OPSEXP-1862: move named tpl in alfresco-common (#91)

charts/alfresco-common/Chart.yaml

@@ -5,7 +5,7 @@ description: |
   A helper subchart to avoid duplication in alfresco charts and set common
   external dependencies
 type: library
-version: 2.1.0-alpha.2
+version: 2.1.0-alpha.3
 dependencies:
   - name: common
     repository: >-

charts/alfresco-common/README.md

@@ -1,6 +1,6 @@
 # alfresco-common
 
-![Version: 2.1.0-alpha.2](https://img.shields.io/badge/Version-2.1.0--alpha.2-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
+![Version: 2.1.0-alpha.3](https://img.shields.io/badge/Version-2.1.0--alpha.3-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
 
 A helper subchart to avoid duplication in alfresco charts and set common
 external dependencies

charts/alfresco-common/templates/_helpers-activemq.tpl

@@ -1,4 +1,10 @@
-{{- define "activemq.env" -}}
+{{/*
+Provide generic ActiveMQ env vars
+
+Usage: include "alfresco-common.activemq.env" ""
+
+*/}}
+{{- define "alfresco-common.activemq.env" -}}
 - name: ACTIVEMQ_URL
   value: $(BROKER_URL)
 - name: ACTIVEMQ_USER
@@ -7,11 +13,25 @@
   value: $(BROKER_PASSWORD)
 {{- end -}}
 
-{{- define "spring.activemq.env" -}}
+{{- define "activemq.env" -}}
+{{- template "alfresco-common.activemq.env" . }}
+{{- end -}}
+
+{{/*
+Provide Spring ActiveMQ env vars
+
+Usage: include "alfresco-common.spring.activemq.env" ""
+
+*/}}
+{{- define "alfresco-common.spring.activemq.env" -}}
 - name: SPRING_ACTIVEMQ_BROKERURL
   value: $(BROKER_URL)
 - name: SPRING_ACTIVEMQ_USER
   value: $(BROKER_USERNAME)
 - name: SPRING_ACTIVEMQ_PASSWORD
   value: $(BROKER_PASSWORD)
 {{- end -}}
+
+{{- define "spring.activemq.env" -}}
+{{- template "alfresco-common.spring.activemq.env" . }}
+{{- end -}}

charts/alfresco-common/templates/_helpers-checksums.tpl

@@ -0,0 +1,19 @@
+{{/*
+Compute Secret checksum whether it's read from values or from secrets
+
+Usage: include "alfresco-common.secret-checksum" (dict "ns" $.Release.Namespace "context" (dict "some-key" (dict "existingSecret" (dict "keys" (dict "username" "" "password" "")))) "configKey" "some-key")
+
+*/}}
+{{- define "alfresco-common.secret-checksum" -}}
+{{- $ns := required "template needs to be given the release namepace" .ns }}
+{{- with (index .context .configKey) }}
+{{- if .existingSecret.name }}
+checksum.config.alfresco.org/{{ $.configKey }}-existing:
+  {{- $defaultLookup := dict "data" dict }}
+  {{- $lookup := lookup "v1" "Secret" $ns (.existingSecret.name) | default $defaultLookup }}
+  {{- pick $lookup.data .existingSecret.keys.username .existingSecret.keys.password | toJson | sha256sum | indent 1}}
+{{- else }}
+checksum.config.alfresco.org/{{ $.configKey }}-values: {{ omit . "existingSecret" | toJson | sha256sum }}
+{{- end }}
+{{- end }}
+{{- end -}}

charts/alfresco-common/templates/_helpers-image-pull-secrets.tpl

@@ -1,6 +1,16 @@
-{{- define "alfresco-content-services.imagePullSecrets" }}
+{{/*
+Read pull secrets from .Values.global
+
+Usage: include "alfresco-common.imagePullSecrets" $
+
+*/}}
+{{- define "alfresco-common.imagePullSecrets" }}
 {{- if .Values.global.alfrescoRegistryPullSecrets }}
 imagePullSecrets:
   - name: {{ .Values.global.alfrescoRegistryPullSecrets }}
 {{- end }}
 {{- end }}
+
+{{- define "alfresco-content-services.imagePullSecrets" }}
+{{- template "alfresco-common.imagePullSecrets" . }}
+{{- end }}

charts/alfresco-common/templates/_helpers-jdbc.tpl

@@ -0,0 +1,126 @@
+{{/*
+Compute a JDBC URL object
+We're just manipulating the string URl to make it parseable by urlParse.
+This template SHOULD NOT be used directly.
+
+Usage: include "alfresco-common.jdbc.parser" "URL"
+
+*/}}
+{{- define "alfresco-common.jdbc.parser" -}}
+{{- $jdbc_url := required "Alfresco repository needs a database to start. Please provide a valid URL in db.url value" . }}
+{{- if hasPrefix "jdbc:" $jdbc_url }}
+{{- fail "database URL MUST be provided WITHOUT the 'jdbc' prefix." }}
+{{- end }}
+{{- if hasPrefix "oracle:thin:@" $jdbc_url }}
+  {{- $ora_url := trimPrefix "oracle:thin:" $jdbc_url }}
+  {{- $ora_url = (mustRegexReplaceAllLiteral "^@(tcps?://)?" $ora_url "oracle://") }}
+  {{- $jdbc_url = $ora_url }}
+{{- end }}
+{{- if hasPrefix "sqlserver://" $jdbc_url }}
+  {{- $jdbc_url = trimPrefix "sqlserver://" $jdbc_url }}
+  {{- $query := $jdbc_url | splitList ";" }}
+  {{- $host := "" }}
+  {{- if and (not (empty (index $query 0))) (not (contains "=" (index $query 0))) }}
+    {{- $host = index $query 0 }}
+    {{- $query = rest $query }}
+  {{- end }}
+  {{- $path := "" }}
+  {{- range $query }}
+    {{- if and (hasPrefix "serverName=" .) (empty $host) }}
+      {{- $host = trimPrefix "serverName=" . }}
+      {{- $_ := mustWithout $query . }}
+    {{- end }}
+    {{- if hasPrefix "databaseName=" . }}
+      {{- $path = trimPrefix "databaseName=" . }}
+      {{- $_ := mustWithout $query . }}
+    {{- end }}
+  {{- end }}
+  {{- $ms_url := printf "sqlserver://%s/%s?%s" $host $path ($query | join "&") }}
+  {{- $jdbc_url = $ms_url }}
+{{- end }}
+{{- $parsed_url := urlParse $jdbc_url }}
+{{- if or (empty $parsed_url.host) (empty $parsed_url.hostname) (empty $parsed_url.scheme) (eq "/" $parsed_url.path) }}
+  {{- fail "The provided JDBC URL cannot be parsed please check or raise a bug." }}
+{{- end }}
+{{- mustToJson (dict "jdbc" $parsed_url) }}
+{{- end -}}
+
+{{/*
+Compute default ports based on URL
+
+Usage: include "alfresco-common.db.default.port" "URL"
+
+*/}}
+{{- define "alfresco-common.db.default.port" -}}
+{{- $pg_rdbms := dict "name" "postgresql" "port" 5432 }}
+{{- $my_rdbms := dict "name" "mysql" "port" 3306 }}
+{{- $maria_rdbms := dict "name" "mariadb" "port" 3306 }}
+{{- $ora_rdbms := dict "name" "oracle" "port" 1521 }}
+{{- $ms_rdbms := dict "name" "sqlserver" "port" 1434 }}
+{{- range $rdbms := list $pg_rdbms $my_rdbms $maria_rdbms $ora_rdbms $ms_rdbms }}
+{{- eq $rdbms.name $ | ternary $rdbms.port "" }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Compute default driver based on URL
+
+Usage: include "alfresco-common.db.default.driver" "URL"
+
+*/}}
+{{- define "alfresco-common.db.default.driver" -}}
+{{- $pg_rdbms := dict "name" "postgresql" "driver" "org.postgresql.Driver" }}
+{{- $my_rdbms := dict "name" "mysql" "driver" "com.mysql.jdbc.Driver" }}
+{{- $maria_rdbms := dict "name" "mariadb" "driver" "org.mariadb.jdbc.Driver" }}
+{{- $ora_rdbms := dict "name" "oracle" "driver" "oracle.jdbc.OracleDriver" }}
+{{- $ms_rdbms := dict "name" "sqlserver" "driver" "com.microsoft.sqlserver.jdbc.SQLServerDriver" }}
+{{- range $rdbms := list $pg_rdbms $my_rdbms $maria_rdbms $ora_rdbms $ms_rdbms }}
+{{- eq $rdbms.name $ | ternary $rdbms.driver "" }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Provide repository database engine from URL
+
+Usage: include "alfresco-common.db.rdbms" "URL"
+
+*/}}
+{{- define "alfresco-common.db.rdbms" -}}
+{{- index (include "alfresco-common.jdbc.parser" . | fromJson) "jdbc" "scheme" }}
+{{- end -}}
+
+{{/*
+Provide repository database hostname
+
+Usage: include "alfresco-common.db.hostname" "URL"
+
+*/}}
+{{- define "alfresco-common.db.hostname" -}}
+{{- index (include "alfresco-common.jdbc.parser" . | fromJson) "jdbc" "hostname" }}
+{{- end -}}
+
+{{/*
+Provide database port from JDBC URL
+
+Usage: include "alfresco-common.db.port" (dict "url" "someurl")
+
+*/}}
+{{- define "alfresco-common.db.port" -}}
+{{- $socket := (index (include "alfresco-common.jdbc.parser" .url | fromJson) "jdbc" "host") }}
+{{- if gt ($socket | splitList ":" | len) 1 }}
+  {{- $socket | splitList ":" | last }}
+{{- else }}
+  {{- template "alfresco-common.db.default.port" (index (include "alfresco-common.jdbc.parser" .url | fromJson) "jdbc" "scheme") }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Provide database driverClass based on  JDBC URL
+
+Usage: include "alfresco-common.db.driver" (dict "url" "someurl" "driver" "driverclass")
+
+*/}}
+{{- define "alfresco-common.db.driver" -}}
+{{- $scheme := index (include "alfresco-common.jdbc.parser" .url | fromJson) "jdbc" "scheme" }}
+{{- coalesce .driver (include "alfresco-common.db.default.driver" $scheme) }}
+{{- end -}}

charts/alfresco-common/templates/_helpers-nginx.tpl

@@ -1,6 +1,9 @@
 {{/*
 Define annotations as provided in values
 Skip ANY server-snippet annotation (CVE-2021-25742)
+
+Usage: include "alfresco-common.nginx.annotations" $
+
 */}}
 {{- define "alfresco-common.nginx.annotations" }}
 {{- range $annotation, $value := .ingress.annotations }}
@@ -13,6 +16,9 @@ Skip ANY server-snippet annotation (CVE-2021-25742)
 
 {{/*
 Define required annotations for secure ACS/SHARE API access
+
+Usage: include "alfresco-common.nginx.secure.annotations" ""
+
 */}}
 {{- define "alfresco-common.nginx.secure.annotations" }}
     nginx.ingress.kubernetes.io/server-snippet: |

charts/alfresco-common/templates/_helpers-persistence.tpl

@@ -1,4 +1,10 @@
-{{- define "data_volume" -}}
+{{/*
+Provide a PVC based on service and persistence values
+
+Usage: include "alfresco-common.data_volume" $
+
+*/}}
+{{- define "alfresco-common.data_volume" -}}
 - name: data
 {{- $svc_name := .service.name }}
 {{- with .persistence }}
@@ -14,7 +20,17 @@
 {{- end }}
 {{- end -}}
 
-{{- define "component_pvc" -}}
+{{- define "data_volume" -}}
+{{- template "alfresco-common.data_volume" . }}
+{{- end -}}
+
+{{/*
+Provide a PVC based on service and persistence values
+
+Usage: include "alfresco-common.component_pvc" $
+
+*/}}
+{{- define "alfresco-common.component_pvc" -}}
 {{ $svc_name := .service.name }}
 {{- with .persistence }}
 {{- $sc_name := .storageClass | default "default" -}}
@@ -39,3 +55,7 @@ spec:
       storage: {{ .baseSize | default "20Gi" | quote }}
 {{- end }}
 {{- end -}}
+
+{{- define "component_pvc" -}}
+{{- template "alfresco-common.component_pvc" . }}
+{{- end -}}

charts/alfresco-common/templates/_helpers-security.tpl

@@ -1,10 +1,26 @@
-{{- define "default-pod-security-context" }}
+{{/*
+Provide default pod security context
+
+Usage: include "alfresco-common.default-pod-security-context" ""
+
+*/}}
+{{- define "alfresco-common.default-pod-security-context" }}
     runAsNonRoot: true
     runAsUser: 33099
     fsGroupChangePolicy: OnRootMismatch
 {{- end }}
 
-{{- define "default-security-context" }}
+{{- define "default-pod-security-context" }}
+{{- template "alfresco-common.default-pod-security-context" . }}
+{{- end }}
+
+{{/*
+Provide default container security context
+
+Usage: include "alfresco-common.default-security-context" ""
+
+*/}}
+{{- define "alfresco-common.default-security-context" }}
     runAsNonRoot: true
     allowPrivilegeEscalation: false
     capabilities:
@@ -13,7 +29,17 @@
         - ALL
 {{- end }}
 
-{{- define "component-pod-security-context" }}
+{{- define "default-security-context" }}
+{{- template "alfresco-common.default-security-context" . }}
+{{- end }}
+
+{{/*
+Provide pod security context
+
+Usage: include "alfresco-common.component-pod-security-context" $
+
+*/}}
+{{- define "alfresco-common.component-pod-security-context" }}
   securityContext:
 {{- if .podSecurityContext }}
     {{- .podSecurityContext | toYaml | nindent 4 }}
@@ -22,11 +48,25 @@
 {{- end }}
 {{- end }}
 
-{{- define "component-security-context" }}
+{{- define "component-pod-security-context" }}
+{{- template "alfresco-common.component-pod-security-context" $ }}
+{{- end }}
+
+{{/*
+Provide container security context
+
+Usage: include "alfresco-common.component-security-context" $
+
+*/}}
+{{- define "alfresco-common.component-security-context" }}
   securityContext:
 {{- if .securityContext }}
   {{- .securityContext | toYaml | nindent 4 }}
 {{- else }}
 {{- include "default-security-context" . }}
 {{- end }}
 {{- end }}
+
+{{- define "component-security-context" }}
+{{- template "alfresco-common.component-security-context" . }}
+{{- end }}