Skip to content

Commit

Permalink
enable external and internal
Browse files Browse the repository at this point in the history
  • Loading branch information
pmacius committed Dec 18, 2024
1 parent ce35e34 commit 0b68b99
Show file tree
Hide file tree
Showing 8 changed files with 153 additions and 17 deletions.
8 changes: 4 additions & 4 deletions helm/alfresco-content-services/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ dependencies:
version: 7.0.0-alpha.0
- name: alfresco-search-enterprise
repository: https://alfresco.github.io/alfresco-helm-charts/
version: 4.2.0
version: 4.3.0-alpha.0
- name: alfresco-connector-msteams
repository: https://alfresco.github.io/alfresco-helm-charts/
version: 2.0.0-alpha.0
Expand All @@ -49,6 +49,6 @@ dependencies:
version: 21.4.1
- name: alfresco-audit-storage
repository: https://alfresco.github.io/alfresco-helm-charts/
version: 0.1.0
digest: sha256:5433041eaf19fe64506a8b2942ce90901d9f102eb2d773b796a9c4e64bb70d3f
generated: "2024-12-17T14:44:48.423722+01:00"
version: 0.2.0-alpha.0
digest: sha256:809e677e581430f219dbc1024c239aed0f62862493d27ec980f7ee078098b5c8
generated: "2024-12-18T14:47:30.487767+01:00"
4 changes: 2 additions & 2 deletions helm/alfresco-content-services/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ dependencies:
version: 7.0.0-alpha.0
condition: alfresco-sync-service.enabled
- name: alfresco-search-enterprise
version: 4.2.0
version: 4.3.0-alpha.0
repository: https://alfresco.github.io/alfresco-helm-charts/
condition: alfresco-search-enterprise.enabled
- name: alfresco-connector-msteams
Expand All @@ -86,7 +86,7 @@ dependencies:
version: 21.4.1
condition: elasticsearch.enabled
- name: alfresco-audit-storage
version: 0.1.0
version: 0.2.0-alpha.0
repository: https://alfresco.github.io/alfresco-helm-charts/
condition: alfresco-audit-storage.enabled
icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4
15 changes: 10 additions & 5 deletions helm/alfresco-content-services/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-control-center(alfresco-adf-app) | 0.2.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-digital-workspace(alfresco-adf-app) | 0.2.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-ai-transformer | 3.0.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-audit-storage | 0.1.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-audit-storage | 0.2.0-alpha.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 4.0.0-alpha.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 3.0.0-alpha.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-msteams | 2.0.0-alpha.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 4.2.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 4.3.0-alpha.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 5.0.0-alpha.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 1.2.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-sync-service | 7.0.0-alpha.0 |
Expand Down Expand Up @@ -62,10 +62,10 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| alfresco-audit-storage.enabled | bool | `true` | |
| alfresco-audit-storage.image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | |
| alfresco-audit-storage.image.tag | string | `"1.0.0"` | |
| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"SEARCH_URL"` | |
| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"AUDIT_SEARCH_URL"` | |
| alfresco-audit-storage.index.existingConfigMap.name | string | `"alfresco-infrastructure"` | |
| alfresco-audit-storage.index.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | |
| alfresco-audit-storage.index.existingSecret.keys.username | string | `"SEARCH_USERNAME"` | |
| alfresco-audit-storage.index.existingSecret.keys.password | string | `"AUDIT_SEARCH_PASSWORD"` | |
| alfresco-audit-storage.index.existingSecret.keys.username | string | `"AUDIT_SEARCH_USERNAME"` | |
| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-search-secret"` | |
| alfresco-audit-storage.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the message broker URL |
| alfresco-audit-storage.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials |
Expand Down Expand Up @@ -265,6 +265,11 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| global.mail.host | string | `nil` | SMTP server to use for the system to send outgoing email |
| global.mail.port | int | `587` | SMTP server port |
| global.mail.protocol | string | `"smtp"` | SMTP protocol to use. Either smtp or smtps |
| global.search.auditIndex.external.enabled | bool | `false` | set this to true if you want to use external search service for audit indexing |
| global.search.auditIndex.external.password | string | `nil` | password for authentication against the external search service for audit indexing (set to global.search.password if not provided) |
| global.search.auditIndex.external.url | string | `nil` | url to external search service for audit indexing (set to global.search.url if not provided) |
| global.search.auditIndex.external.username | string | `nil` | usernamame for authentication against the external search service for audit indexing (set to global.search.username if not provided) |
| global.search.auditIndex.internal | object | `{"password":null,"username":null}` | set this to enable credentials for internal elastisearch cluster for audit indexing |
| global.search.existingSecretName | string | `nil` | Name of an existing secret that contains SOLR_SECRET key when flavour is solr6 or SEARCH_USERNAME and SEARCH_PASSWORD keys. |
| global.search.flavor | string | `nil` | set the type of search service used externally (solr6 or elasticsearch) |
| global.search.password | string | `nil` | Set password for authentication against the external elasticsearch service |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,25 @@ data:
{{- end }}
{{ template "alfresco-common.activemq.cm" (include "alfresco-content-services.mq.url" .) }}
{{- $search_url := "" }}
{{- $audit_search_url := "" }}
{{- $search_flavor := include "alfresco-content-services.search.flavor" . }}
{{- if ne "noindex" $search_flavor }}
{{- if .Values.global.search.url }}
{{- $search_url = .Values.global.search.url }}
{{- if .Values.global.search.auditIndex.external.enabled }}
{{- $audit_search_url = coalesce .Values.global.search.auditIndex.external.url .Values.global.search.url }}
{{- else }}
{{- $esAuditHost := printf "%s-%s" (.Release.Name | default "acs") (.Values.global.elasticsearch.service.name | default "elasticsearch") }}
{{- $esAuditPort := .Values.global.elasticsearch.service.ports.restApi | default 9200 }}
{{- with .Values.elasticsearch }}
{{- if .enabled }}
{{- $esAuditProto := .protocol | default "http" }}
{{- $audit_search_url = printf "%s://%s:%v" $esAuditProto $esAuditHost $esAuditPort }}
{{- else }}
{{- fail "Chart is configured to use local elasticsearch cluster for audit indexing but elasticsearch is disabled. Set elasticsearch.enabled to true or use external elasticsearch cluster for audit indexing" }}
{{- end }}
{{- end }}
{{- end }}
{{- else if eq "solr6" $search_flavor }}
{{- $search_url = printf "http://%s/solr" (include "alfresco-search-service.deployment.name" .) }}
{{- else if eq "elasticsearch" $search_flavor }}
Expand All @@ -34,6 +49,7 @@ data:
{{- if .enabled }}
{{- $esProto := .protocol | default "http" }}
{{- $search_url = coalesce $.Values.global.search.url (printf "%s://%s:%v" $esProto $esHost $esPort) }}
{{- $audit_search_url = coalesce $.Values.global.search.url (printf "%s://%s:%v" $esProto $esHost $esPort) }}
{{- else }}
{{- fail "Chart is configured to use Alfresco Search Enterprise but no index backend has been provided. Set one using either global.search.url or elasticsearch.enabled" }}
{{- end }}
Expand All @@ -50,6 +66,9 @@ data:
{{- printf "SEARCH_URL: %s" $search_url | nindent 2 }}
{{- printf "SEARCH_HOST: %s" (include "alfresco-common.url.host" $search_url) | nindent 2 }}
{{- printf "SEARCH_PORT: %s" (include "alfresco-common.url.port" $search_url | quote) | nindent 2 }}
{{- printf "AUDIT_SEARCH_URL: %s" $audit_search_url | nindent 2 }}
{{- printf "AUDIT_SEARCH_HOST: %s" (include "alfresco-common.url.host" $audit_search_url) | nindent 2 }}
{{- printf "AUDIT_SEARCH_PORT: %s" (include "alfresco-common.url.port" $audit_search_url | quote) | nindent 2 }}
{{- if eq "solr6" $search_flavor }}
{{- printf "SOLR_BASE_URL: %s" (include "alfresco-common.url.path" $search_url | default "/solr") | nindent 2 }}
{{- end }}
Expand Down
12 changes: 9 additions & 3 deletions helm/alfresco-content-services/templates/secret-search.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,15 @@ data:
{{- else if eq "elasticsearch" $search_flavor }}
SEARCH_USERNAME: {{ .username | default "" | b64enc | quote }}
SEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }}
# Required by bitnami elasticsearch
elasticsearch-password: {{ .password | default "" | b64enc | quote }}
kibana-password: {{ .password | default "" | b64enc | quote }}
{{- if .auditIndex.external.enabled }}
AUDIT_SEARCH_USERNAME: {{ coalesce .auditIndex.external.username .username | default "" | b64enc | quote }}
AUDIT_SEARCH_PASSWORD: {{ coalesce .auditIndex.external.password .password | default "" | b64enc | quote }}
{{- else }}
AUDIT_SEARCH_USERNAME: {{ .auditIndex.internal.username | default "" | b64enc | quote }}
AUDIT_SEARCH_PASSWORD: {{ .auditIndex.internal.password | default "" | b64enc | quote }}
elasticsearch-password: {{ .auditIndex.internal.password | default "" | b64enc | quote }}
kibana-password: {{ .auditIndex.internal.password | default "" | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,9 @@ tests:
alfresco-search.enabled: false
alfresco-search-enterprise.enabled: true
elasticsearch.enabled: false
global.search.auditIndex.external.enabled: true
global.search.url: https://mydomain.opensearch.domain.tld
global.search.auditIndex.external.url: https://mydomain.opensearch.audit.domain.tld
global.search.flavor: elasticsearch
global.search.securecomms: none
# commented to test url has precedence
Expand Down Expand Up @@ -108,6 +110,9 @@ tests:
- equal:
path: data.SEARCH_URL
value: https://mydomain.opensearch.domain.tld
- equal:
path: data.AUDIT_SEARCH_URL
value: https://mydomain.opensearch.audit.domain.tld
- notExists:
path: data.SOLR_BASE_URL
- equal:
Expand Down Expand Up @@ -153,3 +158,39 @@ tests:
- equal:
path: data.DATABASE_URL
value: jdbc:postgresql://alfresco:QA6fMXtdr%3EK%2F8aDFft,MJ%40p%[email protected]:5432/alfresco

- it: should render correct values when external elasticsearch and local elasticsearch for audit
values: *testvalues
set:
global.search.url: https://my.external.elasticsearch.com
global.search.username: externaluser
asserts:
- equal:
path: data.SEARCH_URL
value: https://my.external.elasticsearch.com
- equal:
path: data.AUDIT_SEARCH_URL
value: http://RELEASE-NAME-elasticsearch:9200

- it: should render same external url when specific audit url is not set
values: *testvalues
set:
global.search.url: https://my.external.elasticsearch.com
global.search.auditIndex.external.enabled: true
asserts:
- equal:
path: data.SEARCH_URL
value: https://my.external.elasticsearch.com
- equal:
path: data.AUDIT_SEARCH_URL
value: https://my.external.elasticsearch.com

- it: should render same url for elasticsearch by default
values: *testvalues
asserts:
- equal:
path: data.SEARCH_URL
value: http://RELEASE-NAME-elasticsearch:9200
- equal:
path: data.AUDIT_SEARCH_URL
value: http://RELEASE-NAME-elasticsearch:9200
51 changes: 51 additions & 0 deletions helm/alfresco-content-services/tests/search_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -175,3 +175,54 @@ tests:
path: data.SEARCH_FLAVOR
value: solr6
template: config-infrastructure.yaml

- it: Should set correct credentials for elastisearch
values: *testvalues
template: secret-search.yaml
asserts:
- equal:
path: data.SEARCH_USERNAME
value: ""
- equal:
path: data.SEARCH_PASSWORD
value: ""
- equal:
path: data.AUDIT_SEARCH_USERNAME
value: ""
- equal:
path: data.AUDIT_SEARCH_PASSWORD
value: ""
- equal:
path: data.elasticsearch-password
value: ""
- equal:
path: data.kibana-password
value: ""

- it: Should set correct credentials with local audit and external elastisearch
values: *testvalues
set:
global:
search:
username: elastic
password: changeme
template: secret-search.yaml
asserts:
- equal:
path: data.SEARCH_USERNAME
value: ZWxhc3RpYw==
- equal:
path: data.SEARCH_PASSWORD
value: Y2hhbmdlbWU=
- equal:
path: data.AUDIT_SEARCH_USERNAME
value: ""
- equal:
path: data.AUDIT_SEARCH_PASSWORD
value: ""
- equal:
path: data.elasticsearch-password
value: ""
- equal:
path: data.kibana-password
value: ""
20 changes: 17 additions & 3 deletions helm/alfresco-content-services/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,20 @@ global:
# -- Name of an existing secret that contains SOLR_SECRET key when flavour
# is solr6 or SEARCH_USERNAME and SEARCH_PASSWORD keys.
existingSecretName: null
auditIndex:
external:
# -- set this to true if you want to use external search service for audit indexing
enabled: false
# -- url to external search service for audit indexing (set to global.search.url if not provided)
url: null
# -- usernamame for authentication against the external search service for audit indexing (set to global.search.username if not provided)
username: null
# -- password for authentication against the external search service for audit indexing (set to global.search.password if not provided)
password: null
# -- set this to enable credentials for internal elastisearch cluster for audit indexing
internal:
username: null
password: null
elasticsearch:
service:
name: elasticsearch
Expand Down Expand Up @@ -589,12 +603,12 @@ alfresco-audit-storage:
existingConfigMap:
name: *infrastructure_cmName
keys:
url: SEARCH_URL
url: AUDIT_SEARCH_URL
existingSecret:
name: *acs_search_secretName
keys:
username: SEARCH_USERNAME
password: SEARCH_PASSWORD
username: AUDIT_SEARCH_USERNAME
password: AUDIT_SEARCH_PASSWORD
dtas:
# -- Enables the deployment test suite which can run via `helm test` (currently available for Enterprise only)
enabled: false
Expand Down

0 comments on commit 0b68b99

Please sign in to comment.