Skip to content

Commit

Permalink
current status
Browse files Browse the repository at this point in the history
  • Loading branch information
pmacius committed Dec 19, 2024
1 parent e7cad9c commit b789af7
Show file tree
Hide file tree
Showing 6 changed files with 59 additions and 76 deletions.
14 changes: 6 additions & 8 deletions helm/alfresco-content-services/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,10 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| alfresco-audit-storage.enabled | bool | `true` | |
| alfresco-audit-storage.image.repository | string | `"quay.io/alfresco/alfresco-audit-storage"` | |
| alfresco-audit-storage.image.tag | string | `"1.0.0"` | |
| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"AUDIT_SEARCH_URL"` | |
| alfresco-audit-storage.index.existingConfigMap.keys.url | string | `"AUDIT_ELASTICSEARCH_URL"` | |
| alfresco-audit-storage.index.existingConfigMap.name | string | `"alfresco-infrastructure"` | |
| alfresco-audit-storage.index.existingSecret.keys.password | string | `"AUDIT_SEARCH_PASSWORD"` | |
| alfresco-audit-storage.index.existingSecret.keys.username | string | `"AUDIT_SEARCH_USERNAME"` | |
| alfresco-audit-storage.index.existingSecret.keys.password | string | `"AUDIT_ELASTICSEARCH_PASSWORD"` | |
| alfresco-audit-storage.index.existingSecret.keys.username | string | `"AUDIT_ELASTICSEARCH_USERNAME"` | |
| alfresco-audit-storage.index.existingSecret.name | string | `"alfresco-search-secret"` | |
| alfresco-audit-storage.messageBroker.existingConfigMap.name | string | `"alfresco-infrastructure"` | Name of the configmap which holds the message broker URL |
| alfresco-audit-storage.messageBroker.existingSecret.name | string | `"acs-alfresco-cs-brokersecret"` | Name of the configmap which holds the message broker credentials |
Expand Down Expand Up @@ -257,6 +257,9 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| elasticsearch.master.replicaCount | int | `1` | |
| elasticsearch.security.elasticSecret | string | `"alfresco-search-secret"` | |
| global.alfrescoRegistryPullSecrets | string | `nil` | If a private image registry a secret can be defined and passed to kubernetes, see: https://github.com/Alfresco/acs-deployment/blob/a924ad6670911f64f1bba680682d266dd4ea27fb/docs/helm/eks-deployment.md#docker-registry-secret |
| global.auditIndex.password | string | `nil` | set password for authentication against the external elasticsearch service for audit indexing |
| global.auditIndex.url | string | `nil` | set this URL if you have an external search service for audit indexing |
| global.auditIndex.username | string | `nil` | set usernname for authentication against the external elasticsearch service for audit indexing |
| global.elasticsearch.service.name | string | `"elasticsearch"` | |
| global.elasticsearch.service.ports.restAPI | int | `9200` | |
| global.kibanaEnabled | bool | `true` | |
Expand All @@ -265,11 +268,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
| global.mail.host | string | `nil` | SMTP server to use for the system to send outgoing email |
| global.mail.port | int | `587` | SMTP server port |
| global.mail.protocol | string | `"smtp"` | SMTP protocol to use. Either smtp or smtps |
| global.search.auditIndex.external.enabled | bool | `false` | set this to true if you want to use external search service for audit indexing |
| global.search.auditIndex.external.password | string | `nil` | password for authentication against the external search service for audit indexing (set to global.search.password if not provided) |
| global.search.auditIndex.external.url | string | `nil` | url to external search service for audit indexing (set to global.search.url if not provided) |
| global.search.auditIndex.external.username | string | `nil` | usernamame for authentication against the external search service for audit indexing (set to global.search.username if not provided) |
| global.search.auditIndex.internal | object | `{"password":null,"username":null}` | set this to enable credentials for internal elastisearch cluster for audit indexing |
| global.search.existingSecretName | string | `nil` | Name of an existing secret that contains SOLR_SECRET key when flavour is solr6 or SEARCH_USERNAME and SEARCH_PASSWORD keys. |
| global.search.flavor | string | `nil` | set the type of search service used externally (solr6 or elasticsearch) |
| global.search.password | string | `nil` | Set password for authentication against the external elasticsearch service |
Expand Down
37 changes: 18 additions & 19 deletions helm/alfresco-content-services/templates/config-infrastructure.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,25 +21,10 @@ data:
{{- end }}
{{ template "alfresco-common.activemq.cm" (include "alfresco-content-services.mq.url" .) }}
{{- $search_url := "" }}
{{- $audit_search_url := "" }}
{{- $search_flavor := include "alfresco-content-services.search.flavor" . }}
{{- if ne "noindex" $search_flavor }}
{{- if .Values.global.search.url }}
{{- $search_url = .Values.global.search.url }}
{{- if .Values.global.search.auditIndex.external.enabled }}
{{- $audit_search_url = coalesce .Values.global.search.auditIndex.external.url .Values.global.search.url }}
{{- else }}
{{- $esAuditHost := printf "%s-%s" (.Release.Name | default "acs") (.Values.global.elasticsearch.service.name | default "elasticsearch") }}
{{- $esAuditPort := .Values.global.elasticsearch.service.ports.restApi | default 9200 }}
{{- with .Values.elasticsearch }}
{{- if .enabled }}
{{- $esAuditProto := .protocol | default "http" }}
{{- $audit_search_url = printf "%s://%s:%v" $esAuditProto $esAuditHost $esAuditPort }}
{{- else }}
{{- fail "Chart is configured to use local elasticsearch cluster for audit indexing but elasticsearch is disabled. Set elasticsearch.enabled to true or use external elasticsearch cluster for audit indexing" }}
{{- end }}
{{- end }}
{{- end }}
{{- else if eq "solr6" $search_flavor }}
{{- $search_url = printf "http://%s/solr" (include "alfresco-search-service.deployment.name" .) }}
{{- else if eq "elasticsearch" $search_flavor }}
Expand All @@ -49,7 +34,6 @@ data:
{{- if .enabled }}
{{- $esProto := .protocol | default "http" }}
{{- $search_url = coalesce $.Values.global.search.url (printf "%s://%s:%v" $esProto $esHost $esPort) }}
{{- $audit_search_url = coalesce $.Values.global.search.url (printf "%s://%s:%v" $esProto $esHost $esPort) }}
{{- else }}
{{- fail "Chart is configured to use Alfresco Search Enterprise but no index backend has been provided. Set one using either global.search.url or elasticsearch.enabled" }}
{{- end }}
Expand All @@ -66,9 +50,6 @@ data:
{{- printf "SEARCH_URL: %s" $search_url | nindent 2 }}
{{- printf "SEARCH_HOST: %s" (include "alfresco-common.url.host" $search_url) | nindent 2 }}
{{- printf "SEARCH_PORT: %s" (include "alfresco-common.url.port" $search_url | quote) | nindent 2 }}
{{- printf "AUDIT_SEARCH_URL: %s" $audit_search_url | nindent 2 }}
{{- printf "AUDIT_SEARCH_HOST: %s" (include "alfresco-common.url.host" $audit_search_url) | nindent 2 }}
{{- printf "AUDIT_SEARCH_PORT: %s" (include "alfresco-common.url.port" $audit_search_url | quote) | nindent 2 }}
{{- if eq "solr6" $search_flavor }}
{{- printf "SOLR_BASE_URL: %s" (include "alfresco-common.url.path" $search_url | default "/solr") | nindent 2 }}
{{- end }}
Expand All @@ -88,3 +69,21 @@ data:
{{- fail "Alfresco Intelligence service has been enabled but Transformation service is not available" }}
{{- end }}
{{- end }}
{{- $elasticsearch_audit_url := "" }}
{{- if .Values.global.auditIndex.url }}
{{- $elasticsearch_audit_url = .Values.global.auditIndex.url }}
{{- else }}
{{- $auditEsHost := printf "%s-%s" (.Release.Name | default "acs") (.Values.global.elasticsearch.service.name | default "elasticsearch") }}
{{- $auditEsPort := .Values.global.elasticsearch.service.ports.restApi | default 9200 }}
{{- with (index .Values "elasticsearch") }}
{{- if .enabled }}
{{- $auditEsProto := .protocol | default "http" }}
{{- $elasticsearch_audit_url = coalesce $.Values.global.auditIndex.url (printf "%s://%s:%v" $auditEsProto $auditEsHost $auditEsPort) }}
{{- else if index $.Values "alfresco-audit-storage" "enabled" }}
{{- fail "Chart is configured to use Alfresco Audit Storage but no index backend has been provided. Set one using either global.auditIndex.url or elasticsearch.enabled" }}
{{- end }}
{{- end }}
{{- end }}
{{- printf "AUDIT_ELASTICSEARCH_URL: %s" $elasticsearch_audit_url | nindent 2 }}
{{- printf "AUDIT_ELASTICSEARCH_HOST: %s" (include "alfresco-common.url.host" $elasticsearch_audit_url) | nindent 2 }}
{{- printf "AUDIT_ELASTICSEARCH_PORT: %s" (include "alfresco-common.url.port" $elasticsearch_audit_url | quote) | nindent 2 }}
23 changes: 9 additions & 14 deletions helm/alfresco-content-services/templates/secret-search.yaml
Original file line number Diff line number Diff line change
@@ -1,30 +1,25 @@
{{- if not .Values.global.search.existingSecretName }}
{{- $search_flavor := (include "alfresco-content-services.search.flavor" .) }}
{{- if ne "noindex" $search_flavor }}
{{- with .Values.global.search }}
{{- with .Values.global }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .secretName }}
name: {{ .search.secretName }}
labels:
{{- include "alfresco-content-services.labels" $ | nindent 4 }}
type: Opaque
data:
{{- if eq "solr6" $search_flavor }}
SOLR_SECRET: {{ .sharedSecret | default "" | b64enc | quote }}
SOLR_SECRET: {{ .search.sharedSecret | default "" | b64enc | quote }}
{{- else if eq "elasticsearch" $search_flavor }}
SEARCH_USERNAME: {{ .username | default "" | b64enc | quote }}
SEARCH_PASSWORD: {{ .password | default "" | b64enc | quote }}
{{- if .auditIndex.external.enabled }}
AUDIT_SEARCH_USERNAME: {{ coalesce .auditIndex.external.username .username | default "" | b64enc | quote }}
AUDIT_SEARCH_PASSWORD: {{ coalesce .auditIndex.external.password .password | default "" | b64enc | quote }}
{{- else }}
AUDIT_SEARCH_USERNAME: {{ .auditIndex.internal.username | default "" | b64enc | quote }}
AUDIT_SEARCH_PASSWORD: {{ .auditIndex.internal.password | default "" | b64enc | quote }}
elasticsearch-password: {{ .auditIndex.internal.password | default "" | b64enc | quote }}
kibana-password: {{ .auditIndex.internal.password | default "" | b64enc | quote }}
{{- end }}
SEARCH_USERNAME: {{ .search.username | default "" | b64enc | quote }}
SEARCH_PASSWORD: {{ .search.password | default "" | b64enc | quote }}
{{- end }}
AUDIT_ELASTICSEARCH_USERNAME: {{ .auditIndex.username | default "" | b64enc | quote }}
AUDIT_ELASTICSEARCH_PASSWORD: {{ .auditIndex.password | default "" | b64enc | quote }}
elasticsearch-password: {{ .auditIndex.password | default "" | b64enc | quote }}
kibana-password: {{ .auditIndex.password | default "" | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,8 @@ tests:
alfresco-search.enabled: false
alfresco-search-enterprise.enabled: true
elasticsearch.enabled: false
global.search.auditIndex.external.enabled: true
global.search.url: https://mydomain.opensearch.domain.tld
global.search.auditIndex.external.url: https://mydomain.opensearch.audit.domain.tld
global.auditIndex.url: https://mydomain.opensearch.audit.domain.tld
global.search.flavor: elasticsearch
global.search.securecomms: none
# commented to test url has precedence
Expand Down Expand Up @@ -111,7 +110,7 @@ tests:
path: data.SEARCH_URL
value: https://mydomain.opensearch.domain.tld
- equal:
path: data.AUDIT_SEARCH_URL
path: data.AUDIT_ELASTICSEARCH_URL
value: https://mydomain.opensearch.audit.domain.tld
- notExists:
path: data.SOLR_BASE_URL
Expand Down Expand Up @@ -163,26 +162,25 @@ tests:
values: *testvalues
set:
global.search.url: https://my.external.elasticsearch.com
global.search.username: externaluser
asserts:
- equal:
path: data.SEARCH_URL
value: https://my.external.elasticsearch.com
- equal:
path: data.AUDIT_SEARCH_URL
path: data.AUDIT_ELASTICSEARCH_URL
value: http://RELEASE-NAME-elasticsearch:9200

- it: should render same external url when specific audit url is not set
- it: should render correct values when external elasticsearch and external elasticsearch for audit
values: *testvalues
set:
global.search.url: https://my.external.elasticsearch.com
global.search.auditIndex.external.enabled: true
global.auditIndex.url: https://my.external.elasticsearch.com
asserts:
- equal:
path: data.SEARCH_URL
value: https://my.external.elasticsearch.com
- equal:
path: data.AUDIT_SEARCH_URL
path: data.AUDIT_ELASTICSEARCH_URL
value: https://my.external.elasticsearch.com

- it: should render same url for elasticsearch by default
Expand All @@ -192,5 +190,5 @@ tests:
path: data.SEARCH_URL
value: http://RELEASE-NAME-elasticsearch:9200
- equal:
path: data.AUDIT_SEARCH_URL
path: data.AUDIT_ELASTICSEARCH_URL
value: http://RELEASE-NAME-elasticsearch:9200
18 changes: 9 additions & 9 deletions helm/alfresco-content-services/tests/search_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -187,10 +187,10 @@ tests:
path: data.SEARCH_PASSWORD
value: ""
- equal:
path: data.AUDIT_SEARCH_USERNAME
path: data.AUDIT_ELASTICSEARCH_USERNAME
value: ""
- equal:
path: data.AUDIT_SEARCH_PASSWORD
path: data.AUDIT_ELASTICSEARCH_PASSWORD
value: ""
- equal:
path: data.elasticsearch-password
Expand All @@ -215,10 +215,10 @@ tests:
path: data.SEARCH_PASSWORD
value: Y2hhbmdlbWU=
- equal:
path: data.AUDIT_SEARCH_USERNAME
path: data.AUDIT_ELASTICSEARCH_USERNAME
value: ""
- equal:
path: data.AUDIT_SEARCH_PASSWORD
path: data.AUDIT_ELASTICSEARCH_PASSWORD
value: ""
- equal:
path: data.elasticsearch-password
Expand All @@ -234,9 +234,9 @@ tests:
search:
username: elastic
password: changeme
auditIndex:
external:
enabled: true
auditIndex:
username: elastic
password: changeme
template: secret-search.yaml
asserts:
- equal:
Expand All @@ -246,8 +246,8 @@ tests:
path: data.SEARCH_PASSWORD
value: Y2hhbmdlbWU=
- equal:
path: data.AUDIT_SEARCH_USERNAME
path: data.AUDIT_ELASTICSEARCH_USERNAME
value: ZWxhc3RpYw==
- equal:
path: data.AUDIT_SEARCH_PASSWORD
path: data.AUDIT_ELASTICSEARCH_PASSWORD
value: Y2hhbmdlbWU=
27 changes: 10 additions & 17 deletions helm/alfresco-content-services/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,20 +62,13 @@ global:
# -- Name of an existing secret that contains SOLR_SECRET key when flavour
# is solr6 or SEARCH_USERNAME and SEARCH_PASSWORD keys.
existingSecretName: null
auditIndex:
external:
# -- set this to true if you want to use external search service for audit indexing
enabled: false
# -- url to external search service for audit indexing (set to global.search.url if not provided)
url: null
# -- usernamame for authentication against the external search service for audit indexing (set to global.search.username if not provided)
username: null
# -- password for authentication against the external search service for audit indexing (set to global.search.password if not provided)
password: null
# -- set this to enable credentials for internal elastisearch cluster for audit indexing
internal:
username: null
password: null
auditIndex:
# -- set this URL if you have an external search service for audit indexing
url: null
# -- set usernname for authentication against the external elasticsearch service for audit indexing
username: null
# -- set password for authentication against the external elasticsearch service for audit indexing
password: null
elasticsearch:
service:
name: elasticsearch
Expand Down Expand Up @@ -603,12 +596,12 @@ alfresco-audit-storage:
existingConfigMap:
name: *infrastructure_cmName
keys:
url: AUDIT_SEARCH_URL
url: AUDIT_ELASTICSEARCH_URL
existingSecret:
name: *acs_search_secretName
keys:
username: AUDIT_SEARCH_USERNAME
password: AUDIT_SEARCH_PASSWORD
username: AUDIT_ELASTICSEARCH_USERNAME
password: AUDIT_ELASTICSEARCH_PASSWORD
dtas:
# -- Enables the deployment test suite which can run via `helm test` (currently available for Enterprise only)
enabled: false
Expand Down

0 comments on commit b789af7

Please sign in to comment.