This is an automated email from the ASF dual-hosted git repository. ofuks pushed a commit to branch v2.3-RC1 in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
commit ce38274449eaa148e5eba86fcc992155924ae372 Author: Oleh Fuks <olegfuk...@gmail.com> AuthorDate: Fri Apr 24 16:15:28 2020 +0300 updated copyright --- .../aws/computational_resources/main/main.tf | 21 +++ .../aws/computational_resources/main/variables.tf | 21 +++ .../ssn-helm-charts/main/step-ca-chart/.helmignore | 21 +++ .../ssn-helm-charts/main/step-ca-chart/Chart.yaml | 23 ++- .../main/step-ca-chart/templates/_helpers.tpl | 21 +++ .../main/step-ca-chart/templates/bootstrap.yaml | 47 +++-- .../main/step-ca-chart/templates/ca.yaml | 203 ++++++++++++--------- .../main/step-ca-chart/templates/configmaps.yaml | 117 +++++++----- .../main/step-ca-chart/templates/ingress.yaml | 63 ++++--- .../main/step-ca-chart/templates/rbac.yaml | 23 ++- .../main/step-ca-chart/templates/secrets.yaml | 21 +++ .../main/step-ca-chart/templates/service.yaml | 35 +++- .../templates/tests/test-connection.yaml | 27 ++- .../ssn-helm-charts/main/step-ca-chart/values.yaml | 25 ++- .../aws/ssn-k8s/main/files/ssn-policy.json.tpl | 20 ++ .../terraform/bin/deploy/billing_app_aws.yml | 21 +++ .../terraform/bin/deploy/billing_azure.yml | 21 +++ .../terraform/bin/deploy/billing_gcp.yml | 21 +++ .../terraform/bin/deploy/endpoint_fab.py | 33 +++- infrastructure-provisioning/terraform/bin/dlab.py | 24 ++- .../terraform/bin/terraform-cli.py | 35 +++- .../terraform/gcp/endpoint/provisioning.py | 29 ++- .../terraform/gcp/main/main.tf | 21 +++ .../terraform/gcp/main/variables.tf | 21 +++ .../terraform/gcp/modules/common/iam.tf | 21 +++ .../terraform/gcp/modules/common/network.tf | 21 +++ .../terraform/gcp/modules/common/variables.tf | 21 +++ .../terraform/gcp/modules/data_engine/instance.tf | 21 +++ .../terraform/gcp/modules/data_engine/variables.tf | 21 +++ .../terraform/gcp/modules/dataproc/instance.tf | 21 +++ .../terraform/gcp/modules/dataproc/variables.tf | 21 +++ .../terraform/gcp/modules/notebook/instance.tf | 21 +++ .../terraform/gcp/modules/notebook/variables.tf | 21 +++ .../helm_charts/files/get_configmap_values.sh | 21 +++ .../modules/helm_charts/step-ca-chart/.helmignore | 21 +++ .../modules/helm_charts/step-ca-chart/Chart.yaml | 23 ++- .../step-ca-chart/templates/_helpers.tpl | 21 +++ .../step-ca-chart/templates/bootstrap.yaml | 47 +++-- .../helm_charts/step-ca-chart/templates/ca.yaml | 203 ++++++++++++--------- .../step-ca-chart/templates/configmaps.yaml | 117 +++++++----- .../step-ca-chart/templates/ingress.yaml | 63 ++++--- .../helm_charts/step-ca-chart/templates/rbac.yaml | 23 ++- .../step-ca-chart/templates/secrets.yaml | 21 +++ .../step-ca-chart/templates/service.yaml | 35 +++- .../templates/tests/test-connection.yaml | 27 ++- .../modules/helm_charts/step-ca-chart/values.yaml | 25 ++- .../dlab/login/resources/css/login.css | 19 ++ .../keycloak-theme/dlab/login/theme.properties | 33 ++-- .../epam/dlab/dto/base/project/ProjectResult.java | 29 ++- .../epam/dlab/dto/project/ProjectActionDTO.java | 27 ++- .../epam/dlab/dto/project/ProjectCreateDTO.java | 33 +++- .../DropwizardBearerTokenFilterImpl.java | 19 ++ .../response/handlers/ProjectCallbackHandler.java | 19 ++ .../dlab/backendapi/resources/ProjectResource.java | 19 ++ .../dlab/backendapi/service/ProjectService.java | 27 ++- .../service/impl/ProjectServiceImpl.java | 19 ++ 56 files changed, 1566 insertions(+), 428 deletions(-) diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf b/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf index 1fb08e5..c8bea60 100644 --- a/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf +++ b/infrastructure-provisioning/terraform/aws/computational_resources/main/main.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + provider "aws" { access_key = var.access_key_id secret_key = var.secret_access_key diff --git a/infrastructure-provisioning/terraform/aws/computational_resources/main/variables.tf b/infrastructure-provisioning/terraform/aws/computational_resources/main/variables.tf index 13f0d25..25f322b 100644 --- a/infrastructure-provisioning/terraform/aws/computational_resources/main/variables.tf +++ b/infrastructure-provisioning/terraform/aws/computational_resources/main/variables.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + variable "access_key_id" {} variable "secret_access_key" {} diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/.helmignore b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/.helmignore index fbe01f8..2f795d4 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/.helmignore +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/.helmignore @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/Chart.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/Chart.yaml index 4b334aa..e9d93e2 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/Chart.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/Chart.yaml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + apiVersion: v1 appVersion: 0.13.2 description: An online certificate authority and related tools for secure automated @@ -6,7 +27,7 @@ engine: gotpl home: https://smallstep.com icon: https://raw.githubusercontent.com/smallstep/certificates/master/icon.png keywords: -- acme + - acme - authority - ca - certificate diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/_helpers.tpl b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/_helpers.tpl index e240bac..b65f748 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/_helpers.tpl +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/_helpers.tpl @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/bootstrap.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/bootstrap.yaml index 4fa3240..354c144 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/bootstrap.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/bootstrap.yaml @@ -1,11 +1,32 @@ -{{- if .Release.IsInstall -}} +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + + {{- if .Release.IsInstall -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "step-certificates.fullname" . }}-config namespace: {{.Release.Namespace}} labels: -{{ include "step-certificates.labels" . | indent 4 }} + {{ include "step-certificates.labels" . | indent 4 }} --- apiVersion: batch/v1 kind: Job @@ -24,16 +45,16 @@ spec: serviceAccountName: {{ include "step-certificates.fullname" . }}-config restartPolicy: Never volumes: - - name: bootstrap - configMap: - name: {{ include "step-certificates.fullname" . }}-bootstrap + - name: bootstrap + configMap: + name: {{ include "step-certificates.fullname" . }}-bootstrap containers: - - name: config - image: "{{ .Values.bootstrapImage.repository }}:{{ .Values.bootstrapImage.tag }}" - imagePullPolicy: {{ .Values.bootstrapImage.pullPolicy }} - command: ["/bin/sh", "/home/step/bootstrap/bootstrap.sh"] - volumeMounts: - - name: bootstrap - mountPath: /home/step/bootstrap - readOnly: true + - name: config + image: "{{ .Values.bootstrapImage.repository }}:{{ .Values.bootstrapImage.tag }}" + imagePullPolicy: {{ .Values.bootstrapImage.pullPolicy }} + command: ["/bin/sh", "/home/step/bootstrap/bootstrap.sh"] + volumeMounts: + - name: bootstrap + mountPath: /home/step/bootstrap + readOnly: true {{- end -}} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/ca.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/ca.yaml index 7c5929c..24ed08e 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/ca.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/ca.yaml @@ -1,9 +1,30 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "step-certificates.fullname" . }} labels: -{{ include "step-certificates.labels" . | indent 4 }} + {{ include "step-certificates.labels" . | indent 4 }} spec: # Only one replica is supported at this moment # Requested {{ .Values.replicaCount }} @@ -20,99 +41,99 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} spec: {{- if .Release.IsInstall }} - initContainers: - - name: {{ .Chart.Name }}-init - image: busybox:latest - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["sleep", "20"] +initContainers: + - name: {{ .Chart.Name }}-init + image: busybox:latest + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["sleep", "20"] {{- end }} - securityContext: - {{- if .Values.ca.runAsRoot }} - runAsUser: 0 - {{- else }} - runAsUser: 1000 - runAsNonRoot: true - runAsGroup: 1000 - fsGroup: 1000 - allowPrivilegeEscalation: false - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/usr/local/bin/step-ca", - "--password-file", "/home/step/secrets/passwords/password", - "/home/step/config/ca.json"] - env: - - name: NAMESPACE - value: "{{ .Release.Namespace }}" - ports: - - name: https - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - livenessProbe: - initialDelaySeconds: 5 - httpGet: - path: /health - port: {{ .Values.service.targetPort }} - scheme: HTTPS - readinessProbe: - initialDelaySeconds: 5 - httpGet: - path: /health - port: {{ .Values.service.targetPort }} - scheme: HTTPS - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: certs - mountPath: /home/step/certs - readOnly: true - - name: config - mountPath: /home/step/config - readOnly: true - - name: secrets - mountPath: /home/step/secrets - readOnly: true - - name: ca-password - mountPath: /home/step/secrets/passwords - readOnly: true - {{- if .Values.ca.db.enabled }} - - name: database - mountPath: /home/step/db - readOnly: false - {{- end }} - volumes: +securityContext: + {{- if .Values.ca.runAsRoot }} + runAsUser: 0 + {{- else }} + runAsUser: 1000 + runAsNonRoot: true + runAsGroup: 1000 + fsGroup: 1000 + allowPrivilegeEscalation: false + {{- end }} +containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/usr/local/bin/step-ca", + "--password-file", "/home/step/secrets/passwords/password", + "/home/step/config/ca.json"] + env: + - name: NAMESPACE + value: "{{ .Release.Namespace }}" + ports: + - name: https + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: /health + port: {{ .Values.service.targetPort }} + scheme: HTTPS + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: /health + port: {{ .Values.service.targetPort }} + scheme: HTTPS + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: - name: certs - configMap: - name: {{ include "step-certificates.fullname" . }}-certs + mountPath: /home/step/certs + readOnly: true - name: config - configMap: - name: {{ include "step-certificates.fullname" . }}-config + mountPath: /home/step/config + readOnly: true - name: secrets - configMap: - name: {{ include "step-certificates.fullname" . }}-secrets + mountPath: /home/step/secrets + readOnly: true - name: ca-password - secret: - secretName: {{ include "step-certificates.fullname" . }}-ca-password - {{- if and .Values.ca.db.enabled (not .Values.ca.db.persistent) }} - - name: database - emptyDir: {} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + mountPath: /home/step/secrets/passwords + readOnly: true + {{- if .Values.ca.db.enabled }} + - name: database + mountPath: /home/step/db + readOnly: false + {{- end }} +volumes: + - name: certs + configMap: + name: {{ include "step-certificates.fullname" . }}-certs + - name: config +configMap: + name: {{ include "step-certificates.fullname" . }}-config + - name: secrets +configMap: + name: {{ include "step-certificates.fullname" . }}-secrets + - name: ca-password +secret: + secretName: {{ include "step-certificates.fullname" . }}-ca-password + {{- if and .Values.ca.db.enabled (not .Values.ca.db.persistent) }} + - name: database +emptyDir: {} + {{- end }} + {{- with .Values.nodeSelector }} +nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} +affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} +tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if and .Values.ca.db.enabled .Values.ca.db.persistent }} - volumeClaimTemplates: +volumeClaimTemplates: - metadata: name: database labels: @@ -122,16 +143,16 @@ spec: spec: accessModes: {{- range .Values.ca.db.accessModes }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.ca.db.size | quote }} {{- if .Values.ca.db.storageClass }} {{- if (eq "-" .Values.ca.db.storageClass) }} - storageClassName: "" + storageClassName: "" {{- else }} - storageClassName: {{ .Values.ca.db.storageClass | quote }} + storageClassName: {{ .Values.ca.db.storageClass | quote }} {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/configmaps.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/configmaps.yaml index 28ad488..1670d9a 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/configmaps.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/configmaps.yaml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + # ConfigMaps that will be updated by the configuration job: # 1. Step CA config directory. # 2. Step CA certs direcotry. @@ -71,76 +92,76 @@ data: permission_error "create secrets" fi {{ if .Values.autocert.enabled }} - echo -n "Checking for permission to create mutatingwebhookconfiguration in {{.Release.Namespace}} namespace: " +echo -n "Checking for permission to create mutatingwebhookconfiguration in {{.Release.Namespace}} namespace: " kubectl auth can-i create mutatingwebhookconfiguration --namespace {{.Release.Namespace}} if [ $? -ne 0 ]; then permission_error "create mutatingwebhookconfiguration" - fi + fi {{- end }} - # Setting this here on purpose, after the above section which explicitly checks - # for and handles exit errors. - set -e +# Setting this here on purpose, after the above section which explicitly checks +# for and handles exit errors. + set -e - echo -e "\n\e[1mInitializating the CA...\e[0m" + echo -e "\n\e[1mInitializating the CA...\e[0m" - # CA password +# CA password {{- if .Values.ca.password }} - CA_PASSWORD={{ quote .Values.ca.password }} + CA_PASSWORD={{ quote .Values.ca.password }} {{- else }} - CA_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 ; echo '') + CA_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 ; echo '') {{- end }} - # Provisioner password +# Provisioner password {{- if .Values.ca.provisioner.password }} - CA_PROVISIONER_PASSWORD={{ quote .Values.ca.provisioner.password }} + CA_PROVISIONER_PASSWORD={{ quote .Values.ca.provisioner.password }} {{- else }} - CA_PROVISIONER_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 ; echo '') + CA_PROVISIONER_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 ; echo '') {{- end }} - TMP_CA_PASSWORD=$(mktemp /tmp/autocert.XXXXXX) - TMP_CA_PROVISIONER_PASSWORD=$(mktemp /tmp/autocert.XXXXXX) + TMP_CA_PASSWORD=$(mktemp /tmp/autocert.XXXXXX) + TMP_CA_PROVISIONER_PASSWORD=$(mktemp /tmp/autocert.XXXXXX) - echo $CA_PASSWORD > $TMP_CA_PASSWORD - echo $CA_PROVISIONER_PASSWORD > $TMP_CA_PROVISIONER_PASSWORD + echo $CA_PASSWORD > $TMP_CA_PASSWORD + echo $CA_PROVISIONER_PASSWORD > $TMP_CA_PROVISIONER_PASSWORD - step ca init \ - --name "{{.Values.ca.name}}" \ - --dns "{{include "step-certificates.dns" .}}" \ - --address "{{.Values.ca.address}}" \ - --provisioner "{{.Values.ca.provisioner.name}}" \ - --with-ca-url "{{include "step-certificates.url" .}}" \ - --password-file "$TMP_CA_PASSWORD" \ - --provisioner-password-file "$TMP_CA_PROVISIONER_PASSWORD" {{ if not .Values.ca.db.enabled }}--no-db{{ end }} + step ca init \ + --name "{{.Values.ca.name}}" \ + --dns "{{include "step-certificates.dns" .}}" \ + --address "{{.Values.ca.address}}" \ + --provisioner "{{.Values.ca.provisioner.name}}" \ + --with-ca-url "{{include "step-certificates.url" .}}" \ + --password-file "$TMP_CA_PASSWORD" \ + --provisioner-password-file "$TMP_CA_PROVISIONER_PASSWORD" {{ if not .Values.ca.db.enabled }}--no-db{{ end }} - rm -f $TMP_CA_PASSWORD $TMP_CA_PROVISIONER_PASSWORD + rm -f $TMP_CA_PASSWORD $TMP_CA_PROVISIONER_PASSWORD - echo -e "\n\e[1mCreating configmaps and secrets in {{.Release.Namespace}} namespace ...\e[0m" + echo -e "\n\e[1mCreating configmaps and secrets in {{.Release.Namespace}} namespace ...\e[0m" - # Replace secrets created on helm install - # It allows to properly remove them on helm delete - kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-config --from-file $(step path)/config - kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-certs --from-file $(step path)/certs - kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-secrets --from-file $(step path)/secrets + # Replace secrets created on helm install + # It allows to properly remove them on helm delete + kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-config --from-file $(step path)/config + kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-certs --from-file $(step path)/certs + kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-secrets --from-file $(step path)/secrets - kbreplace -n {{.Release.Namespace}} create secret generic {{ include "step-certificates.fullname" . }}-ca-password --from-literal "password=${CA_PASSWORD}" - kbreplace -n {{.Release.Namespace}} create secret generic {{ include "step-certificates.fullname" . }}-provisioner-password --from-literal "password=${CA_PROVISIONER_PASSWORD}" + kbreplace -n {{.Release.Namespace}} create secret generic {{ include "step-certificates.fullname" . }}-ca-password --from-literal "password=${CA_PASSWORD}" + kbreplace -n {{.Release.Namespace}} create secret generic {{ include "step-certificates.fullname" . }}-provisioner-password --from-literal "password=${CA_PROVISIONER_PASSWORD}" - # Label all configmaps and secrets - kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-config {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-certs {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-secrets {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - kubectl -n {{.Release.Namespace}} label secret {{ include "step-certificates.fullname" . }}-ca-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - kubectl -n {{.Release.Namespace}} label secret {{ include "step-certificates.fullname" . }}-provisioner-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +# Label all configmaps and secrets +kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-config {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-certs {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-secrets {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +kubectl -n {{.Release.Namespace}} label secret {{ include "step-certificates.fullname" . }}-ca-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +kubectl -n {{.Release.Namespace}} label secret {{ include "step-certificates.fullname" . }}-provisioner-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - # Patch webhook if autocert is enabled +# Patch webhook if autocert is enabled {{ if .Values.autocert.enabled }} - CA_BUNDLE=$(cat $(step path)/certs/root_ca.crt | base64 | tr -d '\n') - kubectl patch mutatingwebhookconfigurations {{ .Release.Name }}-autocert-webhook-config \ - --type json -p="[{\"op\":\"replace\",\"path\":\"/webhooks/0/clientConfig/caBundle\",\"value\":\"$CA_BUNDLE\"}]" + CA_BUNDLE=$(cat $(step path)/certs/root_ca.crt | base64 | tr -d '\n') + kubectl patch mutatingwebhookconfigurations {{ .Release.Name }}-autocert-webhook-config \ + --type json -p="[{\"op\":\"replace\",\"path\":\"/webhooks/0/clientConfig/caBundle\",\"value\":\"$CA_BUNDLE\"}]" {{- end }} - echo -e "\n\e[1mStep Certificates installed!\e[0m" - echo - echo "CA URL: {{include "step-certificates.url" .}}" - echo "CA Fingerprint: $(step certificate fingerprint $(step path)/certs/root_ca.crt)" - echo \ No newline at end of file + echo -e "\n\e[1mStep Certificates installed!\e[0m" + echo +echo "CA URL: {{include "step-certificates.url" .}}" +echo "CA Fingerprint: $(step certificate fingerprint $(step path)/certs/root_ca.crt)" + echo \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/ingress.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/ingress.yaml index 53264f1..240bdaf 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/ingress.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/ingress.yaml @@ -1,36 +1,57 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "step-certificates.fullname" . -}} +# ***************************************************************************** +# + # Licensed to the Apache Software Foundation (ASF) under one + # or more contributor license agreements. See the NOTICE file + # distributed with this work for additional information + # regarding copyright ownership. The ASF licenses this file + # to you under the Apache License, Version 2.0 (the + # "License"); you may not use this file except in compliance + # with the License. You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, + # software distributed under the License is distributed on an + # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + # KIND, either express or implied. See the License for the + # specific language governing permissions and limitations + # under the License. + # + # ****************************************************************************** + + {{- if .Values.ingress.enabled -}} + {{- $fullName := include "step-certificates.fullname" . -}} apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ $fullName }} labels: -{{ include "step-certificates.labels" . | indent 4 }} + {{ include "step-certificates.labels" . | indent 4 }} {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} +annotations: + {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if .Values.ingress.tls }} - tls: +tls: {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} +- hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} {{- end }} {{- end }} - rules: +rules: {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} +- host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} {{- end }} {{- end }} diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/rbac.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/rbac.yaml index 6f4e137..0534856 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/rbac.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/rbac.yaml @@ -1,4 +1,25 @@ -{{- if .Release.IsInstall -}} +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + + {{- if .Release.IsInstall -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/secrets.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/secrets.yaml index 567a989..68d0b8d 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/secrets.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/secrets.yaml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + # Secrets that will be updated by the configuration job: # 1. CA keys password. # 2. Provisioner password. diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/service.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/service.yaml index 4ec0783..dccae38 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/service.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/service.yaml @@ -1,19 +1,40 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + apiVersion: v1 kind: Service metadata: name: {{ include "step-certificates.fullname" . }} labels: -{{ include "step-certificates.labels" . | indent 4 }} + {{ include "step-certificates.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} targetPort: {{ .Values.service.targetPort }} {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} +nodePort: {{ .Values.service.nodePort }} {{- end }} - protocol: TCP - name: https - selector: - app.kubernetes.io/name: {{ include "step-certificates.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} \ No newline at end of file +protocol: TCP +name: https +selector: + app.kubernetes.io/name: {{ include "step-certificates.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/tests/test-connection.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/tests/test-connection.yaml index 5ae87c6..4fe296d 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/tests/test-connection.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/templates/tests/test-connection.yaml @@ -1,11 +1,32 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + apiVersion: v1 kind: Pod metadata: name: "{{ include "step-certificates.fullname" . }}-test-connection" labels: -{{ include "step-certificates.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success + {{ include "step-certificates.labels" . | indent 4 }} +annotations: + "helm.sh/hook": test-success spec: containers: - name: wget diff --git a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/values.yaml b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/values.yaml index a8141d6..14a3d3d 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/values.yaml +++ b/infrastructure-provisioning/terraform/aws/ssn-helm-charts/main/step-ca-chart/values.yaml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + # Default values for step-certificates. # replicaCount is the number of replicas of step-certificates. @@ -62,7 +83,7 @@ ca: storageClass: ${storage_class_name} # accessModes defines the Persistent Volume Access Mode. accessModes: - - ReadWriteOnce + - ReadWriteOnce # size is the Persistent Volume size. size: 10Gi # runAsRoot runs the ca as root instead of the step user. This is required in @@ -91,7 +112,7 @@ resources: {} # memory: 128Mi # requests: # cpu: 100m - # memory: 128Mi +# memory: 128Mi # nodeSelector contains the node labels for pod assignment. nodeSelector: {} diff --git a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/ssn-policy.json.tpl b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/ssn-policy.json.tpl index e197744..e75717d 100644 --- a/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/ssn-policy.json.tpl +++ b/infrastructure-provisioning/terraform/aws/ssn-k8s/main/files/ssn-policy.json.tpl @@ -1,3 +1,23 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** { "Version": "2012-10-17", "Statement": [ diff --git a/infrastructure-provisioning/terraform/bin/deploy/billing_app_aws.yml b/infrastructure-provisioning/terraform/bin/deploy/billing_app_aws.yml index 4fe0b75..dd33a9e 100644 --- a/infrastructure-provisioning/terraform/bin/deploy/billing_app_aws.yml +++ b/infrastructure-provisioning/terraform/bin/deploy/billing_app_aws.yml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + spring: main: allow-bean-definition-overriding: true diff --git a/infrastructure-provisioning/terraform/bin/deploy/billing_azure.yml b/infrastructure-provisioning/terraform/bin/deploy/billing_azure.yml index 66f5418..6953d49 100644 --- a/infrastructure-provisioning/terraform/bin/deploy/billing_azure.yml +++ b/infrastructure-provisioning/terraform/bin/deploy/billing_azure.yml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + spring: main: allow-bean-definition-overriding: true diff --git a/infrastructure-provisioning/terraform/bin/deploy/billing_gcp.yml b/infrastructure-provisioning/terraform/bin/deploy/billing_gcp.yml index e315979..af793ba 100644 --- a/infrastructure-provisioning/terraform/bin/deploy/billing_gcp.yml +++ b/infrastructure-provisioning/terraform/bin/deploy/billing_gcp.yml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + spring: main: allow-bean-definition-overriding: true diff --git a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py index f09731c..47ee469 100644 --- a/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py +++ b/infrastructure-provisioning/terraform/bin/deploy/endpoint_fab.py @@ -1,12 +1,33 @@ -from fabric import Connection -from patchwork.files import exists -import logging +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + import argparse +import logging +import random +import string import sys -import traceback import time -import string -import random +import traceback +from fabric import Connection +from patchwork.files import exists conn = None args = None diff --git a/infrastructure-provisioning/terraform/bin/dlab.py b/infrastructure-provisioning/terraform/bin/dlab.py index 60af3b3..68b8739 100644 --- a/infrastructure-provisioning/terraform/bin/dlab.py +++ b/infrastructure-provisioning/terraform/bin/dlab.py @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + import argparse import itertools import json @@ -9,10 +30,9 @@ import subprocess import sys import time from abc import abstractmethod - +from deploy.endpoint_fab import start_deploy from fabric import Connection from patchwork.transfers import rsync -from deploy.endpoint_fab import start_deploy sys.path.append(os.path.join(os.path.dirname(__file__), '..')) logging.basicConfig(level=logging.INFO, format='%(levelname)s-%(message)s') diff --git a/infrastructure-provisioning/terraform/bin/terraform-cli.py b/infrastructure-provisioning/terraform/bin/terraform-cli.py index 8e1bd60..f8d593b 100755 --- a/infrastructure-provisioning/terraform/bin/terraform-cli.py +++ b/infrastructure-provisioning/terraform/bin/terraform-cli.py @@ -1,17 +1,38 @@ #!/usr/bin/env python -import itertools -import json -import os + +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + import abc import argparse - -import time -from fabric import Connection -from patchwork.transfers import rsync +import itertools +import json import logging +import os import os.path import sys +import time from deploy.endpoint_fab import start_deploy +from fabric import Connection +from patchwork.transfers import rsync sys.path.append(os.path.join(os.path.dirname(__file__), '..')) logging.basicConfig(level=logging.INFO, diff --git a/infrastructure-provisioning/terraform/gcp/endpoint/provisioning.py b/infrastructure-provisioning/terraform/gcp/endpoint/provisioning.py index 33e08f7..ac36747 100644 --- a/infrastructure-provisioning/terraform/gcp/endpoint/provisioning.py +++ b/infrastructure-provisioning/terraform/gcp/endpoint/provisioning.py @@ -1,10 +1,31 @@ -from fabric import Connection -from patchwork.files import exists -import logging +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + import argparse +import logging import sys -import traceback import time +import traceback +from fabric import Connection +from patchwork.files import exists conn = None args = None diff --git a/infrastructure-provisioning/terraform/gcp/main/main.tf b/infrastructure-provisioning/terraform/gcp/main/main.tf index 3cbca78..4393f59 100644 --- a/infrastructure-provisioning/terraform/gcp/main/main.tf +++ b/infrastructure-provisioning/terraform/gcp/main/main.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + provider "google" { credentials = "${var.credentials}" project = "${var.project_name}" diff --git a/infrastructure-provisioning/terraform/gcp/main/variables.tf b/infrastructure-provisioning/terraform/gcp/main/variables.tf index 2b328ee..3c2feb0 100644 --- a/infrastructure-provisioning/terraform/gcp/main/variables.tf +++ b/infrastructure-provisioning/terraform/gcp/main/variables.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + variable "credentials" {} variable "project_name" {} diff --git a/infrastructure-provisioning/terraform/gcp/modules/common/iam.tf b/infrastructure-provisioning/terraform/gcp/modules/common/iam.tf index 6931f60..bd65eb9 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/common/iam.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/common/iam.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + locals { service_name = "${var.project_tag}-ps-sa" role_name = "${var.project_tag}-ps-role" diff --git a/infrastructure-provisioning/terraform/gcp/modules/common/network.tf b/infrastructure-provisioning/terraform/gcp/modules/common/network.tf index 8d34249..cf3d294 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/common/network.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/common/network.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + resource "google_compute_subnetwork" "subnet" { name = "${var.project_tag}-subnet" ip_cidr_range = "${var.cidr_range}" diff --git a/infrastructure-provisioning/terraform/gcp/modules/common/variables.tf b/infrastructure-provisioning/terraform/gcp/modules/common/variables.tf index b4180ad..448d373 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/common/variables.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/common/variables.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + variable "project_tag" {} variable "endpoint_tag" {} diff --git a/infrastructure-provisioning/terraform/gcp/modules/data_engine/instance.tf b/infrastructure-provisioning/terraform/gcp/modules/data_engine/instance.tf index fdb6250..a185a57 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/data_engine/instance.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/data_engine/instance.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + locals { notebook_name = "${var.project_tag}-nb-${var.notebook_name}" cluster_name = "${var.project_tag}-de-${var.notebook_name}-${var.cluster_name}" diff --git a/infrastructure-provisioning/terraform/gcp/modules/data_engine/variables.tf b/infrastructure-provisioning/terraform/gcp/modules/data_engine/variables.tf index 12c4f92..e950ed1 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/data_engine/variables.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/data_engine/variables.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + variable "project_tag" {} variable "endpoint_tag" {} diff --git a/infrastructure-provisioning/terraform/gcp/modules/dataproc/instance.tf b/infrastructure-provisioning/terraform/gcp/modules/dataproc/instance.tf index 415479c..1419c56 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/dataproc/instance.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/dataproc/instance.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + locals { dataproc_name = "${var.project_tag}-des-${var.notebook_name}-${var.cluster_name}" } diff --git a/infrastructure-provisioning/terraform/gcp/modules/dataproc/variables.tf b/infrastructure-provisioning/terraform/gcp/modules/dataproc/variables.tf index d3dcf15..bac08a2 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/dataproc/variables.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/dataproc/variables.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + variable "region" {} variable "project_tag" {} diff --git a/infrastructure-provisioning/terraform/gcp/modules/notebook/instance.tf b/infrastructure-provisioning/terraform/gcp/modules/notebook/instance.tf index 0943e51..e89f69b 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/notebook/instance.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/notebook/instance.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + locals { name = "${var.project_tag}-nb-${var.notebook_name}" } diff --git a/infrastructure-provisioning/terraform/gcp/modules/notebook/variables.tf b/infrastructure-provisioning/terraform/gcp/modules/notebook/variables.tf index 6217480..bf51d34 100644 --- a/infrastructure-provisioning/terraform/gcp/modules/notebook/variables.tf +++ b/infrastructure-provisioning/terraform/gcp/modules/notebook/variables.tf @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + variable "project_tag" {} variable "endpoint_tag" {} diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/get_configmap_values.sh b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/get_configmap_values.sh index 4f27a1b..3085eb7 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/get_configmap_values.sh +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/get_configmap_values.sh @@ -1,5 +1,26 @@ #!/bin/bash +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + creds_file_path=$1 gke_name=$2 region=$3 diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/.helmignore b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/.helmignore index fbe01f8..2f795d4 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/.helmignore +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/.helmignore @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/Chart.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/Chart.yaml index 4b334aa..e9d93e2 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/Chart.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/Chart.yaml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + apiVersion: v1 appVersion: 0.13.2 description: An online certificate authority and related tools for secure automated @@ -6,7 +27,7 @@ engine: gotpl home: https://smallstep.com icon: https://raw.githubusercontent.com/smallstep/certificates/master/icon.png keywords: -- acme + - acme - authority - ca - certificate diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl index e240bac..b65f748 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/_helpers.tpl @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/bootstrap.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/bootstrap.yaml index 4fa3240..354c144 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/bootstrap.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/bootstrap.yaml @@ -1,11 +1,32 @@ -{{- if .Release.IsInstall -}} +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + + {{- if .Release.IsInstall -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "step-certificates.fullname" . }}-config namespace: {{.Release.Namespace}} labels: -{{ include "step-certificates.labels" . | indent 4 }} + {{ include "step-certificates.labels" . | indent 4 }} --- apiVersion: batch/v1 kind: Job @@ -24,16 +45,16 @@ spec: serviceAccountName: {{ include "step-certificates.fullname" . }}-config restartPolicy: Never volumes: - - name: bootstrap - configMap: - name: {{ include "step-certificates.fullname" . }}-bootstrap + - name: bootstrap + configMap: + name: {{ include "step-certificates.fullname" . }}-bootstrap containers: - - name: config - image: "{{ .Values.bootstrapImage.repository }}:{{ .Values.bootstrapImage.tag }}" - imagePullPolicy: {{ .Values.bootstrapImage.pullPolicy }} - command: ["/bin/sh", "/home/step/bootstrap/bootstrap.sh"] - volumeMounts: - - name: bootstrap - mountPath: /home/step/bootstrap - readOnly: true + - name: config + image: "{{ .Values.bootstrapImage.repository }}:{{ .Values.bootstrapImage.tag }}" + imagePullPolicy: {{ .Values.bootstrapImage.pullPolicy }} + command: ["/bin/sh", "/home/step/bootstrap/bootstrap.sh"] + volumeMounts: + - name: bootstrap + mountPath: /home/step/bootstrap + readOnly: true {{- end -}} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/ca.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/ca.yaml index 1113f2b..2551cc5 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/ca.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/ca.yaml @@ -1,9 +1,30 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "step-certificates.fullname" . }} labels: -{{ include "step-certificates.labels" . | indent 4 }} + {{ include "step-certificates.labels" . | indent 4 }} spec: # Only one replica is supported at this moment # Requested {{ .Values.replicaCount }} @@ -21,99 +42,99 @@ spec: app: {{ include "step-certificates.fullname" . }} spec: {{- if .Release.IsInstall }} - initContainers: - - name: {{ .Chart.Name }}-init - image: busybox:latest - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["sleep", "20"] +initContainers: + - name: {{ .Chart.Name }}-init + image: busybox:latest + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["sleep", "20"] {{- end }} - securityContext: - {{- if .Values.ca.runAsRoot }} - runAsUser: 0 - {{- else }} - runAsUser: 1000 - runAsNonRoot: true - runAsGroup: 1000 - fsGroup: 1000 - allowPrivilegeEscalation: false - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/usr/local/bin/step-ca", - "--password-file", "/home/step/secrets/passwords/password", - "/home/step/config/ca.json"] - env: - - name: NAMESPACE - value: "{{ .Release.Namespace }}" - ports: - - name: https - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - livenessProbe: - initialDelaySeconds: 5 - httpGet: - path: /health - port: {{ .Values.service.targetPort }} - scheme: HTTPS - readinessProbe: - initialDelaySeconds: 5 - httpGet: - path: /health - port: {{ .Values.service.targetPort }} - scheme: HTTPS - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: certs - mountPath: /home/step/certs - readOnly: true - - name: config - mountPath: /home/step/config - readOnly: true - - name: secrets - mountPath: /home/step/secrets - readOnly: true - - name: ca-password - mountPath: /home/step/secrets/passwords - readOnly: true - {{- if .Values.ca.db.enabled }} - - name: database - mountPath: /home/step/db - readOnly: false - {{- end }} - volumes: +securityContext: + {{- if .Values.ca.runAsRoot }} + runAsUser: 0 + {{- else }} + runAsUser: 1000 + runAsNonRoot: true + runAsGroup: 1000 + fsGroup: 1000 + allowPrivilegeEscalation: false + {{- end }} +containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/usr/local/bin/step-ca", + "--password-file", "/home/step/secrets/passwords/password", + "/home/step/config/ca.json"] + env: + - name: NAMESPACE + value: "{{ .Release.Namespace }}" + ports: + - name: https + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + livenessProbe: + initialDelaySeconds: 5 + httpGet: + path: /health + port: {{ .Values.service.targetPort }} + scheme: HTTPS + readinessProbe: + initialDelaySeconds: 5 + httpGet: + path: /health + port: {{ .Values.service.targetPort }} + scheme: HTTPS + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: - name: certs - configMap: - name: {{ include "step-certificates.fullname" . }}-certs + mountPath: /home/step/certs + readOnly: true - name: config - configMap: - name: {{ include "step-certificates.fullname" . }}-config + mountPath: /home/step/config + readOnly: true - name: secrets - configMap: - name: {{ include "step-certificates.fullname" . }}-secrets + mountPath: /home/step/secrets + readOnly: true - name: ca-password - secret: - secretName: {{ include "step-certificates.fullname" . }}-ca-password - {{- if and .Values.ca.db.enabled (not .Values.ca.db.persistent) }} - - name: database - emptyDir: {} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + mountPath: /home/step/secrets/passwords + readOnly: true + {{- if .Values.ca.db.enabled }} + - name: database + mountPath: /home/step/db + readOnly: false + {{- end }} +volumes: + - name: certs + configMap: + name: {{ include "step-certificates.fullname" . }}-certs + - name: config +configMap: + name: {{ include "step-certificates.fullname" . }}-config + - name: secrets +configMap: + name: {{ include "step-certificates.fullname" . }}-secrets + - name: ca-password +secret: + secretName: {{ include "step-certificates.fullname" . }}-ca-password + {{- if and .Values.ca.db.enabled (not .Values.ca.db.persistent) }} + - name: database +emptyDir: {} + {{- end }} + {{- with .Values.nodeSelector }} +nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} +affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} +tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if and .Values.ca.db.enabled .Values.ca.db.persistent }} - volumeClaimTemplates: +volumeClaimTemplates: - metadata: name: database labels: @@ -123,16 +144,16 @@ spec: spec: accessModes: {{- range .Values.ca.db.accessModes }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} resources: requests: storage: {{ .Values.ca.db.size | quote }} {{- if .Values.ca.db.storageClass }} {{- if (eq "-" .Values.ca.db.storageClass) }} - storageClassName: "" + storageClassName: "" {{- else }} - storageClassName: {{ .Values.ca.db.storageClass | quote }} + storageClassName: {{ .Values.ca.db.storageClass | quote }} {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/configmaps.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/configmaps.yaml index 28ad488..1670d9a 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/configmaps.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/configmaps.yaml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + # ConfigMaps that will be updated by the configuration job: # 1. Step CA config directory. # 2. Step CA certs direcotry. @@ -71,76 +92,76 @@ data: permission_error "create secrets" fi {{ if .Values.autocert.enabled }} - echo -n "Checking for permission to create mutatingwebhookconfiguration in {{.Release.Namespace}} namespace: " +echo -n "Checking for permission to create mutatingwebhookconfiguration in {{.Release.Namespace}} namespace: " kubectl auth can-i create mutatingwebhookconfiguration --namespace {{.Release.Namespace}} if [ $? -ne 0 ]; then permission_error "create mutatingwebhookconfiguration" - fi + fi {{- end }} - # Setting this here on purpose, after the above section which explicitly checks - # for and handles exit errors. - set -e +# Setting this here on purpose, after the above section which explicitly checks +# for and handles exit errors. + set -e - echo -e "\n\e[1mInitializating the CA...\e[0m" + echo -e "\n\e[1mInitializating the CA...\e[0m" - # CA password +# CA password {{- if .Values.ca.password }} - CA_PASSWORD={{ quote .Values.ca.password }} + CA_PASSWORD={{ quote .Values.ca.password }} {{- else }} - CA_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 ; echo '') + CA_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 ; echo '') {{- end }} - # Provisioner password +# Provisioner password {{- if .Values.ca.provisioner.password }} - CA_PROVISIONER_PASSWORD={{ quote .Values.ca.provisioner.password }} + CA_PROVISIONER_PASSWORD={{ quote .Values.ca.provisioner.password }} {{- else }} - CA_PROVISIONER_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 ; echo '') + CA_PROVISIONER_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 ; echo '') {{- end }} - TMP_CA_PASSWORD=$(mktemp /tmp/autocert.XXXXXX) - TMP_CA_PROVISIONER_PASSWORD=$(mktemp /tmp/autocert.XXXXXX) + TMP_CA_PASSWORD=$(mktemp /tmp/autocert.XXXXXX) + TMP_CA_PROVISIONER_PASSWORD=$(mktemp /tmp/autocert.XXXXXX) - echo $CA_PASSWORD > $TMP_CA_PASSWORD - echo $CA_PROVISIONER_PASSWORD > $TMP_CA_PROVISIONER_PASSWORD + echo $CA_PASSWORD > $TMP_CA_PASSWORD + echo $CA_PROVISIONER_PASSWORD > $TMP_CA_PROVISIONER_PASSWORD - step ca init \ - --name "{{.Values.ca.name}}" \ - --dns "{{include "step-certificates.dns" .}}" \ - --address "{{.Values.ca.address}}" \ - --provisioner "{{.Values.ca.provisioner.name}}" \ - --with-ca-url "{{include "step-certificates.url" .}}" \ - --password-file "$TMP_CA_PASSWORD" \ - --provisioner-password-file "$TMP_CA_PROVISIONER_PASSWORD" {{ if not .Values.ca.db.enabled }}--no-db{{ end }} + step ca init \ + --name "{{.Values.ca.name}}" \ + --dns "{{include "step-certificates.dns" .}}" \ + --address "{{.Values.ca.address}}" \ + --provisioner "{{.Values.ca.provisioner.name}}" \ + --with-ca-url "{{include "step-certificates.url" .}}" \ + --password-file "$TMP_CA_PASSWORD" \ + --provisioner-password-file "$TMP_CA_PROVISIONER_PASSWORD" {{ if not .Values.ca.db.enabled }}--no-db{{ end }} - rm -f $TMP_CA_PASSWORD $TMP_CA_PROVISIONER_PASSWORD + rm -f $TMP_CA_PASSWORD $TMP_CA_PROVISIONER_PASSWORD - echo -e "\n\e[1mCreating configmaps and secrets in {{.Release.Namespace}} namespace ...\e[0m" + echo -e "\n\e[1mCreating configmaps and secrets in {{.Release.Namespace}} namespace ...\e[0m" - # Replace secrets created on helm install - # It allows to properly remove them on helm delete - kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-config --from-file $(step path)/config - kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-certs --from-file $(step path)/certs - kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-secrets --from-file $(step path)/secrets + # Replace secrets created on helm install + # It allows to properly remove them on helm delete + kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-config --from-file $(step path)/config + kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-certs --from-file $(step path)/certs + kbreplace -n {{.Release.Namespace}} create configmap {{ include "step-certificates.fullname" . }}-secrets --from-file $(step path)/secrets - kbreplace -n {{.Release.Namespace}} create secret generic {{ include "step-certificates.fullname" . }}-ca-password --from-literal "password=${CA_PASSWORD}" - kbreplace -n {{.Release.Namespace}} create secret generic {{ include "step-certificates.fullname" . }}-provisioner-password --from-literal "password=${CA_PROVISIONER_PASSWORD}" + kbreplace -n {{.Release.Namespace}} create secret generic {{ include "step-certificates.fullname" . }}-ca-password --from-literal "password=${CA_PASSWORD}" + kbreplace -n {{.Release.Namespace}} create secret generic {{ include "step-certificates.fullname" . }}-provisioner-password --from-literal "password=${CA_PROVISIONER_PASSWORD}" - # Label all configmaps and secrets - kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-config {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-certs {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-secrets {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - kubectl -n {{.Release.Namespace}} label secret {{ include "step-certificates.fullname" . }}-ca-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - kubectl -n {{.Release.Namespace}} label secret {{ include "step-certificates.fullname" . }}-provisioner-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +# Label all configmaps and secrets +kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-config {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-certs {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +kubectl -n {{.Release.Namespace}} label configmap {{ include "step-certificates.fullname" . }}-secrets {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +kubectl -n {{.Release.Namespace}} label secret {{ include "step-certificates.fullname" . }}-ca-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} +kubectl -n {{.Release.Namespace}} label secret {{ include "step-certificates.fullname" . }}-provisioner-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }} - # Patch webhook if autocert is enabled +# Patch webhook if autocert is enabled {{ if .Values.autocert.enabled }} - CA_BUNDLE=$(cat $(step path)/certs/root_ca.crt | base64 | tr -d '\n') - kubectl patch mutatingwebhookconfigurations {{ .Release.Name }}-autocert-webhook-config \ - --type json -p="[{\"op\":\"replace\",\"path\":\"/webhooks/0/clientConfig/caBundle\",\"value\":\"$CA_BUNDLE\"}]" + CA_BUNDLE=$(cat $(step path)/certs/root_ca.crt | base64 | tr -d '\n') + kubectl patch mutatingwebhookconfigurations {{ .Release.Name }}-autocert-webhook-config \ + --type json -p="[{\"op\":\"replace\",\"path\":\"/webhooks/0/clientConfig/caBundle\",\"value\":\"$CA_BUNDLE\"}]" {{- end }} - echo -e "\n\e[1mStep Certificates installed!\e[0m" - echo - echo "CA URL: {{include "step-certificates.url" .}}" - echo "CA Fingerprint: $(step certificate fingerprint $(step path)/certs/root_ca.crt)" - echo \ No newline at end of file + echo -e "\n\e[1mStep Certificates installed!\e[0m" + echo +echo "CA URL: {{include "step-certificates.url" .}}" +echo "CA Fingerprint: $(step certificate fingerprint $(step path)/certs/root_ca.crt)" + echo \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/ingress.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/ingress.yaml index 53264f1..240bdaf 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/ingress.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/ingress.yaml @@ -1,36 +1,57 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "step-certificates.fullname" . -}} +# ***************************************************************************** +# + # Licensed to the Apache Software Foundation (ASF) under one + # or more contributor license agreements. See the NOTICE file + # distributed with this work for additional information + # regarding copyright ownership. The ASF licenses this file + # to you under the Apache License, Version 2.0 (the + # "License"); you may not use this file except in compliance + # with the License. You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, + # software distributed under the License is distributed on an + # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + # KIND, either express or implied. See the License for the + # specific language governing permissions and limitations + # under the License. + # + # ****************************************************************************** + + {{- if .Values.ingress.enabled -}} + {{- $fullName := include "step-certificates.fullname" . -}} apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ $fullName }} labels: -{{ include "step-certificates.labels" . | indent 4 }} + {{ include "step-certificates.labels" . | indent 4 }} {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} +annotations: + {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if .Values.ingress.tls }} - tls: +tls: {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} +- hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} {{- end }} {{- end }} - rules: +rules: {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} +- host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} {{- end }} {{- end }} diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/rbac.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/rbac.yaml index 6f4e137..0534856 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/rbac.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/rbac.yaml @@ -1,4 +1,25 @@ -{{- if .Release.IsInstall -}} +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + + {{- if .Release.IsInstall -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/secrets.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/secrets.yaml index 567a989..68d0b8d 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/secrets.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/secrets.yaml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + # Secrets that will be updated by the configuration job: # 1. CA keys password. # 2. Provisioner password. diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/service.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/service.yaml index 4ec0783..dccae38 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/service.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/service.yaml @@ -1,19 +1,40 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + apiVersion: v1 kind: Service metadata: name: {{ include "step-certificates.fullname" . }} labels: -{{ include "step-certificates.labels" . | indent 4 }} + {{ include "step-certificates.labels" . | indent 4 }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} targetPort: {{ .Values.service.targetPort }} {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} +nodePort: {{ .Values.service.nodePort }} {{- end }} - protocol: TCP - name: https - selector: - app.kubernetes.io/name: {{ include "step-certificates.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} \ No newline at end of file +protocol: TCP +name: https +selector: + app.kubernetes.io/name: {{ include "step-certificates.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} \ No newline at end of file diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/tests/test-connection.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/tests/test-connection.yaml index 5ae87c6..4fe296d 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/tests/test-connection.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/templates/tests/test-connection.yaml @@ -1,11 +1,32 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + apiVersion: v1 kind: Pod metadata: name: "{{ include "step-certificates.fullname" . }}-test-connection" labels: -{{ include "step-certificates.labels" . | indent 4 }} - annotations: - "helm.sh/hook": test-success + {{ include "step-certificates.labels" . | indent 4 }} +annotations: + "helm.sh/hook": test-success spec: containers: - name: wget diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml index 45350b6..269e7fa 100644 --- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml +++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/step-ca-chart/values.yaml @@ -1,3 +1,24 @@ +# ***************************************************************************** +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# ****************************************************************************** + # Default values for step-certificates. # replicaCount is the number of replicas of step-certificates. @@ -63,7 +84,7 @@ ca: storageClass: standard # accessModes defines the Persistent Volume Access Mode. accessModes: - - ReadWriteOnce + - ReadWriteOnce # size is the Persistent Volume size. size: 10Gi # runAsRoot runs the ca as root instead of the step user. This is required in @@ -92,7 +113,7 @@ resources: {} # memory: 128Mi # requests: # cpu: 100m - # memory: 128Mi +# memory: 128Mi # nodeSelector contains the node labels for pod assignment. nodeSelector: {} diff --git a/infrastructure-provisioning/terraform/keycloak-theme/dlab/login/resources/css/login.css b/infrastructure-provisioning/terraform/keycloak-theme/dlab/login/resources/css/login.css index b31310a..1f5d717 100644 --- a/infrastructure-provisioning/terraform/keycloak-theme/dlab/login/resources/css/login.css +++ b/infrastructure-provisioning/terraform/keycloak-theme/dlab/login/resources/css/login.css @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + .login-pf body { background: url("../img/login-background.png") no-repeat center center fixed; background-size: cover; diff --git a/infrastructure-provisioning/terraform/keycloak-theme/dlab/login/theme.properties b/infrastructure-provisioning/terraform/keycloak-theme/dlab/login/theme.properties index ed1c3c1..5ff84ad 100644 --- a/infrastructure-provisioning/terraform/keycloak-theme/dlab/login/theme.properties +++ b/infrastructure-provisioning/terraform/keycloak-theme/dlab/login/theme.properties @@ -1,25 +1,36 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# parent=base import=common/keycloak - styles=node_modules/patternfly/dist/css/patternfly.css node_modules/patternfly/dist/css/patternfly-additions.css lib/zocial/zocial.css css/login.css meta=viewport==width=device-width,initial-scale=1 - kcHtmlClass=login-pf kcLoginClass=login-pf-page - kcLogoLink=http://www.keycloak.org - kcLogoClass=login-pf-brand - kcContainerClass=container-fluid kcContentClass=col-sm-8 col-sm-offset-2 col-md-6 col-md-offset-3 col-lg-6 col-lg-offset-3 kcContentWrapperClass=row - kcHeaderClass=login-pf-page-header kcFeedbackAreaClass=col-md-12 kcLocaleClass=col-xs-12 col-sm-1 kcAlertIconClasserror=pficon pficon-error-circle-o - kcFormAreaClass=col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2 col-lg-8 col-lg-offset-2 kcFormCardClass=card-pf kcFormCardAccountClass=login-pf-accounts @@ -29,13 +40,10 @@ kcFormSocialAccountListClass=login-pf-social list-unstyled login-pf-social-all kcFormSocialAccountDoubleListClass=login-pf-social-double-col kcFormSocialAccountListLinkClass=login-pf-social-link kcFormHeaderClass=login-pf-header - kcFeedbackErrorIcon=pficon pficon-error-circle-o kcFeedbackWarningIcon=pficon pficon-warning-triangle-o kcFeedbackSuccessIcon=pficon pficon-ok kcFeedbackInfoIcon=pficon pficon-info - - kcFormClass=form-horizontal kcFormGroupClass=form-group kcFormGroupErrorClass=has-error @@ -48,10 +56,7 @@ kcFormButtonsClass=col-xs-12 col-sm-12 col-md-12 col-lg-12 kcFormSettingClass=login-pf-settings kcTextareaClass=form-control kcSignUpClass=login-pf-signup - - kcInfoAreaClass=col-xs-12 col-sm-4 col-md-4 col-lg-5 details - ##### css classes for form buttons # main class used for all buttons kcButtonClass=btn @@ -61,9 +66,7 @@ kcButtonDefaultClass=btn-default # classes defining size of the button kcButtonLargeClass=btn-lg kcButtonBlockClass=btn-block - ##### css classes for input kcInputLargeClass=input-lg - ##### css classes for form accessability kcSrOnlyClass=sr-only diff --git a/services/dlab-model/src/main/java/com/epam/dlab/dto/base/project/ProjectResult.java b/services/dlab-model/src/main/java/com/epam/dlab/dto/base/project/ProjectResult.java index 11a6db6..0c88022 100644 --- a/services/dlab-model/src/main/java/com/epam/dlab/dto/base/project/ProjectResult.java +++ b/services/dlab-model/src/main/java/com/epam/dlab/dto/base/project/ProjectResult.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package com.epam.dlab.dto.base.project; import com.epam.dlab.dto.StatusBaseDTO; @@ -9,10 +28,10 @@ import lombok.Data; @Data @JsonIgnoreProperties(ignoreUnknown = true) public class ProjectResult extends StatusBaseDTO<ProjectResult> { - private EdgeInfo edgeInfo; - @JsonProperty("project_name") - private String projectName; - @JsonProperty("endpoint_name") - private String endpointName; + private EdgeInfo edgeInfo; + @JsonProperty("project_name") + private String projectName; + @JsonProperty("endpoint_name") + private String endpointName; } diff --git a/services/dlab-model/src/main/java/com/epam/dlab/dto/project/ProjectActionDTO.java b/services/dlab-model/src/main/java/com/epam/dlab/dto/project/ProjectActionDTO.java index 23039be..93b955e 100644 --- a/services/dlab-model/src/main/java/com/epam/dlab/dto/project/ProjectActionDTO.java +++ b/services/dlab-model/src/main/java/com/epam/dlab/dto/project/ProjectActionDTO.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package com.epam.dlab.dto.project; import com.epam.dlab.dto.ResourceBaseDTO; @@ -8,8 +27,8 @@ import lombok.Data; @Data @AllArgsConstructor public class ProjectActionDTO extends ResourceBaseDTO<ProjectActionDTO> { - @JsonProperty("project_name") - private final String name; - @JsonProperty("endpoint_name") - private final String endpoint; + @JsonProperty("project_name") + private final String name; + @JsonProperty("endpoint_name") + private final String endpoint; } diff --git a/services/dlab-model/src/main/java/com/epam/dlab/dto/project/ProjectCreateDTO.java b/services/dlab-model/src/main/java/com/epam/dlab/dto/project/ProjectCreateDTO.java index c64c505..47b49b2 100644 --- a/services/dlab-model/src/main/java/com/epam/dlab/dto/project/ProjectCreateDTO.java +++ b/services/dlab-model/src/main/java/com/epam/dlab/dto/project/ProjectCreateDTO.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package com.epam.dlab.dto.project; import com.epam.dlab.dto.ResourceBaseDTO; @@ -8,11 +27,11 @@ import lombok.Data; @Data @Builder public class ProjectCreateDTO extends ResourceBaseDTO<ProjectCreateDTO> { - private final String key; - @JsonProperty("project_name") - private final String name; - @JsonProperty("project_tag") - private final String tag; - @JsonProperty("endpoint_name") - private final String endpoint; + private final String key; + @JsonProperty("project_name") + private final String name; + @JsonProperty("project_tag") + private final String tag; + @JsonProperty("endpoint_name") + private final String endpoint; } diff --git a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/DropwizardBearerTokenFilterImpl.java b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/DropwizardBearerTokenFilterImpl.java index 9be4251..fc2659c 100644 --- a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/DropwizardBearerTokenFilterImpl.java +++ b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/DropwizardBearerTokenFilterImpl.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package com.epam.dlab.backendapi; import org.keycloak.adapters.AdapterDeploymentContext; diff --git a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/core/response/handlers/ProjectCallbackHandler.java b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/core/response/handlers/ProjectCallbackHandler.java index 688edb8..d25a2e1 100644 --- a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/core/response/handlers/ProjectCallbackHandler.java +++ b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/core/response/handlers/ProjectCallbackHandler.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package com.epam.dlab.backendapi.core.response.handlers; import com.epam.dlab.backendapi.core.commands.DockerAction; diff --git a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/resources/ProjectResource.java b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/resources/ProjectResource.java index 005ad9f..2113e8c 100644 --- a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/resources/ProjectResource.java +++ b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/resources/ProjectResource.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package com.epam.dlab.backendapi.resources; import com.epam.dlab.auth.UserInfo; diff --git a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/ProjectService.java b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/ProjectService.java index 65d4b70..1840fbb 100644 --- a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/ProjectService.java +++ b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/ProjectService.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package com.epam.dlab.backendapi.service; import com.epam.dlab.auth.UserInfo; @@ -6,11 +25,11 @@ import com.epam.dlab.dto.project.ProjectCreateDTO; public interface ProjectService { - String create(UserInfo userInfo, ProjectCreateDTO projectCreateDTO); + String create(UserInfo userInfo, ProjectCreateDTO projectCreateDTO); - String terminate(UserInfo userInfo, ProjectActionDTO dto); + String terminate(UserInfo userInfo, ProjectActionDTO dto); - String start(UserInfo userInfo, ProjectActionDTO dto); + String start(UserInfo userInfo, ProjectActionDTO dto); - String stop(UserInfo userInfo, ProjectActionDTO dto); + String stop(UserInfo userInfo, ProjectActionDTO dto); } diff --git a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/ProjectServiceImpl.java b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/ProjectServiceImpl.java index 1daf93f..229e21c 100644 --- a/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/ProjectServiceImpl.java +++ b/services/provisioning-service/src/main/java/com/epam/dlab/backendapi/service/impl/ProjectServiceImpl.java @@ -1,3 +1,22 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package com.epam.dlab.backendapi.service.impl; import com.epam.dlab.auth.UserInfo; --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org For additional commands, e-mail: commits-h...@dlab.apache.org