Prepare template for registry-proxy service

.github/workflows/ci.yaml

@@ -90,6 +90,13 @@ jobs:
           TOPAZ_CERTS_DIR: ${{ env.TOPAZ_CERTS_DIR }}
         run: |
           uv run --project tools/ktest tools/ktest/ktest.py charts/topaz/test/tests.yaml
+      -
+        name: Test Discovery
+        timeout-minutes: 10
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          uv run --project tools/ktest tools/ktest/ktest.py charts/discovery/test/tests.yaml
       -
         name: Deploy Postgres
         run: |

charts/aserto-lib/Chart.yaml

@@ -21,7 +21,7 @@ type: library
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.2.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/aserto-lib/templates/_global.tpl

@@ -12,6 +12,6 @@ Local values take precedence over global values.
 {{- $scope := first . }}
 {{- $key := index . 1}}
 {{- $global := (($scope.Values).global).aserto | default dict | dig $key dict }}
-{{- $chart := $scope.Values.AsMap | dig  $key dict }}
+{{- $chart := ($scope.Values).AsMap | default dict | dig  $key dict }}
 {{- merge $chart $global | toYaml }}
 {{- end }}

charts/aserto-lib/templates/_golangsvc.tpl

@@ -42,7 +42,7 @@ read_timeout: {{ .read_timeout | default "2s"}}
 read_header_timeout: {{ .read_header_timeout | default "2s" }}
 write_timeout: {{ .write_timeout | default "2s" }}
 idle_timeout: {{ .idle_timeout | default "30s" }}
-{{- with .cerSecret }}
+{{- with .certSecret }}
 certs:
   tls_key_path: '/https-certs/tls.key'
   tls_cert_path: '/https-certs/tls.crt'

charts/aserto/Chart.lock

@@ -1,21 +1,24 @@
 dependencies:
 - name: aserto-lib
   repository: file://../aserto-lib
-  version: 0.2.0
+  version: 0.2.1
 - name: directory
   repository: file://../directory
-  version: 0.2.0
+  version: 0.2.2
 - name: authorizer
   repository: file://../authorizer
-  version: 0.1.8
+  version: 0.1.9
 - name: discovery
   repository: file://../discovery
-  version: 0.1.7
+  version: 0.1.9
 - name: console
   repository: file://../console
-  version: 0.1.7
+  version: 0.1.8
 - name: scim
   repository: file://../scim
+  version: 0.1.7
+- name: registry-proxy
+  repository: file://../registry-proxy
   version: 0.1.6
-digest: sha256:d188c2319b1f908c0a8618ad44e8953a62e86230842c85ddbcd1f1966b67c4b5
-generated: "2024-11-26T12:56:40.605962-05:00"
+digest: sha256:aa36828e3a9be09c32aca35e76785be6fea7a9cce866cf929effed6c38216635
+generated: "2025-01-08T18:26:30.831721-05:00"

charts/aserto/Chart.yaml

@@ -21,7 +21,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.11
+version: 0.1.12
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -31,20 +31,29 @@ appVersion: "0.1.0"
 
 dependencies:
   - name: aserto-lib
-    version: 0.2.0
+    version: 0.2.1
     repository: file://../aserto-lib
   - name: directory
-    version: 0.2.0
+    version: 0.2.2
     repository: file://../directory
+    condition: directory.enabled
   - name: authorizer
-    version: 0.1.8
+    version: 0.1.9
     repository: file://../authorizer
+    condition: authorizer.enabled
   - name: discovery
-    version: 0.1.7
+    version: 0.1.9
     repository: file://../discovery
+    condition: discovery.enabled
   - name: console
-    version: 0.1.7
+    version: 0.1.8
     repository: file://../console
+    condition: console.enabled
   - name: scim
-    version: 0.1.6
+    version: 0.1.7
     repository: file://../scim
+    condition: scim.enabled
+  - name: registry-proxy
+    version: 0.1.6
+    repository: file://../registry-proxy
+    condition: registry-proxy.enabled

charts/aserto/values.yaml

@@ -73,6 +73,7 @@ global:
       disableTLSVerification: true
 
 directory:
+  enabled: true
   # Kubernetes pull secret for private Aserto images.
   # imagePullSecrets:
   #   - name: ghcr-creds
@@ -116,6 +117,7 @@ directory:
         credentialsSecret: pg-ds-credentials
 
 discovery:
+  enabled: true
   # Kubernetes pull secret for private Aserto images.
   # imagePullSecrets:
   #   - name: ghcr-creds
@@ -133,6 +135,7 @@ discovery:
     #   tokenSecretKey: token
 
 console:
+  enabled: false
   # Kubernetes pull secret for private Aserto images.
   # imagePullSecrets:
   #   - name: ghcr-creds
@@ -154,7 +157,8 @@ console:
   # e.g. https://directory.aserto.example.com
   directoryURL: ""
 
-# authorizer:
+authorizer:
+  enabled: true
 #   # Kubernetes pull secret for private Aserto images.
 #   imagePullSecrets:
 #     - name: ghcr-creds
@@ -165,7 +169,8 @@ console:
 #     tag: x.y.z
 #     pullPolicy: IfNotPresent
 
-# scim:
+scim:
+  enabled: false
 #   # Kubernetes pull secret for private Aserto images.
 #   imagePullSecrets:
 #     - name: ghcr-creds
@@ -203,3 +208,6 @@ console:
 #   groupMemberRelation: memeber
 #   groupMappings: []
 #   userMappings: []
+
+registry-proxy:
+  enabled: false

charts/authorizer/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: aserto-lib
   repository: file://../aserto-lib
-  version: 0.2.0
-digest: sha256:e847ea16d4c0c170655af988461152ab61eed5372f1639769dd7d198346da272
-generated: "2024-11-26T12:20:11.279944-05:00"
+  version: 0.2.1
+digest: sha256:83c950a4ee60c07dbc8e045f6645365ca35eced4f1aa329f51c8e2de1de28f93
+generated: "2024-12-17T16:09:37.112996+02:00"

charts/authorizer/Chart.yaml

@@ -21,7 +21,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.8
+version: 0.1.9
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -31,5 +31,5 @@ appVersion: "0.14.8"
 
 dependencies:
   - name: aserto-lib
-    version: 0.2.0
+    version: 0.2.1
     repository: file://../aserto-lib

charts/authorizer/templates/deployment.yaml

@@ -50,15 +50,13 @@ spec:
           {{- end }}
           {{- end }}
 
-        {{- with (include "aserto-lib.rootClientCfg" . | fromYaml) }}
-        {{- if .caCertSecret }}
+        {{- with ((include "aserto-lib.rootClientCfg" . | fromYaml).caCertSecret).name }}        
         - name: root-ds-grpc-certs
           secret:
-            secretName: {{ .caCertSecret }}
+            secretName: {{ . }}
             items:
               - key: ca.crt
-                path: ca.crt
-        {{- end }}
+                path: ca.crt        
         {{- end }}
 
         {{- with (include "aserto-lib.discoveryCfg" . | fromYaml) }}
@@ -103,7 +101,7 @@ spec:
               readOnly: true
             {{- end }}
 
-          {{- if (include "aserto-lib.rootClientCfg" . | fromYaml).caCertSecret }}
+          {{- with ((include "aserto-lib.rootClientCfg" . | fromYaml).caCertSecret).name }}        
             - name: root-ds-grpc-certs
               mountPath: /root-ds-grpc-certs
               readOnly: true

charts/console/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: aserto-lib
   repository: file://../aserto-lib
-  version: 0.2.0
-digest: sha256:e847ea16d4c0c170655af988461152ab61eed5372f1639769dd7d198346da272
-generated: "2024-11-26T12:31:22.063478-05:00"
+  version: 0.2.1
+digest: sha256:83c950a4ee60c07dbc8e045f6645365ca35eced4f1aa329f51c8e2de1de28f93
+generated: "2024-12-17T16:09:37.348401+02:00"

charts/console/Chart.yaml

@@ -21,7 +21,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.7
+version: 0.1.8
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -31,5 +31,5 @@ appVersion: "0.1.14"
 
 dependencies:
   - name: aserto-lib
-    version: 0.2.0
+    version: 0.2.1
     repository: file://../aserto-lib

charts/console/templates/deployment.yaml

@@ -55,12 +55,9 @@ spec:
             - name: DS0_TENANT_ID
               value: {{ .tenant_id }}
             {{- end }}
-            {{- with (include "aserto-lib.rootApiKeyEnv" . | fromYaml) }}
+            {{- with (include "aserto-lib.rootApiKeyEnv" .) }}
             - name: DS0_ROOT_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: {{ .secretName }}
-                  key: {{ .secretKey }}
+              {{ . | nindent 14 }}
             {{- end }}
           livenessProbe:
             httpGet:

charts/directory/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: aserto-lib
   repository: file://../aserto-lib
-  version: 0.2.0
-digest: sha256:e847ea16d4c0c170655af988461152ab61eed5372f1639769dd7d198346da272
-generated: "2024-11-25T13:09:10.771435-05:00"
+  version: 0.2.1
+digest: sha256:83c950a4ee60c07dbc8e045f6645365ca35eced4f1aa329f51c8e2de1de28f93
+generated: "2024-12-17T16:09:37.673499+02:00"

charts/directory/Chart.yaml

@@ -21,15 +21,15 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.2.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.33.1"
+appVersion: "0.33.5"
 
 dependencies:
   - name: aserto-lib
-    version: 0.2.0
+    version: 0.2.1
     repository: file://../aserto-lib

charts/directory/templates/_helpers.tpl

@@ -67,14 +67,14 @@ Create the name of the service account to use
 {{- end -}}
 {{- if .keysSecret -}}
 - key: {{ printf "${TENANT_%s_WRITER_KEY}" (replace "." "_" .name | upper) }}
-  account: directory-client-writer@{{ .id }}.aserto.com
+  account: ma:{{ .id }}:directory-client-writer
 - key: {{ printf "${TENANT_%s_READER_KEY}" (replace "." "_" .name | upper) }}
-  account: directory-client-reader@{{ .id }}.aserto.com
+  account: ma:{{ .id }}:directory-client-reader
 {{- else if .keys -}}
 - key: {{ .keys.writer | required "tenants[].keys.writer is required" }}
-  account: directory-client-writer@{{ .id }}.aserto.com
+  account: ma:{{ .id }}:directory-client-writer
 - key: {{ .keys.reader | required "tenants[].keys.reader is required" }}
-  account: directory-client-reader@{{ .id }}.aserto.com
+  account: ma:{{ .id }}:directory-client-reader
 {{- else -}}
   {{ fail "all tenants must include either 'keys' or 'keysSecret'" }}
 {{- end }}

charts/directory/templates/db_credentials.yaml

@@ -1,5 +1,5 @@
 {{- $rootData := (lookup "v1" "Secret" .Release.Namespace .Values.rootDirectory.database.reader.credentialsSecret).data -}}
-{{- if empty $rootData -}}
+{{- if empty $rootData }}
 ---
 apiVersion: v1
 kind: Secret
@@ -11,7 +11,7 @@ data:
 {{- end }}
 
 {{- $tenantData := (lookup "v1" "Secret" .Release.Namespace .Values.tenantDirectory.database.reader.credentialsSecret).data -}}
-{{- if empty $tenantData -}}
+{{- if empty $tenantData }}
 ---
 apiVersion: v1
 kind: Secret

charts/directory/test/no-tls.values.yaml

@@ -1,6 +1,6 @@
 ---
 image:
-  tag: 0.33.2-3e32438c-amd64
+  tag: 0.33.5
 
 imagePullSecrets:
   - name: ghcr-creds

charts/directory/test/tls.values.yaml

@@ -1,6 +1,6 @@
 ---
 image:
-  tag: 0.33.2-3e32438c-amd64
+  tag: 0.33.5
 
 imagePullSecrets:
   - name: ghcr-creds

charts/discovery/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: aserto-lib
   repository: file://../aserto-lib
-  version: 0.2.0
-digest: sha256:e847ea16d4c0c170655af988461152ab61eed5372f1639769dd7d198346da272
-generated: "2024-11-26T12:31:46.527788-05:00"
+  version: 0.2.1
+digest: sha256:83c950a4ee60c07dbc8e045f6645365ca35eced4f1aa329f51c8e2de1de28f93
+generated: "2024-12-17T16:09:37.936693+02:00"

charts/discovery/Chart.yaml

@@ -21,15 +21,15 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.7
+version: 0.1.9
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.3"
+appVersion: "0.1.4"
 
 dependencies:
   - name: aserto-lib
-    version: 0.2.0
+    version: 0.2.1
     repository: file://../aserto-lib

charts/discovery/templates/api_keys.yaml

@@ -1,13 +1,10 @@
 ---
 {{- $cfg := .Values.apiKey -}}
-{{- $data :=  (lookup "v1" "Secret" .Release.Namespace $cfg.secretName).data }}
+{{- if empty (lookup "v1" "Secret" .Release.Namespace $cfg.secretName).data }}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ $cfg.secretName }}
-data:
-  {{- if $data }}
-  {{ $cfg.secretKey }}: {{ get $data $cfg.secretKey }}
-  {{- else }}
-  {{ $cfg.secretKey }}: {{ randAlphaNum 20 | b64enc }}
-  {{- end }}
+data:  
+  {{ $cfg.secretKey }}: {{ randAlphaNum 20 | b64enc }}  
+{{- end }}