refactor out common, postgres
This commit is contained in:
parent
1d00f271d1
commit
aab4521260
5 changed files with 104 additions and 85 deletions
31
src/main/cljc/dda/k8s_keycloak/common.cljc
Normal file
31
src/main/cljc/dda/k8s_keycloak/common.cljc
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
(ns dda.k8s-keycloak.common
|
||||||
|
(:require
|
||||||
|
[clojure.walk]))
|
||||||
|
|
||||||
|
(defn bash-env-string?
|
||||||
|
[input]
|
||||||
|
(and (string? input)
|
||||||
|
(not (re-matches #".*['\"\$]+.*" input))))
|
||||||
|
|
||||||
|
(defn fqdn-string?
|
||||||
|
[input]
|
||||||
|
(and (string? input)
|
||||||
|
(not (nil? (re-matches #"(?=^.{4,253}\.?$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}\.?$)" input)))))
|
||||||
|
|
||||||
|
(defn letsencrypt-issuer?
|
||||||
|
[input]
|
||||||
|
(contains? #{:prod :staging} input))
|
||||||
|
|
||||||
|
(defn replace-named-value
|
||||||
|
[coll name value]
|
||||||
|
(clojure.walk/postwalk #(if (and (map? %)
|
||||||
|
(= name (:name %)))
|
||||||
|
{:name name :value value}
|
||||||
|
%) coll))
|
||||||
|
|
||||||
|
(defn replace-all-matching-values-by-new-value
|
||||||
|
[coll value-to-match value-to-replace]
|
||||||
|
(clojure.walk/postwalk #(if (and (= (type value-to-match) (type %))
|
||||||
|
(= value-to-match %))
|
||||||
|
value-to-replace
|
||||||
|
%) coll))
|
|
@ -1,48 +1,23 @@
|
||||||
(ns dda.k8s-keycloak.core
|
(ns dda.k8s-keycloak.core
|
||||||
(:require
|
(:require
|
||||||
[clojure.string :as cs]
|
[clojure.string :as cs]
|
||||||
[clojure.spec.alpha :as s]
|
[clojure.spec.alpha :as s]
|
||||||
#?(:clj [orchestra.core :refer [defn-spec]]
|
#?(:clj [orchestra.core :refer [defn-spec]]
|
||||||
:cljs [orchestra.core :refer-macros [defn-spec]])
|
:cljs [orchestra.core :refer-macros [defn-spec]])
|
||||||
[dda.k8s-keycloak.yaml :as yaml]
|
[dda.k8s-keycloak.yaml :as yaml]
|
||||||
[clojure.walk]))
|
[dda.k8s-keycloak.common :as cm]
|
||||||
|
[dda.k8s-keycloak.postgres :as pg]))
|
||||||
|
|
||||||
(defn bash-env-string?
|
(s/def ::keycloak-admin-user cm/bash-env-string?)
|
||||||
[input]
|
(s/def ::keycloak-admin-password cm/bash-env-string?)
|
||||||
(and (string? input)
|
(s/def ::fqdn cm/fqdn-string?)
|
||||||
(not (re-matches #".*['\"\$]+.*" input))))
|
(s/def ::issuer cm/letsencrypt-issuer?)
|
||||||
|
|
||||||
(defn fqdn-string?
|
|
||||||
[input]
|
|
||||||
(and (string? input)
|
|
||||||
(not (nil? (re-matches #"(?=^.{4,253}\.?$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}\.?$)" input)))))
|
|
||||||
|
|
||||||
(s/def ::keycloak-admin-user bash-env-string?)
|
|
||||||
(s/def ::keycloak-admin-password bash-env-string?)
|
|
||||||
(s/def ::postgres-db-user bash-env-string?)
|
|
||||||
(s/def ::postgres-db-password bash-env-string?)
|
|
||||||
(s/def ::fqdn fqdn-string?)
|
|
||||||
(s/def ::issuer #{:prod :staging})
|
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::fqdn]
|
(def config? (s/keys :req-un [::fqdn]
|
||||||
:opt-un [::issuer]))
|
:opt-un [::issuer]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::keycloak-admin-user ::keycloak-admin-password
|
(def auth? (s/keys :req-un [::keycloak-admin-user ::keycloak-admin-password
|
||||||
::postgres-db-user ::postgres-db-password]))
|
::pg/postgres-db-user ::pg/postgres-db-password]))
|
||||||
|
|
||||||
(defn replace-named-value
|
|
||||||
[coll name value]
|
|
||||||
(clojure.walk/postwalk #(if (and (map? %)
|
|
||||||
(= name (:name %)))
|
|
||||||
{:name name :value value}
|
|
||||||
%) coll))
|
|
||||||
|
|
||||||
(defn replace-all-matching-values-by-new-value
|
|
||||||
[coll value-to-match value-to-replace]
|
|
||||||
(clojure.walk/postwalk #(if (and (= (type value-to-match) (type %))
|
|
||||||
(= value-to-match %))
|
|
||||||
value-to-replace
|
|
||||||
%) coll))
|
|
||||||
|
|
||||||
(defn generate-config [my-config my-auth]
|
(defn generate-config [my-config my-auth]
|
||||||
(->
|
(->
|
||||||
|
@ -50,25 +25,15 @@
|
||||||
(assoc-in [:data :config.edn] (str my-config))
|
(assoc-in [:data :config.edn] (str my-config))
|
||||||
(assoc-in [:data :credentials.edn] (str my-auth))))
|
(assoc-in [:data :credentials.edn] (str my-auth))))
|
||||||
|
|
||||||
(defn generate-postgres-config []
|
|
||||||
(yaml/from-string (yaml/load-resource "postgres/config.yaml")))
|
|
||||||
|
|
||||||
(defn generate-deployment [my-auth]
|
(defn generate-deployment [my-auth]
|
||||||
(let [{:keys [postgres-db-user postgres-db-password
|
(let [{:keys [postgres-db-user postgres-db-password
|
||||||
keycloak-admin-user keycloak-admin-password]} my-auth]
|
keycloak-admin-user keycloak-admin-password]} my-auth]
|
||||||
(->
|
(->
|
||||||
(yaml/from-string (yaml/load-resource "keycloak/deployment.yaml"))
|
(yaml/from-string (yaml/load-resource "keycloak/deployment.yaml"))
|
||||||
(replace-named-value "KEYCLOAK_USER" keycloak-admin-user)
|
(cm/replace-named-value "KEYCLOAK_USER" keycloak-admin-user)
|
||||||
(replace-named-value "DB_USER" postgres-db-user)
|
(cm/replace-named-value "DB_USER" postgres-db-user)
|
||||||
(replace-named-value "DB_PASSWORD" postgres-db-password)
|
(cm/replace-named-value "DB_PASSWORD" postgres-db-password)
|
||||||
(replace-named-value "KEYCLOAK_PASSWORD" keycloak-admin-password))))
|
(cm/replace-named-value "KEYCLOAK_PASSWORD" keycloak-admin-password))))
|
||||||
|
|
||||||
(defn generate-postgres-deployment [my-auth]
|
|
||||||
(let [{:keys [postgres-db-user postgres-db-password]} my-auth]
|
|
||||||
(->
|
|
||||||
(yaml/from-string (yaml/load-resource "postgres/deployment.yaml"))
|
|
||||||
(replace-named-value "POSTGRES_USER" postgres-db-user)
|
|
||||||
(replace-named-value "POSTGRES_PASSWORD" postgres-db-password))))
|
|
||||||
|
|
||||||
(defn generate-certificate [config]
|
(defn generate-certificate [config]
|
||||||
(let [{:keys [fqdn issuer]
|
(let [{:keys [fqdn issuer]
|
||||||
|
@ -87,23 +52,20 @@
|
||||||
(->
|
(->
|
||||||
(yaml/from-string (yaml/load-resource "keycloak/ingress.yaml"))
|
(yaml/from-string (yaml/load-resource "keycloak/ingress.yaml"))
|
||||||
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
|
||||||
(replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
|
||||||
|
|
||||||
(defn generate-service []
|
(defn generate-service []
|
||||||
(yaml/from-string (yaml/load-resource "keycloak/service.yaml")))
|
(yaml/from-string (yaml/load-resource "keycloak/service.yaml")))
|
||||||
|
|
||||||
(defn generate-postgres-service []
|
|
||||||
(yaml/from-string (yaml/load-resource "postgres/service.yaml")))
|
|
||||||
|
|
||||||
(defn-spec generate any?
|
(defn-spec generate any?
|
||||||
[my-config config?
|
[my-config config?
|
||||||
my-auth auth?]
|
my-auth auth?]
|
||||||
(cs/join "\n"
|
(cs/join "\n"
|
||||||
[(yaml/to-string (generate-postgres-config))
|
[(yaml/to-string (pg/generate-config))
|
||||||
"---"
|
"---"
|
||||||
(yaml/to-string (generate-postgres-service))
|
(yaml/to-string (pg/generate-service))
|
||||||
"---"
|
"---"
|
||||||
(yaml/to-string (generate-postgres-deployment my-auth))
|
(yaml/to-string (pg/generate-deployment my-auth))
|
||||||
"---"
|
"---"
|
||||||
(yaml/to-string (generate-config my-config my-auth))
|
(yaml/to-string (generate-config my-config my-auth))
|
||||||
"---"
|
"---"
|
||||||
|
|
21
src/main/cljc/dda/k8s_keycloak/postgres.cljc
Normal file
21
src/main/cljc/dda/k8s_keycloak/postgres.cljc
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
(ns dda.k8s-keycloak.postgres
|
||||||
|
(:require
|
||||||
|
[clojure.spec.alpha :as s]
|
||||||
|
[dda.k8s-keycloak.yaml :as yaml]
|
||||||
|
[dda.k8s-keycloak.common :as cm]))
|
||||||
|
|
||||||
|
(s/def ::postgres-db-user cm/bash-env-string?)
|
||||||
|
(s/def ::postgres-db-password cm/bash-env-string?)
|
||||||
|
|
||||||
|
(defn generate-config []
|
||||||
|
(yaml/from-string (yaml/load-resource "postgres/config.yaml")))
|
||||||
|
|
||||||
|
(defn generate-deployment [my-auth]
|
||||||
|
(let [{:keys [postgres-db-user postgres-db-password]} my-auth]
|
||||||
|
(->
|
||||||
|
(yaml/from-string (yaml/load-resource "postgres/deployment.yaml"))
|
||||||
|
(cm/replace-named-value "POSTGRES_USER" postgres-db-user)
|
||||||
|
(cm/replace-named-value "POSTGRES_PASSWORD" postgres-db-password))))
|
||||||
|
|
||||||
|
(defn generate-service []
|
||||||
|
(yaml/from-string (yaml/load-resource "postgres/service.yaml")))
|
|
@ -90,30 +90,3 @@
|
||||||
:readinessProbe {:httpGet {:path "/auth/realms/master", :port 8080}}}]}}}}
|
:readinessProbe {:httpGet {:path "/auth/realms/master", :port 8080}}}]}}}}
|
||||||
(cut/generate-deployment {:keycloak-admin-user "testuser" :keycloak-admin-password "test1234"
|
(cut/generate-deployment {:keycloak-admin-user "testuser" :keycloak-admin-password "test1234"
|
||||||
:postgres-db-user "db-user" :postgres-db-password "db-password"}))))
|
:postgres-db-user "db-user" :postgres-db-password "db-password"}))))
|
||||||
|
|
||||||
(deftest should-generate-postgres-deployment
|
|
||||||
(is (= {:apiVersion "apps/v1"
|
|
||||||
:kind "Deployment"
|
|
||||||
:metadata {:name "postgresql"}
|
|
||||||
:spec
|
|
||||||
{:selector {:matchLabels {:app "postgresql"}}
|
|
||||||
:strategy {:type "Recreate"}
|
|
||||||
:template
|
|
||||||
{:metadata {:labels {:app "postgresql"}}
|
|
||||||
:spec
|
|
||||||
{:containers
|
|
||||||
[{:image "postgres"
|
|
||||||
:name "postgresql"
|
|
||||||
:env
|
|
||||||
[{:name "POSTGRES_USER", :value "psqluser"}
|
|
||||||
{:name "POSTGRES_DB", :value "keycloak"}
|
|
||||||
{:name "POSTGRES_PASSWORD", :value "test1234"}]
|
|
||||||
:ports [{:containerPort 5432, :name "postgresql"}]
|
|
||||||
:cmd nil
|
|
||||||
:volumeMounts
|
|
||||||
[{:name "postgres-config-volume"
|
|
||||||
:mountPath "/etc/postgresql/postgresql.conf"
|
|
||||||
:subPath "postgresql.conf"
|
|
||||||
:readOnly true}]}]
|
|
||||||
:volumes [{:name "postgres-config-volume", :configMap {:name "postgres-config"}}]}}}}
|
|
||||||
(cut/generate-postgres-deployment {:postgres-db-user "psqluser" :postgres-db-password "test1234"}))))
|
|
||||||
|
|
32
src/test/cljc/dda/k8s_keycloak/postgres_test.cljc
Normal file
32
src/test/cljc/dda/k8s_keycloak/postgres_test.cljc
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
(ns dda.k8s-keycloak.postgres-test
|
||||||
|
(:require
|
||||||
|
#?(:clj [clojure.test :refer [deftest is are testing run-tests]]
|
||||||
|
:cljs [cljs.test :refer-macros [deftest is are testing run-tests]])
|
||||||
|
[dda.k8s-keycloak.postgres :as cut]))
|
||||||
|
|
||||||
|
(deftest should-generate-postgres-deployment
|
||||||
|
(is (= {:apiVersion "apps/v1"
|
||||||
|
:kind "Deployment"
|
||||||
|
:metadata {:name "postgresql"}
|
||||||
|
:spec
|
||||||
|
{:selector {:matchLabels {:app "postgresql"}}
|
||||||
|
:strategy {:type "Recreate"}
|
||||||
|
:template
|
||||||
|
{:metadata {:labels {:app "postgresql"}}
|
||||||
|
:spec
|
||||||
|
{:containers
|
||||||
|
[{:image "postgres"
|
||||||
|
:name "postgresql"
|
||||||
|
:env
|
||||||
|
[{:name "POSTGRES_USER", :value "psqluser"}
|
||||||
|
{:name "POSTGRES_DB", :value "keycloak"}
|
||||||
|
{:name "POSTGRES_PASSWORD", :value "test1234"}]
|
||||||
|
:ports [{:containerPort 5432, :name "postgresql"}]
|
||||||
|
:cmd nil
|
||||||
|
:volumeMounts
|
||||||
|
[{:name "postgres-config-volume"
|
||||||
|
:mountPath "/etc/postgresql/postgresql.conf"
|
||||||
|
:subPath "postgresql.conf"
|
||||||
|
:readOnly true}]}]
|
||||||
|
:volumes [{:name "postgres-config-volume", :configMap {:name "postgres-config"}}]}}}}
|
||||||
|
(cut/generate-deployment {:postgres-db-user "psqluser" :postgres-db-password "test1234"}))))
|
Loading…
Reference in a new issue