Move createImagePullSecret() to trait

schnatterer · nihussmann · commit eb13386eca7c · 2024-10-23T10:03:00.000+02:00
For easier reuse.

Using a trait instead of a util might also help us in the future.
For example, we can automate the setting of image values or extract all
images used.

An abstract class might have worked as well, but this way we can later
add more traits, if needed.
diff --git a/src/main/groovy/com/cloudogu/gitops/Feature.groovy b/src/main/groovy/com/cloudogu/gitops/Feature.groovy
@@ -8,6 +8,11 @@ abstract class Feature {
     boolean install() {
         if (isEnabled()) {
             log.info("Installing Feature ${getClass().getSimpleName()}")
+            
+            if (this instanceof FeatureWithImage) {
+                (this as FeatureWithImage).createImagePullSecret()
+            }
+
             enable()
             return true
         } else {
diff --git a/src/main/groovy/com/cloudogu/gitops/FeatureWithImage.groovy b/src/main/groovy/com/cloudogu/gitops/FeatureWithImage.groovy
@@ -0,0 +1,27 @@
+package com.cloudogu.gitops
+
+import com.cloudogu.gitops.utils.K8sClient
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A feature that relies on container images running inside the kubernetes cluster.
+ */
+trait FeatureWithImage {
+
+    final Logger log = LoggerFactory.getLogger(this.class)
+    
+    void createImagePullSecret() {
+        if (config.registry['createImagePullSecrets'] && config.registry['twoRegistries']) {
+            log.trace("Creating image pull secret 'proxy-registry' in namespace ${namespace}" as String)
+            k8sClient.createNamespace(namespace)
+            k8sClient.createImagePullSecret('proxy-registry', namespace, config.registry['proxyUrl'] as String,
+                    config.registry['proxyUsername'] as String,
+                    config.registry['proxyPassword'] as String)
+        }
+    }
+    
+    abstract String getNamespace()
+    abstract K8sClient getK8sClient()
+    abstract Map getConfig()
+}
diff --git a/src/main/groovy/com/cloudogu/gitops/features/ExternalSecretsOperator.groovy b/src/main/groovy/com/cloudogu/gitops/features/ExternalSecretsOperator.groovy
@@ -1,6 +1,7 @@
 package com.cloudogu.gitops.features
 
 import com.cloudogu.gitops.Feature
+import com.cloudogu.gitops.FeatureWithImage
 import com.cloudogu.gitops.config.Configuration
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
 import com.cloudogu.gitops.utils.AirGappedUtils
@@ -18,15 +19,16 @@ import java.nio.file.Path
 @Slf4j
 @Singleton
 @Order(400)
-class ExternalSecretsOperator extends Feature {
+class ExternalSecretsOperator extends Feature implements FeatureWithImage {
     
     static final String HELM_VALUES_PATH = 'applications/cluster-resources/secrets/external-secrets/values.ftl.yaml'
-    static final String NAMESPACE = 'secrets'
     
-    private Map config
+    String namespace = 'secrets'
+    Map config
+    K8sClient k8sClient
+    
     private FileSystemUtils fileSystemUtils
     private DeploymentStrategy deployer
-    private K8sClient k8sClient
     private AirGappedUtils airGappedUtils
 
     ExternalSecretsOperator(
@@ -51,12 +53,6 @@ class ExternalSecretsOperator extends Feature {
     @Override
     void enable() {
 
-        if (config.registry['createImagePullSecrets'] && config.registry['twoRegistries']) {
-            k8sClient.createImagePullSecret('proxy-registry', NAMESPACE, config.registry['proxyUrl'] as String,
-                    config.registry['proxyUsername'] as String,
-                    config.registry['proxyPassword'] as String)
-        }
-
         def helmConfig = config['features']['secrets']['externalSecrets']['helm']
         def helmValuesYaml = templateToMap(HELM_VALUES_PATH, [
                         config: config,
@@ -81,7 +77,7 @@ class ExternalSecretsOperator extends Feature {
                     "external-secrets",
                     '.',
                     externalSecretsVersion,
-                    NAMESPACE,
+                    namespace,
                     'external-secrets',
                     tmpHelmValues, DeploymentStrategy.RepoType.GIT
             )
@@ -91,7 +87,7 @@ class ExternalSecretsOperator extends Feature {
                 "externalsecretsoperator",
                 helmConfig['chart'] as String,
                 helmConfig['version'] as String,
-                NAMESPACE,
+                    namespace,
                 'external-secrets',
                 tmpHelmValues
             )
diff --git a/src/main/groovy/com/cloudogu/gitops/features/Mailhog.groovy b/src/main/groovy/com/cloudogu/gitops/features/Mailhog.groovy
@@ -1,6 +1,7 @@
 package com.cloudogu.gitops.features
 
 import com.cloudogu.gitops.Feature
+import com.cloudogu.gitops.FeatureWithImage
 import com.cloudogu.gitops.config.Configuration
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
 import com.cloudogu.gitops.utils.AirGappedUtils
@@ -19,18 +20,19 @@ import java.nio.file.Path
 @Slf4j
 @Singleton
 @Order(200)
-class Mailhog extends Feature {
+class Mailhog extends Feature implements FeatureWithImage {
 
     static final String HELM_VALUES_PATH = "applications/cluster-resources/mailhog-helm-values.ftl.yaml"
-    static final String NAMESPACE = 'monitoring'
 
-    private Map config
+    String namespace = 'monitoring'
+    Map config
+    K8sClient k8sClient
+    
     private String username
     private String password
     private FileSystemUtils fileSystemUtils
     private DeploymentStrategy deployer
     private AirGappedUtils airGappedUtils
-    private K8sClient k8sClient
 
     Mailhog(
             Configuration config,
@@ -57,12 +59,6 @@ class Mailhog extends Feature {
     @Override
     void enable() {
         
-        if (config.registry['createImagePullSecrets'] && config.registry['twoRegistries']) {
-            k8sClient.createImagePullSecret('proxy-registry', NAMESPACE, config.registry['proxyUrl'] as String,
-                    config.registry['proxyUsername'] as String,
-                    config.registry['proxyPassword'] as String)
-        }
-        
         String bcryptMailhogPassword = BCrypt.hashpw(password, BCrypt.gensalt(4))
         def tmpHelmValues = new TemplatingEngine().replaceTemplate(fileSystemUtils.copyToTempDir(HELM_VALUES_PATH).toFile(), [
                 mail         : [
@@ -94,7 +90,7 @@ class Mailhog extends Feature {
                     'mailhog',
                     '.',
                     mailhogVersion,
-                    NAMESPACE,
+                    namespace,
                     'mailhog',
                     tmpHelmValues, DeploymentStrategy.RepoType.GIT)
         } else {
@@ -103,7 +99,7 @@ class Mailhog extends Feature {
                     'mailhog',
                     helmConfig['chart'] as String,
                     helmConfig['version'] as String,
-                    NAMESPACE,
+                    namespace,
                     'mailhog',
                     tmpHelmValues)
         }
diff --git a/src/main/groovy/com/cloudogu/gitops/features/Vault.groovy b/src/main/groovy/com/cloudogu/gitops/features/Vault.groovy
@@ -1,6 +1,7 @@
 package com.cloudogu.gitops.features
 
 import com.cloudogu.gitops.Feature
+import com.cloudogu.gitops.FeatureWithImage
 import com.cloudogu.gitops.config.Configuration
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
 import com.cloudogu.gitops.utils.*
@@ -15,15 +16,16 @@ import java.nio.file.Path
 @Slf4j
 @Singleton
 @Order(500)
-class Vault extends Feature {
+class Vault extends Feature implements FeatureWithImage {
     static final String VAULT_START_SCRIPT_PATH = '/applications/cluster-resources/secrets/vault/dev-post-start.ftl.sh'
     static final String HELM_VALUES_PATH = 'applications/cluster-resources/secrets/vault/values.ftl.yaml'
-    static final String NAMESPACE = 'secrets'
-
-    private Map config
+    
+    String namespace = 'secrets'
+    Map config
+    K8sClient k8sClient
+    
     private FileSystemUtils fileSystemUtils
     private Path tmpHelmValues
-    private K8sClient k8sClient
     private DeploymentStrategy deployer
     private AirGappedUtils airGappedUtils
 
@@ -51,13 +53,6 @@ class Vault extends Feature {
     @Override
     void enable() {
         // Note that some specific configuration steps are implemented in ArgoCD
-
-        if (config.registry['createImagePullSecrets'] && config.registry['twoRegistries']) {
-            k8sClient.createImagePullSecret('proxy-registry', NAMESPACE, config.registry['proxyUrl'] as String,
-                    config.registry['proxyUsername'] as String,
-                    config.registry['proxyPassword'] as String)
-        }
-        
         def helmConfig = config['features']['secrets']['vault']['helm']
 
         def yaml =  new YamlSlurper().parseText(
@@ -145,7 +140,7 @@ class Vault extends Feature {
                     "vault",
                     '.',
                     vaultVersion,
-                    'secrets',
+                    namespace,
                     'vault',
                     tmpHelmValues, DeploymentStrategy.RepoType.GIT
             )
@@ -155,7 +150,7 @@ class Vault extends Feature {
                     'vault',
                     helmConfig['chart'] as String,
                     helmConfig['version'] as String,
-                    'secrets',
+                    namespace,
                     'vault',
                     tmpHelmValues
             )
diff --git a/src/test/groovy/com/cloudogu/gitops/FeatureTest.groovy b/src/test/groovy/com/cloudogu/gitops/FeatureTest.groovy
@@ -0,0 +1,49 @@
+package com.cloudogu.gitops
+
+import com.cloudogu.gitops.utils.K8sClient
+import com.cloudogu.gitops.utils.K8sClientForTest
+import org.junit.jupiter.api.Test 
+
+class FeatureTest {
+    Map config = [
+            registry: [
+                    createImagePullSecrets: false
+            ],
+            application: [
+                    namePrefix: "foo-"
+            ]
+    ]
+    K8sClientForTest k8sClient = new K8sClientForTest(config)
+
+    @Test
+    void 'Image pull secrets are create automatically'() {
+        config['registry']['createImagePullSecrets'] = true
+        config['registry']['twoRegistries'] = true
+        config['registry']['proxyUrl'] = 'proxy-url'
+        config['registry']['proxyUsername'] = 'proxy-user'
+        config['registry']['proxyPassword'] = 'proxy-pw'
+
+        Feature feature = new FeatureWithImageForTest()
+        feature.config = config
+        feature.k8sClient = k8sClient
+        feature.namespace = 'my-ns'
+
+        feature.install()
+        
+        k8sClient.commandExecutorForTest.assertExecuted(
+                'kubectl create secret docker-registry proxy-registry -n foo-my-ns' +
+                        ' --docker-server proxy-url --docker-username proxy-user --docker-password proxy-pw')
+    }
+
+    class FeatureWithImageForTest extends Feature implements FeatureWithImage {
+
+        String namespace
+        Map config
+        K8sClient k8sClient
+
+        @Override
+        boolean isEnabled() {
+            return true
+        }
+    }
+}
