From 167c58be08502fb6cd6c867ad1074489161cf9b5 Mon Sep 17 00:00:00 2001 From: jerger Date: Mon, 26 Dec 2022 18:04:53 +0100 Subject: [PATCH] breaking: rename ingress-cert -> ingress & add generateingress-and-cert --- .../{ingress_cert.cljc => ingress.cljc} | 18 ++++- ...gress_cert_test.cljc => ingress_test.cljc} | 68 ++++++++++++++++--- 2 files changed, 74 insertions(+), 12 deletions(-) rename src/main/cljc/dda/c4k_common/{ingress_cert.cljc => ingress.cljc} (80%) rename src/test/cljc/dda/c4k_common/{ingress_cert_test.cljc => ingress_test.cljc} (51%) diff --git a/src/main/cljc/dda/c4k_common/ingress_cert.cljc b/src/main/cljc/dda/c4k_common/ingress.cljc similarity index 80% rename from src/main/cljc/dda/c4k_common/ingress_cert.cljc rename to src/main/cljc/dda/c4k_common/ingress.cljc index 9d671e7..b096c2f 100644 --- a/src/main/cljc/dda/c4k_common/ingress_cert.cljc +++ b/src/main/cljc/dda/c4k_common/ingress.cljc @@ -1,4 +1,4 @@ -(ns dda.c4k-common.ingress-cert +(ns dda.c4k-common.ingress (:require [clojure.spec.alpha :as s] #?(:cljs [shadow.resource :as rc]) @@ -18,12 +18,17 @@ (s/def ::service-port pos-int?) (s/def ::fqdns (s/coll-of pred/fqdn-string?)) +(def simple-ingress? (s/keys :req-un [::fqdns ::service-name ::service-port] + :opt-un [::issuer])) + (def ingress? (s/keys :req-un [::fqdns ::app-name ::ingress-name ::service-name ::service-port] :opt-un [::issuer ::cert-name])) (def certificate? (s/keys :req-un [::fqdns ::app-name ::cert-name] :opt-un [::issuer])) +(def ingress-defaults {:issuer "staging"}) + #?(:cljs (defmethod yaml/load-resource :ingress [resource-name] (case resource-name @@ -66,3 +71,14 @@ (assoc-in [:spec :commonName] (first fqdns)) (assoc-in [:spec :dnsNames] fqdns) (assoc-in [:spec :issuerRef :name] letsencrypt-issuer)))) + +(defn-spec generate-ingress-and-cert any? + [simple-ingress-config simple-ingress?] + (let [{:keys [service-name]} simple-ingress-config + config (merge {:app-name service-name + :ingress-name service-name + :cert-name service-name} + ingress-defaults + simple-ingress-config)] + [(generate-certificate config) + (generate-ingress config)])) \ No newline at end of file diff --git a/src/test/cljc/dda/c4k_common/ingress_cert_test.cljc b/src/test/cljc/dda/c4k_common/ingress_test.cljc similarity index 51% rename from src/test/cljc/dda/c4k_common/ingress_cert_test.cljc rename to src/test/cljc/dda/c4k_common/ingress_test.cljc index 7a28967..b35c14b 100644 --- a/src/test/cljc/dda/c4k_common/ingress_cert_test.cljc +++ b/src/test/cljc/dda/c4k_common/ingress_test.cljc @@ -1,13 +1,14 @@ -(ns dda.c4k-common.ingress-cert-test +(ns dda.c4k-common.ingress-test (:require #?(:clj [clojure.test :refer [deftest is are testing run-tests]] :cljs [cljs.test :refer-macros [deftest is are testing run-tests]]) [clojure.spec.test.alpha :as st] - [dda.c4k-common.ingress-cert :as cut])) + [dda.c4k-common.ingress :as cut])) (st/instrument `cut/generate-host-rule) (st/instrument `cut/generate-ingress) (st/instrument `cut/generate-certificate) +(st/instrument `cut/generate-ingress-and-cert) (deftest should-generate-rule (is (= {:host "test.com", @@ -26,14 +27,19 @@ {:name "test-io-https-ingress", :namespace "default", :labels {:app.kubernetes.part-of "c4k-common-app"}, - :annotations #:traefik.ingress.kubernetes.io{:router.entrypoints "web, websecure", :router.middlewares "default-redirect-https@kubernetescrd"}}} + :annotations {:traefik.ingress.kubernetes.io/router.entrypoints + "web, websecure" + :traefik.ingress.kubernetes.io/router.middlewares + "default-redirect-https@kubernetescrd" + :metallb.universe.tf/address-pool "public"}}} (dissoc (cut/generate-ingress {:issuer "prod" :service-name "test-io-service" :app-name "c4k-common-app" :service-port 80 :ingress-name "test-io-https-ingress" - :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}) :spec))) + :fqdns ["test.de" "www.test.de" "test-it.de" + "www.test-it.de"]}) :spec))) (is (= {:tls [{:hosts ["test.de" "www.test.de" "test-it.de" "www.test-it.de"], @@ -52,12 +58,14 @@ :http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "test-io-service", :port {:number 80}}}}]}}]} (:spec (cut/generate-ingress {:issuer "prod" - :app-name "c4k-common-app" - :service-name "test-io-service" - :service-port 80 - :ingress-name "test-io-https-ingress" - :cert-name "test-io-cert" - :fqdns ["test.de" "www.test.de" "test-it.de" "www.test-it.de"]}))))) + :app-name "c4k-common-app" + :service-name "test-io-service" + :service-port 80 + :ingress-name "test-io-https-ingress" + :cert-name "test-io-cert" + :fqdns ["test.de" "www.test.de" + "test-it.de" + "www.test-it.de"]}))))) (deftest should-generate-certificate (is (= {:apiVersion "cert-manager.io/v1", @@ -75,4 +83,42 @@ (cut/generate-certificate {:fqdns ["test.de" "test.org" "www.test.de" "www.test.org"] :app-name "c4k-common-app" :cert-name "test-io-cert" - :issuer "prod"})))) \ No newline at end of file + :issuer "prod"})))) + +(deftest should-generate-ingress-and-cert + (is (= [{:apiVersion "cert-manager.io/v1", + :kind "Certificate", + :metadata + {:name "web", + :labels {:app.kubernetes.part-of "web"}, + :namespace "default"}, + :spec + {:secretName "web", + :commonName "test.jit.si", + :duration "2160h", + :renewBefore "360h", + :dnsNames ["test.jit.si"], + :issuerRef {:name "staging", :kind "ClusterIssuer"}}} + {:apiVersion "networking.k8s.io/v1", + :kind "Ingress", + :metadata + {:name "web", + :namespace "default", + :labels {:app.kubernetes.part-of "web"}, + :annotations + {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure", + :traefik.ingress.kubernetes.io/router.middlewares + "default-redirect-https@kubernetescrd", + :metallb.universe.tf/address-pool "public"}}, + :spec + {:tls [{:hosts ["test.jit.si"], :secretName "web"}], + :rules + [{:host "test.jit.si", + :http {:paths [{:path "/", + :pathType "Prefix", + :backend + {:service {:name "web", + :port {:number 80}}}}]}}]}}] + (cut/generate-ingress-and-cert {:fqdns ["test.jit.si"] + :service-name "web" + :service-port 80})))) \ No newline at end of file