From 04ce10c0caab166f796794b21431375f876c55da Mon Sep 17 00:00:00 2001 From: Keyvan Date: Thu, 26 Dec 2024 13:27:26 +0100 Subject: [PATCH] Update bitnami common chart --- external/common/Chart.yaml | 4 +- external/common/README.md | 4 +- external/common/templates/_affinities.tpl | 20 ++++++- external/common/templates/_compatibility.tpl | 4 ++ external/common/templates/_images.tpl | 10 +++- external/common/templates/_secrets.tpl | 58 +++++++++++-------- external/common/templates/_tplvalues.tpl | 14 +++++ external/common/templates/_warnings.tpl | 2 +- .../templates/validations/_cassandra.tpl | 26 --------- .../common/templates/validations/_mongodb.tpl | 46 --------------- .../common/templates/validations/_mysql.tpl | 41 ------------- .../templates/validations/_postgresql.tpl | 29 ---------- .../common/templates/validations/_redis.tpl | 33 ----------- 13 files changed, 83 insertions(+), 208 deletions(-) diff --git a/external/common/Chart.yaml b/external/common/Chart.yaml index dabd8068..7205cfef 100644 --- a/external/common/Chart.yaml +++ b/external/common/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: Infrastructure licenses: Apache-2.0 apiVersion: v2 -appVersion: 2.20.5 +appVersion: 2.27.0 description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. home: https://bitnami.com @@ -20,4 +20,4 @@ name: common sources: - https://github.com/bitnami/charts/tree/main/bitnami/common type: library -version: 2.20.5 +version: 2.27.0 diff --git a/external/common/README.md b/external/common/README.md index fee26c99..3943ed04 100644 --- a/external/common/README.md +++ b/external/common/README.md @@ -61,7 +61,7 @@ tag: pullPolicy: type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + description: Specify a imagePullPolicy.' pullSecrets: type: array @@ -214,7 +214,7 @@ helm install test mychart --set path.to.value00="",path.to.value01="" #### Useful links -- +- - - diff --git a/external/common/templates/_affinities.tpl b/external/common/templates/_affinities.tpl index c2d29079..d387dbe6 100644 --- a/external/common/templates/_affinities.tpl +++ b/external/common/templates/_affinities.tpl @@ -60,13 +60,14 @@ Return a topologyKey definition {{/* Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} */}} {{- define "common.affinities.pods.soft" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} {{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +{{- $extraNamespaces := default (list) .extraNamespaces -}} preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: @@ -77,6 +78,13 @@ preferredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if $extraNamespaces }} + namespaces: + - {{ .context.Release.Namespace }} + {{- with $extraNamespaces }} + {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} weight: 1 {{- range $extraPodAffinityTerms }} @@ -96,13 +104,14 @@ preferredDuringSchedulingIgnoredDuringExecution: {{/* Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}} +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "extraNamespaces" (list "namespace1" "namespace2") "context" $) -}} */}} {{- define "common.affinities.pods.hard" -}} {{- $component := default "" .component -}} {{- $customLabels := default (dict) .customLabels -}} {{- $extraMatchLabels := default (dict) .extraMatchLabels -}} {{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}} +{{- $extraNamespaces := default (list) .extraNamespaces -}} requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }} @@ -112,6 +121,13 @@ requiredDuringSchedulingIgnoredDuringExecution: {{- range $key, $value := $extraMatchLabels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if $extraNamespaces }} + namespaces: + - {{ .context.Release.Namespace }} + {{- with $extraNamespaces }} + {{ include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} + {{- end }} topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} {{- range $extraPodAffinityTerms }} - labelSelector: diff --git a/external/common/templates/_compatibility.tpl b/external/common/templates/_compatibility.tpl index eb4061d7..a61588d6 100644 --- a/external/common/templates/_compatibility.tpl +++ b/external/common/templates/_compatibility.tpl @@ -34,6 +34,10 @@ Usage: {{- end -}} {{- end -}} {{- end -}} +{{/* Remove empty seLinuxOptions object if global.compatibility.omitEmptySeLinuxOptions is set to true */}} +{{- if and (((.context.Values.global).compatibility).omitEmptySeLinuxOptions) (not .secContext.seLinuxOptions) -}} + {{- $adaptedContext = omit $adaptedContext "seLinuxOptions" -}} +{{- end -}} {{/* Remove fields that are disregarded when running the container in privileged mode */}} {{- if $adaptedContext.privileged -}} {{- $adaptedContext = omit $adaptedContext "capabilities" "seLinuxOptions" -}} diff --git a/external/common/templates/_images.tpl b/external/common/templates/_images.tpl index 6821b1ce..76bb7ce4 100644 --- a/external/common/templates/_images.tpl +++ b/external/common/templates/_images.tpl @@ -5,8 +5,9 @@ SPDX-License-Identifier: APACHE-2.0 {{/* vim: set filetype=mustache: */}} {{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +Return the proper image name. +If image tag and digest are not defined, termination fallbacks to chart appVersion. +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global "chart" .Chart ) }} */}} {{- define "common.images.image" -}} {{- $registryName := default .imageRoot.registry ((.global).imageRegistry) -}} @@ -14,6 +15,11 @@ Return the proper image name {{- $separator := ":" -}} {{- $termination := .imageRoot.tag | toString -}} +{{- if not .imageRoot.tag }} + {{- if .chart }} + {{- $termination = .chart.AppVersion | toString -}} + {{- end -}} +{{- end -}} {{- if .imageRoot.digest }} {{- $separator = "@" -}} {{- $termination = .imageRoot.digest | toString -}} diff --git a/external/common/templates/_secrets.tpl b/external/common/templates/_secrets.tpl index e87575a8..bfef4697 100644 --- a/external/common/templates/_secrets.tpl +++ b/external/common/templates/_secrets.tpl @@ -67,7 +67,7 @@ Params: Generate secret password or retrieve one if already created. Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "honorProvidedValues" false "context" $) }} Params: - secret - String - Required - Name of the 'Secret' resource where the password is stored. @@ -80,12 +80,15 @@ Params: - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets. - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted. - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret. + - honorProvidedValues - Boolean - Optional - Default to false. If set to true, the values in providedValues have higher priority than an existing secret The order in which this function returns a secret password: - 1. Already existing 'Secret' resource + 1. Password provided via the values.yaml if honorProvidedValues = true + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 2. Already existing 'Secret' resource (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml + 3. Password provided via the values.yaml if honorProvidedValues = false (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password + 4. Randomly generated secret password (A new random secret password with the length specified in the 'length' parameter will be generated and returned) */}} @@ -103,30 +106,37 @@ The order in which this function returns a secret password: {{- $password = index $secretData .key | b64dec }} {{- else if not (eq .failOnNew false) }} {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} {{- end -}} +{{- end }} - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} +{{- if and $providedPasswordValue .honorProvidedValues }} + {{- $password = $providedPasswordValue | toString }} +{{- end }} - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} +{{- if not $password }} + {{- if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString }} {{- else }} - {{- $password = randAlphaNum $passwordLength }} - {{- end }} + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- if not (eq .failOnNew false) }} + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + {{- end }} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle }} + {{- else }} + {{- $password = randAlphaNum $passwordLength }} + {{- end }} + {{- end -}} {{- end -}} {{- if not .skipB64enc }} {{- $password = $password | b64enc }} diff --git a/external/common/templates/_tplvalues.tpl b/external/common/templates/_tplvalues.tpl index c84d72c8..a04f4c1e 100644 --- a/external/common/templates/_tplvalues.tpl +++ b/external/common/templates/_tplvalues.tpl @@ -36,3 +36,17 @@ Usage: {{- end -}} {{ $dst | toYaml }} {{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with https://masterminds.github.io/sprig/dicts.html#mergeoverwrite-mustmergeoverwrite +Usage: +{{ include "common.tplvalues.merge-overwrite" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues.merge-overwrite" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | mergeOverwrite $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/external/common/templates/_warnings.tpl b/external/common/templates/_warnings.tpl index e4dbecde..62c44dfc 100644 --- a/external/common/templates/_warnings.tpl +++ b/external/common/templates/_warnings.tpl @@ -13,7 +13,7 @@ Usage: {{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html ++info https://techdocs.broadcom.com/us/en/vmware-tanzu/application-catalog/tanzu-application-catalog/services/tac-doc/apps-tutorials-understand-rolling-tags-containers-index.html {{- end }} {{- end -}} diff --git a/external/common/templates/validations/_cassandra.tpl b/external/common/templates/validations/_cassandra.tpl index 3f41ff8f..f8fd213b 100644 --- a/external/common/templates/validations/_cassandra.tpl +++ b/external/common/templates/validations/_cassandra.tpl @@ -4,32 +4,6 @@ SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - {{/* Auxiliary function to get the right value for existingSecret. diff --git a/external/common/templates/validations/_mongodb.tpl b/external/common/templates/validations/_mongodb.tpl index d4cd38cb..e678a6de 100644 --- a/external/common/templates/validations/_mongodb.tpl +++ b/external/common/templates/validations/_mongodb.tpl @@ -4,52 +4,6 @@ SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - {{/* Auxiliary function to get the right value for existingSecret. diff --git a/external/common/templates/validations/_mysql.tpl b/external/common/templates/validations/_mysql.tpl index 924812a9..fbb65c33 100644 --- a/external/common/templates/validations/_mysql.tpl +++ b/external/common/templates/validations/_mysql.tpl @@ -4,47 +4,6 @@ SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - {{/* Auxiliary function to get the right value for existingSecret. diff --git a/external/common/templates/validations/_postgresql.tpl b/external/common/templates/validations/_postgresql.tpl index 0fa0b146..51d47162 100644 --- a/external/common/templates/validations/_postgresql.tpl +++ b/external/common/templates/validations/_postgresql.tpl @@ -4,35 +4,6 @@ SPDX-License-Identifier: APACHE-2.0 */}} {{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - {{/* Auxiliary function to decide whether evaluate global values. diff --git a/external/common/templates/validations/_redis.tpl b/external/common/templates/validations/_redis.tpl index f4778256..9fedfef9 100644 --- a/external/common/templates/validations/_redis.tpl +++ b/external/common/templates/validations/_redis.tpl @@ -5,39 +5,6 @@ SPDX-License-Identifier: APACHE-2.0 {{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - {{/* Auxiliary function to get the right value for enabled redis.