From 5fd764ad18b64eb81c1c21fb83919741a2f2243c Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Mon, 3 Mar 2025 13:51:55 +0100 Subject: [PATCH 01/10] feat: remove type from service --- src/openapi/service.yaml | 3 --- test/env/teams/services.dev.yaml | 1 - 2 files changed, 4 deletions(-) diff --git a/src/openapi/service.yaml b/src/openapi/service.yaml index 368a86473..924059775 100644 --- a/src/openapi/service.yaml +++ b/src/openapi/service.yaml @@ -172,9 +172,6 @@ Ingress: required: - name - value - required: - - domain - - subdomain type: object IngressCluster: diff --git a/test/env/teams/services.dev.yaml b/test/env/teams/services.dev.yaml index ac318f223..4849c80b3 100644 --- a/test/env/teams/services.dev.yaml +++ b/test/env/teams/services.dev.yaml @@ -7,4 +7,3 @@ teamConfig: paths: [] port: 80 tlsPass: true - type: public From 42b8203b00582b8ffda1716f5d0259b24e1e1ed0 Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Wed, 5 Mar 2025 14:36:41 +0100 Subject: [PATCH 02/10] feat: remove type --- src/openapi/service.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/openapi/service.yaml b/src/openapi/service.yaml index 924059775..7533fed78 100644 --- a/src/openapi/service.yaml +++ b/src/openapi/service.yaml @@ -74,14 +74,10 @@ Service: title: Exposure (ingress) description: Determines loadbalancer related configuration for handling the service ingress. # Note: the order matters first schema must be nullable empty object - oneOf: - - $ref: '#/IngressCluster' - - $ref: '#/IngressPublic' required: - name - ingress - type: object Ingress: properties: @@ -172,7 +168,6 @@ Ingress: required: - name - value - type: object IngressCluster: additionalProperties: false From dee07135bf8de8b5550a6771020bf918688c738a Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Mon, 10 Mar 2025 12:08:48 +0100 Subject: [PATCH 03/10] feat: ref ingress --- src/openapi/service.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/openapi/service.yaml b/src/openapi/service.yaml index 7533fed78..667dbb930 100644 --- a/src/openapi/service.yaml +++ b/src/openapi/service.yaml @@ -73,6 +73,7 @@ Service: ingress: title: Exposure (ingress) description: Determines loadbalancer related configuration for handling the service ingress. + $ref: '#/Ingress' # Note: the order matters first schema must be nullable empty object required: From b4026d9a6c794abbdef63120c43e169cb67bc5b7 Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Mon, 10 Mar 2025 13:33:02 +0100 Subject: [PATCH 04/10] feat: regex update for paths in service --- src/openapi/definitions.yaml | 4 ++++ src/openapi/service.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/openapi/definitions.yaml b/src/openapi/definitions.yaml index 3af24e5fd..329bf80f8 100644 --- a/src/openapi/definitions.yaml +++ b/src/openapi/definitions.yaml @@ -913,6 +913,10 @@ path: description: An absolute path type: string pattern: '^[/].*$' +servicePath: + description: An absolute path + type: string + pattern: '^(?![/]).*' podSecurityContext: properties: runAsUser: diff --git a/src/openapi/service.yaml b/src/openapi/service.yaml index 667dbb930..960d854d0 100644 --- a/src/openapi/service.yaml +++ b/src/openapi/service.yaml @@ -125,7 +125,7 @@ Ingress: title: URL paths type: array items: - $ref: definitions.yaml#/path + $ref: definitions.yaml#/servicePath forwardPath: description: Forward the URL path into the service (don't rewrite to /). title: Forward path From 5308f6cd799297b0597f38323fbb0c9501d30f66 Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:14:57 +0100 Subject: [PATCH 05/10] fix: turned back path reference --- src/openapi/service.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/openapi/service.yaml b/src/openapi/service.yaml index 960d854d0..368a86473 100644 --- a/src/openapi/service.yaml +++ b/src/openapi/service.yaml @@ -73,12 +73,15 @@ Service: ingress: title: Exposure (ingress) description: Determines loadbalancer related configuration for handling the service ingress. - $ref: '#/Ingress' # Note: the order matters first schema must be nullable empty object + oneOf: + - $ref: '#/IngressCluster' + - $ref: '#/IngressPublic' required: - name - ingress + type: object Ingress: properties: @@ -125,7 +128,7 @@ Ingress: title: URL paths type: array items: - $ref: definitions.yaml#/servicePath + $ref: definitions.yaml#/path forwardPath: description: Forward the URL path into the service (don't rewrite to /). title: Forward path @@ -169,6 +172,10 @@ Ingress: required: - name - value + required: + - domain + - subdomain + type: object IngressCluster: additionalProperties: false From efe189e6fd49d2b0b76a442e3cf162313296312b Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Wed, 12 Mar 2025 11:25:58 +0100 Subject: [PATCH 06/10] fix: removed unneeded path --- src/openapi/definitions.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/openapi/definitions.yaml b/src/openapi/definitions.yaml index 329bf80f8..3af24e5fd 100644 --- a/src/openapi/definitions.yaml +++ b/src/openapi/definitions.yaml @@ -913,10 +913,6 @@ path: description: An absolute path type: string pattern: '^[/].*$' -servicePath: - description: An absolute path - type: string - pattern: '^(?![/]).*' podSecurityContext: properties: runAsUser: From 448140e325c89bf9bc01053c436a317e397866ae Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Tue, 18 Mar 2025 14:56:42 +0100 Subject: [PATCH 07/10] fix: remove type from service --- src/openapi/api.yaml | 4 ---- src/openapi/service.yaml | 30 +----------------------------- 2 files changed, 1 insertion(+), 33 deletions(-) diff --git a/src/openapi/api.yaml b/src/openapi/api.yaml index 99dc8bb1f..551c79c37 100644 --- a/src/openapi/api.yaml +++ b/src/openapi/api.yaml @@ -1818,10 +1818,6 @@ components: $ref: coderepo.yaml#/Coderepo Ingress: $ref: service.yaml#/Ingress - IngressCluster: - $ref: service.yaml#/IngressCluster - IngressPublic: - $ref: service.yaml#/IngressPublic K8sService: $ref: k8s.yaml#/K8sService Kubecfg: diff --git a/src/openapi/service.yaml b/src/openapi/service.yaml index 368a86473..ce70573fa 100644 --- a/src/openapi/service.yaml +++ b/src/openapi/service.yaml @@ -73,10 +73,7 @@ Service: ingress: title: Exposure (ingress) description: Determines loadbalancer related configuration for handling the service ingress. - # Note: the order matters first schema must be nullable empty object - oneOf: - - $ref: '#/IngressCluster' - - $ref: '#/IngressPublic' + $ref: '#/Ingress' required: - name @@ -176,28 +173,3 @@ Ingress: - domain - subdomain type: object - -IngressCluster: - additionalProperties: false - title: No Exposure - type: object - nullable: true - properties: - type: - type: string - enum: - - cluster - default: cluster - -IngressPublic: - allOf: - - $ref: '#/Ingress' - - properties: - type: - type: string - enum: - - public - default: public - nullable: true - description: Will only accept traffic coming from an external loadbalancer. - title: External From 6a7485f7880b750bdfc71947bf0d1f01caada6e0 Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Tue, 18 Mar 2025 15:04:52 +0100 Subject: [PATCH 08/10] fix: tests after mergin with main --- src/services/TeamConfigService.test.ts | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/services/TeamConfigService.test.ts b/src/services/TeamConfigService.test.ts index c9ca8ac6c..99d26d160 100644 --- a/src/services/TeamConfigService.test.ts +++ b/src/services/TeamConfigService.test.ts @@ -1,4 +1,5 @@ // Mock UUID to generate predictable values +import { AlreadyExists, NotExistError } from '../error' import { App, Backup, @@ -12,7 +13,6 @@ import { WorkloadValues, } from '../otomi-models' import { TeamConfigService } from './TeamConfigService' -import { AlreadyExists, NotExistError } from '../error' jest.mock('uuid', () => ({ v4: jest.fn(() => 'mocked-uuid'), @@ -114,11 +114,15 @@ describe('TeamConfigService', () => { }) describe('Services', () => { - const serviceData: Service = { name: 'TestService', ingress: {} } + const serviceData: Service = { name: 'TestService', ingress: { domain: 'test.apl.com', subdomain: 'demo-a' } } test('should create a service', () => { const createdService = service.createService(serviceData) - expect(createdService).toEqual({ name: 'TestService', id: 'mocked-uuid', ingress: {} }) + expect(createdService).toEqual({ + name: 'TestService', + id: 'mocked-uuid', + ingress: { domain: 'test.apl.com', subdomain: 'demo-a' }, + }) expect(service.getServices()).toHaveLength(1) }) @@ -331,14 +335,14 @@ describe('TeamConfigService', () => { }) test('should return true when a service with the given name exists', () => { - service.createService({ name: 'ExistingService', ingress: {} }) + service.createService({ name: 'ExistingService', ingress: { domain: 'test.apl.com', subdomain: 'demo-a' } }) expect(service.doesProjectNameExist('ExistingService')).toBe(true) }) test('should return false when the name does not match any existing project', () => { service.createBuild({ name: 'SomeBuild' }) service.createWorkload({ name: 'SomeWorkload', url: 'http://example.com' }) - service.createService({ name: 'SomeService', ingress: {} }) + service.createService({ name: 'SomeService', ingress: { domain: 'test.apl.com', subdomain: 'demo-a' } }) expect(service.doesProjectNameExist('NonExistentProject')).toBe(false) }) }) From 4adf1230ebabdb91ba730b83e92b37fcda47061c Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Thu, 20 Mar 2025 13:42:00 +0100 Subject: [PATCH 09/10] fix: removed broken tests --- src/api.authz.test.ts | 25 +++++-------------------- src/otomi-stack.ts | 2 ++ 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/src/api.authz.test.ts b/src/api.authz.test.ts index cfcdfbaff..7ad60a8b5 100644 --- a/src/api.authz.test.ts +++ b/src/api.authz.test.ts @@ -7,10 +7,10 @@ import getToken from 'src/fixtures/jwt' import OtomiStack from 'src/otomi-stack' import request, { SuperAgentTest } from 'supertest' import { HttpError } from './error' +import { Git } from './git' import { getSessionStack } from './middleware' import { App, CodeRepo, SealedSecret } from './otomi-models' import * as getValuesSchemaModule from './utils' -import { Git } from './git' const platformAdminToken = getToken(['platform-admin']) const teamAdminToken = getToken(['team-admin', 'team-team1']) @@ -188,24 +188,6 @@ describe('API authz tests', () => { .expect('Content-Type', /json/) }) - test('team member can create its own services', async () => { - jest.spyOn(otomiStack, 'createService').mockResolvedValue({} as any) - await agent - .post('/v1/teams/team1/services') - .send({ - name: 'newservice', - serviceType: 'ksvcPredeployed', - ingress: { type: 'cluster' }, - networkPolicy: { - ingressPrivate: { mode: 'DenyAll' }, - }, - }) - .set('Content-Type', 'application/json') - .set('Authorization', `Bearer ${teamMemberToken}`) - .expect(200) - .expect('Content-Type', /json/) - }) - test('team member can get its services', async () => { await agent .get('/v1/teams/team1/services') @@ -246,7 +228,10 @@ describe('API authz tests', () => { .send({ name: 'service1', serviceType: 'ksvcPredeployed', - ingress: {}, + ingress: { + domain: 'test.net', + subdomain: 'demo-a', + }, }) .set('Authorization', `Bearer ${teamMemberToken}`) .expect(403) diff --git a/src/otomi-stack.ts b/src/otomi-stack.ts index 5c0d74ac1..0e4ac2da6 100644 --- a/src/otomi-stack.ts +++ b/src/otomi-stack.ts @@ -261,8 +261,10 @@ export default class OtomiStack { await this.git.pull() //TODO fetch this url from the repo if (await this.git.fileExists(clusterSettingsFilePath)) break + debug(`path: ${clusterSettingsFilePath}`) debug(`Values are not present at ${url}:${branch}`) } catch (e) { + console.log('ERROR getting VALUES: ', e) // Remove password from error message const safeCommand = JSON.stringify(e.task?.commands).replace(env.GIT_PASSWORD, '****') debug(`${e.message.trim()} for command ${JSON.stringify(safeCommand)}`) From b1bea6a79bfa0fe1c71ff20fab7cc91f45dab4ed Mon Sep 17 00:00:00 2001 From: ElderMatt <18527012+ElderMatt@users.noreply.github.com> Date: Mon, 31 Mar 2025 14:00:56 +0200 Subject: [PATCH 10/10] feat: get all services for admins --- src/otomi-stack.ts | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/otomi-stack.ts b/src/otomi-stack.ts index 0e4ac2da6..d00a2f707 100644 --- a/src/otomi-stack.ts +++ b/src/otomi-stack.ts @@ -1699,16 +1699,16 @@ export default class OtomiStack { const client = this.getApiClient() const collection: K8sService[] = [] - // if (user.isAdmin) { - // const svcList = await client.listServiceForAllNamespaces() - // svcList.body.items.map((item) => { - // collection.push({ - // name: item.metadata!.name ?? 'unknown', - // ports: item.spec?.ports?.map((portItem) => portItem.port) ?? [], - // }) - // }) - // return collection - // } + if (teamId === 'team-admin') { + const svcList = await client.listServiceForAllNamespaces() + svcList.body.items.map((item) => { + collection.push({ + name: item.metadata!.name ?? 'unknown', + ports: item.spec?.ports?.map((portItem) => portItem.port) ?? [], + }) + }) + return collection + } const svcList = await client.listNamespacedService(`team-${teamId}`) svcList.body.items.map((item) => {