Merge branch 'main' into renovate/golangci-golangci-lint-1.62.x

.github/workflows/ci-pr-title.yaml

@@ -56,9 +56,10 @@ jobs:
             docs
             e2e
             greenhouse
-            greenhousectl          
+            greenhousectl
             actions
             template
+            tests
             ui
             utils
             version

.github/workflows/docker-build.yaml

@@ -153,15 +153,14 @@ jobs:
     runs-on: [ default ]
     steps:
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.29.0
         if: success()
         with:
           image-ref: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.Imagename }}:${{ github.sha }}
           ignore-unfixed: true
-          exit-code: '1'
           format: 'sarif'
           output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
+          severity: 'CRITICAL,HIGH,MEDIUM'
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3

.gitignore

@@ -2,6 +2,9 @@
 vendor/**
 node_modules
 
+# TestData
+dev-env/localenv/samples/**/local_*.yaml
+
 # Binaries for programs and plugins
 *.exe
 *.exe~

Makefile

@@ -238,18 +238,44 @@ ADMIN_RELEASE ?= greenhouse
 ADMIN_CHART_PATH ?= charts/manager
 WEBHOOK_DEV ?= false
 E2E_REPORT_PATH="$(shell pwd)/bin/$(SCENARIO)-e2e-report.json"
+PLUGIN_DIR ?=
+GREENHOUSE_ORG ?= demo
+
+.PHONY: setup-demo
+setup-demo: prepare-e2e samples
+	kubectl create secret generic kind-$(REMOTE_CLUSTER) \
+		--from-literal=kubeconfig="$$(cat ${PWD}/bin/$(REMOTE_CLUSTER)-int.kubeconfig)" \
+		--namespace=$(GREENHOUSE_ORG) \
+		--type="greenhouse.sap/kubeconfig" \
+		--dry-run=client -o yaml | kubectl apply -f -
+
+.PHONY: samples
+samples: kustomize
+	$(KUSTOMIZE) build dev-env/localenv/samples | kubectl apply -n $(GREENHOUSE_ORG) --kubeconfig=$(shell pwd)/bin/$(ADMIN_CLUSTER).kubeconfig -f -
+	while true; do \
+		if kubectl get organizations $(GREENHOUSE_ORG) --kubeconfig=$(shell pwd)/bin/$(ADMIN_CLUSTER).kubeconfig -o json | \
+			jq -e '.status.statusConditions.conditions[] | select(.type == "Ready") | select(.status == "True")' > /dev/null; then \
+			echo "Organization is ready"; \
+			exit 0; \
+		fi; \
+		sleep 5; \
+	done
+
+.PHONY: setup-plugin-dev
+setup-plugin-dev: cli
+	PLUGIN_PATH=$(PLUGIN_DIR) $(CLI) dev setup -f dev-env/localenv/plugin.config.yaml && make setup-demo
 
 .PHONY: setup-dev
 setup-dev: cli
-	$(CLI) dev setup -f dev-env/localenv/sample.config.json
+	$(CLI) dev setup -f dev-env/localenv/dev.config.yaml
 
 .PHONY: setup-webhook
 setup-webhook: cli
 	$(CLI) dev setup webhook --name $(ADMIN_CLUSTER) --namespace $(ADMIN_NAMESPACE) --release $(ADMIN_RELEASE) --chart-path $(ADMIN_CHART_PATH) --dockerfile ./ --dev-mode=$(WEBHOOK_DEV)
 
 .PHONY: setup-e2e
 setup-e2e: cli
-	$(CLI) dev setup -f e2e/config.json
+	$(CLI) dev setup -f e2e/config.yaml
 	make prepare-e2e
 
 .PHONY: clean-e2e

charts/manager/alerts/operator.alerts

@@ -74,3 +74,11 @@ groups:
       expr: greenhouse_cluster_k8s_versions_total{version=~"v1\\.(1[0-9]|2[0-1])\\..*"} == 1
       labels:
         severity: warning
+    - alert: GreenhousePluginConstantlyFailing
+      annotations:
+        summary: "Plugin reconciliation is constantly failing"
+        description: "Plugin {{ $labels.plugin }} in organization {{ $labels.organization }} keeps failing with reason: {{ $labels.reason }}"
+      expr: increase(greenhouse_plugin_reconcile_total{result="error"}[5m] > 0) by (plugin, organization)
+      for: 15m
+      labels:
+        severity: warning

dev-env/localenv/README.md

@@ -59,15 +59,17 @@ greenhousectl dev cluster create [flags]
 ### Examples
 
 ```
-greenhousectl dev cluster create --name <my-cluster-name> --namespace <my-namespace>
+greenhousectl dev cluster create --name <my-cluster-name> --namespace <my-namespace> --version <v1.30.3>
 ```
 
 ### Options
 
 ```
+      --config string      create the cluster with a specific kind configuration file - e.g. --config <path>/<to>/<config>
   -h, --help               help for create
   -c, --name string        create a kind cluster with a name - e.g. -c <my-cluster>
   -n, --namespace string   create a namespace in the cluster - e.g. -c <my-cluster> -n <my-namespace>
+      --version string     create the cluster with a specific version - e.g. -v <v1.30.3>
 ```
 
 ## greenhousectl dev cluster delete
@@ -136,6 +138,7 @@ greenhousectl dev setup manifest --name greenhouse-admin --namespace greenhouse
   -n, --namespace string           namespace to install the resources
   -r, --release string             Helm release name, Default value: greenhouse - e.g. your-release-name (default "greenhouse")
   -v, --values-path string         local absolute values file path - e.g. <path>/<to>/my-values.yaml
+      --version string             create the cluster with a specific version - e.g. -v <v1.30.3>
 ```
 
 ## greenhousectl dev setup webhook
@@ -170,13 +173,15 @@ greenhousectl dev setup webhook --name greenhouse-admin --namespace greenhouse -
 
 ```
   -p, --chart-path string    local chart path where manifests are located - e.g. <path>/<to>/charts/manager
+      --config string        create the cluster with a specific kind configuration file - e.g. --config <path>/<to>/<config>
   -m, --dev-mode             Enable dev mode for webhook setup - Note: Admission Webhooks will be modified for local development
   -f, --dockerfile string    local path to the Dockerfile of greenhouse manager
   -h, --help                 help for webhook
   -c, --name string          Name of the kind cluster - e.g. my-cluster (without the kind prefix)
   -n, --namespace string     namespace to install the resources
   -r, --release string       Helm release name, Default value: greenhouse - e.g. your-release-name (default "greenhouse")
   -v, --values-path string   local absolute values file path - e.g. <path>/<to>/my-values.yaml
+      --version string       create the cluster with a specific version - e.g. -v <v1.30.3>
 ```
 
 ## greenhousectl dev setup
@@ -196,7 +201,7 @@ greenhousectl dev setup [flags]
 ```
 
 # Setup Greenhouse dev environment with a configuration file
-greenhousectl dev setup -f dev-env/localenv/sample.config.json
+greenhousectl dev setup -f dev-env/localenv/dev.config.yaml
 
 - This will create an admin and a remote cluster
 - Install CRDs, Webhook definitions, RBACs, Certs, etc... for Greenhouse into the target cluster
@@ -207,7 +212,7 @@ greenhousectl dev setup -f dev-env/localenv/sample.config.json
 ### Options
 
 ```
-  -f, --config string   configuration file path - e.g. -f hack/localenv/sample.config.json
+  -f, --config string   configuration file path - e.g. -f dev-env/localenv/dev.config.yaml
   -h, --help            help for setup
 ```
 

dev-env/localenv/dev.config.yaml

@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+config:
+  - cluster:
+      name: greenhouse-remote
+  - cluster:
+      name: greenhouse-admin
+      namespace: greenhouse
+    dependencies:
+      - manifest:
+          release: greenhouse
+          chartPath: charts/idproxy
+          crdOnly: true
+      - manifest:
+          release: greenhouse
+          chartPath: charts/manager
+          valuesPath: dev-env/localenv/dev.values.yaml
+          crdOnly: false
+          webhook:
+            devMode: false
+            dockerFile: "./"
+            envs:
+              - name: WEBHOOK_ONLY
+                value: 'true'

dev-env/localenv/plugin.config.yaml

@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+config:
+  - cluster:
+      name: greenhouse-remote
+  - cluster:
+      name: greenhouse-admin
+      namespace: greenhouse
+    dependencies:
+      - manifest:
+          release: greenhouse
+          chartPath: charts/idproxy
+          crdOnly: true
+      - manifest:
+          release: greenhouse
+          chartPath: charts/manager
+          valuesPath: dev-env/localenv/dev.values.yaml
+          crdOnly: false
+          webhook:
+            devMode: false
+            dockerFile: "./"
+            envs:
+              - name: WEBHOOK_ONLY
+                value: 'false'

dev-env/localenv/samples/kustomization.yaml

@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+# Add more resources in the future to setup a complete environment with plugins
+resources:
+  - organization.yaml

dev-env/localenv/samples/organization.yaml

@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: greenhouse.sap/v1alpha1
+kind: Organization
+metadata:
+  name: demo
+spec:
+  description: Greenhouse Demo Organization
+  mappedOrgAdminIdPGroup: DEMO_ORG_ADMIN

docs/contribute/plugins.md

@@ -56,7 +56,7 @@ Here's a high-level overview of how to develop a plugin for Greenhouse:
 
    - Test your plugin thoroughly to ensure it works as intended. Verify that both the frontend and backend components function correctly.
    - Implement validation for your plugin's configuration options. This helps prevent users from providing incorrect or incompatible values.
-   - Implement Helm Chart Tests for your plugin if it includes a Helm Chart. For more information on how to write Helm Chart Tests, please refer to [this guide](/docs/user-guides/plugin/plugin-tests).
+   - Implement Helm Chart Tests for your plugin if it includes a Helm Chart. For more information on how to write Helm Chart Tests, please refer to [this guide](/greenhouse/docs/user-guides/plugin/plugin-tests).
 
 5. **Documentation**:
 

docs/getting-started/core-concepts/_index.md

@@ -9,7 +9,7 @@ description: >
 
 | Feature | Description | API | UI | Comments |
 | --- | --- | --- | --- | --- |
-| [Organizations](/docs/getting-started/core-concepts/organizations) | Organizations are the top-level entities in Greenhouse. | 🟢 | 🟢 | |
-| [Teams](/docs/getting-started/core-concepts/teams.md) | Teams are used to manage access and ownership of resources in Greenhouse. | 🟢 | 🟡 | Read-only access to Teams via the UI |
-| [Clusters](/docs/getting-started/core-concepts/clusters.md) | Clusters represent a Kubernetes cluster that is managed by Greenhouse. | 🟡 | 🟡 | Limited modification of Clusters via UI, CLI for KubeConfig registry planned. |
-| [Plugin Definitions & Plugins](/docs/getting-started/core-concepts/plugins.md) | Plugins are software components that extend and integrate with Greenhouse . | 🟡 | 🟡 | Read-only access via UI, a native Plugin Catalog is planned. |
+| [Organizations](/greenhouse/docs/getting-started/core-concepts/organizations) | Organizations are the top-level entities in Greenhouse. | 🟢 | 🟢 | |
+| [Teams](/greenhouse/docs/getting-started/core-concepts/teams.md) | Teams are used to manage access and ownership of resources in Greenhouse. | 🟢 | 🟡 | Read-only access to Teams via the UI |
+| [Clusters](/greenhouse/docs/getting-started/core-concepts/clusters.md) | Clusters represent a Kubernetes cluster that is managed by Greenhouse. | 🟡 | 🟡 | Limited modification of Clusters via UI, CLI for KubeConfig registry planned. |
+| [Plugin Definitions & Plugins](/greenhouse/docs/getting-started/core-concepts/plugins.md) | Plugins are software components that extend and integrate with Greenhouse . | 🟡 | 🟡 | Read-only access via UI, a native Plugin Catalog is planned. |

docs/user-guides/organization/creation.md

@@ -36,7 +36,7 @@ This ensures all pre-requisites are met, the organization is configured correctl
    For SAP, we recommend using a SAP ID service (IDS) tenant.  
    Please include the parameters for your tenant in the message to the Greenhouse team when signing up.
 
-   If you don't have a SAP ID Service tenant yet, please refer to the [SAP ID Service](/docs/user-guides/organization/sap-id) section for more information.
+   If you don't have a SAP ID Service tenant yet, please refer to the [SAP ID Service](/greenhouse/docs/user-guides/organization/sap-id) section for more information.
 
 
 3. **Greenhouse organization**  

docs/user-guides/plugin/local-plugin-development.md

@@ -27,7 +27,7 @@ At the end of the guide you will have spun up the local development environment,
 
 ### Starting the local develoment environment
 
-Follow the [Local Development](/docs/contribute/local-dev) documentation to spin up the local Greenhouse development environment.
+Follow the [Local Development](/greenhouse/docs/contribute/local-dev) documentation to spin up the local Greenhouse development environment.
 
 This will provide you with a local Greenhouse instance running, filled with some example Greenhouse resources and the Greenhouse UI running on `http://localhost:3000`.
 

docs/user-guides/plugin/plugin-tests.md

@@ -6,7 +6,8 @@ weight: 2
 description: >
   Guidelines for testing plugins contributed to the Greenhouse project.
 ---
-
+## Overview
+![Plugin Test architecture](../plugin-chart-test-drawing.png)
 ## Plugin Testing Requirements
 
 All plugins contributed to [plugin-extensions](https://github.com/cloudoperators/greenhouse-extensions) repository should include comprehensive [Helm Chart Tests](https://helm.sh/docs/topics/chart_tests/) using the `bats/bats-detik` testing framework. This ensures our plugins are robust, deployable, and catch potential issues early in the development cycle.

e2e/config.yaml

@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
+# SPDX-License-Identifier: Apache-2.0
+
+config:
+  - cluster:
+      name: greenhouse-remote
+  - cluster:
+      name: greenhouse-admin
+      namespace: greenhouse
+    dependencies:
+      - manifest:
+          release: greenhouse
+          chartPath: charts/idproxy
+          crdOnly: true
+      - manifest:
+          release: greenhouse
+          chartPath: charts/manager
+          valuesPath: dev-env/localenv/dev.values.yaml
+          crdOnly: false
+          webhook:
+            devMode: false
+            dockerFile: "./"
+            envs:
+              - name: WEBHOOK_ONLY
+                value: 'false'