diff --git a/src/dda/build/provs.clj b/src/dda/build/provs.clj
index 0864bf2..5374d8e 100644
--- a/src/dda/build/provs.clj
+++ b/src/dda/build/provs.clj
@@ -5,12 +5,14 @@
[cheshire.core :refer [generate-string]]
[dda.build.c4k :as c4k]
[dda.build.terragrunt :as tg]
+ [dda.build.config :as cfg]
[dda.build.provs.domain :as domain]
[dda.build.infrastructure :as i]))
(def default
(merge c4k/default
- {:k3s-output-filename "out_k3sServerConfig.yaml"
+ {:k3s-output-filename "out_k3sServerConfig.json"
+ :k3s-auth-input "k3s-auth.edn"
:k3s-provision-user "root"
:echo false}))
(s/def ::provs (s/merge ::c4k/c4k
@@ -28,9 +30,10 @@
(defn-spec write-k3s-config! nil?
[devops ::provs
tf-out ::tg/tf-out]
- (let [config (merge default devops)
- tf-out-k3s-config (domain/create-k3s-config config tf-out)]
- (->> tf-out-k3s-config
+ (let [config (merge default devops)]
+ (->> (domain/create-k3s-config
+ (merge (cfg/read-config (domain/auth-path config)) config)
+ tf-out)
(generate-string)
(spit (domain/output-path config)))))
diff --git a/src/dda/build/provs/domain.clj b/src/dda/build/provs/domain.clj
index f2c6d2e..876fdc5 100644
--- a/src/dda/build/provs/domain.clj
+++ b/src/dda/build/provs/domain.clj
@@ -13,18 +13,35 @@
(s/def ::ipv4 pred/ipv4-string?)
(s/def ::ipv6 pred/ipv6-string?)
(s/def ::echo boolean?)
+(s/def ::k3s-auth-input string?)
(s/def ::k3s-output-filename string?)
(s/def ::k3s-provision-user pred/bash-env-string?)
+(s/def ::k3s-hcloudApiToken string?)
+(s/def ::k3s-encryptionPassphrase string?)
(s/def ::config
- (s/merge ::c4k-d/config
- (s/keys :req-un [::email ::echo ::k3s-output-filename ::k3s-provision-user ::fqdn ::ipv4 ::ipv6])))
+ (s/merge ::c4k-d/config
+ (s/keys :req-un [::email ::echo ::k3s-output-filename ::k3s-auth-input ::k3s-provision-user ::fqdn ::ipv4 ::ipv6]
+ :opt-un [::k3s-hcloudApiToken ::k3s-encryptionPassphrase])))
+
(s/def ::node
(s/keys :req-un [::ipv4 ::ipv6]))
(s/def ::letsencryptEndpoint pred/letsencrypt-issuer?)
(s/def ::certmanager
(s/keys :req-un [::email ::letsencryptEndpoint]))
+(s/def ::parameter string?)
+(s/def ::source string?)
+(defn k3s-credential? [input] (s/valid? (s/keys :req-un [::source ::parameter]) input))
+(s/def ::hcloudApiToken k3s-credential?)
+(s/def ::encryptionPassphrase k3s-credential?)
+(s/def ::hetzner (s/keys :req-un [::hcloudApiToken ::encryptionPassphrase]))
(s/def ::server-config
- (s/keys :req-un [::fqdn ::node ::certmanager ::echo]))
+ (s/keys :req-un [::fqdn ::node ::certmanager ::echo]
+ :opt-un [::hetzner]))
+
+(defn-spec auth-path string?
+ [config ::config]
+ (let [{:keys [k3s-auth-input]} config]
+ (str (d/build-path config) "/" k3s-auth-input)))
(defn-spec output-path string?
[config ::config]
@@ -35,19 +52,27 @@
[config ::config
tf-out ::td/tf-out]
(let [{:keys [k3s-output-filename k3s-provision-user]} config
- fqdn (get-in tf-out [:out :value :fqdn])]
+ fqdn (get-in tf-out [:out :value :fqdn])]
[["provs-server.jar" "k3s" (str k3s-provision-user "@" fqdn) "-c" (output-path config) "-a" (c4k-d/output-path config)]]))
-(defn-spec create-k3s-config map?
+(defn-spec create-k3s-config ::server-config
[config ::config
tf-out ::td/tf-out]
(let [{:keys [stage email echo]} config
letsencrypt-endpoint (if (= stage "prod") "prod" "staging")
values (:value (:out tf-out))
{:keys [fqdn ipv4 ipv6]} values]
- {:fqdn fqdn
- :node {:ipv4 ipv4
- :ipv6 ipv6}
- :certmanager {:email email
- :letsencryptEndpoint letsencrypt-endpoint}
- :echo echo}))
+ (merge
+ {:fqdn fqdn
+ :node {:ipv4 ipv4
+ :ipv6 ipv6}
+ :certmanager {:email email
+ :letsencryptEndpoint letsencrypt-endpoint}
+ :echo echo}
+ (when (and (contains? config :k3s-encryptionPassphrase)
+ (contains? config :k3s-hcloudApiToken))
+ {:hetzner
+ {:hcloudApiToken {:source "PLAIN"
+ :parameter (:k3s-hcloudApiToken config)}
+ :encryptionPassphrase {:source "PLAIN"
+ :parameter (:k3s-encryptionPassphrase config)}}}))))
diff --git a/src/dda/build/terragrunt/domain.clj b/src/dda/build/terragrunt/domain.clj
index a157a97..09b8373 100644
--- a/src/dda/build/terragrunt/domain.clj
+++ b/src/dda/build/terragrunt/domain.clj
@@ -13,15 +13,12 @@
(s/def ::ipv6 pred/ipv6-string?)
(s/def ::value
(s/keys :req-un [::fqdn ::ipv4 ::ipv6]))
-
(s/def ::out
(s/keys :req-un [::sensitive ::type ::value]))
-
(s/def ::tf-out
(s/keys :req-un [::out]))
(s/def ::tg-output-filenname string?)
-
(s/def ::config
(s/merge ::d/devops
(s/keys :req-un [::tg-output-filenname]
diff --git a/test/dda/build/provs/domain_test.clj b/test/dda/build/provs/domain_test.clj
index 79680f9..7592256 100644
--- a/test/dda/build/provs/domain_test.clj
+++ b/test/dda/build/provs/domain_test.clj
@@ -19,9 +19,10 @@
:dry-run false
:c4k-app-name "backup"
:k3s-output-filename "k3s-out.yaml"
+ :k3s-auth-input "k3s-auth.edn"
:k3s-provision-user "root"
:c4k-config-input "config.yaml"
- :c4k-auth-input"auth.yaml"
+ :c4k-auth-input "auth.yaml"
:c4k-output "out.yaml"
:email "test@test.t"
:echo false
@@ -30,3 +31,71 @@
:ipv6 "2a01:4f8:c012:cb41::1"}
{:out {:sensitive false :type [] :value {:fqdn "test.test.de" :ipv4 "127.0.0.1" :ipv6 "::"}}}))))
+(deftest should-create-k3s-config
+ (is (= {:fqdn "cloud.test.meissa.de",
+ :node {:ipv4 "91.107.220.172", :ipv6 "2a01:4f8:c17:86c6::1"},
+ :certmanager {:email "test@test.t", :letsencryptEndpoint "staging"},
+ :echo false,
+ :hetzner
+ {:hcloudApiToken {:source "PLAIN", :parameter "hcloud-token"},
+ :encryptionPassphrase {:source "PLAIN", :parameter "passphrase"}}}
+ (cut/create-k3s-config
+ {:name "dda-backup"
+ :project-root-path "../.."
+ :build-dir-name "target"
+ :version "4.11.8-dev"
+ :stage "dev"
+ :debug false
+ :dry-run false
+ :c4k-app-name "backup"
+ :k3s-output-filename "k3s-out.yaml"
+ :k3s-auth-input "k3s-auth.edn"
+ :k3s-provision-user "root"
+ :k3s-hcloudApiToken "hcloud-token"
+ :k3s-encryptionPassphrase "passphrase"
+ :c4k-config-input "config.yaml"
+ :c4k-auth-input "auth.yaml"
+ :c4k-output "out.yaml"
+ :email "test@test.t"
+ :echo false
+ :fqdn "fq.dn"
+ :ipv4 "1.2.3.4"
+ :ipv6 "2a01:4f8:c012:cb41::1"}
+ {:out
+ {:sensitive false,
+ :type [],
+ :value {:fqdn "cloud.test.meissa.de",
+ :ipv4 "91.107.220.172",
+ :ipv6 "2a01:4f8:c17:86c6::1"}}})))
+ (is (= {:fqdn "cloud.test.meissa.de",
+ :node {:ipv4 "91.107.220.172", :ipv6 "2a01:4f8:c17:86c6::1"},
+ :certmanager {:email "test@test.t", :letsencryptEndpoint "staging"},
+ :echo false,}
+ (cut/create-k3s-config
+ {:name "dda-backup"
+ :project-root-path "../.."
+ :build-dir-name "target"
+ :version "4.11.8-dev"
+ :stage "dev"
+ :debug false
+ :dry-run false
+ :c4k-app-name "backup"
+ :k3s-output-filename "k3s-out.yaml"
+ :k3s-auth-input "k3s-auth.edn"
+ :k3s-provision-user "root"
+ :k3s-encryptionPassphrase "passphrase"
+ :c4k-config-input "config.yaml"
+ :c4k-auth-input "auth.yaml"
+ :c4k-output "out.yaml"
+ :email "test@test.t"
+ :echo false
+ :fqdn "fq.dn"
+ :ipv4 "1.2.3.4"
+ :ipv6 "2a01:4f8:c012:cb41::1"}
+ {:out
+ {:sensitive false,
+ :type [],
+ :value {:fqdn "cloud.test.meissa.de",
+ :ipv4 "91.107.220.172",
+ :ipv6 "2a01:4f8:c17:86c6::1"}}}))))
+
diff --git a/test/dda/build/terragrunt/domain_test.clj b/test/dda/build/terragrunt/domain_test.clj
index 5acc88f..32f3e12 100644
--- a/test/dda/build/terragrunt/domain_test.clj
+++ b/test/dda/build/terragrunt/domain_test.clj
@@ -1,6 +1,7 @@
(ns dda.build.terragrunt.domain-test
(:require
[clojure.test :refer [deftest is are testing run-tests]]
+ [clojure.spec.alpha :as s]
[clojure.spec.test.alpha :as st]
[dda.build.terragrunt.domain :as cut]))
@@ -94,3 +95,14 @@
:autoapply false
:tg-output-filenname "tg-out.json"}))))
+(deftest should-validate-tf-out
+ (is (s/valid?
+ ::cut/tf-out
+ {:out
+ {:sensitive false,
+ :type [],
+ :value {:fqdn "cloud.test.meissa.de",
+ :ipv4 "91.107.220.172",
+ :ipv6 "2a01:4f8:c17:86c6::1"}}}
+)))
+