Skip to content

Commit

Permalink
OPSEXP-2188: narrow the usage of existingConfigMap for better integra…
Browse files Browse the repository at this point in the history
…tion (#74)
  • Loading branch information
alxgomz authored Jul 18, 2023
1 parent 5998010 commit eea5111
Show file tree
Hide file tree
Showing 8 changed files with 94 additions and 73 deletions.
6 changes: 3 additions & 3 deletions charts/alfresco-share/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: alfresco-common
repository: https://alfresco.github.io/alfresco-helm-charts
version: 2.1.0-alpha.0
digest: sha256:6922cc13c87c5fe6eed669f956cd5f0da86a96793da89e27099b73054e60024e
generated: "2023-07-10T16:32:19.328012924Z"
version: 2.1.0-alpha.2
digest: sha256:fe22b1c02d336367c59ad384553ec6c8d003a01532e543dfee9f9c3d791c42ff
generated: "2023-07-18T14:51:47.649031+02:00"
4 changes: 2 additions & 2 deletions charts/alfresco-share/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ apiVersion: v2
name: alfresco-share
description: Alfresco Share Helm chart for Kubernetes
type: application
version: 0.1.0-alpha.0
version: 0.1.0-alpha.1
appVersion: 7.4.0
dependencies:
- repository: https://alfresco.github.io/alfresco-helm-charts
version: 2.1.0-alpha.0
version: 2.1.0-alpha.2
name: alfresco-common
8 changes: 5 additions & 3 deletions charts/alfresco-share/README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# alfresco-share

![Version: 0.1.0-alpha.0](https://img.shields.io/badge/Version-0.1.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.4.0](https://img.shields.io/badge/AppVersion-7.4.0-informational?style=flat-square)
![Version: 0.1.0-alpha.1](https://img.shields.io/badge/Version-0.1.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 7.4.0](https://img.shields.io/badge/AppVersion-7.4.0-informational?style=flat-square)

Alfresco Share Helm chart for Kubernetes

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| https://alfresco.github.io/alfresco-helm-charts | alfresco-common | 2.1.0-alpha.0 |
| https://alfresco.github.io/alfresco-helm-charts | alfresco-common | 2.1.0-alpha.2 |

## Values

Expand Down Expand Up @@ -51,7 +51,9 @@ Alfresco Share Helm chart for Kubernetes
| readinessProbe.initialDelaySeconds | int | `15` | |
| readinessProbe.periodSeconds | int | `30` | |
| readinessProbe.timeoutSeconds | int | `5` | |
| repository.existingConfigMap | string | `nil` | a pre-existing configmap which provides expected configuration for Share REPO_HOST REPO_PORT CSRF_FILTER_REFERER CSRF_FILTER_ORIGIN EXTERNAL_HOST |
| repository.existingConfigMap.keys.host | string | `"REPO_HOST"` | name of the key in the configMap where to find the repository service host |
| repository.existingConfigMap.keys.port | string | `"REPO_PORT"` | name of the key in the configMap where to find the repository service port |
| repository.existingConfigMap.name | string | `nil` | a pre-existing configmap which provides expected configuration for Share |
| repository.host | string | `"localhost"` | repository hostname/servicename |
| repository.port | int | `8080` | repository port where service is exposed |
| resources.limits.cpu | string | `"4"` | |
Expand Down
6 changes: 1 addition & 5 deletions charts/alfresco-share/templates/config-share.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if not .Values.repository.existingConfigMap -}}
{{- if not .Values.repository.existingConfigMap.name -}}
---
apiVersion: v1
kind: ConfigMap
Expand All @@ -9,8 +9,4 @@ metadata:
data:
REPO_HOST: {{ .Values.repository.host | quote }}
REPO_PORT: {{ .Values.repository.port | quote }}
{{- $known_urls := coalesce .Values.known_urls .Values.global.known_urls "http://localhost,https://localhost" }}
CSRF_FILTER_REFERER: {{ include "alfresco-common.csrf.referer" $known_urls }}
CSRF_FILTER_ORIGIN: {{ include "alfresco-common.csrf.origin" $known_urls }}
EXTERNAL_HOST: {{ include "alfresco-common.external.url" $known_urls }}
{{- end -}}
26 changes: 20 additions & 6 deletions charts/alfresco-share/templates/deployment-share.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,17 +50,31 @@ spec:
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
envFrom:
- configMapRef:
name: {{ .Values.repository.existingConfigMap | default (print (include "alfresco-share.fullname" .) "-configmap") }}
{{- $repo_details_cm := .Values.repository.existingConfigMap.name | default (print (include "alfresco-share.fullname" .) "-configmap") }}
env:
- name: CSRF_FILTER_REFERER
value: {{ include "alfresco-common.csrf.referer" . }}
- name: CSRF_FILTER_ORIGIN
value: {{ include "alfresco-common.csrf.origin" . }}
- name: BASEURL
value: {{ include "alfresco-common.external.url" . }}
- name: JAVA_OPTS
value: >-
{{ (printf "%s %s" (.Values.environment.JAVA_OPTS | default "") "-Dalfresco.proxy=$BASEURL") }}
- name: REPO_HOST
valueFrom:
configMapKeyRef:
name: {{ $repo_details_cm }}
key: {{ .Values.repository.existingConfigMap.keys.host }}
- name: REPO_PORT
valueFrom:
configMapKeyRef:
name: {{ $repo_details_cm }}
key: {{ .Values.repository.existingConfigMap.keys.port }}
{{- range $key, $value := (omit .Values.environment "JAVA_OPTS") }}
- name: {{ $key }}
value: {{ $value }}
{{- end }}
- name: JAVA_OPTS
value: >-
{{ (printf "%s %s" (.Values.environment.JAVA_OPTS | default "") "-Dalfresco.proxy=$EXTERNAL_HOST") }}
volumeMounts:
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
readinessProbe:
Expand Down
43 changes: 2 additions & 41 deletions charts/alfresco-share/tests/cm_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ tests:
- it: should not render a configmap
set:
repository:
existingConfigMap: myns/mycm
existingConfigMap:
name: myns/mycm
asserts:
- hasDocuments:
count: 0
Expand All @@ -20,20 +21,7 @@ tests:
repository:
host: release-service.cluster.local
port: 80
known_urls:
- https://ecm.domain.tld/myapp/callback
- https://ecm.domain.tld/alfresco
- http://app.domain.local:8000
asserts:
- equal:
path: data.CSRF_FILTER_REFERER
value: >-
https://ecm.domain.tld/myapp/callback/.*\|https://ecm.domain.tld/alfresco/.*\|http://app.domain.local:8000/.*
template: config-share.yaml
- equal:
path: data.CSRF_FILTER_ORIGIN
value: https://ecm.domain.tld,https://ecm.domain.tld,http://app.domain.local:8000
template: config-share.yaml
- equal:
path: data.REPO_HOST
value: release-service.cluster.local
Expand All @@ -42,30 +30,3 @@ tests:
path: data.REPO_PORT
value: "80"
template: config-share.yaml
- it: should render a default config
asserts:
- equal:
path: data.CSRF_FILTER_REFERER
value: http://localhost/.*\|https://localhost/.*
template: config-share.yaml
- equal:
path: data.CSRF_FILTER_ORIGIN
value: http://localhost,https://localhost
template: config-share.yaml
- equal:
path: data.REPO_HOST
value: localhost
template: config-share.yaml
- equal:
path: data.REPO_PORT
value: "8080"
template: config-share.yaml

- it: should render a default Xorigin restriction config
asserts:
- equal:
path: data.CSRF_FILTER_REFERER
value: >-
http://localhost/.*\|https://localhost/.*
template: config-share.yaml
61 changes: 54 additions & 7 deletions charts/alfresco-share/tests/deployment_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,63 @@ tests:
value: RELEASE-NAME-alfresco-share
template: deployment-share.yaml

- it: should leverage provided exisintg configmap
- it: should leverage provided existing configmap
set:
repository:
existingConfigMap: myns/mycm
existingConfigMap:
name: myns/mycm
asserts:
- contains:
path: spec.template.spec.containers[0].envFrom
content:
configMapRef:
name: myns/mycm
- equal:
path: spec.template.spec.containers[0].env[5].valueFrom.configMapKeyRef.name
value: myns/mycm
template: deployment-share.yaml

- it: Fail due to broken input
set:
known_urls:
- not.an/url
asserts:
- failedTemplate:
errorMessage: >-
provided known_urls MUST start with a scheme (http :// or https://)
template: deployment-share.yaml
- it: |
should render custom CSRF config.
referers MUST be a regex with pipes escaped (due to the way vars are substitued in Share pods
origins MUST be a list of hosts (without paths) separated by commas.
set:
known_urls:
- https://ecm.domain.tld/myapp/callback
- https://ecm.domain.tld/alfresco
- http://app.domain.local:8000
asserts:
- equal:
path: spec.template.spec.containers[0].env[0].value
value: >-
https://ecm.domain.tld/myapp/callback/.*\|https://ecm.domain.tld/alfresco/.*\|http://app.domain.local:8000/.*
template: deployment-share.yaml
- equal:
path: spec.template.spec.containers[0].env[1].value
value: https://ecm.domain.tld,https://ecm.domain.tld,http://app.domain.local:8000
template: deployment-share.yaml
- equal:
path: spec.template.spec.containers[0].env[2].value
value: https://ecm.domain.tld
template: deployment-share.yaml
- it: should render a default Xorigin restriction config
asserts:
- equal:
path: spec.template.spec.containers[0].env[0].value
value: http://localhost/.*\|https://localhost/.*
template: deployment-share.yaml
- equal:
path: spec.template.spec.containers[0].env[1].value
value: http://localhost,https://localhost
template: deployment-share.yaml
- equal:
path: spec.template.spec.containers[0].env[2].value
value: http://localhost
template: deployment-share.yaml

- it: should render extra configs
Expand Down
13 changes: 7 additions & 6 deletions charts/alfresco-share/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,14 @@ repository:
host: localhost
# -- repository port where service is exposed
port: 8080
# -- a pre-existing configmap which provides expected configuration for Share
# REPO_HOST
# REPO_PORT
# CSRF_FILTER_REFERER
# CSRF_FILTER_ORIGIN
# EXTERNAL_HOST
existingConfigMap:
# -- a pre-existing configmap which provides expected configuration for Share
name:
keys:
# -- name of the key in the configMap where to find the repository service host
host: REPO_HOST
# -- name of the key in the configMap where to find the repository service port
port: REPO_PORT

# -- Provide the list of URL considered allowed to access Share resources (used
# for CSRF protection). The value be either a list of strings or a single
Expand Down

0 comments on commit eea5111

Please sign in to comment.