Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: unified approach for secrets referencing (and disabling) #189

Merged
merged 7 commits into from
Dec 5, 2023
Merged

feat: unified approach for secrets referencing (and disabling) #189

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c627688
:tada: Init
mgorsk1 Oct 19, 2023
674627f
:recycle: Refactoring code.
mgorsk1 Oct 19, 2023
373191e
:recycle: Refactoring code.
mgorsk1 Oct 19, 2023
71a73e3
:bug: Fixes
Oct 19, 2023
330269f
:tada: Init
mgorsk1 Oct 19, 2023
01e5d3f
:rewind: Reverting changes.
Nov 2, 2023
c85de4f
Merge branch 'main' into feat/unify-collecting-from-secrets
akash-jain-10 Dec 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 40 additions & 13 deletions charts/openmetadata/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ Create the name of the service account to use
{{- if .Values.serviceAccount.create }}
{{- default (include "OpenMetadata.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- default "default" (tpl .Values.serviceAccount.name .) }}
{{- end }}
{{- end }}

Expand Down Expand Up @@ -88,7 +88,7 @@ command:
{{- end }}
{{- end }}

{{/*
{{/*
Warning to update openmetadata global keyword to openmetadata.config */}}
{{- define "error-message" }}
{{- printf "Error: %s" . | fail }}
Expand All @@ -98,16 +98,18 @@ Warning to update openmetadata global keyword to openmetadata.config */}}
OpenMetadata Configurations Environment Variables*/}}
{{- define "OpenMetadata.configs" -}}
{{- if .Values.openmetadata.config.fernetkey.secretRef -}}
{{- with .Values.openmetadata.config.fernetkey -}}
- name: FERNET_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.openmetadata.config.fernetkey.secretRef }}
key: {{ .Values.openmetadata.config.fernetkey.secretKey }}
name: {{ .secretRef }}
key: {{ .secretKey }}
{{- end }}
{{ else }}
- name: FERNET_KEY
valueFrom:
secretKeyRef:
name: {{ include "OpenMetadata.fullname" . }}-secret
name: {{ include "OpenMetadata.fullname" . }}-secret
key: FERNET_KEY
{{- end }}
- name: EVENT_MONITOR
Expand All @@ -121,7 +123,7 @@ OpenMetadata Configurations Environment Variables*/}}
- name: MASK_PASSWORDS_API
value: '{{ .Values.openmetadata.config.maskPasswordsApi }}'
- name: OPENMETADATA_CLUSTER_NAME
value: "{{ .Values.openmetadata.config.clusterName }}"
value: "{{ tpl .Values.openmetadata.config.clusterName . }}"
- name: OM_URI
value: "{{ .Values.openmetadata.config.openmetadata.uri }}"
- name: LOG_LEVEL
Expand Down Expand Up @@ -177,13 +179,15 @@ OpenMetadata Configurations Environment Variables*/}}
value: "{{ .Values.openmetadata.config.authentication.ldapConfiguration.port }}"
- name: AUTHENTICATION_LOOKUP_ADMIN_DN
value: "{{ .Values.openmetadata.config.authentication.ldapConfiguration.dnAdminPrincipal }}"
{{- if .Values.openmetadata.config.authentication.ldapConfiguration.dnAdminPassword.secretRef }}
{{- with .Values.openmetadata.config.authentication.ldapConfiguration.dnAdminPassword }}
- name: AUTHENTICATION_LOOKUP_ADMIN_PWD
valueFrom:
secretKeyRef:
name: {{ .secretRef }}
key: {{ .secretKey }}
{{- end }}
{{- end }}
- name: AUTHENTICATION_USER_LOOKUP_BASEDN
value: "{{ .Values.openmetadata.config.authentication.ldapConfiguration.userBaseDN }}"
- name: AUTHENTICATION_USER_MAIL_ATTR
Expand All @@ -197,13 +201,15 @@ OpenMetadata Configurations Environment Variables*/}}
{{- if eq .Values.openmetadata.config.authentication.ldapConfiguration.truststoreConfigType "CustomTrustStore" }}
- name: AUTHENTICATION_LDAP_TRUSTSTORE_PATH
value: "{{ .Values.openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.trustStoreFilePath }}"
{{- if .Values.openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.trustStoreFilePassword.secretRef }}
{{- with .Values.openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.trustStoreFilePassword }}
- name: AUTHENTICATION_LDAP_KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .secretRef }}
key: {{ .secretKey }}
{{- end }}
{{- end }}
- name: AUTHENTICATION_LDAP_SSL_KEY_FORMAT
value: "{{ .Values.openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.customTrustManagerConfig.trustStoreFileFormat }}"
- name: AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST
Expand All @@ -217,11 +223,11 @@ OpenMetadata Configurations Environment Variables*/}}
- name: AUTHENTICATION_LDAP_ALLOWED_HOSTNAMES
value: "{{ .Values.openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.hostNameConfig.acceptableHostNames }}"
{{- end }}
{{- if eq .Values.openmetadata.config.authentication.ldapConfiguration.truststoreConfigType "JVMDefault" }}
{{- if eq .Values.openmetadata.config.authentication.ldapConfiguration.truststoreConfigType "JVMDefault" }}
- name: AUTHENTICATION_LDAP_SSL_VERIFY_CERT_HOST
value: "{{ .Values.openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.jvmDefaultConfig.verifyHostname }}"
{{- end }}
{{- if eq .Values.openmetadata.config.authentication.ldapConfiguration.truststoreConfigType "TrustAll" }}
{{- if eq .Values.openmetadata.config.authentication.ldapConfiguration.truststoreConfigType "TrustAll" }}
- name: AUTHENTICATION_LDAP_EXAMINE_VALIDITY_DATES
value: "{{ .Values.openmetadata.config.authentication.ldapConfiguration.trustStoreConfig.trustAllConfig.examineValidityDates }}"
{{- end }}
Expand All @@ -233,13 +239,15 @@ OpenMetadata Configurations Environment Variables*/}}
value: "{{ .Values.openmetadata.config.authentication.saml.idp.entityId }}"
- name: SAML_IDP_SSO_LOGIN_URL
value: "{{ .Values.openmetadata.config.authentication.saml.idp.ssoLoginUrl }}"
{{- if .Values.openmetadata.config.authentication.saml.idp.idpX509Certificate.secretRef }}
{{- with .Values.openmetadata.config.authentication.saml.idp.idpX509Certificate }}
- name: SAML_IDP_CERTIFICATE
valueFrom:
secretKeyRef:
name: {{ .secretRef }}
key: {{ .secretKey }}
{{- end }}
{{- end }}
- name: SAML_AUTHORITY_URL
value: "{{ .Values.openmetadata.config.authentication.saml.idp.authorityUrl }}"
- name: SAML_IDP_NAME_ID
Expand All @@ -248,13 +256,15 @@ OpenMetadata Configurations Environment Variables*/}}
value: "{{ .Values.openmetadata.config.authentication.saml.sp.entityId }}"
- name: SAML_SP_ACS
value: "{{ .Values.openmetadata.config.authentication.saml.sp.acs }}"
{{- if .Values.openmetadata.config.authentication.saml.sp.spX509Certificate.secretRef }}
{{- with .Values.openmetadata.config.authentication.saml.sp.spX509Certificate }}
- name: SAML_SP_CERTIFICATE
valueFrom:
secretKeyRef:
name: {{ .secretRef }}
key: {{ .secretKey }}
{{- end }}
{{- end }}
{{- end }}
- name: SAML_SP_CALLBACK
value: "{{ .Values.openmetadata.config.authentication.saml.sp.callback }}"
- name: SAML_STRICT_MODE
Expand All @@ -279,13 +289,16 @@ OpenMetadata Configurations Environment Variables*/}}
# Key Store should only be considered if either wantAssertionEncrypted or wantNameIdEncrypted will be true
- name: SAML_KEYSTORE_FILE_PATH
value: "{{ .Values.openmetadata.config.authentication.saml.security.keyStoreFilePath }}"
{{- if .Values.openmetadata.config.authentication.saml.security.keyStoreAlias.secretRef }}
{{- with .Values.openmetadata.config.authentication.saml.security.keyStoreAlias }}
- name: SAML_KEYSTORE_ALIAS
valueFrom:
secretKeyRef:
name: {{ .secretRef }}
key: {{ .secretKey }}
{{- end }}
{{- end }}
{{- if .Values.openmetadata.config.authentication.saml.security.keyStorePassword.secretRef }}
{{- with .Values.openmetadata.config.authentication.saml.security.keyStorePassword }}
- name: SAML_KEYSTORE_PASSWORD
valueFrom:
Expand All @@ -295,6 +308,7 @@ OpenMetadata Configurations Environment Variables*/}}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: ELASTICSEARCH_HOST
value: "{{ .Values.openmetadata.config.elasticsearch.host }}"
- name: SEARCH_TYPE
Expand All @@ -311,16 +325,19 @@ OpenMetadata Configurations Environment Variables*/}}
{{- with .Values.openmetadata.config.elasticsearch.auth }}
- name: ELASTICSEARCH_USER
value: "{{ .username }}"
{{- if .password.secretRef }}
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .password.secretRef }}
key: {{ .password.secretKey }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.openmetadata.config.elasticsearch.trustStore.enabled }}
- name: ELASTICSEARCH_TRUST_STORE_PATH
value: {{.Values.openmetadata.config.elasticsearch.trustStore.path }}
{{- if .Values.openmetadata.config.elasticsearch.trustStore.password.secretRef }}
{{- with .Values.openmetadata.config.elasticsearch.trustStore }}
- name: ELASTICSEARCH_TRUST_STORE_PASSWORD
valueFrom:
Expand All @@ -329,19 +346,22 @@ OpenMetadata Configurations Environment Variables*/}}
key: {{ .password.secretKey }}
{{- end }}
{{- end }}
{{- end }}
- name: DB_HOST
value: "{{ .Values.openmetadata.config.database.host }}"
value: "{{ tpl .Values.openmetadata.config.database.host . }}"
- name: DB_PORT
value: "{{ .Values.openmetadata.config.database.port }}"
{{- with .Values.openmetadata.config.database.auth }}
- name: DB_USER
value: "{{ .username }}"
{{- if .password.secretRef }}
- name: DB_USER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .password.secretRef }}
key: {{ .password.secretKey }}
{{- end }}
{{- end }}
- name: OM_DATABASE
value: "{{ .Values.openmetadata.config.database.databaseName }}"
- name: DB_DRIVER_CLASS
Expand All @@ -358,11 +378,12 @@ OpenMetadata Configurations Environment Variables*/}}
- name: PIPELINE_SERVICE_IP_INFO_ENABLED
value: "{{ .Values.openmetadata.config.pipelineServiceClientConfig.ingestionIpInfoEnabled }}"
- name: PIPELINE_SERVICE_CLIENT_ENDPOINT
value: "{{ .Values.openmetadata.config.pipelineServiceClientConfig.apiEndpoint }}"
value: "{{ tpl .Values.openmetadata.config.pipelineServiceClientConfig.apiEndpoint . }}"
{{ if .Values.openmetadata.config.pipelineServiceClientConfig.auth.enabled }}
{{- with .Values.openmetadata.config.pipelineServiceClientConfig.auth }}
- name: AIRFLOW_USERNAME
value: "{{ .username }}"
{{- if .password.secretRef }}
- name: AIRFLOW_PASSWORD
valueFrom:
secretKeyRef:
Expand All @@ -375,24 +396,27 @@ OpenMetadata Configurations Environment Variables*/}}
- name: PIPELINE_SERVICE_CLIENT_HOST_IP
value: "{{ .Values.openmetadata.config.pipelineServiceClientConfig.hostIp }}"
- name: PIPELINE_SERVICE_CLIENT_HEALTH_CHECK_INTERVAL
value: "{{ .Values.openmetadata.config.pipelineServiceClientConfig.healthCheckInterval }}"
value: "{{ .Values.openmetadata.config.pipelineServiceClientConfig.healthCheckInterval }}"
- name: PIPELINE_SERVICE_CLIENT_SSL_CERT_PATH
value: "{{ .Values.openmetadata.config.pipelineServiceClientConfig.sslCertificatePath }}"
- name: SERVER_HOST_API_URL
value: "{{ .Values.openmetadata.config.pipelineServiceClientConfig.metadataApiEndpoint }}"
value: "{{ tpl .Values.openmetadata.config.pipelineServiceClientConfig.metadataApiEndpoint . }}"
{{- end }}
- name: SECRET_MANAGER
value: "{{ .Values.openmetadata.config.secretsManager.provider }}"
{{- if .Values.openmetadata.config.secretsManager.additionalParameters.enabled }}
- name: OM_SM_REGION
value: "{{ .Values.openmetadata.config.secretsManager.additionalParameters.region }}"
{{- if .Values.openmetadata.config.secretsManager.additionalParameters.accessKeyId.secretRef -}}
{{- with .Values.openmetadata.config.secretsManager.additionalParameters.accessKeyId }}
- name: OM_SM_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ .secretRef }}
key: {{ .secretKey }}
{{- end }}
{{- end }}
{{- if .Values.openmetadata.config.secretsManager.additionalParameters.secretAccessKey.secretRef }}
{{- with .Values.openmetadata.config.secretsManager.additionalParameters.secretAccessKey }}
- name: OM_SM_ACCESS_KEY
valueFrom:
Expand All @@ -401,6 +425,7 @@ OpenMetadata Configurations Environment Variables*/}}
key: {{ .secretKey }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.openmetadata.config.smtpConfig.enableSmtpServer }}
- name: OM_EMAIL_ENTITY
value: "{{ .Values.openmetadata.config.smtpConfig.emailingEntity }}"
Expand All @@ -416,13 +441,15 @@ OpenMetadata Configurations Environment Variables*/}}
value: "{{ .Values.openmetadata.config.smtpConfig.serverPort }}"
- name: SMTP_SERVER_USERNAME
value: "{{ .Values.openmetadata.config.smtpConfig.username }}"
{{- if .Values.openmetadata.config.smtpConfig.password.secretRef }}
{{- with .Values.openmetadata.config.smtpConfig.password }}
- name: SMTP_SERVER_PWD
valueFrom:
secretKeyRef:
name: {{ .secretRef }}
key: {{ .secretKey }}
{{- end }}
{{- end }}
- name: SMTP_SERVER_STRATEGY
value: "{{ .Values.openmetadata.config.smtpConfig.transportationStrategy }}"
- name: OPENMETADATA_SMTP_SENDER_MAIL
Expand Down
Loading