Skip to content

feat: using image digest in deployment #4515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 46 commits into from
Jan 29, 2024
Merged

feat: using image digest in deployment #4515

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
26392d6
wip: pull image using digest support
iamayushm Dec 20, 2023
94fd31f
api spec for saving digest enforcement config
iamayushm Jan 3, 2024
b249b19
wip
iamayushm Jan 3, 2024
c067643
adding get api for digest config
iamayushm Jan 4, 2024
606c1a7
wip
iamayushm Jan 5, 2024
c839b45
main merge
iamayushm Jan 5, 2024
b3a2e2d
policy save and use code
iamayushm Jan 8, 2024
bfd0ce6
removing unused code
iamayushm Jan 8, 2024
dc1a1d1
dev testing fixes
iamayushm Jan 8, 2024
0e78bdc
refactoring transaction
iamayushm Jan 11, 2024
94a498e
imageDigest service name change
iamayushm Jan 11, 2024
06f3c62
fixing json nam
iamayushm Jan 11, 2024
03274a0
Merge branch 'main' into pulling-image-with-digest
iamayushm Jan 11, 2024
94f1e6f
removing hard coded config
iamayushm Jan 11, 2024
eb68871
removing unnecessary space
iamayushm Jan 11, 2024
828c38e
Merge branch 'main' into pulling-image-with-digest
iamayushm Jan 12, 2024
177ebce
marking images superseded and duplicate flag
iamayushm Jan 12, 2024
733282f
marking image superseded - dev testing changes
iamayushm Jan 15, 2024
e2d4cae
adding in precd-postcd
iamayushm Jan 15, 2024
f0c4742
wip
iamayushm Jan 15, 2024
a5b9c36
wip
iamayushm Jan 15, 2024
e1c506d
digest support in app clone
iamayushm Jan 16, 2024
1fcca05
updating cd-pipeline api
iamayushm Jan 17, 2024
5c16d2a
Merge branch 'main' into pulling-image-with-digest
iamayushm Jan 17, 2024
d32f1d0
removing superseded code
iamayushm Jan 18, 2024
8dc0e95
refactoring policy configuration code
iamayushm Jan 18, 2024
be69236
refactoring
iamayushm Jan 19, 2024
e3aa189
Merge branch 'main' into pulling-image-with-digest
iamayushm Jan 19, 2024
9e5a283
wip
iamayushm Jan 19, 2024
de62cd1
refactoring
iamayushm Jan 19, 2024
1e1f7dc
pr review changes
iamayushm Jan 19, 2024
05d2f58
removing unused method
iamayushm Jan 19, 2024
bd89b0e
Merge branch 'main' into pulling-image-with-digest
iamayushm Jan 19, 2024
cd96a5d
metadata in logs
iamayushm Jan 19, 2024
d648777
refactoring and code cleanuo
iamayushm Jan 22, 2024
c7b5dbf
Merge branch 'main' into pulling-image-with-digest
iamayushm Jan 22, 2024
82d2e41
migration script refactoring
iamayushm Jan 22, 2024
504e3ef
Merge branch 'main' into pulling-image-with-digest
iamayushm Jan 24, 2024
e1f1d26
migration script refactoring
iamayushm Jan 24, 2024
f1bb648
wip: fixing create flow id
iamayushm Jan 25, 2024
8836904
wip
iamayushm Jan 25, 2024
abb6e9f
main merge
iamayushm Jan 25, 2024
7f2f92d
wire fix
iamayushm Jan 25, 2024
fd43171
wip
iamayushm Jan 25, 2024
1fea2a5
wip
iamayushm Jan 25, 2024
a315539
Merge branch 'main' into pulling-image-with-digest
Ash-exp Jan 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Wire.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ import (
"github.com/devtron-labs/devtron/pkg/generateManifest"
"github.com/devtron-labs/devtron/pkg/git"
"github.com/devtron-labs/devtron/pkg/gitops"
"github.com/devtron-labs/devtron/pkg/imageDigestPolicy"
"github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs"
repository7 "github.com/devtron-labs/devtron/pkg/kubernetesResourceAuditLogs/repository"
"github.com/devtron-labs/devtron/pkg/notifier"
Expand Down Expand Up @@ -942,6 +943,9 @@ func InitializeApp() (*App, error) {
pipeline.NewPipelineConfigListenerServiceImpl,
wire.Bind(new(pipeline.PipelineConfigListenerService), new(*pipeline.PipelineConfigListenerServiceImpl)),
cron2.NewCronLoggerImpl,

imageDigestPolicy.NewImageDigestPolicyServiceImpl,
wire.Bind(new(imageDigestPolicy.ImageDigestPolicyService), new(*imageDigestPolicy.ImageDigestPolicyServiceImpl)),
)
return &App{}, nil
}
10 changes: 6 additions & 4 deletions cmd/external-app/wire_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions pkg/appClone/AppCloneService.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1021,6 +1021,7 @@ func (impl *AppCloneServiceImpl) CreateCdPipeline(req *cloneCdPipelineRequest, c
SourceToNewPipelineId: refCdPipeline.SourceToNewPipelineId,
RefPipelineId: refCdPipeline.Id,
ParentPipelineType: refCdPipeline.ParentPipelineType,
IsDigestEnforcedForPipeline: refCdPipeline.IsDigestEnforcedForPipeline,
}
if refCdPipeline.ParentPipelineType == "WEBHOOK" {
cdPipeline.CiPipelineId = 0
Expand Down
2 changes: 2 additions & 0 deletions pkg/bean/app.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -590,6 +590,8 @@ type CDPipelineConfigObject struct {
SwitchFromCiPipelineId int `json:"switchFromCiPipelineId"`
CDPipelineAddType CDPipelineAddType `json:"addType"`
ChildPipelineId int `json:"childPipelineId"`
IsDigestEnforcedForPipeline bool `json:"isDigestEnforcedForPipeline"`
IsDigestEnforcedForEnv bool `json:"isDigestEnforcedForEnv"`
}

type CDPipelineAddType string
Expand Down
1 change: 1 addition & 0 deletions pkg/cluster/EnvironmentService.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ type EnvironmentBean struct {
AppCount int `json:"appCount"`
IsVirtualEnvironment bool `json:"isVirtualEnvironment"`
AllowedDeploymentTypes []string `json:"allowedDeploymentTypes"`
IsDigestEnforcedForEnv bool `json:"isDigestEnforcedForEnv"`
}

type EnvDto struct {
Expand Down
1 change: 1 addition & 0 deletions pkg/devtronResource/bean/bean.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ const (
DEVTRON_RESOURCE_SEARCHABLE_KEY_APP_ID DevtronResourceSearchableKeyName = "APP_ID"
DEVTRON_RESOURCE_SEARCHABLE_KEY_ENV_ID DevtronResourceSearchableKeyName = "ENV_ID"
DEVTRON_RESOURCE_SEARCHABLE_KEY_CLUSTER_ID DevtronResourceSearchableKeyName = "CLUSTER_ID"
DEVTRON_RESOURCE_SEARCHABLE_KEY_PIPELINE_ID DevtronResourceSearchableKeyName = "PIPELINE_ID"
)

func (n DevtronResourceSearchableKeyName) ToString() string {
Expand Down
48 changes: 48 additions & 0 deletions pkg/imageDigestPolicy/bean.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package imageDigestPolicy

import (
"github.com/devtron-labs/devtron/pkg/resourceQualifiers"
"github.com/devtron-labs/devtron/pkg/sql"
"time"
)

func QualifierMappingDao(qualifierId, identifierKey, IdentifierValueInt int, identifierValueName string, userId int32) *resourceQualifiers.QualifierMapping {
return &resourceQualifiers.QualifierMapping{
ResourceId: resourceQualifiers.ImageDigestResourceId,
ResourceType: resourceQualifiers.ImageDigest,
QualifierId: qualifierId,
IdentifierKey: identifierKey,
IdentifierValueInt: IdentifierValueInt,
IdentifierValueString: identifierValueName,
Active: true,
AuditLog: sql.AuditLog{
CreatedOn: time.Now(),
CreatedBy: userId,
UpdatedOn: time.Now(),
UpdatedBy: userId,
},
}
}

type DigestPolicyConfigurationRequest struct {
PipelineId int
ClusterId int
EnvironmentId int
}

func (request DigestPolicyConfigurationRequest) getQualifierMappingScope() *resourceQualifiers.Scope {
return &resourceQualifiers.Scope{
EnvId: request.EnvironmentId,
ClusterId: request.ClusterId,
PipelineId: request.PipelineId,
}
}

type DigestPolicyConfigurationResponse struct {
DigestConfiguredForPipeline bool
DigestConfiguredForEnvOrCluster bool
}

func (config DigestPolicyConfigurationResponse) UseDigestForTrigger() bool {
return config.DigestConfiguredForPipeline
}
131 changes: 131 additions & 0 deletions pkg/imageDigestPolicy/imageDigestPolicyService.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
package imageDigestPolicy

import (
"github.com/devtron-labs/devtron/pkg/devtronResource"
"github.com/devtron-labs/devtron/pkg/devtronResource/bean"
"github.com/devtron-labs/devtron/pkg/resourceQualifiers"
"github.com/devtron-labs/devtron/pkg/sql"
"github.com/go-pg/pg"
"go.uber.org/zap"
"time"
)

type ImageDigestPolicyService interface {

//CreatePolicyForPipeline creates image digest policy for pipeline
CreatePolicyForPipeline(tx *pg.Tx, pipelineId int, pipelineName string, UserId int32) (int, error)

//CreatePolicyForPipelineIfNotExist creates image digest policy for pipeline if not already created
CreatePolicyForPipelineIfNotExist(tx *pg.Tx, pipelineId int, pipelineName string, UserId int32) (int, error)

//GetDigestPolicyConfigurations returns true if pipeline or env or cluster has image digest policy enabled
GetDigestPolicyConfigurations(digestConfigurationRequest DigestPolicyConfigurationRequest) (digestPolicyConfiguration DigestPolicyConfigurationResponse, err error)

//DeletePolicyForPipeline deletes image digest policy for a pipeline
DeletePolicyForPipeline(tx *pg.Tx, pipelineId int, userId int32) (int, error)
}

type ImageDigestPolicyServiceImpl struct {
logger *zap.SugaredLogger
qualifierMappingService resourceQualifiers.QualifierMappingService
devtronResourceSearchableKey devtronResource.DevtronResourceSearchableKeyService
}

func NewImageDigestPolicyServiceImpl(
logger *zap.SugaredLogger,
qualifierMappingService resourceQualifiers.QualifierMappingService,
devtronResourceSearchableKey devtronResource.DevtronResourceSearchableKeyService,
) *ImageDigestPolicyServiceImpl {
return &ImageDigestPolicyServiceImpl{
logger: logger,
qualifierMappingService: qualifierMappingService,
devtronResourceSearchableKey: devtronResourceSearchableKey,
}
}

func (impl ImageDigestPolicyServiceImpl) CreatePolicyForPipeline(tx *pg.Tx, pipelineId int, pipelineName string, UserId int32) (int, error) {

var qualifierMappingId int

devtronResourceSearchableKeyMap := impl.devtronResourceSearchableKey.GetAllSearchableKeyNameIdMap()

identifierKey := devtronResourceSearchableKeyMap[bean.DEVTRON_RESOURCE_SEARCHABLE_KEY_PIPELINE_ID]
identifierValue := pipelineId
qualifierMapping := QualifierMappingDao(int(resourceQualifiers.PIPELINE_QUALIFIER), identifierKey, identifierValue, pipelineName, UserId)
_, err := impl.qualifierMappingService.CreateQualifierMappings([]*resourceQualifiers.QualifierMapping{qualifierMapping}, tx)
if err != nil {
impl.logger.Errorw("error in creating image digest policy for pipeline", "err", err, "pipelineId", pipelineId)
return qualifierMapping.Id, err
}
qualifierMappingId = qualifierMapping.Id

return qualifierMappingId, nil
}

func (impl ImageDigestPolicyServiceImpl) CreatePolicyForPipelineIfNotExist(tx *pg.Tx, pipelineId int, pipelineName string, UserId int32) (int, error) {

var qualifierMappingId int

policyConfigurationRequest := DigestPolicyConfigurationRequest{PipelineId: pipelineId}
digestPolicyConfigurations, err := impl.GetDigestPolicyConfigurations(policyConfigurationRequest)
if err != nil {
impl.logger.Errorw("Error in checking if isDigestPolicyConfiguredForPipeline", "err", err, "pipelineId", pipelineId)
return 0, err
}

if !digestPolicyConfigurations.DigestConfiguredForPipeline {
qualifierMappingId, err = impl.CreatePolicyForPipeline(tx, pipelineId, pipelineName, UserId)
if err != nil {
impl.logger.Errorw("error in creating policy for pipeline", "err", "pipelineId", pipelineId)
return qualifierMappingId, nil
}
}
return qualifierMappingId, nil
}

func (impl ImageDigestPolicyServiceImpl) GetDigestPolicyConfigurations(digestConfigurationRequest DigestPolicyConfigurationRequest) (digestPolicyConfiguration DigestPolicyConfigurationResponse, err error) {

resourceIds := []int{resourceQualifiers.ImageDigestResourceId}

scope := digestConfigurationRequest.getQualifierMappingScope()

policyMappings, err := impl.qualifierMappingService.GetQualifierMappings(resourceQualifiers.ImageDigest, scope, resourceIds)
if err != nil && err != pg.ErrNoRows {
return digestPolicyConfiguration, err
}
if err == pg.ErrNoRows || len(policyMappings) == 0 {
return digestPolicyConfiguration, nil
}

devtronResourceSearchableKeyMap := impl.devtronResourceSearchableKey.GetAllSearchableKeyNameIdMap()
clusterIdentifierKey := devtronResourceSearchableKeyMap[bean.DEVTRON_RESOURCE_SEARCHABLE_KEY_CLUSTER_ID]
envIdentifierKey := devtronResourceSearchableKeyMap[bean.DEVTRON_RESOURCE_SEARCHABLE_KEY_ENV_ID]
pipelineIdentifierKey := devtronResourceSearchableKeyMap[bean.DEVTRON_RESOURCE_SEARCHABLE_KEY_PIPELINE_ID]

for _, policy := range policyMappings {
switch policy.IdentifierKey {
case clusterIdentifierKey, envIdentifierKey:
digestPolicyConfiguration.DigestConfiguredForEnvOrCluster = true
case pipelineIdentifierKey:
digestPolicyConfiguration.DigestConfiguredForPipeline = true
}
}

return digestPolicyConfiguration, nil
}

func (impl ImageDigestPolicyServiceImpl) DeletePolicyForPipeline(tx *pg.Tx, pipelineId int, userId int32) (int, error) {
auditLog := sql.AuditLog{
CreatedOn: time.Now(),
CreatedBy: userId,
UpdatedOn: time.Now(),
UpdatedBy: userId,
}
devtronResourceSearchableKeyMap := impl.devtronResourceSearchableKey.GetAllSearchableKeyNameIdMap()
err := impl.qualifierMappingService.DeleteByIdentifierKeyValue(resourceQualifiers.ImageDigest, devtronResourceSearchableKeyMap[bean.DEVTRON_RESOURCE_SEARCHABLE_KEY_PIPELINE_ID], pipelineId, auditLog, tx)
if err != nil {
impl.logger.Errorw("error in deleting image digest policy for pipeline", "err", err, "pipelineId", pipelineId)
return pipelineId, err
}
return pipelineId, nil
}
Loading