From a435196a0974a8494f349b0678fc4aaf9fd1cc0a Mon Sep 17 00:00:00 2001 From: Jeremy Ho Date: Tue, 21 Nov 2023 11:12:26 -0800 Subject: [PATCH] Ensure config disabled helm deployments still pull in appropriate secrets There was a bug where the only way to ensure keycloak authentication was enabled was to have config.configMap.KC_ENABLED defined, even when we are not wanting to generate our own release-scoped config map. This fix adds in a feature toggle to declare authentication mode intent independent of the configuration. Signed-off-by: Jeremy Ho --- .github/environments/values.dev.yaml | 3 +++ .github/environments/values.pr.yaml | 3 +++ .github/environments/values.prod.yaml | 3 +++ .github/environments/values.test.yaml | 3 +++ charts/cdogs/Chart.yaml | 2 +- charts/cdogs/README.md | 3 ++- charts/cdogs/templates/deploymentconfig.yaml | 2 +- charts/cdogs/values.yaml | 4 ++++ 8 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.github/environments/values.dev.yaml b/.github/environments/values.dev.yaml index 2f1b89a..7b28055 100644 --- a/.github/environments/values.dev.yaml +++ b/.github/environments/values.dev.yaml @@ -1,4 +1,7 @@ --- +features: + authentication: true + config: enabled: true configMap: diff --git a/.github/environments/values.pr.yaml b/.github/environments/values.pr.yaml index 6d867e6..bbbc682 100644 --- a/.github/environments/values.pr.yaml +++ b/.github/environments/values.pr.yaml @@ -1,4 +1,7 @@ --- +features: + authentication: true + persistentVolumeClaim: enabled: false diff --git a/.github/environments/values.prod.yaml b/.github/environments/values.prod.yaml index 5addcd4..9c7d7bd 100644 --- a/.github/environments/values.prod.yaml +++ b/.github/environments/values.prod.yaml @@ -1,4 +1,7 @@ --- +features: + authentication: true + config: enabled: true configMap: diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml index 395ea46..003fb3b 100644 --- a/.github/environments/values.test.yaml +++ b/.github/environments/values.test.yaml @@ -1,4 +1,7 @@ --- +features: + authentication: true + config: enabled: true configMap: diff --git a/charts/cdogs/Chart.yaml b/charts/cdogs/Chart.yaml index 4accc20..eca82dc 100644 --- a/charts/cdogs/Chart.yaml +++ b/charts/cdogs/Chart.yaml @@ -3,7 +3,7 @@ name: common-document-generation-service # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.1 +version: 0.0.2 kubeVersion: ">= 1.13.0" description: A microservice for merging JSON data into xml-based templates (powered by Carbone.io) # A chart can be either an 'application' or a 'library' chart. diff --git a/charts/cdogs/README.md b/charts/cdogs/README.md index 933f587..6df856f 100644 --- a/charts/cdogs/README.md +++ b/charts/cdogs/README.md @@ -1,6 +1,6 @@ # common-document-generation-service -![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.2](https://img.shields.io/badge/AppVersion-2.4.2-informational?style=flat-square) +![Version: 0.0.2](https://img.shields.io/badge/Version-0.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.2](https://img.shields.io/badge/AppVersion-2.4.2-informational?style=flat-square) A microservice for merging JSON data into xml-based templates (powered by Carbone.io) @@ -35,6 +35,7 @@ Kubernetes: `>= 1.13.0` | config.enabled | bool | `false` | | | config.releaseScoped | bool | `false` | This should be set to true if and only if you require configmaps and secrets to be release scoped. In the event you want all instances in the same namespace to share a similar configuration, this should be set to false | | failurePolicy | string | `"Retry"` | | +| features.authentication | bool | `false` | Specifies whether to run in authenticated mode | | fluentBit.config.aws.defaultRegion | string | `"ca-central-1"` | AWS Kinesis default region | | fluentBit.config.aws.kinesisStream | string | `"nress-prod-iit-logs"` | AWS Kinesis stream name | | fluentBit.config.aws.roleArn | string | `nil` | AWS Kinesis role ARN | diff --git a/charts/cdogs/templates/deploymentconfig.yaml b/charts/cdogs/templates/deploymentconfig.yaml index 3e3d679..ba1d4db 100644 --- a/charts/cdogs/templates/deploymentconfig.yaml +++ b/charts/cdogs/templates/deploymentconfig.yaml @@ -59,7 +59,7 @@ spec: env: - name: NODE_ENV value: production - {{- if .Values.config.configMap.KC_ENABLED }} + {{- if or .Values.features.authentication .Values.config.configMap.KC_ENABLED }} - name: KC_CLIENTID valueFrom: secretKeyRef: diff --git a/charts/cdogs/values.yaml b/charts/cdogs/values.yaml index fe877ff..51db929 100644 --- a/charts/cdogs/values.yaml +++ b/charts/cdogs/values.yaml @@ -158,6 +158,10 @@ config: UPLOAD_FILE_COUNT: "1" UPLOAD_FILE_SIZE: 25MB +features: + # -- Specifies whether to run in authenticated mode + authentication: false + # Modify the following variables if you need to acquire secret values from a custom-named resource awsSecretOverride: # -- AWS Kinesis username - used by fluent-bit