Merge pull request #539 from equinor/update-radix-common

Upgrade Go (1.21) an ApiMachinery(0.27.6) and remove MachineUser

.gitignore

@@ -18,11 +18,10 @@ vendor
 
 debug
 swaggerui/statik.go
-swaggerui_src/swagger.json
 
 __debug_bin
 .dccache
 Dockerfile.dev
 
 # binary created by goland with default settings
-main
+main

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.20-alpine3.18 as builder
+FROM golang:1.21-alpine3.18 as builder
 ENV GO111MODULE=on
 
 RUN apk update && \
@@ -42,4 +42,4 @@ COPY --from=builder /usr/local/bin/radix-api /usr/local/bin/radix-api
 
 EXPOSE 3001
 USER 1000
-ENTRYPOINT ["/usr/local/bin/radix-api"]
+ENTRYPOINT ["/usr/local/bin/radix-api"]

api/alerting/handler.go

@@ -222,7 +222,7 @@ func (h *handler) validateUpdateSlackConfig(slackConfig *alertModels.UpdateSlack
 func (h *handler) waitForRadixAlertReconciled(ctx context.Context, source *radixv1.RadixAlert) (*radixv1.RadixAlert, bool) {
 	var reconciledAlert *radixv1.RadixAlert
 
-	hasReconciled := func() (bool, error) {
+	hasReconciled := func(ctx context.Context) (bool, error) {
 		radixAlert, err := h.accounts.UserAccount.RadixClient.RadixV1().RadixAlerts(source.Namespace).Get(ctx, source.Name, metav1.GetOptions{})
 		if err != nil {
 			return false, err
@@ -233,9 +233,10 @@ func (h *handler) waitForRadixAlertReconciled(ctx context.Context, source *radix
 		return radixAlert.Status.Reconciled != nil, nil
 	}
 
-	if err := wait.PollImmediate(h.reconcilePollInterval, h.reconcilePollTimeout, hasReconciled); err != nil {
+	if err := wait.PollUntilContextTimeout(ctx, h.reconcilePollInterval, h.reconcilePollTimeout, true, hasReconciled); err != nil {
 		return nil, false
 	}
+
 	return reconciledAlert, true
 }
 

api/applications/applications_controller.go

@@ -5,8 +5,6 @@ import (
 	"net/http"
 	"strings"
 
-	log "github.com/sirupsen/logrus"
-
 	applicationModels "github.com/equinor/radix-api/api/applications/models"
 	"github.com/equinor/radix-api/models"
 	radixhttp "github.com/equinor/radix-common/net/http"
@@ -115,11 +113,6 @@ func (ac *applicationController) GetRoutes() models.Routes {
 			Method:      "GET",
 			HandlerFunc: ac.GetDeployKeyAndSecret,
 		},
-		models.Route{
-			Path:        appPath + "/regenerate-machine-user-token",
-			Method:      "POST",
-			HandlerFunc: ac.RegenerateMachineUserTokenHandler,
-		},
 		models.Route{
 			Path:        appPath + "/regenerate-deploy-key",
 			Method:      "POST",
@@ -364,58 +357,6 @@ func (ac *applicationController) IsDeployKeyValidHandler(accounts models.Account
 	radixhttp.ErrorResponse(w, r, err)
 }
 
-// RegenerateMachineUserTokenHandler Deletes the secret holding the token to force refresh and returns the new token
-func (ac *applicationController) RegenerateMachineUserTokenHandler(accounts models.Accounts, w http.ResponseWriter, r *http.Request) {
-	// swagger:operation POST /applications/{appName}/regenerate-machine-user-token application regenerateMachineUserToken
-	// ---
-	// summary: Regenerates machine user token
-	// parameters:
-	// - name: appName
-	//   in: path
-	//   description: name of application
-	//   type: string
-	//   required: true
-	// - name: Impersonate-User
-	//   in: header
-	//   description: Works only with custom setup of cluster. Allow impersonation of test users (Required if Impersonate-Group is set)
-	//   type: string
-	//   required: false
-	// - name: Impersonate-Group
-	//   in: header
-	//   description: Works only with custom setup of cluster. Allow impersonation of test group (Required if Impersonate-User is set)
-	//   type: array
-	//   items:
-	//     type: string
-	//   required: false
-	// responses:
-	//   "200":
-	//     description: Successful regenerate machine-user token
-	//     schema:
-	//       "$ref": "#/definitions/MachineUser"
-	//   "401":
-	//     description: "Unauthorized"
-	//   "403":
-	//     description: "Forbidden"
-	//   "404":
-	//     description: "Not found"
-	//   "409":
-	//     description: "Conflict"
-	//   "500":
-	//     description: "Internal server error"
-
-	appName := mux.Vars(r)["appName"]
-	handler := ac.applicationHandlerFactory.Create(accounts)
-	machineUser, err := handler.RegenerateMachineUserToken(r.Context(), appName)
-
-	if err != nil {
-		radixhttp.ErrorResponse(w, r, err)
-		return
-	}
-
-	log.Debugf("re-generated machine user token for app %s", appName)
-	radixhttp.JSONResponse(w, r, &machineUser)
-}
-
 // RegenerateDeployKeyHandler Regenerates deploy key and secret and returns the new key
 func (ac *applicationController) RegenerateDeployKeyHandler(accounts models.Accounts, w http.ResponseWriter, r *http.Request) {
 	// swagger:operation POST /applications/{appName}/regenerate-deploy-key application regenerateDeployKey

api/applications/applications_handler.go

@@ -4,10 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
 	applicationModels "github.com/equinor/radix-api/api/applications/models"
 	"github.com/equinor/radix-api/api/deployments"
 	"github.com/equinor/radix-api/api/environments"
@@ -29,13 +25,14 @@ import (
 	crdUtils "github.com/equinor/radix-operator/pkg/apis/utils"
 	log "github.com/sirupsen/logrus"
 	authorizationapi "k8s.io/api/authorization/v1"
-	corev1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
+	"net/http"
+	"strings"
 )
 
 type patch struct {
@@ -120,40 +117,6 @@ func (ah *ApplicationHandler) GetApplication(ctx context.Context, appName string
 	return application, nil
 }
 
-// RegenerateMachineUserToken Deletes the secret holding the token to force refresh and returns the new token
-func (ah *ApplicationHandler) RegenerateMachineUserToken(ctx context.Context, appName string) (*applicationModels.MachineUser, error) {
-	log.Debugf("regenerate machine user token for app: %s", appName)
-	namespace := crdUtils.GetAppNamespace(appName)
-	machineUserSA, err := ah.getMachineUserServiceAccount(ctx, appName, namespace)
-	if err != nil {
-		return nil, err
-	}
-	if len(machineUserSA.Secrets) == 0 {
-		return nil, fmt.Errorf("unable to get secrets on machine user service account")
-	}
-
-	tokenName := machineUserSA.Secrets[0].Name
-	log.Debugf("delete service account for app %s and machine user token: %s", appName, tokenName)
-	if err := ah.getUserAccount().Client.CoreV1().Secrets(namespace).Delete(ctx, tokenName, metav1.DeleteOptions{}); err != nil {
-		return nil, err
-	}
-
-	queryTimeout := time.NewTimer(time.Duration(5) * time.Second)
-	queryInterval := time.NewTicker(time.Second)
-	for {
-		select {
-		case <-queryInterval.C:
-			machineUser, err := ah.getMachineUserForApp(ctx, appName)
-			if err == nil {
-				return machineUser, nil
-			}
-			log.Debugf("waiting to get machine user for app %s of namespace %s, error: %v", appName, namespace, err)
-		case <-queryTimeout.C:
-			return nil, fmt.Errorf("timeout getting user machine token secret")
-		}
-	}
-}
-
 // RegisterApplication handler for RegisterApplication
 func (ah *ApplicationHandler) RegisterApplication(ctx context.Context, applicationRegistrationRequest applicationModels.ApplicationRegistrationRequest) (*applicationModels.ApplicationRegistrationUpsertResponse, error) {
 	var err error
@@ -331,15 +294,6 @@ func (ah *ApplicationHandler) ModifyRegistrationDetails(ctx context.Context, app
 		runUpdate = true
 	}
 
-	if patchRequest.MachineUser != nil && *patchRequest.MachineUser != currentRegistration.Spec.MachineUser {
-		if *patchRequest.MachineUser {
-			return nil, fmt.Errorf("machine user token is deprecated. Please use AD Service principal access token https://radix.equinor.com/guides/deploy-only/#ad-service-principal-access-token")
-		}
-		updatedRegistration.Spec.MachineUser = *patchRequest.MachineUser
-		payload = append(payload, patch{Op: "replace", Path: "/spec/machineUser", Value: patchRequest.MachineUser})
-		runUpdate = true
-	}
-
 	if patchRequest.WBS != nil && *patchRequest.WBS != "" {
 		updatedRegistration.Spec.WBS = *patchRequest.WBS
 		payload = append(payload, patch{Op: "replace", Path: "/spec/wbs", Value: *patchRequest.WBS})
@@ -615,46 +569,6 @@ func (ah *ApplicationHandler) getAdditionalRadixRegistrationUpdateValidators(cur
 	return validators
 }
 
-func (ah *ApplicationHandler) getMachineUserForApp(ctx context.Context, appName string) (*applicationModels.MachineUser, error) {
-	namespace := crdUtils.GetAppNamespace(appName)
-
-	log.Debugf("get service account for machine user in app %s of namespace %s", appName, namespace)
-	machineUserSA, err := ah.getMachineUserServiceAccount(ctx, appName, namespace)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(machineUserSA.Secrets) == 0 {
-		return nil, fmt.Errorf("unable to get secrets on machine user service account")
-	}
-
-	tokenName := machineUserSA.Secrets[0].Name
-	log.Debugf("get secrets for machine user token %s in app %s of namespace %s", tokenName, appName, namespace)
-	token, err := ah.getUserAccount().Client.CoreV1().Secrets(namespace).Get(ctx, tokenName, metav1.GetOptions{})
-	if err != nil {
-		return nil, err
-	}
-
-	tokenStringData := string(token.Data["token"])
-	log.Debugf("token length: %v", len(tokenStringData))
-	tokenString := &tokenStringData
-
-	return &applicationModels.MachineUser{
-		Token: *tokenString,
-	}, nil
-}
-
-func (ah *ApplicationHandler) getMachineUserServiceAccount(ctx context.Context, appName, namespace string) (*corev1.ServiceAccount, error) {
-	machineUserName := defaults.GetMachineUserRoleName(appName)
-	log.Debugf("get service account for app %s in namespace %s and machine user: %s", appName, namespace, machineUserName)
-	machineUserSA, err := ah.getServiceAccount().Client.CoreV1().ServiceAccounts(namespace).Get(ctx, machineUserName, metav1.GetOptions{})
-	if err != nil {
-		return nil, err
-	}
-
-	return machineUserSA, nil
-}
-
 // RegenerateDeployKey Regenerates deploy key and secret and returns the new key
 func (ah *ApplicationHandler) RegenerateDeployKey(ctx context.Context, appName string, regenerateDeployKeyAndSecretData applicationModels.RegenerateDeployKeyAndSecretData) error {
 	// Make check that this is an existing application and that the user has access to it

api/applications/models/application_registration.go

@@ -40,11 +40,6 @@ type ApplicationRegistration struct {
 	// required: true
 	Creator string `json:"creator"`
 
-	// MachineUser is on/off toggle of machine user for the application
-	//
-	// required: false
-	MachineUser bool `json:"machineUser"`
-
 	// WBS information
 	//
 	// required: false

api/applications/models/application_registration_builder.go

@@ -15,7 +15,6 @@ type ApplicationRegistrationBuilder interface {
 	WithAdGroups([]string) ApplicationRegistrationBuilder
 	WithReaderAdGroups([]string) ApplicationRegistrationBuilder
 	WithCloneURL(string) ApplicationRegistrationBuilder
-	WithMachineUser(bool) ApplicationRegistrationBuilder
 	WithWBS(string) ApplicationRegistrationBuilder
 	WithConfigBranch(string) ApplicationRegistrationBuilder
 	WithConfigurationItem(string) ApplicationRegistrationBuilder
@@ -35,7 +34,6 @@ type applicationBuilder struct {
 	adGroups            []string
 	readerAdGroups      []string
 	cloneURL            string
-	machineUser         bool
 	wbs                 string
 	configBranch        string
 	configurationItem   string
@@ -64,7 +62,6 @@ func (rb *applicationBuilder) WithRadixRegistration(radixRegistration *v1.RadixR
 	rb.WithReaderAdGroups(radixRegistration.Spec.ReaderAdGroups)
 	rb.WithOwner(radixRegistration.Spec.Owner)
 	rb.WithCreator(radixRegistration.Spec.Creator)
-	rb.WithMachineUser(radixRegistration.Spec.MachineUser)
 	rb.WithWBS(radixRegistration.Spec.WBS)
 	rb.WithConfigBranch(radixRegistration.Spec.ConfigBranch)
 	rb.WithRadixConfigFullName(radixRegistration.Spec.RadixConfigFullName)
@@ -114,11 +111,6 @@ func (rb *applicationBuilder) WithReaderAdGroups(readerAdGroups []string) Applic
 	return rb
 }
 
-func (rb *applicationBuilder) WithMachineUser(machineUser bool) ApplicationRegistrationBuilder {
-	rb.machineUser = machineUser
-	return rb
-}
-
 func (rb *applicationBuilder) WithWBS(wbs string) ApplicationRegistrationBuilder {
 	rb.wbs = wbs
 	return rb
@@ -153,7 +145,6 @@ func (rb *applicationBuilder) Build() ApplicationRegistration {
 		ReaderAdGroups:      rb.readerAdGroups,
 		Owner:               rb.owner,
 		Creator:             rb.creator,
-		MachineUser:         rb.machineUser,
 		WBS:                 rb.wbs,
 		ConfigBranch:        rb.configBranch,
 		RadixConfigFullName: rb.radixConfigFullName,
@@ -172,7 +163,6 @@ func (rb *applicationBuilder) BuildRR() (*v1.RadixRegistration, error) {
 		WithReaderAdGroups(rb.readerAdGroups).
 		WithOwner(rb.owner).
 		WithCreator(rb.creator).
-		WithMachineUser(rb.machineUser).
 		WithWBS(rb.wbs).
 		WithConfigBranch(rb.configBranch).
 		WithRadixConfigFullName(rb.radixConfigFullName).

api/applications/models/application_registration_patch.go

@@ -18,13 +18,6 @@ type ApplicationRegistrationPatch struct {
 	// required: false
 	Owner *string `json:"owner,omitempty"`
 
-	// MachineUser is used for interacting directly with Radix API
-	//
-	// required: false
-	// Extensions:
-	// x-nullable: true
-	MachineUser *bool `json:"machineUser,omitempty"`
-
 	// Repository the github repository
 	//
 	// required: false

api/environments/environment_controller_test.go

@@ -1169,7 +1169,6 @@ func Test_GetEnvironmentEvents_Handler(t *testing.T) {
 	nsFunc := event.RadixEnvironmentNamespace(raBuilder.BuildRA(), anyEnvironment)
 	eventHandler.EXPECT().
 		GetEvents(context.Background(), controllertest.EqualsNamespaceFunc(nsFunc)).
-		Return(make([]*eventModels.Event, 0), fmt.Errorf("err")).
 		Return([]*eventModels.Event{{}, {}}, nil).
 		Times(1)
 

api/test/gomock_matchers.go

@@ -31,17 +31,8 @@ func (m namespaceFuncMatcher) Matches(arg interface{}) bool {
 		return false
 	}
 
-	// Not equal if function pointer is different
-	if argv.Pointer() != fv.Pointer() {
-		return false
-	}
-
-	// Not equal if functions return different value
-	if m.f() != arg.(event.NamespaceFunc)() {
-		return false
-	}
-
-	return true
+	// equal if functions return same value
+	return m.f() == arg.(event.NamespaceFunc)()
 }
 
 func (m namespaceFuncMatcher) String() string {