diff --git a/charts/backingservices/charts/srs/README.md b/charts/backingservices/charts/srs/README.md
index feffbb959..278d53fe2 100644
--- a/charts/backingservices/charts/srs/README.md
+++ b/charts/backingservices/charts/srs/README.md
@@ -76,6 +76,8 @@ make external-es-secrets NAMESPACE=pegabackingservices ELASTICSEARCH_VERSION=7.1
| Configuration | Usage |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `tls` | Set to `true` to enable the SRS service to authenticate to your organization's available Elasticsearch service. |
+| `certificateName` | Enter the tls certificate name. Default certificate name will be "elastic-certificates.p12" if not used. |
+| `certificatePassword` | Enter the tls certificate password if any. Default value will be empty if not used. |
| `esCredentials.username` | Enter the username for your available Elasticsearch service. This username value must match the values you set in the connection info section of esCredentials. |
| `esCredentials.password` | Enter the required password for your available Elasticsearch service. This password value must match the values you set in the connection info section of esCredentials. |
| `srsStorage.provisionInternalESCluster` |
- Set to false to disable this parameter and connect to your available Elasticsearch service from the SRS cluster. Disabling this setting requires you to provide connectivity details to your organization's external Elasticsearch service along with an appropriate TLS certificate with which you authenticate with the service. To pass the required certificate to the cluster using a secrets file, run the command, `$ make external-es-secrets NAMESPACE= ELASTICSEARCH_VERSION= PATH_TO_CERTIFICATE=`.
- where NAMESPACE references your deployment namespace of the SRS cluster, `ELASTICSEARCH_VERSION` matches the Elasticsearch version you want to use, and `PATH_TO_CERTIFICATE` points to the location where you copied the required certificates on your location machine.
- Use the following Make command to update the SRS and External Elasticsearch certificates: `$ make update-external-es-secrets NAMESPACE= PATH_TO_CERTIFICATE=`.
|
@@ -140,8 +142,10 @@ srs:
# Set srs.srsStorage.tls.enabled: true to enable the use of TLS-based authentication to your Elasticsearch service whether is it running as an internalized or externalized service in your SRS cluster.
tls:
enabled: false
- # To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false), uncomment the following line to specify the TLS certificate name for your Elasticsearch service.
+ # To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false), uncomment the following lines to specify the TLS certificate name with password for your Elasticsearch service.
+ # Default certificatePassword value will be empty if not used.
# certificateName: "Certificate_Name"
+ # certificatePassword: "password"
# Set srs.srsStorage.basicAuthentication.enabled: true to enable the use of basic authentication to your Elasticsearch service whether is it running as an internalized or externalized service in your SRS cluster.
basicAuthentication:
enabled: true
diff --git a/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml b/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml
index acd6b06f0..feaa8bd7b 100644
--- a/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml
+++ b/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml
@@ -77,6 +77,8 @@ spec:
key: password
- name: PATH_TO_TRUSTSTORE
value: "/usr/share/{{ .Values.srsStorage.certificateName | default "elastic-certificates.p12"}}"
+ - name: PATH_TO_KEYSTORE
+ value: "{{ .Values.srsStorage.certificatePassword | default ""}}"
{{- end}}
- name: APPLICATION_HOST
value: "0.0.0.0"
diff --git a/charts/backingservices/values.yaml b/charts/backingservices/values.yaml
index b4a5cce18..0563e8bea 100644
--- a/charts/backingservices/values.yaml
+++ b/charts/backingservices/values.yaml
@@ -53,8 +53,10 @@ srs:
tls:
enabled: false
# To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false),
- # uncomment the following line to specify the TLS certificate name for your Elasticsearch service.
+ # uncomment the following lines to specify the TLS certificate name with password for your Elasticsearch service.
+ # Default certificatePassword value will be empty if not used.
# certificateName: "Certificate_Name"
+ # certificatePassword: "password"
# Set srs.srsStorage.basicAuthentication.enabled: true to enable the use of basic authentication to your Elasticsearch service
# whether is it running as an internalized or externalized service in your SRS cluster.
basicAuthentication:
diff --git a/terratest/src/test/backingservices/srs-deployment_test.go b/terratest/src/test/backingservices/srs-deployment_test.go
index dc1cd943b..ae7cdadf0 100644
--- a/terratest/src/test/backingservices/srs-deployment_test.go
+++ b/terratest/src/test/backingservices/srs-deployment_test.go
@@ -206,6 +206,9 @@ func VerifyDeployment(t *testing.T, pod *k8score.PodSpec, expectedSpec srsDeploy
require.Equal(t, "PATH_TO_TRUSTSTORE", pod.Containers[0].Env[envIndex].Name)
require.Equal(t, "/usr/share/elastic-certificates.p12", pod.Containers[0].Env[envIndex].Value)
envIndex++
+ require.Equal(t, "PATH_TO_KEYSTORE", pod.Containers[0].Env[envIndex].Name)
+ require.Equal(t, "", pod.Containers[0].Env[envIndex].Value)
+ envIndex++
}
require.Equal(t, "APPLICATION_HOST", pod.Containers[0].Env[envIndex].Name)
require.Equal(t, "0.0.0.0", pod.Containers[0].Env[envIndex].Value)