From c6cfef10a62be12df5d7ab870337550b2160e1eb Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Fri, 27 Sep 2024 15:10:01 +0300 Subject: [PATCH] fix(cnpg-backup): BREAKING CHANGE allow toggling encryption (#861) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Description** ⚒️ Fixes #849 **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [x] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?** **📃 Notes:** **✔️ Checklist:** - [x] ⚖️ My code follows the style guidelines of this project - [x] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [x] ⚠️ My changes generate no new warnings - [x] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [x] ⬆️ I increased versions for any altered app according to semantic versioning - [x] I made sure the title starts with `feat(chart-name):`, `fix(chart-name):` or `chore(chart-name):` **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --------- Co-authored-by: Kjeld Schouten --- library/common-test/Chart.yaml | 2 +- .../tests/cnpg/cluster_backup_spec_test.yaml | 83 +++++++++++++++---- library/common/Chart.yaml | 2 +- .../common/templates/class/cnpg/_cluster.tpl | 2 +- .../templates/lib/cnpg/cluster/_backup.tpl | 12 +-- .../common/templates/lib/container/_env.tpl | 4 +- .../lib/ingress/integrations/_homepage.tpl | 2 +- library/common/values.yaml | 2 + 8 files changed, 82 insertions(+), 27 deletions(-) diff --git a/library/common-test/Chart.yaml b/library/common-test/Chart.yaml index 5610bc5c..0689fa77 100644 --- a/library/common-test/Chart.yaml +++ b/library/common-test/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "" dependencies: - name: common repository: file://../common - version: ~24.1.0 + version: ~25.0.0 deprecated: false description: Helper chart to test different use cases of the common library home: https://github.com/truecharts/apps/tree/master/charts/library/common-test diff --git a/library/common-test/tests/cnpg/cluster_backup_spec_test.yaml b/library/common-test/tests/cnpg/cluster_backup_spec_test.yaml index eb14580a..d97e784c 100644 --- a/library/common-test/tests/cnpg/cluster_backup_spec_test.yaml +++ b/library/common-test/tests/cnpg/cluster_backup_spec_test.yaml @@ -61,8 +61,6 @@ tests: backup: barmanObjectStore: data: - compression: gzip - encryption: AES256 jobs: 2 destinationPath: some-path endpointURL: some-url @@ -74,9 +72,6 @@ tests: key: ACCESS_SECRET_KEY name: test-release-name-common-test-cnpg-my-pg-provider-backup-s3-creds serverName: test-release-name-common-test-cnpg-my-pg - wal: - compression: gzip - encryption: AES256 retentionPolicy: 10d target: primary @@ -131,8 +126,6 @@ tests: backup: barmanObjectStore: data: - compression: gzip - encryption: AES256 jobs: 2 destinationPath: some-path endpointURL: some-url @@ -144,9 +137,6 @@ tests: key: ACCESS_SECRET_KEY name: test-release-name-common-test-cnpg-my-pg-provider-backup-s3-creds serverName: test-release-name-common-test-cnpg-my-pg-rsome-revision - wal: - compression: gzip - encryption: AES256 retentionPolicy: 10d target: primary @@ -201,8 +191,6 @@ tests: backup: barmanObjectStore: data: - compression: gzip - encryption: AES256 jobs: 2 destinationPath: some-path endpointURL: some-url @@ -214,9 +202,6 @@ tests: key: ACCESS_SECRET_KEY name: test-release-name-common-test-cnpg-my-pg-provider-backup-s3-creds serverName: some-server-name - wal: - compression: gzip - encryption: AES256 retentionPolicy: 10d target: primary @@ -238,6 +223,72 @@ tests: destinationPath: some-path serverName: some-server-name revision: "1" + asserts: + - documentIndex: *secretDoc + isKind: + of: Secret + - documentIndex: *secretDoc + isAPIVersion: + of: v1 + - documentIndex: *secretDoc + equal: + path: metadata.name + value: test-release-name-common-test-cnpg-my-pg-provider-backup-s3-creds + - documentIndex: *secretDoc + equal: + path: stringData + value: + ACCESS_KEY_ID: some-access-key + ACCESS_SECRET_KEY: some-secret-key + - documentIndex: &clusterDoc 0 + isKind: + of: Cluster + - documentIndex: *clusterDoc + isAPIVersion: + of: postgresql.cnpg.io/v1 + - documentIndex: *clusterDoc + equal: + path: metadata.name + value: test-release-name-common-test-cnpg-my-pg + - documentIndex: *clusterDoc + isSubset: + path: spec + content: + backup: + barmanObjectStore: + data: + jobs: 2 + destinationPath: some-path + endpointURL: some-url + s3Credentials: + accessKeyId: + key: ACCESS_KEY_ID + name: test-release-name-common-test-cnpg-my-pg-provider-backup-s3-creds + secretAccessKey: + key: ACCESS_SECRET_KEY + name: test-release-name-common-test-cnpg-my-pg-provider-backup-s3-creds + serverName: some-server-name-r1 + retentionPolicy: 10d + target: primary + + - it: should enable encryption when set + set: + credentials: + test: *test + cnpg: + my-pg: + enabled: true + user: test-user + database: test-db + password: test-password + backups: + enabled: true + target: primary + retentionPolicy: 10d + credentials: test + destinationPath: some-path + encryption: + enabled: true asserts: - documentIndex: *secretDoc isKind: @@ -284,7 +335,7 @@ tests: secretAccessKey: key: ACCESS_SECRET_KEY name: test-release-name-common-test-cnpg-my-pg-provider-backup-s3-creds - serverName: some-server-name-r1 + serverName: test-release-name-common-test-cnpg-my-pg wal: compression: gzip encryption: AES256 diff --git a/library/common/Chart.yaml b/library/common/Chart.yaml index 8c6aa106..c542545e 100644 --- a/library/common/Chart.yaml +++ b/library/common/Chart.yaml @@ -15,7 +15,7 @@ maintainers: name: common sources: null type: library -version: 24.1.19 +version: 25.0.0 annotations: artifacthub.io/category: "integration-delivery" artifacthub.io/license: "BUSL-1.1" diff --git a/library/common/templates/class/cnpg/_cluster.tpl b/library/common/templates/class/cnpg/_cluster.tpl index da0cc40d..63d62854 100644 --- a/library/common/templates/class/cnpg/_cluster.tpl +++ b/library/common/templates/class/cnpg/_cluster.tpl @@ -143,7 +143,7 @@ {{- $imageName := $objectData.cluster.imageName -}} {{- if not $imageName -}} {{/* Ensure version and container tracking */}} - {{- $imageType := camelcase ($objectData.type | default "postgres") -}} + {{- $imageType := ($objectData.type | default "postgres") | camelcase | title -}} {{- if eq $imageType "Postgres" -}} {{- $imageType = "" -}} {{- end -}} diff --git a/library/common/templates/lib/cnpg/cluster/_backup.tpl b/library/common/templates/lib/cnpg/cluster/_backup.tpl index c6d5caab..79171c56 100644 --- a/library/common/templates/lib/cnpg/cluster/_backup.tpl +++ b/library/common/templates/lib/cnpg/cluster/_backup.tpl @@ -7,13 +7,15 @@ backup: {{- end }} retentionPolicy: {{ $objectData.backups.retentionPolicy }} barmanObjectStore: - wal: - compression: gzip - encryption: AES256 data: - compression: gzip - encryption: AES256 jobs: {{ $objectData.backups.jobs | default 2 }} + {{- if and $objectData.backups.encryption $objectData.backups.encryption.enabled }} + compression: "gzip" + encryption: "AES256" + wal: + compression: "gzip" + encryption: "AES256" + {{- end -}} {{/* Fetch provider data */}} {{/* Get the creds defined in backup.$provider */}} {{- $creds := (get $rootCtx.Values.credentials $objectData.backups.credentials) -}} diff --git a/library/common/templates/lib/container/_env.tpl b/library/common/templates/lib/container/_env.tpl index 8f676370..01233a5c 100644 --- a/library/common/templates/lib/container/_env.tpl +++ b/library/common/templates/lib/container/_env.tpl @@ -57,7 +57,7 @@ objectData: The object data to be used to render the container. {{- $data = (get $data $name) -}} {{- if not $data -}} - {{- fail (printf "Container - Expected in [env] the referenced %s [%s] to be defined" (camelcase $item) $name) -}} + {{- fail (printf "Container - Expected in [env] the referenced %s [%s] to be defined" ($item | camelcase | title) $name) -}} {{- end -}} {{- $found := false -}} @@ -68,7 +68,7 @@ objectData: The object data to be used to render the container. {{- end -}} {{- if not $found -}} - {{- fail (printf "Container - Expected in [env] the referenced key [%s] in %s [%s] to be defined" $obj.key (camelcase $item) $name) -}} + {{- fail (printf "Container - Expected in [env] the referenced key [%s] in %s [%s] to be defined" $obj.key ($item | camelcase | title) $name) -}} {{- end -}} {{- $name = (printf "%s-%s" (include "tc.v1.common.lib.chart.names.fullname" $rootCtx) $name) -}} diff --git a/library/common/templates/lib/ingress/integrations/_homepage.tpl b/library/common/templates/lib/ingress/integrations/_homepage.tpl index 9b6b57c7..ee4089c3 100644 --- a/library/common/templates/lib/ingress/integrations/_homepage.tpl +++ b/library/common/templates/lib/ingress/integrations/_homepage.tpl @@ -15,7 +15,7 @@ {{- include "tc.v1.common.lib.ingress.integration.homepage.validation" (dict "objectData" $objectData) -}} - {{- $name := $homepage.name | default ($rootCtx.Release.Name | camelcase) -}} + {{- $name := $homepage.name | default ($rootCtx.Release.Name | camelcase | title) -}} {{- $desc := $homepage.description | default $rootCtx.Chart.Description -}} {{- $icon := $homepage.icon | default $rootCtx.Chart.Icon -}} {{- $defaultType := $rootCtx.Chart.Name | lower -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index 0445754d..573ae5dc 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -1092,6 +1092,8 @@ cnpg: backups: enabled: false # You need to configure backups manually, so backups are disabled by default. + encryption: + enabled: false ## set a revision to append to the serverName to ensure restore and backup dont target the same thing # revision: 1