Merge pull request #37 from coveooss/feature/updates-n-ci

Update all dependencies and add a CI job
coveooss · Jan 19, 2024 · 443c7bc · 443c7bc
2 parents 0b11835 + a37a4c0
commit 443c7bc
Show file tree

Hide file tree

Showing 16 changed files with 1,478 additions and 1,083 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,4 @@
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# those users will be requested for review when someone opens a pull request.
+* @JPLachance @mireaulf @marcantoinecleroux
diff --git a/renovate.json5 → .github/renovate.json5 b/renovate.json5 → .github/renovate.json5
@@ -13,11 +13,16 @@
     "bot"
   ],
   "prConcurrentLimit": 3,
-  "prHeader": "DT-5590 <- Put your own jira issue here by setting the `prHeader` value in your renovate config",
+  "prHeader": "DEF-160",
   "rebaseWhen": "auto",
   "reviewersFromCodeOwners": true,
   "suppressNotifications": [
     "prIgnoreNotification"
   ],
-  "timezone": "America/Toronto"
+  "timezone": "America/Toronto",
+  "vulnerabilityAlerts": {
+    "labels": [
+      "security"
+    ]
+  }
 }
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,38 @@
+name: CI
+
+on:
+  workflow_dispatch: { }
+
+  push:
+    branches:
+      - master
+
+  pull_request:
+    branches:
+      - master
+    paths:
+      - 'src/**'
+      - 'tests/**'
+      - poetry.lock
+      - pyproject.toml
+      - '.github/workflows/**'
+
+jobs:
+  ci:
+    name: CI
+    runs-on: ubuntu-latest
+    steps:
+      - uses: coveo/stew@main
+        name: Stew
+        with:
+          python-version: "3.10"
+          project-name: aws_auth_eks_crd
+
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4
diff --git a/.gitignore b/.gitignore
@@ -292,9 +292,11 @@ terraform.rc
 # End of https://www.toptal.com/developers/gitignore/api/python,pycharm+all,visualstudiocode,terraform,terragrunt
 
 ### Custom Ignores ###
+.python-version
 
 # Test artifacts
 .ci/
+htmlcov/
 reports/
 
 # Deployment artifacts

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
diff --git a/README.md b/README.md
@@ -1,24 +1,75 @@
 # CRD controller for AWS EKS Authenticator
-[aws-iam-authenticator](https://github.com/kubernetes-sigs/aws-iam-authenticator) recently introduced the possibility to use custom resources to configure roles and user bindings.
-However, this version of the app is not available in EKS and is not planned to [at this moment](https://github.com/aws/containers-roadmap/issues/550).
-So here is an operator to reflect IamIdentityMappings changes in the aws-auth configmap.
+
+[aws-iam-authenticator](https://github.com/kubernetes-sigs/aws-iam-authenticator) introduced the possibility to
+use custom resources to configure roles and user bindings. However, this version of the app was not available in EKS. So
+here is an operator to reflect IamIdentityMappings changes in the aws-auth configmap.
+
+2024 update: Amazon EKS team has improved the cluster authentication (AuthN) and authorization (AuthZ) user experience
+with improved cluster access management controls. This operator is now *deprecated*.
+See [this](https://github.com/aws/containers-roadmap/issues/185)
+and [the official announcement](https://aws.amazon.com/blogs/containers/a-deep-dive-into-simplified-amazon-eks-access-management-controls/).
 
 ## Get started
-1. Install [poetry](https://python-poetry.org/)
-2. Install the dependencies in a virtual environment `poetry install`
-3. Add the git pre-commit hook `poetry run pre-commit install`.
-4. Make your IDE use the virtualenv that was created by poetry.
 
-To run all tests, use `poetry run pytest`
+Language: Python 3.10+
+
+### Step 1: Configure your Python environment
 
-To manually run all linters, use `pre-commit run` after staging your changes
+1. Install [pyenv](https://github.com/pyenv/pyenv#installation) to manage your Python environment
+2. Install Python 3.10.13
 
----
-**NOTE**
+```bash
+  pyenv install 3.10.13
+```
+
+3. In the repository, switch to the chosen Python version
+
+```bash
+  pyenv local 3.10.13
+```
 
-Every commit will be checked against all linters with pre-commit. If it fails, simply fix the issues, stage new changes, and commit again.
+### Step 2: Install [Coveo Stew](https://github.com/coveo/stew) dependencies (CI)
 
----
+1. [Install pipx](https://pypa.github.io/pipx/)
+2. [Install Poetry](https://python-poetry.org/docs/#installation)
+3. [Install Stew](https://github.com/coveo/stew#installation)
+
+### Step 3: Install Python dependencies
+
+1. Open a pyenv shell for the correct python version
+
+```bash
+pyenv shell 3.10.13
+```
+
+2. Configure Poetry to use our Python version
+
+```bash
+poetry env use $(pyenv which python)
+```
+
+3. Install the dependencies with Poetry for the first time.
+
+```bash
+poetry install
+```
+
+4. Run Stew.
+
+```bash
+stew ci
+```
+
+### Step 4: Set up PyCharm's environment
+
+1. Find the path of the virtual environment created by Poetry:
+
+```bash
+  poetry env info
+```
+
+2. Set that poetry environment as
+   your [PyCharm virtual environment for the project](https://www.jetbrains.com/help/pycharm/creating-virtual-environment.html)
 
 ## Test Operator
 
@@ -27,16 +78,16 @@ Every commit will be checked against all linters with pre-commit. If it fails, s
 You can also test the operator locally in a minikube context.
 
 | WARNING: Make sure you change your context to minikube before doing these commands. |
-| --- |
+|-------------------------------------------------------------------------------------|
 
 1. Create a test config-map `kubectl apply -f kubernetes/test/configmap.yaml`
 2. Create the IamIdentityMapping crd `kubectl apply -f kubernetes/iamidentitymappings.yaml`
 3. Inspect the current state of the configmap with `kubectl get cm -n kube-system aws-auth -o yaml`
-4. Start the operator in minikube `kopf run --dev --debug --standalone --liveness=http://:8080/healthz src/kubernetes_operator/iam_mapping.py`
+4. Start the operator in
+   minikube `kopf run --dev --debug --standalone --liveness=http://:8080/healthz src/kubernetes_operator/iam_mapping.py`
 5. Create, in a different terminal, an IamIdentityMapping `kubectl apply -f kubernetes/test/test-iam-rolearn.yaml`
 6. Verify the change is applied by the operator in the configmap with `kubectl get cm -n kube-system aws-auth -o yaml`
 
-
 ## Deploy
 
 ### With kubectl
@@ -54,7 +105,7 @@ You can also test the operator locally in a minikube context.
 ```bash
 # Choose a specific ref and tag if needed
 REF=master
-TAG=0.6.4
+TAG=0.7.0
 
 cat <<EOF > kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1

diff --git a/kubernetes/auth-operator.yaml b/kubernetes/auth-operator.yaml
@@ -25,7 +25,7 @@ spec:
             - --verbose
             - --liveness=http://0.0.0.0:8080/healthz
             - --standalone
-          image: coveo/aws-auth-operator:0.1
+          image: ghcr.io/coveooss/aws_auth_eks_crd:0.7.0
           imagePullPolicy: IfNotPresent
           name: operator
           ports:

diff --git a/kubernetes/kustomization.yaml b/kubernetes/kustomization.yaml
@@ -10,4 +10,4 @@ resources:
 images:
 - name: coveo/aws-auth-operator:0.1
   newName: ghcr.io/coveooss/aws_auth_eks_crd
-  newTag: 0.6.4
+  newTag: 0.7.0