rename sandbox-config.yaml to kubesaw-admins.yaml (#9)

kubesaw · Mar 18, 2024 · 057b1bc · 057b1bc
1 parent 8e21766
commit 057b1bc
Show file tree

Hide file tree

Showing 14 changed files with 324 additions and 108 deletions.
diff --git a/pkg/assets/assets.go b/pkg/assets/assets.go
@@ -31,12 +31,12 @@ func init() {
 
 type FilenameMatcher func(string) bool
 
-func GetSandboxEnvironmentConfig(sandboxConfigFile string) (*SandboxEnvironmentConfig, error) {
-	content, err := os.ReadFile(sandboxConfigFile)
+func GetKubeSawAdminsConfig(kubeSawAdminsFile string) (*KubeSawAdmins, error) {
+	content, err := os.ReadFile(kubeSawAdminsFile)
 	if err != nil {
 		return nil, err
 	}
-	config := &SandboxEnvironmentConfig{}
+	config := &KubeSawAdmins{}
 	if err := yaml.Unmarshal(content, config); err != nil {
 		return nil, err
 	}

diff --git a/pkg/assets/assets_test.go b/pkg/assets/assets_test.go
@@ -92,32 +92,32 @@ func TestGetRoles(t *testing.T) {
 	}
 }
 
-func TestGetSandboxEnvironmentConfig(t *testing.T) {
+func TestGetKubeSawAdmins(t *testing.T) {
 	// given
 	require.NoError(t, client.AddToScheme())
 
 	// when
-	sandboxEnvConfig, err := assets.GetSandboxEnvironmentConfig("../../test-resources/dummy.openshiftapps.com/sandbox-config.yaml")
+	kubeSawAdmins, err := assets.GetKubeSawAdminsConfig("../../test-resources/dummy.openshiftapps.com/kubesaw-admins.yaml")
 
 	// then
 	require.NoError(t, err)
-	assert.NotEmpty(t, sandboxEnvConfig)
-	assert.NotEmpty(t, sandboxEnvConfig.Clusters.Host.API)
-	assert.NotEmpty(t, sandboxEnvConfig.Clusters.Members)
+	assert.NotEmpty(t, kubeSawAdmins)
+	assert.NotEmpty(t, kubeSawAdmins.Clusters.Host.API)
+	assert.NotEmpty(t, kubeSawAdmins.Clusters.Members)
 
-	for _, member := range sandboxEnvConfig.Clusters.Members {
+	for _, member := range kubeSawAdmins.Clusters.Members {
 		assert.NotEmpty(t, member.Name)
 		assert.NotEmpty(t, member.API)
 	}
 
-	assert.NotEmpty(t, sandboxEnvConfig.ServiceAccounts)
-	for _, sa := range sandboxEnvConfig.ServiceAccounts {
+	assert.NotEmpty(t, kubeSawAdmins.ServiceAccounts)
+	for _, sa := range kubeSawAdmins.ServiceAccounts {
 		assert.NotEmpty(t, sa.Name)
 		verifyNamespacePermissions(t, sa.Name, sa.PermissionsPerClusterType)
 	}
 
-	assert.NotEmpty(t, sandboxEnvConfig.Users)
-	for _, user := range sandboxEnvConfig.Users {
+	assert.NotEmpty(t, kubeSawAdmins.Users)
+	for _, user := range kubeSawAdmins.Users {
 		assert.NotEmpty(t, user.Name)
 		assert.NotEmpty(t, user.ID)
 		verifyNamespacePermissions(t, user.Name, user.PermissionsPerClusterType)

diff --git a/pkg/assets/sandbox_config.go b/pkg/assets/sandbox_config.go
@@ -1,6 +1,6 @@
 package assets
 
-type SandboxEnvironmentConfig struct {
+type KubeSawAdmins struct {
 	Clusters        Clusters         `yaml:"clusters"`
 	ServiceAccounts []ServiceAccount `yaml:"serviceAccounts"`
 	Users           []User           `yaml:"users"`

diff --git a/pkg/cmd/adm/generate_cli_configs.go b/pkg/cmd/adm/generate_cli_configs.go
@@ -27,25 +27,25 @@ import (
 )
 
 type generateFlags struct {
-	sandboxConfigFile, outDir string
+	kubeSawAdminsFile, outDir string
 	dev                       bool
 	kubeconfigs               []string
 }
 
 func NewGenerateCliConfigsCmd() *cobra.Command {
 	f := generateFlags{}
 	command := &cobra.Command{
-		Use:   "generate-cli-configs --sandbox-config=<path-to-sandbox-config-file>",
+		Use:   "generate-cli-configs --kubesaw-admins=<path-to-kubesaw-admins-file>",
 		Short: "Generate ksctl.yaml files",
-		Long:  `Generate ksctl.yaml files, that is used by ksctl, for every ServiceAccount defined in the given sandbox-config.yaml file`,
+		Long:  `Generate ksctl.yaml files, that is used by ksctl, for every ServiceAccount defined in the given kubesaw-admins.yaml file`,
 		Args:  cobra.ExactArgs(0),
 		RunE: func(cmd *cobra.Command, _ []string) error {
 			term := ioutils.NewTerminal(cmd.InOrStdin, cmd.OutOrStdout)
 			return generate(term, f, runtimeclient.New, DefaultNewExternalClientFromConfig)
 		},
 	}
-	command.Flags().StringVarP(&f.sandboxConfigFile, "sandbox-config", "c", "", "Use the given sandbox config file")
-	flags.MustMarkRequired(command, "sandbox-config")
+	command.Flags().StringVarP(&f.kubeSawAdminsFile, "kubesaw-admins", "c", "", "Use the given sandbox config file")
+	flags.MustMarkRequired(command, "kubesaw-admins")
 	command.Flags().BoolVarP(&f.dev, "dev", "d", false, "If running in a dev cluster")
 
 	configDirPath := fmt.Sprintf("%s/src/github.com/kubesaw/ksctl/out/config", os.Getenv("GOPATH"))
@@ -80,25 +80,25 @@ func generate(term ioutils.Terminal, flags generateFlags, newClient NewClientFro
 		return err
 	}
 
-	// Get the unmarshalled version of sandbox-config.yaml
-	sandboxEnvConfig, err := assets.GetSandboxEnvironmentConfig(flags.sandboxConfigFile)
+	// Get the unmarshalled version of kubesaw-admins.yaml
+	kubeSawAdmins, err := assets.GetKubeSawAdminsConfig(flags.kubeSawAdminsFile)
 	if err != nil {
-		return errs.Wrapf(err, "unable get sandbox-config.yaml file from %s", flags.sandboxConfigFile)
+		return errs.Wrapf(err, "unable get kubesaw-admins.yaml file from %s", flags.kubeSawAdminsFile)
 	}
 
 	ctx := &generateContext{
-		Terminal:         term,
-		newClient:        newClient,
-		newRESTClient:    newExternalClient,
-		sandboxEnvConfig: sandboxEnvConfig,
-		kubeconfigPaths:  flags.kubeconfigs,
+		Terminal:        term,
+		newClient:       newClient,
+		newRESTClient:   newExternalClient,
+		kubeSawAdmins:   kubeSawAdmins,
+		kubeconfigPaths: flags.kubeconfigs,
 	}
 
 	// sandboxUserConfigsPerName contains all sandboxUserConfig objects that will be marshalled to ksctl.yaml files
 	sandboxUserConfigsPerName := map[string]configuration.SandboxUserConfig{}
 
-	// use host API either from the sandbox-config.yaml or from kubeconfig if --dev flag was used
-	hostSpec := sandboxEnvConfig.Clusters.Host
+	// use host API either from the kubesaw-admins.yaml or from kubeconfig if --dev flag was used
+	hostSpec := kubeSawAdmins.Clusters.Host
 	if flags.dev {
 		term.Printlnf("Using kubeconfig located at '%s' for retrieving the host cluster information...", flags.kubeconfigs[0])
 		kubeconfig, err := clientcmd.BuildConfigFromFlags("", flags.kubeconfigs[0])
@@ -113,10 +113,10 @@ func generate(term ioutils.Terminal, flags generateFlags, newClient NewClientFro
 		return err
 	}
 
-	// and then based on the data from sandbox-config.yaml files generate also all members
-	for _, member := range sandboxEnvConfig.Clusters.Members {
+	// and then based on the data from kubesaw-admins.yaml files generate also all members
+	for _, member := range kubeSawAdmins.Clusters.Members {
 
-		// use either the member API from sandbox-config.yaml file or use the same as API as for host if --dev flag was used
+		// use either the member API from kubesaw-admins.yaml file or use the same as API as for host if --dev flag was used
 		memberSpec := member.ClusterConfig
 		if flags.dev {
 			memberSpec.API = hostSpec.API
@@ -159,10 +159,10 @@ func writeSandboxUserConfigs(term ioutils.Terminal, configDirPath string, sandbo
 
 type generateContext struct {
 	ioutils.Terminal
-	newClient        NewClientFromConfigFunc
-	newRESTClient    NewRESTClientFromConfigFunc
-	sandboxEnvConfig *assets.SandboxEnvironmentConfig
-	kubeconfigPaths  []string
+	newClient       NewClientFromConfigFunc
+	newRESTClient   NewRESTClientFromConfigFunc
+	kubeSawAdmins   *assets.KubeSawAdmins
+	kubeconfigPaths []string
 }
 
 // contains tokens mapped by SA name
@@ -185,7 +185,7 @@ func generateForCluster(ctx *generateContext, clusterType configuration.ClusterT
 
 	tokenPerSAName := tokenPerSA{}
 
-	for _, sa := range ctx.sandboxEnvConfig.ServiceAccounts {
+	for _, sa := range ctx.kubeSawAdmins.ServiceAccounts {
 		for saClusterType := range sa.PermissionsPerClusterType {
 			if saClusterType != clusterType.String() {
 				continue

diff --git a/pkg/cmd/adm/generate_cli_configs_test.go b/pkg/cmd/adm/generate_cli_configs_test.go
@@ -30,7 +30,7 @@ import (
 func TestGenerateCliConfigs(t *testing.T) {
 	// given
 	require.NoError(t, client.AddToScheme())
-	sandboxEnvConfig := NewSandboxEnvironmentConfig(
+	kubeSawAdmins := NewKubeSawAdmins(
 		Clusters(HostServerAPI).
 			AddMember("member1", Member1ServerAPI).
 			AddMember("member2", Member2ServerAPI),
@@ -43,7 +43,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 				MemberRoleBindings("toolchain-member-operator", Role("restart=restart-deployment"), ClusterRole("restart=edit")))),
 		Users())
 
-	sandboxEnvConfigContent, err := yaml.Marshal(sandboxEnvConfig)
+	kubeSawAdminsContent, err := yaml.Marshal(kubeSawAdmins)
 	require.NoError(t, err)
 	kubeconfigFiles := createKubeconfigFiles(t, sandboxKubeconfigContent, sandboxKubeconfigContentMember2)
 
@@ -61,9 +61,9 @@ func TestGenerateCliConfigs(t *testing.T) {
 	)
 	t.Cleanup(gock.OffAll)
 
-	configFile := createSandboxConfigFile(t, "sandbox.host.openshiftapps.com", sandboxEnvConfigContent)
+	configFile := createKubeSawAdminsFile(t, "kubesaw.host.openshiftapps.com", kubeSawAdminsContent)
 
-	_, newClient, newExternalClient := newFakeClientFuncs(t, sandboxEnvConfig.Clusters)
+	_, newClient, newExternalClient := newFakeClientFuncs(t, kubeSawAdmins.Clusters)
 	term := NewFakeTerminalWithResponse("Y")
 	term.Tee(os.Stdout)
 
@@ -72,7 +72,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 			// given
 			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
 			require.NoError(t, err)
-			flags := generateFlags{kubeconfigs: kubeconfigFiles, sandboxConfigFile: configFile, outDir: tempDir}
+			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: configFile, outDir: tempDir}
 
 			// when
 			err = generate(term, flags, newClient, newExternalClient)
@@ -85,7 +85,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 
 		t.Run("when there SAs are defined for host cluster only", func(t *testing.T) {
 			// given
-			saInHostOnly := NewSandboxEnvironmentConfig(
+			saInHostOnly := NewKubeSawAdmins(
 				Clusters(HostServerAPI).
 					AddMember("member1", Member1ServerAPI).
 					AddMember("member2", Member2ServerAPI),
@@ -95,12 +95,12 @@ func TestGenerateCliConfigs(t *testing.T) {
 					Sa("bob", "",
 						HostRoleBindings("toolchain-host-operator", Role("restart=restart-deployment"), ClusterRole("restart=edit")))),
 				Users())
-			sandboxEnvConfigContent, err := yaml.Marshal(saInHostOnly)
+			kubeSawAdminsContent, err := yaml.Marshal(saInHostOnly)
 			require.NoError(t, err)
-			configFile := createSandboxConfigFile(t, "sandbox.host.openshiftapps.com", sandboxEnvConfigContent)
+			configFile := createKubeSawAdminsFile(t, "kubesaw.host.openshiftapps.com", kubeSawAdminsContent)
 			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
 			require.NoError(t, err)
-			flags := generateFlags{kubeconfigs: kubeconfigFiles, sandboxConfigFile: configFile, outDir: tempDir}
+			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: configFile, outDir: tempDir}
 
 			// when
 			err = generate(term, flags, newClient, newExternalClient)
@@ -120,7 +120,7 @@ func TestGenerateCliConfigs(t *testing.T) {
 			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
 			require.NoError(t, err)
 			kubeconfigFiles := createKubeconfigFiles(t, sandboxKubeconfigContent)
-			flags := generateFlags{kubeconfigs: kubeconfigFiles, sandboxConfigFile: configFile, outDir: tempDir, dev: true}
+			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: configFile, outDir: tempDir, dev: true}
 
 			// when
 			err = generate(term, flags, newClient, newExternalClient)
@@ -153,25 +153,25 @@ func TestGenerateCliConfigs(t *testing.T) {
 			require.ErrorContains(t, err, "could not setup client from any of the provided kubeconfig files")
 		})
 
-		t.Run("wrong sandbox-config.yaml file path", func(t *testing.T) {
+		t.Run("wrong kubesaw-admins.yaml file path", func(t *testing.T) {
 			// given
 			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
 			require.NoError(t, err)
-			flags := generateFlags{kubeconfigs: kubeconfigFiles, sandboxConfigFile: "does/not/exist", outDir: tempDir}
+			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: "does/not/exist", outDir: tempDir}
 
 			// when
 			err = generate(term, flags, newClient, newExternalClient)
 
 			// then
 			require.Error(t, err)
-			require.ErrorContains(t, err, "unable get sandbox-config.yaml file from does/not/exist")
+			require.ErrorContains(t, err, "unable get kubesaw-admins.yaml file from does/not/exist")
 		})
 
 		t.Run("wrong kubeconfig file path", func(t *testing.T) {
 			// given
 			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
 			require.NoError(t, err)
-			flags := generateFlags{kubeconfigs: []string{"does/not/exist"}, sandboxConfigFile: configFile, outDir: tempDir}
+			flags := generateFlags{kubeconfigs: []string{"does/not/exist"}, kubeSawAdminsFile: configFile, outDir: tempDir}
 
 			// when
 			err = generate(term, flags, newClient, newExternalClient)
@@ -183,18 +183,18 @@ func TestGenerateCliConfigs(t *testing.T) {
 
 		t.Run("when token call is not mocked for SA", func(t *testing.T) {
 			// given
-			saInHostOnly := NewSandboxEnvironmentConfig(
+			saInHostOnly := NewKubeSawAdmins(
 				Clusters(HostServerAPI),
 				ServiceAccounts(
 					Sa("notmocked", "",
 						HostRoleBindings("toolchain-host-operator", Role("install-operator"), ClusterRole("admin")))),
 				Users())
-			sandboxEnvConfigContent, err := yaml.Marshal(saInHostOnly)
+			kubeSawAdminsContent, err := yaml.Marshal(saInHostOnly)
 			require.NoError(t, err)
-			configFile := createSandboxConfigFile(t, "sandbox.host.openshiftapps.com", sandboxEnvConfigContent)
+			configFile := createKubeSawAdminsFile(t, "sandbox.host.openshiftapps.com", kubeSawAdminsContent)
 			tempDir, err := os.MkdirTemp("", "sandbox-sre-out-")
 			require.NoError(t, err)
-			flags := generateFlags{kubeconfigs: kubeconfigFiles, sandboxConfigFile: configFile, outDir: tempDir}
+			flags := generateFlags{kubeconfigs: kubeconfigFiles, kubeSawAdminsFile: configFile, outDir: tempDir}
 
 			// when
 			err = generate(term, flags, newClient, newExternalClient)

diff --git a/pkg/cmd/adm/setup.go b/pkg/cmd/adm/setup.go
@@ -15,31 +15,31 @@ import (
 )
 
 type setupFlags struct {
-	sandboxConfigFile, outDir, hostRootDir, memberRootDir string
+	kubeSawAdminsFile, outDir, hostRootDir, memberRootDir string
 	singleCluster                                         bool
 }
 
 func NewSetupCmd() *cobra.Command {
 	f := setupFlags{}
 	command := &cobra.Command{
-		Use: "setup --sandbox-config=<path-to-sandbox-config-file> --out-dir <path-to-out-dir>",
-		Example: `ksctl adm setup ./path/to/sandbox.openshiftapps.com/sandbox-config.yaml --out-dir ./components/auth/devsandbox-production
-ksctl adm setup ./path/to/sandbox-stage.openshiftapps.com/sandbox-config.yaml --out-dir ./components/auth/devsandbox-staging -s`,
+		Use: "setup --kubesaw-admins=<path-to-kubesaw-admins-file> --out-dir <path-to-out-dir>",
+		Example: `ksctl adm setup ./path/to/kubesaw.openshiftapps.com/kubesaw-admins.yaml --out-dir ./components/auth/kubesaw-production
+ksctl adm setup ./path/to/kubesaw-stage.openshiftapps.com/kubesaw-admins.yaml --out-dir ./components/auth/kubesaw-staging -s`,
 		Short: "Generates user-management manifests",
-		Long:  `Reads the sandbox-config.yaml file and based on the content it generates user-management RBAC and manifests.`,
+		Long:  `Reads the kubesaw-admins.yaml file and based on the content it generates user-management RBAC and manifests.`,
 		Args:  cobra.ExactArgs(0),
 		RunE: func(cmd *cobra.Command, _ []string) error {
 			term := ioutils.NewTerminal(cmd.InOrStdin, cmd.OutOrStdout)
 			return Setup(term, resources.Resources, f)
 		},
 	}
-	command.Flags().StringVarP(&f.sandboxConfigFile, "sandbox-config", "c", "", "Use the given sandbox config file")
+	command.Flags().StringVarP(&f.kubeSawAdminsFile, "kubesaw-admins", "c", "", "Use the given sandbox config file")
 	command.Flags().StringVarP(&f.outDir, "out-dir", "o", "", "Directory where generated manifests should be stored")
 	command.Flags().BoolVarP(&f.singleCluster, "single-cluster", "s", false, "If host and member are deployed to the same cluster")
 	command.Flags().StringVar(&f.hostRootDir, "host-root-dir", "host", "The root directory name for host manifests")
 	command.Flags().StringVar(&f.memberRootDir, "member-root-dir", "member", "The root directory name for member manifests")
 
-	flags.MustMarkRequired(command, "sandbox-config")
+	flags.MustMarkRequired(command, "kubesaw-admins")
 	flags.MustMarkRequired(command, "out-dir")
 
 	return command
@@ -55,20 +55,20 @@ func Setup(term ioutils.Terminal, files assets.FS, flags setupFlags) error {
 	}
 	flags.outDir = abs
 
-	// Get the unmarshalled version of sandbox-config.yaml
-	sandboxEnvConfig, err := assets.GetSandboxEnvironmentConfig(flags.sandboxConfigFile)
+	// Get the unmarshalled version of kubesaw-admins.yaml
+	kubeSawAdmins, err := assets.GetKubeSawAdminsConfig(flags.kubeSawAdminsFile)
 	if err != nil {
-		return errs.Wrapf(err, "unable get sandbox-config.yaml file from %s", flags.sandboxConfigFile)
+		return errs.Wrapf(err, "unable get kubesaw-admins.yaml file from %s", flags.kubeSawAdminsFile)
 	}
 	err = os.RemoveAll(flags.outDir)
 	if err != nil {
 		return err
 	}
 	ctx := &setupContext{
-		Terminal:         term,
-		sandboxEnvConfig: sandboxEnvConfig,
-		setupFlags:       flags,
-		files:            files,
+		Terminal:      term,
+		kubeSawAdmins: kubeSawAdmins,
+		setupFlags:    flags,
+		files:         files,
 	}
 	objsCache := objectsCache{}
 	if err := ensureCluster(ctx, configuration.Host, objsCache); err != nil {
@@ -83,8 +83,8 @@ func Setup(term ioutils.Terminal, files assets.FS, flags setupFlags) error {
 type setupContext struct {
 	ioutils.Terminal
 	setupFlags
-	sandboxEnvConfig *assets.SandboxEnvironmentConfig
-	files            assets.FS
+	kubeSawAdmins *assets.KubeSawAdmins
+	files         assets.FS
 }
 
 func ensureCluster(ctx *setupContext, clusterType configuration.ClusterType, cache objectsCache) error {

diff --git a/pkg/cmd/adm/setup_cluster.go b/pkg/cmd/adm/setup_cluster.go
@@ -13,7 +13,7 @@ type clusterContext struct {
 // It generates SA and roles & roleBindings for them
 func ensureServiceAccounts(ctx *clusterContext, objsCache objectsCache) error {
 	ctx.Printlnf("-> Ensuring ServiceAccounts and its RoleBindings...")
-	for _, sa := range ctx.sandboxEnvConfig.ServiceAccounts {
+	for _, sa := range ctx.kubeSawAdmins.ServiceAccounts {
 
 		// by default, it should use the sandbox sre namespace. let's keep this empty (if the target namespace is not defined) so it is recognized in the ensureServiceAccount method based on the cluster type it is being applied in
 		saNamespace := ""
@@ -41,7 +41,7 @@ func ensureServiceAccounts(ctx *clusterContext, objsCache objectsCache) error {
 func ensureUsers(ctx *clusterContext, objsCache objectsCache) error {
 	ctx.Printlnf("-> Ensuring Users and its RoleBindings...")
 
-	for _, user := range ctx.sandboxEnvConfig.Users {
+	for _, user := range ctx.kubeSawAdmins.Users {
 
 		permissions := &permissionsManager{
 			objectsCache:    objsCache,