invenio: refactor sentry block

* Deprecates non-camelcase sentry variables. * Addresses secret handling as described in inveniosoftware#117.
egabancho · Dec 16, 2024 · bf38b3f · bf38b3f
1 parent f490f4f
commit bf38b3f
Show file tree

Hide file tree

Showing 8 changed files with 69 additions and 27 deletions.
diff --git a/charts/invenio/templates/NOTES.txt b/charts/invenio/templates/NOTES.txt
@@ -9,3 +9,20 @@ DEPRECATION WARNING:
     removed in a future release.
 
 {{- end }}
+
+{{- if .Values.invenio.sentry.existing_secret}}
+
+DEPRECATION WARNING: 
+    `invenio.sentry.existing_secret` has been renamed to `invenio.sentry.existingSecret` 
+    and its type has changed from boolean to string.
+    This key will be removed in a future release.
+
+{{- end }}
+
+{{- if .Values.invenio.sentry.secret_name}}
+
+DEPRECATION WARNING: 
+    `invenio.sentry.secret_name` has been removed in favor of 
+    `invenio.sentry.existingSecret` will be removed in a future release.
+
+{{- end }}
diff --git a/charts/invenio/templates/_helpers.tpl b/charts/invenio/templates/_helpers.tpl
@@ -273,3 +273,29 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
   {{- $databaseName := include "invenio.postgresql.databaseName" . -}}
   {{- printf "postgresql+psycopg2://%s:%s@%s:%v/%s" $username $password $hostname $port $databaseName -}}
 {{- end -}}
+
+{{/*
+Get the sentry secret name
+*/}}
+{{- define "invenio.sentrySecretName" -}}
+{{- if .Values.invenio.sentry.existingSecret -}}
+  {{- print (tpl .Values.invenio.sentry.existingSecret .) -}}
+{{- else if  .Values.invenio.sentry.secret_name -}}
+  {{- print (tpl .Values.invenio.sentry.secret_name .) -}}  
+{{- else -}}
+  {{- "sentry-secrets" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Add sentry environmental variables
+*/}}
+{{- define "invenio.config.sentry" -}}
+{{- if .Values.invenio.sentry.enabled -}}
+- name: INVENIO_SENTRY_DSN
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "invenio.sentrySecretName" . }}
+      key: {{ .Values.invenio.sentry.secretKeys.dsnKey }}
+{{- end }}
+{{- end -}}
diff --git a/charts/invenio/templates/install-init-job.yaml b/charts/invenio/templates/install-init-job.yaml
@@ -57,6 +57,7 @@ spec:
             secretKeyRef:
               name: invenio-secrets
               key: INVENIO_CSRF_SECRET_SALT
+        {{- include "invenio.config.sentry"  . | nindent 8 }}
         {{- if .Values.web.resources }}
         resources: {{- toYaml .Values.web.resources | nindent 10 }}
         {{- end }}

diff --git a/charts/invenio/templates/sentry-secret.yaml b/charts/invenio/templates/sentry-secret.yaml
@@ -1,15 +1,16 @@
-{{- if and (.Values.invenio.sentry.enabled) (not .Values.invenio.sentry.existing_secret) }}
+{{- if and (.Values.invenio.sentry.enabled) (and (not .Values.invenio.sentry.existingSecret) (not .Values.invenio.sentry.existing_secret))}}
+{{- $dsn := .Values.invenio.sentry.dsn | required ".Values.invenio.sentry.dns is required if not secret is provided." -}}
 ---
 apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: {{ .Values.invenio.sentry.secret_name }}
+  name: sentry-secrets
   labels:
     {{- include "invenio.labels" . | nindent 4 }}
-    app: {{ .Values.invenio.sentry.secret_name }}
+    app: sentry-secrets
   annotations:
     helm.sh/resource-policy: keep
 data:
-  SENTRY_DSN: {{ .Values.invenio.sentry.dsn | b64enc }}
+  {{ .Values.invenio.sentry.secretKeys.dsnKey }}: {{ $dsn | b64enc }}
 {{- end -}}
diff --git a/charts/invenio/templates/web-deployment.yaml b/charts/invenio/templates/web-deployment.yaml
@@ -54,13 +54,7 @@ spec:
             secretKeyRef:
               name: invenio-secrets
               key: INVENIO_CSRF_SECRET_SALT
-        {{- if .Values.invenio.sentry.enabled }}
-        - name: INVENIO_SENTRY_DSN
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.invenio.sentry.secret_name }}
-              key: SENTRY_DSN
-        {{- end }}
+        {{- include "invenio.config.sentry"  . | nindent 8 }}
         {{- if .Values.invenio.datacite.enabled }}
         - name: INVENIO_DATACITE_USERNAME
           valueFrom:

diff --git a/charts/invenio/templates/worker-beat-deployment.yaml b/charts/invenio/templates/worker-beat-deployment.yaml
@@ -62,13 +62,7 @@ spec:
             secretKeyRef:
               name: invenio-secrets
               key: INVENIO_CSRF_SECRET_SALT
-        {{- if .Values.invenio.sentry.enabled }}
-        - name: INVENIO_SENTRY_DSN
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.invenio.sentry.secret_name }}
-              key: SENTRY_DSN
-        {{- end }}
+        {{- include "invenio.config.sentry"  . | nindent 8 }}
         {{- if .Values.invenio.datacite.enabled }}
         - name: INVENIO_DATACITE_USERNAME
           valueFrom:

diff --git a/charts/invenio/templates/worker-deployment.yaml b/charts/invenio/templates/worker-deployment.yaml
@@ -58,13 +58,7 @@ spec:
               secretKeyRef:
                 name: invenio-secrets
                 key: INVENIO_CSRF_SECRET_SALT
-          {{- if .Values.invenio.sentry.enabled }}
-          - name: INVENIO_SENTRY_DSN
-            valueFrom:
-              secretKeyRef:
-                name: {{ .Values.invenio.sentry.secret_name }}
-                key: SENTRY_DSN
-          {{- end }}
+          {{- include "invenio.config.sentry"  . | nindent 10 }}
           {{- if .Values.invenio.datacite.enabled }}
           - name: INVENIO_DATACITE_USERNAME
             valueFrom:

diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml
@@ -19,10 +19,25 @@ invenio:
   default_users: []  # Requires invenio.init=true
   demo_data: false  # Setting invenio.demo_data=true requires also setting default_users!
   sentry:
+    ## @param invenio.sentry.enabled Enable Sentry.io integration
+    ##
     enabled: false
-    existing_secret: false
-    secret_name: "sentry-secrets"
+    ## @param invenio.sentry.dns Sentry DSN, required if not secret is provided
+    ##
     dsn: ""
+    ## @param invenio.sentry.secret_name DEPRECATED: invenio.sentry.existingSecret instead
+    ##
+    secret_name: "sentry-secrets"
+    ## @param invenio.sentry.existing_secret DEPRECATED: invenio.sentry.existingSecret instead
+    ##
+    existing_secret: false
+    ## @param invenio.sentry.existingSecret Existing secret name for sentry's dsn
+    ##
+    existingSecret: ""
+    ## @param invenio.sentry.secretKeys.dsnKey Name of key in existing secret to use for dns. Only used when `invenio.sentry.existingSecret` is set.
+    ##
+    secretKeys:
+      dsnKey: "SENTRY_DSN"
   datacite:
     enabled: false
     existing_secret: false