Update helm chart with optional objectStorage config

bcgov · Sep 11, 2023 · d5941ae · d5941ae
1 parent fdcf16c
commit d5941ae
Show file tree

Hide file tree

Showing 13 changed files with 24 additions and 16 deletions.
diff --git a/.github/environments/values.dev.yaml b/.github/environments/values.dev.yaml
@@ -1,6 +1,7 @@
 ---
 features:
   basicAuth: true
+  defaultBucket: false
   oidcAuth: true
 
 autoscaling:
@@ -18,9 +19,6 @@ config:
       MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy7zfh2ZgpDV5mH/aXyLDTddZK81rGakJcTy4KvCNOkDDxt1KAhW02lmbCo8YhHCOzjNZBp1+Vi6QiMRgBqAe2GTPZYEiV70aXfROGZe3Nvwcjbtki6HoyRte3SpqLJEIPL2F+hjJkw1UPGnjPTWZkEx9p74b9i3BjuE8RnjJ0Sza2MWw83zoQUZEJRGiopSL0yuVej6t2LO2btVdVf7QuZfPt9ehkcQYlPKpVvJA+pfeqPAdnNt7OjEIeYxinjurZr8Z04hz8UhkRefcWlSbFzFQYmL7O7iArjW0bsSvq8yNUd5r0KCOQkFduwZy26yTzTxj8OLFT91fEmbBBl4rQIDAQAB
     KC_REALM: standard
     KC_SERVERURL: "https://dev.loginproxy.gov.bc.ca/auth"
-    OBJECTSTORAGE_BUCKET: egejyy
-    OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca"
-    # OBJECTSTORAGE_KEY: ~
     SERVER_BODYLIMIT: 30mb
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http

diff --git a/.github/environments/values.pr.yaml b/.github/environments/values.pr.yaml
@@ -2,6 +2,7 @@
 features:
   basicAuth: true
   oidcAuth: true
+  defaultBucket: false
 
 patroni:
   enabled: true

diff --git a/.github/environments/values.prod.yaml b/.github/environments/values.prod.yaml
@@ -1,6 +1,7 @@
 ---
 features:
   basicAuth: true
+  defaultBucket: true
   oidcAuth: true
 
 autoscaling:
@@ -18,9 +19,6 @@ config:
       MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHiuPKOkpkq4GXN1ktr23rJtDl6Vdu/Y37ZAd3PnQ8/IDfAODvy1Y81aAUZicKe9egolv+OTRANN3yOg+TAbRhkeXLE5p/473EK0aQ0NazTCuWo6Am3oDQ7Yt8x0pw56/qcLtkTuXNyo5EnVV2Z2BzCnnaL31JOhyitolku0DNT6GDoRBmT4o2ItqEVHk5nM25cf1t2zbwI2790W6if1B2qVRkxxivS8tbH7nYC61Is3XCPockKptkH22cm2ZQJmtYd5sZKuXaGsvtyzHmn8/l0Kd1xnHmUu4JNuQ67YiNZGu3hOkrF0Js3BzAk1Qm4kvYRaxbJFCs/qokLZ4Z0W9wIDAQAB
     KC_REALM: standard
     KC_SERVERURL: "https://loginproxy.gov.bc.ca/auth"
-    OBJECTSTORAGE_BUCKET: egejyy
-    OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca"
-    # OBJECTSTORAGE_KEY: ~
     SERVER_BODYLIMIT: 30mb
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http

diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml
@@ -1,6 +1,7 @@
 ---
 features:
   basicAuth: true
+  defaultBucket: false
   oidcAuth: true
 
 autoscaling:
@@ -18,9 +19,6 @@ config:
       MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFdv9GA83uHuy8Eu9yiZHGGF9j6J8t7FkbcpaN81GDjwbjsIJ0OJO9dKRAx6BAtTC4ubJTBJMPvQER5ikOhIeBi4o25fg61jpgsU6oRZHkCXc9gX6mrjMjbsPaf3/bjjYxP5jicBDJQeD1oRa24+tiGggoQ7k6gDEN+cRYqqNpzC/GQbkUPk8YsgroncEgu8ChMh/3ERsLV2zorchMANUq76max16mHrhtWIQxrb/STpSt4JuSlUzzBV/dcXjJe5gywZHe0jAutFhNqjHzHdgyaC4RAd3eYQo+Kl/JOgy2AZrnx+CiPmvOJKe9tAW4k4H087ng8aVE40v4HW/FEbnwIDAQAB
     KC_REALM: standard
     KC_SERVERURL: "https://test.loginproxy.gov.bc.ca/auth"
-    OBJECTSTORAGE_BUCKET: egejyy
-    OBJECTSTORAGE_ENDPOINT: "https://nrs.objectstore.gov.bc.ca"
-    # OBJECTSTORAGE_KEY: ~
     SERVER_BODYLIMIT: 30mb
     # SERVER_LOGFILE: ~
     SERVER_LOGLEVEL: http

diff --git a/app/README.md b/app/README.md
@@ -82,6 +82,7 @@ The following variables enable and enforce the use of OIDC Bearer Authentication
 
 | Config Var | Env Var | Default | Notes |
 | --- | --- | --- | --- |
+| `enabled` | `OBJECTSTORAGE_ENABLED` | | Whether to run COMS with a default bucket |
 | `accessKeyId` | `OBJECTSTORAGE_ACCESSKEYID` | | The Access Key for your S3 compatible object storage account  |
 | `bucket` | `OBJECTSTORAGE_BUCKET` | | The object storage bucket name |
 | `endpoint` | `OBJECTSTORAGE_ENDPOINT` | | Object store URL. eg: `https://nrs.objectstore.gov.bc.ca` |
@@ -122,6 +123,7 @@ Run COMS in **Unauthenticated mode** (replace environment values as necessary)
 
 ``` sh
 docker run -it --rm -p 3000:3000 \
+  -e OBJECTSTORAGE_ENABLED=true \
   -e OBJECTSTORAGE_ACCESSKEYID=<Access Key ID for your S3 account> \
   -e OBJECTSTORAGE_BUCKET=<Object storage bucket name> \
   -e OBJECTSTORAGE_ENDPOINT=<Object store URL. eg: https://nrs.objectstore.gov.bc.ca> \
@@ -134,6 +136,7 @@ Run COMS in **Basic Auth mode** (replace environment values as necessary)
 
 ``` sh
 docker run -it --rm -p 3000:3000 \
+  -e OBJECTSTORAGE_ENABLED=true \
   -e OBJECTSTORAGE_ACCESSKEYID=<Access Key ID for your S3 account> \
   -e OBJECTSTORAGE_BUCKET=<Object storage bucket name> \
   -e OBJECTSTORAGE_ENDPOINT=<Object store URL. eg: https://nrs.objectstore.gov.bc.ca> \
@@ -158,6 +161,7 @@ Run COMS in **OIDC Auth Mode** (replace environment values as necessary)
 
 ``` sh
 docker run -it --rm -p 3000:3000 \
+  -e OBJECTSTORAGE_ENABLED=true \
   -e OBJECTSTORAGE_ACCESSKEYID=<Access Key ID for your S3 account> \
   -e OBJECTSTORAGE_BUCKET=<Object storage bucket name> \
   -e OBJECTSTORAGE_ENDPOINT=<Object store URL. eg: https://nrs.objectstore.gov.bc.ca> \
@@ -178,6 +182,7 @@ Run COMS in **Full Auth Mode** (replace environment values as necessary)
 
 ``` sh
 docker run -it --rm -p 3000:3000 \
+  -e OBJECTSTORAGE_ENABLED=true \
   -e OBJECTSTORAGE_ACCESSKEYID=<Access Key ID for your S3 account> \
   -e OBJECTSTORAGE_BUCKET=<Object storage bucket name> \
   -e OBJECTSTORAGE_ENDPOINT=<Object store URL. eg: https://nrs.objectstore.gov.bc.ca> \
@@ -233,6 +238,7 @@ To run COMS in Full Auth mode you will want your `local.json` to have the follow
     "serverUrl": "<OIDC server auth URL>"
   },
   "objectStorage": {
+    "enabled": true,
     "secretAccessKey": "<Secret Access Key for your S3 compatible object storage account>",
     "key": "<base path for storage location>",
     "accessKeyId": "<Access Key ID for your S3 account>",

diff --git a/app/app.js b/app/app.js
@@ -216,7 +216,7 @@ function initializeConnections() {
       if (state.connections.data) {
         log.info('DataConnection Reachable', { function: 'initializeConnections' });
       }
-      if (config.has('objectStorage')) {
+      if (config.has('objectStorage.enabled')) {
         readUnique(config.get('objectStorage')).then(() => {
           log.error('Default bucket cannot also exist in database', { function: 'initializeConnections' });
           fatalErrorHandler();

diff --git a/app/config/custom-environment-variables.json b/app/config/custom-environment-variables.json
@@ -25,6 +25,7 @@
   "objectStorage": {
     "accessKeyId": "OBJECTSTORAGE_ACCESSKEYID",
     "bucket": "OBJECTSTORAGE_BUCKET",
+    "enabled": "OBJECTSTORAGE_ENABLED",
     "endpoint": "OBJECTSTORAGE_ENDPOINT",
     "key": "OBJECTSTORAGE_KEY",
     "secretAccessKey": "OBJECTSTORAGE_SECRETACCESSKEY"

diff --git a/app/src/components/utils.js b/app/src/components/utils.js
@@ -73,16 +73,16 @@ const utils = {
       const data = { region: DEFAULTREGION };
       if (bucketId) {
         // Function scoped import to avoid circular dependencies
-        const { bucketService } = require('../services');
-        const bucketData = await bucketService.read(bucketId);
+        const { read } = require('../services/bucket');
+        const bucketData = await read(bucketId);
 
         data.accessKeyId = bucketData.accessKeyId;
         data.bucket = bucketData.bucket;
         data.endpoint = bucketData.endpoint;
         data.key = bucketData.key;
         data.secretAccessKey = bucketData.secretAccessKey;
         if (bucketData.region) data.region = bucketData.region;
-      } else if (config.has('objectStorage')) {
+      } else if (config.has('objectStorage') && config.has('objectStorage.enabled')) {
         data.accessKeyId = config.get('objectStorage.accessKeyId');
         data.bucket = config.get('objectStorage.bucket');
         data.endpoint = config.get('objectStorage.endpoint');

diff --git a/charts/coms/Chart.yaml b/charts/coms/Chart.yaml
@@ -3,7 +3,7 @@ name: common-object-management-service
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.17
+version: 0.0.18
 kubeVersion: ">= 1.13.0"
 description: A microservice for managing access control to S3 Objects
 # A chart can be either an 'application' or a 'library' chart.

diff --git a/charts/coms/README.md b/charts/coms/README.md
@@ -1,6 +1,6 @@
 # common-object-management-service
 
-![Version: 0.0.17](https://img.shields.io/badge/Version-0.0.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
+![Version: 0.0.18](https://img.shields.io/badge/Version-0.0.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
 
 A microservice for managing access control to S3 Objects
 
@@ -42,6 +42,7 @@ Kubernetes: `>= 1.13.0`
 | dbSecretOverride.username | string | `nil` |  |
 | failurePolicy | string | `"Retry"` |  |
 | features.basicAuth | bool | `false` | Specifies whether basic auth is enabled |
+| features.defaultBucket | bool | `false` | Specifies whether a default bucket is enabled |
 | features.oidcAuth | bool | `false` | Specifies whether oidc auth is enabled |
 | fullnameOverride | string | `nil` | String to fully override fullname |
 | image.pullPolicy | string | `"IfNotPresent"` |  |

diff --git a/charts/coms/templates/deploymentconfig.yaml b/charts/coms/templates/deploymentconfig.yaml
@@ -148,6 +148,7 @@ spec:
                   key: password
                   name: {{ include "coms.configname" . }}-keycloak
             {{- end }}
+            {{- if or .Values.features.defaultBucket .Values.config.configMap.OBJECTSTORAGE_ENABLED }}
             - name: OBJECTSTORAGE_ACCESSKEYID
               valueFrom:
                 secretKeyRef:
@@ -158,6 +159,7 @@ spec:
                 secretKeyRef:
                   key: password
                   name: {{ include "coms.configname" . }}-objectstorage
+            {{- end }}
             - name: SERVER_PASSPHRASE
               valueFrom:
                 secretKeyRef:

diff --git a/charts/coms/templates/secret.yaml b/charts/coms/templates/secret.yaml
@@ -62,7 +62,7 @@ data:
   password: {{ .Values.keycloakSecretOverride.password | b64enc | quote }}
   username: {{ .Values.keycloakSecretOverride.username | b64enc | quote }}
 {{- end }}
-{{- if and (not $osSecret) (and .Values.objectStorageSecretOverride.password .Values.objectStorageSecretOverride.username) }}
+{{- if and .Values.features.defaultBucket (not $osSecret) (and .Values.objectStorageSecretOverride.password .Values.objectStorageSecretOverride.username) }}
 ---
 apiVersion: v1
 kind: Secret

diff --git a/charts/coms/values.yaml b/charts/coms/values.yaml
@@ -106,6 +106,8 @@ resources:
 features:
   # -- Specifies whether basic auth is enabled
   basicAuth: false
+  # -- Specifies whether a default bucket is enabled
+  defaultBucket: false
   # -- Specifies whether oidc auth is enabled
   oidcAuth: false
 
@@ -139,6 +141,7 @@ config:
     KC_SERVERURL: ~
 
     OBJECTSTORAGE_BUCKET: ~
+    # OBJECTSTORAGE_ENABLED: "true"
     OBJECTSTORAGE_ENDPOINT: ~
     OBJECTSTORAGE_KEY: ~