refactor: lazy configuration of oci auth and signature verification s…

…ecrets (#168) ## Description Previously we were required to configure auth and signature verification secrets before we even add any oci rules. Now we can lazily create the auth and signature verification secrets as we create the rules. ie no need to prep all your pubkeys and creds before you even set up your rule. This PR also does the following: - Refactors readOciPluginRules to follow the same pattern as all the other plugins. - This change addresses an issue with `--reconfigure`ing oci rules. Previously rule updates werent getting properly persisted - ~Refactors integration tests~ - ~It ensures that we actually run the `validator install --apply` tests which should really bump our code coverage up by a lot~ - ~Covers the case of provisioning a new kind cluster or using a pre-provisioned cluster~ - Fixes a bug where `validator install --apply` was no longer working due to the kind cluster not starting up ### ~Context on the integration test refactor~ ~The reason for the big changes in the integration tests were that i had noticed the oci plugin integration tests were passing without me updating any of the prompts when they clearly shouldnt pass. This got me down a rabbit hole of investigating why they were passing and eventually making the necessary changes. While doing this, it uncovered a few other issues. For the sake of not adding even more to this PR, i've marked some `TODOs` around things that need to be fixed. IMO we should fix them in follow ups shortly after this PR is eventually merged.~ ### Out of scope follow up work 1. Add support for oci auth being configured with no secrets. This will allow us to run `validator rules check` on a private oci registry 2. Fix and re-enable maas integration tests 3. Fix the minor UX issues noted for the vsphere plugin values
validator-labs · Aug 15, 2024 · cc2c056 · cc2c056
1 parent 0912f6e
commit cc2c056
Show file tree

Hide file tree

Showing 6 changed files with 151 additions and 186 deletions.
diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/spectrocloud-labs/prompts-tui v0.1.1
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
-	github.com/validator-labs/validator v0.1.4
+	github.com/validator-labs/validator v0.1.5
 	github.com/validator-labs/validator-plugin-aws v0.1.4
 	github.com/validator-labs/validator-plugin-azure v0.0.16
 	github.com/validator-labs/validator-plugin-maas v0.0.8-0.20240809210245-5894f5118612
@@ -258,7 +258,7 @@ require (
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
 	k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
-	sigs.k8s.io/cluster-api v1.8.0 // indirect
+	sigs.k8s.io/cluster-api v1.8.1 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/release-utils v0.8.4 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect

diff --git a/go.sum b/go.sum
@@ -860,8 +860,8 @@ github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=
 github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
-github.com/validator-labs/validator v0.1.4 h1:NWmOwJMciLGvJ/zfOAiYRvXNtlB4MUj0PeQ0sr8Vits=
-github.com/validator-labs/validator v0.1.4/go.mod h1:UwuzW7ebeg8HTei2fBDHtMgEvs2gYQsBLawjYsUcMjY=
+github.com/validator-labs/validator v0.1.5 h1:9MAmxm4y33W2DjKNifrBQNq58VF4Oety15vZi2xv1fU=
+github.com/validator-labs/validator v0.1.5/go.mod h1:+O3N6l3JncmREk6nDcATNxEQ3ukZKkyI1HrSMwH3YOA=
 github.com/validator-labs/validator-plugin-aws v0.1.4 h1:0SMEIddrCRJfHvsqkyMCmkDQ5zfLHnju0ZDlAMEnr1M=
 github.com/validator-labs/validator-plugin-aws v0.1.4/go.mod h1:Nh/RM9SygPPV9aMmMoOHg7PnYlCRYEHeOfOQ0qk5hBs=
 github.com/validator-labs/validator-plugin-azure v0.0.16 h1:ttQmsmF8sG2Q6WPaTxzJ/rOYom4gR3TnNVxlQkMW0Po=
@@ -1184,8 +1184,8 @@ launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80
 launchpad.net/xmlpath v0.0.0-20130614043138-000000000004/go.mod h1:vqyExLOM3qBx7mvYRkoxjSCF945s0mbe7YynlKYXtsA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.0 h1:Tc9rS7JJoZ9sl3OpL4842oIk6lH7gWBb0JOmJ0ute7M=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.0/go.mod h1:1ewhL9l1gkPcU/IU/6rFYfikf+7Y5imWv7ARVbBOzNs=
-sigs.k8s.io/cluster-api v1.8.0 h1:xdF9svGCbezxOn9Y6QmlVnNaZ0n9QkRJpNuKJkeorUw=
-sigs.k8s.io/cluster-api v1.8.0/go.mod h1:iSUcU8rHBNRa6wZJvU6klHKI3EVQC0aMcgjeSofBwKw=
+sigs.k8s.io/cluster-api v1.8.1 h1:OA3w1CjCmXXXDL7aY3WDe+seL0mdFVJX1K5mZwqKbDE=
+sigs.k8s.io/cluster-api v1.8.1/go.mod h1:pXv5LqLxuIbhGIXykyNKiJh+KrLweSBajVHHitPLyoY=
 sigs.k8s.io/controller-runtime v0.18.5 h1:nTHio/W+Q4aBlQMgbnC5hZb4IjIidyrizMai9P6n4Rk=
 sigs.k8s.io/controller-runtime v0.18.5/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=

diff --git a/pkg/cmd/validator/validator.go b/pkg/cmd/validator/validator.go
@@ -137,7 +137,7 @@ func InstallValidatorCommand(c *cfg.Config, tc *cfg.TaskConfig) error {
 		log.InfoCLI("validator configuration file: %s", tc.ConfigFile)
 	}
 
-	if tc.Apply {
+	if tc.CreateConfigOnly && tc.Apply {
 		if !configProvided {
 			tc.Reconfigure = true
 		}
@@ -156,6 +156,15 @@ func InstallValidatorCommand(c *cfg.Config, tc *cfg.TaskConfig) error {
 		}
 	}
 
+	if tc.Apply {
+		if !configProvided {
+			tc.Reconfigure = true
+		}
+		if err := ConfigureOrCheckCommand(c, tc); err != nil {
+			return err
+		}
+	}
+
 	if err := deployValidatorAndPlugins(c, vc); err != nil {
 		return err
 	}

diff --git a/pkg/config/constants.go b/pkg/config/constants.go
@@ -53,9 +53,11 @@ const (
 	ValidatorVsphereVersionConstraint    = ">= 6.0, < 9.0"
 	ValidatorVspherePrivilegeFile        = "vsphere-root-level-privileges-all.yaml"
 
-	AWSPolicyDocumentPrompt  = "# Provide the AWS policy document for IAM validation rule. The policy document should be in JSON format. Type :wq to save and exit (if using vi).\n"
-	AzurePermissionSetPrompt = "# Provide the Azure permission set for IAM validation rule. The permission set should be in JSON format. Type :wq to save and exit (if using vi).\n"
-	VcenterPrivilegePrompt   = "# All valid vCenter privileges are on the lines below.\n# Edit as you see fit (comments are ignored). The file should contain a list of privileges, newline separated.\n# Type :wq to save and exit (if using vi).\n\n"
+	AWSPolicyDocumentPrompt   = "# Provide the AWS policy document for IAM validation rule. The policy document should be in JSON format. Type :wq to save and exit (if using vi).\n"
+	AzurePermissionSetPrompt  = "# Provide the Azure permission set for IAM validation rule. The permission set should be in JSON format. Type :wq to save and exit (if using vi).\n"
+	VcenterPrivilegePrompt    = "# All valid vCenter privileges are on the lines below.\n# Edit as you see fit (comments are ignored). The file should contain a list of privileges, newline separated.\n# Type :wq to save and exit (if using vi).\n\n"
+	OciCreateNewAuthSecPrompt = "Create a new registry authentication secret"
+	OciCreateNewSigSecPrompt  = "Create a new signature verification secret"
 
 	// Embed dirs
 	Kind      string = "kind"