Unifying CLI Servers

ci/dev-images.sed

@@ -3,5 +3,5 @@ s#registry.redhat.io/rhtas#quay.io/securesign#
 s#fulcio#fulcio-server#
 s#certificate-transparency#certificate-transparency-go#
 s#tuf-server#scaffold-tuf-server#
-s#client-server-cg#cli-client-server-cg#
+s#client-server#client-server#
 s#segment-reporting#segment-backup-job#

cmd/main.go

@@ -115,10 +115,8 @@ func main() {
 	utils.StringFlagOrEnv(&constants.BackfillRedisImage, "backfill-redis-image", "BACKFILL_REDIS_IMAGE", constants.BackfillRedisImage, "The image used for backfill redis.")
 	utils.StringFlagOrEnv(&constants.TufImage, "tuf-image", "TUF_IMAGE", constants.TufImage, "The image used for TUF.")
 	utils.StringFlagOrEnv(&constants.CTLogImage, "ctlog-image", "CTLOG_IMAGE", constants.CTLogImage, "The image used for ctlog.")
-	utils.StringFlagOrEnv(&constants.HttpServerImage, "client-server-image", "CLIENT_SERVER_IMAGE", constants.HttpServerImage, "The image used to serve our cli binary's.")
-	utils.StringFlagOrEnv(&constants.ClientServerImage_cg, "client-server-cg-image", "CLIENT_SERVER_CG_IMAGE", constants.ClientServerImage_cg, "The image used to serve cosign and gitsign.")
-	utils.StringFlagOrEnv(&constants.ClientServerImage_re, "client-server-re-image", "CLIENT_SERVER_RE_IMAGE", constants.ClientServerImage_re, "The image used to serve rekor-cli and the ec binary.")
-	utils.StringFlagOrEnv(&constants.ClientServerImage_f, "client-server-f-image", "CLIENT_SERVER_F_IMAGE", constants.ClientServerImage_f, "The image used to serve fetch-tsa-certs binary.")
+	utils.StringFlagOrEnv(&constants.HttpServerImage, "http-server-image", "HTTP_SERVER_IMAGE", constants.HttpServerImage, "The image used to serve our cli binary's.")
+	utils.StringFlagOrEnv(&constants.ClientServerImage, "client-server-image", "CLIENT_SERVER_IMAGE", constants.ClientServerImage, "The image used to serve cosign and gitsign.")
 	utils.StringFlagOrEnv(&constants.SegmentBackupImage, "segment-backup-job-image", "SEGMENT_BACKUP_JOB_IMAGE", constants.SegmentBackupImage, "The image used for the segment backup job")
 	flag.StringVar(&clidownload.CliHostName, "cli-server-hostname", "", "The hostname for the cli server")
 	utils.StringFlagOrEnv(&constants.TimestampAuthorityImage, "timestamp-authority-image", "TIMESTAMP_AUTHORITY_IMAGE", constants.TimestampAuthorityImage, "The image used for Timestamp Authority")

internal/clidownload/component.go

@@ -24,8 +24,6 @@ const (
 	sharedVolumeName   = "shared-data"
 	cliServerPortName  = "http"
 	cliServerPort      = 8080
-	cliBinaryPath      = "/opt/app-root/src/clients/*"
-	cliWebServerPath   = "/var/www/html/clients/"
 )
 
 var (
@@ -78,9 +76,29 @@ func (c *Component) Start(ctx context.Context) error {
 			"gitsign":         "gitsign is a CLI tool that allows you to digitally sign and verify git commits.",
 			"ec":              "Enterprise Contract CLI. Set of commands to help validate resources with the Enterprise Contract.",
 			"fetch-tsa-certs": "fetch-tsa-certs is a cli used to configure the kms and tink signer types for Timestamp Authority.",
+			"createtree":      "create-tree is a CLI tool which is used for creating new trees within trillian.",
+			"updatetree":      "update-tree is a CLI tool which is used for managing existing tress within trillian.",
 		} {
 			obj = append(obj, c.createConsoleCLIDownload(ns.Name, name, protocol+ingress.Spec.Rules[0].Host, description, labels))
 		}
+		tufftool := &consolev1.ConsoleCLIDownload{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "tuftool",
+				Namespace: ns.Name,
+				Labels:    labels,
+			},
+			Spec: consolev1.ConsoleCLIDownloadSpec{
+				Description: "tuftool is a Rust command-line utility for generating and signing TUF repositories.",
+				DisplayName: fmt.Sprintf("%s - Command Line Interface (CLI)", "tuftool-amd64.gz"),
+				Links: []consolev1.CLIDownloadLink{
+					{
+						Href: fmt.Sprintf("%s/clients/linux/%s-amd64.gz", protocol+ingress.Spec.Rules[0].Host, "tuftool"),
+						Text: fmt.Sprintf("Download %s for Linux x86_64", "tuftool"),
+					},
+				},
+			},
+		}
+		obj = append(obj, tufftool)
 	}
 
 	for _, o := range obj {
@@ -114,66 +132,17 @@ func (c *Component) createDeployment(namespace string, labels map[string]string)
 					Labels: labels,
 				},
 				Spec: core.PodSpec{
-					Volumes: []core.Volume{
-						{
-							Name: sharedVolumeName,
-							VolumeSource: core.VolumeSource{
-								EmptyDir: &core.EmptyDirVolumeSource{},
-							},
-						},
-					},
-					InitContainers: []core.Container{
-						{
-							Name:    "init-shared-data-cg",
-							Image:   constants.ClientServerImage_cg,
-							Command: []string{"sh", "-c", fmt.Sprintf("cp -r %s %s", cliBinaryPath, cliWebServerPath)},
-							VolumeMounts: []core.VolumeMount{
-								{
-									Name:      sharedVolumeName,
-									MountPath: cliWebServerPath,
-								},
-							},
-						},
-						{
-							Name:    "init-shared-data-re",
-							Image:   constants.ClientServerImage_re,
-							Command: []string{"sh", "-c", fmt.Sprintf("cp -r %s %s", cliBinaryPath, cliWebServerPath)},
-							VolumeMounts: []core.VolumeMount{
-								{
-									Name:      sharedVolumeName,
-									MountPath: cliWebServerPath,
-								},
-							},
-						},
-						{
-							Name:    "init-shared-data-f",
-							Image:   constants.ClientServerImage_f,
-							Command: []string{"sh", "-c", fmt.Sprintf("cp -r %s %s", cliBinaryPath, cliWebServerPath)},
-							VolumeMounts: []core.VolumeMount{
-								{
-									Name:      sharedVolumeName,
-									MountPath: cliWebServerPath,
-								},
-							},
-						},
-					},
 					Containers: []core.Container{
 						{
 							Name:            cliServerName,
-							Image:           constants.HttpServerImage,
+							Image:           constants.ClientServerImage,
 							ImagePullPolicy: core.PullAlways,
 							Ports: []core.ContainerPort{
 								{
 									ContainerPort: 8080,
 									Protocol:      core.ProtocolTCP,
 								},
 							},
-							VolumeMounts: []core.VolumeMount{
-								{
-									Name:      sharedVolumeName,
-									MountPath: cliWebServerPath,
-								},
-							},
 						},
 					},
 				},

internal/controller/constants/images.go

@@ -19,10 +19,9 @@ var (
 
 	CTLogImage = "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:6fef78c77e6b2a926d7535d46d86e7bbda3e30ad9d5d6653bcb96698b56594fc"
 
-	HttpServerImage         = "registry.access.redhat.com/ubi9/httpd-24@sha256:7874b82335a80269dcf99e5983c2330876f5fe8bdc33dc6aa4374958a2ffaaee"
-	ClientServerImage_cg    = "registry.redhat.io/rhtas/client-server-cg-rhel9@sha256:f0669481c6483c6025d925ec9ad64199acc44cee2aaf7ea6aab64e2bd5d85485"
-	ClientServerImage_re    = "registry.redhat.io/rhtas/client-server-re-rhel9@sha256:bde7470ea648ffd77fda2ea362858115b8086b92ffb8c2e3a74107f955f7c644"
-	ClientServerImage_f     = "registry.redhat.io/rhtas/client-server-f-rhel9@sha256:8c8c4bfcbc8728ee46a427a4179622e4437e3502aa4b29af7539bf2eee999ff6"
+	HttpServerImage = "registry.access.redhat.com/ubi9/httpd-24@sha256:7874b82335a80269dcf99e5983c2330876f5fe8bdc33dc6aa4374958a2ffaaee"
+
 	SegmentBackupImage      = "registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:c7fa18f6dec1fdd308d5a6ed74f5f6bf2bd30d6759d7d2464875b6e80f269fb2"
 	TimestampAuthorityImage = "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:d957041e1f10faf087333b9f1d39b2bb4b26edd37a812192e67771c423950def"
+	ClientServerImage       = "registry.redhat.io/rhtas/client-server-rhel9@sha256:ebb18fe7236c4c234ce8c634aea0932e4a2b50333ae3809cb34746c0fad0241c"
 )

test/e2e/cli_server_test.go

@@ -26,6 +26,12 @@ var _ = Describe("CliServer", Ordered, func() {
 		ctx        = context.TODO()
 	)
 
+	AfterEach(func() {
+		if CurrentSpecReport().Failed() && support.IsCIEnvironment() {
+			support.DumpNamespace(ctx, cli, "trusted-artifact-signer")
+		}
+	})
+
 	BeforeAll(func() {
 		cli, _ = support.CreateClient()
 		tr := &http.Transport{