From 574e9e12cf98f878753e15e8f39b70674de8072f Mon Sep 17 00:00:00 2001
From: Zaid Albirawi <zaid@tyk.io>
Date: Tue, 23 Jul 2024 18:51:23 -0400
Subject: [PATCH] Add portal bootstraping (#56)

* Update tyk versions

* Add portal bootstraping
---
 .../portal/bootstrap-configmap-template.yaml  | 79 +++++++++++++++++++
 src/deployments/portal/bootstrap-job.yaml     | 39 +++++++++
 src/deployments/portal/bootstrap.sh           | 26 ++++++
 src/deployments/portal/main.sh                |  6 +-
 4 files changed, 148 insertions(+), 2 deletions(-)
 create mode 100644 src/deployments/portal/bootstrap-configmap-template.yaml
 create mode 100644 src/deployments/portal/bootstrap-job.yaml
 create mode 100644 src/deployments/portal/bootstrap.sh

diff --git a/src/deployments/portal/bootstrap-configmap-template.yaml b/src/deployments/portal/bootstrap-configmap-template.yaml
new file mode 100644
index 00000000..bfd6ae1f
--- /dev/null
+++ b/src/deployments/portal/bootstrap-configmap-template.yaml
@@ -0,0 +1,79 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: portal-bootstrap-configmap
+data:
+  bootstrap.sh: |
+    # Create provider
+    res=$(curl -vvv --location 'replace_url/portal-api/providers' \
+      --header 'Content-Type: application/json' \
+      --header 'Accept: application/json' \
+      --header "Authorization: $PORTAL_API_KEY" \
+      --data '{
+        "Configuration": {
+          "MetaData": "{\"URL\":\"replace_dashboard_url\",\"Secret\":\"'$DASHBOARD_API_KEY'\",\"OrgID\":\"'$DASHBOARD_ORG_ID'\",\"Gateway\":\"\",\"PoliciesTags\":[],\"InsecureSkipVerify\":true}"
+        },
+        "Name": "Tyk Dashboard",
+        "Type": "tyk-pro"
+        }' );
+    providerID=$(echo $res | jq -r .ID);
+
+    # Sync provider
+    curl -vvv --location --request PUT "replace_url/portal-api/providers/$providerID/synchronize" \
+      --header "Accept: application/json" \
+      --header "Authorization: $PORTAL_API_KEY"
+
+    # Create Orgs
+    curl -vvv --location 'replace_url/portal-api/organisations' \
+      --header 'Content-Type: application/json' \
+      --header 'Accept: application/json' \
+      --header "Authorization: $PORTAL_API_KEY" \
+      --data '{
+        "Name": "Internal Developers Organization"
+      }'
+
+    curl -vvv --location 'replace_url/portal-api/organisations' \
+      --header 'Content-Type: application/json' \
+      --header 'Accept: application/json' \
+      --header "Authorization: $PORTAL_API_KEY" \
+      --data '{
+        "Name": "External Developers and Partners Organization"
+      }'
+
+    # Create Users
+    res=$(curl -vvv --location 'replace_url/portal-api/users' \
+    --header 'Content-Type: application/json' \
+    --header 'Accept: application/json' \
+    --header "Authorization: $PORTAL_API_KEY" \
+    --data-raw '{
+      "Active": "true",
+      "Email": "api-developer@internal.org",
+      "First": "Internal",
+      "Last": "User",
+      "Organisation": {"ID": "2"},
+      "Role": "consumer-admin",
+      "Provider": "password",
+      "ResetPassword": "false",
+      "Teams": "2",
+      "Password": "password"
+    }')
+    internalUserID=$(echo $res | jq -r .ID);
+
+    res=$(curl -vvv --location 'replace_url/portal-api/users' \
+    --header 'Content-Type: application/json' \
+    --header 'Accept: application/json' \
+    --header "Authorization: $PORTAL_API_KEY" \
+    --data-raw '{
+      "Active": "true",
+      "Email": "api-developer@external.org",
+      "First": "External",
+      "Last": "User",
+      "Organisation": {"ID": "3"},
+      "Role": "consumer-admin",
+      "Provider": "password",
+      "ResetPassword": "false",
+      "Teams": "3",
+      "Password": "password"
+    }')
+    externalUserID=$(echo $res | jq -r .ID);
diff --git a/src/deployments/portal/bootstrap-job.yaml b/src/deployments/portal/bootstrap-job.yaml
new file mode 100644
index 00000000..ef8bb412
--- /dev/null
+++ b/src/deployments/portal/bootstrap-job.yaml
@@ -0,0 +1,39 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: portal-bootstrap-job
+spec:
+  template:
+    spec:
+      containers:
+        - name: portal-bootstrap
+          image: pnnlmiscscripts/curl-jq:latest
+          command: ["/bin/sh", "/scripts/bootstrap.sh"]
+          env:
+            - name: PORTAL_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: portal-bootstrap-secrets
+                  key: PORTAL_API_KEY
+            - name: DASHBOARD_ORG_ID
+              valueFrom:
+                secretKeyRef:
+                  name: portal-bootstrap-secrets
+                  key: DASHBOARD_ORG_ID
+            - name: DASHBOARD_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: portal-bootstrap-secrets
+                  key: DASHBOARD_API_KEY
+          volumeMounts:
+            - name: portal-bootstrap-volume
+              mountPath: /scripts/bootstrap.sh
+              subPath: bootstrap.sh
+      restartPolicy: Never
+      volumes:
+        - name: portal-bootstrap-volume
+          configMap:
+            name: portal-bootstrap-configmap
+            items:
+              - key: bootstrap.sh
+                path: bootstrap.sh
diff --git a/src/deployments/portal/bootstrap.sh b/src/deployments/portal/bootstrap.sh
new file mode 100644
index 00000000..68007507
--- /dev/null
+++ b/src/deployments/portal/bootstrap.sh
@@ -0,0 +1,26 @@
+set +e;
+search=$(kubectl get secret --namespace "$namespace" | awk '{print $1}' | grep -e "^portal-bootstrap-secrets");
+logger "$DEBUG" "namespace-exists: search result: $search";
+set -e;
+
+if [[ -z $search ]]; then
+  logger "$INFO" "bootstrapping portal...";
+  # Get pod and JWT
+  pod=$(kubectl get pods --namespace "$namespace" -l "app=$tykReleaseName-tyk-dev-portal" -o jsonpath='{.items[*].metadata.name}');
+  jwt=$(kubectl logs --namespace "$namespace" "$pod" | awk -F'Generated JWToken: ' '{print substr($2, 1, length($2)-2)}' | tr -d '[:space:]');
+
+  # Create secret
+  kubectl create secret generic "portal-bootstrap-secrets" --namespace "$namespace" \
+    --from-literal="PORTAL_API_KEY=$jwt" \
+    --from-literal="DASHBOARD_ORG_ID=$(kubectl get secrets -n tyk tyk-operator-conf -o=jsonpath="{.data.TYK_ORG}" | base64 -d)" \
+    --from-literal="DASHBOARD_API_KEY=$(kubectl get secrets -n tyk tyk-operator-conf -o=jsonpath="{.data.TYK_AUTH}" | base64 -d)" \
+    > /dev/null;
+
+  # Create bootstrap script configmap
+  sed "s/replace_url/$protocol:\/\/dev-portal-svc-$tykReleaseName-tyk-dev-portal:$PORTAL_SERVICE_PORT/g" "$portalDeploymentPath/bootstrap-configmap-template.yaml" | \
+    sed "s/replace_dashboard_url/$protocol:\/\/dashboard-svc-$tykReleaseName-tyk-dashboard:3000/g" | \
+    kubectl apply --namespace "$namespace" -f - > /dev/null;
+
+  # Run bootstrap job
+  kubectl apply --namespace "$namespace" -f "$portalDeploymentPath/bootstrap-job.yaml" > /dev/null;
+fi
diff --git a/src/deployments/portal/main.sh b/src/deployments/portal/main.sh
index 801bd3dd..5558b449 100644
--- a/src/deployments/portal/main.sh
+++ b/src/deployments/portal/main.sh
@@ -1,9 +1,9 @@
-logger "$INFO" "installing portal in $namespace namespace...";
-
 portalDBName=portal;
 portalDBPort=54321;
 source src/main/storage/pgsql.sh $portalDBName $portalDBPort;
 
+logger "$INFO" "installing portal in $namespace namespace...";
+
 addService "dev-portal-svc-$tykReleaseName-tyk-dev-portal";
 
 args=(
@@ -23,3 +23,5 @@ args=(
 
 addDeploymentArgs "${args[@]}";
 upgradeTyk;
+
+source "$portalDeploymentPath/bootstrap.sh";