Add ability to specify github enpoints for creds

The GitHub credentials section now allows setting some API endpoints
that point the github client and the runner setup script to the propper
URLs. This allows us to use garm with an on-prem github enterprise server.

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This commit is contained in:
Gabriel Adrian Samfira 2022-10-12 21:45:07 +00:00
parent a55f852161
commit f40420bfb6
No known key found for this signature in database
GPG key ID: 7D073DCC2C074CB5
11 changed files with 196 additions and 45 deletions

View file

@ -27,7 +27,9 @@ const (
PoolConsilitationInterval = 5 * time.Second
PoolReapTimeoutInterval = 5 * time.Minute
PoolToolUpdateInterval = 3 * time.Hour
// Temporary tools download token is valid for 1 hour by default.
// Set this to less than an hour so as not to run into 401 errors.
PoolToolUpdateInterval = 50 * time.Minute
)
type PoolManager interface {

View file

@ -20,7 +20,6 @@ import (
"strings"
"sync"
"garm/config"
dbCommon "garm/database/common"
runnerErrors "garm/errors"
"garm/params"
@ -35,7 +34,7 @@ import (
var _ poolHelper = &organization{}
func NewOrganizationPoolManager(ctx context.Context, cfg params.Organization, cfgInternal params.Internal, providers map[string]common.Provider, store dbCommon.Store) (common.PoolManager, error) {
ghc, err := util.GithubClient(ctx, cfgInternal.OAuth2Token)
ghc, err := util.GithubClient(ctx, cfgInternal.OAuth2Token, cfgInternal.GithubCredentialsDetails)
if err != nil {
return nil, errors.Wrap(err, "getting github client")
}
@ -57,6 +56,7 @@ func NewOrganizationPoolManager(ctx context.Context, cfg params.Organization, cf
quit: make(chan struct{}),
done: make(chan struct{}),
helper: helper,
credsDetails: cfgInternal.GithubCredentialsDetails,
}
return repo, nil
}
@ -89,7 +89,7 @@ func (r *organization) UpdateState(param params.UpdatePoolStateParams) error {
r.cfg.WebhookSecret = param.WebhookSecret
ghc, err := util.GithubClient(r.ctx, r.GetGithubToken())
ghc, err := util.GithubClient(r.ctx, r.GetGithubToken(), r.cfgInternal.GithubCredentialsDetails)
if err != nil {
return errors.Wrap(err, "getting github client")
}
@ -138,7 +138,7 @@ func (r *organization) ListPools() ([]params.Pool, error) {
}
func (r *organization) GithubURL() string {
return fmt.Sprintf("%s/%s", config.GithubBaseURL, r.cfg.Name)
return fmt.Sprintf("%s/%s", r.cfgInternal.GithubCredentialsDetails.BaseURL, r.cfg.Name)
}
func (r *organization) JwtToken() string {

View file

@ -58,7 +58,8 @@ type basePool struct {
quit chan struct{}
done chan struct{}
helper poolHelper
helper poolHelper
credsDetails params.GithubCredentials
mux sync.Mutex
}
@ -454,6 +455,7 @@ func (r *basePool) addInstanceToProvider(instance params.Instance) error {
Image: pool.Image,
Labels: labels,
PoolID: instance.PoolID,
CACertBundle: r.credsDetails.CABundle,
}
var instanceIDToDelete string

View file

@ -20,7 +20,6 @@ import (
"strings"
"sync"
"garm/config"
dbCommon "garm/database/common"
runnerErrors "garm/errors"
"garm/params"
@ -35,7 +34,7 @@ import (
var _ poolHelper = &repository{}
func NewRepositoryPoolManager(ctx context.Context, cfg params.Repository, cfgInternal params.Internal, providers map[string]common.Provider, store dbCommon.Store) (common.PoolManager, error) {
ghc, err := util.GithubClient(ctx, cfgInternal.OAuth2Token)
ghc, err := util.GithubClient(ctx, cfgInternal.OAuth2Token, cfgInternal.GithubCredentialsDetails)
if err != nil {
return nil, errors.Wrap(err, "getting github client")
}
@ -57,6 +56,7 @@ func NewRepositoryPoolManager(ctx context.Context, cfg params.Repository, cfgInt
quit: make(chan struct{}),
done: make(chan struct{}),
helper: helper,
credsDetails: cfgInternal.GithubCredentialsDetails,
}
return repo, nil
}
@ -91,7 +91,7 @@ func (r *repository) UpdateState(param params.UpdatePoolStateParams) error {
r.cfg.WebhookSecret = param.WebhookSecret
ghc, err := util.GithubClient(r.ctx, r.GetGithubToken())
ghc, err := util.GithubClient(r.ctx, r.GetGithubToken(), r.cfgInternal.GithubCredentialsDetails)
if err != nil {
return errors.Wrap(err, "getting github client")
}
@ -140,7 +140,7 @@ func (r *repository) ListPools() ([]params.Pool, error) {
}
func (r *repository) GithubURL() string {
return fmt.Sprintf("%s/%s/%s", config.GithubBaseURL, r.cfg.Owner, r.cfg.Name)
return fmt.Sprintf("%s/%s/%s", r.cfgInternal.GithubCredentialsDetails.BaseURL, r.cfg.Owner, r.cfg.Name)
}
func (r *repository) JwtToken() string {

View file

@ -190,11 +190,24 @@ func (p *poolManagerCtrl) getInternalConfig(credsName string) (params.Internal,
return params.Internal{}, runnerErrors.NewBadRequestError("invalid credential name (%s)", credsName)
}
caBundle, err := creds.CACertBundle()
if err != nil {
return params.Internal{}, fmt.Errorf("fetching CA bundle for creds: %w", err)
}
return params.Internal{
OAuth2Token: creds.OAuth2Token,
ControllerID: p.controllerID,
InstanceCallbackURL: p.config.Default.CallbackURL,
JWTSecret: p.config.JWTAuth.Secret,
GithubCredentialsDetails: params.GithubCredentials{
Name: creds.Name,
Description: creds.Description,
BaseURL: creds.BaseURL,
APIBaseURL: creds.APIBaseURL,
UploadBaseURL: creds.UploadBaseURL,
CABundle: caBundle,
},
}, nil
}
@ -219,8 +232,11 @@ func (r *Runner) ListCredentials(ctx context.Context) ([]params.GithubCredential
for _, val := range r.config.Github {
ret = append(ret, params.GithubCredentials{
Name: val.Name,
Description: val.Description,
Name: val.Name,
Description: val.Description,
BaseURL: val.BaseEndpoint(),
APIBaseURL: val.APIEndpoint(),
UploadBaseURL: val.UploadEndpoint(),
})
}
return ret, nil