feat: added cert manager capability as well as scores to install openshift subscription to community cert-manager operator

examples/cert_manager/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "sttest"
+name = "cert_manager"
 edition = "2024"
 version.workspace = true
 readme.workspace = true
@@ -8,14 +8,12 @@ publish = false
 
 [dependencies]
 harmony = { path = "../../harmony" }
-harmony_tui = { path = "../../harmony_tui" }
+harmony_cli = { path = "../../harmony_cli" }
 harmony_types = { path = "../../harmony_types" }
 cidr = { workspace = true }
 tokio = { workspace = true }
 harmony_macros = { path = "../../harmony_macros" }
-harmony_secret = { path = "../../harmony_secret" }
 log = { workspace = true }
 env_logger = { workspace = true }
 url = { workspace = true }
-serde = { workspace = true }
+assert_cmd = "2.0.16"
-brocade = { path = "../../brocade" }

examples/cert_manager/src/main.rs

@@ -0,0 +1,26 @@
+use harmony::{
+    inventory::Inventory,
+    modules::{
+        cert_manager::{
+            capability::CertificateManagementConfig, score_k8s::CertificateManagementScore,
+        },
+        postgresql::{PostgreSQLScore, capability::PostgreSQLConfig},
+    },
+    topology::K8sAnywhereTopology,
+};
+
+#[tokio::main]
+async fn main() {
+    let cert_manager = CertificateManagementScore {
+        config: CertificateManagementConfig {},
+    };
+
+    harmony_cli::run(
+        Inventory::autoload(),
+        K8sAnywhereTopology::from_env(),
+        vec![Box::new(cert_manager)],
+        None,
+    )
+    .await
+    .unwrap();
+}

examples/sttest/src/main.rs

@@ -1,160 +0,0 @@
-use std::{
-    net::{IpAddr, Ipv4Addr},
-    sync::{Arc, OnceLock},
-};
-
-use cidr::Ipv4Cidr;
-use harmony::{
-    config::secret::SshKeyPair,
-    data::{FileContent, FilePath},
-    hardware::{HostCategory, Location, PhysicalHost, SwitchGroup},
-    infra::{brocade::UnmanagedSwitch, opnsense::OPNSenseManagementInterface},
-    inventory::Inventory,
-    modules::{
-        http::StaticFilesHttpScore,
-        okd::{
-            bootstrap_dhcp::OKDBootstrapDhcpScore,
-            bootstrap_load_balancer::OKDBootstrapLoadBalancerScore, dhcp::OKDDhcpScore,
-            dns::OKDDnsScore, ipxe::OKDIpxeScore,
-        },
-        tftp::TftpScore,
-    },
-    topology::{LogicalHost, UnmanagedRouter},
-};
-use harmony_macros::{ip, mac_address};
-use harmony_secret::{Secret, SecretManager};
-use harmony_types::net::Url;
-use serde::{Deserialize, Serialize};
-
-#[tokio::main]
-async fn main() {
-    // env_logger::init();
-    let firewall = harmony::topology::LogicalHost {
-        ip: ip!("192.168.40.1"),
-        name: String::from("fw0"), // settings -> general -> hostname on the opnsense firewall
-    };
-
-    let switch_client = UnmanagedSwitch::init()
-    .await
-    .expect("Failed to connect to switch");
-
-    let switch_client = Arc::new(switch_client);
-
-    let opnsense = Arc::new(
-        harmony::infra::opnsense::OPNSenseFirewall::new(firewall, None, "root", "opnsense").await,
-    );
-    let lan_subnet = Ipv4Addr::new(192, 168, 40, 0);
-    let gateway_ipv4 = Ipv4Addr::new(192, 168, 40, 1);
-    let gateway_ip = IpAddr::V4(gateway_ipv4);
-    let topology = harmony::topology::HAClusterTopology {
-        kubeconfig: None,
-        domain_name: "sttest0.harmony.mcd".to_string(), // TODO this must be set manually correctly
-        // when setting up the opnsense firewall in settings -> general -> domain
-        router: Arc::new(UnmanagedRouter::new(
-            gateway_ip,
-            Ipv4Cidr::new(lan_subnet, 24).unwrap(),
-        )),
-        load_balancer: opnsense.clone(),
-        firewall: opnsense.clone(),
-        tftp_server: opnsense.clone(),
-        http_server: opnsense.clone(),
-        dhcp_server: opnsense.clone(),
-        dns_server: opnsense.clone(),
-        control_plane: vec![
-            LogicalHost {
-                ip: ip!("192.168.40.20"),
-                name: "cp0".to_string(),
-            },
-            LogicalHost {
-                ip: ip!("192.168.40.21"),
-                name: "cp1".to_string(),
-            },
-            LogicalHost {
-                ip: ip!("192.168.40.22"),
-                name: "cp2".to_string(),
-            },
-        ],
-        bootstrap_host: LogicalHost {
-            ip: ip!("192.168.40.66"),
-            name: "bootstrap".to_string(),
-        },
-        workers: vec![
-            LogicalHost {
-                ip: ip!("192.168.40.30"),
-                name: "wk0".to_string(),
-            },
-        ],
-        node_exporter: opnsense.clone(),
-        switch_client: switch_client.clone(),
-        network_manager: OnceLock::new(),
-    };
-
-    let inventory = Inventory {
-        location: Location::new("I am mobile".to_string(), "earth".to_string()),
-        switch: SwitchGroup::from([]),
-        firewall_mgmt: Box::new(OPNSenseManagementInterface::new()),
-        storage_host: vec![],
-        worker_host: vec![
-            PhysicalHost::empty(HostCategory::Server)
-                .mac_address(mac_address!("64:00:6A:88:A3:50")),
-        ],
-        control_plane_host: vec![
-            PhysicalHost::empty(HostCategory::Server)
-                .mac_address(mac_address!("F4:39:09:16:65:33")),
-            PhysicalHost::empty(HostCategory::Server)
-                .mac_address(mac_address!("F4:39:09:07:C8:F2")),
-            PhysicalHost::empty(HostCategory::Server)
-                .mac_address(mac_address!("F4:39:09:16:65:EA")),
-        ],
-    };
-
-    // TODO regroup smaller scores in a larger one such as this
-    // let okd_boostrap_preparation();
-
-    let bootstrap_dhcp_score = OKDBootstrapDhcpScore::new(&topology, &inventory);
-    let bootstrap_load_balancer_score = OKDBootstrapLoadBalancerScore::new(&topology);
-    let dhcp_score = OKDDhcpScore::new(&topology, &inventory);
-    let dns_score = OKDDnsScore::new(&topology);
-    let load_balancer_score =
-        harmony::modules::okd::load_balancer::OKDLoadBalancerScore::new(&topology);
-
-    let ssh_key = SecretManager::get_or_prompt::<SshKeyPair>().await.unwrap();
-
-    let tftp_score = TftpScore::new(Url::LocalFolder("./data/watchguard/tftpboot".to_string()));
-    let http_score = StaticFilesHttpScore {
-        folder_to_serve: Some(Url::LocalFolder(
-            "./data/watchguard/pxe-http-files".to_string(),
-        )),
-        files: vec![],
-        remote_path: None,
-    };
-
-    let kickstart_filename = "inventory.kickstart".to_string();
-    let harmony_inventory_agent = "harmony_inventory_agent".to_string();
-
-    let ipxe_score = OKDIpxeScore {
-        kickstart_filename,
-        harmony_inventory_agent,
-        cluster_pubkey: FileContent {
-            path: FilePath::Relative("cluster_ssh_key.pub".to_string()),
-            content: ssh_key.public,
-        },
-    };
-
-    harmony_tui::run(
-        inventory,
-        topology,
-        vec![
-            // Box::new(dns_score),
-            Box::new(bootstrap_dhcp_score),
-            // Box::new(bootstrap_load_balancer_score),
-            // Box::new(load_balancer_score),
-            // Box::new(tftp_score),
-            // Box::new(http_score),
-            // Box::new(ipxe_score),
-            // Box::new(dhcp_score),
-        ],
-    )
-    .await
-    .unwrap();
-}

harmony/src/domain/topology/k8s_anywhere/k8s_anywhere.rs

@@ -17,6 +17,10 @@ use crate::{
     interpret::InterpretStatus,
     inventory::Inventory,
     modules::{
+        cert_manager::{
+            capability::{CertificateManagement, CertificateManagementConfig},
+            operator::CertManagerOperatorScore,
+        },
         k3d::K3DInstallationScore,
         k8s::ingress::{K8sIngressScore, PathType},
         monitoring::{
@@ -359,6 +363,27 @@ impl Serialize for K8sAnywhereTopology {
     }
 }
 
+#[async_trait]
+impl CertificateManagement for K8sAnywhereTopology {
+    async fn install(
+        &self,
+        config: &CertificateManagementConfig,
+    ) -> Result<PreparationOutcome, PreparationError> {
+        let cert_management_operator = CertManagerOperatorScore::default();
+
+        cert_management_operator
+            .interpret(&Inventory::empty(), self)
+            .await
+            .map_err(|e| PreparationError { msg: e.to_string() })?;
+        Ok(PreparationOutcome::Success {
+            details: format!(
+                "Installed cert-manager into ns: {}",
+                cert_management_operator.namespace
+            ),
+        })
+    }
+}
+
 impl K8sAnywhereTopology {
     pub fn from_env() -> Self {
         Self {

harmony/src/modules/cert_manager/capability.rs

@@ -0,0 +1,18 @@
+use async_trait::async_trait;
+use serde::Serialize;
+
+use crate::{
+    interpret::Outcome,
+    topology::{PreparationError, PreparationOutcome},
+};
+
+#[async_trait]
+pub trait CertificateManagement: Send + Sync {
+    async fn install(
+        &self,
+        config: &CertificateManagementConfig,
+    ) -> Result<PreparationOutcome, PreparationError>;
+}
+
+#[derive(Debug, Clone, Serialize)]
+pub struct CertificateManagementConfig {}

harmony/src/modules/cert_manager/mod.rs

@@ -1,3 +1,6 @@
+pub mod capability;
 pub mod cluster_issuer;
 mod helm;
+pub mod operator;
+pub mod score_k8s;
 pub use helm::*;

harmony/src/modules/cert_manager/operator.rs

@@ -0,0 +1,64 @@
+use kube::api::ObjectMeta;
+use serde::Serialize;
+
+use crate::{
+    interpret::Interpret,
+    modules::k8s::{
+        apps::crd::{Subscription, SubscriptionSpec},
+        resource::K8sResourceScore,
+    },
+    score::Score,
+    topology::{K8sclient, Topology, k8s::K8sClient},
+};
+
+/// Install the Cert-Manager Operator via RedHat Community Operators registry.redhat.io/redhat/community-operator-index:v4.19
+/// This Score creates a Subscription CR in the specified namespace
+
+#[derive(Debug, Clone, Serialize)]
+pub struct CertManagerOperatorScore {
+    pub namespace: String,
+    pub channel: String,
+    pub install_plan_approval: String,
+    pub source: String,
+    pub source_namespace: String,
+}
+
+impl Default for CertManagerOperatorScore {
+    fn default() -> Self {
+        Self {
+            namespace: "openshift-operators".to_string(),
+            channel: "stable".to_string(),
+            install_plan_approval: "Automatic".to_string(),
+            source: "community-operators".to_string(),
+            source_namespace: "openshift-marketplace".to_string(),
+        }
+    }
+}
+
+impl<T: Topology + K8sclient> Score<T> for CertManagerOperatorScore {
+    fn name(&self) -> String {
+        "CertManagerOperatorScore".to_string()
+    }
+
+    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
+        let metadata = ObjectMeta {
+            name: Some("cert-manager".to_string()),
+            namespace: Some(self.namespace.clone()),
+            ..ObjectMeta::default()
+        };
+
+        let spec = SubscriptionSpec {
+            channel: Some(self.channel.clone()),
+            config: None,
+            install_plan_approval: Some(self.install_plan_approval.clone()),
+            name: "cert-manager".to_string(),
+            source: self.source.clone(),
+            source_namespace: self.source_namespace.clone(),
+            starting_csv: None,
+        };
+
+        let subscription = Subscription { metadata, spec };
+
+        K8sResourceScore::single(subscription, Some(self.namespace.clone())).create_interpret()
+    }
+}

harmony/src/modules/cert_manager/score_k8s.rs

@@ -0,0 +1,66 @@
+use async_trait::async_trait;
+use harmony_types::id::Id;
+use serde::Serialize;
+
+use crate::{
+    data::Version,
+    interpret::{Interpret, InterpretError, InterpretName, InterpretStatus, Outcome},
+    inventory::Inventory,
+    modules::cert_manager::capability::{CertificateManagement, CertificateManagementConfig},
+    score::Score,
+    topology::Topology,
+};
+
+#[derive(Debug, Clone, Serialize)]
+pub struct CertificateManagementScore {
+    pub config: CertificateManagementConfig,
+}
+
+impl<T: Topology + CertificateManagement> Score<T> for CertificateManagementScore {
+    fn name(&self) -> String {
+        "CertificateManagementScore".to_string()
+    }
+
+    fn create_interpret(&self) -> Box<dyn Interpret<T>> {
+        Box::new(CertificateManagementInterpret {
+            config: self.config.clone(),
+        })
+    }
+}
+
+#[derive(Debug)]
+struct CertificateManagementInterpret {
+    config: CertificateManagementConfig,
+}
+
+#[async_trait]
+impl<T: Topology + CertificateManagement> Interpret<T> for CertificateManagementInterpret {
+    async fn execute(
+        &self,
+        inventory: &Inventory,
+        topology: &T,
+    ) -> Result<Outcome, InterpretError> {
+        let cert_management = topology
+            .install(&self.config)
+            .await
+            .map_err(|e| InterpretError::new(e.to_string()))?;
+
+        Ok(Outcome::success(format!("Installed CertificateManagement")))
+    }
+
+    fn get_name(&self) -> InterpretName {
+        InterpretName::Custom("CertificateManagementInterpret")
+    }
+
+    fn get_version(&self) -> Version {
+        todo!()
+    }
+
+    fn get_status(&self) -> InterpretStatus {
+        todo!()
+    }
+
+    fn get_children(&self) -> Vec<Id> {
+        todo!()
+    }
+}

opnsense-config-xml/src/data/opnsense.rs

@@ -1153,7 +1153,7 @@ pub struct UnboundGeneral {
     pub local_zone_type: String,
     pub outgoing_interface: MaybeString,
     pub enable_wpad: MaybeString,
-    pub safesearch: Option<MaybeString>,
+    pub safesearch: MaybeString,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]
@@ -1421,7 +1421,7 @@ pub struct StaticRoutes {
     #[yaserde(attribute = true)]
     pub version: String,
     #[yaserde(rename = "route")]
-    pub route: Option<RawXml>,
+    pub route: Option<MaybeString>,
 }
 
 #[derive(Default, PartialEq, Debug, YaSerialize, YaDeserialize)]