diff --git a/Makefile b/Makefile index 0838311e72..8a82b5f583 100644 --- a/Makefile +++ b/Makefile @@ -261,12 +261,15 @@ build/local-git: local-dev/git/Dockerfile build/local-api-data-watcher-pusher: local-dev/api-data-watcher-pusher/Dockerfile build/local-registry: local-dev/registry/Dockerfile build/local-dbaas-provider: local-dev/dbaas-provider/Dockerfile +build/local-mongodb-dbaas-provider: local-dev/mongodb-dbaas-provider/Dockerfile # Images for local helpers that exist in another folder than the service images localdevimages := local-git \ local-api-data-watcher-pusher \ local-registry \ - local-dbaas-provider + local-dbaas-provider \ + local-mongodb-dbaas-provider + service-images += $(localdevimages) build-localdevimages = $(foreach image,$(localdevimages),build/$(image)) @@ -307,7 +310,8 @@ all-k8s-tests-list:= nginx \ drupal-php74 \ python \ active-standby-kubernetes \ - features-kubernetes + features-kubernetes \ + node-mongodb all-k8s-tests = $(foreach image,$(all-k8s-tests-list),k8s-tests/$(image)) @@ -357,7 +361,8 @@ all-openshift-tests-list:= features-openshift \ bitbucket \ nginx \ elasticsearch \ - active-standby-openshift + active-standby-openshift \ + node-mongodb all-openshift-tests = $(foreach image,$(all-openshift-tests-list),openshift-tests/$(image)) .PHONY: openshift-tests @@ -377,10 +382,10 @@ wait-for-keycloak: main-test-services = broker logs2email logs2slack logs2rocketchat logs2microsoftteams api api-db api-redis keycloak keycloak-db ssh auth-server local-git local-api-data-watcher-pusher local-minio # Define a list of which Lagoon Services are needed for openshift testing -openshift-test-services = openshiftremove openshiftbuilddeploy openshiftbuilddeploymonitor openshiftmisc tests-openshift +openshift-test-services = openshiftremove openshiftbuilddeploy openshiftbuilddeploymonitor openshiftmisc tests-openshift local-dbaas-provider local-mongodb-dbaas-provider # Define a list of which Lagoon Services are needed for kubernetes testing -k8s-test-services = controllerhandler tests-kubernetes local-registry local-dbaas-provider drush-alias +k8s-test-services = controllerhandler tests-kubernetes local-registry local-dbaas-provider local-mongodb-dbaas-provider drush-alias # List of Lagoon Services needed for webhook endpoint testing webhooks-test-services = webhook-handler webhooks2tasks backup-handler @@ -392,7 +397,7 @@ drupal-test-services = drush-alias webhook-tests = github gitlab bitbucket # All Tests that use API endpoints -api-tests = node features-openshift features-kubernetes nginx elasticsearch active-standby-openshift active-standby-kubernetes +api-tests = node features-openshift features-kubernetes nginx elasticsearch active-standby-openshift active-standby-kubernetes node-mongodb # All drupal tests drupal-tests = drupal-php72 drupal-php73 drupal-php74 drupal-postgres @@ -800,9 +805,10 @@ endif local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' repo add dioscuri https://raw.githubusercontent.com/amazeeio/dioscuri/main/charts ; \ local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' upgrade --install -n dioscuri dioscuri dioscuri/dioscuri ; \ local-dev/kubectl --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --context='$(K3D_NAME)' create namespace dbaas-operator; \ - local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' repo add dbaas-operator https://raw.githubusercontent.com/amazeeio/dbaas-operator/master/charts ; \ + local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' repo add dbaas-operator https://raw.githubusercontent.com/amazeeio/dbaas-operator/main/charts ; \ local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' upgrade --install -n dbaas-operator dbaas-operator dbaas-operator/dbaas-operator ; \ local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' upgrade --install -n dbaas-operator mariadbprovider dbaas-operator/mariadbprovider -f local-dev/helm-values-mariadbprovider.yml ; \ + local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' upgrade --install -n dbaas-operator mongodbprovider dbaas-operator/mongodbprovider -f local-dev/helm-values-mongodbprovider.yml ; \ local-dev/kubectl --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --context='$(K3D_NAME)' create namespace harbor; \ local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' repo add harbor https://helm.goharbor.io ; \ local-dev/helm --kubeconfig="$$(./local-dev/k3d get-kubeconfig --name='$(K3D_NAME)')" --kube-context='$(K3D_NAME)' upgrade --install -n harbor harbor harbor/harbor -f local-dev/helm-values-harbor.yml ; \ @@ -928,7 +934,7 @@ api-development: build/api build/api-db build/local-api-data-watcher-pusher buil KIND_VERSION = v0.10.0 GOJQ_VERSION = v0.11.2 KIND_IMAGE = kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab -TESTS = [api,features-kubernetes,nginx,drupal-php73,drupal-php74,drupal-postgres,python,gitlab,github,bitbucket] +TESTS = [api,features-kubernetes,nginx,drupal-php73,drupal-php74,drupal-postgres,python,gitlab,github,bitbucket,node-mongodb] CHARTS_TREEISH = main local-dev/kind: diff --git a/docker-compose.yaml b/docker-compose.yaml index 40dc3ed02d..690549ed08 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -225,6 +225,13 @@ services: MYSQL_ROOT_PASSWORD: 'password' ports: - '3306:3306' + local-mongodb-dbaas-provider: + image: ${IMAGE_REPO:-lagoon}/local-mongodb-dbaas-provider + restart: always + labels: + lagoon.type: none + ports: + - '27017:27017' local-minio: image: minio/minio entrypoint: sh diff --git a/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh b/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh index ae8d445d3c..3992f5ef76 100755 --- a/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh +++ b/images/kubectl-build-deploy-dind/build-deploy-docker-compose.sh @@ -227,6 +227,31 @@ do fi fi + if [[ "$SERVICE_TYPE" == "mongodb-dbaas" ]]; then + # Default plan is the enviroment type + DBAAS_ENVIRONMENT=$(cat $DOCKER_COMPOSE_YAML | shyaml get-value services.$COMPOSE_SERVICE.labels.lagoon\\.mongodb-dbaas\\.environment "${ENVIRONMENT_TYPE}") + + # Allow the dbaas shared servicebroker plan to be overriden by environment in .lagoon.yml + ENVIRONMENT_DBAAS_ENVIRONMENT_OVERRIDE=$(cat .lagoon.yml | shyaml get-value environments.${BRANCH//./\\.}.overrides.$SERVICE_NAME.mongodb-dbaas\\.environment false) + if [ ! $DBAAS_ENVIRONMENT_OVERRIDE == "false" ]; then + DBAAS_ENVIRONMENT=$ENVIRONMENT_DBAAS_ENVIRONMENT_OVERRIDE + fi + + # If we have a dbaas environment type override in the api, consume it here + if [ ! -z "$LAGOON_DBAAS_ENVIRONMENT_TYPES" ]; then + IFS=',' read -ra LAGOON_DBAAS_ENVIRONMENT_TYPES_SPLIT <<< "$LAGOON_DBAAS_ENVIRONMENT_TYPES" + for LAGOON_DBAAS_ENVIRONMENT_TYPE in "${LAGOON_DBAAS_ENVIRONMENT_TYPES_SPLIT[@]}" + do + IFS=':' read -ra LAGOON_DBAAS_ENVIRONMENT_TYPE_SPLIT <<< "$LAGOON_DBAAS_ENVIRONMENT_TYPE" + if [ "${LAGOON_DBAAS_ENVIRONMENT_TYPE_SPLIT[0]}" == "$SERVICE_NAME" ]; then + DBAAS_ENVIRONMENT=${LAGOON_DBAAS_ENVIRONMENT_TYPE_SPLIT[1]} + fi + done + fi + + MAP_SERVICE_NAME_TO_DBAAS_ENVIRONMENT["${SERVICE_NAME}"]="${DBAAS_ENVIRONMENT}" + fi + if [ "$SERVICE_TYPE" == "none" ]; then continue fi @@ -245,6 +270,8 @@ do if [[ "$SERVICE_TYPE" != "mariadb-dbaas" ]] && [[ "$SERVICE_TYPE" != "mariadb-shared" ]] && [[ "$SERVICE_TYPE" != "postgres-shared" ]] && + [[ "$SERVICE_TYPE" != "postgres-dbaas" ]] && + [[ "$SERVICE_TYPE" != "mongodb-dbaas" ]] && [[ "$SERVICE_TYPE" != "mongodb-shared" ]]; then # Generate List of Images to build IMAGES+=("${IMAGE_NAME}") @@ -1336,6 +1363,10 @@ do . /kubectl-build-deploy/scripts/exec-kubectl-postgres-dbaas.sh ;; + mongodb-dbaas) + . /kubectl-build-deploy/scripts/exec-kubectl-mongodb-dbaas.sh + ;; + *) echo "DBAAS Type ${SERVICE_TYPE} not implemented"; exit 1; @@ -1548,6 +1579,10 @@ do echo "nothing to monitor for $SERVICE_TYPE" + elif [ $SERVICE_TYPE == "mongodb-dbaas" ]; then + + echo "nothing to monitor for $SERVICE_TYPE" + elif [ ! $SERVICE_ROLLOUT_TYPE == "false" ]; then . /kubectl-build-deploy/scripts/exec-monitor-deploy.sh fi diff --git a/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/.helmignore b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/Chart.yaml b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/Chart.yaml new file mode 100644 index 0000000000..a9c381b641 --- /dev/null +++ b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +name: mongodb-dbaas +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 \ No newline at end of file diff --git a/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/templates/_helpers.tpl b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/templates/_helpers.tpl new file mode 100644 index 0000000000..a8487815ac --- /dev/null +++ b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/templates/_helpers.tpl @@ -0,0 +1,79 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mongodb-dbaas.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "mongodb-dbaas.fullname" -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mongodb-dbaas.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create full hostname for autogenerated hosts +*/}} +{{- define "mongodb-dbaas.autogeneratedHost" -}} +{{- printf "%s.%s" .Release.Name .Values.routesAutogenerateSuffix | trimSuffix "-" -}} +{{- end -}} + +{{- define "mongodb-dbaas.fullnameUppercase" -}} +{{ include "mongodb-dbaas.fullname" . | upper | replace "-" "_" }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "mongodb-dbaas.labels" -}} +helm.sh/chart: {{ include "mongodb-dbaas.chart" . }} +{{ include "mongodb-dbaas.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{ include "mongodb-dbaas.lagoonLabels" . }} + +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "mongodb-dbaas.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mongodb-dbaas.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Lagoon Labels +*/}} +{{- define "mongodb-dbaas.lagoonLabels" -}} +lagoon.sh/service: {{ .Release.Name }} +lagoon.sh/service-type: {{ .Chart.Name }} +lagoon.sh/project: {{ .Values.project }} +lagoon.sh/environment: {{ .Values.environment }} +lagoon.sh/environmentType: {{ .Values.environmentType }} +lagoon.sh/buildType: {{ .Values.buildType }} +{{- end -}} + +{{/* +Annotations +*/}} +{{- define "mongodb-dbaas.annotations" -}} +lagoon.sh/version: {{ .Values.lagoonVersion | quote }} +{{- if .Values.branch }} +lagoon.sh/branch: {{ .Values.branch | quote }} +{{- end }} +{{- if .Values.prNumber }} +lagoon.sh/prNumber: {{ .Values.prNumber | quote }} +lagoon.sh/prHeadBranch: {{ .Values.prHeadBranch | quote }} +lagoon.sh/prBaseBranch: {{ .Values.prBaseBranch | quote }} +{{- end }} +{{- end -}} diff --git a/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/templates/dbaas.yaml b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/templates/dbaas.yaml new file mode 100644 index 0000000000..84a1b3e447 --- /dev/null +++ b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/templates/dbaas.yaml @@ -0,0 +1,11 @@ +apiVersion: mongodb.amazee.io/v1 +kind: MongoDBConsumer +metadata: + name: {{ include "mongodb-dbaas.fullname" . }} + labels: + {{- include "mongodb-dbaas.labels" . | nindent 4 }} + annotations: + {{- include "mongodb-dbaas.annotations" . | nindent 4 }} + +spec: + environment: {{ .Values.environment}} diff --git a/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/values.yaml b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/values.yaml new file mode 100644 index 0000000000..da55d1ce5c --- /dev/null +++ b/images/kubectl-build-deploy-dind/helmcharts/mongodb-dbaas/values.yaml @@ -0,0 +1,5 @@ +# Default values for nginx. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +environment: "" diff --git a/images/kubectl-build-deploy-dind/scripts/exec-kubectl-mongodb-dbaas.sh b/images/kubectl-build-deploy-dind/scripts/exec-kubectl-mongodb-dbaas.sh new file mode 100644 index 0000000000..d383711a05 --- /dev/null +++ b/images/kubectl-build-deploy-dind/scripts/exec-kubectl-mongodb-dbaas.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# The operator can sometimes take a bit, wait until the details are available +# We added a timeout of 10 minutes (120 retries) before exit +OPERATOR_COUNTER=1 +OPERATOR_TIMEOUT=180 +# use the secret name from the consumer to prevent credential clash +until kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database +do +if [ $OPERATOR_COUNTER -lt $OPERATOR_TIMEOUT ]; then + let SERVICE_BROKER_COUNTER=SERVICE_BROKER_COUNTER+1 + echo "Service for ${SERVICE_NAME} not available yet, waiting for 5 secs" + sleep 5 +else + echo "Timeout of $OPERATOR_TIMEOUT for ${SERVICE_NAME} creation reached" + exit 1 +fi +done +set +x +# Grab the details from the consumer spec +DB_HOST=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.services.primary) +DB_USER=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.username) +DB_PASSWORD=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.password) +DB_NAME=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database) +DB_PORT=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.port) +DB_AUTHSOURCE=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.source) +DB_AUTHMECHANISM=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.mechanism) +DB_AUTHTLS=$(kubectl --insecure-skip-tls-verify -n ${NAMESPACE} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.tls) + +# Add credentials to our configmap, prefixed with the name of the servicename of this servicebroker +kubectl patch --insecure-skip-tls-verify \ + -n ${NAMESPACE} \ + configmap lagoon-env \ + -p "{\"data\":{\"${SERVICE_NAME_UPPERCASE}_HOST\":\"${DB_HOST}\", \"${SERVICE_NAME_UPPERCASE}_USERNAME\":\"${DB_USER}\", \"${SERVICE_NAME_UPPERCASE}_PASSWORD\":\"${DB_PASSWORD}\", \"${SERVICE_NAME_UPPERCASE}_DATABASE\":\"${DB_NAME}\", \"${SERVICE_NAME_UPPERCASE}_PORT\":\"${DB_PORT}\", \"${SERVICE_NAME_UPPERCASE}_AUTHSOURCE\":\"${DB_AUTHSOURCE}\", \"${SERVICE_NAME_UPPERCASE}_AUTHMECHANISM\":\"${DB_AUTHMECHANISM}\", \"${SERVICE_NAME_UPPERCASE}_AUTHTLS\":\"${DB_AUTHTLS}\" }}" + +set -x \ No newline at end of file diff --git a/images/oc-build-deploy-dind/build-deploy-docker-compose.sh b/images/oc-build-deploy-dind/build-deploy-docker-compose.sh index 98fd87d9ff..5591c0c2db 100755 --- a/images/oc-build-deploy-dind/build-deploy-docker-compose.sh +++ b/images/oc-build-deploy-dind/build-deploy-docker-compose.sh @@ -223,6 +223,31 @@ do fi fi + if [[ "$SERVICE_TYPE" == "mongodb-dbaas" ]]; then + # Default plan is the enviroment type + DBAAS_ENVIRONMENT=$(cat $DOCKER_COMPOSE_YAML | shyaml get-value services.$COMPOSE_SERVICE.labels.lagoon\\.$SERVICE_TYPE\\.environment "${ENVIRONMENT_TYPE}") + + # Allow the dbaas shared servicebroker plan to be overriden by environment in .lagoon.yml + ENVIRONMENT_DBAAS_ENVIRONMENT_OVERRIDE=$(cat .lagoon.yml | shyaml get-value environments.${BRANCH}.overrides.$SERVICE_NAME.$SERVICE_TYPE\\.environment false) + if [ ! $DBAAS_ENVIRONMENT_OVERRIDE == "false" ]; then + DBAAS_ENVIRONMENT=$ENVIRONMENT_DBAAS_ENVIRONMENT_OVERRIDE + fi + + # If we have a dbaas environment type override in the api, consume it here + if [ ! -z "$LAGOON_DBAAS_ENVIRONMENT_TYPES" ]; then + IFS=',' read -ra LAGOON_DBAAS_ENVIRONMENT_TYPES_SPLIT <<< "$LAGOON_DBAAS_ENVIRONMENT_TYPES" + for LAGOON_DBAAS_ENVIRONMENT_TYPE in "${LAGOON_DBAAS_ENVIRONMENT_TYPES_SPLIT[@]}" + do + IFS=':' read -ra LAGOON_DBAAS_ENVIRONMENT_TYPE_SPLIT <<< "$LAGOON_DBAAS_ENVIRONMENT_TYPE" + if [ "${LAGOON_DBAAS_ENVIRONMENT_TYPE[0]}" == "$SERVICE_NAME" ]; then + DBAAS_ENVIRONMENT_TYPE=${LAGOON_DBAAS_ENVIRONMENT_TYPE[1]} + fi + done + fi + + MAP_SERVICE_NAME_TO_DBAAS_ENVIRONMENT["${SERVICE_NAME}"]="$DBAAS_ENVIRONMENT" + fi + if [ "$SERVICE_TYPE" == "none" ]; then continue fi @@ -240,7 +265,8 @@ do # Do not handle images for shared services if [[ "$SERVICE_TYPE" != "mariadb-dbaas" ]] && [[ "$SERVICE_TYPE" != "mariadb-shared" ]] && - [[ "$SERVICE_TYPE" != "mongodb-shared" ]]; then + [[ "$SERVICE_TYPE" != "mongodb-shared" ]] && + [[ "$SERVICE_TYPE" != "mongodb-dbaas" ]]; then # Generate List of Images to build IMAGES+=("${IMAGE_NAME}") fi @@ -1034,6 +1060,10 @@ do set -x ;; + mongodb-dbaas) + . /oc-build-deploy/scripts/exec-openshift-mongodb-dbaas.sh + ;; + *) echo "ServiceBroker Type ${SERVICE_TYPE} not implemented"; exit 1; @@ -1346,6 +1376,10 @@ do echo "nothing to monitor for $SERVICE_TYPE" + elif [ $SERVICE_TYPE == "mongodb-dbaas" ]; then + + echo "nothing to monitor for $SERVICE_TYPE" + elif [ ! $SERVICE_ROLLOUT_TYPE == "false" ]; then . /oc-build-deploy/scripts/exec-monitor-deploy.sh fi diff --git a/images/oc-build-deploy-dind/openshift-templates/mongodb-dbaas/consumer.yml b/images/oc-build-deploy-dind/openshift-templates/mongodb-dbaas/consumer.yml new file mode 100644 index 0000000000..81412ca7b6 --- /dev/null +++ b/images/oc-build-deploy-dind/openshift-templates/mongodb-dbaas/consumer.yml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Template +metadata: + creationTimestamp: null + name: lagoon-openshift-template-mongodb-dbaas-crd +parameters: + - name: SERVICE_NAME + description: Name of this service + required: true + - name: SAFE_BRANCH + description: Which branch this belongs to, special chars replaced with dashes + required: true + - name: SAFE_PROJECT + description: Which project this belongs to, special chars replaced with dashes + required: true + - name: ENVIRONMENT + description: Environment or type of dbaas to choose + required: true +objects: +- apiVersion: mongodb.amazee.io/v1 + kind: MongoDBConsumer + metadata: + name: ${SERVICE_NAME} + labels: + service: ${SERVICE_NAME} + branch: ${SAFE_BRANCH} + project: ${SAFE_PROJECT} + spec: + environment: ${ENVIRONMENT} \ No newline at end of file diff --git a/images/oc-build-deploy-dind/scripts/exec-openshift-mongodb-dbaas.sh b/images/oc-build-deploy-dind/scripts/exec-openshift-mongodb-dbaas.sh new file mode 100644 index 0000000000..5a36a4c12e --- /dev/null +++ b/images/oc-build-deploy-dind/scripts/exec-openshift-mongodb-dbaas.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# The operator can sometimes take a bit, wait until the details are available +# We added a timeout of 10 minutes (120 retries) before exit +OPERATOR_COUNTER=1 +OPERATOR_TIMEOUT=180 +# use the secret name from the consumer to prevent credential clash +until oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database +do +if [ $OPERATOR_COUNTER -lt $OPERATOR_TIMEOUT ]; then + let SERVICE_BROKER_COUNTER=SERVICE_BROKER_COUNTER+1 + echo "Service for ${SERVICE_NAME} not available yet, waiting for 5 secs" + sleep 5 +else + echo "Timeout of $OPERATOR_TIMEOUT for ${SERVICE_NAME} creation reached" + exit 1 +fi +done +set +x +# Grab the details from the consumer spec +DB_HOST=$(oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.services.primary) +DB_USER=$(oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.username) +DB_PASSWORD=$(oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.password) +DB_NAME=$(oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.consumer.database) +DB_PORT=$(oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.port) +DB_AUTHSOURCE=$(oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.source) +DB_AUTHMECHANISM=$(oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.mechanism) +DB_AUTHTLS=$(oc --insecure-skip-tls-verify -n ${OPENSHIFT_PROJECT} get mongodbconsumer/${SERVICE_NAME} -o yaml | shyaml get-value spec.provider.auth.tls) + +# Add credentials to our configmap, prefixed with the name of the servicename of this servicebroker +oc patch --insecure-skip-tls-verify \ + -n ${OPENSHIFT_PROJECT} \ + configmap lagoon-env \ + -p "{\"data\":{\"${SERVICE_NAME_UPPERCASE}_HOST\":\"${DB_HOST}\", \"${SERVICE_NAME_UPPERCASE}_USERNAME\":\"${DB_USER}\", \"${SERVICE_NAME_UPPERCASE}_PASSWORD\":\"${DB_PASSWORD}\", \"${SERVICE_NAME_UPPERCASE}_DATABASE\":\"${DB_NAME}\", \"${SERVICE_NAME_UPPERCASE}_PORT\":\"${DB_PORT}\", \"${SERVICE_NAME_UPPERCASE}_AUTHSOURCE\":\"${DB_AUTHSOURCE}\", \"${SERVICE_NAME_UPPERCASE}_AUTHMECHANISM\":\"${DB_AUTHMECHANISM}\", \"${SERVICE_NAME_UPPERCASE}_AUTHTLS\":\"${DB_AUTHTLS}\" }}" + +set -x \ No newline at end of file diff --git a/local-dev/api-data-watcher-pusher/api-data/02-populate-api-data-openshift.gql b/local-dev/api-data-watcher-pusher/api-data/02-populate-api-data-openshift.gql index 627f8e9a94..d1f7211cc3 100644 --- a/local-dev/api-data-watcher-pusher/api-data/02-populate-api-data-openshift.gql +++ b/local-dev/api-data-watcher-pusher/api-data/02-populate-api-data-openshift.gql @@ -1085,4 +1085,50 @@ mutation PopulateApi { ) { id } + + CiNodeMongoDB: addProject( + input: { + id: 31 + name: "ci-node-mongodb-openshift" + openshift: 2 + gitUrl: "ssh://git@172.17.0.1:2222/git/node-mongodb.git" + productionEnvironment:"main" + branches: "true" + privateKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAxGZZrOV7Islo5p51Moabfd1YB8qbHvQZfJDZJmSU4jNxMf8G\nQH8KIM6ndi60xIiDlkh9R50Gs0fgnPaBwpjMjcUay5EvzBJdMmd/EPhg359+4f5Z\nQiGTVaB5UoGJKg9DEK4Xxi+QLpQ1CiJXvd3QOqnQlJZ2WYwz4kdLxF0d+sRrl+0G\nAISt9Gg9kq6wa7k7RRr4/OyD/9DhDr1GXvHXFPRv6QqKq084CqiUaarP7OcbZKi5\nEyMkf0s86ZTttQPqQijWsenLAw6t7J0vM38eojPDMFX4fJ7wVvbHmsdcwb2YxwD0\nk7I85mV5uM99v7owJ/0YSJGcN2YESq8c68rbRp1iSfDhchd9SUyYMFlrj3R+dxte\nTwvN2W5hIEld8Ip+dUWUVaaTeLkFLmqmVhvcMJNmuj+Wnp9USwki6U5HdpgBJPT5\nYJia3/LyE5IlPaRfZ+vBDQqKOeeqkncVtqcZ468ylT0qpqjtV4OSuCzl+P/TeJ+K\npCxDoqp88yQpYRYn9ztvEVvOkT8RERnT0/NVCNKAwHFOXrkK/BJs/h3fj2NddeVC\nJXdwiB4m+T2C/RHtGxVColqUf2nEntXxweuJgqBz+4YxXqRrKu4p5L4NuudcFAyg\nbIRpbaTZDI+vmmXnTXNP6ymMo5fNJ0/IPEBAoDkkc6ZmKdM5Yth6RaCzolsCAwEA\nAQKCAgBRL4n0SaxcFevyISCLMU+HeP8RwXPcGMWMU4ggMcXFt8QcCbK46Ir0QtjA\nps/8yf2zGuYGu2dwps63s8KyAV3VYNwRuEOM1S6HTncdOb850YGuw+h7yMtRwxND\nwt5Db6mmdIDJYRH13zgJp2ajytRv25CoS4ZCwA0WhahRVLi214kudUFc53vNI2YI\ng4PUE+7nQx4X12E9V0ghQqabStdBB0ZXjA8Ef6vH5CXthDmNUX9mXcSbn5RPtndI\ni1Kz2Bl3HdCaHO3ZprDItbU0UWEFZeZSzcb5JO5u1HZwiebTA5/q638uqqg4CUyG\n0+bEYZ/Ud/AY13A/CkHN6ZNH+UQotCH3GLyaTQq6OhyXlgMBojn3xs9iMUclFcuy\nkbZ1jAxqci25pxCIeNDHBDKRyxgSkDPna8ZZ4eKGXjIZzsds4+IDkYJLMg0OCtd2\nKm+ZPM2CFU2YCqt11dlr0higGK/9gdpajJMVgEYAmigQ670LdcBc4XIOpPMrR70a\nPjbF9ze/UqtKDWtz8KMIUcvr0CjhHa3XRgMJiM34hIOZU6xf6rjEgkN2Geq24u1b\nhUW8URb+5dcasQ9iIfkNn3R+zK5PzyvQNf6+XrbVjpLqPHXJYrD85EKlXkPqiE6y\n3ehYMrIaZIY6gMuIVcg8AEtsm5EwQY7ETw4YnMQLKfyweLsHEQKCAQEA5vavDyQj\nn6PqfF1Ntr3N/FfwRr/167HB+/3wHT+FwRpCw62ACeBC0iFXmzG2wfQfot60fUGa\nQEJiUDGZFvBM0tiTpzmgGG7QpRbPe1919Sl5LZeLA9bngRnmqn5zAkmVTeBCO/4F\nMSk9hnBZ0v0W3DqNmjuIH298g3gl4VJeKpILd62LbhjvhjT/LXlekYDEj3p9Xob8\n1OQxFJgftFyg4P07RRaUzsNLhqEdY3VxDcUMb9459fEYeb7sYig+zVPaZQ31aMVK\nj6K+XiH5M5uKJWkPdMDUG84jreFAdBY9kGCuSulTWgmTLlMKSI85q5hkckY2EQQL\n5u456xfyuFcnEwKCAQEA2bCCcqcGIAiMwk/6z7XIJeUsSUg+ObvkEdogk5n6Y1Ea\nt5LxMpQzhG6SHJ2f38VyKgv9e/jnwXI8eiejper6OeQEBG4+AedcLYi0V5SUMIgD\nX4bxT9+qCwYrwt9YHkJySk237WZUWJPVfxHg0vqNYyD/CXBowx0nm8jEuZ8iT+CW\nO2uZq+0DO2WqoYT54lZux6aEzm+oAkzwJJVXJcUVPg7bJXK1ObOzvHpkZJxHL8+S\nKufzew/CXALKWHoCkEP/P8b7oxjcjQI3KK0EM2fABNvN28+qscqTqQjfAsNw24Ob\nP8rL8amgd/x7iddIbEpOSoLAH1gVoxJXA0oqkC6YmQKCAQEAiIeoomW1nUgTdCLf\nrrfyzUnaoqgVIpf42RKa319OnQD+GJg2iSAFwBuvovE3XN4H2YqW3Thri7LyVP+M\nxM+WSkl2tzLMXcUcF4staXvbyeoTVQ0xQzrFrT53aa/IIsEGvntkC/y0awQ6937w\nylWMLvF6BYNNi2+nBjx+//xl5/pfRwbS1mltJkOr2ODXM2IQT9STyc44JU0jak4m\n58Kd44IuiD+6BaPSwKn7KnEhPIeQO4z9bFJyKn3fVIL/5Pa9smEXAjEmS1Rj/ldM\n7eHzPvwlA9p9SFaKJt5x8G25ROCyB1x4RlBEreyutofcCoDSV+8DRPnEY2XN3RhS\nBgCW+wKCAQAyHrqaDSyS2YUXA/UaN59CYlZk9PYmssTa+16+vRfyH+1H0NQpsgd+\neTq4ze3ORpZ3adVN4svxNQ0JjvDVtZkxFPd70aoDJDKL5UqoU3QfDGHCb75FhpiO\n+ze+IVAXf3Ly+pvbU9Edp8PjAsnBqaA9743orXHhYmgJLRtmJWZv/6R3P9ncxLAW\nz9yOXaBu5TmSTBuNsBV9mhs8QQoUjyDJ7f+0yolBJMfAIGnW5EhbkK31pPvhHIrC\nRn4yCr1mW9F77KNpNMMq0BTFD7jE4SFLvRPThSem0Z5Xr8wwxbDJSa7H7DgyhryE\ng6Qp42AwVpdZ/mqfjNdGeWWBQ2UzVxcZAoIBAHNXgjD3umcKciYRAbltNJrXx9xk\ndAv8I69oEMCy4hCmvKUjy/UI9NqXFjBb/G6VGgh6NUE9o9o27t1Y5Plm0izyCA1M\nDFruaRfjyJ8qjbEifcqRtcF3rzsBiXIwdmbN6qT4PUipN2elpUAd7J1OIwGIIe3u\nCWNyOTNL+2+oQ/Eg1Y99mg3yrsVyOwhynVE80/X5cy07bXXR5rv1x4NKSVbPhlnt\nL6J5iAoqoDKICzjcgF5x3mj9YFWZrC3aRxRrN5RoEgeVdcXeK56UJqXHjmKN++m3\nc8OPEIBZiD8UJuhSNSOLiBFrGz6toy6rpHavqqknGhVWotXsAs1h8LNkBe8=\n-----END RSA PRIVATE KEY-----" + } + ) { + id + } + CiNodeMongoDBGroup3: addGroupsToProject( + input: { + project: { + name: "ci-node-mongodb-openshift" + } + groups: [ + { + name: "ci-group" + } + ] + } + ) { + id + } + CiNodeMongoDBRocketChat: addNotificationToProject( + input: { + project: "ci-node-mongodb-openshift" + notificationType: ROCKETCHAT + notificationName: "amazeeio--lagoon-local-ci" + } + ) { + id + } + CiNodeMongoDBEmail: addNotificationToProject( + input: { + project: "ci-node-mongodb-openshift" + notificationType: EMAIL + notificationName: "local-email-testing" + } + ) { + id + } } diff --git a/local-dev/api-data-watcher-pusher/api-data/03-populate-api-data-kubernetes.gql b/local-dev/api-data-watcher-pusher/api-data/03-populate-api-data-kubernetes.gql index 8042229c48..9bcd86ab79 100644 --- a/local-dev/api-data-watcher-pusher/api-data/03-populate-api-data-kubernetes.gql +++ b/local-dev/api-data-watcher-pusher/api-data/03-populate-api-data-kubernetes.gql @@ -1131,4 +1131,50 @@ mutation PopulateApi { id } + CiNodeMongoDB: addProject( + input: { + id: 2031 + name: "ci-node-mongodb-control-k8s" + openshift: 2001 + gitUrl: "ssh://git@${GIT_HOST}:${GIT_PORT}/git/node-mongodb.git" + productionEnvironment:"master" + privateKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAxGZZrOV7Islo5p51Moabfd1YB8qbHvQZfJDZJmSU4jNxMf8G\nQH8KIM6ndi60xIiDlkh9R50Gs0fgnPaBwpjMjcUay5EvzBJdMmd/EPhg359+4f5Z\nQiGTVaB5UoGJKg9DEK4Xxi+QLpQ1CiJXvd3QOqnQlJZ2WYwz4kdLxF0d+sRrl+0G\nAISt9Gg9kq6wa7k7RRr4/OyD/9DhDr1GXvHXFPRv6QqKq084CqiUaarP7OcbZKi5\nEyMkf0s86ZTttQPqQijWsenLAw6t7J0vM38eojPDMFX4fJ7wVvbHmsdcwb2YxwD0\nk7I85mV5uM99v7owJ/0YSJGcN2YESq8c68rbRp1iSfDhchd9SUyYMFlrj3R+dxte\nTwvN2W5hIEld8Ip+dUWUVaaTeLkFLmqmVhvcMJNmuj+Wnp9USwki6U5HdpgBJPT5\nYJia3/LyE5IlPaRfZ+vBDQqKOeeqkncVtqcZ468ylT0qpqjtV4OSuCzl+P/TeJ+K\npCxDoqp88yQpYRYn9ztvEVvOkT8RERnT0/NVCNKAwHFOXrkK/BJs/h3fj2NddeVC\nJXdwiB4m+T2C/RHtGxVColqUf2nEntXxweuJgqBz+4YxXqRrKu4p5L4NuudcFAyg\nbIRpbaTZDI+vmmXnTXNP6ymMo5fNJ0/IPEBAoDkkc6ZmKdM5Yth6RaCzolsCAwEA\nAQKCAgBRL4n0SaxcFevyISCLMU+HeP8RwXPcGMWMU4ggMcXFt8QcCbK46Ir0QtjA\nps/8yf2zGuYGu2dwps63s8KyAV3VYNwRuEOM1S6HTncdOb850YGuw+h7yMtRwxND\nwt5Db6mmdIDJYRH13zgJp2ajytRv25CoS4ZCwA0WhahRVLi214kudUFc53vNI2YI\ng4PUE+7nQx4X12E9V0ghQqabStdBB0ZXjA8Ef6vH5CXthDmNUX9mXcSbn5RPtndI\ni1Kz2Bl3HdCaHO3ZprDItbU0UWEFZeZSzcb5JO5u1HZwiebTA5/q638uqqg4CUyG\n0+bEYZ/Ud/AY13A/CkHN6ZNH+UQotCH3GLyaTQq6OhyXlgMBojn3xs9iMUclFcuy\nkbZ1jAxqci25pxCIeNDHBDKRyxgSkDPna8ZZ4eKGXjIZzsds4+IDkYJLMg0OCtd2\nKm+ZPM2CFU2YCqt11dlr0higGK/9gdpajJMVgEYAmigQ670LdcBc4XIOpPMrR70a\nPjbF9ze/UqtKDWtz8KMIUcvr0CjhHa3XRgMJiM34hIOZU6xf6rjEgkN2Geq24u1b\nhUW8URb+5dcasQ9iIfkNn3R+zK5PzyvQNf6+XrbVjpLqPHXJYrD85EKlXkPqiE6y\n3ehYMrIaZIY6gMuIVcg8AEtsm5EwQY7ETw4YnMQLKfyweLsHEQKCAQEA5vavDyQj\nn6PqfF1Ntr3N/FfwRr/167HB+/3wHT+FwRpCw62ACeBC0iFXmzG2wfQfot60fUGa\nQEJiUDGZFvBM0tiTpzmgGG7QpRbPe1919Sl5LZeLA9bngRnmqn5zAkmVTeBCO/4F\nMSk9hnBZ0v0W3DqNmjuIH298g3gl4VJeKpILd62LbhjvhjT/LXlekYDEj3p9Xob8\n1OQxFJgftFyg4P07RRaUzsNLhqEdY3VxDcUMb9459fEYeb7sYig+zVPaZQ31aMVK\nj6K+XiH5M5uKJWkPdMDUG84jreFAdBY9kGCuSulTWgmTLlMKSI85q5hkckY2EQQL\n5u456xfyuFcnEwKCAQEA2bCCcqcGIAiMwk/6z7XIJeUsSUg+ObvkEdogk5n6Y1Ea\nt5LxMpQzhG6SHJ2f38VyKgv9e/jnwXI8eiejper6OeQEBG4+AedcLYi0V5SUMIgD\nX4bxT9+qCwYrwt9YHkJySk237WZUWJPVfxHg0vqNYyD/CXBowx0nm8jEuZ8iT+CW\nO2uZq+0DO2WqoYT54lZux6aEzm+oAkzwJJVXJcUVPg7bJXK1ObOzvHpkZJxHL8+S\nKufzew/CXALKWHoCkEP/P8b7oxjcjQI3KK0EM2fABNvN28+qscqTqQjfAsNw24Ob\nP8rL8amgd/x7iddIbEpOSoLAH1gVoxJXA0oqkC6YmQKCAQEAiIeoomW1nUgTdCLf\nrrfyzUnaoqgVIpf42RKa319OnQD+GJg2iSAFwBuvovE3XN4H2YqW3Thri7LyVP+M\nxM+WSkl2tzLMXcUcF4staXvbyeoTVQ0xQzrFrT53aa/IIsEGvntkC/y0awQ6937w\nylWMLvF6BYNNi2+nBjx+//xl5/pfRwbS1mltJkOr2ODXM2IQT9STyc44JU0jak4m\n58Kd44IuiD+6BaPSwKn7KnEhPIeQO4z9bFJyKn3fVIL/5Pa9smEXAjEmS1Rj/ldM\n7eHzPvwlA9p9SFaKJt5x8G25ROCyB1x4RlBEreyutofcCoDSV+8DRPnEY2XN3RhS\nBgCW+wKCAQAyHrqaDSyS2YUXA/UaN59CYlZk9PYmssTa+16+vRfyH+1H0NQpsgd+\neTq4ze3ORpZ3adVN4svxNQ0JjvDVtZkxFPd70aoDJDKL5UqoU3QfDGHCb75FhpiO\n+ze+IVAXf3Ly+pvbU9Edp8PjAsnBqaA9743orXHhYmgJLRtmJWZv/6R3P9ncxLAW\nz9yOXaBu5TmSTBuNsBV9mhs8QQoUjyDJ7f+0yolBJMfAIGnW5EhbkK31pPvhHIrC\nRn4yCr1mW9F77KNpNMMq0BTFD7jE4SFLvRPThSem0Z5Xr8wwxbDJSa7H7DgyhryE\ng6Qp42AwVpdZ/mqfjNdGeWWBQ2UzVxcZAoIBAHNXgjD3umcKciYRAbltNJrXx9xk\ndAv8I69oEMCy4hCmvKUjy/UI9NqXFjBb/G6VGgh6NUE9o9o27t1Y5Plm0izyCA1M\nDFruaRfjyJ8qjbEifcqRtcF3rzsBiXIwdmbN6qT4PUipN2elpUAd7J1OIwGIIe3u\nCWNyOTNL+2+oQ/Eg1Y99mg3yrsVyOwhynVE80/X5cy07bXXR5rv1x4NKSVbPhlnt\nL6J5iAoqoDKICzjcgF5x3mj9YFWZrC3aRxRrN5RoEgeVdcXeK56UJqXHjmKN++m3\nc8OPEIBZiD8UJuhSNSOLiBFrGz6toy6rpHavqqknGhVWotXsAs1h8LNkBe8=\n-----END RSA PRIVATE KEY-----" + } + ) { + id + } + CiNodeMongoDBGroup3: addGroupsToProject( + input: { + project: { + name: "ci-node-mongodb-control-k8s" + } + groups: [ + { + name: "ci-group" + } + + ] + } + ) { + id + } + CiNodeMongoDBRocketChat: addNotificationToProject( + input: { + project: "ci-node-mongodb-control-k8s" + notificationType: ROCKETCHAT + notificationName: "amazeeio--lagoon-local-ci" + } + ) { + id + } + CiNodeMongoDBEmail: addNotificationToProject( + input: { + project: "ci-node-mongodb-control-k8s" + notificationType: EMAIL + notificationName: "local-email-testing" + } + ) { + id + } + } diff --git a/local-dev/git/Dockerfile b/local-dev/git/Dockerfile index 8112dd7d01..98f1a9e47d 100644 --- a/local-dev/git/Dockerfile +++ b/local-dev/git/Dockerfile @@ -36,10 +36,11 @@ RUN mkdir -m 700 /git/.ssh && \ git --bare init /git/nginx.git && \ git --bare init /git/features.git && \ git --bare init /git/features-subfolder.git && \ - git --bare init /git/elasticsearch.git && \ - git --bare init /git/solr.git && \ - git --bare init /git/active-standby.git && \ - git --bare init /git/python.git + git --bare init /git/elasticsearch.git && \ + git --bare init /git/solr.git && \ + git --bare init /git/active-standby.git && \ + git --bare init /git/python.git && \ + git --bare init /git/node-mongodb.git USER root diff --git a/local-dev/helm-values-mongodbprovider.yml b/local-dev/helm-values-mongodbprovider.yml new file mode 100644 index 0000000000..ff86cfe99d --- /dev/null +++ b/local-dev/helm-values-mongodbprovider.yml @@ -0,0 +1,21 @@ +providers: + production: + environment: production + hostname: mongodb.172.17.0.1.nip.io + password: password + port: '27017' + user: root + auth: + mechanism: SCRAM-SHA-1 + source: admin + tls: true + development: + environment: development + hostname: mongodb.172.17.0.1.nip.io + password: password + port: '27017' + user: root + auth: + mechanism: SCRAM-SHA-1 + source: admin + tls: true \ No newline at end of file diff --git a/local-dev/mongodb-dbaas-provider/Dockerfile b/local-dev/mongodb-dbaas-provider/Dockerfile new file mode 100644 index 0000000000..97d1bf87cc --- /dev/null +++ b/local-dev/mongodb-dbaas-provider/Dockerfile @@ -0,0 +1,21 @@ +FROM mongo:4.2.3 +# generate a self signed mongodb with tls support +COPY openssl-test-ca.cnf openssl-test-ca.cnf + +RUN openssl genrsa -out mongodb-test-ca.key 4096 && \ + openssl req -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com" -new -x509 -days 1826 -key mongodb-test-ca.key -out mongodb-test-ca.crt -config openssl-test-ca.cnf && \ + openssl genrsa -out mongodb-test-ia.key 4096 && \ + openssl req -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com" -new -key mongodb-test-ia.key -out mongodb-test-ia.csr -config openssl-test-ca.cnf && \ + openssl x509 -sha256 -req -days 730 -in mongodb-test-ia.csr -CA mongodb-test-ca.crt -CAkey mongodb-test-ca.key -set_serial 01 -out mongodb-test-ia.crt -extfile openssl-test-ca.cnf -extensions v3_ca && \ + cat mongodb-test-ca.crt mongodb-test-ia.crt > test-ca.pem + +COPY openssl-test-server.cnf openssl-test-server.cnf + +RUN openssl genrsa -out mongodb-test-server1.key 4096 && \ + openssl req -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com" -new -key mongodb-test-server1.key -out mongodb-test-server1.csr -config openssl-test-server.cnf && \ + openssl x509 -sha256 -req -days 365 -in mongodb-test-server1.csr -CA mongodb-test-ia.crt -CAkey mongodb-test-ia.key -CAcreateserial -out mongodb-test-server1.crt -extfile openssl-test-server.cnf -extensions v3_req && \ + cat mongodb-test-server1.crt mongodb-test-server1.key > test-server1.pem + +COPY mongo-init.js ./docker-entrypoint-initdb.d + +CMD ["mongod","--tlsMode","requireTLS","--tlsAllowConnectionsWithoutCertificates","--tlsCertificateKeyFile","test-server1.pem","--tlsCAFile","test-ca.pem"] \ No newline at end of file diff --git a/local-dev/mongodb-dbaas-provider/mongo-init.js b/local-dev/mongodb-dbaas-provider/mongo-init.js new file mode 100644 index 0000000000..3b58cd2846 --- /dev/null +++ b/local-dev/mongodb-dbaas-provider/mongo-init.js @@ -0,0 +1,11 @@ +// connect to admin database to create users +db = new Mongo().getDB("admin"); +// create admin user +db.createUser({ + user: "root", + pwd: "password", + roles: [{ + role: "clusterAdmin", + db: "admin" + }] +}); \ No newline at end of file diff --git a/local-dev/mongodb-dbaas-provider/openssl-test-ca.cnf b/local-dev/mongodb-dbaas-provider/openssl-test-ca.cnf new file mode 100644 index 0000000000..db9062eda2 --- /dev/null +++ b/local-dev/mongodb-dbaas-provider/openssl-test-ca.cnf @@ -0,0 +1,57 @@ +# NOT FOR PRODUCTION USE. OpenSSL configuration file for testing. + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +default_bits = 4096 +default_keyfile = myTestCertificateKey.pem ## The default private key file name. +default_md = sha256 ## Use SHA-256 for Signatures +distinguished_name = req_dn +req_extensions = v3_req +x509_extensions = v3_ca # The extentions to add to the self signed cert + +[ v3_req ] +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = critical, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Certificate for TESTING only. NOT FOR PRODUCTION USE." +extendedKeyUsage = serverAuth, clientAuth + +[ req_dn ] +countryName = AU +countryName_default = . +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name +stateOrProvinceName_default = TestCertificateStateName +stateOrProvinceName_max = 64 + +localityName = Locality Name +localityName_default = TestCertificateLocalityName +localityName_max = 64 + +organizationName = Organization Name +organizationName_default = TestCertificateOrgName +organizationName_max = 64 + +organizationalUnitName = Organizational Unit Name +organizationalUnitName_default = TestCertificateOrgUnitName +organizationalUnitName_max = 64 + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +[ v3_ca ] +# Extensions for a typical CA + +subjectKeyIdentifier=hash +basicConstraints = critical,CA:true +authorityKeyIdentifier=keyid:always,issuer:always \ No newline at end of file diff --git a/local-dev/mongodb-dbaas-provider/openssl-test-server.cnf b/local-dev/mongodb-dbaas-provider/openssl-test-server.cnf new file mode 100644 index 0000000000..7a3857af5e --- /dev/null +++ b/local-dev/mongodb-dbaas-provider/openssl-test-server.cnf @@ -0,0 +1,45 @@ +# NOT FOR PRODUCTION USE. OpenSSL configuration file for testing. + + +[ req ] +default_bits = 4096 +default_keyfile = myTestServerCertificateKey.pem ## The default private key file name. +default_md = sha256 +distinguished_name = req_dn +req_extensions = v3_req + +[ v3_req ] +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = critical, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Certificate for TESTING only. NOT FOR PRODUCTION USE." +extendedKeyUsage = serverAuth, clientAuth +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = www.acme.com ##TODO: Enter the DNS names. The DNS names should match the server names. + +[ req_dn ] +countryName = Country Name (2 letter code) +countryName_default = TestServerCertificateCountry +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = TestServerCertificateState +stateOrProvinceName_max = 64 + +localityName = Locality Name (eg, city) +localityName_default = TestServerCertificateLocality +localityName_max = 64 + +organizationName = Organization Name (eg, company) +organizationName_default = TestServerCertificateOrg +organizationName_max = 64 + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = TestServerCertificateOrgUnit +organizationalUnitName_max = 64 + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 \ No newline at end of file diff --git a/openshift-setup/dbaas-operator.yaml b/openshift-setup/dbaas-operator.yaml index dc1db042bd..39f40ecdc1 100644 --- a/openshift-setup/dbaas-operator.yaml +++ b/openshift-setup/dbaas-operator.yaml @@ -164,6 +164,349 @@ status: conditions: [] storedVersions: [] --- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: mongodbproviders.mongodb.amazee.io +spec: + group: mongodb.amazee.io + names: + kind: MongoDBProvider + listKind: MongoDBProviderList + plural: mongodbproviders + singular: mongodbprovider + scope: Namespaced + validation: + openAPIV3Schema: + description: MongoDBProvider is the Schema for the mongodbproviders API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MongoDBProviderSpec defines the desired state of MongoDBProvider + properties: + auth: + description: MongoDBAuth defines the authorisation mechanisms that mongo + can use + properties: + mechanism: + type: string + source: + type: string + tls: + type: boolean + required: + - tls + type: object + environment: + description: These are the spec options for providers + type: string + hostname: + type: string + password: + type: string + port: + type: string + type: + type: string + user: + type: string + type: object + status: + description: MongoDBProviderStatus defines the observed state of MongoDBProvider + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: mongodbconsumers.mongodb.amazee.io +spec: + group: mongodb.amazee.io + names: + kind: MongoDBConsumer + listKind: MongoDBConsumerList + plural: mongodbconsumers + singular: mongodbconsumer + scope: Namespaced + validation: + openAPIV3Schema: + description: MongoDBConsumer is the Schema for the mongodbconsumers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MongoDBConsumerSpec defines the desired state of MongoDBConsumer + properties: + consumer: + description: MongoDBConsumerData defines the provider link for this + consumer + properties: + auth: + description: MongoDBAuth defines the authorisation mechanisms that + mongo can use + properties: + mechanism: + type: string + source: + type: string + tls: + type: boolean + required: + - tls + type: object + database: + type: string + password: + type: string + services: + description: MongoDBConsumerServices defines the provider link for + this consumer + properties: + primary: + type: string + type: object + username: + type: string + type: object + environment: + description: These are the spec options for consumers + type: string + provider: + description: MongoDBConsumerProvider defines the provider link for this + consumer + properties: + auth: + description: MongoDBAuth defines the authorisation mechanisms that + mongo can use + properties: + mechanism: + type: string + source: + type: string + tls: + type: boolean + required: + - tls + type: object + hostname: + type: string + name: + type: string + namespace: + type: string + port: + type: string + type: object + type: object + status: + description: MongoDBConsumerStatus defines the observed state of MongoDBConsumer + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: postgresqlproviders.postgres.amazee.io +spec: + group: postgres.amazee.io + names: + kind: PostgreSQLProvider + listKind: PostgreSQLProviderList + plural: postgresqlproviders + singular: postgresqlprovider + scope: Namespaced + validation: + openAPIV3Schema: + description: PostgreSQLProvider is the Schema for the postgresqlproviders API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PostgreSQLProviderSpec defines the desired state of PostgreSQLProvider + properties: + environment: + description: These are the spec options for providers + type: string + hostname: + type: string + name: + type: string + namespace: + type: string + password: + type: string + port: + type: string + type: + type: string + user: + type: string + type: object + status: + description: PostgreSQLProviderStatus defines the observed state of PostgreSQLProvider + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + creationTimestamp: null + name: postgresqlconsumers.postgres.amazee.io +spec: + group: postgres.amazee.io + names: + kind: PostgreSQLConsumer + listKind: PostgreSQLConsumerList + plural: postgresqlconsumers + singular: postgresqlconsumer + scope: Namespaced + validation: + openAPIV3Schema: + description: PostgreSQLConsumer is the Schema for the postgresqlconsumers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PostgreSQLConsumerSpec defines the desired state of PostgreSQLConsumer + properties: + consumer: + description: PostgreSQLConsumerData defines the provider link for this + consumer + properties: + database: + type: string + password: + type: string + services: + description: PostgreSQLConsumerServices defines the provider link + for this consumer + properties: + primary: + type: string + type: object + username: + type: string + type: object + environment: + description: These are the spec options for consumers + type: string + provider: + description: PostgreSQLConsumerProvider defines the provider link for + this consumer + properties: + hostname: + type: string + name: + type: string + namespace: + type: string + port: + type: string + type: + type: string + type: object + type: object + status: + description: PostgreSQLConsumerStatus defines the observed state of PostgreSQLConsumer + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -273,6 +616,86 @@ rules: - subjectaccessreviews verbs: - create +- apiGroups: + - mongodb.amazee.io + resources: + - mongodbconsumers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mongodb.amazee.io + resources: + - mongodbconsumers/status + verbs: + - get + - patch + - update +- apiGroups: + - mongodb.amazee.io + resources: + - mongodbproviders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mongodb.amazee.io + resources: + - mongodbproviders/status + verbs: + - get + - patch + - update +- apiGroups: + - postgres.amazee.io + resources: + - postgresqlconsumers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - postgres.amazee.io + resources: + - postgresqlconsumers/status + verbs: + - get + - patch + - update +- apiGroups: + - postgres.amazee.io + resources: + - postgresqlproviders + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - postgres.amazee.io + resources: + - postgresqlproviders/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -362,7 +785,7 @@ spec: - --enable-leader-election command: - /manager - image: amazeeio/dbaas-operator:testingv1 + image: amazeeio/dbaas-operator:v0.1.6 name: manager resources: limits: @@ -371,4 +794,4 @@ spec: requests: cpu: 100m memory: 20Mi - terminationGracePeriodSeconds: 10 \ No newline at end of file + terminationGracePeriodSeconds: 10 diff --git a/openshift-setup/dbaas-providers.yaml b/openshift-setup/dbaas-providers.yaml index edeb87bbaa..8b8b1d8ae0 100644 --- a/openshift-setup/dbaas-providers.yaml +++ b/openshift-setup/dbaas-providers.yaml @@ -22,4 +22,34 @@ spec: - 172.17.0.1.nip.io password: password port: '3306' - user: root \ No newline at end of file + user: root +--- +apiVersion: mongodb.amazee.io/v1 +kind: MongoDBProvider +metadata: + name: mongodbprovider-development +spec: + environment: development + hostname: mongodb.172.17.0.1.nip.io + password: password + port: '27017' + user: root + auth: + mechanism: SCRAM-SHA-1 + source: admin + tls: true +--- +apiVersion: mongodb.amazee.io/v1 +kind: MongoDBProvider +metadata: + name: mongodbprovider-production +spec: + environment: production + hostname: mongodb.172.17.0.1.nip.io + password: password + port: '27017' + user: root + auth: + mechanism: SCRAM-SHA-1 + source: admin + tls: true diff --git a/openshift-setup/dbaas-roles.yaml b/openshift-setup/dbaas-roles.yaml index 25f7b44b50..6181434471 100644 --- a/openshift-setup/dbaas-roles.yaml +++ b/openshift-setup/dbaas-roles.yaml @@ -23,4 +23,56 @@ metadata: rules: - apiGroups: ["mariadb.amazee.io"] resources: ["mariadbproviders"] - verbs: ["*"] \ No newline at end of file + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodbconsumer-role + labels: + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["mongodb.amazee.io"] + resources: ["mongodbconsumers"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodbprovider-role + labels: + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["mongodb.amazee.io"] + resources: ["mongodbproviders"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: postgresqlconsumer-role + labels: + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["postgres.amazee.io"] + resources: ["postgresqlconsumers"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: postgresqlprovider-role + labels: + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["postgres.amazee.io"] + resources: ["postgresqlproviders"] + verbs: ["*"] diff --git a/tests/files/node-mongodb/.dockerignore b/tests/files/node-mongodb/.dockerignore new file mode 100644 index 0000000000..b512c09d47 --- /dev/null +++ b/tests/files/node-mongodb/.dockerignore @@ -0,0 +1 @@ +node_modules \ No newline at end of file diff --git a/tests/files/node-mongodb/.lagoon.yml b/tests/files/node-mongodb/.lagoon.yml new file mode 100644 index 0000000000..eade588656 --- /dev/null +++ b/tests/files/node-mongodb/.lagoon.yml @@ -0,0 +1,11 @@ +docker-compose-yaml: docker-compose.yml + +environment_variables: + git_sha: 'true' + +environments: + node10: + routes: + - node: + - customdomain-will-be-main-domain.com + - customdomain-will-be-not-be-main-domain.com diff --git a/tests/files/node-mongodb/Dockerfile b/tests/files/node-mongodb/Dockerfile new file mode 100644 index 0000000000..d5be35ae98 --- /dev/null +++ b/tests/files/node-mongodb/Dockerfile @@ -0,0 +1,11 @@ +ARG UPSTREAM_REPO +ARG UPSTREAM_TAG + +FROM ${UPSTREAM_REPO:-testlagoon}/node-10:${UPSTREAM_TAG:-latest} +COPY . /app/ + +RUN npm install + +EXPOSE 3000 + +CMD ["node", "index.js"] diff --git a/tests/files/node-mongodb/Dockerfile.mongo b/tests/files/node-mongodb/Dockerfile.mongo new file mode 100644 index 0000000000..7a3aa177d6 --- /dev/null +++ b/tests/files/node-mongodb/Dockerfile.mongo @@ -0,0 +1,21 @@ +FROM mongo:4.2.3 +# generate a self signed mongodb with tls support +COPY mongodb/openssl-test-ca.cnf openssl-test-ca.cnf + +RUN openssl genrsa -out mongodb-test-ca.key 4096 && \ + openssl req -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com" -new -x509 -days 1826 -key mongodb-test-ca.key -out mongodb-test-ca.crt -config openssl-test-ca.cnf && \ + openssl genrsa -out mongodb-test-ia.key 4096 && \ + openssl req -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com" -new -key mongodb-test-ia.key -out mongodb-test-ia.csr -config openssl-test-ca.cnf && \ + openssl x509 -sha256 -req -days 730 -in mongodb-test-ia.csr -CA mongodb-test-ca.crt -CAkey mongodb-test-ca.key -set_serial 01 -out mongodb-test-ia.crt -extfile openssl-test-ca.cnf -extensions v3_ca && \ + cat mongodb-test-ca.crt mongodb-test-ia.crt > test-ca.pem + +COPY mongodb/openssl-test-server.cnf openssl-test-server.cnf + +RUN openssl genrsa -out mongodb-test-server1.key 4096 && \ + openssl req -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com" -new -key mongodb-test-server1.key -out mongodb-test-server1.csr -config openssl-test-server.cnf && \ + openssl x509 -sha256 -req -days 365 -in mongodb-test-server1.csr -CA mongodb-test-ia.crt -CAkey mongodb-test-ia.key -CAcreateserial -out mongodb-test-server1.crt -extfile openssl-test-server.cnf -extensions v3_req && \ + cat mongodb-test-server1.crt mongodb-test-server1.key > test-server1.pem + +COPY mongodb/mongo-init.js ./docker-entrypoint-initdb.d + +CMD ["mongod","--tlsMode","requireTLS","--tlsAllowConnectionsWithoutCertificates","--tlsCertificateKeyFile","test-server1.pem","--tlsCAFile","test-ca.pem"] \ No newline at end of file diff --git a/tests/files/node-mongodb/controllers/list.js b/tests/files/node-mongodb/controllers/list.js new file mode 100644 index 0000000000..e9bd5c7be0 --- /dev/null +++ b/tests/files/node-mongodb/controllers/list.js @@ -0,0 +1,29 @@ +const path = require('path'); +const List = require('../models/list'); + +exports.index = function (req, res) { + res.sendFile(path.resolve('views/list.html')); +}; + +exports.create = function (req, res) { + var newItem = new List(req.body); + console.log(req.body); + newItem.save(function (err) { + if(err) { + res.status(400).send('Unable to save item to database'); + } else { + res.redirect('/list/getlist'); + } + }); + }; + +exports.list = function (req, res) { + List.find({}).exec(function (err, items) { + if (err) { + return res.send(500, err); + } + res.render('getlist', { + items: items + }); + }); +}; \ No newline at end of file diff --git a/tests/files/node-mongodb/db.js b/tests/files/node-mongodb/db.js new file mode 100644 index 0000000000..2ac804168d --- /dev/null +++ b/tests/files/node-mongodb/db.js @@ -0,0 +1,34 @@ +const mongoose = require('mongoose'); + +const { + MONGODB_USERNAME, + MONGODB_PASSWORD, + MONGODB_HOST, + MONGODB_PORT, + MONGODB_DATABASE, + MONGODB_AUTHSOURCE, + MONGODB_AUTHTLS +} = process.env; + +const options = { + useNewUrlParser: true, + reconnectTries: Number.MAX_VALUE, + reconnectInterval: 500, + connectTimeoutMS: 10000, +}; + +let authTLSString = ""; +if (MONGODB_AUTHTLS == "True") { + authTLSString = "ssl=true&sslInsecure=true&tls=true&tlsInsecure=true"; +} + +const url = `mongodb://${MONGODB_USERNAME}:${MONGODB_PASSWORD}@${MONGODB_HOST}:${MONGODB_PORT}/${MONGODB_DATABASE}?${authTLSString}`; + +console.log(url); + +mongoose.connect(url, options).then( function() { + console.log('MongoDB is connected'); +}) + .catch( function(err) { + console.log(err); +}); \ No newline at end of file diff --git a/tests/files/node-mongodb/docker-compose.yml b/tests/files/node-mongodb/docker-compose.yml new file mode 100644 index 0000000000..83f0b3208e --- /dev/null +++ b/tests/files/node-mongodb/docker-compose.yml @@ -0,0 +1,39 @@ +version: '3' +services: + node: + networks: + - amazeeio-network + - default + build: + context: . + dockerfile: Dockerfile + labels: + lagoon.type: node + ports: + - "3020:3000" + depends_on: + - mongodb + environment: + - AMAZEEIO_URL=node-mongo.docker.amazee.io + - MONGODB_USERNAME=root_bob + - MONGODB_PASSWORD=password + - MONGODB_HOST=mongodb + - MONGODB_PORT=27017 + - MONGODB_DATABASE=bob + - MONGODB_AUTHSOURCE=admin + - MONGODB_AUTHTLS=True + mongodb: + build: + context: . + dockerfile: Dockerfile.mongo + labels: + lagoon.type: mongodb-dbaas + # ports: + # - "27027:27017" + # networks: + # - amazeeio-network + # - default + +networks: + amazeeio-network: + external: true \ No newline at end of file diff --git a/tests/files/node-mongodb/index.js b/tests/files/node-mongodb/index.js new file mode 100644 index 0000000000..d9caf6ebd9 --- /dev/null +++ b/tests/files/node-mongodb/index.js @@ -0,0 +1,18 @@ +const express = require('express'); +const app = express(); +const router = express.Router(); +const db = require('./db'); +const list = require('./routes/list'); + +const path = __dirname + '/views/'; +const port = process.env.PORT || 3000; + +app.engine('html', require('ejs').renderFile); +app.set('view engine', 'html'); +app.use(express.urlencoded({ extended: true })); +app.use(express.static(path)); +app.use('/list', list); + +app.listen(port, function () { + console.log(`App listening on ${port}!`); +}); \ No newline at end of file diff --git a/tests/files/node-mongodb/models/list.js b/tests/files/node-mongodb/models/list.js new file mode 100644 index 0000000000..3ad8c09f7d --- /dev/null +++ b/tests/files/node-mongodb/models/list.js @@ -0,0 +1,9 @@ +const mongoose = require('mongoose'); +const Schema = mongoose.Schema; + +const List = new Schema ({ + name: { type: String, required: true }, + character: { type: String, required: true }, +}); + +module.exports = mongoose.model('List', List) \ No newline at end of file diff --git a/tests/files/node-mongodb/mongodb/mongo-init.js b/tests/files/node-mongodb/mongodb/mongo-init.js new file mode 100644 index 0000000000..443a14c9f8 --- /dev/null +++ b/tests/files/node-mongodb/mongodb/mongo-init.js @@ -0,0 +1,11 @@ +// connect to admin database to create users +db = new Mongo().getDB("admin"); +// create admin user +db.createUser({ + user: "root_bob", + pwd: "password", + roles: [{ + role: "clusterAdmin", + db: "admin" + }] +}); \ No newline at end of file diff --git a/tests/files/node-mongodb/mongodb/openssl-test-ca.cnf b/tests/files/node-mongodb/mongodb/openssl-test-ca.cnf new file mode 100644 index 0000000000..db9062eda2 --- /dev/null +++ b/tests/files/node-mongodb/mongodb/openssl-test-ca.cnf @@ -0,0 +1,57 @@ +# NOT FOR PRODUCTION USE. OpenSSL configuration file for testing. + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +default_bits = 4096 +default_keyfile = myTestCertificateKey.pem ## The default private key file name. +default_md = sha256 ## Use SHA-256 for Signatures +distinguished_name = req_dn +req_extensions = v3_req +x509_extensions = v3_ca # The extentions to add to the self signed cert + +[ v3_req ] +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = critical, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Certificate for TESTING only. NOT FOR PRODUCTION USE." +extendedKeyUsage = serverAuth, clientAuth + +[ req_dn ] +countryName = AU +countryName_default = . +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name +stateOrProvinceName_default = TestCertificateStateName +stateOrProvinceName_max = 64 + +localityName = Locality Name +localityName_default = TestCertificateLocalityName +localityName_max = 64 + +organizationName = Organization Name +organizationName_default = TestCertificateOrgName +organizationName_max = 64 + +organizationalUnitName = Organizational Unit Name +organizationalUnitName_default = TestCertificateOrgUnitName +organizationalUnitName_max = 64 + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +[ v3_ca ] +# Extensions for a typical CA + +subjectKeyIdentifier=hash +basicConstraints = critical,CA:true +authorityKeyIdentifier=keyid:always,issuer:always \ No newline at end of file diff --git a/tests/files/node-mongodb/mongodb/openssl-test-server.cnf b/tests/files/node-mongodb/mongodb/openssl-test-server.cnf new file mode 100644 index 0000000000..7a3857af5e --- /dev/null +++ b/tests/files/node-mongodb/mongodb/openssl-test-server.cnf @@ -0,0 +1,45 @@ +# NOT FOR PRODUCTION USE. OpenSSL configuration file for testing. + + +[ req ] +default_bits = 4096 +default_keyfile = myTestServerCertificateKey.pem ## The default private key file name. +default_md = sha256 +distinguished_name = req_dn +req_extensions = v3_req + +[ v3_req ] +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = critical, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Certificate for TESTING only. NOT FOR PRODUCTION USE." +extendedKeyUsage = serverAuth, clientAuth +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = www.acme.com ##TODO: Enter the DNS names. The DNS names should match the server names. + +[ req_dn ] +countryName = Country Name (2 letter code) +countryName_default = TestServerCertificateCountry +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = TestServerCertificateState +stateOrProvinceName_max = 64 + +localityName = Locality Name (eg, city) +localityName_default = TestServerCertificateLocality +localityName_max = 64 + +organizationName = Organization Name (eg, company) +organizationName_default = TestServerCertificateOrg +organizationName_max = 64 + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = TestServerCertificateOrgUnit +organizationalUnitName_max = 64 + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 \ No newline at end of file diff --git a/tests/files/node-mongodb/package.json b/tests/files/node-mongodb/package.json new file mode 100644 index 0000000000..0ccb4b7a55 --- /dev/null +++ b/tests/files/node-mongodb/package.json @@ -0,0 +1,15 @@ +{ + "name": "node", + "version": "1.0.0", + "main": "index.js", + "license": "MIT", + "dependencies": { + "ejs": "^2.6.1", + "express": "^4.16.4", + "mongoose": "^5.4.10", + "nodemon": "^1.19.4" + }, + "scripts": { + "start": "node index.js" + } +} diff --git a/tests/files/node-mongodb/routes/index.js b/tests/files/node-mongodb/routes/index.js new file mode 100644 index 0000000000..589ccae5ee --- /dev/null +++ b/tests/files/node-mongodb/routes/index.js @@ -0,0 +1,14 @@ +const express = require('express'); +const router = express.Router(); +const path = require('path'); + +router.use (function (req,res,next) { + console.log('/' + req.method); + next(); +}); + +router.get('/',function(req,res){ + res.sendFile(path.resolve('views/index.html')); +}); + +module.exports = router; \ No newline at end of file diff --git a/tests/files/node-mongodb/routes/list.js b/tests/files/node-mongodb/routes/list.js new file mode 100644 index 0000000000..1cefe59ef7 --- /dev/null +++ b/tests/files/node-mongodb/routes/list.js @@ -0,0 +1,17 @@ +const express = require('express'); +const router = express.Router(); +const list = require('../controllers/list'); + +router.get('/', function(req, res){ + list.index(req,res); +}); + +router.post('/additem', function(req, res) { + list.create(req,res); +}); + +router.get('/getlist', function(req, res) { + list.list(req,res); +}); + +module.exports = router; \ No newline at end of file diff --git a/tests/files/node-mongodb/views/getlist.html b/tests/files/node-mongodb/views/getlist.html new file mode 100644 index 0000000000..b6fdf973f6 --- /dev/null +++ b/tests/files/node-mongodb/views/getlist.html @@ -0,0 +1,30 @@ + + + + + List + + +
+

Items

+
+
+

+

Your Items
+ <% items.forEach(function(list) { %> +

+ Name: <%= list.name %>
+ Character: <%= list.character %> +

+ <% }); %> +

+
+ \ No newline at end of file diff --git a/tests/files/node-mongodb/views/index.html b/tests/files/node-mongodb/views/index.html new file mode 100644 index 0000000000..75884cdc2c --- /dev/null +++ b/tests/files/node-mongodb/views/index.html @@ -0,0 +1,19 @@ + + + + + List + + +
+

Home

+
+ \ No newline at end of file diff --git a/tests/files/node-mongodb/views/list.html b/tests/files/node-mongodb/views/list.html new file mode 100644 index 0000000000..c7d2ff30b5 --- /dev/null +++ b/tests/files/node-mongodb/views/list.html @@ -0,0 +1,33 @@ + + + + + Add + + +
+

Add

+
+
+
+
+

+

+
Enter Your Item
+ + + +
+

+
+
+
+ \ No newline at end of file diff --git a/tests/tests/node-mongodb.yaml b/tests/tests/node-mongodb.yaml new file mode 100644 index 0000000000..926b1efb5a --- /dev/null +++ b/tests/tests/node-mongodb.yaml @@ -0,0 +1,14 @@ +--- + +- include: features/api-token.yaml + vars: + testname: "API TOKEN" + +- include: node-mongodb/node-mongodb.yaml + vars: + testname: "Node 10 - MONGODB DBAAAS {{ cluster_type|upper }}" + node_version: 10 + db: mongodb + git_repo_name: node-mongodb.git + project: ci-node-mongodb-{{ cluster_type }} + branch: node-mongodb-dbaas \ No newline at end of file diff --git a/tests/tests/node-mongodb/check-deployed.yaml b/tests/tests/node-mongodb/check-deployed.yaml new file mode 100644 index 0000000000..80942d1326 --- /dev/null +++ b/tests/tests/node-mongodb/check-deployed.yaml @@ -0,0 +1,32 @@ +- name: "{{ testname }} - check if {{ project }} is deployed with searching for 'Home'" + hosts: localhost + serial: 1 + vars: + url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}" + expected_content: "Home" + tasks: + - include: ../../checks/check-url-content.yaml + - name: "{{ testname }} - Post data to URL http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}/list/additem returns" + shell: curl -s -i -k -X POST -d name=TESTDATA -d character=TESTDATA http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}/list/additem + # uri: + # url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}/list/additem" + # status_code: 302 + # validate_certs: no + # method: POST + # body_format: form-urlencoded + # body: + # name: TESTDATA + # character: TESTDATA + # register: result + # until: result.status is defined and result.status == 302 + # - name: "{{ testname }} - Check if URL http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}/list/additem returns with return code 302" + # debug: msg="Success!!!" + +- name: "{{ testname }} - check if {{ project }} is deployed with searching for 'Home'" + hosts: localhost + serial: 1 + vars: + url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ route_suffix }}/list/getlist" + expected_content: "TESTDATA" + tasks: + - include: ../../checks/check-url-content.yaml \ No newline at end of file diff --git a/tests/tests/node-mongodb/node-mongodb.yaml b/tests/tests/node-mongodb/node-mongodb.yaml new file mode 100644 index 0000000000..6124ade2c8 --- /dev/null +++ b/tests/tests/node-mongodb/node-mongodb.yaml @@ -0,0 +1,42 @@ + +- name: "{{ testname }} - init git, add files, commit, git push" + hosts: localhost + serial: 1 + vars: + git_files: "node-mongodb/" + tasks: + - include: ../../tasks/git-init.yaml + - include: ../../tasks/git-add-commit-push.yaml + +- name: "{{ testname }} - api deployEnvironmentBranch on {{ project }}, which should deploy the first commit" + hosts: localhost + serial: 1 + vars: + branch: "{{ branch }}" + project: "{{ project }}" + tasks: + - include: ../../tasks/api/deploy-no-sha.yaml + +- include: check-deployed.yaml + vars: + expected_head: "{{ current_head }}" + expected_branch: "{{ branch }}" + project: "{{ project }}" + +- name: "{{ testname }} - api deleteEnvironment on {{ project }}, which should remove all resources" + hosts: localhost + serial: 1 + vars: + project: "{{ project }}" + branch: "{{ branch }}" + tasks: + - include: ../../tasks/api/remove.yaml + +- name: "{{ testname }} - check if site for {{ project }} does not exist anymore" + hosts: localhost + serial: 1 + vars: + url: "http://node.{{ project | regex_replace('_', '-') }}.{{ branch | regex_replace('/', '-') }}.{{ lookup('env','ROUTE_SUFFIX_HTTP') }}:{{ lookup('env','ROUTE_SUFFIX_HTTP_PORT') }}" + expected_returncode: "{{ lookup('env','DELETED_STATUS_CODE') }}" + tasks: + - include: ../../checks/check-url-returncode.yaml \ No newline at end of file