OPSEXP-1862: add support for license (#88)

Alfresco · Aug 3, 2023 · b1055da · b1055da
1 parent 5635807
commit b1055da
Show file tree

Hide file tree

Showing 5 changed files with 79 additions and 6 deletions.
diff --git a/charts/alfresco-repository/Chart.yaml b/charts/alfresco-repository/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: alfresco-repository
 description: Alfresco content repository Helm chart
 type: application
-version: 0.1.0-alpha.1
+version: 0.1.0-alpha.2
 appVersion: 23.1.0-A21
 dependencies:
   - name: alfresco-common

diff --git a/charts/alfresco-repository/README.md b/charts/alfresco-repository/README.md
@@ -1,6 +1,6 @@
 # alfresco-repository
 
-![Version: 0.1.0-alpha.1](https://img.shields.io/badge/Version-0.1.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.1.0-A21](https://img.shields.io/badge/AppVersion-23.1.0--A21-informational?style=flat-square)
+![Version: 0.1.0-alpha.2](https://img.shields.io/badge/Version-0.1.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.1.0-A21](https://img.shields.io/badge/AppVersion-23.1.0--A21-informational?style=flat-square)
 
 Alfresco content repository Helm chart
 
@@ -19,7 +19,7 @@ Alfresco content repository Helm chart
 | args | list | `[]` |  |
 | command | list | `[]` |  |
 | configuration.repository.existingConfigMap | string | `nil` | a configmap containing the "alfresco-global.properties" key populated with actual Alfresco repository properties |
-| configuration.repository.existingSecret | string | `nil` | Name of a pre-existing secret TODO: secret documentation |
+| configuration.repository.existingSecrets | list | `[{"key":"license.lic","name":"repository-secrets","purpose":"acs-license"}]` | A list of secrets to make available to the repo as env vars. It's also used to pass the Alfresco license which will be mounted as a file when the secret as the `purpose` value set to `acs-license`. Other secrets will be used as env variables. |
 | db.driver | string | `nil` | JDBC driver class of the driver if none is provided the it is guessed from the URL provided |
 | db.existingSecret | object | `{"keys":{"password":"DATABASE_PASSWORD","username":"DATABASE_USERNAME"},"name":null}` | Existing secret and their keys where to find the database username & password. |
 | db.existingSecret.keys.password | string | `"DATABASE_PASSWORD"` | Key within the secret holding the database password |

diff --git a/charts/alfresco-repository/templates/deployment.yaml b/charts/alfresco-repository/templates/deployment.yaml
@@ -65,6 +65,13 @@ spec:
                 secretKeyRef:
                   name: {{ $dbsecret }}
                   key: {{ .Values.db.existingSecret.keys.password }}
+          {{- range .Values.configuration.repository.existingSecrets }}
+           {{- if not (eq "acs-license" .purpose) }}
+             {{- $repoSecretsKeyRef := dict "name" .name "key" .key }}
+             {{- $repoSecretsEnv:= dict "name" .key "valueFrom" (dict "secretKeyRef" $repoSecretsKeyRef) }}
+             {{- list $repoSecretsEnv | toYaml | nindent 12 }}
+           {{- end }}
+          {{- end }}
           {{- if .Values.command }}
           command:
             {{- toYaml .Values.command | nindent 12 }}
@@ -93,6 +100,13 @@ spec:
               subPath: alfresco-global.properties
               readOnly: true
             {{- end }}
+            {{- range .Values.configuration.repository.existingSecrets }}
+             {{- if eq "acs-license" .purpose }}
+            - name: acs-license
+              mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license
+              readOnly: true
+              {{- end }}
+            {{- end }}
             {{- if .Values.extraVolumeMounts }}
             {{- tpl (.Values.extraVolumeMounts | toYaml) . | nindent 12 }}
             {{- end }}
@@ -107,6 +121,13 @@ spec:
               - key: alfresco-global.properties
                 path: alfresco-global.properties
         {{- end }}
+        {{- range .Values.configuration.repository.existingSecrets }}
+         {{- if eq "acs-license" .purpose }}
+           {{- $licitems := list (dict "key" .key "path" "license.lic") }}
+           {{- $licvol := dict "name" "acs-license" "secret" (dict "secretName" .name "defaultMode" 0400 "optional" true "items" $licitems ) }}
+           {{- list $licvol | toYaml | nindent 8 }}
+         {{- end }}
+        {{- end }}
         {{- if .Values.extraVolumes }}
         {{- tpl (.Values.extraVolumes | toYaml) . | nindent 8 }}
         {{- end }}

diff --git a/charts/alfresco-repository/tests/deployment_test.yaml b/charts/alfresco-repository/tests/deployment_test.yaml
@@ -119,3 +119,50 @@ tests:
               volumeID: "whatever"
               fsType: ext4
         template: deployment.yaml
+
+  - it: should have default license volume
+    asserts:
+      - contains:
+          path: spec.template.spec.volumes
+          content: &acsLicenseVol
+            name: acs-license
+            secret:
+              defaultMode: 0400
+              items:
+              - key: license.lic
+                path: license.lic
+              optional: true
+              secretName: repository-secrets
+        template: deployment.yaml
+      - contains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content: &acsLicenseMount
+            name: acs-license
+            mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license
+            readOnly: true
+        template: deployment.yaml
+  - it: should not have any license volume but vars instead
+    set:
+      configuration:
+        repository:
+          existingSecrets:
+            - name: mysecret
+              key: MYSECRETVAR
+    asserts:
+      - notContains:
+          path: spec.template.spec.volumes
+          content: *acsLicenseVol
+        template: deployment.yaml
+      - notContains:
+          path: spec.template.spec.containers[0].volumeMounts
+          content: *acsLicenseMount
+        template: deployment.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: MYSECRETVAR
+            valueFrom:
+              secretKeyRef:
+                key: MYSECRETVAR
+                name: mysecret
+        template: deployment.yaml
diff --git a/charts/alfresco-repository/values.yaml b/charts/alfresco-repository/values.yaml
@@ -43,9 +43,14 @@ configuration:
     # -- a configmap containing the "alfresco-global.properties" key populated
     # with actual Alfresco repository properties
     existingConfigMap: null
-    # -- Name of a pre-existing secret
-    # TODO: secret documentation
-    existingSecret: null
+    # -- A list of secrets to make available to the repo as env vars. It's also
+    # used to pass the Alfresco license which will be mounted as a file when
+    # the secret as the `purpose` value set to `acs-license`. Other secrets
+    # will be used as env variables.
+    existingSecrets:
+      - name: repository-secrets
+        key: license.lic
+        purpose: acs-license
 
 environment:
   # -- Alfresco java system properties. These properties must be provided as a