Skip to content

Commit

Permalink
final changes
Browse files Browse the repository at this point in the history
  • Loading branch information
pmacius committed Dec 19, 2024
1 parent b789af7 commit 5f22ccb
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 42 deletions.
7 changes: 3 additions & 4 deletions helm/alfresco-content-services/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| alfresco-audit-storage.index.existingConfigMap.name | string | `"alfresco-infrastructure"` | |
| alfresco-audit-storage.index.existingSecret.keys.password | string | `"AUDIT_ELASTICSEARCH_PASSWORD"` | |
| alfresco-audit-storage.index.existingSecret.keys.username | string | `"AUDIT_ELASTICSEARCH_USERNAME"` | |
| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-search-secret"` | |
| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-aas-elasticsearch-secret"` | |
| alfresco-audit-storage.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the message broker URL |
| alfresco-audit-storage.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials |
| alfresco-connector-ms365.enabled | bool | `false` | Enable/Disable Alfresco Content Connector for Microsoft 365 |
Expand Down Expand Up @@ -247,17 +247,16 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| elasticsearch.kibana.configuration.server.basePath | string | `"/kibana"` | |
| elasticsearch.kibana.configuration.server.publicBaseUrl | string | `"http://localhost/kibana"` | |
| elasticsearch.kibana.configuration.server.rewriteBasePath | bool | `true` | |
| elasticsearch.kibana.elasticsearch.security.auth.elasticsearchPasswordSecret | string | `"alfresco-search-secret"` | |
| elasticsearch.kibana.elasticsearch.security.auth.existingSecret | string | `"alfresco-search-secret"` | |
| elasticsearch.kibana.ingress.enabled | bool | `true` | |
| elasticsearch.kibana.ingress.hostname | string | `"*"` | |
| elasticsearch.kibana.ingress.ingressClassName | string | `"nginx"` | |
| elasticsearch.kibana.ingress.path | string | `"/kibana"` | |
| elasticsearch.master.masterOnly | bool | `false` | |
| elasticsearch.master.replicaCount | int | `1` | |
| elasticsearch.security.elasticSecret | string | `"alfresco-search-secret"` | |
| global.alfrescoRegistryPullSecrets | string | `nil` | If a private image registry a secret can be defined and passed to kubernetes, see: https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret |
| global.auditIndex.existingSecretName | string | `nil` | Name of an existing secret that contains AUDIT_ELASTICSEARCH_USERNAME and AUDIT_ELASTICSEARCH_PASSWORD keys. |
| global.auditIndex.password | string | `nil` | set password for authentication against the external elasticsearch service for audit indexing |
| global.auditIndex.secretName | string | `"alfresco-aas-elasticsearch-secret"` | Name of the secret managed by this chart |
| global.auditIndex.url | string | `nil` | set this URL if you have an external search service for audit indexing |
| global.auditIndex.username | string | `nil` | set usernname for authentication against the external elasticsearch service for audit indexing |
| global.elasticsearch.service.name | string | `"elasticsearch"` | |
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{{- if not .Values.global.auditIndex.existingSecretName }}
{{- with .Values.global.auditIndex }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .secretName }}
labels:
{{- include "alfresco-content-services.labels" $ | nindent 4 }}
type: Opaque
data:
AUDIT_ELASTICSEARCH_USERNAME: {{ .username | default "" | b64enc | quote }}
AUDIT_ELASTICSEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }}
{{- end }}
{{- end }}
14 changes: 5 additions & 9 deletions helm/alfresco-content-services/templates/secret-search.yaml
Original file line number Diff line number Diff line change
@@ -1,25 +1,21 @@
{{- if not .Values.global.search.existingSecretName }}
{{- $search_flavor := (include "alfresco-content-services.search.flavor" .) }}
{{- if ne "noindex" $search_flavor }}
{{- with .Values.global }}
{{- with .Values.global.search }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .search.secretName }}
name: {{ .secretName }}
labels:
{{- include "alfresco-content-services.labels" $ | nindent 4 }}
type: Opaque
data:
{{- if eq "solr6" $search_flavor }}
SOLR_SECRET: {{ .search.sharedSecret | default "" | b64enc | quote }}
SOLR_SECRET: {{ .sharedSecret | default "" | b64enc | quote }}
{{- else if eq "elasticsearch" $search_flavor }}
SEARCH_USERNAME: {{ .search.username | default "" | b64enc | quote }}
SEARCH_PASSWORD: {{ .search.password | default "" | b64enc | quote }}
SEARCH_USERNAME: {{ .username | default "" | b64enc | quote }}
SEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }}
{{- end }}
AUDIT_ELASTICSEARCH_USERNAME: {{ .auditIndex.username | default "" | b64enc | quote }}
AUDIT_ELASTICSEARCH_PASSWORD: {{ .auditIndex.password | default "" | b64enc | quote }}
elasticsearch-password: {{ .auditIndex.password | default "" | b64enc | quote }}
kibana-password: {{ .auditIndex.password | default "" | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
31 changes: 10 additions & 21 deletions helm/alfresco-content-services/tests/search_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ suite: test repository properties in a secret
templates:
- config-infrastructure.yaml
- secret-search.yaml
- secret-audit-elasticsearch.yaml
tests:
- it: should render solr6 with secret
values: &testvalues
Expand Down Expand Up @@ -176,7 +177,7 @@ tests:
value: solr6
template: config-infrastructure.yaml

- it: Should set correct credentials for elastisearch
- it: Should set deafult correct credentials for elastisearch
values: *testvalues
template: secret-search.yaml
asserts:
Expand All @@ -186,18 +187,6 @@ tests:
- equal:
path: data.SEARCH_PASSWORD
value: ""
- equal:
path: data.AUDIT_ELASTICSEARCH_USERNAME
value: ""
- equal:
path: data.AUDIT_ELASTICSEARCH_PASSWORD
value: ""
- equal:
path: data.elasticsearch-password
value: ""
- equal:
path: data.kibana-password
value: ""

- it: Should set correct credentials with local audit and external elastisearch
values: *testvalues
Expand All @@ -206,26 +195,23 @@ tests:
search:
username: elastic
password: changeme
template: secret-search.yaml
asserts:
- equal:
path: data.SEARCH_USERNAME
value: ZWxhc3RpYw==
template: secret-search.yaml
- equal:
path: data.SEARCH_PASSWORD
value: Y2hhbmdlbWU=
template: secret-search.yaml
- equal:
path: data.AUDIT_ELASTICSEARCH_USERNAME
value: ""
template: secret-audit-elasticsearch.yaml
- equal:
path: data.AUDIT_ELASTICSEARCH_PASSWORD
value: ""
- equal:
path: data.elasticsearch-password
value: ""
- equal:
path: data.kibana-password
value: ""
template: secret-audit-elasticsearch.yaml

- it: Should set correct credentials with external audit and external elastisearch as the same cluster
values: *testvalues
Expand All @@ -237,17 +223,20 @@ tests:
auditIndex:
username: elastic
password: changeme
template: secret-search.yaml
asserts:
- equal:
path: data.SEARCH_USERNAME
value: ZWxhc3RpYw==
template: secret-search.yaml
- equal:
path: data.SEARCH_PASSWORD
value: Y2hhbmdlbWU=
template: secret-search.yaml
- equal:
path: data.AUDIT_ELASTICSEARCH_USERNAME
value: ZWxhc3RpYw==
template: secret-audit-elasticsearch.yaml
- equal:
path: data.AUDIT_ELASTICSEARCH_PASSWORD
value: Y2hhbmdlbWU=
template: secret-audit-elasticsearch.yaml
13 changes: 5 additions & 8 deletions helm/alfresco-content-services/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ global:
username: null
# -- set password for authentication against the external elasticsearch service for audit indexing
password: null
# -- Name of the secret managed by this chart
secretName: &aas_elasticsearch_secretName alfresco-aas-elasticsearch-secret
# -- Name of an existing secret that contains AUDIT_ELASTICSEARCH_USERNAME and AUDIT_ELASTICSEARCH_PASSWORD keys.
existingSecretName: null
elasticsearch:
service:
name: elasticsearch
Expand Down Expand Up @@ -558,19 +562,12 @@ elasticsearch:
replicaCount: 0
ingest:
replicaCount: 0
security:
elasticSecret: *acs_search_secretName
kibana:
configuration:
server:
basePath: "/kibana"
publicBaseUrl: "http://localhost/kibana"
rewriteBasePath: true
elasticsearch:
security:
auth:
elasticsearchPasswordSecret: *acs_search_secretName
existingSecret: *acs_search_secretName
ingress:
enabled: true
ingressClassName: nginx
Expand Down Expand Up @@ -598,7 +595,7 @@ alfresco-audit-storage:
keys:
url: AUDIT_ELASTICSEARCH_URL
existingSecret:
name: *acs_search_secretName
name: *aas_elasticsearch_secretName
keys:
username: AUDIT_ELASTICSEARCH_USERNAME
password: AUDIT_ELASTICSEARCH_PASSWORD
Expand Down

0 comments on commit 5f22ccb

Please sign in to comment.