diff --git a/.secrets.baseline b/.secrets.baseline index 3c78abf1ed..cfe681dafb 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -462,70 +462,70 @@ "filename": "templates/service-template.yml", "hashed_secret": "13032f402fed753c2248419ea4f69f99931f6dbc", "is_verified": false, - "line_number": 574 + "line_number": 514 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "30025f80f6e22cdafb85db387d50f90ea884576a", "is_verified": false, - "line_number": 574 + "line_number": 514 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "355f24fd038bcaf85617abdcaa64af51ed19bbcf", "is_verified": false, - "line_number": 574 + "line_number": 514 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "3d8a1dcd2c3c765ce35c9a9552d23273cc4ddace", "is_verified": false, - "line_number": 574 + "line_number": 514 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "4ac7b0522761eba972467942cd5cd7499dd2c361", "is_verified": false, - "line_number": 574 + "line_number": 514 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "7639ab2a6bcf2ea30a055a99468c9cd844d4c22a", "is_verified": false, - "line_number": 574 + "line_number": 514 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "b56360daf4793d2a74991a972b34d95bc00fb2da", "is_verified": false, - "line_number": 574 + "line_number": 514 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "c9a73ef9ee8ce9f38437227801c70bcc6740d1a1", "is_verified": false, - "line_number": 574 + "line_number": 514 }, { "type": "Base64 High Entropy String", "filename": "templates/service-template.yml", "hashed_secret": "14736999d9940728c5294277831a702f7882dece", "is_verified": false, - "line_number": 611 + "line_number": 551 }, { "type": "Secret Keyword", "filename": "templates/service-template.yml", "hashed_secret": "4e199b4a1c40b497a95fcd1cd896351733849949", "is_verified": false, - "line_number": 698, + "line_number": 638, "is_secret": false }, { @@ -533,7 +533,7 @@ "filename": "templates/service-template.yml", "hashed_secret": "9d51dabe59aa776bef2909d3689374ebb93ab2be", "is_verified": false, - "line_number": 741 + "line_number": 681 } ], "test/support/certs.json": [ @@ -564,5 +564,5 @@ } ] }, - "generated_at": "2023-11-01T12:16:42Z" + "generated_at": "2023-11-06T14:09:00Z" } diff --git a/internal/dinosaur/pkg/api/dbapi/central_request_types.go b/internal/dinosaur/pkg/api/dbapi/central_request_types.go index 4f3eeaf48c..9c2813dfc2 100644 --- a/internal/dinosaur/pkg/api/dbapi/central_request_types.go +++ b/internal/dinosaur/pkg/api/dbapi/central_request_types.go @@ -88,9 +88,6 @@ type CentralRequest struct { // CentralList ... type CentralList []*CentralRequest -// CentralIndex ... -type CentralIndex map[string]*CentralRequest - // AuthConfig keeps all we need to set up IdP for a Central instance. type AuthConfig struct { // OIDC client ID. It is used for authenticating users in Central via connected IdP. @@ -106,15 +103,6 @@ type AuthConfig struct { ClientOrigin string `json:"client_origin"` } -// Index ... -func (l CentralList) Index() CentralIndex { - index := CentralIndex{} - for _, o := range l { - index[o.ID] = o - } - return index -} - // BeforeCreate ... func (k *CentralRequest) BeforeCreate(scope *gorm.DB) error { // To allow the id set on the CentralRequest object to be used. This is useful for testing purposes. diff --git a/internal/dinosaur/pkg/api/dbapi/central_spec.go b/internal/dinosaur/pkg/api/dbapi/central_spec.go deleted file mode 100644 index 13a261bcab..0000000000 --- a/internal/dinosaur/pkg/api/dbapi/central_spec.go +++ /dev/null @@ -1,61 +0,0 @@ -package dbapi - -import ( - corev1 "k8s.io/api/core/v1" - - "github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/defaults" -) - -// CentralSpec ... -type CentralSpec struct { - Resources corev1.ResourceRequirements `json:"resources,omitempty"` -} - -var ( - // DefaultCentralSpec ... - DefaultCentralSpec = CentralSpec{ - Resources: defaults.CentralResources, - } - // DefaultScannerSpec ... - DefaultScannerSpec = ScannerSpec{ - Analyzer: ScannerAnalyzerSpec{ - Resources: defaults.ScannerAnalyzerResources, - Scaling: DefaultScannerAnalyzerScaling, - }, - Db: ScannerDbSpec{ - Resources: defaults.ScannerDbResources, - }, - } - // DefaultScannerAnalyzerScaling ... - DefaultScannerAnalyzerScaling = ScannerAnalyzerScaling{ - AutoScaling: defaults.Scanner.Analyzer.AutoScaling, - Replicas: defaults.Scanner.Analyzer.Replicas, - MinReplicas: defaults.Scanner.Analyzer.MinReplicas, - MaxReplicas: defaults.Scanner.Analyzer.MaxReplicas, - } -) - -// ScannerAnalyzerScaling ... -type ScannerAnalyzerScaling struct { - AutoScaling string `json:"autoScaling,omitempty"` - Replicas int32 `json:"replicas,omitempty"` - MinReplicas int32 `json:"minReplicas,omitempty"` - MaxReplicas int32 `json:"maxReplicas,omitempty"` -} - -// ScannerAnalyzerSpec ... -type ScannerAnalyzerSpec struct { - Resources corev1.ResourceRequirements `json:"resources,omitempty"` - Scaling ScannerAnalyzerScaling `json:"scaling,omitempty"` -} - -// ScannerDbSpec ... -type ScannerDbSpec struct { - Resources corev1.ResourceRequirements `json:"resources,omitempty"` -} - -// ScannerSpec ... -type ScannerSpec struct { - Analyzer ScannerAnalyzerSpec `json:"analyzer,omitempty"` - Db ScannerDbSpec `json:"db,omitempty"` -} diff --git a/internal/dinosaur/pkg/defaults/default_central_spec.go b/internal/dinosaur/pkg/defaults/default_central_spec.go deleted file mode 100644 index 05a96351c5..0000000000 --- a/internal/dinosaur/pkg/defaults/default_central_spec.go +++ /dev/null @@ -1,46 +0,0 @@ -// Package defaults ... -package defaults - -import ( - "fmt" - - "github.com/caarlos0/env/v6" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -// CentralDefaults ... -type CentralDefaults struct { - MemoryRequest resource.Quantity `env:"MEMORY_REQUEST" envDefault:"250Mi"` - CPURequest resource.Quantity `env:"CPU_REQUEST" envDefault:"50m"` - MemoryLimit resource.Quantity `env:"MEMORY_LIMIT" envDefault:"8G"` - CPULimit resource.Quantity `env:"CPU_LIMIT" envDefault:"4"` -} - -var ( - // Central ... - Central CentralDefaults - // CentralResources ... - CentralResources corev1.ResourceRequirements -) - -func init() { - defaults := CentralDefaults{} - opts := env.Options{ - Prefix: "CENTRAL_", - } - if err := env.ParseWithFuncs(&defaults, CustomParsers, opts); err != nil { - panic(fmt.Sprintf("Unable to parse Central Defaults configuration from environment: %v", err)) - } - Central = defaults - CentralResources = corev1.ResourceRequirements{ - Requests: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceCPU: Central.CPURequest, - corev1.ResourceMemory: Central.MemoryRequest, - }, - Limits: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceCPU: Central.CPULimit, - corev1.ResourceMemory: Central.MemoryLimit, - }, - } -} diff --git a/internal/dinosaur/pkg/defaults/default_scanner_spec.go b/internal/dinosaur/pkg/defaults/default_scanner_spec.go deleted file mode 100644 index 48a83373e6..0000000000 --- a/internal/dinosaur/pkg/defaults/default_scanner_spec.go +++ /dev/null @@ -1,75 +0,0 @@ -package defaults - -import ( - "fmt" - - "github.com/caarlos0/env/v6" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -// AnalyzerDefaults ... -type AnalyzerDefaults struct { - MemoryRequest resource.Quantity `env:"MEMORY_REQUEST" envDefault:"100M"` - CPURequest resource.Quantity `env:"CPU_REQUEST" envDefault:"5m"` - MemoryLimit resource.Quantity `env:"MEMORY_LIMIT" envDefault:"2500M"` - CPULimit resource.Quantity `env:"CPU_LIMIT" envDefault:"2"` - AutoScaling string `env:"AUTOSCALING" envDefault:"Enabled"` - MinReplicas int32 `env:"MIN_REPLICAS" envDefault:"1"` - Replicas int32 `env:"REPLICAS" envDefault:"1"` - MaxReplicas int32 `env:"MAX_REPLICAS" envDefault:"3"` -} - -// DbDefaults ... -type DbDefaults struct { - MemoryRequest resource.Quantity `env:"MEMORY_REQUEST" envDefault:"500M"` - CPURequest resource.Quantity `env:"CPU_REQUEST" envDefault:"10m"` - MemoryLimit resource.Quantity `env:"MEMORY_LIMIT" envDefault:"2500M"` - CPULimit resource.Quantity `env:"CPU_LIMIT" envDefault:"2"` -} - -// ScannerDefaults ... -type ScannerDefaults struct { - Analyzer AnalyzerDefaults `envPrefix:"ANALYZER_"` - Db DbDefaults `envPrefix:"DB_"` -} - -var ( - // Scanner ... - Scanner ScannerDefaults - // ScannerAnalyzerResources ... - ScannerAnalyzerResources corev1.ResourceRequirements - // ScannerDbResources ... - ScannerDbResources corev1.ResourceRequirements -) - -func init() { - defaults := ScannerDefaults{} - opts := env.Options{ - Prefix: "SCANNER_", - } - if err := env.ParseWithFuncs(&defaults, CustomParsers, opts); err != nil { - panic(fmt.Sprintf("Unable to parse Central Defaults configuration from environment: %v", err)) - } - Scanner = defaults - ScannerAnalyzerResources = corev1.ResourceRequirements{ - Requests: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceCPU: Scanner.Analyzer.CPURequest, - corev1.ResourceMemory: Scanner.Analyzer.MemoryRequest, - }, - Limits: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceCPU: Scanner.Analyzer.CPULimit, - corev1.ResourceMemory: Scanner.Analyzer.MemoryLimit, - }, - } - ScannerDbResources = corev1.ResourceRequirements{ - Requests: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceCPU: Scanner.Db.CPURequest, - corev1.ResourceMemory: Scanner.Db.MemoryRequest, - }, - Limits: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceCPU: Scanner.Db.CPULimit, - corev1.ResourceMemory: Scanner.Db.MemoryLimit, - }, - } -} diff --git a/internal/dinosaur/pkg/defaults/parsers.go b/internal/dinosaur/pkg/defaults/parsers.go deleted file mode 100644 index 8181ccb478..0000000000 --- a/internal/dinosaur/pkg/defaults/parsers.go +++ /dev/null @@ -1,29 +0,0 @@ -package defaults - -import ( - "fmt" - "reflect" - - env "github.com/caarlos0/env/v6" - "k8s.io/apimachinery/pkg/api/resource" -) - -var ( - // QuantityType is a helper var that represents the `reflect.Type`` of `resource.Quantity` - QuantityType = reflect.TypeOf(resource.Quantity{}) - - // CustomParsers ... - CustomParsers = map[reflect.Type]env.ParserFunc{ - QuantityType: QuantityParser, - } -) - -// QuantityParser is a basic parser for the resource.Quantity type that should be used with `env.ParseWithFuncs()` -func QuantityParser(v string) (interface{}, error) { - qty, err := resource.ParseQuantity(v) - if err != nil { - return nil, fmt.Errorf("parsing quantity %q: %v", v, err) - } - - return qty, nil -} diff --git a/internal/dinosaur/pkg/defaults/pretty_printer.go b/internal/dinosaur/pkg/defaults/pretty_printer.go deleted file mode 100644 index 900f88f1eb..0000000000 --- a/internal/dinosaur/pkg/defaults/pretty_printer.go +++ /dev/null @@ -1,22 +0,0 @@ -package defaults - -import ( - "encoding/json" - "fmt" - "strings" -) - -// PrettyPrintDefaults returns a slice of human-readable lines (e.g. for logging) -// of the provided object marshalled as JSON. -func PrettyPrintDefaults(obj interface{}, label string) ([]string, error) { - bytes, err := json.MarshalIndent(obj, "", " ") - if err != nil { - return nil, fmt.Errorf("JSON marshalling of default resource settings for %s failed: %w", label, err) - } - - lines := append( - []string{fmt.Sprintf("%s:", label)}, - strings.Split(string(bytes), "\n")..., - ) - return lines, nil -} diff --git a/internal/dinosaur/pkg/handlers/admin_dinosaur.go b/internal/dinosaur/pkg/handlers/admin_dinosaur.go index 68b92cfe50..2ada0fadd4 100644 --- a/internal/dinosaur/pkg/handlers/admin_dinosaur.go +++ b/internal/dinosaur/pkg/handlers/admin_dinosaur.go @@ -3,7 +3,6 @@ package handlers import ( "encoding/json" - "fmt" "io" "net/http" @@ -18,7 +17,6 @@ import ( "github.com/stackrox/acs-fleet-manager/pkg/handlers" coreServices "github.com/stackrox/acs-fleet-manager/pkg/services" "github.com/stackrox/acs-fleet-manager/pkg/services/account" - corev1 "k8s.io/api/core/v1" ) // AdminCentralHandler is the interface for the admin central handler @@ -203,58 +201,6 @@ func (h adminCentralHandler) DbDelete(w http.ResponseWriter, r *http.Request) { handlers.HandleDelete(w, r, cfg, http.StatusOK) } -func validateResourcesList(rl *corev1.ResourceList) error { - if rl == nil { - return nil - } - for name := range *rl { - _, isSupported := validateResourceName(name) - if !isSupported { - return fmt.Errorf("resource type %q is not supported", name) - } - } - return nil -} - -func validateCoreV1Resources(to *corev1.ResourceRequirements) error { - newResources := to.DeepCopy() - - err := validateResourcesList(&newResources.Limits) - if err != nil { - return err - } - err = validateResourcesList(&newResources.Requests) - if err != nil { - return err - } - - *to = *newResources - return nil -} - -// validateCentralSpec validates the CentralSpec using the non-zero fields from the API's CentralSpec. -func validateCentralSpec(c *dbapi.CentralSpec) error { - err := validateCoreV1Resources(&c.Resources) - if err != nil { - return fmt.Errorf("updating resources within CentralSpec: %w", err) - } - return nil -} - -// validateScannerSpec validates the ScannerSpec using the non-zero fields from the API's ScannerSpec. -func validateScannerSpec(s *dbapi.ScannerSpec) error { - var err error - err = validateCoreV1Resources(&s.Analyzer.Resources) - if err != nil { - return fmt.Errorf("updating resources within ScannerSpec Analyzer: %w", err) - } - err = validateCoreV1Resources(&s.Db.Resources) - if err != nil { - return fmt.Errorf("updating resources within ScannerSpec DB: %w", err) - } - return nil -} - func (h adminCentralHandler) RotateSecrets(w http.ResponseWriter, r *http.Request) { cfg := &handlers.HandlerConfig{ Action: func() (i interface{}, serviceError *errors.ServiceError) { diff --git a/pkg/environments/environment.go b/pkg/environments/environment.go index 7c24a94691..0a6c9b5857 100644 --- a/pkg/environments/environment.go +++ b/pkg/environments/environment.go @@ -7,12 +7,10 @@ import ( "fmt" "os" - "github.com/goava/di" - "github.com/pkg/errors" - "github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/defaults" - sentryGo "github.com/getsentry/sentry-go" + "github.com/goava/di" "github.com/golang/glog" + "github.com/pkg/errors" "github.com/spf13/pflag" ) @@ -133,9 +131,6 @@ func (env *Env) CreateServices() error { if err != nil { return fmt.Errorf("modifying configuration: %w", err) } - glog.Info("Active defaults for new Central tenants:") - tryPrettyPrintDefaults(defaults.Central, "CentralDefaults") - tryPrettyPrintDefaults(defaults.Scanner, "ScannerDefaults") type injections struct { di.Inject @@ -278,15 +273,3 @@ func setConfigDefaults(flags *pflag.FlagSet, defaults map[string]string) error { } return nil } - -func tryPrettyPrintDefaults(obj interface{}, label string) { - prettyPrintedDefaults, err := defaults.PrettyPrintDefaults(obj, label) - if err != nil { - glog.Errorf("Failed to pretty-print %s: %v", label, err) - glog.Errorf("%s: %+v", label, obj) - } else { - for _, line := range prettyPrintedDefaults { - glog.Info(" " + line) - } - } -} diff --git a/templates/service-template.yml b/templates/service-template.yml index c54338248d..3e018ef40d 100644 --- a/templates/service-template.yml +++ b/templates/service-template.yml @@ -389,66 +389,6 @@ parameters: description: SupportedProviders configuration file, that it's passed to the fleet manager executable in the flag --providers-config-file value: /config/provider-configuration.yaml -- name: CENTRAL_CPU_REQUEST - displayName: Default Central CPU request - description: Default CPU request for central deployments for newly created tenants - value: "50m" - -- name: CENTRAL_MEMORY_REQUEST - displayName: Default Central memory request - description: Default memory request for central deployments for newly created tenants - value: "250Mi" - -- name: CENTRAL_CPU_LIMIT - displayName: Default Central CPU limit - description: Default CPU limit for central deployments for newly created tenants - value: "250m" - -- name: CENTRAL_MEMORY_LIMIT - displayName: Default Central memory limit - description: Default memory limit for central deployments for newly created tenants - value: "4G" - -- name: SCANNER_ANALYZER_CPU_REQUEST - displayName: Default Scanner CPU request - description: Default CPU request for scanner deployments for newly created tenants - value: "5m" - -- name: SCANNER_ANALYZER_MEMORY_REQUEST - displayName: Default Scanner memory request - description: Default memory request for scanner deployments for newly created tenants - value: "100M" - -- name: SCANNER_ANALYZER_CPU_LIMIT - displayName: Default Scanner CPU limit - description: Default CPU limit for scanner deployments for newly created tenants - value: "250m" - -- name: SCANNER_ANALYZER_MEMORY_LIMIT - displayName: Default Scanner memory limit - description: Default memory limit for scanner deployments for newly created tenants - value: "2500M" - -- name: SCANNER_DB_CPU_REQUEST - displayName: Default Scanner DB CPU request - description: Default CPU request for scanner-db deployments for newly created tenants - value: "10m" - -- name: SCANNER_DB_MEMORY_REQUEST - displayName: Default Scanner DB memory request - description: Default memory request for scanner-db deployments for newly created tenants - value: "500M" - -- name: SCANNER_DB_CPU_LIMIT - displayName: Default Scanner DB CPU limit - description: Default CPU limit for scanner-db deployments for newly created tenants - value: "250m" - -- name: SCANNER_DB_MEMORY_LIMIT - displayName: Default Scanner DB memory limit - description: Default memory limit for scanner-db deployments for newly created tenants - value: "2500M" - - name: CENTRAL_REQUEST_EXPIRATION_TIMEOUT displayName: Central request expiration timeout description: Maximum interval after which central request is canceled @@ -1177,33 +1117,6 @@ objects: env: - name: "OCM_ENV" value: "${ENVIRONMENT}" - - - name: CENTRAL_CPU_REQUEST - value: "${CENTRAL_CPU_REQUEST}" - - name: CENTRAL_MEMORY_REQUEST - value: "${CENTRAL_MEMORY_REQUEST}" - - name: CENTRAL_CPU_LIMIT - value: "${CENTRAL_CPU_LIMIT}" - - name: CENTRAL_MEMORY_LIMIT - value: "${CENTRAL_MEMORY_LIMIT}" - - - name: SCANNER_ANALYZER_CPU_REQUEST - value: "${SCANNER_ANALYZER_CPU_REQUEST}" - - name: SCANNER_ANALYZER_MEMORY_REQUEST - value: "${SCANNER_ANALYZER_MEMORY_REQUEST}" - - name: SCANNER_ANALYZER_CPU_LIMIT - value: "${SCANNER_ANALYZER_CPU_LIMIT}" - - name: SCANNER_ANALYZER_MEMORY_LIMIT - value: "${SCANNER_ANALYZER_MEMORY_LIMIT}" - - - name: SCANNER_DB_CPU_REQUEST - value: "${SCANNER_DB_CPU_REQUEST}" - - name: SCANNER_DB_MEMORY_REQUEST - value: "${SCANNER_DB_MEMORY_REQUEST}" - - name: SCANNER_DB_CPU_LIMIT - value: "${SCANNER_DB_CPU_LIMIT}" - - name: SCANNER_DB_MEMORY_LIMIT - value: "${SCANNER_DB_MEMORY_LIMIT}" - name: RHACS_GITOPS_ENABLED value: "${RHACS_GITOPS_ENABLED}" - name: RHACS_TARGETED_OPERATOR_UPGRADES