diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index 9078d77a..d8403858 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -1,5 +1,5 @@ -# Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH -# Copyright (c) 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2024 Robert Bosch Manufacturing Solutions GmbH +# Copyright (c) 2024 Contributors to the Eclipse Foundation # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -85,6 +85,11 @@ jobs: with: name: aas-registry-e2e-test-report path: /opt/report.html + + - name: Generate random password (This password is only a placeholder for the next step and will not used). The postgresPassword/password will be set via postgres-init.yaml. + id: generate-password + run: | + echo "PASSWORD=PLACEHOLDER_PW" >> $GITHUB_ENV - name: Run helm upgrade run: | @@ -92,5 +97,5 @@ jobs: helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev helm install registry tractusx-dev/registry --version ${{ github.event.inputs.upgrade_from || '0.3.19' }} helm dependency update charts/registry - helm upgrade registry charts/registry + helm upgrade registry charts/registry --set global.postgresql.auth.postgresPassword=$PASSWORD --set global.postgresql.auth.password=$PASSWORD if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' \ No newline at end of file diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index 2f206b8f..0b891c7f 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -26,7 +26,7 @@ sources: - https://github.com/eclipse-tractusx/sldt-digital-twin-registry type: application -version: 0.4.0 +version: 0.4.1 appVersion: 0.3.23 dependencies: diff --git a/charts/registry/templates/registry/postgres-init.yaml b/charts/registry/templates/registry/postgres-init.yaml new file mode 100644 index 00000000..688b94ca --- /dev/null +++ b/charts/registry/templates/registry/postgres-init.yaml @@ -0,0 +1,60 @@ +# Copyright (c) 2024 Robert Bosch Manufacturing Solutions GmbH +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### +{{- if .Values.enablePostgres }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.postgresql.auth.existingSecret }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade +type: Opaque +{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }} +{{- $defaultSecret := (lookup "v1" "Secret" .Release.Namespace ( printf "%s-postgresql" .Release.Name )) }} +# 1. Check if given secret exists +{{ if $secret -}} +data: + {{- $postgresPassword:= ( .Values.postgresql.auth.password | b64enc) | default ( index $secret.data "postgres-password" ) | quote }} + postgres-password: {{ $postgresPassword }} + {{- $password:= ( .Values.postgresql.auth.password | b64enc) | default ( index $secret.data "password" ) | quote }} + password: {{ $password }} + SPRING_DATASOURCE_PASSWORD: {{ $password }} + SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }} + SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }} +# 2. Check if default postgresql secret (Release.Name-postgresql) exists +{{ else if $defaultSecret -}} +data: + {{- $postgresPassword:= ( .Values.postgresql.auth.password | b64enc) | default ( index $defaultSecret.data "postgres-password" ) | quote }} + postgres-password: {{ $postgresPassword }} + {{- $password:= ( .Values.postgresql.auth.password | b64enc) | default ( index $defaultSecret.data "password" ) | quote }} + password: {{ $password }} + SPRING_DATASOURCE_PASSWORD: {{ $password }} + SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }} + SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }} +{{ else -}} +# 3. If no secret exists, use provided value from values file or generate a random one if secret not exists. +stringData: + {{- $password:= .Values.postgresql.auth.password | default ( randAlphaNum 32 ) | quote }} + postgres-password: {{ $password }} + password: {{ $password }} + SPRING_DATASOURCE_PASSWORD: {{ $password }} + SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database }} + SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username }} +{{ end }} +{{- end -}} \ No newline at end of file diff --git a/charts/registry/templates/registry/registry-deployment.yaml b/charts/registry/templates/registry/registry-deployment.yaml index 4f201526..6f989067 100644 --- a/charts/registry/templates/registry/registry-deployment.yaml +++ b/charts/registry/templates/registry/registry-deployment.yaml @@ -70,6 +70,8 @@ spec: envFrom: - secretRef: name: {{ include "dtr.fullname" . }} + - secretRef: + name: {{ .Values.postgresql.auth.existingSecret }} resources: {{ .Values.registry.resources | toYaml | indent 12 }} imagePullSecrets: diff --git a/charts/registry/templates/registry/registry-secret.yaml b/charts/registry/templates/registry/registry-secret.yaml index 13131b3d..37a973d7 100644 --- a/charts/registry/templates/registry/registry-secret.yaml +++ b/charts/registry/templates/registry/registry-secret.yaml @@ -1,6 +1,6 @@ ############################################################### -# Copyright (c) 2021, 2023 Robert Bosch Manufacturing Solutions GmbH -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2024 Robert Bosch Manufacturing Solutions GmbH +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -24,11 +24,8 @@ metadata: name: {{ include "dtr.fullname" . }} type: Opaque data: - {{- if .Values.enablePostgres }} - SPRING_DATASOURCE_URL: {{ printf "jdbc:postgresql://%s-postgresql:%v/%s" .Release.Name .Values.postgresql.service.ports.postgresql .Values.postgresql.auth.database | b64enc }} - SPRING_DATASOURCE_USERNAME: {{ .Values.postgresql.auth.username | b64enc }} - SPRING_DATASOURCE_PASSWORD: {{ .Values.postgresql.auth.password | b64enc }} - {{- else }} + # If postgres enabled the environment values will be used from postgres-init.yaml + {{- if not .Values.enablePostgres }} SPRING_DATASOURCE_URL: {{ .Values.registry.dataSource.url | b64enc }} SPRING_DATASOURCE_USERNAME: {{ .Values.registry.dataSource.user | b64enc }} SPRING_DATASOURCE_PASSWORD: {{ .Values.registry.dataSource.password | b64enc }} diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index fbfe9f8b..26aee19c 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -67,7 +67,7 @@ registry: ## In that case the postgresql auth parameters are used. url: jdbc:postgresql://database:5432 user: default-user - password: "" + password: ingress: enabled: false tls: false @@ -99,8 +99,11 @@ postgresql: postgresql: 5432 auth: username: default-user - password: password + # if password is empty, the postgres password will be generated random via postgres-init + password: database: default-database + # -- Secret contains passwords for username postgres. + existingSecret: secret-dtr-postgres-init keycloak: postgresql: