From d5fe8d86e21d35e8c3574688cd97fca60b2715d8 Mon Sep 17 00:00:00 2001 From: Clemens Geibel Date: Thu, 27 Jan 2022 16:39:48 +0100 Subject: [PATCH] Added secret.yaml --- src/main/cljc/dda/c4k_shynet/core.cljc | 6 ++-- src/main/cljc/dda/c4k_shynet/shynet.cljc | 12 ++++++++ src/main/resources/shynet/secret.yaml | 28 +++++++++++++++++++ src/test/cljc/dda/c4k_shynet/shynet_test.cljc | 28 ++++++++++++++++++- valid-auth.edn | 5 ++-- 5 files changed, 74 insertions(+), 5 deletions(-) create mode 100644 src/main/resources/shynet/secret.yaml diff --git a/src/main/cljc/dda/c4k_shynet/core.cljc b/src/main/cljc/dda/c4k_shynet/core.cljc index 609e887..bc50527 100644 --- a/src/main/cljc/dda/c4k_shynet/core.cljc +++ b/src/main/cljc/dda/c4k_shynet/core.cljc @@ -13,7 +13,8 @@ (def config? (s/keys :req-un [::shynet/fqdn] :opt-un [::shynet/issuer ::postgres/postgres-data-volume-path])) -(def auth? (s/keys :req-un [::postgres/postgres-db-user ::postgres/postgres-db-password])) ;TODO add auth +(def auth? (s/keys :req-un [::shynet/django-secret-key + ::postgres/postgres-db-user ::postgres/postgres-db-password])) (defn k8s-objects [config] (into @@ -26,7 +27,8 @@ [(yaml/to-string (postgres/generate-pvc)) (yaml/to-string (postgres/generate-deployment :postgres-image "postgres:14")) (yaml/to-string (postgres/generate-service))] - [(yaml/to-string (shynet/generate-webserver-deployment)) + [(yaml/to-string (shynet/generate-secret config)) + (yaml/to-string (shynet/generate-webserver-deployment)) (yaml/to-string (shynet/generate-celeryworker-deployment)) (yaml/to-string (shynet/generate-ingress config)) (yaml/to-string (shynet/generate-certificate config)) diff --git a/src/main/cljc/dda/c4k_shynet/shynet.cljc b/src/main/cljc/dda/c4k_shynet/shynet.cljc index f2fd8ae..edc6bc0 100644 --- a/src/main/cljc/dda/c4k_shynet/shynet.cljc +++ b/src/main/cljc/dda/c4k_shynet/shynet.cljc @@ -8,10 +8,13 @@ (s/def ::fqdn pred/fqdn-string?) (s/def ::issuer pred/letsencrypt-issuer?) +(s/def ::django-secret-key pred/bash-env-string?) + #?(:cljs (defmethod yaml/load-resource :shynet [resource-name] (case resource-name + "shynet/secret.yaml" (rc/inline "shynet/secret.yaml") "shynet/certificate.yaml" (rc/inline "shynet/certificate.yaml") "shynet/deployments.yaml" (rc/inline "shynet/deployments.yaml") "shynet/ingress.yaml" (rc/inline "shynet/ingress.yaml") @@ -20,6 +23,15 @@ "shynet/statefulset.yaml" (rc/inline "shynet/statefulset.yaml") (throw (js/Error. "Undefined Resource!"))))) +(defn generate-secret [config] + (let [{:keys [fqdn django-secret-key postgres-db-user postgres-db-password]} config] + (-> + (yaml/from-string (yaml/load-resource "shynet/secret.yaml")) + (assoc-in [:stringData :ALLOWED_HOSTS] fqdn) + (assoc-in [:stringData :DJANGO_SECRET_KEY] django-secret-key) + (assoc-in [:stringData :DB_USER] postgres-db-user) + (assoc-in [:stringData :DB_PASSWORD] postgres-db-password)))) + (defn generate-certificate [config] (let [{:keys [fqdn issuer]} config letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")] diff --git a/src/main/resources/shynet/secret.yaml b/src/main/resources/shynet/secret.yaml new file mode 100644 index 0000000..7058599 --- /dev/null +++ b/src/main/resources/shynet/secret.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Secret +metadata: + name: shynet-settings +type: Opaque +stringData: + # Django settings + DEBUG: "False" + ALLOWED_HOSTS: fqdn # For better security, set this to your deployment's domain. Comma separated. + DJANGO_SECRET_KEY: django-secret-key + ACCOUNT_SIGNUPS_ENABLED: "False" + TIME_ZONE: "America/New_York" + + # Redis configuration (if you use the default Kubernetes config, this will work) + REDIS_CACHE_LOCATION: "redis://shynet-redis.default.svc.cluster.local/0" + CELERY_BROKER_URL: "redis://shynet-redis.default.svc.cluster.local/1" + + # PostgreSQL settings + DB_NAME: "shynet" + DB_USER: postgres-db-user + DB_PASSWORD: postgres-db-password + DB_HOST: "postgresql-service:5432" + + # Email settings + EMAIL_HOST_USER: "" + EMAIL_HOST_PASSWORD: "" + EMAIL_HOST: "" + SERVER_EMAIL: "Shynet " \ No newline at end of file diff --git a/src/test/cljc/dda/c4k_shynet/shynet_test.cljc b/src/test/cljc/dda/c4k_shynet/shynet_test.cljc index ba84719..8807d2e 100644 --- a/src/test/cljc/dda/c4k_shynet/shynet_test.cljc +++ b/src/test/cljc/dda/c4k_shynet/shynet_test.cljc @@ -78,4 +78,30 @@ :rules [{:host "test.com" :http {:paths [{:backend {:serviceName "shynet-webserver-service", :servicePort 8080}, :path "/"}]}}]}} - (cut/generate-ingress {:fqdn "test.com" :issuer :staging})))) \ No newline at end of file + (cut/generate-ingress {:fqdn "test.com" :issuer :staging})))) + +(deftest should-generate-secret + (is (= {:apiVersion "v1" + :kind "Secret" + :metadata {:name "shynet-settings"} + :type "Opaque" + :stringData + {:DEBUG "False" + :ALLOWED_HOSTS "test.com" + :DJANGO_SECRET_KEY "django-pw" + :ACCOUNT_SIGNUPS_ENABLED "False" + :TIME_ZONE "America/New_York" + :REDIS_CACHE_LOCATION + "redis://shynet-redis.default.svc.cluster.local/0" + :CELERY_BROKER_URL + "redis://shynet-redis.default.svc.cluster.local/1" + :DB_NAME "shynet" + :DB_USER "postgres-user" + :DB_PASSWORD "postgres-pw" + :DB_HOST "postgresql-service:5432" + :EMAIL_HOST_USER "" + :EMAIL_HOST_PASSWORD "" + :EMAIL_HOST "" + :SERVER_EMAIL "Shynet "}} + (cut/generate-secret {:fqdn "test.com" :django-secret-key "django-pw" + :postgres-db-user "postgres-user" :postgres-db-password "postgres-pw"})))) \ No newline at end of file diff --git a/valid-auth.edn b/valid-auth.edn index dc90ecb..0872d1b 100644 --- a/valid-auth.edn +++ b/valid-auth.edn @@ -1,2 +1,3 @@ -{:postgres-db-user "jira" - :postgres-db-password "jira-db-password"} +{:django-secret-key "django" + :postgres-db-user "shynet" + :postgres-db-password "shynet-db-password"}