[minor] Add Group Sync Operator GitOps Support (#1364)

ibm-mas · Nov 22, 2024 · bcadc72 · bcadc72
1 parent 28a1d91
commit bcadc72
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 2 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-11-16T12:02:00Z",
+  "generated_at": "2024-11-22T12:20:31Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -162,7 +162,7 @@
         "hashed_secret": "b2817467154949a61f8e9ad31d1eeaf03221cbfa",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 353,
+        "line_number": 360,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -389,6 +389,16 @@
         "verified_result": null
       }
     ],
+    "image/cli/mascli/templates/gitops/appset-configs/cluster/group-sync-operator.yaml.j2": [
+      {
+        "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 21,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "image/cli/mascli/templates/gitops/appset-configs/cluster/ibm-dro.yaml.j2": [
       {
         "hashed_secret": "fee2d55ad9a49a95fc89abe8f414dad66704ebfd",

diff --git a/image/cli/mascli/functions/gitops_cluster b/image/cli/mascli/functions/gitops_cluster
@@ -71,6 +71,9 @@ Notifications (Optional):
 Selenium Grid (Optional):
       --install-selenium-grid ${COLOR_YELLOW}INSTALL_SELENIUM_GRID${TEXT_RESET}                                 Install Selenium Grid
 
+Group Sync Operator (Optional):
+      --install-group-sync-operator ${COLOR_YELLOW}INSTALL_GROUP_SYNC_OPERATOR${TEXT_RESET}                     Install the Group Sync Operator
+
 Other Commands:
   -h, --help                              Show this help message
 EOM
@@ -240,6 +243,10 @@ function gitops_cluster_noninteractive() {
         export INSTALL_SELENIUM_GRID=true
         ;;
 
+      --install-group-sync-operator)
+        export INSTALL_GROUP_SYNC_OPERATOR=true
+        ;;
+
       # Other Commands
       -h|--help)
         gitops_cluster_help
@@ -402,6 +409,11 @@ function gitops_cluster() {
   echo_reset_dim "Install Selenium Grid ........... ${COLOR_MAGENTA}${INSTALL_SELENIUM_GRID}"
   reset_colors
 
+  echo "${TEXT_DIM}"
+  echo_h2 "Group Sync Operator" "    "
+  echo_reset_dim "Install the Group Sync Operator ........... ${COLOR_MAGENTA}${INSTALL_GROUP_SYNC_OPERATOR}"
+  reset_colors
+
   # Set up secrets
   # ---------------------------------------------------------------------------
   echo
@@ -418,12 +430,22 @@ function gitops_cluster() {
   export SECRET_NAME_DEVOPS_MONGO=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}devops
   export SECRET_KEY_DEVOPS_MONGO=${SECRET_NAME_DEVOPS_MONGO}#devops_mongo_uri
 
+  export SECRET_NAME_ISV_CLIENT=${ACCOUNT_ID}${SM_DELIM}${CLUSTER_ID}${SM_DELIM}isv_client
+  export SECRET_KEY_ISV_CLIENT_ID=${SECRET_NAME_ISV_CLIENT}#client_id
+  export SECRET_KEY_ISV_CLIENT_SECRET=${SECRET_NAME_ISV_CLIENT}#client_secret
+
   if [ -n "$DEVOPS_MONGO_URI" ];then
     echo "- Update DEVOPS_MONGO_URI secret"
     TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
     sm_update_secret $SECRET_NAME_DEVOPS_MONGO "{\"devops_mongo_uri\": \"${DEVOPS_MONGO_URI}\"}" "${TAGS}"
   fi
 
+  if [ -n "$ISV_CLIENT_ID" ] && [ -n "$ISV_CLIENT_SECRET" ]; then
+    echo "- Update ISV_CLIENT_ID and ISV_CLIENT_SECRET secrets"
+    TAGS="[{\"Key\": \"source\", \"Value\": \"gitops_cluster\"}, {\"Key\": \"account\", \"Value\": \"${ACCOUNT_ID}\"}, {\"Key\": \"cluster\", \"Value\": \"${CLUSTER_ID}\"}]"
+    sm_update_secret $SECRET_NAME_ISV_CLIENT "{\"client_id\": \"${ISV_CLIENT_ID}\", \"client_secret\": \"${ISV_CLIENT_SECRET}\"}" "${TAGS}"
+  fi
+
   if [ -z $GIT_SSH ]; then
     export GIT_SSH="false"
   fi
@@ -514,6 +536,11 @@ function gitops_cluster() {
     jinja -X .+ $CLI_DIR/templates/gitops/appset-configs/cluster/phase1/ibm-cis-cert-manager.yaml.j2 -o ${GITOPS_CLUSTER_DIR}/ibm-cis-cert-manager.yaml
   fi
 
+  if [[ "$INSTALL_GROUP_SYNC_OPERATOR" == "true" ]]; then
+    echo "- Group Sync Operator"
+    jinja -X .+ $CLI_DIR/templates/gitops/appset-configs/cluster/group-sync-operator.yaml.j2 -o ${GITOPS_CLUSTER_DIR}/group-sync-operator.yaml
+  fi
+
   # Commit and push to github target repo
   # ---------------------------------------------------------------------------
   if [ "$GITHUB_PUSH" == "true" ]; then

diff --git a/image/cli/mascli/templates/gitops/appset-configs/cluster/group-sync-operator.yaml.j2 b/image/cli/mascli/templates/gitops/appset-configs/cluster/group-sync-operator.yaml.j2
@@ -0,0 +1,23 @@
+merge-key: "{{ ACCOUNT_ID }}/{{ CLUSTER_ID }}"
+
+{#- Parses the ISV groups from a string representation of a list of maps #}
+{#- Example: isv_groups: "name:'a1',id:'a2'; name:'a3',id:'a4'" #}
+{%- set group_namespace = namespace(isv_groups = []) %}
+{%- set group_strs = GROUP_SYNC_OPERATOR_ISV_GROUPS.split(';') %}
+{%- for group_str in group_strs %}
+  {%- set group_loop = loop %}
+  {%- set _ = group_namespace.isv_groups.append(dict()) %}
+  {%- set pairs = group_str.split(',') %}
+  {%- for pair in pairs %}
+    {%- set items = pair.split(':') %}
+    {%- set _ = group_namespace.isv_groups[group_loop.index - 1].__setitem__(items[0].strip().strip("'"), items[1].strip().strip("'")) %}
+  {%- endfor %}
+{%- endfor %}
+
+group_sync_operator:
+  cron_schedule: "{{ GROUP_SYNC_OPERATOR_CRON_SCHEDULE }}"
+  isv_tenant_url: "{{ GROUP_SYNC_OPERATOR_ISV_TENANT_URL }}"
+  isv_client_id: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_ISV_CLIENT_ID }}>"
+  isv_client_secret: "<path:{{ SECRETS_PATH }}:{{ SECRET_KEY_ISV_CLIENT_SECRET }}>"
+  isv_groups:
+    {{ group_namespace.isv_groups }}