zitadel/operator/secrets/secrets.go

package secrets

import (
	"errors"
	orbdb "github.com/caos/zitadel/operator/database/kinds/orb"
	"strings"

	"github.com/caos/orbos/mntr"
	"github.com/caos/orbos/pkg/git"
	"github.com/caos/orbos/pkg/orb"
	"github.com/caos/orbos/pkg/secret"
	"github.com/caos/orbos/pkg/tree"
	"github.com/caos/zitadel/operator/api"
	zitadelOrb "github.com/caos/zitadel/operator/zitadel/kinds/orb"
)

const (
	zitadel  string = "zitadel"
	database string = "database"
)

func GetAllSecretsFunc(orb *orb.Orb) func(monitor mntr.Monitor, gitClient *git.Client) (map[string]*secret.Secret, map[string]*tree.Tree, error) {
	return func(monitor mntr.Monitor, gitClient *git.Client) (map[string]*secret.Secret, map[string]*tree.Tree, error) {
		allSecrets := make(map[string]*secret.Secret, 0)
		allTrees := make(map[string]*tree.Tree, 0)
		foundZitadel, err := api.ExistsZitadelYml(gitClient)
		if err != nil {
			return nil, nil, err
		}

		if foundZitadel {
			zitadelYML, err := api.ReadZitadelYml(gitClient)
			if err != nil {
				return nil, nil, err
			}
			allTrees[zitadel] = zitadelYML
			_, _, zitadelSecrets, err := zitadelOrb.AdaptFunc(orb, "secret", nil, []string{})(monitor, zitadelYML, &tree.Tree{})
			if err != nil {
				return nil, nil, err
			}

			if zitadelSecrets != nil && len(zitadelSecrets) > 0 {
				secret.AppendSecrets(zitadel, allSecrets, zitadelSecrets)
			}
		} else {
			monitor.Info("no file for zitadel found")
		}

		foundDB, err := api.ExistsDatabaseYml(gitClient)
		if err != nil {
			return nil, nil, err
		}
		if foundDB {
			dbYML, err := api.ReadDatabaseYml(gitClient)
			if err != nil {
				return nil, nil, err
			}
			allTrees[database] = dbYML

			_, _, dbSecrets, err := orbdb.AdaptFunc("", nil, "database", "backup")(monitor, dbYML, nil)
			if err != nil {
				return nil, nil, err
			}
			if dbSecrets != nil && len(dbSecrets) > 0 {
				secret.AppendSecrets(database, allSecrets, dbSecrets)
			}
		} else {
			monitor.Info("no file for database found")
		}
		return allSecrets, allTrees, nil
	}
}

func PushFunc() func(monitor mntr.Monitor, gitClient *git.Client, trees map[string]*tree.Tree, path string) error {
	return func(monitor mntr.Monitor, gitClient *git.Client, trees map[string]*tree.Tree, path string) error {
		operator := ""
		if strings.HasPrefix(path, zitadel) {
			operator = zitadel
		} else if strings.HasPrefix(path, database) {
			operator = database
		} else {
			return errors.New("Operator unknown")
		}

		desired, found := trees[operator]
		if !found {
			return errors.New("Operator file not found")
		}

		if operator == zitadel {
			return api.PushZitadelDesiredFunc(gitClient, desired)(monitor)
		} else if operator == database {
			return api.PushDatabaseDesiredFunc(gitClient, desired)(monitor)
		}
		return errors.New("Operator push function unknown")
	}
}
feat(operator): zitadel and database operator (#1208) * feat(operator): add base for zitadel operator * fix(operator): changed pipeline to release operator * fix(operator): fmt with only one parameter * fix(operator): corrected workflow job name * fix(zitadelctl): added restore and backuplist command * fix(zitadelctl): scale for restore * chore(container): use scratch for deploy container * fix(zitadelctl): limit image to scratch * fix(migration): added migration scripts for newer version * fix(operator): changed handling of kubeconfig in operator logic * fix(operator): changed handling of secrets in operator logic * fix(operator): use new version of zitadel * fix(operator): added path for migrations * fix(operator): delete doublets of migration scripts * fix(operator): delete subpaths and integrate logic into init container * fix(operator): corrected path in dockerfile for local migrations * fix(operator): added migrations for cockroachdb-secure * fix(operator): delete logic for ambassador module * fix(operator): added read and write secret commands * fix(operator): correct and align operator pipeline with zitadel pipeline * fix(operator): correct yaml error in operator pipeline * fix(operator): correct action name in operator pipeline * fix(operator): correct case-sensitive filename in operator pipeline * fix(operator): upload artifacts from buildx output * fix(operator): corrected attribute spelling error * fix(operator): combined jobs for operator binary and image * fix(operator): added missing comma in operator pipeline * fix(operator): added codecov for operator image * fix(operator): added codecov for operator image * fix(testing): code changes for testing and several unit-tests (#1009) * fix(operator): usage of interface of kubernetes client for testing and several unit-tests * fix(operator): several unit-tests * fix(operator): several unit-tests * fix(operator): changed order for the operator logic * fix(operator): added version of zitadelctl from semantic release * fix(operator): corrected function call with version of zitadelctl * fix(operator): corrected function call with version of zitadelctl * fix(operator): add check output to operator release pipeline * fix(operator): set --short length everywhere to 12 * fix(operator): zitadel setup in job instead of exec with several unit tests * fix(operator): fixes to combine newest zitadel and testing branch * fix(operator): corrected path in Dockerfile * fix(operator): fixed unit-test that was ignored during changes * fix(operator): fixed unit-test that was ignored during changes * fix(operator): corrected Dockerfile to correctly use env variable * fix(operator): quickfix takeoff deployment * fix(operator): corrected the clusterrolename in the applied artifacts * fix: update secure migrations * fix(operator): migrations (#1057) * fix(operator): copied migrations from orbos repository * fix(operator): newest migrations * chore: use cockroach-secure * fix: rename migration * fix: remove insecure cockroach migrations Co-authored-by: Stefan Benz <stefan@caos.ch> * fix: finalize labels * fix(operator): cli logging concurrent and fixe deployment of operator during restore * fix: finalize labels and cli commands * fix: restore * chore: cockroachdb is always secure * chore: use orbos consistent-labels latest commit * test: make tests compatible with new labels * fix: default to sa token for start command * fix: use cockroachdb v12.02 * fix: don't delete flyway user * test: fix migration test * fix: use correct table qualifiers * fix: don't alter sequence ownership * fix: upgrade flyway * fix: change ownership of all dbs and tables to admin user * fix: change defaultdb user * fix: treat clientid status codes >= 400 as errors * fix: reconcile specified ZITADEL version, not binary version * fix: add ca-certs * fix: use latest orbos code * fix: use orbos with fixed race condition * fix: use latest ORBOS code * fix: use latest ORBOS code * fix: make migration and scaling around restoring work * fix(operator): move zitadel operator * chore(migrations): include owner change migration * feat(db): add code base for database operator * fix(db): change used image registry for database operator * fix(db): generated mock * fix(db): add accidentally ignored file * fix(db): add cockroachdb backup image to pipeline * fix(db): correct pipeline and image versions * fix(db): correct version of used orbos * fix(db): correct database import * fix(db): go mod tidy * fix(db): use new version for orbos * fix(migrations): include migrations into zitadelctl binary (#1211) * fix(db): use statik to integrate migrations into binary * fix(migrations): corrections unit tests and pipeline for integrated migrations into zitadelctl binary * fix(migrations): correction in dockerfile for pipeline build * fix(migrations): correction in dockerfile for pipeline build * fix(migrations): dockerfile changes for cache optimization * fix(database): correct used part-of label in database operator * fix(database): correct used selectable label in zitadel operator * fix(operator): correct lables for user secrets in zitadel operator * fix(operator): correct lables for service test in zitadel operator * fix: don't enable database features for user operations (#1227) * fix: don't enable database features for user operations * fix: omit database feature for connection info adapter * fix: use latest orbos version * fix: update ORBOS (#1240) Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: Elio Bischof <eliobischof@gmail.com> 2021-02-05 19:28:12 +01:00			`package secrets`

			`import (`
			`"errors"`
			`orbdb "github.com/caos/zitadel/operator/database/kinds/orb"`
			`"strings"`

			`"github.com/caos/orbos/mntr"`
			`"github.com/caos/orbos/pkg/git"`
			`"github.com/caos/orbos/pkg/orb"`
			`"github.com/caos/orbos/pkg/secret"`
			`"github.com/caos/orbos/pkg/tree"`
			`"github.com/caos/zitadel/operator/api"`
			`zitadelOrb "github.com/caos/zitadel/operator/zitadel/kinds/orb"`
			`)`

			`const (`
			`zitadel string = "zitadel"`
			`database string = "database"`
			`)`

			`func GetAllSecretsFunc(orb orb.Orb) func(monitor mntr.Monitor, gitClient git.Client) (map[string]secret.Secret, map[string]tree.Tree, error) {`
			`return func(monitor mntr.Monitor, gitClient git.Client) (map[string]secret.Secret, map[string]*tree.Tree, error) {`
			`allSecrets := make(map[string]*secret.Secret, 0)`
			`allTrees := make(map[string]*tree.Tree, 0)`
			`foundZitadel, err := api.ExistsZitadelYml(gitClient)`
			`if err != nil {`
			`return nil, nil, err`
			`}`

			`if foundZitadel {`
			`zitadelYML, err := api.ReadZitadelYml(gitClient)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`allTrees[zitadel] = zitadelYML`
			`_, _, zitadelSecrets, err := zitadelOrb.AdaptFunc(orb, "secret", nil, []string{})(monitor, zitadelYML, &tree.Tree{})`
			`if err != nil {`
			`return nil, nil, err`
			`}`

			`if zitadelSecrets != nil && len(zitadelSecrets) > 0 {`
			`secret.AppendSecrets(zitadel, allSecrets, zitadelSecrets)`
			`}`
			`} else {`
			`monitor.Info("no file for zitadel found")`
			`}`

			`foundDB, err := api.ExistsDatabaseYml(gitClient)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`if foundDB {`
			`dbYML, err := api.ReadDatabaseYml(gitClient)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`allTrees[database] = dbYML`

			`_, _, dbSecrets, err := orbdb.AdaptFunc("", nil, "database", "backup")(monitor, dbYML, nil)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`if dbSecrets != nil && len(dbSecrets) > 0 {`
			`secret.AppendSecrets(database, allSecrets, dbSecrets)`
			`}`
			`} else {`
			`monitor.Info("no file for database found")`
			`}`
			`return allSecrets, allTrees, nil`
			`}`
			`}`

			`func PushFunc() func(monitor mntr.Monitor, gitClient git.Client, trees map[string]tree.Tree, path string) error {`
			`return func(monitor mntr.Monitor, gitClient git.Client, trees map[string]tree.Tree, path string) error {`
			`operator := ""`
			`if strings.HasPrefix(path, zitadel) {`
			`operator = zitadel`
			`} else if strings.HasPrefix(path, database) {`
			`operator = database`
			`} else {`
			`return errors.New("Operator unknown")`
			`}`

			`desired, found := trees[operator]`
			`if !found {`
			`return errors.New("Operator file not found")`
			`}`

			`if operator == zitadel {`
			`return api.PushZitadelDesiredFunc(gitClient, desired)(monitor)`
			`} else if operator == database {`
			`return api.PushDatabaseDesiredFunc(gitClient, desired)(monitor)`
			`}`
			`return errors.New("Operator push function unknown")`
			`}`
			`}`