chore: remove deprecated service entry templates and update README fi…

…les for account-operator and extension-manager-operator
openmfp · Feb 2, 2025 · fef292b · fef292b
1 parent 2e4ede3
commit fef292b
Show file tree

Hide file tree

Showing 27 changed files with 208 additions and 154 deletions.
diff --git a/charts/account-operator-crds/README.md b/charts/account-operator-crds/README.md
@@ -27,3 +27,16 @@ Example
 3) .Values.deployment.resources.limits.memory = 1024MB
 4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB
 ```
+# account-operator-crds
+
+![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square)
+
+A Helm chart for Kubernetes
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| kcp.enabled | bool | `false` | Enable KCP |
+| kcp.identityHash | string | `""` |  |
+
diff --git a/charts/account-operator/README.md b/charts/account-operator/README.md
@@ -4,8 +4,6 @@ A Helm chart to deploy OpenMFP Account-Operator
 
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
-![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
-
 ## Requirements
 
 | Repository | Name | Description | Sources |

diff --git a/charts/common/README.md b/charts/common/README.md
@@ -48,3 +48,37 @@ Example
 3) .Values.deployment.resources.limits.memory = 1024MB
 4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB
 ```
+# common
+
+![Version: 0.2.8](https://img.shields.io/badge/Version-0.2.8-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
+
+A Helm chart containing reuse templates
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| defaults.certManager.enabled | bool | `false` | toggle to enable/disable cert-manager |
+| defaults.deployment.maxSurge | int | `5` | maxSurge |
+| defaults.deployment.maxUnavailable | int | `0` | maxUnavailable |
+| defaults.deployment.resources.limits | object | `{"cpu":"100m","memory":"512Mi"}` | cpu and memory limits for the deployment |
+| defaults.deployment.resources.requests | object | `{"cpu":"40m","memory":"50Mi"}` | cpu and memory requests for the deployment |
+| defaults.deployment.revisionHistoryLimit | int | `3` | deployment revision history limit |
+| defaults.deployment.strategy | string | `"RollingUpdate"` | deployment strategy |
+| defaults.externalSecrets.enabled | bool | `true` | toggle to enable/disable external-secrets |
+| defaults.fga.enabled | bool | `false` | toggle to enable/disable experimental FGA features |
+| defaults.health.liveness | object | `{"failureThreshold":1,"path":"/healthz"}` | liveness probe parameters |
+| defaults.health.periodSeconds | int | `10` | health period |
+| defaults.health.port | int | `8081` | health port |
+| defaults.health.readiness | object | `{"initialDelaySeconds":5,"path":"/readyz","periodSeconds":10}` | readiness probe parameters |
+| defaults.health.startup | object | `{"failureThreshold":30,"path":"/readyz"}` | startup probe parameters |
+| defaults.imagePullPolicy | string | `"Always"` | imagePullPolicy is the policy to use when pulling images for all charts |
+| defaults.imagePullSecret | string | `"github"` | imagePullSecret is the name of the secret that holds the docker registry credentials |
+| defaults.istio.enabled | bool | `false` | toggle to enable/disable istio |
+| defaults.istio.gateway.name | string | `"gateway"` | name of the gateway |
+| defaults.metrics.port | int | `8080` | metrics port |
+| defaults.port | int | `8080` | service port |
+| defaults.securityContext.fsGroup | int | `2000` | fsGroup id to run the container |
+| defaults.securityContext.runAsGroup | int | `3000` | group id to run the container |
+| defaults.securityContext.runAsUser | int | `1000` | user id to run the container |
+
diff --git a/charts/extension-manager-operator-crds/README.md b/charts/extension-manager-operator-crds/README.md
@@ -25,3 +25,9 @@ Example
 3) .Values.deployment.resources.limits.memory = 1024MB
 4) .Values.common.defaults.deployment.resources.limits.memory = default 512MB
 ```
+# extension-manager-operator-crds
+
+![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square)
+
+A Helm chart for Kubernetes
+
diff --git a/charts/extension-manager-operator/README.md b/charts/extension-manager-operator/README.md
@@ -4,12 +4,6 @@ A Helm chart for extension-manager-operator which manages resources like Content
 
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
-![Version: 0.22.41](https://img.shields.io/badge/Version-0.22.41-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.77.0](https://img.shields.io/badge/AppVersion-0.77.0-informational?style=flat-square)
-
-## Additional Information
-
-The `common` chart is a library of common resources that are shared across all other charts in the repository. It has no templates, but provides helm template functions and default values that can be used by other charts.
-
 ## Requirements
 
 | Repository | Name | Description | Sources |

diff --git a/charts/infra/templates/cluster-role.yaml b/charts/infra/templates/cluster-role.yaml
diff --git a/charts/infra/templates/external-secret-account-operator.yaml b/charts/infra/templates/external-secret-account-operator.yaml
diff --git a/charts/infra/templates/gateway.yaml b/charts/infra/templates/gateway.yaml
@@ -1,14 +1,16 @@
-apiVersion: {{ .Values.gateway.apiVersion }}
+{{- if eq (include "common.getKeyValue" (dict "Values" .Values "key" "istio.enabled")) "true" -}}
+apiVersion: {{ .Values.istio.networking.apiVersion }}
 kind: Gateway
 metadata:
-  name: {{ .Values.gateway.name}}
+  name: {{ .Values.istio.gateway.name}}
   namespace: {{ .Release.Namespace }}
-{{- if .Values.gateway.annotations }}
+{{- if .Values.istio.gateway.annotations }}
   annotations:
-    {{- toYaml .Values.gateway.annotations | nindent 4 }}
+    {{- toYaml .Values.istio.gateway.annotations | nindent 4 }}
 {{- end }}
 spec:
   selector:
-{{ .Values.gateway.selector | toYaml | indent 4 }}
+{{ .Values.istio.gateway.selector | toYaml | indent 4 }}
   servers:
-{{ toYaml .Values.gateway.servers | indent 4 }}
+{{ toYaml .Values.istio.gateway.servers | indent 4 }}
+{{- end -}}
diff --git a/charts/infra/templates/kcp-service-entry.yaml b/charts/infra/templates/kcp-service-entry.yaml
diff --git a/charts/infra/templates/keycloak-service-entry.yaml b/charts/infra/templates/keycloak-service-entry.yaml
diff --git a/charts/infra/templates/service-entries-https.yaml b/charts/infra/templates/service-entries-https.yaml
@@ -13,4 +13,4 @@ spec:
       number: 443
       protocol: TLS
   resolution: DNS
-{{- end -}}
+{{- end -}}
diff --git a/charts/infra/templates/store.yaml b/charts/infra/templates/store.yaml
diff --git a/charts/infra/tests/__snapshot__/snapshot_test.yaml.snap b/charts/infra/tests/__snapshot__/snapshot_test.yaml.snap
@@ -1,24 +1,44 @@
-matches the snapshot:
+disables externalsecrets:
   1: |
     apiVersion: core.openmfp.io/v1alpha1
     kind: Store
     metadata:
-      name: test
-      namespace: test
+      name: tenant-demo-root
+      namespace: openmfp-system
     spec:
       coreModule: |2
         module core
 
         type user
 
+        type role
+          relations
+            define assignee: [user,user:*]
+
         type account
           relations
-            define owner: [user]
-            define member: [user] or owner
+
+            define parent: [account]
+            define owner: [role#assignee]
+            define member: [role#assignee] or owner
+
+            define get: member or get from parent
+            define update: member or update from parent
+            define delete: owner or delete from parent
+
+            # org and account specific
+            define watch: member or watch from parent
+
+            # org specific
+            define create: member or create from parent
+            define list: member or list from parent
       tuples:
-        - object: account:a
-          relation: owner
-          user: user:a
+        - object: role:authenticated
+          relation: assignee
+          user: user:*
+        - object: account:demo-root
+          relation: member
+          user: role:authenticated#assignee
   2: |
     apiVersion: networking.istio.io/v1
     kind: Gateway
@@ -33,20 +53,62 @@ matches the snapshot:
             - '*'
           port:
             name: http
-            number: 8080
+            number: 8000
             protocol: HTTP
-  3: |
+matches the snapshot:
+  1: |
+    apiVersion: core.openmfp.io/v1alpha1
+    kind: Store
+    metadata:
+      name: tenant-demo-root
+      namespace: openmfp-system
+    spec:
+      coreModule: |2
+        module core
+
+        type user
+
+        type role
+          relations
+            define assignee: [user,user:*]
+
+        type account
+          relations
+
+            define parent: [account]
+            define owner: [role#assignee]
+            define member: [role#assignee] or owner
+
+            define get: member or get from parent
+            define update: member or update from parent
+            define delete: owner or delete from parent
+
+            # org and account specific
+            define watch: member or watch from parent
+
+            # org specific
+            define create: member or create from parent
+            define list: member or list from parent
+      tuples:
+        - object: role:authenticated
+          relation: assignee
+          user: user:*
+        - object: account:demo-root
+          relation: member
+          user: role:authenticated#assignee
+  2: |
     apiVersion: networking.istio.io/v1
-    kind: ServiceEntry
+    kind: Gateway
     metadata:
-      name: openmfp-https
+      name: gateway
       namespace: NAMESPACE
     spec:
-      hosts:
-        - example.com
-      location: MESH_EXTERNAL
-      ports:
-        - name: https
-          number: 443
-          protocol: TLS
-      resolution: DNS
+      selector:
+        istio: gateway
+      servers:
+        - hosts:
+            - '*'
+          port:
+            name: http
+            number: 8000
+            protocol: HTTP
diff --git a/charts/keycloak/tests/__snapshot__/crossplane_test.yaml.snap b/charts/keycloak/tests/__snapshot__/crossplane_test.yaml.snap
@@ -98,13 +98,23 @@ matches the snapshot:
     apiVersion: oidc.keycloak.crossplane.io/v1alpha1
     kind: IdentityProvider
     metadata:
-      name: trusted-openmfp-audiences
+      name: sap
     spec:
       forProvider:
-        includeInTokenScope: true
-        name: trusted-openmfp-audiences
-        realmIdRef:
+        alias: sap
+        authorizationUrl: https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/authorize
+        clientId: 82b4c72c-ff99-4df6-ba4f-fb634d1fc491
+        clientSecretSecretRef:
+          key: client-secret
+          name: sap-client-secret
+          namespace: openmfp-system
+        defaultScopes: openid email profile
+        hideOnLoginPage: true
+        issuer: https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/v2.0
+        realmRef:
           name: openmfp
+        tokenUrl: https://login.microsoftonline.com/42f7676c-f455-423c-82f6-dc2d99791af7/oauth2/v2.0/token
+        trustEmail: true
       providerConfigRef:
         name: keycloak-provider-config
   8: |