From c6d470873060b439529f64979019c6eeee6a1e9f Mon Sep 17 00:00:00 2001 From: "Esteban J. G. Gabancho" Date: Fri, 13 Dec 2024 11:01:08 +0100 Subject: [PATCH] invenio: refactor sentry block * Deprecates non-camelcase sentry variables. * Addresses secret handling as described in #117. --- charts/invenio/templates/NOTES.txt | 17 ++++++++++++ charts/invenio/templates/_helpers.tpl | 26 +++++++++++++++++++ .../invenio/templates/install-init-job.yaml | 1 + charts/invenio/templates/sentry-secret.yaml | 9 ++++--- charts/invenio/templates/web-deployment.yaml | 8 +----- .../templates/worker-beat-deployment.yaml | 8 +----- .../invenio/templates/worker-deployment.yaml | 8 +----- charts/invenio/values.yaml | 19 ++++++++++++-- 8 files changed, 69 insertions(+), 27 deletions(-) diff --git a/charts/invenio/templates/NOTES.txt b/charts/invenio/templates/NOTES.txt index 8b5d149..251adbf 100644 --- a/charts/invenio/templates/NOTES.txt +++ b/charts/invenio/templates/NOTES.txt @@ -9,3 +9,20 @@ DEPRECATION WARNING: removed in a future release. {{- end }} + +{{- if .Values.invenio.sentry.existing_secret }} + +DEPRECATION WARNING: + `invenio.sentry.existing_secret` has been renamed to `invenio.sentry.existingSecret` + and its type has changed from boolean to string. + This key will be removed in a future release. + +{{- end }} + +{{- if .Values.invenio.sentry.secret_name }} + +DEPRECATION WARNING: + `invenio.sentry.secret_name` has been removed in favor of + `invenio.sentry.existingSecret` will be removed in a future release. + +{{- end }} diff --git a/charts/invenio/templates/_helpers.tpl b/charts/invenio/templates/_helpers.tpl index 579cd8a..1dae654 100644 --- a/charts/invenio/templates/_helpers.tpl +++ b/charts/invenio/templates/_helpers.tpl @@ -273,3 +273,29 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- $databaseName := include "invenio.postgresql.databaseName" . -}} {{- printf "postgresql+psycopg2://%s:%s@%s:%v/%s" $username $password $hostname $port $databaseName -}} {{- end -}} + +{{/* +Get the sentry secret name +*/}} +{{- define "invenio.sentrySecretName" -}} +{{- if .Values.invenio.sentry.existingSecret -}} + {{- print (tpl .Values.invenio.sentry.existingSecret .) -}} +{{- else if .Values.invenio.sentry.secret_name -}} + {{- print .Values.invenio.sentry.secret_name -}} +{{- else -}} + {{- "sentry-secrets" -}} +{{- end -}} +{{- end -}} + +{{/* +Add sentry environmental variables +*/}} +{{- define "invenio.config.sentry" -}} +{{- if .Values.invenio.sentry.enabled -}} +- name: INVENIO_SENTRY_DSN + valueFrom: + secretKeyRef: + name: {{ include "invenio.sentrySecretName" . }} + key: {{ .Values.invenio.sentry.secretKeys.dsnKey }} +{{- end }} +{{- end -}} diff --git a/charts/invenio/templates/install-init-job.yaml b/charts/invenio/templates/install-init-job.yaml index f6085ac..ed6cb76 100644 --- a/charts/invenio/templates/install-init-job.yaml +++ b/charts/invenio/templates/install-init-job.yaml @@ -63,6 +63,7 @@ spec: mountPath: "/opt/invenio/var/instance/app_data/vocabularies/{{ $key }}" subPath: "{{ $key }}" {{- end }} + {{- include "invenio.config.sentry" . | nindent 8 }} {{- if .Values.web.resources }} resources: {{- toYaml .Values.web.resources | nindent 10 }} {{- end }} diff --git a/charts/invenio/templates/sentry-secret.yaml b/charts/invenio/templates/sentry-secret.yaml index 40dc091..f4b4705 100644 --- a/charts/invenio/templates/sentry-secret.yaml +++ b/charts/invenio/templates/sentry-secret.yaml @@ -1,15 +1,16 @@ -{{- if and (.Values.invenio.sentry.enabled) (not .Values.invenio.sentry.existing_secret) }} +{{- if and (.Values.invenio.sentry.enabled) (and (not .Values.invenio.sentry.existingSecret) (not .Values.invenio.sentry.existing_secret)) }} +{{- $dsn := .Values.invenio.sentry.dsn | required ".Values.invenio.sentry.dns is required unless existingSecret is provided." -}} --- apiVersion: v1 kind: Secret type: Opaque metadata: - name: {{ .Values.invenio.sentry.secret_name }} + name: sentry-secrets labels: {{- include "invenio.labels" . | nindent 4 }} - app: {{ .Values.invenio.sentry.secret_name }} + app: sentry-secrets annotations: helm.sh/resource-policy: keep data: - SENTRY_DSN: {{ .Values.invenio.sentry.dsn | b64enc }} + {{ .Values.invenio.sentry.secretKeys.dsnKey }}: {{ $dsn | b64enc }} {{- end -}} diff --git a/charts/invenio/templates/web-deployment.yaml b/charts/invenio/templates/web-deployment.yaml index 719ef84..ea12705 100644 --- a/charts/invenio/templates/web-deployment.yaml +++ b/charts/invenio/templates/web-deployment.yaml @@ -57,13 +57,7 @@ spec: secretKeyRef: name: invenio-secrets key: INVENIO_CSRF_SECRET_SALT - {{- if .Values.invenio.sentry.enabled }} - - name: INVENIO_SENTRY_DSN - valueFrom: - secretKeyRef: - name: {{ .Values.invenio.sentry.secret_name }} - key: SENTRY_DSN - {{- end }} + {{- include "invenio.config.sentry" . | nindent 8 }} {{- if .Values.invenio.datacite.enabled }} - name: INVENIO_DATACITE_USERNAME valueFrom: diff --git a/charts/invenio/templates/worker-beat-deployment.yaml b/charts/invenio/templates/worker-beat-deployment.yaml index bccf6a9..f360995 100644 --- a/charts/invenio/templates/worker-beat-deployment.yaml +++ b/charts/invenio/templates/worker-beat-deployment.yaml @@ -70,13 +70,7 @@ spec: secretKeyRef: name: invenio-secrets key: INVENIO_CSRF_SECRET_SALT - {{- if .Values.invenio.sentry.enabled }} - - name: INVENIO_SENTRY_DSN - valueFrom: - secretKeyRef: - name: {{ .Values.invenio.sentry.secret_name }} - key: SENTRY_DSN - {{- end }} + {{- include "invenio.config.sentry" . | nindent 8 }} {{- if .Values.invenio.datacite.enabled }} - name: INVENIO_DATACITE_USERNAME valueFrom: diff --git a/charts/invenio/templates/worker-deployment.yaml b/charts/invenio/templates/worker-deployment.yaml index 0b661d8..d505f7f 100644 --- a/charts/invenio/templates/worker-deployment.yaml +++ b/charts/invenio/templates/worker-deployment.yaml @@ -61,13 +61,7 @@ spec: secretKeyRef: name: invenio-secrets key: INVENIO_CSRF_SECRET_SALT - {{- if .Values.invenio.sentry.enabled }} - - name: INVENIO_SENTRY_DSN - valueFrom: - secretKeyRef: - name: {{ .Values.invenio.sentry.secret_name }} - key: SENTRY_DSN - {{- end }} + {{- include "invenio.config.sentry" . | nindent 10 }} {{- if .Values.invenio.datacite.enabled }} - name: INVENIO_DATACITE_USERNAME valueFrom: diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml index 94c1d24..a786fa4 100644 --- a/charts/invenio/values.yaml +++ b/charts/invenio/values.yaml @@ -19,10 +19,25 @@ invenio: default_users: [] # Requires invenio.init=true demo_data: false # Setting invenio.demo_data=true requires also setting default_users! sentry: + ## @param invenio.sentry.enabled Enable Sentry.io integration + ## enabled: false - existing_secret: false - secret_name: "sentry-secrets" + ## @param invenio.sentry.dns Sentry DSN, required unless existingSecret is provided + ## dsn: "" + ## @param invenio.sentry.secret_name DEPRECATED: invenio.sentry.existingSecret instead + ## + secret_name: "sentry-secrets" + ## @param invenio.sentry.existing_secret DEPRECATED: invenio.sentry.existingSecret instead + ## + existing_secret: false + ## @param invenio.sentry.existingSecret Existing secret name for sentry's dsn + ## + existingSecret: "" + ## @param invenio.sentry.secretKeys.dsnKey Name of key in existing secret to use for dns. + ## + secretKeys: + dsnKey: "SENTRY_DSN" datacite: enabled: false existing_secret: false