Skip to content

Commit

Permalink
feat: support passing license as file
Browse files Browse the repository at this point in the history 
Signed-off-by: arkbriar <[email protected]>
  • Loading branch information
@arkbriar
arkbriar committed Oct 10, 2024
1 parent ec5ea67 commit ee57129
Show file tree
Hide file tree
Showing 8 changed files with 494 additions and 9 deletions.
44 changes: 43 additions & 1 deletion charts/risingwave/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -601,7 +601,10 @@ Cloud related enviroments.
{{/* Env vars for license key */}}
{{- define "risingwave.licenseKeyEnv" }}
{{- if and .Values.license.secret.key .Values.license.secret.name }}
{{- if and .Values.license.passAsFile (or .Values.license.key (and .Values.license.secret.key .Values.license.secret.name)) }}
- name: RW_LICENSE_KEY_PATH
value: /license/license.jwt
{{- else if and .Values.license.secret.key .Values.license.secret.name }}
- name: RW_LICENSE_KEY
valueFrom:
secretKeyRef:
Expand All @@ -612,3 +615,42 @@ Cloud related enviroments.
value: {{ .Values.license.key | quote }}
{{- end }}
{{- end }}
{{/* Secret name to store license */}}
{{- define "risingwave.licenseKeySecretName" }}
{{- if and .Values.license.secret.key .Values.license.secret.name }}
{{- .Values.license.secret.name }}
{{- else }}
{{- printf "%s-license" (include "risingwave.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{/* Secret key to the license data*/}}
{{- define "risingwave.licenseKeySecretKey" }}
{{- if and .Values.license.secret.key .Values.license.secret.name }}
{{- .Values.license.secret.key }}
{{- else }}
{{- printf "license.jwt" }}
{{- end }}
{{- end }}
{{/* Volume for license key */}}
{{- define "risingwave.licenseKeyVolume"}}
{{- if and .Values.license.passAsFile (or .Values.license.key (and .Values.license.secret.key .Values.license.secret.name)) }}
- name: license
secret:
secretName: {{ include "risingwave.licenseKeySecretName" . | quote }}
items:
- key: {{ include "risingwave.licenseKeySecretKey" . | quote }}
path: license.jwt
{{- end }}
{{- end }}
{{/* Volume mount for license key */}}
{{- define "risingwave.licenseKeyVolumeMount"}}
{{- if and .Values.license.passAsFile (or .Values.license.key (and .Values.license.secret.key .Values.license.secret.name)) }}
- name: license
mountPath: /license
readOnly: true
{{- end }}
{{- end }}
12 changes: 12 additions & 0 deletions charts/risingwave/templates/license-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{- $secretName := (include "risingwave.licenseKeySecretName" .) }}
{{- with .Values.license }}
{{/* passAsFile && key != "" && (secret.key == "" || secret.name == "") */}}
{{- if and .passAsFile .key (or (empty .secret.key) (empty .secret.name)) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
stringData:
license.jwt: {{ .key }}
{{- end }}
{{- end }}
2 changes: 2 additions & 0 deletions charts/risingwave/templates/meta-sts.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ spec:
{{- end }}
{{- end }}
volumes:
{{ include "risingwave.licenseKeyVolume" . | nindent 6 }}
- name: config
configMap:
name: {{ include "risingwave.configurationConfigMapName" . }}
Expand Down Expand Up @@ -327,6 +328,7 @@ spec:
{{ toYaml .Values.metaComponent.resources.requests | nindent 12 }}
{{- end }}
volumeMounts:
{{ include "risingwave.licenseKeyVolumeMount" . | nindent 8 }}
- mountPath: /risingwave/config
name: config
readOnly: true
Expand Down
2 changes: 2 additions & 0 deletions charts/risingwave/templates/standalone/standalone-sts.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ spec:
{{- end }}
{{- end }}
volumes:
{{ include "risingwave.licenseKeyVolume" . | nindent 6 }}
- name: config
configMap:
name: {{ include "risingwave.configurationConfigMapName" . }}
Expand Down Expand Up @@ -367,6 +368,7 @@ spec:
{{ toYaml .Values.standalone.resources.requests | nindent 12 }}
{{- end }}
volumeMounts:
{{ include "risingwave.licenseKeyVolumeMount" . | nindent 8 }}
- mountPath: /risingwave/config
name: config
readOnly: true
Expand Down
56 changes: 56 additions & 0 deletions charts/risingwave/tests/license_secret_test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
suite: License secret test
templates:
- license-secret.yaml
chart:
appVersion: 1.0.0
version: 0.0.1
tests:
- it: no license key
asserts:
- hasDocuments:
count: 0
- it: license key found with raw key and not passing by file
set:
license:
key: "ABC"
passAsFile: false
asserts:
- hasDocuments:
count: 0
- it: license key found with secret and not passing by file
set:
license:
secret:
name: a
key: b
passAsFile: false
asserts:
- hasDocuments:
count: 0
- it: license key found with raw key and passing by file
set:
license:
key: "ABC"
passAsFile: true
asserts:
- hasDocuments:
count: 1
- containsDocument:
apiVersion: v1
kind: Secret
- equal:
path: metadata.name
value: RELEASE-NAME-risingwave-license
- equal:
path: stringData["license.jwt"]
value: "ABC"
- it: license key found with secret and passing by file
set:
license:
secret:
name: a
key: b
passAsFile: true
asserts:
- hasDocuments:
count: 0
189 changes: 186 additions & 3 deletions charts/risingwave/tests/license_standalone_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,47 @@ tests:
content:
name: RW_LICENSE_KEY
any: true
- it: license key found with raw key
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY_PATH
any: true
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: license
any: true
- notContains:
path: spec.template.spec.volumes
content:
name: license
any: true
- it: no license key and passing as file
set:
license:
passAsFile: true
asserts:
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY
any: true
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY_PATH
any: true
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: license
any: true
- notContains:
path: spec.template.spec.volumes
content:
name: license
any: true
- it: license key found with raw key and not passing by file
set:
license:
key: "ABC"
Expand All @@ -25,7 +65,53 @@ tests:
content:
name: RW_LICENSE_KEY
value: "ABC"
- it: license key found with secret ref
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY_PATH
any: true
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: license
any: true
- notContains:
path: spec.template.spec.volumes
content:
name: license
any: true
- it: license key found with raw key and passing by file
set:
license:
key: "ABC"
passAsFile: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY_PATH
value: /license/license.jwt
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: license
mountPath: /license
readOnly: true
- contains:
path: spec.template.spec.volumes
content:
name: license
secret:
secretName: RELEASE-NAME-risingwave-license
items:
- key: license.jwt
path: license.jwt
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY
any: true
- it: license key found with secret ref and not passing by file
set:
license:
secret:
Expand All @@ -40,7 +126,55 @@ tests:
secretKeyRef:
name: LICENSE-SECRET
key: LICENSE-KEY
- it: license key found with secret ref and key
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY_PATH
any: true
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: license
any: true
- notContains:
path: spec.template.spec.volumes
content:
name: license
any: true
- it: license key found with secret ref and passing by file
set:
license:
secret:
name: LICENSE-SECRET
key: LICENSE-KEY
passAsFile: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY_PATH
value: /license/license.jwt
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: license
mountPath: /license
readOnly: true
- contains:
path: spec.template.spec.volumes
content:
name: license
secret:
secretName: LICENSE-SECRET
items:
- key: LICENSE-KEY
path: license.jwt
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY
any: true
- it: license key found with secret ref and key and not passing by file
set:
license:
key: "ABC"
Expand All @@ -56,3 +190,52 @@ tests:
secretKeyRef:
name: LICENSE-SECRET
key: LICENSE-KEY
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY_PATH
any: true
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: license
any: true
- notContains:
path: spec.template.spec.volumes
content:
name: license
any: true
- it: license key found with secret ref and key and passing by file
set:
license:
key: "ABC"
secret:
name: LICENSE-SECRET
key: LICENSE-KEY
passAsFile: true
asserts:
- contains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY_PATH
value: /license/license.jwt
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: license
mountPath: /license
readOnly: true
- contains:
path: spec.template.spec.volumes
content:
name: license
secret:
secretName: LICENSE-SECRET
items:
- key: LICENSE-KEY
path: license.jwt
- notContains:
path: spec.template.spec.containers[0].env
content:
name: RW_LICENSE_KEY
any: true
Loading

0 comments on commit ee57129

Please sign in to comment.