updates to iam jupyter operator charts

datalayer · Jul 11, 2024 · 0a0889e · 0a0889e
1 parent 92d3826
commit 0a0889e
Show file tree

Hide file tree

Showing 15 changed files with 414 additions and 190 deletions.
diff --git a/.github/workflows/unittest.yaml b/.github/workflows/unittest.yaml
@@ -0,0 +1,61 @@
+name: Unit tests
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+
+jobs:
+  unittests:
+    runs-on:
+      labels: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          ref: ${{ github.head_ref }}
+          fetch-depth: 0
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@cc733854b1f224978ef800d29e4709d5ee2883e4 # v44.5.5
+        with:
+          files: "./**"
+          dir_names: "true"
+          dir_names_max_depth: "2"
+          dir_names_deleted_files_include_only_deleted_dirs: "true"
+
+      - name: List all changed files
+        id: modify-changed-files
+        run: |
+          echo "Number of changed files: ${{ steps.changed-files.outputs.all_modified_files_count }}"
+
+          folders=""
+          counter=0
+
+          for folder in ${{ steps.changed-files.outputs.all_modified_files }}; do
+            echo "$folder was changed"
+
+            # Check if overall chart folder still exists
+            if [[ -d "$folder" ]]; then
+              folders+="$folder "
+              counter=$((counter+1))
+            else
+              echo "$folder no longer exists and will not be tested"
+            fi
+          done
+
+          modified_folders=$(echo "$folders" | sed 's/ *$//')
+
+          echo "folder_string=$modified_folders" >> "$GITHUB_OUTPUT"
+          echo "folder_count=$counter" >> "$GITHUB_OUTPUT"
+
+      - name: Setup up Helm and unittest
+        uses: d3adb5/helm-unittest-action@66140cd099aa6c4f2ebc59735b8e421135a6d4e3 # v2.4
+        if: steps.modify-changed-files.outputs.folder_count > 0
+        with:
+          helm-version: v3.12.2
+          charts: ${{ steps.changed-files.outputs.folder_string }}
diff --git a/datalayer-iam/templates/deployment.yaml b/datalayer-iam/templates/deployment.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ .Release.Name }}
-  namespace: {{ .Values.namespace }}
+  namespace: {{ default .Release.Namespace .Values.namespace }}
   labels:
     app: {{ template "iam.name" . }}
 spec:
@@ -21,100 +21,35 @@ spec:
         datalayer.io/app: {{ template "iam.name" . }}
     spec:
       terminationGracePeriodSeconds: 0
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: role.datalayer.io/api
-                operator: In
-                values:
-                - "true"
+      {{- with .Values.iam.affinity }}
+      affinity: {{- toYaml . | nindent 8 }}
+      {{- end }}
       imagePullSecrets:
-            - name: reg-creds
+        - name: reg-creds
       containers:
         - name: iam
           image: {{ .Values.iam.image }}
           imagePullPolicy: {{ .Values.iam.imagePullPolicy }}
           ports:
             - containerPort: {{ .Values.iam.port }}
               protocol: TCP
+          {{- if or .Values.iam.env .Values.iam.envValueFrom }}
           env:
-          - name: DATALAYER_RUNTIME_ENV
-            value: {{ .Values.iam.env.DATALAYER_RUNTIME_ENV }}
-          - name: DATALAYER_RUN_HOST
-            value: {{ .Values.iam.env.DATALAYER_RUN_HOST }}
-          - name: DATALAYER_CDN_URL
-            value: {{ .Values.iam.env.DATALAYER_CDN_URL }}
-          - name: DATALAYER_JWT_ISSUER
-            value: {{ .Values.iam.env.DATALAYER_JWT_ISSUER }}
-          - name: DATALAYER_JWT_SECRET
-            value: {{ .Values.iam.env.DATALAYER_JWT_SECRET }}
-          - name: DATALAYER_JWT_ALLOWED_ISSUERS
-            value: {{ .Values.iam.env.DATALAYER_JWT_ALLOWED_ISSUERS }}
-          - name: DATALAYER_JWT_ALGORITHM
-            value: {{ .Values.iam.env.DATALAYER_JWT_ALGORITHM }}
-          - name: DATALAYER_JWT_DEFAULT_KID_ISSUER
-            value: {{ .Values.iam.env.DATALAYER_JWT_DEFAULT_KID_ISSUER }}
-          - name: DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION
-            value: {{ .Values.iam.env.DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION | quote }}
-          - name: DATALAYER_AUTHZ_ENGINE
-            value: {{ .Values.iam.env.DATALAYER_AUTHZ_ENGINE }}
-          - name: DATALAYER_OPENFGA_REST_URL
-            value: {{ .Values.iam.env.DATALAYER_OPENFGA_REST_URL }}
-          - name: DATALAYER_OPENFGA_STORE_ID
-            value: {{ .Values.iam.env.DATALAYER_OPENFGA_STORE_ID }}
-          - name: DATALAYER_OPENFGA_AUTHZ_MODEL_ID
-            value: {{ .Values.iam.env.DATALAYER_OPENFGA_AUTHZ_MODEL_ID }}
-          - name: DATALAYER_SOLR_ZK_HOST
-            value: {{ .Values.iam.env.DATALAYER_SOLR_ZK_HOST }}
-          - name: DATALAYER_SOLR_USERNAME
-            valueFrom:
-              secretKeyRef:
-                name: solr-basic-auth
-                key: username
-          - name: DATALAYER_SOLR_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: solr-basic-auth
-                key: password
-          - name: DATALAYER_SUPPORT_EMAIL
-            value: {{ .Values.iam.env.DATALAYER_SUPPORT_EMAIL }}
-          - name: DATALAYER_SMTP_HOST
-            value: {{ .Values.iam.env.DATALAYER_SMTP_HOST }}
-          - name: DATALAYER_SMTP_PORT
-            value: {{ .Values.iam.env.DATALAYER_SMTP_PORT | quote }}
-          - name: DATALAYER_SMTP_USERNAME
-            value: {{ .Values.iam.env.DATALAYER_SMTP_USERNAME }}
-          - name: DATALAYER_SMTP_PASSWORD
-            value: {{ .Values.iam.env.DATALAYER_SMTP_PASSWORD }}
-          - name: DATALAYER_GITHUB_CLIENT_ID
-            value: {{ .Values.iam.env.DATALAYER_GITHUB_CLIENT_ID }}
-          - name: DATALAYER_GITHUB_CLIENT_SECRET
-            value: {{ .Values.iam.env.DATALAYER_GITHUB_CLIENT_SECRET }}
-          - name: DATALAYER_CREDITS_PROVIDER
-            value: {{ .Values.iam.env.DATALAYER_CREDITS_PROVIDER }}
-          - name: DATALAYER_IAM_API_KEY
-            value: {{ .Values.iam.env.DATALAYER_IAM_API_KEY }}
-          - name: DATALAYER_PUB_SUB_ENGINE
-            value: {{ .Values.iam.env.DATALAYER_PUB_SUB_ENGINE }}
-          - name: DATALAYER_PULSAR_URL
-            value: {{ .Values.iam.env.DATALAYER_PULSAR_URL }}
-          # Addons
-          {{ if eq .Values.iam.env.DATALAYER_CREDITS_PROVIDER "stripe" }}
-          - name: DATALAYER_STRIPE_API_KEY
-            value: {{ .Values.iam.env.DATALAYER_STRIPE_API_KEY }}
-          - name: DATALAYER_STRIPE_JS_API_KEY
-            value: {{ .Values.iam.env.DATALAYER_STRIPE_JS_API_KEY }}
-          - name: DATALAYER_STRIPE_PRODUCT_ID
-            value: {{ .Values.iam.env.DATALAYER_STRIPE_PRODUCT_ID }}
-          - name: DATALAYER_STRIPE_BILLING_ROUTE
-            value: {{ .Values.iam.env.DATALAYER_STRIPE_BILLING_ROUTE }}
-          - name: DATALAYER_STRIPE_WEBHOOK_SECRET
-            value: {{ .Values.iam.env.DATALAYER_STRIPE_WEBHOOK_SECRET }}{{ end }}
-          volumeMounts:
-          resources:
-{{ toYaml .Values.iam.resources | indent 12 }} 
+            {{- range $key, $value := .Values.iam.envValueFrom }}
+            - name: {{ $key }}
+              valueFrom: {{- $value | toYaml | nindent 16 }}
+            {{- end }}
+            {{- range $key, $value := .Values.iam.env }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+          {{- end }}
+          {{- with .Values.iam.resources }}
+          resources: {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.iam.volumeMounts }}
+          volumeMounts: {{- toYaml . | nindent 12 }}
+          {{- end }}
 #        - name: iam-sidecar
 #          image: {{ .Values.iam.sidecar.image }}
 #          imagePullPolicy: {{ .Values.iam.imagePullPolicy }}

diff --git a/datalayer-iam/templates/traefik-middleware.yaml b/datalayer-iam/templates/traefik-middleware.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.ingressClass "datalayer-traefik" }}
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
@@ -9,3 +10,4 @@ spec:
     trustForwardHeader: true
     # authRequestHeaders:
     #   - "Authorization"
+{{- end }}
diff --git a/datalayer-iam/tests/deployment_test.yaml b/datalayer-iam/tests/deployment_test.yaml
@@ -0,0 +1,96 @@
+suite: test deployment
+templates:
+  - templates/deployment.yaml
+tests:
+  - it: "test affinity"
+    asserts:
+      - isSubset:
+          path: spec.template.spec
+          content:
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                  - matchExpressions:
+                    - key: role.datalayer.io/api
+                      operator: In
+                      values:
+                      - "true"
+  - it: "test environment variables"
+    asserts:
+      - isSubset:
+          path: spec.template.spec.containers[0]
+          content:
+            env:
+            - name: DATALAYER_SOLR_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: solr-basic-auth
+            - name: DATALAYER_SOLR_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  key: username
+                  name: solr-basic-auth
+            - name: DATALAYER_AUTHZ_ENGINE
+              value: "openfga"
+            - name: DATALAYER_CDN_URL
+              value: ""
+            - name: DATALAYER_CREDITS_PROVIDER
+              value: ""
+            - name: DATALAYER_GITHUB_CLIENT_ID
+              value: ""
+            - name: DATALAYER_GITHUB_CLIENT_SECRET
+              value: ""
+            - name: DATALAYER_IAM_API_KEY
+              value: ""
+            - name: DATALAYER_JWT_ALGORITHM
+              value: ""
+            - name: DATALAYER_JWT_ALLOWED_ISSUERS
+              value: ""
+            - name: DATALAYER_JWT_DEFAULT_KID_ISSUER
+              value: ""
+            - name: DATALAYER_JWT_ISSUER
+              value: "https://id.datalayer.run"
+            - name: DATALAYER_JWT_SECRET
+              value: ""
+            - name: DATALAYER_JWT_SKIP_3RD_TOKEN_SIGNATURE_VERIFICATION
+              value: "false"
+            - name: DATALAYER_OPENFGA_AUTHZ_MODEL_ID
+              value: ""
+            - name: DATALAYER_OPENFGA_REST_URL
+              value: "http://datalayer-openfga.datalayer-openfga.svc.cluster.local:8080"
+            - name: DATALAYER_OPENFGA_STORE_ID
+              value: ""
+            - name: DATALAYER_PUB_SUB_ENGINE
+              value: "pulsar"
+            - name: DATALAYER_PULSAR_URL
+              value: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650"
+            - name: DATALAYER_RUNTIME_ENV
+              value: "prod"
+            - name: DATALAYER_RUN_HOST
+              value: ""
+            - name: DATALAYER_SMTP_HOST
+              value: ""
+            - name: DATALAYER_SMTP_PASSWORD
+              value: ""
+            - name: DATALAYER_SMTP_PORT
+              value: "0"
+            - name: DATALAYER_SMTP_USERNAME
+              value: ""
+            - name: DATALAYER_SOLR_ZK_HOST
+              value: "solr-datalayer-solrcloud-zookeeper-headless.datalayer-solr.svc.cluster.local"
+            - name: DATALAYER_STRIPE_API_KEY
+              value: ""
+            - name: DATALAYER_STRIPE_BILLING_ROUTE
+              value: "/usage/billing"
+            - name: DATALAYER_STRIPE_JS_API_KEY
+              value: ""
+            - name: DATALAYER_STRIPE_PRODUCT_ID
+              value: ""
+            - name: DATALAYER_STRIPE_WEBHOOK_SECRET
+              value: ""
+            - name: DATALAYER_SUPPORT_EMAIL
+              value: ""
+
+
diff --git a/datalayer-iam/tests/traefik-middleware_test.yaml b/datalayer-iam/tests/traefik-middleware_test.yaml
@@ -0,0 +1,10 @@
+suite: test traefik-middleware
+templates:
+  - templates/traefik-middleware.yaml
+tests:
+  - it: "test traefik middleware resource"
+    values:
+      - ./values/alternate_ingressclass.yaml
+    asserts:
+      - hasDocuments:
+          count: 0
diff --git a/datalayer-iam/tests/values/alternate_ingressclass.yaml b/datalayer-iam/tests/values/alternate_ingressclass.yaml
@@ -0,0 +1,2 @@
+iam:
+  ingressClass: "nginx"
diff --git a/datalayer-iam/values.yaml b/datalayer-iam/values.yaml
@@ -7,10 +7,24 @@ iam:
   clusterType: any
   certificateIssuer: letsencrypt
   ingressClass: datalayer-traefik
-#  resources:
-#    limits:
-#      memory: "8192Mi"
-#      cpu: "3000m"
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: role.datalayer.io/api
+            operator: In
+            values:
+            - "true"
+  envValueFrom:
+    DATALAYER_SOLR_USERNAME:
+      secretKeyRef:
+        name: solr-basic-auth
+        key: username
+    DATALAYER_SOLR_PASSWORD:
+      secretKeyRef:
+        name: solr-basic-auth
+        key: password
   env:
     DATALAYER_AUTHZ_ENGINE: "openfga"
     DATALAYER_CDN_URL: ""
@@ -27,7 +41,6 @@ iam:
     DATALAYER_OPENFGA_AUTHZ_MODEL_ID: ""
     DATALAYER_OPENFGA_REST_URL: "http://datalayer-openfga.datalayer-openfga.svc.cluster.local:8080"
     DATALAYER_OPENFGA_STORE_ID: ""
-    DATALAYER_OPENFGA_AUTHZ_MODEL_ID: ""
     DATALAYER_PUB_SUB_ENGINE: "pulsar"
     DATALAYER_PULSAR_URL: "pulsar://datalayer-pulsar-broker.datalayer-pulsar.svc.cluster.local:6650"
     DATALAYER_RUNTIME_ENV: "prod"
@@ -43,3 +56,8 @@ iam:
     DATALAYER_STRIPE_PRODUCT_ID: ""
     DATALAYER_STRIPE_WEBHOOK_SECRET: ""
     DATALAYER_SUPPORT_EMAIL: ""
+
+#  resources:
+#    limits:
+#      memory: "8192Mi"
+#      cpu: "3000m"