allow vault-manager chart disable

In order to disable a chart the k8sapp plugin needs to override the execute_kustomize_updates method. Copy Bob's fluxcd kustomize example in platform-integ-apps: https://opendev.org/starlingx/platform-armada-app/commit/928c047b Note: Disabling the vault-manager suggests that another process will unseal the vault. The vault server will not be unsealed vault-manager. If it remains sealed the server's readinessprobe will fail and this will prevent application-apply. Set vault values.yaml server.readinessProbe.enabled 'false' if necessary to allow the application-apply to complete. The same applies for initialization of the vault. Test Plan: PASS system helm-chart-attribute-modify works to enable and disable the vault-manager chart PASS vault sanity PASS USM upgrade with vault applied Story: 2011073 Task: 51071 Change-Id: Icda71ceef89cdb84ecaca8d927f41db92a4626bb Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2024-09-20 20:42:40 +00:00 · 2024-09-20 20:42:40 +00:00 · fd6f4311e2
commit fd6f4311e2
parent 9b4ba083ed
4 changed files with 57 additions and 0 deletions
--- a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault_manager.py
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault_manager.py
@ -41,6 +41,13 @@ class VaultManagerHelm(base.FluxCDBaseHelm):
    CHART = app_constants.HELM_CHART_VAULT_MANAGER
    HELM_RELEASE = app_constants.HELM_RELEASE_VAULT_MANAGER

+    def execute_kustomize_updates(self, operator):
+        # On application load this chart is enabled. Only disable if
+        # specified by the user
+        if not self._is_enabled(operator.APP, self.CHART,
+                                common.HELM_NS_VAULT):
+            operator.helm_release_resource_delete(self.CHART)
+
    def get_namespaces(self):
        """Return the list of supported namespaces"""
        return self.SUPPORTED_NAMESPACES
--- a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/init.py
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/init.py
@ -0,0 +1,19 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+import yaml
+
+
+class quoted_str(str):
+    pass
+
+
+# force strings to be single-quoted to avoid interpretation as numeric values
+def quoted_presenter(dumper, data):
+    return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style="'")
+
+
+yaml.add_representer(quoted_str, quoted_presenter)
--- a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/kustomize_vault.py
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/kustomize_vault.py
@ -0,0 +1,28 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# All Rights Reserved.
+#
+
+""" System inventory Kustomization resource operator."""
+
+from sysinv.common import constants
+from sysinv.helm import kustomize_base as base
+
+
+class VaultFluxCDKustomizeOperator(base.FluxCDKustomizeOperator):
+
+    APP = constants.HELM_APP_VAULT
+
+    def platform_mode_kustomize_updates(self, dbapi, mode):
+        """ Update the top-level kustomization resource list
+
+        Make changes to the top-level kustomization resource list based
+        on the platform mode
+
+        :param dbapi: DB api object
+        :param mode: mode to control when to update the resource list
+        """
+        pass
--- a/python3-k8sapp-vault/k8sapp_vault/setup.cfg
+++ b/python3-k8sapp-vault/k8sapp_vault/setup.cfg
@ -36,6 +36,9 @@ systemconfig.helm_plugins.vault =
    001_vault = k8sapp_vault.helm.vault:VaultHelm
    002_vault-manager = k8sapp_vault.helm.vault_manager:VaultManagerHelm

+systemconfig.fluxcd.kustomize_ops =
+    vault = k8sapp_vault.kustomize.kustomize_vault:VaultFluxCDKustomizeOperator
+
 systemconfig.app_lifecycle =
    vault = k8sapp_vault.lifecycle.lifecycle_vault:VaultAppLifecycleOperator