Merge pull request #13 from mongodb/ent-helm

adding SHA users generation
mongodb · Oct 30, 2020 · a14a2f8 · a14a2f8
2 parents 3edcf62 + f6ea498
commit a14a2f8
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 2 deletions.
diff --git a/charts/ent-operator-database/Chart.yaml b/charts/ent-operator-database/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: mongodb-enterprise-database
 description: MongoDB Kubernetes Enterprise Operator- MongoDB DataBase charts
-version: 0.1.2
+version: 0.1.4
 kubeVersion: '>=1.15-0'
 keywords:
 - mongodb

diff --git a/charts/ent-operator-database/templates/database.yaml b/charts/ent-operator-database/templates/database.yaml
@@ -29,7 +29,14 @@ spec:
   security:
     authentication:
       enabled: true
-      modes: ["SCRAM"] # Valid authentication modes are "SCRAM' and "X509"
+      modes: 
+        {{- range .Values.security.authentication.modes }}
+        - {{ . | quote }} # Valid authentication modes are "SCRAM' and "X509"
+        {{- end }}
+    {{- if .Values.security.tls.enabled }}
+    tls:
+      enabled: {{ .Values.security.tls.enabled }}
+    {{- end }}
 
       # Optional field - ignoreUnknownUsers
       # A value of true means that any users not configured via the Operator or the Ops Manager or Cloud Manager UI

diff --git a/charts/ent-operator-database/templates/mongodb-user-password.yaml b/charts/ent-operator-database/templates/mongodb-user-password.yaml
@@ -0,0 +1,11 @@
+{{- range .Values.users }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $.Values.name }}-{{ .username }}-secret
+  namespace: {{ $.Release.Namespace }}
+type: Opaque
+stringData:
+  password: {{ .password | quote}}
+{{- end }}
diff --git a/charts/ent-operator-database/templates/mongodb-user.yaml b/charts/ent-operator-database/templates/mongodb-user.yaml
@@ -0,0 +1,18 @@
+{{- range .Values.users }}
+---
+apiVersion: mongodb.com/v1
+kind: MongoDBUser
+metadata:
+  name: {{ $.Values.name }}-{{ .username }}-mongodbuser
+  namespace: {{ $.Release.Namespace }}
+spec:
+  passwordSecretKeyRef:
+    name: {{ $.Values.name }}-{{ .username }}-secret # the name of the secret that stores this user's password
+    key: password # the key in the secret that stores the password
+  username: {{ .username }}
+  db: {{ .db }}
+  mongodbResourceRef:
+    name: {{ $.Values.name }} # The name of the MongoDB resource this user will be added to
+  roles:
+    {{- toYaml .roles | nindent 6 }}
+{{- end }}
diff --git a/charts/ent-operator-database/values.yaml b/charts/ent-operator-database/values.yaml
@@ -25,6 +25,14 @@ opsManager:
   # Alternatevly an existing secret and config map could be provided directly
   configMap: opsmanager-configmap
   secretRef: opsmanager-org-access-key
+
+security:
+  authentication:
+    modes: ["SCRAM"]  # Valid authentication modes are "SCRAM", "LDAP" and "X509"
+  tls:
+    enabled: false
+
+
 resources:
   limits:
     cpu: 2
@@ -41,3 +49,23 @@ registry:
   # TODO: specify for each image and move there?
   pullPolicy: Always
   # Specify if images are pulled from private registry
+
+users:
+  - username: admin-user
+    db: admin
+    password: "%SomeLong%password$foradmin"
+    roles:
+      - db: admin
+        name: clusterAdmin
+      - db: admin
+        name: userAdminAnyDatabase
+      - db: admin
+        name: readWrite
+      - db: admin
+        name: userAdminAnyDatabase
+  - username: app-user
+    db: admin
+    password: "%SomeLong%password$"
+    roles:
+      - db: admin
+        name: readWrite