From 2d6d5a8ac0cdfbeeb77780d312ec314b3b27e019 Mon Sep 17 00:00:00 2001 From: afreyermuth98 <56300858+afreyermuth98@users.noreply.github.com> Date: Wed, 21 Feb 2024 12:47:07 +0100 Subject: [PATCH] =?UTF-8?q?:bug:=20Allow=20external=20redis/rabbitmq=20sec?= =?UTF-8?q?ret=20creation=20even=20if=20the=20broke=E2=80=A6=20(#3903)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # What this PR does This PR allows the chart to create the secret of your redis / rabbitmq even if it's not the broker. Actually, this is blocking if we want to have a redis as cache and a rabbitmq as broker for example ## Which issue(s) this PR fixes Closes https://github.com/grafana/oncall/issues/2979 ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [x] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required) --------- Co-authored-by: Joey Orlando Co-authored-by: Joey Orlando --- CHANGELOG.md | 1 + helm/oncall/templates/secrets.yaml | 4 +- helm/oncall/tests/broker_secret_test.yaml | 113 ++++++++++++++++++++++ 3 files changed, 116 insertions(+), 2 deletions(-) create mode 100644 helm/oncall/tests/broker_secret_test.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index bb10c37e..c37ea3e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Unblock slack install by skipping check chatops gateway link in OSS deployment @mderynck ([#3893](https://github.com/grafana/oncall/pull/3893)) - Fix multiple issues of alert groups table ([#3894](https://github.com/grafana/oncall/issues/3894)) - Improvements for dragging the add rotation form in Schedules ([#3904](https://github.com/grafana/oncall/pull/3904)) +- Allow external-redis secret creation when the broker is rabbitmq ([#3903](https://github.com/grafana/oncall/pull/3903)) ### Changed diff --git a/helm/oncall/templates/secrets.yaml b/helm/oncall/templates/secrets.yaml index 821592fa..40a02694 100644 --- a/helm/oncall/templates/secrets.yaml +++ b/helm/oncall/templates/secrets.yaml @@ -46,7 +46,7 @@ data: postgres-password: {{ required "externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret" .Values.externalPostgresql.password | b64enc | quote }} --- {{- end }} -{{- if and (eq .Values.broker.type "rabbitmq") (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingSecret) }} +{{- if and (eq .Values.broker.type "rabbitmq") (.Values.externalRabbitmq.password) (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingSecret) }} apiVersion: v1 kind: Secret metadata: @@ -61,7 +61,7 @@ data: rabbitmq-password: {{ required "externalRabbitmq.password is required if not rabbitmq.enabled and not externalRabbitmq.existingSecret" .Values.externalRabbitmq.password | b64enc | quote }} --- {{- end }} -{{- if and (eq .Values.broker.type "redis") (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) }} +{{- if and (.Values.externalRedis.host) (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) }} apiVersion: v1 kind: Secret metadata: diff --git a/helm/oncall/tests/broker_secret_test.yaml b/helm/oncall/tests/broker_secret_test.yaml new file mode 100644 index 00000000..c74c0126 --- /dev/null +++ b/helm/oncall/tests/broker_secret_test.yaml @@ -0,0 +1,113 @@ +suite: test broker secrets creation +release: + name: oncall +templates: + - engine/deployment.yaml + - celery/deployment.yaml + - secrets.yaml +tests: + - it: externalRedis.password and broker.type="rabbitmq" -> should create secret -redis-external + templates: + - engine/deployment.yaml + - celery/deployment.yaml + set: + telegramPolling.enabled: true + rabbitmq.enabled: true + redis.enabled: false + broker.type: rabbitmq + externalRedis: + host: redis.example.com + username: user123 + password: abcd123 + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_USERNAME + value: user123 + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: oncall-redis-external + key: redis-password + - containsDocument: + kind: Secret + apiVersion: v1 + metadata.name: oncall-redis-external + template: secrets.yaml + - equal: + path: data.redis-password + value: abcd123 + decodeBase64: true + documentIndex: 1 + template: secrets.yaml + - it: | + externalRedis.password and externalRabbitmq.password -> should create secret + -redis-external and -rabbitmq-external + templates: + - engine/deployment.yaml + - celery/deployment.yaml + set: + rabbitmq.enabled: false + redis.enabled: false + broker.type: rabbitmq + externalRedis: + host: redis.example.com + username: user123 + password: abcd123 + externalRabbitmq: + host: custom-host + user: custom-user + password: custom-password + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: RABBITMQ_USERNAME + value: custom-user + - contains: + path: spec.template.spec.containers[0].env + content: + name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + key: rabbitmq-password + name: oncall-rabbitmq-external + - containsDocument: + kind: Secret + apiVersion: v1 + metadata.name: oncall-rabbitmq-external + template: secrets.yaml + - equal: + path: data.rabbitmq-password + value: custom-password + decodeBase64: true + documentIndex: 1 + template: secrets.yaml + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_USERNAME + value: user123 + - contains: + path: spec.template.spec.containers[0].env + content: + name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: oncall-redis-external + key: redis-password + - containsDocument: + kind: Secret + apiVersion: v1 + metadata.name: oncall-redis-external + template: secrets.yaml + - equal: + path: data.redis-password + value: abcd123 + decodeBase64: true + documentIndex: 2 + template: secrets.yaml