Adds build test and publishing instructions

This change adds the following changes: - Adds detailed instructions for building, testing, releasing, and publishing to CONTRIBUTING.md - Adds a mechanism for contributors outside of CyberArk to build and test new versions of the Marketplace without requiring access to the conjur-cloud-launcher-onboard GCP project. - Updates the Google Marketplace schema we use to Version 2.
cyberark · Mar 19, 2020 · 42b03ce · 42b03ce
1 parent ba47340
commit 42b03ce
Show file tree

Hide file tree

Showing 9 changed files with 689 additions and 154 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Deleted x-google-marketplace section for tester.image in schema.yaml to be consistent for Google Marketplace Tools v0.10.0
 - Added a build.sh flag (`-p` or `--persist`) to persist the application deployment after testing.
 - Fixed the deployment's `deploy-info` annotations to use keys that are valid JSON keys (i.e. with quotes).
+- Adds instructions for building, testing, releasing, and publishing to CONTRIBUTING.md
+- Adds a mechanism for contributors outside of CyberArk to build and test new versions of the Marketplace without requiring access to the conjur-cloud-launcher-onboard GCP project.
+- Updates the Google Marketplace schema we use to Version 2.
 
 ## [1.3.4](https://github.com/cyberark/conjur-google-cloud-launcher/releases/tag/v1.3.4) - 2019-01-08
 ### Changed

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
diff --git a/Makefile b/Makefile
@@ -22,23 +22,36 @@ include var.Makefile
 include app.Makefile
 
 NAME ?= conjur
-TAG ?= 1.3
+TAG ?= 1.4.0
 REGISTRY ?= gcr.io/conjur-cloud-launcher-onboard
-
 PREFIX ?= cyberark
-APP_DEPLOYER_IMAGE ?= $(REGISTRY)/$(PREFIX)/deployer:$(TAG)
+
+# FLAT_REGISTRY allows contributors to use their own (flat hierarchy) Docker
+# registry
+FLAT_REGISTRY ?= false
+ifeq ($(FLAT_REGISTRY),true)
+  REGISTRY_PREFIX = $(REGISTRY)
+else
+  REGISTRY_PREFIX = $(REGISTRY)/$(PREFIX)
+endif
+
+APP_DEPLOYER_IMAGE ?= $(REGISTRY_PREFIX)/deployer:$(TAG)
 CONJUR_IMAGE ?= $(REGISTRY)/$(PREFIX):$(TAG)
 POSTGRES_SOURCE_IMAGE ?= postgres:10.1
-POSTGRES_IMAGE ?= $(REGISTRY)/$(PREFIX)/postgres:$(TAG)
+POSTGRES_IMAGE ?= $(REGISTRY_PREFIX)/postgres:$(TAG)
 NGINX_SOURCE_IMAGE ?= nginx:1.15
-NGINX_IMAGE ?= $(REGISTRY)/$(PREFIX)/nginx:$(TAG)
+NGINX_IMAGE ?= $(REGISTRY_PREFIX)/nginx:$(TAG)
 DOCKERFILE ?= deployer/Dockerfile
 
+$(info $$CONJUR_IMAGE is [${CONJUR_IMAGE}])
+$(info $$PREFIX is [${PREFIX}])
+$(info $$REGISTRY_PREFIX is [${REGISTRY_PREFIX}])
+
 APP_PARAMETERS ?= { \
   "name": "$(NAME)", \
   "namespace": "$(NAMESPACE)" \
 }
-TESTER_IMAGE ?= $(REGISTRY)/$(PREFIX)/tester:$(TAG)
+TESTER_IMAGE ?= $(REGISTRY_PREFIX)/tester:$(TAG)
 APP_TEST_PARAMETERS ?= { \
   "tester.image": "$(TESTER_IMAGE)" \
 }

diff --git a/apptest/deployer/schema.yaml b/apptest/deployer/schema.yaml
@@ -1,3 +1,62 @@
+x-google-marketplace:
+  schemaVersion: v2
+
+  # Must match the version of the Application custom resource object.
+  applicationApiVersion: v1beta1
+
+  # The release version must match the release tag on the deployer
+  publishedVersion: '1.4.0'
+
+  images:
+    postgres:
+      properties:
+        imageRepo:
+          type: REPO_WITH_REGISTRY
+        imageTag:
+          type: TAG
+    nginx:
+      properties:
+        imageRepo:
+          type: REPO_WITH_REGISTRY
+        imageTag:
+          type: TAG
+    tester:
+      properties:
+        imageRepo:
+          type: REPO_WITH_REGISTRY
+        imageTag:
+          type: TAG
+    init:
+      properties:
+        imageInitFull:
+          type: FULL
+        imageInitRegistry:
+          type: REGISTRY
+        imageInitRepo:
+          type: REPO_WITHOUT_REGISTRY
+        imageInitTag:
+          type: TAG
+
+  clusterConstraints:
+    resources:
+    - requests:
+        cpu: 1000m
+        memory: 3750Mi
+      affinity:
+        simpleNodeAffinity:
+          type: REQUIRE_MINIMUM_NODE_COUNT
+          minimumNodeCount: 3
+
+  clusterConstraints:
+    resources:
+    - requests:
+        cpu: 1000m
+        memory: 3750Mi
+      affinity:
+        simpleNodeAffinity:
+          type: REQUIRE_MINIMUM_NODE_COUNT
+          minimumNodeCount: 3
+
 properties:
   tester.image:
     type: string
@@ -8,35 +67,14 @@ properties:
     default: "conjurtest.myorg.com"
     title: Certificate Common Name
 
-  conjur.image:
-    type: string
-    default: $REGISTRY/cyberark:$TAG
-    x-google-marketplace:
-      type: IMAGE
-      image:
-        generatedProperties:
-          splitByColon:
-            before: image.repository
-            after: image.tag
-
-  postgres.image:
-    type: string
-    default: $REGISTRY/cyberark/postgres:$TAG
-    x-google-marketplace:
-      type: IMAGE
-      image:
-        generatedProperties:
-          splitByColon:
-            before: postgres.repository
-            after: postgres.tag
-
-  nginx.image:
-    type: string
-    default: $REGISTRY/cyberark/nginx:$TAG
-    x-google-marketplace:
-      type: IMAGE
-      image:
-        generatedProperties:
-          splitByColon:
-            before: nginx.repository
-            after: nginx.tag
+required:
+- name
+- namespace
+- conjur.image
+- postgres.image
+- nginx.image
+- conjur-oss.dataKey
+- conjur-oss.persistentVolumeSize
+- conjur-oss.ssl.expiration
+- conjur-oss.ssl.hostname
+- conjur-oss.serviceAccount.name
diff --git a/bin/build_release b/bin/build_release
@@ -0,0 +1,26 @@
+#!/bin/bash -e
+
+CURRENT_DIR=$("$(dirname "$0")/abspath")
+
+# xgo because it allows cross-compilation
+GORELEASER_IMAGE="cyberark/goreleaser:latest-xgo"
+
+GORELEASER_ARGS=("--rm-dist")
+if [[ "${SNAPSHOT}" == "true" ]]; then
+  GORELEASER_ARGS+=("--snapshot")
+fi
+
+echo "Current dir: $CURRENT_DIR"
+
+# TODO: the image cyberark/goreleaser:latest-xgo will need to be pushed
+# TODO: to Dockerhub, and the command below should become
+# TODO: docker pull cyberark/goreleaser:latest-xgo
+# NOTE: Piping the Dockerfile sends an empty context to docker build
+docker build -t "${GORELEASER_IMAGE}" - < "$CURRENT_DIR/Dockerfile.releaser"
+
+docker run --rm -t \
+  --volume "$CURRENT_DIR/..:/secretless-broker" \
+  --workdir /secretless-broker \
+  "${GORELEASER_IMAGE}" "${GORELEASER_ARGS[@]}"
+
+echo "Releases built. Archives can be found in dist/goreleaser"
diff --git a/build.sh b/build.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 
-export REGISTRY=${REGISTRY:-'gcr.io/conjur-gke-dev'}
+export REGISTRY=${REGISTRY:-'gcr.io/conjur-cloud-launcher-onboard'}
 export TAG=${TAG:-"$(whoami)"}
 
 make clean

diff --git a/conjur/templates/application.yaml b/conjur/templates/application.yaml
@@ -13,7 +13,7 @@ metadata:
 spec:
   descriptor:
     type: Conjur
-    version: '1.3'
+    version: '1.4.0'
     description: |-
       CyberArk Conjur automatically secures secrets used by privileged users and machine identities.
 

diff --git a/schema.yaml b/schema.yaml
@@ -1,4 +1,61 @@
-application_api_version: v1beta1
+x-google-marketplace:
+  schemaVersion: v2
+
+  # Must match the version of the Application custom resource object.
+  applicationApiVersion: v1beta1
+
+  # The release version must match the release tag on the deployer
+  publishedVersion: '1.4.0'
+
+  publishedVersionMetadata:
+    releaseNote: >-
+      Update marketplace tools so app works with Kubernetes version >= 1.16.
+
+    # If "recommended" is "true", users using older releases are encouraged
+    # to update as soon as possible. This is useful if, for example, this
+    # release fixes a critical issue.
+    recommended: true
+
+  # This MUST be specified to indicate that the deployer supports managed
+  # updates. Note that this could be left out or kalmSupported set to false,
+  # in which case the deployer uses schema v2 but does not support updates.
+  managedUpdates:
+    kalmSupported: false
+
+  images:
+    postgres:
+      properties:
+        imageRepo:
+          type: REPO_WITH_REGISTRY
+        imageTag:
+          type: TAG
+    nginx:
+      properties:
+        imageRepo:
+          type: REPO_WITH_REGISTRY
+        imageTag:
+          type: TAG
+    init:
+      properties:
+        imageInitFull:
+          type: FULL
+        imageInitRegistry:
+          type: REGISTRY
+        imageInitRepo:
+          type: REPO_WITHOUT_REGISTRY
+        imageInitTag:
+          type: TAG
+
+  clusterConstraints:
+    resources:
+    - requests:
+        cpu: 1000m
+        memory: 3750Mi
+      affinity:
+        simpleNodeAffinity:
+          type: REQUIRE_MINIMUM_NODE_COUNT
+          minimumNodeCount: 3
+
 properties:
   name:
     type: string
@@ -9,36 +66,6 @@ properties:
     type: string
     x-google-marketplace:
       type: NAMESPACE
-  conjur.image:
-    type: string
-    default: $REGISTRY/cyberark:$TAG
-    x-google-marketplace:
-      type: IMAGE
-      image:
-        generatedProperties:
-          splitByColon:
-            before: image.repository
-            after: image.tag
-  postgres.image:
-    type: string
-    default: $REGISTRY/cyberark/postgres:$TAG
-    x-google-marketplace:
-      type: IMAGE
-      image:
-        generatedProperties:
-          splitByColon:
-            before: postgres.repository
-            after: postgres.tag
-  nginx.image:
-    type: string
-    default: $REGISTRY/cyberark/nginx:$TAG
-    x-google-marketplace:
-      type: IMAGE
-      image:
-        generatedProperties:
-          splitByColon:
-            before: nginx.repository
-            after: nginx.tag
   conjur-oss.account:
     type: string
     default: default
@@ -108,9 +135,6 @@ properties:
 required:
 - name
 - namespace
-- conjur.image
-- postgres.image
-- nginx.image
 - conjur-oss.dataKey
 - conjur-oss.persistentVolumeSize
 - conjur-oss.ssl.expiration