Refactor secrets helpers to automatically pull secrets from a complex deployment
Introduces a couple of functions to generate:
- a secrets dict from a deployment config dict, by
- pulling the secrets key out of the dict
- dereferencing any key ending with
Refas another config to walk - recursing into lists and dicts
- merging multiple secrets dictionaries into one
- and failing if an identical key references different secrets
- converting a secrets dict into a list of container environment variable definitions
Then follows a series of commits to replace the old secrets helpers with the new one.
Most diffs are just reordering of the env lists, but there's two changes of note:
-
deposit.containers.deposit> the DJANGO_SECRET_KEY is removed from the runtime container (afaik it's only needed to generate the config.yaml?) -
scheduler-journal-client.initContainers.prepare-confiuration> AMQP_PASSWORD added (unused but harmless) - swh-web > all deployments' initcontainers now get the same (full) set of secrets
helm-diff output helm-diff.html
[swh] Comparing changes between branches staging and mr/dry-secrets (per environment)...
Your branch is up to date with 'origin/staging'.
[swh] Generate config in staging branch for environment staging, namespace swh...
[swh] Generate config in staging branch for environment staging, namespace swh-cassandra...
[swh] Generate config in staging branch for environment staging, namespace swh-cassandra-next-version...
Your branch and 'origin/mr/dry-secrets' have diverged,
and have 24 and 22 different commits each, respectively.
(use "git pull" if you want to integrate the remote branch with yours)
[swh] Generate config in mr/dry-secrets branch for environment staging...
[swh] Generate config in mr/dry-secrets branch for environment staging...
[swh] Generate config in mr/dry-secrets branch for environment staging...
Your branch is up to date with 'origin/staging'.
[swh] Generate config in staging branch for environment production, namespace swh...
[swh] Generate config in staging branch for environment production, namespace swh-cassandra...
[swh] Generate config in staging branch for environment production, namespace swh-cassandra-next-version...
Your branch and 'origin/mr/dry-secrets' have diverged,
and have 24 and 22 different commits each, respectively.
(use "git pull" if you want to integrate the remote branch with yours)
[swh] Generate config in mr/dry-secrets branch for environment production...
[swh] Generate config in mr/dry-secrets branch for environment production...
[swh] Generate config in mr/dry-secrets branch for environment production...
------------- diff for environment staging namespace swh -------------
_ __ __
_| |_ _ / _|/ _| between /tmp/swh-chart.swh.om7XZUHh/staging-swh.before, 111 documents
/ _' | | | | |_| |_ and /tmp/swh-chart.swh.om7XZUHh/staging-swh.after, 111 documents
| (_| | |_| | _| _|
\__,_|\__, |_| |_| returned eight differences
|___/
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-journalchecker-directory)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD BROKER_USER_PASSWORD
BROKER_USER_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-journalchecker-release)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD BROKER_USER_PASSWORD
BROKER_USER_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-journalchecker-revision)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD BROKER_USER_PASSWORD
BROKER_USER_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-journalchecker-snapshot)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD BROKER_USER_PASSWORD
BROKER_USER_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-storagechecker-directory-hashes)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-storagechecker-directory-references)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration-scrubber-storage.env (apps/v1/Deployment/swh/swh-toolbox)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/web-postgresql)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DEPOSIT_PASSWORD DEPOSIT_USERNAME
DEPOSIT_USERNAME DJANGO_SECRET_KEY
GIVE_PRIVATE_TOKEN GIVE_PRIVATE_TOKEN
GIVE_PUBLIC_KEY GIVE_PUBLIC_KEY
INBOUND_EMAIL_SHARED_KEY INBOUND_EMAIL_SHARED_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
------------- diff for environment staging namespace swh-cassandra -------------
_ __ __
_| |_ _ / _|/ _| between /tmp/swh-chart.swh.om7XZUHh/staging-swh-cassandra.before, 360 documents
/ _' | | | | |_| |_ and /tmp/swh-chart.swh.om7XZUHh/staging-swh-cassandra.after, 360 documents
| (_| | |_| | _| _|
\__,_|\__, |_| |_| returned 15 differences
|___/
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-content)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-directory)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-extid)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-origin)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-release)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-revision)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-snapshot)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/deposit)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY ACCOUNT_KEY
ACCOUNT_KEY DJANGO_SECRET_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
spec.template.spec.containers.deposit.env (apps/v1/Deployment/swh-cassandra/deposit)
- one list entry removed:
- name: DJANGO_SECRET_KEY
valueFrom:
secretKeyRef:
name: swh-deposit-django-secret
key: deposit-django-secret-key
# 'name' secret must exist & include that ^ key
optional: false
spec.template.spec.initContainers.prepare-configuration (apps/v1/Deployment/swh-cassandra/scheduler-journal-client)
+ one map entry added:
env:
- name: AMQP_PASSWORD
valueFrom:
secretKeyRef:
name: amqp-secrets
key: swhproducer-password
optional: false
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/scrubber-storagechecker-directory-references)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD CASSANDRA_PASSWORD
CASSANDRA_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration-scrubber-storage.env (apps/v1/Deployment/swh-cassandra/swh-toolbox)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD CASSANDRA_PASSWORD
CASSANDRA_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/vault-rpc)
⇆ order changed
- POSTGRESQL_PASSWORD, ACCOUNT_KEY
+ ACCOUNT_KEY, POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/web-cassandra)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DEPOSIT_PASSWORD DEPOSIT_USERNAME
DEPOSIT_USERNAME DJANGO_SECRET_KEY
GIVE_PRIVATE_TOKEN GIVE_PRIVATE_TOKEN
GIVE_PUBLIC_KEY GIVE_PUBLIC_KEY
WEBHOOKS_SECRET INBOUND_EMAIL_SHARED_KEY
INBOUND_EMAIL_SHARED_KEY POSTGRESQL_PASSWORD
SWH_SENTRY_DSN WEBHOOKS_SECRET
+ one list entry added:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: swh-postgresql-syncmailmap-secret
key: postgres-syncmailmap-password
optional: false
spec.jobTemplate.spec.template.spec.initContainers.prepare-web-configuration.env (batch/v1/CronJob/swh-cassandra/web-cassandra-sync-mailmaps-cronjob)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DEPOSIT_PASSWORD DEPOSIT_USERNAME
DEPOSIT_USERNAME DJANGO_SECRET_KEY
GIVE_PRIVATE_TOKEN GIVE_PRIVATE_TOKEN
GIVE_PUBLIC_KEY GIVE_PUBLIC_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
+ three list entries added:
- name: INBOUND_EMAIL_SHARED_KEY
valueFrom:
secretKeyRef:
name: common-secrets
key: web-inbound-email-shared-key
optional: false
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: swh-postgresql-syncmailmap-secret
key: postgres-syncmailmap-password
optional: false
- name: WEBHOOKS_SECRET
valueFrom:
secretKeyRef:
name: common-secrets
key: webhooks-secret
optional: false
------------- diff for environment staging namespace swh-cassandra-next-version -------------
_ __ __
_| |_ _ / _|/ _| between /tmp/swh-chart.swh.om7XZUHh/staging-swh-cassandra-next-version.before, 130 documents
/ _' | | | | |_| |_ and /tmp/swh-chart.swh.om7XZUHh/staging-swh-cassandra-next-version.after, 130 documents
| (_| | |_| | _| _|
\__,_|\__, |_| |_| returned two differences
|___/
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra-next-version/vault-rpc)
⇆ order changed
- POSTGRESQL_PASSWORD, ACCOUNT_KEY
+ ACCOUNT_KEY, POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra-next-version/web-cassandra)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DEPOSIT_PASSWORD DEPOSIT_USERNAME
DEPOSIT_USERNAME DJANGO_SECRET_KEY
GIVE_PRIVATE_TOKEN GIVE_PRIVATE_TOKEN
GIVE_PUBLIC_KEY GIVE_PUBLIC_KEY
WEBHOOKS_SECRET INBOUND_EMAIL_SHARED_KEY
INBOUND_EMAIL_SHARED_KEY POSTGRESQL_PASSWORD
SWH_SENTRY_DSN WEBHOOKS_SECRET
+ one list entry added:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: swh-postgresql-syncmailmap-secret
key: postgres-syncmailmap-password
optional: false
------------- diff for environment production namespace swh -------------
_ __ __
_| |_ _ / _|/ _| between /tmp/swh-chart.swh.om7XZUHh/production-swh.before, 399 documents
/ _' | | | | |_| |_ and /tmp/swh-chart.swh.om7XZUHh/production-swh.after, 399 documents
| (_| | |_| | _| _|
\__,_|\__, |_| |_| returned 25 differences
|___/
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/cooker-batch)
⇆ order changed
AMQP_PASSWORD ACCOUNT_NAME_0
ACCOUNT_NAME_0 ACCOUNT_NAME_1
ACCOUNT_NAME_1 ACCOUNT_NAME_10
ACCOUNT_NAME_10 ACCOUNT_NAME_11
ACCOUNT_NAME_11 ACCOUNT_NAME_12
ACCOUNT_NAME_12 ACCOUNT_NAME_13
ACCOUNT_NAME_13 ACCOUNT_NAME_14
ACCOUNT_NAME_14 ACCOUNT_NAME_15
ACCOUNT_NAME_15 ACCOUNT_NAME_2
ACCOUNT_NAME_2 ACCOUNT_NAME_3
ACCOUNT_NAME_3 ACCOUNT_NAME_4
ACCOUNT_NAME_4 ACCOUNT_NAME_5
ACCOUNT_NAME_5 ACCOUNT_NAME_6
ACCOUNT_NAME_6 ACCOUNT_NAME_7
ACCOUNT_NAME_7 ACCOUNT_NAME_8
ACCOUNT_NAME_8 ACCOUNT_NAME_9
ACCOUNT_NAME_9 AMQP_PASSWORD
API_SECRET_KEY_0 API_SECRET_KEY_0
API_SECRET_KEY_1 API_SECRET_KEY_1
API_SECRET_KEY_10 API_SECRET_KEY_10
API_SECRET_KEY_11 API_SECRET_KEY_11
API_SECRET_KEY_12 API_SECRET_KEY_12
API_SECRET_KEY_13 API_SECRET_KEY_13
API_SECRET_KEY_14 API_SECRET_KEY_14
API_SECRET_KEY_15 API_SECRET_KEY_15
API_SECRET_KEY_2 API_SECRET_KEY_2
API_SECRET_KEY_3 API_SECRET_KEY_3
API_SECRET_KEY_4 API_SECRET_KEY_4
API_SECRET_KEY_5 API_SECRET_KEY_5
API_SECRET_KEY_6 API_SECRET_KEY_6
API_SECRET_KEY_7 API_SECRET_KEY_7
API_SECRET_KEY_8 API_SECRET_KEY_8
API_SECRET_KEY_9 API_SECRET_KEY_9
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/cooker-simple)
⇆ order changed
AMQP_PASSWORD ACCOUNT_NAME_0
ACCOUNT_NAME_0 ACCOUNT_NAME_1
ACCOUNT_NAME_1 ACCOUNT_NAME_10
ACCOUNT_NAME_10 ACCOUNT_NAME_11
ACCOUNT_NAME_11 ACCOUNT_NAME_12
ACCOUNT_NAME_12 ACCOUNT_NAME_13
ACCOUNT_NAME_13 ACCOUNT_NAME_14
ACCOUNT_NAME_14 ACCOUNT_NAME_15
ACCOUNT_NAME_15 ACCOUNT_NAME_2
ACCOUNT_NAME_2 ACCOUNT_NAME_3
ACCOUNT_NAME_3 ACCOUNT_NAME_4
ACCOUNT_NAME_4 ACCOUNT_NAME_5
ACCOUNT_NAME_5 ACCOUNT_NAME_6
ACCOUNT_NAME_6 ACCOUNT_NAME_7
ACCOUNT_NAME_7 ACCOUNT_NAME_8
ACCOUNT_NAME_8 ACCOUNT_NAME_9
ACCOUNT_NAME_9 AMQP_PASSWORD
API_SECRET_KEY_0 API_SECRET_KEY_0
API_SECRET_KEY_1 API_SECRET_KEY_1
API_SECRET_KEY_10 API_SECRET_KEY_10
API_SECRET_KEY_11 API_SECRET_KEY_11
API_SECRET_KEY_12 API_SECRET_KEY_12
API_SECRET_KEY_13 API_SECRET_KEY_13
API_SECRET_KEY_14 API_SECRET_KEY_14
API_SECRET_KEY_15 API_SECRET_KEY_15
API_SECRET_KEY_2 API_SECRET_KEY_2
API_SECRET_KEY_3 API_SECRET_KEY_3
API_SECRET_KEY_4 API_SECRET_KEY_4
API_SECRET_KEY_5 API_SECRET_KEY_5
API_SECRET_KEY_6 API_SECRET_KEY_6
API_SECRET_KEY_7 API_SECRET_KEY_7
API_SECRET_KEY_8 API_SECRET_KEY_8
API_SECRET_KEY_9 API_SECRET_KEY_9
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/deposit)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY ACCOUNT_KEY
ACCOUNT_KEY DJANGO_SECRET_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
spec.template.spec.containers.deposit.env (apps/v1/Deployment/swh/deposit)
- one list entry removed:
- name: DJANGO_SECRET_KEY
valueFrom:
secretKeyRef:
name: swh-deposit-django-secret
key: deposit-django-secret-key
# 'name' secret must exist & include that ^ key
optional: false
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/indexer-content-mimetype)
⇆ order changed
BROKER_USER ACCOUNT_NAME_0
BROKER_USER_PASSWORD ACCOUNT_NAME_1
ACCOUNT_NAME_0 ACCOUNT_NAME_10
ACCOUNT_NAME_1 ACCOUNT_NAME_11
ACCOUNT_NAME_10 ACCOUNT_NAME_12
ACCOUNT_NAME_11 ACCOUNT_NAME_13
ACCOUNT_NAME_12 ACCOUNT_NAME_14
ACCOUNT_NAME_13 ACCOUNT_NAME_15
ACCOUNT_NAME_14 ACCOUNT_NAME_2
ACCOUNT_NAME_15 ACCOUNT_NAME_3
ACCOUNT_NAME_2 ACCOUNT_NAME_4
ACCOUNT_NAME_3 ACCOUNT_NAME_5
ACCOUNT_NAME_4 ACCOUNT_NAME_6
ACCOUNT_NAME_5 ACCOUNT_NAME_7
ACCOUNT_NAME_6 ACCOUNT_NAME_8
ACCOUNT_NAME_7 ACCOUNT_NAME_9
ACCOUNT_NAME_8 API_SECRET_KEY_0
ACCOUNT_NAME_9 API_SECRET_KEY_1
API_SECRET_KEY_0 API_SECRET_KEY_10
API_SECRET_KEY_1 API_SECRET_KEY_11
API_SECRET_KEY_10 API_SECRET_KEY_12
API_SECRET_KEY_11 API_SECRET_KEY_13
API_SECRET_KEY_12 API_SECRET_KEY_14
API_SECRET_KEY_13 API_SECRET_KEY_15
API_SECRET_KEY_14 API_SECRET_KEY_2
API_SECRET_KEY_15 API_SECRET_KEY_3
API_SECRET_KEY_2 API_SECRET_KEY_4
API_SECRET_KEY_3 API_SECRET_KEY_5
API_SECRET_KEY_4 API_SECRET_KEY_6
API_SECRET_KEY_5 API_SECRET_KEY_7
API_SECRET_KEY_6 API_SECRET_KEY_8
API_SECRET_KEY_7 API_SECRET_KEY_9
API_SECRET_KEY_8 BROKER_USER
API_SECRET_KEY_9 BROKER_USER_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/indexer-extrinsic)
⇆ order changed
BROKER_USER ACCOUNT_NAME_0
BROKER_USER_PASSWORD ACCOUNT_NAME_1
ACCOUNT_NAME_0 ACCOUNT_NAME_10
ACCOUNT_NAME_1 ACCOUNT_NAME_11
ACCOUNT_NAME_10 ACCOUNT_NAME_12
ACCOUNT_NAME_11 ACCOUNT_NAME_13
ACCOUNT_NAME_12 ACCOUNT_NAME_14
ACCOUNT_NAME_13 ACCOUNT_NAME_15
ACCOUNT_NAME_14 ACCOUNT_NAME_2
ACCOUNT_NAME_15 ACCOUNT_NAME_3
ACCOUNT_NAME_2 ACCOUNT_NAME_4
ACCOUNT_NAME_3 ACCOUNT_NAME_5
ACCOUNT_NAME_4 ACCOUNT_NAME_6
ACCOUNT_NAME_5 ACCOUNT_NAME_7
ACCOUNT_NAME_6 ACCOUNT_NAME_8
ACCOUNT_NAME_7 ACCOUNT_NAME_9
ACCOUNT_NAME_8 API_SECRET_KEY_0
ACCOUNT_NAME_9 API_SECRET_KEY_1
API_SECRET_KEY_0 API_SECRET_KEY_10
API_SECRET_KEY_1 API_SECRET_KEY_11
API_SECRET_KEY_10 API_SECRET_KEY_12
API_SECRET_KEY_11 API_SECRET_KEY_13
API_SECRET_KEY_12 API_SECRET_KEY_14
API_SECRET_KEY_13 API_SECRET_KEY_15
API_SECRET_KEY_14 API_SECRET_KEY_2
API_SECRET_KEY_15 API_SECRET_KEY_3
API_SECRET_KEY_2 API_SECRET_KEY_4
API_SECRET_KEY_3 API_SECRET_KEY_5
API_SECRET_KEY_4 API_SECRET_KEY_6
API_SECRET_KEY_5 API_SECRET_KEY_7
API_SECRET_KEY_6 API_SECRET_KEY_8
API_SECRET_KEY_7 API_SECRET_KEY_9
API_SECRET_KEY_8 BROKER_USER
API_SECRET_KEY_9 BROKER_USER_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/objstorage-replayer-winery)
⇆ order changed
BROKER_USER ACCOUNT_NAME_0
BROKER_USER_PASSWORD ACCOUNT_NAME_1
ACCOUNT_NAME_0 ACCOUNT_NAME_10
ACCOUNT_NAME_1 ACCOUNT_NAME_11
ACCOUNT_NAME_10 ACCOUNT_NAME_12
ACCOUNT_NAME_11 ACCOUNT_NAME_13
ACCOUNT_NAME_12 ACCOUNT_NAME_14
ACCOUNT_NAME_13 ACCOUNT_NAME_15
ACCOUNT_NAME_14 ACCOUNT_NAME_2
ACCOUNT_NAME_15 ACCOUNT_NAME_3
ACCOUNT_NAME_2 ACCOUNT_NAME_4
ACCOUNT_NAME_3 ACCOUNT_NAME_5
ACCOUNT_NAME_4 ACCOUNT_NAME_6
ACCOUNT_NAME_5 ACCOUNT_NAME_7
ACCOUNT_NAME_6 ACCOUNT_NAME_8
ACCOUNT_NAME_7 ACCOUNT_NAME_9
ACCOUNT_NAME_8 API_SECRET_KEY_0
ACCOUNT_NAME_9 API_SECRET_KEY_1
API_SECRET_KEY_0 API_SECRET_KEY_10
API_SECRET_KEY_1 API_SECRET_KEY_11
API_SECRET_KEY_10 API_SECRET_KEY_12
API_SECRET_KEY_11 API_SECRET_KEY_13
API_SECRET_KEY_12 API_SECRET_KEY_14
API_SECRET_KEY_13 API_SECRET_KEY_15
API_SECRET_KEY_14 API_SECRET_KEY_2
API_SECRET_KEY_15 API_SECRET_KEY_3
API_SECRET_KEY_2 API_SECRET_KEY_4
API_SECRET_KEY_3 API_SECRET_KEY_5
API_SECRET_KEY_4 API_SECRET_KEY_6
API_SECRET_KEY_5 API_SECRET_KEY_7
API_SECRET_KEY_6 API_SECRET_KEY_8
API_SECRET_KEY_7 API_SECRET_KEY_9
API_SECRET_KEY_8 BROKER_USER
API_SECRET_KEY_9 BROKER_USER_PASSWORD
spec.template.spec.initContainers.prepare-configuration (apps/v1/Deployment/swh/scheduler-journal-client)
+ one map entry added:
env:
- name: AMQP_PASSWORD
valueFrom:
secretKeyRef:
name: amqp-secrets
key: swhproducer-password
optional: false
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-journalchecker-release)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD BROKER_USER
BROKER_USER BROKER_USER_PASSWORD
BROKER_USER_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-journalchecker-revision)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD BROKER_USER
BROKER_USER BROKER_USER_PASSWORD
BROKER_USER_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-journalchecker-snapshot)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD BROKER_USER
BROKER_USER BROKER_USER_PASSWORD
BROKER_USER_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-storagechecker-primary-directory-hashes)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-storagechecker-primary-directory-references)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-storagechecker-secondary-directory-hashes)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-storagechecker-secondary-directory-references)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-storagechecker-secondary-snapshot-hashes)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/scrubber-storagechecker-secondary-snapshot-references)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration-scrubber-storage-primary.env (apps/v1/Deployment/swh/swh-toolbox)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration-scrubber-storage-secondary.env (apps/v1/Deployment/swh/swh-toolbox)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD POSTGRESQL_PASSWORD
POSTGRESQL_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/vault-rpc)
⇆ order changed
POSTGRESQL_PASSWORD ACCOUNT_KEY
ACCOUNT_KEY ACCOUNT_NAME_0
ACCOUNT_NAME_0 ACCOUNT_NAME_1
ACCOUNT_NAME_1 ACCOUNT_NAME_10
ACCOUNT_NAME_10 ACCOUNT_NAME_11
ACCOUNT_NAME_11 ACCOUNT_NAME_12
ACCOUNT_NAME_12 ACCOUNT_NAME_13
ACCOUNT_NAME_13 ACCOUNT_NAME_14
ACCOUNT_NAME_14 ACCOUNT_NAME_15
ACCOUNT_NAME_15 ACCOUNT_NAME_2
ACCOUNT_NAME_2 ACCOUNT_NAME_3
ACCOUNT_NAME_3 ACCOUNT_NAME_4
ACCOUNT_NAME_4 ACCOUNT_NAME_5
ACCOUNT_NAME_5 ACCOUNT_NAME_6
ACCOUNT_NAME_6 ACCOUNT_NAME_7
ACCOUNT_NAME_7 ACCOUNT_NAME_8
ACCOUNT_NAME_8 ACCOUNT_NAME_9
ACCOUNT_NAME_9 API_SECRET_KEY_0
API_SECRET_KEY_0 API_SECRET_KEY_1
API_SECRET_KEY_1 API_SECRET_KEY_10
API_SECRET_KEY_10 API_SECRET_KEY_11
API_SECRET_KEY_11 API_SECRET_KEY_12
API_SECRET_KEY_12 API_SECRET_KEY_13
API_SECRET_KEY_13 API_SECRET_KEY_14
API_SECRET_KEY_14 API_SECRET_KEY_15
API_SECRET_KEY_15 API_SECRET_KEY_2
API_SECRET_KEY_2 API_SECRET_KEY_3
API_SECRET_KEY_3 API_SECRET_KEY_4
API_SECRET_KEY_4 API_SECRET_KEY_5
API_SECRET_KEY_5 API_SECRET_KEY_6
API_SECRET_KEY_6 API_SECRET_KEY_7
API_SECRET_KEY_7 API_SECRET_KEY_8
API_SECRET_KEY_8 API_SECRET_KEY_9
API_SECRET_KEY_9 POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/web-app1)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DJANGO_SECRET_KEY_FALLBACK_1 DEPOSIT_USERNAME
DJANGO_SECRET_KEY_FALLBACK_2 DJANGO_SECRET_KEY
DEPOSIT_PASSWORD DJANGO_SECRET_KEY_FALLBACK_1
DEPOSIT_USERNAME DJANGO_SECRET_KEY_FALLBACK_2
GIVE_PRIVATE_TOKEN GITLAB_AFN_TOKEN
GIVE_PUBLIC_KEY GIVE_PRIVATE_TOKEN
GITLAB_AFN_TOKEN GIVE_PUBLIC_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh/web-archive)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DJANGO_SECRET_KEY_FALLBACK_1 DEPOSIT_USERNAME
DJANGO_SECRET_KEY_FALLBACK_2 DJANGO_SECRET_KEY
DEPOSIT_PASSWORD DJANGO_SECRET_KEY_FALLBACK_1
DEPOSIT_USERNAME DJANGO_SECRET_KEY_FALLBACK_2
GIVE_PRIVATE_TOKEN GITLAB_AFN_TOKEN
GIVE_PUBLIC_KEY GIVE_PRIVATE_TOKEN
GITLAB_AFN_TOKEN GIVE_PUBLIC_KEY
INBOUND_EMAIL_SHARED_KEY INBOUND_EMAIL_SHARED_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
+ one list entry added:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: swh-postgresql-syncmailmap-secret
key: postgres-syncmailmap-password
optional: false
spec.jobTemplate.spec.template.spec.initContainers.prepare-configuration.env (batch/v1/CronJob/create-object-reference-partitions-cronjob)
+ 32 list entries added:
- name: ACCOUNT_NAME_0
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 0_account_name
optional: false
- name: ACCOUNT_NAME_1
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 1_account_name
optional: false
- name: ACCOUNT_NAME_10
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 10_account_name
optional: false
- name: ACCOUNT_NAME_11
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 11_account_name
optional: false
- name: ACCOUNT_NAME_12
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 12_account_name
optional: false
- name: ACCOUNT_NAME_13
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 13_account_name
optional: false
- name: ACCOUNT_NAME_14
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 14_account_name
optional: false
- name: ACCOUNT_NAME_15
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 15_account_name
optional: false
- name: ACCOUNT_NAME_2
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 2_account_name
optional: false
- name: ACCOUNT_NAME_3
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 3_account_name
optional: false
- name: ACCOUNT_NAME_4
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 4_account_name
optional: false
- name: ACCOUNT_NAME_5
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 5_account_name
optional: false
- name: ACCOUNT_NAME_6
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 6_account_name
optional: false
- name: ACCOUNT_NAME_7
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 7_account_name
optional: false
- name: ACCOUNT_NAME_8
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 8_account_name
optional: false
- name: ACCOUNT_NAME_9
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 9_account_name
optional: false
- name: API_SECRET_KEY_0
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 0_api_secret_key
optional: false
- name: API_SECRET_KEY_1
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 1_api_secret_key
optional: false
- name: API_SECRET_KEY_10
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 10_api_secret_key
optional: false
- name: API_SECRET_KEY_11
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 11_api_secret_key
optional: false
- name: API_SECRET_KEY_12
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 12_api_secret_key
optional: false
- name: API_SECRET_KEY_13
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 13_api_secret_key
optional: false
- name: API_SECRET_KEY_14
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 14_api_secret_key
optional: false
- name: API_SECRET_KEY_15
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 15_api_secret_key
optional: false
- name: API_SECRET_KEY_2
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 2_api_secret_key
optional: false
- name: API_SECRET_KEY_3
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 3_api_secret_key
optional: false
- name: API_SECRET_KEY_4
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 4_api_secret_key
optional: false
- name: API_SECRET_KEY_5
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 5_api_secret_key
optional: false
- name: API_SECRET_KEY_6
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 6_api_secret_key
optional: false
- name: API_SECRET_KEY_7
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 7_api_secret_key
optional: false
- name: API_SECRET_KEY_8
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 8_api_secret_key
optional: false
- name: API_SECRET_KEY_9
valueFrom:
secretKeyRef:
name: swh-objstorage-config
key: 9_api_secret_key
optional: false
spec.jobTemplate.spec.template.spec.initContainers.prepare-web-configuration.env (batch/v1/CronJob/swh/web-archive-refresh-savecodenow-statuses-cronjob)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DJANGO_SECRET_KEY_FALLBACK_1 DEPOSIT_USERNAME
DJANGO_SECRET_KEY_FALLBACK_2 DJANGO_SECRET_KEY
DEPOSIT_PASSWORD DJANGO_SECRET_KEY_FALLBACK_1
DEPOSIT_USERNAME DJANGO_SECRET_KEY_FALLBACK_2
GIVE_PRIVATE_TOKEN GIVE_PRIVATE_TOKEN
GIVE_PUBLIC_KEY GIVE_PUBLIC_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
+ three list entries added:
- name: GITLAB_AFN_TOKEN
valueFrom:
secretKeyRef:
name: common-secrets
key: gitlab_afn_token
optional: false
- name: INBOUND_EMAIL_SHARED_KEY
valueFrom:
secretKeyRef:
name: common-secrets
key: web-inbound-email-shared-key
optional: false
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: swh-postgresql-syncmailmap-secret
key: postgres-syncmailmap-password
optional: false
spec.jobTemplate.spec.template.spec.initContainers.prepare-web-configuration.env (batch/v1/CronJob/swh/web-archive-sync-mailmaps-cronjob)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DJANGO_SECRET_KEY_FALLBACK_1 DEPOSIT_USERNAME
DJANGO_SECRET_KEY_FALLBACK_2 DJANGO_SECRET_KEY
DEPOSIT_PASSWORD DJANGO_SECRET_KEY_FALLBACK_1
DEPOSIT_USERNAME DJANGO_SECRET_KEY_FALLBACK_2
GIVE_PRIVATE_TOKEN GIVE_PRIVATE_TOKEN
GIVE_PUBLIC_KEY GIVE_PUBLIC_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
+ three list entries added:
- name: GITLAB_AFN_TOKEN
valueFrom:
secretKeyRef:
name: common-secrets
key: gitlab_afn_token
optional: false
- name: INBOUND_EMAIL_SHARED_KEY
valueFrom:
secretKeyRef:
name: common-secrets
key: web-inbound-email-shared-key
optional: false
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: swh-postgresql-syncmailmap-secret
key: postgres-syncmailmap-password
optional: false
------------- diff for environment production namespace swh-cassandra -------------
_ __ __
_| |_ _ / _|/ _| between /tmp/swh-chart.swh.om7XZUHh/production-swh-cassandra.before, 109 documents
/ _' | | | | |_| |_ and /tmp/swh-chart.swh.om7XZUHh/production-swh-cassandra.after, 109 documents
| (_| | |_| | _| _|
\__,_|\__, |_| |_| returned eleven differences
|___/
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-content)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-directory)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-extid)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-origin)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-origin-visit)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-origin-visit-status)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/cassandra-checks-revision)
⇆ order changed
POSTGRESQL_PASSWORD BROKER_USER
CASSANDRA_PASSWORD BROKER_USER_PASSWORD
BROKER_USER CASSANDRA_PASSWORD
BROKER_USER_PASSWORD POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/scrubber-storagechecker-directory-hashes)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD CASSANDRA_PASSWORD
CASSANDRA_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/scrubber-storagechecker-directory-references)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD CASSANDRA_PASSWORD
CASSANDRA_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration-scrubber-storage.env (apps/v1/Deployment/swh-cassandra/swh-toolbox)
⇆ order changed
SCRUBBER_POSTGRESQL_PASSWORD CASSANDRA_PASSWORD
CASSANDRA_PASSWORD SCRUBBER_POSTGRESQL_PASSWORD
spec.template.spec.initContainers.prepare-configuration.env (apps/v1/Deployment/swh-cassandra/web-cassandra)
⇆ order changed
POSTGRESQL_PASSWORD SWH_SENTRY_DSN
DJANGO_SECRET_KEY DEPOSIT_PASSWORD
DEPOSIT_PASSWORD DEPOSIT_USERNAME
DEPOSIT_USERNAME DJANGO_SECRET_KEY
GIVE_PRIVATE_TOKEN GITLAB_AFN_TOKEN
GIVE_PUBLIC_KEY GIVE_PRIVATE_TOKEN
GITLAB_AFN_TOKEN GIVE_PUBLIC_KEY
INBOUND_EMAIL_SHARED_KEY INBOUND_EMAIL_SHARED_KEY
SWH_SENTRY_DSN POSTGRESQL_PASSWORD
Edited by Nicolas Dandrimont