Merge pull request #822 from jlandowner/cosmo-auth6-cosmoctl

Update cosmoctl to use dashboard API

api/v1alpha1/workspace_types.go

@@ -99,6 +99,16 @@ func (r *NetworkRule) UniqueKey() string {
 	return r.HostPrefix()
 }
 
+func GetNetworkRuleIndex(rules []NetworkRule, target NetworkRule) int {
+	index := -1
+	for i, v := range rules {
+		if v.UniqueKey() == target.UniqueKey() {
+			index = i
+		}
+	}
+	return index
+}
+
 func MainRuleKey(cfg Config) string {
 	return HTTPUniqueKey(cfg.ServiceMainPortName, "/")
 }

cmd/cosmoctl/main.go

@@ -2,8 +2,16 @@ package main
 
 import (
 	"github.com/cosmo-workspace/cosmo/internal/cmd"
+	"github.com/cosmo-workspace/cosmo/pkg/cli"
+)
+
+var (
+	// goreleaser default https://goreleaser.com/customization/builds/
+	version = "snapshot"
+	commit  = "snapshot"
+	date    = "snapshot"
 )
 
 func main() {
-	cmd.Execute()
+	cmd.Execute(cli.VersionInfo{Version: version, Commit: commit, Date: date})
 }

config/user-addon/traefik-middleware/Makefile

@@ -2,8 +2,8 @@ all: useraddon
 
 PHONY: useraddon
 useraddon:
-	cat cosmo-username-headers.yaml | cosmoctl template generate --name cosmo-username-headers \
-		--user-addon \
+	cat cosmo-username-headers.yaml | cosmoctl tmpl gen --name cosmo-username-headers \
+		--useraddon \
 		--desc 'Traefik middleware for user authorization. DO NOT EDIT' \
-		--set-default-user-addon \
+		--useraddon-set-default \
 		--disable-nameprefix | grep -v "Generated by cosmoctl" > cosmo-username-headers-addon.yaml

docs/GETTING-STARTED.md

@@ -113,7 +113,7 @@ Download binary from [latest release](https://github.com/cosmo-workspace/cosmo/r
 Use cosmoctl to create first User.
 
 ```sh
-cosmoctl user create admin --admin
+cosmoctl user create admin --privileged
 ```
 
 Output:

docs/TEMPLATE-ENGINE.md

@@ -124,7 +124,7 @@ In the example template, deployment name created by instance named `example` is
 
 > Note:
 > Currently, name prefix feature is not the same as kustomize, which change the name and the references.
-> So the Template generated by `cosmoctl template gen` command use kustomize internally and have `{{INSTANCE}}-` prefix on all manifests by default.
+> So the Template generated by `cosmoctl tmpl gen` command use kustomize internally and have `{{INSTANCE}}-` prefix on all manifests by default.
 
 In order not to prefix on resources, set `cosmo-workspace.github.io/disable-nameprefix: "true"` in annotation of Template.
 
@@ -185,7 +185,7 @@ Template can be generated via `cosmoctl`.
 
 All you have to do is to prepare your own Kubernetes YAMLs that is deployable.
 
-And pass them to `cosmoctl template gen` command by stdin.
+And pass them to `cosmoctl tmpl gen` command by stdin.
 
 ```sh
 # kustomze

docs/USER.md

@@ -90,7 +90,7 @@ spec:
 
 </details><br>
 
-UserAddon can be generated via `cosmoctl template gen` command, same as WorkspaceTemplate.
+UserAddon can be generated via `cosmoctl tmpl gen` command, same as WorkspaceTemplate.
 
 ### Create UserAddon
 
@@ -185,7 +185,7 @@ UserAddon can be generated via `cosmoctl template gen` command, same as Workspac
 
 2.  Generate WorkspaceTemplate
 
-    Pass kustomize-generated manifest to `cosmoctl template gen` command by stdin.
+    Pass kustomize-generated manifest to `cosmoctl tmpl gen` command by stdin.
 
     ```sh
     kustomize build . | cosmoctl tmpl gen --cluster-scope --useraddon -o addon.yaml
@@ -205,7 +205,7 @@ UserAddons with the following annotations have special behavior.
 
 | Annotatio keys | Avairable values(default) | Description | cosmoctl option |
 |:--|:--|:--|:--|
-| `useraddon.cosmo-workspace.github.io/default` | `["true", "false"]`("false") | UserAddon with this annotation is applied to all Users automatically | `--set-default-user-addon` |
+| `useraddon.cosmo-workspace.github.io/default` | `["true", "false"]`("false") | UserAddon with this annotation is applied to all Users automatically | `--useraddon-set-default` |
 | `cosmo-workspace.github.io/disable-nameprefix` | `["true", "false"]`("false") | UserAddon with this annotation is applied to all Users automatically | `--disable-nameprefix` |
 | `cosmo-workspace.github.io/userroles` | comma-separated UserRoles(None) | User who use this Template must have all of the UserRoles specified in this annotation | `--userroles` |
 | `cosmo-workspace.github.io/required-useraddons` | comma-separated UserAddon names(None)  | User who use this Template must be attached all of the UserAddons specified in this annotation | `--required-useraddons` |

docs/WORKSPACE.md

@@ -330,7 +330,7 @@ As you can see `# Generated by cosmoctl template command` top of the yaml, Works
 
 2.  Generate WorkspaceTemplate
 
-    Pass kustomize-generated manifest to `cosmoctl template gen` command by stdin.
+    Pass kustomize-generated manifest to `cosmoctl tmpl gen` command by stdin.
 
     ```sh
     kustomize build . | cosmoctl tmpl gen --workspace -o cosmo-template.yaml
@@ -365,7 +365,7 @@ As you can see `# Generated by cosmoctl template command` top of the yaml, Works
 
 2.  Generate WorkspaceTemplate
 
-    Pass Helm-generated manifests to `cosmoctl template gen` command by stdin.
+    Pass Helm-generated manifests to `cosmoctl tmpl gen` command by stdin.
 
     ```sh
     helm template code-server-example cosmo/dev-code-server | cosmoctl tmpl gen --workspace -o cosmo-template.yaml

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/bufbuild/connect-go v1.10.0
 	github.com/envoyproxy/protoc-gen-validate v1.0.4
 	github.com/evanphx/json-patch/v5 v5.9.0
+	github.com/fatih/color v1.17.0
 	github.com/gkampitakis/go-snaps v0.5.4
 	github.com/go-ldap/ldap/v3 v3.4.8
 	github.com/go-logr/logr v1.4.1
@@ -26,6 +27,7 @@ require (
 	github.com/traefik/traefik/v3 v3.0.0
 	go.uber.org/zap v1.27.0
 	golang.org/x/crypto v0.23.0
+	golang.org/x/term v0.20.0
 	google.golang.org/protobuf v1.34.1
 	k8s.io/api v0.30.0
 	k8s.io/apimachinery v0.30.0
@@ -120,7 +122,6 @@ require (
 	golang.org/x/oauth2 v0.20.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
-	golang.org/x/term v0.20.0 // indirect
 	golang.org/x/text v0.15.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.21.0 // indirect

go.sum

@@ -82,6 +82,8 @@ github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi
 github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
+github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
 github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=

hack/local-run-test/Makefile

@@ -69,7 +69,7 @@ show-url: ## show-url
 create-all: create-cluster docker-build-all install-all apply-template add-user add-workspace ## Create all
 delete-all: delete-cluster ## Delete all
 
-docker-build-all: docker-build-manager docker-build-dashboard ## Docker build all
+docker-build-all: docker-build-manager docker-build-dashboard docker-build-traefik-plugins ## Docker build all
 
 install-all: install-cosmo ## Install cosmo resources.
 uninstall-all: uninstall-cosmo ## Uninstall cosmo resources.
@@ -213,7 +213,7 @@ docker-build-dashboard: ## build & push cosmo dashboard image.
 	docker push localhost:5000/cosmo-dashboard:$(DASHBOARD_IMAGE_TAG)
 	docker rmi cosmo-dashboard:$(DASHBOARD_IMAGE_TAG)
 	k3d image import localhost:5000/cosmo-dashboard:$(DASHBOARD_IMAGE_TAG) -c $(CLUSTER_NAME)
-	-kubectl rollout restart deploy -n cosmo-system cosmo-dashboard 
+	-kubectl rollout restart deploy -n cosmo-system cosmo-dashboard
 
 docker-build-traefik-plugins: ## build & push cosmo traefik-plugins image.
 	@echo ====== $@ ======
@@ -240,9 +240,9 @@ docker-cache-clear: ## docker cache clear.
 
 LOGLEVEL ?= info
 
-install-cosmo: helm kubectl docker-build-manager docker-build-dashboard docker-build-traefik-plugins ## Install cosmo resources.
+install-cosmo: #helm kubectl docker-build-manager docker-build-dashboard docker-build-traefik-plugins ## Install cosmo resources.
 	@echo ====== $@ ======
-	helm dependency update ../../charts/cosmo 
+	helm dependency update ../../charts/cosmo
 	helm upgrade --install cosmo ../../charts/cosmo \
 		-n cosmo-system --create-namespace \
 		--wait \
@@ -317,42 +317,44 @@ apply-template: kubectl cosmoctl ## Apply template.
 
 add-user: kubectl cosmoctl ## add user
 	@echo ====== $@ ======
-	-cosmoctl user create tom --admin 2> /dev/null
-	-cosmoctl user create gryffindor-dev --role "gryffindor" --addon resource-limitter --addon gryffindor-serviceaccount 2> /dev/null
-	-cosmoctl user create gryffindor-admin --role "gryffindor-admin" --addon resource-limitter --addon gryffindor-serviceaccount 2> /dev/null
-	-cosmoctl user create slytherin-dev --role "slytherin" 2> /dev/null
-	-cosmoctl user create slytherin-admin --role "slytherin-admin" 2> /dev/null
-	-cosmoctl user create grytherin --role "gryffindor,slytherin" --addon resource-limitter --addon gryffindor-serviceaccount 2> /dev/null
-	-cosmoctl user create ldapuser1 --admin --auth-type ldap 2> /dev/null
-	-cosmoctl user reset-password tom --password vvv
-	-cosmoctl user reset-password gryffindor-dev   --password xxxxxxxx
-	-cosmoctl user reset-password gryffindor-admin --password xxxxxxxx
-	-cosmoctl user reset-password slytherin-dev    --password xxxxxxxx
-	-cosmoctl user reset-password slytherin-admin  --password xxxxxxxx
-	-cosmoctl user reset-password grytherin        --password xxxxxxxx
-
+	-cosmoctl -k user create tom --privileged --force 2> /dev/null
+	-cosmoctl -k user create gryffindor-dev --role "gryffindor" --addon resource-limitter --addon gryffindor-serviceaccount --force 2> /dev/null
+	-cosmoctl -k user create gryffindor-admin --role "gryffindor-admin" --addon resource-limitter --addon gryffindor-serviceaccount --force 2> /dev/null
+	-cosmoctl -k user create slytherin-dev --role "slytherin" --force 2> /dev/null
+	-cosmoctl -k user create slytherin-admin --role "slytherin-admin" --force 2> /dev/null
+	-cosmoctl -k user create grytherin --role "gryffindor,slytherin" --addon resource-limitter --addon gryffindor-serviceaccount --force 2> /dev/null
+	-cosmoctl -k user create ldapuser1 --privileged --auth-type ldap --force 2> /dev/null
+	-echo vvv      | cosmoctl -k user change-password --password-stdin tom
+	-echo xxxxxxxx | cosmoctl -k user change-password --password-stdin gryffindor-dev
+	-echo xxxxxxxx | cosmoctl -k user change-password --password-stdin gryffindor-admin
+	-echo xxxxxxxx | cosmoctl -k user change-password --password-stdin slytherin-dev
+	-echo xxxxxxxx | cosmoctl -k user change-password --password-stdin slytherin-admin
+	-echo xxxxxxxx | cosmoctl -k user change-password --password-stdin grytherin
+	-echo vvv      | cosmoctl login tom --password-stdin --dashboard-url $(DASHBOARD_URL)
 
 add-workspace: kubectl cosmoctl ## add workspace
 	@echo ====== $@ ======
-	-cosmoctl workspace create --user=tom --template=dev-code-server ws1
-	-cosmoctl workspace create --user=ldapuser1 --template=dev-code-server ldapws1
+	-cosmoctl workspace create --force --template=dev-code-server ws1
+	-cosmoctl -k workspace create --force --user=ldapuser1 --template=dev-code-server ldapws1
 	sleep 5
-	-cosmoctl networkrule add --user=tom --workspace=ws1 --port=7701 --host-prefix proxy1 --path /
+	-cosmoctl ws upsert-network ws1 --port=7701 --host-prefix proxy1 --path /
 	sleep 1
-	-cosmoctl networkrule add --user=tom --workspace=ws1 --port=7701 --host-prefix proxy1 --path /aaa
+	-cosmoctl ws upsert-network ws1 --port=7701 --host-prefix proxy1 --path /aaa
 	sleep 1
-	-cosmoctl networkrule add --user=tom --workspace=ws1 --port=7701 --host-prefix proxy1 --path /bbb --public
+	-cosmoctl ws upsert-network ws1 --port=7701 --host-prefix proxy1 --path /bbb --public
 	sleep 1
-	-cosmoctl networkrule add --user=tom --workspace=ws1 --port=7701 --path /
+	-cosmoctl ws upsert-network ws1 --port=7701 --path /
 
 delete-cosmo-crd:  ## Delete cosmo crd.
-	-kubectl get crd | grep cosmo-workspace.github.io | awk '{print $$1}' | xargs kubectl delete crd 
+	-kubectl get crd | grep cosmo-workspace.github.io | awk '{print $$1}' | xargs kubectl delete crd
 
 delete-cosmo-resources:
 	-kubectl delete user --all
 	-kubectl delete tmpl --all
 	-kubectl delete ctmpl --all
 
+create-cosmo-resources: apply-template add-user add-workspace cg
+
 ##---------------------------------------------------------------------
 ##@ Execute test
 ##---------------------------------------------------------------------
@@ -487,13 +489,13 @@ bin/argocd:
 ##---------------------------------------------------------------------
 ##@ Utility
 ##---------------------------------------------------------------------
-console: ## Activate kubeconfig for local k8s. 
+console: ## Activate kubeconfig for local k8s.
 	@bash -rcfile <(echo ". ~/.bashrc;PS1='\[\033[01;32m\]\u@test-env\[\033[00m\]:\[\033[01;35m\]\W\[\033[00m\]$$ '")
 
 helm-ls: ## helm list
 	-@helm list -a -A
 
-kg: ## Get k0s resources.
+kg: ## Get k8s resources.
 	-@kubectl get node --show-kind
 	-@kubectl get po -A --show-kind
 	-@kubectl get ing -A --show-kind
@@ -502,3 +504,9 @@ kg: ## Get k0s resources.
 	-@kubectl get svc -A --show-kind
 	-@kubectl get ep -A --show-kind
 	-@kubectl get application -A --show-kind
+
+cg: ## Get cosmo resources.
+	-@cosmoctl get user -k
+	-@cosmoctl get ws -A -k
+	-@cosmoctl get tmpl -k
+	-@cosmoctl get addon -k

hack/local-run-test/templates/code-server-01/Makefile

@@ -5,8 +5,8 @@ FROM_TAG=4.9.1
 .PHONY: template
 template:
 	cd kubernetes/ && kustomize edit set image codercom/code-server=cosmo.io:5000/my-code-server:latest
-	kustomize build kubernetes/ | cosmoctl tmpl generate -o cosmo-template.yaml --workspace \
-		--required-vars CODE-SERVER_STORAGE_GB:20,DOCKER_STORAGE:20
+	kustomize build kubernetes/ | cosmoctl tmpl gen ws -o cosmo-template.yaml --no-header \
+		--var CODE-SERVER_STORAGE_GB:20 --var DOCKER_STORAGE:20
 
 .PHONY: apply
 apply: template ## Apply template

hack/local-run-test/templates/code-server-01/cosmo-template.yaml

@@ -1,13 +1,10 @@
-# Generated by cosmoctl - cosmo v0.8.0 cosmo-workspace 2023
 apiVersion: cosmo-workspace.github.io/v1alpha1
 kind: Template
 metadata:
   annotations:
     workspace.cosmo-workspace.github.io/deployment: workspace
-    workspace.cosmo-workspace.github.io/ingress: ""
     workspace.cosmo-workspace.github.io/service: workspace
     workspace.cosmo-workspace.github.io/service-main-port: main
-    workspace.cosmo-workspace.github.io/urlbase: ""
   creationTimestamp: null
   labels:
     cosmo-workspace.github.io/type: workspace

hack/local-run-test/templates/dev-code-server/Makefile

@@ -6,14 +6,12 @@ IMAGE_TAG=v0.0.2-4.13.0
 .PHONY: template
 template: ## Create template
 	cd kubernetes/ && kustomize edit set image $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG)
-	kustomize build kubernetes/ | cosmoctl tmpl generate -o cosmo-template.yaml --workspace \
-		--required-vars CODE-SERVER_STORAGE_GB:20,DOCKER_STORAGE:20
-	kustomize build gryffindor | cosmoctl tmpl generate -o gryffindor-template.yaml --workspace \
-		--name gryffindor-codeserver \
-		--desc 'only for gryffindor' \
-		--userroles 'gryffindor' \
-		--required-useraddons gryffindor-serviceaccount \
-		--required-vars CODE-SERVER_STORAGE_GB:20,DOCKER_STORAGE:20
+	kustomize build kubernetes/ | cosmoctl tmpl gen ws -o cosmo-template.yaml --no-header \
+		--var CODE-SERVER_STORAGE_GB:20 --var DOCKER_STORAGE:20
+	kustomize build gryffindor | cosmoctl tmpl gen ws -o gryffindor-template.yaml --no-header \
+		--name gryffindor-codeserver --desc 'only for gryffindor' \
+		--userroles 'gryffindor' --required-useraddons gryffindor-serviceaccount \
+		--var CODE-SERVER_STORAGE_GB:20 --var DOCKER_STORAGE:20
 
 .PHONY: apply
 apply: template ## Apply template

hack/local-run-test/templates/dev-code-server/cosmo-template.yaml

@@ -1,4 +1,3 @@
-# Generated by cosmoctl - cosmo v1.0.0-rc5 cosmo-workspace 2023
 apiVersion: cosmo-workspace.github.io/v1alpha1
 kind: Template
 metadata:

hack/local-run-test/templates/dev-code-server/gryffindor-template.yaml

@@ -1,4 +1,3 @@
-# Generated by cosmoctl - cosmo v1.0.0-rc5 cosmo-workspace 2023
 apiVersion: cosmo-workspace.github.io/v1alpha1
 kind: Template
 metadata: