Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Keystone] support secret-injector #7472

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

[Keystone] support secret-injector #7472

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b1f87e1
[Keystone] support secret-injector
rajivmucheli Nov 27, 2024
ac65e96
add resolve_secret to password values
rajivmucheli Nov 27, 2024
42ba27e
sync chart.lock
rajivmucheli Nov 27, 2024
4adefa7
use resolve_secret_urlquery for url
rajivmucheli Nov 27, 2024
991bfa2
add resolve_secret_urlquery to .Values.audit.central_service.user
rajivmucheli Nov 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions openstack/keystone/Chart.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ dependencies:
version: 1.1.7
- name: utils
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.15.0
version: 0.19.6
- name: linkerd-support
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.1.4
digest: sha256:7f3e9665e9e649af94735fe7b6233667353fe5aca639dc86e295def90a56f4b7
generated: "2024-09-30T20:42:46.060829+05:30"
digest: sha256:6e608d38f5aed8d81e803f77462f441132614f6487e6ca037e7dc61a2b47ae60
generated: "2024-11-27T16:00:14.156431+05:30"
4 changes: 2 additions & 2 deletions openstack/keystone/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ maintainers:
name: keystone
sources:
- https://github.com/sapcc/keystone
version: 0.7.3
version: 0.7.4
dependencies:
- condition: mariadb.enabled
name: mariadb
Expand All @@ -36,7 +36,7 @@ dependencies:
version: 1.1.7
- name: utils
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.15.0
version: 0.19.6
- name: linkerd-support
repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm
version: 0.1.4
2 changes: 1 addition & 1 deletion openstack/keystone/templates/bin/_bootstrap.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ set -ex
# seed just enough to have a functional v3 api
keystone-manage --config-file=/etc/keystone/keystone.conf --config-file=/etc/keystone/keystone.conf.d/secrets.conf bootstrap \
--bootstrap-username {{ .Values.api.adminUser }} \
--bootstrap-password {{ required "A valid .Values.api.adminPassword required!" .Values.api.adminPassword }} \
--bootstrap-password {{ required "A valid .Values.api.adminPassword required!" .Values.api.adminPassword | include "resolve_secret" }} \
--bootstrap-project-name {{ .Values.api.adminProjectName }} \
{{- if eq .Values.services.admin.scheme "https" }}
--bootstrap-admin-url https://{{.Values.services.admin.host}}.{{.Values.global.region}}.{{.Values.global.tld}}/v3 \
Expand Down
14 changes: 7 additions & 7 deletions openstack/keystone/templates/etc/_secrets.conf.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,14 @@
{{ if .Values.percona_cluster.enabled -}}
{{/* in caase percona is active and we need to switch the connection string to mariadb-galera cluster without removing the percona cluster objects */}}
{{- if and .Values.mariadb_galera.enabled .Values.databaseKind (eq .Values.databaseKind "galera") -}}
connection = mysql+pymysql://{{ .Values.mariadb_galera.mariadb.users.keystone.username }}:{{.Values.mariadb_galera.mariadb.users.keystone.password }}@{{include "db_host" .}}/{{ .Values.mariadb_galera.mariadb.database_name_to_connect }}?charset=utf8
connection = mysql+pymysql://{{ .Values.mariadb_galera.mariadb.users.keystone.username }}:{{.Values.mariadb_galera.mariadb.users.keystone.password | include "resolve_secret_urlquery" }}@{{include "db_host" .}}/{{ .Values.mariadb_galera.mariadb.database_name_to_connect }}?charset=utf8
{{- else }}
connection = {{ include "db_url_pxc" . }}
{{- end }}
{{- else if .Values.global.clusterDomain -}}
connection = mysql+pymysql://{{ default .Release.Name .Values.global.dbUser }}:{{.Values.global.dbPassword }}@{{include "db_host" .}}/{{ default .Release.Name .Values.mariadb.name }}?charset=utf8
connection = mysql+pymysql://{{ default .Release.Name .Values.global.dbUser }}:{{.Values.global.dbPassword | include "resolve_secret_urlquery" }}@{{include "db_host" .}}/{{ default .Release.Name .Values.mariadb.name }}?charset=utf8
{{- else if and .Values.mariadb_galera.enabled .Values.databaseKind (eq .Values.databaseKind "galera") -}}
connection = mysql+pymysql://{{ .Values.mariadb_galera.mariadb.users.keystone.username }}:{{.Values.mariadb_galera.mariadb.users.keystone.password }}@{{include "db_host" .}}/{{ .Values.mariadb_galera.mariadb.database_name_to_connect }}?charset=utf8
connection = mysql+pymysql://{{ .Values.mariadb_galera.mariadb.users.keystone.username }}:{{.Values.mariadb_galera.mariadb.users.keystone.password | include "resolve_secret_urlquery" }}@{{include "db_host" .}}/{{ .Values.mariadb_galera.mariadb.database_name_to_connect }}?charset=utf8
{{- else }}
connection = {{ include "db_url_mysql" . }}
{{- end }}
Expand All @@ -20,14 +20,14 @@ connection = {{ include "db_url_mysql" . }}
[cache]
memcache_sasl_enabled = True
memcache_username = {{ .Values.memcached.auth.username }}
memcache_password = {{ .Values.memcached.auth.password }}
memcache_password = {{ .Values.memcached.auth.password | include "resolve_secret" }}
fwiesel marked this conversation as resolved.
Show resolved Hide resolved
{{- end }}

{{- if not (and (hasKey $.Values "oslo_messaging_notifications") ($.Values.oslo_messaging_notifications.disabled)) }}
[oslo_messaging_notifications]
driver = messaging
{{- if and (.Values.audit.central_service.user) (.Values.audit.central_service.password) }}
transport_url = rabbit://{{ .Values.audit.central_service.user }}:{{ .Values.audit.central_service.password }}@{{ .Values.audit.central_service.host }}:{{ .Values.audit.central_service.port }}/
transport_url = rabbit://{{ .Values.audit.central_service.user }}:{{ .Values.audit.central_service.password | include "resolve_secret_urlquery" }}@{{ .Values.audit.central_service.host }}:{{ .Values.audit.central_service.port }}/
s10 marked this conversation as resolved.
Show resolved Hide resolved

[oslo_messaging_rabbit]
rabbit_retry_interval = {{ .Values.audit.central_service.rabbit_retry_interval | default 1 }}
Expand All @@ -41,9 +41,9 @@ heartbeat_timeout_threshold = {{ .Values.audit.central_service.heartbeat_timeout
when rabbit_interval_max >= rabbit_retry_interval
*/}}
{{- else if .Values.rabbitmq.host }}
transport_url = rabbit://{{ .Values.rabbitmq.users.default.user | default "rabbitmq" }}:{{ .Values.rabbitmq.users.default.password }}@{{ .Values.rabbitmq.host }}:{{ .Values.rabbitmq.port | default 5672 }}
transport_url = rabbit://{{ .Values.rabbitmq.users.default.user | default "rabbitmq" }}:{{ .Values.rabbitmq.users.default.password | include "resolve_secret_urlquery" }}@{{ .Values.rabbitmq.host }}:{{ .Values.rabbitmq.port | default 5672 }}
{{ else }}
transport_url = rabbit://{{ .Values.rabbitmq.users.default.user | default "rabbitmq" }}:{{ .Values.rabbitmq.users.default.password }}@{{ include "rabbitmq_host" . }}:{{ .Values.rabbitmq.port | default 5672 }}
transport_url = rabbit://{{ .Values.rabbitmq.users.default.user | default "rabbitmq" }}:{{ .Values.rabbitmq.users.default.password | include "resolve_secret_urlquery" }}@{{ include "rabbitmq_host" . }}:{{ .Values.rabbitmq.port | default 5672 }}
{{- end }}
{{- end }}

Expand Down