From 5ca2e55e2b9226e1234a31c0b922d885a8a6489c Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 31 Jul 2023 15:12:12 +0200 Subject: [PATCH 01/15] feat(helm): add internal / external postgresql switch Now, it is possible to connect an external Postgres DB or use the internal one, which is bundled with the chart. --- charts/managed-identity-wallet/Chart.lock | 2 +- charts/managed-identity-wallet/Chart.yaml | 4 +- .../templates/deployment.yaml | 37 ++++++++++ .../templates/secret-database.yaml | 30 ++++++++ .../managed-identity-wallet/values-dev.yaml | 9 +-- .../managed-identity-wallet/values-int.yaml | 9 +-- .../managed-identity-wallet/values-local.yaml | 8 +- charts/managed-identity-wallet/values.yaml | 73 ++++++++++--------- 8 files changed, 113 insertions(+), 59 deletions(-) create mode 100644 charts/managed-identity-wallet/templates/secret-database.yaml diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock index 665a873a6..e55955c97 100644 --- a/charts/managed-identity-wallet/Chart.lock +++ b/charts/managed-identity-wallet/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 11.9.13 digest: sha256:051285066cef2799e39e2953c4abd405c36510a09e9e1bd1833a29224daffddb -generated: "2023-05-31T12:06:07.066291+02:00" +generated: "2023-07-31T13:44:30.601226+02:00" diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index e726f719e..6e1fb7a2f 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -20,12 +20,12 @@ apiVersion: v2 name: managed-identity-wallet description: | - Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. + Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains. type: application -version: 1.0.1 +version: 1.1.0 appVersion: 0.0.1 home: https://github.com/eclipse-tractusx/managed-identity-wallet diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml index a6e0d38d0..31e0906f4 100644 --- a/charts/managed-identity-wallet/templates/deployment.yaml +++ b/charts/managed-identity-wallet/templates/deployment.yaml @@ -53,6 +53,43 @@ spec: env: - name: APPLICATION_PORT value: "8080" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallet.fullname" . }}-postgresql + key: password + {{- if .Values.postgresql.external.enabled }} + - name: DB_HOST + value: {{ .Values.postgresql.external.config.host }} + - name: DB_PORT + value: {{ .Values.postgresql.external.config.port }} + - name: DB_USER_NAME + value: {{ .Values.postgresql.external.auth.username }} + - name: DB_NAME + value: {{ .Values.postgresql.external.config.database }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.postgresql.external.auth.existingSecret }} + name: {{ .Values.postgresql.external.auth.existingSecret }} + key: {{ .Values.postgresql.external.auth.existingSecretKey }} + {{- else }} + name: {{ include "managed-identity-wallet.fullname" . }}-postgresql + key: password + {{- end }} + {{- else }} + - name: DB_HOST + value: {{ include "managed-identity-wallet.fullname" . }}-postgresql + - name: DB_USER_NAME + value: {{ .Values.postgresql.auth.username }} + - name: DB_NAME + value: {{ .Values.postgresql.auth.database }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallet.fullname" . }}-postgresql + key: password + {{- end }} {{- if or .Values.envs .Values.secrets }} {{- range $key, $val := .Values.envs }} - name: {{ $key }} diff --git a/charts/managed-identity-wallet/templates/secret-database.yaml b/charts/managed-identity-wallet/templates/secret-database.yaml new file mode 100644 index 000000000..46201d1e1 --- /dev/null +++ b/charts/managed-identity-wallet/templates/secret-database.yaml @@ -0,0 +1,30 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +{{- if and .Values.postgresql.external.enabled ( not .Values.postgresql.external.auth.existingSecret ) }} +apiVersion: v1 +kind: Secret +metadata: + name:{{ include "managed-identity-wallet.fullname" . }}-postgresql + labels: + {{- include "managed-identity-wallet.labels" . | nindent 4 }} +type: Opaque +data: + password: {{ .Values.postgresql.external.auth.password | b64enc }} +{{- end -}} diff --git a/charts/managed-identity-wallet/values-dev.yaml b/charts/managed-identity-wallet/values-dev.yaml index f0eb88beb..877dd182f 100644 --- a/charts/managed-identity-wallet/values-dev.yaml +++ b/charts/managed-identity-wallet/values-dev.yaml @@ -21,13 +21,10 @@ image: tag: "latest-java-did-web" secrets: - DB_USER_NAME: - DB_PASSWORD: ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 KEYCLOAK_CLIENT_ID: envs: - DB_HOST: managed-identity-wallets-new-postgresql MIW_HOST_NAME: managed-identity-wallets-new.dev.demo.catena-x.net # Depend on ingress host name (managed-identity-wallets-new.dev.demo.catena-x.net) KEYCLOAK_REALM: CX-Central AUTH_SERVER_URL: https://centralidp.dev.demo.catena-x.net/auth @@ -49,10 +46,8 @@ ingress: - managed-identity-wallets-new.dev.demo.catena-x.net postgresql: - primary: - initdb: - password: + enabled: true auth: password: - postgresPassword: username: + postgresPassword: diff --git a/charts/managed-identity-wallet/values-int.yaml b/charts/managed-identity-wallet/values-int.yaml index b8897a267..9e6cc48f3 100644 --- a/charts/managed-identity-wallet/values-int.yaml +++ b/charts/managed-identity-wallet/values-int.yaml @@ -21,13 +21,10 @@ image: tag: "latest-java-did-web" secrets: - DB_USER_NAME: - DB_PASSWORD: ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 KEYCLOAK_CLIENT_ID: envs: - DB_HOST: managed-identity-wallets-new-postgresql MIW_HOST_NAME: managed-identity-wallets-new.int.demo.catena-x.net # Depend on ingress host name (managed-identity-wallets-new.int.demo.catena-x.net) KEYCLOAK_REALM: CX-Central AUTH_SERVER_URL: https://centralidp.int.demo.catena-x.net/auth @@ -49,10 +46,8 @@ ingress: - managed-identity-wallets-new.int.demo.catena-x.net postgresql: - primary: - initdb: - password: + enabled: true auth: password: - postgresPassword: username: + postgresPassword: diff --git a/charts/managed-identity-wallet/values-local.yaml b/charts/managed-identity-wallet/values-local.yaml index 2499f4efb..aa58957ce 100644 --- a/charts/managed-identity-wallet/values-local.yaml +++ b/charts/managed-identity-wallet/values-local.yaml @@ -21,8 +21,6 @@ image: tag: "latest-java-did-web" secrets: - DB_USER_NAME: postgres - DB_PASSWORD: xxx ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 KEYCLOAK_CLIENT_ID: z445srtzr5g @@ -57,10 +55,8 @@ backup: storageClassName: hostpath postgresql: - primary: - initdb: - password: xxx + enabled: true auth: password: xxx - postgresPassword: xxx username: postgres + postgresPassword: xxx diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 34d8f9061..8c476e9c4 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -23,40 +23,38 @@ replicaCount: 1 # -- Image of the main container image: # -- Image repository - repository: tractusx/managed-identity-wallet + repository: ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service # -- PullPolicy pullPolicy: Always # -- Image tag (empty one will use "appVersion" value from chart definition) - tag: "" + tag: "" + +# -- Credentials name for private repos +imagePullSecrets: [] nameOverride: "" fullnameOverride: "" # -- Parameters for the application (will be stored as secrets - so, for passwords, ...) -secrets: {} -# DB_USER_NAME: xxx # Has to be the same as below in "postgresql" section -# DB_PASSWORD: xxx # Has to be the same as below in "postgresql" section -# KEYCLOAK_CLIENT_ID: xxx -# ENCRYPTION_KEY: xxx # 64 chars +secrets: + KEYCLOAK_CLIENT_ID: "" + ENCRYPTION_KEY: "" # 64 chars # -- Parameters for the application (will be provided as plain environment variables) -envs: {} -# APPLICATION_ENVIRONMENT: xxx -# DB_HOST: auto -# DB_PORT: xxx -# DB_NAME: xxx # set it also in the init script in the postgres initdb section below!! -# USE_SSL: xxx -# DB_POOL_SIZE: xxx -# KEYCLOAK_MIW_PUBLIC_CLIENT: xxx -# MANAGEMENT_PORT: xxx -# MIW_HOST_NAME: xxx -# AUTHORITY_WALLET_BPN: xxx -# AUTHORITY_WALLET_NAME: xxx -# AUTHORITY_WALLET_DID: xxx -# VC_SCHEMA_LINK: xxx -# VC_EXPIRY_DATE: xxx -# KEYCLOAK_REALM: xxx -# AUTH_SERVER_URL: xxx +envs: + APPLICATION_ENVIRONMENT: "dev" + USE_SSL: false + DB_POOL_SIZE: + KEYCLOAK_MIW_PUBLIC_CLIENT: "" + MANAGEMENT_PORT: + MIW_HOST_NAME: localhost + AUTHORITY_WALLET_BPN: "" + AUTHORITY_WALLET_NAME: "" + AUTHORITY_WALLET_DID: "" + VC_SCHEMA_LINK: "" + VC_EXPIRY_DATE: "" + KEYCLOAK_REALM: "" + AUTH_SERVER_URL: "" # -- ServiceAccount configuration serviceAccount: @@ -133,17 +131,20 @@ backup: # -- storageClassName storageClassName: "-" -# @ignored postgresql: - primary: - initdb: - scripts: - init_db_script.sh: | - #!/bin/sh - createdb -O postgres miw - user: postgres - password: postgres + external: + enabled: false + config: + host: "" + port: 5432 + database: "" + auth: + username: "" + password: "" + existingSecret: "" + existingSecretKey: password + + # @ignored auth: - password: postgres - username: postgres - postgresPassword: postgres + username: miw + database: miw From e8104c3eceeb4459c88f7b1c024517863fb4d988 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 2 Aug 2023 10:17:59 +0200 Subject: [PATCH 02/15] fix(helm): remove duplicate env var --- charts/managed-identity-wallet/templates/deployment.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml index 31e0906f4..40806b768 100644 --- a/charts/managed-identity-wallet/templates/deployment.yaml +++ b/charts/managed-identity-wallet/templates/deployment.yaml @@ -53,11 +53,6 @@ spec: env: - name: APPLICATION_PORT value: "8080" - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallet.fullname" . }}-postgresql - key: password {{- if .Values.postgresql.external.enabled }} - name: DB_HOST value: {{ .Values.postgresql.external.config.host }} From 392c254481d3d74adfa675cd758fe67687760d05 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 2 Aug 2023 10:18:23 +0200 Subject: [PATCH 03/15] fix(helm): add space (typo) --- charts/managed-identity-wallet/templates/secret-database.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/templates/secret-database.yaml b/charts/managed-identity-wallet/templates/secret-database.yaml index 46201d1e1..331f23875 100644 --- a/charts/managed-identity-wallet/templates/secret-database.yaml +++ b/charts/managed-identity-wallet/templates/secret-database.yaml @@ -21,7 +21,7 @@ apiVersion: v1 kind: Secret metadata: - name:{{ include "managed-identity-wallet.fullname" . }}-postgresql + name: {{ include "managed-identity-wallet.fullname" . }}-postgresql labels: {{- include "managed-identity-wallet.labels" . | nindent 4 }} type: Opaque From 3d8beff85345411c1c3cfc9068134b09ccbf5b1b Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 2 Aug 2023 11:47:00 +0200 Subject: [PATCH 04/15] refactor(helm): reorder postgres config and envs in deployment --- charts/managed-identity-wallet/Chart.lock | 4 +-- charts/managed-identity-wallet/Chart.yaml | 2 +- .../templates/backup/cronjob.yaml | 8 ++--- .../templates/deployment.yaml | 34 ++++++++++--------- .../templates/secret-database.yaml | 2 +- charts/managed-identity-wallet/values.yaml | 3 +- 6 files changed, 28 insertions(+), 25 deletions(-) diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock index e55955c97..dcbfd7103 100644 --- a/charts/managed-identity-wallet/Chart.lock +++ b/charts/managed-identity-wallet/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami version: 11.9.13 -digest: sha256:051285066cef2799e39e2953c4abd405c36510a09e9e1bd1833a29224daffddb -generated: "2023-07-31T13:44:30.601226+02:00" +digest: sha256:09e3316dcc19431e38274d225f5749fe197f70e92209418bbe63c9df83a44df7 +generated: "2023-08-02T09:02:48.457769+02:00" diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 6e1fb7a2f..5275fad3f 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -45,4 +45,4 @@ dependencies: - name: postgresql version: 11.9.13 repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled + condition: postgresql.internal.enabled diff --git a/charts/managed-identity-wallet/templates/backup/cronjob.yaml b/charts/managed-identity-wallet/templates/backup/cronjob.yaml index 9c6108fc5..b435e1c7b 100644 --- a/charts/managed-identity-wallet/templates/backup/cronjob.yaml +++ b/charts/managed-identity-wallet/templates/backup/cronjob.yaml @@ -17,7 +17,7 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -{{ if .Values.backup.database.enabled -}} +{{ if and .Values.backup.database.enabled .Values.postgresql.internal.enabled -}} apiVersion: batch/v1 kind: CronJob metadata: @@ -41,13 +41,13 @@ spec: - "/bin/sh" args: - "-c" - - 'pg_dump -v -Fc -U {{ .Values.secrets.DB_USER_NAME }} -h {{ .Values.envs.DB_HOST }} miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump' + - 'pg_dump -v -Fc -U {{ .Values.postgresql.auth.username }} -h {{ .Release.Name }}-postgresql {{ .Values.postgresql.auth.database }} > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump' env: - name: PGPASSWORD valueFrom: secretKeyRef: - name: {{ include "managed-identity-wallet.fullname" . }} - key: DB_PASSWORD + name: {{ .Release.Name }}-postgresql + key: password restartPolicy: Never volumes: - name: data diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml index 40806b768..c596522c5 100644 --- a/charts/managed-identity-wallet/templates/deployment.yaml +++ b/charts/managed-identity-wallet/templates/deployment.yaml @@ -53,11 +53,23 @@ spec: env: - name: APPLICATION_PORT value: "8080" - {{- if .Values.postgresql.external.enabled }} + {{- if .Values.postgresql.internal.enabled }} + - name: DB_HOST + value: {{ .Release.Name }}-postgresql + - name: DB_USER_NAME + value: {{ .Values.postgresql.auth.username }} + - name: DB_NAME + value: {{ .Values.postgresql.auth.database }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-postgresql + key: password + {{- else }} - name: DB_HOST value: {{ .Values.postgresql.external.config.host }} - name: DB_PORT - value: {{ .Values.postgresql.external.config.port }} + value: {{ .Values.postgresql.external.config.port | quote }} - name: DB_USER_NAME value: {{ .Values.postgresql.external.auth.username }} - name: DB_NAME @@ -72,31 +84,21 @@ spec: name: {{ include "managed-identity-wallet.fullname" . }}-postgresql key: password {{- end }} - {{- else }} - - name: DB_HOST - value: {{ include "managed-identity-wallet.fullname" . }}-postgresql - - name: DB_USER_NAME - value: {{ .Values.postgresql.auth.username }} - - name: DB_NAME - value: {{ .Values.postgresql.auth.database }} - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallet.fullname" . }}-postgresql - key: password {{- end }} {{- if or .Values.envs .Values.secrets }} {{- range $key, $val := .Values.envs }} + {{- if $val }} - name: {{ $key }} value: {{ $val }} - {{- end}} + {{- end }} + {{- end }} {{- range $key, $val := .Values.secrets }} - name: {{ $key }} valueFrom: secretKeyRef: name: {{ include "managed-identity-wallet.fullname" $ }} key: {{ $key }} - {{- end}} + {{- end }} {{- end }} ports: - name: http diff --git a/charts/managed-identity-wallet/templates/secret-database.yaml b/charts/managed-identity-wallet/templates/secret-database.yaml index 331f23875..8b5cfa3a7 100644 --- a/charts/managed-identity-wallet/templates/secret-database.yaml +++ b/charts/managed-identity-wallet/templates/secret-database.yaml @@ -17,7 +17,7 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -{{- if and .Values.postgresql.external.enabled ( not .Values.postgresql.external.auth.existingSecret ) }} +{{- if and (not .Values.postgresql.internal.enabled) ( not .Values.postgresql.external.auth.existingSecret ) }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 8c476e9c4..2ba290bd3 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -132,8 +132,9 @@ backup: storageClassName: "-" postgresql: + internal: + enabled: true external: - enabled: false config: host: "" port: 5432 From e49aafb46986ac0bebeea8814cbaddaf92bd0daf Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 2 Aug 2023 11:48:43 +0200 Subject: [PATCH 05/15] refactor(helm): adjust values according to latest changes --- .../managed-identity-wallet/values-dev.yaml | 3 ++- .../managed-identity-wallet/values-int.yaml | 3 ++- .../managed-identity-wallet/values-local.yaml | 21 +++++++++++++------ 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/charts/managed-identity-wallet/values-dev.yaml b/charts/managed-identity-wallet/values-dev.yaml index 877dd182f..c3f6b5ca0 100644 --- a/charts/managed-identity-wallet/values-dev.yaml +++ b/charts/managed-identity-wallet/values-dev.yaml @@ -46,7 +46,8 @@ ingress: - managed-identity-wallets-new.dev.demo.catena-x.net postgresql: - enabled: true + internal: + enabled: true auth: password: username: diff --git a/charts/managed-identity-wallet/values-int.yaml b/charts/managed-identity-wallet/values-int.yaml index 9e6cc48f3..46b818651 100644 --- a/charts/managed-identity-wallet/values-int.yaml +++ b/charts/managed-identity-wallet/values-int.yaml @@ -46,7 +46,8 @@ ingress: - managed-identity-wallets-new.int.demo.catena-x.net postgresql: - enabled: true + internal: + enabled: true auth: password: username: diff --git a/charts/managed-identity-wallet/values-local.yaml b/charts/managed-identity-wallet/values-local.yaml index aa58957ce..7cd9fd2e6 100644 --- a/charts/managed-identity-wallet/values-local.yaml +++ b/charts/managed-identity-wallet/values-local.yaml @@ -25,10 +25,9 @@ secrets: KEYCLOAK_CLIENT_ID: z445srtzr5g envs: - DB_HOST: miw-postgresql MIW_HOST_NAME: localhost KEYCLOAK_REALM: miw_test - AUTH_SERVER_URL: http:///auth + AUTH_SERVER_URL: http://:/auth AUTHORITY_WALLET_DID: "did:web:managed-identity-wallets-new.dev.demo.catena-x.net:BPNL000000000000" AUTHORITY_WALLET_BPN: "BPNL000000000000" @@ -55,8 +54,18 @@ backup: storageClassName: hostpath postgresql: - enabled: true + internal: + enabled: true + external: + config: + host: + port: 5432 + database: miw + auth: + username: + password: + existingSecret: "" + existingSecretKey: password auth: - password: xxx - username: postgres - postgresPassword: xxx + username: miw + database: miw From 8346bbd69fa6eb6b1555d5ebf60928b578e2cf4d Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 3 Aug 2023 09:39:49 +0200 Subject: [PATCH 06/15] chore(ci): enable chart lint and test for PR's again --- .github/workflows/chart-lint.yml | 110 +++++++++++++++---------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index 231819947..b90559083 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -1,68 +1,68 @@ -# name: Lint and Test Charts + name: Lint and Test Charts -# # Run chart linting and tests on each pull request -# on: -# pull_request: -# paths: -# - 'charts/**' + # Run chart linting and tests on each pull request + on: + pull_request: + paths: + - 'charts/**' -# jobs: -# chart-lint: -# runs-on: ubuntu-latest -# steps: -# - name: Checkout -# uses: actions/checkout@v2 -# with: -# fetch-depth: 0 + jobs: + chart-lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 -# - name: Set up Helm -# uses: azure/setup-helm@v3 -# with: -# version: v3.11.3 + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.11.3 -# - name: Update Helm dependencies -# run: | -# cd charts/managed-identity-wallet -# helm dependency update + - name: Update Helm dependencies + run: | + cd charts/managed-identity-wallet + helm dependency update -# - name: Install Helm unittest plugin -# run: | -# helm plugin install https://github.com/helm-unittest/helm-unittest.git + - name: Install Helm unittest plugin + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest.git -# # Setup python as a prerequisite for chart linting -# - uses: actions/setup-python@v2 -# with: -# python-version: 3.7 + # Setup python as a prerequisite for chart linting + - uses: actions/setup-python@v2 + with: + python-version: 3.7 -# - name: Set up chart-testing -# uses: helm/chart-testing-action@v2.3.1 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.3.1 -# - name: Install Task -# uses: arduino/setup-task@v1 + - name: Install Task + uses: arduino/setup-task@v1 -# - name: Run chart-testing (list-changed) -# id: list-changed -# run: | -# changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) -# if [[ -n "$changed" ]]; then -# echo "::set-output name=changed::true" -# fi + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi -# # run chart linting -# - name: Run chart-testing (lint) -# run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet + # run chart linting + - name: Run chart-testing (lint) + run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet -# # run chart unittest -# - name: Run Helm unittests -# run: task helm:unittest + # run chart unittest + - name: Run Helm unittests + run: task helm:unittest -# # Preparing a kind cluster to install and test charts on -# - name: Create kind cluster -# uses: helm/kind-action@v1.7.0 -# if: steps.list-changed.outputs.changed == 'true' + # Preparing a kind cluster to install and test charts on + - name: Create kind cluster + uses: helm/kind-action@v1.7.0 + if: steps.list-changed.outputs.changed == 'true' -# # install the chart to the kind cluster and run helm test -# # define charts to test with the --charts parameter -# - name: Run chart-testing (install) -# run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml -# if: steps.list-changed.outputs.changed == 'true' + # install the chart to the kind cluster and run helm test + # define charts to test with the --charts parameter + - name: Run chart-testing (install) + run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml + if: steps.list-changed.outputs.changed == 'true' From fc60d9a0b1a5050067c596261a3649c0dfef9dca Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 3 Aug 2023 10:12:55 +0200 Subject: [PATCH 07/15] feat(helm): add additional unittests --- .../custom-values/backup/cronjob_test.yaml | 13 +- .../tests/custom-values/deployment_test.yaml | 119 +++++------------- .../custom-values/secret-database_test.yaml | 46 +++++++ .../tests/custom-values/secret_test.yaml | 13 +- ...ues-secrets.yml => values-external-db.yml} | 19 ++- .../tests/custom-values/values.yml | 8 -- .../tests/default/deployment_test.yaml | 15 ++- .../secret-database_test.yaml} | 14 ++- .../tests/default/service_test.yaml | 4 +- 9 files changed, 131 insertions(+), 120 deletions(-) create mode 100644 charts/managed-identity-wallet/tests/custom-values/secret-database_test.yaml rename charts/managed-identity-wallet/tests/custom-values/{values-secrets.yml => values-external-db.yml} (78%) rename charts/managed-identity-wallet/tests/{custom-values/values-envs.yml => default/secret-database_test.yaml} (79%) diff --git a/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml b/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml index 5d23ee352..7eab8720d 100644 --- a/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml @@ -77,8 +77,8 @@ tests: name: PGPASSWORD valueFrom: secretKeyRef: - name: RELEASE-NAME-managed-identity-wallet - key: DB_PASSWORD + name: RELEASE-NAME-postgresql + key: password - it: should have default command and args asserts: @@ -90,4 +90,11 @@ tests: path: spec.jobTemplate.spec.template.spec.containers[0].args value: - "-c" - - 'pg_dump -v -Fc -U dbuser -h postgres-host miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump' + - 'pg_dump -v -Fc -U miw -h RELEASE-NAME-postgresql miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump' + + - it: should not render, if external DB is used + set: + postgresql.internal.enabled: false + asserts: + - hasDocuments: + count: 0 diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml index 7433cdf54..3ab7cad3f 100644 --- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml @@ -40,91 +40,34 @@ tests: path: spec.template.spec.containers[0].env - lengthEqual: path: spec.template.spec.containers[0].env - count: 5 - - contains: - path: spec.template.spec.containers[0].env - content: - name: APPLICATION_PORT - value: "8080" - - contains: - path: spec.template.spec.containers[0].env - content: - name: DB_HOST - value: postgres-host - - contains: - path: spec.template.spec.containers[0].env - content: - name: MIW_HOST_NAME - value: miw - - contains: - path: spec.template.spec.containers[0].env - content: - name: DB_PASSWORD - valueFrom: - secretKeyRef: - key: DB_PASSWORD - name: RELEASE-NAME-managed-identity-wallet - - contains: - path: spec.template.spec.containers[0].env - content: - name: DB_USER_NAME - valueFrom: - secretKeyRef: - key: DB_USER_NAME - name: RELEASE-NAME-managed-identity-wallet - - - it: should have environment variables set (only envs set) - values: - - values-envs.yml - asserts: - - isNotEmpty: - path: spec.template.spec.containers[0].env - - lengthEqual: - path: spec.template.spec.containers[0].env - count: 3 - - contains: - path: spec.template.spec.containers[0].env - content: - name: APPLICATION_PORT - value: "8080" - - contains: - path: spec.template.spec.containers[0].env - content: - name: DB_HOST - value: postgres-host - - contains: - path: spec.template.spec.containers[0].env - content: - name: MIW_HOST_NAME - value: miw - - - it: should have environment variables set (envs and secrets set) - values: - - values-secrets.yml - asserts: - - isNotEmpty: - path: spec.template.spec.containers[0].env - - lengthEqual: - path: spec.template.spec.containers[0].env - count: 3 - - contains: - path: spec.template.spec.containers[0].env - content: - name: APPLICATION_PORT - value: "8080" - - contains: - path: spec.template.spec.containers[0].env - content: - name: DB_PASSWORD - valueFrom: - secretKeyRef: - key: DB_PASSWORD - name: RELEASE-NAME-managed-identity-wallet - - contains: - path: spec.template.spec.containers[0].env - content: - name: DB_USER_NAME - valueFrom: - secretKeyRef: - key: DB_USER_NAME - name: RELEASE-NAME-managed-identity-wallet + count: 9 + - equal: + path: spec.template.spec.containers[0].env + value: + - name: APPLICATION_PORT + value: "8080" + - name: DB_HOST + value: RELEASE-NAME-postgresql + - name: DB_USER_NAME + value: miw + - name: DB_NAME + value: miw + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: RELEASE-NAME-postgresql + - name: APPLICATION_ENVIRONMENT + value: dev + - name: MIW_HOST_NAME + value: localhost + - name: ENCRYPTION_KEY + valueFrom: + secretKeyRef: + key: ENCRYPTION_KEY + name: RELEASE-NAME-managed-identity-wallet + - name: KEYCLOAK_CLIENT_ID + valueFrom: + secretKeyRef: + key: KEYCLOAK_CLIENT_ID + name: RELEASE-NAME-managed-identity-wallet diff --git a/charts/managed-identity-wallet/tests/custom-values/secret-database_test.yaml b/charts/managed-identity-wallet/tests/custom-values/secret-database_test.yaml new file mode 100644 index 000000000..0f53f5b9e --- /dev/null +++ b/charts/managed-identity-wallet/tests/custom-values/secret-database_test.yaml @@ -0,0 +1,46 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test custom-values secret for database +chart: + version: 9.9.9+test + appVersion: 9.9.9 +templates: + - templates/secret-database.yaml +values: + - values-external-db.yml +tests: + - it: should have own database secret enabled + asserts: + - hasDocuments: + count: 1 + + - it: should have correct password set + asserts: + - equal: + path: data.password + value: pass + decodeBase64: true + + - it: should have own database secret disabled, when "existingSecret" is provided + set: + postgresql.external.auth.existingSecret: own-secret + asserts: + - hasDocuments: + count: 0 diff --git a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml index 3bc1560ca..ead9d9ccd 100644 --- a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml @@ -56,11 +56,8 @@ tests: - it: must have values in data asserts: - - equal: - path: data.DB_USER_NAME - value: dbuser - decodeBase64: true - - equal: - path: data.DB_PASSWORD - value: password - decodeBase64: true + - exists: + path: data.KEYCLOAK_CLIENT_ID + - exists: + path: data.ENCRYPTION_KEY + diff --git a/charts/managed-identity-wallet/tests/custom-values/values-secrets.yml b/charts/managed-identity-wallet/tests/custom-values/values-external-db.yml similarity index 78% rename from charts/managed-identity-wallet/tests/custom-values/values-secrets.yml rename to charts/managed-identity-wallet/tests/custom-values/values-external-db.yml index ca85427c3..61471d5fe 100644 --- a/charts/managed-identity-wallet/tests/custom-values/values-secrets.yml +++ b/charts/managed-identity-wallet/tests/custom-values/values-external-db.yml @@ -17,6 +17,19 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -secrets: - DB_USER_NAME: dbuser - DB_PASSWORD: password +image: + tag: "latest" + +postgresql: + internal: + enabled: false + external: + config: + host: localhost + port: 5432 + database: miw + auth: + username: user + password: pass + existingSecret: "" + existingSecretKey: password diff --git a/charts/managed-identity-wallet/tests/custom-values/values.yml b/charts/managed-identity-wallet/tests/custom-values/values.yml index cf3cdb466..0eed63a53 100644 --- a/charts/managed-identity-wallet/tests/custom-values/values.yml +++ b/charts/managed-identity-wallet/tests/custom-values/values.yml @@ -20,14 +20,6 @@ image: tag: "latest" -secrets: - DB_USER_NAME: dbuser - DB_PASSWORD: password - -envs: - DB_HOST: postgres-host - MIW_HOST_NAME: miw - ingress: enabled: true annotations: diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml index 4a42a9fdd..cffe3b7f7 100644 --- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml @@ -41,7 +41,7 @@ tests: app.kubernetes.io/version: "9.9.9" app.kubernetes.io/managed-by: Helm - - it: must have important values set + - it: should have important values set asserts: - equal: path: spec.replicas @@ -58,14 +58,14 @@ tests: containerPort: 8080 protocol: TCP - - it: must have probes set + - it: should have probes set asserts: - isNotEmpty: path: spec.template.spec.containers[0].livenessProbe - isNotEmpty: path: spec.template.spec.containers[0].readinessProbe - - it: must have resource limits set + - it: should have resource limits set asserts: - isNotEmpty: path: spec.template.spec.containers[0].resources @@ -82,7 +82,7 @@ tests: - isNotEmpty: path: spec.template.spec.containers[0].resources.requests.memory - - it: must have a security context + - it: should have a security context asserts: - isSubset: path: spec.template.spec.containers[0].securityContext @@ -99,7 +99,7 @@ tests: path: spec.template.spec.containers[0].env - lengthEqual: path: spec.template.spec.containers[0].env - count: 1 + count: 9 - it: should have empty values asserts: @@ -116,3 +116,8 @@ tests: path: spec.template.spec.nodeSelector content: "kubernetes.io/os": linux + + - it: should not have "imagePullSecrets" set + asserts: + - notExists: + path: spec.template.spec.imagePullSecrets diff --git a/charts/managed-identity-wallet/tests/custom-values/values-envs.yml b/charts/managed-identity-wallet/tests/default/secret-database_test.yaml similarity index 79% rename from charts/managed-identity-wallet/tests/custom-values/values-envs.yml rename to charts/managed-identity-wallet/tests/default/secret-database_test.yaml index 782fcacb6..f8ad39f01 100644 --- a/charts/managed-identity-wallet/tests/custom-values/values-envs.yml +++ b/charts/managed-identity-wallet/tests/default/secret-database_test.yaml @@ -17,6 +17,14 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -envs: - DB_HOST: postgres-host - MIW_HOST_NAME: miw +suite: test default secret for database +chart: + version: 9.9.9+test + appVersion: 9.9.9 +templates: + - templates/secret-database.yaml +tests: + - it: should have own database secret disabled + asserts: + - hasDocuments: + count: 0 diff --git a/charts/managed-identity-wallet/tests/default/service_test.yaml b/charts/managed-identity-wallet/tests/default/service_test.yaml index 89509c916..a42879748 100644 --- a/charts/managed-identity-wallet/tests/default/service_test.yaml +++ b/charts/managed-identity-wallet/tests/default/service_test.yaml @@ -41,13 +41,13 @@ tests: app.kubernetes.io/version: "9.9.9" app.kubernetes.io/managed-by: Helm - - it: must have type set to ClusterIP + - it: should have type set to ClusterIP asserts: - equal: path: spec.type value: ClusterIP - - it: must have ports set + - it: should have ports set asserts: - contains: path: spec.ports From 66897186da42ef7dfb9af08d549682964aa5472c Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 4 Aug 2023 11:38:02 +0200 Subject: [PATCH 08/15] feat(helm): add documentation for new content and adjust the old one --- charts/managed-identity-wallet/README.md | 23 ++++++++++++++++++---- charts/managed-identity-wallet/values.yaml | 20 ++++++++++++++++--- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index c1dde17a2..44a1831c7 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -1,6 +1,6 @@ # managed-identity-wallet -![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains. @@ -55,21 +55,36 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | backup.database.storage.diskSize | string | `"10G"` | Disk size for backup content | | backup.database.storage.keepStorage | bool | `true` | Set to true, if the PV should stay even when the chart release is uninstalled | | backup.database.storage.storageClassName | string | `"-"` | storageClassName | -| envs | object | `{}` | Parameters for the application (will be provided as plain environment variables) | +| envs | object | `{"APPLICATION_ENVIRONMENT":"dev","AUTHORITY_WALLET_BPN":"","AUTHORITY_WALLET_DID":"","AUTHORITY_WALLET_NAME":"","AUTH_SERVER_URL":"","DB_POOL_SIZE":null,"KEYCLOAK_MIW_PUBLIC_CLIENT":"","KEYCLOAK_REALM":"","MANAGEMENT_PORT":null,"MIW_HOST_NAME":"localhost","USE_SSL":false,"VC_EXPIRY_DATE":"","VC_SCHEMA_LINK":""}` | Parameters for the application (will be provided as plain environment variables) | | fullnameOverride | string | `""` | | | image | object | `{"pullPolicy":"Always","repository":"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service","tag":""}` | Image of the main container | | image.pullPolicy | string | `"Always"` | PullPolicy | | image.repository | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service"` | Image repository | | image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) | -| imagePullSecrets | list | `[{"name":"acr-credential"}]` | Credentials for a private repo | +| imagePullSecrets | list | `[]` | Credentials name for private repos | | ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration | | nameOverride | string | `""` | | | nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration | | podAnnotations | object | `{}` | PodAnnotation configuration | | podSecurityContext | object | `{}` | PodSecurityContext | +| postgresql | object | `{"auth":{"database":"miw","username":"miw"},"external":{"auth":{"existingSecret":"","existingSecretKey":"password","password":"","username":""},"config":{"database":"","host":"","port":5432}},"internal":{"enabled":true}}` | Configuration of the Postgresql database (internal and external) | +| postgresql.auth | object | `{"database":"miw","username":"miw"}` | Default settings for the primary database and user | +| postgresql.auth.database | string | `"miw"` | MIW database name | +| postgresql.auth.username | string | `"miw"` | username for MIW database | +| postgresql.external | object | `{"auth":{"existingSecret":"","existingSecretKey":"password","password":"","username":""},"config":{"database":"","host":"","port":5432}}` | Configure own postgresql database | +| postgresql.external.auth.existingSecret | string | `""` | Existing secret with provided password | +| postgresql.external.auth.existingSecretKey | string | `"password"` | Key name of password in secret | +| postgresql.external.auth.password | string | `""` | DB password | +| postgresql.external.auth.username | string | `""` | DB username | +| postgresql.external.config | object | `{"database":"","host":"","port":5432}` | General config | +| postgresql.external.config.database | string | `""` | Existing database to use | +| postgresql.external.config.host | string | `""` | Instance host or IP | +| postgresql.external.config.port | int | `5432` | Instance port | +| postgresql.internal | object | `{"enabled":true}` | Configure bundled postgresql | +| postgresql.internal.enabled | bool | `true` | Enable bundled database | | replicaCount | int | `1` | The amount of replicas to run | | resources | object | `{"limits":{"cpu":4,"memory":"1Gi"},"requests":{"cpu":"250m","memory":"500Mi"}}` | Resource boundaries | -| secrets | object | `{}` | Parameters for the application (will be stored as secrets - so, for passwords, ...) | +| secrets | object | `{"ENCRYPTION_KEY":"","KEYCLOAK_CLIENT_ID":""}` | Parameters for the application (will be stored as secrets - so, for important values, ...) | | securityContext | object | `{"allowPrivilegeEscalation":false,"privileged":false,"runAsGroup":11111,"runAsNonRoot":true,"runAsUser":11111}` | Preconfigured SecurityContext | | service | object | `{"port":8080,"type":"ClusterIP"}` | Service configuration | | serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | ServiceAccount configuration | diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 2ba290bd3..ac8c6fb17 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -35,10 +35,10 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -# -- Parameters for the application (will be stored as secrets - so, for passwords, ...) +# -- Parameters for the application (will be stored as secrets - so, for important values, ...) secrets: KEYCLOAK_CLIENT_ID: "" - ENCRYPTION_KEY: "" # 64 chars + ENCRYPTION_KEY: "" # 32 chars # -- Parameters for the application (will be provided as plain environment variables) envs: @@ -131,21 +131,35 @@ backup: # -- storageClassName storageClassName: "-" +# -- Configuration of the Postgresql database (internal and external) postgresql: + # -- Configure bundled postgresql internal: + # -- Enable bundled database enabled: true + # -- Configure own postgresql database external: + # -- General config config: + # -- Instance host or IP host: "" + # -- Instance port port: 5432 + # -- Existing database to use database: "" auth: + # -- DB username username: "" + # -- DB password password: "" + # -- Existing secret with provided password existingSecret: "" + # -- Key name of password in secret existingSecretKey: password - # @ignored + # -- Default settings for the primary database and user auth: + # -- username for MIW database username: miw + # -- MIW database name database: miw From cee2c497bfd37e865b2cfa1add674654c9ed0530 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 4 Aug 2023 14:01:03 +0200 Subject: [PATCH 09/15] feat(helm): add documentation for env / secret variables --- charts/managed-identity-wallet/README.md | 17 ++++++++++++++++- charts/managed-identity-wallet/values.yaml | 19 +++++++++++++++++-- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 44a1831c7..2243144de 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -55,7 +55,20 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | backup.database.storage.diskSize | string | `"10G"` | Disk size for backup content | | backup.database.storage.keepStorage | bool | `true` | Set to true, if the PV should stay even when the chart release is uninstalled | | backup.database.storage.storageClassName | string | `"-"` | storageClassName | -| envs | object | `{"APPLICATION_ENVIRONMENT":"dev","AUTHORITY_WALLET_BPN":"","AUTHORITY_WALLET_DID":"","AUTHORITY_WALLET_NAME":"","AUTH_SERVER_URL":"","DB_POOL_SIZE":null,"KEYCLOAK_MIW_PUBLIC_CLIENT":"","KEYCLOAK_REALM":"","MANAGEMENT_PORT":null,"MIW_HOST_NAME":"localhost","USE_SSL":false,"VC_EXPIRY_DATE":"","VC_SCHEMA_LINK":""}` | Parameters for the application (will be provided as plain environment variables) | +| envs | object | `{"APPLICATION_ENVIRONMENT":"dev","AUTHORITY_WALLET_BPN":"","AUTHORITY_WALLET_DID":"","AUTHORITY_WALLET_NAME":"","AUTH_SERVER_URL":"","DB_POOL_SIZE":"","KEYCLOAK_MIW_PUBLIC_CLIENT":"","KEYCLOAK_REALM":"","MANAGEMENT_PORT":null,"MIW_HOST_NAME":"localhost","USE_SSL":false,"VC_EXPIRY_DATE":"","VC_SCHEMA_LINK":""}` | Parameters for the application (will be provided as plain environment variables) | +| envs.APPLICATION_ENVIRONMENT | string | `"dev"` | Application environments like dev, int, prod | +| envs.AUTHORITY_WALLET_BPN | string | `""` | Authority/base wallet/root wallet BPN | +| envs.AUTHORITY_WALLET_DID | string | `""` | Authority/base wallet/root wallet web did | +| envs.AUTHORITY_WALLET_NAME | string | `""` | Authority/base wallet/root wallet name | +| envs.AUTH_SERVER_URL | string | `""` | Keycloak server url | +| envs.DB_POOL_SIZE | string | `""` | Initial database connection pool size | +| envs.KEYCLOAK_MIW_PUBLIC_CLIENT | string | `""` | Keycloak public client id, used only if we want to enable login in swagger using keycloak | +| envs.KEYCLOAK_REALM | string | `""` | Keycloak realm name | +| envs.MANAGEMENT_PORT | string | `nil` | Spring actuator port | +| envs.MIW_HOST_NAME | string | `"localhost"` | Hostname of miw application | +| envs.USE_SSL | bool | `false` | Whether database connection with SSL, true if the database connection is done using SSL | +| envs.VC_EXPIRY_DATE | string | `""` | Default expiry date of issued VC | +| envs.VC_SCHEMA_LINK | string | `""` | Verifiable credential schema URL, which will be part of @context in VC | | fullnameOverride | string | `""` | | | image | object | `{"pullPolicy":"Always","repository":"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service","tag":""}` | Image of the main container | | image.pullPolicy | string | `"Always"` | PullPolicy | @@ -85,6 +98,8 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | replicaCount | int | `1` | The amount of replicas to run | | resources | object | `{"limits":{"cpu":4,"memory":"1Gi"},"requests":{"cpu":"250m","memory":"500Mi"}}` | Resource boundaries | | secrets | object | `{"ENCRYPTION_KEY":"","KEYCLOAK_CLIENT_ID":""}` | Parameters for the application (will be stored as secrets - so, for important values, ...) | +| secrets.ENCRYPTION_KEY | string | `""` | AES encryption key used to encrypt/decrypt private keys (random 32 chars) | +| secrets.KEYCLOAK_CLIENT_ID | string | `""` | Keycloak confidential client id for MIW application | | securityContext | object | `{"allowPrivilegeEscalation":false,"privileged":false,"runAsGroup":11111,"runAsNonRoot":true,"runAsUser":11111}` | Preconfigured SecurityContext | | service | object | `{"port":8080,"type":"ClusterIP"}` | Service configuration | | serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | ServiceAccount configuration | diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index ac8c6fb17..505b60e9e 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -37,23 +37,38 @@ fullnameOverride: "" # -- Parameters for the application (will be stored as secrets - so, for important values, ...) secrets: + # -- Keycloak confidential client id for MIW application KEYCLOAK_CLIENT_ID: "" - ENCRYPTION_KEY: "" # 32 chars + # -- AES encryption key used to encrypt/decrypt private keys (random 32 chars) + ENCRYPTION_KEY: "" # -- Parameters for the application (will be provided as plain environment variables) envs: + # -- Application environments like dev, int, prod APPLICATION_ENVIRONMENT: "dev" + # -- Whether database connection with SSL, true if the database connection is done using SSL USE_SSL: false - DB_POOL_SIZE: + # -- Initial database connection pool size + DB_POOL_SIZE: "" + # -- Keycloak public client id, used only if we want to enable login in swagger using keycloak KEYCLOAK_MIW_PUBLIC_CLIENT: "" + # -- Spring actuator port MANAGEMENT_PORT: + # -- Hostname of miw application MIW_HOST_NAME: localhost + # -- Authority/base wallet/root wallet BPN AUTHORITY_WALLET_BPN: "" + # -- Authority/base wallet/root wallet name AUTHORITY_WALLET_NAME: "" + # -- Authority/base wallet/root wallet web did AUTHORITY_WALLET_DID: "" + # -- Verifiable credential schema URL, which will be part of @context in VC VC_SCHEMA_LINK: "" + # -- Default expiry date of issued VC VC_EXPIRY_DATE: "" + # -- Keycloak realm name KEYCLOAK_REALM: "" + # -- Keycloak server url AUTH_SERVER_URL: "" # -- ServiceAccount configuration From f5a7df1ebc1e8474d032dd3d7d5ca605182b3b06 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 7 Aug 2023 14:48:55 +0200 Subject: [PATCH 10/15] chore(ci): add License header --- .github/workflows/chart-lint.yml | 129 ++++++++++++++++++------------- 1 file changed, 74 insertions(+), 55 deletions(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index b90559083..5d3937ae0 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -1,68 +1,87 @@ - name: Lint and Test Charts +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ - # Run chart linting and tests on each pull request - on: - pull_request: - paths: - - 'charts/**' +name: Lint and Test Charts - jobs: - chart-lint: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 +# Run chart linting and tests on each pull request +on: + pull_request: + paths: + - 'charts/**' - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: v3.11.3 +jobs: + chart-lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 - - name: Update Helm dependencies - run: | - cd charts/managed-identity-wallet - helm dependency update + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.11.3 - - name: Install Helm unittest plugin - run: | - helm plugin install https://github.com/helm-unittest/helm-unittest.git + - name: Update Helm dependencies + run: | + cd charts/managed-identity-wallet + helm dependency update - # Setup python as a prerequisite for chart linting - - uses: actions/setup-python@v2 - with: - python-version: 3.7 + - name: Install Helm unittest plugin + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest.git - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + # Setup python as a prerequisite for chart linting + - uses: actions/setup-python@v2 + with: + python-version: 3.7 - - name: Install Task - uses: arduino/setup-task@v1 + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.3.1 - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) - if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - fi + - name: Install Task + uses: arduino/setup-task@v1 - # run chart linting - - name: Run chart-testing (lint) - run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi - # run chart unittest - - name: Run Helm unittests - run: task helm:unittest + # run chart linting + - name: Run chart-testing (lint) + run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet - # Preparing a kind cluster to install and test charts on - - name: Create kind cluster - uses: helm/kind-action@v1.7.0 - if: steps.list-changed.outputs.changed == 'true' + # run chart unittest + - name: Run Helm unittests + run: task helm:unittest - # install the chart to the kind cluster and run helm test - # define charts to test with the --charts parameter - - name: Run chart-testing (install) - run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml - if: steps.list-changed.outputs.changed == 'true' + # Preparing a kind cluster to install and test charts on + - name: Create kind cluster + uses: helm/kind-action@v1.7.0 + if: steps.list-changed.outputs.changed == 'true' + + # install the chart to the kind cluster and run helm test + # define charts to test with the --charts parameter + - name: Run chart-testing (install) + run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml + if: steps.list-changed.outputs.changed == 'true' From 019f26260942eef8acdd0a6b4a965d83bc30bceb Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 7 Aug 2023 14:53:23 +0200 Subject: [PATCH 11/15] fix(helm): remove trailing space --- charts/managed-identity-wallet/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 5275fad3f..753b45e2b 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 name: managed-identity-wallet description: | - Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. + Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains. type: application From 30841225d704f4b58f8ae87b45f324fbb58eeef5 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 7 Aug 2023 15:04:26 +0200 Subject: [PATCH 12/15] fix(helm): update image repo --- charts/managed-identity-wallet/README.md | 4 ++-- charts/managed-identity-wallet/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 2243144de..f894b2787 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -70,9 +70,9 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | envs.VC_EXPIRY_DATE | string | `""` | Default expiry date of issued VC | | envs.VC_SCHEMA_LINK | string | `""` | Verifiable credential schema URL, which will be part of @context in VC | | fullnameOverride | string | `""` | | -| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service","tag":""}` | Image of the main container | +| image | object | `{"pullPolicy":"Always","repository":"tractusx/managed-identity-wallet","tag":""}` | Image of the main container | | image.pullPolicy | string | `"Always"` | PullPolicy | -| image.repository | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service"` | Image repository | +| image.repository | string | `"tractusx/managed-identity-wallet"` | Image repository | | image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) | | imagePullSecrets | list | `[]` | Credentials name for private repos | | ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration | diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 505b60e9e..f98460fee 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -23,7 +23,7 @@ replicaCount: 1 # -- Image of the main container image: # -- Image repository - repository: ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service + repository: tractusx/managed-identity-wallet # -- PullPolicy pullPolicy: Always # -- Image tag (empty one will use "appVersion" value from chart definition) From 27ae102bd1307fce142adff3a4808bac50dc4c60 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 8 Aug 2023 10:38:01 +0200 Subject: [PATCH 13/15] fix(helm): fix suggested issues from PR - fix test for deployment - add explanation for test - rework description in values.yaml - quote every value in values*.yaml - env section - --- .../tests/custom-values/deployment_test.yaml | 4 ++- .../tests/default/deployment_test.yaml | 34 ++++++++++++++++++- .../managed-identity-wallet/values-dev.yaml | 8 ++--- .../managed-identity-wallet/values-int.yaml | 8 ++--- .../managed-identity-wallet/values-local.yaml | 10 +++--- charts/managed-identity-wallet/values.yaml | 8 ++--- 6 files changed, 53 insertions(+), 19 deletions(-) diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml index 3ab7cad3f..b2428554b 100644 --- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml @@ -40,7 +40,7 @@ tests: path: spec.template.spec.containers[0].env - lengthEqual: path: spec.template.spec.containers[0].env - count: 9 + count: 10 # One hard-wired, four because Values.postgresql.internal.enabled == true and five from values.yaml "secrets" and "envs" - equal: path: spec.template.spec.containers[0].env value: @@ -61,6 +61,8 @@ tests: value: dev - name: MIW_HOST_NAME value: localhost + - name: USE_SSL + value: false - name: ENCRYPTION_KEY valueFrom: secretKeyRef: diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml index cffe3b7f7..af0a29548 100644 --- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml @@ -99,7 +99,39 @@ tests: path: spec.template.spec.containers[0].env - lengthEqual: path: spec.template.spec.containers[0].env - count: 9 + count: 10 # One hard-wired, four because Values.postgresql.internal.enabled == true and five from values.yaml "secrets" and "envs" + - equal: + path: spec.template.spec.containers[0].env + value: + - name: APPLICATION_PORT + value: "8080" + - name: DB_HOST + value: RELEASE-NAME-postgresql + - name: DB_USER_NAME + value: miw + - name: DB_NAME + value: miw + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: RELEASE-NAME-postgresql + - name: APPLICATION_ENVIRONMENT + value: dev + - name: MIW_HOST_NAME + value: localhost + - name: USE_SSL + value: false + - name: ENCRYPTION_KEY + valueFrom: + secretKeyRef: + key: ENCRYPTION_KEY + name: RELEASE-NAME-managed-identity-wallet + - name: KEYCLOAK_CLIENT_ID + valueFrom: + secretKeyRef: + key: KEYCLOAK_CLIENT_ID + name: RELEASE-NAME-managed-identity-wallet - it: should have empty values asserts: diff --git a/charts/managed-identity-wallet/values-dev.yaml b/charts/managed-identity-wallet/values-dev.yaml index c3f6b5ca0..d5fea65d7 100644 --- a/charts/managed-identity-wallet/values-dev.yaml +++ b/charts/managed-identity-wallet/values-dev.yaml @@ -21,13 +21,13 @@ image: tag: "latest-java-did-web" secrets: - ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 + ENCRYPTION_KEY: "76a7834fb37e090c2789a9b1a76748d3" KEYCLOAK_CLIENT_ID: envs: - MIW_HOST_NAME: managed-identity-wallets-new.dev.demo.catena-x.net # Depend on ingress host name (managed-identity-wallets-new.dev.demo.catena-x.net) - KEYCLOAK_REALM: CX-Central - AUTH_SERVER_URL: https://centralidp.dev.demo.catena-x.net/auth + MIW_HOST_NAME: "managed-identity-wallets-new.dev.demo.catena-x.net" # Depend on ingress host name (managed-identity-wallets-new.dev.demo.catena-x.net) + KEYCLOAK_REALM: "CX-Central" + AUTH_SERVER_URL: "https://centralidp.dev.demo.catena-x.net/auth" AUTHORITY_WALLET_DID: "did:web:managed-identity-wallets-new.dev.demo.catena-x.net:BPNL00000003CRHK" AUTHORITY_WALLET_BPN: "BPNL00000003CRHK" diff --git a/charts/managed-identity-wallet/values-int.yaml b/charts/managed-identity-wallet/values-int.yaml index 46b818651..d03fd25a6 100644 --- a/charts/managed-identity-wallet/values-int.yaml +++ b/charts/managed-identity-wallet/values-int.yaml @@ -21,13 +21,13 @@ image: tag: "latest-java-did-web" secrets: - ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 + ENCRYPTION_KEY: "76a7834fb37e090c2789a9b1a76748d3" KEYCLOAK_CLIENT_ID: envs: - MIW_HOST_NAME: managed-identity-wallets-new.int.demo.catena-x.net # Depend on ingress host name (managed-identity-wallets-new.int.demo.catena-x.net) - KEYCLOAK_REALM: CX-Central - AUTH_SERVER_URL: https://centralidp.int.demo.catena-x.net/auth + MIW_HOST_NAME: "managed-identity-wallets-new.int.demo.catena-x.net" # Depend on ingress host name (managed-identity-wallets-new.int.demo.catena-x.net) + KEYCLOAK_REALM: "CX-Central" + AUTH_SERVER_URL: "https://centralidp.int.demo.catena-x.net/auth" AUTHORITY_WALLET_DID: "did:web:managed-identity-wallets-new.int.demo.catena-x.net:BPNL00000003CRHK" AUTHORITY_WALLET_BPN: "BPNL00000003CRHK" diff --git a/charts/managed-identity-wallet/values-local.yaml b/charts/managed-identity-wallet/values-local.yaml index 7cd9fd2e6..2260eb725 100644 --- a/charts/managed-identity-wallet/values-local.yaml +++ b/charts/managed-identity-wallet/values-local.yaml @@ -21,13 +21,13 @@ image: tag: "latest-java-did-web" secrets: - ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 - KEYCLOAK_CLIENT_ID: z445srtzr5g + ENCRYPTION_KEY: "76a7834fb37e090c2789a9b1a76748d3" + KEYCLOAK_CLIENT_ID: "z445srtzr5g" envs: - MIW_HOST_NAME: localhost - KEYCLOAK_REALM: miw_test - AUTH_SERVER_URL: http://:/auth + MIW_HOST_NAME: "localhost" + KEYCLOAK_REALM: "miw_test" + AUTH_SERVER_URL: "http://:/auth" AUTHORITY_WALLET_DID: "did:web:managed-identity-wallets-new.dev.demo.catena-x.net:BPNL000000000000" AUTHORITY_WALLET_BPN: "BPNL000000000000" diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index f98460fee..169990282 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -35,11 +35,11 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -# -- Parameters for the application (will be stored as secrets - so, for important values, ...) +# -- Parameters for the application (will be stored in a secret and attached to the container) secrets: # -- Keycloak confidential client id for MIW application KEYCLOAK_CLIENT_ID: "" - # -- AES encryption key used to encrypt/decrypt private keys (random 32 chars) + # -- AES encryption key used to encrypt/decrypt private keys (random 32 chars - ex.: openssl rand -hex 32) ENCRYPTION_KEY: "" # -- Parameters for the application (will be provided as plain environment variables) @@ -47,7 +47,7 @@ envs: # -- Application environments like dev, int, prod APPLICATION_ENVIRONMENT: "dev" # -- Whether database connection with SSL, true if the database connection is done using SSL - USE_SSL: false + USE_SSL: "false" # -- Initial database connection pool size DB_POOL_SIZE: "" # -- Keycloak public client id, used only if we want to enable login in swagger using keycloak @@ -55,7 +55,7 @@ envs: # -- Spring actuator port MANAGEMENT_PORT: # -- Hostname of miw application - MIW_HOST_NAME: localhost + MIW_HOST_NAME: "localhost" # -- Authority/base wallet/root wallet BPN AUTHORITY_WALLET_BPN: "" # -- Authority/base wallet/root wallet name From a84f12017ad2b4d9a8a10f9947c481297fe50df9 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 8 Aug 2023 10:38:51 +0200 Subject: [PATCH 14/15] chore(ci): update python version in chart-lint.yaml --- .github/workflows/chart-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index 5d3937ae0..c898ba393 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -51,7 +51,7 @@ jobs: # Setup python as a prerequisite for chart linting - uses: actions/setup-python@v2 with: - python-version: 3.7 + python-version: 3.9 - name: Set up chart-testing uses: helm/chart-testing-action@v2.3.1 From 7c985b189665d2c5fd2ec48fb1b649834046e89e Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 14 Aug 2023 11:32:51 +0200 Subject: [PATCH 15/15] fix(helm): add missing "quote" function and adjust tests --- .../templates/deployment.yaml | 2 +- .../tests/custom-values/deployment_test.yaml | 12 ++++++------ .../tests/default/deployment_test.yaml | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml index c596522c5..dddcc4234 100644 --- a/charts/managed-identity-wallet/templates/deployment.yaml +++ b/charts/managed-identity-wallet/templates/deployment.yaml @@ -89,7 +89,7 @@ spec: {{- range $key, $val := .Values.envs }} {{- if $val }} - name: {{ $key }} - value: {{ $val }} + value: {{ $val | quote }} {{- end }} {{- end }} {{- range $key, $val := .Values.secrets }} diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml index b2428554b..49442cef7 100644 --- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml @@ -47,22 +47,22 @@ tests: - name: APPLICATION_PORT value: "8080" - name: DB_HOST - value: RELEASE-NAME-postgresql + value: "RELEASE-NAME-postgresql" - name: DB_USER_NAME - value: miw + value: "miw" - name: DB_NAME - value: miw + value: "miw" - name: DB_PASSWORD valueFrom: secretKeyRef: key: password name: RELEASE-NAME-postgresql - name: APPLICATION_ENVIRONMENT - value: dev + value: "dev" - name: MIW_HOST_NAME - value: localhost + value: "localhost" - name: USE_SSL - value: false + value: "false" - name: ENCRYPTION_KEY valueFrom: secretKeyRef: diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml index af0a29548..54570cd54 100644 --- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml @@ -106,22 +106,22 @@ tests: - name: APPLICATION_PORT value: "8080" - name: DB_HOST - value: RELEASE-NAME-postgresql + value: "RELEASE-NAME-postgresql" - name: DB_USER_NAME - value: miw + value: "miw" - name: DB_NAME - value: miw + value: "miw" - name: DB_PASSWORD valueFrom: secretKeyRef: key: password name: RELEASE-NAME-postgresql - name: APPLICATION_ENVIRONMENT - value: dev + value: "dev" - name: MIW_HOST_NAME - value: localhost + value: "localhost" - name: USE_SSL - value: false + value: "false" - name: ENCRYPTION_KEY valueFrom: secretKeyRef: