OPSEXP-2298: add support for generalized existingSecret for mq broker…

… in search enterprise (#135)
Alfresco · Oct 20, 2023 · 7254afd · 7254afd
1 parent c5f470d
commit 7254afd
Show file tree

Hide file tree

Showing 14 changed files with 130 additions and 74 deletions.
diff --git a/charts/alfresco-search-enterprise/Chart.lock b/charts/alfresco-search-enterprise/Chart.lock
@@ -8,5 +8,5 @@ dependencies:
 - name: elasticsearch
   repository: https://helm.elastic.co
   version: 7.17.3
-digest: sha256:32410a9edb8cebdc613c15998ebbb9f38d1e13c815bf5270ff03b709ed6524fc
-generated: "2023-10-18T14:38:30.777957+02:00"
+digest: sha256:d1d6c8303e0953b98f5e315fdcf120bc037f227843e785df66abd68e3150ea90
+generated: "2023-10-19T19:42:24.344873+02:00"
diff --git a/charts/alfresco-search-enterprise/Chart.yaml b/charts/alfresco-search-enterprise/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v2
 name: alfresco-search-enterprise
 description: A Helm chart for deploying Alfresco Elasticsearch connector
 type: application
-version: 3.0.0-alpha.4
+version: 3.0.0-alpha.5
 appVersion: 3.3.1
 dependencies:
   - name: alfresco-common
@@ -12,7 +12,8 @@ dependencies:
   - name: activemq
     version: 3.3.0
     repository: https://alfresco.github.io/alfresco-helm-charts/
-    condition: activemq.enabled
+    tags:
+      - ci
   - name: elasticsearch
     repository: https://helm.elastic.co
     version: 7.17.3

diff --git a/charts/alfresco-search-enterprise/README.md b/charts/alfresco-search-enterprise/README.md
@@ -1,6 +1,6 @@
 # alfresco-search-enterprise
 
-![Version: 3.0.0-alpha.4](https://img.shields.io/badge/Version-3.0.0--alpha.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.1](https://img.shields.io/badge/AppVersion-3.3.1-informational?style=flat-square)
+![Version: 3.0.0-alpha.5](https://img.shields.io/badge/Version-3.0.0--alpha.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.1](https://img.shields.io/badge/AppVersion-3.3.1-informational?style=flat-square)
 
 A Helm chart for deploying Alfresco Elasticsearch connector
 
@@ -18,7 +18,6 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| activemq.enabled | bool | `false` | Enable embedded broker - useful when testing this chart in standalone |
 | affinity | object | `{}` |  |
 | ats.existingConfigMap.keys.sfs_url | string | `"SFS_URL"` | Key within the configmap holding the URL of the alfresco shared filestore |
 | ats.existingConfigMap.keys.transform_url | string | `"ATS_URL"` | Key within the configmap holding the URL of the alfresco transform |
@@ -58,10 +57,10 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | liveIndexing.path.replicaCount | int | `1` |  |
 | messageBroker.existingConfigMap | object | `{"keys":{"url":"BROKER_URL"},"name":null}` | Alternatively, provide message broker connection details via an existing configmap |
 | messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap holding the URL of the message broker |
-| messageBroker.existingSecretName | string | `nil` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys |
+| messageBroker.existingSecret | object | `{"keys":{"password":"BROKER_PASSWORD","username":"BROKER_USERNAME"},"name":null}` | Provide connection details alternatively via an existing secret that contains BROKER_URL, BROKER_USERNAME and BROKER_PASSWORD keys |
 | messageBroker.password | string | `nil` | Broker password |
 | messageBroker.url | string | `nil` | Broker URL formatted as per: https://activemq.apache.org/failover-transport-reference |
-| messageBroker.user | string | `nil` | Broker username |
+| messageBroker.username | string | `nil` | Broker username |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | pathIndexingComponent.enabled | bool | `true` |  |
@@ -104,4 +103,5 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.name | string | `"alfresco-search-enterprise-sa"` |  |
+| tags.ci | bool | `false` | A chart tag used for Hyland's CI purpose. Do not set it to true. |
 | tolerations | list | `[]` |  |
diff --git a/charts/alfresco-search-enterprise/ci/default-values.yaml b/charts/alfresco-search-enterprise/ci/default-values.yaml
@@ -6,15 +6,6 @@ reindexing:
 ats:
   transform_url: http://alfresco-transform-services-router
   sfs_url: http://alfresco-transform-services-sfs
-activemq:
-  enabled: true
-  resources:
-    requests:
-      cpu: "100m"
-      memory: "512Mi"
-    limits:
-      cpu: "1000m"
-      memory: "1Gi"
 contentMediaTypeCache:
   enabled: false
 resources:
@@ -34,3 +25,16 @@ elasticsearch:
     limits:
       cpu: "1000m"
       memory: "1Gi"
+activemq:
+  fullnameOverride: activemq
+  resources:
+    requests:
+      cpu: "100m"
+      memory: "512Mi"
+    limits:
+      cpu: "1000m"
+      memory: "1Gi"
+messageBroker:
+  url: nio://activemq-broker:61616
+tags:
+  ci: true
diff --git a/charts/alfresco-search-enterprise/templates/_helpers-activemq.tpl b/charts/alfresco-search-enterprise/templates/_helpers-activemq.tpl
@@ -4,14 +4,7 @@ Usage: include "alfresco-search-enterprise.activemq.url" $
 
 */}}
 {{- define "alfresco-search-enterprise.activemq.url" -}}
-{{- with .Values.activemq }}
-{{- if .enabled }}
-{{- $mqCtx := dict "Values" (dict "nameOverride" (.nameOverride | default "")) "Chart" (dict "Name" "activemq") "Release" $.Release }}
-{{- printf "failover:(nio://%s-broker:61616)?timeout=3000&jms.useCompression=true" (include "activemq.fullname" $mqCtx) }}
-{{- else }}
-{{- required "Disabling in-cluster ActiveMQ requires passing (at least) messageBroker.url" $.Values.messageBroker.url }}
-{{- end }}
-{{- end }}
+{{- required "You need to provide an ActiveMQ URL using messageBroker.url or using an existingConfigMap check chart README file" $.Values.messageBroker.url }}
 {{- end -}}
 
 {{/*
@@ -20,11 +13,35 @@ Usage: include "alfresco-search-enterprise.activemq.cm.env" $
 
 */}}
 {{- define "alfresco-search-enterprise.activemq.cm.env" -}}
-{{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" $.Chart "Release" $.Release }}
-{{- $mqCm := coalesce $.Values.messageBroker.existingConfigMap.name (include "alfresco-search-enterprise.fullname" $mqCtx) }}
+{{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" .Chart "Release" .Release }}
+{{- with .Values.messageBroker }}
+{{- $mqCm := coalesce .existingConfigMap.name (include "alfresco-search-enterprise.fullname" $mqCtx) }}
 - name: BROKER_URL
   valueFrom:
     configMapKeyRef:
       name: {{ $mqCm }}
-      key: {{ $.Values.messageBroker.existingConfigMap.keys.url }}
+      key: {{ .existingConfigMap.keys.url }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+
+Usage: include "alfresco-search-enterprise.activemq.secret.env" $
+
+*/}}
+{{- define "alfresco-search-enterprise.activemq.secret.env" -}}
+{{- $mqCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" (.Values.nameOverride | default .Chart.Name) "mq")) "Chart" .Chart "Release" .Release }}
+{{- with .Values.messageBroker }}
+{{- $mqSecret := coalesce .existingSecret.name (include "alfresco-search-enterprise.fullname" $mqCtx) }}
+- name: BROKER_USERNAME
+  valueFrom:
+    secretKeyRef:
+      name: {{ $mqSecret }}
+      key: {{ .existingSecret.keys.username }}
+- name: BROKER_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ $mqSecret }}
+      key: {{ .existingSecret.keys.password }}
+{{- end -}}
 {{- end -}}
diff --git a/charts/alfresco-search-enterprise/templates/liveindexing-deployment.yaml b/charts/alfresco-search-enterprise/templates/liveindexing-deployment.yaml
@@ -36,12 +36,15 @@ spec :
           imagePullPolicy: {{ index $.Values "liveIndexing" (printf "%s" $serviceName)  "image" "pullPolicy" }}
             {{- include "alfresco-common.component-security-context" .Values | indent 8 }}
           envFrom:
-            - secretRef:
-                name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-search-enterprise.fullname" $)) $.Values.messageBroker.existingSecretName }}
             - configMapRef:
                 name: {{ template "alfresco-search-enterprise.fullname" $ }}-es
           env:
+            {{- include "alfresco-search-enterprise.activemq.secret.env" $ | nindent 12 }}
             {{- include "alfresco-search-enterprise.activemq.cm.env" $ | nindent 12 }}
+            {{- include "alfresco-common.spring.activemq.env" . | nindent 12 }}
+            {{- include "alfresco-search-enterprise.config.spring.envCredentials" $ | nindent 12 }}
+            {{- include "alfresco-search-enterprise.env" $ | nindent 12 }}
+            {{- range $key, $val := $.Values.liveIndexing.environment }}
             {{- $atsCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "ats")) "Chart" $.Chart "Release" $.Release }}
             {{- $ats_cm := coalesce $.Values.ats.existingConfigMap.name (include "alfresco-search-enterprise.fullname" $atsCtx) }}
             - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL
@@ -54,10 +57,6 @@ spec :
                 configMapKeyRef:
                   name: {{ $ats_cm }}
                   key: {{ $.Values.ats.existingConfigMap.keys.sfs_url }}
-            {{- include "alfresco-common.spring.activemq.env" . | nindent 12 }}
-            {{- include "alfresco-search-enterprise.config.spring.envCredentials" $ | nindent 12 }}
-            {{- include "alfresco-search-enterprise.env" $ | nindent 12 }}
-            {{- range $key, $val := $.Values.liveIndexing.environment }}
             - name: {{ $key }}
               value: {{ $val | quote }}
             {{- end }}

diff --git a/charts/alfresco-search-enterprise/templates/reindexing-job.yaml b/charts/alfresco-search-enterprise/templates/reindexing-job.yaml
@@ -28,12 +28,14 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ template "alfresco-search-enterprise.fullname" . }}-es
-            - secretRef:
-                name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-search-enterprise.fullname" .)) .Values.messageBroker.existingSecretName }}
           env:
             {{- $dbCtx := dict "Values" (dict "nameOverride" "alfresco-database") "Chart" .Chart "Release" .Release }}
             {{- $dbFullName := (include "alfresco-search-enterprise.fullname" $dbCtx) }}
             {{- $ats_cm := .Values.ats.existingConfigMap.name | default (printf "%s-ats" (include "alfresco-search-enterprise.fullname" .)) }}
+            {{- include "alfresco-search-enterprise.activemq.secret.env" . | nindent 12 }}
+            {{- include "alfresco-search-enterprise.activemq.cm.env" . | nindent 12 }}
+            {{- include "alfresco-common.spring.activemq.env" . | nindent 12 }}
+            {{- include "alfresco-search-enterprise.config.spring.envCredentials" . | nindent 12 }}
             - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL
               valueFrom:
                 configMapKeyRef:
@@ -66,9 +68,6 @@ spec:
                 configMapKeyRef:
                   name: {{ .Values.reindexing.db.existingConfigMap.name | default $dbFullName }}
                   key: {{ .Values.reindexing.db.existingConfigMap.keys.url }}
-            {{- include "alfresco-search-enterprise.activemq.cm.env" $ | nindent 12 }}
-            {{- include "alfresco-common.spring.activemq.env" . | nindent 12 }}
-            {{- include "alfresco-search-enterprise.config.spring.envCredentials" $ | nindent 12 }}
           ports:
               - name: http
                 containerPort: 8080

diff --git a/charts/alfresco-search-enterprise/templates/secret-messagebroker.yaml b/charts/alfresco-search-enterprise/templates/secret-messagebroker.yaml
@@ -1,17 +1,13 @@
-{{- if not .Values.messageBroker.existingSecretName }}
+{{- if not .Values.messageBroker.existingSecret.name }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "alfresco-search-enterprise.fullname" . }}-messagebroker-secret
+  {{- $ctx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "mq")) "Chart" $.Chart "Release" $.Release }}
+  name: {{ template "alfresco-search-enterprise.fullname" $ctx }}
   labels:
-    {{- include "alfresco-search-enterprise.labels" $ | nindent 4 }}
+    {{- include "alfresco-search-enterprise.labels" . | nindent 4 }}
 type: Opaque
 data:
-  {{- if .Values.activemq.enabled }}
-  BROKER_USERNAME: {{ .Values.activemq.adminUser.user | default "admin" | b64enc | quote }}
-  BROKER_PASSWORD: {{ .Values.activemq.adminUser.password | default "admin" | b64enc | quote }}
-  {{- else }}
-  BROKER_USERNAME: {{ .Values.messageBroker.user | default "" | b64enc | quote }}
+  BROKER_USERNAME: {{ .Values.messageBroker.username | default "" | b64enc | quote }}
   BROKER_PASSWORD: {{ .Values.messageBroker.password | default "" | b64enc | quote }}
-  {{- end }}
 {{- end }}
diff --git a/charts/alfresco-search-enterprise/templates/statefulset-mediation.yaml b/charts/alfresco-search-enterprise/templates/statefulset-mediation.yaml
@@ -25,20 +25,18 @@ spec:
           imagePullPolicy: {{ .image.pullPolicy }}
         {{- end }}
           {{- include "alfresco-common.component-security-context" .Values | indent 8 }}
-          envFrom:
-            - secretRef:
-                name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-search-enterprise.fullname" .)) .Values.messageBroker.existingSecretName }}
           env:
-            {{- include "alfresco-search-enterprise.activemq.cm.env" $ | nindent 12 }}
+            {{- include "alfresco-search-enterprise.activemq.secret.env" . | nindent 12 }}
+            {{- include "alfresco-search-enterprise.activemq.cm.env" . | nindent 12 }}
+            {{- include "alfresco-common.spring.activemq.env" . | nindent 12 }}
+            {{- include "alfresco-search-enterprise.env" . | nindent 12 }}
             {{- $atsCtx := dict "Values" (dict "nameOverride" (printf "%s-%s" ($.Values.nameOverride | default $.Chart.Name) "ats")) "Chart" $.Chart "Release" $.Release }}
             {{- $ats_cm := coalesce .Values.ats.existingConfigMap.name (include "alfresco-search-enterprise.fullname" $atsCtx) }}
             - name: ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL
               valueFrom:
                 configMapKeyRef:
                   name: {{ $ats_cm }}
                   key: {{ .Values.ats.existingConfigMap.keys.transform_url }}
-            {{- include "alfresco-common.spring.activemq.env" . | nindent 12 }}
-            {{- include "alfresco-search-enterprise.env" . | nindent 12 }}
             {{- range $key, $val := .Values.liveIndexing.environment }}
             - name: {{ $key }}
               value: {{ $val | quote }}

diff --git a/charts/alfresco-search-enterprise/tests/configmaps_test.yaml b/charts/alfresco-search-enterprise/tests/configmaps_test.yaml
@@ -18,17 +18,19 @@ tests:
       reindexing.enabled: false
     asserts:
       - failedTemplate:
-          errorMessage: Disabling in-cluster ActiveMQ requires passing (at least) messageBroker.url
+          errorMessage: >-
+            You need to provide an ActiveMQ URL using messageBroker.url or using an existingConfigMap check chart
+            README file
         template: configmap-mq.yaml
 
-  - it: should fail rendering manifest without required Alfresco repository values
+  - it: should create a cm from messageBroker provided values
     values: *testvalues
     set:
       reindexing.enabled: false
     asserts:
       - equal:
           path: data.BROKER_URL
-          value: failover:(nio://RELEASE-NAME-activemq-broker:61616)?timeout=3000&jms.useCompression=true
+          value: failover:(tcp://localhost:61616)
         template: configmap-mq.yaml
 
   - it: should fail rendering manifest without required values

diff --git a/charts/alfresco-search-enterprise/tests/reindexing-job_test.yaml b/charts/alfresco-search-enterprise/tests/reindexing-job_test.yaml
@@ -13,6 +13,22 @@ tests:
               configMapKeyRef:
                 name: RELEASE-NAME-alfresco-search-enterprise-repository
                 key: REPOSITORY_URL
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BROKER_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: RELEASE-NAME-alfresco-search-enterprise-mq
+                key: BROKER_USERNAME
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BROKER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: RELEASE-NAME-alfresco-search-enterprise-mq
+                key: BROKER_PASSWORD
       - contains:
           path: spec.template.spec.containers[0].env
           content:
@@ -38,8 +54,14 @@ tests:
                 name: RELEASE-NAME-alfresco-database
                 key: DATABASE_URL
 
-  - it: should have overridden secret for spring database credentials when existingSecretName is set
+  - it: should have overridden secrets when existingSecret is set
     set:
+      messageBroker:
+        existingSecret:
+          name: mqsecret
+          keys:
+            username: MQUSER
+            password: MQPASS
       reindexing.db:
         existingSecret:
           name: my-custom-secret
@@ -51,6 +73,22 @@ tests:
           keys:
             url: CUSTOM_URL_KEY
     asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BROKER_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: mqsecret
+                key: MQUSER
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BROKER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: mqsecret
+                key: MQPASS
       - contains:
           path: spec.template.spec.containers[0].env
           content:

diff --git a/charts/alfresco-search-enterprise/tests/secret-messagebroker_test.yaml b/charts/alfresco-search-enterprise/tests/secret-messagebroker_test.yaml
@@ -3,23 +3,20 @@ suite: test messagebroker credentials secret
 templates:
   - secret-messagebroker.yaml
 tests:
-  - it: should have credentials populated as default when embedded activemq enabled
-    set:
-      activemq.enabled: true
+  - it: should have empty credentials populated by default
     asserts:
       - equal:
           path: data.BROKER_USERNAME
-          value: YWRtaW4=
+          value: ""
       - equal:
           path: data.BROKER_PASSWORD
-          value: YWRtaW4=
+          value: ""
 
   - it: should have credentials populated when messagebroker values are set
     set:
-      activemq.enabled: false
       messageBroker:
-        url: jdbc://
-        user: ext-admin
+        url: ssl://mq.domain.tld:61617
+        username: ext-admin
         password: ext-pass
     asserts:
       - equal:
@@ -31,7 +28,7 @@ tests:
 
   - it: should not have a secret when existingSecretName is set
     set:
-      messageBroker.existingSecretName: existing-secret
+      messageBroker.existingSecret.name: existing-secret
     asserts:
       - hasDocuments:
           count: 0
diff --git a/charts/alfresco-search-enterprise/tests/values/embedded-charts-values.yaml b/charts/alfresco-search-enterprise/tests/values/embedded-charts-values.yaml
@@ -1,5 +1,5 @@
-activemq:
-  enabled: true
+messageBroker:
+  url: tcp://localhost:61616
 ats:
   transform_url: http://transform
   sfs_url: http://sfs