From b791f4cd6ac3859112b07a89fa6bc89a46d08313 Mon Sep 17 00:00:00 2001 From: Jesse Simpson Date: Thu, 15 Aug 2024 11:45:05 -0400 Subject: [PATCH] fix: enable secrets deprecation flag in alpha by default (#2081) --- .github/config/external-secret.yaml | 72 +++++++++++++++++++ .github/workflows/test-regression.yaml | 1 + .../tests/integration-test-secret.yaml | 12 ---- .../values-integration-test-ingress.yaml | 18 +++++ .../common/values-integration-test.yaml | 3 - .../tests/integration-test-secret.yaml | 12 ---- .../values-integration-test-ingress.yaml | 22 ++++++ .../common/values-integration-test.yaml | 3 - .../tests/integration-test-secret.yaml | 12 ---- .../values-integration-test-ingress.yaml | 25 +++++++ .../common/values-integration-test.yaml | 3 - .../templates/camunda/constraints.tpl | 4 +- .../tests/integration-test-secret.yaml | 12 ---- .../values-integration-test-ingress.yaml | 29 ++++++++ .../common/values-integration-test.yaml | 3 - charts/camunda-platform-alpha/values.yaml | 2 +- .../tests/integration-test-secret.yaml | 12 ---- .../values-integration-test-ingress.yaml | 29 ++++++++ .../common/values-integration-test.yaml | 3 - .../scenarios/lib/chart-upgrade-taskfile.yaml | 29 -------- .../testsuites/core/patches/job.yaml | 10 +-- 21 files changed, 205 insertions(+), 111 deletions(-) delete mode 100644 charts/camunda-platform-8.2/templates/tests/integration-test-secret.yaml delete mode 100644 charts/camunda-platform-8.3/templates/tests/integration-test-secret.yaml delete mode 100644 charts/camunda-platform-8.4/templates/tests/integration-test-secret.yaml delete mode 100644 charts/camunda-platform-alpha/templates/tests/integration-test-secret.yaml delete mode 100644 charts/camunda-platform-latest/templates/tests/integration-test-secret.yaml diff --git a/.github/config/external-secret.yaml b/.github/config/external-secret.yaml index 6523657739..87acb4ed3f 100644 --- a/.github/config/external-secret.yaml +++ b/.github/config/external-secret.yaml @@ -41,3 +41,75 @@ spec: remoteRef: key: ci-distro-ultrawombat-com property: tls.key + +--- + +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: camunda-helm-existing-secrets +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: distribution-team + target: + name: integration-test # name of the k8s Secret to be created + data: + - secretKey: client-secret + remoteRef: + key: integration-test + property: client-secret + - secretKey: identity-firstuser-password + remoteRef: + key: integration-test + property: identity-firstuser-password + - secretKey: operate-secret + remoteRef: + key: integration-test + property: operate-secret + - secretKey: tasklist-secret + remoteRef: + key: integration-test + property: tasklist-secret + - secretKey: optimize-secret + remoteRef: + key: integration-test + property: optimize-secret + - secretKey: connectors-secret + remoteRef: + key: integration-test + property: connectors-secret + - secretKey: console-secret + remoteRef: + key: integration-test + property: console-secret + - secretKey: keycloak-secret + remoteRef: + key: integration-test + property: keycloak-secret + - secretKey: zeebe-secret + remoteRef: + key: integration-test + property: zeebe-secret + - secretKey: admin-password + remoteRef: + key: integration-test + property: admin-password + - secretKey: management-password + remoteRef: + key: integration-test + property: management-password + - secretKey: postgres-password + remoteRef: + key: integration-test + property: postgres-password + - secretKey: password + remoteRef: + key: integration-test + property: password + - secretKey: smtp-password + remoteRef: + key: integration-test + property: smtp-password + diff --git a/.github/workflows/test-regression.yaml b/.github/workflows/test-regression.yaml index c045e415c7..6545138b85 100644 --- a/.github/workflows/test-regression.yaml +++ b/.github/workflows/test-regression.yaml @@ -84,3 +84,4 @@ jobs: flows: "install,upgrade" camunda-helm-dir: "camunda-platform-${{ matrix.version }}" camunda-helm-git-ref: "${{ github.event.pull_request.head.sha }}" + caller-git-ref: "${{ github.event.pull_request.head.sha }}" diff --git a/charts/camunda-platform-8.2/templates/tests/integration-test-secret.yaml b/charts/camunda-platform-8.2/templates/tests/integration-test-secret.yaml deleted file mode 100644 index 22033dc5c2..0000000000 --- a/charts/camunda-platform-8.2/templates/tests/integration-test-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if (.Values.test).integration }} -apiVersion: v1 -kind: Secret -metadata: - name: integration-test - labels: - test: integration -type: Opaque -data: - client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "client-secret" "length" 16 "providedValues" (list "test.existingSecret") "context" $) }} - identity-firstuser-password: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "identity-firstuser-password" "length" 16 "providedValues" (list "") "context" $) }} -{{- end }} diff --git a/charts/camunda-platform-8.2/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml b/charts/camunda-platform-8.2/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml index 5a09ec8f60..0406e957d7 100644 --- a/charts/camunda-platform-8.2/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml +++ b/charts/camunda-platform-8.2/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml @@ -15,20 +15,38 @@ global: identity: auth: publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform" + connectors: + existingSecret: + name: "integration-test" operate: redirectUrl: "https://{{ .Values.global.ingress.host }}/operate" + existingSecret: + name: "integration-test" tasklist: redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist" + existingSecret: + name: "integration-test" optimize: redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize" + existingSecret: + name: "integration-test" webModeler: redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler" + zeebe: + existingSecret: + name: "integration-test" identity: contextPath: "/identity" fullURL: "https://{{ .Values.global.ingress.host }}/identity" firstUser: existingSecret: "integration-test" + keycloak: + auth: + existingSecret: "integration-test" + postgresql: + auth: + existingSecret: "integration-test" operate: contextPath: "/operate" diff --git a/charts/camunda-platform-8.2/test/integration/scenarios/common/values-integration-test.yaml b/charts/camunda-platform-8.2/test/integration/scenarios/common/values-integration-test.yaml index cd10658d2d..8a18b3e45a 100644 --- a/charts/camunda-platform-8.2/test/integration/scenarios/common/values-integration-test.yaml +++ b/charts/camunda-platform-8.2/test/integration/scenarios/common/values-integration-test.yaml @@ -1,6 +1,3 @@ -test: - integration: true - identity: # Keycloak client seed which is used to query Camunda Platform APIs. env: diff --git a/charts/camunda-platform-8.3/templates/tests/integration-test-secret.yaml b/charts/camunda-platform-8.3/templates/tests/integration-test-secret.yaml deleted file mode 100644 index 22033dc5c2..0000000000 --- a/charts/camunda-platform-8.3/templates/tests/integration-test-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if (.Values.test).integration }} -apiVersion: v1 -kind: Secret -metadata: - name: integration-test - labels: - test: integration -type: Opaque -data: - client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "client-secret" "length" 16 "providedValues" (list "test.existingSecret") "context" $) }} - identity-firstuser-password: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "identity-firstuser-password" "length" 16 "providedValues" (list "") "context" $) }} -{{- end }} diff --git a/charts/camunda-platform-8.3/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml b/charts/camunda-platform-8.3/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml index 27923d6c7c..03a2f0a34a 100644 --- a/charts/camunda-platform-8.3/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml +++ b/charts/camunda-platform-8.3/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml @@ -15,22 +15,42 @@ global: identity: auth: publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform" + connectors: + existingSecret: + name: "integration-test" console: redirectUrl: "https://{{ .Values.global.ingress.host }}" + existingSecret: + name: "integration-test" operate: redirectUrl: "https://{{ .Values.global.ingress.host }}/operate" + existingSecret: + name: "integration-test" tasklist: redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist" + existingSecret: + name: "integration-test" optimize: redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize" + existingSecret: + name: "integration-test" webModeler: redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler" + zeebe: + existingSecret: + name: "integration-test" identity: contextPath: "/identity" fullURL: "https://{{ .Values.global.ingress.host }}/identity" firstUser: existingSecret: "integration-test" + keycloak: + auth: + existingSecret: "integration-test" + postgresql: + auth: + existingSecret: "integration-test" operate: contextPath: "/operate" @@ -55,6 +75,8 @@ webModeler: mail: # This value is required, otherwise the restapi pod wouldn't start. fromAddress: noreply@example.com + existingSecret: + name: "integration-test" # database used by Web Modeler postgresql: diff --git a/charts/camunda-platform-8.3/test/integration/scenarios/common/values-integration-test.yaml b/charts/camunda-platform-8.3/test/integration/scenarios/common/values-integration-test.yaml index 053a6ce370..a735166d41 100644 --- a/charts/camunda-platform-8.3/test/integration/scenarios/common/values-integration-test.yaml +++ b/charts/camunda-platform-8.3/test/integration/scenarios/common/values-integration-test.yaml @@ -1,6 +1,3 @@ -test: - integration: true - identity: # Keycloak client seed which is used to query Camunda APIs. env: diff --git a/charts/camunda-platform-8.4/templates/tests/integration-test-secret.yaml b/charts/camunda-platform-8.4/templates/tests/integration-test-secret.yaml deleted file mode 100644 index 22033dc5c2..0000000000 --- a/charts/camunda-platform-8.4/templates/tests/integration-test-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if (.Values.test).integration }} -apiVersion: v1 -kind: Secret -metadata: - name: integration-test - labels: - test: integration -type: Opaque -data: - client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "client-secret" "length" 16 "providedValues" (list "test.existingSecret") "context" $) }} - identity-firstuser-password: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "identity-firstuser-password" "length" 16 "providedValues" (list "") "context" $) }} -{{- end }} diff --git a/charts/camunda-platform-8.4/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml b/charts/camunda-platform-8.4/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml index b8a9c94d22..1df6f49555 100644 --- a/charts/camunda-platform-8.4/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml +++ b/charts/camunda-platform-8.4/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml @@ -15,16 +15,30 @@ global: identity: auth: publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform" + connectors: + existingSecret: + name: "integration-test" console: redirectUrl: "https://{{ .Values.global.ingress.host }}" + existingSecret: + name: "integration-test" operate: redirectUrl: "https://{{ .Values.global.ingress.host }}/operate" + existingSecret: + name: "integration-test" tasklist: redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist" + existingSecret: + name: "integration-test" optimize: redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize" + existingSecret: + name: "integration-test" webModeler: redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler" + zeebe: + existingSecret: + name: "integration-test" identity: contextPath: "/identity" @@ -32,6 +46,17 @@ identity: firstUser: existingSecret: "integration-test" +identityKeycloak: + postgresql: + auth: + existingSecret: "integration-test" + auth: + existingSecret: "integration-test" + +identityPostgresql: + auth: + existingSecret: "integration-test" + operate: contextPath: "/operate" diff --git a/charts/camunda-platform-8.4/test/integration/scenarios/common/values-integration-test.yaml b/charts/camunda-platform-8.4/test/integration/scenarios/common/values-integration-test.yaml index b7b00d7b6a..69fd2e9fa5 100644 --- a/charts/camunda-platform-8.4/test/integration/scenarios/common/values-integration-test.yaml +++ b/charts/camunda-platform-8.4/test/integration/scenarios/common/values-integration-test.yaml @@ -1,6 +1,3 @@ -test: - integration: true - identity: # Keycloak client seed which is used to query Camunda APIs. env: diff --git a/charts/camunda-platform-alpha/templates/camunda/constraints.tpl b/charts/camunda-platform-alpha/templates/camunda/constraints.tpl index 17700f05d5..80e10db182 100644 --- a/charts/camunda-platform-alpha/templates/camunda/constraints.tpl +++ b/charts/camunda-platform-alpha/templates/camunda/constraints.tpl @@ -129,7 +129,7 @@ Fail with a message if zeebeGateway.contextPath and zeebeGateway.ingress.rest.pa {{- end }} {{ if and (.Values.webModeler.enabled) (not .Values.webModeler.restapi.mail.existingSecret) }} - {{- $existingSecretsNotConfigured = append $existingSecretsNotConfigured "webModeler.mail.existingSecret.name" }} + {{- $existingSecretsNotConfigured = append $existingSecretsNotConfigured "webModeler.restapi.mail.existingSecret.name" }} {{- end }} {{- if $existingSecretsNotConfigured }} @@ -160,6 +160,7 @@ data: management-password: # used for keycloak postgres-password: # used for postgresql admin password password: # used for postgresql user password + smtp-password: # used for web modeler mail The following values inside your values.yaml need to be set but were not: ` @@ -196,6 +197,7 @@ data: management-password: # used for keycloak postgres-password: # used for postgresql admin password password: # used for postgresql user password + smtp-password: # used for web modeler mail The following values inside your values.yaml need to be set but were not: ` diff --git a/charts/camunda-platform-alpha/templates/tests/integration-test-secret.yaml b/charts/camunda-platform-alpha/templates/tests/integration-test-secret.yaml deleted file mode 100644 index 22033dc5c2..0000000000 --- a/charts/camunda-platform-alpha/templates/tests/integration-test-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if (.Values.test).integration }} -apiVersion: v1 -kind: Secret -metadata: - name: integration-test - labels: - test: integration -type: Opaque -data: - client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "client-secret" "length" 16 "providedValues" (list "test.existingSecret") "context" $) }} - identity-firstuser-password: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "identity-firstuser-password" "length" 16 "providedValues" (list "") "context" $) }} -{{- end }} diff --git a/charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml b/charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml index f5d7534a0f..cc34e50b24 100644 --- a/charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml +++ b/charts/camunda-platform-alpha/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml @@ -14,22 +14,47 @@ global: identity: auth: publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform" + connectors: + existingSecret: + name: "integration-test" console: redirectUrl: "https://{{ .Values.global.ingress.host }}" + existingSecret: + name: "integration-test" operate: redirectUrl: "https://{{ .Values.global.ingress.host }}/operate" + existingSecret: + name: "integration-test" tasklist: redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist" + existingSecret: + name: "integration-test" optimize: redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize" + existingSecret: + name: "integration-test" webModeler: redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler" + zeebe: + existingSecret: + name: "integration-test" identity: contextPath: "/identity" firstUser: existingSecret: "integration-test" +identityKeycloak: + postgresql: + auth: + existingSecret: "integration-test" + auth: + existingSecret: "integration-test" + +identityPostgresql: + auth: + existingSecret: "integration-test" + operate: contextPath: "/operate" @@ -53,10 +78,14 @@ webModeler: mail: # This value is required, otherwise the restapi pod wouldn't start. fromAddress: noreply@example.com + existingSecret: + name: "integration-test" # WebModeler Database. postgresql: enabled: true + auth: + existingSecret: "integration-test" zeebeGateway: contextPath: "/zeebe" diff --git a/charts/camunda-platform-alpha/test/integration/scenarios/common/values-integration-test.yaml b/charts/camunda-platform-alpha/test/integration/scenarios/common/values-integration-test.yaml index 87dcac1882..3c3f061b46 100644 --- a/charts/camunda-platform-alpha/test/integration/scenarios/common/values-integration-test.yaml +++ b/charts/camunda-platform-alpha/test/integration/scenarios/common/values-integration-test.yaml @@ -1,6 +1,3 @@ -test: - integration: true - identity: # Keycloak client seed which is used to query Camunda APIs. env: diff --git a/charts/camunda-platform-alpha/values.yaml b/charts/camunda-platform-alpha/values.yaml index 333ac7b57b..d6374b1942 100644 --- a/charts/camunda-platform-alpha/values.yaml +++ b/charts/camunda-platform-alpha/values.yaml @@ -59,7 +59,7 @@ global: ## @skip global.testDeprecationFlags testDeprecationFlags: ## @skip global.testDeprecationFlags.existingSecretsMustBeSet give error or warning when existingSecret is not set - existingSecretsMustBeSet: "ignore" + existingSecretsMustBeSet: "warning" ## @param global.annotations Annotations can be used to define common annotations, which should be applied to all deployments annotations: {} diff --git a/charts/camunda-platform-latest/templates/tests/integration-test-secret.yaml b/charts/camunda-platform-latest/templates/tests/integration-test-secret.yaml deleted file mode 100644 index 22033dc5c2..0000000000 --- a/charts/camunda-platform-latest/templates/tests/integration-test-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if (.Values.test).integration }} -apiVersion: v1 -kind: Secret -metadata: - name: integration-test - labels: - test: integration -type: Opaque -data: - client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "client-secret" "length" 16 "providedValues" (list "test.existingSecret") "context" $) }} - identity-firstuser-password: {{ include "common.secrets.passwords.manage" (dict "secret" "integration-test" "key" "identity-firstuser-password" "length" 16 "providedValues" (list "") "context" $) }} -{{- end }} diff --git a/charts/camunda-platform-latest/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml b/charts/camunda-platform-latest/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml index f5d7534a0f..cc34e50b24 100644 --- a/charts/camunda-platform-latest/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml +++ b/charts/camunda-platform-latest/test/integration/scenarios/chart-full-setup/values-integration-test-ingress.yaml @@ -14,22 +14,47 @@ global: identity: auth: publicIssuerUrl: "https://{{ .Values.global.ingress.host }}/auth/realms/camunda-platform" + connectors: + existingSecret: + name: "integration-test" console: redirectUrl: "https://{{ .Values.global.ingress.host }}" + existingSecret: + name: "integration-test" operate: redirectUrl: "https://{{ .Values.global.ingress.host }}/operate" + existingSecret: + name: "integration-test" tasklist: redirectUrl: "https://{{ .Values.global.ingress.host }}/tasklist" + existingSecret: + name: "integration-test" optimize: redirectUrl: "https://{{ .Values.global.ingress.host }}/optimize" + existingSecret: + name: "integration-test" webModeler: redirectUrl: "https://{{ .Values.global.ingress.host }}/modeler" + zeebe: + existingSecret: + name: "integration-test" identity: contextPath: "/identity" firstUser: existingSecret: "integration-test" +identityKeycloak: + postgresql: + auth: + existingSecret: "integration-test" + auth: + existingSecret: "integration-test" + +identityPostgresql: + auth: + existingSecret: "integration-test" + operate: contextPath: "/operate" @@ -53,10 +78,14 @@ webModeler: mail: # This value is required, otherwise the restapi pod wouldn't start. fromAddress: noreply@example.com + existingSecret: + name: "integration-test" # WebModeler Database. postgresql: enabled: true + auth: + existingSecret: "integration-test" zeebeGateway: contextPath: "/zeebe" diff --git a/charts/camunda-platform-latest/test/integration/scenarios/common/values-integration-test.yaml b/charts/camunda-platform-latest/test/integration/scenarios/common/values-integration-test.yaml index 87dcac1882..3c3f061b46 100644 --- a/charts/camunda-platform-latest/test/integration/scenarios/common/values-integration-test.yaml +++ b/charts/camunda-platform-latest/test/integration/scenarios/common/values-integration-test.yaml @@ -1,6 +1,3 @@ -test: - integration: true - identity: # Keycloak client seed which is used to query Camunda APIs. env: diff --git a/test/integration/scenarios/lib/chart-upgrade-taskfile.yaml b/test/integration/scenarios/lib/chart-upgrade-taskfile.yaml index 2dd38cb834..8163b8b4fb 100644 --- a/test/integration/scenarios/lib/chart-upgrade-taskfile.yaml +++ b/test/integration/scenarios/lib/chart-upgrade-taskfile.yaml @@ -14,37 +14,8 @@ tasks: exec: cmds: - | - export TEST_SECRET=$(kubectl get secret "integration-test" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.client-secret}" | base64 --decode) - export ZEEBE_SECRET=$(kubectl get secret "integration-zeebe-identity-secret" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.zeebe-secret}" | base64 --decode) - export TASKLIST_SECRET=$(kubectl get secret "integration-tasklist-identity-secret" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.tasklist-secret}" | base64 --decode) - export OPTIMIZE_SECRET=$(kubectl get secret "integration-optimize-identity-secret" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.optimize-secret}" | base64 --decode) - export OPERATE_SECRET=$(kubectl get secret "integration-operate-identity-secret" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.operate-secret}" | base64 --decode) - export CONNECTORS_SECRET=$(kubectl get secret "integration-connectors-identity-secret" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.connectors-secret}" | base64 --decode) - export CONSOLE_SECRET=$(kubectl get secret "integration-console-identity-secret" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.console-secret}" | base64 --decode) - export KEYCLOAK_ADMIN_SECRET=$(kubectl get secret "integration-keycloak" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.admin-password}" | base64 --decode) - export KEYCLOAK_POSTGRESQL_SECRET=$(kubectl get secret "integration-postgresql" \ - -n $TEST_NAMESPACE -o jsonpath="{.data.postgres-password}" | base64 --decode) - helm upgrade integration {{ .TEST_CHART_NAME }} \ --namespace {{ .TEST_NAMESPACE }} \ --values {{ .TEST_VALUES_BASE_DIR }}/common/values-integration-test.yaml \ - --set test.existingSecret=$TEST_SECRET \ - --set global.identity.auth.zeebe.existingSecret=$ZEEBE_SECRET \ - --set global.identity.auth.tasklist.existingSecret=$TASKLIST_SECRET \ - --set global.identity.auth.optimize.existingSecret=$OPTIMIZE_SECRET \ - --set global.identity.auth.operate.existingSecret=$OPERATE_SECRET \ - --set global.identity.auth.connectors.existingSecret=$CONNECTORS_SECRET \ - --set global.identity.auth.console.existingSecret=$CONSOLE_SECRET \ - --set identityKeycloak.auth.adminPassword=$KEYCLOAK_ADMIN_SECRET \ - --set identityKeycloak.postgresql.auth.password=$KEYCLOAK_POSTGRESQL_SECRET \ - --set identityPostgresql.auth.password=dummy \ --timeout 20m0s \ --wait {{ .TEST_HELM_EXTRA_ARGS }} diff --git a/test/integration/testsuites/core/patches/job.yaml b/test/integration/testsuites/core/patches/job.yaml index c85786317b..4fc82df0d7 100644 --- a/test/integration/testsuites/core/patches/job.yaml +++ b/test/integration/testsuites/core/patches/job.yaml @@ -12,26 +12,26 @@ spec: - name: VENOM_VAR_CONSOLE_CLIENT_SECRET valueFrom: secretKeyRef: - name: integration-console-identity-secret + name: integration-test key: console-secret optional: true - name: VENOM_VAR_TASKLIST_CLIENT_SECRET valueFrom: secretKeyRef: - name: integration-tasklist-identity-secret + name: integration-test key: tasklist-secret - name: VENOM_VAR_OPERATE_CLIENT_SECRET valueFrom: secretKeyRef: - name: integration-operate-identity-secret + name: integration-test key: operate-secret - name: VENOM_VAR_OPTIMIZE_CLIENT_SECRET valueFrom: secretKeyRef: - name: integration-optimize-identity-secret + name: integration-test key: optimize-secret - name: VENOM_VAR_CONNECTORS_CLIENT_SECRET valueFrom: secretKeyRef: - name: integration-connectors-identity-secret + name: integration-test key: connectors-secret