Fix ambassador bug (#100)

* Fix ambassador bug * Add updates to db setup job and various small updates * Update chart versions
uc-cdis · Feb 21, 2023 · 598f4ec · 598f4ec
1 parent 021372e
commit 598f4ec
Show file tree

Hide file tree

Showing 48 changed files with 253 additions and 159 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-02-16T19:19:56Z",
+  "generated_at": "2023-02-21T02:49:06Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -195,7 +195,7 @@
         "type": "Secret Keyword"
       },
       {
-        "hashed_secret": "abb751db44bcfd1bb9d4ad53e40138422abd739e",
+        "hashed_secret": "f09dd6e359833a12f48c4c4255d6e87a6e55cfe9",
         "is_secret": false,
         "is_verified": false,
         "line_number": 224,
@@ -262,18 +262,11 @@
         "hashed_secret": "5d07e1b80e448a213b392049888111e1779a52db",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1861,
+        "line_number": 1862,
         "type": "Secret Keyword"
       }
     ],
     "helm/gen3/README.md": [
-      {
-        "hashed_secret": "f9db05bf9c2df78d6167ff9134c11eda23511de3",
-        "is_secret": false,
-        "is_verified": false,
-        "line_number": 64,
-        "type": "Secret Keyword"
-      },
       {
         "hashed_secret": "4caa5dcab48a481e96f4352e45459c0ecd6f3cf7",
         "is_secret": false,
@@ -285,14 +278,14 @@
         "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 77,
+        "line_number": 78,
         "type": "Secret Keyword"
       },
       {
         "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 79,
+        "line_number": 80,
         "type": "Secret Keyword"
       }
     ],
@@ -301,14 +294,14 @@
         "hashed_secret": "2546383b95bb44732e9be6a877fd476c0442fdab",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 62,
+        "line_number": 60,
         "type": "Secret Keyword"
       },
       {
         "hashed_secret": "d84ce25b0f9bc2cc263006ae39453efb22cc2900",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 64,
+        "line_number": 62,
         "type": "Secret Keyword"
       }
     ],
@@ -449,7 +442,7 @@
         "type": "Basic Auth Credentials"
       }
     ],
-    "helm/peregrine/peregrine-secret/wsgi.py": [
+    "helm/peregrine/peregrine-secret/settings.py": [
       {
         "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
         "is_secret": false,

diff --git a/helm/ambassador/Chart.yaml b/helm/ambassador/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 0.1.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/helm/ambassador/README.md b/helm/ambassador/README.md
@@ -1,6 +1,6 @@
 # ambassador
 
-![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square)
+![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.2](https://img.shields.io/badge/AppVersion-1.4.2-informational?style=flat-square)
 
 A Helm chart for deploying ambassador for gen3
 

diff --git a/helm/ambassador/templates/deployment.yaml b/helm/ambassador/templates/deployment.yaml
@@ -18,7 +18,10 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        {{- toYaml .Values.podLabels | nindent 8 }}
+        app: ambassador
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end}}
     spec:
       affinity:
         podAntiAffinity:

diff --git a/helm/ambassador/values.yaml b/helm/ambassador/values.yaml
@@ -39,7 +39,6 @@ podAnnotations:
 # -- (map) Labels to add to the pod.
 podLabels:
 
-
 # -- (map) Pod-level security context.
 podSecurityContext:
   runAsUser: 8888

diff --git a/helm/arborist/Chart.yaml b/helm/arborist/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 0.1.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -25,5 +25,5 @@ appVersion: "master"
 
 dependencies:
 - name: common
-  version: 0.1.2
+  version: 0.1.3
   repository: file://../common
diff --git a/helm/arborist/README.md b/helm/arborist/README.md
@@ -1,14 +1,14 @@
 # arborist
 
-![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
+![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
 
 A Helm chart for gen3 arborist
 
 ## Requirements
 
 | Repository | Name | Version |
 |------------|------|---------|
-| file://../common | common | 0.1.2 |
+| file://../common | common | 0.1.3 |
 
 ## Values
 

diff --git a/helm/audit/Chart.yaml b/helm/audit/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 0.1.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -24,5 +24,5 @@ appVersion: "master"
 
 dependencies:
 - name: common
-  version: 0.1.2
+  version: 0.1.3
   repository: file://../common
diff --git a/helm/audit/README.md b/helm/audit/README.md
@@ -1,14 +1,14 @@
 # audit
 
-![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
+![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
 
 A Helm chart for Kubernetes
 
 ## Requirements
 
 | Repository | Name | Version |
 |------------|------|---------|
-| file://../common | common | 0.1.2 |
+| file://../common | common | 0.1.3 |
 
 ## Values
 

diff --git a/helm/common/Chart.yaml b/helm/common/Chart.yaml
@@ -15,7 +15,7 @@ type: library
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 0.1.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/helm/common/README.md b/helm/common/README.md
@@ -1,6 +1,6 @@
 # common
 
-![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
+![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
 
 A Helm chart for provisioning databases in gen3
 

diff --git a/helm/common/templates/_db_setup_job.tpl b/helm/common/templates/_db_setup_job.tpl
@@ -122,11 +122,11 @@ spec:
               kubectl patch secret/{{ .Chart.Name }}-dbcreds -p '{"data":{"dbcreated":"dHJ1ZQo="}}'
             else
               echo "database does not exist"
-              psql -tc "SELECT 1 FROM pg_database WHERE datname = '$SERVICE_PGDB'" | grep -q 1 || psql -c "CREATE DATABASE $SERVICE_PGDB;"
-              gen3_log_info psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER $SERVICE_PGUSER WITH PASSWORD '$SERVICE_PGPASS';"
-              psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER $SERVICE_PGUSER WITH PASSWORD '$SERVICE_PGPASS';"
-              psql -c "GRANT ALL ON DATABASE $SERVICE_PGDB TO $SERVICE_PGUSER WITH GRANT OPTION;"
-              psql -d $SERVICE_PGDB -c "CREATE EXTENSION ltree; ALTER ROLE $SERVICE_PGUSER WITH LOGIN"
+              psql -tc "SELECT 1 FROM pg_database WHERE datname = '$SERVICE_PGDB'" | grep -q 1 || psql -c "CREATE DATABASE \"$SERVICE_PGDB\";"
+              gen3_log_info psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER \"$SERVICE_PGUSER\" WITH PASSWORD '$SERVICE_PGPASS';"
+              psql -tc "SELECT 1 FROM pg_user WHERE usename = '$SERVICE_PGUSER'" | grep -q 1 || psql -c "CREATE USER \"$SERVICE_PGUSER\" WITH PASSWORD '$SERVICE_PGPASS';"
+              psql -c "GRANT ALL ON DATABASE \"$SERVICE_PGDB\" TO \"$SERVICE_PGUSER\" WITH GRANT OPTION;"
+              psql -d $SERVICE_PGDB -c "CREATE EXTENSION ltree; ALTER ROLE \"$SERVICE_PGUSER\" WITH LOGIN"
               PGPASSWORD=$SERVICE_PGPASS psql -d $SERVICE_PGDB -h $PGHOST -p $PGPORT -U $SERVICE_PGUSER -c "\conninfo"
 
               # Update secret to signal that db has been created, and services can start

diff --git a/helm/common/templates/_get_or_generate_secret.tpl b/helm/common/templates/_get_or_generate_secret.tpl
@@ -0,0 +1,34 @@
+{{/*
+Helper function to generate or retrieve a secret value.
+
+This function takes the following parameters:
+- `value` (optional): The secret value to use if it's not empty. If this parameter is set, the function will return this value without looking up or generating a new one.
+- `secretName` (optional): The name of the secret that contains the value. If `value` is not set, the function will attempt to retrieve the value from this secret. If this parameter is not set or the secret does not exist, a new value will be generated.
+- `secretKey` (optional): The key in the secret that contains the value. If `value` is not set and `secretName` is set, the function will attempt to retrieve the value from this key in the secret. If this parameter is not set or the key does not exist in the secret, a new value will be generated.
+- `secretLength` (optional, default 20): The length of the value to generate if it needs to be generated.
+
+Usage:
+{{ include "common.getOrGenSecret" (list "mysecretvalue" "mysecret" "mysecretkey" 16 .) }}
+*/}}
+{{- define "common.getOrGenSecret" -}}
+{{- $value := index . 0 -}}
+{{- $secretName := index . 1 -}}
+{{- $secretKey := index . 2 -}}
+{{- $secretLength := index . 3 -}}
+{{- $nameSpace := index . 4 -}}
+{{- if $value -}}
+{{- $value = $value | b64enc -}}
+{{- end -}}
+{{- if not $value -}}
+  {{- if $secret := lookup "v1" "Secret" $nameSpace $secretName -}}
+    {{- if hasKey $secret.data $secretKey -}}
+        {{- $value = index $secret.data $secretKey  -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if not $value -}}
+    {{- $value = randAlphaNum $secretLength -}}
+    {{- $value = $value | b64enc -}}
+  {{- end -}}
+{{- end -}}
+{{- $value -}}
+{{- end -}}
diff --git a/helm/fence/Chart.yaml b/helm/fence/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.2
+version: 0.1.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -24,7 +24,7 @@ appVersion: "master"
 
 dependencies:
 - name: common
-  version: 0.1.2
+  version: 0.1.3
   repository: file://../common
 - name: postgresql
   version: 11.9.13

diff --git a/helm/fence/README.md b/helm/fence/README.md
@@ -1,14 +1,14 @@
 # fence
 
-![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
+![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square)
 
 A Helm chart for gen3 Fence
 
 ## Requirements
 
 | Repository | Name | Version |
 |------------|------|---------|
-| file://../common | common | 0.1.2 |
+| file://../common | common | 0.1.3 |
 | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 |
 
 ## Values
@@ -221,7 +221,7 @@ A Helm chart for gen3 Fence
 | nodeSelector | map | `{}` | Node Selector for the pods |
 | podAnnotations | map | `{}` | Annotations to add to the pod |
 | podSecurityContext | map | `{"fsGroup":101}` | Security context for the pod |
-| postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you |
+| postgres | map | `{"database":null,"dbCreate":null,"dbRestore":false,"host":null,"password":null,"port":"5432","separate":false,"username":null}` | Postgres database configuration. If db does not exist in postgres cluster and dbCreate is set ot true then these databases will be created for you |
 | postgres.database | string | `nil` | Database name for postgres. This is a service override, defaults to <serviceName>-<releaseName> |
 | postgres.dbCreate | bool | `nil` | Whether the database should be created. Default to global.postgres.dbCreate |
 | postgres.host | string | `nil` | Hostname for postgres server. This is a service override, defaults to global.postgres.host |

diff --git a/helm/fence/values.yaml b/helm/fence/values.yaml
@@ -65,6 +65,7 @@ postgres:
   port: "5432"
   # -- (string) Password for Postgres. Will be autogenerated if left empty.
   password:
+  separate: false
 
 # -- (int) Number of desired replicas
 replicaCount: 1