Merge ~kotodama/charm-k8s-discourse:s3_storage into charm-k8s-discourse:master
- Git
- lp:~kotodama/charm-k8s-discourse
- s3_storage
- Merge into master
Status: | Merged |
---|---|
Approved by: | Tom Haddon |
Approved revision: | 70d5de3315b437da407d3610a9d0badb9f935639 |
Merged at revision: | 0df9bf214e523b084497453bba033bdc71214c4c |
Proposed branch: | ~kotodama/charm-k8s-discourse:s3_storage |
Merge into: | charm-k8s-discourse:master |
Prerequisite: | ~kotodama/charm-k8s-discourse:fix_unit_tests |
Diff against target: |
512 lines (+413/-0) 7 files modified
config.yaml (+62/-0) image/scripts/pod_setup (+10/-0) src/charm.py (+30/-0) tests/unit/fixtures/config_invalid_missing_required_s3_options.yaml (+28/-0) tests/unit/fixtures/config_valid_complete.yaml (+26/-0) tests/unit/fixtures/config_valid_no_s3.yaml (+120/-0) tests/unit/fixtures/config_valid_s3_only_required_options.yaml (+137/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Tom Haddon | Approve | ||
🤖 prod-jenkaas-is (community) | continuous-integration | Approve | |
Canonical IS Reviewers | Pending | ||
Review via email: mp+414970@code.launchpad.net |
Commit message
Add S3 support for uploaded objects storage
Description of the change
Loïc Gomez (kotodama) wrote : | # |
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
This merge proposal is being monitored by mergebot. Change the status to Approved to merge.
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Unable to determine commit message from repository - please click "Set commit message" and enter the commit message manually.
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote : | # |
A CI job is currently in progress. A follow up comment will be added when it completes.
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote : | # |
FAILED: Continuous integration, rev:45c0d961fab
No commit message was specified in the merge proposal. Click on the following link and set the commit message (if you want jenkins to rebuild you need to trigger it yourself):
https:/
https:/
Executed test runs:
SUCCESS: https:/
None: https:/
Click here to trigger a rebuild:
https:/
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote : | # |
A CI job is currently in progress. A follow up comment will be added when it completes.
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote : | # |
PASSED: Continuous integration, rev:2cb1be3f9fb
https:/
Executed test runs:
SUCCESS: https:/
None: https:/
Click here to trigger a rebuild:
https:/
Tom Haddon (mthaddon) wrote : | # |
Some comments inline. Also, since we're spinning up a staging instance for this, let's test before merging.
Loïc Gomez (kotodama) wrote : | # |
Thanks, fixed.
Also, changed naming of s3_config to s3_env, as it felt more natural (we're compiling S3 configuration into S3 environment variables actually).
Will set to Need Review again when it's been tested.
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote : | # |
A CI job is currently in progress. A follow up comment will be added when it completes.
Loïc Gomez (kotodama) wrote : | # |
Fixed default s3_endpoint, requires https:// prefix.
Charm tested on https:/
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote : | # |
PASSED: Continuous integration, rev:42f931199b4
https:/
Executed test runs:
SUCCESS: https:/
None: https:/
Click here to trigger a rebuild:
https:/
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote : | # |
A CI job is currently in progress. A follow up comment will be added when it completes.
🤖 prod-jenkaas-is (prod-jenkaas-is) wrote : | # |
PASSED: Continuous integration, rev:70d5de3315b
https:/
Executed test runs:
SUCCESS: https:/
None: https:/
Click here to trigger a rebuild:
https:/
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : | # |
Change successfully merged at revision 0df9bf214e523b0
Preview Diff
1 | diff --git a/config.yaml b/config.yaml |
2 | index f8bd1bc..cd002bc 100644 |
3 | --- a/config.yaml |
4 | +++ b/config.yaml |
5 | @@ -87,3 +87,65 @@ options: |
6 | type: int |
7 | description: "Max allowed body-size (for file uploads) in megabytes, set to 0 to disable limits" |
8 | default: 20 |
9 | + s3_enabled: |
10 | + type: boolean |
11 | + description: | |
12 | + Store uploaded objects in an S3-compatible object storage service instead of a local directory. |
13 | + |
14 | + If true, sets DISCOURSE_USE_S3=true. |
15 | + Check https://meta.discourse.org/t/using-object-storage-for-uploads-s3-clones/148916 for more details. |
16 | + default: false |
17 | + s3_endpoint: |
18 | + type: string |
19 | + description: | |
20 | + The S3 endpoint to use. This may be a non-Amazon S3-compatible endpoint. |
21 | + |
22 | + Sets DISCOURSE_S3_ENDPOINT |
23 | + default: "https://s3.amazonaws.com" |
24 | + s3_bucket: |
25 | + type: string |
26 | + description: | |
27 | + The S3 bucket to use. |
28 | + |
29 | + Sets DISCOURSE_S3_BUCKET. |
30 | + Required if s3_enabled is true. |
31 | + default: "" |
32 | + s3_access_key_id: |
33 | + type: string |
34 | + description: | |
35 | + The S3 access key ID to use. |
36 | + |
37 | + Sets DISCOURSE_S3_ACCESS_KEY_ID. |
38 | + Required if s3_enabled is true. |
39 | + default: "" |
40 | + s3_secret_access_key: |
41 | + type: string |
42 | + description: | |
43 | + The S3 secret key to use. |
44 | + |
45 | + Sets DISCOURSE_S3_SECRET_ACCESS_KEY. |
46 | + Required if s3_enabled is true. |
47 | + default: "" |
48 | + s3_region: |
49 | + type: string |
50 | + description: | |
51 | + The S3 region to use. |
52 | + |
53 | + Sets DISCOURSE_S3_REGION. |
54 | + Required if s3_enabled is true. |
55 | + default: "" |
56 | + s3_backup_bucket: |
57 | + type: string |
58 | + description: | |
59 | + The S3 bucket to use for backups. |
60 | + |
61 | + Sets DISCOURSE_S3_BACKUP_BUCKET. |
62 | + Also sets DISCOURSE_BACKUP_LOCATION=s3. |
63 | + default: "" |
64 | + s3_cdn_url: |
65 | + type: string |
66 | + description: | |
67 | + The S3 Content Delivery Network URL. |
68 | + |
69 | + Sets DISCOURSE_S3_CDN_URL. |
70 | + default: "" |
71 | diff --git a/image/scripts/pod_setup b/image/scripts/pod_setup |
72 | index 69b7b55..4893723 100755 |
73 | --- a/image/scripts/pod_setup |
74 | +++ b/image/scripts/pod_setup |
75 | @@ -45,3 +45,13 @@ su -s /bin/bash -c "bin/bundle exec rake assets:precompile RAILS_ENV=$RAILS_ENV" |
76 | su -s /bin/bash -c "bin/bundle exec rake assets:precompile RAILS_ENV=$RAILS_ENV" ${CONTAINER_APP_USERNAME} 2>&1 |sed 's/^/asset-build-2: /' |
77 | # LP#1952681: Third run consistently succeeds |
78 | su -s /bin/bash -c "bin/bundle exec rake assets:precompile RAILS_ENV=$RAILS_ENV" ${CONTAINER_APP_USERNAME} 2>&1 |sed 's/^/asset-build-3: /' |
79 | + |
80 | +if [ ! -z "${DISCOURSE_USE_S3}" ] && [ "${DISCOURSE_USE_S3}" == "true" ]; then |
81 | + echo "Discourse is configured to use S3:" |
82 | + echo "S3_ENDPOINT=${DISCOURSE_S3_ENDPOINT}" |
83 | + echo "S3_BUCKET=${DISCOURSE_S3_BUCKET}" |
84 | + echo "Running migration to S3..." |
85 | + su -s /bin/bash -c "bin/bundle exec rake s3:upload_assets RAILS_ENV=$RAILS_ENV" ${CONTAINER_APP_USERNAME} 2>&1 |
86 | +else |
87 | + echo "Not running migration to S3 (DISCOURSE_USE_S3=${DISCOURSE_USE_S3})." |
88 | +fi |
89 | diff --git a/src/charm.py b/src/charm.py |
90 | index 4085867..4710b2c 100755 |
91 | --- a/src/charm.py |
92 | +++ b/src/charm.py |
93 | @@ -40,6 +40,7 @@ THROTTLE_LEVELS = { |
94 | 'DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE': 'false', |
95 | }, |
96 | } |
97 | +REQUIRED_S3_SETTINGS = ['s3_access_key_id', 's3_bucket', 's3_region', 's3_secret_access_key'] |
98 | |
99 | |
100 | def create_discourse_pod_config(config): |
101 | @@ -71,6 +72,9 @@ def create_discourse_pod_config(config): |
102 | for key in saml_config: |
103 | pod_config[key] = saml_config[key] |
104 | |
105 | + if config.get('s3_enabled'): |
106 | + pod_config.update(get_s3_env(config)) |
107 | + |
108 | # We only get valid throttle levels here, otherwise it would be caught |
109 | # by `check_for_config_problems`, so we can be sure this won't raise a |
110 | # KeyError. |
111 | @@ -105,6 +109,29 @@ def get_saml_config(config): |
112 | return saml_config |
113 | |
114 | |
115 | +def get_s3_env(config): |
116 | + """Get the list of S3-related environment variables from charm's configuration.""" |
117 | + if not config.get('s3_enabled'): |
118 | + return {} |
119 | + |
120 | + s3_env = { |
121 | + 'DISCOURSE_USE_S3': True, |
122 | + 'DISCOURSE_S3_REGION': config['s3_region'], |
123 | + 'DISCOURSE_S3_ENDPOINT': config.get('s3_endpoint', 's3.amazonaws.com'), |
124 | + 'DISCOURSE_S3_ACCESS_KEY_ID': config['s3_access_key_id'], |
125 | + 'DISCOURSE_S3_SECRET_ACCESS_KEY': config['s3_secret_access_key'], |
126 | + 'DISCOURSE_S3_BUCKET': config['s3_bucket'], |
127 | + } |
128 | + |
129 | + if config.get('s3_backup_bucket'): |
130 | + s3_env['DISCOURSE_S3_BACKUP_BUCKET'] = config['s3_backup_bucket'] |
131 | + s3_env['DISCOURSE_BACKUP_LOCATION'] = 's3' |
132 | + if config.get('s3_cdn_url'): |
133 | + s3_env['DISCOURSE_S3_CDN_URL'] = config['s3_cdn_url'] |
134 | + |
135 | + return s3_env |
136 | + |
137 | + |
138 | def create_ingress_config(app_name, config): |
139 | """Create the ingress config form the juju config.""" |
140 | annotations = {} |
141 | @@ -201,6 +228,9 @@ def check_for_config_problems(config, stored): |
142 | if config['saml_sync_groups'] and not config['saml_target_url']: |
143 | errors.append("'saml_sync_groups' cannot be specified without a 'saml_target_url'") |
144 | |
145 | + if config.get('s3_enabled'): |
146 | + errors.extend(["'s3_enabled' requires '{}'".format(x) for x in REQUIRED_S3_SETTINGS if x not in config]) |
147 | + |
148 | return errors |
149 | |
150 | |
151 | diff --git a/tests/unit/fixtures/config_invalid_missing_required_s3_options.yaml b/tests/unit/fixtures/config_invalid_missing_required_s3_options.yaml |
152 | new file mode 100644 |
153 | index 0000000..f542315 |
154 | --- /dev/null |
155 | +++ b/tests/unit/fixtures/config_invalid_missing_required_s3_options.yaml |
156 | @@ -0,0 +1,28 @@ |
157 | +config: |
158 | + cors_origin: '*' |
159 | + db_name: discourse |
160 | + developer_emails: some.person@example.com |
161 | + discourse_image: discourse-k8s:1.0.7f |
162 | + enable_cors: true |
163 | + external_hostname: discourse.local |
164 | + image_pass: '' |
165 | + image_user: '' |
166 | + redis_host: 10.9.89.197 |
167 | + smtp_address: 167.89.123.58 |
168 | + smtp_authentication: login |
169 | + smtp_domain: example.com |
170 | + smtp_openssl_verify_mode: none |
171 | + smtp_password: OBV10USLYF4K3 |
172 | + smtp_port: 587 |
173 | + smtp_username: apikey |
174 | + saml_sync_groups: '' |
175 | + saml_target_url: https://login.ubuntu.com/+saml |
176 | + force_saml_login: true |
177 | + throttle_level: none |
178 | + s3_enabled: true |
179 | +config_problems: |
180 | + - "'s3_enabled' requires 's3_access_key_id'" |
181 | + - "'s3_enabled' requires 's3_bucket'" |
182 | + - "'s3_enabled' requires 's3_region'" |
183 | + - "'s3_enabled' requires 's3_secret_access_key'" |
184 | +missing_fields: [] |
185 | diff --git a/tests/unit/fixtures/config_valid_complete.yaml b/tests/unit/fixtures/config_valid_complete.yaml |
186 | index 87127e5..1d14364 100644 |
187 | --- a/tests/unit/fixtures/config_valid_complete.yaml |
188 | +++ b/tests/unit/fixtures/config_valid_complete.yaml |
189 | @@ -21,7 +21,16 @@ config: |
190 | saml_target_url: https://login.ubuntu.com/+saml |
191 | force_saml_login: true |
192 | throttle_level: none |
193 | + s3_enabled: true |
194 | + s3_endpoint: 'not.aws.endpoi.nt' |
195 | + s3_bucket: 'who-s-a-good-bucket?' |
196 | + s3_access_key_id: '3|33+' |
197 | + s3_secret_access_key: 's|kI0ure_k3Y' |
198 | + s3_region: 'the-infinite-and-beyond' |
199 | + s3_backup_bucket: 'backups-please' |
200 | + s3_cdn_url: 'https://cdn.my.domain' |
201 | pod_config: |
202 | + DISCOURSE_BACKUP_LOCATION: 's3' |
203 | DISCOURSE_CORS_ORIGIN: '*' |
204 | DISCOURSE_DEVELOPER_EMAILS: some.person@example.com |
205 | DISCOURSE_ENABLE_CORS: true |
206 | @@ -40,6 +49,14 @@ pod_config: |
207 | DISCOURSE_SMTP_PORT: 587 |
208 | DISCOURSE_SMTP_USER_NAME: apikey |
209 | DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
210 | + DISCOURSE_USE_S3: true |
211 | + DISCOURSE_S3_ACCESS_KEY_ID: '3|33+' |
212 | + DISCOURSE_S3_BACKUP_BUCKET: 'backups-please' |
213 | + DISCOURSE_S3_BUCKET: 'who-s-a-good-bucket?' |
214 | + DISCOURSE_S3_CDN_URL: 'https://cdn.my.domain' |
215 | + DISCOURSE_S3_ENDPOINT: 'not.aws.endpoi.nt' |
216 | + DISCOURSE_S3_REGION: 'the-infinite-and-beyond' |
217 | + DISCOURSE_S3_SECRET_ACCESS_KEY: 's|kI0ure_k3Y' |
218 | DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
219 | DISCOURSE_SAML_GROUPS_FULLSYNC: 'false' |
220 | DISCOURSE_SAML_SYNC_GROUPS: 'true' |
221 | @@ -54,6 +71,7 @@ pod_spec: |
222 | containers: |
223 | - name: discourse-k8s |
224 | envConfig: |
225 | + DISCOURSE_BACKUP_LOCATION: 's3' |
226 | DISCOURSE_CORS_ORIGIN: '*' |
227 | DISCOURSE_DEVELOPER_EMAILS: some.person@example.com |
228 | DISCOURSE_ENABLE_CORS: true |
229 | @@ -71,6 +89,14 @@ pod_spec: |
230 | DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3 |
231 | DISCOURSE_SMTP_PORT: 587 |
232 | DISCOURSE_SMTP_USER_NAME: apikey |
233 | + DISCOURSE_USE_S3: true |
234 | + DISCOURSE_S3_ACCESS_KEY_ID: '3|33+' |
235 | + DISCOURSE_S3_BACKUP_BUCKET: 'backups-please' |
236 | + DISCOURSE_S3_BUCKET: 'who-s-a-good-bucket?' |
237 | + DISCOURSE_S3_CDN_URL: 'https://cdn.my.domain' |
238 | + DISCOURSE_S3_ENDPOINT: 'not.aws.endpoi.nt' |
239 | + DISCOURSE_S3_REGION: 'the-infinite-and-beyond' |
240 | + DISCOURSE_S3_SECRET_ACCESS_KEY: 's|kI0ure_k3Y' |
241 | DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
242 | DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
243 | DISCOURSE_SAML_GROUPS_FULLSYNC: 'false' |
244 | diff --git a/tests/unit/fixtures/config_valid_no_s3.yaml b/tests/unit/fixtures/config_valid_no_s3.yaml |
245 | new file mode 100644 |
246 | index 0000000..87127e5 |
247 | --- /dev/null |
248 | +++ b/tests/unit/fixtures/config_valid_no_s3.yaml |
249 | @@ -0,0 +1,120 @@ |
250 | +config: |
251 | + cors_origin: '*' |
252 | + db_name: discourse |
253 | + developer_emails: some.person@example.com |
254 | + discourse_image: discourse-k8s:1.0.7f |
255 | + enable_cors: true |
256 | + external_hostname: discourse.local |
257 | + image_pass: 'somepass' |
258 | + image_user: 'someuser' |
259 | + max_body_size: 25 |
260 | + redis_host: 10.9.89.197 |
261 | + smtp_address: 167.89.123.58 |
262 | + smtp_authentication: login |
263 | + smtp_domain: example.com |
264 | + smtp_openssl_verify_mode: none |
265 | + smtp_password: OBV10USLYF4K3 |
266 | + smtp_port: 587 |
267 | + smtp_username: apikey |
268 | + tls_secret_name: discourse_local |
269 | + saml_sync_groups: 'canonical, ubuntu-core' |
270 | + saml_target_url: https://login.ubuntu.com/+saml |
271 | + force_saml_login: true |
272 | + throttle_level: none |
273 | +pod_config: |
274 | + DISCOURSE_CORS_ORIGIN: '*' |
275 | + DISCOURSE_DEVELOPER_EMAILS: some.person@example.com |
276 | + DISCOURSE_ENABLE_CORS: true |
277 | + DISCOURSE_HOSTNAME: discourse.local |
278 | + DISCOURSE_DB_HOST: 10.9.89.237 |
279 | + DISCOURSE_DB_NAME: discourse |
280 | + DISCOURSE_DB_PASSWORD: a_real_password |
281 | + DISCOURSE_DB_USERNAME: discourse_m |
282 | + DISCOURSE_REDIS_HOST: 10.9.89.197 |
283 | + DISCOURSE_REDIS_PORT: 6379 |
284 | + DISCOURSE_SMTP_ADDRESS: 167.89.123.58 |
285 | + DISCOURSE_SMTP_AUTHENTICATION: login |
286 | + DISCOURSE_SMTP_DOMAIN: example.com |
287 | + DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none |
288 | + DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3 |
289 | + DISCOURSE_SMTP_PORT: 587 |
290 | + DISCOURSE_SMTP_USER_NAME: apikey |
291 | + DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
292 | + DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
293 | + DISCOURSE_SAML_GROUPS_FULLSYNC: 'false' |
294 | + DISCOURSE_SAML_SYNC_GROUPS: 'true' |
295 | + DISCOURSE_SAML_SYNC_GROUPS_LIST: 'canonical|ubuntu-core' |
296 | + DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml |
297 | + DISCOURSE_SAML_FULL_SCREEN_LOGIN: "true" |
298 | + DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5 |
299 | + DISCOURSE_MAX_REQS_PER_IP_MODE: "none" |
300 | + DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false" |
301 | +pod_spec: |
302 | + version: 3 |
303 | + containers: |
304 | + - name: discourse-k8s |
305 | + envConfig: |
306 | + DISCOURSE_CORS_ORIGIN: '*' |
307 | + DISCOURSE_DEVELOPER_EMAILS: some.person@example.com |
308 | + DISCOURSE_ENABLE_CORS: true |
309 | + DISCOURSE_HOSTNAME: discourse.local |
310 | + DISCOURSE_DB_HOST: 10.9.89.237 |
311 | + DISCOURSE_DB_NAME: discourse |
312 | + DISCOURSE_DB_PASSWORD: a_real_password |
313 | + DISCOURSE_DB_USERNAME: discourse_m |
314 | + DISCOURSE_REDIS_HOST: 10.9.89.197 |
315 | + DISCOURSE_REDIS_PORT: 6379 |
316 | + DISCOURSE_SMTP_ADDRESS: 167.89.123.58 |
317 | + DISCOURSE_SMTP_AUTHENTICATION: login |
318 | + DISCOURSE_SMTP_DOMAIN: example.com |
319 | + DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none |
320 | + DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3 |
321 | + DISCOURSE_SMTP_PORT: 587 |
322 | + DISCOURSE_SMTP_USER_NAME: apikey |
323 | + DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
324 | + DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
325 | + DISCOURSE_SAML_GROUPS_FULLSYNC: 'false' |
326 | + DISCOURSE_SAML_SYNC_GROUPS: 'true' |
327 | + DISCOURSE_SAML_SYNC_GROUPS_LIST: 'canonical|ubuntu-core' |
328 | + DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml |
329 | + DISCOURSE_SAML_FULL_SCREEN_LOGIN: "true" |
330 | + DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5 |
331 | + DISCOURSE_MAX_REQS_PER_IP_MODE: "none" |
332 | + DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false" |
333 | + imageDetails: |
334 | + imagePath: discourse-k8s:1.0.7f |
335 | + password: somepass |
336 | + username: someuser |
337 | + imagePullPolicy: 'IfNotPresent' |
338 | + kubernetes: |
339 | + readinessProbe: |
340 | + httpGet: |
341 | + path: '/srv/status' |
342 | + port: 3000 |
343 | + ports: |
344 | + - containerPort: 3000 |
345 | + protocol: TCP |
346 | + kubernetesResources: |
347 | + ingressResources: |
348 | + - annotations: |
349 | + nginx.ingress.kubernetes.io/affinity: 'cookie' |
350 | + nginx.ingress.kubernetes.io/affinity-mode: 'balanced' |
351 | + nginx.ingress.kubernetes.io/proxy-body-size: '25m' |
352 | + nginx.ingress.kubernetes.io/session-cookie-change-on-failure: 'true' |
353 | + nginx.ingress.kubernetes.io/session-cookie-max-age: '3600' |
354 | + nginx.ingress.kubernetes.io/session-cookie-name: 'DISCOURSE_AFFINITY' |
355 | + nginx.ingress.kubernetes.io/session-cookie-samesite: 'Lax' |
356 | + name: discourse-k8s-ingress |
357 | + spec: |
358 | + rules: |
359 | + - host: discourse.local |
360 | + http: |
361 | + paths: |
362 | + - backend: |
363 | + serviceName: discourse-k8s |
364 | + servicePort: 3000 |
365 | + path: '/' |
366 | + tls: |
367 | + - hosts: |
368 | + - 'discourse.local' |
369 | + secretName: 'discourse_local' |
370 | diff --git a/tests/unit/fixtures/config_valid_s3_only_required_options.yaml b/tests/unit/fixtures/config_valid_s3_only_required_options.yaml |
371 | new file mode 100644 |
372 | index 0000000..dfd1993 |
373 | --- /dev/null |
374 | +++ b/tests/unit/fixtures/config_valid_s3_only_required_options.yaml |
375 | @@ -0,0 +1,137 @@ |
376 | +config: |
377 | + cors_origin: '*' |
378 | + db_name: discourse |
379 | + developer_emails: some.person@example.com |
380 | + discourse_image: discourse-k8s:1.0.7f |
381 | + enable_cors: true |
382 | + external_hostname: discourse.local |
383 | + image_pass: 'somepass' |
384 | + image_user: 'someuser' |
385 | + max_body_size: 25 |
386 | + redis_host: 10.9.89.197 |
387 | + smtp_address: 167.89.123.58 |
388 | + smtp_authentication: login |
389 | + smtp_domain: example.com |
390 | + smtp_openssl_verify_mode: none |
391 | + smtp_password: OBV10USLYF4K3 |
392 | + smtp_port: 587 |
393 | + smtp_username: apikey |
394 | + tls_secret_name: discourse_local |
395 | + saml_sync_groups: 'canonical, ubuntu-core' |
396 | + saml_target_url: https://login.ubuntu.com/+saml |
397 | + force_saml_login: true |
398 | + throttle_level: none |
399 | + s3_enabled: true |
400 | + s3_bucket: 'who-s-a-good-bucket?' |
401 | + s3_access_key_id: '3|33+' |
402 | + s3_secret_access_key: 's|kI0ure_k3Y' |
403 | + s3_region: 'the-infinite-and-beyond' |
404 | +pod_config: |
405 | + DISCOURSE_CORS_ORIGIN: '*' |
406 | + DISCOURSE_DEVELOPER_EMAILS: some.person@example.com |
407 | + DISCOURSE_ENABLE_CORS: true |
408 | + DISCOURSE_HOSTNAME: discourse.local |
409 | + DISCOURSE_DB_HOST: 10.9.89.237 |
410 | + DISCOURSE_DB_NAME: discourse |
411 | + DISCOURSE_DB_PASSWORD: a_real_password |
412 | + DISCOURSE_DB_USERNAME: discourse_m |
413 | + DISCOURSE_REDIS_HOST: 10.9.89.197 |
414 | + DISCOURSE_REDIS_PORT: 6379 |
415 | + DISCOURSE_SMTP_ADDRESS: 167.89.123.58 |
416 | + DISCOURSE_SMTP_AUTHENTICATION: login |
417 | + DISCOURSE_SMTP_DOMAIN: example.com |
418 | + DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none |
419 | + DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3 |
420 | + DISCOURSE_SMTP_PORT: 587 |
421 | + DISCOURSE_SMTP_USER_NAME: apikey |
422 | + DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
423 | + DISCOURSE_USE_S3: true |
424 | + DISCOURSE_S3_ACCESS_KEY_ID: '3|33+' |
425 | + DISCOURSE_S3_BUCKET: 'who-s-a-good-bucket?' |
426 | + DISCOURSE_S3_ENDPOINT: 's3.amazonaws.com' |
427 | + DISCOURSE_S3_REGION: 'the-infinite-and-beyond' |
428 | + DISCOURSE_S3_SECRET_ACCESS_KEY: 's|kI0ure_k3Y' |
429 | + DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
430 | + DISCOURSE_SAML_GROUPS_FULLSYNC: 'false' |
431 | + DISCOURSE_SAML_SYNC_GROUPS: 'true' |
432 | + DISCOURSE_SAML_SYNC_GROUPS_LIST: 'canonical|ubuntu-core' |
433 | + DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml |
434 | + DISCOURSE_SAML_FULL_SCREEN_LOGIN: "true" |
435 | + DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5 |
436 | + DISCOURSE_MAX_REQS_PER_IP_MODE: "none" |
437 | + DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false" |
438 | +pod_spec: |
439 | + version: 3 |
440 | + containers: |
441 | + - name: discourse-k8s |
442 | + envConfig: |
443 | + DISCOURSE_CORS_ORIGIN: '*' |
444 | + DISCOURSE_DEVELOPER_EMAILS: some.person@example.com |
445 | + DISCOURSE_ENABLE_CORS: true |
446 | + DISCOURSE_HOSTNAME: discourse.local |
447 | + DISCOURSE_DB_HOST: 10.9.89.237 |
448 | + DISCOURSE_DB_NAME: discourse |
449 | + DISCOURSE_DB_PASSWORD: a_real_password |
450 | + DISCOURSE_DB_USERNAME: discourse_m |
451 | + DISCOURSE_REDIS_HOST: 10.9.89.197 |
452 | + DISCOURSE_REDIS_PORT: 6379 |
453 | + DISCOURSE_SMTP_ADDRESS: 167.89.123.58 |
454 | + DISCOURSE_SMTP_AUTHENTICATION: login |
455 | + DISCOURSE_SMTP_DOMAIN: example.com |
456 | + DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none |
457 | + DISCOURSE_SMTP_PASSWORD: OBV10USLYF4K3 |
458 | + DISCOURSE_SMTP_PORT: 587 |
459 | + DISCOURSE_SMTP_USER_NAME: apikey |
460 | + DISCOURSE_USE_S3: true |
461 | + DISCOURSE_S3_ACCESS_KEY_ID: '3|33+' |
462 | + DISCOURSE_S3_BUCKET: 'who-s-a-good-bucket?' |
463 | + DISCOURSE_S3_ENDPOINT: 's3.amazonaws.com' |
464 | + DISCOURSE_S3_REGION: 'the-infinite-and-beyond' |
465 | + DISCOURSE_S3_SECRET_ACCESS_KEY: 's|kI0ure_k3Y' |
466 | + DISCOURSE_REFRESH_MAXMIND_DB_DURING_PRECOMPILE_DAYS: '0' |
467 | + DISCOURSE_SERVE_STATIC_ASSETS: 'true' |
468 | + DISCOURSE_SAML_GROUPS_FULLSYNC: 'false' |
469 | + DISCOURSE_SAML_SYNC_GROUPS: 'true' |
470 | + DISCOURSE_SAML_SYNC_GROUPS_LIST: 'canonical|ubuntu-core' |
471 | + DISCOURSE_SAML_TARGET_URL: https://login.ubuntu.com/+saml |
472 | + DISCOURSE_SAML_FULL_SCREEN_LOGIN: "true" |
473 | + DISCOURSE_SAML_CERT_FINGERPRINT: 32:15:20:9F:A4:3C:8E:3E:8E:47:72:62:9A:86:8D:0E:E6:CF:45:D5 |
474 | + DISCOURSE_MAX_REQS_PER_IP_MODE: "none" |
475 | + DISCOURSE_MAX_REQS_RATE_LIMIT_ON_PRIVATE: "false" |
476 | + imageDetails: |
477 | + imagePath: discourse-k8s:1.0.7f |
478 | + password: somepass |
479 | + username: someuser |
480 | + imagePullPolicy: 'IfNotPresent' |
481 | + kubernetes: |
482 | + readinessProbe: |
483 | + httpGet: |
484 | + path: '/srv/status' |
485 | + port: 3000 |
486 | + ports: |
487 | + - containerPort: 3000 |
488 | + protocol: TCP |
489 | + kubernetesResources: |
490 | + ingressResources: |
491 | + - annotations: |
492 | + nginx.ingress.kubernetes.io/affinity: 'cookie' |
493 | + nginx.ingress.kubernetes.io/affinity-mode: 'balanced' |
494 | + nginx.ingress.kubernetes.io/proxy-body-size: '25m' |
495 | + nginx.ingress.kubernetes.io/session-cookie-change-on-failure: 'true' |
496 | + nginx.ingress.kubernetes.io/session-cookie-max-age: '3600' |
497 | + nginx.ingress.kubernetes.io/session-cookie-name: 'DISCOURSE_AFFINITY' |
498 | + nginx.ingress.kubernetes.io/session-cookie-samesite: 'Lax' |
499 | + name: discourse-k8s-ingress |
500 | + spec: |
501 | + rules: |
502 | + - host: discourse.local |
503 | + http: |
504 | + paths: |
505 | + - backend: |
506 | + serviceName: discourse-k8s |
507 | + servicePort: 3000 |
508 | + path: '/' |
509 | + tls: |
510 | + - hosts: |
511 | + - 'discourse.local' |
512 | + secretName: 'discourse_local' |
Careful: prerequisite branch ~kotodama/ charm-k8s- discourse: fix_unit_ tests