Merge commit '4052c80dc3f7' into release/v2.12-ent

Author: STARRY-S

.github/workflows/create-rancher-pr.yml

@@ -0,0 +1,128 @@
+name: Create Rancher PR
+
+# This workflow triggers on a push to the main branch. It updates the
+# rancher/shepherd dependency in the rancher/rancher repository and opens a PR.
+on:
+  push:
+    branches:
+      - release/v2.12
+env:
+  INPUT_SOURCE_URL: ${{ github.event.inputs.source_url }}
+  INPUT_SOURCE_AUTHOR: ${{ github.event.inputs.source_author }}
+
+jobs:
+  create-rancher-pr:
+    permissions:
+      # This is required for the vault action to get an OIDC token
+      id-token: write
+      # This is required to checkout the repository
+      contents: read
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the current repo (shepherd) to get the commit SHA
+      - name: Checkout shepherd
+        uses: actions/checkout@v4
+
+      - name: Get short SHA
+        id: sha
+        run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Retrieve token from vault
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            github/token/rancher--rancher--pull_requests--write token | GH_TOKEN
+
+      # Checkout the target repo (rancher/rancher) where the PR will be created
+      - name: Checkout rancher/rancher
+        uses: actions/checkout@v4
+        with:
+          repository: rancher/rancher
+          path: rancher
+          ref: release/v2.12
+          token: ${{ env.GH_TOKEN }}
+
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'rancher/go.mod'
+
+      - name: Create branch, update, and push changes
+        id: update_and_push
+        working-directory: ./rancher
+        run: |
+          BRANCH_NAME="shepherd-githubaction-$(date +%Y-%m-%d-%H-%M-%S)-2.12"
+          echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
+
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          echo "Creating and switching to new branch: ${BRANCH_NAME}"
+          git checkout -b ${BRANCH_NAME}
+
+          echo "Updating rancher/shepherd to commit ${{ github.sha }}"
+          go get github.com/rancher/shepherd@${{ github.sha }}
+          go mod tidy
+
+          # Check for changes
+          if [[ -z $(git status --porcelain) ]]; then
+            echo "No changes to commit."
+            echo "changes_exist=false" >> $GITHUB_ENV
+          else
+            echo "Changes detected. Committing and pushing."
+            echo "changes_exist=true" >> $GITHUB_ENV
+            git add go.mod go.sum
+            git commit -m "shepherd-githubaction: Update rancher/shepherd to ${{ steps.sha.outputs.short_sha }}"
+            git push origin ${BRANCH_NAME}
+          fi
+      - name: Create Pull Request
+        if: env.changes_exist == 'true'
+        id: cpr
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ env.GH_TOKEN }}
+          script: |
+            const source_author = process.env.INPUT_SOURCE_AUTHOR || context.actor;
+            let body = 'Auto-generated by Shepherd GitHub Actions This PR updates the \`rancher/shepherd\` dependency to the latest version. Please delete the branch after merge.\n\n'
+            if  ( `${ process.env.INPUT_SOURCE_URL }` ) {
+              body += `\nSource URL: ${ process.env.INPUT_SOURCE_URL }`
+            }
+            if  ( `${ process.env.INPUT_SOURCE_AUTHOR }` ) {
+              body += `\nSource AUTHOR: @${ process.env.INPUT_SOURCE_AUTHOR}`
+            }
+          
+            const { data: pr } = await github.rest.pulls.create({
+              title: "[v2.12] shepherd-githubaction: Update rancher/shepherd to latest version",
+              body: body,
+              owner: "rancher",
+              repo: "rancher",
+              base: "release/v2.12",
+              head: "${{ steps.update_and_push.outputs.branch_name }}"
+            });
+            await github.rest.issues.addLabels({
+              owner: "rancher",
+              repo: "rancher",
+              issue_number: pr.number,
+              labels: ["automation", "status/auto-created"],
+            });
+            // Also assign the person who triggered the workflow to the PR for visibility
+            await github.rest.issues.addAssignees({
+              owner: "rancher",
+              repo: "rancher",
+              issue_number: pr.number,
+              assignees: [source_author],
+            });
+            // Request reviewers for the pull request
+            await github.rest.pulls.requestReviewers({
+              owner: "rancher",
+              repo: "rancher",
+              pull_number: pr.number,
+              reviewers: ["hamistao", "slickwarren", "Priyashetty17"],
+            });
+            console.log(`Created new pull request: ${pr.html_url}`);
+            return pr.html_url;
+
+      - name: Check outputs
+        if: env.changes_exist == 'true'
+        run: |
+          echo "Pull Request URL - ${{ steps.cpr.outputs.result }}"

clients/harvester/client.go

@@ -9,7 +9,6 @@ import (
 
 	"github.com/rancher/shepherd/pkg/clientbase"
 	"github.com/rancher/shepherd/pkg/config"
-	"github.com/rancher/shepherd/pkg/environmentflag"
 	"github.com/rancher/shepherd/pkg/session"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/rest"
@@ -36,32 +35,44 @@ func NewClient(bearerToken string, session *session.Session) (*Client, error) {
 	harvesterConfig := new(Config)
 	config.LoadConfig(ConfigurationFileKey, harvesterConfig)
 
-	environmentFlags := environmentflag.NewEnvironmentFlags()
-	environmentflag.LoadEnvironmentFlags(environmentflag.ConfigurationFileKey, environmentFlags)
+	c, err := NewClientForConfig(bearerToken, harvesterConfig, session)
+	if err != nil {
+		return nil, err
+	}
+
+	return c, err
+}
 
+// NewClientForConfig is the constructor for initializing a rancher Client for the given config and session.
+func NewClientForConfig(bearerToken string, harvesterConfig *Config, session *session.Session) (*Client, error) {
 	if bearerToken == "" {
 		bearerToken = harvesterConfig.AdminToken
 	}
 
+	if harvesterConfig == nil {
+		harvesterConfig = new(Config)
+	}
+
 	c := &Client{
 		HarvesterConfig: harvesterConfig,
 	}
 
-	session.CleanupEnabled = *harvesterConfig.Cleanup
+	if session != nil {
+		session.CleanupEnabled = *c.HarvesterConfig.Cleanup
+	}
 
 	var err error
-	restConfig := newRestConfig(bearerToken, harvesterConfig)
-	c.restConfig = restConfig
+	c.restConfig = newRestConfig(bearerToken, c.HarvesterConfig)
 	c.Session = session
 
-	c.Steve, err = v1.NewClient(clientOptsV1(restConfig, c.HarvesterConfig))
+	c.Steve, err = v1.NewClient(clientOptsV1(c.restConfig, c.HarvesterConfig))
 	if err != nil {
 		return nil, err
 	}
 
 	c.Steve.Ops.Session = session
 
-	catalogClient, err := catalog.NewForConfig(restConfig, session)
+	catalogClient, err := catalog.NewForConfig(c.restConfig, session)
 	if err != nil {
 		return nil, err
 	}
@@ -71,7 +82,7 @@ func NewClient(bearerToken string, session *session.Session) (*Client, error) {
 	return c, nil
 }
 
-// newRestConfig is a constructor that sets ups rest.Config the configuration used by the Provisioning client.
+// newRestConfig is a constructor that sets up a rest.Config the configuration used by the Provisioning client.
 func newRestConfig(bearerToken string, harvesterConfig *Config) *rest.Config {
 	return &rest.Config{
 		Host:        harvesterConfig.Host,
@@ -82,7 +93,7 @@ func newRestConfig(bearerToken string, harvesterConfig *Config) *rest.Config {
 	}
 }
 
-// clientOptsV1 is a constructor that sets ups clientbase.ClientOpts the configuration used by the v1 harvester clients.
+// clientOptsV1 is a constructor that sets up a clientbase.ClientOpts the configuration used by the v1 harvester clients.
 func clientOptsV1(restConfig *rest.Config, harvesterConfig *Config) *clientbase.ClientOpts {
 	return &clientbase.ClientOpts{
 		URL:      fmt.Sprintf("https://%s/v1", harvesterConfig.Host),

clients/rancher/auth/activedirectory/activedirectory.go

@@ -0,0 +1,149 @@
+package activedirectory
+
+import (
+	"fmt"
+
+	apisv3 "github.com/rancher/rancher/pkg/apis/management.cattle.io/v3"
+	management "github.com/rancher/shepherd/clients/rancher/generated/management/v3"
+	"github.com/rancher/shepherd/pkg/config"
+	"github.com/rancher/shepherd/pkg/session"
+)
+
+type Operations interface {
+	Enable() error
+	Disable() error
+	Update(existing, updates *management.AuthConfig) (*management.AuthConfig, error)
+}
+
+const (
+	resourceType = "activedirectory"
+	schemaType   = "activeDirectoryConfigs"
+)
+
+type Client struct {
+	client  *management.Client
+	session *session.Session
+	Config  *Config
+}
+
+// NewActiveDirectory constructs ActiveDirectory struct after it reads Active Directory from the configuration file
+func NewActiveDirectory(client *management.Client, session *session.Session) (*Client, error) {
+	adConfig := new(Config)
+	config.LoadConfig(ConfigurationFileKey, adConfig)
+
+	return &Client{
+		client:  client,
+		session: session,
+		Config:  adConfig,
+	}, nil
+}
+
+// Enable is a method of ActiveDirectory, makes a request to the action with the given
+// configuration values
+func (a *Client) Enable() error {
+	var jsonResp map[string]interface{}
+	url := a.newActionURL("testAndApply")
+
+	enableActionInput, err := a.newEnableInputFromConfig()
+	if err != nil {
+		return err
+	}
+
+	err = a.client.Ops.DoModify("POST", url, enableActionInput, &jsonResp)
+	if err != nil {
+		return err
+	}
+
+	a.session.RegisterCleanupFunc(func() error {
+		return a.Disable()
+	})
+
+	return nil
+}
+
+// Update is a method of ActiveDirectory, makes an update with the given configuration values
+func (a *Client) Update(
+	existing, updates *management.AuthConfig,
+) (*management.AuthConfig, error) {
+	return a.client.AuthConfig.Update(existing, updates)
+}
+
+// Disable is a method of ActiveDirectory, makes a request to disable Active Directory
+func (a *Client) Disable() error {
+	var jsonResp map[string]any
+	url := a.newActionURL("disable")
+	disableActionInput := a.newDisableInput()
+
+	return a.client.Ops.DoModify("POST", url, &disableActionInput, &jsonResp)
+}
+
+func (a *Client) newActionURL(action string) string {
+	return fmt.Sprintf(
+		"%v/%v/%v?action=%v",
+		a.client.Opts.URL,
+		schemaType,
+		resourceType,
+		action,
+	)
+}
+
+func (a *Client) newEnableInputFromConfig() (*apisv3.ActiveDirectoryTestAndApplyInput, error) {
+	var server string
+
+	if a.Config.Hostname == "" && a.Config.IP == "" {
+		return nil, fmt.Errorf("active Directory Hostname and IP are empty, please provide one of them")
+	}
+
+	server = a.Config.Hostname
+	if server == "" {
+		server = a.Config.IP
+	}
+
+	if a.Config.Users.Admin.Username == "" || a.Config.Users.Admin.Password == "" {
+		return nil, fmt.Errorf("admin username or password are empty, please provide them")
+	}
+
+	// Create the nested ActiveDirectoryConfig
+	adConfig := &apisv3.ActiveDirectoryConfig{
+		AuthConfig: apisv3.AuthConfig{
+			AccessMode: a.Config.AccessMode,
+		},
+		Servers:                      []string{server},
+		Port:                         int64(a.Config.Port),
+		TLS:                          a.Config.TLS,
+		StartTLS:                     a.Config.StartTLS,
+		ServiceAccountUsername:       a.Config.ServiceAccount.DistinguishedName,
+		ServiceAccountPassword:       a.Config.ServiceAccount.Password,
+		UserSearchBase:               a.Config.Users.SearchBase,
+		UserObjectClass:              a.Config.Users.ObjectClass,
+		UserNameAttribute:            a.Config.Users.UsernameAttribute,
+		UserLoginAttribute:           a.Config.Users.LoginAttribute,
+		UserSearchAttribute:          a.Config.Users.SearchAttribute,
+		UserSearchFilter:             a.Config.Users.SearchFilter,
+		UserEnabledAttribute:         a.Config.Users.EnabledAttribute,
+		UserDisabledBitMask:          a.Config.Users.DisabledBitMask,
+		GroupSearchBase:              a.Config.Groups.SearchBase,
+		GroupObjectClass:             a.Config.Groups.ObjectClass,
+		GroupNameAttribute:           a.Config.Groups.NameAttribute,
+		GroupSearchAttribute:         a.Config.Groups.SearchAttribute,
+		GroupSearchFilter:            a.Config.Groups.SearchFilter,
+		GroupMemberUserAttribute:     a.Config.Groups.MemberUserAttribute,
+		GroupMemberMappingAttribute:  a.Config.Groups.MemberMappingAttribute,
+		GroupDNAttribute:             a.Config.Groups.DNAttribute,
+		NestedGroupMembershipEnabled: &a.Config.Groups.NestedGroupMembershipEnabled,
+	}
+
+	// Wrap it in ActiveDirectoryTestAndApplyInput with test credentials
+	testAndApplyInput := &apisv3.ActiveDirectoryTestAndApplyInput{
+		ActiveDirectoryConfig: *adConfig,
+		Username:              a.Config.Users.Admin.Username,
+		Password:              a.Config.Users.Admin.Password,
+		Enabled:               true,
+	}
+
+	return testAndApplyInput, nil
+}
+
+func (a *Client) newDisableInput() []byte {
+	return []byte(`{"action": "disable"}`)
+}