feat: add JD01 YAML-first deployment support
This commit is contained in:
@@ -1051,10 +1051,15 @@ export function bootstrapAdminSecretScript(options: NodeSecretOptions, spec: Run
|
||||
`namespace=${shellQuote(spec.namespace)}`,
|
||||
`name=${shellQuote(spec.bootstrapAdminSecret)}`,
|
||||
`password_hash_key=${shellQuote(spec.bootstrapAdminPasswordHashKey)}`,
|
||||
`username=${shellQuote(spec.bootstrapAdminUsername)}`,
|
||||
`username=${shellQuote(material?.username ?? spec.bootstrapAdminUsername)}`,
|
||||
`display_name=${shellQuote(spec.bootstrapAdminDisplayName)}`,
|
||||
`username_source_ref=${shellQuote(material?.usernameSourceRef ?? "")}`,
|
||||
`username_source_key=${shellQuote(material?.usernameSourceKey ?? "")}`,
|
||||
`username_source_line=${shellQuote(material?.usernameSourceLine === null || material?.usernameSourceLine === undefined ? "" : String(material.usernameSourceLine))}`,
|
||||
`username_source_fingerprint=${shellQuote(material?.usernameFingerprint ?? "")}`,
|
||||
`source_ref=${shellQuote(spec.bootstrapAdminPasswordSourceRef ?? "")}`,
|
||||
`source_key=${shellQuote(spec.bootstrapAdminPasswordSourceKey ?? "")}`,
|
||||
`source_line=${shellQuote(material?.sourceLine === null || material?.sourceLine === undefined ? "" : String(material.sourceLine))}`,
|
||||
`source_path=${shellQuote(material?.sourcePath === null || material?.sourcePath === undefined ? "" : displayRepoPath(material.sourcePath))}`,
|
||||
`source_present=${shellQuote(material?.sourcePresent === true ? "yes" : "no")}`,
|
||||
`source_fingerprint=${shellQuote(material?.sourceFingerprint ?? "")}`,
|
||||
@@ -1075,8 +1080,13 @@ export function bootstrapAdminSecretScript(options: NodeSecretOptions, spec: Run
|
||||
"before_hash_b64=$(secret_b64_key \"$password_hash_key\")",
|
||||
"before_source_ref=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-source-ref)",
|
||||
"before_source_key=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-source-key)",
|
||||
"before_source_line=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-source-line)",
|
||||
"before_source_fingerprint=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-source-fingerprint)",
|
||||
"before_username=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username)",
|
||||
"before_username_source_ref=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username-source-ref)",
|
||||
"before_username_source_key=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username-source-key)",
|
||||
"before_username_source_line=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username-source-line)",
|
||||
"before_username_source_fingerprint=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username-source-fingerprint)",
|
||||
"before_hash_present=$([ -n \"$before_hash_b64\" ] && printf yes || printf no)",
|
||||
"before_hash_bytes=$(decoded_length \"$before_hash_b64\")",
|
||||
"action=observed",
|
||||
@@ -1087,7 +1097,8 @@ export function bootstrapAdminSecretScript(options: NodeSecretOptions, spec: Run
|
||||
"if [ \"$action_request\" = ensure ]; then",
|
||||
" needs_sync=false",
|
||||
" [ \"$before_exists\" = yes ] && [ \"$before_hash_bytes\" -gt 0 ] || needs_sync=true",
|
||||
" [ \"$before_source_ref\" = \"$source_ref\" ] && [ \"$before_source_key\" = \"$source_key\" ] && [ \"$before_source_fingerprint\" = \"$source_fingerprint\" ] && [ \"$before_username\" = \"$username\" ] || needs_sync=true",
|
||||
" [ \"$before_source_ref\" = \"$source_ref\" ] && [ \"$before_source_key\" = \"$source_key\" ] && [ \"$before_source_line\" = \"$source_line\" ] && [ \"$before_source_fingerprint\" = \"$source_fingerprint\" ] && [ \"$before_username\" = \"$username\" ] || needs_sync=true",
|
||||
" [ \"$before_username_source_ref\" = \"$username_source_ref\" ] && [ \"$before_username_source_key\" = \"$username_source_key\" ] && [ \"$before_username_source_line\" = \"$username_source_line\" ] && [ \"$before_username_source_fingerprint\" = \"$username_source_fingerprint\" ] || needs_sync=true",
|
||||
" [ \"$force_sync\" = true ] && needs_sync=true",
|
||||
" if [ \"$material_ok\" != true ]; then",
|
||||
" action=${source_error:-secret-source-invalid}",
|
||||
@@ -1109,8 +1120,13 @@ export function bootstrapAdminSecretScript(options: NodeSecretOptions, spec: Run
|
||||
" annotations:",
|
||||
" hwlab.pikastech.local/bootstrap-admin-username: \"$username\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-display-name: \"$display_name\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-username-source-ref: \"$username_source_ref\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-username-source-key: \"$username_source_key\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-username-source-line: \"$username_source_line\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-username-source-fingerprint: \"$username_source_fingerprint\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-source-ref: \"$source_ref\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-source-key: \"$source_key\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-source-line: \"$source_line\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-source-fingerprint: \"$source_fingerprint\"",
|
||||
" hwlab.pikastech.local/bootstrap-admin-password-transform: \"$transform\"",
|
||||
" labels:",
|
||||
@@ -1140,8 +1156,13 @@ export function bootstrapAdminSecretScript(options: NodeSecretOptions, spec: Run
|
||||
"after_hash_b64=$(secret_b64_key \"$password_hash_key\")",
|
||||
"after_source_ref=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-source-ref)",
|
||||
"after_source_key=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-source-key)",
|
||||
"after_source_line=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-source-line)",
|
||||
"after_source_fingerprint=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-source-fingerprint)",
|
||||
"after_username=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username)",
|
||||
"after_username_source_ref=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username-source-ref)",
|
||||
"after_username_source_key=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username-source-key)",
|
||||
"after_username_source_line=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username-source-line)",
|
||||
"after_username_source_fingerprint=$(secret_annotation hwlab.pikastech.local/bootstrap-admin-username-source-fingerprint)",
|
||||
"after_hash_present=$([ -n \"$after_hash_b64\" ] && printf yes || printf no)",
|
||||
"after_hash_bytes=$(decoded_length \"$after_hash_b64\")",
|
||||
"printf 'namespace\\t%s\\n' \"$namespace\"",
|
||||
@@ -1150,8 +1171,13 @@ export function bootstrapAdminSecretScript(options: NodeSecretOptions, spec: Run
|
||||
"printf 'preset\\t%s\\n' \"$preset\"",
|
||||
"printf 'username\\t%s\\n' \"$username\"",
|
||||
"printf 'displayName\\t%s\\n' \"$display_name\"",
|
||||
"printf 'usernameSourceRef\\t%s\\n' \"$username_source_ref\"",
|
||||
"printf 'usernameSourceKey\\t%s\\n' \"$username_source_key\"",
|
||||
"printf 'usernameSourceLine\\t%s\\n' \"$username_source_line\"",
|
||||
"printf 'usernameSourceFingerprint\\t%s\\n' \"$username_source_fingerprint\"",
|
||||
"printf 'sourceRef\\t%s\\n' \"$source_ref\"",
|
||||
"printf 'sourceKey\\t%s\\n' \"$source_key\"",
|
||||
"printf 'sourceLine\\t%s\\n' \"$source_line\"",
|
||||
"printf 'sourcePath\\t%s\\n' \"$source_path\"",
|
||||
"printf 'sourceExists\\t%s\\n' \"$source_present\"",
|
||||
"printf 'sourceFingerprint\\t%s\\n' \"$source_fingerprint\"",
|
||||
@@ -1165,15 +1191,25 @@ export function bootstrapAdminSecretScript(options: NodeSecretOptions, spec: Run
|
||||
"printf 'beforePasswordHashBytes\\t%s\\n' \"$before_hash_bytes\"",
|
||||
"printf 'beforeSourceRef\\t%s\\n' \"$before_source_ref\"",
|
||||
"printf 'beforeSourceKey\\t%s\\n' \"$before_source_key\"",
|
||||
"printf 'beforeSourceLine\\t%s\\n' \"$before_source_line\"",
|
||||
"printf 'beforeSourceFingerprint\\t%s\\n' \"$before_source_fingerprint\"",
|
||||
"printf 'beforeUsername\\t%s\\n' \"$before_username\"",
|
||||
"printf 'beforeUsernameSourceRef\\t%s\\n' \"$before_username_source_ref\"",
|
||||
"printf 'beforeUsernameSourceKey\\t%s\\n' \"$before_username_source_key\"",
|
||||
"printf 'beforeUsernameSourceLine\\t%s\\n' \"$before_username_source_line\"",
|
||||
"printf 'beforeUsernameSourceFingerprint\\t%s\\n' \"$before_username_source_fingerprint\"",
|
||||
"printf 'afterExists\\t%s\\n' \"$after_exists\"",
|
||||
"printf 'afterPasswordHashPresent\\t%s\\n' \"$after_hash_present\"",
|
||||
"printf 'afterPasswordHashBytes\\t%s\\n' \"$after_hash_bytes\"",
|
||||
"printf 'afterSourceRef\\t%s\\n' \"$after_source_ref\"",
|
||||
"printf 'afterSourceKey\\t%s\\n' \"$after_source_key\"",
|
||||
"printf 'afterSourceLine\\t%s\\n' \"$after_source_line\"",
|
||||
"printf 'afterSourceFingerprint\\t%s\\n' \"$after_source_fingerprint\"",
|
||||
"printf 'afterUsername\\t%s\\n' \"$after_username\"",
|
||||
"printf 'afterUsernameSourceRef\\t%s\\n' \"$after_username_source_ref\"",
|
||||
"printf 'afterUsernameSourceKey\\t%s\\n' \"$after_username_source_key\"",
|
||||
"printf 'afterUsernameSourceLine\\t%s\\n' \"$after_username_source_line\"",
|
||||
"printf 'afterUsernameSourceFingerprint\\t%s\\n' \"$after_username_source_fingerprint\"",
|
||||
"printf 'cloudApiDeployment\\t%s\\n' \"$cloud_api_deployment\"",
|
||||
"printf 'applyExitCode\\t%s\\n' \"$apply_exit\"",
|
||||
"printf 'rolloutRestartExitCode\\t%s\\n' \"$rollout_restart_exit\"",
|
||||
@@ -1759,8 +1795,13 @@ export function secretStatusFromText(text: string, commandOk: boolean, exitCode:
|
||||
fields.sourceFingerprint.length > 0 &&
|
||||
fields.afterSourceRef === fields.sourceRef &&
|
||||
fields.afterSourceKey === fields.sourceKey &&
|
||||
(fields.afterSourceLine || "") === (fields.sourceLine || "") &&
|
||||
fields.afterSourceFingerprint === fields.sourceFingerprint &&
|
||||
fields.afterUsername === fields.username
|
||||
fields.afterUsername === fields.username &&
|
||||
(fields.afterUsernameSourceRef || "") === (fields.usernameSourceRef || "") &&
|
||||
(fields.afterUsernameSourceKey || "") === (fields.usernameSourceKey || "") &&
|
||||
(fields.afterUsernameSourceLine || "") === (fields.usernameSourceLine || "") &&
|
||||
(fields.afterUsernameSourceFingerprint || "") === (fields.usernameSourceFingerprint || "")
|
||||
);
|
||||
const healthy = targetHashReady && yamlSourceReady;
|
||||
return {
|
||||
@@ -1777,6 +1818,7 @@ export function secretStatusFromText(text: string, commandOk: boolean, exitCode:
|
||||
? {
|
||||
sourceRef: fields.sourceRef,
|
||||
sourceKey: fields.sourceKey || null,
|
||||
sourceLine: numericField(fields.sourceLine),
|
||||
sourcePath: fields.sourcePath || null,
|
||||
exists: fields.sourceExists === "yes",
|
||||
fingerprint: fields.sourceFingerprint || null,
|
||||
@@ -1799,8 +1841,13 @@ export function secretStatusFromText(text: string, commandOk: boolean, exitCode:
|
||||
...(yamlSourceMode ? {
|
||||
sourceRef: fields.beforeSourceRef || null,
|
||||
sourceKey: fields.beforeSourceKey || null,
|
||||
sourceLine: numericField(fields.beforeSourceLine),
|
||||
sourceFingerprint: fields.beforeSourceFingerprint || null,
|
||||
username: fields.beforeUsername || null,
|
||||
usernameSourceRef: fields.beforeUsernameSourceRef || null,
|
||||
usernameSourceKey: fields.beforeUsernameSourceKey || null,
|
||||
usernameSourceLine: numericField(fields.beforeUsernameSourceLine),
|
||||
usernameSourceFingerprint: fields.beforeUsernameSourceFingerprint || null,
|
||||
} : {}),
|
||||
},
|
||||
after: {
|
||||
@@ -1809,8 +1856,13 @@ export function secretStatusFromText(text: string, commandOk: boolean, exitCode:
|
||||
...(yamlSourceMode ? {
|
||||
sourceRef: fields.afterSourceRef || null,
|
||||
sourceKey: fields.afterSourceKey || null,
|
||||
sourceLine: numericField(fields.afterSourceLine),
|
||||
sourceFingerprint: fields.afterSourceFingerprint || null,
|
||||
username: fields.afterUsername || null,
|
||||
usernameSourceRef: fields.afterUsernameSourceRef || null,
|
||||
usernameSourceKey: fields.afterUsernameSourceKey || null,
|
||||
usernameSourceLine: numericField(fields.afterUsernameSourceLine),
|
||||
usernameSourceFingerprint: fields.afterUsernameSourceFingerprint || null,
|
||||
} : {}),
|
||||
},
|
||||
cloudApiDeployment: fields.cloudApiDeployment || spec.cloudApiDeployment,
|
||||
|
||||
Reference in New Issue
Block a user