Esempio n. 1
0
def deploy_or_upgrade_concourse(
    config_name: CliHint(typehint=str, help="the cfg_set to use"),
    deployment_name: CliHint(
        typehint=str, help="namespace and deployment name") = 'concourse',
    timeout_seconds: CliHint(
        typehint=int, help="how long to wait for concourse startup") = 180,
    dry_run: bool = True,
):
    '''Deploys a new concourse-instance using the given deployment name and config-directory.'''
    which("helm")

    _display_info(
        dry_run=dry_run,
        operation="DEPLOYED",
        deployment_name=deployment_name,
    )

    if dry_run:
        return

    setup_concourse.deploy_concourse_landscape(
        config_name=config_name,
        deployment_name=deployment_name,
        timeout_seconds=timeout_seconds,
    )
Esempio n. 2
0
def component_descriptor(
    name: str,
    version: str,
    component_dependencies: CliHint(typehint=_parse_component_deps,
                                    action='append') = [],
    container_image_dependencies: CliHint(typehint=_parse_container_image_deps,
                                          action='append') = [],
    web_dependencies: CliHint(typehint=_parse_web_deps, action='append') = [],
    generic_dependencies: CliHint(typehint=_parse_generic_deps,
                                  action='append') = [],
):
    component = Component.create(name=name, version=version)
    component_deps = component.dependencies()

    for component_ref in component_dependencies:
        component_deps.add_component_dependency(component_ref)
    for image_dep in container_image_dependencies:
        component_deps.add_container_image_dependency(image_dep)
    for web_dep in web_dependencies:
        component_deps.add_web_dependency(web_dep)
    for generic_dep in generic_dependencies:
        component_deps.add_generic_dependency(generic_dep)

    product_dict = {'components': [component.raw]}
    print(yaml.dump(product_dict, indent=2))
Esempio n. 3
0
def send_mail(
    email_cfg_name: CliHint(
        help="reference to an email cfg (see repo cc-config / secrets-server)"
    ),
    recipients: CliHint(typehint=[str], help="Recipient email address"),
    mail_template_file: CliHints.existing_file(),
    subject: CliHint(help="email subject"),
    cc_recipients: CliHint(typehint=[str],
                           help="Carbon copy email address") = [],
    replace_token: CliHint(typehint=[str],
                           help="<key>=<value> (replace <key> in body)") = [],
):
    '''
    Sends an email using the specified email_cfg (retrieved from a cfg_factory) to the specified
    recipients. The mail body is read from a file. A simple token-replacement is done if
    (optional) replace-tokens are given.

    @param recipients: mail recipients (email addresses)
    @param mail_template_file: path to the mail template file. Must exist.
    @param subject: email subject
    @param cc_recipients: cc mail recipients
    @param replace_token: format: <token>=<replace-value> - tokens in mail-body are replaced
    '''
    not_empty(email_cfg_name)

    cfg_factory = ctx().cfg_factory()
    email_cfg = cfg_factory.email(email_cfg_name)

    with open(mail_template_file) as f:
        mail_template = f.read()

    # validate template-tokens
    invalid_tokens = filter(lambda t: not isinstance(t, str) or '=' not in t,
                            replace_token)
    if len(list(invalid_tokens)) > 0:
        fail('all replace-tokens must be of form <key>=<value>: ' +
             ' '.join(invalid_tokens))

    # parse replace-tokens
    replace_tokens = dict(map(lambda t: t.split('=', 1), replace_token))

    _send_mail(
        email_cfg=email_cfg,
        recipients=recipients,
        mail_template=mail_template,
        subject=subject,
        cc_recipients=cc_recipients,
        replace_tokens=replace_tokens,
    )
Esempio n. 4
0
def upload_product_images(
    protecode_cfg_name: str,
    product_cfg_file: CliHints.existing_file(),
    processing_mode: CliHint(
        choices=list(ProcessingMode),
        type=ProcessingMode,
    )=ProcessingMode.UPLOAD_IF_CHANGED,
    protecode_group_id: int=5,
    parallel_jobs: int=4,
    cve_threshold: int=7,
    ignore_if_triaged: bool=True,
    reference_group_ids: [int]=[],
):
    cfg_factory = ctx().cfg_factory()
    protecode_cfg = cfg_factory.protecode(protecode_cfg_name)

    product_descriptor = ComponentDescriptor.from_dict(
        raw_dict=parse_yaml_file(product_cfg_file)
    )

    upload_results, license_report = upload_images(
        protecode_cfg=protecode_cfg,
        product_descriptor=product_descriptor,
        protecode_group_id=protecode_group_id,
        parallel_jobs=parallel_jobs,
        cve_threshold=cve_threshold,
        ignore_if_triaged=ignore_if_triaged,
        processing_mode=processing_mode,
        reference_group_ids=reference_group_ids,
    )
Esempio n. 5
0
def set_teams(
    config_name: CliHint(typehint=str, help='the cfg_set name to use'),
):
    config_factory = ctx().cfg_factory()
    config_set = config_factory.cfg_set(cfg_name=config_name)
    config = config_set.concourse()

    setup_concourse.set_teams(config=config)
Esempio n. 6
0
def deploy_secrets_server(config_set_name: CliHint(typehint=str,
                                                   help=CONFIG_SET_HELP), ):
    cfg_factory = ctx().cfg_factory()
    config_set = cfg_factory.cfg_set(config_set_name)
    secrets_server_config = config_set.secrets_server()

    setup_secrets_server.deploy_secrets_server(
        secrets_server_config=secrets_server_config, )
Esempio n. 7
0
def deploy_or_upgrade_concourse(
    config_set_name: CliHint(typehint=str, help=CONFIG_SET_HELP),
    deployment_name: CliHint(
        typehint=str, help="namespace and deployment name") = 'concourse',
    timeout_seconds: CliHint(
        typehint=int, help="how long to wait for concourse startup") = 180,
):
    '''Deploys a new concourse-instance using the given deployment name and config-directory.'''
    which("helm")
    cfg_factory = ctx().cfg_factory()
    config_set = cfg_factory.cfg_set(config_set_name)

    setup_concourse.deploy_concourse_landscape(
        config_set=config_set,
        deployment_name=deployment_name,
        timeout_seconds=timeout_seconds,
    )
Esempio n. 8
0
def set_teams(
    config_name: CliHint(typehint=str, help='Which of the configurations contained in "--config-file" to use.'),
):
    config_factory = ctx().cfg_factory()
    config_set = config_factory.cfg_set(cfg_name=config_name)
    config = config_set.concourse()

    setup.set_teams(config=config)
Esempio n. 9
0
def deploy_or_upgrade_monitoring(
        config_set_name: CliHint(typehint=str, help=CONFIG_SET_HELP), ):
    cfg_factory = ctx().cfg_factory()
    cfg_set = cfg_factory.cfg_set(config_set_name)
    setup_monitoring.deploy_monitoring_landscape(
        cfg_set=cfg_set,
        cfg_factory=cfg_factory,
    )
Esempio n. 10
0
def destroy_concourse(config_set_name: CliHint(typehint=str,
                                               help=CONFIG_SET_HELP),
                      release_name: CliHint(
                          typehint=str,
                          help="namespace and deployment name") = 'concourse',
                      dry_run: bool = True):
    '''Destroys a concourse-instance using the given helm release name'''

    _display_info(
        dry_run=dry_run,
        operation="DESTROYED",
        deployment_name=release_name,
    )

    if dry_run:
        return

    setup_concourse.destroy_concourse_landscape(config_name=config_set_name,
                                                release_name=release_name)
Esempio n. 11
0
def deploy_pipeline(
        pipeline_file: CliHint('generated pipeline definition to deploy'),
        pipeline_name: CliHint('the name under which the pipeline shall be deployed'),
        team_name: CliHint('name of the target team'),
        config_dir: CliHints.existing_dir('directory containing Concourse configuration'),
        config_name: CliHint('identifier of the configuration in the config directory to use')
):
    cfg_factory = ConfigFactory.from_cfg_dir(cfg_dir=config_dir)
    concourse_cfg = cfg_factory.concourse(config_name)
    team_credentials = concourse_cfg.team_credentials(team_name)

    with open(pipeline_file) as f:
        pipeline_definition = f.read()

    pipelines.deploy_pipeline(
        pipeline_definition=pipeline_definition,
        pipeline_name=pipeline_name,
        concourse_cfg=concourse_cfg,
        team_credentials=team_credentials,
    )
Esempio n. 12
0
def add_dependencies(
    descriptor_src_file: CliHints.existing_file(),
    component_name: str,
    component_version: str,
    descriptor_out_file: str=None,
    component_dependencies: CliHint(typehint=_parse_component_deps, action='append')=[],
    container_image_dependencies: CliHint(typehint=_parse_container_image_deps, action='append')=[],
    web_dependencies: CliHint(typehint=_parse_web_deps, action='append')=[],
    generic_dependencies: CliHint(typehint=_parse_generic_deps, action='append')=[],
):
    product = ComponentDescriptor.from_dict(parse_yaml_file(descriptor_src_file))

    component = product.component(
        ComponentReference.create(name=component_name, version=component_version)
    )
    if not component:
        fail('component {c}:{v} was not found in {f}'.format(
            c=component_name,
            v=component_version,
            f=descriptor_src_file
        )
        )

    component_deps = component.dependencies()

    for component_ref in component_dependencies:
        component_deps.add_component_dependency(component_ref)
    for image_dep in container_image_dependencies:
        component_deps.add_container_image_dependency(image_dep)
    for web_dep in web_dependencies:
        component_deps.add_web_dependency(web_dep)
    for generic_dep in generic_dependencies:
        component_deps.add_generic_dependency(generic_dep)

    product_dict = json.loads(json.dumps({'components': [component.raw]}))
    if not descriptor_out_file:
        print(yaml.dump(product_dict, indent=2))
    else:
        with open(descriptor_out_file, 'w') as f:
            yaml.dump(product_dict, f, indent=2)
Esempio n. 13
0
def deploy_or_upgrade_concourse(
    config_name: CliHint(typehint=str, help="Which of the configurations contained in --config-dir to use."),
    deployment_name: CliHint(typehint=str, help="Name under which Concourse will be deployed. Will also be the identifier of the namespace into which it is deployed.")='concourse',
    timeout_seconds: CliHint(typehint=int, help="Maximum time (in seconds) to wait after deploying for the Concourse-webserver to become available.")=180,
    dry_run: bool=True,
):
    '''Deploys a new concourse-instance using the given deployment name and config-directory.'''
    which("helm")

    namespace = deployment_name
    _display_info(
        dry_run=dry_run,
        operation="DEPLOYED",
        deployment_name=deployment_name,
    )

    if dry_run:
        return

    setup.deploy_concourse_landscape(
        config_name=config_name,
        deployment_name=deployment_name,
        timeout_seconds=timeout_seconds,
    )
Esempio n. 14
0
def deploy_or_upgrade_clamav(config_set_name: CliHint(typehint=str,
                                                      help=CONFIG_SET_HELP), ):
    cfg_factory = ctx().cfg_factory()
    cfg_set = cfg_factory.cfg_set(config_set_name)
    concourse_cfg = cfg_set.concourse()
    kubernetes_cfg_name = concourse_cfg.kubernetes_cluster_config()
    clamav_cfg_name = concourse_cfg.clamav_config()
    if clamav_cfg_name is not None:
        setup_clamav.deploy_clam_av(
            clamav_cfg_name=clamav_cfg_name,
            kubernetes_cfg_name=kubernetes_cfg_name,
        )
    else:
        info(
            f"No ClamAV configured for the Concourse in config set '{config_set_name}'. Will "
            "not deploy ClamAV.")
Esempio n. 15
0
def start_worker_resurrector(
    config_name: CliHint(typehint=str, help='the config set name to use'),
    concourse_namespace='concourse',
):
    config_factory = ctx().cfg_factory()
    config_set = config_factory.cfg_set(cfg_name=config_name)
    kubernetes_cfg = config_set.kubernetes()
    kube_client = kube.ctx.Ctx()
    kube_client.set_kubecfg(kubernetes_cfg.kubeconfig())

    concourse_cfg = config_set.concourse()
    concourse_client = client.from_cfg(concourse_cfg=concourse_cfg, team_name='main')

    resurrect_pods(
        namespace=concourse_namespace,
        concourse_client=concourse_client,
        kubernetes_client=kube_client
    )
Esempio n. 16
0
def assign_github_team_to_repo(
    github_cfg_name: str,
    github_org_name: str,
    auth_token: CliHint(help="Token from an org admin user. Token must have 'admin:org' scope"),
    team_name: str='ci'
):
    '''
    Assign team 'team_name' to all repositories in organization 'github_org_name' and
    give the team admin rights on those repositories. The team will be created if it does not exist
    and the technical github user (from github_cfg_name) will be assigned to the team.
    The token of the technical github user must have the privilege to create webhooks
    (scope admin:repo_hook)
    'auth_token'  must grant 'admin:org' privileges.
    '''
    cfg_factory = ctx().cfg_factory()
    github_cfg = cfg_factory.github(github_cfg_name)
    github_username = github_cfg.credentials().username()

    # overwrite auth_token
    github_cfg.credentials().set_auth_token(auth_token=auth_token)

    github = _create_github_api_object(
        github_cfg=github_cfg,
    )

    _create_team(
        github=github,
        organization_name=github_org_name,
        team_name=team_name
    )

    _add_user_to_team(
        github=github,
        organization_name=github_org_name,
        team_name=team_name,
        user_name=github_username
    )

    _add_all_repos_to_team(
        github=github,
        organization_name=github_org_name,
        team_name=team_name
    )
Esempio n. 17
0
def deploy_or_upgrade_webhook_dispatcher(
    config_set_name: CliHint(typehint=str, help=CONFIG_SET_HELP),
    chart_dir: CliHints.existing_dir(
        help="directory of webhook dispatcher chart"),
    deployment_name: str = 'webhook-dispatcher',
):
    chart_dir = os.path.abspath(chart_dir)

    cfg_factory = ctx().cfg_factory()
    cfg_set = cfg_factory.cfg_set(config_set_name)

    webhook_dispatcher_deployment_cfg = cfg_set.webhook_dispatcher_deployment()

    setup_whd.deploy_webhook_dispatcher_landscape(
        cfg_set=cfg_set,
        webhook_dispatcher_deployment_cfg=webhook_dispatcher_deployment_cfg,
        chart_dir=chart_dir,
        deployment_name=deployment_name,
    )
Esempio n. 18
0
def update_certificate(
    tls_config_name: CliHint(typehint=str, help="TLS config element name to update"),
    certificate_file: CliHints.existing_file(help="certificate file path"),
    key_file: CliHints.existing_file(help="private key file path"),
    output_path: CliHints.existing_dir(help="TLS config file output path")
):
    # Stuff used for yaml formatting, when dumping a dictionary
    class LiteralStr(str):
        """Used to create yaml block style indicator | """

    def literal_str_representer(dumper, data):
        """Used to create yaml block style indicator"""
        return dumper.represent_scalar('tag:yaml.org,2002:str', data, style='|')

    # read new certificate data
    certificate_file = os.path.abspath(certificate_file)
    private_key_file = os.path.abspath(key_file)
    with open(certificate_file) as f:
        certificate = f.read()
    with open(private_key_file) as f:
        private_key = f.read()

    # set new certificate data to specified argument 'tls_config_name'
    cfg_factory = ctx().cfg_factory()
    tls_config_element = cfg_factory.tls_config(tls_config_name)
    tls_config_element.set_private_key(private_key)
    tls_config_element.set_certificate(certificate)

    # patch tls config dict so that yaml.dump outputs literal strings using '|'
    yaml.add_representer(LiteralStr, literal_str_representer)
    configs = cfg_factory._configs('tls_config')
    for k1, v1 in configs.items():
        for k2, _ in v1.items():
            configs[k1][k2] = LiteralStr(configs[k1][k2])

    # dump updated tls config to given output path
    tls_config_type = cfg_factory._cfg_types()['tls_config']
    tls_config_file = list(tls_config_type.sources())[0].file()
    with open(os.path.join(output_path, tls_config_file), 'w') as f:
        yaml.dump(configs, f, indent=2, default_flow_style=False)
Esempio n. 19
0
def deploy_or_upgrade_landscape(
    config_set_name: CliHint(typehint=str, help=CONFIG_SET_HELP),
    components: CliHint(
        type=LandscapeComponent,
        typehint=[LandscapeComponent],
        choices=[component for component in LandscapeComponent],
        help=
        "list of components to deploy. By default, ALL components will be deployed."
    ) = None,
    webhook_dispatcher_chart_dir: CliHint(
        typehint=str,
        help="directory of webhook dispatcher chart",
    ) = None,
    concourse_deployment_name: CliHint(
        typehint=str,
        help="namespace and deployment name for Concourse") = 'concourse',
    timeout_seconds: CliHint(
        typehint=int, help="how long to wait for concourse startup") = 180,
    webhook_dispatcher_deployment_name: str = 'webhook-dispatcher',
    dry_run: bool = True,
):
    '''Deploys the given components of the Concourse landscape.
    '''
    # handle default (all known components)
    if not components:
        components = [component for component in LandscapeComponent]
    # Validate
    if LandscapeComponent.WHD in components:
        if not webhook_dispatcher_chart_dir:
            raise ValueError(
                f"--webhook-dispatcher-chart-dir must be given if component "
                f"'{LandscapeComponent.WHD.value}' is to be deployed.")
        else:
            webhook_dispatcher_chart_dir = existing_dir(
                webhook_dispatcher_chart_dir)

    _display_info(
        dry_run=dry_run,
        operation="DEPLOYED",
        deployment_name=concourse_deployment_name,
        components=components,
    )

    if dry_run:
        return

    cfg_factory = ctx().cfg_factory()
    config_set = cfg_factory.cfg_set(config_set_name)
    concourse_cfg = config_set.concourse()

    # Set the global kubernetes cluster context to the cluster specified in the ConcourseConfig
    kubernetes_config_name = concourse_cfg.kubernetes_cluster_config()
    kubernetes_cfg = cfg_factory.kubernetes(kubernetes_config_name)
    kube_ctx.set_kubecfg(kubernetes_cfg.kubeconfig())
    ensure_cluster_version(kubernetes_cfg)

    if LandscapeComponent.SECRETS_SERVER in components:
        info('Deploying Secrets Server')
        deploy_secrets_server(config_set_name=config_set_name, )

    if LandscapeComponent.CONCOURSE in components:
        info('Deploying Concourse')
        deploy_or_upgrade_concourse(
            config_set_name=config_set_name,
            deployment_name=concourse_deployment_name,
            timeout_seconds=timeout_seconds,
        )

    if LandscapeComponent.WHD in components:
        info('Deploying Webhook Dispatcher')
        deploy_or_upgrade_webhook_dispatcher(
            config_set_name=config_set_name,
            chart_dir=webhook_dispatcher_chart_dir,
            deployment_name=webhook_dispatcher_deployment_name,
        )

    if LandscapeComponent.MONITORING in components:
        info('Deploying Monitoring stack')
        deploy_or_upgrade_monitoring(config_set_name=config_set_name, )

    if LandscapeComponent.CLAMAV in components:
        info('Deploying ClamAV')
        deploy_or_upgrade_clamav(config_set_name=config_set_name, )