Skip to content

Commit

Permalink
Create Sparkplug Address entry for cluster Group (#19)
Browse files Browse the repository at this point in the history
Associate a Sparkplug Group with each cluster. Create a Sparkplug
Address entry giving just the `group_id`.
  • Loading branch information
amrc-benmorrow authored Feb 21, 2024
2 parents e04e7dc + 01773a5 commit 6632965
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 8 deletions.
10 changes: 10 additions & 0 deletions dumps/clusters-auth.json
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,11 @@
"permission": "4a339562-cd57-408d-9d1a-6529a383ea4b",
"target": "a807d8fc-63ff-48bb-85c7-82b93beb606e"
},
{
"principal": "26d192cf-73c1-4c14-93cf-1e63743bab08",
"permission": "4a339562-cd57-408d-9d1a-6529a383ea4b",
"target": "8e32801b-f35a-4cbf-a5c3-2af64d3debd7"
},
{
"principal": "26d192cf-73c1-4c14-93cf-1e63743bab08",
"permission": "6c799ccb-d2ad-4715-a2a7-3c8728d6c0bf",
Expand All @@ -87,6 +92,11 @@
"permission": "6c799ccb-d2ad-4715-a2a7-3c8728d6c0bf",
"target": "38d62a93-b6b4-4f63-bad4-d433e3eaff29"
},
{
"principal": "26d192cf-73c1-4c14-93cf-1e63743bab08",
"permission": "6c799ccb-d2ad-4715-a2a7-3c8728d6c0bf",
"target": "8e32801b-f35a-4cbf-a5c3-2af64d3debd7"
},
{
"principal": "26d192cf-73c1-4c14-93cf-1e63743bab08",
"permission": "f0b7917b-d475-4888-9d5a-2af96b3c26b6",
Expand Down
6 changes: 6 additions & 0 deletions dumps/clusters-auth.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,9 @@ aces:
- principal: !u E.Requirement.ServiceAccount
permission: !u FP.Permission.ConfigDB.ReadConfig
target: !u E.App.Bootstrap
- principal: !u E.Requirement.ServiceAccount
permission: !u FP.Permission.ConfigDB.ReadConfig
target: !u FP.App.SparkplugAddress

- principal: !u E.Requirement.ServiceAccount
permission: !u FP.Permission.ConfigDB.WriteConfig
Expand All @@ -76,6 +79,9 @@ aces:
- principal: !u E.Requirement.ServiceAccount
permission: !u FP.Permission.ConfigDB.WriteConfig
target: !u G.App.Config
- principal: !u E.Requirement.ServiceAccount
permission: !u FP.Permission.ConfigDB.WriteConfig
target: !u FP.App.SparkplugAddress

- principal: !u E.Requirement.ServiceAccount
permission: !u FP.Permission.ConfigDB.ManageObjects
Expand Down
39 changes: 33 additions & 6 deletions lib/actions.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import rx from "rxjs";
import yaml from "yaml";

import { UUIDs } from "@amrc-factoryplus/utilities";
import { UUIDs, ServiceError } from "@amrc-factoryplus/utilities";

import { Checkout } from "./checkout.js";
import { Git, Edge } from "./uuids.js";
Expand All @@ -24,6 +24,14 @@ Generated manifests are named 'SERVICE/SUBSYSTEM/*', where SERVICE will
normally be 'edo'.
`;

function svc_catch (...codes) {
return err => {
if (err instanceof ServiceError && codes.includes(err.status))
return;
throw err;
};
}

class Action {
constructor (op, uuid, status) {
this.op = op;
Expand All @@ -35,6 +43,7 @@ class Action {
this.auth = op.fplus.Auth;

this.config = op.config;
this.prefix = op.org_prefix;

this.log = op.fplus.debug.bound("cluster");
}
Expand Down Expand Up @@ -77,12 +86,22 @@ export class Update extends Action {

this.log("Setting up cluster %s (%s)", this.name(), uuid);
this.update({ spec: this.spec });
await this.address();
await this.accounts();
await this.repo();
this.update({ ready: true });
this.log("Cluster %s is ready", this.name());
}

async address () {
const { cdb, uuid, spec, prefix } = this;
const name = this.name();

const group_id = `${prefix}-${name}`;
this.log("Cluster %s uses Sparkplug group %s", uuid, group_id);
await cdb.put_config(UUIDs.App.SparkplugAddress, uuid, { group_id });
}

async accounts () {
const { auth, cdb, uuid, spec, status } = this;
const group = this.config.group;
Expand Down Expand Up @@ -178,20 +197,28 @@ export class Delete extends Action {
const { flux, krbkeys } = status;
if (flux) {
this.log("Removing op1flux/%s (%s)", name, flux);
await auth.delete_principal(flux);
await auth.delete_principal(flux)
.catch(svc_catch(404));
await auth.remove_from_group(group.flux.uuid, flux);
await auth.delete_ace(flux, Git.Perm.Pull, uuid);
await cdb.mark_object_deleted(flux);
await cdb.mark_object_deleted(flux)
.catch(svc_catch(404));
}
if (krbkeys) {
this.log("Removing op1krbkeys/%s (%s)", name, krbkeys);
await auth.delete_principal(krbkeys);
await auth.delete_principal(krbkeys)
.catch(svc_catch(404));
await auth.remove_from_group(group.krbkeys.uuid, krbkeys);
await cdb.mark_object_deleted(krbkeys);
await cdb.mark_object_deleted(krbkeys)
.catch(svc_catch(404));
}

this.log("Removing repo for %s", name);
await cdb.delete_config(Git.App.Config, uuid);
await cdb.delete_config(Git.App.Config, uuid)
.catch(svc_catch(404));
this.log("Removing Sparkplug group for %s", name);
await cdb.delete_config(UUIDs.App.SparkplugAddress, uuid)
.catch(svc_catch(404));
this.update(null);
this.log("Removed cluster %s (%s)", name, uuid);
}
Expand Down
3 changes: 2 additions & 1 deletion lib/app.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ export class App {
fplus,
krbkeys: env.KRBKEYS_IMAGE,
realm: env.REALM,
externalDomain: env.EXTERNAL_DOMAIN,
external_domain: env.EXTERNAL_DOMAIN,
org_prefix: env.ORGANISATION_PREFIX,
});

this.edge = new EdgeDeploy({
Expand Down
3 changes: 2 additions & 1 deletion lib/clusters.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ export class Clusters {
this.fplus = opts.fplus;
this.krbkeys = opts.krbkeys;
this.realm = opts.realm;
this.domain = opts.externalDomain;
this.domain = opts.external_domain;
this.org_prefix = opts.org_prefix;

this.log = this.fplus.debug.bound("edge");
this.cdb = this.fplus.ConfigDB;
Expand Down

0 comments on commit 6632965

Please sign in to comment.