Skip to content

Fix MS Graph Mailer configuration and handling

Jason Plum requested to merge 4049-msgraph-secret-cfg into master

What does this MR do?

Fixup the configure script to handle microsoft_graph_mailer secret when present.

Add the microsoft_graph_mailer configuration to the Toolbox ConfigMap. This had the secret, but did not make use of it in the application configuration.

Closes #4049 (closed)

Expands RSpec:

  1. All charts that consume it are checked.
  2. ensure that configure has mailroom present

Testing

msgraph.yaml

global:
  appConfig:
    microsoft_graph_mailer:
      enabled: true
      user_id: "YOUR-USER-ID"
      tenant: "YOUR-TENANT-ID"
      client_id: "YOUR-CLIENT-ID"
      client_secret:
        secret: msgraph
        key: secret
      azure_ad_endpoint: "https://login.microsoftonline.com"
      graph_endpoint: "https://graph.microsoft.com"

helm template . -f build/base.yaml -f build/msgraph.yaml --output-dir=/tmp/tmp.h9YR3LRIha/msgraph

Previous

$ grep -Rn 'microsoft_graph_mailer' msgraph/gitlab/
msgraph/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml:266:                  path: microsoft_graph_mailer/client_secret
msgraph/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml:376:                  path: microsoft_graph_mailer/client_secret
msgraph/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml:88:      microsoft_graph_mailer:
msgraph/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml:93:        client_secret: <%= File.read('/etc/gitlab/microsoft_graph_mailer/client_secret').strip.to_json %>
msgraph/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml:341:                  path: microsoft_graph_mailer/client_secret
msgraph/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml:88:      microsoft_graph_mailer:
msgraph/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml:93:        client_secret: <%= File.read('/etc/gitlab/microsoft_graph_mailer/client_secret').strip.to_json %>

Fixed

$ grep -Rn 'microsoft_graph_mailer' msgraph/gitlab/
msgraph/gitlab/charts/gitlab/charts/toolbox/templates/deployment.yaml:266:                  path: microsoft_graph_mailer/client_secret
msgraph/gitlab/charts/gitlab/charts/toolbox/templates/configmap.yaml:86:      microsoft_graph_mailer:
msgraph/gitlab/charts/gitlab/charts/toolbox/templates/configmap.yaml:91:        client_secret: <%= File.read('/etc/gitlab/microsoft_graph_mailer/client_secret').strip.to_json %>
msgraph/gitlab/charts/gitlab/charts/toolbox/templates/configmap.yaml:280:    for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer ; do
msgraph/gitlab/charts/gitlab/charts/migrations/templates/configmap.yaml:84:    for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer ; do
msgraph/gitlab/charts/gitlab/charts/webservice/templates/deployment.yaml:376:                  path: microsoft_graph_mailer/client_secret
msgraph/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml:88:      microsoft_graph_mailer:
msgraph/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml:93:        client_secret: <%= File.read('/etc/gitlab/microsoft_graph_mailer/client_secret').strip.to_json %>
msgraph/gitlab/charts/gitlab/charts/webservice/templates/configmap.yml:315:    for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer ; do
msgraph/gitlab/charts/gitlab/charts/sidekiq/templates/deployment.yaml:341:                  path: microsoft_graph_mailer/client_secret
msgraph/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml:88:      microsoft_graph_mailer:
msgraph/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml:93:        client_secret: <%= File.read('/etc/gitlab/microsoft_graph_mailer/client_secret').strip.to_json %>
msgraph/gitlab/charts/gitlab/charts/sidekiq/templates/configmap.yaml:304:    for secret in redis minio objectstorage postgres ldap omniauth smtp kas pages oauth-secrets mailroom gitlab-exporter microsoft_graph_mailer ; do

This shows:

  1. All charts which define the Secret mount do consume it.
  2. All Rails based charts not explicitly setting optional attempt to consume it. (Optional pattern will check for existence)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com
  • When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for omnibus-gitlab opened
  • Validate potential values for new configuration settings. Formats such as integer 10, duration 10s, URI scheme://user:passwd@host:port may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by Mitchell Nielsen

Merge request reports