From b0da82dfb1631db71e2b5c5c8fb78bcd55743199 Mon Sep 17 00:00:00 2001 From: Pascal Euhus Date: Tue, 4 Jun 2024 09:42:12 +0200 Subject: [PATCH] allow configuring elasticsearch auth --- charts/Chart.yaml | 2 +- charts/README.md | 8 +++++--- charts/templates/_env.tpl | 8 ++++++++ charts/values.yaml | 4 ++++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/charts/Chart.yaml b/charts/Chart.yaml index e69dea5..02f1bad 100644 --- a/charts/Chart.yaml +++ b/charts/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: "0.6.3" +appVersion: "0.7.2" kubeVersion: ">=1.23.0-0" description: A Helm chart for Tapir, a private Terraform registry. name: tapir diff --git a/charts/README.md b/charts/README.md index 4dd353e..cb9d277 100644 --- a/charts/README.md +++ b/charts/README.md @@ -56,7 +56,7 @@ NAME: my-release | createClusterRoles | bool | `true` | Create roles for cluster-wide installation | | deployment.affinity | object | `{}` | Assign custom affinity rules to the deployment | | deployment.annotations | object | `{}` | Annotations to be added to `tapir` deployment | -| deployment.configuration | object | `{"apiMaxBodySize":"100M","auth":{"attribute":{"email":"email","familyName":"family_name","givenName":"given_name","prefUsername":"preferred_username"},"clientID":"","clientSecret":"","endSessionPath":"/protocol/openid-connect/logout","endpoint":"","path":"","roleSource":"accesstoken","tokenPath":""},"backend":{"cosmosDB":{"endpoint":"","masterKey":""},"elasticsearch":{"host":""},"type":"dynamodb"},"gpg":{"keyArmor":"","keyID":""},"storage":{"azureBlob":{"bucketName":"tf-registry","connectionString":""},"localRegistry":{"hostname":"localhost","port":443},"s3":{"bucketName":"tf-registry","bucketRegion":"eu-central-1"},"storageAccessDuration":5,"type":"s3"}}` | Deployment's configuration, populates all the required environmental variables | +| deployment.configuration | object | `{"apiMaxBodySize":"100M","auth":{"attribute":{"email":"email","familyName":"family_name","givenName":"given_name","prefUsername":"preferred_username"},"clientID":"","clientSecret":"","endSessionPath":"/protocol/openid-connect/logout","endpoint":"","path":"","roleSource":"accesstoken","tokenPath":""},"backend":{"cosmosDB":{"endpoint":"","masterKey":""},"elasticsearch":{"host":"","password":"","user":""},"type":"dynamodb"},"gpg":{"keyArmor":"","keyID":""},"storage":{"azureBlob":{"bucketName":"tf-registry","connectionString":""},"localRegistry":{"hostname":"localhost","port":443},"s3":{"bucketName":"tf-registry","bucketRegion":"eu-central-1"},"storageAccessDuration":5,"type":"s3"}}` | Deployment's configuration, populates all the required environmental variables | | deployment.configuration.apiMaxBodySize | string | `"100M"` | The maximum payload size for module/providers to be uploaded | | deployment.configuration.auth | object | `{"attribute":{"email":"email","familyName":"family_name","givenName":"given_name","prefUsername":"preferred_username"},"clientID":"","clientSecret":"","endSessionPath":"/protocol/openid-connect/logout","endpoint":"","path":"","roleSource":"accesstoken","tokenPath":""}` | OpenID Connect (OIDC) configuration | | deployment.configuration.auth.attribute | object | `{"email":"email","familyName":"family_name","givenName":"given_name","prefUsername":"preferred_username"}` | OIDC attribute names | @@ -71,12 +71,14 @@ NAME: my-release | deployment.configuration.auth.path | string | `""` | Relative path or absolute URL of the OIDC authorization endpoint | | deployment.configuration.auth.roleSource | string | `"accesstoken"` | The source of the role claim in the access token | | deployment.configuration.auth.tokenPath | string | `""` | Relative path or absolute URL of the OIDC token endpoint which issues access and refresh tokens | -| deployment.configuration.backend | object | `{"cosmosDB":{"endpoint":"","masterKey":""},"elasticsearch":{"host":""},"type":"dynamodb"}` | Database backend configuration | +| deployment.configuration.backend | object | `{"cosmosDB":{"endpoint":"","masterKey":""},"elasticsearch":{"host":"","password":"","user":""},"type":"dynamodb"}` | Database backend configuration | | deployment.configuration.backend.cosmosDB | object | `{"endpoint":"","masterKey":""}` | CosmosDB backend configuration | | deployment.configuration.backend.cosmosDB.endpoint | string | `""` | CosmosDB endpoint | | deployment.configuration.backend.cosmosDB.masterKey | string | `""` | CosmosDB master key | -| deployment.configuration.backend.elasticsearch | object | `{"host":""}` | Elasticsearch backend configuration | +| deployment.configuration.backend.elasticsearch | object | `{"host":"","password":"","user":""}` | Elasticsearch backend configuration | | deployment.configuration.backend.elasticsearch.host | string | `""` | Elasticsearch host | +| deployment.configuration.backend.elasticsearch.password | string | `""` | Elasticsearch password (optional) | +| deployment.configuration.backend.elasticsearch.user | string | `""` | Elasticsearch username (optional) | | deployment.configuration.backend.type | string | `"dynamodb"` | One of: elasticsearch,dynamodb,cosmosdb | | deployment.configuration.gpg | object | `{"keyArmor":"","keyID":""}` | GPG configuration | | deployment.configuration.gpg.keyArmor | string | `""` | Ascii armored and bas64 encoded GPG public key (only RSA/DSA supported) | diff --git a/charts/templates/_env.tpl b/charts/templates/_env.tpl index 1aa1d7b..17d9ab8 100644 --- a/charts/templates/_env.tpl +++ b/charts/templates/_env.tpl @@ -12,6 +12,14 @@ Generate Tapir configuration with environment variables. - name: BACKEND_ELASTICSEARCH_HOST value: {{ . }} {{- end }} +{{- with $config.backend.elasticsearch.user }} +- name: BACKEND_ELASTICSEARCH_USER + value: {{ . }} +{{- end }} +{{- with $config.backend.elasticsearch.password }} +- name: BACKEND_ELASTICSEARCH_PASSWORD + value: {{ . }} +{{- end }} {{- end }} {{- if (eq $config.backend.type "cosmosdb") }} {{- with $config.backend.cosmosDB.endpoint }} diff --git a/charts/values.yaml b/charts/values.yaml index 0714de8..6b91ed6 100644 --- a/charts/values.yaml +++ b/charts/values.yaml @@ -133,6 +133,10 @@ deployment: elasticsearch: # -- Elasticsearch host host: "" + # -- Elasticsearch username (optional) + user: "" + # -- Elasticsearch password (optional) + password: "" # -- CosmosDB backend configuration ## Applies if backend.type is equal to "cosmosdb"