STONEBLD-1354 Create image repo automatically

Author: stuartwdouglas

cmd/controller/main.go

@@ -4,7 +4,11 @@ import (
 	"flag"
 	zap2 "go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
+	"io/ioutil"
+	"net/http"
 	"os"
+	"strings"
+
 	// needed for hack/update-codegen.sh
 	_ "k8s.io/code-generator"
 
@@ -15,6 +19,7 @@ import (
 
 	//+kubebuilder:scaffold:imports
 	"github.com/go-logr/logr"
+	"github.com/redhat-appstudio/image-controller/pkg/quay"
 	"github.com/redhat-appstudio/jvm-build-service/pkg/controller"
 	"github.com/redhat-appstudio/jvm-build-service/pkg/reconciler/util"
 )
@@ -52,8 +57,23 @@ func main() {
 	restConfig := ctrl.GetConfigOrDie()
 	klog.SetLogger(mainLog)
 
+	tokenPath := "/workspace/quaytoken"
+	tokenContent, err := ioutil.ReadFile(tokenPath)
+	if err != nil {
+		mainLog.Error(err, "unable to read quay token")
+	}
+	orgPath := "/workspace/organization"
+	orgContent, err := ioutil.ReadFile(orgPath)
+	if err != nil {
+		mainLog.Error(err, "unable to read quay organization")
+	}
+	var quayClient *quay.QuayClient
+	if orgContent != nil && tokenContent != nil {
+		client := quay.NewQuayClient(&http.Client{Transport: &http.Transport{}}, strings.TrimSpace(string(tokenContent)), "https://quay.io/api/v1")
+		quayClient = &client
+	}
+
 	var mgr ctrl.Manager
-	var err error
 	mopts := ctrl.Options{
 		MetricsBindAddress:     metricsAddr,
 		Port:                   9443,
@@ -65,7 +85,7 @@ func main() {
 	util.ImageTag = os.Getenv("IMAGE_TAG")
 	util.ImageRepo = os.Getenv("IMAGE_REPO")
 
-	mgr, err = controller.NewManager(restConfig, mopts)
+	mgr, err = controller.NewManager(restConfig, mopts, quayClient, string(orgContent))
 	if err != nil {
 		mainLog.Error(err, "unable to start manager")
 		os.Exit(1)

deploy/operator/base/deployment.yaml

@@ -13,6 +13,11 @@ spec:
       labels:
         app: hacbs-jvm-operator
     spec:
+      volumes:
+        - name: quaytoken
+          secret:
+            optional: true
+            secretName: quaytoken
       containers:
         - name: hacbs-jvm-operator
           image: hacbs-jvm-operator
@@ -30,4 +35,8 @@ spec:
             limits:
               memory: "512Mi"
               cpu: "500m"
+          volumeMounts:
+            - mountPath: "/workspace"
+              name: quaytoken
+              readOnly: true
       serviceAccountName: hacbs-jvm-operator

deploy/operator/base/rbac.yaml

@@ -102,8 +102,18 @@ rules:
     resourceNames:
       - jvm-build-image-secrets
       - jvm-build-git-secrets
+    verbs:
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    # note - tekton gives its controller read access to secrets, so any pods there can access secrets in the pods namespace
+    resources:
+      - secrets
     verbs:
       - get
+      - create
   - apiGroups:
       - "apps"
     resources:

go.mod

@@ -25,6 +25,7 @@ require (
 require (
 	github.com/CycloneDX/cyclonedx-go v0.7.0
 	github.com/google/go-containerregistry v0.12.0
+	github.com/redhat-appstudio/image-controller v0.0.0-20230606065013-5c7c65e0db05
 	github.com/redhat-appstudio/service-provider-integration-operator v0.9.1-0.20230420083506-cd7210b05b60
 	go.uber.org/zap v1.24.0
 )

go.sum

@@ -284,6 +284,8 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb
 github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE=
+github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -454,6 +456,8 @@ github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJf
 github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
 github.com/prometheus/statsd_exporter v0.21.0 h1:hA05Q5RFeIjgwKIYEdFd59xu5Wwaznf33yKI+pyX6T8=
 github.com/prometheus/statsd_exporter v0.21.0/go.mod h1:rbT83sZq2V+p73lHhPZfMc3MLCHmSHelCh9hSGYNLTQ=
+github.com/redhat-appstudio/image-controller v0.0.0-20230606065013-5c7c65e0db05 h1:g6fNvu8CLGgPdlmJtvcIAAxztS1IULFyVaOpJ2vyZP4=
+github.com/redhat-appstudio/image-controller v0.0.0-20230606065013-5c7c65e0db05/go.mod h1:6v+OpSt2oy3uuP16s4HUdShE9CR5HBSwwjL1fvbkKcg=
 github.com/redhat-appstudio/service-provider-integration-operator v0.9.1-0.20230420083506-cd7210b05b60 h1:Ga3vX9OSXwEpsHP+o+UMdFvl0nefSvb9aLE0o6N4lSs=
 github.com/redhat-appstudio/service-provider-integration-operator v0.9.1-0.20230420083506-cd7210b05b60/go.mod h1:N5YplXwOfhGK7hKq446zIHYPW6mbLeStvYkoPCcOCGs=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=

pkg/controller/controller.go

@@ -3,6 +3,7 @@ package controller
 import (
 	"context"
 	"fmt"
+	"github.com/redhat-appstudio/image-controller/pkg/quay"
 	"github.com/redhat-appstudio/jvm-build-service/pkg/metrics"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/selection"
@@ -34,7 +35,7 @@ var (
 	controllerLog = ctrl.Log.WithName("controller")
 )
 
-func NewManager(cfg *rest.Config, options ctrl.Options) (ctrl.Manager, error) {
+func NewManager(cfg *rest.Config, options ctrl.Options, quayClient *quay.QuayClient, quayOrgName string) (ctrl.Manager, error) {
 
 	// we have seen in e2e testing that this path can get invoked prior to the TaskRun CRD getting generated,
 	// and controller-runtime does not retry on missing CRDs.
@@ -134,7 +135,7 @@ func NewManager(cfg *rest.Config, options ctrl.Options) (ctrl.Manager, error) {
 		return nil, err
 	}
 
-	if err := jbsconfig.SetupNewReconcilerWithManager(mgr, spiPresent); err != nil {
+	if err := jbsconfig.SetupNewReconcilerWithManager(mgr, spiPresent, quayClient, quayOrgName); err != nil {
 		return nil, err
 	}
 

pkg/reconciler/jbsconfig/controller.go

@@ -1,15 +1,16 @@
 package jbsconfig
 
 import (
+	"github.com/redhat-appstudio/image-controller/pkg/quay"
 	"github.com/redhat-appstudio/jvm-build-service/pkg/apis/jvmbuildservice/v1alpha1"
 	"github.com/redhat-appstudio/service-provider-integration-operator/api/v1beta1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 )
 
-func SetupNewReconcilerWithManager(mgr ctrl.Manager, spiPresent bool) error {
-	r := newReconciler(mgr, spiPresent)
+func SetupNewReconcilerWithManager(mgr ctrl.Manager, spiPresent bool, quayClient *quay.QuayClient, quayOrgName string) error {
+	r := newReconciler(mgr, spiPresent, quayClient, quayOrgName)
 	builder := ctrl.NewControllerManagedBy(mgr).
 		For(&v1alpha1.JBSConfig{})
 	if spiPresent {