Move creation of example-apps pull secrets to new Content class

Registry does not have anything to do with this.
It's only for the content, because we add the secrets to the content
namespaces.

Also: The namespaces need to be created before adding the secrets.
 Why
should Registry.groovy create these Namespaces?
It's not a concern of the registry!

Similar to Mailhog, Vault, etc that create their own secrets.

The rest of the content remains in ArgoCD.groovy for now, but we will
refactor it to Content.groovy in the future.

Author: schnatterer

src/main/groovy/com/cloudogu/gitops/cli/GitopsPlaygroundCliMainScripted.groovy

@@ -113,6 +113,7 @@ class GitopsPlaygroundCliMainScripted {
                         new Jenkins(config, executor, fileSystemUtils, new GlobalPropertyManager(jenkinsApiClient),
                                 new JobManager(jenkinsApiClient), new UserManager(jenkinsApiClient),
                                 new PrometheusConfigurator(jenkinsApiClient)),
+                        new Content(config,k8sClient),
                         new ArgoCD(config, k8sClient, helmClient, fileSystemUtils, scmmRepoProvider),
                         new IngressNginx(config, fileSystemUtils, deployer, k8sClient, airGappedUtils),
                         new Mailhog(config, fileSystemUtils, deployer, k8sClient, airGappedUtils),

src/main/groovy/com/cloudogu/gitops/features/Content.groovy

@@ -0,0 +1,61 @@
+package com.cloudogu.gitops.features
+
+import com.cloudogu.gitops.Feature
+import com.cloudogu.gitops.config.Configuration
+import com.cloudogu.gitops.utils.K8sClient
+import groovy.util.logging.Slf4j
+import io.micronaut.core.annotation.Order
+import jakarta.inject.Singleton
+
+@Slf4j
+@Singleton
+@Order(80)
+class Content extends Feature {
+
+    Map config
+    K8sClient k8sClient
+    
+    Content(
+            Configuration config,
+            K8sClient k8sClient
+    ) {
+        this.config = config.getConfig()
+        this.k8sClient = k8sClient
+    }
+
+
+    @Override
+    boolean isEnabled() {
+        return true // for now always on. Once we refactor from Argo CD class we add a param to enable
+    }
+
+    @Override
+    void enable() {
+        if (config.registry['createImagePullSecrets']) {
+            String registryUsername = config.registry['readOnlyUsername'] ?: config.registry['username']
+            String registryPassword = config.registry['readOnlyPassword'] ?: config.registry['password']
+
+            // Name prefix is added by k8sClient
+            List exampleAppNamespaces = [ "example-apps-staging", "example-apps-production"]
+            exampleAppNamespaces.each {
+                def namespace = it as String
+                def registrySecretName = 'registry'
+
+                k8sClient.createNamespace(it)
+                        
+                k8sClient.createImagePullSecret(registrySecretName, namespace,
+                        config.registry['url'] as String /* Only domain matters, path would be ignored */,
+                        registryUsername, registryPassword)
+
+                k8sClient.patch('serviceaccount', 'default', namespace,
+                        [ imagePullSecrets: [ [name: registrySecretName] ]])
+
+                if (config.registry['twoRegistries']) {
+                    k8sClient.createImagePullSecret('proxy-registry', namespace,
+                            config.registry['proxyUrl'] as String, config.registry['proxyUsername'] as String,
+                            config.registry['proxyPassword'] as String)
+                }
+            }
+        }
+    }
+}

src/main/groovy/com/cloudogu/gitops/features/Jenkins.groovy

@@ -15,7 +15,7 @@ import jakarta.inject.Singleton
 
 @Slf4j
 @Singleton
-@Order(90)
+@Order(70)
 class Jenkins extends Feature {
 
     private Map config

src/main/groovy/com/cloudogu/gitops/features/Registry.groovy

@@ -15,7 +15,7 @@ import java.nio.file.Path
 
 @Slf4j
 @Singleton
-@Order(60)
+@Order(50)
 class Registry extends Feature {
 
     /**
@@ -45,65 +45,34 @@ class Registry extends Feature {
 
     @Override
     boolean isEnabled() {
-        return true // For now, we either deploy an internal or configure an external instance
+        return config.registry['internal']
     }
 
     @Override
     void enable() {
-        
-        if (config.registry['internal']) {
-            deployRegistry()
-        }
-        
-        if (config.registry['createImagePullSecrets']) {
-            String registryUsername = config.registry['readOnlyUsername'] ?: config.registry['username']
-            String registryPassword = config.registry['readOnlyPassword'] ?: config.registry['password']
-            
-            // Name prefix is added by k8sClient
-            List exampleAppNamespaces = [ "example-apps-staging", "example-apps-production"]
-            exampleAppNamespaces.each {
-                def namespace = it as String
-                def registrySecretName = 'registry'
-                k8sClient.createImagePullSecret(registrySecretName, namespace, 
-                        config.registry['url'] as String/* Only domain matters, path would be ignored */,
-                        registryUsername, registryPassword)
-                
-                k8sClient.patch('serviceaccount', 'default', namespace,
-                        [ imagePullSecrets: [ [name: registrySecretName] ]])
-
-                if (config.registry['twoRegistries']) {
-                    k8sClient.createImagePullSecret('proxy-registry', namespace,
-                            config.registry['proxyUrl'] as String, config.registry['proxyUsername'] as String,
-                            config.registry['proxyPassword'] as String)
-                }
-            }
-        }
-
-    }
 
-    private void deployRegistry() {
         def helmConfig = config['registry']['helm']
-
+        
         Map yaml = [
                 service: [
                         nodePort: ApplicationConfigurator.DEFAULT_REGISTRY_PORT,
-                        type    : 'NodePort'
+                        type: 'NodePort'
                 ]
         ]
         log.trace("Helm yaml to be applied: ${yaml}")
         fileSystemUtils.writeYaml(yaml, tmpHelmValues.toFile())
-
+        
         if (config['registry']['internalPort'] != ApplicationConfigurator.DEFAULT_REGISTRY_PORT) {
             /* Add additional node port
                30000 is needed as a static by docker via port mapping of k3d, e.g. 32769 -> 30000 on server-0 container
                See "-p 30000" in init-cluster.sh
                e.g 32769 is needed so the kubelet can access the image inside the server-0 container
              */
-            k8sClient.createServiceNodePort('docker-registry-internal-port',
+            k8sClient.createServiceNodePort('docker-registry-internal-port', 
                     CONTAINER_PORT, config['registry']['internalPort'] as String,
                     'default')
         }
-
+        
         deployer.deployFeature(
                 helmConfig['repoURL'] as String,
                 'registry',
@@ -113,5 +82,6 @@ class Registry extends Feature {
                 'docker-registry',
                 tmpHelmValues
         )
+
     }
 }

src/main/groovy/com/cloudogu/gitops/features/ScmManager.groovy

@@ -13,7 +13,7 @@ import jakarta.inject.Singleton
 
 @Slf4j
 @Singleton
-@Order(80)
+@Order(60)
 class ScmManager extends Feature {
 
     static final String HELM_VALUES_PATH = "scm-manager/values.ftl.yaml"

src/test/groovy/com/cloudogu/gitops/ApplicationTest.groovy

@@ -26,6 +26,6 @@ class ApplicationTest {
                 .getBean(Application)
         def features = application.features.collect { it.class.simpleName }
 
-        assertThat(features).isEqualTo(["Registry", "ScmManager", "Jenkins", "ArgoCD", "IngressNginx", "Mailhog", "PrometheusStack", "ExternalSecretsOperator", "Vault"])
+        assertThat(features).isEqualTo(["Registry", "ScmManager", "Jenkins", "Content", "ArgoCD", "IngressNginx", "Mailhog", "PrometheusStack", "ExternalSecretsOperator", "Vault"])
     }
 }

src/test/groovy/com/cloudogu/gitops/cli/GitopsPlaygroundCliMainScriptedTest.groovy

@@ -83,7 +83,7 @@ class GitopsPlaygroundCliMainScriptedTest {
                 .enableAnnotationInfo()
                 .scan().withCloseable { scanResult ->
             scanResult.getAllClasses().each { ClassInfo classInfo ->
-                if (classInfo.name.endsWith("Test")) {
+                if (classInfo.name.endsWith("Test") || classInfo.isAbstract()) {
                     return
                 }
 

src/test/groovy/com/cloudogu/gitops/features/ContentTest.groovy

@@ -0,0 +1,95 @@
+package com.cloudogu.gitops.features
+
+import com.cloudogu.gitops.config.Configuration
+import com.cloudogu.gitops.utils.K8sClientForTest
+import groovy.yaml.YamlSlurper
+import org.junit.jupiter.api.Test
+
+import static org.assertj.core.api.Assertions.assertThat 
+
+class ContentTest {
+
+    Map config = [
+            registry   : [
+                    url                   : 'reg-url',
+                    path                  : 'reg-path',
+                    username              : 'reg-user',
+                    password              : 'reg-pw',
+                    createImagePullSecrets: false,
+            ],
+            application: [
+                    namePrefix: "foo-",
+            ],
+    ]
+    K8sClientForTest k8sClient = new K8sClientForTest(config)
+
+
+    @Test
+    void 'deploys image pull secrets'() {
+        config['registry']['createImagePullSecrets'] = true
+
+        createContent().install()
+
+        assertRegistrySecrets('reg-user', 'reg-pw')
+    }
+
+    @Test
+    void 'deploys image pull secrets from read-only vars'() {
+        config['registry']['createImagePullSecrets'] = true
+        config['registry']['readOnlyUsername'] = 'other-user'
+        config['registry']['readOnlyPassword'] = 'other-pw'
+
+        createContent().install()
+
+        assertRegistrySecrets('other-user', 'other-pw')
+    }
+
+    @Test
+    void 'deploys image pull secrets for proxy registry'() {
+        config['registry']['createImagePullSecrets'] = true
+        config['registry']['twoRegistries'] = true
+        config['registry']['proxyUrl'] = 'proxy-url'
+        config['registry']['proxyUsername'] = 'proxy-user'
+        config['registry']['proxyPassword'] = 'proxy-pw'
+
+        createContent().install()
+
+        assertRegistrySecrets('reg-user', 'reg-pw')
+
+        k8sClient.commandExecutorForTest.assertExecuted('kubectl create namespace foo-example-apps-staging')
+        k8sClient.commandExecutorForTest.assertExecuted('kubectl create namespace foo-example-apps-production')
+        k8sClient.commandExecutorForTest.assertExecuted(
+                'kubectl create secret docker-registry proxy-registry -n foo-example-apps-staging' +
+                        ' --docker-server proxy-url --docker-username proxy-user --docker-password proxy-pw')
+        k8sClient.commandExecutorForTest.assertExecuted(
+                'kubectl create secret docker-registry proxy-registry -n foo-example-apps-production' +
+                        ' --docker-server proxy-url --docker-username proxy-user --docker-password proxy-pw')
+
+    }
+
+    private void assertRegistrySecrets(String regUser, String regPw) {
+        List expectedNamespaces = ["foo-example-apps-staging", "foo-example-apps-production"]
+        expectedNamespaces.each {
+
+            k8sClient.commandExecutorForTest.assertExecuted(
+                    "kubectl create secret docker-registry registry -n ${it}" +
+                            " --docker-server reg-url --docker-username $regUser --docker-password ${regPw}" +
+                            ' --dry-run=client -oyaml | kubectl apply -f-')
+
+            def patchCommand = k8sClient.commandExecutorForTest.assertExecuted(
+                    "kubectl patch serviceaccount default -n ${it}")
+            String patchFile = (patchCommand =~ /--patch-file=([\S]+)/)?.findResult { (it as List)[1] }
+            assertThat(parseActualYaml(new File(patchFile))['imagePullSecrets'] as List).hasSize(1)
+            assertThat((parseActualYaml(new File(patchFile))['imagePullSecrets'] as List)[0] as Map).containsEntry('name', 'registry')
+        }
+    }
+
+    private Content createContent() {
+        new Content(new Configuration(config), k8sClient)
+    }
+
+    private parseActualYaml(File pathToYamlFile) {
+        def ys = new YamlSlurper()
+        return ys.parse(pathToYamlFile)
+    }
+}

src/test/groovy/com/cloudogu/gitops/features/RegistryTest.groovy

@@ -18,14 +18,13 @@ class RegistryTest {
 
     Map config = [
             registry   : [
-                    internal              : true,
-                    url                   : 'reg-url',
-                    path                  : 'reg-path',
-                    username              : 'reg-user',
-                    password              : 'reg-pw',
-                    internalPort          : ApplicationConfigurator.DEFAULT_REGISTRY_PORT,
-                    createImagePullSecrets: false,
-                    helm                  : [
+                    internal    : true,
+                    url         : '',
+                    path        : '',
+                    username    : '',
+                    password    : '',
+                    internalPort: ApplicationConfigurator.DEFAULT_REGISTRY_PORT,
+                    helm        : [
                             chart  : 'docker-registry',
                             repoURL: 'https://charts.helm.sh/stable',
                             version: '1.9.4'
@@ -41,7 +40,7 @@ class RegistryTest {
     File temporaryYamlFile
 
     @Test
-    void 'does not deploy internal registry, when external registry is configured'() {
+    void 'is disabled when external registry is configured'() {
         config.registry['internal'] = false
 
         createRegistry().install()
@@ -75,66 +74,7 @@ class RegistryTest {
 
         assertThat(k8sClient.commandExecutorForTest.actualCommands[0]).contains("--node-port $expectedNodePort")
     }
-
-    @Test
-    void 'deploys image pull secrets'() {
-        config['registry']['createImagePullSecrets'] = true
-
-        createRegistry().install()
-
-        assertRegistrySecrets('reg-user', 'reg-pw')
-    }
-
-    @Test
-    void 'deploys image pull secrets from read-only vars'() {
-        config['registry']['createImagePullSecrets'] = true
-        config['registry']['readOnlyUsername'] = 'other-user'
-        config['registry']['readOnlyPassword'] = 'other-pw'
-
-        createRegistry().install()
-
-        assertRegistrySecrets('other-user', 'other-pw')
-
-    }
-
-    @Test
-    void 'deploys image pull secrets for proxy registry'() {
-        config['registry']['createImagePullSecrets'] = true
-        config['registry']['twoRegistries'] = true
-        config['registry']['proxyUrl'] = 'proxy-url'
-        config['registry']['proxyUsername'] = 'proxy-user'
-        config['registry']['proxyPassword'] = 'proxy-pw'
-
-        createRegistry().install()
-
-        assertRegistrySecrets('reg-user', 'reg-pw')
-
-        k8sClient.commandExecutorForTest.assertExecuted(
-                'kubectl create secret docker-registry proxy-registry -n foo-example-apps-staging' +
-                        ' --docker-server proxy-url --docker-username proxy-user --docker-password proxy-pw')
-        k8sClient.commandExecutorForTest.assertExecuted(
-                'kubectl create secret docker-registry proxy-registry -n foo-example-apps-production' +
-                        ' --docker-server proxy-url --docker-username proxy-user --docker-password proxy-pw')
-
-    }
-
-    private void assertRegistrySecrets(String regUser, String regPw) {
-        List expectedNamespaces = ["foo-example-apps-staging", "foo-example-apps-production"]
-        expectedNamespaces.each {
-
-            k8sClient.commandExecutorForTest.assertExecuted(
-                    "kubectl create secret docker-registry registry -n ${it}" +
-                            " --docker-server reg-url --docker-username $regUser --docker-password ${regPw}" +
-                            ' --dry-run=client -oyaml | kubectl apply -f-')
-
-            def patchCommand = k8sClient.commandExecutorForTest.assertExecuted(
-                    "kubectl patch serviceaccount default -n ${it}")
-            String patchFile = (patchCommand =~ /--patch-file=([\S]+)/)?.findResult { (it as List)[1] }
-            assertThat(parseActualYaml(new File(patchFile))['imagePullSecrets'] as List).hasSize(1)
-            assertThat((parseActualYaml(new File(patchFile))['imagePullSecrets'] as List)[0] as Map).containsEntry('name', 'registry')
-        }
-    }
-
+    
     private Registry createRegistry() {
         // We use the real FileSystemUtils and not a mock to make sure file editing works as expected
 
@@ -149,8 +89,8 @@ class RegistryTest {
         }, k8sClient, new HelmStrategy(new Configuration(config), helmClient))
     }
 
-    private parseActualYaml(File pathToYamlFile = temporaryYamlFile) {
+    private parseActualYaml() {
         def ys = new YamlSlurper()
-        return ys.parse(pathToYamlFile)
+        return ys.parse(temporaryYamlFile)
     }
 }