diff --git a/.github/workflows/push_pr_main.yaml b/.github/workflows/push_pr_main.yaml index 5b268c6..1512599 100644 --- a/.github/workflows/push_pr_main.yaml +++ b/.github/workflows/push_pr_main.yaml @@ -39,8 +39,8 @@ jobs: - name: Run unit tests run: bash run_tests.sh --unit - integration-test: - name: Integration Tests + integration-tests-mariadb: + name: Integration Tests Mariadb runs-on: ubuntu-latest steps: - name: Checkout @@ -48,3 +48,13 @@ jobs: - name: Run integration tests run: bash run_tests.sh --integration + + integration-tests-postgresql: + name: Integration Tests Postgresql + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run integration tests + run: bash run_tests.sh --integration -d postgresql diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 04af5aa..d8cf583 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -31,7 +31,7 @@ test Helm Charts: - helm plugin install https://github.com/helm-unittest/helm-unittest - bash run_tests.sh --unit -integration Tests Helm Charts: +integration Tests Helm Charts Mariadb: image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:dind script: - | @@ -39,6 +39,14 @@ integration Tests Helm Charts: sleep 10 # Wait for docker service bash run_tests.sh --integration +integration Tests Helm Charts Postgresql: + image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:dind + script: + - | + apk update && apk add -U curl bash + sleep 10 # Wait for docker service + bash run_tests.sh --integration -d postgresql + publish: stage: publish image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/alpine/helm diff --git a/CHANGELOG.md b/CHANGELOG.md index e2bf597..dc06836 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,17 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.0.0...HEAD) +## [Unreleased](https://github.com/passbolt/charts-passbolt/compare/1.1.0...HEAD) + +## [1.1.0] - 2024-04-26 + +### Fixed + +- [#81](https://github.com/passbolt/charts-passbolt/issues/81) Install passbolt with an existing Postgresql server. + +### Added + +- Integration tests for passbolt with postgresql were added. ## [1.0.0] - 2024-04-25 diff --git a/Chart.yaml b/Chart.yaml index 4779275..009b24d 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 +version: 1.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/README.md b/README.md index fb26b8d..0d6cade 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ passbolt sails kubernetes -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2-1-ce](https://img.shields.io/badge/AppVersion-4.6.2--1--ce-informational?style=flat-square) +![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2-1-ce](https://img.shields.io/badge/AppVersion-4.6.2--1--ce-informational?style=flat-square) Passbolt is an open source, security first password manager with strong focus on collaboration. @@ -246,11 +246,12 @@ Syntax: run_tests.sh [options] run_tests.sh with no arguments will run all of the available tests. options: --h|--help Show this message. --l|--lint Run helm lint. --u|--unit Run helm unittest tests. --i|--integration Run integration tests. --no-clean Skip cleaning step. +-h|--help Show this message. +-l|--lint Run helm lint. +-u|--unit Run helm unittest tests. +-i|--integration Run integration tests. +-d|--database [option] Database to run integration tests with [mariadb|postgresql]." +-no-clean Skip cleaning step. ``` diff --git a/README.md.gotmpl b/README.md.gotmpl index 4c90ddb..a59b221 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -115,11 +115,12 @@ Syntax: run_tests.sh [options] run_tests.sh with no arguments will run all of the available tests. options: --h|--help Show this message. --l|--lint Run helm lint. --u|--unit Run helm unittest tests. --i|--integration Run integration tests. --no-clean Skip cleaning step. +-h|--help Show this message. +-l|--lint Run helm lint. +-u|--unit Run helm unittest tests. +-i|--integration Run integration tests. +-d|--database [option] Database to run integration tests with [mariadb|postgresql]." +-no-clean Skip cleaning step. ``` diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index fa90b6e..0118794 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,76 +1,4 @@ -Announcing the immediate availability of passbolt's helm chart 1.0.0. -This is a major release that introduces some breaking changes contributed -by the community. +Announcing the immediate availability of passbolt's helm chart 1.1.0. -Thanks to all the community members that helped us to improve this chart -and reach version 1.0.0!! :tada: - -@chris968 -@jouve -@Kuruyia - -Following there is a list of breaking changes and possible migration paths -from previous chart versions. Please keep in mind that we can't cover all -possible scenarios. - -If you are having issues upgrading from older chart versions please let us -known by opening an issue in Github - -# TL;DR - -List of breaking changes: - -- Global `tls` value has been removed in favour of `ingress.tls` and `app.tls` -- `ingress.tls[].secretName` has been removed in favour of `ingress.tls[].existingSecret` -- `extraVolumes` and `extraVolumeMounts` values are now a list instead of a string. -- Expose the HTTP port in the service. `service.port`, `service.name` and - `service.targetPort` have been removed in favour of `service.ports` - in order to expose configurable http and https ports. - -# Ingress and TLS related changes - -Global `tls` value has been removed to allow users to have different TLS -certificates injected on ingress objects and passbolt containers. -Ingress TLS is now managed with `ingress.tls` value, while passbolt TLS -is managed with `app.tls` field in the values file. - -## Migrate from old TLS configuration - -`ingress.tls[].secretName` has been removed in favour of -`ingress.tls[].existingSecret` for clarity. - -## Inject same SSL certificate on ingress and service - -Users that were injecting the same secret on Ingress objects and passbolt -container will have to migrate to a configuration similar to: - -```yaml -ingress.tls: - - autogenerate: false - existingSecret: mySSLSecret - hosts: [yourhost.com] -``` - -```yaml -app.tls: - - autogenerate: false - existingSecret: mySSLSecret -``` - -## Inject separate certificates on ingress and service - -Users who want to inject different SSL certificates on ingress objects and passbolt -containers now they have a way to do it by setting: - -```yaml -ingress.tls: - - autogenerate: false - existingSecret: myIngressSSLSecret - hosts: [yourhost.com] -``` - -```yaml -app.tls: - - autogenerate: false - existingSecret: mypassboltSSLSecret -``` +This is a minor change release that fixes a bug when forcing the passboltEnv.DATASOURCES_DEFAULT_PORT on values file +and adds the passbolt with postgresql integration tests. diff --git a/run_tests.sh b/run_tests.sh index 6036a8f..d88a698 100644 --- a/run_tests.sh +++ b/run_tests.sh @@ -2,6 +2,7 @@ set -eo pipefail +DATABASE_ENGINGE=mariadb RUN_UNIT=false RUN_LINT=false RUN_INTEGRATION=false @@ -21,10 +22,11 @@ function run_unit_tests { } function run_integration_tests { + local database="$1" if [[ "$RUN_INTEGRATION" == "true" || "$RUN_ALL" == "true" ]]; then source tests/integration/fixtures/install_dependencies.sh installDependencies - bash tests/integration/fixtures/create-cluster-with-passbolt.sh + bash tests/integration/fixtures/create-cluster-with-passbolt.sh "$database" "$HELM_BINARY" test --logs passbolt -n default fi } @@ -43,11 +45,12 @@ function showHelp { echo "$0 with no arguments will run all of the available tests." echo echo "options:" - echo "-h|--help Show this message." - echo "-l|--lint Run helm lint." - echo "-u|--unit Run helm unittest tests." - echo "-i|--integration Run integration tests." - echo "-no-clean Skip cleaning step." + echo "-h|--help Show this message." + echo "-l|--lint Run helm lint." + echo "-u|--unit Run helm unittest tests." + echo "-i|--integration Run integration tests." + echo "-d|--database [option] Database to run integration tests to [mariadb|postgresql]." + echo "-no-clean Skip cleaning step." echo exit 0 } @@ -55,7 +58,7 @@ function showHelp { function run_all { run_linter run_unit_tests - run_integration_tests + run_integration_tests "$DATABASE_ENGINGE" clean_integration_assets } @@ -79,6 +82,11 @@ while [[ $# -gt 0 ]]; do RUN_INTEGRATION=true shift ;; + -d | --database) + shift + DATABASE_ENGINGE=$1 + shift + ;; --no-clean) CLEAN_INTEGRATION_ASSETS=false shift diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 80d336f..fd8426e 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -93,7 +93,7 @@ Render the value of the database port {{- else if and ( eq .Values.postgresqlDependencyEnabled true ) ( eq .Values.app.database.kind "postgresql" ) }} {{- default 5432 .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT | quote }} {{- else if ( hasKey .Values.passboltEnv.plain "DATASOURCES_DEFAULT_PORT" ) -}} -{{- printf "%s" .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT }} +{{- printf "%s" (.Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT | toString )}} {{- else }} {{- fail "DATASOURCES_DEFAULT_PORT can't be empty when mariadbDependencyEnabled and postgresqlDependencyEnabled are disabled"}} {{- end }} @@ -109,7 +109,7 @@ Show error message if the user didn't set the needed values during upgrade {{ if and $.Release.IsUpgrade ( not $.Values.gpgExistingSecret ) (or ( not $.Values.gpgServerKeyPublic ) ( not $.Values.gpgServerKeyPrivate )) }} {{- $secretName := printf "%s-%s-%s" (include "passbolt-library.fullname" . ) "sec" "gpg" -}} {{- $dpName := printf "%s-%s-%s" (include "passbolt-library.fullname" . ) "depl" "srv" -}} -{{- $containerName := printf "%s-%s-%s" (include "passbolt-library.fullname" . ) "depl" "srv" -}} +{{- $containerName := "passbolt" -}} {{- $header = printf "GPG" -}} {{- $message = printf "%s\n%s" $message (printf " export PRIVATE_KEY=$(kubectl get secret %s --namespace %s -o jsonpath=\"{.data.%s}\")" $secretName $.Release.Namespace "serverkey_private\\.asc") -}} {{- $message = printf "%s\n%s" $message (printf " export PUBLIC_KEY=$(kubectl get secret %s --namespace %s -o jsonpath=\"{.data.%s}\")" $secretName $.Release.Namespace "serverkey\\.asc") -}} diff --git a/templates/secret-env.yaml b/templates/secret-env.yaml index 26978bb..e491bd0 100644 --- a/templates/secret-env.yaml +++ b/templates/secret-env.yaml @@ -23,6 +23,6 @@ data: {{- $database := .Values.passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE }} {{- $schema := ( default "passbolt" .Values.passboltEnv.secret.DATASOURCES_DEFAULT_SCHEMA ) }} {{- $host := ( include "passbolt.databaseServiceName" . ) | replace "\"" "" }} - {{- $port := ( default "5432" .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT ) }} + {{- $port := ( default "5432" .Values.passboltEnv.plain.DATASOURCES_DEFAULT_PORT) | toString }} DATASOURCES_DEFAULT_URL: {{ printf "postgres://%s:%s@%s:%s/%s?schema=%s" $username $password $host $port $database $schema | toString | b64enc }} {{- end -}} diff --git a/tests/integration/fixtures/create-cluster-with-passbolt.sh b/tests/integration/fixtures/create-cluster-with-passbolt.sh index d27686b..dc8cac5 100644 --- a/tests/integration/fixtures/create-cluster-with-passbolt.sh +++ b/tests/integration/fixtures/create-cluster-with-passbolt.sh @@ -3,8 +3,9 @@ set -eo pipefail +DATABASE_ENGINE="${1:-mariadb}" KIND_CLUSTER_CONFIG_FILE="tests/integration/fixtures/kind-config.yaml" -HELM_TESTING_VALUES="tests/integration/fixtures/testing.yaml" +HELM_TESTING_VALUES="tests/integration/fixtures/testing-$DATABASE_ENGINE.yaml" KIND_CLUSTER_NAME="charts-passbolt-integration" K8S_LOCAL_TLS_SECRET="local-tls-secret" SSL_KEY_PATH="/tmp/ssl.key" diff --git a/tests/integration/fixtures/testing.yaml b/tests/integration/fixtures/testing-mariadb.yaml similarity index 100% rename from tests/integration/fixtures/testing.yaml rename to tests/integration/fixtures/testing-mariadb.yaml diff --git a/tests/integration/fixtures/testing-postgresql.yaml b/tests/integration/fixtures/testing-postgresql.yaml new file mode 100644 index 0000000..a0abbe4 --- /dev/null +++ b/tests/integration/fixtures/testing-postgresql.yaml @@ -0,0 +1,39 @@ +postgresqlDependencyEnabled: true +mariadbDependencyEnabled: false +postgresql: + auth: + # -- Configure postgresql auth username + username: CHANGEME + # -- Configure postgresql auth password + password: CHANGEME + # -- Configure postgresql auth database + database: passbolt +# -- Enable integration tests +integrationTests: + enabled: true + certificatesSecret: mkcert-ca + debug: false +ingress: + # -- Enable passbolt ingress + enabled: true + # -- Configure passbolt ingress annotations + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + # -- Configure passbolt ingress hosts + hosts: + # @ignored + - host: "passbolt.local" + paths: + - path: / + port: https + pathType: ImplementationSpecific + tls: + - existingSecret: "local-tls-secret" + hosts: + - passbolt.local +app: + database: + kind: postgresql + tls: + autogenerate: false + existingSecret: "local-tls-secret" diff --git a/tests/secret_env_postgresql_support_test.yaml b/tests/secret_env_postgresql_support_test.yaml index 19a9297..2e26260 100644 --- a/tests/secret_env_postgresql_support_test.yaml +++ b/tests/secret_env_postgresql_support_test.yaml @@ -53,3 +53,22 @@ tests: path: data.DATASOURCES_DEFAULT_URL value: "postgres://passboltUsername:pass@passboltHost:1234/passboltDatabase?schema=passboltSchema" decodeBase64: true + + - it: should contain the DATASOURCES_DEFAULT_URL with given schema, host and port as integer + templates: + - secret-env.yaml + set: + app.database.kind: "postgresql" + mariadbDependencyEnabled: false + postgresqlDependencyEnabled: true + passboltEnv.secret.DATASOURCES_DEFAULT_PASSWORD: pass + passboltEnv.secret.DATASOURCES_DEFAULT_DATABASE: passboltDatabase + passboltEnv.secret.DATASOURCES_DEFAULT_USERNAME: passboltUsername + passboltEnv.secret.DATASOURCES_DEFAULT_SCHEMA: passboltSchema + passboltEnv.plain.DATASOURCES_DEFAULT_HOST: "passboltHost" + passboltEnv.plain.DATASOURCES_DEFAULT_PORT: 1234 + asserts: + - equal: + path: data.DATASOURCES_DEFAULT_URL + value: "postgres://passboltUsername:pass@passboltHost:1234/passboltDatabase?schema=passboltSchema" + decodeBase64: true