Skip to content

Commit

Permalink
Initial import of opfcli command line tool
Browse files Browse the repository at this point in the history 
This is my attempt at implementing what we talked about in
operate-first/SRE#299. It's an integrated command line tool written in
Go that currently provides equivalents for:

- onboarding.sh (called create-project)
- enable-monitoring.sh
- operate-first/apps#626 (called grant-access)

This is my first time writing Go, ever, so there may be lots of
non-idiomatic code. In your reviews, be kind, but be thorough smile.
  • Loading branch information
@larsks
larsks committed May 18, 2021
1 parent 36b2350 commit 5d5f33a
Show file tree
Hide file tree
Showing 25 changed files with 1,507 additions and 17 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
opfcli
200 changes: 183 additions & 17 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,33 +1,199 @@
# Operate First template for repositories
# opfcli

Derive new repositories from this template
## Building

List of featurese:
To build this tool from a checked out copy of the repository, run:

## License
```
go build
```

This will produce an executable named `opfcli`.

## Usage

```
A command line tool for Operate First GitOps.
Use opfcli to interact with an Operate First style Kubernetes
configuration repository.
Usage:
opfcli [command]
Available Commands:
create-group Create a group
create-project Onboard a new project into Operate First
enable-monitoring Enable monitoring for a Kubernetes namespace
grant-access Grant a group access to a namespace
help Help about any command
Flags:
-a, --app-name string application name (default "cluster-scope")
-f, --config string configuration file
-h, --help help for opfcli
-R, --repodir string path to opf repository
```

### create-group

```
Create a group.
Create the group resource and associated kustomization file
Usage:
opfcli create-group group [flags]
Flags:
-h, --help help for create-project
```

### create-project

```
Onboard a new project into Operate First.
- Register a new group
- Register a new namespace with appropriate role bindings for your group
Usage:
opfcli create-project projectName projectOwner [flags]
Flags:
-d, --description string Team description
-h, --help help for create-project
```

## enable-monitoring

```
Enable monitoring fora Kubernetes namespace.
This will add a RoleBinding to the target namespace that permits
Prometheus to access certain metrics about pods, services, etc.
This template ensures new repos are created compliant with [ADR 0001](https://www.operate-first.cloud/blueprints/blueprint/docs/adr/0001-use-gpl3-as-license.md) and use GNU GPL v3 license.
Usage:
opfcli enable-monitoring [flags]
## AI-CoE CI Github application
Flags:
-h, --help help for enable-monitoring
```

AI-CoE CI provides easy and quick integration for build pipelines and checks for pull requests.
### grant-access

An empty [`.aicoe-ci.yaml`](.aicoe-ci.yaml) is created here, disabling all checks via this CI provider by default. Documentation can be found [here](https://github.com/AICoE/aicoe-ci/).
```
Grant a group access to a namespace.
## Prow CI
Grant a group access to a namespace with the specifed role
(admin, edit, or view).
Prow is a CI provider developed for Kubernetes needs. Provides chat-ops management of pull requests, issues and declarative management for labels, branches and many more.
Usage:
opfcli grant-access namespace group role [flags]
We host our own deployment of Prow in Operate First available at [https://prow.operate-first.cloud/](https://prow.operate-first.cloud/).
Flags:
-h, --help help for grant-access
```

Supported commands are listed [here](https://prow.operate-first.cloud/command-help). We have also enabled Prow to consume on-repository configuration files. You can specify your config in [`.prow.yaml`](.prow.yaml). Additional centralized configuration can be found in the [thoth-application repository](https://github.com/thoth-station/thoth-application/tree/master/prow/overlays/cnv-prod).
Use "opfcli [command] --help" for more information about a command.

## Pre-commit
## Configuration

The `opfcli` command will look for a configuration file `.opfcli.yaml`
in two places:

- It first checks in the top level of the current git repository. If
you are running the `opfcli` command outside of a git repository it
will instead check the current directory.

- If it doesn't find a local configuration file, it will look for
`~/.opfcli.yaml`.

### Available configuration options

- `app-name` -- sets the name of the directory containing your YAML
resources. This defaults to `cluster-scope`.

## Examples

### Create a project

```
opfcli create-project project1 group1 -d "This is project1"
```

This will result in:

```
cluster-scope/
├── base
│   ├── core
│   │   └── namespaces
│   │   └── project1
│   │   ├── kustomization.yaml
│   │   └── namespace.yaml
│   └── user.openshift.io
│   └── groups
│   └── group1
│   ├── group.yaml
│   └── kustomization.yaml
└── components
└── project-admin-rolebindings
└── group1
├── kustomization.yaml
└── rbac.yaml
```

### Create a group

```
opfcli create-group group2
```

This will result in:

```
cluster-scope/
└── base
└── user.openshift.io
└── groups
└── group1
├── group.yaml
└── kustomization.yaml
```

### Grant access to a project

```
opfcli grant-access project1 group2 view
```

This will result in:

```
cluster-scope/components/project-view-rolebindings/
└── group2
├── kustomization.yaml
└── rbac.yaml
```

(And will modify
`cluster-scope/base/core/namespaces/project1/kustomization.yaml`)

## License

By extension to Prow, we define a default pre-commit config for new repositories. Default hook configuration can be found in [`.pre-commit-config.yaml`](.pre-commit-config.yaml). Pre-commit is executed via Prow, see [`.prow.yaml`](.prow.yaml) for details.
opfcli -- A tool for managing an Operate First style configuration repository.
Copyright (C) 2021 Operate First Team

We enable yamllint hook by default, since most of our repositories use yaml files extensively. Default configuration for this hook is located at [`yamllint-config.yaml`](yamllint-config.yaml).
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

To install and enable pre-commit locally please follow the instructions [here](https://pre-commit.com/#quick-start).
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

It is advised for all contributors to enable pre-commit git hook via `pre-commit install` after cloning any repo within Operate First.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Loading

0 comments on commit 5d5f33a

Please sign in to comment.