From 56420bb94541f3e87f6f5cb292725bc62774a866 Mon Sep 17 00:00:00 2001 From: Rafael Gomes Date: Fri, 10 May 2024 05:00:37 -0300 Subject: [PATCH] Update templates naming (#159) * chore: rename 'gvc' templates to 'app' and add identity * chore: add secrets policy to 'secrets' templates * feat: add option to set custom name for secrets and secrets policy * docs: update CHANGELOG.md * remove empty file --- CHANGELOG.md | 4 ++ CONTRIBUTING.md | 7 ++++ README.md | 39 ++++++++++++------- docs/commands.md | 2 +- docs/migrating.md | 12 +++--- docs/tips.md | 24 ++++++------ examples/controlplane.yml | 29 ++++++++++---- lib/command/apply_template.rb | 4 +- lib/command/base.rb | 4 +- lib/command/setup_app.rb | 5 ++- .../templates/{gvc.yml => app.yml} | 0 spec/command/apply_template_spec.rb | 18 ++++----- spec/command/build_image_spec.rb | 2 +- spec/command/cleanup_images_spec.rb | 6 +-- spec/command/cleanup_stale_apps_spec.rb | 12 +++--- spec/command/copy_image_from_upstream_spec.rb | 8 ++-- spec/command/delete_spec.rb | 8 ++-- spec/command/deploy_image_spec.rb | 4 +- spec/command/maintenance_set_page_spec.rb | 2 +- .../command/promote_app_from_upstream_spec.rb | 12 +++--- spec/command/run_spec.rb | 4 +- spec/command/setup_app_spec.rb | 21 +++++++++- spec/dummy/.controlplane/controlplane.yml | 20 +++++----- ...riables.yml => app-with-all-variables.yml} | 0 ....yml => app-with-deprecated-variables.yml} | 0 ...-identity.yml => app-without-identity.yml} | 0 .../templates/{gvc.yml => app.yml} | 0 .../templates/secrets-with-custom-names.yml | 10 +++++ .../{secrets-policy.yml => secrets.yml} | 5 +++ spec/support/command_helpers.rb | 5 ++- templates/{gvc.yml => app.yml} | 5 +++ templates/identity.yml | 3 -- templates/secrets-policy.yml | 4 -- templates/secrets.yml | 8 ++++ 34 files changed, 186 insertions(+), 101 deletions(-) rename lib/generator_templates/templates/{gvc.yml => app.yml} (100%) rename spec/dummy/.controlplane/templates/{gvc-with-all-variables.yml => app-with-all-variables.yml} (100%) rename spec/dummy/.controlplane/templates/{gvc-with-deprecated-variables.yml => app-with-deprecated-variables.yml} (100%) rename spec/dummy/.controlplane/templates/{gvc-without-identity.yml => app-without-identity.yml} (100%) rename spec/dummy/.controlplane/templates/{gvc.yml => app.yml} (100%) create mode 100644 spec/dummy/.controlplane/templates/secrets-with-custom-names.yml rename spec/dummy/.controlplane/templates/{secrets-policy.yml => secrets.yml} (61%) rename templates/{gvc.yml => app.yml} (82%) delete mode 100644 templates/identity.yml delete mode 100644 templates/secrets-policy.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 08a2ad5d..677b5dbd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,10 @@ Changes since the last non-beta release. _Please add entries here for your pull requests that are not yet released._ +### Added + +- Added option to set custom names for secrets and secrets policy, using `secrets_name` and `secrets_policy_name` in `controlplane.yml`. [PR 159](https://github.com/shakacode/heroku-to-control-plane/pull/159) by [Rafael Gomes](https://github.com/rafaelgomesxyz). + ### Changed - `deploy-image` command now raises an error if image does not exist. [PR 153](https://github.com/shakacode/heroku-to-control-plane/pull/153) by [Rafael Gomes](https://github.com/rafaelgomesxyz). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 619d44cf..0146c5a9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -35,6 +35,13 @@ We use real apps for the tests. You'll need to have full access to a Control Pla CPLN_ORG=your-org-for-tests bundle exec rspec ``` +Alternatively, you might have a `.envrc` file with: + +```sh +export CPLN_ORG=shakacode-heroku-to-control-plane-ci +export RSPEC_RETRY_RETRY_COUNT=1 +``` + Tests are separated between fast and slow. Slow tests can take a long time and usually involve building / deploying images and waiting for workloads to be ready / not ready, so they should only be run once in a while. If you add a slow test, tag it with `slow`. Tests without a `slow` tag are considered fast by default. diff --git a/README.md b/README.md index 1b4ce01c..3c613b2c 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ The `cpl` gem is based on several configuration files within a `/.controlplane` ``` .controlplane/ ├─ templates/ -│ ├─ gvc.yml +│ ├─ app.yml │ ├─ postgres.yml │ ├─ rails.yml ├─ controlplane.yml @@ -154,8 +154,8 @@ The `cpl` gem is based on several configuration files within a `/.controlplane` 1. `controlplane.yml` describes the overall application. Be sure to have `` as the value for `aliases.common.cpln_org`, or set it with the `CPLN_ORG` environment variable. 2. `Dockerfile` builds the production application. `entrypoint.sh` is an _example_ entrypoint script for the production application, referenced in your Dockerfile. 3. `templates` directory contains the templates for the various workloads, such as `rails.yml` and `postgres.yml`. -4. `templates/gvc.yml` defines your project's GVC (like a Heroku app). More importantly, it contains ENV values for the app. -5. `templates/rails.yml` defines your Rails workload. It may inherit ENV values from the parent GVC, which is populated from the `templates/gvc.yml`. This file also configures scaling, sizing, firewalls, and other workload-specific values. +4. `templates/app.yml` defines your project's GVC (like a Heroku app). More importantly, it contains ENV values for the app. +5. `templates/rails.yml` defines your Rails workload. It may inherit ENV values from the parent GVC, which is populated from the `templates/app.yml`. This file also configures scaling, sizing, firewalls, and other workload-specific values. 6. For other workloads (like lines in a Heroku `Procfile`), you create additional template files. For example, you can base a `templates/sidekiq.yml` on the `templates/rails.yml` file. 7. You can have other files in the `templates` directory, such as `redis.yml` and `postgres.yml`, which could setup Redis and Postgres for a testing application. @@ -189,27 +189,40 @@ aliases: default_location: aws-us-east-2 # Allows running the command `cpl setup-app` - # instead of `cpl apply-template gvc redis postgres memcached rails sidekiq`. + # instead of `cpl apply-template app redis postgres memcached rails sidekiq`. # # Note: # 1. These names correspond to files in the `./controlplane/templates` directory. # 2. Each file can contain many objects, such as in the case of templates that create a resource, like `postgres`. # 3. While the naming often corresponds to a workload or other object name, the naming is arbitrary. # Naming does not need to match anything other than the file name without the `.yml` extension. + # + # If you're going to use secrets, you need to apply the `secrets.yml` template separately (one-time setup): + # `cpl apply-template secrets -a my-app` setup_app_templates: - - gvc - - # These templates are only required if using secrets. - - identity - - secrets - - secrets-policy - + - app - redis - postgres - memcached - rails - sidekiq + # Only needed if using a custom secrets name. + # The default is '{APP_PREFIX}-secrets'. For example: + # - for an app 'my-app-staging' with `match_if_app_name_starts_with` set to `false`, + # it would be 'my-app-staging-secrets' + # - for an app 'my-app-review-1234' with `match_if_app_name_starts_with` set to `true`, + # it would be 'my-app-review-secrets' + secrets_name: my-secrets + + # Only needed if using a custom secrets policy name. + # The default is '{APP_SECRETS}-policy'. For example: + # - for an app 'my-app-staging' with `match_if_app_name_starts_with` set to `false`, + # it would be 'my-app-staging-secrets-policy' + # - for an app 'my-app-review-1234' with `match_if_app_name_starts_with` set to `true`, + # it would be 'my-app-review-secrets-policy' + secrets_policy_name: my-secrets-policy + # Configure the workload name used as a template for one-off scripts, like a Heroku one-off dyno. one_off_workload: rails @@ -303,7 +316,7 @@ Suppose your app is called `tutorial-app`. You can run the following commands. ```sh # Provision all infrastructure on Control Plane. # `tutorial-app` will be created per definition in .controlplane/controlplane.yml. -cpl apply-template gvc postgres redis rails daily-task -a tutorial-app +cpl apply-template app postgres redis rails daily-task -a tutorial-app # Build and push the Docker image to the Control Plane repository. # Note, it may take many minutes. Be patient. @@ -370,7 +383,7 @@ It is also possible to set up a Secret store (of type `Dictionary`), which we ca `cpln://secret/MY_SECRET_STORE_NAME/MY_SECRET_VAR_NAME`. In such a case, we must set up an app Identity and proper Policy to access the secret. -In `templates/gvc.yml`: +In `templates/app.yml`: ```yaml spec: diff --git a/docs/commands.md b/docs/commands.md index ddd81f65..256b3ce3 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -36,7 +36,7 @@ This `-a` option is used in most of the commands and will pick all other app con cpl apply-template redis -a $APP_NAME # Applies several templates (practically creating full app). -cpl apply-template gvc postgres redis rails -a $APP_NAME +cpl apply-template app postgres redis rails -a $APP_NAME ``` ### `build-image` diff --git a/docs/migrating.md b/docs/migrating.md index 85907e75..6b0da9e0 100644 --- a/docs/migrating.md +++ b/docs/migrating.md @@ -36,7 +36,7 @@ key, e.g.: my-app-staging: <<: *common setup_app_templates: - - gvc + - app - redis - memcached - rails @@ -46,8 +46,8 @@ my-app-staging: Note how the templates correspond to files in the `.controlplane/templates/` directory. These files will be used by the `cpl setup-app` and `cpl apply-template` commands. -Ensure that env vars point to the Heroku add-ons in the template for the app (`.controlplane/templates/gvc.yml`). See -[this example](https://github.com/shakacode/react-webpack-rails-tutorial/blob/master/.controlplane/templates/gvc.yml). +Ensure that env vars point to the Heroku add-ons in the template for the app (`.controlplane/templates/app.yml`). See +[this example](https://github.com/shakacode/react-webpack-rails-tutorial/blob/master/.controlplane/templates/app.yml). After that, create a Dockerfile in `.controlplane/Dockerfile` for your deployment. See [this example](https://github.com/shakacode/react-webpack-rails-tutorial/blob/master/.controlplane/Dockerfile). @@ -61,7 +61,7 @@ app_main_folder/ controlplane.yml entrypoint.sh # App-specific - edit as needed. templates/ - gvc.yml + app.yml memcached.yml rails.yml redis.yml @@ -192,7 +192,7 @@ configure an entry for, e.g., `my-app-review`, and then create review apps start <<: *common match_if_app_name_starts_with: true setup_app_templates: - - gvc + - app - redis - memcached - rails @@ -226,7 +226,7 @@ Then follow the same steps for the initial deployment or code upgrades. ### Database for Review Apps For the review app resources, these should be handled as env vars in the template for the app -(`.controlplane/templates/gvc.yml`), .e.g.: +(`.controlplane/templates/app.yml`), .e.g.: ```yaml - name: DATABASE_URL diff --git a/docs/tips.md b/docs/tips.md index 1f47b26f..a6584ab2 100644 --- a/docs/tips.md +++ b/docs/tips.md @@ -87,17 +87,19 @@ level, which applies to your GVCs mapped to that org. You can do this during the initial app setup, like this: -1. Add the templates for `identity`, `secrets` and `secrets-policy` to `.controlplane/templates` -2. Ensure that the templates are listed in `setup_app_templates` for the app in `.controlplane/controlplane.yml` -3. Run `cpl setup-app -a $APP_NAME` -4. The identity, secrets and secrets policy will be automatically created, along with the proper binding -5. In the upper left "Manage Org" menu, click on "Secrets" -6. Find the created secret (it will be in the `$APP_PREFIX-secrets` format) and add the secret env vars there -7. Use `cpln://secret/...` in the app to access the secret env vars (e.g., `cpln://secret/$APP_PREFIX-secrets.SOME_VAR`) - -You can also do it manually after. Here is how you do this: - -1. In the upper left "Manage Org" menu, click on "Secrets" +1. Add the templates for `app` and `secrets` to `.controlplane/templates` +2. Ensure that the `app` template includes the `identity` +3. Ensure that the `app` template is listed in `setup_app_templates` for the app in `.controlplane/controlplane.yml` +4. Run `cpl apply-template secrets -a $APP_NAME` (one-time setup) +5. Run `cpl setup-app -a $APP_NAME` +6. The secrets, secrets policy and identity will be automatically created, along with the proper binding +7. In the Control Plane console, upper left "Manage Org" menu, click on "Secrets" +8. Find the created secret (it will be in the `$APP_PREFIX-secrets` format) and add the secret env vars there +9. Use `cpln://secret/...` in the app to access the secret env vars (e.g., `cpln://secret/$APP_PREFIX-secrets.SOME_VAR`) + +Here are the manual steps for reference. We recommend that you follow the steps above: + +1. In the upper left of the Control Plane console, "Manage Org" menu, click on "Secrets" 2. Create a secret with `Secret Type: Dictionary` (e.g., `my-secrets`) and add the secret env vars there 3. In the upper left "Manage GVC" menu, click on "Identities" 4. Create an identity (e.g., `my-identity`) diff --git a/examples/controlplane.yml b/examples/controlplane.yml index d534971b..a5d413e6 100644 --- a/examples/controlplane.yml +++ b/examples/controlplane.yml @@ -24,27 +24,40 @@ aliases: default_location: aws-us-east-2 # Allows running the command `cpl setup-app` - # instead of `cpl apply-template gvc redis postgres memcached rails sidekiq`. + # instead of `cpl apply-template app redis postgres memcached rails sidekiq`. # # Note: # 1. These names correspond to files in the `./controlplane/templates` directory. # 2. Each file can contain many objects, such as in the case of templates that create a resource, like `postgres`. # 3. While the naming often corresponds to a workload or other object name, the naming is arbitrary. # Naming does not need to match anything other than the file name without the `.yml` extension. + # + # If you're going to use secrets, you need to apply the `secrets.yml` template separately (one-time setup): + # `cpl apply-template secrets -a my-app` setup_app_templates: - - gvc - - # These templates are only required if using secrets. - - identity - - secrets - - secrets-policy - + - app - redis - postgres - memcached - rails - sidekiq + # Only needed if using a custom secrets name. + # The default is '{APP_PREFIX}-secrets'. For example: + # - for an app 'my-app-staging' with `match_if_app_name_starts_with` set to `false`, + # it would be 'my-app-staging-secrets' + # - for an app 'my-app-review-1234' with `match_if_app_name_starts_with` set to `true`, + # it would be 'my-app-review-secrets' + secrets_name: my-secrets + + # Only needed if using a custom secrets policy name. + # The default is '{APP_SECRETS}-policy'. For example: + # - for an app 'my-app-staging' with `match_if_app_name_starts_with` set to `false`, + # it would be 'my-app-staging-secrets-policy' + # - for an app 'my-app-review-1234' with `match_if_app_name_starts_with` set to `true`, + # it would be 'my-app-review-secrets-policy' + secrets_policy_name: my-secrets-policy + # Configure the workload name used as a template for one-off scripts, like a Heroku one-off dyno. one_off_workload: rails diff --git a/lib/command/apply_template.rb b/lib/command/apply_template.rb index a937fbd9..88e94390 100644 --- a/lib/command/apply_template.rb +++ b/lib/command/apply_template.rb @@ -36,7 +36,7 @@ class ApplyTemplate < Base # rubocop:disable Metrics/ClassLength cpl apply-template redis -a $APP_NAME # Applies several templates (practically creating full app). - cpl apply-template gvc postgres redis rails -a $APP_NAME + cpl apply-template app postgres redis rails -a $APP_NAME ``` EX @@ -50,7 +50,7 @@ def call # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength, M @asked_for_confirmation = false pending_templates = templates.select do |template| - if template == "gvc" + if template == "app" confirm_app(template) else confirm_workload(template) diff --git a/lib/command/base.rb b/lib/command/base.rb index 760f4fb5..0fa90e07 100644 --- a/lib/command/base.rb +++ b/lib/command/base.rb @@ -503,11 +503,11 @@ def app_identity_link end def app_secrets - "#{config.app_prefix}-secrets" + config.current[:secrets_name] || "#{config.app_prefix}-secrets" end def app_secrets_policy - "#{app_secrets}-policy" + config.current[:secrets_policy_name] || "#{app_secrets}-policy" end def ensure_docker_running! diff --git a/lib/command/setup_app.rb b/lib/command/setup_app.rb index 0041753e..c7e6e4cc 100644 --- a/lib/command/setup_app.rb +++ b/lib/command/setup_app.rb @@ -35,7 +35,10 @@ def call # rubocop:disable Metrics/MethodLength if cp.fetch_identity(app_identity).nil? || cp.fetch_policy(app_secrets_policy).nil? raise "Can't bind identity to policy: identity '#{app_identity}' or " \ "policy '#{app_secrets_policy}' doesn't exist. " \ - "Please create them or use `--skip-secret-access-binding` to ignore this message." + "Please create them or use `--skip-secret-access-binding` to ignore this message." \ + "You can also set a custom secrets name with `secrets_name` " \ + "and a custom secrets policy name with `secrets_policy_name` " \ + "in the `.controlplane/controlplane.yml` file." end step("Binding identity to policy") do diff --git a/lib/generator_templates/templates/gvc.yml b/lib/generator_templates/templates/app.yml similarity index 100% rename from lib/generator_templates/templates/gvc.yml rename to lib/generator_templates/templates/app.yml diff --git a/spec/command/apply_template_spec.rb b/spec/command/apply_template_spec.rb index 3f137361..37627c71 100644 --- a/spec/command/apply_template_spec.rb +++ b/spec/command/apply_template_spec.rb @@ -7,7 +7,7 @@ let!(:app) { dummy_test_app } it "raises error" do - result = run_cpl_command("apply-template", "gvc", "rails", "nonexistent", "-a", app) + result = run_cpl_command("apply-template", "app", "rails", "nonexistent", "-a", app) expect(result[:status]).not_to eq(0) expect(result[:stderr]).to include("Missing templates") @@ -23,7 +23,7 @@ end it "applies valid templates" do - result = run_cpl_command("apply-template", "gvc", "rails", "-a", app) + result = run_cpl_command("apply-template", "app", "rails", "-a", app) expect(result[:status]).to eq(0) expect(result[:stderr]).to include("Created items") @@ -41,7 +41,7 @@ end it "applies valid templates and fails to apply invalid templates" do - result = run_cpl_command("apply-template", "gvc", "invalid", "rails", "-a", app) + result = run_cpl_command("apply-template", "app", "invalid", "rails", "-a", app) expect(result[:status]).not_to eq(0) expect(result[:stderr]).to include("Created items") @@ -53,7 +53,7 @@ end it "replaces all variables correctly" do - apply_result = run_cpl_command("apply-template", "gvc-with-all-variables", "-a", app) + apply_result = run_cpl_command("apply-template", "app-with-all-variables", "-a", app) env_result = run_cpl_command("env", "-a", app) org = dummy_test_org @@ -77,7 +77,7 @@ end it "replaces deprecated variables correctly and warns about them" do - apply_result = run_cpl_command("apply-template", "gvc-with-deprecated-variables", "-a", app) + apply_result = run_cpl_command("apply-template", "app-with-deprecated-variables", "-a", app) env_result = run_cpl_command("env", "-a", app) org = dummy_test_org @@ -103,18 +103,18 @@ it "asks for confirmation and does nothing" do allow(Shell).to receive(:confirm).with(include("App '#{app}' already exists")).and_return(false) - result = run_cpl_command("apply-template", "gvc", "-a", app) + result = run_cpl_command("apply-template", "app", "-a", app) expect(Shell).to have_received(:confirm).once expect(result[:status]).to eq(0) expect(result[:stderr]).to include("Skipped templates") - expect(result[:stderr]).to include("- gvc") + expect(result[:stderr]).to include("- app") end it "asks for confirmation and re-creates app" do allow(Shell).to receive(:confirm).with(include("App '#{app}' already exists")).and_return(true) - result = run_cpl_command("apply-template", "gvc", "-a", app) + result = run_cpl_command("apply-template", "app", "-a", app) expect(Shell).to have_received(:confirm).once expect(result[:status]).to eq(0) @@ -125,7 +125,7 @@ it "skips confirmation and re-creates app" do allow(Shell).to receive(:confirm).and_return(false) - result = run_cpl_command("apply-template", "gvc", "-a", app, "--yes") + result = run_cpl_command("apply-template", "app", "-a", app, "--yes") expect(Shell).not_to have_received(:confirm) expect(result[:status]).to eq(0) diff --git a/spec/command/build_image_spec.rb b/spec/command/build_image_spec.rb index fded24b3..ef90e84b 100644 --- a/spec/command/build_image_spec.rb +++ b/spec/command/build_image_spec.rb @@ -44,7 +44,7 @@ let!(:app) { dummy_test_app } before do - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", app) end after do diff --git a/spec/command/cleanup_images_spec.rb b/spec/command/cleanup_images_spec.rb index 4f1f85f4..7ce42ee4 100644 --- a/spec/command/cleanup_images_spec.rb +++ b/spec/command/cleanup_images_spec.rb @@ -49,7 +49,7 @@ let!(:app) { dummy_test_app } before do - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", app) run_cpl_command!("build-image", "-a", app) # app:1 run_cpl_command!("build-image", "-a", app) # app:2 end @@ -99,7 +99,7 @@ let!(:app) { dummy_test_app("with-image-retention-max-qty") } before do - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", app) end after do @@ -131,7 +131,7 @@ let!(:app) { dummy_test_app("with-image-retention-days") } before do - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", app) end after do diff --git a/spec/command/cleanup_stale_apps_spec.rb b/spec/command/cleanup_stale_apps_spec.rb index 5972453a..ee5896ca 100644 --- a/spec/command/cleanup_stale_apps_spec.rb +++ b/spec/command/cleanup_stale_apps_spec.rb @@ -32,8 +32,8 @@ let!(:app2) { dummy_test_app("with-stale-app-image-deployed-days") } before do - run_cpl_command!("apply-template", "gvc", "-a", app1) - run_cpl_command!("apply-template", "gvc", "-a", app2) + run_cpl_command!("apply-template", "app", "-a", app1) + run_cpl_command!("apply-template", "app", "-a", app2) run_cpl_command!("build-image", "-a", app1) run_cpl_command!("build-image", "-a", app2) end @@ -93,10 +93,10 @@ let!(:app4) { dummy_test_app("with-stale-app-image-deployed-days") } before do - run_cpl_command!("apply-template", "gvc", "-a", app1) - run_cpl_command!("apply-template", "gvc", "-a", app2) - run_cpl_command!("apply-template", "gvc", "-a", app3) - run_cpl_command!("apply-template", "gvc", "-a", app4) + run_cpl_command!("apply-template", "app", "-a", app1) + run_cpl_command!("apply-template", "app", "-a", app2) + run_cpl_command!("apply-template", "app", "-a", app3) + run_cpl_command!("apply-template", "app", "-a", app4) end after do diff --git a/spec/command/copy_image_from_upstream_spec.rb b/spec/command/copy_image_from_upstream_spec.rb index 07276601..59b818fb 100644 --- a/spec/command/copy_image_from_upstream_spec.rb +++ b/spec/command/copy_image_from_upstream_spec.rb @@ -65,8 +65,8 @@ # Ideally, we should have a different org, but for testing purposes, this works ENV["CPLN_ORG_UPSTREAM"] = dummy_test_org - run_cpl_command!("apply-template", "gvc", "-a", upstream_app) - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", upstream_app) + run_cpl_command!("apply-template", "app", "-a", app) end after do @@ -96,8 +96,8 @@ # Ideally, we should have a different org, but for testing purposes, this works ENV["CPLN_ORG_UPSTREAM"] = dummy_test_org - run_cpl_command!("apply-template", "gvc", "-a", upstream_app) - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", upstream_app) + run_cpl_command!("apply-template", "app", "-a", app) end after do diff --git a/spec/command/delete_spec.rb b/spec/command/delete_spec.rb index 29fcfbf1..4786edfc 100644 --- a/spec/command/delete_spec.rb +++ b/spec/command/delete_spec.rb @@ -18,7 +18,7 @@ let!(:app) { dummy_test_app } before do - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", app) end after do @@ -66,7 +66,7 @@ let!(:app) { dummy_test_app } before do - run_cpl_command!("apply-template", "gvc", "rails", "postgres-with-volume", "detached-volume", "-a", app) + run_cpl_command!("apply-template", "app", "rails", "postgres-with-volume", "detached-volume", "-a", app) run_cpl_command!("build-image", "-a", app) end @@ -92,7 +92,7 @@ let!(:app) { dummy_test_app } before do - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", app) end after do @@ -111,7 +111,7 @@ let!(:app) { dummy_test_app } before do - run_cpl_command!("apply-template", "gvc", "rails", "-a", app) + run_cpl_command!("apply-template", "app", "rails", "-a", app) end after do diff --git a/spec/command/deploy_image_spec.rb b/spec/command/deploy_image_spec.rb index 88d51219..455766e2 100644 --- a/spec/command/deploy_image_spec.rb +++ b/spec/command/deploy_image_spec.rb @@ -18,7 +18,7 @@ let!(:app) { dummy_test_app } before do - run_cpl_command!("apply-template", "gvc", "-a", app) + run_cpl_command!("apply-template", "app", "-a", app) run_cpl_command!("build-image", "-a", app) end @@ -77,7 +77,7 @@ allow(Kernel).to receive(:sleep) - run_cpl_command!("apply-template", "gvc", "rails", "postgres", "-a", app) + run_cpl_command!("apply-template", "app", "rails", "postgres", "-a", app) run_cpl_command!("build-image", "-a", app) run_cpl_command!("ps:start", "-a", app, "--workload", "postgres", "--wait") end diff --git a/spec/command/maintenance_set_page_spec.rb b/spec/command/maintenance_set_page_spec.rb index b28ebe6b..36c6607a 100644 --- a/spec/command/maintenance_set_page_spec.rb +++ b/spec/command/maintenance_set_page_spec.rb @@ -20,7 +20,7 @@ let!(:app) { dummy_test_app("with-external-maintenance-image") } before do - run_cpl_command!("apply-template", "gvc", "maintenance-with-external-image", "-a", app) + run_cpl_command!("apply-template", "app", "maintenance-with-external-image", "-a", app) end after do diff --git a/spec/command/promote_app_from_upstream_spec.rb b/spec/command/promote_app_from_upstream_spec.rb index 4ca4fcae..dc55f3e0 100644 --- a/spec/command/promote_app_from_upstream_spec.rb +++ b/spec/command/promote_app_from_upstream_spec.rb @@ -13,8 +13,8 @@ # Ideally, we should have a different org, but for testing purposes, this works ENV["CPLN_ORG_UPSTREAM"] = dummy_test_org - run_cpl_command!("apply-template", "gvc", "-a", upstream_app) - run_cpl_command!("apply-template", "gvc", "rails", "-a", app) + run_cpl_command!("apply-template", "app", "-a", upstream_app) + run_cpl_command!("apply-template", "app", "rails", "-a", app) run_cpl_command!("build-image", "-a", upstream_app) end @@ -45,8 +45,8 @@ ENV["CPLN_ORG_UPSTREAM"] = dummy_test_org ENV["APP_NAME"] = app - run_cpl_command!("apply-template", "gvc", "-a", upstream_app) - run_cpl_command!("apply-template", "gvc", "rails", "postgres", "-a", app) + run_cpl_command!("apply-template", "app", "-a", upstream_app) + run_cpl_command!("apply-template", "app", "rails", "postgres", "-a", app) run_cpl_command!("build-image", "-a", upstream_app) run_cpl_command!("ps:start", "-a", app, "--workload", "postgres", "--wait") end @@ -82,8 +82,8 @@ ENV["CPLN_ORG_UPSTREAM"] = dummy_test_org ENV["APP_NAME"] = app - run_cpl_command!("apply-template", "gvc", "-a", upstream_app) - run_cpl_command!("apply-template", "gvc", "rails", "postgres", "-a", app) + run_cpl_command!("apply-template", "app", "-a", upstream_app) + run_cpl_command!("apply-template", "app", "rails", "postgres", "-a", app) run_cpl_command!("build-image", "-a", upstream_app) run_cpl_command!("ps:start", "-a", app, "--workload", "postgres", "--wait") end diff --git a/spec/command/run_spec.rb b/spec/command/run_spec.rb index ff68e74f..bdc272eb 100644 --- a/spec/command/run_spec.rb +++ b/spec/command/run_spec.rb @@ -41,7 +41,7 @@ let!(:app) { dummy_test_app("with-fix-terminal-size") } before do - run_cpl_command!("apply-template", "gvc", "rails", "-a", app) + run_cpl_command!("apply-template", "app", "rails", "-a", app) run_cpl_command!("build-image", "-a", app) run_cpl_command!("deploy-image", "-a", app) end @@ -114,7 +114,7 @@ let!(:cmd) { "'echo $CPLN_IMAGE'" } before do - run_cpl_command!("apply-template", "gvc", "rails", "-a", app) + run_cpl_command!("apply-template", "app", "rails", "-a", app) run_cpl_command!("build-image", "-a", app) run_cpl_command!("deploy-image", "-a", app) run_cpl_command!("build-image", "-a", app) diff --git a/spec/command/setup_app_spec.rb b/spec/command/setup_app_spec.rb index f517261f..20a09f07 100644 --- a/spec/command/setup_app_spec.rb +++ b/spec/command/setup_app_spec.rb @@ -64,7 +64,26 @@ let!(:app) { dummy_test_app } before do - run_cpl_command!("apply-template", "secrets-policy", "-a", app) + run_cpl_command!("apply-template", "secrets", "-a", app) + end + + after do + run_cpl_command!("delete", "-a", app, "--yes") + end + + it "binds identity to policy" do + result = run_cpl_command("setup-app", "-a", app) + + expect(result[:status]).to eq(0) + expect(result[:stderr]).to match(/Binding identity to policy[.]+? done!/) + end + end + + context "when using custom names for secrets" do + let!(:app) { dummy_test_app } + + before do + run_cpl_command!("apply-template", "secrets-with-custom-names", "-a", app) end after do diff --git a/spec/dummy/.controlplane/controlplane.yml b/spec/dummy/.controlplane/controlplane.yml index 2dbf3579..dd20c09b 100644 --- a/spec/dummy/.controlplane/controlplane.yml +++ b/spec/dummy/.controlplane/controlplane.yml @@ -23,7 +23,7 @@ apps: default_domain: cpl.rafaelgomes.xyz maintenance_workload: maintenance setup_app_templates: - - gvc + - app - rails - postgres @@ -38,14 +38,14 @@ apps: match_if_app_name_starts_with: true default_domain: cpl.rafaelgomes.xyz setup_app_templates: - - gvc + - app dummy-test-with-rails: <<: *common match_if_app_name_starts_with: true setup_app_templates: - - gvc + - app - rails dummy-test-full: @@ -54,7 +54,7 @@ apps: match_if_app_name_starts_with: true default_domain: cpl.rafaelgomes.xyz setup_app_templates: - - gvc + - app - rails - postgres - maintenance @@ -78,7 +78,7 @@ apps: image_retention_max_qty: 3 image_retention_days: 30 setup_app_templates: - - gvc + - app dummy-test-with-image-retention-max-qty: <<: *common @@ -119,7 +119,7 @@ apps: - rails - rails-with-non-app-image setup_app_templates: - - gvc + - app - rails - postgres - rails-with-non-app-image @@ -154,7 +154,7 @@ apps: match_if_app_name_starts_with: true setup_app_templates: - - gvc-without-identity + - app-without-identity dummy-test-info: <<: *common @@ -166,7 +166,7 @@ apps: match_if_app_name_starts_with: true setup_app_templates: - - gvc + - app - rails - postgres @@ -180,7 +180,7 @@ apps: match_if_app_name_starts_with: true setup_app_templates: - - gvc + - app - rails dummy-test-info-with-extra-workloads: @@ -188,7 +188,7 @@ apps: match_if_app_name_starts_with: true setup_app_templates: - - gvc + - app - rails - postgres - rails-with-non-app-image diff --git a/spec/dummy/.controlplane/templates/gvc-with-all-variables.yml b/spec/dummy/.controlplane/templates/app-with-all-variables.yml similarity index 100% rename from spec/dummy/.controlplane/templates/gvc-with-all-variables.yml rename to spec/dummy/.controlplane/templates/app-with-all-variables.yml diff --git a/spec/dummy/.controlplane/templates/gvc-with-deprecated-variables.yml b/spec/dummy/.controlplane/templates/app-with-deprecated-variables.yml similarity index 100% rename from spec/dummy/.controlplane/templates/gvc-with-deprecated-variables.yml rename to spec/dummy/.controlplane/templates/app-with-deprecated-variables.yml diff --git a/spec/dummy/.controlplane/templates/gvc-without-identity.yml b/spec/dummy/.controlplane/templates/app-without-identity.yml similarity index 100% rename from spec/dummy/.controlplane/templates/gvc-without-identity.yml rename to spec/dummy/.controlplane/templates/app-without-identity.yml diff --git a/spec/dummy/.controlplane/templates/gvc.yml b/spec/dummy/.controlplane/templates/app.yml similarity index 100% rename from spec/dummy/.controlplane/templates/gvc.yml rename to spec/dummy/.controlplane/templates/app.yml diff --git a/spec/dummy/.controlplane/templates/secrets-with-custom-names.yml b/spec/dummy/.controlplane/templates/secrets-with-custom-names.yml new file mode 100644 index 00000000..7030ea02 --- /dev/null +++ b/spec/dummy/.controlplane/templates/secrets-with-custom-names.yml @@ -0,0 +1,10 @@ +kind: secret +name: custom-secrets +type: dictionary +data: {} +--- +kind: policy +name: custom-policy +targetKind: secret +targetLinks: + - //secret/{{APP_SECRETS}} diff --git a/spec/dummy/.controlplane/templates/secrets-policy.yml b/spec/dummy/.controlplane/templates/secrets.yml similarity index 61% rename from spec/dummy/.controlplane/templates/secrets-policy.yml rename to spec/dummy/.controlplane/templates/secrets.yml index 9e85bac8..6fbaeb8e 100644 --- a/spec/dummy/.controlplane/templates/secrets-policy.yml +++ b/spec/dummy/.controlplane/templates/secrets.yml @@ -1,3 +1,8 @@ +kind: secret +name: {{APP_SECRETS}} +type: dictionary +data: {} +--- kind: policy name: {{APP_SECRETS_POLICY}} targetKind: secret diff --git a/spec/support/command_helpers.rb b/spec/support/command_helpers.rb index db8cb717..84f856bd 100644 --- a/spec/support/command_helpers.rb +++ b/spec/support/command_helpers.rb @@ -124,7 +124,10 @@ def run_cpl_command(*args, raise_errors: false) # rubocop:disable Metrics/Method LogHelpers.write_command_result_to_log(result) - raise result.to_json if result[:status].nonzero? && raise_errors + if result[:status].nonzero? && raise_errors + cmd = args.join(" ") + raise "Command '#{cmd}' failed: #{result.to_json}" + end result end diff --git a/templates/gvc.yml b/templates/app.yml similarity index 82% rename from templates/gvc.yml rename to templates/app.yml index bd2a75d1..32f9a06c 100644 --- a/templates/gvc.yml +++ b/templates/app.yml @@ -11,3 +11,8 @@ spec: staticPlacement: locationLinks: - {{APP_LOCATION_LINK}} +--- +# Identity is needed to access secrets +kind: identity +name: {{APP_IDENTITY}} + diff --git a/templates/identity.yml b/templates/identity.yml deleted file mode 100644 index 746d8e5b..00000000 --- a/templates/identity.yml +++ /dev/null @@ -1,3 +0,0 @@ -# Identity is needed to access secrets -kind: identity -name: {{APP_IDENTITY}} diff --git a/templates/secrets-policy.yml b/templates/secrets-policy.yml deleted file mode 100644 index 35bdd886..00000000 --- a/templates/secrets-policy.yml +++ /dev/null @@ -1,4 +0,0 @@ -# Policy is needed to allow identities to access secrets -kind: policy -name: {{APP_SECRETS_POLICY}} -targetKind: secret diff --git a/templates/secrets.yml b/templates/secrets.yml index 3895db16..53ef3c36 100644 --- a/templates/secrets.yml +++ b/templates/secrets.yml @@ -1,3 +1,11 @@ kind: secret name: {{APP_SECRETS}} type: dictionary +data: {} +--- +# Policy is needed to allow identities to access secrets +kind: policy +name: {{APP_SECRETS_POLICY}} +targetKind: secret +targetLinks: + - //secret/{{APP_SECRETS}}