From b06c420f36135fe238cfe2659ff3a9073a3b7d08 Mon Sep 17 00:00:00 2001
From: Jason Montleon <jmontleo@redhat.com>
Date: Tue, 31 Oct 2023 13:19:16 -0400
Subject: [PATCH] :sparkles: Migrate Pathfinder assessments and remove
 Pathfinder

Signed-off-by: Jason Montleon <jmontleo@redhat.com>
---
 Dockerfile                     |   6 ++
 roles/tackle/defaults/main.yml |   1 -
 roles/tackle/tasks/main.yml    | 145 ++++++++++++++++++---------------
 tools/upgrades/jwt.sh          |  28 +++++++
 4 files changed, 112 insertions(+), 68 deletions(-)
 create mode 100755 tools/upgrades/jwt.sh

diff --git a/Dockerfile b/Dockerfile
index 1f2614a..59c7913 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,12 @@
 ARG OPERATOR_SDK_VERSION=v1.28.1
 FROM quay.io/operator-framework/ansible-operator:$OPERATOR_SDK_VERSION
 
+USER 0
+COPY tools/upgrades/migrate-pathfinder-assessments.py /usr/local/bin/migrate-pathfinder-assessments.py
+COPY tools/upgrades/jwt.sh /usr/local/bin/jwt.sh
+RUN dnf -y install openssl && dnf clean all
+USER 1001
+
 COPY requirements.yml ${HOME}/requirements.yml
 RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \
  && chmod -R ug+rwx ${HOME}/.ansible
diff --git a/roles/tackle/defaults/main.yml b/roles/tackle/defaults/main.yml
index 728d13f..387aacd 100644
--- a/roles/tackle/defaults/main.yml
+++ b/roles/tackle/defaults/main.yml
@@ -9,7 +9,6 @@ app_version: "{{ lookup('env', 'VERSION') }}"
 feature_auth_required: "{{ false if app_profile == 'konveyor' else true }}"
 feature_auth_type: keycloak
 feature_isolate_namespace: true
-feature_pathfinder: true
 
 # Environment
 openshift_cluster: false
diff --git a/roles/tackle/tasks/main.yml b/roles/tackle/tasks/main.yml
index 43c5ccd..ed6c201 100644
--- a/roles/tackle/tasks/main.yml
+++ b/roles/tackle/tasks/main.yml
@@ -272,72 +272,6 @@
       retries: 30
       delay: 5
 
-- when:
-    - feature_pathfinder|bool
-  block:
-    - name: "Setup PathFinder PostgreSQL PersistentVolume"
-      k8s:
-        state: present
-        definition: "{{ lookup('template', 'persistentvolumeclaim-pathfinder-postgresql.yml.j2') }}"
-
-    - name: "Check if PathFinder PostgreSQL Secret exists already so we don't update it"
-      k8s_info:
-        api_version: v1
-        kind: Secret
-        name: "{{ pathfinder_database_secret_name }}"
-        namespace: "{{ app_namespace }}"
-      register: pathfinder_database_secret_status
-
-    - when: (pathfinder_database_secret_status.resources | length) == 0
-      block:
-        - name: "Generate random values for PathFinder PostgreSQL username and password"
-          set_fact:
-            pathfinder_database_db_username: "user-{{ lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=4') }}"
-            pathfinder_database_db_password: "{{ lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=16') }}"
-
-        - name: "Encode PathFinder PostgreSQL username and password"
-          set_fact:
-            pathfinder_database_db_username_b64: "{{ pathfinder_database_db_username | b64encode }}"
-            pathfinder_database_db_password_b64: "{{ pathfinder_database_db_password | b64encode }}"
-
-        - name: "Setup PathFinder PostgreSQL Secret"
-          k8s:
-            state: present
-            definition: "{{ lookup('template', 'secret-pathfinder-postgresql.yml.j2') }}"
-
-    - name: "Setup PathFinder PostgreSQL Service"
-      k8s:
-        state: present
-        definition: "{{ lookup('template', 'service-pathfinder-postgresql.yml.j2') }}"
-
-    - name: "Setup PathFinder PostgreSQL Deployment"
-      k8s:
-        state: present
-        definition: "{{ lookup('template', 'deployment-pathfinder-postgresql.yml.j2') }}"
-
-    - name: "Check status of PathFinder PostgreSQL"
-      kubernetes.core.k8s_info:
-        api_version: v1
-        kind: Pod
-        namespace: "{{ app_namespace }}"
-        label_selectors:
-          - app.kubernetes.io/name = {{ pathfinder_database_service_name }}
-        wait: true
-        wait_condition:
-          type: "Ready"
-          status: "True"
-        wait_timeout: 240
-
-    - name: "Setup PathFinder Service"
-      k8s:
-        state: present
-        definition: "{{ lookup('template', 'service-pathfinder.yml.j2') }}"
-
-    - name: "Setup PathFinder Deployment"
-      k8s:
-        state: present
-        definition: "{{ lookup('template', 'deployment-pathfinder.yml.j2') }}"
-
 - name: "Setup Hub API Database PersistentVolumeClaim"
   k8s:
     state: present
@@ -392,7 +326,6 @@
         state: present
         definition: "{{ lookup('template', 'secret-hub.yml.j2') }}"
 
-
 - name: "Look up Keycloak DB Secret for Hashing"
   set_fact:
     keycloak_db_secret:
@@ -519,3 +452,81 @@
   when:
     - hub_metrics_enabled|bool
     - openshift_cluster|bool
+
+- name: "Check if pathfinder exists"
+  kubernetes.core.k8s_info:
+    api_version: v1
+    kind: Pod
+    namespace: "{{ app_namespace }}"
+    label_selectors:
+      - app.kubernetes.io/name = {{ app_name }}-{{ pathfinder_component_name }}
+  register: pathfinder_pod
+
+- when:
+  - (pathfinder_pod.resources | length) > 0
+  block:
+  - name: "Wait for Pathfinder to be Ready"
+    kubernetes.core.k8s_info:
+      api_version: v1
+      kind: Pod
+      namespace: "{{ app_namespace }}"
+      label_selectors:
+        - app.kubernetes.io/name = {{ app_name }}-{{ pathfinder_component_name }}
+      wait: true
+      wait_condition:
+        type: "Ready"
+        status: "True"
+      wait_timeout: 240
+
+  - name: "Wait for the Hub to be Ready"
+    kubernetes.core.k8s_info:
+      api_version: v1
+      kind: Pod
+      namespace: "{{ app_namespace }}"
+      label_selectors:
+        - app.kubernetes.io/name = {{ app_name }}-{{ hub_component_name }}
+      wait: true
+      wait_condition:
+        type: "Ready"
+        status: "True"
+      wait_timeout: 240
+
+  - name: Retrieve Hub Secret
+    kubernetes.core.k8s_info:
+      api_version: v1
+      kind: Secret
+      name: "{{ hub_secret_name }}"
+      namespace: "{{ app_namespace }}"
+    register: hub_secret
+
+  - name: Set Hub Token
+    set_fact:
+      hub_key: "{{ hub_secret.resources[0].data.addon_token | b64decode }}"
+
+  - name: Migrate assessments
+    shell: /usr/local/bin/migrate-pathfinder-assessments.py -p http://{{ pathfinder_service_name }}:8080/pathfinder -b http://{{ hub_service_name }}:8080 -t $(/usr/local/bin/jwt.sh {{ hub_key }})
+
+  - name: "Remove PathFinder PostgreSQL Secret"
+    k8s:
+      state: absent
+      definition: "{{ lookup('template', 'secret-pathfinder-postgresql.yml.j2') }}"
+
+  - name: "Remove PathFinder PostgreSQL Service"
+    k8s:
+      state: absent
+      definition: "{{ lookup('template', 'service-pathfinder-postgresql.yml.j2') }}"
+
+  - name: "Remove PathFinder PostgreSQL Deployment"
+    k8s:
+      state: absent
+      definition: "{{ lookup('template', 'deployment-pathfinder-postgresql.yml.j2') }}"
+
+  - name: "Remove PathFinder Service"
+    k8s:
+      state: absent
+      definition: "{{ lookup('template', 'service-pathfinder.yml.j2') }}"
+
+  - name: "Remove PathFinder Deployment"
+    k8s:
+      state: absent
+      definition: "{{ lookup('template', 'deployment-pathfinder.yml.j2') }}"
diff --git a/tools/upgrades/jwt.sh b/tools/upgrades/jwt.sh
new file mode 100755
index 0000000..98e10e4
--- /dev/null
+++ b/tools/upgrades/jwt.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# Usage: jwt.sh <key> <scope>
+#
+# scope - (string) space-separated scopes. (default: *:*).
+#
+key=$1
+scope="${2:-*:*}"
+header='{"typ":"JWT","alg":"HS512"}'
+payload="{\"user\":\"operator\",\"scope\":\"${scope}\"}"
+headerStr=$(echo -n ${header} \
+  | base64 -w 0 \
+  | sed s/\+/-/g \
+  | sed 's/\//_/g' \
+  | sed -E s/=+$//)
+payloadStr=$(echo -n ${payload} \
+  | base64 -w 0 \
+  | sed s/\+/-/g \
+  | sed 's/\//_/g' \
+  | sed -E s/=+$//)
+signStr=$(echo -n "${headerStr}.${payloadStr}" \
+  | openssl dgst -sha512 -hmac ${key} -binary \
+  | base64  -w 0 \
+  | sed s/\+/-/g \
+  | sed 's/\//_/g' \
+  | sed -E s/=+$//)
+token="${headerStr}.${payloadStr}.${signStr}"
+echo "${token}"