From e10445b36e61f9e815cb0518cb49a563ac7d9016 Mon Sep 17 00:00:00 2001
From: "Aliaksandr Ramanovich (EPAM)" <aliaksandr_ramanovich1@epam.com>
Date: Fri, 8 Dec 2023 17:37:59 +0000
Subject: [PATCH] Gonrg 8944 - remove legal bootstrap
---
devops/gc/deploy/README.md | 8 +-
.../templates/bootstrap-deployment.yaml | 43 ------
.../deploy/templates/configmap-bootstrap.yaml | 13 --
devops/gc/deploy/values.yaml | 4 -
devops/gc/pipeline/override-stages.yml | 8 --
provider/legal-gc/bootstrap/Dockerfile | 18 ---
provider/legal-gc/bootstrap/bootstrap.sh | 122 ------------------
provider/legal-gc/bootstrap/validate-env.sh | 29 -----
8 files changed, 2 insertions(+), 243 deletions(-)
delete mode 100644 devops/gc/deploy/templates/bootstrap-deployment.yaml
delete mode 100644 devops/gc/deploy/templates/configmap-bootstrap.yaml
delete mode 100644 provider/legal-gc/bootstrap/Dockerfile
delete mode 100644 provider/legal-gc/bootstrap/bootstrap.sh
delete mode 100644 provider/legal-gc/bootstrap/validate-env.sh
diff --git a/devops/gc/deploy/README.md b/devops/gc/deploy/README.md
index 613e08824..79ee5287f 100644
--- a/devops/gc/deploy/README.md
+++ b/devops/gc/deploy/README.md
@@ -98,7 +98,6 @@ First you need to set variables in **values.yaml** file using any code editor. S
|------|-------------|------|---------|---------|
**global.domain** | your domain for the external endpoint, ex `example.com` | string | - | yes
**global.onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**global.dataBootstrapEnabled** | whether bootstrap is enabled | boolean | false | yes
**global.limitsEnabled** | whether CPU and memory limits are enabled | boolean | true | yes
### Configmap variables
@@ -121,8 +120,7 @@ First you need to set variables in **values.yaml** file using any code editor. S
**data.requestsMemory** | amount of requests memory| string | 550Mi | yes
**data.limitsCpu** | CPU limit | string | 1 | only if `global.limitsEnabled` is true
**data.limitsMemory** | memory limit | string | 1G | only if `global.limitsEnabled` is true
-**data.bootstrapImage** | name of the bootstrap image | string | - | yes
-**data.bootstrapServiceAccountName** | name of the bootstrap service account | string | - | yes
+**data.bootstrapServiceAccountName** | name of the service account used in cronjob | string | - | yes
**data.serviceAccountName** | name of your service account | string | legal | yes
**data.imagePullPolicy** | when to pull the image | string | IfNotPresent | yes
**data.image** | path to the image in a registry | string | - | yes
@@ -136,7 +134,7 @@ First you need to set variables in **values.yaml** file using any code editor. S
**conf.minioSecretName** | Secret name for minio service | string | legal-minio-secret | yes
**conf.postgresSecretName** | Secret name for postgres service | string | legal-postgres-secret | yes
**conf.rabbitmqSecretName** | Secret name for rabbitmq service | string | rabbitmq-secret | yes
-**conf.bootstrapSecretName** | Secret name for bootstrap | string | datafier-secret | yes
+**conf.bootstrapSecretName** | Secret name for cronjob | string | datafier-secret | yes
### Istio variables
@@ -146,8 +144,6 @@ First you need to set variables in **values.yaml** file using any code editor. S
**istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | `500m` | yes
**istio.proxyMemory** | memory request for Envoy sidecars | string | `100Mi` | yes
**istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | `512Mi` | yes
-**istio.bootstrapProxyCPU** | CPU request for Envoy sidecars | string | `10m` | yes
-**istio.bootstrapProxyCPULimit** | CPU limit for Envoy sidecars | string | `100m` | yes
### Install the helm chart
diff --git a/devops/gc/deploy/templates/bootstrap-deployment.yaml b/devops/gc/deploy/templates/bootstrap-deployment.yaml
deleted file mode 100644
index e7e095607..000000000
--- a/devops/gc/deploy/templates/bootstrap-deployment.yaml
+++ /dev/null
@@ -1,43 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
- name: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
- namespace: {{ .Release.Namespace | quote }}
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
- template:
- metadata:
- labels:
- app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
- annotations:
- rollme: {{ randAlphaNum 5 | quote }}
- sidecar.istio.io/proxyCPU: {{ .Values.istio.bootstrapProxyCPU | quote }}
- sidecar.istio.io/proxyMemory: {{ .Values.istio.proxyMemory | quote }}
- sidecar.istio.io/proxyCPULimit: {{ .Values.istio.bootstrapProxyCPULimit | quote }}
- sidecar.istio.io/proxyMemoryLimit: {{ .Values.istio.proxyMemoryLimit | quote }}
- spec:
- containers:
- - name: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
- image: {{ .Values.data.bootstrapImage | quote }}
- readinessProbe:
- exec:
- command:
- - cat
- - /tmp/bootstrap_ready
- imagePullPolicy: {{ .Values.data.imagePullPolicy | quote }}
- envFrom:
- - configMapRef:
- name: {{ printf "%s-bootstrap" .Values.conf.configmap | quote }}
- {{- if .Values.global.onPremEnabled }}
- - secretRef:
- name: {{ .Values.conf.bootstrapSecretName | quote }}
- {{- end }}
- securityContext:
- allowPrivilegeEscalation: false
- runAsNonRoot: true
- serviceAccountName: {{ .Values.data.bootstrapServiceAccountName | quote }}
diff --git a/devops/gc/deploy/templates/configmap-bootstrap.yaml b/devops/gc/deploy/templates/configmap-bootstrap.yaml
deleted file mode 100644
index 1cdfb3033..000000000
--- a/devops/gc/deploy/templates/configmap-bootstrap.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- app: {{ printf "%s-bootstrap" .Values.conf.appName | quote }}
- name: {{ printf "%s-bootstrap" .Values.conf.configmap | quote }}
- namespace: {{ .Release.Namespace | quote }}
-data:
- ENTITLEMENTS_HOST: {{ .Values.data.entitlementsHost | quote }}
- LEGAL_HOST: {{ .Values.data.legalHost | quote }}
- PARTITION_HOST: {{ .Values.data.partitionHost | quote }}
- DEFAULT_LEGAL_TAG: {{ .Values.data.defaultLegalTag | quote }}
- ONPREM_ENABLED: {{ .Values.global.onPremEnabled | quote }}
diff --git a/devops/gc/deploy/values.yaml b/devops/gc/deploy/values.yaml
index 0ab5e8bb1..eea63ba51 100644
--- a/devops/gc/deploy/values.yaml
+++ b/devops/gc/deploy/values.yaml
@@ -5,7 +5,6 @@
global:
domain: ""
onPremEnabled: false
- dataBootstrapEnabled: false
limitsEnabled: true
data:
@@ -22,7 +21,6 @@ data:
requestsMemory: "325Mi"
limitsCpu: "1"
limitsMemory: "1G"
- bootstrapImage: ""
legalStatusUpdateImage: ""
bootstrapServiceAccountName: ""
serviceAccountName: "legal"
@@ -43,5 +41,3 @@ istio:
proxyCPULimit: "500m"
proxyMemory: "50Mi"
proxyMemoryLimit: "512Mi"
- bootstrapProxyCPU: "5m"
- bootstrapProxyCPULimit: "100m"
diff --git a/devops/gc/pipeline/override-stages.yml b/devops/gc/pipeline/override-stages.yml
index 6048e5cf2..7304544d1 100644
--- a/devops/gc/pipeline/override-stages.yml
+++ b/devops/gc/pipeline/override-stages.yml
@@ -57,11 +57,3 @@ gc-containerize-cronjob-gcr:
variables:
IMAGE_NAME: "$GC_LEGALSTATUS_IMAGE_NAME"
BUILD_PATH: "devops/$GC_VENDOR/bootstrap_legalstatus_update/Dockerfile"
-
-gc-containerize-bootstrap-gitlab:
- variables:
- GC_ENABLE_BOOTSTRAP: "true"
-
-gc-containerize-bootstrap-gcr:
- variables:
- GC_ENABLE_BOOTSTRAP: "true"
diff --git a/provider/legal-gc/bootstrap/Dockerfile b/provider/legal-gc/bootstrap/Dockerfile
deleted file mode 100644
index 5352421e9..000000000
--- a/provider/legal-gc/bootstrap/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-FROM google/cloud-sdk:slim
-
-WORKDIR /opt
-
-RUN apt-get update && apt-get install -yq jq
-
-COPY ./provider/legal-gc/bootstrap/ /opt/
-
-RUN chmod +x bootstrap.sh validate-env.sh
-
-RUN groupadd -g 10001 -r nonroot \
- && useradd -d /opt -g 10001 -r -u 10001 nonroot
-
-RUN chown -R 10001:10001 /opt
-
-USER 10001:10001
-
-CMD ["/bin/bash", "-c", "./bootstrap.sh && sleep 365d"]
diff --git a/provider/legal-gc/bootstrap/bootstrap.sh b/provider/legal-gc/bootstrap/bootstrap.sh
deleted file mode 100644
index ef109e746..000000000
--- a/provider/legal-gc/bootstrap/bootstrap.sh
+++ /dev/null
@@ -1,122 +0,0 @@
-#!/usr/bin/env bash
-#
-# Script that bootstraps legal service
-# It creates default legal tag via request to Legal service
-# For now created legal tag name is hardcoded: ${DATA_PARTITION_ID}-initital-data-tag
-# Contains logic for both onprem and gc version
-
-set -ex
-
-source ./validate-env.sh "PARTITION_HOST"
-source ./validate-env.sh "LEGAL_HOST"
-source ./validate-env.sh "ENTITLEMENTS_HOST"
-source ./validate-env.sh "DEFAULT_LEGAL_TAG"
-
-get_token() {
- if [ "${ONPREM_ENABLED}" == "true" ]; then
- ID_TOKEN="$(curl --location --request POST "${OPENID_PROVIDER_URL}/protocol/openid-connect/token" \
- --header "Content-Type: application/x-www-form-urlencoded" \
- --data-urlencode "grant_type=client_credentials" \
- --data-urlencode "scope=openid" \
- --data-urlencode "client_id=${OPENID_PROVIDER_CLIENT_ID}" \
- --data-urlencode "client_secret=${OPENID_PROVIDER_CLIENT_SECRET}" | jq -r ".id_token")"
- else
- ID_TOKEN=$(gcloud auth print-identity-token)
- fi
- export ID_TOKEN
-}
-
-check_entitlements_readiness() {
-
- DATA_PARTITION_ID=$1
-
- status_code=$(curl --retry 1 --location --globoff --request GET \
- "${ENTITLEMENTS_HOST}/api/entitlements/v2/groups" \
- --write-out "%{http_code}" --silent --output "/dev/null" \
- --header 'Content-Type: application/json' \
- --header "data-partition-id: ${DATA_PARTITION_ID}" \
- --header "Authorization: Bearer ${ID_TOKEN}")
-
- if [ "$status_code" == 200 ]; then
- echo "$status_code: Entitlements provisioning completed successfully!"
- else
- echo "$status_code: Entitlements provisioning is in progress or failed!"
- exit 1
- fi
-}
-
-create_legaltag() {
-
- echo "Trying to create legal tag for initial data bootstrap"
-
- cat <<EOF >/opt/default_legal_tag.json
-{
- "name": "${DEFAULT_LEGAL_TAG}",
- "description": "A legal tag used for uploading initial sample data",
- "properties": {
- "countryOfOrigin":["US"],
- "contractId":"No Contract Related",
- "expirationDate":"2099-01-01",
- "dataType":"Public Domain Data",
- "originator":"OSDU",
- "securityClassification":"Public",
- "exportClassification":"EAR99",
- "personalData":"No Personal Data"
- }
-}
-EOF
-
- DATA_PARTITION_ID=$1
-
- # FIXME update after default tag logic is defined
- status_code=$(curl --location -g --request POST \
- --url "${LEGAL_HOST}/api/legal/v1/legaltags" \
- --write-out "%{http_code}" --silent --output "output.txt" \
- --header "Content-Type: application/json" \
- --header "Authorization: Bearer ${ID_TOKEN}" \
- --header "data-partition-id: ${DATA_PARTITION_ID}" \
- --data @/opt/default_legal_tag.json)
-
- if [ "$status_code" == 201 ]; then
- echo "$status_code: Legal tag created successfully!"
- elif [ "$status_code" == 409 ]; then
- cat /opt/output.txt
- else
- cat /opt/output.txt
- exit 1
- fi
- rm /opt/output.txt
-}
-
-# Get list of partitions
-status_code=$(curl --location --request GET \
- --url "${PARTITION_HOST}/api/partition/v1/partitions" \
- --write-out "%{http_code}" --silent --output "output.txt")
-
-if [ "$status_code" == 200 ]; then
- partitions=$(cat /opt/output.txt | xargs) # unquote
- partitions=${partitions:1:-1} # remove []
- IFS=',' read -ra PARTITIONS <<<"${partitions}," # append ',' for single partition case
-else
- echo "$status_code: Partition service is not available"
- cat /opt/output.txt
- exit 1
-fi
-
-if [ "${ONPREM_ENABLED}" == "true" ]; then
- source ./validate-env.sh "OPENID_PROVIDER_URL"
- source ./validate-env.sh "OPENID_PROVIDER_CLIENT_ID"
- source ./validate-env.sh "OPENID_PROVIDER_CLIENT_SECRET"
-fi
-
-# Bootstrapping legal tag for each partition
-for PARTITION in "${PARTITIONS[@]}"; do
- if [[ "${PARTITION}" == "system" ]]; then
- continue
- fi
- get_token
- check_entitlements_readiness ${PARTITION}
- create_legaltag ${PARTITION}
-done
-
-touch /tmp/bootstrap_ready
diff --git a/provider/legal-gc/bootstrap/validate-env.sh b/provider/legal-gc/bootstrap/validate-env.sh
deleted file mode 100644
index 43cb93332..000000000
--- a/provider/legal-gc/bootstrap/validate-env.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 2023 Google LLC
-# Copyright 2023 EPAM
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{ set +x ;} 2> /dev/null # disable output to prevent secret logging
-set -e
-
-ENV_VAR_NAME=$1
-
-if [ "${!ENV_VAR_NAME}" = "" ]
-then
- echo "Missing environment variable '$ENV_VAR_NAME'. Please provide all variables and try again"
- { set -x ;} 2> /dev/null # enable output back
- exit 1
-fi
-
-{ set -x ;} 2> /dev/null # enable output back
--
GitLab