Refact use centralised access control from helpers

trinodb · Sep 1, 2024 · 51d4221 · 51d4221
1 parent 00dfeef
commit 51d4221
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 36 deletions.
diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml
@@ -80,26 +80,6 @@ data:
     {{- .Values.server.coordinatorExtraConfig | nindent 4 }}
     {{- end }}
 
-{{- if .Values.accessControl }}
-  {{- if eq .Values.accessControl.type "configmap" }}
-  access-control.properties: |
-    access-control.name=file
-    {{- if .Values.accessControl.refreshPeriod }}
-    security.refresh-period={{ .Values.accessControl.refreshPeriod }}
-    {{- end }}
-    security.config-file={{ .Values.server.config.path }}/access-control/{{ .Values.accessControl.configFile | default "rules.json" }}
-  {{- else if eq .Values.accessControl.type "properties" }}
-  access-control.properties: |
-    {{- if .Values.accessControl.properties }}
-    {{- .Values.accessControl.properties | nindent 4 }}
-    {{- else}}
-    {{- fail "accessControl.properties is required when accessControl.type is 'properties'." }}
-    {{- end }}
-  {{- else}}
-  {{- fail "Invalid accessControl.type value. It must be either 'configmap' or 'properties'." }}
-  {{- end }}
-{{- end }}
-
 {{- if .Values.resourceGroups }}
   resource-groups.properties: |
     resource-groups.configuration-manager=file
@@ -142,29 +122,26 @@ data:
   {{- end }}
 {{ end }}
 
-{{- range $fileName, $fileContent := .Values.coordinator.additionalConfigFiles }}
+{{- if .Values.accessControl }}
+  {{ include "trino.accessControlProperties" . }}
+{{- end }}
+
+{{- range $fileName, $fileContent := .Values.worker.additionalConfigFiles }}
   {{ $fileName }}: |
     {{- $fileContent | nindent 4 }}
 {{- end }}
 
 ---
 
-{{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "trino.fullname" . }}-access-control-volume-coordinator
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "trino.labels" . | nindent 4 }}
-    app.kubernetes.io/component: coordinator
-data:
-  {{- range $key, $val := .Values.accessControl.rules }}
-  {{ $key }}: {{ $val | quote }}
+{{- if .Values.accessControl }}
+  {{- if eq .Values.accessControl.type "configmap" }}
+  {{ include "trino.accessControlConfigMap" . }}
   {{- end }}
-{{- end }}{{- end }}
-{{- if .Values.resourceGroups }}
+{{- end }}
+
 ---
+{{- if .Values.resourceGroups }}
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -177,7 +154,9 @@ data:
   resource-groups.json: |-
     {{- .Values.resourceGroups.resourceGroupsConfig | nindent 4 }}
 {{- end }}
+
 ---
+
 apiVersion: v1
 kind: ConfigMap
 metadata:

diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml
@@ -51,7 +51,7 @@ spec:
         {{- if .Values.accessControl }}{{- if eq .Values.accessControl.type "configmap" }}
         - name: access-control-volume
           configMap:
-            name: {{ template "trino.fullname" . }}-access-control-volume-coordinator
+            name: {{ template "trino.fullname" . }}-access-control-volume
         {{- end }}{{- end }}
         {{- if .Values.resourceGroups }}
         - name: resource-groups-volume