From e6b7e68868ee09c7a0b5b51171c40500afb9cb0b Mon Sep 17 00:00:00 2001 From: michaeljguarino Date: Thu, 8 Aug 2024 21:56:21 -0400 Subject: [PATCH] Need to add secret read perms to plural sa For extracting cloud configuration --- apps/core/lib/core/clients/console.ex | 9 ++++++++- apps/core/lib/core/services/cloud/poller.ex | 12 +++++++++--- plural/helm/plural/templates/rbac.yaml | 3 +++ 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/apps/core/lib/core/clients/console.ex b/apps/core/lib/core/clients/console.ex index 85f726e6a..1d4f3a3c7 100644 --- a/apps/core/lib/core/clients/console.ex +++ b/apps/core/lib/core/clients/console.ex @@ -42,7 +42,7 @@ defmodule Core.Clients.Console do """ def new(url, token) do - Req.new(base_url: url, auth: "Token #{token}") + Req.new(base_url: with_gql(url), auth: "Token #{token}") |> AbsintheClient.attach() end @@ -93,4 +93,11 @@ defmodule Core.Clients.Console do Logger.error "failed to fetch from console: #{inspect(resp)}" {:error, "console error"} end + + defp with_gql(url) do + case String.ends_with?(url, "/gql") do + true -> url + _ -> "#{url}/gql" + end + end end diff --git a/apps/core/lib/core/services/cloud/poller.ex b/apps/core/lib/core/services/cloud/poller.ex index 480765267..46c35fb5e 100644 --- a/apps/core/lib/core/services/cloud/poller.ex +++ b/apps/core/lib/core/services/cloud/poller.ex @@ -3,6 +3,7 @@ defmodule Core.Services.Cloud.Poller do alias Core.Clients.Console alias Core.Services.Cloud alias Kazan.Apis.Core.V1, as: CoreV1 + require Logger @poll :timer.minutes(5) @@ -28,7 +29,9 @@ defmodule Core.Services.Cloud.Poller do def handle_info(:repo, %{client: client} = state) do case Console.repo(client, Core.conf(:mgmt_repo)) do {:ok, id} -> {:noreply, %{state | repo: id}} - _ -> {:noreply, state} + err -> + Logger.warn "failed to find mgmt repo: #{inspect(err)}" + {:noreply, state} end end @@ -41,8 +44,11 @@ defmodule Core.Services.Cloud.Poller do end def handle_info(:roaches, state) do - with {:ok, roaches} <- read_secret() do - Enum.each(roaches, &upsert_roach/1) + case read_secret() do + {:ok, roaches} -> + Enum.each(roaches, &upsert_roach/1) + err -> + Logger.warn "failed to fetch available cockroach clusters: #{inspect(err)}" end {:noreply, state} end diff --git a/plural/helm/plural/templates/rbac.yaml b/plural/helm/plural/templates/rbac.yaml index 0e74d4376..279d6f6d4 100644 --- a/plural/helm/plural/templates/rbac.yaml +++ b/plural/helm/plural/templates/rbac.yaml @@ -8,6 +8,9 @@ rules: - apiGroups: [""] resources: ["endpoints", "pods"] verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] - apiGroups: ["batch", "extensions"] resources: ["jobs"] verbs: ["get", "list", "watch"]