Skip to content

Commit

Permalink
add pipeline steps for cert generation, logaccounts and rp registrati…
Browse files Browse the repository at this point in the history 
…on (#1369)

the pipeline schema has been enhanced to cover the new step types supported by the EV2RA generator.
the templatize template runner is now not requiring a dummy implementation for such steps and simply ignores them.

Signed-off-by: Gerd Oberlechner <goberlec@redhat.com>
  • Loading branch information
@geoberle
geoberle authored Feb 20, 2025
1 parent 2a122eb commit ad2bfdb
Show file tree
Hide file tree
Showing 5 changed files with 240 additions and 28 deletions.
143 changes: 140 additions & 3 deletions tooling/templatize/pkg/pipeline/pipeline.schema.v1.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,19 @@
"title": "pipeline.schema.v1",
"type": "object",
"definitions": {
"staticVariableValue": {
"oneOf": [
{
"type": "string"
},
{
"type": "array",
"items": {
"type": "string"
}
}
]
},
"variableRef": {
"type": "object",
"properties": {
Expand All @@ -26,7 +39,7 @@
"type": "string"
},
"value": {
"type": "string"
"$ref": "#/definitions/staticVariableValue"
}
},
"oneOf": [
Expand Down Expand Up @@ -73,7 +86,7 @@
"type": "string"
},
"value": {
"type": "string"
"$ref": "#/definitions/staticVariableValue"
}
},
"oneOf": [
Expand Down Expand Up @@ -130,7 +143,7 @@
},
"action": {
"type": "string",
"enum": ["ARM", "Shell", "DelegateChildZone", "SetCertificateIssuer"]
"enum": ["ARM", "Shell", "DelegateChildZone", "SetCertificateIssuer", "CreateCertificate", "ResourceProviderRegistration", "LogsAccount"]
},
"template": {
"type": "string"
Expand Down Expand Up @@ -163,6 +176,15 @@
"vaultBaseUrl": {
"$ref": "#/definitions/variableRef"
},
"certificateName": {
"$ref": "#/definitions/variableRef"
},
"contentType": {
"$ref": "#/definitions/variableRef"
},
"san": {
"$ref": "#/definitions/variableRef"
},
"issuer": {
"$ref": "#/definitions/variableRef"
},
Expand All @@ -172,6 +194,21 @@
"childZone": {
"$ref": "#/definitions/variableRef"
},
"subscriptionId": {
"$ref": "#/definitions/variableRef"
},
"resourceProviderNamespaces": {
"$ref": "#/definitions/variableRef"
},
"namespace": {
"$ref": "#/definitions/variableRef"
},
"certsan": {
"$ref": "#/definitions/variableRef"
},
"certdescription": {
"$ref": "#/definitions/variableRef"
},
"outputOnly": {
"type": "boolean"
}
Expand Down Expand Up @@ -319,6 +356,106 @@
"vaultBaseUrl",
"issuer"
]
},
{
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"action": {
"type": "string",
"enum": ["CreateCertificate"]
},
"vaultBaseUrl": {
"$ref": "#/definitions/variableRef"
},
"certificateName": {
"$ref": "#/definitions/variableRef"
},
"contentType": {
"$ref": "#/definitions/variableRef"
},
"san": {
"$ref": "#/definitions/variableRef"
},
"issuer": {
"$ref": "#/definitions/variableRef"
},
"dependsOn": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"vaultBaseUrl",
"certificateName",
"contentType",
"san",
"issuer"
]
},
{
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"action": {
"type": "string",
"enum": ["ResourceProviderRegistration"]
},
"resourceProviderNamespaces": {
"$ref": "#/definitions/variableRef"
},
"dependsOn": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"resourceProviderNamespaces"
]
},
{
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"action": {
"type": "string",
"enum": ["LogsAccount"]
},
"subscriptionId": {
"$ref": "#/definitions/variableRef"
},
"namespace": {
"$ref": "#/definitions/variableRef"
},
"certsan": {
"$ref": "#/definitions/variableRef"
},
"certdescription": {
"$ref": "#/definitions/variableRef"
},
"dependsOn": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [
"subscriptionId",
"namespace",
"certsan",
"certdescription"
]
}
],
"required": [
Expand Down
25 changes: 5 additions & 20 deletions tooling/templatize/pkg/pipeline/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,8 @@ func NewPlainPipelineFromBytes(filepath string, bytes []byte) (*Pipeline, error)
rg.Steps[i] = &ShellStep{}
case "ARM":
rg.Steps[i] = &ARMStep{}
case "DelegateChildZone":
rg.Steps[i] = &DelegateChildZoneStep{}
case "SetCertificateIssuer":
rg.Steps[i] = &SetCertificateIssuerStep{}
default:
return nil, fmt.Errorf("unknown action type %s", stepMeta.Action)
rg.Steps[i] = &GenericStep{}
}
err = mapToStruct(rawStep, rg.Steps[i])
if err != nil {
Expand Down Expand Up @@ -207,23 +203,12 @@ func (s *ARMStep) Description() string {
return fmt.Sprintf("Step %s\n Kind: %s\n %s", s.Name, s.Action, strings.Join(details, "\n "))
}

type DelegateChildZoneStep struct {
StepMeta `yaml:",inline"`
ParentZoneName VariableRef `yaml:"parentZone"`
ChildZoneName VariableRef `yaml:"childZone"`
type GenericStep struct {
StepMeta `yaml:",inline"`
Body map[string]any `yaml:",inline"`
}

func (s *DelegateChildZoneStep) Description() string {
return fmt.Sprintf("Step %s\n Kind: %s", s.Name, s.Action)
}

type SetCertificateIssuerStep struct {
StepMeta `yaml:",inline"`
VaultBaseUrl VariableRef `yaml:"vaultBaseUrl"`
Issuer VariableRef `yaml:"issuer"`
}

func (s *SetCertificateIssuerStep) Description() string {
func (s *GenericStep) Description() string {
return fmt.Sprintf("Step %s\n Kind: %s", s.Name, s.Action)
}

Expand Down
30 changes: 30 additions & 0 deletions tooling/templatize/testdata/pipeline.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,33 @@ resourceGroups:
value: provider
dependsOn:
- deploy
- name: cert
action: CreateCertificate
vaultBaseUrl:
value: https://arohcp-svc-ln.vault.azure.net
certificateName:
value: hcp-mdsd
contentType:
value: x-pem-file # GCS certificate file in PEM format
san:
value: hcp-mdsd.geneva.keyvault.aro-int.azure.com
issuer:
value: OneCertV2-PrivateCA
- name: rpRegistration
action: ResourceProviderRegistration
resourceProviderNamespaces:
value:
- Microsoft.Storage
- Microsoft.EventHub
- Microsoft.Insights
- name: clusterAccount
action: LogsAccount
subscriptionId:
value:
- abc
namespace:
value: HCPManagementLogs
certsan:
value: MGMT.GENEVA.KEYVAULT.ARO-HCP-INT.AZURE.COM
certdescription:
value: HCP Management Cluster
40 changes: 35 additions & 5 deletions tooling/templatize/testdata/zz_fixture_TestProcessPipelineForEV2pipeline.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,25 +27,55 @@ resourceGroups:
action: DelegateChildZone
dependsOn:
- deploy
parentZone:
configRef: parentZone
childZone:
configRef: childZone
parentZone:
configRef: parentZone
- name: issuerTest
action: SetCertificateIssuer
dependsOn:
- deploy
vaultBaseUrl:
configRef: vaultBaseUrl
issuer:
configRef: provider
vaultBaseUrl:
configRef: vaultBaseUrl
- name: issuerTestOutputChaining
action: SetCertificateIssuer
dependsOn:
- deploy
issuer:
value: provider
vaultBaseUrl:
input:
name: kvUrl
step: deploy
- name: cert
action: CreateCertificate
certificateName:
value: hcp-mdsd
contentType:
value: x-pem-file
issuer:
value: provider
value: OneCertV2-PrivateCA
san:
value: hcp-mdsd.geneva.keyvault.aro-int.azure.com
vaultBaseUrl:
value: https://arohcp-svc-ln.vault.azure.net
- name: rpRegistration
action: ResourceProviderRegistration
resourceProviderNamespaces:
value:
- Microsoft.Storage
- Microsoft.EventHub
- Microsoft.Insights
- name: clusterAccount
action: LogsAccount
certdescription:
value: HCP Management Cluster
certsan:
value: MGMT.GENEVA.KEYVAULT.ARO-HCP-INT.AZURE.COM
namespace:
value: HCPManagementLogs
subscriptionId:
value:
- abc
30 changes: 30 additions & 0 deletions tooling/templatize/testdata/zz_fixture_TestRawOptions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,33 @@ resourceGroups:
value: provider
dependsOn:
- deploy
- name: cert
action: CreateCertificate
vaultBaseUrl:
value: https://arohcp-svc-ln.vault.azure.net
certificateName:
value: hcp-mdsd
contentType:
value: x-pem-file # GCS certificate file in PEM format
san:
value: hcp-mdsd.geneva.keyvault.aro-int.azure.com
issuer:
value: OneCertV2-PrivateCA
- name: rpRegistration
action: ResourceProviderRegistration
resourceProviderNamespaces:
value:
- Microsoft.Storage
- Microsoft.EventHub
- Microsoft.Insights
- name: clusterAccount
action: LogsAccount
subscriptionId:
value:
- abc
namespace:
value: HCPManagementLogs
certsan:
value: MGMT.GENEVA.KEYVAULT.ARO-HCP-INT.AZURE.COM
certdescription:
value: HCP Management Cluster

0 comments on commit ad2bfdb

Please sign in to comment.