README
¶
go-qontract-reconcile
Contains integrations for app-interface for go-qontract-reconcile
Yaml configuration
timeout: Timeout in seconds for the run, defines maximum runtime. (default: 0)
usefeaturetoggle: Weither to check for feature toggles
dryrun: Run in dry run, do not apply resources (default: true)
runonce: Run integration only once (default: false)
sleepdurationsecs: Time to sleep between iterations (default: 600s)
graphql:
server: URL to the GraphQL API REQUIRED
token: Value of Authorization header
timeout: Timeout for qontract requests (default: 60s)
retries: Number of times to retry requests (default: 5)
vault:
server: Address to access Vault REQUIRED
authtype: Authentication type token, approle, or kubernetes REQUIRED
token: Token to access Vault, requires setting authtype to token
role_id: Role ID to use for authentication, requires setting authtype to approle
secret_id: Secret ID to use for authentication, requires setting authtype to approle
kube_auth_role: Name of role within specific kube auth config, requires setting authtype to kubernetes
kube_auth_mount: Name of specific kubernetes type auth mount, requires setting authtype to kubernetes
kube_sa_token_path: Absolute path to kubernetes service account token
timeout: Timeout for vault requests. (default: 60s)
user_validator:
concurrency: Number of coroutines to use to query Github (default: 10)
github:
timeout: Timeout in seconds for Github request (default: 60s)
git_partition_sync_producer:
glBaseURL: GitLab instance base url
glUsername: GitLab username associated with token
glToken: Token to access GitLab. Must have repository read permission
bucket: s3 bucket to reconcile against
publicKey: value of x25519 format public key. See https://github.com/FiloSottile/age
workdir: local dir where git clones and encryption will occur
unleash:
timeout: Timeout in seconds for Github request (default: 60s)
apiurl: Address to access Unleash REQUIRED
clientaccesstoken: Bearer token to use for authentication
Configuration can also be passed in as toml, i.e.:
[graphql]
server = "https://example/graphql"
token = "Basic Xmjdsfgiohj092w34gjf90erg="
[vault]
server = "https://vault.example.net"
role_id = "a"
secret_id = "b"
Environment variables
Instead of using a yaml file, all parameters can be set via environment variables:
- DRY_RUN
- RUN_ONCE
- RUNNER_TIMEOUT
- RUNNER_USE_FEATURE_TOGGLE
- SLEEP_DURATION_SECS
- GRAPHQL_SERVER
- GRAPHQL_TIMEOUT
- GRAPHQL_TOKEN
- GRAPHQL_RETRIES
- VAULT_SERVER
- VAULT_AUTHTYPE
- VAULT_TOKEN
- VAULT_ROLE_ID
- VAULT_SECRET_ID
- VAULT_KUBE_AUTH_ROLE
- VAULT_KUBE_AUTH_MOUNT
- VAULT_KUBE_SA_TOKEN_PATH
- VAULT_TIMEOUT
- USER_VALIDATOR_CONCURRENCY
- UNLEASH_TIMEOUT
- UNLEASH_API_URL
- UNLEASH_CLIENT_ACCESS_TOKEN
- GITHUB_API
- GITHUB_API_TIMEOUT
- GITLAB_BASE_URL
- GITLAB_USERNAME
- GITLAB_TOKEN
- PUBLIC_KEY
- AWS_REGION
- AWS_GIT_SYNC_BUCKET
- WORKDIR
New Integration
If you want to add a new generate you can use the code in internal/example as starting point. Copy this folder and give the module a valid go module name.
Any queries required must be added to the file generate.go. Afterwards, update the package parameter in genqlient.yaml
Once you updated the graphql files, run the code generator to generate the queries.
go generate ./...
This will generate the required code to query qontract-server.
New AWS calls
This code base uses an interface to abstract calls to the AWS SDK. pkg/awsclient.go. Benefit of this is, that it enables mocking responses from the AWS SDK. The downside is, that it requires adding used methods to the mentioned interface. After adding the required method, run go generate ./... to generate the corresponding mock code.
Authors
These tools have been written by the Red Hat App-SRE Team.
Documentation
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package cmd contains the main entrypoint for the go-qontract-reconcile binary.
|
Package cmd contains the main entrypoint for the go-qontract-reconcile binary. |
|
internal
|
|
|
accountnotifier
Package accountnotifier is used for Pgp Reencryption
|
Package accountnotifier is used for Pgp Reencryption |
|
example
Package example contains an example integration
|
Package example contains an example integration |
|
gitpartitionsync/producer
Package producer contains the producer integration for the git partition sync
|
Package producer contains the producer integration for the git partition sync |
|
keyvalidator
Package keyvalidator contains code used by the key-validator
|
Package keyvalidator contains code used by the key-validator |
|
uservalidator
Package uservalidator contains code used by the user-validator
|
Package uservalidator contains code used by the user-validator |
|
pkg
|
|
|
aws
Package aws provides a mockable client for interacting with AWS.
|
Package aws provides a mockable client for interacting with AWS. |
|
aws/mock
Package mock is a generated GoMock package.
|
Package mock is a generated GoMock package. |
|
github
Package github provides a client to interact with Github API
|
Package github provides a client to interact with Github API |
|
gql
Package gql adds a client to integration with Qontract-Server
|
Package gql adds a client to integration with Qontract-Server |
|
pgp
Package pgp provides functions to work with PGP keys.
|
Package pgp provides functions to work with PGP keys. |
|
reconcile
Package reconcile contains code to run Integrations and Validations
|
Package reconcile contains code to run Integrations and Validations |
|
state
Package state implements state capabilties for integrations
|
Package state implements state capabilties for integrations |
|
unleash
Package unleash contains a client for integrating with Unleash
|
Package unleash contains a client for integrating with Unleash |
|
util
Package util has code that does not fit anywhere else
|
Package util has code that does not fit anywhere else |
|
vault
Package vault adds a vault client implementation
|
Package vault adds a vault client implementation |
Click to show internal directories.
Click to hide internal directories.