From a2da4971b0f5ba61b1a89f2b2b8ff96eaa7fda43 Mon Sep 17 00:00:00 2001 From: John Kost Date: Tue, 26 Oct 2021 19:18:30 -0400 Subject: [PATCH 1/6] Pull value from secret rather than plaintext in job --- cadence/Chart.yaml | 2 +- cadence/templates/server-job.yaml | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/cadence/Chart.yaml b/cadence/Chart.yaml index ec0fff71..ca8ac6b6 100644 --- a/cadence/Chart.yaml +++ b/cadence/Chart.yaml @@ -1,5 +1,5 @@ name: cadence -version: 0.21.2 +version: 0.21.3 appVersion: 0.21.3 description: Cadence is a distributed, scalable, durable, and highly available orchestration engine to execute asynchronous long-running business logic in a scalable and resilient way. icon: https://raw.githubusercontent.com/uber/cadence-web/master/client/assets/logo.svg diff --git a/cadence/templates/server-job.yaml b/cadence/templates/server-job.yaml index b0706ab5..c00bb98b 100644 --- a/cadence/templates/server-job.yaml +++ b/cadence/templates/server-job.yaml @@ -110,7 +110,10 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - value: {{ include "cadence.persistence.sql.password" (list $ $store) }} + valueFrom: + secretKeyRef: + name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} + key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} {{- with $storeConfig.sql.connectAttributes }} - name: SQL_CONNECT_ATTRIBUTES value: {{ include "to-query" . }} @@ -158,7 +161,10 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - value: {{ include "cadence.persistence.sql.password" (list $ $store) }} + valueFrom: + secretKeyRef: + name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} + key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} {{- with $storeConfig.sql.connectAttributes }} - name: SQL_CONNECT_ATTRIBUTES value: {{ include "to-query" . }} @@ -282,7 +288,10 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - value: {{ include "cadence.persistence.sql.password" (list $ $store) }} + valueFrom: + secretKeyRef: + name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} + key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} {{- with $storeConfig.sql.connectAttributes }} - name: SQL_CONNECT_ATTRIBUTES value: {{ include "to-query" . }} From 8b834045e9d2ae876f564f6ec68dff159dd558fa Mon Sep 17 00:00:00 2001 From: John Kost Date: Wed, 27 Oct 2021 10:21:17 -0400 Subject: [PATCH 2/6] Conditionally use secret or value based on pre/post hook creation --- cadence/templates/server-job.yaml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/cadence/templates/server-job.yaml b/cadence/templates/server-job.yaml index c00bb98b..c2942664 100644 --- a/cadence/templates/server-job.yaml +++ b/cadence/templates/server-job.yaml @@ -110,10 +110,14 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD + {{ - if or .Values.cassandra.enabled .Values.mysql.enabled }} valueFrom: secretKeyRef: name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} + {{- else -}} + value: {{ include "cadence.persistence.sql.password" (list $ $store) }} + {{- end -}} {{- with $storeConfig.sql.connectAttributes }} - name: SQL_CONNECT_ATTRIBUTES value: {{ include "to-query" . }} @@ -161,10 +165,14 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD + {{ - if or .Values.cassandra.enabled .Values.mysql.enabled }} valueFrom: secretKeyRef: - name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} + name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} + {{- else -}} + value: {{ include "cadence.persistence.sql.password" (list $ $store) }} + {{- end -}} {{- with $storeConfig.sql.connectAttributes }} - name: SQL_CONNECT_ATTRIBUTES value: {{ include "to-query" . }} @@ -288,10 +296,14 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD + {{ - if or .Values.cassandra.enabled .Values.mysql.enabled }} valueFrom: secretKeyRef: - name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} + name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} + {{- else -}} + value: {{ include "cadence.persistence.sql.password" (list $ $store) }} + {{- end -}} {{- with $storeConfig.sql.connectAttributes }} - name: SQL_CONNECT_ATTRIBUTES value: {{ include "to-query" . }} From f958563d44840e5e8a5af5502261ed1df0a1c07e Mon Sep 17 00:00:00 2001 From: John Kost <41963650+johnkost@users.noreply.github.com> Date: Thu, 28 Oct 2021 08:14:37 -0400 Subject: [PATCH 3/6] Fix typos from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Márk Sági-Kazár --- cadence/templates/server-job.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cadence/templates/server-job.yaml b/cadence/templates/server-job.yaml index c2942664..aee90f03 100644 --- a/cadence/templates/server-job.yaml +++ b/cadence/templates/server-job.yaml @@ -110,7 +110,7 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - {{ - if or .Values.cassandra.enabled .Values.mysql.enabled }} + {{- if or .Values.cassandra.enabled .Values.mysql.enabled }} valueFrom: secretKeyRef: name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} @@ -165,7 +165,7 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - {{ - if or .Values.cassandra.enabled .Values.mysql.enabled }} + {{- if or .Values.cassandra.enabled .Values.mysql.enabled }} valueFrom: secretKeyRef: name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} From 359910730d3bcc923fc479e80175637c376de0d9 Mon Sep 17 00:00:00 2001 From: John Kost Date: Thu, 4 Nov 2021 16:57:38 -0400 Subject: [PATCH 4/6] PR feedback and version bump --- cadence/templates/server-job.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cadence/templates/server-job.yaml b/cadence/templates/server-job.yaml index aee90f03..e5534ee2 100644 --- a/cadence/templates/server-job.yaml +++ b/cadence/templates/server-job.yaml @@ -110,10 +110,10 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - {{- if or .Values.cassandra.enabled .Values.mysql.enabled }} + {{- if .Values.mysql.enabled }} valueFrom: secretKeyRef: - name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} + name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} {{- else -}} value: {{ include "cadence.persistence.sql.password" (list $ $store) }} @@ -165,10 +165,10 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - {{- if or .Values.cassandra.enabled .Values.mysql.enabled }} + {{- if .Values.mysql.enabled }} valueFrom: secretKeyRef: - name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} + name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} {{- else -}} value: {{ include "cadence.persistence.sql.password" (list $ $store) }} @@ -296,10 +296,10 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - {{ - if or .Values.cassandra.enabled .Values.mysql.enabled }} + {{ - if .Values.mysql.enabled }} valueFrom: secretKeyRef: - name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} + name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }} key: {{ include "cadence.persistence.secretKey" (list $ $store) | quote }} {{- else -}} value: {{ include "cadence.persistence.sql.password" (list $ $store) }} From 45f68a0dcea81155ae54691ec35776ed8430aae4 Mon Sep 17 00:00:00 2001 From: John Kost Date: Thu, 4 Nov 2021 17:00:22 -0400 Subject: [PATCH 5/6] Chart version bump --- cadence/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cadence/Chart.yaml b/cadence/Chart.yaml index ca8ac6b6..8b73dd3e 100644 --- a/cadence/Chart.yaml +++ b/cadence/Chart.yaml @@ -1,5 +1,5 @@ name: cadence -version: 0.21.3 +version: 0.21.4 appVersion: 0.21.3 description: Cadence is a distributed, scalable, durable, and highly available orchestration engine to execute asynchronous long-running business logic in a scalable and resilient way. icon: https://raw.githubusercontent.com/uber/cadence-web/master/client/assets/logo.svg From 2afc9800dfd4fee43cb8ded05c4b723dd46e6cfa Mon Sep 17 00:00:00 2001 From: John Kost <41963650+johnkost@users.noreply.github.com> Date: Fri, 5 Nov 2021 10:27:26 -0400 Subject: [PATCH 6/6] Update cadence/templates/server-job.yaml Co-authored-by: Patrik Egyed <8093632+pregnor@users.noreply.github.com> --- cadence/templates/server-job.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cadence/templates/server-job.yaml b/cadence/templates/server-job.yaml index e5534ee2..0dfeafc3 100644 --- a/cadence/templates/server-job.yaml +++ b/cadence/templates/server-job.yaml @@ -296,7 +296,7 @@ spec: - name: SQL_USER value: {{ include "cadence.persistence.sql.user" (list $ $store) }} - name: SQL_PASSWORD - {{ - if .Values.mysql.enabled }} + {{- if .Values.mysql.enabled }} valueFrom: secretKeyRef: name: {{ include "cadence.persistence.secretName" (list $ $store) | quote }}