changes based on CR

Author: pengzhouml

charts/templates/secret.yaml

@@ -1,20 +1,18 @@
-{{- $adminPassword := (randAlphaNum 10) | b64enc | quote }}
-{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Release.Name ) }}
+{{- $adminPassword := (default (randAlphaNum 10) .Values.auth.adminPassword) | b64enc | quote }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (printf "%s-admin" (include "marklogic.fullname" .))) }}
 {{- if $secret }}
 {{- $adminPassword = index $secret.data "password" }}
-{{- end -}}
+{{- end }}
 
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "marklogic.fullname" . }}
+  name: {{ include "marklogic.fullname" . }}-admin
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "marklogic.labels" . | nindent 4 }}
-type: Opaque
+type: kubernetes.io/basic-auth
 data:
-  {{- if .Values.auth.adminPassword }}
-    marklogic-password: {{ .Values.auth.adminPassword | b64enc | quote }}
-  {{- else }}
-    marklogic-password: {{ $adminPassword }}
-  {{- end }}
+    password: {{ $adminPassword }}
+    username: {{ .Values.auth.adminUsername | b64enc | quote }}
+

charts/templates/statefulset.yaml

@@ -67,12 +67,15 @@ spec:
         - name: MARKLOGIC_GROUP
           value: {{ .Values.group.name }}
         - name: MARKLOGIC_ADMIN_USERNAME
-          value: {{ .Values.auth.adminUsername | quote }}
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "marklogic.fullname" . }}-admin
+              key: username
         - name: MARKLOGIC_ADMIN_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: {{ include "marklogic.fullname" . }}
-              key: marklogic-password
+              name: {{ include "marklogic.fullname" . }}-admin
+              key: password
         - name: POD_NAME
           valueFrom:
             fieldRef:
@@ -93,12 +96,15 @@ spec:
             {{- end }}
           env:
             - name: MARKLOGIC_ADMIN_USERNAME
-              value: {{ .Values.auth.adminUsername | quote }}
+              valueFrom:
+                  secretKeyRef:
+                    name: {{ include "marklogic.fullname" . }}-admin
+                    key: username
             - name: MARKLOGIC_ADMIN_PASSWORD
               valueFrom:
                   secretKeyRef:
-                    name: {{ include "marklogic.fullname" . }}
-                    key: marklogic-password
+                    name: {{ include "marklogic.fullname" . }}-admin
+                    key: password
             - name: MARKLOGIC_GROUP
               value: {{ .Values.group.name }}
             - name: POD_NAME

test/e2e/install_test.go

@@ -86,14 +86,18 @@ func TestHelmInstall(t *testing.T) {
 		},
 	)
 
-	// testing generated Random Password
-	secretName := releaseName + "-marklogic"
+	t.Log("====Testing Generated Random Password====")
+	secretName := releaseName + "-marklogic-admin"
 	secret := k8s.GetSecret(t, kubectlOptions, secretName)
-	username := "admin"
-	passwordArr := secret.Data["marklogic-password"]
+	passwordArr := secret.Data["password"]
 	password := string(passwordArr[:])
 	// the generated random password should have length of 10
 	assert.Equal(t, 10, len(password))
+	usernameArr := secret.Data["username"]
+	username := string(usernameArr[:])
+	expectedUsername := "admin"
+	// the username from secret expected to be "admin"
+	assert.Equal(t, expectedUsername, username)
 
 	tunnel8002 := k8s.NewTunnel(kubectlOptions, k8s.ResourceTypePod, podName, 8002, 8002)
 	defer tunnel8002.Close()
@@ -109,7 +113,7 @@ func TestHelmInstall(t *testing.T) {
 	// the generated password should be able to access the manage endpoint
 	assert.Equal(t, 200, response.StatusCode)
 
-	// Verify no groups beyond enode were created/modified
+	t.Log("====Verify no groups beyond enode were created/modified====")
 	groupStatusEndpoint := fmt.Sprintf("http://%s/manage/v2/groups?format=json", tunnel8002.Endpoint())
 	groupStatus := digestAuth.NewRequest(username, password, "GET", groupStatusEndpoint, "")
 	t.Logf(`groupStatusEndpoint: %s`, groupStatusEndpoint)

test/e2e/upgrade_test.go

@@ -13,6 +13,7 @@ import (
 	http_helper "github.com/gruntwork-io/terratest/modules/http-helper"
 	"github.com/gruntwork-io/terratest/modules/k8s"
 	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestHelmUpgrade(t *testing.T) {
@@ -43,8 +44,6 @@ func TestHelmUpgrade(t *testing.T) {
 			"replicaCount":          "1",
 			"image.repository":      imageRepo,
 			"image.tag":             imageTag,
-			"auth.adminUsername":    "admin",
-			"auth.adminPassword":    "admin",
 			"logCollection.enabled": "false",
 		},
 	}
@@ -58,15 +57,19 @@ func TestHelmUpgrade(t *testing.T) {
 	releaseName := "test-upgrade"
 	helm.Install(t, options, helmChartPath, releaseName)
 
+	// save the generated password from first installation
+	secretName := releaseName + "-marklogic-admin"
+	secret := k8s.GetSecret(t, kubectlOptions, secretName)
+	passwordArr := secret.Data["password"]
+	passwordAfterInstall := string(passwordArr[:])
+
 	newOptions := &helm.Options{
 		KubectlOptions: kubectlOptions,
 		SetValues: map[string]string{
 			"persistence.enabled":   "false",
 			"replicaCount":          "2",
 			"image.repository":      imageRepo,
 			"image.tag":             imageTag,
-			"auth.adminUsername":    "admin",
-			"auth.adminPassword":    "admin",
 			"logCollection.enabled": "false",
 		},
 	}
@@ -96,4 +99,10 @@ func TestHelmUpgrade(t *testing.T) {
 			return statusCode == 200
 		},
 	)
+
+	t.Log("====Test password in secret should not change after upgrade====")
+	secret = k8s.GetSecret(t, kubectlOptions, secretName)
+	passwordArr = secret.Data["password"]
+	passwordAfterUpgrade := string(passwordArr[:])
+	assert.Equal(t, passwordAfterUpgrade, passwordAfterInstall)
 }