From 6b6e6fb8a448a0cd7f57924948758e96c8517992 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Thu, 8 Aug 2024 17:30:44 +0200
Subject: [PATCH] map userName password for muk user from secret
---
src/main/helm/templates/deployment.yaml | 14 +++++--
.../templates/elstertransfer_user_cr.yaml | 1 -
src/test/helm/deployment_muk_test.yaml | 39 ++++++-------------
3 files changed, 22 insertions(+), 32 deletions(-)
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index 3d41cc111..e58f5afb0 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -191,10 +191,18 @@ spec:
- name: ozgcloud_muk_server
value: {{ quote (required "ozgcloud.muk.server must be set if ozgcloud.muk is enabled" ((.Values.ozgcloud).muk).server) }}
{{- if ((.Values.ozgcloud).muk).authEnabled }}
- - name: ozgcloud_muk_userName
- value: {{ quote (required "ozgcloud.muk.userName must be set if ozgcloud.muk auth is enabled" ((.Values.ozgcloud).muk).userName) }}
- name: ozgcloud_muk_password
- value: {{ quote (required "ozgcloud.muk.password must be set if ozgcloud.muk auth is enabled" ((.Values.ozgcloud).muk).password) }}
+ valueFrom:
+ secretKeyRef:
+ name: muk-user-secret
+ key: passwordHash
+ optional: false
+ - name: ozgcloud_muk_userName
+ valueFrom:
+ secretKeyRef:
+ name: muk-user-secret
+ key: login
+ optional: false
{{- end }}
{{- end }}
diff --git a/src/main/helm/templates/elstertransfer_user_cr.yaml b/src/main/helm/templates/elstertransfer_user_cr.yaml
index 7e4a0aa9a..4ce8c09ac 100644
--- a/src/main/helm/templates/elstertransfer_user_cr.yaml
+++ b/src/main/helm/templates/elstertransfer_user_cr.yaml
@@ -33,6 +33,5 @@ spec:
keep_after_delete: {{ (.Values.etr_user).keep_after_delete | default false }}
login: {{ required ".Values.ozgcloud.muk.userName must be set if muk and auth is enabled" (.Values.ozgcloud).muk.userName }}
role: {{ (.Values.etr_user).role | default "USER" }}
- credentials: {{ required ".Values.ozgcloud.muk.password must be set if muk and auth is enabled" (.Values.ozgcloud).muk.password }}
group: {{ (.Values.etr_user).group | default "Administratoren" }}
{{- end -}}
\ No newline at end of file
diff --git a/src/test/helm/deployment_muk_test.yaml b/src/test/helm/deployment_muk_test.yaml
index 745846623..4926f4aa3 100644
--- a/src/test/helm/deployment_muk_test.yaml
+++ b/src/test/helm/deployment_muk_test.yaml
@@ -41,8 +41,6 @@ tests:
authEnabled: true
server: muk.test.ozg.de
sender: "name"
- userName: user
- password: psw
asserts:
- contains:
path: spec.template.spec.containers[0].env
@@ -58,12 +56,20 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: ozgcloud_muk_userName
- value: "user"
+ valueFrom:
+ secretKeyRef:
+ name: muk-user-secret
+ key: login
+ optional: false
- contains:
path: spec.template.spec.containers[0].env
content:
name: ozgcloud_muk_password
- value: "psw"
+ valueFrom:
+ secretKeyRef:
+ name: muk-user-secret
+ key: passwordHash
+ optional: false
- it: should not by default set muk values
asserts:
@@ -108,30 +114,7 @@ tests:
asserts:
- failedTemplate:
errorMessage: "ozgcloud.muk.server must be set if ozgcloud.muk is enabled"
- - it: should fail if muk user is not set when muk enabled and auth enabled
- set:
- ozgcloud:
- muk:
- enabled: true
- authEnabled: true
- sender: "name"
- server: muk.test.ozg.de
- password: psw
- asserts:
- - failedTemplate:
- errorMessage: "ozgcloud.muk.userName must be set if ozgcloud.muk auth is enabled"
- - it: should fail if muk password is not set when muk enabled and auth enabled
- set:
- ozgcloud:
- muk:
- enabled: true
- authEnabled: true
- sender: "name"
- server: muk.test.ozg.de
- userName: user
- asserts:
- - failedTemplate:
- errorMessage: "ozgcloud.muk.password must be set if ozgcloud.muk auth is enabled"
+
--
GitLab