fix: enable secrets deprecation flag in alpha by default (#2081)

.github/config/external-secret.yaml

@@ -41,3 +41,75 @@ spec:
     remoteRef:
       key: ci-distro-ultrawombat-com
       property: tls.key
+
+---
+
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: camunda-helm-existing-secrets
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: distribution-team
+  target:
+    name: integration-test  # name of the k8s Secret to be created
+  data:
+  - secretKey: client-secret
+    remoteRef:
+      key: integration-test
+      property: client-secret
+  - secretKey: identity-firstuser-password
+    remoteRef:
+      key: integration-test
+      property: identity-firstuser-password
+  - secretKey: operate-secret
+    remoteRef:
+      key: integration-test
+      property: operate-secret
+  - secretKey: tasklist-secret
+    remoteRef:
+      key: integration-test
+      property: tasklist-secret
+  - secretKey: optimize-secret
+    remoteRef:
+      key: integration-test
+      property: optimize-secret
+  - secretKey: connectors-secret
+    remoteRef:
+      key: integration-test
+      property: connectors-secret
+  - secretKey: console-secret
+    remoteRef:
+      key: integration-test
+      property: console-secret
+  - secretKey: keycloak-secret
+    remoteRef:
+      key: integration-test
+      property: keycloak-secret
+  - secretKey: zeebe-secret
+    remoteRef:
+      key: integration-test
+      property: zeebe-secret
+  - secretKey: admin-password
+    remoteRef:
+      key: integration-test
+      property: admin-password
+  - secretKey: management-password
+    remoteRef:
+      key: integration-test
+      property: management-password
+  - secretKey: postgres-password
+    remoteRef:
+      key: integration-test
+      property: postgres-password
+  - secretKey: password
+    remoteRef:
+      key: integration-test
+      property: password
+  - secretKey: smtp-password
+    remoteRef:
+      key: integration-test
+      property: smtp-password
+

.github/workflows/test-regression.yaml

@@ -84,3 +84,4 @@ jobs:
       flows: "install,upgrade"
       camunda-helm-dir: "camunda-platform-${{ matrix.version }}"
       camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}"
+      caller-git-ref: "${{ github.event.pull_request.head.sha }}"

charts/camunda-platform-8.2/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml

@@ -15,20 +15,38 @@ global:
   identity:
     auth:
       publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform"
+      connectors:
+        existingSecret:
+          name: "integration-test"
       operate:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/operate"
+        existingSecret:
+          name: "integration-test"
       tasklist:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist"
+        existingSecret:
+          name: "integration-test"
       optimize:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize"
+        existingSecret:
+          name: "integration-test"
       webModeler:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler"
+      zeebe:
+        existingSecret:
+          name: "integration-test"
 
 identity:
   contextPath: "/identity"
   fullURL: "https://{{ .Values.global.ingress.host }}/identity"
   firstUser:
     existingSecret: "integration-test"
+  keycloak:
+    auth:
+      existingSecret: "integration-test"
+    postgresql:
+      auth:
+        existingSecret: "integration-test"
 
 operate:
   contextPath: "/operate"

charts/camunda-platform-8.2/test/integration/scenarios/common/values-integration-test.yaml

@@ -1,6 +1,3 @@
-test:
-  integration: true
-
 identity:
   # Keycloak client seed which is used to query Camunda Platform APIs. 
   env:

charts/camunda-platform-8.3/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml

@@ -15,22 +15,42 @@ global:
   identity:
     auth:
       publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform"
+      connectors:
+        existingSecret:
+          name: "integration-test"
       console:
         redirectUrl: "https://{{ .Values.global.ingress.host }}"
+        existingSecret:
+          name: "integration-test"
       operate:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/operate"
+        existingSecret:
+          name: "integration-test"
       tasklist:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist"
+        existingSecret:
+          name: "integration-test"
       optimize:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize"
+        existingSecret:
+          name: "integration-test"
       webModeler:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler"
+      zeebe:
+        existingSecret:
+          name: "integration-test"
 
 identity:
   contextPath: "/identity"
   fullURL: "https://{{ .Values.global.ingress.host }}/identity"
   firstUser:
     existingSecret: "integration-test"
+  keycloak:
+    auth:
+      existingSecret: "integration-test"
+    postgresql:
+      auth:
+        existingSecret: "integration-test"
 
 operate:
   contextPath: "/operate"
@@ -55,6 +75,8 @@ webModeler:
     mail:
       # This value is required, otherwise the restapi pod wouldn't start.
       fromAddress: [email protected]
+      existingSecret:
+        name: "integration-test"
 
 # database used by Web Modeler
 postgresql:

charts/camunda-platform-8.3/test/integration/scenarios/common/values-integration-test.yaml

@@ -1,6 +1,3 @@
-test:
-  integration: true
-
 identity:
   # Keycloak client seed which is used to query Camunda APIs. 
   env:

charts/camunda-platform-8.4/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml

@@ -15,23 +15,48 @@ global:
   identity:
     auth:
       publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform"
+      connectors:
+        existingSecret:
+          name: "integration-test"
       console:
         redirectUrl: "https://{{ .Values.global.ingress.host }}"
+        existingSecret:
+          name: "integration-test"
       operate:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/operate"
+        existingSecret:
+          name: "integration-test"
       tasklist:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist"
+        existingSecret:
+          name: "integration-test"
       optimize:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize"
+        existingSecret:
+          name: "integration-test"
       webModeler:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler"
+      zeebe:
+        existingSecret:
+          name: "integration-test"
 
 identity:
   contextPath: "/identity"
   fullURL: "https://{{ .Values.global.ingress.host }}/identity"
   firstUser:
     existingSecret: "integration-test"
 
+identityKeycloak:
+  postgresql:
+    auth:
+      existingSecret: "integration-test"
+  auth:
+    existingSecret: "integration-test"
+
+identityPostgresql:
+  auth:
+    existingSecret: "integration-test"
+
 operate:
   contextPath: "/operate"
 

charts/camunda-platform-8.4/test/integration/scenarios/common/values-integration-test.yaml

@@ -1,6 +1,3 @@
-test:
-  integration: true
-
 identity:
   # Keycloak client seed which is used to query Camunda APIs.
   env:

charts/camunda-platform-alpha/templates/camunda/constraints.tpl

@@ -129,7 +129,7 @@ Fail with a message if zeebeGateway.contextPath and zeebeGateway.ingress.rest.pa
     {{- end }}
 
     {{ if and (.Values.webModeler.enabled) (not .Values.webModeler.restapi.mail.existingSecret) }}
-      {{- $existingSecretsNotConfigured = append $existingSecretsNotConfigured "webModeler.mail.existingSecret.name" }}
+      {{- $existingSecretsNotConfigured = append $existingSecretsNotConfigured "webModeler.restapi.mail.existingSecret.name" }}
     {{- end }}
 
     {{- if $existingSecretsNotConfigured }}
@@ -160,6 +160,7 @@ data:
   management-password: <base64-encoded-secret> # used for keycloak
   postgres-password: <base64-encoded-secret> # used for postgresql admin password
   password: <base64-encoded-secret> # used for postgresql user password
+  smtp-password: <base64-encoded-secret> # used for web modeler mail
 
 The following values inside your values.yaml need to be set but were not:
       `
@@ -196,6 +197,7 @@ data:
   management-password: <base64-encoded-secret> # used for keycloak
   postgres-password: <base64-encoded-secret> # used for postgresql admin password
   password: <base64-encoded-secret> # used for postgresql user password
+  smtp-password: <base64-encoded-secret> # used for web modeler mail
 
 The following values inside your values.yaml need to be set but were not:
       `

charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml

@@ -14,22 +14,47 @@ global:
   identity:
     auth:
       publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform"
+      connectors:
+        existingSecret:
+          name: "integration-test"
       console:
         redirectUrl: "https://{{ .Values.global.ingress.host }}"
+        existingSecret:
+          name: "integration-test"
       operate:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/operate"
+        existingSecret:
+          name: "integration-test"
       tasklist:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist"
+        existingSecret:
+          name: "integration-test"
       optimize:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize"
+        existingSecret:
+          name: "integration-test"
       webModeler:
         redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler"
+      zeebe:
+        existingSecret:
+          name: "integration-test"
 
 identity:
   contextPath: "/identity"
   firstUser:
     existingSecret: "integration-test"
 
+identityKeycloak:
+  postgresql:
+    auth:
+      existingSecret: "integration-test"
+  auth:
+    existingSecret: "integration-test"
+
+identityPostgresql:
+  auth:
+    existingSecret: "integration-test"
+
 operate:
   contextPath: "/operate"
 
@@ -53,10 +78,14 @@ webModeler:
     mail:
       # This value is required, otherwise the restapi pod wouldn't start.
       fromAddress: [email protected]
+      existingSecret:
+        name: "integration-test"
 
 # WebModeler Database.
 postgresql:
   enabled: true
+  auth:
+    existingSecret: "integration-test"
 
 zeebeGateway:
   contextPath: "/zeebe"

charts/camunda-platform-alpha/test/integration/scenarios/common/values-integration-test.yaml

@@ -1,6 +1,3 @@
-test:
-  integration: true
-
 identity:
   # Keycloak client seed which is used to query Camunda APIs.
   env:

charts/camunda-platform-alpha/values.yaml

@@ -59,7 +59,7 @@ global:
   ## @skip global.testDeprecationFlags
   testDeprecationFlags:
     ## @skip global.testDeprecationFlags.existingSecretsMustBeSet give error or warning when existingSecret is not set
-    existingSecretsMustBeSet: "ignore"
+    existingSecretsMustBeSet: "warning"
 
   ## @param global.annotations Annotations can be used to define common annotations, which should be applied to all deployments
   annotations: {}