Custom Stack Definitions CRUD (#1123)

pluralsh · Jul 1, 2024 · baf081e · baf081e
1 parent 37250c3
commit baf081e
Show file tree

Hide file tree

Showing 20 changed files with 720 additions and 50 deletions.
diff --git a/assets/src/generated/graphql.ts b/assets/src/generated/graphql.ts
@@ -1434,6 +1434,14 @@ export type CrossVersionResourceTarget = {
   name?: Maybe<Scalars['String']['output']>;
 };
 
+export type CustomRunStep = {
+  __typename?: 'CustomRunStep';
+  args?: Maybe<Array<Maybe<Scalars['String']['output']>>>;
+  cmd: Scalars['String']['output'];
+  requireApproval?: Maybe<Scalars['Boolean']['output']>;
+  stage: StepStage;
+};
+
 export type CustomStackRun = {
   __typename?: 'CustomStackRun';
   /** the list of commands that will be executed */
@@ -1475,6 +1483,13 @@ export type CustomStackRunEdge = {
   node?: Maybe<CustomStackRun>;
 };
 
+export type CustomStepAttributes = {
+  args?: InputMaybe<Array<InputMaybe<Scalars['String']['input']>>>;
+  cmd: Scalars['String']['input'];
+  requireApproval?: InputMaybe<Scalars['Boolean']['input']>;
+  stage?: InputMaybe<StepStage>;
+};
+
 export type DaemonSet = {
   __typename?: 'DaemonSet';
   events?: Maybe<Array<Maybe<Event>>>;
@@ -2123,6 +2138,8 @@ export type InfrastructureStack = {
   /** version/image config for the tool you're using */
   configuration: StackConfiguration;
   customStackRuns?: Maybe<CustomStackRunConnection>;
+  /** the stack definition in-use by this stack */
+  definition?: Maybe<StackDefinition>;
   /** the run that physically destroys the stack */
   deleteRun?: Maybe<StackRun>;
   /** whether this stack was previously deleted and is pending cleanup */
@@ -4207,6 +4224,7 @@ export type RootMutationType = {
   createServiceAccountToken?: Maybe<AccessToken>;
   createServiceDeployment?: Maybe<ServiceDeployment>;
   createStack?: Maybe<InfrastructureStack>;
+  createStackDefinition?: Maybe<StackDefinition>;
   createUpgradePolicy?: Maybe<UpgradePolicy>;
   createWebhook?: Maybe<Webhook>;
   deleteAccessToken?: Maybe<AccessToken>;
@@ -4238,6 +4256,7 @@ export type RootMutationType = {
   deleteServiceContext?: Maybe<ServiceContext>;
   deleteServiceDeployment?: Maybe<ServiceDeployment>;
   deleteStack?: Maybe<InfrastructureStack>;
+  deleteStackDefinition?: Maybe<StackDefinition>;
   deleteUpgradePolicy?: Maybe<UpgradePolicy>;
   deleteUser?: Maybe<User>;
   deleteWebhook?: Maybe<Webhook>;
@@ -4290,6 +4309,8 @@ export type RootMutationType = {
   signIn?: Maybe<User>;
   signup?: Maybe<User>;
   syncGlobalService?: Maybe<GlobalService>;
+  /** start a new run from the newest sha in the stack's run history */
+  triggerRun?: Maybe<StackRun>;
   updateCluster?: Maybe<Cluster>;
   updateClusterProvider?: Maybe<ClusterProvider>;
   updateClusterRestore?: Maybe<ClusterRestore>;
@@ -4317,6 +4338,7 @@ export type RootMutationType = {
   updateServiceDeployment?: Maybe<ServiceDeployment>;
   updateSmtp?: Maybe<Smtp>;
   updateStack?: Maybe<InfrastructureStack>;
+  updateStackDefinition?: Maybe<StackDefinition>;
   updateStackRun?: Maybe<StackRun>;
   updateUser?: Maybe<User>;
   upsertNotificationRouter?: Maybe<NotificationRouter>;
@@ -4548,6 +4570,11 @@ export type RootMutationTypeCreateStackArgs = {
 };
 
 
+export type RootMutationTypeCreateStackDefinitionArgs = {
+  attributes: StackDefinitionAttributes;
+};
+
+
 export type RootMutationTypeCreateUpgradePolicyArgs = {
   attributes: UpgradePolicyAttributes;
 };
@@ -4709,6 +4736,11 @@ export type RootMutationTypeDeleteStackArgs = {
 };
 
 
+export type RootMutationTypeDeleteStackDefinitionArgs = {
+  id: Scalars['ID']['input'];
+};
+
+
 export type RootMutationTypeDeleteUpgradePolicyArgs = {
   id: Scalars['ID']['input'];
 };
@@ -4925,6 +4957,11 @@ export type RootMutationTypeSyncGlobalServiceArgs = {
 };
 
 
+export type RootMutationTypeTriggerRunArgs = {
+  id: Scalars['ID']['input'];
+};
+
+
 export type RootMutationTypeUpdateClusterArgs = {
   attributes: ClusterUpdateAttributes;
   id: Scalars['ID']['input'];
@@ -5082,6 +5119,12 @@ export type RootMutationTypeUpdateStackArgs = {
 };
 
 
+export type RootMutationTypeUpdateStackDefinitionArgs = {
+  attributes: StackDefinitionAttributes;
+  id: Scalars['ID']['input'];
+};
+
+
 export type RootMutationTypeUpdateStackRunArgs = {
   attributes: StackRunAttributes;
   id: Scalars['ID']['input'];
@@ -5262,6 +5305,7 @@ export type RootQueryType = {
   serviceStatuses?: Maybe<Array<Maybe<ServiceStatusCount>>>;
   smtp?: Maybe<Smtp>;
   stack?: Maybe<Stack>;
+  stackDefinition?: Maybe<StackDefinition>;
   stackRun?: Maybe<StackRun>;
   statefulSet?: Maybe<StatefulSet>;
   /** adds the ability to search/filter through all tag name/value pairs */
@@ -6086,6 +6130,11 @@ export type RootQueryTypeStackArgs = {
 };
 
 
+export type RootQueryTypeStackDefinitionArgs = {
+  id: Scalars['ID']['input'];
+};
+
+
 export type RootQueryTypeStackRunArgs = {
   id: Scalars['ID']['input'];
 };
@@ -6240,6 +6289,7 @@ export type RunStep = {
   insertedAt?: Maybe<Scalars['DateTime']['output']>;
   logs?: Maybe<Array<Maybe<RunLogs>>>;
   name: Scalars['String']['output'];
+  requireApproval?: Maybe<Scalars['Boolean']['output']>;
   stage: StepStage;
   status: StepStatus;
   updatedAt?: Maybe<Scalars['DateTime']['output']>;
@@ -6946,6 +6996,8 @@ export type StackAttributes = {
   configuration: StackConfigurationAttributes;
   /** id of an scm connection to use for pr callbacks */
   connectionId?: InputMaybe<Scalars['ID']['input']>;
+  /** the id of a stack definition to use */
+  definitionId?: InputMaybe<Scalars['ID']['input']>;
   environment?: InputMaybe<Array<InputMaybe<StackEnvironmentAttributes>>>;
   files?: InputMaybe<Array<InputMaybe<StackFileAttributes>>>;
   /** reference w/in the repository where the IaC lives */
@@ -7003,6 +7055,24 @@ export type StackConfigurationAttributes = {
   version?: InputMaybe<Scalars['String']['input']>;
 };
 
+export type StackDefinition = {
+  __typename?: 'StackDefinition';
+  configuration: StackConfiguration;
+  description?: Maybe<Scalars['String']['output']>;
+  id: Scalars['ID']['output'];
+  insertedAt?: Maybe<Scalars['DateTime']['output']>;
+  name: Scalars['String']['output'];
+  steps?: Maybe<Array<Maybe<CustomRunStep>>>;
+  updatedAt?: Maybe<Scalars['DateTime']['output']>;
+};
+
+export type StackDefinitionAttributes = {
+  configuration?: InputMaybe<StackConfigurationAttributes>;
+  description?: InputMaybe<Scalars['String']['input']>;
+  name: Scalars['String']['input'];
+  steps?: InputMaybe<Array<InputMaybe<CustomStepAttributes>>>;
+};
+
 export type StackEnvironment = {
   __typename?: 'StackEnvironment';
   name: Scalars['String']['output'];
@@ -7206,6 +7276,7 @@ export enum StackStatus {
 
 export enum StackType {
   Ansible = 'ANSIBLE',
+  Custom = 'CUSTOM',
   Terraform = 'TERRAFORM'
 }
 
@@ -7307,11 +7378,14 @@ export type SyncConfig = {
   __typename?: 'SyncConfig';
   /** whether the agent should auto-create the namespace for this service */
   createNamespace?: Maybe<Scalars['Boolean']['output']>;
+  /** Whether to require all resources are placed in the same namespace */
+  enforceNamespace?: Maybe<Scalars['Boolean']['output']>;
   namespaceMetadata?: Maybe<NamespaceMetadata>;
 };
 
 export type SyncConfigAttributes = {
   createNamespace?: InputMaybe<Scalars['Boolean']['input']>;
+  enforceNamespace?: InputMaybe<Scalars['Boolean']['input']>;
   namespaceMetadata?: InputMaybe<MetadataAttributes>;
 };
 

diff --git a/lib/console/deployments/pipelines/stage_worker.ex b/lib/console/deployments/pipelines/stage_worker.ex
@@ -29,11 +29,14 @@ defmodule Console.Deployments.Pipelines.StageWorker do
       {:ok, _} -> Logger.info "stage #{stage.id} context applied successfully"
       {:error, err} ->
         Logger.info "failed to apply stage context #{stage.id} reason: #{inspect(err)}"
-        Pipelines.add_stage_error(stage, "context", "Failed to apply stage context with error: #{inspect(err)}")
+        Pipelines.add_stage_error(stage, "context", "Failed to apply stage context with error: #{format_error(err)}")
     end
     {:noreply, state}
   end
 
+  defp format_error(err) when is_binary(err), do: "\n#{err}"
+  defp format_error(err), do: inspect(err)
+
   def handle_cast(%PipelineStage{} = stage, state) do
     case Pipelines.build_promotion(stage) do
       {:ok, _} -> Logger.info "stage #{stage.id} applied successfully"

diff --git a/lib/console/deployments/policies/policies.ex b/lib/console/deployments/policies/policies.ex
@@ -125,6 +125,18 @@ defmodule Console.Deployments.Policies do
 
   def can?(%User{roles: %{admin: true}}, _, _), do: :pass
 
+  def can?(%User{id: id} = user, %Stack{actor_id: id, actor_changed: true} = stack, action),
+    do: can?(user, %{stack | actor_changed: false}, action)
+
+  def can?(_, %Stack{actor_changed: true}, :write),
+    do: {:error, "you can only set yourself as actor unless you're an admin"}
+
+  def can?(%User{} = user, %Stack{} = stack, :create) do
+    %{cluster: %Cluster{} = cluster} = Repo.preload(stack, [:cluster])
+
+    rbac(user, stack, :write) && can?(user, cluster, :write)
+  end
+
   def can?(%User{} = user, resource, action),
     do: rbac(resource, user, action)