Examples with Halconfig com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig used on opensource projects

Example 46 with Halconfig

use of com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig in project halyard by spinnaker.

the class SecurityController method setApacheSSl.

@RequestMapping(value = "/ui/ssl/", method = RequestMethod.PUT)
DaemonTask<Halconfig, Void> setApacheSSl(@PathVariable String deploymentName, @RequestParam(required = false, defaultValue = DefaultControllerValues.validate) boolean validate, @RequestParam(required = false, defaultValue = DefaultControllerValues.severity) Severity severity, @RequestBody Object rawApacheSsl) {
    ApacheSsl apacheSsl = objectMapper.convertValue(rawApacheSsl, ApacheSsl.class);
    UpdateRequestBuilder builder = new UpdateRequestBuilder();
    Path configPath = halconfigDirectoryStructure.getConfigPath(deploymentName);
    builder.setStage(() -> apacheSsl.stageLocalFiles(configPath));
    builder.setSeverity(severity);
    builder.setUpdate(() -> securityService.setApacheSsl(deploymentName, apacheSsl));
    builder.setValidate(ProblemSet::new);
    if (validate) {
        builder.setValidate(() -> securityService.validateApacheSsl(deploymentName));
    }
    builder.setRevert(() -> halconfigParser.undoChanges());
    builder.setSave(() -> halconfigParser.saveConfig());
    builder.setClean(() -> halconfigParser.cleanLocalFiles(configPath));
    return DaemonTaskHandler.submitTask(builder::build, "Edit UI SSL settings");
}

Example 47 with Halconfig

use of com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig in project halyard by spinnaker.

the class SecurityController method setApiSecurity.

@RequestMapping(value = "/api/", method = RequestMethod.PUT)
DaemonTask<Halconfig, Void> setApiSecurity(@PathVariable String deploymentName, @RequestParam(required = false, defaultValue = DefaultControllerValues.validate) boolean validate, @RequestParam(required = false, defaultValue = DefaultControllerValues.severity) Severity severity, @RequestBody Object rawApiSecurity) {
    ApiSecurity apiSecurity = objectMapper.convertValue(rawApiSecurity, ApiSecurity.class);
    UpdateRequestBuilder builder = new UpdateRequestBuilder();
    Path configPath = halconfigDirectoryStructure.getConfigPath(deploymentName);
    builder.setStage(() -> apiSecurity.stageLocalFiles(configPath));
    builder.setSeverity(severity);
    builder.setUpdate(() -> securityService.setApiSecurity(deploymentName, apiSecurity));
    builder.setValidate(ProblemSet::new);
    if (validate) {
        builder.setValidate(() -> securityService.validateApiSecurity(deploymentName));
    }
    builder.setRevert(() -> halconfigParser.undoChanges());
    builder.setSave(() -> halconfigParser.saveConfig());
    builder.setClean(() -> halconfigParser.cleanLocalFiles(configPath));
    return DaemonTaskHandler.submitTask(builder::build, "Edit API security settings");
}

Example 48 with Halconfig

use of com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig in project halyard by spinnaker.

the class KubernetesAccountValidator method validateKubeconfig.

private void validateKubeconfig(ConfigProblemSetBuilder psBuilder, KubernetesAccount account) {
    io.fabric8.kubernetes.api.model.Config kubeconfig;
    String context = account.getContext();
    String kubeconfigFile = account.getKubeconfigFile();
    String cluster = account.getCluster();
    String user = account.getUser();
    List<String> namespaces = account.getNamespaces();
    List<String> omitNamespaces = account.getOmitNamespaces();
    // This indicates if a first pass at the config looks OK. If we don't see any serious problems, we'll do one last check
    // against the requested kubernetes cluster to ensure that we can run spinnaker.
    boolean smoketest = true;
    boolean namespacesProvided = namespaces != null && !namespaces.isEmpty();
    boolean omitNamespacesProvided = omitNamespaces != null && !omitNamespaces.isEmpty();
    if (namespacesProvided && omitNamespacesProvided) {
        psBuilder.addProblem(ERROR, "At most one of \"namespaces\" and \"omitNamespaces\" can be supplied.");
        smoketest = false;
    }
    // TODO(lwander) find a good resource / list of resources for generating kubeconfig files to link to here.
    try {
        if (ValidatingFileReader.contents(psBuilder, kubeconfigFile) == null) {
            return;
        }
        File kubeconfigFileOpen = new File(kubeconfigFile);
        kubeconfig = KubeConfigUtils.parseConfig(kubeconfigFileOpen);
    } catch (IOException e) {
        psBuilder.addProblem(ERROR, e.getMessage());
        return;
    }
    System.out.println(context);
    if (context != null && !context.isEmpty()) {
        Optional<NamedContext> namedContext = kubeconfig.getContexts().stream().filter(c -> c.getName().equals(context)).findFirst();
        if (!namedContext.isPresent()) {
            psBuilder.addProblem(ERROR, "Context \"" + context + "\" not found in kubeconfig \"" + kubeconfigFile + "\".", "context").setRemediation("Either add this context to your kubeconfig, rely on the default context, or pick another kubeconfig file.");
            smoketest = false;
        }
    } else {
        String currentContext = kubeconfig.getCurrentContext();
        if (StringUtils.isEmpty(currentContext)) {
            psBuilder.addProblem(ERROR, "You have not specified a Kubernetes context, and your kubeconfig \"" + kubeconfigFile + "\" has no current-context.", "context").setRemediation("Either specify a context in your halconfig, or set a current-context in your kubeconfig.");
            smoketest = false;
        } else {
            psBuilder.addProblem(WARNING, "You have not specified a Kubernetes context in your halconfig, Spinnaker will use \"" + currentContext + "\" instead.", "context").setRemediation("We recommend explicitly setting a context in your halconfig, to ensure changes to your kubeconfig won't break your deployment.");
        }
    }
    if (smoketest) {
        Config config = KubernetesConfigParser.parse(kubeconfigFile, context, cluster, user, namespaces, false);
        try {
            KubernetesClient client = new DefaultKubernetesClient(config);
            client.namespaces().list();
        } catch (Exception e) {
            ConfigProblemBuilder pb = psBuilder.addProblem(ERROR, "Unable to communicate with your Kubernetes cluster: " + e.getMessage() + ".");
            if (e.getMessage().contains("Token may have expired")) {
                pb.setRemediation("If you downloaded these keys with gcloud, it's possible they are in the wrong format. To fix this, run \n\n" + "gcloud config set container/use_client_certificate true\n\ngcloud container clusters get-credentials $CLUSTERNAME");
            } else {
                pb.setRemediation("Unable to authenticate with your Kubernetes cluster. Try using kubectl to verify your credentials.");
            }
        }
    }
}

Example 49 with Halconfig

use of com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig in project halyard by spinnaker.

the class KubernetesAccountValidator method validate.

@Override
public void validate(ConfigProblemSetBuilder psBuilder, KubernetesAccount account) {
    DeploymentConfiguration deploymentConfiguration;
    // TODO(lwander) this is still a little messy - I should use the filters to get the necessary docker account
    Node parent = account.getParent();
    while (!(parent instanceof DeploymentConfiguration)) {
        // Note this will crash in the above check if the halconfig representation is corrupted
        // (that's ok, because it indicates a more serious error than we want to validate).
        parent = parent.getParent();
    }
    deploymentConfiguration = (DeploymentConfiguration) parent;
    validateKindConfig(psBuilder, account);
    // TODO(lwander) validate all config with clouddriver's v2 creds
    switch(account.getProviderVersion()) {
        case V1:
            final List<String> dockerRegistryNames = account.getDockerRegistries().stream().map(DockerRegistryReference::getAccountName).collect(Collectors.toList());
            validateDockerRegistries(psBuilder, deploymentConfiguration, dockerRegistryNames, Provider.ProviderType.KUBERNETES);
            validateKubeconfig(psBuilder, account);
        case V2:
            break;
        default:
            throw new IllegalStateException("Unknown provider version " + account.getProviderVersion());
    }
}

Example 50 with Halconfig

use of com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig in project halyard by spinnaker.

the class BackupService method create.

public String create() {
    String halconfigDir = directoryStructure.getHalconfigDirectory();
    halconfigParser.backupConfig();
    Halconfig halconfig = halconfigParser.getHalconfig();
    halconfig.backupLocalFiles(directoryStructure.getBackupConfigDependenciesPath().toString());
    halconfig.makeLocalFilesRelative(halconfigDir);
    halconfigParser.saveConfig();
    String tarOutputName = String.format("halbackup-%s.tar", new Date()).replace(" ", "_").replace(":", "-");
    String halconfigTar = Paths.get(System.getProperty("user.home"), tarOutputName).toString();
    try {
        tarHalconfig(halconfigDir, halconfigTar);
    } catch (IOException e) {
        throw new HalException(Problem.Severity.FATAL, "Unable to safely backup halconfig " + e.getMessage(), e);
    } finally {
        halconfigParser.switchToBackupConfig();
        halconfigParser.getHalconfig();
        halconfigParser.saveConfig();
        halconfigParser.switchToPrimaryConfig();
    }
    return halconfigTar;
}