support managed SDK deployment (#89)

* support a managed sdk deployment

* expose airgap value

* address feedback

* user agent from env var

* add unit test for replicated and app ids

* template test for userAgent

* fix pact tests

* remove one more userAgent field

.github/workflows/main.yaml

@@ -114,6 +114,13 @@ jobs:
             exit 1
           fi
 
+          output=$(helm template oci://ttl.sh/automated-${{ github.run_id }}/replicated --version 0.0.0 --set userAgent=test-user-agent)
+
+          if ! echo $output | grep -q 'value: "test-user-agent"'; then
+            printf "user-set userAgent should exist:\n\n%s\n\n" "$output"
+            exit 1
+          fi
+
           cat << EOF >> test-values.yaml
           extraEnv:
           - name: TEST_EXTRA_ENV

chart/templates/replicated-deployment.yaml

@@ -60,6 +60,8 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
+        - name: DISABLE_OUTBOUND_CONNECTIONS
+          value: {{ .Values.isAirgap | default "false" | quote }}
         - name: IS_HELM_MANAGED
           value: "true"
         - name: HELM_RELEASE_NAME
@@ -83,6 +85,8 @@ spec:
               name: {{ include "replicated.secretName" . }}
               key: integration-license-id
         {{- end }}
+        - name: REPLICATED_USER_AGENT
+          value: {{ .Values.userAgent | default "" | quote }}
         ports:
         - containerPort: 3000
           name: http

chart/templates/replicated-secret.yaml

@@ -29,6 +29,8 @@ stringData:
     statusInformers:
       {{- .Values.statusInformers | toYaml | nindent 6 }}
     {{- end }}
+    replicatedID: {{ .Values.replicatedID | default "" | quote }}
+    appID: {{ .Values.appID | default "" | quote }}
   {{- if (.Values.integration).licenseID }}
   integration-license-id: {{ .Values.integration.licenseID }}
   {{- end }}

chart/values.yaml.tmpl

@@ -50,3 +50,9 @@ integration:
   licenseID: ""
   # enabled: false
   mockData: ""
+
+isAirgap: false
+
+userAgent: ""
+replicatedID: ""
+appID: ""

cmd/replicated/api.go

@@ -5,10 +5,8 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
-	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/replicatedhq/replicated-sdk/pkg/apiserver"
 	"github.com/replicatedhq/replicated-sdk/pkg/config"
-	sdklicense "github.com/replicatedhq/replicated-sdk/pkg/license"
 	"github.com/replicatedhq/replicated-sdk/pkg/logger"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -38,7 +36,6 @@ func APICmd() *cobra.Command {
 				return errors.New("either config file or integration license id must be specified")
 			}
 
-			var err error
 			var replicatedConfig = new(config.ReplicatedConfig)
 			if configFilePath != "" {
 				configFile, err := os.ReadFile(configFilePath)
@@ -59,23 +56,10 @@ func APICmd() *cobra.Command {
 				return errors.New("only one of license in the config file or integration license id can be specified")
 			}
 
-			var license *kotsv1beta1.License
-			if replicatedConfig.License != "" {
-				if license, err = sdklicense.LoadLicenseFromBytes([]byte(replicatedConfig.License)); err != nil {
-					return errors.Wrap(err, "failed to parse license from base64")
-				}
-			} else if integrationLicenseID != "" {
-				if license, err = sdklicense.GetLicenseByID(integrationLicenseID, replicatedConfig.ReplicatedAppEndpoint); err != nil {
-					return errors.Wrap(err, "failed to get license by id for integration license id")
-				}
-				if license.Spec.LicenseType != "dev" {
-					return errors.New("integration license must be a dev license")
-				}
-			}
-
 			params := apiserver.APIServerParams{
 				Context:               cmd.Context(),
-				License:               license,
+				LicenseBytes:          []byte(replicatedConfig.License),
+				IntegrationLicenseID:  integrationLicenseID,
 				LicenseFields:         replicatedConfig.LicenseFields,
 				AppName:               replicatedConfig.AppName,
 				ChannelID:             replicatedConfig.ChannelID,
@@ -87,6 +71,8 @@ func APICmd() *cobra.Command {
 				VersionLabel:          replicatedConfig.VersionLabel,
 				ReplicatedAppEndpoint: replicatedConfig.ReplicatedAppEndpoint,
 				StatusInformers:       replicatedConfig.StatusInformers,
+				ReplicatedID:          replicatedConfig.ReplicatedID,
+				AppID:                 replicatedConfig.AppID,
 				Namespace:             namespace,
 			}
 			apiserver.Start(params)

pact/custom_metrics_test.go

@@ -73,9 +73,7 @@ func TestSendCustomApplicationMetrics(t *testing.T) {
 			ChannelID:             license.Spec.ChannelID,
 			ChannelSequence:       channelSequence,
 		}
-		if err := store.InitInMemory(storeOptions); err != nil {
-			t.Fatalf("Error on InitInMemory: %v", err)
-		}
+		store.InitInMemory(storeOptions)
 		defer store.SetStore(nil)
 
 		if err := pact.Verify(func() error {

pkg/apiserver/bootstrap.go

@@ -3,6 +3,7 @@ package apiserver
 import (
 	"github.com/cenkalti/backoff/v4"
 	"github.com/pkg/errors"
+	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	"github.com/replicatedhq/replicated-sdk/pkg/appstate"
 	appstatetypes "github.com/replicatedhq/replicated-sdk/pkg/appstate/types"
 	"github.com/replicatedhq/replicated-sdk/pkg/heartbeat"
@@ -18,7 +19,45 @@ import (
 )
 
 func bootstrap(params APIServerParams) error {
-	verifiedLicense, err := sdklicense.VerifySignature(params.License)
+	clientset, err := k8sutil.GetClientset()
+	if err != nil {
+		return errors.Wrap(err, "failed to get clientset")
+	}
+
+	replicatedID, appID := params.ReplicatedID, params.AppID
+	if replicatedID == "" || appID == "" {
+		// retrieve replicated and app ids
+		replicatedID, appID, err = util.GetReplicatedAndAppIDs(clientset, params.Namespace)
+		if err != nil {
+			return errors.Wrap(err, "failed to get replicated and app ids")
+		}
+	}
+	if replicatedID == "" {
+		return backoff.Permanent(errors.New("Replicated ID not found"))
+	}
+	if appID == "" {
+		return backoff.Permanent(errors.New("App ID not found"))
+	}
+
+	var unverifiedLicense *kotsv1beta1.License
+	if len(params.LicenseBytes) > 0 {
+		l, err := sdklicense.LoadLicenseFromBytes(params.LicenseBytes)
+		if err != nil {
+			return errors.Wrap(err, "failed to parse license from base64")
+		}
+		unverifiedLicense = l
+	} else if params.IntegrationLicenseID != "" {
+		l, err := sdklicense.GetLicenseByID(params.IntegrationLicenseID, params.ReplicatedAppEndpoint)
+		if err != nil {
+			return backoff.Permanent(errors.Wrap(err, "failed to get license by id for integration license id"))
+		}
+		if l.Spec.LicenseType != "dev" {
+			return errors.New("integration license must be a dev license")
+		}
+		unverifiedLicense = l
+	}
+
+	verifiedLicense, err := sdklicense.VerifySignature(unverifiedLicense)
 	if err != nil {
 		return backoff.Permanent(errors.Wrap(err, "failed to verify license signature"))
 	}
@@ -41,18 +80,6 @@ func bootstrap(params APIServerParams) error {
 		return backoff.Permanent(errors.New("License is expired"))
 	}
 
-	// retrieve replicated and app ids
-	replicatedID, appID, err := util.GetReplicatedAndAppIDs(params.Namespace)
-	if err != nil {
-		return errors.Wrap(err, "failed to get replicated and app ids")
-	}
-	if replicatedID == "" {
-		return backoff.Permanent(errors.New("Replicated ID not found"))
-	}
-	if appID == "" {
-		return backoff.Permanent(errors.New("App ID not found"))
-	}
-
 	channelID := params.ChannelID
 	if channelID == "" {
 		channelID = verifiedLicense.Spec.ChannelID
@@ -64,8 +91,6 @@ func bootstrap(params APIServerParams) error {
 	}
 
 	storeOptions := store.InitInMemoryStoreOptions{
-		ReplicatedID:          replicatedID,
-		AppID:                 appID,
 		License:               verifiedLicense,
 		LicenseFields:         params.LicenseFields,
 		AppName:               params.AppName,
@@ -78,15 +103,10 @@ func bootstrap(params APIServerParams) error {
 		VersionLabel:          params.VersionLabel,
 		ReplicatedAppEndpoint: params.ReplicatedAppEndpoint,
 		Namespace:             params.Namespace,
+		ReplicatedID:          replicatedID,
+		AppID:                 appID,
 	}
-	if err := store.InitInMemory(storeOptions); err != nil {
-		return errors.Wrap(err, "failed to init store")
-	}
-
-	clientset, err := k8sutil.GetClientset()
-	if err != nil {
-		return errors.Wrap(err, "failed to get clientset")
-	}
+	store.InitInMemory(storeOptions)
 
 	isIntegrationModeEnabled, err := integration.IsEnabled(params.Context, clientset, store.GetStore().GetNamespace(), store.GetStore().GetLicense())
 	if err != nil {

pkg/apiserver/server.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/cenkalti/backoff/v4"
 	"github.com/gorilla/mux"
-	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
 	appstatetypes "github.com/replicatedhq/replicated-sdk/pkg/appstate/types"
 	"github.com/replicatedhq/replicated-sdk/pkg/buildversion"
 	"github.com/replicatedhq/replicated-sdk/pkg/handlers"
@@ -17,7 +16,8 @@ import (
 
 type APIServerParams struct {
 	Context               context.Context
-	License               *kotsv1beta1.License
+	LicenseBytes          []byte
+	IntegrationLicenseID  string
 	LicenseFields         sdklicensetypes.LicenseFields
 	AppName               string
 	ChannelID             string
@@ -29,6 +29,8 @@ type APIServerParams struct {
 	VersionLabel          string
 	ReplicatedAppEndpoint string
 	StatusInformers       []appstatetypes.StatusInformerString
+	ReplicatedID          string
+	AppID                 string
 	Namespace             string
 }
 

pkg/buildversion/buildversion.go

@@ -2,6 +2,7 @@ package buildversion
 
 import (
 	"fmt"
+	"os"
 	"runtime"
 	"time"
 )
@@ -76,5 +77,8 @@ func getGoInfo() GoInfo {
 }
 
 func GetUserAgent() string {
+	if os.Getenv("REPLICATED_USER_AGENT") != "" {
+		return os.Getenv("REPLICATED_USER_AGENT")
+	}
 	return fmt.Sprintf("Replicated-SDK/%s", Version())
 }

pkg/config/config.go

@@ -20,6 +20,8 @@ type ReplicatedConfig struct {
 	VersionLabel          string                               `yaml:"versionLabel"`
 	ReplicatedAppEndpoint string                               `yaml:"replicatedAppEndpoint"`
 	StatusInformers       []appstatetypes.StatusInformerString `yaml:"statusInformers"`
+	ReplicatedID          string                               `yaml:"replicatedID"`
+	AppID                 string                               `yaml:"appID"`
 }
 
 func ParseReplicatedConfig(config []byte) (*ReplicatedConfig, error) {

pkg/store/memory_store.go

@@ -44,13 +44,13 @@ type InitInMemoryStoreOptions struct {
 	Namespace             string
 }
 
-func InitInMemory(options InitInMemoryStoreOptions) error {
+func InitInMemory(options InitInMemoryStoreOptions) {
 	SetStore(&InMemoryStore{
 		replicatedID:          options.ReplicatedID,
 		appID:                 options.AppID,
+		appSlug:               options.License.Spec.AppSlug,
 		license:               options.License,
 		licenseFields:         options.LicenseFields,
-		appSlug:               options.License.Spec.AppSlug,
 		appName:               options.AppName,
 		channelID:             options.ChannelID,
 		channelName:           options.ChannelName,
@@ -62,8 +62,6 @@ func InitInMemory(options InitInMemoryStoreOptions) error {
 		replicatedAppEndpoint: options.ReplicatedAppEndpoint,
 		namespace:             options.Namespace,
 	})
-
-	return nil
 }
 
 func (s *InMemoryStore) GetReplicatedID() string {

pkg/util/replicated.go

@@ -12,10 +12,10 @@ import (
 	"github.com/blang/semver"
 	"github.com/pkg/errors"
 	"github.com/replicatedhq/replicated-sdk/pkg/buildversion"
-	"github.com/replicatedhq/replicated-sdk/pkg/k8sutil"
 	"github.com/replicatedhq/replicated-sdk/pkg/logger"
 	kuberneteserrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
 )
 
 func GetLegacyReplicatedConfigMapName() string {
@@ -36,12 +36,7 @@ func GetReplicatedDeploymentName() string {
 	return "replicated"
 }
 
-func GetReplicatedAndAppIDs(namespace string) (string, string, error) {
-	clientset, err := k8sutil.GetClientset()
-	if err != nil {
-		return "", "", errors.Wrap(err, "failed to get clientset")
-	}
-
+func GetReplicatedAndAppIDs(clientset kubernetes.Interface, namespace string) (string, string, error) {
 	cm, err := clientset.CoreV1().ConfigMaps(namespace).Get(context.TODO(), GetLegacyReplicatedConfigMapName(), metav1.GetOptions{})
 	if err != nil && !kuberneteserrors.IsNotFound(err) {
 		return "", "", errors.Wrap(err, "failed to get replicated-sdk configmap")