OPSEXP-2296 Review and align chart alfresco-connector-msteams with ne…

…wer principals (#159)
Alfresco · Jan 4, 2024 · 0fa016b · 0fa016b
1 parent 0ce7051
commit 0fa016b
Show file tree

Hide file tree

Showing 16 changed files with 314 additions and 37 deletions.
diff --git a/charts/alfresco-connector-msteams/Chart.lock b/charts/alfresco-connector-msteams/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: alfresco-common
   repository: https://alfresco.github.io/alfresco-helm-charts/
-  version: 2.1.0
-digest: sha256:fa11b87976e8340dfe349a0bc7d672c197decf3303de5bbe102c19f6216690fa
-generated: "2023-08-18T17:01:51.618921+02:00"
+  version: 3.0.0
+digest: sha256:d06b86767c5716a7ac02252c31125a77277bb91d6bdbb9fa1fef295c84642c32
+generated: "2023-12-07T10:54:46.961503+05:30"
diff --git a/charts/alfresco-connector-msteams/Chart.yaml b/charts/alfresco-connector-msteams/Chart.yaml
@@ -2,9 +2,9 @@ apiVersion: v2
 name: alfresco-connector-msteams
 description: A Helm chart for deploying Alfresco connector msteams service
 type: application
-version: 0.2.0
+version: 0.3.0-alpha.0
 appVersion: "2.0.0"
 dependencies:
   - name: alfresco-common
-    version: 2.1.0
+    version: 3.0.0
     repository: https://alfresco.github.io/alfresco-helm-charts/
diff --git a/charts/alfresco-connector-msteams/README.md b/charts/alfresco-connector-msteams/README.md
@@ -1,14 +1,14 @@
 # alfresco-connector-msteams
 
-![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
+![Version: 0.3.0-alpha.0](https://img.shields.io/badge/Version-0.3.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square)
 
 A Helm chart for deploying Alfresco connector msteams service
 
 ## Requirements
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 2.1.0 |
+| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.0.0 |
 
 ## Values
 
@@ -28,23 +28,32 @@ A Helm chart for deploying Alfresco connector msteams service
 | livenessProbe.initialDelaySeconds | int | `10` |  |
 | livenessProbe.periodSeconds | int | `20` |  |
 | livenessProbe.timeoutSeconds | int | `10` |  |
-| microsoft.app.id | string | `"change_me_app_id"` |  |
+| microsoft.app.existingSecret.keys.id | string | `"MICROSOFT_APP_ID"` |  |
+| microsoft.app.existingSecret.keys.password | string | `"MICROSOFT_APP_PASSWORD"` |  |
+| microsoft.app.existingSecret.name | string | `nil` |  |
+| microsoft.app.id | string | `nil` |  |
 | microsoft.app.oauth.connectionName | string | `"alfresco"` |  |
-| microsoft.app.password | string | `"change_me_app_pwd"` |  |
+| microsoft.app.password | string | `nil` |  |
 | nodeSelector | object | `{}` |  |
 | podSecurityContext.runAsNonRoot | bool | `true` |  |
 | podSecurityContext.runAsUser | int | `33041` |  |
 | readinessProbe.initialDelaySeconds | int | `20` |  |
 | readinessProbe.periodSeconds | int | `60` |  |
 | readinessProbe.timeoutSeconds | int | `10` |  |
 | replicaCount | int | `2` |  |
+| repository.existingConfigMap.keys.url | string | `"ALFRESCO_BASE_URL"` | Key within the configmap holding the full url to connect to the alfresco repository |
+| repository.existingConfigMap.name | string | `nil` | Alternatively, provide repository connection details via an existing configmap |
+| repository.url | string | `nil` | URL of the Alfresco repository |
 | resources.limits.cpu | string | `"1"` |  |
 | resources.limits.memory | string | `"1000Mi"` |  |
 | resources.requests.cpu | string | `"0.5"` |  |
 | resources.requests.memory | string | `"1000Mi"` |  |
 | service.externalPort | int | `80` |  |
 | service.name | string | `"ms-teams-service"` |  |
 | service.type | string | `"ClusterIP"` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `"msteams-sa"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | strategy.rollingUpdate.maxSurge | int | `1` |  |
 | strategy.rollingUpdate.maxUnavailable | int | `0` |  |
 | teams.chat.filenameEnabled | bool | `true` |  |

diff --git a/charts/alfresco-connector-msteams/ci/default-values.yaml b/charts/alfresco-connector-msteams/ci/default-values.yaml
@@ -6,3 +6,7 @@ resources:
   limits:
     cpu: "1"
     memory: "500Mi"
+microsoft:
+  app:
+    id: change_me_app_id
+    password: change_me_app_pwd
diff --git a/charts/alfresco-connector-msteams/templates/_helpers-env.tpl b/charts/alfresco-connector-msteams/templates/_helpers-env.tpl
@@ -0,0 +1,28 @@
+{{/*
+Set environment variables necessary for secret
+*/}}
+{{- define "alfresco-connector-msteams.secret-msteams.env" -}}
+{{- $msSecret := coalesce .Values.microsoft.app.existingSecret.name (include "alfresco-connector-msteams.secret.name" .) -}}
+- name: MICROSOFT_APP_ID
+  valueFrom:
+    secretKeyRef:
+        name: {{ $msSecret }}
+        key: {{ .Values.microsoft.app.existingSecret.keys.id }}
+- name: MICROSOFT_APP_PASSWORD
+  valueFrom:
+    secretKeyRef:
+        name: {{ $msSecret }}
+        key: {{ .Values.microsoft.app.existingSecret.keys.password }}
+{{- end -}}
+
+{{/*
+Set environment variables necessary for configmap
+*/}}
+{{- define "alfresco-connector-msteams.repo-msteams.env" -}}
+{{- $msteamsCm := coalesce .Values.repository.existingConfigMap.name (include "alfresco-connector-msteams.repo-configmap.name" .) -}}
+- name: ALFRESCO_BASE_URL
+  valueFrom:
+    configMapKeyRef:
+        name: {{ $msteamsCm }}
+        key: {{ .Values.repository.existingConfigMap.keys.url }}
+{{- end -}}
diff --git a/charts/alfresco-connector-msteams/templates/_helpers.tpl b/charts/alfresco-connector-msteams/templates/_helpers.tpl
@@ -49,3 +49,30 @@ Selector labels
 app.kubernetes.io/name: {{ include "alfresco-connector-msteams.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "alfresco-connector-msteams.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "alfresco-connector-msteams.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the secret to use
+*/}}
+{{- define "alfresco-connector-msteams.secret.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "msteams-se") "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-connector-msteams.fullname" $scope }}
+{{- end }}
+
+{{/*
+Create the name of the configmap to use
+*/}}
+{{- define "alfresco-connector-msteams.repo-configmap.name" -}}
+{{- $scope := (dict "Values" (dict "nameOverride" "repo-teams") "Chart" .Chart "Release" .Release) }}
+{{- include "alfresco-connector-msteams.fullname" $scope }}
+{{- end }}
diff --git a/charts/alfresco-connector-msteams/templates/config-connector-msteams.yaml b/charts/alfresco-connector-msteams/templates/config-connector-msteams.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -10,10 +11,7 @@ data:
   {{ $key }}: {{ $val | quote }}
   {{- end }}
   {{- end }}
-  ALFRESCO_BASE_URL: "{{ .Values.alfresco.baseUrl }}"
   ALFRESCO_DIGITAL_WORKSPACE_CONTEXT_PATH: "{{ .Values.alfresco.digitalWorkspace.contextPath }}"
-  MICROSOFT_APP_ID: "{{ .Values.microsoft.app.id }}"
-  MICROSOFT_APP_PASSWORD: "{{ .Values.microsoft.app.password }}"
   MICROSOFT_APP_OAUTH_CONNECTION_NAME: "{{ .Values.microsoft.app.oauth.connectionName }}"
   TEAMS_CHAT_FILENAME_ENABLED: "{{ .Values.teams.chat.filenameEnabled }}"
   TEAMS_CHAT_METADATA_ENABLED: "{{ .Values.teams.chat.metadataEnabled }}"

diff --git a/charts/alfresco-connector-msteams/templates/configmap-repository.yaml b/charts/alfresco-connector-msteams/templates/configmap-repository.yaml
@@ -0,0 +1,11 @@
+{{- if not .Values.repository.existingConfigMap.name -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "alfresco-connector-msteams.repo-configmap.name" . }}
+  labels:
+    {{- include "alfresco-connector-msteams.labels" . | nindent 4 }}
+data:
+  {{- $reqmsg := "You must provide valid base URL" }}
+  ALFRESCO_BASE_URL: {{ required $reqmsg .Values.alfresco.baseUrl | quote }}
+{{- end }}
diff --git a/charts/alfresco-connector-msteams/templates/deployment-connector-msteams.yaml b/charts/alfresco-connector-msteams/templates/deployment-connector-msteams.yaml
@@ -21,11 +21,12 @@ spec:
       labels:
         {{- include "alfresco-connector-msteams.selectorLabels" . | nindent 8 }}
     spec:
-    {{- include "component-pod-security-context" .Values | indent 4 }}
-    {{- if .Values.nodeSelector }}
-      nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
-    {{- end }}
-      {{- include "alfresco-content-services.imagePullSecrets" . | indent 6 }}
+      serviceAccountName: {{ include "alfresco-connector-msteams.serviceAccountName" . }}
+      {{- include "alfresco-common.component-pod-security-context" .Values | indent 4 }}
+      {{- if .Values.nodeSelector }}
+        nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
+      {{- end }}
+      {{- include "alfresco-common.imagePullSecrets" . | indent 6 }}
       affinity:
         podAntiAffinity:
           preferredDuringSchedulingIgnoredDuringExecution:
@@ -59,10 +60,13 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- include "component-security-context" .Values.msTeams | indent 8 }}
+          {{- include "alfresco-common.component-security-context" .Values | indent 8 }}
           envFrom:
             - configMapRef:
                 name: {{ template "alfresco-connector-msteams.fullname" . }}
+          env:
+            {{- include "alfresco-connector-msteams.repo-msteams.env" $ | nindent 12 }}
+            {{- include "alfresco-connector-msteams.secret-msteams.env" $ | nindent 12 }}
           ports:
               - containerPort: {{ .Values.image.internalPort }}
           resources: {{- toYaml .Values.resources | nindent 12 }}

diff --git a/charts/alfresco-connector-msteams/templates/secret-msteams.yaml b/charts/alfresco-connector-msteams/templates/secret-msteams.yaml
@@ -0,0 +1,12 @@
+{{- if not .Values.microsoft.app.existingSecret.name }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "alfresco-connector-msteams.secret.name" . }}
+  labels:
+    {{- include "alfresco-connector-msteams.labels" . | nindent 4 }}
+type: Opaque
+data:
+  MICROSOFT_APP_ID: {{ .Values.microsoft.app.id | b64enc | quote }}
+  MICROSOFT_APP_PASSWORD: {{ .Values.microsoft.app.password | b64enc | quote }}
+{{- end }}
diff --git a/charts/alfresco-connector-msteams/templates/serviceaccount.yaml b/charts/alfresco-connector-msteams/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "alfresco-connector-msteams.serviceAccountName" . }}
+  labels:
+    {{- include "alfresco-connector-msteams.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/alfresco-connector-msteams/tests/configmap-repository_test.yaml b/charts/alfresco-connector-msteams/tests/configmap-repository_test.yaml
@@ -0,0 +1,28 @@
+suite: test msteams-connector configmap
+templates:
+- configmap-repository.yaml
+tests:
+- it: should test the random baseurl
+  set:
+    alfresco:
+      baseUrl: htts://test-url:8800
+  asserts:
+     - equal:
+        path: data.ALFRESCO_BASE_URL
+        value: htts://test-url:8800
+- it: should render default configmaps based on values
+  values: &testvalues
+    - values/test_values.yaml
+  asserts:
+    - equal:
+        path: data.ALFRESCO_BASE_URL
+        value: change_me_alf_base_url
+- it: should not render components configmaps
+  values: *testvalues
+  set:
+    repository:
+      existingConfigMap:
+        name: repotest
+  asserts:
+    - hasDocuments:
+        count: 0
diff --git a/charts/alfresco-connector-msteams/tests/deployment-connector-msteams_test.yaml b/charts/alfresco-connector-msteams/tests/deployment-connector-msteams_test.yaml
@@ -3,25 +3,98 @@ templates:
 - deployment-connector-msteams.yaml
 - config-connector-msteams.yaml
 tests:
-- it: should have basic metadata in place
+- it: should have basic deployment properties by default
   values: &testvalues
   - values/test_values.yaml
+  template: deployment-connector-msteams.yaml
   asserts:
-  - equal:
-      path: metadata.name
-      value: RELEASE-NAME-alfresco-connector-msteams
-    template: deployment-connector-msteams.yaml
-
-- it: should render cpu and memory limits
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: ALFRESCO_BASE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: RELEASE-NAME-repo-teams
+              key: ALFRESCO_BASE_URL
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: MICROSOFT_APP_ID
+          valueFrom:
+            secretKeyRef:
+              name: RELEASE-NAME-msteams-se
+              key: MICROSOFT_APP_ID
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: MICROSOFT_APP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: RELEASE-NAME-msteams-se
+              key: MICROSOFT_APP_PASSWORD
+    - isSubset:
+        path: metadata.labels
+        content:
+          app.kubernetes.io/name: alfresco-connector-msteams
+    - equal:
+        path: spec.template.spec.serviceAccountName
+        value: msteams-sa
+    - equal:
+        path: metadata.name
+        value: RELEASE-NAME-alfresco-connector-msteams
+    - equal:
+        path: spec.template.spec.containers[0].resources
+        value:
+          requests:
+            cpu: "0.5"
+            memory: "1000Mi"
+          limits:
+            cpu: "1"
+            memory: "1000Mi"
+- it: should render deployment with existing secrets and configmaps
   values: *testvalues
+  set:
+    serviceAccount:
+      create: false
+      name: null
+    repository:
+      existingConfigMap:
+        name: baseurl
+        keys:
+          url: BASE_URL
+    microsoft:
+      app:
+        existingSecret:
+          name: msteamscreds
+          keys:
+            id: ABC
+            password: XYZ
+  template: deployment-connector-msteams.yaml
   asserts:
-  - equal:
-      path: spec.template.spec.containers[0].resources
-      value:
-        requests:
-          cpu: "0.5"
-          memory: "1000Mi"
-        limits:
-          cpu: "1"
-          memory: "1000Mi"
-    template: deployment-connector-msteams.yaml
+    - equal:
+        path: spec.template.spec.serviceAccountName
+        value: default
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: ALFRESCO_BASE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: baseurl
+              key: BASE_URL
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: MICROSOFT_APP_ID
+          valueFrom:
+            secretKeyRef:
+              name: msteamscreds
+              key: ABC
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: MICROSOFT_APP_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: msteamscreds
+              key: XYZ