From 5f22ccbb64f89e5e84ace9bb9b7eba36405e71a9 Mon Sep 17 00:00:00 2001 From: pmacius Date: Thu, 19 Dec 2024 11:23:44 +0100 Subject: [PATCH] final changes --- helm/alfresco-content-services/README.md | 7 ++--- .../templates/secret-audit-elasticsearch.yaml | 14 +++++++++ .../templates/secret-search.yaml | 14 +++------ .../tests/search_test.yaml | 31 ++++++------------- helm/alfresco-content-services/values.yaml | 13 +++----- 5 files changed, 37 insertions(+), 42 deletions(-) create mode 100644 helm/alfresco-content-services/templates/secret-audit-elasticsearch.yaml diff --git a/helm/alfresco-content-services/README.md b/helm/alfresco-content-services/README.md index 1f9883155..6773dcbc7 100644 --- a/helm/alfresco-content-services/README.md +++ b/helm/alfresco-content-services/README.md @@ -66,7 +66,7 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | alfresco-audit-storage.index.existingConfigMap.name | string | `"alfresco-infrastructure"` | | | alfresco-audit-storage.index.existingSecret.keys.password | string | `"AUDIT_ELASTICSEARCH_PASSWORD"` | | | alfresco-audit-storage.index.existingSecret.keys.username | string | `"AUDIT_ELASTICSEARCH_USERNAME"` | | -| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-search-secret"` | | +| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-aas-elasticsearch-secret"` | | | alfresco-audit-storage.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the message broker URL | | alfresco-audit-storage.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials | | alfresco-connector-ms365.enabled | bool | `false` | Enable/Disable Alfresco Content Connector for Microsoft 365 | @@ -247,17 +247,16 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b | elasticsearch.kibana.configuration.server.basePath | string | `"/kibana"` | | | elasticsearch.kibana.configuration.server.publicBaseUrl | string | `"http://localhost/kibana"` | | | elasticsearch.kibana.configuration.server.rewriteBasePath | bool | `true` | | -| elasticsearch.kibana.elasticsearch.security.auth.elasticsearchPasswordSecret | string | `"alfresco-search-secret"` | | -| elasticsearch.kibana.elasticsearch.security.auth.existingSecret | string | `"alfresco-search-secret"` | | | elasticsearch.kibana.ingress.enabled | bool | `true` | | | elasticsearch.kibana.ingress.hostname | string | `"*"` | | | elasticsearch.kibana.ingress.ingressClassName | string | `"nginx"` | | | elasticsearch.kibana.ingress.path | string | `"/kibana"` | | | elasticsearch.master.masterOnly | bool | `false` | | | elasticsearch.master.replicaCount | int | `1` | | -| elasticsearch.security.elasticSecret | string | `"alfresco-search-secret"` | | | global.alfrescoRegistryPullSecrets | string | `nil` | If a private image registry a secret can be defined and passed to kubernetes, see: https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret | +| global.auditIndex.existingSecretName | string | `nil` | Name of an existing secret that contains AUDIT_ELASTICSEARCH_USERNAME and AUDIT_ELASTICSEARCH_PASSWORD keys. | | global.auditIndex.password | string | `nil` | set password for authentication against the external elasticsearch service for audit indexing | +| global.auditIndex.secretName | string | `"alfresco-aas-elasticsearch-secret"` | Name of the secret managed by this chart | | global.auditIndex.url | string | `nil` | set this URL if you have an external search service for audit indexing | | global.auditIndex.username | string | `nil` | set usernname for authentication against the external elasticsearch service for audit indexing | | global.elasticsearch.service.name | string | `"elasticsearch"` | | diff --git a/helm/alfresco-content-services/templates/secret-audit-elasticsearch.yaml b/helm/alfresco-content-services/templates/secret-audit-elasticsearch.yaml new file mode 100644 index 000000000..a7ebbc807 --- /dev/null +++ b/helm/alfresco-content-services/templates/secret-audit-elasticsearch.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.global.auditIndex.existingSecretName }} +{{- with .Values.global.auditIndex }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .secretName }} + labels: + {{- include "alfresco-content-services.labels" $ | nindent 4 }} +type: Opaque +data: + AUDIT_ELASTICSEARCH_USERNAME: {{ .username | default "" | b64enc | quote }} + AUDIT_ELASTICSEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/helm/alfresco-content-services/templates/secret-search.yaml b/helm/alfresco-content-services/templates/secret-search.yaml index ee2415a83..228f652af 100644 --- a/helm/alfresco-content-services/templates/secret-search.yaml +++ b/helm/alfresco-content-services/templates/secret-search.yaml @@ -1,25 +1,21 @@ {{- if not .Values.global.search.existingSecretName }} {{- $search_flavor := (include "alfresco-content-services.search.flavor" .) }} {{- if ne "noindex" $search_flavor }} -{{- with .Values.global }} +{{- with .Values.global.search }} apiVersion: v1 kind: Secret metadata: - name: {{ .search.secretName }} + name: {{ .secretName }} labels: {{- include "alfresco-content-services.labels" $ | nindent 4 }} type: Opaque data: {{- if eq "solr6" $search_flavor }} - SOLR_SECRET: {{ .search.sharedSecret | default "" | b64enc | quote }} + SOLR_SECRET: {{ .sharedSecret | default "" | b64enc | quote }} {{- else if eq "elasticsearch" $search_flavor }} - SEARCH_USERNAME: {{ .search.username | default "" | b64enc | quote }} - SEARCH_PASSWORD: {{ .search.password | default "" | b64enc | quote }} + SEARCH_USERNAME: {{ .username | default "" | b64enc | quote }} + SEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }} {{- end }} - AUDIT_ELASTICSEARCH_USERNAME: {{ .auditIndex.username | default "" | b64enc | quote }} - AUDIT_ELASTICSEARCH_PASSWORD: {{ .auditIndex.password | default "" | b64enc | quote }} - elasticsearch-password: {{ .auditIndex.password | default "" | b64enc | quote }} - kibana-password: {{ .auditIndex.password | default "" | b64enc | quote }} {{- end }} {{- end }} {{- end }} diff --git a/helm/alfresco-content-services/tests/search_test.yaml b/helm/alfresco-content-services/tests/search_test.yaml index ef540ac82..f6c5605cc 100644 --- a/helm/alfresco-content-services/tests/search_test.yaml +++ b/helm/alfresco-content-services/tests/search_test.yaml @@ -3,6 +3,7 @@ suite: test repository properties in a secret templates: - config-infrastructure.yaml - secret-search.yaml + - secret-audit-elasticsearch.yaml tests: - it: should render solr6 with secret values: &testvalues @@ -176,7 +177,7 @@ tests: value: solr6 template: config-infrastructure.yaml - - it: Should set correct credentials for elastisearch + - it: Should set deafult correct credentials for elastisearch values: *testvalues template: secret-search.yaml asserts: @@ -186,18 +187,6 @@ tests: - equal: path: data.SEARCH_PASSWORD value: "" - - equal: - path: data.AUDIT_ELASTICSEARCH_USERNAME - value: "" - - equal: - path: data.AUDIT_ELASTICSEARCH_PASSWORD - value: "" - - equal: - path: data.elasticsearch-password - value: "" - - equal: - path: data.kibana-password - value: "" - it: Should set correct credentials with local audit and external elastisearch values: *testvalues @@ -206,26 +195,23 @@ tests: search: username: elastic password: changeme - template: secret-search.yaml asserts: - equal: path: data.SEARCH_USERNAME value: ZWxhc3RpYw== + template: secret-search.yaml - equal: path: data.SEARCH_PASSWORD value: Y2hhbmdlbWU= + template: secret-search.yaml - equal: path: data.AUDIT_ELASTICSEARCH_USERNAME value: "" + template: secret-audit-elasticsearch.yaml - equal: path: data.AUDIT_ELASTICSEARCH_PASSWORD value: "" - - equal: - path: data.elasticsearch-password - value: "" - - equal: - path: data.kibana-password - value: "" + template: secret-audit-elasticsearch.yaml - it: Should set correct credentials with external audit and external elastisearch as the same cluster values: *testvalues @@ -237,17 +223,20 @@ tests: auditIndex: username: elastic password: changeme - template: secret-search.yaml asserts: - equal: path: data.SEARCH_USERNAME value: ZWxhc3RpYw== + template: secret-search.yaml - equal: path: data.SEARCH_PASSWORD value: Y2hhbmdlbWU= + template: secret-search.yaml - equal: path: data.AUDIT_ELASTICSEARCH_USERNAME value: ZWxhc3RpYw== + template: secret-audit-elasticsearch.yaml - equal: path: data.AUDIT_ELASTICSEARCH_PASSWORD value: Y2hhbmdlbWU= + template: secret-audit-elasticsearch.yaml diff --git a/helm/alfresco-content-services/values.yaml b/helm/alfresco-content-services/values.yaml index 4fe03f3fd..d0d3945ca 100644 --- a/helm/alfresco-content-services/values.yaml +++ b/helm/alfresco-content-services/values.yaml @@ -69,6 +69,10 @@ global: username: null # -- set password for authentication against the external elasticsearch service for audit indexing password: null + # -- Name of the secret managed by this chart + secretName: &aas_elasticsearch_secretName alfresco-aas-elasticsearch-secret + # -- Name of an existing secret that contains AUDIT_ELASTICSEARCH_USERNAME and AUDIT_ELASTICSEARCH_PASSWORD keys. + existingSecretName: null elasticsearch: service: name: elasticsearch @@ -558,19 +562,12 @@ elasticsearch: replicaCount: 0 ingest: replicaCount: 0 - security: - elasticSecret: *acs_search_secretName kibana: configuration: server: basePath: "/kibana" publicBaseUrl: "http://localhost/kibana" rewriteBasePath: true - elasticsearch: - security: - auth: - elasticsearchPasswordSecret: *acs_search_secretName - existingSecret: *acs_search_secretName ingress: enabled: true ingressClassName: nginx @@ -598,7 +595,7 @@ alfresco-audit-storage: keys: url: AUDIT_ELASTICSEARCH_URL existingSecret: - name: *acs_search_secretName + name: *aas_elasticsearch_secretName keys: username: AUDIT_ELASTICSEARCH_USERNAME password: AUDIT_ELASTICSEARCH_PASSWORD