nclude logic to generated postgres-password if not set via values.yml

bci-oss · Jan 19, 2024 · 45e6489 · 45e6489
1 parent dcece5d
commit 45e6489
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 8 deletions.
diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml
@@ -79,11 +79,16 @@ jobs:
         run: ct install --charts charts/discoveryfinder --config charts/chart-testing-config.yaml
         if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
 
+      - name: Generate random password (This password is only a placeholder for the next step and will not used). The postgresPassword/password will be set via postgres-init.yaml.
+        id: generate-password
+        run: |
+            echo "PASSWORD=PLACEHOLDER_PW" >> $GITHUB_ENV
+          
       - name: Run helm upgrade
         run: |
             helm repo add bitnami https://charts.bitnami.com/bitnami
             helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
             helm install discoveryfinder tractusx-dev/discoveryfinder --version ${{ github.event.inputs.upgrade_from || '0.1.12' }}
             helm dependency update charts/discoveryfinder
-            helm upgrade discoveryfinder charts/discoveryfinder
+            helm upgrade discoveryfinder charts/discoveryfinder --set global.postgresql.auth.postgresPassword=$PASSWORD --set global.postgresql.auth.password=$PASSWORD
         if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
diff --git a/charts/discoveryfinder/Chart.yaml b/charts/discoveryfinder/Chart.yaml
@@ -23,7 +23,7 @@ home: https://eclipse-tractusx.github.io/
 sources:
   - https://github.com/eclipse-tractusx/sldt-discovery-finder
 type: application
-version: 0.1.16
+version: 0.1.17
 appVersion: 0.2.7
 
 dependencies:

diff --git a/charts/discoveryfinder/templates/deployment.yaml b/charts/discoveryfinder/templates/deployment.yaml
@@ -73,6 +73,8 @@ spec:
           envFrom:
             - secretRef:
                 name: {{ $sec_name }}
+            - secretRef:
+                name: {{ .Values.postgresql.auth.existingSecret }}
           resources:
 {{ .Values.discoveryfinder.resources | toYaml | indent 12 }}
       imagePullSecrets:

diff --git a/charts/discoveryfinder/templates/postgres-init.yaml b/charts/discoveryfinder/templates/postgres-init.yaml
@@ -0,0 +1,60 @@
+# Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH
+# Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+{{- if .Values.enablePostgres }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.postgresql.auth.existingSecret }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install, pre-upgrade
+type: Opaque
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }}
+{{- $defaultSecret := (lookup "v1" "Secret" .Release.Namespace ( printf "%s-postgresql" .Release.Name )) }}
+# 1. Check if given secret exists
+{{ if $secret -}}
+data:
+  {{- $postgresPassword:= ( .Values.postgresql.auth.password | b64enc) | default ( index $secret.data "postgres-password" ) | quote }}
+  postgres-password: {{ $postgresPassword }}
+  {{- $password:= ( .Values.postgresql.auth.password | b64enc) | default ( index $secret.data "password" ) | quote }}
+  password: {{ $password }}
+  SPRING_DATASOURCE_PASSWORD: {{ $password }}
+  SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }}
+  SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }}
+# 2. Check if default postgresql secret (Release.Name-postgresql) exists
+{{ else if $defaultSecret -}}
+data:
+  {{- $postgresPassword:= ( .Values.postgresql.auth.password | b64enc) | default ( index $defaultSecret.data "postgres-password" ) | quote }}
+  postgres-password: {{ $postgresPassword }}
+  {{- $password:= ( .Values.postgresql.auth.password | b64enc) | default ( index $defaultSecret.data "password" ) | quote }}
+  password: password
+  SPRING_DATASOURCE_PASSWORD: {{ $password }}
+  SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }}
+  SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }}
+{{ else -}}
+# 3. If no secret exists, use provided value from values file or generate a random one if secret not exists.
+stringData:
+  {{- $password:= .Values.postgresql.auth.password | default ( randAlphaNum 32 ) | quote }}
+  postgres-password: {{ $password }}
+  password: {{ $password }}
+  SPRING_DATASOURCE_PASSWORD: {{ $password }}
+  SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database }}
+  SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username }}
+{{ end }}
+{{- end -}}
diff --git a/charts/discoveryfinder/templates/secret.yaml b/charts/discoveryfinder/templates/secret.yaml
@@ -25,11 +25,8 @@ metadata:
   name: {{ $sec_name }}
 type: Opaque
 data:
-  {{- if .Values.enablePostgres }}
-  SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }}
-  SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }}
-  SPRING_DATASOURCE_PASSWORD: {{ .Values.postgresql.auth.password | b64enc }}
-  {{- else }}
+  # If postgres enabled the environment values will be used from postgres-init.yaml
+  {{- if not .Values.enablePostgres }}
   SPRING_DATASOURCE_URL: {{ .Values.discoveryfinder.dataSource.url | b64enc }}
   SPRING_DATASOURCE_USERNAME: {{ .Values.discoveryfinder.dataSource.user | b64enc }}
   SPRING_DATASOURCE_PASSWORD: {{ .Values.discoveryfinder.dataSource.password | b64enc }}

diff --git a/charts/discoveryfinder/values.yaml b/charts/discoveryfinder/values.yaml
@@ -77,5 +77,7 @@ postgresql:
       postgresql: 5432
   auth:
     username: catenax
-    password: password
+    password:
     database: discoveryfinder
+    # -- Secret contains passwords for username postgres.
+    existingSecret: postgres-init