From 67f5644b2cf65e2baf0c286a12bc411985801700 Mon Sep 17 00:00:00 2001 From: valdimir Date: Fri, 27 Sep 2024 13:21:09 +0300 Subject: [PATCH] add_separate_group.db_secret --- charts/trino/README.md | 5 ++++ charts/trino/templates/_helpers.tpl | 24 +++++++++++++--- .../templates/configmap-coordinator.yaml | 4 +-- .../templates/deployment-coordinator.yaml | 28 +++++++++++-------- charts/trino/templates/secret.yaml | 15 ++++++++-- charts/trino/values.yaml | 4 +++ 6 files changed, 61 insertions(+), 19 deletions(-) diff --git a/charts/trino/README.md b/charts/trino/README.md index 69fe6981..babb2fe4 100644 --- a/charts/trino/README.md +++ b/charts/trino/README.md @@ -368,6 +368,11 @@ Fast distributed SQL query engine for big data analytics that helps you explore refreshPeriod: 5s groups: "group_name:user_1,user_2,user_3" ``` + Set the name of a secret containing this file in the group.db key + ```yaml + groupAuthSecret: "trino-group-authentication" + ``` + * `serviceAccount.create` - bool, default: `false` Specifies whether a service account should be created diff --git a/charts/trino/templates/_helpers.tpl b/charts/trino/templates/_helpers.tpl index 26aa8a6b..35b00d95 100644 --- a/charts/trino/templates/_helpers.tpl +++ b/charts/trino/templates/_helpers.tpl @@ -125,17 +125,33 @@ Code is inspired from bitnami/common {{- end -}} {{/* -Create the name of the file auth secret to use +Create the name of the file password auth secret to use */}} -{{- define "trino.fileAuthSecretName" -}} +{{- define "trino.filePasswordAuthSecretName" -}} {{- if and .Values.auth .Values.auth.passwordAuthSecret }} {{- .Values.auth.passwordAuthSecret | trunc 63 | trimSuffix "-" }} {{- else }} {{- $name := default .Chart.Name .Values.nameOverride }} {{- if hasPrefix .Release.Name $name }} -{{- printf "%s-%s" $name "file-authentication" | trunc 63 | trimSuffix "-" }} +{{- printf "%s-%s" $name "file-password-authentication" | trunc 63 | trimSuffix "-" }} {{- else }} -{{- printf "%s-%s-%s" .Release.Name $name "file-authentication" | trunc 63 | trimSuffix "-" }} +{{- printf "%s-%s-%s" .Release.Name $name "file-password-authentication" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create the name of the file group auth secret to use +*/}} +{{- define "trino.fileGroupAuthSecretName" -}} +{{- if and .Values.auth .Values.auth.groupAuthSecret }} +{{- .Values.auth.groupAuthSecret | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if hasPrefix .Release.Name $name }} +{{- printf "%s-%s" $name "file-group-authentication" | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s-%s" .Release.Name $name "file-group-authentication" | trunc 63 | trimSuffix "-" }} {{- end }} {{- end }} {{- end }} diff --git a/charts/trino/templates/configmap-coordinator.yaml b/charts/trino/templates/configmap-coordinator.yaml index 667ab0e3..023b0ddd 100644 --- a/charts/trino/templates/configmap-coordinator.yaml +++ b/charts/trino/templates/configmap-coordinator.yaml @@ -124,13 +124,13 @@ data: {{- if contains "PASSWORD" .Values.server.config.authenticationType }}{{- if not (index .Values.coordinator.additionalConfigFiles "password-authenticator.properties") }} password-authenticator.properties: | password-authenticator.name=file - file.password-file={{ .Values.server.config.path }}/auth/password.db + file.password-file={{ .Values.server.config.path }}/auth-password/password.db {{- end }}{{- end }} {{- if .Values.auth.groups }}{{- if not (index .Values.coordinator.additionalConfigFiles "group-provider.properties") }} group-provider.properties: | group-provider.name=file - file.group-file={{ .Values.server.config.path }}/auth/group.db + file.group-file={{ .Values.server.config.path }}/auth-group/group.db {{- if .Values.auth.refreshPeriod }} file.refresh-period={{ .Values.auth.refreshPeriod }} {{- end }} diff --git a/charts/trino/templates/deployment-coordinator.yaml b/charts/trino/templates/deployment-coordinator.yaml index 5b6cede4..492d0604 100644 --- a/charts/trino/templates/deployment-coordinator.yaml +++ b/charts/trino/templates/deployment-coordinator.yaml @@ -65,20 +65,22 @@ spec: configMap: name: {{ template "trino.fullname" . }}-resource-groups-volume-coordinator {{- end }} - {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret .Values.auth.groups }} - - name: file-authentication-volume + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }} + - name: file-password-authentication-volume secret: - secretName: {{ template "trino.fileAuthSecretName" . }} + secretName: {{ template "trino.filePasswordAuthSecretName" . }} items: - {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }} - key: password.db path: password.db - {{- end }} - {{- if .Values.auth.groups }} + {{- end }} + {{- if or .Values.auth.groups .Values.auth.groupsAuthSecret }} + - name: file-groups-authentication-volume + secret: + secretName: {{ template "trino.fileGroupAuthSecretName" . }} + items: - key: group.db path: group.db - {{- end }} - {{- end }} + {{- end }} {{- if .Values.jmx.exporter.enabled }} - name: jmx-exporter-config-volume configMap: @@ -157,10 +159,14 @@ spec: - name: {{ .name }} mountPath: {{ .path }} {{- end }} - {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret .Values.auth.groups }} - - mountPath: {{ .Values.server.config.path }}/auth - name: file-authentication-volume + {{- if or .Values.auth.passwordAuth .Values.auth.passwordAuthSecret }} + - mountPath: {{ .Values.server.config.path }}/auth/password + name: file-password-authentication-volume {{- end }} + {{- if or .Values.auth.groups .Values.auth.groupsAuthSecret }} + - mountPath: {{ .Values.server.config.path }}/auth/group + name: file-group-authentication-volume + {{- end }} {{- with .Values.coordinator.additionalVolumeMounts }} {{- . | toYaml | nindent 12 }} {{- end }} diff --git a/charts/trino/templates/secret.yaml b/charts/trino/templates/secret.yaml index dd48f90a..1abe27a3 100644 --- a/charts/trino/templates/secret.yaml +++ b/charts/trino/templates/secret.yaml @@ -1,8 +1,8 @@ -{{- if or .Values.auth.passwordAuth .Values.auth.groups }} +{{- if and (not .Values.auth.passwordAuthSecret) (.Values.auth.passwordAuth) }} apiVersion: v1 kind: Secret metadata: - name: {{ template "trino.fileAuthSecretName" . }} + name: {{ template "trino.filePasswordAuthSecretName" . }} namespace: {{ .Release.Namespace }} labels: {{- include "trino.labels" . | nindent 4 }} @@ -10,6 +10,17 @@ data: {{- if .Values.auth.passwordAuth }} password.db: {{ .Values.auth.passwordAuth | b64enc }} {{- end }} +{{- end }} +--- +{{- if and (not .Values.auth.groupsAuthSecret) (.Values.auth.groups) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "trino.fileGroupAuthSecretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "trino.labels" . | nindent 4 }} +data: {{- if .Values.auth.groups}} group.db: {{ .Values.auth.groups | b64enc }} {{- end }} diff --git a/charts/trino/values.yaml b/charts/trino/values.yaml index 745d50d4..3fe15ae5 100644 --- a/charts/trino/values.yaml +++ b/charts/trino/values.yaml @@ -414,6 +414,10 @@ auth: {} # refreshPeriod: 5s # groups: "group_name:user_1,user_2,user_3" # ``` +# Set the name of a secret containing this file in the group.db key +# ```yaml +# groupAuthSecret: "trino-group-authentication" +# ``` serviceAccount: # -- Specifies whether a service account should be created