transformer.js   |  9 +++++
 11 files changed, 121 insertions(+)
 create mode 100644 app/scripts/modules/kubernetes/securityGroup/configure/wizard/advancedSettings.html
 create mode 100644 app/scripts/modules/kubernetes/securityGroup/configure/wizard/tls.controller.js
 create mode 100644 app/scripts/modules/kubernetes/securityGroup/configure/wizard/tls.html

diff --git a/app/scripts/modules/kubernetes/help/kubernetes.help.ts b/app/scripts/modules/kubernetes/help/kubernetes.help.ts
index 1fff8a8f12e..acfc5c61ee6 100644
--- a/app/scripts/modules/kubernetes/help/kubernetes.help.ts
+++ b/app/scripts/modules/kubernetes/help/kubernetes.help.ts
@@ -127,6 +127,8 @@ const helpContents: {[key: string]: string} = {
   'kubernetes.ingress.rules.host': 'The fully qualified domain name of a network host. Any traffic routed to this host matches this rule. May not be an IP address, or contain port information.',
   'kubernetes.ingress.rules.path': 'POSIX regex (IEE Std 1003.1) matched against the path of an incoming request.',
   'kubernetes.ingress.rules.port': 'The port on the specifed load balancer to route traffic to.',
+  'kubernetes.ingress.tls.host': 'The fully qualified domain name of a network host. Any traffic routed to this host can be secured with TLS. May not be an IP address, or contain port information.',
+  'kubernetes.ingress.tls.secret': '(Optional) Name of the Kubernetes secret that will be used to secure TLS connections to the security group. Note that Spinnaker will not create any secrets, they are assumed to exist.',
 };
 
 export const KUBERNETES_HELP = 'spinnaker.kubernetes.help.contents';
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/configure.kubernetes.module.js b/app/scripts/modules/kubernetes/securityGroup/configure/configure.kubernetes.module.js
index fa820ef7a61..1cc6481508a 100644
--- a/app/scripts/modules/kubernetes/securityGroup/configure/configure.kubernetes.module.js
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/configure.kubernetes.module.js
@@ -5,5 +5,6 @@ const angular = require('angular');
 module.exports = angular.module('spinnaker.securityGroup.configure.kubernetes', [
   require('./wizard/backend.controller.js').name,
   require('./wizard/rules.controller.js').name,
+  require('./wizard/tls.controller.js').name,
   require('./wizard/upsert.controller.js').name,
 ]);
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/advancedSettings.html b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/advancedSettings.html
new file mode 100644
index 00000000000..b9b2c13b1d2
--- /dev/null
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/advancedSettings.html
@@ -0,0 +1,8 @@
+<form class="container-fluid form-horizontal" name="advancedSettings">
+  <div class="col-md-12">
+    <map-editor model="securityGroup.annotations" label="Annotations" add-button-label="Add Annotations" labels-left="true"></map-editor>
+  </div>
+  <div class="col-md-12">
+    <map-editor model="securityGroup.labels" label="Labels" add-button-label="Add Labels" labels-left="true"></map-editor>
+  </div>
+</form>
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/createWizard.html b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/createWizard.html
index b91522e7119..cd5ed73dc2b 100644
--- a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/createWizard.html
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/createWizard.html
@@ -8,6 +8,12 @@
   <v2-wizard-page key="rules" label="Rules">
     <ng-include src="pages.rules"></ng-include>
   </v2-wizard-page>
+  <v2-wizard-page key="tls" label="TLS">
+    <ng-include src="pages.tls"></ng-include>
+  </v2-wizard-page>
+  <v2-wizard-page key="Advanced Settings" label="Advanced Settings">
+    <ng-include src="pages.advancedSettings"></ng-include>
+  </v2-wizard-page>
 </v2-modal-wizard>
 <div class="modal-footer">
   <button ng-disabled="taskMonitor.submitting" class="btn btn-default"
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/editWizard.html b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/editWizard.html
index 9f7454ba927..e7165197c0a 100644
--- a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/editWizard.html
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/editWizard.html
@@ -8,6 +8,12 @@
   <v2-wizard-page key="rules" label="Rules">
     <ng-include src="pages.rules"></ng-include>
   </v2-wizard-page>
+  <v2-wizard-page key="tls" label="TLS">
+    <ng-include src="pages.tls"></ng-include>
+  </v2-wizard-page>
+  <v2-wizard-page key="Advanced Settings" label="Advanced Settings">
+    <ng-include src="pages.advancedSettings"></ng-include>
+  </v2-wizard-page>
 </v2-modal-wizard>
 <div class="modal-footer">
   <button ng-disabled="taskMonitor.submitting" class="btn btn-default"
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/tls.controller.js b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/tls.controller.js
new file mode 100644
index 00000000000..80fd58202e7
--- /dev/null
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/tls.controller.js
@@ -0,0 +1,16 @@
+'use strict';
+
+const angular = require('angular');
+
+module.exports = angular.module('spinnaker.securityGroup.configure.kubernetes.tls', [
+    require('../../transformer.js').name,
+])
+  .controller('kubernetesSecurityGroupTLSController', function($scope, kubernetesSecurityGroupTransformer) {
+    this.addTLSEntry = function() {
+      $scope.securityGroup.tls.push(kubernetesSecurityGroupTransformer.constructNewIngressTLS());
+    };
+
+    this.removeTLSEntry = function(i) {
+      $scope.securityGroup.tls.splice(i, 1);
+    };
+  });
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/tls.html b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/tls.html
new file mode 100644
index 00000000000..e86471d90d3
--- /dev/null
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/tls.html
@@ -0,0 +1,34 @@
+<form ng-controller="kubernetesSecurityGroupTLSController as tlsController" class="container-fluid form-horizontal" name="rules">
+  <div class="col-md-12">
+    <div ng-repeat="tls in securityGroup.tls">
+      <hr ng-if="$index > 0">
+      <div class="form-group">
+        <div class="col-md-3 sm-label-right">
+          Host
+          <help-field key="kubernetes.ingress.tls.host"></help-field>
+        </div>
+        <div class="col-md-6">
+          <input type="text" class="form-control input-sm" name="details" ng-model="tls.hosts"/>
+        </div>
+        <div class="col-md-1">
+          <button class="btn btn-sm btn-default" ng-click="tlsController.removeTLSEntry($index)">
+             <span class="glyphicon glyphicon-trash visible-lg-inline"></span>
+             <span class="visible-lg-inline"> Remove Entry</span>
+          </button>
+        </div>
+      </div>
+      <div class="form-group">
+        <div class="col-md-3 sm-label-right">
+          Secret
+          <help-field key="kubernetes.ingress.tls.secret"></help-field>
+        </div>
+        <div class="col-md-6">
+          <input type="text" class="form-control input-sm" name="details" ng-model="tls.secretName"/>
+        </div>
+      </div>
+    </div>
+    <button class="add-new btn btn-block btn-sm" ng-click="tlsController.addTLSEntry()"><span
+      class="glyphicon glyphicon-plus-sign"></span> Add New TLS Entry
+    </button>
+  </div>
+</form>
diff --git a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/upsert.controller.js b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/upsert.controller.js
index d181230e5db..397a32f09da 100644
--- a/app/scripts/modules/kubernetes/securityGroup/configure/wizard/upsert.controller.js
+++ b/app/scripts/modules/kubernetes/securityGroup/configure/wizard/upsert.controller.js
@@ -34,6 +34,8 @@ module.exports = angular.module('spinnaker.securityGroup.kubernetes.create.contr
       basicSettings: require('./basicSettings.html'),
       backend: require('./backend.html'),
       rules: require('./rules.html'),
+      tls: require('./tls.html'),
+      advancedSettings: require('./advancedSettings.html'),
     };
 
     $scope.state = {
@@ -181,6 +183,14 @@ module.exports = angular.module('spinnaker.securityGroup.kubernetes.create.contr
             cloudProvider: 'kubernetes',
             region: $scope.securityGroup.namespace,
           };
+
+          // Change TLS hosts from string to array for Clouddriver (if it isn't already an array)
+          for (let idx in $scope.securityGroup.tls) {
+            if (!Array.isArray($scope.securityGroup.tls[idx].hosts.constructor)) {
+              $scope.securityGroup.tls[idx].hosts = [$scope.securityGroup.tls[idx].hosts];
+            }
+          }
+
           return securityGroupWriter.upsertSecurityGroup($scope.securityGroup, application, descriptor, params);
         }
       );
diff --git a/app/scripts/modules/kubernetes/securityGroup/details/details.controller.js b/app/scripts/modules/kubernetes/securityGroup/details/details.controller.js
index 738b3a7744e..d5e2b40a498 100644
--- a/app/scripts/modules/kubernetes/securityGroup/details/details.controller.js
+++ b/app/scripts/modules/kubernetes/securityGroup/details/details.controller.js
@@ -43,6 +43,12 @@ module.exports = angular.module('spinnaker.securityGroup.kubernetes.details.cont
           autoClose();
         } else {
           $scope.securityGroup = details;
+
+          // Change TLS hosts from array to string for the UI
+          for (let idx in $scope.securityGroup.tls) {
+            const tls = $scope.securityGroup.tls[idx];
+            tls.hosts = tls.hosts[0];
+          }
         }
       },
         autoClose
diff --git a/app/scripts/modules/kubernetes/securityGroup/details/details.html b/app/scripts/modules/kubernetes/securityGroup/details/details.html
index 2e789c71fb0..5b7132c3cfa 100644
--- a/app/scripts/modules/kubernetes/securityGroup/details/details.html
+++ b/app/scripts/modules/kubernetes/securityGroup/details/details.html
@@ -75,6 +75,17 @@ <h3 select-on-dbl-click>
         No rules created
       </dl>
     </collapsible-section>
+    <collapsible-section heading="TLS">
+      <dl ng-class="insightCtrl.vm.filtersExpanded ? '' : 'dl-horizontal dl-medium'"
+          ng-repeat="tls in securityGroup.ingress.spec.tls"
+          ng-if="securityGroup.ingress.spec.tls.length">
+        <dt>Host</dt>
+        <dd>{{tls.hosts[0]}}</dd>
+      </dl>
+      <dl ng-if="!securityGroup.ingress.spec.tls.length">
+        No TLS entries created
+      </dl>
+    </collapsible-section>
     <collapsible-section heading="Status">
       <dl ng-class="insightCtrl.vm.filtersExpanded ? '' : 'dl-horizontal dl-medium'"
           ng-repeat="ingress in securityGroup.ingress.status.loadBalancer.ingress">
@@ -82,5 +93,17 @@ <h3 select-on-dbl-click>
         <dd>{{ingress.ip}}</dd>
       </dl>
     </collapsible-section>
+    <collapsible-section heading="Annotations" ng-if="securityGroup.ingress.metadata.annotations">
+      <dl class="dl-horizontal dl-flex">
+        <kubernetes-key-value-details map="securityGroup.ingress.metadata.annotations">
+        </kubernetes-key-value-details>
+      </dl>
+    </collapsible-section>
+    <collapsible-section heading="Labels" ng-if="securityGroup.ingress.metadata.labels">
+      <dl class="dl-horizontal dl-flex">
+        <kubernetes-key-value-details map="securityGroup.ingress.metadata.labels">
+        </kubernetes-key-value-details>
+      </dl>
+    </collapsible-section>
   </div>
 </div>
diff --git a/app/scripts/modules/kubernetes/securityGroup/transformer.js b/app/scripts/modules/kubernetes/securityGroup/transformer.js
index 4e296035cbf..7077335efde 100644
--- a/app/scripts/modules/kubernetes/securityGroup/transformer.js
+++ b/app/scripts/modules/kubernetes/securityGroup/transformer.js
@@ -25,6 +25,7 @@ module.exports = angular.module('spinnaker.kubernetes.securityGroup.transformer'
         },
 
         rules: [],
+        tls: [],
       };
     }
 
@@ -49,10 +50,18 @@ module.exports = angular.module('spinnaker.kubernetes.securityGroup.transformer'
       };
     }
 
+    function constructNewIngressTLS() {
+      return {
+        hosts : [],
+        secretName: '',
+      };
+    }
+
     return {
       normalizeSecurityGroup: normalizeSecurityGroup,
       constructNewSecurityGroupTemplate: constructNewSecurityGroupTemplate,
       constructNewIngressRule: constructNewIngressRule,
       constructNewIngressPath: constructNewIngressPath,
+      constructNewIngressTLS: constructNewIngressTLS,
     };
   });