Skip to content

storage: Adapt secret helper fn to instrospect *Ref keys for secrets

Antoine R. Dumont requested to merge fix-storage-deployment-secrets into production

If found, they also get inlined in the deployment.

Expectedly, this fixes the current swh cassandra production storage deployment.

make swh-helm-diff
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'staging'
Your branch is ahead of 'origin/staging' by 1 commit.
  (use "git push" to publish your local commits)
[swh] Generate config in staging branch for environment staging...
[swh] Generate config in staging branch for environment staging...
Error: execution error at (swh/templates/storage/deployment.yaml:48:15): _helpers.tpl:swh.secrets.environment: Definition <objstorageConfigurationRef> not found

Use --debug flag to render out invalid YAML
make: *** [Makefile:31: swh-helm-diff] Error 1
 swh-3.10.9  tony  yavin4  ~  work  swh  sysadm-environment  swh-charts   staging  1⬆  5⚑  USAGE  %  make swh-helm-diff
./swh/helm-diff.sh
[swh] Comparing changes between branches production and staging (per environment)...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'staging'
Your branch is ahead of 'origin/staging' by 1 commit.
  (use "git push" to publish your local commits)
[swh] Generate config in staging branch for environment staging...
[swh] Generate config in staging branch for environment staging...
[swh] Generate config in staging branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'staging'
Your branch is ahead of 'origin/staging' by 1 commit.
  (use "git push" to publish your local commits)
[swh] Generate config in staging branch for environment production...
[swh] Generate config in staging branch for environment production...
[swh] Generate config in staging branch for environment production...


------------- diff for environment staging namespace swh -------------

No differences


------------- diff for environment staging namespace swh-cassandra -------------

No differences


------------- diff for environment staging namespace swh-cassandra-next-version -------------

No differences


------------- diff for environment production namespace swh -------------

No differences


------------- diff for environment production namespace swh-cassandra -------------

--- /tmp/swh-chart.swh.8x2SQmdR/production-swh-cassandra.before 2023-11-22 10:32:59.223046009 +0100
+++ /tmp/swh-chart.swh.8x2SQmdR/production-swh-cassandra.after  2023-11-22 10:32:59.639045403 +0100
@@ -13908,20 +13908,244 @@
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           command:
           - /bin/bash
           args:
           - -c
           - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
           env:


+          - name: 0_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 0_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 0_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 0_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 10_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 10_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 10_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 10_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 11_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 11_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 11_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 11_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 12_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 12_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 12_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 12_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 13_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 13_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 13_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 13_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 14_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 14_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 14_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 14_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 15_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 15_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 15_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 15_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 1_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 1_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 1_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 1_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 2_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 2_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 2_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 2_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 3_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 3_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 3_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 3_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 4_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 4_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 4_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 4_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 5_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 5_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 5_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 5_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 6_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 6_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 6_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 6_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 7_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 7_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 7_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 7_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 8_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 8_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 8_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 8_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 9_ACCOUNT_NAME
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 9_account_name
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          - name: 9_API_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: swh-cassandra-objstorage-config
+                key: 9_api_secret_key
+                # 'name' secret must exist & include that ^ key
+                optional: false
           - name: CASSANDRA_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: common-secrets
                 key: cassandra-swh-rw-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           volumeMounts:
           - name: configuration
             mountPath: /etc/swh

Refs. swh/infra/sysadm-environment#4780 (closed)

Merge request reports