diff --git a/helm/alfresco-content-services/Chart.lock b/helm/alfresco-content-services/Chart.lock index 4f42f85fb..891babd0a 100644 --- a/helm/alfresco-content-services/Chart.lock +++ b/helm/alfresco-content-services/Chart.lock @@ -31,7 +31,7 @@ dependencies: version: 7.0.0-alpha.0 - name: alfresco-search-enterprise repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 4.2.0 + version: 4.3.0-alpha.0 - name: alfresco-connector-msteams repository: https://alfresco.github.io/alfresco-helm-charts/ version: 2.0.0-alpha.0 @@ -49,6 +49,6 @@ dependencies: version: 21.4.1 - name: alfresco-audit-storage repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 0.1.0 -digest: sha256:5433041eaf19fe64506a8b2942ce90901d9f102eb2d773b796a9c4e64bb70d3f -generated: "2024-12-17T14:44:48.423722+01:00" + version: 0.2.0-alpha.0 +digest: sha256:809e677e581430f219dbc1024c239aed0f62862493d27ec980f7ee078098b5c8 +generated: "2024-12-18T14:47:30.487767+01:00" diff --git a/helm/alfresco-content-services/Chart.yaml b/helm/alfresco-content-services/Chart.yaml index cfe20b196..81bcfb2c0 100644 --- a/helm/alfresco-content-services/Chart.yaml +++ b/helm/alfresco-content-services/Chart.yaml @@ -61,7 +61,7 @@ dependencies: version: 7.0.0-alpha.0 condition: alfresco-sync-service.enabled - name: alfresco-search-enterprise - version: 4.2.0 + version: 4.3.0-alpha.0 repository: https://alfresco.github.io/alfresco-helm-charts/ condition: alfresco-search-enterprise.enabled - name: alfresco-connector-msteams @@ -86,7 +86,7 @@ dependencies: version: 21.4.1 condition: elasticsearch.enabled - name: alfresco-audit-storage - version: 0.1.0 + version: 0.2.0-alpha.0 repository: https://alfresco.github.io/alfresco-helm-charts/ condition: alfresco-audit-storage.enabled icon: https://avatars0.githubusercontent.com/u/391127?s=200&v=4 diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index 815f9f043..8918d9767 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -26,12 +26,12 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-control-center(alfresco-adf-app) | 0.2.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-digital-workspace(alfresco-adf-app) | 0.2.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-ai-transformer | 3.0.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-audit-storage | 0.1.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-audit-storage | 0.2.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 4.0.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-ms365 | 3.0.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-connector-msteams | 2.0.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.0 | -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 4.2.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search-enterprise | 4.3.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-search(alfresco-search-service) | 5.0.0-alpha.0 | | https://alfresco.github.io/alfresco-helm-charts/ | share(alfresco-share) | 1.2.0 | | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-sync-service | 7.0.0-alpha.0 | @@ -62,10 +62,10 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-audit-storage.enabled | bool | `true` | | | alfresco-audit-storage.image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | | | alfresco-audit-storage.image.tag | string | `"1.0.0"` | | -| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"SEARCH_URL"` | | +| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"AUDIT_SEARCH_URL"` | | | alfresco-audit-storage.index.existingConfigMap.name | string | `"alfresco-infrastructure"` | | -| alfresco-audit-storage.index.existingSecret.keys.password | string | `"SEARCH_PASSWORD"` | | -| alfresco-audit-storage.index.existingSecret.keys.username | string | `"SEARCH_USERNAME"` | | +| alfresco-audit-storage.index.existingSecret.keys.password | string | `"AUDIT_SEARCH_PASSWORD"` | | +| alfresco-audit-storage.index.existingSecret.keys.username | string | `"AUDIT_SEARCH_USERNAME"` | | | alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-search-secret"` | | | alfresco-audit-storage.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the message broker URL | | alfresco-audit-storage.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials | @@ -265,6 +265,11 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | global.mail.host | string | `nil` | SMTP server to use for the system to send outgoing email | | global.mail.port | int | `587` | SMTP server port | | global.mail.protocol | string | `"smtp"` | SMTP protocol to use. Either smtp or smtps | +| global.search.auditIndex.external.enabled | bool | `false` | set this to true if you want to use external search service for audit indexing | +| global.search.auditIndex.external.password | string | `nil` | password for authentication against the external search service for audit indexing (set to global.search.password if not provided) | +| global.search.auditIndex.external.url | string | `nil` | url to external search service for audit indexing (set to global.search.url if not provided) | +| global.search.auditIndex.external.username | string | `nil` | usernamame for authentication against the external search service for audit indexing (set to global.search.username if not provided) | +| global.search.auditIndex.internal | object | `{"password":null,"username":null}` | set this to enable credentials for internal elastisearch cluster for audit indexing | | global.search.existingSecretName | string | `nil` | Name of an existing secret that contains SOLR_SECRET key when flavour is solr6 or SEARCH_USERNAME and SEARCH_PASSWORD keys. | | global.search.flavor | string | `nil` | set the type of search service used externally (solr6 or elasticsearch) | | global.search.password | string | `nil` | Set password for authentication against the external elasticsearch service | diff --git a/helm/alfresco-content-services/templates/config-infrastructure.yaml b/helm/alfresco-content-services/templates/config-infrastructure.yaml index c40ff27bc..777b391a0 100644 --- a/helm/alfresco-content-services/templates/config-infrastructure.yaml +++ b/helm/alfresco-content-services/templates/config-infrastructure.yaml @@ -21,10 +21,25 @@ data: {{- end }} {{ template "alfresco-common.activemq.cm" (include "alfresco-content-services.mq.url" .) }} {{- $search_url := "" }} + {{- $audit_search_url := "" }} {{- $search_flavor := include "alfresco-content-services.search.flavor" . }} {{- if ne "noindex" $search_flavor }} {{- if .Values.global.search.url }} {{- $search_url = .Values.global.search.url }} + {{- if .Values.global.search.auditIndex.external.enabled }} + {{- $audit_search_url = coalesce .Values.global.search.auditIndex.external.url .Values.global.search.url }} + {{- else }} + {{- $esAuditHost := printf "%s-%s" (.Release.Name | default "acs") (.Values.global.elasticsearch.service.name | default "elasticsearch") }} + {{- $esAuditPort := .Values.global.elasticsearch.service.ports.restApi | default 9200 }} + {{- with .Values.elasticsearch }} + {{- if .enabled }} + {{- $esAuditProto := .protocol | default "http" }} + {{- $audit_search_url = printf "%s://%s:%v" $esAuditProto $esAuditHost $esAuditPort }} + {{- else }} + {{- fail "Chart is configured to use local elasticsearch cluster for audit indexing but elasticsearch is disabled. Set elasticsearch.enabled to true or use external elasticsearch cluster for audit indexing" }} + {{- end }} + {{- end }} + {{- end }} {{- else if eq "solr6" $search_flavor }} {{- $search_url = printf "http://%s/solr" (include "alfresco-search-service.deployment.name" .) }} {{- else if eq "elasticsearch" $search_flavor }} @@ -34,6 +49,7 @@ data: {{- if .enabled }} {{- $esProto := .protocol | default "http" }} {{- $search_url = coalesce $.Values.global.search.url (printf "%s://%s:%v" $esProto $esHost $esPort) }} + {{- $audit_search_url = coalesce $.Values.global.search.url (printf "%s://%s:%v" $esProto $esHost $esPort) }} {{- else }} {{- fail "Chart is configured to use Alfresco Search Enterprise but no index backend has been provided. Set one using either global.search.url or elasticsearch.enabled" }} {{- end }} @@ -50,6 +66,9 @@ data: {{- printf "SEARCH_URL: %s" $search_url | nindent 2 }} {{- printf "SEARCH_HOST: %s" (include "alfresco-common.url.host" $search_url) | nindent 2 }} {{- printf "SEARCH_PORT: %s" (include "alfresco-common.url.port" $search_url | quote) | nindent 2 }} + {{- printf "AUDIT_SEARCH_URL: %s" $audit_search_url | nindent 2 }} + {{- printf "AUDIT_SEARCH_HOST: %s" (include "alfresco-common.url.host" $audit_search_url) | nindent 2 }} + {{- printf "AUDIT_SEARCH_PORT: %s" (include "alfresco-common.url.port" $audit_search_url | quote) | nindent 2 }} {{- if eq "solr6" $search_flavor }} {{- printf "SOLR_BASE_URL: %s" (include "alfresco-common.url.path" $search_url | default "/solr") | nindent 2 }} {{- end }} diff --git a/helm/alfresco-content-services/templates/secret-search.yaml b/helm/alfresco-content-services/templates/secret-search.yaml index e174b51ea..78674d295 100644 --- a/helm/alfresco-content-services/templates/secret-search.yaml +++ b/helm/alfresco-content-services/templates/secret-search.yaml @@ -15,9 +15,15 @@ data: {{- else if eq "elasticsearch" $search_flavor }} SEARCH_USERNAME: {{ .username | default "" | b64enc | quote }} SEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }} - # Required by bitnami elasticsearch - elasticsearch-password: {{ .password | default "" | b64enc | quote }} - kibana-password: {{ .password | default "" | b64enc | quote }} + {{- if .auditIndex.external.enabled }} + AUDIT_SEARCH_USERNAME: {{ coalesce .auditIndex.external.username .username | default "" | b64enc | quote }} + AUDIT_SEARCH_PASSWORD: {{ coalesce .auditIndex.external.password .password | default "" | b64enc | quote }} + {{- else }} + AUDIT_SEARCH_USERNAME: {{ .auditIndex.internal.username | default "" | b64enc | quote }} + AUDIT_SEARCH_PASSWORD: {{ .auditIndex.internal.password | default "" | b64enc | quote }} + elasticsearch-password: {{ .auditIndex.internal.password | default "" | b64enc | quote }} + kibana-password: {{ .auditIndex.internal.password | default "" | b64enc | quote }} + {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/helm/alfresco-content-services/tests/config-infrastructure_test.yaml b/helm/alfresco-content-services/tests/config-infrastructure_test.yaml index 5024721ec..17595d938 100644 --- a/helm/alfresco-content-services/tests/config-infrastructure_test.yaml +++ b/helm/alfresco-content-services/tests/config-infrastructure_test.yaml @@ -76,7 +76,9 @@ tests: alfresco-search.enabled: false alfresco-search-enterprise.enabled: true elasticsearch.enabled: false + global.search.auditIndex.external.enabled: true global.search.url: https://mydomain.opensearch.domain.tld + global.search.auditIndex.external.url: https://mydomain.opensearch.audit.domain.tld global.search.flavor: elasticsearch global.search.securecomms: none # commented to test url has precedence @@ -108,6 +110,9 @@ tests: - equal: path: data.SEARCH_URL value: https://mydomain.opensearch.domain.tld + - equal: + path: data.AUDIT_SEARCH_URL + value: https://mydomain.opensearch.audit.domain.tld - notExists: path: data.SOLR_BASE_URL - equal: @@ -153,3 +158,39 @@ tests: - equal: path: data.DATABASE_URL value: jdbc:postgresql://alfresco:QA6fMXtdr%3EK%2F8aDFft,MJ%40p%3E@postgres-ha-primary.postgres-operator.svc:5432/alfresco + + - it: should render correct values when external elasticsearch and local elasticsearch for audit + values: *testvalues + set: + global.search.url: https://my.external.elasticsearch.com + global.search.username: externaluser + asserts: + - equal: + path: data.SEARCH_URL + value: https://my.external.elasticsearch.com + - equal: + path: data.AUDIT_SEARCH_URL + value: http://RELEASE-NAME-elasticsearch:9200 + + - it: should render same external url when specific audit url is not set + values: *testvalues + set: + global.search.url: https://my.external.elasticsearch.com + global.search.auditIndex.external.enabled: true + asserts: + - equal: + path: data.SEARCH_URL + value: https://my.external.elasticsearch.com + - equal: + path: data.AUDIT_SEARCH_URL + value: https://my.external.elasticsearch.com + + - it: should render same url for elasticsearch by default + values: *testvalues + asserts: + - equal: + path: data.SEARCH_URL + value: http://RELEASE-NAME-elasticsearch:9200 + - equal: + path: data.AUDIT_SEARCH_URL + value: http://RELEASE-NAME-elasticsearch:9200 diff --git a/helm/alfresco-content-services/tests/search_test.yaml b/helm/alfresco-content-services/tests/search_test.yaml index 9696ec24a..eea3de7ef 100644 --- a/helm/alfresco-content-services/tests/search_test.yaml +++ b/helm/alfresco-content-services/tests/search_test.yaml @@ -175,3 +175,54 @@ tests: path: data.SEARCH_FLAVOR value: solr6 template: config-infrastructure.yaml + + - it: Should set correct credentials for elastisearch + values: *testvalues + template: secret-search.yaml + asserts: + - equal: + path: data.SEARCH_USERNAME + value: "" + - equal: + path: data.SEARCH_PASSWORD + value: "" + - equal: + path: data.AUDIT_SEARCH_USERNAME + value: "" + - equal: + path: data.AUDIT_SEARCH_PASSWORD + value: "" + - equal: + path: data.elasticsearch-password + value: "" + - equal: + path: data.kibana-password + value: "" + + - it: Should set correct credentials with local audit and external elastisearch + values: *testvalues + set: + global: + search: + username: elastic + password: changeme + template: secret-search.yaml + asserts: + - equal: + path: data.SEARCH_USERNAME + value: ZWxhc3RpYw== + - equal: + path: data.SEARCH_PASSWORD + value: Y2hhbmdlbWU= + - equal: + path: data.AUDIT_SEARCH_USERNAME + value: "" + - equal: + path: data.AUDIT_SEARCH_PASSWORD + value: "" + - equal: + path: data.elasticsearch-password + value: "" + - equal: + path: data.kibana-password + value: "" diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index ae06644ee..c54b35c3e 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -62,6 +62,20 @@ global: # -- Name of an existing secret that contains SOLR_SECRET key when flavour # is solr6 or SEARCH_USERNAME and SEARCH_PASSWORD keys. existingSecretName: null + auditIndex: + external: + # -- set this to true if you want to use external search service for audit indexing + enabled: false + # -- url to external search service for audit indexing (set to global.search.url if not provided) + url: null + # -- usernamame for authentication against the external search service for audit indexing (set to global.search.username if not provided) + username: null + # -- password for authentication against the external search service for audit indexing (set to global.search.password if not provided) + password: null + # -- set this to enable credentials for internal elastisearch cluster for audit indexing + internal: + username: null + password: null elasticsearch: service: name: elasticsearch @@ -589,12 +603,12 @@ alfresco-audit-storage: existingConfigMap: name: *infrastructure_cmName keys: - url: SEARCH_URL + url: AUDIT_SEARCH_URL existingSecret: name: *acs_search_secretName keys: - username: SEARCH_USERNAME - password: SEARCH_PASSWORD + username: AUDIT_SEARCH_USERNAME + password: AUDIT_SEARCH_PASSWORD dtas: # -- Enables the deployment test suite which can run via `helm test` (currently available for Enterprise only) enabled: false