Merge pull request #6 from PacoVK/elasticsearch-auth

allow configuring elasticsearch auth
PacoVK · Jun 4, 2024 · acd4894 · acd4894
2 parents 53dc8b3 + b0da82d
commit acd4894
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 4 deletions.
diff --git a/charts/Chart.yaml b/charts/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: "0.6.3"
+appVersion: "0.7.2"
 kubeVersion: ">=1.23.0-0"
 description: A Helm chart for Tapir, a private Terraform registry.
 name: tapir

diff --git a/charts/README.md b/charts/README.md
@@ -56,7 +56,7 @@ NAME: my-release
 | createClusterRoles | bool | `true` | Create roles for cluster-wide installation |
 | deployment.affinity | object | `{}` | Assign custom affinity rules to the deployment |
 | deployment.annotations | object | `{}` | Annotations to be added to `tapir` deployment |
-| deployment.configuration | object | `{"apiMaxBodySize":"100M","auth":{"attribute":{"email":"email","familyName":"family_name","givenName":"given_name","prefUsername":"preferred_username"},"clientID":"","clientSecret":"","endSessionPath":"/protocol/openid-connect/logout","endpoint":"","path":"","roleSource":"accesstoken","tokenPath":""},"backend":{"cosmosDB":{"endpoint":"","masterKey":""},"elasticsearch":{"host":""},"type":"dynamodb"},"gpg":{"keyArmor":"","keyID":""},"storage":{"azureBlob":{"bucketName":"tf-registry","connectionString":""},"localRegistry":{"hostname":"localhost","port":443},"s3":{"bucketName":"tf-registry","bucketRegion":"eu-central-1"},"storageAccessDuration":5,"type":"s3"}}` | Deployment's configuration, populates all the required environmental variables |
+| deployment.configuration | object | `{"apiMaxBodySize":"100M","auth":{"attribute":{"email":"email","familyName":"family_name","givenName":"given_name","prefUsername":"preferred_username"},"clientID":"","clientSecret":"","endSessionPath":"/protocol/openid-connect/logout","endpoint":"","path":"","roleSource":"accesstoken","tokenPath":""},"backend":{"cosmosDB":{"endpoint":"","masterKey":""},"elasticsearch":{"host":"","password":"","user":""},"type":"dynamodb"},"gpg":{"keyArmor":"","keyID":""},"storage":{"azureBlob":{"bucketName":"tf-registry","connectionString":""},"localRegistry":{"hostname":"localhost","port":443},"s3":{"bucketName":"tf-registry","bucketRegion":"eu-central-1"},"storageAccessDuration":5,"type":"s3"}}` | Deployment's configuration, populates all the required environmental variables |
 | deployment.configuration.apiMaxBodySize | string | `"100M"` | The maximum payload size for module/providers to be uploaded |
 | deployment.configuration.auth | object | `{"attribute":{"email":"email","familyName":"family_name","givenName":"given_name","prefUsername":"preferred_username"},"clientID":"","clientSecret":"","endSessionPath":"/protocol/openid-connect/logout","endpoint":"","path":"","roleSource":"accesstoken","tokenPath":""}` | OpenID Connect (OIDC) configuration |
 | deployment.configuration.auth.attribute | object | `{"email":"email","familyName":"family_name","givenName":"given_name","prefUsername":"preferred_username"}` | OIDC attribute names |
@@ -71,12 +71,14 @@ NAME: my-release
 | deployment.configuration.auth.path | string | `""` | Relative path or absolute URL of the OIDC authorization endpoint |
 | deployment.configuration.auth.roleSource | string | `"accesstoken"` | The source of the role claim in the access token |
 | deployment.configuration.auth.tokenPath | string | `""` | Relative path or absolute URL of the OIDC token endpoint which issues access and refresh tokens |
-| deployment.configuration.backend | object | `{"cosmosDB":{"endpoint":"","masterKey":""},"elasticsearch":{"host":""},"type":"dynamodb"}` | Database backend configuration |
+| deployment.configuration.backend | object | `{"cosmosDB":{"endpoint":"","masterKey":""},"elasticsearch":{"host":"","password":"","user":""},"type":"dynamodb"}` | Database backend configuration |
 | deployment.configuration.backend.cosmosDB | object | `{"endpoint":"","masterKey":""}` | CosmosDB backend configuration |
 | deployment.configuration.backend.cosmosDB.endpoint | string | `""` | CosmosDB endpoint |
 | deployment.configuration.backend.cosmosDB.masterKey | string | `""` | CosmosDB master key |
-| deployment.configuration.backend.elasticsearch | object | `{"host":""}` | Elasticsearch backend configuration |
+| deployment.configuration.backend.elasticsearch | object | `{"host":"","password":"","user":""}` | Elasticsearch backend configuration |
 | deployment.configuration.backend.elasticsearch.host | string | `""` | Elasticsearch host |
+| deployment.configuration.backend.elasticsearch.password | string | `""` | Elasticsearch password (optional) |
+| deployment.configuration.backend.elasticsearch.user | string | `""` | Elasticsearch username (optional) |
 | deployment.configuration.backend.type | string | `"dynamodb"` | One of: elasticsearch,dynamodb,cosmosdb |
 | deployment.configuration.gpg | object | `{"keyArmor":"","keyID":""}` | GPG configuration |
 | deployment.configuration.gpg.keyArmor | string | `""` | Ascii armored and bas64 encoded GPG public key (only RSA/DSA supported) |

diff --git a/charts/templates/_env.tpl b/charts/templates/_env.tpl
@@ -12,6 +12,14 @@ Generate Tapir configuration with environment variables.
 - name: BACKEND_ELASTICSEARCH_HOST
   value: {{ . }}
 {{- end }}
+{{- with $config.backend.elasticsearch.user }}
+- name: BACKEND_ELASTICSEARCH_USER
+  value: {{ . }}
+{{- end }}
+{{- with $config.backend.elasticsearch.password }}
+- name: BACKEND_ELASTICSEARCH_PASSWORD
+  value: {{ . }}
+{{- end }}
 {{- end }}
 {{- if (eq $config.backend.type "cosmosdb") }}
 {{- with $config.backend.cosmosDB.endpoint }}

diff --git a/charts/values.yaml b/charts/values.yaml
@@ -133,6 +133,10 @@ deployment:
       elasticsearch:
         # -- Elasticsearch host
         host: ""
+        # -- Elasticsearch username (optional)
+        user: ""
+        # -- Elasticsearch password (optional)
+        password: ""
 
       # -- CosmosDB backend configuration
       ## Applies if backend.type is equal to "cosmosdb"