Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSS-4546 - Backport Jimm ci/cd #961

Closed
wants to merge 206 commits into from
Closed

CSS-4546 - Backport Jimm ci/cd #961

wants to merge 206 commits into from

Conversation

kian99
Copy link
Contributor

@kian99 kian99 commented Jun 20, 2023

Description

This ticket was intended to backport JIMM's CI/CD from feature-rebac into main, but I went ahead and just merged all of feature-rebac and then proceeded to remove all the OpenFGA bits and other code changes, keeping only the changes that are common to both branches (i.e. charm changes, CI/CD, Dockerfile changes, etc.).

Going forward, I think any changes that are common to JIMM v1 main and v2 feature-rebac should land in main and then main can be merged into feature-rebac regularly. And then of course any v2 specific features go straight in feature-rebac.

Engineering checklist

Check only items that apply

  • Documentation updated
  • Covered by unit tests
  • Covered by integration tests

alesstimec and others added 30 commits December 5, 2022 16:36
@alesstimec
Added OpenFGA config for JIMM.
76a662b
@alesstimec
Merge pull request #863 from alesstimec/openfga-config
3197e75 
Added OpenFGA config for JIMM.
@alesstimec
OpenFGA relation for the JIMM machine charm.
8e4cc7d
@alesstimec
OpenFGA relation for the juju-jimm-k8s charm.
de67866 
- and various other fixes
@kian99
Upgraded all deps besides juju
e4d91a9
@alesstimec
Merge pull request #865 from alesstimec/jimm-k8s-charm-openfga-relation
92e292d 
CSS-2433 Jimm k8s charm openfga relation
@alesstimec
Merge branch 'feature-rebac' into jimm-charm-openfga-relation
fc594c6
@kian99
Merge remote-tracking branch 'origin/feature-rebac' into fix-dependen…
af63420 
…cies
@alesstimec
Added AddGroup method to the JIMM facade.
45a09cb
@alesstimec
Merge pull request #870 from alesstimec/rebac-add-group
13e6d42 
CSS-2764 Added AddGroup method to the JIMM facade.
@alesstimec
RenameGroup
758421b 
- added database method enabling us to rename a group
- added a JIMM facaed method to rename a group
- added a CLI command to rename a group
@alesstimec
Merge branch 'feature-rebac' into rebac-rename-group
585655c
@alesstimec
Merge branch 'feature-rebac' into fix-dependencies
39dea64
@alesstimec
Merge pull request #869 from kian99/fix-dependencies
694ad78 
Upgraded all deps besides juju
@alesstimec
Merge branch 'feature-rebac' into rebac-rename-group
287c70d
@kian99
Functionality to remove a group
da02610
@alesstimec
Fix for TestWatcherSetsControllerUnavailable test.
5d8f6dc
@ale8k
Integrate OpenFGA & Stub facade (#871)
564d6d5 
* Local dev env (#867)

* Initial facade stubs

- Adds facade stubs
- Drags openfgaapi through to controller root
- TODO: apply auth model on start.

* Bump to 1.18 for generics.

* Update compose to connect successfully.

* WIP CreateStore

The client is a little funky and even though we give an 'Id',
it actually means 'Name'...

So we'll need to store our created store and name in DB
and crossreference on startup unfortunately.

* Add facade stubs

* Local env running

* Wrap ofga client

* Update for PR comments

* Update tests to look at compose

This updates the tests which use vault, openfga and postgres to target the docker-compose.

* Hotfix group table index

* Merge AddGroup facade

* Update README on how to locally develop & test

* Initial tests for OFGA wrapper

* Address comments

* Address further comments

* Test to see if CI updates per PR

* Build candid in CI

* Tab issue

* Enable buildkit

* Remove ssh flag

* Remove service container

* Commit approle.yaml "once" for CI to pickup on it

* Readjust gitignore

* Address comments
@alesstimec
Merge branch 'feature-rebac' into fix-test-watcher-set-controller-una…
6d6557d 
…vailable
@kian99
Merge branch 'feature-rebac' into remove-group
622b10a
@alesstimec
RenameGroup
97aac40 
- added database method enabling us to rename a group
- added a JIMM facade method to rename a group
- added a CLI command to rename a group
@alesstimec
Merge pull request #874 from alesstimec/fix-test-watcher-set-controll…
72f2ff8 
…er-unavailable

CSS-2794 Fix test watcher set controller unavailable
@alesstimec
Merge branch 'feature-rebac' into rebac-rename-group
62c26f9
@alesstimec
Merge pull request #872 from alesstimec/rebac-rename-group
b81c9e6 
CSS-2781 RenameGroup
@kian99
Merge conflict fixes
52995c1
@kian99
Merge branch 'feature-rebac' into remove-group
bba6c98
@kian99
PR fixes
42a7924
@kian99
Unexport RemoveGroupCommand
8924673
@alesstimec
Merge branch 'feature-rebac' into jimm-charm-openfga-relation
f0c21d0
@alesstimec
Merge pull request #866 from alesstimec/jimm-charm-openfga-relation
2690ca1 
OpenFGA relation for the JIMM machine charm.
alesstimec and others added 26 commits May 26, 2023 10:02
@alesstimec
Merge pull request #947 from alesstimec/jimm-charm-keypair-config-01
fee676a 
CSS-4258 Jimm charm keypair config 01
@alesstimec
proxy poc: Adding additional claims to the JWT
e1025ac
@alesstimec
Merge pull request #920 from alesstimec/proxy-discharging-access-requ…
c0da48d 
…ired-errors

proxy poc: Adding additional claims to the JWT
@babakks
CSS-3899 Remove cmd/proxy package (#949)
a684e2e 
* Delete cmd/proxy package

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Update dependencies after removing cmd/proxy package

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

---------

Signed-off-by: babakks <babak.k.shandiz@canonical.com>
@babakks
CSS-3899 Run JWKS key rotator only on the leader unit (#948)
665a240 
* Fix error channel loop/life-cycle

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Predicate JWKS key rotator enablement to env vars

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Enable JWKS key rotation for leader unit

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Enable JWKS key rotation for leader unit (k8s)

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Add `JIMM_ENABLE_JWKS_ROTATOR=1`

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Add `jimm_enable_jwks_rotator` to template args

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

---------

Signed-off-by: babakks <babak.k.shandiz@canonical.com>
@alesstimec
Fix for the StartJWKSRotator
d63dfe1 
If Vault is not present, we cannot create a JWKS service and JIMM would panic starting
the JWKS rotator.
@alesstimec
Fix for the StartJWKSRotator
1491251 
If Vault is not present, we cannot create a JWKS service and JIMM would panic starting
the JWKS rotator.
@alesstimec
Merge pull request #951 from alesstimec/start-jwks-rotator-fix-01
5d8c0cc 
Fix for the StartJWKSRotator
@ale8k
Update docs (#952)
1838b60 
* Update docs

* PR comments
@alesstimec
Adds nginx relation to the juju-jimm-k8s charm.
61a3558 
K8s charm now has two separate relations:
- traefik_ingress, which can be used to relate to traefik
- ingress, which can be used to relate to nginx-ingress-integrator
@alesstimec
Merge branch 'feature-rebac' into juju-jimm-k8s-nginx-relation
f86eee6
@alesstimec
Merge pull request #950 from alesstimec/juju-jimm-k8s-nginx-relation
d2e8a43 
CSS-4442 Adds nginx relation to the juju-jimm-k8s charm.
@alesstimec
Updated the openfga relation library for jimm charms.
5329799
@alesstimec
Merge pull request #954 from alesstimec/charms-update-openfga-relatio…
9c8b1d2 
…n-library

Updated the openfga relation library for jimm charms.
@kian99 @alesstimec
Css 3886 improve ci/cd (#953)
50948af 
* Added charm-release workflow

* Fixed machine charm tests

* linting fixes and removed generated test files

* Updated workflow runs-on

* Integration test takes localCharm option

- localCharm option allows an initial workflow to build the charm and a subsequent workflow to perform integration tests without rebuilding the charm

* Updated postgres deploy to trust=True

Changed charm OCI image name to match everywhere

* Commented integration test

---------

Co-authored-by: Ales Stimec <ales.stimec@canonical.com>
@ale8k
Css 3890/add o11y to jimm charms (#956)
7584ce7 
* Collect k8s charm libs

* Prom rules & Graf dashboard dirs with README's

* O11Y for JIMM-k8s

* Add machine relation to grafana agent

* New line

* Juju topology lib

* linting errors

* Linting

* Linting

* Update metadata

* Fix test deps
@babakks
CSS-3889 Use Data Platform database interface library in machine char…
5369b76 
…m integration (#958)

* Rename database relation/interface

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Rename database relation/interface in tests

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Add `data_platform_libs` library

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Replace literal OpenFGA store name with const

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Update database relation name

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Replace database relation handling with `data_platforms_lib`

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Fix database event argument type annotation

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Replace literal database name with const

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Replace literal OpenFGA store name with const

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Add assertion for JWKS rotator env vars

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Add log to database relation broken event

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Update dependency description

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Update renamed database relation

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Apply formatting

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Fix snapcraft build errors

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Remove merge conflict remnants

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Apply linter suggestion

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Revert incorrect event-arg type

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Update tests to conform with `data_platform_libs`

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

---------

Signed-off-by: babakks <babak.k.shandiz@canonical.com>
@babakks
CSS-3895 Add upgrade test to jimm-k8s charm (#957)
39e4bbb 
* Update log entry

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Add upgrade test

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Apply linter suggestion

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

* Add `local_charm` support to upgrade test

Signed-off-by: babakks <babak.k.shandiz@canonical.com>

---------

Signed-off-by: babakks <babak.k.shandiz@canonical.com>
@kian99
Merge feature-rebac into main
2c6bede 
- Removed all openfga related code and config but kept all CI/CD, docker and other related improvements.
@kian99
charm test fixes
b19f520
@kian99
Merge branch 'main' into backport-jimm-ci-cd
906b680
@kian99
Updated charm release to channel v1/edge
5f53095
@kian99
Fixes for tests
68f5dd3
@kian99
merged feature-rebac
7e2351d
@kian99
Improved charm build speed (#955)
ae2459c 
* Improved charm build speed

- Improved the k8s charms build time by removing unneeded dependencies.

* added more packages to build from binary
@kian99
merge feature-rebac (charm build speed up)
8ea516e
@kian99
Copy link
Contributor Author

kian99 commented Jun 21, 2023

To avoid polluting the git history of main, if we decide to merge this, we could do a squash and merge to bring it in as one commit and then avoid ever merging feature-rebac into main, and in the future only go main -> feature-rebac

@kian99 kian99 closed this Jun 21, 2023
@kian99
Copy link
Contributor Author

kian99 commented Jun 21, 2023

Closing this in favour of creating a separate PR that doesn't bring all of feature-rebac's changes into main. I'll also split it into 3 PRs,

  1. For just the CI/CD and automated release of the of the charms (though the CI/CD will be marked as ignore on error because the charms are missing tox files).
  2. A PR to bring in the charm changes and test them with JIMM in main.
  3. A PR for the remaining items like makefile changes, etc.

@kian99 kian99 mentioned this pull request Jun 22, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kian99 @alesstimec @ale8k @babakks