OKDP · idirze · May 28, 2025 · Apr 22, 2025 · Apr 22, 2025 · Apr 23, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -72,7 +72,7 @@ jobs:
     name: run tests
     uses: okdp/gh-workflows/.github/workflows/makefile-run-template.yml@v1
     with:
-      go_version: "1.23"
+      go_version: "1.24"
       command: "make test"
 
   docker_test:

diff --git a/.gitignore b/.gitignore
@@ -17,3 +17,4 @@ tmp/
 .go-cache/
 .bin/
 package-lock.json
+*.tgz
diff --git a/.local/application-local.yaml b/.local/application-local.yaml
@@ -82,25 +82,75 @@ swagger:
   security:
     - oauth2: [openid, email, profile, roles]
 
-kad:
-  - id: sandbox
-    name: Sandbox de idir
-    apiUrl: https://host.docker.internal:6553
-    authBearer: 4Ys3brdqnD5LVjf6hLcQsSQbHWLh5asJ
-    insecureSkipVerify: true
-  - id: sandbox2
-    name: Sandbox2 de idir
-    apiUrl: https://host.docker.internal:6553
-    authBearer: 4Ys3brdqnD5LVjf6hLcQsSQbHWLh5asJ
-    insecureSkipVerify: true
-  - id: sandbox3
-    name: Sandbox3 de idir
-    apiUrl: https://host.docker.internal:6553
-    authBearer: 4Ys3brdqnD5LVjf6hLcQsSQbHWLh5asJ
-    insecureSkipVerify: true
-  - id: sandbox4
-    name: Sandbox4 de idir
-    apiUrl: https://host.docker.internal:6553
-    authBearer: 4Ys3brdqnD5LVjf6hLcQsSQbHWLh5asJ
-    insecureSkipVerify: true
+
+# packages:
+#   - repo: quay.io/kubocd/packages
+#     name: redis
+#     versions: [""]
+#   - repo: quay.io/kubocd/packages
+#     name: minio
+#     versions: [""]
+#   - repo: quay.io/kubocd/packages
+#     name: cnpg
+#     versions: [""]
+
+catalog:
+  - id: storage
+    name: Storage catalog
+    description: My Storage packages
+    repoUrl: quay.io/kubocd/packages
+    ### public registry, no credentials needed
+    #credentials:
+    #  robotAccountName: $(OCI_USERNAME)
+    #  robotAccountToken: $(OCI_PASSWORD)
+    #  dockerconfigjson: $(DOCKER_CONFIG_JSON)
+    packages:
+      - name: redis
+      - name: minio
+      - name: cnpg
+
+  - id: auth
+    name: Auth catalog
+    description: My Auth packages
+    repoUrl: quay.io/kubocd/packages
+    packages:
+      - name: openldap
+
+  - id: infra
+    name: Infra catalog
+    description: My Infra packages
+    repoUrl: quay.io/kubocd/packages
+    packages:
+      - name: cert-manager
+      - name: ingress-nginx
+      - name: metallb
+
+  - id: stack
+    name: Stack catalog
+    description: My Stack packages
+    repoUrl: quay.io/kubocd/packages
+    packages:
+      - name: podinfo
+
+clusters:
+  - id: kubo2
+    name: My k8s cluster 1
+    env: dev
+    auth:
+      # inCluster: true
+      kubeconfig:
+        apiServer: https://host.docker.internal:56660
+        path: /tmp/.kube/config
+        # When not provided, use current context
+        # context: kind-kind-okdp-sandbox
+        insecureSkipTlsVerify: true
+      # certificate:
+      #   apiServer: https://k8s-api-server-url:6443
+      #   clientKey: /path/to/client-key.pem
+      #   clientCert: /path/to/client-cert.pem
+      #   caCert: /path/to/ca-cert.pem
+      # bearer:
+      #   apiServer: https://k8s-api-server-url:6443
+      #   bearerToken: $(BEARER_TOKEN)
+
 
diff --git a/.local/authz-policy.csv b/.local/authz-policy.csv
@@ -1,14 +1,10 @@
 p, role:viewers, /api/v1/users/myprofile, *
-p, role:viewers, /api/v1/kad, *
-p, role:viewers, /api/v1/kad/*/services, *
-p, role:viewers, /api/v1/kad/*/catalog, *
-p, role:viewers, /api/v1/kad/*/catalog/*, *
-p, role:viewers, /api/v1/kad/*/componentreleases, *
-p, role:viewers, /api/v1/kad/*/componentreleases/*, *
-p, role:viewers, /api/v1/kad/*/templatereleases, *
-p, role:viewers, /api/v1/kad/*/templatereleases/*, *
-p, role:viewers, /api/v1/kad/*/components, *
-p, role:viewers, /api/v1/kad/*/components/*, *
+p, role:viewers, /api/v1/catalogs, *
+p, role:viewers, /api/v1/catalogs/*, *
+
+p, role:viewers, /api/v1/clusters, *
+p, role:viewers, /api/v1/clusters/*/gitrepos, *
+p, role:viewers, /api/v1/clusters/*/gitrepos/*, *
 
 g, role:admins, role:developers
 g, role:developers, role:viewers

diff --git a/.local/keycloak.sh b/.local/keycloak.sh
@@ -1,5 +1,28 @@
 #!/bin/bash
 
+CONFIDENTIAL_CLIENT='confidential-oidc-client'
+PUBLIC_CLIENT='public-oidc-client'
+WEB_ORIGINS='["*"]'
+REDIRECT_URIS='[
+  "http://localhost:8090/oauth2/callback",
+  "http://localhost:8092/oauth2-redirect.html",
+  "http://localhost:4200/index.html",
+  "http://localhost:4200/silent-refresh.html",
+  "http://localhost:4200/home",
+  "http://okdp-ui.okdp.sandbox/index.html",
+  "https://okdp-ui.okdp.sandbox/index.html",
+  "http://okdp-server.okdp.sandbox/swagger/oauth2-redirect.html",
+  "https://okdp-server.okdp.sandbox/swagger/oauth2-redirect.html"
+]'
+
+get_client_id() {
+  local client_name=$1
+  /opt/keycloak/bin/kcadm.sh get clients -r master --fields id,clientId \
+    | grep -B1 "\"clientId\" : \"${client_name}\"" \
+    | grep '"id"' \
+    | sed -E 's/.*"id" : "([^"]+)".*/\1/'
+}
+
 echo "Creating users, roles and clients ..."
 
 # Connect to kecloak
@@ -35,16 +58,26 @@ echo "Creating users, roles and clients ..."
 /opt/keycloak/bin/kcadm.sh add-roles -r master --uusername adm1 --rolename admins
 
 # Create OAuth2 clients
-/opt/keycloak/bin/kcadm.sh create clients -r master -s clientId=public-oidc-client -s name=public-oidc-client -s publicClient=true \
-                            -s 'redirectUris=["http://localhost:8090/oauth2/callback", "http://localhost:8092/oauth2-redirect.html", "http://localhost:4200/index.html", "http://localhost:4200/silent-refresh.html", "http://localhost:4200/home"]' \
-                            -s 'webOrigins=["http://localhost:8090", "http://localhost:8092", "http://localhost:4200"]'
-/opt/keycloak/bin/kcadm.sh create clients -r master -s clientId=confidential-oidc-client -s name=confidential-oidc-client  -s 'secret=secret1' \
-                            -s 'redirectUris=["http://localhost:8090/oauth2/callback", "http://localhost:8092/oauth2-redirect.html", "http://localhost:4200/index.html", "http://localhost:4200/silent-refresh.html", "http://localhost:4200/home"]'  \
-                            -s 'webOrigins=["http://localhost:8090", "http://localhost:8092", "http://localhost:4200"]'
+/opt/keycloak/bin/kcadm.sh create clients -r master -s clientId=$PUBLIC_CLIENT -s name=$PUBLIC_CLIENT -s publicClient=true \
+                           -s "redirectUris=${REDIRECT_URIS}" \
+                           -s "webOrigins=${WEB_ORIGINS}"
+/opt/keycloak/bin/kcadm.sh create clients -r master -s clientId=$CONFIDENTIAL_CLIENT -s name=$CONFIDENTIAL_CLIENT  -s 'secret=secret1' \
+                           -s "redirectUris=${REDIRECT_URIS}" \
+                           -s "webOrigins=${WEB_ORIGINS}"
+
+CONF_CLIENT_ID=$(get_client_id "$CONFIDENTIAL_CLIENT")
+/opt/keycloak/bin/kcadm.sh update clients/$CONF_CLIENT_ID -r master \
+  -s "redirectUris=${REDIRECT_URIS}" \
+  -s "webOrigins=${WEB_ORIGINS}"
+
+PUB_CLIENT_ID=$(get_client_id "$PUBLIC_CLIENT")
+/opt/keycloak/bin/kcadm.sh update clients/$PUB_CLIENT_ID -r master \
+  -s "redirectUris=${REDIRECT_URIS}" \
+  -s "webOrigins=${WEB_ORIGINS}"
 
 # Update access token lifetime
-echo "Update access token lifetime to 1H"
-/opt/keycloak/bin/kcadm.sh update realms/master -s accessTokenLifespan=3600
+echo "Update access token lifetime to 8H"
+/opt/keycloak/bin/kcadm.sh update realms/master -s accessTokenLifespan=28800
 echo "Users, roles and clients created successfuly"
 exit 0
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-ARG GO_VERSION=1.23
+ARG GO_VERSION=1.24
 
 FROM golang:${GO_VERSION} AS go-build
 
@@ -24,7 +24,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     LDFLAGS=${LDFLAGS##-X localbuild=true} GIT_COMMIT=$GIT_COMMIT \
     CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -a -o okdp-server main.go
 
-FROM alpine:3.20.3
+FROM alpine:3.21.3
 
 RUN apk --no-cache add ca-certificates && update-ca-certificates
 

diff --git a/Makefile b/Makefile
@@ -17,13 +17,13 @@ test: compile gotest
 build: test gobuild
 run: test gorun
 rundev: generate gocompile gotest gobuild gorun
-update: build goupdate
+update: build goupdate build
 
 .PHONY: tools
 tools:
 	go install github.com/oapi-codegen/oapi-codegen/v2/cmd/oapi-codegen@v2.4.1
 	go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.62.2
-	go install golang.org/x/tools/cmd/goimports@v0.28.0
+	go install golang.org/x/tools/cmd/goimports@v0.33.0
 
 .PHONY: gogenerate
 gogenerate:
@@ -81,6 +81,6 @@ gorun:
 
 .PHONY: goupdate
 goupdate:
-	go get -u all
+	go get -u ./...
 	go mod tidy
 
diff --git a/README.md b/README.md
@@ -16,14 +16,9 @@ Manually add the following entry in /etc/hosts
 127.0.0.1       keycloak
 ```
 
-Forward kad webserver to localhost:
-
-```shell
-kubectl port-forward svc/kad-webserver 6553:6553
-```
-
 ### Start
 
+Start docker compose using your robot account token to access private registries:
 ```shell
 docker-compose rm -f
 docker-compose up --build
@@ -39,74 +34,22 @@ adm1/user
 
 view1/user
 
-```shell
-
-kadcli git remove projectA-1.yaml -m "Test remove" -n "idir" --insecureSkipVerify
-kadcli git add -m "test add" -n"idir"  projectA-1.yaml --insecureSkipVerify 
-
-curl -H "Authorization: Bearer HEDG296X4XjnjETBJ1HGEUEqQbn3pNaD" -X PUT 'https://kad.ingress.kind.local/api/git/v1/mycluster/deployments/minio3.yaml' -F kadfile=@.tmp/z.tmp/curl/minio3.yaml -F commit-message='A commit Message' -F committer-name='Serge' -F committer-email='serge@example.com' -k
-
-
-kadcli kad componentReleases apply --insecureSkipVerify minio1
-kadcli kad componentReleases apply --insecureSkipVerify _all_ 
-
-```
-
-
-http://localhost:8092/#/componentreleases/CreateOrUpdateComponentRelease
-```
-{
-  "comment": "Create minio deployment example",
-  "gitRepoFolder": "deployments",
-  "componentReleases": [
-    {
-      "name": "minio3",
-      "component": {
-        "name": "minio",
-        "version": "1.0.0",
-        "protected": true,
-        "config": {
-          "install": {
-            "createNamespace": true
-          }
-        },
-        "parameters": {
-          "ingressName": "minio3",
-          "ldap": "openldap"
-        },
-        "parameterFiles": [
-          {
-            "document": "minio-flavor-small"
-          },
-          {
-            "document": "data1-minio-parameters",
-            "unwrap": "minio"
-          }
-        ]
-      },
-      "namespace": "minio3",
-      "dependsOn": [
-        "ldapLocalServer"
-      ]
-    }
-  ]
-}
-```
-
-
 # Helm
 
 ```
 docker build -t quay.io/okdp/okdp-server:0.1.0-snapshot  .
 docker push quay.io/okdp/okdp-server:0.1.0-snapshot
 
 helm package ./helm/okdp-server
-helm push okdp-server-0.1.0-snapshot.tgz oci://quay.io/okdp/charts
+helm push okdp-server-0.2.0-snapshot.tgz oci://quay.io/okdp/charts
 
-helm pull oci://quay.io/okdp/charts/swagger-ui --version 0.1.0 --destination helm/okdp-server/charts
+helm pull oci://quay.io/okdp/charts/swagger-ui --version 0.2.0 --destination helm/okdp-server/charts
 
 helm upgrade --install okdp-server \
      --namespace okdp-server \
      --create-namespace helm/okdp-server \
      --values helm/okdp-server/values.keycloak.yaml
 ```
+
+Swagger UI: https://okdp-server.okdp.sandbox/swagger/
+
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,3 +17,4 @@ tmp/ @@
     .go-cache/
     .bin/
     package-lock.json
+    *.tgz