provs now is working

2025-01-08 16:51:58 +01:00 · 2025-01-08 16:51:58 +01:00 · 907332c15b
commit 907332c15b
parent af055dccbe
5 changed files with 125 additions and 19 deletions
--- a/src/dda/build/provs.clj
+++ b/src/dda/build/provs.clj
@ -5,12 +5,14 @@
            [cheshire.core :refer [generate-string]]
            [dda.build.c4k :as c4k]
            [dda.build.terragrunt :as tg]
+            [dda.build.config :as cfg]
            [dda.build.provs.domain :as domain]
            [dda.build.infrastructure :as i]))

 (def default
  (merge c4k/default
-         {:k3s-output-filename "out_k3sServerConfig.yaml"
+         {:k3s-output-filename "out_k3sServerConfig.json"
+          :k3s-auth-input "k3s-auth.edn"
          :k3s-provision-user "root"
          :echo false}))
 (s/def ::provs (s/merge ::c4k/c4k
@ -28,9 +30,10 @@
 (defn-spec write-k3s-config! nil?
  [devops ::provs
   tf-out ::tg/tf-out]
-  (let [config (merge default devops)
-        tf-out-k3s-config (domain/create-k3s-config config tf-out)]
-    (->> tf-out-k3s-config
+  (let [config (merge default devops)]
+    (->> (domain/create-k3s-config 
+          (merge (cfg/read-config (domain/auth-path config)) config) 
+          tf-out)
         (generate-string)
         (spit (domain/output-path config)))))

--- a/src/dda/build/provs/domain.clj
+++ b/src/dda/build/provs/domain.clj
@ -13,18 +13,35 @@
 (s/def ::ipv4 pred/ipv4-string?)
 (s/def ::ipv6 pred/ipv6-string?)
 (s/def ::echo boolean?)
+(s/def ::k3s-auth-input string?)
 (s/def ::k3s-output-filename string?)
 (s/def ::k3s-provision-user pred/bash-env-string?)
+(s/def ::k3s-hcloudApiToken string?)
+(s/def ::k3s-encryptionPassphrase string?)
 (s/def ::config
-  (s/merge ::c4k-d/config 
-           (s/keys :req-un [::email ::echo ::k3s-output-filename ::k3s-provision-user ::fqdn ::ipv4 ::ipv6])))
+  (s/merge ::c4k-d/config
+           (s/keys :req-un [::email ::echo ::k3s-output-filename ::k3s-auth-input ::k3s-provision-user ::fqdn ::ipv4 ::ipv6]
+                   :opt-un [::k3s-hcloudApiToken ::k3s-encryptionPassphrase])))
+
 (s/def ::node
  (s/keys :req-un [::ipv4 ::ipv6]))
 (s/def ::letsencryptEndpoint pred/letsencrypt-issuer?)
 (s/def ::certmanager
  (s/keys :req-un [::email ::letsencryptEndpoint]))
+(s/def ::parameter string?)
+(s/def ::source string?)
+(defn k3s-credential? [input] (s/valid? (s/keys :req-un [::source ::parameter]) input))
+(s/def ::hcloudApiToken k3s-credential?)
+(s/def ::encryptionPassphrase k3s-credential?)
+(s/def ::hetzner (s/keys :req-un [::hcloudApiToken ::encryptionPassphrase]))
 (s/def ::server-config
-  (s/keys :req-un [::fqdn ::node ::certmanager ::echo]))
+  (s/keys :req-un [::fqdn ::node ::certmanager ::echo]
+          :opt-un [::hetzner]))
+
+(defn-spec auth-path string?
+  [config ::config]
+  (let [{:keys [k3s-auth-input]} config]
+    (str (d/build-path config) "/" k3s-auth-input)))

 (defn-spec output-path string?
  [config ::config]
@ -35,19 +52,27 @@
  [config ::config
   tf-out ::td/tf-out]
  (let [{:keys [k3s-output-filename k3s-provision-user]} config
-         fqdn (get-in tf-out [:out :value :fqdn])]
+        fqdn (get-in tf-out [:out :value :fqdn])]
    [["provs-server.jar" "k3s" (str k3s-provision-user "@" fqdn) "-c" (output-path config) "-a" (c4k-d/output-path config)]]))

-(defn-spec create-k3s-config map?
+(defn-spec create-k3s-config ::server-config
  [config ::config
   tf-out ::td/tf-out]
  (let [{:keys [stage email echo]} config
        letsencrypt-endpoint (if (= stage "prod") "prod" "staging")
        values (:value (:out tf-out))
        {:keys [fqdn ipv4 ipv6]} values]
-    {:fqdn fqdn
-     :node {:ipv4 ipv4
-            :ipv6 ipv6}
-     :certmanager {:email email
-                   :letsencryptEndpoint letsencrypt-endpoint}
-     :echo echo}))
+    (merge
+     {:fqdn fqdn
+      :node {:ipv4 ipv4
+             :ipv6 ipv6}
+      :certmanager {:email email
+                    :letsencryptEndpoint letsencrypt-endpoint}
+      :echo echo}
+     (when (and (contains? config :k3s-encryptionPassphrase)
+                (contains? config :k3s-hcloudApiToken))
+       {:hetzner
+        {:hcloudApiToken {:source "PLAIN"
+                          :parameter (:k3s-hcloudApiToken config)}
+         :encryptionPassphrase {:source "PLAIN"
+                                :parameter (:k3s-encryptionPassphrase config)}}}))))
--- a/src/dda/build/terragrunt/domain.clj
+++ b/src/dda/build/terragrunt/domain.clj
@ -13,15 +13,12 @@
 (s/def ::ipv6 pred/ipv6-string?)
 (s/def ::value
  (s/keys :req-un [::fqdn ::ipv4 ::ipv6]))
-
 (s/def ::out
  (s/keys :req-un [::sensitive ::type ::value]))
-
 (s/def ::tf-out
  (s/keys :req-un [::out]))

 (s/def ::tg-output-filenname string?)
-
 (s/def ::config
  (s/merge ::d/devops
           (s/keys :req-un [::tg-output-filenname]
--- a/test/dda/build/provs/domain_test.clj
+++ b/test/dda/build/provs/domain_test.clj
@ -19,9 +19,10 @@
                                    :dry-run false
                                    :c4k-app-name "backup"
                                    :k3s-output-filename "k3s-out.yaml"
+                                    :k3s-auth-input "k3s-auth.edn"
                                    :k3s-provision-user "root"
                                    :c4k-config-input "config.yaml"
-                                    :c4k-auth-input"auth.yaml"
+                                    :c4k-auth-input "auth.yaml"
                                    :c4k-output "out.yaml"
                                    :email "test@test.t"
                                    :echo false
@ -30,3 +31,71 @@
                                    :ipv6 "2a01:4f8:c012:cb41::1"}
                                   {:out {:sensitive false :type [] :value {:fqdn "test.test.de" :ipv4 "127.0.0.1" :ipv6 "::"}}}))))

+(deftest should-create-k3s-config
+  (is (= {:fqdn "cloud.test.meissa.de",
+          :node {:ipv4 "91.107.220.172", :ipv6 "2a01:4f8:c17:86c6::1"},
+          :certmanager {:email "test@test.t", :letsencryptEndpoint "staging"},
+          :echo false,
+          :hetzner
+          {:hcloudApiToken {:source "PLAIN", :parameter "hcloud-token"},
+           :encryptionPassphrase {:source "PLAIN", :parameter "passphrase"}}}
+         (cut/create-k3s-config
+          {:name "dda-backup"
+           :project-root-path "../.."
+           :build-dir-name "target"
+           :version "4.11.8-dev"
+           :stage "dev"
+           :debug false
+           :dry-run false
+           :c4k-app-name "backup"
+           :k3s-output-filename "k3s-out.yaml"
+           :k3s-auth-input "k3s-auth.edn"
+           :k3s-provision-user "root"
+           :k3s-hcloudApiToken "hcloud-token"
+           :k3s-encryptionPassphrase "passphrase"
+           :c4k-config-input "config.yaml"
+           :c4k-auth-input "auth.yaml"
+           :c4k-output "out.yaml"
+           :email "test@test.t"
+           :echo false
+           :fqdn "fq.dn"
+           :ipv4 "1.2.3.4"
+           :ipv6 "2a01:4f8:c012:cb41::1"}
+          {:out
+           {:sensitive false,
+            :type [],
+            :value {:fqdn "cloud.test.meissa.de",
+                    :ipv4 "91.107.220.172",
+                    :ipv6 "2a01:4f8:c17:86c6::1"}}})))
+  (is (= {:fqdn "cloud.test.meissa.de",
+          :node {:ipv4 "91.107.220.172", :ipv6 "2a01:4f8:c17:86c6::1"},
+          :certmanager {:email "test@test.t", :letsencryptEndpoint "staging"},
+          :echo false,}
+         (cut/create-k3s-config
+          {:name "dda-backup"
+           :project-root-path "../.."
+           :build-dir-name "target"
+           :version "4.11.8-dev"
+           :stage "dev"
+           :debug false
+           :dry-run false
+           :c4k-app-name "backup"
+           :k3s-output-filename "k3s-out.yaml"
+           :k3s-auth-input "k3s-auth.edn"
+           :k3s-provision-user "root"
+           :k3s-encryptionPassphrase "passphrase"
+           :c4k-config-input "config.yaml"
+           :c4k-auth-input "auth.yaml"
+           :c4k-output "out.yaml"
+           :email "test@test.t"
+           :echo false
+           :fqdn "fq.dn"
+           :ipv4 "1.2.3.4"
+           :ipv6 "2a01:4f8:c012:cb41::1"}
+          {:out
+           {:sensitive false,
+            :type [],
+            :value {:fqdn "cloud.test.meissa.de",
+                    :ipv4 "91.107.220.172",
+                    :ipv6 "2a01:4f8:c17:86c6::1"}}}))))
+
--- a/test/dda/build/terragrunt/domain_test.clj
+++ b/test/dda/build/terragrunt/domain_test.clj
@ -1,6 +1,7 @@
 (ns dda.build.terragrunt.domain-test
  (:require
   [clojure.test :refer [deftest is are testing run-tests]]
+   [clojure.spec.alpha :as s]
   [clojure.spec.test.alpha :as st]
   [dda.build.terragrunt.domain :as cut]))

@ -94,3 +95,14 @@
                                         :autoapply false
                                         :tg-output-filenname "tg-out.json"}))))

+(deftest should-validate-tf-out
+  (is (s/valid?
+       ::cut/tf-out
+       {:out 
+        {:sensitive false, 
+         :type [], 
+         :value {:fqdn "cloud.test.meissa.de", 
+                 :ipv4 "91.107.220.172", 
+                 :ipv6 "2a01:4f8:c17:86c6::1"}}}
+)))
+