From 35facf1b74232375d2c8795ccb98ea152e6dc339 Mon Sep 17 00:00:00 2001 From: pb Date: Tue, 13 May 2025 16:33:48 +0200 Subject: [PATCH] added :peer to admiralty routes to create peer related resources --- controllers/admiralty.go | 23 +++++++++++++---------- infrastructure/interface.go | 10 +++++----- infrastructure/kubernetes.go | 27 +++++++++++++++++---------- 3 files changed, 35 insertions(+), 25 deletions(-) diff --git a/controllers/admiralty.go b/controllers/admiralty.go index ade21c7..04f91bd 100644 --- a/controllers/admiralty.go +++ b/controllers/admiralty.go @@ -227,14 +227,16 @@ func (c *AdmiraltyController) CreateAdmiraltyTarget(){ // @Title GetKubeSecret // @Description Retrieve the secret created from a Kubeconfig that will be associated to an Admiralty Target - // @Param execution path string true "execution id of the workflow" +// @Param peer path string true "UUID of the peer to which the resource is linked" // @Success 200 -// @router /secret/:execution [get] +// @router /secret/:execution/:peer [get] func(c *AdmiraltyController) GetKubeSecret() { var data map[string]interface{} execution := c.Ctx.Input.Param(":execution") + peerId := c.Ctx.Input.Param(":peer") + serv, err := infrastructure.NewService() if err != nil { @@ -245,7 +247,7 @@ func(c *AdmiraltyController) GetKubeSecret() { return } - resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution) + resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution, peerId) if err != nil { // change code to 500 c.Ctx.Output.SetStatus(500) @@ -277,9 +279,10 @@ func(c *AdmiraltyController) GetKubeSecret() { // @Description Creat a secret from a Kubeconfig that will be associated to an Admiralty Target // @Param execution path string true "execution id of the workflow" +// @Param peer path string true "UUID of the peer to which the resource is linked" // @Param kubeconfig body controllers.RemoteKubeconfig true "Kubeconfig to use when creating secret" // @Success 201 -// @router /secret/:execution [post] +// @router /secret/:execution/:peer [post] func (c *AdmiraltyController) CreateKubeSecret() { var kubeconfig RemoteKubeconfig var respData map[string]interface{} @@ -296,9 +299,8 @@ func (c *AdmiraltyController) CreateKubeSecret() { return } - execution := c.Ctx.Input.Param(":execution") - + peerId := c.Ctx.Input.Param(":peer") serv, err := infrastructure.NewService() if err != nil { @@ -309,7 +311,7 @@ func (c *AdmiraltyController) CreateKubeSecret() { return } - resp, err := serv.CreateKubeconfigSecret(c.Ctx.Request.Context(),*kubeconfig.Data,execution) + resp, err := serv.CreateKubeconfigSecret(c.Ctx.Request.Context(),*kubeconfig.Data,execution, peerId) if err != nil { // change code to 500 c.Ctx.Output.SetStatus(500) @@ -328,12 +330,13 @@ func (c *AdmiraltyController) CreateKubeSecret() { // @name GetAdmiraltyNodes // @description Allows user to test if an admiralty connection has already been established : Target and valid Secret set up on the local host and Source set up on remote host // @Param execution path string true "execution id of the workflow" +// @Param peer path string true "UUID of the peer to which the resource is linked" // @Success 200 -// @router /node/:execution [get] +// @router /node/:execution/:peer [get] func (c *AdmiraltyController) GetNodeReady(){ var secret v1.Secret execution := c.Ctx.Input.Param(":execution") - + peerId := c.Ctx.Input.Param(":peer") serv, err := infrastructure.NewService() if err != nil { @@ -363,7 +366,7 @@ func (c *AdmiraltyController) GetNodeReady(){ - resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution) + resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution, peerId) if err != nil { // change code to 500 c.Ctx.Output.SetStatus(500) diff --git a/infrastructure/interface.go b/infrastructure/interface.go index 02807ac..e8c81d3 100644 --- a/infrastructure/interface.go +++ b/infrastructure/interface.go @@ -16,11 +16,11 @@ type Infrastructure interface { CreateRoleBinding(ctx context.Context, ns string, roleBinding string, role string) error CreateRole(ctx context.Context, ns string, role string, groups [][]string, resources [][]string, verbs [][]string) error GetTargets(ctx context.Context) ([]string,error) - CreateAdmiraltySource(context context.Context,executionId string) ([]byte, error) - CreateKubeconfigSecret(context context.Context,kubeconfig string, executionId string) ([]byte, error) - GetKubeconfigSecret(context context.Context,executionId string) ([]byte, error) - CreateAdmiraltyTarget(context context.Context,executionId string, peerId string)([]byte,error) - GetOneNode(context context.Context,executionID string) (*v1.Node, error) + CreateAdmiraltySource(context context.Context, executionId string) ([]byte, error) + CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string, peerId string) ([]byte, error) + GetKubeconfigSecret(context context.Context, executionId string, peerId string) ([]byte, error) + CreateAdmiraltyTarget(context context.Context, executionId string, peerId string)([]byte,error) + GetOneNode(context context.Context, executionID string) (*v1.Node, error) } var _service = map[string]func() (Infrastructure, error){ diff --git a/infrastructure/kubernetes.go b/infrastructure/kubernetes.go index dd559bd..fa25ee4 100644 --- a/infrastructure/kubernetes.go +++ b/infrastructure/kubernetes.go @@ -281,7 +281,7 @@ func (k *KubernetesService) GetTargets(ctx context.Context) ([]string, error) { // // - have delcared a serviceAccount with sufficient permission to create pods func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, executionId string, peerId string) ([]byte, error) { - exists, err := k.GetKubeconfigSecret(context, executionId) + exists, err := k.GetKubeconfigSecret(context, executionId, peerId) if err != nil { fmt.Println("Error verifying kube-secret before creating target") return nil, err @@ -292,11 +292,7 @@ func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, execu return nil, nil // Maybe we could create a wrapper for errors and add more info to have } - s := strings.Split(peerId, "-")[:2] - p := s[0] + "-" + s[1] - - targetName := "target-" + p + "-" + executionId - + targetName := "target-" + getConcatenatedName(peerId,executionId) target := map[string]interface{}{ "apiVersion": "multicluster.admiralty.io/v1alpha1", "kind": "Target", @@ -356,7 +352,7 @@ func (k *KubernetesService) CreateAdmiraltySource(context context.Context,execut // Create a secret from a kubeconfing. Use it to create the secret binded to an Admiralty // target, which must contain the serviceAccount's token value -func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string) ([]byte, error) { +func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string, peerId string) ([]byte, error) { config, err := base64.StdEncoding.DecodeString(kubeconfig) // config, err := base64.RawStdEncoding.DecodeString(kubeconfig) if err != nil { @@ -365,7 +361,7 @@ func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kube return nil, err } - secretApplyConfig := apply.Secret("kube-secret-" + executionId, + secretApplyConfig := apply.Secret("kube-secret-" + getConcatenatedName(peerId, executionId), executionId). WithData(map[string][]byte{ "config": config, @@ -412,10 +408,10 @@ func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kube return data, nil } -func (k *KubernetesService) GetKubeconfigSecret(context context.Context, executionId string) ([]byte, error) { +func (k *KubernetesService) GetKubeconfigSecret(context context.Context, executionId string, peerId string) ([]byte, error) { resp, err := k.Set.CoreV1(). Secrets(executionId). - Get(context, "kube-secret-"+executionId, metav1.GetOptions{}) + Get(context, "kube-secret-"+ getConcatenatedName(peerId, executionId), metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { @@ -535,3 +531,14 @@ func (k *KubernetesService) GetOneNode(context context.Context, executionID stri return nil, nil } + + +// Returns a concatenation of the peerId and namespace in order for +// kubernetes ressources to have a unique name, under 63 characters +// and yet identify which peer they are created for +func getConcatenatedName(peerId string, namespace string) string { + s := strings.Split(peerId, "-")[:2] + p := s[0] + "-" + s[1] + + return p + "-" + namespace +}