CH-262 / CH-263 / CH-264 - Tilt and some other minor changes

applications/accounts/deploy/templates/_components.tpl

@@ -6,7 +6,7 @@
             "subComponents": {},
             "config": {
                 "kc.user.profile.config": [
-                    "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
+                    "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"annotations\":{},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"stripe_uid\",\"displayName\":\"Stripe UID\",\"validations\":{},\"annotations\":{},\"permissions\":{\"view\":[\"admin\"],\"edit\":[\"admin\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}"
                 ]
             }
         }
@@ -72,4 +72,4 @@
         {{template "deploy_accounts_utils.user_profile_provider_component" }},
         {{template "deploy_accounts_utils.key_provider_component" }}
     },
-{{- end -}}
+{{- end -}}

applications/events/deploy/templates/deployments.yml

@@ -101,6 +101,8 @@ spec:
         volumeMounts:
         - mountPath: /var/lib/kafka
           name: data
+      securityContext:
+        fsGroup: 1000
       terminationGracePeriodSeconds: 30
   updateStrategy:
     type: RollingUpdate

applications/events/deploy/values.yaml

@@ -17,7 +17,6 @@ kafka:
   imagePullPolicy: IfNotPresent
   clusterId: 5L6g3nShT-eMCtK--X86sw
   storage: 10Gi
-  storageClassName: standard
   config:
     auto.create.topics.enable: "true"
     num.partitions: "3"

deployment-configuration/helm/templates/auto-database-mongo.yaml

@@ -12,7 +12,7 @@
         livenessProbe:
           exec:
             command:
-              - mongo
+              - mongosh
               - --eval
               - "db.adminCommand('ping')"
           initialDelaySeconds: 30
@@ -21,10 +21,10 @@
         readinessProbe:
           exec:
             command:
-              - mongo
+              - mongosh
               - --eval
               - "db.adminCommand('ping')"
           initialDelaySeconds: 5
           timeoutSeconds: 5
           failureThreshold: 6
-{{- end }}
+{{- end }}

deployment-configuration/helm/templates/auto-database.yaml

@@ -14,7 +14,7 @@ spec:
 ---
 {{- end }}
 {{- define "deploy_utils.database" }}
-{{- if and (eq .app.harness.database.type "postgres") .app.harness.database.postgres.operator }}
+{{- if and (eq .app.harness.database.type "postgres") (dig "postgres" "operator" false .app.harness.database) }}
 {{- include "deploy_utils.database.postgres.operator" . }}
 {{- else }}
 ---

deployment-configuration/helm/templates/auto-deployments.yaml

@@ -15,7 +15,6 @@ spec:
   selector:
     matchLabels:
       app: {{ .app.harness.deployment.name| quote }}
-{{- include "deploy_utils.labels" .root | indent 6 }}
   template:
     metadata:
       {{- if .app.harvest }}

deployment-configuration/helm/templates/auto-network-policies.yaml

@@ -117,7 +117,7 @@ spec:
           protocol: UDP
         - port: 53
           protocol: TCP
-    {{- if and (eq .app.harness.database.type "postgres") .app.harness.database.postgres.operator }}
+    {{- if and (eq .app.harness.database.type "postgres") (dig "postgres" "operator" false .app.harness.database) }}
     # Allow CNPG pods to reach the Kubernetes API server
     {{- $apiCidrs := list }}
     {{- $kubeSvc := (lookup "v1" "Service" "default" "kubernetes") }}

deployment-configuration/helm/templates/auto-volumes.yaml

@@ -14,7 +14,6 @@ spec:
   accessModes:
 {{- if or (not (hasKey .app.harness.deployment.volume "usenfs")) (not .app.harness.deployment.volume.usenfs) }}
   - ReadWriteOnce
-  storageClassName: standard
 {{- else }}
   - ReadWriteMany
   storageClassName: {{ printf "%s-%s" .root.Values.namespace .root.Values.apps.nfsserver.storageClass.name }}
@@ -27,4 +26,4 @@ spec:
 ---
     {{- include "deploy_utils.pvolume" (dict "root" $ "app" $app) }}
     {{- end }}
-{{- end }}
+{{- end }}

deployment-configuration/tilt-deploy.ext

@@ -0,0 +1,67 @@
+load('ext://namespace', 'namespace_create', "namespace_inject")
+
+
+def deploy(name, namespace, extra_env, watch):
+
+    # create namespaces
+    namespace_create(namespace)
+
+    # load helm chart
+    yaml = decode_yaml_stream(helm(
+        "deployment/helm",
+        # The release name, equivalent to helm --name
+        name=name,
+        # The namespace to install in, equivalent to helm --namespace
+        namespace=namespace,
+        # The values file to substitute into the chart.
+        values=["deployment/helm/values.yaml"],
+        # Values to set from the command-line
+        set=["service.port=1234", "ingress.enabled=true"]
+        )
+    )
+
+    source_root = os.path.abspath(os.getcwd())
+    # modify deployments
+    for r in yaml:
+        if r.get("kind") == "Deployment":
+            deployment_name = r["metadata"]["name"]
+            print("+ patching deployment:", deployment_name)
+            r["spec"]["template"]["spec"].setdefault("volumes", []).append({
+                "name": name + "-root",
+                "hostPath": {
+                    "path": source_root
+                }
+            })
+            for container in r["spec"]["template"]["spec"]["containers"]:
+                print("  + modifying container:", container["name"])
+                print("    - add " + name + " root folder")
+                container.setdefault("volumeMounts", []).append({
+                    "mountPath": "/usr/src/" + name,
+                    "name": name + "-root"
+                })
+                if "resources" in container:
+                    print("    - modifying resource requests and limits")
+                    if "limits" not in container["resources"]:
+                        container["resources"]["limits"] = {}
+                    if "requests" not in container["resources"]:
+                        container["resources"]["requests"] = {}
+                        container["resources"]["requests"]["cpu"] = "100m"
+                        container["resources"]["requests"]["memory"] = "256Mi"
+                    container["resources"]["limits"]["cpu"] = "8000m"
+                    container["resources"]["limits"]["memory"] = "4096Mi"
+
+                if deployment_name in extra_env and len(extra_env[deployment_name]) > 0:
+                    print("Adding tasks images dependencies to env ", deployment_name)
+                    for env in extra_env[deployment_name]:
+                        container["env"].append({
+                            "name": env, "value": env
+                        })
+
+    if not watch:
+        # don't watch mnp folder
+        watch_settings(ignore=source_root)
+    else:
+        print("Watching for file changes")
+
+    # install applications
+    k8s_yaml(namespace_inject(encode_yaml_stream(yaml), namespace))

infrastructure/common-images/cloudharness-django/libraries/cloudharness-django/cloudharness_django/apps.py

@@ -4,3 +4,30 @@
 class cloudharness_djangoConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
     name = 'cloudharness_django'
+
+    def ready(self):
+        # imports
+        import sys
+        for skip_cmd in [
+            "--help",
+            "collectstatic",
+            "compilemessages",
+            "compress",
+            "dbshell",
+            "dumpdata",
+            "loaddata",
+            "makemessages",
+            "makemigrations",
+            "migrate",
+            "reset_db",
+            "showmigrations",
+            "sqlmigrate",
+            "squashmigrations",
+            "test",
+        ]:
+            # for these commands we skip initializing the event listener
+            if skip_cmd in sys.argv:
+                return
+
+        from cloudharness_django.services.events import init_listener_in_background
+        init_listener_in_background()

infrastructure/common-images/cloudharness-django/libraries/cloudharness-django/cloudharness_django/services/events.py

@@ -1,3 +1,5 @@
+import time
+
 from cloudharness.applications import ConfigurationCallException
 
 from django.conf import settings
@@ -27,28 +29,33 @@ def event_handler(app, event_client, message):
         log.info(f"{event_client} {message}")
         if resource in ["CLIENT_ROLE_MAPPING", "GROUP", "USER", "GROUP_MEMBERSHIP", "ORGANIZATION_MEMBERSHIP"]:
             try:
+                time.sleep(1)  # wait a bit to make sure the transaction is committed in Keycloak before trying to fetch the updated data
                 init_services()
                 user_service = get_user_service()
                 auth_client = get_auth_service().get_auth_client()
 
                 if resource == "GROUP":
                     kc_group = auth_client.get_group(resource_path[1])
                     user_service.sync_kc_group(kc_group)
+                    return
                 if resource == "USER":
                     kc_user = auth_client.get_user(resource_path[1])
                     # invalidate the user cache to force the user to be reloaded
                     invalidate_user_cache(kc_user.id)
                     user_service.sync_kc_user(kc_user, delete=operation == "DELETE")
+                    return
                 if resource == "CLIENT_ROLE_MAPPING":
                     # adding/deleting user client roles
                     # set/user user is_superuser
                     kc_user = auth_client.get_user(resource_path[1])
                     user_service.sync_kc_user(kc_user)
+                    return
                 if resource == "GROUP_MEMBERSHIP" or resource == "ORGANIZATION_MEMBERSHIP":
                     # adding / deleting users from groups, update the user
                     # updating the user will also update the user groups
                     kc_user = auth_client.get_user(resource_path[1])
                     user_service.sync_kc_user(kc_user)
+                    return
             except Exception as e:
                 log.error(e)
                 raise e
@@ -94,26 +101,24 @@ def init_listener():
     if not hasattr(settings, "PROJECT_NAME"):
         raise KeycloakOIDCNoProjectError("Project name not found, please set PROJECT_NAME in your settings module")
 
+    kafka_group_id = settings.PROJECT_NAME.lower()
     global _message_service_singleton
     if _message_service_singleton is None:
-        _message_service_singleton = KeycloakMessageService(settings.PROJECT_NAME)
-
+        _message_service_singleton = KeycloakMessageService(kafka_group_id)
     _message_service_singleton.setup_event_service()
 
 
 def init_listener_in_background():
     import threading
-    import time
     from cloudharness import log
 
     def background_operation():
-        listener_initialized = False
 
-        while not listener_initialized:
+        while True:
             try:
                 init_listener()
                 log.info('User sync events listener started')
-                listener_initialized = True
+                break
             except:
                 log.exception('Error initializing event queue. Retrying in 5 seconds...')
                 time.sleep(5)

libraries/cloudharness-common/cloudharness/auth/keycloak.py

@@ -650,6 +650,8 @@ def user_add_update_attribute(self, user_id, attribute_name, attribute_value):
             {
                 'attributes': attributes,
                 'username': user.username,
+                'firstName': user.first_name,
+                'lastName': user.last_name,
                 'email': user.email,
             }
         )
@@ -673,6 +675,8 @@ def user_delete_attribute(self, user_id, attribute_name):
                 {
                     'attributes': attributes,
                     'username': user.username,
+                    'firstName': user.first_name,
+                    'lastName': user.last_name,
                     'email': user.email,
                 })
             return True

libraries/cloudharness-common/cloudharness/sentry/__init__.py

@@ -24,8 +24,11 @@ def get_dsn(appname):
         dsn = get_dsn('notifications')
     """
     url = get_common_service_cluster_address() + f'/api/sentry/getdsn/{appname}'
-    response = requests.get(url, verify=False).json()
-    dsn = response['dsn']
+    try:
+        response = requests.get(url, verify=False, timeout=5).json()
+        dsn = response.get('dsn')
+    except Exception:
+        return None
     if dsn and len(dsn) > 0:
         return dsn
     else:

tools/deployment-cli-tools/ch_cli_tools/configurationgenerator.py

@@ -621,7 +621,8 @@ def hosts_info(values):
         f"127.0.0.1\t{' '.join('%s.%s' % (values[KEY_APPS][s][KEY_HARNESS][KEY_SERVICE]['name'], values['namespace']) for s in deployments)}")
 
     try:
-        ip = get_cluster_ip()
+        local = values.get('local', False)
+        ip = get_cluster_ip(local=local)
     except:
         logging.warning('Cannot get cluster ip')
         ip = "127.0.0.1"

tools/deployment-cli-tools/ch_cli_tools/helm.py

@@ -212,7 +212,7 @@ def __finish_helm_values(self, values, defer_task_images=False):
         values['local'] = self.local
         if self.local:
             try:
-                values['localIp'] = get_cluster_ip()
+                values['localIp'] = get_cluster_ip(local=True)
             except subprocess.TimeoutExpired:
                 logging.warning("Minikube not available")
             except:

tools/deployment-cli-tools/ch_cli_tools/templates/tilt/tilt-template.tpl

@@ -0,0 +1,56 @@
+load('{{ch_root}}/deployment-configuration/tilt-deploy.ext', 'deploy')
+load('ext://uibutton', 'cmd_button')
+
+config.define_bool('setup-infrastructure')
+config.define_bool('watch')
+cfg = config.parse()
+setup_infrastructure = cfg.get('setup-infrastructure', False)
+watch = cfg.get('watch', False)
+if setup_infrastructure:
+    # setup ingress
+    print("Installing ingress controller")
+    # local("cd infrastructure/cluster-configuration && source cluster-init.sh")
+    local("kubectl get namespace ingress-nginx 2>/dev/null 1>/dev/null || bash -c 'helm upgrade --install ingress-nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx --namespace ingress-nginx --create-namespace --version v4.2.5 --wait --wait-for-jobs'")
+    # print("Let's wait a few seconds...")
+    # local("sleep 30")
+else:
+    print("To setup the infrastructure (f.e. ingress controller)")
+    print("run: tilt up -- --setup-infrastructure")
+
+if not watch:
+    print("To watch file changes, run: tilt up -- --watch")
+
+
+# build images
+{% for image in images -%}
+docker_build(ref='{{image.image}}', context='{{image.context}}', dockerfile='{{image.docker.dockerfile}}', build_args={{image.docker.buildArgs}}{% if image.is_task %}, match_in_env_vars=True{% endif %})
+{% endfor %}
+
+extra_env = {}
+{% for image in images -%}
+{% if image.is_app -%}
+extra_env.setdefault("{{ image.name }}", [])
+{% for task in images -%}
+{% if task.is_task and task.parent_app_name == image.name -%}
+extra_env["{{ image.name }}"].append("{{ task.image }}")
+{% endif -%}
+{% endfor -%}
+{% endif -%}
+{% endfor %}
+
+# deploy
+deploy(name='{{name}}', namespace='{{namespace}}', extra_env=extra_env, watch=watch)
+
+{% for app in apps -%}
+# Add Tilt ui elements for: {{app.name}}
+k8s_resource(
+    '{{app.app_key}}',
+    links=[link('http://{{app.name}}.{{domain}}', 'Open {{app.name}} page')]
+)
+cmd_button('{{app.app_key}}:set debug mode',
+    argv=["sh", "-c", "kubectl -n {{namespace}} patch deployment {{app.app_key}} --patch '{\"spec\": {\"template\": {\"spec\": {\"containers\": [{\"name\": \"{{app.app_key}}\", \"command\": [\"/bin/bash\"], \"args\": [\"-c\", \"sleep infinity\"], \"livenessProbe\": null, \"readinessProbe\": null}]}}}}'"],
+    resource='{{app.app_key}}',
+    icon_name='bug_report',
+    text='set debug mode',
+)
+{% endfor %}