Skip to content

Commit

Permalink
chore: expunge fastly api secrets templating
Browse files Browse the repository at this point in the history
  • Loading branch information
shreddedbacon committed Sep 10, 2024
1 parent 1ab7d8a commit 091a200
Show file tree
Hide file tree
Showing 25 changed files with 48 additions and 548 deletions.
2 changes: 0 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,6 @@ COPY legacy/build-deploy-docker-compose.sh /kubectl-build-deploy/build-deploy-do

COPY legacy/scripts /kubectl-build-deploy/scripts

COPY legacy/helmcharts /kubectl-build-deploy/helmcharts

ENV DBAAS_OPERATOR_HTTP=dbaas.lagoon.svc:5000
ENV DOCKER_HOST=docker-host.lagoon.svc

Expand Down
7 changes: 1 addition & 6 deletions cmd/config_fastly.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,6 @@ func FastlyConfigGeneration(debug bool, domain string) (lagoon.Fastly, error) {
if err != nil {
return lagoon.Fastly{}, fmt.Errorf("error reading fastly-cache-no-cache-id flag: %v", err)
}
fastlyAPISecretPrefix, err := rootCmd.PersistentFlags().GetString("fastly-api-secret-prefix")
if err != nil {
return lagoon.Fastly{}, fmt.Errorf("error reading fastly-api-secret-prefix flag: %v", err)
}
fastlyServiceID, err := rootCmd.PersistentFlags().GetString("fastly-service-id")
if err != nil {
return lagoon.Fastly{}, fmt.Errorf("error reading fastly-service-id flag: %v", err)
Expand All @@ -55,7 +51,6 @@ func FastlyConfigGeneration(debug bool, domain string) (lagoon.Fastly, error) {

fastlyCacheNoCahce = helpers.GetEnv("LAGOON_FASTLY_NOCACHE_SERVICE_ID", fastlyCacheNoCahce, debug)
fastlyServiceID = helpers.GetEnv("ROUTE_FASTLY_SERVICE_ID", fastlyServiceID, debug)
fastlyAPISecretPrefix = helpers.GetEnv("FASTLY_API_SECRET_PREFIX", fastlyAPISecretPrefix, debug)

// get the project and environment variables
projectVariables = helpers.GetEnv("LAGOON_PROJECT_VARIABLES", projectVariables, debug)
Expand All @@ -70,7 +65,7 @@ func FastlyConfigGeneration(debug bool, domain string) (lagoon.Fastly, error) {

// generate the fastly configuration from the provided flags/variables
f := &lagoon.Fastly{}
err = lagoon.GenerateFastlyConfiguration(f, fastlyCacheNoCahce, fastlyServiceID, domain, fastlyAPISecretPrefix, lagoonEnvVars)
err = lagoon.GenerateFastlyConfiguration(f, fastlyCacheNoCahce, fastlyServiceID, domain, lagoonEnvVars)
if err != nil {
return lagoon.Fastly{}, err
}
Expand Down
51 changes: 4 additions & 47 deletions cmd/config_fastly_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ func TestGenerateFastlyConfig(t *testing.T) {
cacheNoCache string
serviceID string
domain string
secretPrefix string
}
tests := []struct {
name string
Expand All @@ -31,12 +30,10 @@ func TestGenerateFastlyConfig(t *testing.T) {
cacheNoCache: "",
serviceID: "",
domain: "example.com",
secretPrefix: "fastly-api-",
},
want: lagoon.Fastly{
ServiceID: "service-id",
APISecretName: "",
Watch: true,
ServiceID: "service-id",
Watch: true,
},
},
{
Expand All @@ -47,44 +44,10 @@ func TestGenerateFastlyConfig(t *testing.T) {
cacheNoCache: "",
serviceID: "",
domain: "example.com",
secretPrefix: "fastly-api-",
},
want: lagoon.Fastly{
ServiceID: "service-id",
APISecretName: "",
Watch: true,
},
},
{
name: "test3 check LAGOON_FASTLY_SERVICE_ID with secret",
args: args{
projectVars: `[{"name":"LAGOON_SYSTEM_ROUTER_PATTERN","value":"${service}-${project}-${environment}.example.com","scope":"internal_system"},{"name":"LAGOON_FASTLY_SERVICE_ID","value":"service-id:true:secret","scope":"global"}]`,
envVars: `[]`,
cacheNoCache: "",
serviceID: "",
domain: "example.com",
secretPrefix: "fastly-api-",
},
want: lagoon.Fastly{
ServiceID: "service-id",
APISecretName: "fastly-api-secret",
Watch: true,
},
},
{
name: "test4 check LAGOON_FASTLY_SERVICE_IDS with secret",
args: args{
projectVars: `[{"name":"LAGOON_SYSTEM_ROUTER_PATTERN","value":"${service}-${project}-${environment}.example.com","scope":"internal_system"},{"name":"LAGOON_FASTLY_SERVICE_IDS","value":"example.com:service-id:true:secret","scope":"global"}]`,
envVars: `[]`,
cacheNoCache: "",
serviceID: "",
domain: "example.com",
secretPrefix: "fastly-api-",
},
want: lagoon.Fastly{
ServiceID: "service-id",
APISecretName: "fastly-api-secret",
Watch: true,
ServiceID: "service-id",
Watch: true,
},
},
{
Expand All @@ -95,7 +58,6 @@ func TestGenerateFastlyConfig(t *testing.T) {
cacheNoCache: "",
serviceID: "dedicated-service-id",
domain: "example.com",
secretPrefix: "fastly-api-",
},
want: lagoon.Fastly{
ServiceID: "dedicated-service-id",
Expand All @@ -110,7 +72,6 @@ func TestGenerateFastlyConfig(t *testing.T) {
cacheNoCache: "",
serviceID: "dedicated-service-id",
domain: "example.com",
secretPrefix: "fastly-api-",
},
want: lagoon.Fastly{
ServiceID: "service-id",
Expand All @@ -130,10 +91,6 @@ func TestGenerateFastlyConfig(t *testing.T) {
if err != nil {
t.Errorf("%v", err)
}
err = os.Setenv("FASTLY_API_SECRET_PREFIX", tt.args.secretPrefix)
if err != nil {
t.Errorf("%v", err)
}
err = os.Setenv("LAGOON_PROJECT_VARIABLES", tt.args.projectVars)
if err != nil {
t.Errorf("%v", err)
Expand Down
24 changes: 0 additions & 24 deletions cmd/template_autogen_ingress_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -184,30 +184,6 @@ func TestAutogeneratedIngressGeneration(t *testing.T) {
templatePath: "testoutput",
want: "internal/testdata/node/autogen-templates/ingress-7",
},
{
name: "test10 autogenerated routes with fastly and specific secret",
args: testdata.GetSeedData(
testdata.TestData{
ProjectName: "example-project",
EnvironmentName: "main",
Branch: "main",
LagoonYAML: "internal/testdata/node/lagoon.yml",
ProjectVariables: []lagoon.EnvironmentVariable{
{
Name: "LAGOON_FASTLY_SERVICE_ID",
Value: "service-id:true:secretname",
Scope: "build",
},
{
Name: "LAGOON_FASTLY_AUTOGENERATED",
Value: "enabled",
Scope: "build",
},
},
}, true),
templatePath: "testoutput",
want: "internal/testdata/node/autogen-templates/ingress-8",
},
{
name: "test11 autogenerated route development environment",
args: testdata.GetSeedData(
Expand Down
23 changes: 2 additions & 21 deletions cmd/template_ingress_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,25 +25,6 @@ func TestTemplateRoutes(t *testing.T) {
wantErr bool
wantErrMsg string
}{
{
name: "test1 check LAGOON_FASTLY_SERVICE_IDS with secret no values",
args: testdata.GetSeedData(
testdata.TestData{
ProjectName: "example-project",
EnvironmentName: "main",
Branch: "main",
LagoonYAML: "internal/testdata/node/lagoon.yml",
ProjectVariables: []lagoon.EnvironmentVariable{
{
Name: "LAGOON_FASTLY_SERVICE_IDS",
Value: "example.com:service-id:true:annotationscom",
Scope: "build",
},
},
}, true),
templatePath: "testoutput",
want: "internal/testdata/node/ingress-templates/ingress-1",
},
{
name: "test2 check LAGOON_FASTLY_SERVICE_IDS no secret and no values",
args: testdata.GetSeedData(
Expand Down Expand Up @@ -288,7 +269,7 @@ func TestTemplateRoutes(t *testing.T) {
ProjectVariables: []lagoon.EnvironmentVariable{
{
Name: "LAGOON_FASTLY_SERVICE_IDS",
Value: "example.com:service-id:true:annotationscom",
Value: "example.com:service-id:true",
Scope: "build",
},
},
Expand All @@ -307,7 +288,7 @@ func TestTemplateRoutes(t *testing.T) {
ProjectVariables: []lagoon.EnvironmentVariable{
{
Name: "LAGOON_FASTLY_SERVICE_IDS",
Value: "example.com:service-id:true:annotationscom",
Value: "example.com:service-id:true",
Scope: "build",
},
},
Expand Down
1 change: 0 additions & 1 deletion internal/generator/buildvalues.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ type BuildValues struct {
PrivateRegistryURLS []string `json:"privateRegistryURLS" description:"this stores all the private registry urls used by this environment"`
Fastly Fastly `json:"fastly" deprecated:"true" description:"this is the configuration of fastly for this environment"`
FastlyCacheNoCache string `json:"fastlyCacheNoCahce" deprecated:"true" description:"this is the service id of a fastly cache-no-cache service"`
FastlyAPISecretPrefix string `json:"fastlyAPISecretPrefix" deprecated:"true" description:"this is the fastly-api-secret prefix to use"`
ConfigMapSha string `json:"configMapSha" description:"this is the computed sha of the lagoon-env configmap, it is used to determine if changes are required to deployments"`
Route string `json:"route" description:"this stores the primary determiend route after all have been calculated"`
Routes []string `json:"routes" description:"this stores all routes after they are calculated"`
Expand Down
3 changes: 0 additions & 3 deletions internal/generator/generator.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ type GeneratorInput struct {
MonitoringContact string
MonitoringStatusPageID string
FastlyCacheNoCahce string
FastlyAPISecretPrefix string
SavedTemplatesPath string
ConfigMapSha string
BackupConfiguration BackupConfiguration
Expand Down Expand Up @@ -97,7 +96,6 @@ func NewGenerator(
activeEnvironment := helpers.GetEnv("ACTIVE_ENVIRONMENT", generator.ActiveEnvironment, generator.Debug)
standbyEnvironment := helpers.GetEnv("STANDBY_ENVIRONMENT", generator.StandbyEnvironment, generator.Debug)
fastlyCacheNoCahce := helpers.GetEnv("LAGOON_FASTLY_NOCACHE_SERVICE_ID", generator.FastlyCacheNoCahce, generator.Debug)
fastlyAPISecretPrefix := helpers.GetEnv("ROUTE_FASTLY_SERVICE_ID", generator.FastlyAPISecretPrefix, generator.Debug)
lagoonVersion := helpers.GetEnv("LAGOON_VERSION", generator.LagoonVersion, generator.Debug)
configMapSha := helpers.GetEnv("CONFIG_MAP_SHA", generator.ConfigMapSha, generator.Debug)
imageRegistry := helpers.GetEnv("REGISTRY", generator.ImageRegistry, generator.Debug)
Expand Down Expand Up @@ -174,7 +172,6 @@ func NewGenerator(
buildValues.ActiveEnvironment = activeEnvironment
buildValues.StandbyEnvironment = standbyEnvironment
buildValues.FastlyCacheNoCache = fastlyCacheNoCahce
buildValues.FastlyAPISecretPrefix = fastlyAPISecretPrefix
switch buildType {
case "branch", "promote":
buildValues.Branch = branch
Expand Down
5 changes: 0 additions & 5 deletions internal/generator/helpers_generator.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,10 +91,6 @@ func GenerateInput(rootCmd cobra.Command, debug bool) (GeneratorInput, error) {
if err != nil {
return GeneratorInput{}, fmt.Errorf("error reading fastly-cache-no-cache-id flag: %v", err)
}
fastlyAPISecretPrefix, err := rootCmd.PersistentFlags().GetString("fastly-api-secret-prefix")
if err != nil {
return GeneratorInput{}, fmt.Errorf("error reading fastly-api-secret-prefix flag: %v", err)
}
ignoreMissingEnvFiles, err := rootCmd.PersistentFlags().GetBool("ignore-missing-env-files")
if err != nil {
return GeneratorInput{}, fmt.Errorf("error reading ignore-missing-env-files flag: %v", err)
Expand Down Expand Up @@ -134,7 +130,6 @@ func GenerateInput(rootCmd cobra.Command, debug bool) (GeneratorInput, error) {
MonitoringContact: monitoringContact,
MonitoringStatusPageID: monitoringStatusPageID,
FastlyCacheNoCahce: fastlyCacheNoCahce,
FastlyAPISecretPrefix: fastlyAPISecretPrefix,
SavedTemplatesPath: savedTemplates,
IgnoreMissingEnvFiles: ignoreMissingEnvFiles,
IgnoreNonStringKeyErrors: ignoreNonStringKeyErrors,
Expand Down
10 changes: 5 additions & 5 deletions internal/generator/ingress.go
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ func generateAutogenRoutes(
}
fastlyConfig := &lagoon.Fastly{}
if buildValues.AutogeneratedRoutesFastly {
err := lagoon.GenerateFastlyConfiguration(fastlyConfig, buildValues.FastlyCacheNoCache, buildValues.Fastly.ServiceID, domain, buildValues.FastlyAPISecretPrefix, envVars)
err := lagoon.GenerateFastlyConfiguration(fastlyConfig, buildValues.FastlyCacheNoCache, buildValues.Fastly.ServiceID, domain, envVars)
if err != nil {
return err
}
Expand Down Expand Up @@ -252,7 +252,7 @@ func generateActiveStandbyRoutes(
if buildValues.LagoonYAML.ProductionRoutes.Active != nil {
if buildValues.LagoonYAML.ProductionRoutes.Active.Routes != nil {
for _, routeMap := range buildValues.LagoonYAML.ProductionRoutes.Active.Routes {
err := lagoon.GenerateRoutesV2(activeStanbyRoutes, routeMap, envVars, buildValues.IngressClass, buildValues.FastlyAPISecretPrefix, true)
err := lagoon.GenerateRoutesV2(activeStanbyRoutes, routeMap, envVars, buildValues.IngressClass, true)
if err != nil {
return *activeStanbyRoutes, err
}
Expand All @@ -264,7 +264,7 @@ func generateActiveStandbyRoutes(
if buildValues.LagoonYAML.ProductionRoutes.Standby != nil {
if buildValues.LagoonYAML.ProductionRoutes.Standby.Routes != nil {
for _, routeMap := range buildValues.LagoonYAML.ProductionRoutes.Standby.Routes {
err := lagoon.GenerateRoutesV2(activeStanbyRoutes, routeMap, envVars, buildValues.IngressClass, buildValues.FastlyAPISecretPrefix, true)
err := lagoon.GenerateRoutesV2(activeStanbyRoutes, routeMap, envVars, buildValues.IngressClass, true)
if err != nil {
return *activeStanbyRoutes, err
}
Expand Down Expand Up @@ -311,13 +311,13 @@ func generateAndMerge(

// otherwise it just uses the default environment name
for _, routeMap := range buildValues.LagoonYAML.Environments[buildValues.Branch].Routes {
err := lagoon.GenerateRoutesV2(n, routeMap, envVars, buildValues.IngressClass, buildValues.FastlyAPISecretPrefix, false)
err := lagoon.GenerateRoutesV2(n, routeMap, envVars, buildValues.IngressClass, false)
if err != nil {
return *n, err
}
}
// merge routes from the API on top of the routes from the `.lagoon.yml`
mainRoutes, err := lagoon.MergeRoutesV2(*n, api, envVars, buildValues.IngressClass, buildValues.FastlyAPISecretPrefix)
mainRoutes, err := lagoon.MergeRoutesV2(*n, api, envVars, buildValues.IngressClass)
if err != nil {
return *n, err
}
Expand Down
24 changes: 3 additions & 21 deletions internal/lagoon/fastly.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,12 @@ import (

// Fastly represents the fastly configuration for a Lagoon route
type Fastly struct {
ServiceID string `json:"service-id,omitempty"`
APISecretName string `json:"api-secret-name,omitempty"`
Watch bool `json:"watch,omitempty"`
ServiceID string `json:"service-id,omitempty"`
Watch bool `json:"watch,omitempty"`
}

// GenerateFastlyConfiguration generates the fastly configuration for a specific route from Lagoon variables.
func GenerateFastlyConfiguration(f *Fastly, noCacheServiceID, serviceID, route, secretPrefix string, variables []EnvironmentVariable) error {
func GenerateFastlyConfiguration(f *Fastly, noCacheServiceID, serviceID, route string, variables []EnvironmentVariable) error {
f.ServiceID = serviceID
if serviceID == "" {
if noCacheServiceID != "" {
Expand All @@ -38,10 +37,6 @@ func GenerateFastlyConfiguration(f *Fastly, noCacheServiceID, serviceID, route,
}
f.ServiceID = lfsIDSplit[0]
f.Watch = watch
if len(lfsIDSplit) == 3 {
// the optional secret has been defined
f.APISecretName = fmt.Sprintf("%s%s", secretPrefix, lfsIDSplit[2])
}
}
// check the `LAGOON_FASTLY_SERVICE_IDS` to see if we have a domain specific override
// this is useful if all domains are using the nocache service, but you have a specific domain that should use a different service
Expand Down Expand Up @@ -72,21 +67,8 @@ func GenerateFastlyConfiguration(f *Fastly, noCacheServiceID, serviceID, route,
}
f.ServiceID = lfsIDSplit[1]
f.Watch = watch
// unset the apisecret name if this point is reached
// this is because this particular ingress may not have one defined
// it will get checked next
f.APISecretName = ""
if len(lfsIDSplit) == 4 {
// the optional secret has been defined
f.APISecretName = fmt.Sprintf("%s%s", secretPrefix, lfsIDSplit[3])
}
}
}
}
if f.APISecretName != "" {
if !strings.HasPrefix(f.APISecretName, secretPrefix) {
f.APISecretName = fmt.Sprintf("%s%s", secretPrefix, f.APISecretName)
}
}
return nil
}
16 changes: 7 additions & 9 deletions internal/lagoon/fastly_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,15 @@ func TestGenerateFastlyConfiguration(t *testing.T) {
variables: []EnvironmentVariable{
{
Name: "LAGOON_FASTLY_SERVICE_ID",
Value: "1234567:true:secretname",
Value: "1234567:true",
Scope: "global",
},
},
},
provide: &Fastly{},
want: Fastly{
Watch: true,
ServiceID: "1234567",
APISecretName: "secretname",
Watch: true,
ServiceID: "1234567",
},
},
{
Expand All @@ -73,22 +72,21 @@ func TestGenerateFastlyConfiguration(t *testing.T) {
variables: []EnvironmentVariable{
{
Name: "LAGOON_FASTLY_SERVICE_IDS",
Value: "www.example.com:abcdefg:true:secretname,example.com:1234567:true:secretname",
Value: "www.example.com:abcdefg:true,example.com:1234567:true",
Scope: "global",
},
},
},
provide: &Fastly{},
want: Fastly{
Watch: true,
ServiceID: "abcdefg",
APISecretName: "api-secret-secretname",
Watch: true,
ServiceID: "abcdefg",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := GenerateFastlyConfiguration(tt.provide, tt.args.noCacheServiceID, tt.args.serviceID, tt.args.route, tt.args.secretPrefix, tt.args.variables)
err := GenerateFastlyConfiguration(tt.provide, tt.args.noCacheServiceID, tt.args.serviceID, tt.args.route, tt.args.variables)
if (err != nil) != tt.wantErr {
t.Errorf("generateFastlyAnnotations() error = %v, wantErr %v", err, tt.wantErr)
return
Expand Down
Loading

0 comments on commit 091a200

Please sign in to comment.