fix(config): support netrc

templates/athens-proxy/_deployment.tpl

@@ -12,14 +12,14 @@
 {{/* env */}}
 
 {{- define "athens-proxy.deployment.env" -}}
-{{- $env := dict "env" (.Values.deployment.athensProxy.env | default (list) ) }}
+{{- $env := .Values.deployment.athensProxy.env | default (list) }}
 {{- if and .Values.persistence.enabled }}
-{{- $env = merge $env (dict "env" (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)))}}
+{{- $env = concat $env (list (dict "name" "ATHENS_STORAGE_TYPE" "value" "disk") (dict "name" "ATHENS_DISK_STORAGE_ROOT" "value" .Values.persistence.data.mountPath)) }}
 {{- end }}
 {{- if and (hasKey .Values.deployment.athensProxy.resources "limits") (hasKey .Values.deployment.athensProxy.resources.limits "cpu") }}
-{{- $env = merge $env (dict "env" (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu"))))) }}
+{{- $env = concat $env (list (dict "name" "GOMAXPROCS" "valueFrom" (dict "resourceFieldRef" (dict "divisor" "1" "resource" "limits.cpu")))) }}
 {{- end }}
-{{ toYaml $env }}
+{{ toYaml (dict "env" $env) }}
 {{- end -}}
 
 
@@ -59,21 +59,45 @@
 {{/* volumeMounts */}}
 
 {{- define "athens-proxy.deployment.volumeMounts" -}}
-{{- $volumeMounts := dict "volumeMounts" (.Values.deployment.athensProxy.volumeMounts | default (list) ) }}
+{{- $volumeMounts := .Values.deployment.athensProxy.volumeMounts | default (list) }}
 {{- if .Values.persistence.enabled }}
-{{- $volumeMounts = merge $volumeMounts (dict "volumeMounts" (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath))) }}
+{{- $volumeMounts = concat $volumeMounts (list (dict "name" "data" "mountPath" .Values.persistence.data.mountPath)) }}
 {{- end }}
-{{ toYaml $volumeMounts }}
+
+{{- if .Values.config.netrc.enabled }}
+{{- $volumeMounts = concat $volumeMounts (list (dict "name" "secrets" "mountPath" "/root/.netrc" "subPath" ".netrc" )) }}
+{{- end }}
+
+{{ toYaml (dict "volumeMounts" $volumeMounts) }}
 {{- end -}}
 
 {{/* volumes */}}
 
 {{- define "athens-proxy.deployment.volumes" -}}
-{{- $volumes := dict "volumes" (.Values.deployment.athensProxy.volumes | default (list) ) }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.data.existingPersistentVolumeClaim.enabled) }}
-{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" (include "athens-proxy.persistentVolumeClaim.data.name" $))))) }}
-{{- else if and .Values.persistence.enabled .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
-{{- $volumes = merge $volumes (dict "volumes" (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName)))) }}
+{{- $volumes := .Values.deployment.athensProxy.volumes | default (list) }}
+
+{{- if .Values.persistence.enabled }}
+{{- $claimName := include "athens-proxy.persistentVolumeClaim.data.name" $ }}
+{{- if .Values.persistence.data.existingPersistentVolumeClaim.enabled }}
+{{- $claimName = .Values.persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName }}
 {{- end }}
-{{ toYaml $volumes }}
+{{- $volumes = concat $volumes (list (dict "name" "data" "persistentVolumeClaim" (dict "claimName" $claimName))) }}
+{{- end }}
+
+{{- if .Values.config.netrc.enabled }}
+{{- $projectedSources := list -}}
+
+{{- $itemList := list (dict "key" ".netrc" "path" ".netrc" "mode" 0600) }}
+{{- $secretName := include "athens-proxy.secrets.netrc.name" . }}
+{{- if .Values.config.netrc.existingSecret.enabled }}
+{{- $itemList = list (dict "key" .Values.config.netrc.existingSecret.netrcKey "path" ".netrc" "mode" 0600) }}
+{{- $secretName = .Values.config.netrc.existingSecret.secretName }}
+{{- end }}
+{{- $projectedSources = concat $projectedSources (list (dict "secret" (dict "name" $secretName "items" $itemList))) }}
+
+
+{{- $volumes = concat $volumes (list (dict "name" "secrets" "projected" (dict "sources" $projectedSources)))}}
+{{- end }}
+
+{{ toYaml (dict "volumes" $volumes) }}
 {{- end -}}

templates/athens-proxy/_secrets.tpl

@@ -45,3 +45,17 @@
 {{ toYaml .Values.config.ssh.secret.labels }}
 {{- end }}
 {{- end }}
+
+{{/* name */}}
+
+{{- define "athens-proxy.secrets.env.name" -}}
+{{ include "athens-proxy.fullname" . }}-env
+{{- end }}
+
+{{- define "athens-proxy.secrets.netrc.name" -}}
+{{ include "athens-proxy.fullname" . }}-netrc
+{{- end }}
+
+{{- define "athens-proxy.secrets.ssh.name" -}}
+{{ include "athens-proxy.fullname" . }}-ssh
+{{- end }}

templates/athens-proxy/secretEnv.yaml

@@ -11,7 +11,7 @@ metadata:
   labels:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  name: {{ include "athens-proxy.fullname" . }}-env
+  name: {{ include "athens-proxy.secrets.env.name" . }}
   namespace: {{ .Release.Namespace }}
 stringData:
   {{- range $key, $value := .Values.config.env.secret.envs }}

templates/athens-proxy/secretNetRC.yaml

@@ -1,4 +1,4 @@
-{{- if not .Values.config.netrc.existingSecret.enabled }}
+{{- if and .Values.config.netrc.enabled (not .Values.config.netrc.existingSecret.enabled) }}
 ---
 apiVersion: v1
 kind: Secret
@@ -11,7 +11,7 @@ metadata:
   labels:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  name: {{ include "athens-proxy.fullname" . }}-netrc
+  name: {{ include "athens-proxy.secrets.netrc.name" . }}
   namespace: {{ .Release.Namespace }}
 stringData:
   .netrc: |

templates/athens-proxy/secretSSH.yaml

@@ -11,7 +11,7 @@ metadata:
   labels:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  name: {{ include "athens-proxy.fullname" . }}-ssh
+  name: {{ include "athens-proxy.secrets.ssh.name" . }}
   namespace: {{ .Release.Namespace }}
 stringData:
   config: |

unittests/deployment/deployment.yaml

@@ -464,65 +464,3 @@ tests:
         mountPath: /usr/lib/athens-proxy/data
     template: templates/athens-proxy/deployment.yaml
 
-- it: Test persistent volume claim
-  set:
-    persistence.enabled: true
-  asserts:
-    - contains:
-        path: spec.template.spec.containers[0].env
-        content:
-          name: ATHENS_STORAGE_TYPE
-          value: disk
-      template: templates/athens-proxy/deployment.yaml
-    - contains:
-        path: spec.template.spec.containers[0].env
-        content:
-          name: ATHENS_DISK_STORAGE_ROOT
-          value: /var/www/athens-proxy/data
-      template: templates/athens-proxy/deployment.yaml
-    - contains:
-        path: spec.template.spec.containers[0].volumeMounts
-        content:
-          name: data
-          mountPath: /var/www/athens-proxy/data
-      template: templates/athens-proxy/deployment.yaml
-    - contains:
-        path: spec.template.spec.volumes
-        content:
-          name: data
-          persistentVolumeClaim:
-            claimName: athens-proxy-unittest-data
-      template: templates/athens-proxy/deployment.yaml
-
-- it: Test existing persistent volume claim
-  set:
-    persistence.enabled: true
-    persistence.data.mountPath: "/mnt/go-proxy/data"
-    persistence.data.existingPersistentVolumeClaim.enabled: true
-    persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
-  asserts:
-    - contains:
-        path: spec.template.spec.containers[0].env
-        content:
-          name: ATHENS_STORAGE_TYPE
-          value: disk
-      template: templates/athens-proxy/deployment.yaml
-    - contains:
-        path: spec.template.spec.containers[0].env
-        content:
-          name: ATHENS_DISK_STORAGE_ROOT
-          value: /mnt/go-proxy/data
-      template: templates/athens-proxy/deployment.yaml
-    - contains:
-        path: spec.template.spec.containers[0].volumeMounts
-        content:
-          name: data
-          mountPath: /mnt/go-proxy/data
-      template: templates/athens-proxy/deployment.yaml
-    - contains:
-        path: spec.template.spec.volumes
-        content:
-          name: data
-          persistentVolumeClaim:
-            claimName: my-special-pvc
-      template: templates/athens-proxy/deployment.yaml

unittests/deployment/netrc.yaml

@@ -0,0 +1,80 @@
+chart:
+  appVersion: 0.1.0
+  version: 0.1.0
+suite: Deployment template
+release:
+  name: athens-proxy-unittest
+  namespace: testing
+templates:
+- templates/athens-proxy/deployment.yaml
+tests:
+- it: Rendering default without mounted netrc secret
+  asserts:
+    - notContains:
+        path: spec.template.spec.containers[0].volumeMounts
+        content:
+          name: netrc
+          mountPath: /root
+    - notContains:
+        path: spec.template.spec.volumes
+        content:
+          name: secrets
+          projected:
+            sources:
+            - secret:
+                items:
+                - key: .netrc
+                  path: .netrc
+                  mode: 0600
+                name: athens-proxy-unittest-netrc
+
+- it: Rendering default with mounted netrc secret
+  set:
+    config.netrc.enabled: true
+    persistence.enabled: true
+  asserts:
+    - contains:
+        path: spec.template.spec.containers[0].volumeMounts
+        content:
+          name: secrets
+          mountPath: /root/.netrc
+          subPath: .netrc
+    - contains:
+        path: spec.template.spec.volumes
+        content:
+          name: secrets
+          projected:
+            sources:
+            - secret:
+                items:
+                - key: .netrc
+                  path: .netrc
+                  mode: 0600
+                name: athens-proxy-unittest-netrc
+
+- it: Rendering with custom netrc secret
+  set:
+    config.netrc.enabled: true
+    config.netrc.existingSecret.enabled: true
+    config.netrc.existingSecret.secretName: "my-custom-secret"
+    config.netrc.existingSecret.netrcKey: "my-netrc-key"
+    persistence.enabled: true
+  asserts:
+    - contains:
+        path: spec.template.spec.containers[0].volumeMounts
+        content:
+          name: secrets
+          mountPath: /root/.netrc
+          subPath: .netrc
+    - contains:
+        path: spec.template.spec.volumes
+        content:
+          name: secrets
+          projected:
+            sources:
+            - secret:
+                items:
+                - key: my-netrc-key
+                  path: .netrc
+                  mode: 0600
+                name: my-custom-secret

unittests/deployment/persistentVolumeClaim.yaml

@@ -0,0 +1,73 @@
+chart:
+  appVersion: 0.1.0
+  version: 0.1.0
+suite: Deployment template
+release:
+  name: athens-proxy-unittest
+  namespace: testing
+templates:
+- templates/athens-proxy/deployment.yaml
+tests:
+- it: Test persistent volume claim
+  set:
+    persistence.enabled: true
+  asserts:
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: ATHENS_STORAGE_TYPE
+          value: disk
+      template: templates/athens-proxy/deployment.yaml
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: ATHENS_DISK_STORAGE_ROOT
+          value: /var/www/athens-proxy/data
+      template: templates/athens-proxy/deployment.yaml
+    - contains:
+        path: spec.template.spec.containers[0].volumeMounts
+        content:
+          name: data
+          mountPath: /var/www/athens-proxy/data
+      template: templates/athens-proxy/deployment.yaml
+    - contains:
+        path: spec.template.spec.volumes
+        content:
+          name: data
+          persistentVolumeClaim:
+            claimName: athens-proxy-unittest-data
+      template: templates/athens-proxy/deployment.yaml
+
+- it: Test existing persistent volume claim
+  set:
+    config.netrc.enabled: true
+    persistence.enabled: true
+    persistence.data.mountPath: "/mnt/go-proxy/data"
+    persistence.data.existingPersistentVolumeClaim.enabled: true
+    persistence.data.existingPersistentVolumeClaim.persistentVolumeClaimName: "my-special-pvc"
+  asserts:
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: ATHENS_STORAGE_TYPE
+          value: disk
+      template: templates/athens-proxy/deployment.yaml
+    - contains:
+        path: spec.template.spec.containers[0].env
+        content:
+          name: ATHENS_DISK_STORAGE_ROOT
+          value: /mnt/go-proxy/data
+      template: templates/athens-proxy/deployment.yaml
+    - contains:
+        path: spec.template.spec.containers[0].volumeMounts
+        content:
+          name: data
+          mountPath: /mnt/go-proxy/data
+      template: templates/athens-proxy/deployment.yaml
+    - contains:
+        path: spec.template.spec.volumes
+        content:
+          name: data
+          persistentVolumeClaim:
+            claimName: my-special-pvc
+      template: templates/athens-proxy/deployment.yaml

unittests/secrets/netrc.yaml

@@ -8,14 +8,22 @@ release:
 templates:
 - templates/athens-proxy/secretNetRC.yaml
 tests:
+- it: Skip rendering by default
+  asserts:
+  - hasDocuments:
+      count: 0
+
 - it: Skip rendering by using existing secret.
   set:
+    config.netrc.enabled: true
     config.netrc.existingSecret.enabled: true
   asserts:
   - hasDocuments:
       count: 0
 
 - it: Rendering netrc secret with default values.
+  set:
+    config.netrc.enabled: true
   asserts:
   - hasDocuments:
       count: 1
@@ -52,6 +60,7 @@ tests:
 
 - it: Rendering netrc secret with custom values.
   set:
+    config.netrc.enabled: true
     config.netrc.secret.content: |
       default github.com hugo password kinnock
       default api.github.com hugo password kinnock
@@ -64,6 +73,7 @@ tests:
 
 - it: Rendering custom annotations and labels.
   set:
+    config.netrc.enabled: true
     config.netrc.secret.annotations:
       foo: bar
       bar: foo

values.yaml

@@ -62,7 +62,6 @@ config:
         # ATHENS_MONGO_DEFAULT_DATABASE:
         # ATHENS_MONGO_INSECURE:
         # ATHENS_MONGO_STORAGE_URL:
-        # ATHENS_NETRC_PATH:
         # ATHENS_PATH_PREFIX:
         # ATHENS_PORT:
         # ATHENS_PROTOCOL_WORKERS:
@@ -75,7 +74,6 @@ config:
         # ATHENS_STATS_EXPORTER:
         # ATHENS_STORAGE_GCP_BUCKET:
         # ATHENS_STORAGE_GCP_JSON_KEY:
-        # ATHENS_STORAGE_TYPE:
         # ATHENS_SUM_DBS:
         # ATHENS_TIMEOUT:
         # ATHENS_TLSCERT_FILE:
@@ -144,11 +142,15 @@ config:
       content: |
 
   netrc:
+    ## @param config.netrc.enabled Enable mounting of a .netrc file into the container file system.
+    enabled: false
+
     ## @param config.netrc.existingSecret.enabled TODO:.
     ## @param config.netrc.existingSecret.secretName TODO:
     existingSecret:
       enabled: false
       secretName: ""
+      netrcKey: ".netrc"
 
     ## @param config.netrc.secret.annotations Additional annotations of the secret containing the database credentials.
     ## @param config.netrc.secret.labels Additional labels of the secret containing the database credentials.