CH-184 aliases implementation

Author: filippomc

deployment-configuration/helm/templates/auto-gatekeepers.yaml

@@ -14,9 +14,9 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: "{{ .app.harness.service.name }}-gk"
+  name: "{{ .subdomain }}-gk"
   labels:
-    app: "{{ .app.harness.service.name }}-gk"
+    app: "{{ .subdomain }}-gk"
 data:
   proxy.yml: |-
     verbose: {{ .root.Values.debug }}
@@ -37,7 +37,7 @@ data:
     http-only-cookie: false
     tls-cert:
     tls-private-key:
-    redirection-url: {{ ternary "https" "http" $tls }}://{{ .app.harness.subdomain }}.{{ .root.Values.domain }}
+    redirection-url: {{ ternary "https" "http" $tls }}://{{ .subdomain }}.{{ .root.Values.domain }}
     encryption-key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j
     upstream-url: http://{{ .app.harness.service.name }}.{{ .app.namespace | default .root.Release.Namespace }}:{{ .app.harness.service.port | default 80}}
     {{ if .app.harness.secured }}
@@ -50,6 +50,18 @@ data:
     skip-openid-provider-tls-verify: true
     skip-upstream-tls-verify: true
     {{- end }}
+    cors-origins:
+    - {{ (printf "*.%s" .root.Values.domain) | quote }}
+    cors-methods:
+    - GET
+    - POST
+    - PUT
+    - DELETE
+    - PATCH
+    cors-headers:
+    - Authorization
+    - Content-Type
+    - Origin
   cacert.crt: {{ .files.Get "resources/certs/cacert.crt" | quote }}
   access-denied.html.tmpl: |-
     <!DOCTYPE html>
@@ -79,47 +91,46 @@ data:
               <h2 class="message">403 Permission Denied</h2>
               <div class="error-details">
                 Sorry, you do not have access to this page, please contact your administrator.
-                If you have been assigned new authorizations, try to refresh the page or to <a href="/oauth/logout?redirect=/">login again</a>.
+                If you are authorized to see this page, please try <a href="/">reload</a> or <a href="/oauth/logout?redirect=/">login again</a>.
               </div>
             </div>
           </div>
         </div>
     </div>
-
     </body>
     </html>
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: "{{ .app.harness.service.name }}-gk"
+  name: "{{ .subdomain }}-gk"
   labels:
-    app: "{{ .app.harness.service.name }}-gk"
+    app: "{{ .subdomain  }}-gk"
 spec:
   ports:
   - name: http
     port: 8080
   selector:
-    app: "{{ .app.harness.service.name }}-gk"
+    app: "{{ .subdomain  }}-gk"
   type: ClusterIP
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: "{{ .app.harness.service.name }}-gk"
+  name: "{{ .subdomain  }}-gk"
   labels:
-    app: "{{ .app.harness.service.name }}-gk"
+    app: "{{ .subdomain  }}-gk"
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: "{{ .app.harness.service.name }}-gk"
+      app: "{{ .subdomain  }}-gk"
   template:
     metadata:
       annotations:
         checksum/config: {{ .app.harness.uri_role_mapping | toString | sha256sum }}
       labels:
-        app: "{{ .app.harness.service.name }}-gk"
+        app: "{{ .subdomain  }}-gk"
     spec:
 {{ include "deploy_utils.etcHosts" .root | indent 6 }}
       containers:
@@ -135,13 +146,13 @@ spec:
         - name: PROXY_CONFIG_FILE
           value: /opt/proxy.yml
         volumeMounts:
-        - name: "{{ .app.harness.service.name }}-gk-proxy-config"
+        - name: "{{ .subdomain  }}-gk-proxy-config"
           mountPath: /opt/proxy.yml
           subPath: proxy.yml
-        - name: "{{ .app.harness.service.name }}-gk-proxy-config"
+        - name: "{{ .subdomain  }}-gk-proxy-config"
           mountPath: /etc/pki/ca-trust/source/anchors/cacert.crt
           subPath: cacert.crt
-        - name: "{{ .app.harness.service.name }}-gk-proxy-config"
+        - name: "{{ .subdomain }}-gk-proxy-config"
           mountPath: /templates/access-denied.html.tmpl
           subPath: access-denied.html.tmpl
         ports:
@@ -152,23 +163,28 @@ spec:
         resources:
           requests:
             memory: "32Mi"
-            cpu: "50m"
+            cpu: "5m"
           limits:
             memory: "64Mi"
             cpu: "100m"
       volumes:
-      - name: "{{ .app.harness.service.name }}-gk-proxy-config"
+      - name: "{{ .subdomain  }}-gk-proxy-config"
         configMap:
-          name: "{{ .app.harness.service.name }}-gk"
+          name: "{{ .subdomain  }}-gk"
 ---
 {{- end }}
 {{- if .Values.secured_gatekeepers }}
 {{ $files := .Files }}
 {{- range $app := .Values.apps }}
   {{- if and (hasKey $app "port") ($app.harness.secured)   }}
 ---
-    {{ include "deploy_utils.securedservice" (dict "root" $ "app" $app "files" $files) }}
+    {{ include "deploy_utils.securedservice" (dict "root" $ "app" $app "files" $files "subdomain" $app.harness.subdomain) }}
+  {{- end }}
+  {{- if $app.harness.aliases }}
+    {{- range $subdomain := $app.harness.aliases }}
+      {{ include "deploy_utils.securedservice" (dict "root" $ "app" $app "files" $files "subdomain" $subdomain ) }}
     {{- end }}
+  {{- end }}
   {{- range $subapp := $app }}
   {{- if contains "map" (typeOf $subapp)  }}
     {{- if and (hasKey $subapp "harness.port") (hasKey $subapp "harness.secured") }}
@@ -180,4 +196,4 @@ spec:
   {{- end }}
   {{- end }}
  {{- end }}
-{{- end }}
+{{- end }}

deployment-configuration/helm/templates/ingress.yaml

@@ -7,7 +7,7 @@
         pathType: ImplementationSpecific
         backend:
           service:
-            name: {{ .app.harness.service.name }}{{- if (and .app.harness.secured $secured_gatekeepers) }}-gk{{- end }}
+            name: {{ if (and .app.harness.secured $secured_gatekeepers) }}{{ printf "%s-gk" .subdomain }}{{ else }}{{ .app.harness.service.name | quote }}{{ end }}
             port:
               number: {{- if (and .app.harness.secured $secured_gatekeepers) }} 8080 {{- else }} {{ .app.harness.service.port | default 80  }}{{- end }}
 {{- end }}
@@ -52,32 +52,32 @@ spec:
   {{- range $app := .Values.apps }}
     {{- if (and $mainapp (and $app.harness.name (eq $app.harness.name $mainapp))) }}
   - host: {{ $domain | quote }}
-    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $app) }}
+    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $app "subdomain" $app.harness.subdomain) }}
       {{- range $service := $app.harness.use_services }}
       {{ include "deploy_utils.ingress.service" (dict "root" $ "service_name" $service.name) }}
       {{- end }}
     {{- end }}
     {{- if $app.harness.domain }}
   - host: {{ $app.harness.domain | quote }}
-    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $app) }}
+    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $app "subdomain" $app.harness.subdomain ) }}
     {{- end }}
     {{- if $app.harness.aliases }}
     {{- range $alias := $app.harness.aliases }}
   - host: {{ printf "%s.%s" $alias $domain | quote }}
-    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $app) }}
+    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $app  "subdomain" $alias) }}
       {{- end }}
     {{- end }}
     {{- if $app.harness.subdomain }}
   - host: {{ printf "%s.%s" $app.harness.subdomain $domain | quote }}
-    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $app) }}
+    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $app  "subdomain" $app.harness.subdomain) }}
     {{- range $service := $app.harness.use_services }}
       {{ include "deploy_utils.ingress.service" (dict "root" $ "service_name" $service.name) }}
     {{- end }}
       {{- range $subapp := $app }}
         {{- if contains "map" (typeOf $subapp)  }}
           {{- if and $subapp (hasKey $subapp "harness.subdomain") }}
   - host: {{ printf "%s.%s.%s" $subapp.harness.subdomain $app.harness.subdomain $domain | quote }}
-    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $subapp) }}
+    {{ include "deploy_utils.ingress.http" (dict "root" $ "app" $subapp "subdomain" (printf "%s.%s" $subapp.harness.subdomain $app.harness.subdomain)) }}
           {{- end }}
        {{- end }}
       {{- end }}
@@ -96,6 +96,11 @@ spec:
       - {{ $app.harness.domain | quote }}
         {{- end }}
         {{- end }}
+        {{- if $app.harness.aliases }}
+          {{- range $subdomain := $app.harness.aliases }}
+      - {{ printf "%s.%s" $subdomain $domain | quote }}
+          {{- end }}
+        {{- end }}
       {{- end }}
       {{- if $mainapp }}
       - {{ $domain | quote }}

deployment/codefresh-test.yaml

@@ -470,7 +470,7 @@ steps:
     - kubectl config set-context --current --namespace=test-${{NAMESPACE_BASENAME}}
     - kubectl rollout status deployment/accounts
     - kubectl rollout status deployment/volumemanager
-    - kubectl rollout status deployment/argo-server-gk
+    - kubectl rollout status deployment/argo-gk
     - kubectl rollout status deployment/samples
     - kubectl rollout status deployment/samples-gk
     - kubectl rollout status deployment/common
@@ -485,6 +485,18 @@ steps:
     commands:
     - echo $APP_NAME
     scale:
+      volumemanager_api_test:
+        title: volumemanager api test
+        volumes:
+        - '${{CF_REPO_NAME}}/applications/volumemanager:/home/test'
+        - '${{CF_REPO_NAME}}/deployment/helm/values.yaml:/opt/cloudharness/resources/allvalues.yaml'
+        environment:
+        - APP_URL=https://volumemanager.${{DOMAIN}}/api
+        - USERNAME=volumes@testuser.com
+        - PASSWORD=test
+        commands:
+        - st --pre-run cloudharness_test.apitest_init run api/openapi.yaml --base-url
+          https://volumemanager.${{DOMAIN}}/api -c all
       samples_api_test:
         title: samples api test
         volumes:

tools/deployment-cli-tools/ch_cli_tools/codefresh.py

@@ -342,7 +342,7 @@ def add_unit_test_step(app_config: ApplicationHarnessConfig):
                     ROLLOUT_CMD_TPL % app.deployment.name)
             if app.secured and helm_values.secured_gatekeepers:
                 rollout_commands.append(
-                    ROLLOUT_CMD_TPL % app.service.name + "-gk")
+                    ROLLOUT_CMD_TPL % app.subdomain + "-gk")
         # some time to the certificates to settle
         rollout_commands.append("sleep 60")