some variables.yaml stuff

Author: xavier

platform-kama/Pipfile.lock

@@ -0,0 +1,47 @@
+kind: MultiPredicate
+id: predicate.ingress_enabled_resource_in_sync
+title: Ingress enabled variable/resource in Sync?
+reason: "The variable 'ingress.enabled' and the Kubernetes resource
+are out of sync: the variable is set to 'false' but the resource
+exists. This is a normal occurrence when you change the 'ingress.enabled'
+variable directly instead of running the operation."
+operator: and
+negate: true
+source:
+  - kind: Predicate
+    challenge: get::kind::ConfigVarsSupplier->.ingress.enabled
+    operator: falsy
+  - kind: ResourceCountPredicate
+    res_kind: Ingress
+    operator: greater-than
+    check_against: 0
+
+---
+
+kind: RemediationOption
+title: Delete the dangling Ingress resource
+info: "If the intention is to keep ingress disabled, the dangling
+resource should be deleted. Clicking this button will"
+button:
+  text: Delete Ingress
+  uri:
+    kind: DeleteResourcesAction
+    selector: "expr::Ingress:*"
+match_predicates:
+  id: predicate.ingress_enabled_resource_in_sync
+
+---
+
+kind: Remediation
+title: "Change the variable to 'true'"
+info: "If the intention is actually to have ingress enabled, the variable
+should be updated to 'true'."
+button:
+  text: Delete Ingress
+  uri:
+    kind: Action
+    inherit: sdk.action.safely_apply_application_manifest_e2e_action
+    values:
+      ingress.enabled: true
+match_predicates:
+  id: predicate.ingress_enabled_resource_in_sync

platform-kama/configs/misc/inspections/resources-in-sync-inspections.yaml

@@ -0,0 +1,49 @@
+kind: ResourceCountPredicate
+id: predicate.db-creds-exists
+title: Database credentials secret exists
+reason: Secret db-creds not present in namespace '${get::ns}'
+res_kind: Secret
+name: db-creds
+
+---
+
+kind: ResourceCountPredicate
+id: predicate.auth0-creds-exists
+title: Auth0 credentials secret exists
+reason: Secret auth0 not present in namespace '${get::ns}'
+res_kind: Secret
+name: auth0
+
+---
+
+kind: Supplier
+id: goo
+inhert: template
+secret_name: gcp-svc-acct-keyfile
+output: ".gcp_svc_acct_keyfile"
+
+---
+
+kind: Supplier
+id: template
+secret_name: ''
+cached:
+  res:
+    kind: ResourcesSupplier
+    selector:
+      res_kind: Secret
+      name: get::self>>secret_name
+    many: false
+    serializer: legacy
+source: get::self>>res=>decoded_data
+
+---
+#
+#kind: Predicate
+#res:
+#  kind: ResourcesSupplier
+#  selector:
+#    res_kind: Secret
+#    name: db-creds
+#  many: false
+#challenge: get::self>>res=>data->.db_user=>__count__

platform-kama/configs/misc/predicates.yaml

@@ -0,0 +1,41 @@
+#kind: ManifestVariableDependency
+#id: variable_relations.hpa_disabled_prevents_min
+#effect: prevents_read
+#title: "HPA configuration will be ignored if it is disabled"
+#active:
+#  kind: Predicate
+#  challenge: get::self>>from_variable>>current_value
+#  operator: falsiness
+#
+#---
+#
+#kind: ManifestVariableDependencySelector
+#inherit: variable_dependency.template.hpa_disabled
+#from:
+#  id: backend.server.hpa.enabled
+#to:
+#  id: "backend.server.hpa.-*"
+#
+#---
+#
+#kind: ManifestVariableDependency
+#inherit: variable_dependency.template.ingress_disabled
+#labels:
+#  from_variable: ingress.enabled
+#  to_variable: ingress.class
+#
+#---
+#
+#kind: ManifestVariableDependency
+#inherit: variable_dependency.template.ingress_disabled
+#variable_selectors:
+#  from_variable: ingress.enabled
+#  to_variable: ingress.routes.-.*
+#
+#---
+#
+#kind: ManifestVariableDependency
+#inherit: variable_dependency.template.ingress_disabled
+#labels:
+#  from_variable: ingress.enabled
+#  to_variable: ingress.routes.backend

platform-kama/configs/variables/backend/dependencies.yaml

@@ -0,0 +1,29 @@
+kind: VariableCategory
+id: variable-category.networking
+title: Networking
+info: HTTP, HTTPS, DNS, SSH settings
+graphic: language
+
+---
+
+kind: VariableCategory
+id: variable-category.compute
+title: Workloads
+info: All things performance and functionality
+graphic: build
+
+---
+
+kind: VariableCategory
+id: variable-category.security
+title: Security
+info: Network policies, RBAC and admin access
+graphic: security
+
+---
+
+kind: VariableCategory
+id: variable-category.storage
+title: Storage
+info: PVCs, StorageClass, and backups
+graphic: save

platform-kama/configs/variables/categories.yaml

@@ -0,0 +1,93 @@
+################## TEMPLATES ###################
+
+kind: ManifestVariable
+id: variable.template.ingress_route_host
+casual_name: ""
+title: ${get::self>>casual_name} Ingress Host
+info: "Routes requests from this domain to the ${get::self>>casual_name}. Has
+no effect if ingress.enabled is false/null Has no effect if
+cluster does not have an ingress backend."
+category: id::variable-category.networking
+validators:
+  - kind: FormatPredicate
+    check_against: domain
+
+---
+
+kind: ManifestVariable
+id: variable.template.ingress_route_path
+category: id::variable-category.networking
+casual_name: ""
+title: ${get::self>>casual_name} Ingress Host
+info: "Custom path prefix path for ${get::self>>casual_name}. It
+is not recommended to set a value other than '/' as it may create bugs."
+owner: publisher
+validators:
+  - kind: FormatPredicate
+    check_against: path
+
+
+################## ACTUAL ###################
+
+
+---
+
+kind: ManifestVariable
+id: ingress.enabled
+category: id::variable-category.networking
+title: Application Ingress Toggle
+info: "If enabled, Ingress resource is provisioned to route out-of-cluster
+traffic to the application's various services. Note that you must have
+a DNS solution"
+input:
+  kind: OnOffInput
+correctness_predicates:
+  - id::predicate.ingress_enabled_resource_in_sync
+
+---
+
+kind: ManifestVariable
+id: ingress.routes.publisher_frontend.host
+inherit: variable.template.ingress_route_host
+casual_name: Publisher Dashboard
+correctness_predicates:
+  - kind::FalsePredicate
+
+---
+
+kind: ManifestVariable
+id: ingress.routes.backend.path
+inherit: variable.template.ingress_route_path
+casual_name: Backend
+
+---
+
+kind: ManifestVariable
+id: ingress.routes.publisher_frontend.path
+inherit: variable.template.ingress_route_path
+casual_name: Publisher Dashboard
+
+---
+
+kind: ManifestVariable
+id: ingress.routes.backend.host
+inherit: variable.template.ingress_route_host
+casual_name: Backend
+
+
+
+################## DEPENDENCIES ###################
+
+
+---
+
+kind: ManifestVariableDependency
+id: variable-dependency.when-ingress-is-disabled
+title: Value ignored when ingress.enabled is false
+from: [id::ingress.enabled]
+to:
+  id: [ingress.class, ingress.routes.*]
+active:
+  kind: Predicate
+  challenge: get::self>>from_variable>>current_value
+  operator: falsy

platform-kama/configs/variables/ingress_vars.yaml

@@ -0,0 +1,20 @@
+#kind: ManifestVariableDependency
+#id: variable_dependency.template.hpa_disabled
+#effect: prevents_read
+#info: HPA-specific configurations ignored if HPA is disabled
+#active:
+#  kind: Predicate
+#  challenge: get::self>>from_variable>>current_value
+#  operator: true
+#
+#---
+#
+#kind: ManifestVariableDependency
+#id: variable_dependency.template.ingress_disabled
+#effect: prevents_read
+#info: Ingress-specific configurations ignored if Ingress is disabled
+##info: Something about ingress yo
+#active:
+#  kind: Predicate
+#  challenge: get::self>>from_variable>>current_value
+#  operator: falsiness

platform-kama/configs/variables/misc/dependency-templates.yaml

@@ -0,0 +1,18 @@
+kind: ConfigurationPreset
+id: provider.presets.default
+title: Absolute Default
+info: Bare minimum defaults set by the publisher.
+default: true
+variables:
+  kind: ConfigSupplier
+  field_key: default_vars
+
+---
+
+kind: ConfigurationPreset
+id: provider.presets.high-limits
+title: Starter pack
+info: Insecure database, no authentication provider.
+variables:
+  kind: PresetAssignmentsSupplier
+  source: unsafe-database