feat: Scoped variable Support (#397)

* add core functions

* added the branch change API

* Add unit tests

* Allow source change only in customApp

* Refactor tests

* Add logs

* Refactor API

* Add API to change chart ref id

* Find app metrics

* Fix issues

* Patch winter soldier config

* Add flaggerCanary Check

* Add error message when env.Ovverride is not set

* Add source type check

* Add Spec for /orchestrator/app/ci-pipeline/patch-source

* Refactor and add spec

* added variable repo and service for entity mapping and history

* added audit

* added markers for integration points

* repository file added

* added markers for gojson validatipn for templates

* using variable names instead of ids

* var template resolve

* ScopedVariableService.go added

* folder structure changed

* changes in bean file added

* UTs

* adding integrations

* files added for restHandler and router

* signature change

* working build

* merged main and added integrations(partial) for config drafts

* added missing mappings

* bug fixed in variable definition

* tested for scoped variable

* nil pointer handled

* fixes and tests

* quotes handling in template added

* fixes

* fixes and tests

* parse template as stringify template

* json function added

* gloval variable not getting saved issues fixed

* issue in GetScopedVariableDataForVarIds fixed

* delete functionality added

* handle defaulted variables

* testing fixes

* testing fixes

* getting global variable issue fixed

* get scopeVariable function merged

* adding len check

* removed argo-cd assets copy, will fix later

* removed enity from validate

* added dockerfile update

* validation added

* validation added

* error handled for scope

* validation added for complex datatype

* file for schema json added

* nil value for payload added in case of empty variable

* error handling in rest handler

* resolved vars history

* yaml validator added

* validation for character length added

* more test cases

* passing cluster ID in config draft for scope resolution

* primitive type validation added

* differentiator added for string

* adding spec version check

* code refactored around variable definition

* bug fix

* sync dependencies

* added new spec with transformer

* type string to int

* bug fixed around getting scoped variable

* bug fixed around getting scoped variable

* bug fixed around transformer

* minor type change

* scope fix for latest saved config

* dockerfile

* sql down script added and some function moved to helper

* Revert "dockerfile"

This reverts commit ecf8637.

* env driven validation added

* added argo-cd asssets in vendor from main

* logger message added

* selector spec fix

* fix no variables found case

* fixes

* omitempty added for selectors

* validation removed for Selectors

* issue fixed around getting json

* variable type handling

* toInt and toBool func registered

* json template parsing

* json parser fix

* variable parser fix

* logging fix

* variable value duplication issue fixed

* variable service refactoring

* high level refactoring scopedvariableservice

* getting env repo call for clusterId removed

* cleaning and optimizing getScoped Data

* fix nil array

* go mod vendor

* refactoring variable helper

* cleaned comments

* added cache handling for getJson

* extended compounded qualifier logic for finding matched scope

* unit test case added for createVariable and IsValidPayload method

* bug fixes

* fix: Makefile correction (#3852)

* GOFLAGS flag introduced in

* ea makefile fix

* bug fixes

* feat: scoped vars squashed

* synced changes from feature branch d9bd011^..116728c

* getScoped variable with Details handling

* fixed logic for get scoped repo call

* enterprise sync

* added missing vendor files from main

* validation-error file added for showing error code 406 for validation

* validation-error file added for showing error code 406 for validation

* all test cases added for scoped variable service

* variable template parser

* oss sync miss

* refactored parseTemplate changes incorporated

* commented out duplicate test case

* short description and isSensitive is added

* pointer handling

* check added for superadmin to show data

* *** added in case of private variable

* test cases added for private variable

* test cases updated for private variable

* isRedacted is added for FE handling

* some code review changes done

* varType to Variable type

* name of documentation and description has been changed

* fixing last deployed deployment bug introduced after template parser code changes

* fixing last deployed deployment bug introduced after template parser code changes

* QA bug fix

* minor code cleaning

* typo fix

* cleaning dead comments

---------

Co-authored-by: Avdhesh Kumar <[email protected]>
Co-authored-by: avdhesh-devtron <[email protected]>
Co-authored-by: adi6859 <[email protected]>
Co-authored-by: Kripansh <[email protected]>
Co-authored-by: Prakash <[email protected]>

Author: 5 people

Wire.go

@@ -41,6 +41,7 @@ import (
 	"github.com/devtron-labs/devtron/api/module"
 	"github.com/devtron-labs/devtron/api/restHandler"
 	pipeline2 "github.com/devtron-labs/devtron/api/restHandler/app"
+	"github.com/devtron-labs/devtron/api/restHandler/scopedVariable"
 	"github.com/devtron-labs/devtron/api/router"
 	"github.com/devtron-labs/devtron/api/router/pubsub"
 	"github.com/devtron-labs/devtron/api/server"
@@ -122,6 +123,9 @@ import (
 	"github.com/devtron-labs/devtron/pkg/sql"
 	client2 "github.com/devtron-labs/devtron/pkg/user/casbin"
 	util3 "github.com/devtron-labs/devtron/pkg/util"
+	"github.com/devtron-labs/devtron/pkg/variables"
+	"github.com/devtron-labs/devtron/pkg/variables/parsers"
+	repository10 "github.com/devtron-labs/devtron/pkg/variables/repository"
 	util2 "github.com/devtron-labs/devtron/util"
 	"github.com/devtron-labs/devtron/util/argo"
 	util4 "github.com/devtron-labs/devtron/util/k8s"
@@ -248,6 +252,25 @@ func InitializeApp() (*App, error) {
 		wire.Bind(new(util.ChartTemplateService), new(*util.ChartTemplateServiceImpl)),
 		util.NewChartDeploymentServiceImpl,
 		wire.Bind(new(util.ChartDeploymentService), new(*util.ChartDeploymentServiceImpl)),
+
+		//scoped variables start
+		variables.NewScopedVariableServiceImpl,
+		wire.Bind(new(variables.ScopedVariableService), new(*variables.ScopedVariableServiceImpl)),
+
+		parsers.NewVariableTemplateParserImpl,
+		wire.Bind(new(parsers.VariableTemplateParser), new(*parsers.VariableTemplateParserImpl)),
+		repository10.NewVariableEntityMappingRepository,
+		wire.Bind(new(repository10.VariableEntityMappingRepository), new(*repository10.VariableEntityMappingRepositoryImpl)),
+
+		repository10.NewVariableSnapshotHistoryRepository,
+		wire.Bind(new(repository10.VariableSnapshotHistoryRepository), new(*repository10.VariableSnapshotHistoryRepositoryImpl)),
+		variables.NewVariableEntityMappingServiceImpl,
+		wire.Bind(new(variables.VariableEntityMappingService), new(*variables.VariableEntityMappingServiceImpl)),
+		variables.NewVariableSnapshotHistoryServiceImpl,
+		wire.Bind(new(variables.VariableSnapshotHistoryService), new(*variables.VariableSnapshotHistoryServiceImpl)),
+
+		//end
+
 		chart.NewChartServiceImpl,
 		wire.Bind(new(chart.ChartService), new(*chart.ChartServiceImpl)),
 		bulkAction.NewBulkUpdateServiceImpl,
@@ -446,6 +469,9 @@ func InitializeApp() (*App, error) {
 		chartConfig.NewPipelineConfigRepository,
 		wire.Bind(new(chartConfig.PipelineConfigRepository), new(*chartConfig.PipelineConfigRepositoryImpl)),
 
+		repository10.NewScopedVariableRepository,
+		wire.Bind(new(repository10.ScopedVariableRepository), new(*repository10.ScopedVariableRepositoryImpl)),
+
 		repository.NewLinkoutsRepositoryImpl,
 		wire.Bind(new(repository.LinkoutsRepository), new(*repository.LinkoutsRepositoryImpl)),
 
@@ -643,6 +669,11 @@ func InitializeApp() (*App, error) {
 		restHandler.NewCommonRestHandlerImpl,
 		wire.Bind(new(restHandler.CommonRestHandler), new(*restHandler.CommonRestHandlerImpl)),
 
+		router.NewScopedVariableRouterImpl,
+		wire.Bind(new(router.ScopedVariableRouter), new(*router.ScopedVariableRouterImpl)),
+		scopedVariable.NewScopedVariableRestHandlerImpl,
+		wire.Bind(new(scopedVariable.ScopedVariableRestHandler), new(*scopedVariable.ScopedVariableRestHandlerImpl)),
+
 		util.NewGitCliUtil,
 
 		router.NewTelemetryRouterImpl,

api/bean/AppView.go

@@ -205,6 +205,7 @@ type Environment struct {
 	DeploymentAppDeleteRequest bool   `json:"deploymentAppDeleteRequest"`
 	Description                string `json:"description" validate:"max=40"`
 	IsVirtualEnvironment       bool   `json:"isVirtualEnvironment"`
+	ClusterId                  int    `json:"clusterId"`
 }
 
 type InstanceDetail struct {

api/restHandler/app/DeploymentPipelineRestHandler.go

@@ -17,6 +17,7 @@ import (
 	"github.com/devtron-labs/devtron/pkg/pipeline"
 	bean3 "github.com/devtron-labs/devtron/pkg/pipeline/bean"
 	"github.com/devtron-labs/devtron/pkg/user/casbin"
+	"github.com/devtron-labs/devtron/pkg/variables/models"
 	"github.com/go-pg/pg"
 	"github.com/gorilla/mux"
 	"go.opentelemetry.io/otel"
@@ -108,8 +109,11 @@ func (handler PipelineConfigRestHandlerImpl) ConfigureDeploymentTemplateForApp(w
 		return
 	}
 	chartRefId := templateRequest.ChartRefId
-
-	validate, err2 := handler.chartService.DeploymentTemplateValidate(r.Context(), templateRequest.ValuesOverride, chartRefId)
+	//VARIABLE_RESOLVE
+	scope := models.Scope{
+		AppId: templateRequest.AppId,
+	}
+	validate, err2 := handler.chartService.DeploymentTemplateValidate(r.Context(), templateRequest.ValuesOverride, chartRefId, scope)
 	if !validate {
 		common.WriteJsonResp(w, err2, nil, http.StatusBadRequest)
 		return
@@ -570,7 +574,13 @@ func (handler PipelineConfigRestHandlerImpl) ChangeChartRef(w http.ResponseWrite
 		return
 	}
 
-	validate, err2 := handler.chartService.DeploymentTemplateValidate(r.Context(), envConfigProperties.EnvOverrideValues, envConfigProperties.ChartRefId)
+	//VARIABLE_RESOLVE
+	scope := models.Scope{
+		AppId:     request.AppId,
+		EnvId:     request.EnvId,
+		ClusterId: envConfigProperties.ClusterId,
+	}
+	validate, err2 := handler.chartService.DeploymentTemplateValidate(r.Context(), envConfigProperties.EnvOverrideValues, envConfigProperties.ChartRefId, scope)
 	if !validate {
 		handler.Logger.Errorw("validation err, UpdateAppOverride", "err", err2, "payload", request)
 		common.WriteJsonResp(w, err2, "validation err, UpdateAppOverrid", http.StatusBadRequest)
@@ -693,7 +703,13 @@ func (handler PipelineConfigRestHandlerImpl) EnvConfigOverrideCreate(w http.Resp
 	}
 
 	chartRefId := envConfigProperties.ChartRefId
-	validate, err2 := handler.chartService.DeploymentTemplateValidate(r.Context(), envConfigProperties.EnvOverrideValues, chartRefId)
+	//VARIABLE_RESOLVE
+	scope := models.Scope{
+		AppId:     appId,
+		EnvId:     environmentId,
+		ClusterId: envConfigProperties.ClusterId,
+	}
+	validate, err2 := handler.chartService.DeploymentTemplateValidate(r.Context(), envConfigProperties.EnvOverrideValues, chartRefId, scope)
 	if !validate {
 		handler.Logger.Errorw("validation err, UpdateAppOverride", "err", err2, "payload", envConfigProperties)
 		common.WriteJsonResp(w, err2, nil, http.StatusBadRequest)
@@ -802,7 +818,13 @@ func (handler PipelineConfigRestHandlerImpl) EnvConfigOverrideUpdate(w http.Resp
 		return
 	}
 	chartRefId := envConfigProperties.ChartRefId
-	validate, err2 := handler.chartService.DeploymentTemplateValidate(r.Context(), envConfigProperties.EnvOverrideValues, chartRefId)
+	//VARIABLE_RESOLVE
+	scope := models.Scope{
+		AppId:     appId,
+		EnvId:     envId,
+		ClusterId: envConfigProperties.ClusterId,
+	}
+	validate, err2 := handler.chartService.DeploymentTemplateValidate(r.Context(), envConfigProperties.EnvOverrideValues, chartRefId, scope)
 	if !validate {
 		handler.Logger.Errorw("validation err, UpdateAppOverride", "err", err2, "payload", envConfigProperties)
 		common.WriteJsonResp(w, err2, nil, http.StatusBadRequest)
@@ -1366,8 +1388,12 @@ func (handler PipelineConfigRestHandlerImpl) UpdateAppOverride(w http.ResponseWr
 		return
 	}
 	chartRefId := templateRequest.ChartRefId
+	//VARIABLE_RESOLVE
+	scope := models.Scope{
+		AppId: templateRequest.AppId,
+	}
 	_, span = otel.Tracer("orchestrator").Start(ctx, "chartService.DeploymentTemplateValidate")
-	validate, err2 := handler.chartService.DeploymentTemplateValidate(ctx, templateRequest.ValuesOverride, chartRefId)
+	validate, err2 := handler.chartService.DeploymentTemplateValidate(ctx, templateRequest.ValuesOverride, chartRefId, scope)
 	span.End()
 	if !validate {
 		handler.Logger.Errorw("validation err, UpdateAppOverride", "err", err2, "payload", templateRequest)

api/restHandler/scopedVariable/ScopedVariableRestHandler.go

@@ -0,0 +1,205 @@
+package scopedVariable
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/devtron-labs/devtron/api/restHandler/common"
+	"github.com/devtron-labs/devtron/pkg/bean"
+	"github.com/devtron-labs/devtron/pkg/pipeline"
+	"github.com/devtron-labs/devtron/pkg/user"
+	"github.com/devtron-labs/devtron/pkg/user/casbin"
+	"github.com/devtron-labs/devtron/pkg/variables"
+	"github.com/devtron-labs/devtron/pkg/variables/models"
+	"github.com/devtron-labs/devtron/pkg/variables/utils"
+	"github.com/devtron-labs/devtron/util"
+	"github.com/devtron-labs/devtron/util/rbac"
+	"go.uber.org/zap"
+	"gopkg.in/go-playground/validator.v9"
+	"net/http"
+	"strconv"
+)
+
+type ScopedVariableRestHandler interface {
+	CreateVariables(w http.ResponseWriter, r *http.Request)
+	GetScopedVariables(w http.ResponseWriter, r *http.Request)
+	GetJsonForVariables(w http.ResponseWriter, r *http.Request)
+}
+
+type ScopedVariableRestHandlerImpl struct {
+	logger                *zap.SugaredLogger
+	userAuthService       user.UserService
+	validator             *validator.Validate
+	pipelineBuilder       pipeline.PipelineBuilder
+	enforcerUtil          rbac.EnforcerUtil
+	enforcer              casbin.Enforcer
+	scopedVariableService variables.ScopedVariableService
+}
+type JsonResponse struct {
+	Manifest   *models.ScopedVariableManifest `json:"manifest"`
+	JsonSchema string                         `json:"jsonSchema"`
+}
+
+func NewScopedVariableRestHandlerImpl(logger *zap.SugaredLogger, userAuthService user.UserService, validator *validator.Validate, pipelineBuilder pipeline.PipelineBuilder, enforcerUtil rbac.EnforcerUtil, enforcer casbin.Enforcer, scopedVariableService variables.ScopedVariableService) *ScopedVariableRestHandlerImpl {
+	return &ScopedVariableRestHandlerImpl{
+		logger:                logger,
+		userAuthService:       userAuthService,
+		validator:             validator,
+		pipelineBuilder:       pipelineBuilder,
+		enforcerUtil:          enforcerUtil,
+		enforcer:              enforcer,
+		scopedVariableService: scopedVariableService,
+	}
+}
+func (handler *ScopedVariableRestHandlerImpl) CreateVariables(w http.ResponseWriter, r *http.Request) {
+	decoder := json.NewDecoder(r.Body)
+	userId, err := handler.userAuthService.GetLoggedInUser(r)
+	if userId == 0 || err != nil {
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+		return
+	}
+	request := models.VariableRequest{}
+	decoder.UseNumber()
+	err = decoder.Decode(&request)
+	if err != nil {
+		handler.logger.Errorw("request err, Save", "error", err, "request", request)
+		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		return
+	}
+	request.UserId = userId
+
+	// validate request
+	err = handler.validator.Struct(request)
+	if err != nil {
+		handler.logger.Errorw("struct validation err in CreateVariables", "err", err, "request", request)
+		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		return
+	}
+
+	payload := utils.ManifestToPayload(request.Manifest, userId)
+
+	// not logging bean object as it contains sensitive data
+	handler.logger.Infow("request payload received for variables")
+
+	// RBAC enforcer applying
+	isSuperAdmin, err := handler.userAuthService.IsSuperAdmin(int(userId))
+	if !isSuperAdmin || err != nil {
+		if err != nil {
+			handler.logger.Errorw("request err, CheckSuperAdmin", "err", err, "isSuperAdmin", isSuperAdmin)
+		}
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
+		return
+	}
+	//RBAC enforcer Ends
+	err = handler.scopedVariableService.CreateVariables(payload)
+	if err != nil {
+		if errors.As(err, &models.ValidationError{}) {
+			common.WriteJsonResp(w, err, nil, http.StatusNotAcceptable)
+		} else {
+			common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		}
+		return
+	}
+	common.WriteJsonResp(w, nil, nil, http.StatusOK)
+}
+func (handler *ScopedVariableRestHandlerImpl) GetScopedVariables(w http.ResponseWriter, r *http.Request) {
+	userId, err := handler.userAuthService.GetLoggedInUser(r)
+	if err != nil {
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+		return
+	}
+	isSuperAdmin, err := handler.userAuthService.IsSuperAdmin(int(userId))
+
+	if err != nil {
+		handler.logger.Errorw("request err, CheckSuperAdmin", "err", err, "isSuperAdmin", isSuperAdmin)
+		return
+	}
+
+	appIdQueryParam := r.URL.Query().Get("appId")
+	var appId int
+	appId, err = strconv.Atoi(appIdQueryParam)
+	if err != nil {
+		common.WriteJsonResp(w, err, "invalid appId", http.StatusBadRequest)
+		return
+	}
+
+	var scope models.Scope
+	scopeQueryParam := r.URL.Query().Get("scope")
+	if scopeQueryParam != "" {
+		if err := json.Unmarshal([]byte(scopeQueryParam), &scope); err != nil {
+			http.Error(w, "Invalid JSON format for 'scope' parameter", http.StatusBadRequest)
+			return
+		}
+	}
+	if scope.AppId != 0 && scope.AppId != appId {
+		http.Error(w, "scope.AppId provided in scope is not equal to appId", http.StatusBadRequest)
+		return
+	}
+
+	token := r.Header.Get("token")
+	var app *bean.CreateAppDTO
+	app, err = handler.pipelineBuilder.GetApp(appId)
+	if err != nil {
+		handler.logger.Errorw("service err, GetScopedVariables", "err", err, "payload", scope.AppId, scope.EnvId, scope.ClusterId)
+		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		return
+	}
+	handler.logger.Infow("request payload, GetScopedVariables", "payload", scope.AppId, scope.EnvId, scope.ClusterId)
+	resourceName := handler.enforcerUtil.GetAppRBACName(app.AppName)
+	if ok := handler.enforcer.Enforce(token, casbin.ResourceApplications, casbin.ActionGet, resourceName); !ok {
+		common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
+		return
+	}
+	var scopedVariableData []*models.ScopedVariableData
+
+	scopedVariableData, err = handler.scopedVariableService.GetScopedVariables(scope, nil, isSuperAdmin)
+	if err != nil {
+		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		return
+	}
+	common.WriteJsonResp(w, nil, scopedVariableData, http.StatusOK)
+
+}
+func (handler *ScopedVariableRestHandlerImpl) GetJsonForVariables(w http.ResponseWriter, r *http.Request) {
+	userId, err := handler.userAuthService.GetLoggedInUser(r)
+	if userId == 0 || err != nil {
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+		return
+	}
+	// not logging bean object as it contains sensitive data
+	handler.logger.Infow("request payload received for variables")
+
+	// RBAC enforcer applying
+	isSuperAdmin, err := handler.userAuthService.IsSuperAdmin(int(userId))
+	if !isSuperAdmin || err != nil {
+		if err != nil {
+			handler.logger.Errorw("request err, CheckSuperAdmin", "err", err, "isSuperAdmin", isSuperAdmin)
+		}
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
+		return
+	}
+	//RBAC enforcer Ends
+	//var payload *repository.Payload
+
+	payload, err := handler.scopedVariableService.GetJsonForVariables()
+	if err != nil {
+		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+		return
+	}
+
+	schema, err := util.GetSchemaFromType(models.ScopedVariableManifest{})
+	if err != nil {
+		common.WriteJsonResp(w, err, "schema cannot be generated for manifest type", http.StatusInternalServerError)
+		return
+	}
+
+	jsonResponse := JsonResponse{
+		JsonSchema: schema,
+	}
+
+	if payload != nil {
+		manifest := utils.PayloadToManifest(*payload)
+		jsonResponse.Manifest = &manifest
+	}
+	common.WriteJsonResp(w, nil, jsonResponse, http.StatusOK)
+}

api/router/ScopedVariableRouter.go

@@ -0,0 +1,34 @@
+package router
+
+import (
+	"github.com/devtron-labs/devtron/api/restHandler/scopedVariable"
+	"github.com/gorilla/mux"
+)
+
+type ScopedVariableRouter interface {
+	InitScopedVariableRouter(router *mux.Router)
+}
+
+type ScopedVariableRouterImpl struct {
+	scopedVariableRestHandler scopedVariable.ScopedVariableRestHandler
+}
+
+func NewScopedVariableRouterImpl(scopedVariableRestHandler scopedVariable.ScopedVariableRestHandler) *ScopedVariableRouterImpl {
+	router := &ScopedVariableRouterImpl{
+		scopedVariableRestHandler: scopedVariableRestHandler,
+	}
+	return router
+}
+
+func (impl ScopedVariableRouterImpl) InitScopedVariableRouter(router *mux.Router) {
+	router.Path("/variables").
+		HandlerFunc(impl.scopedVariableRestHandler.CreateVariables).
+		Methods("POST")
+	router.Path("/variables").
+		HandlerFunc(impl.scopedVariableRestHandler.GetScopedVariables).
+		Methods("GET")
+	router.Path("/variables/detail").
+		HandlerFunc(impl.scopedVariableRestHandler.GetJsonForVariables).
+		Methods("GET")
+
+}