Accueil Explorer Aide
Connexion
akillibulut
/
porter
miroir de https://github.com/porter-dev/porter
2
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: 116f97f061
Branches Tags
porter
/
provisioner
/
server
/
config
/
config.go

config.go 9.0 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271 
  1. package config
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"fmt"
    6. 

  6. 	"log"
    7. 

  7. 	"time"
    8. 

  8. 

  9. 	redis "github.com/go-redis/redis/v8"
    10. 

  10. 

  11. 	"github.com/joeshaw/envdecode"
    12. 

  12. 	"github.com/porter-dev/porter/api/server/shared/apierrors/alerter"
    13. 

  13. 	"github.com/porter-dev/porter/api/server/shared/config/env"
    14. 

  14. 	"github.com/porter-dev/porter/internal/adapter"
    15. 

  15. 	"github.com/porter-dev/porter/internal/analytics"
    16. 

  16. 	"github.com/porter-dev/porter/internal/features"
    17. 

  17. 	"github.com/porter-dev/porter/internal/kubernetes"
    18. 

  18. 	klocal "github.com/porter-dev/porter/internal/kubernetes/local"
    19. 

  19. 	"github.com/porter-dev/porter/internal/oauth"
    20. 

  20. 

  21. 	"github.com/porter-dev/porter/internal/repository"
    22. 

  22. 	"github.com/porter-dev/porter/internal/repository/credentials"
    23. 

  23. 	"github.com/porter-dev/porter/internal/repository/gorm"
    24. 

  24. 	"github.com/porter-dev/porter/pkg/logger"
    25. 

  25. 	"github.com/porter-dev/porter/provisioner/integrations/provisioner"
    26. 

  26. 	"github.com/porter-dev/porter/provisioner/integrations/provisioner/k8s"
    27. 

  27. 	"github.com/porter-dev/porter/provisioner/integrations/provisioner/local"
    28. 

  28. 	"github.com/porter-dev/porter/provisioner/integrations/storage"
    29. 

  29. 	"github.com/porter-dev/porter/provisioner/integrations/storage/s3"
    30. 

  30. 	"golang.org/x/oauth2"
    31. 

  31. 

  32. 	_gorm "gorm.io/gorm"
    33. 

  33. )
    34. 

  34. 

  35. var (
    36. 

  36. 	InstanceCredentialBackend credentials.CredentialStorage
    37. 

  37. 	InstanceEnvConf           *EnvConf
    38. 

  38. )
    39. 

  39. 

  40. func sharedInit() {
    41. 

  41. 	var envDecoderConf EnvDecoderConf = EnvDecoderConf{}
    42. 

  42. 

  43. 	if err := envdecode.StrictDecode(&envDecoderConf); err != nil {
    44. 

  44. 		log.Fatalf("Failed to decode server conf: %s", err)
    45. 

  45. 	}
    46. 

  46. 

  47. 	InstanceEnvConf = &EnvConf{
    48. 

  48. 		ProvisionerConf: &envDecoderConf.ProvisionerConf,
    49. 

  49. 		DBConf:          &envDecoderConf.DBConf,
    50. 

  50. 		RedisConf:       envDecoderConf.RedisConf,
    51. 

  51. 	}
    52. 

  52. }
    53. 

  53. 

  54. type Config struct {
    55. 

  55. 	ProvisionerConf *ProvisionerConf
    56. 

  56. 	DBConf          *env.DBConf
    57. 

  57. 	RedisConf       *env.RedisConf
    58. 

  58. 

  59. 	StorageManager storage.StorageManager
    60. 

  60. 	Repo           repository.Repository
    61. 

  61. 

  62. 	// Logger for logging
    63. 

  63. 	Logger *logger.Logger
    64. 

  64. 

  65. 	// Alerter to send alerts to a third-party aggregator
    66. 

  66. 	Alerter alerter.Alerter
    67. 

  67. 

  68. 	DB *_gorm.DB
    69. 

  69. 

  70. 	// DOConf is the configuration for a DigitalOcean OAuth client
    71. 

  71. 	DOConf *oauth2.Config
    72. 

  72. 

  73. 	// LaunchDarklyClient is the client for the LaunchDarkly feature flag service
    74. 

  74. 	LaunchDarklyClient *features.Client
    75. 

  75. 

  76. 	RedisClient *redis.Client
    77. 

  77. 

  78. 	Provisioner provisioner.Provisioner
    79. 

  79. 

  80. 	// AnalyticsClient if Segment analytics reporting is enabled on the API instance
    81. 

  81. 	AnalyticsClient analytics.AnalyticsSegmentClient
    82. 

  82. }
    83. 

  83. 

  84. // ProvisionerConf is the env var configuration for the provisioner server
    85. 

  85. type ProvisionerConf struct {
    86. 

  86. 	Debug bool `env:"DEBUG,default=false"`
    87. 

  87. 	Port  int  `env:"PROV_PORT,default=8082"`
    88. 

  88. 

  89. 	TimeoutRead  time.Duration `env:"SERVER_TIMEOUT_READ,default=5s"`
    90. 

  90. 	TimeoutWrite time.Duration `env:"SERVER_TIMEOUT_WRITE,default=10s"`
    91. 

  91. 	TimeoutIdle  time.Duration `env:"SERVER_TIMEOUT_IDLE,default=15s"`
    92. 

  92. 

  93. 	StaticAuthToken string `env:"STATIC_AUTH_TOKEN"`
    94. 

  94. 

  95. 	SentryDSN string `env:"SENTRY_DSN"`
    96. 

  96. 	SentryEnv string `env:"SENTRY_ENV,default=dev"`
    97. 

  97. 

  98. 	// Configuration for the S3 storage backend
    99. 

  99. 	S3AWSAccessKeyID string `env:"S3_AWS_ACCESS_KEY_ID"`
    100. 

  100. 	S3AWSSecretKey   string `env:"S3_AWS_SECRET_KEY"`
    101. 

  101. 	S3AWSRegion      string `env:"S3_AWS_REGION"`
    102. 

  102. 	S3BucketName     string `env:"S3_BUCKET_NAME"`
    103. 

  103. 	S3EncryptionKey  string `env:"S3_ENCRYPTION_KEY,default=__random_strong_encryption_key__"`
    104. 

  104. 

  105. 	// Configuration for the digitalocean client
    106. 

  106. 	DOClientID        string `env:"DO_CLIENT_ID"`
    107. 

  107. 	DOClientSecret    string `env:"DO_CLIENT_SECRET"`
    108. 

  108. 	DOClientServerURL string `env:"DO_CLIENT_SERVER_URL"`
    109. 

  109. 

  110. 	// ProvisionerMethod defines the method to use for provisioner: options are "local" or "kubernetes"
    111. 

  111. 	ProvisionerMethod          string `env:"PROVISIONER_METHOD,default=local"`
    112. 

  112. 	ProvisionerBackendURL      string `env:"PROV_BACKEND_URL,default=http://localhost:8082"`
    113. 

  113. 	ProvisionerCredExchangeURL string `env:"PROV_CRED_EXCHANGE_URL,default=http://localhost:8082"`
    114. 

  114. 

  115. 	// Options to configure for the "kubernetes" provisioner method
    116. 

  116. 	ProvisionerCluster         string `env:"PROVISIONER_CLUSTER"`
    117. 

  117. 	SelfKubeconfig             string `env:"SELF_KUBECONFIG"`
    118. 

  118. 	ProvisionerImageRepo       string `env:"PROV_IMAGE_REPO,default=gcr.io/porter-dev-273614/provisioner"`
    119. 

  119. 	ProvisionerImageTag        string `env:"PROV_IMAGE_TAG,default=latest"`
    120. 

  120. 	ProvisionerImagePullSecret string `env:"PROV_IMAGE_PULL_SECRET"`
    121. 

  121. 	ProvisionerJobNamespace    string `env:"PROV_JOB_NAMESPACE,default=default"`
    122. 

  122. 

  123. 	// Options to configure for the "local" provisioner method
    124. 

  124. 	LocalTerraformDirectory string `env:"LOCAL_TERRAFORM_DIRECTORY"`
    125. 

  125. 

  126. 	// Client key for segment to report provisioning events
    127. 

  127. 	SegmentClientKey string `env:"SEGMENT_CLIENT_KEY"`
    128. 

  128. 

  129. 	// FeatureFlagClient controls which client to use (database or launch_darkly)
    130. 

  130. 	FeatureFlagClient string `env:"FEATURE_FLAG_CLIENT,default=launch_darkly"`
    131. 

  131. 

  132. 	// Launch Darkly SDK key
    133. 

  133. 	LaunchDarklySDKKey string `env:"LAUNCHDARKLY_SDK_KEY"`
    134. 

  134. }
    135. 

  135. 

  136. type EnvConf struct {
    137. 

  137. 	*ProvisionerConf
    138. 

  138. 	*env.DBConf
    139. 

  139. 	env.RedisConf
    140. 

  140. }
    141. 

  141. 

  142. type EnvDecoderConf struct {
    143. 

  143. 	ProvisionerConf ProvisionerConf
    144. 

  144. 	DBConf          env.DBConf
    145. 

  145. 	RedisConf       env.RedisConf
    146. 

  146. }
    147. 

  147. 

  148. // FromEnv generates a configuration from environment variables
    149. 

  149. func FromEnv() (*EnvConf, error) {
    150. 

  150. 	return InstanceEnvConf, nil
    151. 

  151. }
    152. 

  152. 

  153. func GetConfig(envConf *EnvConf) (*Config, error) {
    154. 

  154. 	ctx := context.Background()
    155. 

  155. 

  156. 	res := &Config{
    157. 

  157. 		ProvisionerConf: envConf.ProvisionerConf,
    158. 

  158. 		DBConf:          envConf.DBConf,
    159. 

  159. 		RedisConf:       &envConf.RedisConf,
    160. 

  160. 		Logger:          logger.NewConsole(envConf.ProvisionerConf.Debug),
    161. 

  161. 	}
    162. 

  162. 

  163. 	db, err := adapter.New(envConf.DBConf)
    164. 

  164. 	if err != nil {
    165. 

  165. 		return nil, err
    166. 

  166. 	}
    167. 

  167. 

  168. 	res.DB = db
    169. 

  169. 

  170. 	var key [32]byte
    171. 

  171. 

  172. 	for i, b := range []byte(envConf.DBConf.EncryptionKey) {
    173. 

  173. 		key[i] = b
    174. 

  174. 	}
    175. 

  175. 

  176. 	res.Repo = gorm.NewRepository(db, &key, InstanceCredentialBackend)
    177. 

  177. 

  178. 	launchDarklyClient, err := features.GetClient(envConf.FeatureFlagClient, envConf.LaunchDarklySDKKey)
    179. 

  179. 	if err != nil {
    180. 

  180. 		return nil, fmt.Errorf("could not create launch darkly client: %s", err)
    181. 

  181. 	}
    182. 

  182. 	res.LaunchDarklyClient = launchDarklyClient
    183. 

  183. 

  184. 	if envConf.ProvisionerConf.SentryDSN != "" {
    185. 

  185. 		res.Alerter, err = alerter.NewSentryAlerter(envConf.ProvisionerConf.SentryDSN, envConf.ProvisionerConf.SentryEnv)
    186. 

  186. 	}
    187. 

  187. 

  188. 	// load a storage backend; if correct env vars are not set, throw an error
    189. 

  189. 	if envConf.ProvisionerConf.S3AWSAccessKeyID != "" && envConf.ProvisionerConf.S3AWSSecretKey != "" && envConf.ProvisionerConf.S3EncryptionKey != "" {
    190. 

  190. 		var s3Key [32]byte
    191. 

  191. 

  192. 		for i, b := range []byte(envConf.ProvisionerConf.S3EncryptionKey) {
    193. 

  193. 			s3Key[i] = b
    194. 

  194. 		}
    195. 

  195. 

  196. 		res.StorageManager, err = s3.NewS3StorageClient(&s3.S3Options{
    197. 

  197. 			AWSRegion:      envConf.ProvisionerConf.S3AWSRegion,
    198. 

  198. 			AWSAccessKeyID: envConf.ProvisionerConf.S3AWSAccessKeyID,
    199. 

  199. 			AWSSecretKey:   envConf.ProvisionerConf.S3AWSSecretKey,
    200. 

  200. 			AWSBucketName:  envConf.ProvisionerConf.S3BucketName,
    201. 

  201. 			EncryptionKey:  &s3Key,
    202. 

  202. 		})
    203. 

  203. 

  204. 		if err != nil {
    205. 

  205. 			return nil, err
    206. 

  206. 		}
    207. 

  207. 	} else {
    208. 

  208. 		return nil, fmt.Errorf("no storage backend is available")
    209. 

  209. 	}
    210. 

  210. 

  211. 	if envConf.RedisConf.Enabled {
    212. 

  212. 		redis, err := adapter.NewRedisClient(&envConf.RedisConf)
    213. 

  213. 		if err != nil {
    214. 

  214. 			return nil, fmt.Errorf("redis connection failed: %v", err)
    215. 

  215. 		}
    216. 

  216. 

  217. 		res.RedisClient = redis
    218. 

  218. 	} else {
    219. 

  219. 		return nil, fmt.Errorf("no redis client is available")
    220. 

  220. 	}
    221. 

  221. 

  222. 	if envConf.ProvisionerMethod == "local" {
    223. 

  223. 		res.Provisioner = local.NewLocalProvisioner(&local.LocalProvisionerConfig{
    224. 

  224. 			ProvisionerBackendURL:   envConf.ProvisionerBackendURL,
    225. 

  225. 			LocalTerraformDirectory: envConf.LocalTerraformDirectory,
    226. 

  226. 		})
    227. 

  227. 	} else if envConf.ProvisionerMethod == "kubernetes" {
    228. 

  228. 		provAgent, err := getProvisionerAgent(ctx, envConf.ProvisionerConf)
    229. 

  229. 		if err != nil {
    230. 

  230. 			return nil, err
    231. 

  231. 		}
    232. 

  232. 

  233. 		res.Provisioner = k8s.NewKubernetesProvisioner(provAgent.Clientset, &k8s.KubernetesProvisionerConfig{
    234. 

  234. 			ProvisionerImageRepo:       envConf.ProvisionerImageRepo,
    235. 

  235. 			ProvisionerImageTag:        envConf.ProvisionerImageTag,
    236. 

  236. 			ProvisionerImagePullSecret: envConf.ProvisionerImagePullSecret,
    237. 

  237. 			ProvisionerJobNamespace:    envConf.ProvisionerJobNamespace,
    238. 

  238. 			ProvisionerBackendURL:      envConf.ProvisionerBackendURL,
    239. 

  239. 		})
    240. 

  240. 	}
    241. 

  241. 

  242. 	if envConf.ProvisionerConf.DOClientID != "" && envConf.ProvisionerConf.DOClientSecret != "" && envConf.ProvisionerConf.DOClientServerURL != "" {
    243. 

  243. 		res.DOConf = oauth.NewDigitalOceanClient(&oauth.Config{
    244. 

  244. 			ClientID:     envConf.ProvisionerConf.DOClientID,
    245. 

  245. 			ClientSecret: envConf.ProvisionerConf.DOClientSecret,
    246. 

  246. 			Scopes:       []string{"read", "write"},
    247. 

  247. 			BaseURL:      envConf.ProvisionerConf.DOClientServerURL,
    248. 

  248. 		})
    249. 

  249. 	}
    250. 

  250. 

  251. 	res.AnalyticsClient = analytics.InitializeAnalyticsSegmentClient(envConf.ProvisionerConf.SegmentClientKey, res.Logger)
    252. 

  252. 

  253. 	return res, nil
    254. 

  254. }
    255. 

  255. 

  256. func getProvisionerAgent(ctx context.Context, conf *ProvisionerConf) (*kubernetes.Agent, error) {
    257. 

  257. 	if conf.ProvisionerCluster == "kubeconfig" && conf.SelfKubeconfig != "" {
    258. 

  258. 		agent, err := klocal.GetSelfAgentFromFileConfig(conf.SelfKubeconfig)
    259. 

  259. 		if err != nil {
    260. 

  260. 			return nil, fmt.Errorf("could not get in-cluster agent: %v", err)
    261. 

  261. 		}
    262. 

  262. 

  263. 		return agent, nil
    264. 

  264. 	} else if conf.ProvisionerCluster == "kubeconfig" {
    265. 

  265. 		return nil, fmt.Errorf(`"kubeconfig" cluster option requires path to kubeconfig`)
    266. 

  266. 	}
    267. 

  267. 

  268. 	agent, _ := kubernetes.GetAgentInClusterConfig(ctx, conf.ProvisionerJobNamespace)
    269. 

  269. 

  270. 	return agent, nil
    271. 

  271. }
    272.