world-federation-of-advertisers · yunyeng · Feb 9, 2022 · Feb 9, 2022 · Feb 9, 2022 · Feb 18, 2022
diff --git a/build/variables.bzl b/build/variables.bzl
@@ -32,10 +32,12 @@ TEST_GOOGLE_CLOUD_SETTINGS = struct(
     cloud_storage_project = "$(cloud_storage_project)",
     cloud_storage_bucket = "$(cloud_storage_bucket)",
     tink_key_uri = "$(tink_key_uri)",
+    cloud_credentials_path = "$(cloud_credentials_path)",
 )
 
 # Config for Panel Exchange Client Example Daemon.
 EXAMPLE_DAEMON_CONFIG = struct(
     daemon_id = "$(daemon_id)",
     daemon_party_type = "$(daemon_party_type)",
+    recurring_exchange_id = "$(recurring_exchange_id)",
 )
diff --git a/src/main/k8s/base.cue b/src/main/k8s/base.cue
@@ -26,7 +26,7 @@ listObject: {
 
 objects: [ for objectSet in objectSets for object in objectSet {object}]
 
-objectSets: [ example_daemon_deployment ]
+objectSets: [ example_daemon_deployment]
 
 #AppName: "panel-exchange"
 
@@ -45,17 +45,18 @@ objectSets: [ example_daemon_deployment ]
 }
 
 #Deployment: {
-	_name:                  string
-	_image:                 string
-	_args:                  [...string]
-	_ports:                 [{containerPort: 8443}] | *[]
-	_restartPolicy:         string | *"Always"
-	_imagePullPolicy:       string | *"Never"
-	_jvmFlags:              string | *""
-	_resourceConfig:        #ResourceConfig
-	_secretName:            string | *null
-	apiVersion:             "apps/v1"
-	kind:                   "Deployment"
+	_name:  string
+	_image: string
+	_args: [...string]
+	_ports:           [{containerPort: 8443}] | *[]
+	_restartPolicy:   string | *"Always"
+	_imagePullPolicy: string | *"Never"
+	_jvmFlags:        string | *""
+	_credentialsPath: string | *""
+	_resourceConfig:  #ResourceConfig
+	_secretName:      string | *null
+	apiVersion:       "apps/v1"
+	kind:             "Deployment"
 	metadata: {
 		name: _name + "-deployment"
 		labels: {
@@ -86,25 +87,29 @@ objectSets: [ example_daemon_deployment ]
 					env: [{
 						name:  "JAVA_TOOL_OPTIONS"
 						value: _jvmFlags
-					}]
+					},
+						{
+							name:  "GOOGLE_APPLICATION_CREDENTIALS"
+							value: _credentialsPath
+						}]
 					if _secretName != null {
-					volumeMounts: [{
-						name:      _name + "-files"
-						mountPath: "/var/run/secrets/files"
-						readOnly:  true
-					}]
-				}
-				}]
-				if _secretName != null {
-				volumes: [{
-					name: _name + "-files"
-					secret: {
-						secretName: _secretName
+						volumeMounts: [{
+							name:      _name + "-files"
+							mountPath: "/var/run/secrets/files"
+							readOnly:  true
+						}]
 					}
 				}]
-			}
+				if _secretName != null {
+					volumes: [{
+						name: _name + "-files"
+						secret: {
+							secretName: _secretName
+						}
+					}]
+				}
 				restartPolicy: _restartPolicy
 			}
 		}
 	}
-}
+}
diff --git a/src/main/k8s/dev/BUILD.bazel b/src/main/k8s/dev/BUILD.bazel
@@ -3,15 +3,40 @@ load("//src/main/docker:images.bzl", "ALL_GKE_IMAGES")
 load("@wfa_rules_cue//cue:defs.bzl", "cue_export")
 
 cue_export(
-    name = "example_daemon_from_cue_gke",
-    srcs = ["example_daemon_gke.cue"],
+    name = "edp_example_daemon_gke",
+    srcs = ["edp_example_daemon_gke.cue"],
     cue_tags = {
-        "container_registry": IMAGE_REPOSITORY_SETTINGS.container_registry,
+        "daemon_id": EXAMPLE_DAEMON_CONFIG.daemon_id,
+        "recurring_exchange_id": EXAMPLE_DAEMON_CONFIG.recurring_exchange_id,
+        "cloud_storage_bucket": TEST_GOOGLE_CLOUD_SETTINGS.cloud_storage_bucket,
+        "container_registry": "gcr.io",
         "image_repo_prefix": IMAGE_REPOSITORY_SETTINGS.repository_prefix,
         "secret_name": TEST_GOOGLE_CLOUD_SETTINGS.secret_name,
-        "party_type": EXAMPLE_DAEMON_CONFIG.daemon_party_type,
         "tink_key_uri": TEST_GOOGLE_CLOUD_SETTINGS.tink_key_uri,
-        "private_ca_name": "20220126-brx-hab",
+        "cloud_credentials_path": TEST_GOOGLE_CLOUD_SETTINGS.cloud_credentials_path,
+        "private_ca_name": "20220217-zm6-cbh",
+        "private_ca_pool_id": "SomeCommonName",
+        "private_ca_location": "us-central1",
+    },
+    expression = "listObject",
+    filetype = "yaml",
+    tags = ["manual"],
+    deps = ["//src/main/k8s:base"],
+)
+
+cue_export(
+    name = "mp_example_daemon_gke",
+    srcs = ["mp_example_daemon_gke.cue"],
+    cue_tags = {
+        "daemon_id": EXAMPLE_DAEMON_CONFIG.daemon_id,
+        "recurring_exchange_id": EXAMPLE_DAEMON_CONFIG.recurring_exchange_id,
+        "cloud_storage_bucket": TEST_GOOGLE_CLOUD_SETTINGS.cloud_storage_bucket,
+        "container_registry": "gcr.io",
+        "image_repo_prefix": IMAGE_REPOSITORY_SETTINGS.repository_prefix,
+        "secret_name": TEST_GOOGLE_CLOUD_SETTINGS.secret_name,
+        "tink_key_uri": TEST_GOOGLE_CLOUD_SETTINGS.tink_key_uri,
+        "cloud_credentials_path": TEST_GOOGLE_CLOUD_SETTINGS.cloud_credentials_path,
+        "private_ca_name": "20220217-zm6-cbh",
         "private_ca_pool_id": "SomeCommonName",
         "private_ca_location": "us-central1",
     },
@@ -33,8 +58,16 @@ filegroup(
 )
 
 filegroup(
-    name = "k8s_deployment_config",
-    srcs = [":example_daemon_from_cue_gke.yaml"],
+    name = "edp_deployment_config",
+    srcs = [":edp_example_daemon_gke"],
+    data = [":all_archives"],
+    tags = ["manual"],
+    visibility = [":k8s_deployer"],
+)
+
+filegroup(
+    name = "mp_deployment_config",
+    srcs = [":mp_example_daemon_gke"],
     data = [":all_archives"],
     tags = ["manual"],
     visibility = [":k8s_deployer"],

diff --git a/src/main/k8s/dev/edp_example_daemon_gke.cue b/src/main/k8s/dev/edp_example_daemon_gke.cue
@@ -0,0 +1,96 @@
+// Copyright 2021 The Cross-Media Measurement Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// cue cmd dump src/main/k8s/edp_example_daemon_gke.cue >
+// src/main/k8s/edp_example_daemon_gke.yaml
+
+package k8s
+
+_container_registry:     string @tag("container_registry")
+_image_repo_prefix:      string @tag("image_repo_prefix")
+_cloud_storage_bucket:   string @tag("cloud_storage_bucket")
+_tink_key_uri:           string @tag("tink_key_uri")
+_cloud_credentials_path: string @tag("cloud_credentials_path")
+_secret_name:            string @tag("secret_name")
+_daemon_id:              string @tag("daemon_id")
+_recurring_exchange_id:  string @tag("recurring_exchange_id")
+_private_ca_name:        string @tag("private_ca_name")
+_private_ca_pool_id:     string @tag("private_ca_pool_id")
+_private_ca_location:    string @tag("private_ca_location")
+
+#GloudProject:            "halo-cmm-dev"
+#SpannerInstance:         "panelmatch-dev-instance"
+#KingdomPublicApiTarget:  "public.kingdom.dev.halo-cmm.org:8443"
+#ContainerRegistryPrefix: _container_registry + "/" + _image_repo_prefix
+#DefaultResourceConfig: {
+	replicas:              1
+	resourceRequestCpu:    "100m"
+	resourceLimitCpu:      "400m"
+	resourceRequestMemory: "256Mi"
+	resourceLimitMemory:   "512Mi"
+}
+
+_private_ca_flags: [
+	"--privateca-ca-name=\(_private_ca_name)",
+	"--privateca-pool-id=\(_private_ca_pool_id)",
+	"--privateca-ca-location=\(_private_ca_location)",
+	"--privateca-project-id=" + #GloudProject,
+]
+
+_tink_key_uri_flags: [
+	"--tink-key-uri=\(_tink_key_uri)",
+	"--tink-credential-path=\(_cloud_credentials_path)",
+]
+
+_exchange_api_flags: [
+	"--exchange-api-target=" + (#Target & {name: "v2alpha-public-api-server"}).target,
+	"--exchange-api-cert-host=localhost",
+]
+
+example_daemon_deployment: "example_daemon_deployment": #Deployment & {
+	_name:            "edp-panel-exchange-daemon"
+	_image:           #ContainerRegistryPrefix + "/example-panel-exchange-daemon"
+	_jvmFlags:        "-Xmx12g -Xms2g"
+	_imagePullPolicy: "Always"
+	_credentialsPath: _cloud_credentials_path
+	_resourceConfig:  #DefaultResourceConfig
+	_secretName:      _secret_name
+
+	_args:
+		_exchange_api_flags +
+		_tink_key_uri_flags +
+		_private_ca_flags +
+		[
+			"--id=\(_daemon_id)",
+			"--recurring-exchange-id=\(_recurring_exchange_id)",
+			"--party-type=DATA_PROVIDER",
+			"--tls-cert-file=/var/run/secrets/files/edp1_tls.pem",
+			"--tls-key-file=/var/run/secrets/files/edp1_tls.key",
+			"--cert-collection-file=/var/run/secrets/files/all_root_certs.pem",
+			"--blob-size-limit-bytes=1000000000",
+			"--storage-signing-algorithm=EC",
+			"--task-timeout=24h",
+			"--google-cloud-storage-bucket=\(_cloud_storage_bucket)",
+			"--google-cloud-storage-project=" + #GloudProject,
+			"--channel-shutdown-timeout=3s",
+			"--polling-interval=1m",
+			"--preprocessing-max-byte-size=1000000",
+			"--preprocessing-file-count=1000",
+			"--x509-common-name=SomeCommonName",
+			"--x509-organization=SomeOrganization",
+			"--x509-dns-name=example.com",
+			"--x509-valid-days=365",
+
+		]
+}
diff --git a/src/main/k8s/dev/example_daemon_gke.cue b/src/main/k8s/dev/example_daemon_gke.cue