fix: how we determine the domain name

* fix: how we determine the domain name is by looking up ingresses, for the ESP_DOMAIN look for the esm ingress and get its hostname
its a bit more complicated for grafana if its on a seperate unknown namespace so we just look for the first ingress

Change-Id: I4bce8e1628f1755e7ffce6078da902b756e83d04

* fix: domain name lookup
how we determine the domain name is by looking up ingresses, for the ESP_DOMAIN look for the esm ingress and get its hostname
its a bit more complicated for grafana if its on a seperate unknown namespace so we just look for the first ingress

create a seperate script to determine the domiain as its used by other scripts

add clear down grafana script
add clear down viya script TODO

Change-Id: I4bce8e1628f1755e7ffce6078da902b756e83d04

* fix: domain name lookup
how we determine the domain name is by looking up ingresses, for the ESP_DOMAIN look for the esm ingress and get its hostname
its a bit more complicated for grafana if its on a seperate unknown namespace so we just look for the first ingress

create a seperate script to determine the domiain as its used by other scripts

add clear down grafana script
add clear down viya script TODO

Change-Id: I4bce8e1628f1755e7ffce6078da902b756e83d04

README.md

@@ -89,6 +89,7 @@ Installation scripts are provided to install the plug-in and configure Grafana.
  * Modify the Grafana deployment by adding the GF_INSTALL_PLUGINS environment variable to enable Grafana to install the plug-in.
  * Create a new `grafana.ini` file to enable OAuth authentication. Creating this file overwrites any existing Grafana configuration.
  * Configure Grafana as an OAuth client with SAS Logon. Users of Grafana are directed to use SAS Logon.
+ * Determine the correct Domain Name for your environment by looking at existing ingresses.
  * Optionally install Grafana for you.
 
 1. Set the correct Kubernetes configuration file for your environment.

install/configure-grafana.sh

@@ -19,17 +19,17 @@ INSTALL_GRAFANA="${INSTALL_GRAFANA:-false}"
 GRAFANA_VERSION="${GRAFANA_VERSION:-9.5.13}"
 
 function check_requirements() {
-  [ -z "$KUBECONFIG" ] && {
+  [ -z "${KUBECONFIG-}" ] && {
       echo "KUBECONFIG environment variable unset." >&2
       exit 1
   }
 
-  [ -z "${ESP_NAMESPACE}" ] && {
+  [ -z "${ESP_NAMESPACE-}" ] && {
       echo "Usage: ${0} <esp-namespace> <grafana-namespace> <version>" >&2
       exit 1
   }
 
-  [ -z "${ESP_PLUGIN_VERSION}" ] && {
+  [ -z "${ESP_PLUGIN_VERSION-}" ] && {
       echo "Usage: ${0} <esp-namespace> <grafana-namespace> <version>" >&2
       exit 1
   }
@@ -87,9 +87,9 @@ check_requirements
 
 echo "Fetching required deployment information..."
 
-#duplicate domain code
-ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
-GRAFANA_DOMAIN=$(kubectl -n "${GRAFANA_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
+#Work out the domain names
+. get-domain-name.sh $ESP_NAMESPACE $GRAFANA_NAMESPACE
+
 ESP_PLUGIN_SOURCE="https://github.com/sassoftware/grafana-esp-plugin/releases/download/v$ESP_PLUGIN_VERSION/sasesp-plugin-$ESP_PLUGIN_VERSION.zip"
 
 if [ "${OAUTH_TYPE}" == "viya" ]; then
@@ -129,7 +129,6 @@ echo "Generating manifests..."
 generate_manifests
 
 if [[ "${DRY_RUN}" == true ]]; then
-    #GF_INSTALL_PLUGINS_VALUE=$(kubectl -n "${ESP_NAMESPACE}" get deployment/grafana --output json | jq -c '.spec.template.spec.containers[0].env[] | select(.name | contains("GF_INSTALL_PLUGINS")) | .value')
     exit 0
 fi
 

install/get-domain-name.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+set -e -o pipefail -o nounset
+set -o nounset
+
+echo "Determining domain names"
+
+#input variables
+ESP_NAMESPACE="${1}";
+GRAFANA_NAMESPACE="${2:-${ESP_NAMESPACE}}"
+
+# If no esp domain then we are looking to install grafana on a separate namespace
+if [ -z ${ESP_DOMAIN+null} ]; then
+     # We cant easily determine the grafana domain unless there is an ingress
+     ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress/sas-event-stream-manager-app --output json | jq -r '.spec.rules[0].host')
+
+     if [ "${ESP_DOMAIN}" == null ]; then
+       echo "Unable to determine the esp domain name from an ingress, please set ESP_DOMAIN to your environments domain name." >&2
+       exit 1
+     fi
+fi
+
+if [ "$ESP_NAMESPACE" == "$GRAFANA_NAMESPACE" ]
+then
+    GRAFANA_DOMAIN=$ESP_DOMAIN
+fi
+
+# If no grafana domain then we are looking to install grafana on a separate namespace
+[ -z ${GRAFANA_DOMAIN+null} ] && {
+
+    # We cant easily determine the grafana domain unless there is an ingress
+    GRAFANA_DOMAIN=$(kubectl -n "${GRAFANA_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
+
+    if [ "${GRAFANA_DOMAIN}" == null ]; then
+      echo "Unable to determine the grafana domain name from an ingress, please set GRAFANA_DOMAIN to your environments domain name." >&2
+      exit 1
+    fi
+}
+
+export ESP_DOMAIN
+export GRAFANA_DOMAIN

install/patch-grafana.yaml

@@ -1,17 +1,17 @@
-spec:
-  template:
-    spec:
-      volumes:
-        - name: grafana-config
-          configMap:
-            defaultMode: 420
-            name: grafana-ini
-      containers:
-      - name: grafana
-        env:
-          - name: GF_INSTALL_PLUGINS
-            value: TEMPLATE_ESP_PLUGIN_SOURCE;sasesp-plugin
-        volumeMounts:
-        - mountPath: /etc/grafana/grafana.ini
-          name: grafana-config
-          subPath: grafana-uaa.ini
+spec:
+  template:
+    spec:
+      volumes:
+        - name: grafana-config
+          configMap:
+            defaultMode: 420
+            name: grafana-ini
+      containers:
+      - name: grafana
+        env:
+          - name: GF_INSTALL_PLUGINS
+            value: TEMPLATE_ESP_PLUGIN_SOURCE;sasesp-plugin,volkovlabs-image-panel
+        volumeMounts:
+        - mountPath: /etc/grafana/grafana.ini
+          name: grafana-config
+          subPath: grafana-uaa.ini

install/register-oauth-client-keycloak.sh

@@ -10,16 +10,17 @@ function usage () {
     exit 1
 }
 
-[ -z "$KUBECONFIG" ] && {
+[ -z "${KUBECONFIG-}" ] && {
     echo "KUBECONFIG environment variable unset." >&2
     exit 1
 }
 
-[ -z "${ESP_NAMESPACE}" ] && {
-    usage
+[ -z "${ESP_NAMESPACE-}" ] && {
+    echo "Usage: ${0} <esp-namespace> <grafana-namespace>" >&2
+    exit 1
 }
 
-ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
+ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress/sas-event-stream-manager-app --output json | jq -r '.spec.rules[0].host')
 
 function check_keycloak_deployment() {
     if ! kubectl -n "${ESP_NAMESPACE}" get deployment keycloak-deployment 2>/dev/null 1>&2; then

install/register-oauth-client-uaa.sh

@@ -12,17 +12,18 @@ function usage () {
     exit 1
 }
 
-[ -z "$KUBECONFIG" ] && {
+[ -z "${KUBECONFIG-}" ] && {
     echo "KUBECONFIG environment variable unset." >&2
     exit 1
 }
 
-[ -z "${ESP_NAMESPACE}" ] && {
-    usage
+[ -z "${ESP_NAMESPACE-}" ] && {
+    echo "Usage: ${0} <esp-namespace> <grafana-namespace>" >&2
+    exit 1
 }
 
-ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
-GRAFANA_DOMAIN=$(kubectl -n "${GRAFANA_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
+#Work out the domain names
+. get-domain-name.sh $ESP_NAMESPACE $GRAFANA_NAMESPACE
 
 # Fetch access token to perform admin tasks:
 function fetch_uaa_admin_token() {

install/register-oauth-client-viya.sh

@@ -12,17 +12,18 @@ function usage () {
     exit 1
 }
 
-[ -z "$KUBECONFIG" ] && {
+[ -z "${KUBECONFIG-}" ] && {
     echo "KUBECONFIG environment variable unset." >&2
     exit 1
 }
 
-[ -z "${ESP_NAMESPACE}" ] && {
-    usage
+[ -z "${ESP_NAMESPACE-}" ] && {
+    echo "Usage: ${0} <esp-namespace> <grafana-namespace>" >&2
+    exit 1
 }
 
-ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
-GRAFANA_DOMAIN=$(kubectl -n "${GRAFANA_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
+#Work out the domain names
+. get-domain-name.sh $ESP_NAMESPACE $GRAFANA_NAMESPACE
 
 function fetch_consul_token () {
     _token=$(kubectl -n "${ESP_NAMESPACE}" get secret sas-consul-client -o go-template='{{ .data.CONSUL_TOKEN | base64decode}}')

install/remove-grafana.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+set -e -o pipefail -o nounset
+
+NAMESPACE="${1}"
+
+[ -z "${KUBECONFIG-}" ] && {
+    echo "KUBECONFIG environment variable unset." >&2
+    exit 1
+}
+
+[ -d "./manifests" ] || {
+    echo "No manifest directory found." >&2
+    exit 1
+}
+
+[ -z "${NAMESPACE-}" ] && {
+      echo "Usage: ${0} <namespace> <version>" >&2
+      exit 1
+}
+
+echo "Removing Grafana..."
+kubectl -n "${NAMESPACE}" delete -k ./manifests/

install/remove-oauth-keycloak.sh

@@ -8,13 +8,13 @@ ESP_NAMESPACE="${1}"
 
 function check_requirements() {
 
-  [ -z "$KUBECONFIG" ] && {
+  [ -z "${KUBECONFIG-}" ] && {
     echo "KUBECONFIG environment variable unset." >&2
     exit 1
   }
 
-  [ -z "${ESP_NAMESPACE}" ] && {
-    echo "Usage: ${0} <esp-namespace>" >&2
+  [ -z "${ESP_NAMESPACE-}" ] && {
+    echo "Usage: ${0} <esp-namespace> <grafana-namespace>" >&2
     exit 1
   }
 
@@ -77,7 +77,7 @@ function remove_keycloak_roles() {
 check_requirements
 
 echo "Fetching required deployment information..."
-ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress --output json | jq -r '.items[0].spec.rules[0].host')
+ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress/sas-event-stream-manager-app --output json | jq -r '.spec.rules[0].host')
 export ESP_DOMAIN
 
 _oauth2_proxy_secret=$(kubectl -n "${ESP_NAMESPACE}" get secret oauth2-proxy-client-secret --output json)

install/remove-oauth-uaa.sh

@@ -58,7 +58,7 @@ function remove_grafana_auth_redirect() {
 }
 
 echo "Fetching required deployment information..."
-ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress --output json |
+ESP_DOMAIN=$(kubectl -n "${ESP_NAMESPACE}" get ingress/sas-event-stream-manager-app --output json |
     jq -r '.items[0].spec.rules[0].host')
 export ESP_DOMAIN
 

install/remove-oauth-viya.sh

@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+set -e -o pipefail -o nounset
+
+ESP_NAMESPACE="${1}"
+GRAFANA_NAMESPACE="${2:-${ESP_NAMESPACE}}"
+OAUTH_CLIENT_ID="${OAUTH_CLIENT_ID:-sv_client}"; export OAUTH_CLIENT_ID
+OAUTH_CLIENT_SECRET="${OAUTH_CLIENT_SECRET:-secret}"; export OAUTH_CLIENT_SECRET
+
+function usage () {
+    echo "Usage: ${0} <viya-namespace> <grafana-namespace>" >&2
+    exit 1
+}
+
+[ -z "${KUBECONFIG-}" ] && {
+    echo "KUBECONFIG environment variable unset." >&2
+    exit 1
+}
+
+[ -z "${ESP_NAMESPACE-}" ] && {
+    echo "Usage: ${0} <esp-namespace> <grafana-namespace>" >&2
+    exit 1
+}
+
+#Work out the domain names
+. get-domain-name.sh $ESP_NAMESPACE $GRAFANA_NAMESPACE
+
+function fetch_consul_token () {
+    _token=$(kubectl -n "${ESP_NAMESPACE}" get secret sas-consul-client -o go-template='{{ .data.CONSUL_TOKEN | base64decode}}')
+
+    echo ${_token}
+}
+
+function fetch_saslogon_token () {
+    _token=$(fetch_consul_token)
+    _resp=$(curl -k -X POST "https://$ESP_DOMAIN/SASLogon/oauth/clients/consul?callback=false&serviceId=app" -H "X-Consul-Token: ${_token}")
+
+    echo "${_resp}" | jq -r '.access_token'
+}
+
+function remove_oauth_client () {
+    _token="$(fetch_saslogon_token)"
+
+    _resp=$(curl -k -X DELETE "https://$ESP_DOMAIN/SASLogon/oauth/clients/$OAUTH_CLIENT_ID" \
+        -H 'Content-Type: application/json' \
+        -H "Authorization: Bearer ${_token}")
+
+    regex_error="error"
+    if [[ "${_resp}" =~ $regex_error ]]; then
+       error=$(echo "${_resp}" | jq -r '.error')
+       error_description=$(echo "${_resp}" | jq -r '.error_description')
+       echo >&2 "Failed to register Grafana as OAuth client"
+       echo >&2 "${error}: ${error_description}"
+
+    else
+       echo "Grafana un-registered as OAuth client"
+    fi
+
+}
+
+cat <<EOF
+OAuth details:
+  ESP Domain:         ${ESP_DOMAIN}
+  Grafana Domain:      ${GRAFANA_DOMAIN}
+  OAuth client ID:     ${OAUTH_CLIENT_ID}
+  OAuth client secret: ${OAUTH_CLIENT_SECRET}
+EOF
+
+remove_oauth_client