From 3ce78231df3c44175737b1518294973391818cbf Mon Sep 17 00:00:00 2001 From: Ben Morrow Date: Fri, 9 Feb 2024 09:37:00 +0000 Subject: [PATCH 1/4] Pass in organisation prefix --- lib/app.js | 3 ++- lib/clusters.js | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/app.js b/lib/app.js index a4c182e..4a393c4 100644 --- a/lib/app.js +++ b/lib/app.js @@ -24,7 +24,8 @@ export class App { fplus, krbkeys: env.KRBKEYS_IMAGE, realm: env.REALM, - externalDomain: env.EXTERNAL_DOMAIN, + external_domain: env.EXTERNAL_DOMAIN, + org_prefix: env.ORGANISATION_PREFIX, }); this.edge = new EdgeDeploy({ diff --git a/lib/clusters.js b/lib/clusters.js index 834bf34..fc774b0 100644 --- a/lib/clusters.js +++ b/lib/clusters.js @@ -25,7 +25,8 @@ export class Clusters { this.fplus = opts.fplus; this.krbkeys = opts.krbkeys; this.realm = opts.realm; - this.domain = opts.externalDomain; + this.domain = opts.external_domain; + this.org = opts.org_prefix; this.log = this.fplus.debug.bound("edge"); this.cdb = this.fplus.ConfigDB; From fed7b656da8428f17107f86e0c744d7a3c14c3fb Mon Sep 17 00:00:00 2001 From: Ben Morrow Date: Fri, 9 Feb 2024 09:53:23 +0000 Subject: [PATCH 2/4] Push a cluster Group address to the ConfigDB --- lib/actions.js | 13 +++++++++++++ lib/clusters.js | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/actions.js b/lib/actions.js index def47f5..3b7a8e6 100644 --- a/lib/actions.js +++ b/lib/actions.js @@ -35,6 +35,7 @@ class Action { this.auth = op.fplus.Auth; this.config = op.config; + this.prefix = op.org_prefix; this.log = op.fplus.debug.bound("cluster"); } @@ -77,12 +78,22 @@ export class Update extends Action { this.log("Setting up cluster %s (%s)", this.name(), uuid); this.update({ spec: this.spec }); + await this.address(); await this.accounts(); await this.repo(); this.update({ ready: true }); this.log("Cluster %s is ready", this.name()); } + async address () { + const { cdb, uuid, spec, prefix } = this; + const name = this.name(); + + const group_id = `${prefix}-${name}`; + this.log("Cluster %s uses Sparkplug group %s", uuid, group_id); + await cdb.put_config(UUIDs.App.SparkplugAddress, uuid, { group_id }); + } + async accounts () { const { auth, cdb, uuid, spec, status } = this; const group = this.config.group; @@ -192,6 +203,8 @@ export class Delete extends Action { this.log("Removing repo for %s", name); await cdb.delete_config(Git.App.Config, uuid); + this.log("Removing Sparkplug group for %s", name); + await cdb.delete_config(UUIDs.App.SparkplugAddress, uuid); this.update(null); this.log("Removed cluster %s (%s)", name, uuid); } diff --git a/lib/clusters.js b/lib/clusters.js index fc774b0..33ca3f7 100644 --- a/lib/clusters.js +++ b/lib/clusters.js @@ -26,7 +26,7 @@ export class Clusters { this.krbkeys = opts.krbkeys; this.realm = opts.realm; this.domain = opts.external_domain; - this.org = opts.org_prefix; + this.org_prefix = opts.org_prefix; this.log = this.fplus.debug.bound("edge"); this.cdb = this.fplus.ConfigDB; From f802204128422381b3cb8d62421a58a402cdeed8 Mon Sep 17 00:00:00 2001 From: Ben Morrow Date: Fri, 9 Feb 2024 11:04:24 +0000 Subject: [PATCH 3/4] Expect things not to exist on delete --- lib/actions.js | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/lib/actions.js b/lib/actions.js index 3b7a8e6..86414da 100644 --- a/lib/actions.js +++ b/lib/actions.js @@ -7,7 +7,7 @@ import rx from "rxjs"; import yaml from "yaml"; -import { UUIDs } from "@amrc-factoryplus/utilities"; +import { UUIDs, ServiceError } from "@amrc-factoryplus/utilities"; import { Checkout } from "./checkout.js"; import { Git, Edge } from "./uuids.js"; @@ -24,6 +24,14 @@ Generated manifests are named 'SERVICE/SUBSYSTEM/*', where SERVICE will normally be 'edo'. `; +function svc_catch (...codes) { + return err => { + if (err instanceof ServiceError && codes.includes(err.status)) + return; + throw err; + }; +} + class Action { constructor (op, uuid, status) { this.op = op; @@ -189,22 +197,28 @@ export class Delete extends Action { const { flux, krbkeys } = status; if (flux) { this.log("Removing op1flux/%s (%s)", name, flux); - await auth.delete_principal(flux); + await auth.delete_principal(flux) + .catch(svc_catch(404)); await auth.remove_from_group(group.flux.uuid, flux); await auth.delete_ace(flux, Git.Perm.Pull, uuid); - await cdb.mark_object_deleted(flux); + await cdb.mark_object_deleted(flux) + .catch(svc_catch(404)); } if (krbkeys) { this.log("Removing op1krbkeys/%s (%s)", name, krbkeys); - await auth.delete_principal(krbkeys); + await auth.delete_principal(krbkeys) + .catch(svc_catch(404)); await auth.remove_from_group(group.krbkeys.uuid, krbkeys); - await cdb.mark_object_deleted(krbkeys); + await cdb.mark_object_deleted(krbkeys) + .catch(svc_catch(404)); } this.log("Removing repo for %s", name); - await cdb.delete_config(Git.App.Config, uuid); + await cdb.delete_config(Git.App.Config, uuid) + .catch(svc_catch(404)); this.log("Removing Sparkplug group for %s", name); - await cdb.delete_config(UUIDs.App.SparkplugAddress, uuid); + await cdb.delete_config(UUIDs.App.SparkplugAddress, uuid) + .catch(svc_catch(404)); this.update(null); this.log("Removed cluster %s (%s)", name, uuid); } From 01773a54e5d67f2eb2a796df39e63765fa8583f7 Mon Sep 17 00:00:00 2001 From: Ben Morrow Date: Fri, 9 Feb 2024 15:22:24 +0000 Subject: [PATCH 4/4] Request permission to edit Sparkplug addresses --- dumps/clusters-auth.json | 10 ++++++++++ dumps/clusters-auth.yaml | 6 ++++++ 2 files changed, 16 insertions(+) diff --git a/dumps/clusters-auth.json b/dumps/clusters-auth.json index 192ac03..dc16181 100644 --- a/dumps/clusters-auth.json +++ b/dumps/clusters-auth.json @@ -72,6 +72,11 @@ "permission": "4a339562-cd57-408d-9d1a-6529a383ea4b", "target": "a807d8fc-63ff-48bb-85c7-82b93beb606e" }, + { + "principal": "26d192cf-73c1-4c14-93cf-1e63743bab08", + "permission": "4a339562-cd57-408d-9d1a-6529a383ea4b", + "target": "8e32801b-f35a-4cbf-a5c3-2af64d3debd7" + }, { "principal": "26d192cf-73c1-4c14-93cf-1e63743bab08", "permission": "6c799ccb-d2ad-4715-a2a7-3c8728d6c0bf", @@ -87,6 +92,11 @@ "permission": "6c799ccb-d2ad-4715-a2a7-3c8728d6c0bf", "target": "38d62a93-b6b4-4f63-bad4-d433e3eaff29" }, + { + "principal": "26d192cf-73c1-4c14-93cf-1e63743bab08", + "permission": "6c799ccb-d2ad-4715-a2a7-3c8728d6c0bf", + "target": "8e32801b-f35a-4cbf-a5c3-2af64d3debd7" + }, { "principal": "26d192cf-73c1-4c14-93cf-1e63743bab08", "permission": "f0b7917b-d475-4888-9d5a-2af96b3c26b6", diff --git a/dumps/clusters-auth.yaml b/dumps/clusters-auth.yaml index 9239766..3312a91 100644 --- a/dumps/clusters-auth.yaml +++ b/dumps/clusters-auth.yaml @@ -66,6 +66,9 @@ aces: - principal: !u E.Requirement.ServiceAccount permission: !u FP.Permission.ConfigDB.ReadConfig target: !u E.App.Bootstrap + - principal: !u E.Requirement.ServiceAccount + permission: !u FP.Permission.ConfigDB.ReadConfig + target: !u FP.App.SparkplugAddress - principal: !u E.Requirement.ServiceAccount permission: !u FP.Permission.ConfigDB.WriteConfig @@ -76,6 +79,9 @@ aces: - principal: !u E.Requirement.ServiceAccount permission: !u FP.Permission.ConfigDB.WriteConfig target: !u G.App.Config + - principal: !u E.Requirement.ServiceAccount + permission: !u FP.Permission.ConfigDB.WriteConfig + target: !u FP.App.SparkplugAddress - principal: !u E.Requirement.ServiceAccount permission: !u FP.Permission.ConfigDB.ManageObjects