diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8cda3e..32ffdf6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,21 +19,12 @@ jobs: - name: Configure Git run: | git config user.name github-actions - git config user.email contact@openfga.dev - - - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GPG_KEY_PASSPHRASE }} - - - name: Export GPG key to legacy format - run: gpg --export-secret-keys > ~/.gnupg/pubring.gpg + git config user.email jasper.vaneessen@ugent.be - name: Install Helm uses: azure/setup-helm@v4 with: - version: v3.5.0 + version: v3.16.2 - name: Add Helm Repositories run: | @@ -43,8 +34,6 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.6.0 - with: - config: .github/cr.yaml env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_SKIP_EXISTING: true diff --git a/charts/openfga/templates/_helpers.tpl b/charts/openfga/templates/_helpers.tpl index 6abf573..06664b5 100644 --- a/charts/openfga/templates/_helpers.tpl +++ b/charts/openfga/templates/_helpers.tpl @@ -77,3 +77,41 @@ Return true if a secret object should be created {{- true -}} {{- end -}} {{- end -}} + + +{{- define "openfga.datastore.envConfig" -}} +{{- if .Values.datastore.engine }} +- name: OPENFGA_DATASTORE_ENGINE + value: "{{ .Values.datastore.engine }}" +{{- end }} +{{- if .Values.datastore.externalSecret.uriSecretKey }} +- name: OPENFGA_DATASTORE_URI + valueFrom: + secretKeyRef: + name: "{{ .Values.datastore.externalSecret.name }}" + key: "{{ .Values.datastore.externalSecret.uriSecretKey }}" +{{- else if .Values.datastore.uri }} +- name: OPENFGA_DATASTORE_URI + value: "{{ .Values.datastore.uri }}" +{{- end }} +{{- if .Values.datastore.externalSecret.usernameSecretKey }} +- name: OPENFGA_DATASTORE_USERNAME + valueFrom: + secretKeyRef: + name: "{{ .Values.datastore.externalSecret.name }}" + key: "{{ .Values.datastore.externalSecret.usernameSecretKey }}" +{{- else if .Values.datastore.username }} +- name: OPENFGA_DATASTORE_USERNAME + value: "{{ .Values.datastore.username }}" +{{- end }} +{{- if .Values.datastore.externalSecret.passwordSecretKey }} +- name: OPENFGA_DATASTORE_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.datastore.externalSecret.name }}" + key: "{{ .Values.datastore.externalSecret.passwordSecretKey }}" +{{- else if .Values.datastore.password }} +- name: OPENFGA_DATASTORE_PASSWORD + value: "{{ .Values.datastore.password }}" +{{- end }} +{{- end -}} diff --git a/charts/openfga/templates/deployment.yaml b/charts/openfga/templates/deployment.yaml index 5af7dfb..c3a8499 100644 --- a/charts/openfga/templates/deployment.yaml +++ b/charts/openfga/templates/deployment.yaml @@ -9,7 +9,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if not .Values.autoscaling.enabled }} + {{- if not .Values.autoscaling.enabled }} replicas: {{ ternary 1 .Values.replicaCount (eq .Values.datastore.engine "memory")}} {{- end }} selector: @@ -80,21 +80,7 @@ spec: {{- end }} env: - {{- if .Values.datastore.engine }} - - name: OPENFGA_DATASTORE_ENGINE - value: "{{ .Values.datastore.engine }}" - {{- end }} - - {{- if .Values.datastore.uri }} - - name: OPENFGA_DATASTORE_URI - value: "{{ .Values.datastore.uri }}" - {{- else if .Values.datastore.uriSecret }} - - name: OPENFGA_DATASTORE_URI - valueFrom: - secretKeyRef: - name: "{{ .Values.datastore.uriSecret }}" - key: "uri" - {{- end }} + {{- include "openfga.datastore.envConfig" . | nindent 12 }} {{- if .Values.datastore.maxCacheSize }} - name: OPENFGA_DATASTORE_MAX_CACHE_SIZE diff --git a/charts/openfga/templates/job.yaml b/charts/openfga/templates/job.yaml index 3ec2595..cac6d35 100644 --- a/charts/openfga/templates/job.yaml +++ b/charts/openfga/templates/job.yaml @@ -36,21 +36,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" args: ["migrate"] env: - {{- if .Values.datastore.engine }} - - name: OPENFGA_DATASTORE_ENGINE - value: "{{ .Values.datastore.engine }}" - {{- end }} - - {{- if .Values.datastore.uri }} - - name: OPENFGA_DATASTORE_URI - value: "{{ .Values.datastore.uri }}" - {{- else if .Values.datastore.uriSecret }} - - name: OPENFGA_DATASTORE_URI - valueFrom: - secretKeyRef: - name: "{{ .Values.datastore.uriSecret }}" - key: "uri" - {{- end }} + {{- include "openfga.datastore.envConfig" . | nindent 12 }} {{- if .Values.migrate.timeout }} - name: OPENFGA_TIMEOUT diff --git a/charts/openfga/values.schema.json b/charts/openfga/values.schema.json index d002147..797e63f 100644 --- a/charts/openfga/values.schema.json +++ b/charts/openfga/values.schema.json @@ -271,7 +271,22 @@ "type": [ "string", "null" - ] + ], + "description": "the URI of the datastore including credentials and database (e.g. postgres://user:password@host:port/dbname)" + }, + "username": { + "type": [ + "string", + "null" + ], + "description": "the username to authenticate with the datastore" + }, + "password": { + "type": [ + "string", + "null" + ], + "description": "the password to authenticate with the datastore" }, "uriSecret": { "type": [ @@ -280,6 +295,20 @@ ], "description": "the secret name where to get the datastore URI, it expects a key named uri to exist in the secret" }, + "usernameSecret": { + "type": [ + "string", + "null" + ], + "description": "the secret name where to get the datastore username, it expects a key named username to exist in the secret" + }, + "passwordSecret": { + "type": [ + "string", + "null" + ], + "description": "the secret name where to get the datastore password, it expects a key named password to exist in the secret" + }, "maxCacheSize": { "type": [ "integer", diff --git a/charts/openfga/values.yaml b/charts/openfga/values.yaml index 686a1eb..a5451c8 100644 --- a/charts/openfga/values.yaml +++ b/charts/openfga/values.yaml @@ -189,7 +189,13 @@ telemetry: datastore: engine: memory uri: - uriSecret: + username: + password: + externalSecret: + name: "" + uriSecretKey: "" + usernameSecretKey: "" + passwordSecretKey: "" maxCacheSize: maxOpenConns: maxIdleConns: