Merge branch 'release/1.1.0'

.github/workflows/push_pr_main.yaml

@@ -39,12 +39,22 @@ jobs:
       - name: Run unit tests
         run: bash run_tests.sh --unit
 
-  integration-test:
-    name: Integration Tests
+  integration-tests-mariadb:
+    name: Integration Tests Mariadb
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Run integration tests
         run: bash run_tests.sh --integration
+
+  integration-tests-postgresql:
+    name: Integration Tests Postgresql
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run integration tests
+        run: bash run_tests.sh --integration -d postgresql

.gitlab-ci.yml

@@ -31,14 +31,22 @@ test Helm Charts:
     - helm plugin install https://github.com/helm-unittest/helm-unittest
     - bash run_tests.sh --unit
 
-integration Tests Helm Charts:
+integration Tests Helm Charts Mariadb:
   image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:dind
   script:
     - |
       apk update && apk add -U curl bash
       sleep 10 # Wait for docker service
       bash run_tests.sh --integration
 
+integration Tests Helm Charts Postgresql:
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:dind
+  script:
+    - |
+      apk update && apk add -U curl bash
+      sleep 10 # Wait for docker service
+      bash run_tests.sh --integration -d postgresql
+
 publish:
   stage: publish
   image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/alpine/helm

CHANGELOG.md

@@ -3,7 +3,17 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.0.0...HEAD)
+## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.1.0...HEAD)
+
+## [1.1.0] - 2024-04-26
+
+### Fixed
+
+- [#81](https://github.com/passbolt/charts-passbolt/issues/81) Install passbolt with an existing Postgresql server.
+
+### Added
+
+- Integration tests for passbolt with postgresql were added.
 
 ## [1.0.0] - 2024-04-25
 

Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.0
+version: 1.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

README.md

@@ -4,7 +4,7 @@
     <img src="./.assets/helm_passbolt.png" alt="passbolt sails kubernetes" width="500"/>
 </h3>
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2-1-ce](https://img.shields.io/badge/AppVersion-4.6.2--1--ce-informational?style=flat-square)
+![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2-1-ce](https://img.shields.io/badge/AppVersion-4.6.2--1--ce-informational?style=flat-square)
 
 Passbolt is an open source, security first password manager with strong focus on
 collaboration.
@@ -246,11 +246,12 @@ Syntax: run_tests.sh [options]
 run_tests.sh with no arguments will run all of the available tests.
 
 options:
--h|--help         Show this message.
--l|--lint         Run helm lint.
--u|--unit         Run helm unittest tests.
--i|--integration  Run integration tests.
--no-clean         Skip cleaning step.
+-h|--help                 Show this message.
+-l|--lint                 Run helm lint.
+-u|--unit                 Run helm unittest tests.
+-i|--integration          Run integration tests.
+-d|--database [option]    Database to run integration tests with [mariadb|postgresql]."
+-no-clean                 Skip cleaning step.
 
 ```
 

README.md.gotmpl

@@ -115,11 +115,12 @@ Syntax: run_tests.sh [options]
 run_tests.sh with no arguments will run all of the available tests.
 
 options:
--h|--help         Show this message.
--l|--lint         Run helm lint.
--u|--unit         Run helm unittest tests.
--i|--integration  Run integration tests.
--no-clean         Skip cleaning step.
+-h|--help                 Show this message.
+-l|--lint                 Run helm lint.
+-u|--unit                 Run helm unittest tests.
+-i|--integration          Run integration tests.
+-d|--database [option]    Database to run integration tests with [mariadb|postgresql]."
+-no-clean                 Skip cleaning step.
 
 ```
 

RELEASE_NOTES.md

@@ -1,76 +1,4 @@
-Announcing the immediate availability of passbolt's helm chart 1.0.0.
-This is a major release that introduces some breaking changes contributed
-by the community.
+Announcing the immediate availability of passbolt's helm chart 1.1.0.
 
-Thanks to all the community members that helped us to improve this chart
-and reach version 1.0.0!! :tada:
-
-@chris968
-@jouve
-@Kuruyia
-
-Following there is a list of breaking changes and possible migration paths
-from previous chart versions. Please keep in mind that we can't cover all
-possible scenarios.
-
-If you are having issues upgrading from older chart versions please let us
-known by opening an issue in Github
-
-# TL;DR
-
-List of breaking changes:
-
-- Global `tls` value has been removed in favour of `ingress.tls` and `app.tls`
-- `ingress.tls[].secretName` has been removed in favour of `ingress.tls[].existingSecret`
-- `extraVolumes` and `extraVolumeMounts` values are now a list instead of a string.
-- Expose the HTTP port in the service. `service.port`, `service.name` and
-  `service.targetPort` have been removed in favour of `service.ports`
-  in order to expose configurable http and https ports.
-
-# Ingress and TLS related changes
-
-Global `tls` value has been removed to allow users to have different TLS
-certificates injected on ingress objects and passbolt containers.
-Ingress TLS is now managed with `ingress.tls` value, while passbolt TLS
-is managed with `app.tls` field in the values file.
-
-## Migrate from old TLS configuration
-
-`ingress.tls[].secretName` has been removed in favour of
-`ingress.tls[].existingSecret` for clarity.
-
-## Inject same SSL certificate on ingress and service
-
-Users that were injecting the same secret on Ingress objects and passbolt
-container will have to migrate to a configuration similar to:
-
-```yaml
-ingress.tls:
-  - autogenerate: false
-    existingSecret: mySSLSecret
-    hosts: [yourhost.com]
-```
-
-```yaml
-app.tls:
-  - autogenerate: false
-    existingSecret: mySSLSecret
-```
-
-## Inject separate certificates on ingress and service
-
-Users who want to inject different SSL certificates on ingress objects and passbolt
-containers now they have a way to do it by setting:
-
-```yaml
-ingress.tls:
-  - autogenerate: false
-    existingSecret: myIngressSSLSecret
-    hosts: [yourhost.com]
-```
-
-```yaml
-app.tls:
-  - autogenerate: false
-    existingSecret: mypassboltSSLSecret
-```
+This is a minor change release that fixes a bug when forcing the passboltEnv.DATASOURCES_DEFAULT_PORT on values file
+and adds the passbolt with postgresql integration tests.

run_tests.sh

@@ -2,6 +2,7 @@
 
 set -eo pipefail
 
+DATABASE_ENGINGE=mariadb
 RUN_UNIT=false
 RUN_LINT=false
 RUN_INTEGRATION=false
@@ -21,10 +22,11 @@ function run_unit_tests {
 }
 
 function run_integration_tests {
+	local database="$1"
 	if [[ "$RUN_INTEGRATION" == "true" || "$RUN_ALL" == "true" ]]; then
 		source tests/integration/fixtures/install_dependencies.sh
 		installDependencies
-		bash tests/integration/fixtures/create-cluster-with-passbolt.sh
+		bash tests/integration/fixtures/create-cluster-with-passbolt.sh "$database"
 		"$HELM_BINARY" test --logs passbolt -n default
 	fi
 }
@@ -43,19 +45,20 @@ function showHelp {
 	echo "$0 with no arguments will run all of the available tests."
 	echo
 	echo "options:"
-	echo "-h|--help         Show this message."
-	echo "-l|--lint         Run helm lint."
-	echo "-u|--unit         Run helm unittest tests."
-	echo "-i|--integration  Run integration tests."
-	echo "-no-clean         Skip cleaning step."
+	echo "-h|--help                 Show this message."
+	echo "-l|--lint                 Run helm lint."
+	echo "-u|--unit                 Run helm unittest tests."
+	echo "-i|--integration          Run integration tests."
+	echo "-d|--database [option]    Database to run integration tests to [mariadb|postgresql]."
+	echo "-no-clean                 Skip cleaning step."
 	echo
 	exit 0
 }
 
 function run_all {
 	run_linter
 	run_unit_tests
-	run_integration_tests
+	run_integration_tests "$DATABASE_ENGINGE"
 	clean_integration_assets
 }
 
@@ -79,6 +82,11 @@ while [[ $# -gt 0 ]]; do
 		RUN_INTEGRATION=true
 		shift
 		;;
+	-d | --database)
+		shift
+		DATABASE_ENGINGE=$1
+		shift
+		;;
 	--no-clean)
 		CLEAN_INTEGRATION_ASSETS=false
 		shift

templates/_helpers.tpl

@@ -93,7 +93,7 @@ Render the value of the database port
 {{- else if and ( eq .Values.postgresqlDependencyEnabled true ) ( eq .Values.app.database.kind "postgresql" ) }}
 {{- default 5432 .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT | quote }}
 {{- else if ( hasKey .Values.passboltEnv.plain "DATASOURCES_DEFAULT_PORT" )  -}}
-{{- printf "%s" .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT }}
+{{- printf "%s" (.Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT | toString )}}
 {{- else }}
 {{- fail "DATASOURCES_DEFAULT_PORT can't be empty when mariadbDependencyEnabled and postgresqlDependencyEnabled are disabled"}}
 {{- end }}
@@ -109,7 +109,7 @@ Show error message if the user didn't set the needed values during upgrade
 {{ if and $.Release.IsUpgrade ( not $.Values.gpgExistingSecret ) (or ( not $.Values.gpgServerKeyPublic ) ( not $.Values.gpgServerKeyPrivate )) }}
 {{- $secretName := printf "%s-%s-%s" (include "passbolt-library.fullname" . ) "sec" "gpg" -}}
 {{- $dpName := printf "%s-%s-%s" (include "passbolt-library.fullname" . ) "depl" "srv" -}}
-{{- $containerName := printf "%s-%s-%s" (include "passbolt-library.fullname" . ) "depl" "srv" -}}
+{{- $containerName := "passbolt" -}}
 {{- $header = printf "GPG" -}}
 {{- $message = printf "%s\n%s" $message (printf "  export PRIVATE_KEY=$(kubectl get secret %s --namespace %s -o jsonpath=\"{.data.%s}\")" $secretName $.Release.Namespace "serverkey_private\\.asc") -}}
 {{- $message = printf "%s\n%s" $message (printf "  export PUBLIC_KEY=$(kubectl get secret %s --namespace %s -o jsonpath=\"{.data.%s}\")" $secretName $.Release.Namespace "serverkey\\.asc") -}}

templates/secret-env.yaml

@@ -23,6 +23,6 @@ data:
     {{- $database := .Values.passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE }}
     {{- $schema := ( default "passbolt" .Values.passboltEnv.secret.DATASOURCES_DEFAULT_SCHEMA ) }}
     {{- $host := ( include "passbolt.databaseServiceName" . ) | replace "\"" "" }}
-    {{- $port := ( default "5432" .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT ) }}
+    {{- $port := ( default "5432" .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT) | toString }}
     DATASOURCES_DEFAULT_URL: {{ printf "postgres://%s:%s@%s:%s/%s?schema=%s" $username $password $host $port $database $schema | toString | b64enc }}
 {{- end -}}

tests/integration/fixtures/create-cluster-with-passbolt.sh

@@ -3,8 +3,9 @@
 
 set -eo pipefail
 
+DATABASE_ENGINE="${1:-mariadb}"
 KIND_CLUSTER_CONFIG_FILE="tests/integration/fixtures/kind-config.yaml"
-HELM_TESTING_VALUES="tests/integration/fixtures/testing.yaml"
+HELM_TESTING_VALUES="tests/integration/fixtures/testing-$DATABASE_ENGINE.yaml"
 KIND_CLUSTER_NAME="charts-passbolt-integration"
 K8S_LOCAL_TLS_SECRET="local-tls-secret"
 SSL_KEY_PATH="/tmp/ssl.key"

tests/integration/fixtures/testing-postgresql.yaml

@@ -0,0 +1,39 @@
+postgresqlDependencyEnabled: true
+mariadbDependencyEnabled: false
+postgresql:
+  auth:
+    # -- Configure postgresql auth username
+    username: CHANGEME
+    # -- Configure postgresql auth password
+    password: CHANGEME
+    # -- Configure postgresql auth database
+    database: passbolt
+# -- Enable integration tests
+integrationTests:
+  enabled: true
+  certificatesSecret: mkcert-ca
+  debug: false
+ingress:
+  # -- Enable passbolt ingress
+  enabled: true
+  # -- Configure passbolt ingress annotations
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+  # -- Configure passbolt ingress hosts
+  hosts:
+    # @ignored
+    - host: "passbolt.local"
+      paths:
+        - path: /
+          port: https
+          pathType: ImplementationSpecific
+  tls:
+    - existingSecret: "local-tls-secret"
+      hosts:
+        - passbolt.local
+app:
+  database:
+    kind: postgresql
+  tls:
+    autogenerate: false
+    existingSecret: "local-tls-secret"

tests/secret_env_postgresql_support_test.yaml

@@ -53,3 +53,22 @@ tests:
           path: data.DATASOURCES_DEFAULT_URL
           value: "postgres://passboltUsername:pass@passboltHost:1234/passboltDatabase?schema=passboltSchema"
           decodeBase64: true
+
+  - it: should contain the DATASOURCES_DEFAULT_URL with given schema, host and port as integer
+    templates:
+      - secret-env.yaml
+    set:
+      app.database.kind: "postgresql"
+      mariadbDependencyEnabled: false
+      postgresqlDependencyEnabled: true
+      passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD: pass
+      passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE: passboltDatabase
+      passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME: passboltUsername
+      passboltEnv.secret.DATASOURCES_DEFAULT_SCHEMA: passboltSchema
+      passboltEnv.plain.DATASOURCES_DEFAULT_HOST: "passboltHost"
+      passboltEnv.plain.DATASOURCES_DEFAULT_PORT: 1234
+    asserts:
+      - equal:
+          path: data.DATASOURCES_DEFAULT_URL
+          value: "postgres://passboltUsername:pass@passboltHost:1234/passboltDatabase?schema=passboltSchema"
+          decodeBase64: true