Merge branch '51-helm-chart-secrets' into 'develop'

# create databases

CREATE DATABASE IF NOT EXISTS `{{ .Values.oscreds.mysql.openslicedb | default "osdb" }}`;

CREATE DATABASE IF NOT EXISTS `{{ .Values.oscreds.mysql.keycloak.database | default "keycloak" }}`;

# create portal user and grant rights

CREATE USER '{{ .Values.oscreds.mysql.portal.username | default "portaluser" }}'@'localhost' IDENTIFIED BY '{{ .Values.oscreds.mysql.portal.password | default "12345" }}';

GRANT ALL PRIVILEGES ON *.* TO '{{ .Values.oscreds.mysql.portal.username | default "portaluser" }}'@'%' IDENTIFIED BY '{{ .Values.oscreds.mysql.portal.password | default "12345" }}';

# create keycloak user and grant rights

CREATE USER '{{ .Values.oscreds.mysql.keycloak.username | default "keycloak" }}'@'localhost' IDENTIFIED BY '{{ .Values.oscreds.mysql.keycloak.password | default "password" }}';

GRANT ALL PRIVILEGES ON *.* TO '{{ .Values.oscreds.mysql.keycloak.username | default "keycloak" }}'@'%' IDENTIFIED BY '{{ .Values.oscreds.mysql.keycloak.password | default "password" }}';

#!/usr/bin/env sh

set -eu

run_mysql() {

    mysql -u root -p"$MYSQL_ROOT_PASSWORD" "$@"

}

echo "Waiting for database to be ready"

until run_mysql -e 'SELECT 1'; do

    sleep 1

done

echo "Creating databases and users"

create_user() {

    if ! run_mysql --execute "CREATE USER '$1'@'%' IDENTIFIED BY '$2';" 2>/dev/null; then

        run_mysql --execute "ALTER USER '$1'@'%' IDENTIFIED BY '$2';"

    fi

}

PORTAL_USER="$(< /var/run/secrets/portal/username)"

PORTAL_DATABASE="$(< /var/run/secrets/portal/database)"

KEYCLOAK_USER="$(< /var/run/secrets/keycloak/username)"

KEYCLOAK_DATABASE="$(< /var/run/secrets/keycloak/database)"

METRICO_USER="$(< /var/run/secrets/metrico/username)"

METRICO_DATABASE="$(< /var/run/secrets/metrico/database)"

run_mysql --execute \

"

# create databases

CREATE DATABASE IF NOT EXISTS $PORTAL_DATABASE;

CREATE DATABASE IF NOT EXISTS $KEYCLOAK_DATABASE;

CREATE DATABASE IF NOT EXISTS $METRICO_DATABASE;

"

create_user "$PORTAL_USER" "$(< /var/run/secrets/portal/password)"

create_user "$KEYCLOAK_USER" "$(< /var/run/secrets/keycloak/password)"

create_user "$METRICO_USER" "$(< /var/run/secrets/metrico/password)"

run_mysql --execute \

"

# Grant portal user rights to the portal database

GRANT ALL PRIVILEGES ON $PORTAL_DATABASE.* TO '$PORTAL_USER'@'%';

# Grant keycloak user rights to the portal database

GRANT ALL PRIVILEGES ON $KEYCLOAK_DATABASE.* TO '$KEYCLOAK_USER'@'%';

# Grant metrico user rights to the portal database

GRANT ALL PRIVILEGES ON $METRICO_DATABASE.* TO '$METRICO_USER'@'%';

"

echo "Finished creating databases and users"

apiVersion: v1

kind: Secret

metadata:

  namespace: {{ .Release.Namespace }}

  labels:

    app: {{ include "openslice.fullname" . }}

    org.etsi.osl.service: mysql

    chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"

    {{- include "openslice.labels" . | nindent 4 }}

  name: {{ include "openslice.fullname" . }}-artemis-secret

data:

  username: {{ .Values.oscreds.activemq.user | b64enc }}

  password: {{ .Values.oscreds.activemq.password | b64enc }}

          name: {{ include "openslice.fullname" . }}-artemis

          env:

            - name: ARTEMIS_USER

              value: {{ .Values.oscreds.activemq.user }}

              valueFrom:

                secretKeyRef:

                  name: {{ include "openslice.fullname" . }}-artemis-secret

                  key: username

            - name: ARTEMIS_PASSWORD

              value: {{ .Values.oscreds.activemq.password }}

              valueFrom:

                secretKeyRef:

                  name: {{ include "openslice.fullname" . }}-artemis-secret

                  key: password

          resources:

            {{- toYaml .Values.resources | nindent 12 }}

          ports:

            - name: SPRING_APPLICATION_JSON

              value: >-

                {

                  "spring.config.import": "configtree:/etc/config/",

                  "spring.activemq.brokerUrl": "tcp://{{ include "openslice.fullname" . }}-artemis:61616?jms.watchTopicAdvisories=false", 

                  "spring.activemq.user": "{{ .Values.oscreds.activemq.user }}", 

                  "spring.activemq.password": "{{ .Values.oscreds.activemq.password }}", 

                  "bugzillaurl":"{{ .Values.bugzillaurl }}",

                  "bugzillakey":"{{ .Values.bugzillakey }}", 

                  "main_operations_product":"{{ .Values.main_operations_product }}" 

            {{- toYaml .Values.resources | nindent 12 }}

          ports:

            - containerPort: 13010

          volumeMounts:

            - mountPath: "/etc/config/spring.activemq.user"

              name: artemis-secrets

              subPath: username

              readOnly: true

            - mountPath: "/etc/config/spring.activemq.password"

              name: artemis-secrets

              subPath: password

              readOnly: true

      restartPolicy: Always

      volumes:

        - name: artemis-secrets

          secret:

            secretName: {{ include "openslice.fullname" . }}-artemis-secret

---

apiVersion: v1

kind: Service