feat(apps/trackers-login): add script for auto login

qlonik · Jan 19, 2025 · 444233d · 444233d
1 parent e97b102
commit 444233d
Show file tree

Hide file tree

Showing 8 changed files with 209 additions and 2 deletions.
diff --git a/kubernetes/main/apps/external-secrets/external-secrets/secrets/secrets.sops.yaml b/kubernetes/main/apps/external-secrets/external-secrets/secrets/secrets.sops.yaml
@@ -355,6 +355,13 @@ stringData:
     #ENC[AES256_GCM,data:U0Bqld3eDyYYO00p1A==,iv:A+CCnxEGPpUD3+dQhimsLPxRVXUOMiCP+iLD7tXix3c=,tag:RjqPPNJO+wbug6A10+4Jrg==,type:comment]
     weave_gitops_admin_username: ENC[AES256_GCM,data:4V0WpyM=,iv:GN6BNLoCMkyxoYdwrjD5xDhirDobGvbS8epSQ3fsZiU=,tag:T/bSv5GSc/tip8xkgHZjmw==,type:str]
     weave_gitops_admin_password: ENC[AES256_GCM,data:6VWAV4MHOrR1qqq3FkrPB0U2OnUGQI3qhFrQYMeowJHGwORTDOY5Wg==,iv:Jfw4ryIHtrop1RYGQdbQq75UeTNmFET8xKGOzMflHTc=,tag:XiAEQMEOYxJjiUtWG5qOdA==,type:str]
+    #
+    #
+    #ENC[AES256_GCM,data:UrsOkgarq2pbHw==,iv:Ki+Zh6GqmCIK/qZuT8DRylRWGUcgpmA1OimxoVTkkes=,tag:eTyNy1rXD2fyHT8g/oz9aA==,type:comment]
+    #
+    #ENC[AES256_GCM,data:0eeJFjmqxeB5AzOHe5AV,iv:evVOv2rm1ygghImDATbvt3LEzyDoPW8ZHUFzZvDpVn4=,tag:NmpYSzDasspPLlCVX/TNww==,type:comment]
+    #ENC[AES256_GCM,data:+EbuQR/R+Cwbye24snc=,iv:0yHrRMczxtXodSEDJ5mFsYQmWL1RJvwOHcKGzo2Vxa4=,tag:1O+veWj/NTGpijyNf7leDg==,type:comment]
+    trackers_login_config: ENC[AES256_GCM,data:CNm68+6HqNwW0946JmDOE9Li3SZH+m98l0Ceg5yTdJcx1hDA2Qx8zCr8T4eW1zlIsee1VhHkYfdvyzHDArAsyEcj2n/+slMlubKdi9mz+VujzbIAM2MLB3bgOQJKTuyJhsrLrOEuJz8xsOxdgY4Buf4NEO0tVkitxatj9d4uaTorEEKCIgOW/uTTK86M/De5DhMSSmOUFL306KBwusPfJRORt31lPC6/CGtDkElcDBw7LXAQoKH7sFeyW9HBvwG1JwPUg6xrJqx1kb0R7H8N7Nh1lzbmPOfS3Rj3DszeK7FQKHHIkYnJxKqEQL1Gdw/QgFoCFDsEDil0bW/i5+nVrfWW2dRWl6RPVewbBNowZjPws79dLfJqbIdXp+/dcdoeChs3KXEVkg9Kxpo34sMfcb7ciPENDsBU7Pf2OCRELdyWTH03atvwVgS9XCrq9KXLM6N1s6DIkW7IpOKvD7G/e6doJO1fruCMiedtQacNdRbj13SnZ/OFVTIelLIhcyf0nzGPg2ZM3hg1nH7bFOQvmwuksWEBJdCSehXvfW4R7y2K9j3fh5o/5MOFY51OAjVzIieq/od6TVDEVttC+y6QYOS9aKGM7isC9lVO6p2eIOwuow5cbgwG347SHb81myFKeqBkyAMjIGfZLCDf+86ZjGGi+Fv9QzsMcgBl0FcD6tmgY/Q+xTL1MUyDcANn5wRuabYMNTXWCdOLY+sT87TUPWmIAuDZX2W7ELfwGDxqKX21MzsbvWdMjuqQ1MIrGSWRiihXoYsW4bGLtpM+N7yYj1hjsFd3E0vrmmUmJE/9kCPQHmXEeoFb/D/lqQX0I2nSGkAY3JZYbnvX5/y+LJ4xfBGuB4Hc7TFB/EDz+vE7DnnYFe+FXHqOckWuPPWrNvRR+fmdRbbUlCX8vuGc5p8eQvAfhVtKtu3i/CX1ENdGYLLFwfKe6wvkGnjne24EoynXUVUc7p71p4J+e/oNF7Yu93qJw/m6r2wK/BK+fiFA6TFxO/uMp1plqagS95y+LVzMk+PaZFpkliLfK1Zw8q8k4xk+N71UoDCMtO6ZhNY862YXnBwxlVpHIwMN/AKlP1MpRnNxIzMZvLc38KIKue0mdjQBSVpsPYAduE6lroV/OLVHh7bBZvXvH+ZnwDHxSmgKTeS3aF01GeCQd4BfXL9wVQQHQKS6mPyjGyAeDxNG3rmQJgGpnDti5LxJA0k8pvCZb8xkjbm9JAu6NToOHD5LTAJe5qMt6tdN1gvVy9JYDEloBqOs7VPLjXpGgTWD/F7R2Cs1CwFkwZ4rq6odfNT5vh9pe2pFFtseGiQuHEbDdmAFcVu3ctdW4I1jPx2QVOD/3webf2psO5Pf2diWn70W/7ipocqLvgal6kwJ2HBQYHQETOf3kDOsZaBYbTQbOUlG4Tr9VXVfMRQkLfQo/ygOZGRFBjG5WrNSdvjqciSauuc9tt74winu+pUcG9zmbcEXicVcYBoGTAFNn2+tJ5QuMfSt9ZW6GQuu/aME0lPio7rWtHH1YvuFM97kcSHUEAW9eT0aXFhM9mbb0KZHEw+NyMf13u5/kzw1iVJUgZcaYGkhFr2NL3VBemV9NkC5Ox33Gri0knO6AepTeySwxA+Bj+zrElnqIdEgWF4WEpt4tcouBs9NI4DhbDuNuOfgMM3imQghREF5c0gyYbTSqRBu3sIHKLyrr/PDKoDEzldAozNejJIUk3ehHcbWRqXg4XANo/Uhngj3uO4jx4ClOxwsW0Vz11Rv3RTRQ7FUQKwkgN28YWN5a97uAgpVpGFl+qnwbIW1pnuswz7T6lFzZkg7Smje7JAWLvJ8yf3s9/PAIWiZI24rz9dpj+FwZlkcgG2iqWrywQbNwycPGhDcHYW6W9JHhxCIRnMOsaa7GyzCkGs80Sg03Iyj6F6CpK2pQTcGBjWb+cOhQgf+KMV2utFEaXq3E+pvwuVUcd2zFUgV117srKfjDShDsQegq9HwXd29qRo7HPYRWYr04cCrTzCseDryubTBepPDoMJWDctRd1Lmmr0OgLoQ34yRdkRIUBzyqS/xEO6OiZhf/C5oQzh4iapJszlPjv3X4hrj+itX+9l0V05kW8hx4wWggWN4PgX9JYo9HV2zwG0MhDnnO40U+dG17Hvb3tLyPxpM9XowuNWKkZw6bDKYSoQ5lic+zWbPUb0N2rr7T/oH6J3Om7rbCBS7K5a8HkyYFMKnx8vJFKUU6zHSJe32YlzNdo3V/b+sDutpdGI69EG2ANMHHWHjINzzKcLeFKlLJ9iuzR/uU2NTaVdmxFGF1QIqKhrbvUALzUEeGhvq+L4oHriY2Oi8yk3ULOlzAlJsslXGLfBsQoD2Vo13XZjGa4Y6G+WU86cP8UMSZP50AH/mmC/LE5Lz/XexbX46bRV6lNABLMkMpC4IN2/hklTaP9ntUUse/mdwF8mI3UZl0BgbUX+8PvuFOpjCraYCn+XvPv2jKbxq1GAJlJLD083lbYP6BAYm0QmYF+ozcyOcfA5Vg/sa5pSkNaSed5Sb2xCzW8ZMpxRcancXzC11s1A5C/H2Ghn3t1lHbu3IusLb4C2DMCm/h01VJzJD0662YQigpk9wUruUoCQU4ye5LK3JK4Lbj2m7lzHz8BUqwBdal4BRZAuKcJL2hHJZgOM2/BWXu9LhT66PzDFSfy/LwCzLrTTEjR9obFVG4kDO2ytjx9XkmpkoqrCqIuy8lF6r1uXAvfr5Gk0Ztl5fTel/lqCtwb4ivwRE1JF7DixHKsM0ZTd42UGQ3nVxe4QfKhPWLXO9pG8ymP89P9rMWb8ZSwcSPHCJgHuuO6kOiMPuWGSjxpUB3JqKf4sIft7b/Yr7X7OyjC6RJuf7sX8GrXbAvD8wuFv6c41qNxKd1yn/95rEiSov++i6OMMZO28xp+W8LjbO4+WPLWFfTJbpIAsPd9WLaPqeZCQTwVtmLpL1jIcbcqlDSRW5rzEEVS1Up444PZIvNR2R2Q0LvxaZhbln2/iI3aFwlbvntcTUfI8PXm7BHrbKxIKuO+qZyOk3znV+L/Dy8v9U3VY9Zw2tqa3j1dwZkypBMLD1A2aY7TvfpWUD9Mg6qQdaJ+ZWFbgPu5OkiUdf7tMgfVGqz2b8++GwpYv0OmF2lE6xsviJI11YMbyx4QUu+SiHKziMsQ==,iv:sUBwXgtz+XRKyGPLFsy+zXPbPCkkkXkLWlggVVgkFzg=,tag:qY3FKB0QLhf2LAiNhCpfgw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -370,8 +377,8 @@ sops:
             S1Y2aUVvZDJUZ29vZ21SYnk4RDBvR2cK7HDsIjcO+R0Kdxxx9zAkymaqemZPBywk
             HV0CS8iCUdUlqfAvtNZvVJ/RjHQh7hZyQspEQnkMxLddLoHFEbQMyA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-18T23:23:07Z"
-    mac: ENC[AES256_GCM,data:CMkiytAql89Yh0AOMlrIphO4EUYvnL/MLAL4VVNkfbuo8kC2vpAIaZIplG8lsgMH3E9Hf5xZvw+w9CyHrKz2WjolKugRwe8Ex1MIv7XeKCN9q0zxGTsjRFTCqbVDylFcEbWS/DopcKDIVJjCh8+qbHNClfgJ8FtvkeuTLOlAfiQ=,iv:HJ16PLDrDoz1gf3XKHdRWmm5BvgDS6onFl5BXBHRK58=,tag:lQQ9uw1Twq3xgwuqySJLKA==,type:str]
+    lastmodified: "2025-01-18T23:43:46Z"
+    mac: ENC[AES256_GCM,data:ygQQBiXV1HUHs9spR2iPmQRQGQMnaOl//gPgnuI2vV4XQq+BDCxpIdsutfwGCJmW/zgLB2jw5nJSAbPlKNNRFGYYE7q1Yp7UjajG1BrLoXkhkpiXZ2n89qyFQbOu4bouizVLQiUmPkYWfPjRHRv/QWu4CNE/NzGX55+hDruX8hc=,iv:zNDRY3O4QrbWHcAXRjt7JkfRZI4hgMHHkEXcmD002/Q=,tag:62Dg4bGUplTDIWGifHmVHA==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.9.1
diff --git a/kubernetes/main/apps/workflows/kustomization.yaml b/kubernetes/main/apps/workflows/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  - ./trackers-login/ks.yaml
diff --git a/kubernetes/main/apps/workflows/namespace.yaml b/kubernetes/main/apps/workflows/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: workflows
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/main/apps/workflows/trackers-login/app/externalsecret.yaml b/kubernetes/main/apps/workflows/trackers-login/app/externalsecret.yaml
@@ -0,0 +1,19 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: trackers-login
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: store-k8s
+  target:
+    name: trackers-login-secret
+    template:
+      engineVersion: v2
+      data:
+        TRACKERS_LOGIN_CONFIG: "{{ .trackers_login_config }}"
+  dataFrom:
+    - extract:
+        key: everything
diff --git a/kubernetes/main/apps/workflows/trackers-login/app/helmrelease.yaml b/kubernetes/main/apps/workflows/trackers-login/app/helmrelease.yaml
@@ -0,0 +1,78 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: trackers-login
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.6.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controllers:
+      trackers-login:
+        type: cronjob
+        cronjob:
+          schedule: "@monthly"
+          timeZone: "${TIMEZONE}"
+          successfulJobsHistory: 2
+          failedJobsHistory: 2
+          concurrencyPolicy: Forbid
+        containers:
+          app:
+            image:
+              repository: ghcr.io/puppeteer/puppeteer
+              tag: 24.1.0@sha256:e5381e2ee590f78b3e23e5500f6082c8820a9c6c5eb8ac95da185629b1b2f574
+            args:
+              - node
+              - /home/pptruser/app/script.mjs
+            env:
+              XDG_CONFIG_HOME: /tmp/.config/chromium
+              XDG_CACHE_HOME: /tmp/.cache/chromium
+            envFrom:
+              - secretRef:
+                  name: trackers-login-secret
+            resources:
+              requests:
+                cpu: 100m
+                memory: 500Mi
+              limits:
+                memory: 2Gi
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop: ["ALL"]
+                add: ["SYS_ADMIN"]
+              seccompProfile: { type: RuntimeDefault }
+    defaultPodOptions:
+      annotations:
+        reloader.stakater.com/auto: "true"
+      enableServiceLinks: false
+      securityContext:
+        runAsNonRoot: true
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
+    persistence:
+      app:
+        type: configMap
+        name: trackers-login-script
+        globalMounts:
+          - path: /home/pptruser/app
+            readOnly: true
+      tmp:
+        type: emptyDir
diff --git a/kubernetes/main/apps/workflows/trackers-login/app/kustomization.yaml b/kubernetes/main/apps/workflows/trackers-login/app/kustomization.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
+
+configMapGenerator:
+  - name: trackers-login-script
+    files:
+      - ./resources/script.mjs
+generatorOptions:
+  disableNameSuffixHash: true
diff --git a/kubernetes/main/apps/workflows/trackers-login/app/resources/script.mjs b/kubernetes/main/apps/workflows/trackers-login/app/resources/script.mjs
@@ -0,0 +1,57 @@
+import puppeteer, { KnownDevices } from "puppeteer";
+import { promisify, inspect } from "util";
+
+/**
+ * @typedef {Object} SiteConf
+ * @property {string} url
+ * @property {string} usernameSelector
+ * @property {string} username
+ * @property {string} passwordSelector
+ * @property {string} password
+ * @property {string} loginSelector
+ * @property {string} afterLoginSelector
+ */
+
+/** @type {Array<SiteConf>} */
+const config = JSON.parse(process.env.TRACKERS_LOGIN_CONFIG);
+
+const browser = await puppeteer.launch();
+
+const results = await Promise.allSettled(
+  config.map(
+    async ({
+      url,
+      usernameSelector,
+      username,
+      passwordSelector,
+      password,
+      loginSelector,
+      afterLoginSelector,
+    }) => {
+      const context = await browser.createBrowserContext();
+
+      const page = await context.newPage();
+      await page.emulate(KnownDevices["iPad Pro 11 landscape"]);
+
+      await page.goto(url, { waitUntil: "networkidle0" });
+
+      await page.locator(usernameSelector).fill(username);
+      await page.locator(passwordSelector).fill(password);
+      await page.locator(loginSelector).click();
+      await page.waitForNetworkIdle();
+
+      await page.locator(afterLoginSelector).click();
+      await page.waitForNetworkIdle();
+
+      await promisify(setTimeout)(2000);
+
+      await context.close();
+
+      return url;
+    },
+  ),
+);
+
+console.log(inspect(results, { depth: null }));
+
+await browser.close();
diff --git a/kubernetes/main/apps/workflows/trackers-login/ks.yaml b/kubernetes/main/apps/workflows/trackers-login/ks.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app trackers-login
+  namespace: flux-system
+spec:
+  path: ./kubernetes/main/apps/workflows/trackers-login/app
+  targetNamespace: workflows
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-kubernetes
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m