Deprecate Values.lenses.jvm.trustStoreFileData/Values.lenses.jvm.trus…

…tStorePassword in favor of Values.lenses.opts.trustStoreFileData/Values.lenses.opts.trustStorePassword [OPS-1921]
lensesio · Oct 21, 2021 · f096caf · f096caf
1 parent c146bce
commit f096caf
Show file tree

Hide file tree

Showing 7 changed files with 74 additions and 61 deletions.
diff --git a/Release-notes.md b/Release-notes.md
@@ -1,5 +1,10 @@
 # Release notes for Lenses Helm chart
 
+## Release 4.3.11
+
+- `Values.lenses.jvm.trustStoreFileData` has been deprecated  in favor of `Values.lenses.opts.trustStoreFileData` since they were duplicates, please use the latter.
+- `Values.lenses.jvm.trustStorePassword` has been deprecated  in favor of `Values.lenses.opts.trustStorePassword` since they were duplicates, please use the latter.
+
 ## Release 4.2.12
 
 Previously, Connect URL was inferred from `protocol`, `host` and

diff --git a/charts/lenses/Chart.yaml b/charts/lenses/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v1
 description: A chart for Lenses
 icon: https://www.lenses.io/images/logos/icon_ellipse2red.png
 name: lenses
-version: 4.3.10
+version: 4.3.11
 appVersion: 4.3.4
diff --git a/charts/lenses/templates/deployment.yaml b/charts/lenses/templates/deployment.yaml
@@ -351,23 +351,7 @@ spec:
         {{- end }}
         - name: LENSES_KAFKA_SETTINGS_CLIENT_BASIC_AUTH_CREDENTIALS_SOURCE
           value: {{ default "" .Values.lenses.schemaRegistries.security.authType | quote }}
-
         # ssl/sasl
-        {{- if .Values.lenses.jvm.trustStoreFileData }}
-        # Remove "LENSES_" prefix to avoid env. var. auto-detection which results
-        # in lenses.conf entry.
-        - name: JVM_TRUSTSTORE_LOCATION
-          value: "/mnt/secrets/jvm.truststore.jks"
-        - name: LENSES_OPTS
-          value: "$(LENSES_OPTS) -Djavax.net.ssl.trustStore=$(JVM_TRUSTSTORE_LOCATION)"
-        - name: JVM_TRUSTSTORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ include "fullname" . | quote }}
-              key:  "jvm.truststore.password"
-        - name: LENSES_OPTS
-          value: "$(LENSES_OPTS) -Djavax.net.ssl.trustStorePassword=$(JVM_TRUSTSTORE_PASSWORD)"
-        {{- end }}
         - name: LENSES_KAFKA_SETTINGS_CLIENT_SECURITY_PROTOCOL
           value: {{ include "securityProtocol" . | quote }}
         - name: LENSES_KAFKA_SETTINGS_CLIENT_SASL_MECHANISM

diff --git a/charts/lenses/templates/secrets.yaml b/charts/lenses/templates/secrets.yaml
@@ -10,8 +10,6 @@ metadata:
     lenses.io/app: "{{ include "fullname" . }}"
     lenses.io/app.type: lenses-secret
 data:
-  jvm.truststore.jks: |-
-{{ .Values.lenses.jvm.trustStoreFileData | default "" | indent 4 }}
   lenses.tls.keystore.jks: |-
     {{- .Values.lenses.tls.keyStoreFileData | default "" | nindent 4 }}
   lenses.tls.truststore.jks: |-
@@ -61,7 +59,15 @@ stringData:
   lenses.tls.key.password: {{ .Values.lenses.tls.keyPassword | default "" | quote }}
   lenses.tls.truststore.password: {{ .Values.lenses.tls.trustStorePassword | default "" | quote }}
   lenses.opts.keystore.password: {{ .Values.lenses.opts.keyStorePassword | default "" | quote }}
-  lenses.opts.truststore.password: {{ .Values.lenses.opts.trustStorePassword | default "" | quote }}
+  {{- if .Values.lenses.opts.trustStoreFileData }}
+  lenses.opts.truststore.password: {{ required "When you set trustStoreFileData, you also need to set trustStorePassword" .Values.lenses.opts.trustStorePassword | quote }}
+  {{- end }}
+
   {{- if .Values.lenses.jvm.trustStoreFileData }}
-  jvm.truststore.password: {{ required "When you set trustStoreFileData, you also needto set trustStorePassword" .Values.lenses.jvm.trustStorePassword | quote }}
+  {{/* Deliberately fail helm deployment */}}
+  {{ required ".Values.lenses.jvm.trustStoreFileData is deprecated in favor of Values.lenses.opts.trustStoreFileData, please use the latter." nil }}
+  {{- end }}
+  {{- if .Values.lenses.jvm.trustStorePassword }}
+  {{/* Deliberately fail helm deployment */}}
+  {{ required ".Values.lenses.jvm.trustStorePassword is deprecated in favor of Values.lenses.opts.trustStorePassword, please use the latter." nil }}
   {{- end }}
diff --git a/charts/lenses/tests/with-jvm-truststore.run_test.yaml b/charts/lenses/tests/with-jvm-truststore.run_test.yaml
diff --git a/charts/lenses/tests/with-opts-truststore.run_test.yaml b/charts/lenses/tests/with-opts-truststore.run_test.yaml
@@ -0,0 +1,54 @@
+suite: with opts truststore set
+templates:
+  - deployment.yaml
+  - secrets.yaml
+tests:
+  - it: should fail with trustStoreFileData and without trustStorePassword
+    set:
+      lenses:
+        opts:
+          trustStoreFileData: bGFsYQ==
+    asserts:
+      - template: secrets.yaml
+        failedTemplate:
+          errorMessage: When you set trustStoreFileData, you also need to set trustStorePassword
+  - it: should pass with trustStoreFileData and trustStorePassword
+    set:
+      lenses:
+        opts:
+          trustStoreFileData: bGFsYQ==
+          trustStorePassword: 123
+    asserts:
+      - template: deployment.yaml
+        contains:
+          path: spec.template.spec.volumes[0].secret.items
+          content:
+            key: lenses.opts.truststore.jks
+            path: lenses.opts.truststore.jks
+      - template: secrets.yaml
+        equal:
+          path: data.lenses\.opts\.truststore\.jks
+          value: bGFsYQ==
+      - template: secrets.yaml
+        equal:
+          path: stringData.lenses\.opts\.truststore\.password
+          value: "123"
+
+  - it: should fail with JVM trustStoreFileData
+    set:
+      lenses:
+        jvm:
+          trustStoreFileData: bGFsYQ==
+    asserts:
+      - template: secrets.yaml
+        failedTemplate:
+          errorMessage: .Values.lenses.jvm.trustStoreFileData is deprecated in favor of Values.lenses.opts.trustStoreFileData, please use the latter.
+  - it: should fail with JVM trustStorePassword
+    set:
+      lenses:
+        jvm:
+          trustStorePassword: foobar
+    asserts:
+      - template: secrets.yaml
+        failedTemplate:
+          errorMessage: .Values.lenses.jvm.trustStorePassword is deprecated in favor of Values.lenses.opts.trustStorePassword, please use the latter.
diff --git a/charts/lenses/values.yaml b/charts/lenses/values.yaml
@@ -142,11 +142,10 @@ lenses:
     #performanceOpts are any jvm tuning options to add to the jvm
     performanceOpts:
 
-    # base64 encoded truststore data
-    trustStoreFileData: |-
-
-    # trust store password
-    trustStorePassword:
+    # DEPRECATED in favor of Values.lenses.opts.trustStoreFileData, please use the latter
+    # trustStoreFileData:
+    # DEPRECATED in favor of Values.lenses.opts.trustStorePassword, please use the latter
+    # trustStorePassword:
 
   # Override the default logback xml
   # Used primarily to load a Lenses provided xml with debug level set for Lenses libs