feat: re-use a gitsecret-oauth if admin added it post-installation a…

…nd installGithubSecretOAuth=False (#111)

Signed-off-by: Vassilis Vassiliadis <[email protected]>

CHANGELOG.md

@@ -1,3 +1,37 @@
+# 2.0.0-alpha14
+
+## Runtime Service improvements
+
+- Enhanced support for Transformation Relationships: More powerful substitutions (e.g. replace references with variables and vice versa)
+- Generate DSL 2.0 for Parameterised Virtual Experiment Packages (PVEP) (including synthesized ones).
+- Generate a preview of the would-be DSL for a synthetic PVEP before applying a Relationship to synthesize it.
+
+## New enhancements
+
+- Re-use default `gitsecret-oauth` that ST4SD admins manually register in st4sd-runtime-service ConfigMap without using Helm
+
+## Bugs and regressions
+
+- Miscellaneous fixes
+
+# 2.0.0-alpha13
+
+## Registry UI updates
+
+- Upgrade to Vue 3
+- UI can generate `stp login` command (similar to the OpenShift Web Console feature for `oc login`)
+- Miscellaneous enhancements to improve User Interface and User Experience (UI/UX)
+
+## Bugs and regressions
+
+- Miscellaneous fixes
+
+# 2.0.0-alpha12
+
+## New enhancements
+
+- Support deploying ST4SD in namespaces containing ResourceQuota objects
+
 # 2.0.0-alpha8
 
 ## New enhancements
@@ -40,7 +74,7 @@
 
 ### API Change
 - New API to upload relationships (`ExperimentRestAPI.api_relationship_push()`) - see our documentation for [runtime support for surrogates](https://st4sd.github.com/overview/using-graph-relationships) documentation for more.
-- Updated the API to start an experiment so that users can also request to use a runtime policy. For more information see our documentation [running virtual experiments on OpenShift](https://st4sd.github.com/overview/running-workflows-on-openshift)) and configuring [runtime policies](https://st4sd.github.com/overview/using-runtime-policies).
+- Updated the API to start an experiment so that users can also request to use a runtime policy. For more information see our documentation [running virtual experiments on OpenShift](https://st4sd.github.com/overview/running-workflows-on-openshift) and configuring [runtime policies](https://st4sd.github.com/overview/using-runtime-policies).
 
 ### Bugs and regressions
 - Miscellaneous optimisations in error reporting

helm-chart/Chart.yaml

@@ -11,6 +11,6 @@ description: |
    and High Performance Computing (HPC) platforms. See https://st4sd.github.io/overview for more information.
 type: application
 
-version: "0.10.3"
+version: "0.11.0"
 
 appVersion: "2.0.0-alpha13"

helm-chart/templates/_helpers.tpl

@@ -75,3 +75,43 @@ prefixing it with "${user-prefix}-${namespace}." */}}
 {{- $text := $quoted | join "," }}
 {{- printf $text }}
 {{- end }}
+
+
+{{/*Decides the value of the field gitsecret-oauth in the st4sd-runtime-config secret
+
+If .Values.installGithubSecretOAuth is set, then it echoes that name
+It attempts to peek at the existing st4sd-runtime-service ConfigMap.
+    If it does not exist, it returns null
+    If the field config.json['gitsecret-oauth'] does not exist, it returns null
+    If the secret called config.json['gitsecret-oauth'] is unmanaged by helm, it returns null
+    At this point, we know that the ConfigMap points to a secret which is not managed by Helm.
+    We can infer that a ST4SD namespace-admin added it post installation and that they probably
+    want to keep using it. Therefore we just print its name so that the configmap can re-use it
+*/}}
+{{- define "secret.gitSecretOAuthName" }}
+{{- if .Values.installGithubSecretOAuth  }}
+    {{- print .Values.gitOAuthSecretName -}}
+{{- else }}
+    {{- $cm := lookup "v1" "ConfigMap" .Release.Namespace .Values.runtimeServiceConfigConfigMapName }}
+    {{- if $cm }}
+        {{- $data := $cm.data | default dict }}
+        {{- $config := get $data "config.json" | default "null" | fromJson }}
+        {{- if $config }}
+            {{- $secret_name := get $config "gitsecret-oauth" }}
+            {{- if $secret_name }}
+                {{- $secret := lookup "v1" "Secret" .Release.Namespace $secret_name }}
+                {{- if $secret }}
+                    {{- $label := get ($secret.metadata.labels | default dict) "app.kubernetes.io/managed-by" }}
+                    {{- if ne $label "Helm" -}}
+                        {{- /*VV: The ConfigMap points to a secret which is NOT managed by helm 
+                        this means that a ST4SD-namespace admin added the secret post-installation.
+                        Re-use the secret. If Helm managed the secret, then we should remove it 
+                        i.e. do not print its name.*/}}
+                        {{- print $secret_name -}}
+                    {{- end -}}
+                {{- end }}
+            {{- end}}
+        {{- end }}
+    {{- end }}
+{{- end }}
+{{- end }}

helm-chart/templates/cm-st4sd-runtime-service.yaml

@@ -18,11 +18,13 @@ data:
   # VV: st4sdRuntimeService.imagePullSecrets (in _helpers.tpl) concatenates those already defined in the
   # ConfigMap on the server to those defined by the helm chart. If you are using DEBUG=yes what you see below
   # does not include what's on the server. Helm will not contact the server when not actually deploying.
+  # Similary, secret.gitSecretOAuthName will re-use a secret that has been created post-installation if
+  # installGithubSecretOAuth is False (see tempalte comments in _helpers.tpl for more information).
   config.json: |-
     {
-    {{- if .Values.installGithubSecretOAuth  }}
-      "gitsecret-oauth": "{{ .Values.gitOAuthSecretName }}",
-    {{- end }}
+    {{- with include "secret.gitSecretOAuthName" . }}
+      "gitsecret-oauth": {{ . | quote }},
+    {{- end}}
     {{- if .Values.defaultOrchestratorArguments }}
       "default-arguments": {{ .Values.defaultOrchestratorArguments | toJson }},
     {{- end }}