diff --git a/.github/workflows/branch-deploy-template.yaml b/.github/workflows/branch-deploy-template.yaml index a245407b8..4feae06ab 100644 --- a/.github/workflows/branch-deploy-template.yaml +++ b/.github/workflows/branch-deploy-template.yaml @@ -48,7 +48,7 @@ jobs: ref: ${{ inputs.branch-name }} - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} diff --git a/.github/workflows/build-template.yaml b/.github/workflows/build-template.yaml index ed780c316..2111a94e1 100644 --- a/.github/workflows/build-template.yaml +++ b/.github/workflows/build-template.yaml @@ -42,7 +42,7 @@ jobs: ref: ${{ inputs.checkout-ref }} - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} @@ -75,7 +75,7 @@ jobs: ref: ${{ inputs.checkout-ref }} - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} @@ -109,7 +109,7 @@ jobs: ref: ${{ inputs.checkout-ref }} - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} @@ -145,7 +145,7 @@ jobs: ref: ${{ inputs.checkout-ref }} - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} @@ -179,7 +179,7 @@ jobs: ref: ${{ inputs.checkout-ref }} - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} @@ -213,7 +213,7 @@ jobs: ref: ${{ inputs.checkout-ref }} - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} diff --git a/.github/workflows/dev-release.yaml b/.github/workflows/dev-release.yaml index f49ec52a1..ac8da41f9 100644 --- a/.github/workflows/dev-release.yaml +++ b/.github/workflows/dev-release.yaml @@ -1,11 +1,11 @@ ## For each release, the value of name, branches, RELEASE_NAME and PR_NUMBER need to be adjusted accordingly ## For each release, update lib/config.js: version and releaseBranch -name: TFRS Dev release-2.17.0 +name: TFRS Dev release-2.18.0 on: push: - branches: [ release-2.17.0 ] + branches: [ release-2.18.0 ] paths: - frontend/** - backend/** @@ -15,8 +15,8 @@ on: env: ## The pull request number of the Tracking pull request to merge the release branch to main ## Also remember to update the version in .pipeline/lib/config.js - PR_NUMBER: 2849 - RELEASE_NAME: release-2.17.0 + PR_NUMBER: 2860 + RELEASE_NAME: release-2.18.0 concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -84,8 +84,7 @@ jobs: ## Log in to Openshift with a token of service account - name: Log in to Openshift - ##uses: redhat-actions/oc-login@v1 - uses: smlgbl/oc-login@main + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} @@ -113,8 +112,7 @@ jobs: uses: actions/checkout@v3 - name: Log in to Openshift - ##uses: redhat-actions/oc-login@v1 - uses: smlgbl/oc-login@main + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} diff --git a/.github/workflows/pr-dev-database-template.yaml b/.github/workflows/pr-dev-database-template.yaml index 458d8b62b..6205e8f62 100644 --- a/.github/workflows/pr-dev-database-template.yaml +++ b/.github/workflows/pr-dev-database-template.yaml @@ -39,7 +39,7 @@ jobs: ref: refs/pull/${{ inputs.pr-number }}/head - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} diff --git a/.github/workflows/pr-dev-deploy-template.yaml b/.github/workflows/pr-dev-deploy-template.yaml index 51497c028..987a8a9e9 100644 --- a/.github/workflows/pr-dev-deploy-template.yaml +++ b/.github/workflows/pr-dev-deploy-template.yaml @@ -43,7 +43,7 @@ jobs: ref: ${{ inputs.checkout-ref }} - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.openshift-server }} openshift_token: ${{ secrets.openshift-token }} diff --git a/.github/workflows/pr-teardown.yaml b/.github/workflows/pr-teardown.yaml index f6e426cbd..035362386 100644 --- a/.github/workflows/pr-teardown.yaml +++ b/.github/workflows/pr-teardown.yaml @@ -21,7 +21,7 @@ jobs: steps: - name: Log in to Openshift - uses: redhat-actions/oc-login@v1.2 + uses: redhat-actions/oc-login@v1.3 with: openshift_server_url: ${{ secrets.OPENSHIFT_SERVER }} openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} diff --git a/.github/workflows/tfrs-release.yaml b/.github/workflows/tfrs-release.yaml index 5d9368269..b88bb61a4 100644 --- a/.github/workflows/tfrs-release.yaml +++ b/.github/workflows/tfrs-release.yaml @@ -1,7 +1,7 @@ ## For each release, the value of name, branches, RELEASE_NAME and PR_NUMBER need to be adjusted accordingly ## For each release, update lib/config.js: version and releaseBranch -name: TFRS release-2.17.0 +name: TFRS release-2.18.0 on: workflow_dispatch: @@ -10,8 +10,8 @@ on: env: ## The pull request number of the Tracking pull request to merge the release branch to main ## Also remember to update the version in .pipeline/lib/config.js - PR_NUMBER: 2849 - RELEASE_NAME: release-2.17.0 + PR_NUMBER: 2860 + RELEASE_NAME: release-2.18.0 concurrency: group: ${{ github.workflow }}-${{ github.ref }} diff --git a/.pipeline/lib/config.js b/.pipeline/lib/config.js index f2b0970e6..5afaffb65 100644 --- a/.pipeline/lib/config.js +++ b/.pipeline/lib/config.js @@ -1,7 +1,7 @@ 'use strict'; const options= require('@bcgov/pipeline-cli').Util.parseArguments() const changeId = options.pr //aka pull-request -const version = '2.17.0' +const version = '2.18.0' const name = 'tfrs' const ocpName = 'apps.silver.devops' @@ -13,7 +13,7 @@ options.git.repository='tfrs' const phases = { build: { namespace:'0ab226-tools' , name: `${name}`, phase: 'build' , changeId:changeId, suffix: `-build-${changeId}` , instance: `${name}-build-${changeId}` , version:`${version}-${changeId}`, tag:`build-${version}-${changeId}`, - releaseBranch: 'release-2.17.0' + releaseBranch: 'release-2.18.0' }, dev: {namespace:'0ab226-dev' , name: `${name}`, phase: 'dev' , changeId:changeId, suffix: `-dev` , instance: `${name}-dev` , version:`${version}`, tag:`dev-${version}`, dbServiceName: 'tfrs-spilo', diff --git a/backend/api/migrations/0023_delete_duplicate_bceid_account_1636.py b/backend/api/migrations/0023_delete_duplicate_bceid_account_1636.py new file mode 100644 index 000000000..aa914a42c --- /dev/null +++ b/backend/api/migrations/0023_delete_duplicate_bceid_account_1636.py @@ -0,0 +1,33 @@ +from django.db import migrations + +def delete_user_role(apps, schema_editor): + """Deletes UserRole objects filtered by user_id=1636.""" + db_alias = schema_editor.connection.alias + model = apps.get_model("api", "UserRole") + model.objects.using(db_alias).filter(user_id=1636).delete() + +def delete_user_creation_request(apps, schema_editor): + """Deletes UserCreationRequest objects filtered by user_id=1636.""" + db_alias = schema_editor.connection.alias + model = apps.get_model("api", "UserCreationRequest") + model.objects.using(db_alias).filter(user_id=1636).delete() + +def delete_user(apps, schema_editor): + """Deletes User objects filtered by user_id=1636.""" + db_alias = schema_editor.connection.alias + model = apps.get_model("api", "User") + model.objects.using(db_alias).filter(id=1636).delete() + +class Migration(migrations.Migration): + """ + Defines migration dependencies and operations for deleting user data. + """ + dependencies = [ + ('api', '0022_update_trade_effective_dates'), + ] + + operations = [ + migrations.RunPython(delete_user_role), + migrations.RunPython(delete_user_creation_request), + migrations.RunPython(delete_user), + ] diff --git a/backend/api/services/OrganizationService.py b/backend/api/services/OrganizationService.py index c31be6e6e..17f8107e0 100644 --- a/backend/api/services/OrganizationService.py +++ b/backend/api/services/OrganizationService.py @@ -107,9 +107,11 @@ def get_pending_deductions( if compliance_report.summary.credits_offset is not None: deductions += compliance_report.summary.credits_offset - # if report.status.director_status_id == 'Accepted' and \ - # ignore_pending_supplemental: - # deductions -= report.summary.credits_offset + # if report.status.director_status_id == 'Accepted' and ignore_pending_supplemental: + # if report.summary is not None: + # if report.summary.credits_offset: + # deductions -= report.summary.credits_offset + if deductions < 0: deductions = 0 @@ -117,13 +119,18 @@ def get_pending_deductions( @staticmethod def get_max_credit_offset(organization, compliance_year, exclude_reserved=False): + # Calculate the deadline for the compliance period for credit_trades until the end of March the following year. effective_date_deadline = datetime.date( int(compliance_year) + 1, 3, 31 ) + # Define the start date of the compliance period which is the first of January of the compliance year. compliance_period_effective_date = datetime.date( int(compliance_year), 1, 1 ) - credits = CreditTrade.objects.filter( + + # Query to sum up all the approved and non-rescinded credits for the organization until the deadline. + # Includes different types of credit transactions like selling, buying, and administrative adjustments. + credits_until_deadline = CreditTrade.objects.filter( (Q(status__status="Approved") & Q(type__the_type="Sell") & Q(respondent_id=organization.id) & @@ -153,28 +160,26 @@ def get_max_credit_offset(organization, compliance_year, exclude_reserved=False) Q(number_of_credits__gte=0) & Q(trade_effective_date__lte=effective_date_deadline)) ).aggregate(total=Sum('number_of_credits')) - debits = CreditTrade.objects.filter( + + # Query to sum up all approved, non-rescinded debits (outgoing credits) for the organization. + all_debits = CreditTrade.objects.filter( (Q(status__status="Approved") & Q(type__the_type="Sell") & Q(initiator_id=organization.id) & - Q(is_rescinded=False) & - Q(trade_effective_date__lte=effective_date_deadline)) | + Q(is_rescinded=False)) | (Q(status__status="Approved") & Q(type__the_type="Buy") & Q(respondent_id=organization.id) & - Q(is_rescinded=False) & - Q(trade_effective_date__lte=effective_date_deadline)) | + Q(is_rescinded=False)) | (Q(type__the_type="Credit Reduction") & Q(status__status="Approved") & Q(respondent_id=organization.id) & - Q(is_rescinded=False) & - Q(compliance_period__effective_date__lte=compliance_period_effective_date)) | + Q(is_rescinded=False)) | (Q(type__the_type="Administrative Adjustment") & Q(status__status="Approved") & Q(respondent_id=organization.id) & Q(is_rescinded=False) & - Q(number_of_credits__lt=0) & - Q(trade_effective_date__lte=effective_date_deadline)) + Q(number_of_credits__lt=0)) ).aggregate( total=Sum( Case( @@ -188,39 +193,41 @@ def get_max_credit_offset(organization, compliance_year, exclude_reserved=False) ) ) - total_in_compliance_period = 0 - if credits and credits.get('total') is not None: - total_in_compliance_period = credits.get('total') + # Calculate the net available balance by subtracting debits from credits. + net_available_balance = 0 + if credits_until_deadline and credits_until_deadline.get('total') is not None: + net_available_balance = credits_until_deadline.get('total') - if debits and debits.get('total') is not None: - total_in_compliance_period -= debits.get('total') + if all_debits and all_debits.get('total') is not None: + net_available_balance -= all_debits.get('total') + + # Check if reserved credits should be excluded and calculate accordingly. if exclude_reserved: pending_deductions = OrganizationService.get_pending_transfers_value(organization) else: pending_deductions = OrganizationService.get_pending_deductions(organization, ignore_pending_supplemental=False) - validated_credits = organization.organization_balance.get( - 'validated_credits', 0 - ) - total_balance = validated_credits - pending_deductions - total_available_credits = min(total_in_compliance_period, total_balance) - if total_available_credits < 0: - total_available_credits = 0 + # Deduct pending deductions from the available balance and ensure it does not drop below zero. + available_balance_now = net_available_balance - pending_deductions + if available_balance_now < 0: + available_balance_now = 0 - return total_available_credits + # Return the current available balance after all calculations. + return available_balance_now @staticmethod def get_max_credit_offset_for_interval(organization, compliance_date): effective_date_deadline = compliance_date.date() effective_year = effective_date_deadline.year + if effective_date_deadline < datetime.date(effective_year, 4, 1): effective_year -= 1 compliance_period_effective_date = datetime.date( int(effective_year), 1, 1 ) - credits = CreditTrade.objects.filter( + credits_until_deadline = CreditTrade.objects.filter( (Q(status__status="Approved") & Q(type__the_type="Sell") & Q(respondent_id=organization.id) & @@ -249,28 +256,24 @@ def get_max_credit_offset_for_interval(organization, compliance_date): Q(trade_effective_date__lte=effective_date_deadline)) ).aggregate(total=Sum('number_of_credits')) - debits = CreditTrade.objects.filter( + all_debits = CreditTrade.objects.filter( (Q(status__status="Approved") & Q(type__the_type="Sell") & Q(initiator_id=organization.id) & - Q(is_rescinded=False) & - Q(trade_effective_date__lte=effective_date_deadline)) | + Q(is_rescinded=False)) | (Q(status__status="Approved") & Q(type__the_type="Buy") & Q(respondent_id=organization.id) & - Q(is_rescinded=False) & - Q(trade_effective_date__lte=effective_date_deadline)) | + Q(is_rescinded=False)) | (Q(type__the_type="Credit Reduction") & Q(status__status="Approved") & Q(respondent_id=organization.id) & - Q(is_rescinded=False) & - Q(compliance_period__effective_date__lte=compliance_period_effective_date)) | + Q(is_rescinded=False)) | (Q(type__the_type="Administrative Adjustment") & Q(status__status="Approved") & Q(respondent_id=organization.id) & Q(is_rescinded=False) & - Q(number_of_credits__lt=0) & - Q(trade_effective_date__lte=effective_date_deadline)) + Q(number_of_credits__lt=0)) ).aggregate( total=Sum( Case( @@ -284,22 +287,18 @@ def get_max_credit_offset_for_interval(organization, compliance_date): ) ) - total_in_compliance_period = 0 - if credits and credits.get('total') is not None: - total_in_compliance_period = credits.get('total') + net_available_balance = 0 + if credits_until_deadline and credits_until_deadline.get('total') is not None: + net_available_balance = credits_until_deadline.get('total') - if debits and debits.get('total') is not None: - total_in_compliance_period -= debits.get('total') - pending_deductions = OrganizationService.get_pending_deductions(organization, ignore_pending_supplemental=False) + if all_debits and all_debits.get('total') is not None: + net_available_balance -= all_debits.get('total') - validated_credits = organization.organization_balance.get( - 'validated_credits', 0 - ) + pending_deductions = OrganizationService.get_pending_deductions(organization, ignore_pending_supplemental=False) - total_balance = validated_credits - pending_deductions - total_available_credits = min(total_in_compliance_period, total_balance) + available_balance_now = net_available_balance - pending_deductions - if total_available_credits < 0: - total_available_credits = 0 + if available_balance_now < 0: + available_balance_now = 0 - return total_available_credits + return available_balance_now diff --git a/backend/requirements.txt b/backend/requirements.txt index 0ff507275..e4f9b9f65 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -10,7 +10,7 @@ coreapi==2.3.3 coreschema==0.0.4 coverage==6.5.0 cryptography==39.0.1 -Django==3.2.23 +Django==3.2.25 django-celery-beat==1.4.0 django-cors-headers==3.10.1 django-debug-toolbar==3.2.4 diff --git a/frontend/package.json b/frontend/package.json index acbfccfa3..24119d4c8 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,6 +1,6 @@ { "name": "tfrs", - "version": "2.17.0", + "version": "2.18.0", "dependencies": { "@babel/eslint-parser": "^7.19.1", "@babel/plugin-proposal-object-rest-spread": "^7.20.7", diff --git a/frontend/src/organizations/OrganizationEditContainer.js b/frontend/src/organizations/OrganizationEditContainer.js index 1d8ebab52..c03d15396 100644 --- a/frontend/src/organizations/OrganizationEditContainer.js +++ b/frontend/src/organizations/OrganizationEditContainer.js @@ -51,7 +51,8 @@ class OrganizationEditContainer extends Component { edrms_record: '' }, formIsValid: false, - edrmsRecordError: '' + edrmsRecordError: '', + formIsDirty: false } this.submitted = false @@ -92,7 +93,8 @@ class OrganizationEditContainer extends Component { loadPropsToFieldState (props) { if ( Object.keys(props.organization.details).length !== 0 && - !this.submitted + !this.submitted && + !this.state.formIsDirty ) { const org = props.organization.details let addr = {} @@ -178,6 +180,7 @@ class OrganizationEditContainer extends Component { } this.setState({ fields: fieldState, + formIsDirty: true }) } diff --git a/openshift-v4/templates/cleanup/Dockerfile b/openshift-v4/templates/cleanup/Dockerfile new file mode 100644 index 000000000..876880aa9 --- /dev/null +++ b/openshift-v4/templates/cleanup/Dockerfile @@ -0,0 +1,4 @@ +FROM registry.redhat.io/openshift4/ose-cli +RUN mkdir /.kube && \ + chgrp -R root /.kube && \ + chmod -R g+w /.kube diff --git a/openshift-v4/templates/cleanup/cleanup-bc-docker.yaml b/openshift-v4/templates/cleanup/cleanup-bc-docker.yaml new file mode 100644 index 000000000..22ff4e4f2 --- /dev/null +++ b/openshift-v4/templates/cleanup/cleanup-bc-docker.yaml @@ -0,0 +1,52 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: cleanup +parameters: + - name: GIT_URL + displayName: + description: tfrs repo + required: true + - name: GIT_REF + displayName: + description: tfrs branch name of the pr + required: true +objects: + - apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + annotations: + description: cleanup + creationTimestamp: null + name: tfrs-cleanup + spec: + lookupPolicy: + local: false + - apiVersion: build.openshift.io/v1 + kind: BuildConfig + metadata: + name: tfrs-cleanup + creationTimestamp: + spec: + output: + to: + kind: ImageStreamTag + name: tfrs-cleanup:prod + resources: + limits: + cpu: 1500m + memory: 1300Mi + requests: + cpu: 750m + memory: 650Mi + source: + contextDir: openshift-v4/templates/cleanup + git: + uri: ${GIT_URL} + ref: ${GIT_REF} + type: Git + strategy: + type: Docker + dockerStrategy: + dockerfilePath: Dockerfile diff --git a/openshift-v4/templates/cleanup/cleanup-cron.yaml b/openshift-v4/templates/cleanup/cleanup-cron.yaml new file mode 100644 index 000000000..013122eae --- /dev/null +++ b/openshift-v4/templates/cleanup/cleanup-cron.yaml @@ -0,0 +1,131 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + creationTimestamp: null + name: tfrs-cleanup +parameters: + - name: LICENSE_PLATE + description: license plate for the projec + required: true + - name: LOGIN_TOKEN_SECRET + description: The secret having the login token + required: true +objects: + - kind: CronJob + apiVersion: batch/v1 + metadata: + name: tfrs-cleanup + spec: + schedule: 0 7 * * * + concurrencyPolicy: Forbid + suspend: false + jobTemplate: + metadata: + creationTimestamp: null + spec: + template: + metadata: + creationTimestamp: null + spec: + containers: + - resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 50m + memory: 50Mi + terminationMessagePath: /dev/termination-log + name: oc + command: + - /bin/sh + - "-c" + env: + - name: LOGIN_TOKEN + valueFrom: + secretKeyRef: + name: ${LOGIN_TOKEN_SECRET} + key: token + imagePullPolicy: Always + terminationMessagePolicy: File + image: >- + image-registry.openshift-image-registry.svc:5000/${LICENSE_PLATE}-tools/tfrs-cleanup:prod + args: + - > + date + + oc login --token=$(LOGIN_TOKEN) --server=https://api.silver.devops.gov.bc.ca:6443 + + oc version + + echo "" + + echo "====> Cleaning up ${LICENSE_PLATE}-tools" + + echo "==========> Removing expired builds" + + oc -n ${LICENSE_PLATE}-tools get builds | grep -E "Complete|Failed|Cancelled" | awk '{print $1}' | xargs oc -n ${LICENSE_PLATE}-tools delete build || true + + echo "==========> Removing expired pods" + + oc -n ${LICENSE_PLATE}-tools get pods | grep -E "Completed|Error|ContainerStatusUnknown" | grep -v crunchy | grep -v spilo | awk '{print $1}' | xargs oc -n ${LICENSE_PLATE}-tools delete pod || true + + namespaces=("${LICENSE_PLATE}-dev" "${LICENSE_PLATE}-test") + + for namespace in "${namespaces[@]}"; do + + echo "" + + echo "====> Cleaning up $namespace" + + echo "==========> Removing expired pods" + + oc -n $namespace get pods | grep -E "Completed|Error|ContainerStatusUnknown" | grep -v crunchy | grep -v spilo | awk '{print $1}' | xargs oc -n $namespace delete pod || true + + env=$(echo $namespace | awk -F '-' '{print $NF}') + + echo "==========> Removing expired backend images" + + runningBackendImageTag=$(oc -n $namespace describe dc/tfrs-backend-$env | grep Triggers | grep tfrs-backend | awk -F '@' '{print $2}' | awk -F ',' '{print $1}') || true + + oc -n $namespace get imagetags | grep tfrs-backend | grep -v $runningBackendImageTag | awk '{print $1}' | xargs oc -n $namespace delete imagetag || true + + echo "==========> Removing expired frontend images" + + runningFrontendImageTag=$(oc -n $namespace describe dc/tfrs-frontend-$env | grep Triggers | grep tfrs-frontend | awk -F '@' '{print $2}' | awk -F ',' '{print $1}') || true + + oc -n $namespace get imagetags | grep tfrs-frontend | grep -v $runningFrontendImageTag | awk '{print $1}' | xargs oc -n $namespace delete imagetag || true + + echo "==========> Removing expired celery images" + + runningCeleryImageTag=$(oc -n $namespace describe dc/tfrs-celery-$env | grep Triggers | grep tfrs-celery | awk -F '@' '{print $2}' | awk -F ',' '{print $1}') || true + + oc -n $namespace get imagetags | grep tfrs-celery | grep -v $runningCeleryImageTag | awk '{print $1}' | xargs oc -n $namespace delete imagetag || true + + echo "==========> Removing expired notification-server images" + + runningNotificationServerImageTag=$(oc -n $namespace describe dc/tfrs-notification-server-$env | grep Triggers | grep tfrs-notification-server | awk -F '@' '{print $2}' | awk -F ',' '{print $1}') || true + + oc -n $namespace get imagetags | grep tfrs-notification-server | grep -v $runningNotificationServerImageTag | awk '{print $1}' | xargs oc -n $namespace delete imagetag || true + + echo "==========> Removing expired scan-handler images" + + runningScanHandlerImageTag=$(oc -n $namespace describe dc/tfrs-scan-handler-$env | grep Triggers | grep tfrs-scan-handler | awk -F '@' '{print $2}' | awk -F ',' '{print $1}') || true + + oc -n $namespace get imagetags | grep tfrs-scan-handler | grep -v $runningScanHandlerImageTag | awk '{print $1}' | xargs oc -n $namespace delete imagetag || true + + echo "==========> Removing expired scan-coordinator images" + + runningScanCoordinatorImageTag=$(oc -n $namespace describe dc/tfrs-scan-coordinator-$env | grep Triggers | grep tfrs-scan-coordinator | awk -F '@' '{print $2}' | awk -F ',' '{print $1}') || true + + oc -n $namespace get imagetags | grep tfrs-scan-coordinator | grep -v $runningScanCoordinatorImageTag | awk '{print $1}' | xargs oc -n $namespace delete imagetag || true + + done + + restartPolicy: OnFailure + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler + successfulJobsHistoryLimit: 3 + failedJobsHistoryLimit: 1 diff --git a/openshift-v4/templates/cleanup/readme.md b/openshift-v4/templates/cleanup/readme.md new file mode 100644 index 000000000..7f557fc92 --- /dev/null +++ b/openshift-v4/templates/cleanup/readme.md @@ -0,0 +1,13 @@ +# Cleanup Cron Job + +## cleanup-bc-docker.yaml + +The build config to build a clean up image base on Openshift4 oc client image + +## cleanup-cron.yaml + +The Openshift Cron Job to run periodically to clean up unused resource on in ITVR spaces + +## Dockerfile + +The Dockerfile to build a new image on top of registry.redhat.io/openshift4/ose-cli diff --git a/openshift-v4/templates/knp/2-allow-minio-accepts-dev-test.yaml b/openshift-v4/templates/knp/2-allow-minio-accepts-dev-test.yaml new file mode 100644 index 000000000..7978b8ef3 --- /dev/null +++ b/openshift-v4/templates/knp/2-allow-minio-accepts-dev-test.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: tfrs-network-policy +metadata: + name: allow-minio-accepts +parameters: + - name: ENVIRONMENT + displayName: null + description: such as dev, test or prod + required: true +objects: + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: allow-minio-accepts-${ENVIRONMENT} + spec: + podSelector: + matchLabels: + app.kubernetes.io/instance: tfrs-minio + app.kubernetes.io/name: minio + ingress: + - ports: + - protocol: TCP + port: 9000 + from: + - podSelector: + matchLabels: + name: tfrs-scan-coordinator-${ENVIRONMENT} + - ports: + - protocol: TCP + port: 9000 + from: + - podSelector: + matchLabels: + name: tfrs-celery-${ENVIRONMENT} + - ports: + - protocol: TCP + port: 9000 + from: + - podSelector: + matchLabels: + name: tfrs-backend-${ENVIRONMENT} + policyTypes: + - Ingress + status: {} diff --git a/openshift-v4/templates/knp/2-allow-minio-accepts.yaml b/openshift-v4/templates/knp/2-allow-minio-accepts-prod.yaml similarity index 100% rename from openshift-v4/templates/knp/2-allow-minio-accepts.yaml rename to openshift-v4/templates/knp/2-allow-minio-accepts-prod.yaml