Add entitlement check in gitops-repo-broker (#170)

* Move entitlement into common package

* Add entitlement middleware to gitops-repo-broker API

* Wire in logr implementation

* Code review changes

* Increase timeout

* Add test to ensure middleware is wired up correctly to gitops-repo-broker

* Add test when no entitlement exist

* Code review changes

* Simplify scheme registration

Author: yiannistri

.github/workflows/deploy.yaml

@@ -24,7 +24,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot
@@ -111,7 +111,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Checkout code
       uses: actions/checkout@v2
     - name: Configure git for private modules
@@ -197,7 +197,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Checkout code
       uses: actions/checkout@v2
       with:

.github/workflows/nightly.yaml

@@ -23,7 +23,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot
@@ -137,7 +137,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Checkout code
       uses: actions/checkout@v2
       with:

.github/workflows/release.yaml

@@ -26,7 +26,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot

.github/workflows/test.yaml

@@ -54,7 +54,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot
@@ -109,7 +109,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot
@@ -194,7 +194,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot
@@ -246,7 +246,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot
@@ -319,7 +319,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot
@@ -436,7 +436,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16.x
+        go-version: 1.17.x
     - name: Configure git for private modules
       env:
         GITHUB_BUILD_USERNAME: wge-build-bot

Makefile

@@ -41,6 +41,7 @@ cmd/event-writer/$(UPTODATE): cmd/event-writer/Dockerfile cmd/event-writer/*
 		--build-arg=version=$(VERSION) \
 		--build-arg=image_tag=$(IMAGE_TAG) \
 		--build-arg=revision=$(GIT_REVISION) \
+		--build-arg=GITHUB_BUILD_TOKEN=$(GITHUB_BUILD_TOKEN) \
 		--tag $(IMAGE_PREFIX)$(subst wkp-,,$(shell basename $(@D))) \
 		--file cmd/event-writer/Dockerfile \
         .

charts/mccp/templates/gitops-repo-broker/deployment.yaml

@@ -20,6 +20,7 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      serviceAccountName: {{ include "mccp.serviceAccountName" . }}
       volumes:
       - name: git-key
         secret:

cmd/capi-server/app/server.go

@@ -14,13 +14,13 @@ import (
 	"github.com/weaveworks/go-checkpoint"
 	ent "github.com/weaveworks/weave-gitops-enterprise-credentials/pkg/entitlement"
 	capiv1 "github.com/weaveworks/weave-gitops-enterprise/cmd/capi-server/api/v1alpha1"
-	"github.com/weaveworks/weave-gitops-enterprise/cmd/capi-server/pkg/entitlement"
 	"github.com/weaveworks/weave-gitops-enterprise/cmd/capi-server/pkg/git"
 	capi_proto "github.com/weaveworks/weave-gitops-enterprise/cmd/capi-server/pkg/protos"
 	"github.com/weaveworks/weave-gitops-enterprise/cmd/capi-server/pkg/server"
 	"github.com/weaveworks/weave-gitops-enterprise/cmd/capi-server/pkg/templates"
 	"github.com/weaveworks/weave-gitops-enterprise/cmd/capi-server/pkg/version"
 	"github.com/weaveworks/weave-gitops-enterprise/common/database/utils"
+	"github.com/weaveworks/weave-gitops-enterprise/common/entitlement"
 	wego_proto "github.com/weaveworks/weave-gitops/pkg/api/applications"
 	"github.com/weaveworks/weave-gitops/pkg/middleware"
 	wego_server "github.com/weaveworks/weave-gitops/pkg/server"

cmd/capi-server/app/server_test.go

@@ -84,7 +84,7 @@ func createSecret(s string) *corev1.Secret {
 			Name:      "name",
 			Namespace: "namespace",
 		},
-		Type: "Opaque",
+		Type: corev1.SecretTypeOpaque,
 		Data: map[string][]byte{"entitlement": []byte(s)},
 	}
 }

cmd/capi-server/go.mod

@@ -4,7 +4,8 @@ go 1.17
 
 require (
 	github.com/fluxcd/go-git-providers v0.2.1-0.20210908163615-833963032787
-	github.com/golang-jwt/jwt/v4 v4.0.0
+	github.com/go-logr/logr v1.1.0
+	github.com/go-logr/zapr v1.1.0
 	github.com/google/go-cmp v0.5.6
 	github.com/google/go-github/v32 v32.1.0
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.5.0
@@ -19,19 +20,20 @@ require (
 	github.com/weaveworks/weave-gitops-enterprise-credentials v0.0.1
 	github.com/weaveworks/weave-gitops-enterprise/common v0.0.0-00010101000000-000000000000
 	github.com/xanzy/go-gitlab v0.43.0
+	go.uber.org/zap v1.19.0
 	golang.org/x/oauth2 v0.0.0-20210615190721-d04028783cf1
 	google.golang.org/genproto v0.0.0-20210617175327-b9e0b3197ced
 	google.golang.org/grpc v1.38.0
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0
 	google.golang.org/protobuf v1.27.1
 	gopkg.in/src-d/go-git.v4 v4.13.1
 	gorm.io/gorm v1.21.11
-	k8s.io/api v0.22.1
-	k8s.io/apimachinery v0.22.1
-	k8s.io/client-go v0.22.1
+	k8s.io/api v0.22.2
+	k8s.io/apimachinery v0.22.2
+	k8s.io/client-go v0.22.2
 	k8s.io/klog/v2 v2.9.0
 	sigs.k8s.io/cluster-api v0.3.16
-	sigs.k8s.io/controller-runtime v0.9.1
+	sigs.k8s.io/controller-runtime v0.9.6
 	sigs.k8s.io/kustomize/kyaml v0.11.0
 	sigs.k8s.io/yaml v1.2.0
 )
@@ -71,12 +73,11 @@ require (
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
 	github.com/go-git/go-git/v5 v5.4.2 // indirect
-	github.com/go-logr/logr v1.1.0 // indirect
-	github.com/go-logr/zapr v1.1.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.5 // indirect
 	github.com/go-openapi/swag v0.19.14 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.0.0 // indirect
 	github.com/golang/glog v0.0.0-20210429001901-424d2337a529 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
@@ -118,7 +119,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/onsi/gomega v1.13.0 // indirect
+	github.com/onsi/gomega v1.14.0 // indirect
 	github.com/pelletier/go-toml v1.9.3 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -136,7 +137,6 @@ require (
 	github.com/xanzy/ssh-agent v0.3.0 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.19.0 // indirect
 	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
 	golang.org/x/net v0.0.0-20210520170846-37e1c6afe023 // indirect
 	golang.org/x/sys v0.0.0-20210910150752-751e447fb3d0 // indirect
@@ -155,10 +155,10 @@ require (
 	gorm.io/datatypes v1.0.0 // indirect
 	gorm.io/driver/postgres v1.0.5 // indirect
 	gorm.io/driver/sqlite v1.1.4 // indirect
-	k8s.io/apiextensions-apiserver v0.21.2 // indirect
+	k8s.io/apiextensions-apiserver v0.21.3 // indirect
 	k8s.io/component-base v0.22.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
-	k8s.io/utils v0.0.0-20210707171843-4b05e18ac7d9 // indirect
+	k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a // indirect
 	sigs.k8s.io/kustomize/kstatus v0.0.2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
 )