[artifactory] feat: copy service account support from #696

[jasondamour]

PR Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

• Chart Version bumped
• CHANGELOG.md updated
• Variables and other changes are documented in the README.md
• Title of the PR starts with chart name (e.g. [artifactory])

What this PR does / why we need it:
Copying work from artifactory-ha to artifactory #696 to support google service account authentication

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #304

Special notes for your reviewer:
Is there any process to keep charts up to date? A common chart that all variant charts should inherit? Maintaining 2+ charts for the same application seems incredibly tedious

[chukka]

@jdamour98 Thanks for contribution ! Can you please rebase and update PR (bumping chart versions in chart.yaml & CHANGELOG.md) ?

[chukka]

@jdamour98 Thanks for contribution - Can you please address review comments and rebase the PR ?

[JfrogPrasanna]

LGTM

[chukka]

@jdamour98 Gentle Reminder !

[chukka]

@jdamour98 Thanks for contribution - Can you please address review comments and rebase the PR ?

[jasondamour]

@danielezer @eldada Sorry its been a while. added comments and changes

[jasondamour]

I can't get this working myself. Pretty much anything i try results in

2020-08-13T07:55:28.948Z �[1;32m[jfrt ]�[0;39m �[1;31m[ERROR]�[0;39m [9c7672c769188260] [ctoryContextConfigListener:116] [art-init ] - Application could not be initialized: Missing identity field in config

java.lang.reflect.InvocationTargetException: null 
...
Missing identity field in config

My values.yaml (relevant block):

  persistence:
    type: google-storage
    googleStorage:
      httpsOnly: false
      bucketExists: true
      bucketName: "xxxxxxxxxxxxxxx"
      gcpServiceAccount:
        enabled: true
        customSecretName: artifactory
      path: "artifactory/filestore"

The file exists on the pod:

~ kubectl exec -it artifactory-artifactory-0 bash
Defaulting container name to artifactory.

$ cat /artifactory_bootstrap/gcp.credentials.json
{
  "type": "service_account",
  "project_id": "xxxxxxxxx",
  "private_key_id": "xxxxxxxxxxx",
  "private_key": "xxxxxxxxxxxx",
  "client_email": "xxxxxxxxxxxxxx",
  "client_id": "xxxxxxxxxxxxxxxxxxxxxxxxx",
  "auth_uri": "xxxxxxxxxxxxxxxxxxxxxxxx",
  "token_uri": "xxxxxxxxxxxxxxxxxxx",
  "auth_provider_x509_cert_url": "xxxxxxxxxxxxxxxxxxxxxxxx",
  "client_x509_cert_url": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

LivenessProbe is failing with 503. I'm also seeing this error in the application logs, but I don't think its the root cause:

Error: Error starting application Failed pinging artifactory for 180Request failed with status code 404 at createError (/opt/jfrog/artifactory/app/frontend/bin/server/dist/node_modules/axios/lib/core/createError.js:16:15) at settle (/opt/jfrog/artifactory/app/frontend/bin/server/dist/node_modules/axios/lib/core/settle.js:17:12) at IncomingMessage.handleStreamEnd (/opt/jfrog/artifactory/app/frontend/bin/server/dist/node_modules/axios/lib/adapters/http.js:236:11) at IncomingMessage.emit (events.js:203:15) at endReadableNT (_stream_readable.js:1145:12) at process._tickCallback (internal/process/next_tick.js:63:19)

[chukka]

@jdamour98 can you please rebase one more time and fix conflicts ?

[jasondamour]

@chukka Done

[jasondamour]

@eldada will this change work with the default image docker.bintray.io/jfrog/artifactory-pro:7.5.5?

[jasondamour]

I tested the same chart and service account with the legacy HMAC keys, which worked for google cloud storage. So this change for service accounts does not work yet. I need some help understanding why. Is this a license issue (I'm using a Pro trial license)?

Additionally, even after using HMAC keys successfully, the pod is crashing with

Error: Error starting application Failed pinging artifactory for 180Request failed with status code 404 
at createError (/opt/jfrog/artifactory/app/frontend/bin/server/dist/node_modules/axios/lib/core/createError.js:16:15) 
at settle (/opt/jfrog/artifactory/app/frontend/bin/server/dist/node_modules/axios/lib/core/settle.js:17:12) 
at IncomingMessage.handleStreamEnd (/opt/jfrog/artifactory/app/frontend/bin/server/dist/node_modules/axios/lib/adapters/http.js:236:11) 
at IncomingMessage.emit (events.js:203:15) at endReadableNT (_stream_readable.js:1145:12) at process._tickCallback (internal/process/next_tick.js:63:19)

I found only one issue referencing this, but its unhelpful: https://www.jfrog.com/jira/browse/RTFACT-22104

Can anybody clarify what connection is being attempted?

[gitta-jfrog]

According to my knowledge this already implemented. Thanks for your contribution. https://github.com/jfrog/charts/blob/master/stable/artifactory/values.yaml#L785