OPSEXP-2177 Generic database support for search enterprise chart (#106)

Alfresco · Sep 8, 2023 · 2bf0a39 · 2bf0a39
1 parent 90cba0f
commit 2bf0a39
Show file tree

Hide file tree

Showing 17 changed files with 162 additions and 61 deletions.
diff --git a/.checkov-values.yml b/.checkov-values.yml
@@ -2,8 +2,6 @@ postgresql:
   enabled: true
 activemq:
   enabled: true
-elasticsearch:
-  enabled: true
 configuration:
   db:
     url: postgresql://pg-postgresql-acs/alfresco
@@ -14,3 +12,10 @@ configuration:
 global:
   tracking:
     sharedsecret: dummy
+
+# alfresco-search-enterprise
+elasticsearch:
+  enabled: true
+reindexing:
+  db:
+    url: something
diff --git a/charts/alfresco-search-enterprise/Chart.yaml b/charts/alfresco-search-enterprise/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v2
 name: alfresco-search-enterprise
 description: A Helm chart for deploying Alfresco Elasticsearch connector
 type: application
-version: 1.4.0
+version: 2.0.0-alpha.0
 appVersion: 3.3.1
 dependencies:
   - name: alfresco-common

diff --git a/charts/alfresco-search-enterprise/README.md b/charts/alfresco-search-enterprise/README.md
@@ -1,6 +1,6 @@
 # alfresco-search-enterprise
 
-![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.1](https://img.shields.io/badge/AppVersion-3.3.1-informational?style=flat-square)
+![Version: 2.0.0-alpha.0](https://img.shields.io/badge/Version-2.0.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.1](https://img.shields.io/badge/AppVersion-3.3.1-informational?style=flat-square)
 
 A Helm chart for deploying Alfresco Elasticsearch connector
 
@@ -60,20 +60,21 @@ Please refer to the [documentation](https://github.com/Alfresco/acs-deployment/b
 | pathIndexingComponent.enabled | bool | `true` |  |
 | podAnnotations | object | `{}` |  |
 | podSecurityContext | object | `{}` |  |
+| reindexing.db.existingConfigMap.keys.url | string | `"DATABASE_URL"` | Key within the configmap holding the full JDBC url to connect to database service |
+| reindexing.db.existingConfigMap.name | string | `nil` | Alternatively, provide database connection details via an existing configmap |
+| reindexing.db.existingSecret.keys.password | string | `"DATABASE_PASSWORD"` | Key within the secret holding the database password |
+| reindexing.db.existingSecret.keys.username | string | `"DATABASE_USERNAME"` | Key within the secret holding the database username |
+| reindexing.db.existingSecret.name | string | `nil` | Alternatively, provide database credentials via an existing secret |
+| reindexing.db.password | string | `nil` | The password required to access the service |
+| reindexing.db.url | string | `nil` | Provide the full JDBC url to connect to database service e.g.: `jdbc:postgresql://hostname:5432/database` |
+| reindexing.db.username | string | `nil` | The username required to access the service |
 | reindexing.enabled | bool | `true` | Create the one-shot job to trigger the reindexing of repo contents |
 | reindexing.image.pullPolicy | string | `"IfNotPresent"` |  |
 | reindexing.image.repository | string | `"quay.io/alfresco/alfresco-elasticsearch-reindexing"` |  |
 | reindexing.image.tag | string | `"3.3.1"` |  |
 | reindexing.initcontainers.waitForRepository.resources.limits.cpu | string | `"0.25"` |  |
 | reindexing.initcontainers.waitForRepository.resources.limits.memory | string | `"10Mi"` |  |
 | reindexing.pathIndexingEnabled | bool | `true` |  |
-| reindexing.postgresql.database | string | `"alfresco"` | The database name to use |
-| reindexing.postgresql.existingSecretName | string | `nil` | Alternatively, provide connection details via an existing secret that contains DATABASE_USERNAME and DATABASE_PASSWORD keys |
-| reindexing.postgresql.hostname | string | `"postgresql-acs"` | The host where database service is available |
-| reindexing.postgresql.password | string | `nil` | The password required to access the service |
-| reindexing.postgresql.port | int | `5432` | The port where service is available |
-| reindexing.postgresql.url | string | `nil` |  |
-| reindexing.postgresql.user | string | `nil` | The username required to access the service |
 | reindexing.resources.limits.cpu | string | `"2"` |  |
 | reindexing.resources.limits.memory | string | `"512Mi"` |  |
 | reindexing.resources.requests.cpu | string | `"0.5"` |  |

diff --git a/charts/alfresco-search-enterprise/templates/_helpers-elasticsearch.tpl b/charts/alfresco-search-enterprise/templates/_helpers-elasticsearch.tpl
@@ -1,5 +1,5 @@
 {{- define "alfresco-search-enterprise.searchIndexExistingSecretName" -}}
-{{ $.Values.searchIndex.existingSecretName | default $.Values.global.elasticsearch.existingSecretName | default (printf "%s-elasticsearch-secret" (include "alfresco-search-enterprise.fullName" $)) }}
+{{ coalesce .Values.searchIndex.existingSecretName .Values.global.elasticsearch.existingSecretName (printf "%s-elasticsearch-secret" (include "alfresco-search-enterprise.fullname" .)) }}
 {{- end -}}
 
 {{- define "alfresco-search-enterprise.config.spring" -}}

diff --git a/charts/alfresco-search-enterprise/templates/_helpers.tpl b/charts/alfresco-search-enterprise/templates/_helpers.tpl
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "alfresco-search-enterprise.fullName" -}}
+{{- define "alfresco-search-enterprise.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}

diff --git a/charts/alfresco-search-enterprise/templates/configmap-database.yaml b/charts/alfresco-search-enterprise/templates/configmap-database.yaml
@@ -0,0 +1,12 @@
+{{- if and .Values.reindexing.enabled (not .Values.reindexing.db.existingConfigMap.name) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: >-
+    {{- $ctx := dict "Values" (dict "nameOverride" "alfresco-database") "Chart" .Chart "Release" .Release }}
+    {{ template "alfresco-search-enterprise.fullname" $ctx }}
+  labels:
+    {{- include "alfresco-search-enterprise.labels" . | nindent 4 }}
+data:
+  {{ .Values.reindexing.db.existingConfigMap.keys.url }}: {{ required ".reindexing.db.url is mandatory when not using existingConfigMap" .Values.reindexing.db.url }}
+{{- end }}
diff --git a/charts/alfresco-search-enterprise/templates/liveindexing-config.yaml b/charts/alfresco-search-enterprise/templates/liveindexing-config.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "alfresco-search-enterprise.fullName" . }}-configmap
+  name: {{ template "alfresco-search-enterprise.fullname" . }}-configmap
   labels:
     {{- include "alfresco-search-enterprise.labels" $ | nindent 4 }}
 data:

diff --git a/charts/alfresco-search-enterprise/templates/liveindexing-deployment.yaml b/charts/alfresco-search-enterprise/templates/liveindexing-deployment.yaml
@@ -2,7 +2,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "alfresco-search-enterprise.fullName" $ }}-{{ $serviceName }}
+  name: {{ include "alfresco-search-enterprise.fullname" $ }}-{{ $serviceName }}
   labels:
     {{- include "alfresco-search-enterprise.labels" $ | nindent 4 }}
 spec:
@@ -36,9 +36,9 @@ spec:
             {{- include "component-security-context" .Values | indent 8 }}
           envFrom:
             - configMapRef:
-                name: {{ template "alfresco-search-enterprise.fullName" $ }}-configmap
+                name: {{ template "alfresco-search-enterprise.fullname" $ }}-configmap
             - secretRef:
-                name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-search-enterprise.fullName" $)) $.Values.messageBroker.existingSecretName }}
+                name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-search-enterprise.fullname" $)) $.Values.messageBroker.existingSecretName }}
           env:
             {{- include "spring.activemq.env" . | nindent 12 }}
             {{- include "alfresco-search-enterprise.config.spring.envCredentials" $ | nindent 12 }}

diff --git a/charts/alfresco-search-enterprise/templates/reindexing-config.yaml b/charts/alfresco-search-enterprise/templates/reindexing-config.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "alfresco-search-enterprise.fullName" . }}-reindexing-configmap
+  name: {{ template "alfresco-search-enterprise.fullname" . }}-reindexing-configmap
   labels:
     {{- include "alfresco-search-enterprise.labels" $ | nindent 4 }}
 data:
@@ -10,11 +10,6 @@ data:
   ALFRESCO_SHAREDFILESTORE_BASEURL: http://{{ template "alfresco.shortname" . }}-filestore:80/alfresco/api/-default-/private/sfs/versions/1/file/
   ALFRESCO_ACCEPTEDCONTENTMEDIATYPESCACHE_BASEURL: http://{{ template "alfresco.shortname" . }}-router/transform/config
   ALFRESCO_REINDEX_PATHINDEXINGENABLED: {{ .Values.reindexing.pathIndexingEnabled | quote }}
-  {{- if .Values.reindexing.postgresql.url }}
-  SPRING_DATASOURCE_URL: {{ .Values.reindexing.postgresql.url }}
-  {{- else }}
-  SPRING_DATASOURCE_URL: jdbc:postgresql://{{ .Release.Name }}-{{ .Values.reindexing.postgresql.hostname }}:{{ .Values.reindexing.postgresql.port | default 5432 }}/{{ .Values.reindexing.postgresql.database }}
-  {{- end }}
   {{- if .Values.reindexing.environment }}
   {{- range $key, $val := .Values.reindexing.environment }}
   {{ $key }}: {{ $val | quote }}

diff --git a/charts/alfresco-search-enterprise/templates/reindexing-job.yaml b/charts/alfresco-search-enterprise/templates/reindexing-job.yaml
@@ -2,7 +2,7 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ include "alfresco-search-enterprise.fullName" . }}-reindexing
+  name: {{ include "alfresco-search-enterprise.fullname" . }}-reindexing
   labels:
     {{- include "alfresco-search-enterprise.labels" $ | nindent 4 }}
 spec:
@@ -26,20 +26,27 @@ spec:
           resources: {{- toYaml .Values.reindexing.resources | nindent 12 }}
           envFrom:
             - configMapRef:
-                name: {{ template "alfresco-search-enterprise.fullName" . }}-reindexing-configmap
+                name: {{ template "alfresco-search-enterprise.fullname" . }}-reindexing-configmap
             - secretRef:
-                name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-search-enterprise.fullName" .)) .Values.messageBroker.existingSecretName }}
+                name: {{ default (printf "%s-messagebroker-secret" (include "alfresco-search-enterprise.fullname" .)) .Values.messageBroker.existingSecretName }}
           env:
+            {{- $dbCtx := dict "Values" (dict "nameOverride" "alfresco-database") "Chart" .Chart "Release" .Release }}
+            {{- $dbFullName := (include "alfresco-search-enterprise.fullname" $dbCtx) }}
             - name: SPRING_DATASOURCE_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: {{ default (printf "%s-postgresql-secret" (include "alfresco-search-enterprise.fullName" $)) $.Values.reindexing.postgresql.existingSecretName }}
-                  key: DATABASE_PASSWORD
+                  name: {{ .Values.reindexing.db.existingSecret.name | default $dbFullName }}
+                  key: {{ .Values.reindexing.db.existingSecret.keys.password }}
             - name: SPRING_DATASOURCE_USERNAME
               valueFrom:
                 secretKeyRef:
-                  name: {{ default (printf "%s-postgresql-secret" (include "alfresco-search-enterprise.fullName" $)) $.Values.reindexing.postgresql.existingSecretName }}
-                  key: DATABASE_USERNAME
+                  name: {{ .Values.reindexing.db.existingSecret.name | default $dbFullName }}
+                  key: {{ .Values.reindexing.db.existingSecret.keys.username }}
+            - name: SPRING_DATASOURCE_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Values.reindexing.db.existingConfigMap.name | default $dbFullName }}
+                  key: {{ .Values.reindexing.db.existingConfigMap.keys.url }}
             {{- include "spring.activemq.env" . | nindent 12 }}
             {{- include "alfresco-search-enterprise.config.spring.envCredentials" $ | nindent 12 }}
           ports:

diff --git a/charts/alfresco-search-enterprise/templates/secret-database.yaml b/charts/alfresco-search-enterprise/templates/secret-database.yaml
@@ -1,12 +1,14 @@
-{{- if and .Values.reindexing.enabled (not .Values.reindexing.postgresql.existingSecretName) }}
+{{- if and .Values.reindexing.enabled (not .Values.reindexing.db.existingSecret.name) }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "alfresco-search-enterprise.fullName" . }}-postgresql-secret
+  name: >-
+    {{- $ctx := dict "Values" (dict "nameOverride" "alfresco-database") "Chart" .Chart "Release" .Release }}
+    {{ template "alfresco-search-enterprise.fullname" $ctx }}
   labels:
     {{- include "alfresco-search-enterprise.labels" $ | nindent 4 }}
 type: Opaque
 data:
-  DATABASE_USERNAME: {{ .Values.reindexing.postgresql.user | default "" | b64enc | quote }}
-  DATABASE_PASSWORD: {{ .Values.reindexing.postgresql.password | default "" | b64enc | quote }}
+  {{ .Values.reindexing.db.existingSecret.keys.username }}: {{ .Values.reindexing.db.username | default "" | b64enc | quote }}
+  {{ .Values.reindexing.db.existingSecret.keys.password }}: {{ .Values.reindexing.db.password | default "" | b64enc | quote }}
 {{- end }}
diff --git a/charts/alfresco-search-enterprise/templates/secret-elasticsearch.yaml b/charts/alfresco-search-enterprise/templates/secret-elasticsearch.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "alfresco-search-enterprise.fullName" . }}-elasticsearch-secret
+  name: {{ template "alfresco-search-enterprise.fullname" . }}-elasticsearch-secret
   labels:
     {{- include "alfresco-search-enterprise.labels" $ | nindent 4 }}
 type: Opaque

diff --git a/charts/alfresco-search-enterprise/templates/secret-messagebroker.yaml b/charts/alfresco-search-enterprise/templates/secret-messagebroker.yaml
@@ -2,13 +2,13 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ template "alfresco-search-enterprise.fullName" . }}-messagebroker-secret
+  name: {{ template "alfresco-search-enterprise.fullname" . }}-messagebroker-secret
   labels:
     {{- include "alfresco-search-enterprise.labels" $ | nindent 4 }}
 type: Opaque
 data:
   {{- if .Values.activemq.enabled }}
-  BROKER_URL: {{ printf "failover:(nio://%s-activemq-broker:61616)?timeout=3000&jms.useCompression=true" (include "alfresco-search-enterprise.fullName" .) | b64enc | quote }}
+  BROKER_URL: {{ printf "failover:(nio://%s-activemq-broker:61616)?timeout=3000&jms.useCompression=true" (include "alfresco-search-enterprise.fullname" .) | b64enc | quote }}
   BROKER_USERNAME: {{ .Values.activemq.adminUser.user | b64enc | quote }}
   BROKER_PASSWORD: {{ .Values.activemq.adminUser.password | b64enc | quote }}
   {{- else }}

diff --git a/charts/alfresco-search-enterprise/tests/configmap-database_test.yaml b/charts/alfresco-search-enterprise/tests/configmap-database_test.yaml
@@ -0,0 +1,34 @@
+---
+suite: test database configmap
+templates:
+  - configmap-database.yaml
+tests:
+  - it: should have empty url as default
+    asserts:
+      - failedTemplate:
+          errorMessage: .reindexing.db.url is mandatory when not using existingConfigMap
+
+  - it: should have url populated when url value is set
+    set:
+      reindexing:
+        db:
+          url: jdbc:postgresql://hostname:5432/
+    asserts:
+      - equal:
+          path: data.DATABASE_URL
+          value: jdbc:postgresql://hostname:5432/
+
+  - it: should not render cm when existingConfigMap is set
+    set:
+      reindexing.db.existingConfigMap:
+        name: external-database-configmap
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should not render cm when reindexing is disabled
+    set:
+      reindexing.enabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/...rch-enterprise/tests/reindexing_test.yaml → ...enterprise/tests/reindexing-job_test.yaml b/...rch-enterprise/tests/reindexing_test.yaml → ...enterprise/tests/reindexing-job_test.yaml
@@ -8,40 +8,80 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].env[0].name
           value: SPRING_DATASOURCE_PASSWORD
+      - equal:
+          path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name
+          value: RELEASE-NAME-alfresco-database
+      - equal:
+          path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key
+          value: DATABASE_PASSWORD
+
       - equal:
           path: spec.template.spec.containers[0].env[1].name
           value: SPRING_DATASOURCE_USERNAME
-      - equal:
-          path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name
-          value: RELEASE-NAME-alfresco-search-enterprise-postgresql-secret
       - equal:
           path: spec.template.spec.containers[0].env[1].valueFrom.secretKeyRef.name
-          value: RELEASE-NAME-alfresco-search-enterprise-postgresql-secret
+          value: RELEASE-NAME-alfresco-database
+      - equal:
+          path: spec.template.spec.containers[0].env[1].valueFrom.secretKeyRef.key
+          value: DATABASE_USERNAME
+
+      - equal:
+          path: spec.template.spec.containers[0].env[2].name
+          value: SPRING_DATASOURCE_URL
+      - equal:
+          path: spec.template.spec.containers[0].env[2].valueFrom.configMapKeyRef.name
+          value: RELEASE-NAME-alfresco-database
+      - equal:
+          path: spec.template.spec.containers[0].env[2].valueFrom.configMapKeyRef.key
+          value: DATABASE_URL
 
   - it: should have overridden secret for spring database credentials when existingSecretName is set
     set:
-      reindexing.postgresql.existingSecretName: my-custom-secret
+      reindexing.db:
+        existingSecret:
+          name: my-custom-secret
+          keys:
+            username: CUSTOM_USERNAME_KEY
+            password: CUSTOM_PASSWORD_KEY
+        existingConfigMap:
+          name: my-custom-configmap
+          keys:
+            url: CUSTOM_URL_KEY
     asserts:
       - equal:
           path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name
           value: my-custom-secret
+      - equal:
+          path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key
+          value: CUSTOM_PASSWORD_KEY
+
       - equal:
           path: spec.template.spec.containers[0].env[1].valueFrom.secretKeyRef.name
           value: my-custom-secret
+      - equal:
+          path: spec.template.spec.containers[0].env[1].valueFrom.secretKeyRef.key
+          value: CUSTOM_USERNAME_KEY
+
+      - equal:
+          path: spec.template.spec.containers[0].env[2].valueFrom.configMapKeyRef.name
+          value: my-custom-configmap
+      - equal:
+          path: spec.template.spec.containers[0].env[2].valueFrom.configMapKeyRef.key
+          value: CUSTOM_URL_KEY
 
   - it: should have env vars for elasticsearch credentials
     asserts:
       - equal:
-          path: spec.template.spec.containers[0].env[5].name
+          path: spec.template.spec.containers[0].env[6].name
           value: SPRING_ELASTICSEARCH_REST_USERNAME
       - equal:
-          path: spec.template.spec.containers[0].env[5].valueFrom.secretKeyRef.name
+          path: spec.template.spec.containers[0].env[6].valueFrom.secretKeyRef.name
           value: RELEASE-NAME-alfresco-search-enterprise-elasticsearch-secret
       - equal:
-          path: spec.template.spec.containers[0].env[6].name
+          path: spec.template.spec.containers[0].env[7].name
           value: SPRING_ELASTICSEARCH_REST_PASSWORD
       - equal:
-          path: spec.template.spec.containers[0].env[6].valueFrom.secretKeyRef.name
+          path: spec.template.spec.containers[0].env[7].valueFrom.secretKeyRef.name
           value: RELEASE-NAME-alfresco-search-enterprise-elasticsearch-secret
 
   - it: should not be present when disabled

diff --git a/charts/alfresco-search-enterprise/tests/secret-database_test.yaml b/charts/alfresco-search-enterprise/tests/secret-database_test.yaml
@@ -15,8 +15,8 @@ tests:
   - it: should have credentials populated when credentials are set
     set:
       reindexing:
-        postgresql:
-          user: admin
+        db:
+          username: admin
           password: letmein
     asserts:
       - equal:
@@ -28,9 +28,7 @@ tests:
 
   - it: should not have a secret when existingSecretName is set
     set:
-      reindexing:
-        postgresql:
-          existingSecretName: external-database-secret
+      reindexing.db.existingSecret.name: external-database-secret
     asserts:
       - hasDocuments:
           count: 0