From 0fa016b06ffb6e1f3a3b343942415703a38156f3 Mon Sep 17 00:00:00 2001 From: Saurabh Lohe <105858985+slohe1@users.noreply.github.com> Date: Thu, 4 Jan 2024 14:19:14 +0530 Subject: [PATCH] OPSEXP-2296 Review and align chart alfresco-connector-msteams with newer principals (#159) --- charts/alfresco-connector-msteams/Chart.lock | 6 +- charts/alfresco-connector-msteams/Chart.yaml | 4 +- charts/alfresco-connector-msteams/README.md | 17 ++- .../ci/default-values.yaml | 4 + .../templates/_helpers-env.tpl | 28 +++++ .../templates/_helpers.tpl | 27 +++++ .../templates/config-connector-msteams.yaml | 4 +- .../templates/configmap-repository.yaml | 11 ++ .../deployment-connector-msteams.yaml | 16 ++- .../templates/secret-msteams.yaml | 12 ++ .../templates/serviceaccount.yaml | 12 ++ .../tests/configmap-repository_test.yaml | 28 +++++ .../deployment-connector-msteams_test.yaml | 107 +++++++++++++++--- .../tests/secrets_test.yaml | 41 +++++++ .../tests/values/test_values.yaml | 6 + charts/alfresco-connector-msteams/values.yaml | 28 ++++- 16 files changed, 314 insertions(+), 37 deletions(-) create mode 100644 charts/alfresco-connector-msteams/templates/_helpers-env.tpl create mode 100644 charts/alfresco-connector-msteams/templates/configmap-repository.yaml create mode 100644 charts/alfresco-connector-msteams/templates/secret-msteams.yaml create mode 100644 charts/alfresco-connector-msteams/templates/serviceaccount.yaml create mode 100644 charts/alfresco-connector-msteams/tests/configmap-repository_test.yaml create mode 100644 charts/alfresco-connector-msteams/tests/secrets_test.yaml diff --git a/charts/alfresco-connector-msteams/Chart.lock b/charts/alfresco-connector-msteams/Chart.lock index cd8dce6a..6d817f50 100644 --- a/charts/alfresco-connector-msteams/Chart.lock +++ b/charts/alfresco-connector-msteams/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: alfresco-common repository: https://alfresco.github.io/alfresco-helm-charts/ - version: 2.1.0 -digest: sha256:fa11b87976e8340dfe349a0bc7d672c197decf3303de5bbe102c19f6216690fa -generated: "2023-08-18T17:01:51.618921+02:00" + version: 3.0.0 +digest: sha256:d06b86767c5716a7ac02252c31125a77277bb91d6bdbb9fa1fef295c84642c32 +generated: "2023-12-07T10:54:46.961503+05:30" diff --git a/charts/alfresco-connector-msteams/Chart.yaml b/charts/alfresco-connector-msteams/Chart.yaml index 38bbbec3..a284336d 100644 --- a/charts/alfresco-connector-msteams/Chart.yaml +++ b/charts/alfresco-connector-msteams/Chart.yaml @@ -2,9 +2,9 @@ apiVersion: v2 name: alfresco-connector-msteams description: A Helm chart for deploying Alfresco connector msteams service type: application -version: 0.2.0 +version: 0.3.0-alpha.0 appVersion: "2.0.0" dependencies: - name: alfresco-common - version: 2.1.0 + version: 3.0.0 repository: https://alfresco.github.io/alfresco-helm-charts/ diff --git a/charts/alfresco-connector-msteams/README.md b/charts/alfresco-connector-msteams/README.md index 5219c2b8..574a6ccf 100644 --- a/charts/alfresco-connector-msteams/README.md +++ b/charts/alfresco-connector-msteams/README.md @@ -1,6 +1,6 @@ # alfresco-connector-msteams -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) +![Version: 0.3.0-alpha.0](https://img.shields.io/badge/Version-0.3.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) A Helm chart for deploying Alfresco connector msteams service @@ -8,7 +8,7 @@ A Helm chart for deploying Alfresco connector msteams service | Repository | Name | Version | |------------|------|---------| -| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 | +| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.0.0 | ## Values @@ -28,9 +28,12 @@ A Helm chart for deploying Alfresco connector msteams service | livenessProbe.initialDelaySeconds | int | `10` | | | livenessProbe.periodSeconds | int | `20` | | | livenessProbe.timeoutSeconds | int | `10` | | -| microsoft.app.id | string | `"change_me_app_id"` | | +| microsoft.app.existingSecret.keys.id | string | `"MICROSOFT_APP_ID"` | | +| microsoft.app.existingSecret.keys.password | string | `"MICROSOFT_APP_PASSWORD"` | | +| microsoft.app.existingSecret.name | string | `nil` | | +| microsoft.app.id | string | `nil` | | | microsoft.app.oauth.connectionName | string | `"alfresco"` | | -| microsoft.app.password | string | `"change_me_app_pwd"` | | +| microsoft.app.password | string | `nil` | | | nodeSelector | object | `{}` | | | podSecurityContext.runAsNonRoot | bool | `true` | | | podSecurityContext.runAsUser | int | `33041` | | @@ -38,6 +41,9 @@ A Helm chart for deploying Alfresco connector msteams service | readinessProbe.periodSeconds | int | `60` | | | readinessProbe.timeoutSeconds | int | `10` | | | replicaCount | int | `2` | | +| repository.existingConfigMap.keys.url | string | `"ALFRESCO_BASE_URL"` | Key within the configmap holding the full url to connect to the alfresco repository | +| repository.existingConfigMap.name | string | `nil` | Alternatively, provide repository connection details via an existing configmap | +| repository.url | string | `nil` | URL of the Alfresco repository | | resources.limits.cpu | string | `"1"` | | | resources.limits.memory | string | `"1000Mi"` | | | resources.requests.cpu | string | `"0.5"` | | @@ -45,6 +51,9 @@ A Helm chart for deploying Alfresco connector msteams service | service.externalPort | int | `80` | | | service.name | string | `"ms-teams-service"` | | | service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `"msteams-sa"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | strategy.rollingUpdate.maxSurge | int | `1` | | | strategy.rollingUpdate.maxUnavailable | int | `0` | | | teams.chat.filenameEnabled | bool | `true` | | diff --git a/charts/alfresco-connector-msteams/ci/default-values.yaml b/charts/alfresco-connector-msteams/ci/default-values.yaml index 7638b9b9..b8b988cc 100644 --- a/charts/alfresco-connector-msteams/ci/default-values.yaml +++ b/charts/alfresco-connector-msteams/ci/default-values.yaml @@ -6,3 +6,7 @@ resources: limits: cpu: "1" memory: "500Mi" +microsoft: + app: + id: change_me_app_id + password: change_me_app_pwd diff --git a/charts/alfresco-connector-msteams/templates/_helpers-env.tpl b/charts/alfresco-connector-msteams/templates/_helpers-env.tpl new file mode 100644 index 00000000..3db65a10 --- /dev/null +++ b/charts/alfresco-connector-msteams/templates/_helpers-env.tpl @@ -0,0 +1,28 @@ +{{/* +Set environment variables necessary for secret +*/}} +{{- define "alfresco-connector-msteams.secret-msteams.env" -}} +{{- $msSecret := coalesce .Values.microsoft.app.existingSecret.name (include "alfresco-connector-msteams.secret.name" .) -}} +- name: MICROSOFT_APP_ID + valueFrom: + secretKeyRef: + name: {{ $msSecret }} + key: {{ .Values.microsoft.app.existingSecret.keys.id }} +- name: MICROSOFT_APP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ $msSecret }} + key: {{ .Values.microsoft.app.existingSecret.keys.password }} +{{- end -}} + +{{/* +Set environment variables necessary for configmap +*/}} +{{- define "alfresco-connector-msteams.repo-msteams.env" -}} +{{- $msteamsCm := coalesce .Values.repository.existingConfigMap.name (include "alfresco-connector-msteams.repo-configmap.name" .) -}} +- name: ALFRESCO_BASE_URL + valueFrom: + configMapKeyRef: + name: {{ $msteamsCm }} + key: {{ .Values.repository.existingConfigMap.keys.url }} +{{- end -}} diff --git a/charts/alfresco-connector-msteams/templates/_helpers.tpl b/charts/alfresco-connector-msteams/templates/_helpers.tpl index e89b3453..0f2b12db 100644 --- a/charts/alfresco-connector-msteams/templates/_helpers.tpl +++ b/charts/alfresco-connector-msteams/templates/_helpers.tpl @@ -49,3 +49,30 @@ Selector labels app.kubernetes.io/name: {{ include "alfresco-connector-msteams.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "alfresco-connector-msteams.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "alfresco-connector-msteams.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the name of the secret to use +*/}} +{{- define "alfresco-connector-msteams.secret.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "msteams-se") "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-connector-msteams.fullname" $scope }} +{{- end }} + +{{/* +Create the name of the configmap to use +*/}} +{{- define "alfresco-connector-msteams.repo-configmap.name" -}} +{{- $scope := (dict "Values" (dict "nameOverride" "repo-teams") "Chart" .Chart "Release" .Release) }} +{{- include "alfresco-connector-msteams.fullname" $scope }} +{{- end }} diff --git a/charts/alfresco-connector-msteams/templates/config-connector-msteams.yaml b/charts/alfresco-connector-msteams/templates/config-connector-msteams.yaml index d9d95cc9..1d17e842 100644 --- a/charts/alfresco-connector-msteams/templates/config-connector-msteams.yaml +++ b/charts/alfresco-connector-msteams/templates/config-connector-msteams.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: @@ -10,10 +11,7 @@ data: {{ $key }}: {{ $val | quote }} {{- end }} {{- end }} - ALFRESCO_BASE_URL: "{{ .Values.alfresco.baseUrl }}" ALFRESCO_DIGITAL_WORKSPACE_CONTEXT_PATH: "{{ .Values.alfresco.digitalWorkspace.contextPath }}" - MICROSOFT_APP_ID: "{{ .Values.microsoft.app.id }}" - MICROSOFT_APP_PASSWORD: "{{ .Values.microsoft.app.password }}" MICROSOFT_APP_OAUTH_CONNECTION_NAME: "{{ .Values.microsoft.app.oauth.connectionName }}" TEAMS_CHAT_FILENAME_ENABLED: "{{ .Values.teams.chat.filenameEnabled }}" TEAMS_CHAT_METADATA_ENABLED: "{{ .Values.teams.chat.metadataEnabled }}" diff --git a/charts/alfresco-connector-msteams/templates/configmap-repository.yaml b/charts/alfresco-connector-msteams/templates/configmap-repository.yaml new file mode 100644 index 00000000..20e5ad38 --- /dev/null +++ b/charts/alfresco-connector-msteams/templates/configmap-repository.yaml @@ -0,0 +1,11 @@ +{{- if not .Values.repository.existingConfigMap.name -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "alfresco-connector-msteams.repo-configmap.name" . }} + labels: + {{- include "alfresco-connector-msteams.labels" . | nindent 4 }} +data: + {{- $reqmsg := "You must provide valid base URL" }} + ALFRESCO_BASE_URL: {{ required $reqmsg .Values.alfresco.baseUrl | quote }} +{{- end }} diff --git a/charts/alfresco-connector-msteams/templates/deployment-connector-msteams.yaml b/charts/alfresco-connector-msteams/templates/deployment-connector-msteams.yaml index 555c0e5c..90292742 100644 --- a/charts/alfresco-connector-msteams/templates/deployment-connector-msteams.yaml +++ b/charts/alfresco-connector-msteams/templates/deployment-connector-msteams.yaml @@ -21,11 +21,12 @@ spec: labels: {{- include "alfresco-connector-msteams.selectorLabels" . | nindent 8 }} spec: - {{- include "component-pod-security-context" .Values | indent 4 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} - {{- end }} - {{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }} + serviceAccountName: {{ include "alfresco-connector-msteams.serviceAccountName" . }} + {{- include "alfresco-common.component-pod-security-context" .Values | indent 4 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- include "alfresco-common.imagePullSecrets" . | indent 6 }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -59,10 +60,13 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- include "component-security-context" .Values.msTeams | indent 8 }} + {{- include "alfresco-common.component-security-context" .Values | indent 8 }} envFrom: - configMapRef: name: {{ template "alfresco-connector-msteams.fullname" . }} + env: + {{- include "alfresco-connector-msteams.repo-msteams.env" $ | nindent 12 }} + {{- include "alfresco-connector-msteams.secret-msteams.env" $ | nindent 12 }} ports: - containerPort: {{ .Values.image.internalPort }} resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/alfresco-connector-msteams/templates/secret-msteams.yaml b/charts/alfresco-connector-msteams/templates/secret-msteams.yaml new file mode 100644 index 00000000..18cd6213 --- /dev/null +++ b/charts/alfresco-connector-msteams/templates/secret-msteams.yaml @@ -0,0 +1,12 @@ +{{- if not .Values.microsoft.app.existingSecret.name }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "alfresco-connector-msteams.secret.name" . }} + labels: + {{- include "alfresco-connector-msteams.labels" . | nindent 4 }} +type: Opaque +data: + MICROSOFT_APP_ID: {{ .Values.microsoft.app.id | b64enc | quote }} + MICROSOFT_APP_PASSWORD: {{ .Values.microsoft.app.password | b64enc | quote }} +{{- end }} diff --git a/charts/alfresco-connector-msteams/templates/serviceaccount.yaml b/charts/alfresco-connector-msteams/templates/serviceaccount.yaml new file mode 100644 index 00000000..fa379fc1 --- /dev/null +++ b/charts/alfresco-connector-msteams/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "alfresco-connector-msteams.serviceAccountName" . }} + labels: + {{- include "alfresco-connector-msteams.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/alfresco-connector-msteams/tests/configmap-repository_test.yaml b/charts/alfresco-connector-msteams/tests/configmap-repository_test.yaml new file mode 100644 index 00000000..e8bdfa2d --- /dev/null +++ b/charts/alfresco-connector-msteams/tests/configmap-repository_test.yaml @@ -0,0 +1,28 @@ +suite: test msteams-connector configmap +templates: +- configmap-repository.yaml +tests: +- it: should test the random baseurl + set: + alfresco: + baseUrl: htts://test-url:8800 + asserts: + - equal: + path: data.ALFRESCO_BASE_URL + value: htts://test-url:8800 +- it: should render default configmaps based on values + values: &testvalues + - values/test_values.yaml + asserts: + - equal: + path: data.ALFRESCO_BASE_URL + value: change_me_alf_base_url +- it: should not render components configmaps + values: *testvalues + set: + repository: + existingConfigMap: + name: repotest + asserts: + - hasDocuments: + count: 0 diff --git a/charts/alfresco-connector-msteams/tests/deployment-connector-msteams_test.yaml b/charts/alfresco-connector-msteams/tests/deployment-connector-msteams_test.yaml index 8e26fc40..b78bac7a 100644 --- a/charts/alfresco-connector-msteams/tests/deployment-connector-msteams_test.yaml +++ b/charts/alfresco-connector-msteams/tests/deployment-connector-msteams_test.yaml @@ -3,25 +3,98 @@ templates: - deployment-connector-msteams.yaml - config-connector-msteams.yaml tests: -- it: should have basic metadata in place +- it: should have basic deployment properties by default values: &testvalues - values/test_values.yaml + template: deployment-connector-msteams.yaml asserts: - - equal: - path: metadata.name - value: RELEASE-NAME-alfresco-connector-msteams - template: deployment-connector-msteams.yaml - -- it: should render cpu and memory limits + - contains: + path: spec.template.spec.containers[0].env + content: + name: ALFRESCO_BASE_URL + valueFrom: + configMapKeyRef: + name: RELEASE-NAME-repo-teams + key: ALFRESCO_BASE_URL + - contains: + path: spec.template.spec.containers[0].env + content: + name: MICROSOFT_APP_ID + valueFrom: + secretKeyRef: + name: RELEASE-NAME-msteams-se + key: MICROSOFT_APP_ID + - contains: + path: spec.template.spec.containers[0].env + content: + name: MICROSOFT_APP_PASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-msteams-se + key: MICROSOFT_APP_PASSWORD + - isSubset: + path: metadata.labels + content: + app.kubernetes.io/name: alfresco-connector-msteams + - equal: + path: spec.template.spec.serviceAccountName + value: msteams-sa + - equal: + path: metadata.name + value: RELEASE-NAME-alfresco-connector-msteams + - equal: + path: spec.template.spec.containers[0].resources + value: + requests: + cpu: "0.5" + memory: "1000Mi" + limits: + cpu: "1" + memory: "1000Mi" +- it: should render deployment with existing secrets and configmaps values: *testvalues + set: + serviceAccount: + create: false + name: null + repository: + existingConfigMap: + name: baseurl + keys: + url: BASE_URL + microsoft: + app: + existingSecret: + name: msteamscreds + keys: + id: ABC + password: XYZ + template: deployment-connector-msteams.yaml asserts: - - equal: - path: spec.template.spec.containers[0].resources - value: - requests: - cpu: "0.5" - memory: "1000Mi" - limits: - cpu: "1" - memory: "1000Mi" - template: deployment-connector-msteams.yaml + - equal: + path: spec.template.spec.serviceAccountName + value: default + - contains: + path: spec.template.spec.containers[0].env + content: + name: ALFRESCO_BASE_URL + valueFrom: + configMapKeyRef: + name: baseurl + key: BASE_URL + - contains: + path: spec.template.spec.containers[0].env + content: + name: MICROSOFT_APP_ID + valueFrom: + secretKeyRef: + name: msteamscreds + key: ABC + - contains: + path: spec.template.spec.containers[0].env + content: + name: MICROSOFT_APP_PASSWORD + valueFrom: + secretKeyRef: + name: msteamscreds + key: XYZ diff --git a/charts/alfresco-connector-msteams/tests/secrets_test.yaml b/charts/alfresco-connector-msteams/tests/secrets_test.yaml new file mode 100644 index 00000000..0ed8aa5d --- /dev/null +++ b/charts/alfresco-connector-msteams/tests/secrets_test.yaml @@ -0,0 +1,41 @@ +suite: test msteams secrets +templates: +- secret-msteams.yaml +tests: +- it: should have an empty secret rendered by default + values: &testvalues + - values/test_values.yaml + template: secret-msteams.yaml + asserts: + - equal: + path: data.MICROSOFT_APP_ID + value: Y2hhbmdlX21lX2FwcF9pZA== + - equal: + path: data.MICROSOFT_APP_PASSWORD + value: Y2hhbmdlX21lX2FwcF9wd2Q= +- it: should render secret based on values + values: *testvalues + template: secret-msteams.yaml + set: + microsoft: + app: + id: ABCXYZ + password: XYZABC + asserts: + - equal: + path: data.MICROSOFT_APP_ID + value: QUJDWFla + - equal: + path: data.MICROSOFT_APP_PASSWORD + value: WFlaQUJD +- it: should not render secrets + values: *testvalues + set: + microsoft: + app: + existingSecret: + name: msteams-secret + asserts: + - hasDocuments: + count: 0 + template: secret-msteams.yaml diff --git a/charts/alfresco-connector-msteams/tests/values/test_values.yaml b/charts/alfresco-connector-msteams/tests/values/test_values.yaml index 6968a5a1..9d647f8c 100644 --- a/charts/alfresco-connector-msteams/tests/values/test_values.yaml +++ b/charts/alfresco-connector-msteams/tests/values/test_values.yaml @@ -3,3 +3,9 @@ global: tracking: sharedsecret: dummy alfrescoRegistryPullSecrets: secretsecret +microsoft: + app: + id: change_me_app_id + password: change_me_app_pwd +repository: + url: https://msteams-connectors-service diff --git a/charts/alfresco-connector-msteams/values.yaml b/charts/alfresco-connector-msteams/values.yaml index 003d7b57..4b26dd50 100644 --- a/charts/alfresco-connector-msteams/values.yaml +++ b/charts/alfresco-connector-msteams/values.yaml @@ -44,12 +44,36 @@ alfresco: contextPath: /workspace/ microsoft: app: - id: change_me_app_id - password: change_me_app_pwd + id: null + password: null oauth: connectionName: alfresco + existingSecret: + name: null + keys: + id: MICROSOFT_APP_ID + password: MICROSOFT_APP_PASSWORD teams: chat: filenameEnabled: true metadataEnabled: true imageEnabled: true +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: msteams-sa +repository: + # -- URL of the Alfresco repository + url: null + existingConfigMap: + # -- Alternatively, provide repository connection details via an existing + # configmap + name: null + keys: + # -- Key within the configmap holding the full url to connect to the + # alfresco repository + url: ALFRESCO_BASE_URL