rename registry to infra (#514)

* rename registry to infra

* rename package infra to registry

* change package names

.goreleaser.yml

@@ -1,6 +1,6 @@
 env:
   # Disable CGO for now. This means binaries won't be able to run
-  # "infra registry" until we enable CGO at a later time.
+  # "infra start" until we enable CGO at a later time.
   # TODO (https://github.com/infrahq/infra/issues/65)
   - CGO_ENABLED=0
   - GO111MODULE=on

Dockerfile

@@ -35,4 +35,4 @@ COPY --from=builder /go/src/github.com/infrahq/infra/infra /bin/infra
 EXPOSE 80
 EXPOSE 443
 ENTRYPOINT ["/bin/infra"]
-CMD ["registry"]
+CMD ["start"]

Makefile

@@ -68,7 +68,7 @@ export IMAGE_TAG=0.0.0-development
 build/docker:
 	docker build --build-arg TELEMETRY_WRITE_KEY=${TELEMETRY_WRITE_KEY} --build-arg CRASH_REPORTING_DSN=${CRASH_REPORTING_DSN} . -t infrahq/infra:$(IMAGE_TAG)
 
-export OKTA_SECRET=infra-registry-okta
+export OKTA_SECRET=infra-okta
 
 %.yaml: %.yaml.in
 	envsubst <$< >$@
@@ -88,10 +88,10 @@ dev: $(VALUES) helm build/docker
 	# kubectl $(NS) create secret generic $(OKTA_SECRET) --from-literal=clientSecret=$$OKTA_CLIENT_SECRET --from-literal=apiToken=$$OKTA_API_TOKEN
 
 	kubectl config use-context docker-desktop
-	kubectl $(NS) get secrets $(INFRA_REGISTRY_OKTA) >/dev/null
+	kubectl $(NS) get secrets $(INFRA_OKTA) >/dev/null
 	helm $(NS) upgrade --install --create-namespace $(patsubst %,-f %,$(VALUES)) --wait infra helm/charts/infra
 	@[ -z "$(NS)" ] || kubectl config set-context --current --namespace=$(NAMESPACE)
-	@echo Root token is $$(kubectl $(NS) get secrets infra-registry -o jsonpath='{.data.root-key}' | base64 --decode)
+	@echo Root token is $$(kubectl $(NS) get secrets infra -o jsonpath='{.data.root-key}' | base64 --decode)
 
 dev/clean:
 	kubectl config use-context docker-desktop

README.md

@@ -118,7 +118,7 @@ First you need to get your Infra endpoint. This step may be different depending
   <summary><strong>Ingress</strong></summary>
 
   ```
-  INFRA_HOST=$(kubectl -n infrahq get ingress -l infrahq.com/component=registry -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
+  INFRA_HOST=$(kubectl -n infrahq get ingress -l infrahq.com/component=infra -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
   ```
 </details>
 
@@ -128,19 +128,19 @@ First you need to get your Infra endpoint. This step may be different depending
   Note: It may take a few minutes for the LoadBalancer endpoint to be assigned. You can watch the status of the service with:
 
   ```
-  kubectl -n infrahq get services -l infrahq.com/component=registry -w
+  kubectl -n infrahq get services -l infrahq.com/component=infra -w
   ```
 
   ```
-  INFRA_HOST=$(kubectl -n infrahq get services -l infrahq.com/component=registry -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
+  INFRA_HOST=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
   ```
 </details>
 
 <details>
   <summary><strong>ClusterIP</strong></summary>
 
   ```
-  CONTAINER_PORT=$(kubectl -n infrahq get services -l infrahq.com/component=registry -o jsonpath="{.items[].spec.ports[0].port}")
+  CONTAINER_PORT=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items[].spec.ports[0].port}")
   kubectl -n infrahq port-forward services infra 8080:$CONTAINER_PORT &
   INFRA_HOST='localhost:8080'
   ```

docs/access.md

@@ -15,10 +15,10 @@ scoop bucket add infrahq https://github.com/infrahq/scoop.git
 scoop install infra
 ```
 
-### Login to your Infra Registry
+### Login to your Infra
 
 ```
-infra login <your infra registry hostname>
+infra login <your infra hostname>
 ```
 
 ### List clusters

docs/api.md

@@ -2,10 +2,10 @@
 
 ## Generating a new API key
 
-In order to generate a new API key you must first have an existing API key with the `infra.api-keys.create` permission. By default a root key with this permission is created in Infra. To retrieve the root Infra API key get the `infra-registry/root-key` secret from your Infra Kubernetes deployment.
+In order to generate a new API key you must first have an existing API key with the `infra.api-keys.create` permission. By default a root key with this permission is created in Infra. To retrieve the root Infra API key get the `infra/root-key` secret from your Infra Kubernetes deployment.
 
 ```bash
-INFRA_ROOT_API_KEY=$(kubectl --namespace infrahq get secrets infra-registry -o jsonpath='{.data.root-key}' | base64 --decode)
+INFRA_ROOT_API_KEY=$(kubectl --namespace infrahq get secrets infra -o jsonpath='{.data.root-key}' | base64 --decode)
 ```
 
 Use this API key to create a new API key with some specified permissions by sending a request to the Infra API.

docs/cli.md

@@ -7,16 +7,14 @@
 * [infra list](#infra-list)
 * [infra tokens create](#infra-tokens-create)
 * [infra version](#infra-version)
-* [infra registry](#infra-registry)
-* [infra engine](#infra-engine)
 
 
 ## `infra login`
 
-Login to an Infra Registry
+Login to Infra
 
 ```
-infra login REGISTRY [flags]
+infra login [HOST] [flags]
 ```
 
 ### Examples
@@ -34,7 +32,7 @@ $ infra login infra.example.com
 
 ## `infra logout`
 
-Logout of an Infra Registry
+Logout Infra
 
 ```
 infra logout [flags]
@@ -91,51 +89,8 @@ infra version [flags]
 ### Options
 
 ```
-  -c, --client     Display client version only
-  -h, --help       help for version
-  -r, --registry   Display registry version only
-```
-
-## `infra registry`
-
-Start Infra Registry
-
-```
-infra registry [flags]
-```
-
-### Options
-
-```
-  -c, --config string            config file
-      --db string                path to database file (default "~/.infra/infra.db")
-      --enable-crash-reporting   enable crash reporting (default true)
-      --enable-telemetry         enable telemetry (default true)
-      --engine-api-key string    engine registration API key
-  -h, --help                     help for registry
-      --root-api-key string      root API key
-      --sync-interval int        the interval (in seconds) at which Infra will poll sources for users and groups (default 30)
-      --tls-cache string         path to directory to cache tls self-signed and Let's Encrypt certificates (default "~/.infra/cache")
-      --ui                       enable ui
-      --ui-proxy string          proxy ui requests to this host
-```
-
-## `infra engine`
-
-Start Infra Engine
-
-```
-infra engine [flags]
-```
-
-### Options
-
-```
-      --engine-api-key string   engine registration API key
-      --force-tls-verify        force TLS verification
-  -h, --help                    help for engine
-  -n, --name string             cluster name
-  -r, --registry string         registry hostname
-      --tls-cache string        path to directory to cache tls self-signed and Let's Encrypt certificates (default "~/.infra/cache")
+  -c, --client   Display client version only
+  -h, --help     help for version
+  -r, --infra    Display infra version only
 ```
 

docs/configuration.md

@@ -103,8 +103,8 @@ sources:
   - kind: okta
     domain: acme.okta.com
     clientId: 0oapn0qwiQPiMIyR35d6
-    clientSecret: infra-registry-okta/clientSecret
-    apiToken: infra-registry-okta/apiToken
+    clientSecret: infra-okta/clientSecret
+    apiToken: infra-okta/apiToken
 
 groups:
   - name: administrators

docs/connect.md

@@ -1,10 +1,10 @@
 ### Connect a Kubernetes cluster
 
-First, switch to the cluster context where you installed the Infra Registry, then retrieve your Registry and API Key:
+First, switch to the cluster context where you installed Infra, then retrieve your host and API Key:
 
 ```
-INFRA_REGISTRY=$(kubectl -n infrahq get services -l infrahq.com/component=registry -o jsonpath="{.items.status.loadBalancer.ingress[]['ip', 'hostname']}")
-ENGINE_API_KEY=$(kubectl -n infrahq get secrets infra-registry --template={{.data.engine-key}} | base64 -D)
+INFRA_HOST=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items.status.loadBalancer.ingress[]['ip', 'hostname']}")
+ENGINE_API_KEY=$(kubectl -n infrahq get secrets infra --template={{.data.engine-key}} | base64 -D)
 ```
 
 Next, switch to the cluster you want to add:
@@ -16,7 +16,7 @@ kubectl config use-context <your other context name>
 Finally, add the new cluster by installing the Infra Engine:
 
 ```
-helm -n infrahq install infra-engine infrahq/engine --set registry=$INFRA_REGISTRY --set apiKey=$ENGINE_API_KEY
+helm -n infrahq install infra-engine infrahq/engine --set host=$INFRA_HOST --set apiKey=$ENGINE_API_KEY
 ```
 
 Run this command to connect an existing Kubernetes cluster. Note, this command can be re-used for multiple clusters or scripted via Infrastructure As Code (IAC).

docs/contributing.md

@@ -26,7 +26,7 @@ Run locally:
 go run .
 ```
 
-Run a full setup (Infra Registry + Infra Engine):
+Run a full setup (Infra + Infra Engine):
 
 ```
 make dev

docs/destinations/kubernetes.md

@@ -20,7 +20,7 @@ Depending on your Infra Helm configurations, the steps will differ.
   <summary><strong>Ingress</strong></summary>
 
   ```
-  INFRA_HOST=$(kubectl -n infrahq get ingress -l infrahq.com/component=registry -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
+  INFRA_HOST=$(kubectl -n infrahq get ingress -l infrahq.com/component=infra -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
   ```
 </details>
 
@@ -30,19 +30,19 @@ Depending on your Infra Helm configurations, the steps will differ.
   Note: It may take a few minutes for the LoadBalancer endpoint to be assigned. You can watch the status of the service with:
 
   ```
-  kubectl -n infrahq get services -l infrahq.com/component=registry -w
+  kubectl -n infrahq get services -l infrahq.com/component=infra -w
   ```
 
   ```
-  INFRA_HOST=$(kubectl -n infrahq get services -l infrahq.com/component=registry -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
+  INFRA_HOST=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items[].status.loadBalancer.ingress[*]['ip', 'hostname']}")
   ```
 </details>
 
 <details>
   <summary><strong>ClusterIP</strong></summary>
 
   ```
-  CONTAINER_PORT=$(kubectl -n infrahq get services -l infrahq.com/component=registry -o jsonpath="{.items[].spec.ports[0].port}")
+  CONTAINER_PORT=$(kubectl -n infrahq get services -l infrahq.com/component=infra -o jsonpath="{.items[].spec.ports[0].port}")
   kubectl -n infrahq port-forward service infra 8080:$CONTAINER_PORT &
   INFRA_HOST='localhost:8080'
   ```
@@ -57,7 +57,7 @@ INFRA_API_KEY=$(kubectl -n infrahq get secrets infra-engine -o jsonpath='{.data.
 ---
 
 ```
-helm install -n infrahq --create-namespace --set registry=$INFRA_HOST --set apiKey=$INFRA_API_KEY engine infrahq/engine
+helm install -n infrahq --create-namespace --set host=$INFRA_HOST --set apiKey=$INFRA_API_KEY engine infrahq/engine
 ```
 
 See [Helm Chart reference](./helm.md) for a complete list of options configurable through Helm.

docs/helm.md

@@ -102,7 +102,7 @@ ingress:
 helm uninstall -n infrahq infra
 
 # Remove potential secrets created for Infra
-kubectl delete -n infrahq secret/infra-registry-okta
+kubectl delete -n infrahq secret/infra-okta
 ```
 
 ## Uninstall Infra Engine
@@ -157,7 +157,7 @@ kubectl delete clusterrolebindings,rolebindings -l app.kubernetes.io/managed-by=
 | Parameter                          | Description                             | Default                      |
 |------------------------------------|-----------------------------------------|------------------------------|
 | `name`                             | Cluster name                            | `""` (auto-discovered)       |
-| `registry`                         | Infra Registry endpoint                 | `""` (required)              |
+| `host`                             | Infra endpoint                          | `""` (required)              |
 | `apiKey`                           | Infra API key                           | `""` (required)              |
 | `image.tag`                        | Image tag                               | `""` (latest release)        |
 | `image.repository`                 | Image repository                        | `infrahq/infra`              |

docs/security.md

@@ -5,21 +5,18 @@ If you have found a security vulnerability please disclose it privately to us by
 
 ## General Security
 ### HTTPS
-By default the Infra registry and Infra engine communicate via encrypted HTTPS connections with validated certificates. In most cases failure to validate a certificate will by default result in a connection being aborted. The exception to this is that by default if certificates cannot be verified for Infra engine to registry communication an error will be logged and connection continues, this allows for easy setup. This engine/registry validation behavior can be changed to enforce certificate validation using the `--force-tls-verify` flag.
+By default Infra and Infra engine communicate via encrypted HTTPS connections with validated certificates. When using self-signed certificates, an error will be printed in the logs. Certificate validation can be strongly enforced using the `--force-tls-verify` flag.
 
 ### Authentication
-When users login to Infra as a valid user they are issued a session token with a 24 character secret that is randomly generated. The SHA256 hash of this token is stored server-side for token validation when it is presented. This session token is stored locally under `~/.infra`.
+When users login to Infra as a valid user they are issued a session token with a 24 character secret that is randomly generated. The SHA256 hash of this token is stored server-side for token validation. This session token is stored locally under `~/.infra`.
 
-When a user connects to a cluster after logging in their request is proxied to the Infra registry which issues them a new JWT signed with an ECDSA signature using P-521 and SHA-512. This JWT is presented to the engine and if it is valid the user is granted access if they have a valid role at the destination.
+When a user connects to a cluster after login, Infra issues a new JWT signed with an ECDSA signature using P-521 and SHA-512. This JWT is verified by the engine. If JWT and the user role is valid at the destination, the user is granted access.
 
 ## Deployment
-When deploying Infra, ensure the Infra Registry is deployed in its own namespace. Deploying the registry in its own namespace allows you to securely manage which resources the deployment has access to.
+When deploying Infra, we recommend Infra be deployed in its own namespace to minimize the deployment scope. 
 
 ## Sensitive Information
 
-### Infra Registry API token
-In order for an engine to establish a connection with Infra registry it must present an API token. It may be changed at any time and applied by restarting the registry. 
-
 ### Okta secrets
 Infra uses an Okta application client secret and API token in order to allow users to authenticate via an OpenID Connect (OIDC) authorization code flow. These secrets are stored using Kubernetes secrets. Their respective secret object names are specified in the configuration file and the actual secret is never persisted in Infra's storage. 
 

docs/sources/okta.md

@@ -18,8 +18,8 @@ sources:
   - kind: okta
     domain: acme.okta.com
     clientId: 0oapn0qwiQPiMIyR35d6
-    clientSecret: infra-registry-okta/clientSecret
-    apiToken: infra-registry-okta/apiToken
+    clientSecret: infra-okta/clientSecret
+    apiToken: infra-okta/apiToken
 ```
 
 ## Create an Okta App
@@ -35,7 +35,7 @@ sources:
 ![okta_app_creation_group_assignment](https://user-images.githubusercontent.com/5853428/130118354-b7ebeee7-4b7b-41cf-a022-ad165fa6f5db.png)
 
 
-4. On the **General** tab, **note** the **Client ID**, **Client Secret**, and **Okta domain** for adding your Okta information to Infra registry later.
+4. On the **General** tab, **note** the **Client ID**, **Client Secret**, and **Okta domain** for adding your Okta information to Infra later.
 
 ![okta_application](https://user-images.githubusercontent.com/5853428/125355241-a3febb80-e319-11eb-8fc6-84df2509f621.png)
 
@@ -44,17 +44,17 @@ sources:
 ![okta_create_token](https://user-images.githubusercontent.com/5853428/124652451-0276f600-de51-11eb-9d22-92262de76371.png)
 ![okta_api_token](https://user-images.githubusercontent.com/5853428/124652864-787b5d00-de51-11eb-81d8-e503babfdbca.png)
 
-### Add Okta secrets to the Infra registry deployment
-The Okta client secret and API token are sensitive information which cannot be stored in the Infra configuration file. In order for Infra to access these secret values they must be stored in Kubernetes Secret objects **in the same namespace that the Infra registry is deployed in**.
+### Add Okta secrets to the Infra deployment
+The Okta client secret and API token are sensitive information which cannot be stored in the Infra configuration file. In order for Infra to access these secret values they must be stored in Kubernetes Secret objects **in the same namespace that the Infra is deployed in**.
 
 Create [Kubernetes Secret objects](https://kubernetes.io/docs/tasks/configmap-secret/) to store the Okta client secret and API token (noted in steps 4 and 5 of `Create an Okta App` respectively). You can name these Secrets as you desire, these names will be specified in the Infra configuration.
 
 #### Example Secret Creation
-Store the Okta client secret and API token on the same Kubernetes Secret object in the namespace that Infra registry is running in.
+Store the Okta client secret and API token on the same Kubernetes Secret object in the namespace that Infra is running in.
 ```
 OKTA_CLIENT_SECRET=jfpn0qwiQPiMIfs408fjs048fjpn0qwiQPiMajsdf08j10j2
 OKTA_API_TOKEN=001XJv9xhv899sdfns938haos3h8oahsdaohd2o8hdao82hd
-kubectl -n infrahq create secret generic infra-registry-okta --from-literal=clientSecret=$OKTA_CLIENT_SECRET --from-literal=apiToken=$OKTA_API_TOKEN
+kubectl -n infrahq create secret generic infra-okta --from-literal=clientSecret=$OKTA_CLIENT_SECRET --from-literal=apiToken=$OKTA_API_TOKEN
 ```
 
 ## Add Okta Information to Infra Configuration
@@ -68,8 +68,8 @@ sources:
   - kind: okta
     domain: example.okta.com
     clientId: 0oapn0qwiQPiMIyR35d6
-    clientSecret: infra-registry-okta/clientSecret  # <Kubernetes secret object>/<secret name>
-    apiToken: infra-registry-okta/apiToken
+    clientSecret: infra-okta/clientSecret  # <Kubernetes secret object>/<secret name>
+    apiToken: infra-okta/apiToken
 ```
 
 Then apply this config change:
@@ -88,8 +88,8 @@ config:
     - kind: okta
       domain: example.okta.com
       clientId: 0oapn0qwiQPiMIyR35d6
-      clientSecret: infra-registry-okta/clientSecret  # <Kubernetes secret object>/<secret name>
-      apiToken: infra-registry-okta/apiToken
+      clientSecret: infra-okta/clientSecret  # <Kubernetes secret object>/<secret name>
+      apiToken: infra-okta/apiToken
 ```
 
 Then apply this config change:
@@ -101,7 +101,7 @@ helm -n infrahq upgrade -f values.yaml infra infrahq/infra
 ### Login with Okta
 
 ```
-$ infra login <INFRA_REGISTRY_EXTERNAL_IP>
+$ infra login <INFRA_HOST>
 ? Choose a login method  [Use arrows to move, type to filter]
 > Okta [example.okta.com]
 ```

helm/charts/engine/templates/deployment.yaml

@@ -43,8 +43,8 @@ spec:
               value: {{ .Values.logLevel | default "info" }}
             - name: INFRA_ENGINE_NAME
               value: {{ .Values.name | quote }}
-            - name: INFRA_ENGINE_REGISTRY
-              value: {{ .Values.registry | quote }}
+            - name: INFRA_HOST
+              value: {{ .Values.host | quote }}
             - name: INFRA_ENGINE_API_KEY
               value: 'file:///var/run/secrets/infrahq.com/engine/engine-key'
           volumeMounts:

helm/charts/engine/values.yaml

@@ -1,5 +1,5 @@
 name: ""
-registry: ""
+host: ""
 apiKey: ""
 storage: 100Mi