feat: Add VSCode Devcontainer (#272)

* Add Remote devcontainer

linting fixes

remove args from launchjson

remove keyvault, debug deps

style fix

remove debug and kv docs

bug fixes

style fix

comment fixes

add .azure folder to root

comment fixes: Add GOPATH var instead of hardcoded path

Remove SHA from Kind K8s image

* add test config

* format

Co-authored-by: Sudharsan Srinivasan <[email protected]>
Co-authored-by: Rita Zhang <[email protected]>

.devcontainer/Dockerfile

@@ -0,0 +1,139 @@
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+FROM golang:1.15
+
+# Avoid warnings by switching to noninteractive
+ENV DEBIAN_FRONTEND=noninteractive
+# JQ Version
+ENV JQ_VERSION='1.5'
+# Helm Version
+ARG HELM_VERSION=3.0.2
+#Kind Version
+ARG KIND_VERSION=0.8.1
+# Kubernetes Version for Kubectl
+ARG KUBERNETES_VERSION=1.18.2
+
+# This Dockerfile adds a non-root user with sudo access. Use the "remoteUser"
+# property in devcontainer.json to use it. On Linux, the container user's GID/UIDs
+# will be updated to match your local UID/GID (when using the dockerFile property).
+# See https://aka.ms/vscode-remote/containers/non-root-user for details.
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+# Configure apt, install packages and tools
+RUN apt-get update \
+  && apt-get install -y apt-transport-https \
+  && apt-get -y install --no-install-recommends apt-utils gettext-base dnsutils dialog 2>&1 \
+  #
+  # Verify git, process tools, lsb-release (common in install instructions for CLIs) installed
+  && apt-get -y install git openssh-client vim less iproute2 procps lsb-release \
+  #
+  # Install Go tools w/module support
+  && mkdir -p /tmp/gotools \
+  && cd /tmp/gotools \
+  && GO111MODULE=on go get -v golang.org/x/tools/gopls@latest 2>&1 \
+  && GO111MODULE=on go get -v \
+  honnef.co/go/tools/...@latest \
+  golang.org/x/tools/cmd/gorename@latest \
+  golang.org/x/tools/cmd/goimports@latest \
+  golang.org/x/tools/cmd/guru@latest \
+  golang.org/x/lint/golint@latest \
+  github.com/mdempsky/gocode@latest \
+  github.com/cweill/gotests/...@latest \
+  github.com/haya14busa/goplay/cmd/goplay@latest \
+  github.com/sqs/goreturns@latest \
+  github.com/josharian/impl@latest \
+  github.com/davidrjenni/reftools/cmd/fillstruct@latest \
+  github.com/uudashr/gopkgs/v2/cmd/gopkgs@latest  \
+  github.com/ramya-rao-a/go-outline@latest  \
+  github.com/acroca/go-symbols@latest  \
+  github.com/godoctor/godoctor@latest  \
+  github.com/rogpeppe/godef@latest  \
+  github.com/zmb3/gogetdoc@latest \
+  github.com/fatih/gomodifytags@latest  \
+  github.com/mgechev/revive@latest  \
+  github.com/go-delve/delve/cmd/dlv@latest 2>&1 \
+  #
+  # Install Go tools w/o module support
+  && go get -v github.com/alecthomas/gometalinter 2>&1 \
+  #
+  # Install gocode-gomod
+  && go get -x -d github.com/stamblerre/gocode 2>&1 \
+  && go build -o gocode-gomod github.com/stamblerre/gocode \
+  && mv gocode-gomod $GOPATH/bin/ \
+  #
+  # Install golangci-lint
+  && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin 2>&1 \
+  #
+  # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+  && groupadd --gid $USER_GID $USERNAME \
+  && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+  # [Optional] Add sudo support
+  && apt-get install -y sudo \
+  && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+  && chmod 0440 /etc/sudoers.d/$USERNAME \
+  # Add write permission for /go/pkg
+  && chmod -R a+w /go/pkg
+
+
+# Install jq utility
+RUN wget --no-check-certificate https://raw.githubusercontent.com/stedolan/jq/master/sig/jq-release.key -O /tmp/jq-release.key && \
+  wget --no-check-certificate https://raw.githubusercontent.com/stedolan/jq/master/sig/v${JQ_VERSION}/jq-linux64.asc -O /tmp/jq-linux64.asc && \
+  wget --no-check-certificate https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 -O /tmp/jq-linux64 && \
+  gpg --import /tmp/jq-release.key && \
+  gpg --verify /tmp/jq-linux64.asc /tmp/jq-linux64 && \
+  cp /tmp/jq-linux64 /usr/bin/jq && \
+  chmod +x /usr/bin/jq && \
+  rm -f /tmp/jq-release.key && \
+  rm -f /tmp/jq-linux64.asc && \
+  rm -f /tmp/jq-linux64
+
+RUN wget https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64 -O /tmp/yq_linux_amd64 \
+  && cp /tmp/yq_linux_amd64 /usr/bin/yq \
+  && chmod +x /usr/bin/yq \
+  && rm -rf /tmp/yq_linux_amd64
+
+# Install Docker CE CLI
+RUN apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common lsb-release \
+  && curl -fsSL https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]')/gpg | (OUT=$(apt-key add - 2>&1) || echo $OUT) \
+  && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) stable" \
+  && apt-get update \
+  && apt-get install -y docker-ce-cli
+
+# Install Azure CLI
+RUN apt-get install -y apt-transport-https curl gnupg2 lsb-release \
+  && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/azure-cli.list \
+  && curl -sL https://packages.microsoft.com/keys/microsoft.asc | apt-key add - 2>/dev/null \
+  && apt-get update \
+  && apt-get install -y azure-cli
+
+# Install Helm
+RUN mkdir -p /tmp/downloads/helm \
+    && curl -sL -o /tmp/downloads/helm.tar.gz https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz \
+    && tar -C /tmp/downloads/helm -zxvf /tmp/downloads/helm.tar.gz \
+    && mv /tmp/downloads/helm/linux-amd64/helm /usr/local/bin
+
+# Install Kubectl
+RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl \
+  && chmod +x ./kubectl \
+  && mv kubectl /usr/bin/kubectl
+
+# Install Kind
+RUN curl -LO https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64 \
+  && chmod +x ./kind-linux-amd64 \
+  && mv ./kind-linux-amd64 /usr/bin/kind
+
+# clean up
+RUN apt-get autoremove -y \
+  && apt-get clean -y \
+  && rm -rf /var/lib/apt/lists/* /go/src /tmp/gotools\
+  && rm -rf /tmp/downloads
+
+# Update this to "on" or "off" as appropriate
+ENV GO111MODULE=on
+
+# Switch back to dialog for any ad-hoc use of apt-get
+ENV DEBIAN_FRONTEND=dialog

.devcontainer/devcontainer.json

@@ -0,0 +1,26 @@
+{
+  "name": "Azure Key Vault provider for Secrets Store CSI driver",
+  "dockerFile": "Dockerfile",
+  "mounts": [
+    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind",
+    "source=${env:HOME}${env:USERPROFILE}/.azure,target=/root/.azure,type=bind"
+  ],
+  "workspaceMount": "src=${localWorkspaceFolder},dst=${env:GOPATH}/src/secrets-store-csi-driver-provider-azure,type=bind,consistency=cached",
+  "workspaceFolder": "${env:GOPATH}/src/secrets-store-csi-driver-provider-azure",
+  "settings": {
+    "terminal.integrated.shell.linux": "/bin/bash"
+  },
+  "runArgs": [
+    "--net=host",
+    "--cap-add=SYS_PTRACE",
+    "--security-opt",
+    "seccomp=unconfined"
+  ],
+  "extensions": [
+    "ms-vscode.azurecli",
+    "golang.go"
+  ],
+  "remoteEnv": {
+    "DEVCONTAINER": "true"
+  }
+}

Makefile

@@ -78,7 +78,7 @@ unit-test:
 	go test $(GO_FILES) -v
 
 KIND_VERSION ?= 0.6.0
-KIND_K8S_VERSION ?= 1.16.3
+KIND_K8S_VERSION ?= 1.18.2
 
 .PHONY: e2e-bootstrap
 e2e-bootstrap: install-helm
@@ -118,10 +118,12 @@ install-helm:
 	curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
 
 .PHONY: e2e-local-bootstrap
-e2e-local-bootstrap:
+e2e-local-bootstrap: build
 	kind create cluster --image kindest/node:v${KIND_K8S_VERSION} --config test/kind-config.yaml
 	make image
 	kind load docker-image --name kind $(DOCKER_IMAGE):$(IMAGE_VERSION)
+	# Create Dev namespace for local e2e-testing
+	kubectl create ns dev
 
 .PHONY: e2e-kind-cleanup
 e2e-kind-cleanup:

README.md

@@ -92,7 +92,7 @@ To provide identity to access key vault, refer to the following [section](#provi
   metadata:
     name: azure-kvname
   spec:
-    provider: azure                   
+    provider: azure
     parameters:
       usePodIdentity: "false"         # [OPTIONAL for Azure] if not provided, will default to "false"
       useVMManagedIdentity: "false"   # [OPTIONAL available for version > 0.0.4] if not provided, will default to "false"
@@ -151,8 +151,8 @@ The Azure Key Vault Provider offers four modes for accessing a Key Vault instanc
 
 To ensure your application is using the Secrets Store CSI driver, update your deployment yaml to use the `secrets-store.csi.k8s.io` driver and reference the `SecretProviderClass` resource created in the previous step.
 
-Update your [linux deployment yaml](examples/nginx-pod-inline-volume-service-principal.yaml) or [windows deployment yaml](examples/windows-pod-secrets-store-inline-volume-secret-providerclass.yaml) to use the Secrets Store CSI driver and reference the `SecretProviderClass` resource created in the previous step. 
-    
+Update your [linux deployment yaml](examples/nginx-pod-inline-volume-service-principal.yaml) or [windows deployment yaml](examples/windows-pod-secrets-store-inline-volume-secret-providerclass.yaml) to use the Secrets Store CSI driver and reference the `SecretProviderClass` resource created in the previous step.
+
   ```yaml
     volumes:
       - name: secrets-store-inline
@@ -189,7 +189,7 @@ To validate, once the pod is started, you should see the new mounted content at
 ## Azure Key Vault Provider Features
 
 ### Secret Content is Mounted on Pod Start
-On pod start and restart, the driver will call the Azure provider binary to retrieve the secret content from the Azure Key Vault instance you have specified in the `SecretProviderClass` custom resource. Then the content will be mounted to the container's file system. 
+On pod start and restart, the driver will call the Azure provider binary to retrieve the secret content from the Azure Key Vault instance you have specified in the `SecretProviderClass` custom resource. Then the content will be mounted to the container's file system.
 
 To validate, once the pod is started, you should see the new mounted content at the volume path specified in your deployment yaml.
 
@@ -211,15 +211,15 @@ kind: SecretProviderClass
 metadata:
   name: my-provider
 spec:
-  provider: azure                             
+  provider: azure
   secretObjects:                              # [OPTIONAL] SecretObject defines the desired state of synced K8s secret objects
   - data:
     - key: username                           # data field to populate
       objectName: foo1                        # name of the mounted content to sync. this could be the object name or the object alias
     secretName: foosecret                     # name of the Kubernetes Secret object
     type: Opaque                              # type of the Kubernetes Secret object e.g. Opaque, kubernetes.io/tls
 ```
-> NOTE: Here is the list of supported Kubernetes Secret types: `Opaque`, `kubernetes.io/basic-auth`, `bootstrap.kubernetes.io/token`, `kubernetes.io/dockerconfigjson`, `kubernetes.io/dockercfg`, `kubernetes.io/ssh-auth`, `kubernetes.io/service-account-token`, `kubernetes.io/tls`.  
+> NOTE: Here is the list of supported Kubernetes Secret types: `Opaque`, `kubernetes.io/basic-auth`, `bootstrap.kubernetes.io/token`, `kubernetes.io/dockerconfigjson`, `kubernetes.io/dockercfg`, `kubernetes.io/ssh-auth`, `kubernetes.io/service-account-token`, `kubernetes.io/tls`.
 
 - Here is a sample [`SecretProviderClass` custom resource](https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/master/test/bats/tests/azure/azure_synck8s_v1alpha1_secretproviderclass.yaml) that syncs a secret from Azure Key Vault to a Kubernetes secret.
 - To view an example of type `kubernetes.io/tls`, refer to the [ingress-controller-tls sample](sample/ingress-controller-tls/README.md#deploy-a-secretsproviderclass-resource)
@@ -287,7 +287,7 @@ please refer to [this guide](docs/custom-environments.md).
 
 ## Support
 
-Azure Key Vault Provider for Secrets Store CSI Driver is an open source project that is [**not** covered by the Microsoft Azure support policy](https://support.microsoft.com/en-us/help/2941892/support-for-linux-and-open-source-technology-in-azure). [Please search open issues here](https://github.com/Azure/secrets-store-csi-driver-provider-azure/issues), and if your issue isn't already represented please [open a new one](https://github.com/Azure/secrets-store-csi-driver-provider-azure/issues/new/choose). The project maintainers will respond to the best of their abilities.  
+Azure Key Vault Provider for Secrets Store CSI Driver is an open source project that is [**not** covered by the Microsoft Azure support policy](https://support.microsoft.com/en-us/help/2941892/support-for-linux-and-open-source-technology-in-azure). [Please search open issues here](https://github.com/Azure/secrets-store-csi-driver-provider-azure/issues), and if your issue isn't already represented please [open a new one](https://github.com/Azure/secrets-store-csi-driver-provider-azure/issues/new/choose). The project maintainers will respond to the best of their abilities.
 
 ## Presentations
 

docs/getting-certs-and-keys.md

@@ -1,6 +1,6 @@
 # Getting Certificates and Keys using Azure Key Vault Provider
 
-> Note: This behavior was introduced in 0.0.6 release of Azure Key Vault Provider for Secrets Store CSI Driver. This is backward incompatible with the prior releases. 
+> Note: This behavior was introduced in 0.0.6 release of Azure Key Vault Provider for Secrets Store CSI Driver. This is backward incompatible with the prior releases.
 
 The Azure Key Vault Provider for Secrets Store CSI Driver has been designed to closely align with the current behavior of  [az keyvault certificate/secret/key download](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest).
 

docs/remote-devcontainer.md

@@ -0,0 +1,47 @@
+# Contributing with VS Code Remote Container Extension
+
+ We have laid out steps for contributing to the **Azure Key Vault Provider for Secrets Store CSI Driver** using the `VS Code - Remote Container Extension`.
+
+## Prerequisites
+1. Azure Subscription
+
+## Fork and Clone Repository
+
+Before we dive into setting up a remote container environment, fork and clone the repository first. Once cloned, enter into the `root` folder of the project:
+
+  ```bash
+  $ cd secrets-store-csi-driver-provider-azure
+  ```
+
+## VS Code with Remote Container Extension
+
+The [VS Code Remote Container Extension](https://code.visualstudio.com/docs/remote/containers) utilizes the `.devcontainer` folder to build a remote container that will have all necessary dependencies installed to contribute to the **Azure Key Vault Provider for Secrets Store CSI Driver**.
+
+### Dependencies Included Inside The Remote Container
+
+- `yq and jq` command line utilities for manipulating YAML and JSON files
+- `Azure CLI` for access to your Azure Subscription
+  - Your `.azure` folder on your host machine is mounted into the container, so you will be logged in to the same Azure Subscription.
+- `kind` for to allow configuring and using KinD clusters
+- `helm` is installed to allow deployment of the Secrets Store CSI Driver and Provider helm charts
+- Go 1.15+
+
+### Set Up
+
+1. Open up the project in VS Code.
+2. In the bottom-left corner of VS Code click on the remote window icon as shown below:
+
+    ![open a remote window icon](/docs/images/bottom-left.png)
+
+3. Select `Remote-Containers: Reopen in Container` from the drop-down list
+
+    ![Reopen in Container](/docs/images/reopen-container.png)
+
+4. The Azure Key Vault Provider should now be opened inside a Remote Container!
+    - In the bottom-left you should see the tag updated to show: `Dev Container: Secrets Store CSI Driver Provider Azure`
+    - Open the [integrated terminal](https://code.visualstudio.com/docs/editor/integrated-terminal) with `ctrl + `\`.
+    - You can open up a bash shell in the container such as shown below:
+
+    ![remote dev container](/docs/images/container_open.png)
+
+Your Environment is now set up using the VS Code Remote Devcontainer Extension.