fix(cnpg): use superuser secret for backups (#396)

packages/kontinuous/tests/__snapshots__/extends-ovh.dev.yaml

@@ -557,7 +557,7 @@ kind: Cluster
 metadata:
   name: pg-hasura
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-hasura
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -620,7 +620,7 @@ kind: Cluster
 metadata:
   name: pg-keycloak
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-keycloak
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -683,7 +683,7 @@ kind: Pooler
 metadata:
   name: pg-hasura-rw
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-hasura
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -718,7 +718,7 @@ kind: Pooler
 metadata:
   name: pg-keycloak-rw
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-keycloak
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"

packages/kontinuous/tests/__snapshots__/extends-ovh.prod.yaml

@@ -142,9 +142,20 @@ spec:
                   value: https://s3.gra.io.cloud.ovh.net
                 - name: DESTINATION_PATH
                   value: s3://fabrique-prod-backups/test-extends-ovh/pg-hasura/dumps
-              envFrom:
-                - secretRef:
-                    name: pg-hasura-app
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: pg-hasura-superuser
+                      key: password
+                - name: PGUSER
+                  valueFrom:
+                    secretKeyRef:
+                      name: pg-hasura-superuser
+                      key: username
+                - name: PGDATABASE
+                  value: test-extends-ovh
+                - name: PGHOST
+                  value: pg-hasura-r
 ---
 apiVersion: batch/v1
 kind: CronJob
@@ -210,9 +221,20 @@ spec:
                   value: https://s3.gra.io.cloud.ovh.net
                 - name: DESTINATION_PATH
                   value: s3://fabrique-prod-backups/test-extends-ovh/pg-keycloak/dumps
-              envFrom:
-                - secretRef:
-                    name: pg-keycloak-app
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: pg-keycloak-superuser
+                      key: password
+                - name: PGUSER
+                  valueFrom:
+                    secretKeyRef:
+                      name: pg-keycloak-superuser
+                      key: username
+                - name: PGDATABASE
+                  value: test-extends-ovh
+                - name: PGHOST
+                  value: pg-keycloak-r
 ---
 apiVersion: batch/v1
 kind: Job
@@ -694,7 +716,7 @@ kind: Cluster
 metadata:
   name: pg-hasura
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-hasura
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -734,7 +756,7 @@ spec:
   backup:
     retentionPolicy: 60d
     barmanObjectStore:
-      destinationPath: s3://fabrique-prod-backups/test-extends-ovh/pg-hasura
+      destinationPath: s3://fabrique-prod-backups/test-extends-ovh
       endpointURL: https://s3.gra.io.cloud.ovh.net
       s3Credentials:
         accessKeyId:
@@ -774,7 +796,7 @@ kind: Cluster
 metadata:
   name: pg-keycloak
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-keycloak
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -814,7 +836,7 @@ spec:
   backup:
     retentionPolicy: 60d
     barmanObjectStore:
-      destinationPath: s3://fabrique-prod-backups/test-extends-ovh/pg-keycloak
+      destinationPath: s3://fabrique-prod-backups/test-extends-ovh
       endpointURL: https://s3.gra.io.cloud.ovh.net
       s3Credentials:
         accessKeyId:
@@ -908,7 +930,7 @@ kind: Pooler
 metadata:
   name: pg-hasura-rw
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-hasura
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -943,7 +965,7 @@ kind: Pooler
 metadata:
   name: pg-keycloak-rw
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-keycloak
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -978,7 +1000,7 @@ kind: ScheduledBackup
 metadata:
   name: pg-hasura-scheduledbackup
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-hasura
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -1009,7 +1031,7 @@ kind: ScheduledBackup
 metadata:
   name: pg-keycloak-scheduledbackup
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg-keycloak
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"

packages/kontinuous/tests/__snapshots__/override-env-default.dev.yaml

@@ -143,9 +143,20 @@ spec:
                   value: https://s3.gra.io.cloud.ovh.net
                 - name: DESTINATION_PATH
                   value: s3://fabrique-dev-backups/test-override-env-default-feature-branch-1/pg/dumps
-              envFrom:
-                - secretRef:
-                    name: pg-app
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: pg-superuser
+                      key: password
+                - name: PGUSER
+                  valueFrom:
+                    secretKeyRef:
+                      name: pg-superuser
+                      key: username
+                - name: PGDATABASE
+                  value: autodevops_feature-branch-1
+                - name: PGHOST
+                  value: pg-r
 ---
 apiVersion: batch/v1
 kind: Job
@@ -301,7 +312,7 @@ kind: Cluster
 metadata:
   name: pg
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -341,7 +352,7 @@ spec:
   backup:
     retentionPolicy: 60d
     barmanObjectStore:
-      destinationPath: s3://fabrique-dev-backups/test-override-env-default-feature-branch-1/pg
+      destinationPath: s3://fabrique-dev-backups/test-override-env-default-feature-branch-1
       endpointURL: https://s3.gra.io.cloud.ovh.net
       s3Credentials:
         accessKeyId:
@@ -381,7 +392,7 @@ kind: Pooler
 metadata:
   name: pg-rw
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -416,7 +427,7 @@ kind: ScheduledBackup
 metadata:
   name: pg-scheduledbackup
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: pg
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"

packages/kontinuous/tests/__snapshots__/pg.prod.yaml

@@ -142,9 +142,20 @@ spec:
                   value: https://s3.gra.io.cloud.ovh.net
                 - name: DESTINATION_PATH
                   value: s3://fabrique-prod-backups/test-pg/cnpg/dumps
-              envFrom:
-                - secretRef:
-                    name: cnpg-app
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: cnpg-superuser
+                      key: password
+                - name: PGUSER
+                  valueFrom:
+                    secretKeyRef:
+                      name: cnpg-superuser
+                      key: username
+                - name: PGDATABASE
+                  value: test-pg
+                - name: PGHOST
+                  value: cnpg-r
 ---
 apiVersion: batch/v1
 kind: Job
@@ -465,7 +476,7 @@ kind: Cluster
 metadata:
   name: cnpg
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: cnpg
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -505,7 +516,7 @@ spec:
   backup:
     retentionPolicy: 60d
     barmanObjectStore:
-      destinationPath: s3://fabrique-prod-backups/test-pg/cnpg
+      destinationPath: s3://fabrique-prod-backups/test-pg
       endpointURL: https://s3.gra.io.cloud.ovh.net
       s3Credentials:
         accessKeyId:
@@ -572,7 +583,7 @@ kind: Pooler
 metadata:
   name: cnpg-rw
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: cnpg
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"
@@ -607,7 +618,7 @@ kind: ScheduledBackup
 metadata:
   name: cnpg-scheduledbackup
   labels:
-    helm.sh/chart: cnpg-cluster-1.9.10
+    helm.sh/chart: cnpg-cluster-1.9.12
     app.kubernetes.io/name: cnpg
     app.kubernetes.io/instance: release-name
     app.kubernetes.io/version: \\"15\\"

packages/kontinuous/tests/samples/extends-ovh/config.yaml

@@ -10,4 +10,4 @@ dependencies:
 # links:
 # socialgouv/helm-charts/charts/cnpg-cluster@v1: ./charts-overrides/cnpg-cluster
 remoteLinks:
-  socialgouv/helm-charts/charts/cnpg-cluster@v1: socialgouv/helm-charts/charts/[email protected].10
+  socialgouv/helm-charts/charts/cnpg-cluster@v1: socialgouv/helm-charts/charts/[email protected].12

packages/kontinuous/tests/samples/override-env-default/config.yaml

@@ -8,4 +8,4 @@ dependencies:
         ifEnv: [dev]
 
 remoteLinks:
-  socialgouv/helm-charts/charts/cnpg-cluster@v1: socialgouv/helm-charts/charts/[email protected].10
+  socialgouv/helm-charts/charts/cnpg-cluster@v1: socialgouv/helm-charts/charts/[email protected].12

packages/kontinuous/tests/samples/pg/config.yaml

@@ -5,4 +5,4 @@ dependencies:
     import: socialgouv/kontinuous/plugins/fabrique
 
 remoteLinks:
-  socialgouv/helm-charts/charts/cnpg-cluster@v1: socialgouv/helm-charts/charts/[email protected].10
+  socialgouv/helm-charts/charts/cnpg-cluster@v1: socialgouv/helm-charts/charts/[email protected].12

plugins/fabrique/charts/pg/values.yaml

@@ -46,9 +46,8 @@ cnpg-cluster:
     ~tpl~enabled: "{{ (or .Values.Parent.backup.enabled .Values.global.isProd .Values.global.isPreProd) | ternary `true` `false` }}"
     schedule: "0 0 0 * * *" # daily
     retentionPolicy: 60d
-    ~tpl~sqlDumpPgSecret: "{{ index .Values.kontinuous.chartContext 2 }}-app"
     barmanObjectStore:
-      ~tpl~destinationPath: "s3://{{ .Values.global.projectName }}-{{ .Values.global.isProd | ternary `prod` `dev` }}-backups/{{ .Values.global.namespace }}/{{ index .Values.kontinuous.chartContext 2 }}{{ (ne .Values.Parent.backup.name ``) | ternary (print `-` .Values.Parent.backup.name) `` }}"
+      ~tpl~destinationPath: "s3://{{ .Values.global.projectName }}-{{ .Values.global.isProd | ternary `prod` `dev` }}-backups/{{ .Values.global.namespace }}{{ (ne .Values.Parent.backup.name ``) | ternary (print `-` .Values.Parent.backup.name) `` }}"
       ~tpl~endpointURL: "{{ .Values.global.pgBackupEndpointURL }}"
       wal:
         compression: gzip