diff --git a/charts/backingservices/charts/srs/README.md b/charts/backingservices/charts/srs/README.md index feffbb959..278d53fe2 100644 --- a/charts/backingservices/charts/srs/README.md +++ b/charts/backingservices/charts/srs/README.md @@ -76,6 +76,8 @@ make external-es-secrets NAMESPACE=pegabackingservices ELASTICSEARCH_VERSION=7.1 | Configuration | Usage | |-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `tls` | Set to `true` to enable the SRS service to authenticate to your organization's available Elasticsearch service. | +| `certificateName` | Enter the tls certificate name. Default certificate name will be "elastic-certificates.p12" if not used. | +| `certificatePassword` | Enter the tls certificate password if any. Default value will be empty if not used. | | `esCredentials.username` | Enter the username for your available Elasticsearch service. This username value must match the values you set in the connection info section of esCredentials. | | `esCredentials.password` | Enter the required password for your available Elasticsearch service. This password value must match the values you set in the connection info section of esCredentials. | | `srsStorage.provisionInternalESCluster` | | @@ -140,8 +142,10 @@ srs: # Set srs.srsStorage.tls.enabled: true to enable the use of TLS-based authentication to your Elasticsearch service whether is it running as an internalized or externalized service in your SRS cluster. tls: enabled: false - # To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false), uncomment the following line to specify the TLS certificate name for your Elasticsearch service. + # To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false), uncomment the following lines to specify the TLS certificate name with password for your Elasticsearch service. + # Default certificatePassword value will be empty if not used. # certificateName: "Certificate_Name" + # certificatePassword: "password" # Set srs.srsStorage.basicAuthentication.enabled: true to enable the use of basic authentication to your Elasticsearch service whether is it running as an internalized or externalized service in your SRS cluster. basicAuthentication: enabled: true diff --git a/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml b/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml index acd6b06f0..feaa8bd7b 100644 --- a/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml +++ b/charts/backingservices/charts/srs/templates/srsservice_deployment.yaml @@ -77,6 +77,8 @@ spec: key: password - name: PATH_TO_TRUSTSTORE value: "/usr/share/{{ .Values.srsStorage.certificateName | default "elastic-certificates.p12"}}" + - name: PATH_TO_KEYSTORE + value: "{{ .Values.srsStorage.certificatePassword | default ""}}" {{- end}} - name: APPLICATION_HOST value: "0.0.0.0" diff --git a/charts/backingservices/values.yaml b/charts/backingservices/values.yaml index b4a5cce18..0563e8bea 100644 --- a/charts/backingservices/values.yaml +++ b/charts/backingservices/values.yaml @@ -53,8 +53,10 @@ srs: tls: enabled: false # To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false), - # uncomment the following line to specify the TLS certificate name for your Elasticsearch service. + # uncomment the following lines to specify the TLS certificate name with password for your Elasticsearch service. + # Default certificatePassword value will be empty if not used. # certificateName: "Certificate_Name" + # certificatePassword: "password" # Set srs.srsStorage.basicAuthentication.enabled: true to enable the use of basic authentication to your Elasticsearch service # whether is it running as an internalized or externalized service in your SRS cluster. basicAuthentication: diff --git a/terratest/src/test/backingservices/srs-deployment_test.go b/terratest/src/test/backingservices/srs-deployment_test.go index dc1cd943b..ae7cdadf0 100644 --- a/terratest/src/test/backingservices/srs-deployment_test.go +++ b/terratest/src/test/backingservices/srs-deployment_test.go @@ -206,6 +206,9 @@ func VerifyDeployment(t *testing.T, pod *k8score.PodSpec, expectedSpec srsDeploy require.Equal(t, "PATH_TO_TRUSTSTORE", pod.Containers[0].Env[envIndex].Name) require.Equal(t, "/usr/share/elastic-certificates.p12", pod.Containers[0].Env[envIndex].Value) envIndex++ + require.Equal(t, "PATH_TO_KEYSTORE", pod.Containers[0].Env[envIndex].Name) + require.Equal(t, "", pod.Containers[0].Env[envIndex].Value) + envIndex++ } require.Equal(t, "APPLICATION_HOST", pod.Containers[0].Env[envIndex].Name) require.Equal(t, "0.0.0.0", pod.Containers[0].Env[envIndex].Value)