From d3dd3ca5efbbf2b85e7894aa315edd6b3d363219 Mon Sep 17 00:00:00 2001 From: Clemens Date: Wed, 17 Jul 2024 14:18:08 +0200 Subject: [PATCH] split auth and config --- project.clj | 2 +- src/main/clj/dda/c4k_forgejo/uberjar.clj | 5 ++- src/main/cljc/dda/c4k_forgejo/core.cljc | 51 +++++++++++++--------- src/main/cljs/dda/c4k_forgejo/browser.cljs | 36 ++++++++------- 4 files changed, 55 insertions(+), 39 deletions(-) diff --git a/project.clj b/project.clj index 39bdde4..a2fe8aa 100644 --- a/project.clj +++ b/project.clj @@ -5,7 +5,7 @@ :url "https://www.apache.org/licenses/LICENSE-2.0.html"} :dependencies [[org.clojure/clojure "1.11.3" :scope "provided"] [org.clojure/tools.reader "1.4.2"] - [org.domaindrivenarchitecture/c4k-common-clj "6.4.1"] + [org.domaindrivenarchitecture/c4k-common-clj "6.4.2-SNAPSHOT"] ; TODO: Release version with refactorings and update here [hickory "0.7.1" :exclusions [viebel/codox-klipse-theme]]] :target-path "target/%s/" :source-paths ["src/main/cljc" diff --git a/src/main/clj/dda/c4k_forgejo/uberjar.clj b/src/main/clj/dda/c4k_forgejo/uberjar.clj index 14338d6..42b2098 100644 --- a/src/main/clj/dda/c4k_forgejo/uberjar.clj +++ b/src/main/clj/dda/c4k_forgejo/uberjar.clj @@ -7,10 +7,11 @@ (set! *warn-on-reflection* true) (defn -main [& cmd-args] - (uberjar/main-common + (uberjar/main-cm "c4k-forgejo" core/config? core/auth? core/config-defaults - core/k8s-objects + core/config-objects + core/auth-objects cmd-args)) diff --git a/src/main/cljc/dda/c4k_forgejo/core.cljc b/src/main/cljc/dda/c4k_forgejo/core.cljc index 9b39ce1..ca0c3a5 100644 --- a/src/main/cljc/dda/c4k_forgejo/core.cljc +++ b/src/main/cljc/dda/c4k_forgejo/core.cljc @@ -1,25 +1,25 @@ (ns dda.c4k-forgejo.core - (:require - [clojure.spec.alpha :as s] - [dda.c4k-common.yaml :as yaml] - [dda.c4k-common.common :as cm] - [dda.c4k-common.monitoring :as mon] - [dda.c4k-forgejo.forgejo :as forgejo] - [dda.c4k-forgejo.backup :as backup] - [dda.c4k-common.postgres :as postgres] - [dda.c4k-common.namespace :as ns])) + (:require + [clojure.spec.alpha :as s] + [dda.c4k-common.yaml :as yaml] + [dda.c4k-common.common :as cm] + [dda.c4k-common.monitoring :as mon] + [dda.c4k-forgejo.forgejo :as forgejo] + [dda.c4k-forgejo.backup :as backup] + [dda.c4k-common.postgres :as postgres] + [dda.c4k-common.namespace :as ns])) (def config-defaults {:issuer "staging", :deploy-federated "false"}) (def rate-limit-defaults {:max-rate 10, :max-concurrent-requests 5}) -(def config? (s/keys :req-un [::forgejo/fqdn - ::forgejo/mailer-from - ::forgejo/mailer-host +(def config? (s/keys :req-un [::forgejo/fqdn + ::forgejo/mailer-from + ::forgejo/mailer-host ::forgejo/mailer-port ::forgejo/service-noreply-address] - :opt-un [::forgejo/issuer + :opt-un [::forgejo/issuer ::forgejo/deploy-federated - ::forgejo/default-app-name + ::forgejo/default-app-name ::forgejo/service-domain-whitelist ::forgejo/forgejo-image-version-overwrite ::backup/restic-repository @@ -39,7 +39,7 @@ :postgres-image "postgres:14" :postgres-size :2gb}) -(defn k8s-objects [config auth] ; ToDo: ADR for generate functions - vector or no vector? +(defn config-objects [config] ; ToDo: ADR for generate functions - vector or no vector? (let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path) resolved-config (merge {:namespace "forgejo"} postgres-config config)] (map yaml/to-string @@ -47,7 +47,6 @@ (cm/concat-vec (ns/generate resolved-config) [(postgres/generate-config resolved-config) - (postgres/generate-secret {:namespace "forgejo"} auth) (when (contains? resolved-config :postgres-data-volume-path) (postgres/generate-persistent-volume (select-keys resolved-config [:postgres-data-volume-path :pv-storage-size-gb]))) (postgres/generate-pvc (merge resolved-config {:pvc-storage-class-name storage-class})) @@ -57,13 +56,25 @@ (forgejo/generate-service) (forgejo/generate-service-ssh) (forgejo/generate-data-volume resolved-config) - (forgejo/generate-appini-env resolved-config) - (forgejo/generate-secrets auth)] ; this does not have a vector as output + (forgejo/generate-appini-env resolved-config)] (forgejo/generate-ratelimit-ingress-and-cert resolved-config) ; this function has a vector as output (when (contains? resolved-config :restic-repository) [(backup/generate-config resolved-config) - (backup/generate-secret auth) (backup/generate-cron) (backup/generate-backup-restore-deployment resolved-config)]) (when (:contains? resolved-config :mon-cfg) - (mon/generate (:mon-cfg resolved-config) (:mon-auth auth)))))))) + (mon/generate-config))))))) + +(defn auth-objects [config auth] ; ToDo: ADR for generate functions - vector or no vector? + (let [storage-class (if (contains? config :postgres-data-volume-path) :manual :local-path) + resolved-config (merge {:namespace "forgejo"} postgres-config config)] + (map yaml/to-string + (filter #(not (nil? %)) + (cm/concat-vec + (ns/generate resolved-config) + [(postgres/generate-secret {:namespace "forgejo"} auth) + (forgejo/generate-secrets auth)] + (when (contains? resolved-config :restic-repository) + [(backup/generate-secret auth)]) + (when (:contains? resolved-config :mon-cfg) + (mon/generate-auth (:mon-cfg resolved-config) (:mon-auth auth)))))))) diff --git a/src/main/cljs/dda/c4k_forgejo/browser.cljs b/src/main/cljs/dda/c4k_forgejo/browser.cljs index 70caf09..ba59420 100644 --- a/src/main/cljs/dda/c4k_forgejo/browser.cljs +++ b/src/main/cljs/dda/c4k_forgejo/browser.cljs @@ -4,7 +4,7 @@ [clojure.tools.reader.edn :as edn] [dda.c4k-forgejo.core :as core] [dda.c4k-forgejo.forgejo :as forgejo] - [dda.c4k-common.browser :as br] + [dda.c4k-common.browser :as br] [dda.c4k-common.common :as cm])) (defn generate-group @@ -73,14 +73,13 @@ :mailer-host (br/get-content-from-element "mailer-host") :mailer-port (br/get-content-from-element "mailer-port") :service-noreply-address (br/get-content-from-element "service-noreply-address") - :volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)} + :volume-total-storage-size (br/get-content-from-element "volume-total-storage-size" :deserializer js/parseInt)} (when (not (st/blank? issuer)) {:issuer issuer}) (when (not (st/blank? app-name)) {:default-app-name app-name}) (when (not (st/blank? domain-whitelist)) - {:service-domain-whitelist domain-whitelist}) - ))) + {:service-domain-whitelist domain-whitelist})))) (defn validate-all! [] (br/validate! "fqdn" ::forgejo/fqdn) @@ -91,7 +90,7 @@ (br/validate! "deploy-federated" ::forgejo/deploy-federated :optional true) (br/validate! "issuer" ::forgejo/issuer :optional true) (br/validate! "app-name" ::forgejo/default-app-name :optional true) - (br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true) + (br/validate! "domain-whitelist" ::forgejo/service-domain-whitelist :optional true) (br/validate! "volume-total-storage-size" ::forgejo/volume-total-storage-size :deserializer js/parseInt) (br/validate! "auth" forgejo/auth? :deserializer edn/read-string) (br/set-form-validated!)) @@ -103,16 +102,21 @@ (defn init [] (br/append-hickory (generate-content-div)) - (-> js/document - (.getElementById "generate-button") - (.addEventListener "click" - #(do (validate-all!) - (-> (cm/generate-common - (config-from-document) - (br/get-content-from-element "auth" :deserializer edn/read-string) - core/config-defaults - core/k8s-objects) - (br/set-output!))))) + (let [config-only false + auth-only false] + (-> js/document + (.getElementById "generate-button") + (.addEventListener "click" + #(do (validate-all!) + (-> (cm/generate-cm + (config-from-document) + (br/get-content-from-element "auth" :deserializer edn/read-string) + core/config-defaults + core/config-objects + core/auth-objects + config-only + auth-only) + (br/set-output!)))))) (add-validate-listener "fqdn") (add-validate-listener "deploy-federated") (add-validate-listener "mailer-from") @@ -120,7 +124,7 @@ (add-validate-listener "mailer-port") (add-validate-listener "service-noreply-address") (add-validate-listener "app-name") - (add-validate-listener "domain-whitelist") + (add-validate-listener "domain-whitelist") (add-validate-listener "volume-total-storage-size") (add-validate-listener "issuer") (add-validate-listener "auth")) \ No newline at end of file