fix: fixes changing artifactory admin password breaking things (#42)

defenseunicorns · Aug 21, 2024 · a5fd7d5 · a5fd7d5
1 parent 976abaf
commit a5fd7d5
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 18 deletions.
diff --git a/chart/templates/admin-secret.yaml b/chart/templates/admin-secret.yaml
@@ -7,7 +7,11 @@ type: Opaque
 {{- $previous := lookup "v1" "Secret" .Release.Namespace "artifactory-admin-credentials" }}
 {{- $randPass := (randAlphaNum 16) }}
 data:
-  {{- if $previous }}
+  {{- if .Values.admin.password }}
+  adminCreds: {{ (printf "%s@%s=%s" .Values.admin.username .Values.admin.ip .Values.admin.password) | b64enc }}
+  username: {{ .Values.admin.username | b64enc }}
+  password: {{ .Values.admin.password | b64enc }}
+  {{- else if $previous }}
   adminCreds: {{ $previous.data.adminCreds }}
   username: {{ $previous.data.username }}
   password: {{ $previous.data.password }}

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -11,6 +11,8 @@ serviceMonitor:
 admin:
   ip: "127.0.0.1"
   username: "admin"
+  # If left empty, the chart will automatically generate a password
+  password: ""
 
 postgres:
   # Set to false to use external postgres

diff --git a/common/zarf.yaml b/common/zarf.yaml
@@ -12,7 +12,7 @@ components:
         namespace: artifactory
         version: 0.1.0
         localPath: ../chart
-      # renovate: datasource=helm
+  # renovate: datasource=helm
       - name: artifactory
         namespace: artifactory
         url: https://charts.jfrog.io
@@ -21,3 +21,35 @@ components:
         releaseName: artifactory
         valuesFiles:
           - ../values/common.yaml
+    actions:
+      onDeploy:
+        after:
+          - cmd: kubectl get secret artifactory-admin-credentials -n artifactory -o=jsonpath='{.data.adminCreds}' | sha256sum | cut -d ' ' -f1
+            # mute: true
+            setVariables:
+              - name: CURRENT_SUM
+                # sensitive: true
+          - cmd: kubectl get sts artifactory -n artifactory -o=jsonpath='{.metadata.annotations.checksum/secret}' || true
+            # mute: true
+            setVariables:
+              - name: ANNOTATION_SUM
+                # sensitive: true
+          - cmd: |
+              if [[ -n "$ZARF_VAR_ANNOTATION_SUM" ]]; then
+                if [[ "$ZARF_VAR_CURRENT_SUM" == "$ZARF_VAR_ANNOTATION_SUM" ]]; then
+                  echo "Secret did not change"
+                else
+                  kubectl rollout restart sts artifactory -n artifactory
+                  kubectl wait -n artifactory statefulset/artifactory --for='jsonpath={status.availableReplicas}'=0 --timeout=500s
+                fi
+              fi
+              kubectl annotate --overwrite -n artifactory sts artifactory checksum/secret=${ZARF_VAR_CURRENT_SUM}
+            shell:
+              darwin: bash
+              linux: bash
+          - wait:
+              cluster:
+                kind: StatefulSet
+                name: artifactory
+                namespace: artifactory
+                condition: "{.status.readyReplicas}=1"
diff --git a/tasks.yaml b/tasks.yaml
@@ -12,32 +12,32 @@ tasks:
   - name: default
     description: Create K3D Cluster with UDS-Core + Artifactory
     actions:
-      - task: create-test-bundle
+      - task: create-artifactory-test-bundle
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
 
   - name: default-full
     description: Create K3D Cluster with UDS-Core + Artifactory
     actions:
-      - task: create-test-bundle
+      - task: create-artifactory-test-bundle
       - task: setup:k3d-full-cluster
       - task: deploy:test-bundle
 
-  - name: create-package
+  - name: create-artifactory-package
     description: Create UDS Artifactory Package, No dependencies included
     actions:
       - task: create:package
         with:
           options: "--skip-sbom"
 
-  - name: create-test-bundle
-    description: Create a local UDS Artifactory bundlewith dependencies
+  - name: create-artifactory-test-bundle
+    description: Create a local UDS Artifactory bundle with dependencies
     actions:
-      - task: create-package
+      - task: create-artifactory-package
       - task: dependencies:create
       - task: create:test-bundle
 
-  - name: create-latest-release-bundle
+  - name: create-artifactory-latest-release-bundle
     description: Create UDS Artifactory bundle with dependencies based on the latest release
     actions:
       - task: pull:latest-package-release
@@ -46,33 +46,35 @@ tasks:
       - task: dependencies:create
       - task: create:test-bundle
 
-  - name: deploy-test-bundle
-    description: Deploy the Artifactory test bundle to local cluster
+  - name: setup-cluster
+    description: Setup a K3D cluster with UDS-Core-Slim
     actions:
-      - task: deploy:test-bundle
+      - task: setup:k3d-test-cluster
 
-  - name: local-all
+  - name: dev
     description: Create then deploy local artifactory bundle
     actions:
-      - task: create-test-bundle
+      - task: create-artifactory-test-bundle
       - task: deploy:test-bundle
 
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
   - name: test-package
     description: Test the Artifactory package from the current branch
     actions:
-      - task: create-test-bundle
+      - task: create-artifactory-test-bundle
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
-      - task: test:all
+      - task: test:health-check
+      - task: test:ingress
 
   - name: test-upgrade
     description: Test an upgrade from the latest released package to the current branch
     actions:
-      - task: create-latest-release-bundle
+      - task: create-artifactory-latest-release-bundle
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
       - task: create-test-bundle
       - task: deploy:test-bundle
-      - task: test:all
+      - task: test:health-check
+      - task: test:ingress