swh-web: add setting for inbound email shared key
part of swh/infra/sysadm-environment#5235 (closed)
helm-diff.sh output
[swh] Comparing changes between branches production and mr/swh-web-inbound-email (per environment)...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'mr/swh-web-inbound-email'
Your branch is up to date with 'origin/mr/swh-web-inbound-email'.
[swh] Generate config in mr/swh-web-inbound-email branch for environment staging...
[swh] Generate config in mr/swh-web-inbound-email branch for environment staging...
[swh] Generate config in mr/swh-web-inbound-email branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'mr/swh-web-inbound-email'
Your branch is up to date with 'origin/mr/swh-web-inbound-email'.
[swh] Generate config in mr/swh-web-inbound-email branch for environment production...
[swh] Generate config in mr/swh-web-inbound-email branch for environment production...
[swh] Generate config in mr/swh-web-inbound-email branch for environment production...
------------- diff for environment staging namespace swh -------------
--- /tmp/swh-chart.swh.PMIzzg4z/staging-swh.before 2024-02-20 10:48:15.840961958 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/staging-swh.after 2024-02-20 10:48:16.260966290 +0100
@@ -1334,20 +1334,22 @@
default: 120/h
keycloak:
realm_name: SoftwareHeritageStaging
server_url: https://auth.softwareheritage.org/auth/
content_display_max_size: 5242880
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters-rpc-ingress/counters_history/history.json
+ inbound_email:
+ shared_key: ${INBOUND_EMAIL_SHARED_KEY}
keycloak:
realm_name: SoftwareHeritageStaging
server_url: https://auth.softwareheritage.org/auth/
matomo: {}
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
- swh.web.badges
@@ -4654,21 +4656,21 @@
app: web-postgresql
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-postgresql
annotations:
- checksum/config: 42b13df101626f1c48913ed0d6502245ff898f0f7bc1e963b69e2324366ee8e2
+ checksum/config: 26a7bc8690f61a63d24d91d64254553b4ca8f4d93b990ff765dbe2a00e9456ec
checksum/config-utils: d75ca13b805bce6a8ab59c8e24c938f2283108f6a79134f6e71db86308651dc6
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
@@ -4725,20 +4727,28 @@
optional: false
- name: GIVE_PUBLIC_KEY
valueFrom:
secretKeyRef:
name: web-give-secrets
key: public-key
# 'name' secret must exist & include that ^ key
optional: false
+
+ - name: INBOUND_EMAIL_SHARED_KEY
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-inbound-email-secret
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: SWH_SENTRY_DSN
valueFrom:
secretKeyRef:
name: common-secrets
key: web-sentry-dsn
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: false
volumeMounts:
------------- diff for environment staging namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.PMIzzg4z/staging-swh-cassandra.before 2024-02-20 10:48:16.040964022 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/staging-swh-cassandra.after 2024-02-20 10:48:16.460968354 +0100
@@ -7678,20 +7678,22 @@
default: 120/h
keycloak:
realm_name: SoftwareHeritageStaging
server_url: https://auth.softwareheritage.org/auth/
content_display_max_size: 5242880
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters-rpc-ingress/counters_history/history.json
+ inbound_email:
+ shared_key: ${INBOUND_EMAIL_SHARED_KEY}
keycloak:
realm_name: SoftwareHeritageStaging
server_url: https://auth.softwareheritage.org/auth/
matomo: {}
save_code_now_webhook_secret: ${WEBHOOKS_SECRET}
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
@@ -22501,21 +22503,21 @@
app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-cassandra
annotations:
- checksum/config: 2349e11bcc7052a664affddd4607230ce7a520cfdfe17a767112048273e14482
+ checksum/config: 4bd8b0f9526c2d6e2b7af7fdf9842e094e155245070406979270ef182f50be79
checksum/config-utils: 13a26f6add17e96ce01550153c77dcd48de60241a3f4db3c93d5467234be2a7f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
@@ -22580,20 +22582,28 @@
- name: WEBHOOKS_SECRET
valueFrom:
secretKeyRef:
name: common-secrets
key: webhooks-secret
# 'name' secret must exist & include that ^ key
optional: false
+
+ - name: INBOUND_EMAIL_SHARED_KEY
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-inbound-email-secret
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: SWH_SENTRY_DSN
valueFrom:
secretKeyRef:
name: common-secrets
key: web-sentry-dsn
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: false
volumeMounts:
------------- diff for environment staging namespace swh-cassandra-next-version -------------
--- /tmp/swh-chart.swh.PMIzzg4z/staging-swh-cassandra-next-version.before 2024-02-20 10:48:16.164965300 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/staging-swh-cassandra-next-version.after 2024-02-20 10:48:16.588969674 +0100
@@ -3990,20 +3990,22 @@
default: 120/h
keycloak:
realm_name: SoftwareHeritageStaging
server_url: https://auth.softwareheritage.org/auth/
content_display_max_size: 5242880
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters-rpc-ingress/counters_history/history.json
+ inbound_email:
+ shared_key: ${INBOUND_EMAIL_SHARED_KEY}
keycloak:
realm_name: SoftwareHeritageStaging
server_url: https://auth.softwareheritage.org/auth/
matomo: {}
save_code_now_webhook_secret: ${WEBHOOKS_SECRET}
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
@@ -11095,21 +11097,21 @@
app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-cassandra
annotations:
- checksum/config: b09eb58dbefef8a55c4d9caf3992d08f8f9d268d4c9baeca9e893467be6a98d1
+ checksum/config: 53c24212a30e71faefcfcd4604491a9350acc11990d635e22270061339e11837
checksum/config-utils: 94d255131467f84bef964a4c72b2b792c5ebaf711bb1c77829d7cd1007a8ac22
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
@@ -11174,20 +11176,28 @@
- name: WEBHOOKS_SECRET
valueFrom:
secretKeyRef:
name: common-secrets
key: webhooks-secret
# 'name' secret must exist & include that ^ key
optional: false
+
+ - name: INBOUND_EMAIL_SHARED_KEY
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-inbound-email-secret
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: SWH_SENTRY_DSN
valueFrom:
secretKeyRef:
name: common-secrets
key: web-sentry-dsn
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: false
volumeMounts:
------------- diff for environment production namespace swh -------------
--- /tmp/swh-chart.swh.PMIzzg4z/production-swh.before 2024-02-20 10:48:16.832972192 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/production-swh.after 2024-02-20 10:48:17.160975575 +0100
@@ -24775,20 +24775,28 @@
optional: false
- name: GITLAB_AFN_TOKEN
valueFrom:
secretKeyRef:
name: common-secrets
key: gitlab_afn_token
# 'name' secret must exist & include that ^ key
optional: false
+
+ - name: INBOUND_EMAIL_SHARED_KEY
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-inbound-email-secret
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: SWH_SENTRY_DSN
valueFrom:
secretKeyRef:
name: common-secrets
key: web-sentry-dsn
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: false
volumeMounts:
------------- diff for environment production namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.PMIzzg4z/production-swh-cassandra.before 2024-02-20 10:48:16.916973059 +0100
+++ /tmp/swh-chart.swh.PMIzzg4z/production-swh-cassandra.after 2024-02-20 10:48:17.252976525 +0100
@@ -1604,20 +1604,22 @@
keycloak:
realm_name: SoftwareHeritage
server_url: https://auth.softwareheritage.org/auth/
content_display_max_size: 5242880
es_workers_index_url: http://esnode1.internal.softwareheritage.org:9200/swh_workers-*
give:
public_key: ${GIVE_PUBLIC_KEY}
token: ${GIVE_PRIVATE_TOKEN}
history_counters_url: http://counters-rpc-ingress/counters_history/history.json#
+ inbound_email:
+ shared_key: ${INBOUND_EMAIL_SHARED_KEY}
keycloak:
realm_name: SoftwareHeritage
server_url: https://auth.softwareheritage.org/auth/
search_config:
metadata_backend: swh-search
swh_extra_django_apps:
- swh.web.add_forge_now
- swh.web.archive_coverage
- swh.web.badges
- swh.web.banners
@@ -5108,21 +5110,21 @@
app: web-cassandra
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: web-cassandra
annotations:
- checksum/config: b290b296921bcebd5c8e245700e08c4067e97e3a28b3b6b86bfa0c7ebdf00bf0
+ checksum/config: bd55d104087094eff05bde320b922c00b2930016fc155dd109ff1c071d3f2fe5
checksum/config-utils: 13a26f6add17e96ce01550153c77dcd48de60241a3f4db3c93d5467234be2a7f
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/web
operator: In
values:
@@ -5186,20 +5188,28 @@
optional: false
- name: GITLAB_AFN_TOKEN
valueFrom:
secretKeyRef:
name: common-secrets
key: gitlab_afn_token
# 'name' secret must exist & include that ^ key
optional: false
+
+ - name: INBOUND_EMAIL_SHARED_KEY
+ valueFrom:
+ secretKeyRef:
+ name: common-secrets
+ key: web-inbound-email-secret
+ # 'name' secret must exist & include that ^ key
+ optional: false
- name: SWH_SENTRY_DSN
valueFrom:
secretKeyRef:
name: common-secrets
key: web-sentry-dsn
# 'name' secret should exist & include key
# if the setting doesn't exist, sentry pushes will be disabled
optional: false
volumeMounts: