From 2ac327b5674bed79b207676d529e84bb98ede72c Mon Sep 17 00:00:00 2001
From: Moctar <diouf@alchemy.fr>
Date: Thu, 14 Sep 2023 17:52:41 +0200
Subject: [PATCH 1/3] PHRAS-3892 add custom csp as env variable

---
 charts/phraseanet/Chart.yaml            | 2 +-
 charts/phraseanet/templates/gateway.yml | 4 ++++
 charts/phraseanet/values.yaml           | 2 ++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/charts/phraseanet/Chart.yaml b/charts/phraseanet/Chart.yaml
index d6865ea..5789bb3 100644
--- a/charts/phraseanet/Chart.yaml
+++ b/charts/phraseanet/Chart.yaml
@@ -14,7 +14,7 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.20.0
+version: 0.21.0
 
 
 # This is the version number of the application being deployed. This version number should be
diff --git a/charts/phraseanet/templates/gateway.yml b/charts/phraseanet/templates/gateway.yml
index 6fc50f5..f19b3be 100644
--- a/charts/phraseanet/templates/gateway.yml
+++ b/charts/phraseanet/templates/gateway.yml
@@ -69,4 +69,8 @@ spec:
           value: {{ .Values.http.gateway_denied_ips }}
         - name: "GATEWAY_USERS"
           value: {{ .Values.http.gateway_users }}
+        - name: "GATEWAY_CSP"
+          # value: {{ .Values.http.gateway_csp }} # this variable should be used when available
+          value: {{ "default-src 'self' 127.0.0.1 https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ; object-src 'self';frame-ancestors 'self'"  }}
+
 {{- end }}
diff --git a/charts/phraseanet/values.yaml b/charts/phraseanet/values.yaml
index 684d3c7..14d997d 100644
--- a/charts/phraseanet/values.yaml
+++ b/charts/phraseanet/values.yaml
@@ -96,6 +96,8 @@ http:
   gateway_denied_ips:
   gateway_users:
   gateway_https: "on"
+  gateway_csp: "default-src 'self' 127.0.0.1 https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ; object-src 'self';frame-ancestors 'self'"
+
 php:
   php_cli_memory_limit: "2048M"
   fpm_memory_limit: "2048M"

From d0c00bbe269381a4b472c6306d37e253bfb5232e Mon Sep 17 00:00:00 2001
From: Nicolas Maillat <maillat@alchemy.fr>
Date: Fri, 22 Sep 2023 12:16:40 +0200
Subject: [PATCH 2/3] PHRAS-3920 phraseanet-ftp  PVC in cronjob_phraseanet.yaml

---
 charts/phraseanet/templates/cronjob_phraseanet.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/charts/phraseanet/templates/cronjob_phraseanet.yaml b/charts/phraseanet/templates/cronjob_phraseanet.yaml
index cfda46e..16e7de2 100644
--- a/charts/phraseanet/templates/cronjob_phraseanet.yaml
+++ b/charts/phraseanet/templates/cronjob_phraseanet.yaml
@@ -33,6 +33,9 @@ spec:
           - name: phraseanet-custom
             persistentVolumeClaim:
               claimName: {{ $.Values.app.pvc_name.custom }}
+          - name: phraseanet-ftp
+            persistentVolumeClaim:
+              claimName: {{ .Values.app.pvc.ftp.name }}
           - name: phraseanet-tmp
             emptyDir:
           - name: phraseanet-logs
@@ -103,4 +106,4 @@ spec:
 
 {{- end }}
 {{- end }}
-{{- end }}       
\ No newline at end of file
+{{- end }}       

From 8dacf19da4b7c47f041d5d361d619ad01d475d6f Mon Sep 17 00:00:00 2001
From: moctardiouf <diouf@alchemy.fr>
Date: Fri, 22 Sep 2023 12:20:21 +0200
Subject: [PATCH 3/3] remove csp default value

---
 charts/phraseanet/templates/gateway.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/charts/phraseanet/templates/gateway.yml b/charts/phraseanet/templates/gateway.yml
index f19b3be..c651bd2 100644
--- a/charts/phraseanet/templates/gateway.yml
+++ b/charts/phraseanet/templates/gateway.yml
@@ -70,7 +70,6 @@ spec:
         - name: "GATEWAY_USERS"
           value: {{ .Values.http.gateway_users }}
         - name: "GATEWAY_CSP"
-          # value: {{ .Values.http.gateway_csp }} # this variable should be used when available
-          value: {{ "default-src 'self' 127.0.0.1 https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 data: ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ;style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443;img-src 'self' data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443 ; object-src 'self';frame-ancestors 'self'"  }}
-
+          value: {{ .Values.http.gateway_csp }}
 {{- end }}
+