CLD-700: Support setting the MarkLogic wallet password via the k8s values file (#100)

* changes to support ml wallet-password as secret
* fixed lint errors
* fixed test for wallet-password
* fixed path for wallet-password-file

Author: barkhachoithani

README.md

@@ -464,7 +464,8 @@ This table describes the list of available parameters for Helm Chart.
 | `nameOverride`                       | String to override the app name                                                                                | `""`                                 |
 | `fullnameOverride`                   | String to completely replace the generated name                                                                | `""`                                 |
 | `auth.adminUsername`                 | Username for default MarkLogic Administrator                                                                   | `admin`                              |
-| `auth.adminPassword`                 | Password for default MarkLogic Administrator                                                                   | `admin`     
+| `auth.adminPassword`                 | Password for default MarkLogic Administrator                                                                   | ``    
+| `auth.walletPassword`                 | Password for wallet                                                                    | `` 
 | `bootstrapHostName`                 | Host name of MarkLogic bootstrap host                                                                | `""`   
 | `group.name`               | group name for joining MarkLogic cluster                                                                    | `Default`                              |
 | `group.enableXdqpSsl`                 | SSL encryption for XDQP                                                                   | `true`                         |

charts/templates/secret.yaml

@@ -15,4 +15,5 @@ type: kubernetes.io/basic-auth
 data:
     password: {{ $adminPassword }}
     username: {{ .Values.auth.adminUsername | b64enc | quote }}
+    wallet-password: {{ .Values.auth.walletPassword | b64enc | quote }}
 

charts/templates/statefulset.yaml

@@ -97,6 +97,9 @@ spec:
             {{- if .Values.extraVolumeMounts }}
               {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
             {{- end }}
+            - name: mladmin-secrets
+              mountPath: /run/secrets/ml-secrets
+              readOnly: true
           env:
             - name: MARKLOGIC_ADMIN_USERNAME
               valueFrom:
@@ -108,6 +111,10 @@ spec:
                   secretKeyRef:
                     name: {{ include "marklogic.fullname" . }}-admin
                     key: password
+            {{- if .Values.auth.walletPassword }}
+            - name: MARKLOGIC_WALLET_PASSWORD_FILE
+              value: ml-secrets/wallet-password
+            {{- end }}
             - name: POD_NAME
               valueFrom:
                 fieldRef:
@@ -285,6 +292,14 @@ spec:
         - name: {{ include "marklogic.fullname" . }}-registry
       {{- end }}
       volumes:
+        - name: mladmin-secrets
+          secret:
+            secretName: {{ include "marklogic.fullname" . }}-admin
+            items:
+              {{- if .Values.auth.walletPassword }}
+              - key: wallet-password
+                path: wallet-password
+              {{- end }}
         {{- if .Values.logCollection.enabled }}
         - name: {{ include "marklogic.fullname" . }}-fb-config-map
           configMap:

charts/values.yaml

@@ -58,6 +58,7 @@ fullnameOverride: ""
 auth:
   adminUsername: admin
   adminPassword: ""
+  walletPassword: ""
 
 # Configure Affinity property for scheduling pods to nodes
 # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

go.mod

@@ -3,16 +3,17 @@ module github.com/marklogic/marklogic-kubernetes
 go 1.17
 
 require (
-	github.com/gruntwork-io/terratest v0.40.6
-	github.com/stretchr/testify v1.7.0
+	github.com/gruntwork-io/terratest v0.41.15
+	github.com/stretchr/testify v1.8.1
 	github.com/tidwall/gjson v1.14.3
 	github.com/xinsnake/go-http-digest-auth-client v0.6.0
 	k8s.io/api v0.23.0
 )
 
 require (
-	cloud.google.com/go v0.83.0 // indirect
-	github.com/aws/aws-sdk-go v1.40.56 // indirect
+	cloud.google.com/go/compute v1.12.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.1 // indirect
+	github.com/aws/aws-sdk-go v1.44.122 // indirect
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -23,9 +24,9 @@ require (
 	github.com/go-sql-driver/mysql v1.4.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/google/go-cmp v0.5.6 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/google/uuid v1.2.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/gruntwork-io/go-commons v0.8.0 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
@@ -47,18 +48,18 @@ require (
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/urfave/cli v1.22.2 // indirect
-	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
-	golang.org/x/net v0.0.0-20210825183410-e898025ed96a // indirect
-	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
-	golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8 // indirect
-	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/crypto v0.1.0 // indirect
+	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/oauth2 v0.1.0 // indirect
+	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/term v0.5.0 // indirect
+	golang.org/x/text v0.7.0 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.27.1 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apimachinery v0.23.0 // indirect
 	k8s.io/client-go v0.23.0 // indirect
 	k8s.io/klog/v2 v2.30.0 // indirect