hydra-maester/main.go

/*

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package main

import (
	"flag"
	"fmt"
	"os"
	"time"

	"github.com/ory/hydra-maester/hydra"

	apiv1 "k8s.io/api/core/v1"
	"k8s.io/apimachinery/pkg/runtime"
	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
	ctrl "sigs.k8s.io/controller-runtime"
	"sigs.k8s.io/controller-runtime/pkg/log/zap"

	hydrav1alpha1 "github.com/ory/hydra-maester/api/v1alpha1"
	"github.com/ory/hydra-maester/controllers"
	// +kubebuilder:scaffold:imports
)

var (
	scheme   = runtime.NewScheme()
	setupLog = ctrl.Log.WithName("setup")
)

func init() {

	apiv1.AddToScheme(scheme)
	hydrav1alpha1.AddToScheme(scheme)
	// +kubebuilder:scaffold:scheme
}

func main() {
	var (
		metricsAddr, hydraURL, endpoint, forwardedProto, syncPeriod, tlsTrustStore, namespace, leaderElectorNs string
		hydraPort                                                                                              int
		enableLeaderElection, insecureSkipVerify                                                               bool
	)

	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
	flag.StringVar(&hydraURL, "hydra-url", "", "The address of ORY Hydra")
	flag.IntVar(&hydraPort, "hydra-port", 4445, "Port ORY Hydra is listening on")
	flag.StringVar(&endpoint, "endpoint", "/clients", "ORY Hydra's client endpoint")
	flag.StringVar(&forwardedProto, "forwarded-proto", "", "If set, this adds the value as the X-Forwarded-Proto header in requests to the ORY Hydra admin server")
	flag.StringVar(&tlsTrustStore, "tls-trust-store", "", "trust store certificate path. If set ca will be set in http client to connect with hydra admin")
	flag.StringVar(&syncPeriod, "sync-period", "10h", "Determines the minimum frequency at which watched resources are reconciled")
	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")
	flag.BoolVar(&insecureSkipVerify, "insecure-skip-verify", false, "If set, http client will be configured to skip insecure verification to connect with hydra admin")
	flag.StringVar(&namespace, "namespace", "", "Namespace in which the controller should operate. Setting this will make the controller ignore other namespaces.")
	flag.StringVar(&leaderElectorNs, "leader-elector-namespace", "", "Leader elector namespace where controller should be set.")
	flag.Parse()

	ctrl.SetLogger(zap.New(zap.UseDevMode(true)))

	syncPeriodParsed, err := time.ParseDuration(syncPeriod)
	if err != nil {
		setupLog.Error(err, "unable to start manager")
		os.Exit(1)
	}

	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
		Scheme:                  scheme,
		MetricsBindAddress:      metricsAddr,
		LeaderElection:          enableLeaderElection,
		SyncPeriod:              &syncPeriodParsed,
		Namespace:               namespace,
		LeaderElectionNamespace: leaderElectorNs,
	})
	if err != nil {
		setupLog.Error(err, "unable to start manager")
		os.Exit(1)
	}

	if hydraURL == "" {
		setupLog.Error(fmt.Errorf("hydra URL can't be empty"), "unable to create controller", "controller", "OAuth2Client")
		os.Exit(1)
	}

	defaultSpec := hydrav1alpha1.OAuth2ClientSpec{
		HydraAdmin: hydrav1alpha1.HydraAdmin{
			URL:            hydraURL,
			Port:           hydraPort,
			Endpoint:       endpoint,
			ForwardedProto: forwardedProto,
		},
	}
	if tlsTrustStore != "" {
		if _, err := os.Stat(tlsTrustStore); err != nil {
			setupLog.Error(err, "cannot parse tls trust store")
			os.Exit(1)
		}
	}

	hydraClient, err := hydra.New(defaultSpec, tlsTrustStore, insecureSkipVerify)
	if err != nil {
		setupLog.Error(err, "making default hydra client", "controller", "OAuth2Client")
		os.Exit(1)

	}

	err = controllers.New(
		mgr.GetClient(),
		hydraClient,
		ctrl.Log.WithName("controllers").WithName("OAuth2Client"),
		controllers.WithNamespace(namespace),
	).SetupWithManager(mgr)
	if err != nil {
		setupLog.Error(err, "unable to create controller", "controller", "OAuth2Client")
		os.Exit(1)
	}
	// +kubebuilder:scaffold:builder

	setupLog.Info("starting manager")
	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
		setupLog.Error(err, "problem running manager")
		os.Exit(1)
	}
}
scaffold controller 2019-08-21 10:12:07 +02:00			`/*`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package main`

			`import (`
			`"flag"`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`"fmt"`
scaffold controller 2019-08-21 10:12:07 +02:00			`"os"`
feat: Reconcile missing and updated OAuth2 Clients (#46) 2020-02-11 17:05:41 +01:00			`"time"`
scaffold controller 2019-08-21 10:12:07 +02:00
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`"github.com/ory/hydra-maester/hydra"`

			`apiv1 "k8s.io/api/core/v1"`
scaffold controller 2019-08-21 10:12:07 +02:00			`"k8s.io/apimachinery/pkg/runtime"`
			`_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"`
			`ctrl "sigs.k8s.io/controller-runtime"`
			`"sigs.k8s.io/controller-runtime/pkg/log/zap"`
fix(controller): Ensure that OAuth2Client reconciliation creates hydra client for specs (#83) 2021-09-14 08:07:06 -04:00
			`hydrav1alpha1 "github.com/ory/hydra-maester/api/v1alpha1"`
			`"github.com/ory/hydra-maester/controllers"`
scaffold controller 2019-08-21 10:12:07 +02:00			`// +kubebuilder:scaffold:imports`
			`)`

			`var (`
			`scheme = runtime.NewScheme()`
			`setupLog = ctrl.Log.WithName("setup")`
			`)`

			`func init() {`

api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`apiv1.AddToScheme(scheme)`
scaffold controller 2019-08-21 10:12:07 +02:00			`hydrav1alpha1.AddToScheme(scheme)`
			`// +kubebuilder:scaffold:scheme`
			`}`

			`func main() {`
Support talking to multiple ORY Hydra deployments (#35) 2019-11-14 01:11:13 -07:00			`var (`
feat: single namespace (#65) Closes #64 Closes #63 2021-05-13 13:50:21 +02:00			`metricsAddr, hydraURL, endpoint, forwardedProto, syncPeriod, tlsTrustStore, namespace, leaderElectorNs string`
			`hydraPort int`
			`enableLeaderElection, insecureSkipVerify bool`
Support talking to multiple ORY Hydra deployments (#35) 2019-11-14 01:11:13 -07:00			`)`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00
scaffold controller 2019-08-21 10:12:07 +02:00			`flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")`
CI: enable integration tests 2019-08-29 11:23:45 +02:00			`flag.StringVar(&hydraURL, "hydra-url", "", "The address of ORY Hydra")`
samples + message fix 2019-08-30 08:59:09 +02:00			`flag.IntVar(&hydraPort, "hydra-port", 4445, "Port ORY Hydra is listening on")`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`flag.StringVar(&endpoint, "endpoint", "/clients", "ORY Hydra's client endpoint")`
Support talking to multiple ORY Hydra deployments (#35) 2019-11-14 01:11:13 -07:00			`flag.StringVar(&forwardedProto, "forwarded-proto", "", "If set, this adds the value as the X-Forwarded-Proto header in requests to the ORY Hydra admin server")`
feat: support to ory hydra running in secure mode (#62) 2021-05-10 11:18:39 +02:00			`flag.StringVar(&tlsTrustStore, "tls-trust-store", "", "trust store certificate path. If set ca will be set in http client to connect with hydra admin")`
feat: Reconcile missing and updated OAuth2 Clients (#46) 2020-02-11 17:05:41 +01:00			`flag.StringVar(&syncPeriod, "sync-period", "10h", "Determines the minimum frequency at which watched resources are reconciled")`
feat: support to ory hydra running in secure mode (#62) 2021-05-10 11:18:39 +02:00			`flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.")`
			`flag.BoolVar(&insecureSkipVerify, "insecure-skip-verify", false, "If set, http client will be configured to skip insecure verification to connect with hydra admin")`
feat: single namespace (#65) Closes #64 Closes #63 2021-05-13 13:50:21 +02:00			`flag.StringVar(&namespace, "namespace", "", "Namespace in which the controller should operate. Setting this will make the controller ignore other namespaces.")`
			`flag.StringVar(&leaderElectorNs, "leader-elector-namespace", "", "Leader elector namespace where controller should be set.")`
scaffold controller 2019-08-21 10:12:07 +02:00			`flag.Parse()`

build: update CRDs and k8s dependencies (#68) 2021-05-10 10:35:08 +02:00			`ctrl.SetLogger(zap.New(zap.UseDevMode(true)))`
scaffold controller 2019-08-21 10:12:07 +02:00
feat: Reconcile missing and updated OAuth2 Clients (#46) 2020-02-11 17:05:41 +01:00			`syncPeriodParsed, err := time.ParseDuration(syncPeriod)`
			`if err != nil {`
			`setupLog.Error(err, "unable to start manager")`
			`os.Exit(1)`
			`}`

scaffold controller 2019-08-21 10:12:07 +02:00			`mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{`
feat: single namespace (#65) Closes #64 Closes #63 2021-05-13 13:50:21 +02:00			`Scheme: scheme,`
			`MetricsBindAddress: metricsAddr,`
			`LeaderElection: enableLeaderElection,`
			`SyncPeriod: &syncPeriodParsed,`
			`Namespace: namespace,`
			`LeaderElectionNamespace: leaderElectorNs,`
scaffold controller 2019-08-21 10:12:07 +02:00			`})`
			`if err != nil {`
			`setupLog.Error(err, "unable to start manager")`
			`os.Exit(1)`
			`}`

CI: enable integration tests 2019-08-29 11:23:45 +02:00			`if hydraURL == "" {`
samples + message fix 2019-08-30 08:59:09 +02:00			`setupLog.Error(fmt.Errorf("hydra URL can't be empty"), "unable to create controller", "controller", "OAuth2Client")`
CI: enable integration tests 2019-08-29 11:23:45 +02:00			`os.Exit(1)`
			`}`

Support talking to multiple ORY Hydra deployments (#35) 2019-11-14 01:11:13 -07:00			`defaultSpec := hydrav1alpha1.OAuth2ClientSpec{`
			`HydraAdmin: hydrav1alpha1.HydraAdmin{`
			`URL: hydraURL,`
			`Port: hydraPort,`
			`Endpoint: endpoint,`
			`ForwardedProto: forwardedProto,`
			`},`
			`}`
feat: support to ory hydra running in secure mode (#62) 2021-05-10 11:18:39 +02:00			`if tlsTrustStore != "" {`
			`if _, err := os.Stat(tlsTrustStore); err != nil {`
			`setupLog.Error(err, "cannot parse tls trust store")`
			`os.Exit(1)`
			`}`
			`}`

fix(controller): Ensure that OAuth2Client reconciliation creates hydra client for specs (#83) 2021-09-14 08:07:06 -04:00			`hydraClient, err := hydra.New(defaultSpec, tlsTrustStore, insecureSkipVerify)`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`if err != nil {`
Support talking to multiple ORY Hydra deployments (#35) 2019-11-14 01:11:13 -07:00			`setupLog.Error(err, "making default hydra client", "controller", "OAuth2Client")`
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`os.Exit(1)`
Support talking to multiple ORY Hydra deployments (#35) 2019-11-14 01:11:13 -07:00
api + basic logic + hydra client crud + validation + happy path integration test 2019-08-21 12:10:25 +02:00			`}`

fix(controller): Ensure that OAuth2Client reconciliation creates hydra client for specs (#83) 2021-09-14 08:07:06 -04:00			`err = controllers.New(`
			`mgr.GetClient(),`
			`hydraClient,`
			`ctrl.Log.WithName("controllers").WithName("OAuth2Client"),`
			`controllers.WithNamespace(namespace),`
			`).SetupWithManager(mgr)`
scaffold controller 2019-08-21 10:12:07 +02:00			`if err != nil {`
			`setupLog.Error(err, "unable to create controller", "controller", "OAuth2Client")`
			`os.Exit(1)`
			`}`
			`// +kubebuilder:scaffold:builder`

			`setupLog.Info("starting manager")`
			`if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {`
			`setupLog.Error(err, "problem running manager")`
			`os.Exit(1)`
			`}`
			`}`