Merge pull request #2676 from porter-dev/staging

eks enable kms

.github/workflows/porter_preview_env.yml

@@ -0,0 +1,45 @@
+"on":
+  workflow_dispatch:
+    inputs:
+      pr_branch_from:
+        description: Pull request head branch
+        required: true
+        type: string
+      pr_branch_into:
+        description: Pull request base branch
+        required: true
+        type: string
+      pr_number:
+        description: Pull request number
+        required: true
+        type: string
+      pr_title:
+        description: Pull request title
+        required: true
+        type: string
+name: Porter Preview Environment
+jobs:
+  porter-preview:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2.3.4
+    - name: Create Porter preview env
+      timeout-minutes: 30
+      uses: porter-dev/porter-preview-action@v0.2.1
+      with:
+        action_id: ${{ github.run_id }}
+        cluster: "2481"
+        host: https://dashboard.getporter.dev
+        installation_id: "18533943"
+        namespace: pr-${{ github.event.inputs.pr_number }}-porter
+        pr_branch_from: ${{ github.event.inputs.pr_branch_from }}
+        pr_branch_into: ${{ github.event.inputs.pr_branch_into }}
+        pr_id: ${{ github.event.inputs.pr_number }}
+        pr_name: ${{ github.event.inputs.pr_title }}
+        project: "6680"
+        repo_name: porter
+        repo_owner: porter-dev
+        token: ${{ secrets.PORTER_PREVIEW_6680_2481 }}
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.inputs.pr_number }}

.github/workflows/release.yaml

@@ -81,6 +81,7 @@ jobs:
           curl -L https://github.com/porter-dev/porter/releases/download/${version}/porter_${version}_Darwin_x86_64.zip --output $name
 
           sha=$(cat porter_${{steps.tag_name.outputs.tag}}_Darwin_x86_64.zip | openssl sha256 | sed 's/(stdin)= //g')
+          sha=${sha#"SHA256"}
 
           cat >porter.rb <<EOL
           class Porter < Formula

api/server/handlers/environment/finalize_deployment_with_errors.go

@@ -125,7 +125,7 @@ func (c *FinalizeDeploymentWithErrorsHandler) ServeHTTP(w http.ResponseWriter, r
 	var lastErrors []string
 
 	for resName, errString := range request.Errors {
-		lastErrors = append(lastErrors, "%s: %s,", resName, errString)
+		lastErrors = append(lastErrors, fmt.Sprintf("%s: %s", resName, errString))
 	}
 
 	depl.LastErrors = strings.Join(lastErrors, ",")

api/server/handlers/infra/forms.go

@@ -297,7 +297,7 @@ tabs:
           value: "12.7"
         - label: "v12.8"
           value: "12.8"
-          - label: "v12.9"
+        - label: "v12.9"
           value: "12.9"
         - label: "v12.10"
           value: "12.10"

dashboard/src/main/home/cluster-dashboard/expanded-chart/jobs/ConnectToJobInstructionsModal.tsx

@@ -1,5 +1,6 @@
 import Modal from "main/home/modals/Modal";
-import React from "react";
+import React, { useContext } from "react";
+import { Context } from "shared/Context";
 import { ChartType } from "shared/types";
 import styled from "styled-components";
 
@@ -8,6 +9,7 @@ const ConnectToJobInstructionsModal: React.FC<{
   onClose: () => void;
   chartName: string;
 }> = ({ show, chartName, onClose }) => {
+  const { currentCluster, currentProject } = useContext(Context);
   if (!show) {
     return null;
   }
@@ -27,6 +29,13 @@ const ConnectToJobInstructionsModal: React.FC<{
       ).
       <br />
       <br />
+      Run the following commands to set your current project and cluster
+      <Code>
+        porter config set-project {currentProject.id}
+        <br />
+        porter config set-cluster {currentCluster.id}
+      </Code>
+      <br />
       Run the following line of code, and make sure to change the command to
       something your container can run:
       <Code>porter run {chartName || "[APP-NAME]"} -- [COMMAND]</Code>

dashboard/src/main/home/provisioner/AWSFormSection.tsx

@@ -83,6 +83,7 @@ const AWSFormSectionFC: React.FC<PropsType> = (props) => {
   const [selectedInfras, setSelectedInfras] = useState([...provisionOptions]);
   const [buttonStatus, setButtonStatus] = useState("");
   const [provisionConfirmed, setProvisionConfirmed] = useState(false);
+  const [eksUseKms, setEksUseKms] = useState(false);
   // This is added only for tracking purposes
   // With this prop we will track down if the user has had an intent of filling the formulary
   const [isFormDirty, setIsFormDirty] = useState(false);
@@ -217,6 +218,7 @@ const AWSFormSectionFC: React.FC<PropsType> = (props) => {
             cluster_name: clusterName,
             machine_type: awsMachineType,
             issuer_email: context.user.email,
+            is_kms_enabled: eksUseKms,
           },
         },
         { project_id: currentProject.id }
@@ -339,38 +341,6 @@ const AWSFormSectionFC: React.FC<PropsType> = (props) => {
           }}
           label="⚙️ AWS Machine Type"
         />
-        {/*
-        <Helper>
-          Estimated Cost:{" "}
-          <CostHighlight highlight={this.props.highlightCosts}>
-            {`\$${
-              70 + 3 * costMapping[this.state.awsMachineType] + 30
-            }/Month`}
-          </CostHighlight>
-          <Tooltip
-            title={
-              <div
-                style={{
-                  fontFamily: "Work Sans, sans-serif",
-                  fontSize: "12px",
-                  fontWeight: "normal",
-                  padding: "5px 6px",
-                }}
-              >
-                EKS cost: ~$70/month <br />
-                Machine (x3) cost: ~$
-                {`${3 * costMapping[this.state.awsMachineType]}`}/month <br />
-                Networking cost: ~$30/month
-              </div>
-            }
-            placement="top"
-          >
-            <StyledInfoTooltip>
-              <i className="material-icons">help_outline</i>
-            </StyledInfoTooltip>
-          </Tooltip>
-        </Helper>
-        */}
         <InputRow
           type="text"
           value={awsAccessId}
@@ -410,6 +380,14 @@ const AWSFormSectionFC: React.FC<PropsType> = (props) => {
           }}
         />
         {renderClusterNameSection()}
+        <CheckboxRow
+          checked={eksUseKms}
+          toggle={() => {
+            setIsFormDirty(true);
+            setEksUseKms(!eksUseKms);
+          }}
+          label="Enable secret encryption with AWS Key Management Service"
+        />
         <Helper>
           By default, Porter creates a cluster with three t2.medium instances
           (2vCPUs and 4GB RAM each). AWS will bill you for any provisioned

docs/getting-started/aws.md

@@ -1,8 +1,9 @@
 # Quick Installation
+
 Porter runs on a Kubernetes cluster in your own AWS account. You can provision a cluster through Porter by inputting the credentials of your AWS IAM account. You can also delete all resources provided by Porter with one-click.
 
 > 🚧
-> 
+>
 > Quick Installation uses **AdministratorAccess** permissions to set up Porter. You can optionally specify the minimum IAM policies for provisioning a cluster and registry.
 
 <br />
@@ -19,7 +20,7 @@ Porter runs on a Kubernetes cluster in your own AWS account. You can provision a
 
 Optionally, if you don't want to grant Porter **AdministratorAccess**, you can follow these additional steps to configure the minimum required policy **(otherwise, skip to step 3).**
 
-To instead specify the minimum required policy, select **Attach existing policies directly**, and click on **Create Policy**. 
+To instead specify the minimum required policy, select **Attach existing policies directly**, and click on **Create Policy**.
 
 ![Minimum required policy attachment](https://files.readme.io/a1901d1-Screen_Shot_2021-02-16_at_4.55.06_PM.png "Screen Shot 2021-02-16 at 4.55.06 PM.png")
 
@@ -27,156 +28,159 @@ You will be prompted to enter your custom policy. Click on the **JSON** tab.
 
 ![Custom policy JSON](https://files.readme.io/c9b4d96-Screen_Shot_2021-02-16_at_5.00.00_PM.png "Screen Shot 2021-02-16 at 5.00.00 PM.png")
 
-Copy and paste the below JSON to the field. 
+Copy and paste the below JSON to the field.
 
 ```json
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "VisualEditor0",
-            "Effect": "Allow",
-            "Action": [
-                "autoscaling:AttachInstances",
-                "autoscaling:CreateAutoScalingGroup",
-                "autoscaling:CreateLaunchConfiguration",
-                "autoscaling:CreateOrUpdateTags",
-                "autoscaling:DeleteAutoScalingGroup",
-                "autoscaling:DeleteLaunchConfiguration",
-                "autoscaling:DeleteTags",
-                "autoscaling:Describe*",
-                "autoscaling:DetachInstances",
-                "autoscaling:SetDesiredCapacity",
-                "autoscaling:UpdateAutoScalingGroup",
-                "autoscaling:SuspendProcesses",
-                "ec2:AllocateAddress",
-                "ec2:AssignPrivateIpAddresses",
-                "ec2:Associate*",
-                "ec2:AttachInternetGateway",
-                "ec2:AttachNetworkInterface",
-                "ec2:AuthorizeSecurityGroupEgress",
-                "ec2:AuthorizeSecurityGroupIngress",
-                "ec2:CreateDefaultSubnet",
-                "ec2:CreateDhcpOptions",
-                "ec2:CreateEgressOnlyInternetGateway",
-                "ec2:CreateInternetGateway",
-                "ec2:CreateNatGateway",
-                "ec2:CreateNetworkInterface",
-                "ec2:CreateRoute",
-                "ec2:CreateRouteTable",
-                "ec2:CreateSecurityGroup",
-                "ec2:CreateSubnet",
-                "ec2:CreateTags",
-                "ec2:CreateVolume",
-                "ec2:CreateVpc",
-                "ec2:CreateVpcEndpoint",
-                "ec2:DeleteDhcpOptions",
-                "ec2:DeleteEgressOnlyInternetGateway",
-                "ec2:DeleteInternetGateway",
-                "ec2:DeleteNatGateway",
-                "ec2:DeleteNetworkInterface",
-                "ec2:DeleteRoute",
-                "ec2:DeleteRouteTable",
-                "ec2:DeleteSecurityGroup",
-                "ec2:DeleteSubnet",
-                "ec2:DeleteTags",
-                "ec2:DeleteVolume",
-                "ec2:DeleteVpc",
-                "ec2:DeleteVpnGateway",
-                "ec2:Describe*",
-                "ec2:DetachInternetGateway",
-                "ec2:DetachNetworkInterface",
-                "ec2:DetachVolume",
-                "ec2:Disassociate*",
-                "ec2:ModifySubnetAttribute",
-                "ec2:ModifyVpcAttribute",
-                "ec2:ModifyVpcEndpoint",
-                "ec2:ReleaseAddress",
-                "ec2:RevokeSecurityGroupEgress",
-                "ec2:RevokeSecurityGroupIngress",
-                "ec2:UpdateSecurityGroupRuleDescriptionsEgress",
-                "ec2:UpdateSecurityGroupRuleDescriptionsIngress",
-                "ec2:CreateLaunchTemplate",
-                "ec2:CreateLaunchTemplateVersion",
-                "ec2:DeleteLaunchTemplate",
-                "ec2:DeleteLaunchTemplateVersions",
-                "ec2:DescribeLaunchTemplates",
-                "ec2:DescribeLaunchTemplateVersions",
-                "ec2:GetLaunchTemplateData",
-                "ec2:ModifyLaunchTemplate",
-                "ec2:RunInstances",
-                "eks:CreateCluster",
-                "eks:DeleteCluster",
-                "eks:DescribeCluster",
-                "eks:ListClusters",
-                "eks:UpdateClusterConfig",
-                "eks:UpdateClusterVersion",
-                "eks:DescribeUpdate",
-                "eks:TagResource",
-                "eks:UntagResource",
-                "eks:ListTagsForResource",
-                "eks:CreateFargateProfile",
-                "eks:DeleteFargateProfile",
-                "eks:DescribeFargateProfile",
-                "eks:ListFargateProfiles",
-                "eks:CreateNodegroup",
-                "eks:DeleteNodegroup",
-                "eks:DescribeNodegroup",
-                "eks:ListNodegroups",
-                "eks:UpdateNodegroupConfig",
-                "eks:UpdateNodegroupVersion",
-                "iam:AddRoleToInstanceProfile",
-                "iam:AttachRolePolicy",
-                "iam:CreateInstanceProfile",
-                "iam:CreateOpenIDConnectProvider",
-                "iam:CreateServiceLinkedRole",
-                "iam:CreatePolicy",
-                "iam:CreatePolicyVersion",
-                "iam:CreateRole",
-                "iam:DeleteInstanceProfile",
-                "iam:DeleteOpenIDConnectProvider",
-                "iam:DeletePolicy",
-                "iam:DeletePolicyVersion",
-                "iam:DeleteRole",
-                "iam:DeleteRolePolicy",
-                "iam:DeleteServiceLinkedRole",
-                "iam:DetachRolePolicy",
-                "iam:GetInstanceProfile",
-                "iam:GetOpenIDConnectProvider",
-                "iam:GetPolicy",
-                "iam:GetPolicyVersion",
-                "iam:GetRole",
-                "iam:GetRolePolicy",
-                "iam:List*",
-                "iam:PassRole",
-                "iam:PutRolePolicy",
-                "iam:RemoveRoleFromInstanceProfile",
-                "iam:TagOpenIDConnectProvider",
-                "iam:TagRole",
-                "iam:UntagRole",
-                "iam:UpdateAssumeRolePolicy",
-                "logs:CreateLogGroup",
-                "logs:DescribeLogGroups",
-                "logs:DeleteLogGroup",
-                "logs:ListTagsLogGroup",
-                "logs:PutRetentionPolicy",
-                "kms:CreateAlias",
-                "kms:CreateGrant",
-                "kms:CreateKey",
-                "kms:DeleteAlias",
-                "kms:DescribeKey",
-                "kms:GetKeyPolicy",
-                "kms:GetKeyRotationStatus",
-                "kms:ListAliases",
-                "kms:ListResourceTags",
-                "kms:ScheduleKeyDeletion"
-            ],
-            "Resource": "*"
-        }
-    ]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "VisualEditor0",
+      "Effect": "Allow",
+      "Action": [
+        "autoscaling:AttachInstances",
+        "autoscaling:CreateAutoScalingGroup",
+        "autoscaling:CreateLaunchConfiguration",
+        "autoscaling:CreateOrUpdateTags",
+        "autoscaling:DeleteAutoScalingGroup",
+        "autoscaling:DeleteLaunchConfiguration",
+        "autoscaling:DeleteTags",
+        "autoscaling:Describe*",
+        "autoscaling:DetachInstances",
+        "autoscaling:SetDesiredCapacity",
+        "autoscaling:UpdateAutoScalingGroup",
+        "autoscaling:SuspendProcesses",
+        "ec2:AllocateAddress",
+        "ec2:AssignPrivateIpAddresses",
+        "ec2:Associate*",
+        "ec2:AttachInternetGateway",
+        "ec2:AttachNetworkInterface",
+        "ec2:AuthorizeSecurityGroupEgress",
+        "ec2:AuthorizeSecurityGroupIngress",
+        "ec2:CreateDefaultSubnet",
+        "ec2:CreateDhcpOptions",
+        "ec2:CreateEgressOnlyInternetGateway",
+        "ec2:CreateInternetGateway",
+        "ec2:CreateNatGateway",
+        "ec2:CreateNetworkInterface",
+        "ec2:CreateRoute",
+        "ec2:CreateRouteTable",
+        "ec2:CreateSecurityGroup",
+        "ec2:CreateSubnet",
+        "ec2:CreateTags",
+        "ec2:CreateVolume",
+        "ec2:CreateVpc",
+        "ec2:CreateVpcEndpoint",
+        "ec2:DeleteDhcpOptions",
+        "ec2:DeleteEgressOnlyInternetGateway",
+        "ec2:DeleteInternetGateway",
+        "ec2:DeleteNatGateway",
+        "ec2:DeleteNetworkInterface",
+        "ec2:DeleteRoute",
+        "ec2:DeleteRouteTable",
+        "ec2:DeleteSecurityGroup",
+        "ec2:DeleteSubnet",
+        "ec2:DeleteTags",
+        "ec2:DeleteVolume",
+        "ec2:DeleteVpc",
+        "ec2:DeleteVpnGateway",
+        "ec2:Describe*",
+        "ec2:DetachInternetGateway",
+        "ec2:DetachNetworkInterface",
+        "ec2:DetachVolume",
+        "ec2:Disassociate*",
+        "ec2:ModifySubnetAttribute",
+        "ec2:ModifyVpcAttribute",
+        "ec2:ModifyVpcEndpoint",
+        "ec2:ReleaseAddress",
+        "ec2:RevokeSecurityGroupEgress",
+        "ec2:RevokeSecurityGroupIngress",
+        "ec2:UpdateSecurityGroupRuleDescriptionsEgress",
+        "ec2:UpdateSecurityGroupRuleDescriptionsIngress",
+        "ec2:CreateLaunchTemplate",
+        "ec2:CreateLaunchTemplateVersion",
+        "ec2:DeleteLaunchTemplate",
+        "ec2:DeleteLaunchTemplateVersions",
+        "ec2:DescribeLaunchTemplates",
+        "ec2:DescribeLaunchTemplateVersions",
+        "ec2:GetLaunchTemplateData",
+        "ec2:ModifyLaunchTemplate",
+        "ec2:RunInstances",
+        "eks:CreateCluster",
+        "eks:DeleteCluster",
+        "eks:DescribeCluster",
+        "eks:ListClusters",
+        "eks:UpdateClusterConfig",
+        "eks:UpdateClusterVersion",
+        "eks:DescribeUpdate",
+        "eks:TagResource",
+        "eks:UntagResource",
+        "eks:ListTagsForResource",
+        "eks:CreateFargateProfile",
+        "eks:DeleteFargateProfile",
+        "eks:DescribeFargateProfile",
+        "eks:ListFargateProfiles",
+        "eks:CreateNodegroup",
+        "eks:DeleteNodegroup",
+        "eks:DescribeNodegroup",
+        "eks:ListNodegroups",
+        "eks:UpdateNodegroupConfig",
+        "eks:UpdateNodegroupVersion",
+        "iam:AddRoleToInstanceProfile",
+        "iam:AttachRolePolicy",
+        "iam:CreateInstanceProfile",
+        "iam:CreateOpenIDConnectProvider",
+        "iam:CreateServiceLinkedRole",
+        "iam:CreatePolicy",
+        "iam:CreatePolicyVersion",
+        "iam:CreateRole",
+        "iam:DeleteInstanceProfile",
+        "iam:DeleteOpenIDConnectProvider",
+        "iam:DeletePolicy",
+        "iam:DeletePolicyVersion",
+        "iam:DeleteRole",
+        "iam:DeleteRolePolicy",
+        "iam:DeleteServiceLinkedRole",
+        "iam:DetachRolePolicy",
+        "iam:GetInstanceProfile",
+        "iam:GetOpenIDConnectProvider",
+        "iam:GetPolicy",
+        "iam:GetPolicyVersion",
+        "iam:GetRole",
+        "iam:GetRolePolicy",
+        "iam:List*",
+        "iam:PassRole",
+        "iam:PutRolePolicy",
+        "iam:RemoveRoleFromInstanceProfile",
+        "iam:TagOpenIDConnectProvider",
+        "iam:TagRole",
+        "iam:UntagRole",
+        "iam:UpdateAssumeRolePolicy",
+        "logs:CreateLogGroup",
+        "logs:DescribeLogGroups",
+        "logs:DeleteLogGroup",
+        "logs:ListTagsLogGroup",
+        "logs:PutRetentionPolicy",
+        "kms:CreateAlias",
+        "kms:CreateGrant",
+        "kms:CreateKey",
+        "kms:DeleteAlias",
+        "kms:DescribeKey",
+        "kms:GetKeyPolicy",
+        "kms:GetKeyRotationStatus",
+        "kms:Get*",
+        "kms:ListAliases",
+        "kms:ListResourceTags",
+        "kms:ScheduleKeyDeletion"
+      ],
+      "Resource": "*"
+    }
+  ]
 }
 ```
 
+Note: `kms:Get*` is only required if you have enabled KMS secret encryption whilst creating the cluster
+
 Click on **Create a Policy** and give it a name to create a custom policy.
 
 Once you've created the custom policy, attach this policy to your IAM user along with the `AmazonEC2ContainerRegistryFullAccess` policy. Permission policies for your IAM user should look like the image below. In this example, the custom policy has been named **porter-minimum-permissions**.
@@ -200,7 +204,7 @@ After clicking **Create Project** from Porter, installation will begin automatic
 # Deleting Provisioned Resources
 
 > 🚧 AWS Deletion Instability
-> 
+>
 > Deleting resources on AWS via Porter may result in dangling resources. After clicking delete, please make sure to check your AWS console to see if all resources have properly been removed. You can remove any dangling resources via either the AWS console or the CLI.
 
 Because it is difficult to keep track of all the resources created by Porter, we recommend that you delete all provisioned resources through Porter. This will ensure that you do not get charged on AWS for lingering resources.
@@ -209,9 +213,9 @@ To delete resources, click on **Cluster Settings** from the **Cluster Dashboard*
 
 ![Delete cluster](https://files.readme.io/c1ed31a-Screen_Shot_2021-01-09_at_2.59.49_PM.png "Screen Shot 2021-01-09 at 2.59.49 PM.png")
 
-Click **Delete Cluster** to remove the cluster from Porter and delete resources in your AWS console. It may take up to 30 minutes for these resources to be deleted from your AWS console. 
+Click **Delete Cluster** to remove the cluster from Porter and delete resources in your AWS console. It may take up to 30 minutes for these resources to be deleted from your AWS console.
 
-**Note that you can only delete cluster resources that have been provisioned via Porter.** 
+**Note that you can only delete cluster resources that have been provisioned via Porter.**
 
 ![Delete cluster confirmation](https://files.readme.io/a7b36fc-Screen_Shot_2021-01-09_at_3.02.07_PM.png "Screen Shot 2021-01-09 at 3.02.07 PM.png")
 

porter.yaml

@@ -0,0 +1,30 @@
+version: v2beta1
+
+builds:
+- name: porter
+  method: docker
+  dockerfile: ./docker/Dockerfile
+  env:
+    raw: {}
+    import_from:
+      - default/base-env
+
+apps:
+- name: porter-dashboard
+  depends_on:
+    - postgres
+  helm_chart:
+    name: web
+  build_ref: porter
+  helm_values: # refer https://github.com/porter-dev/porter-charts/blob/master/applications/web/values.yaml
+    container:
+      command: 
+    resources:
+      requests:
+        cpu: 400m
+        memory: 512Mi
+
+addons:
+- name: postgres
+  helm_chart:
+    name: postgres

services/cli_install_script_container/install.sh

@@ -14,12 +14,9 @@ download_and_install() {
 
     echo "[INFO] Since the Porter CLI gets installed in /usr/local/bin, you may be asked to input your password."
 
-    name=$(curl -s https://api.github.com/repos/porter-dev/porter/releases/latest | grep "browser_download_url.*/porter_.*_${osname}_x86_64\.zip" | cut -d ":" -f 2,3 | tr -d \")
-    name=$(basename $name)
-
-    curl -L https://github.com/porter-dev/porter/releases/latest/download/$name --output $name
-    unzip -a $name
-    rm $name
+    curl -L $(curl -s https://api.github.com/repos/porter-dev/porter/releases/latest | grep "browser_download_url.*/porter_.*_${osname}_x86_64\.zip" | cut -d ":" -f 2,3 | tr -d \") --output porter.zip
+    unzip -a porter.zip
+    rm porter.zip
 
     chmod +x ./porter
     sudo mv ./porter /usr/local/bin/porter