Skip to content

Latest commit

 

History

History
196 lines (135 loc) · 6.13 KB

DEVELOPMENT.md

File metadata and controls

196 lines (135 loc) · 6.13 KB
Raw

Developer Instructions

This guide will help you set up your development environment for the project.

Contents:

Prerequisites

Before you start, ensure you have the following installed:

  • Git: For version control
    • Git LFS: For managing large files within the project
  • Node.js: For running certain project scripts (including dependency management)
  • podman or Docker: For containerization of the Vault instance and databases

Preparing the Repository

  1. Make sure you have Git Large File Storage (LFS) installed beforehand:
git lfs install
git lfs fetch

This ensures that when cloning the repository later, large files needed by the project are cloned too.

  1. Clone the propeller project from GitHub:
git clone [email protected]:postfinance/propeller.git
  1. Navigate into the project directory:
cd propeller
  1. Initialize Git Submodules:
git submodule init
git submodule update

The project is connected to argoproj/argo-cd and thus includes some of its sources.

  1. Install project dependencies:
npm ci --cache .npm

Note: The --cache .npm option helps speed up subsequent installations.

Environment Setup

propeller requires the following components for development:

  • Two PostgreSQL databases:
    • One for Vault's backend storage
    • One to simulate the database of an application, used for secret rotation
  • A Vault instance: For managing secrets
  • An ArgoCD Instance: That manages the productive application

Two options are provided for setting up the environment, either using podman or docker-compose. Refer to the respective scripts (dev/podman.sh and dev/docker-compose.yml) for detailed instructions.

Notes:

  • If using any of these options, Vault will be accessible on http://localhost:8200.
  • The provided "root-token" is for development only. Use strong, unique tokens in production and follow best practices for Vault token management.
  • The demo database is initialized with sample users and credentials for demonstration purposes. After having initialized Vault, you could configure these users for rotation, e.g. with the following secret value in path/to/my/secret:
{
  "postgresql_active_user": "user1",
  "postgresql_active_user_password": "initialpw",
  "postgresql_user_1": "user1",
  "postgresql_user_1_password": "initialpw",
  "postgresql_user_2": "user2",
  "postgresql_user_2_password": "initialpw"
}
  • The dev deployment makes use of Counterfact instead of providing a full-fletched Kubernetes with ArgoCD installed. If you have a development instance of Kubernetes available, take a look at the "ArgoCD Getting Started" section for more information.

Setting up with podman:

./dev/podman.sh

Setting up with Docker:

docker compose up -f dev/docker-compose.yml

Building the Project

With your development environment up and running, you can now proceed with building and running the CLI.

Building a Binary

Use Cargo, Rust's package manager and build tool, to compile the project:

cargo build

This will create the executable binary in the target/debug directory. To run the compiled binary, execute:

./target/debug/propeller

Running Tests

Cargo makes it easy to run the project's unit and integration tests:

cargo test

Note that the integration tests make use of Testcontainers. K3s, Vault and PostgreSQL will be deployed automatically using it.

Once you access to a virtualization software such as Docker, you can execute the integration tests without further ado.

Debugging ArgoCD

For development and debugging purposes it's also good to be able to take a look at ArgoCD sometimes. You can install ArgoCD into Kubernetes using the below command:

kubectl apply -f tests/resources/argocd.deployment.yml

Next, extract the initial password for ArgoCD (see "ArgoCD Getting Started" for more information):

kubectl get secret argocd-initial-admin-secret -o jsonpath={.data.password} | base64 -d

Create a port-forward and access the ArgoCD UI in a browser:

kubectl port-forward svc/argocd-server :80

A Note for Windows Users

If testcontainers fail to connect to your Docker socket on Windows, add the below environment variable to the test command:

DOCKER_HOST=tcp://localhost:2375 cargo test

And a Note for Linux Users

You'll need to "fake" a Docker socket using podman (if you're using podman, of course). Invoke podman system service --time=0 directly to create a live-socket without using systemd. If you do not pass another parameter, the default location will be used to create the socket file. You can use the below commands in another terminal to connect to the socket (according to the docs).

export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
export TESTCONTAINERS_RYUK_DISABLED=true
cargo test

Running the CLI

To run the CLI without compiling the binary each time, execute:

VAULT_TOKEN=root-token cargo run -- init-vault -c dev/config.yml

This will also pick up a development configuration perfectly fitting for the previously installed development environment.