From aaca8819b3c5c5c694c7d10c1884dc322cdd253b Mon Sep 17 00:00:00 2001 From: Jacques ROUSSEL Date: Tue, 10 Sep 2024 16:20:30 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(helm)=20fix=20mail=20provisioning?= =?UTF-8?q?=20env?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I forgot to use the new variable on the deployment. --- secrets | 2 +- src/helm/desk/templates/secrets.yaml | 4 +- src/helm/env.d/dev/secrets.enc.yaml | 77 ++++++++----------- src/helm/env.d/dev/values.desk.yaml.gotmpl | 4 + .../env.d/preprod/values.desk.yaml.gotmpl | 4 + .../env.d/production/values.desk.yaml.gotmpl | 4 + .../env.d/staging/values.desk.yaml.gotmpl | 4 + 7 files changed, 53 insertions(+), 46 deletions(-) diff --git a/secrets b/secrets index d403edd..49b5911 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit d403eddf75805e6edceeab9eda1be28398256f65 +Subproject commit 49b5911ecf6a8c3377ef6a97bb1e2012c31421ac diff --git a/src/helm/desk/templates/secrets.yaml b/src/helm/desk/templates/secrets.yaml index 13bf7a1..e8e2ee4 100644 --- a/src/helm/desk/templates/secrets.yaml +++ b/src/helm/desk/templates/secrets.yaml @@ -15,6 +15,6 @@ stringData: OIDC_RS_PRIVATE_KEY_STR: | {{ .Values.resourceServer.privateKey | indent 4 }} {{- end }} -{{- if .Values.mail_provisionning_api_credentials }} - MAIL_PROVISIONING_API_CREDENTIALS: {{ .Values.mail_provisionning_api_credentials }} +{{- if .Values.mail_provisioning_api_credentials }} + MAIL_PROVISIONING_API_CREDENTIALS: {{ .Values.mail_provisioning_api_credentials }} {{- end }} diff --git a/src/helm/env.d/dev/secrets.enc.yaml b/src/helm/env.d/dev/secrets.enc.yaml index 3e69316..ebadce1 100644 --- a/src/helm/env.d/dev/secrets.enc.yaml +++ b/src/helm/env.d/dev/secrets.enc.yaml @@ -1,9 +1,9 @@ -djangoSecretKey: ENC[AES256_GCM,data:9fOtt8oesY2CUahg972UGldDrqqF6Fa1Tn+bKxNpMbfXppQtPY2Jfu4EWKAaqH07X00=,iv:OC0ggDgCcja6h4IK73jVXZGDE1qp5OJfeNg182DKxQ4=,tag:ITMAWmPxW8lNBvm2Xefw/Q==,type:str] -djangoSuperUserPass: ENC[AES256_GCM,data:mkLVMnc=,iv:qYBUdUwJk422RVm23/6CUKubFtBL+lofynSnkJglNQk=,tag:Md5FPXwCe9kl5BkICHszzg==,type:str] -mail_provisionning_api_credentials: ENC[AES256_GCM,data:UO5NJoq8r4kM9ML3WlmIBJYENCx/E1V6,iv:J1BK2XSONhWOx/iOLByYFUraBgNcTEUmWQLofgpke38=,tag:DN+Wbxwf1rYQi6IReRkvbw==,type:str] +djangoSecretKey: ENC[AES256_GCM,data:G3aGkwSwmNkkPOko/25vgs4wSYwRQP4fC6i/qonuA7g/lq/ogR0s+SvrlkaSSQf0hcU=,iv:mhwQsxuG0kjq8bIObEgZKkNentt8ZMLYUoDsWUzj620=,tag:vN6oAquA2GnD1rFdyJAb5A==,type:str] +djangoSuperUserPass: ENC[AES256_GCM,data:d+eDBgw=,iv:vypp5QaAyuN7DEnVuT/+g6B6vJQwemL459qUd4q6JdU=,tag:nCb0lpIlmCU/DmW878XCSQ==,type:str] +mail_provisioning_api_credentials: ENC[AES256_GCM,data:h6oe2gOdnqPCUeI2dRNvbMoVxqB7bCWT,iv:AwPPmhzEHWil9n/V4VgME7TCtqFq4A0Z73X4a93/BzU=,tag:Fha/dvBJLrsTSZUcfWHC2g==,type:str] oidc: - clientId: ENC[AES256_GCM,data:gcxd+bMz/YdGw/wrCx1HvSOC5pWkUfuLulU4LPEFtMj+z0W8,iv:7enZhQGxQ2voA72bjGWfMl7yf+ArFgQ/eAspAjRa3p0=,tag:A6Im4qDckaPdX8pdS/lyuw==,type:str] - clientSecret: ENC[AES256_GCM,data:AmEnaHhdCzynw1zhPHwotJ+TUI9DJ11X4ScjGzU4ADOyAJeJp8gWLFuU2GG1mWCOBPjtVOEdaN1ZTZNKKHS9qA==,iv:8oIehcSJHiD1a6C7Jv8rJz2ixakQTpOWYRAr7Ifj2yE=,tag:keKNxLl9jChB/pm52gddhA==,type:str] + clientId: ENC[AES256_GCM,data:LGHAuGi1QJLsQa+CqAudf/TXoKJOManq2cXLbRmmNhQ+3UJm,iv:xSNzp4Iwe+EG+/opkBU88+geVIRidfcQeI07DfHm3lU=,tag:vU/jyHw/Plvjkpg/RPbhtA==,type:str] + clientSecret: ENC[AES256_GCM,data:DXpA4OVvurzqWiF5E8Y90Ih5uwamkNsj69NzFNrtsNJ6LJUpQ7cy0WG2f8VbB9zcco0IWR0dv2PeRw/edyRIcw==,iv:aYcBKU8jRPcgqBBYxQ4P2ZHAT/o55YFOwE+qGDpmHE4=,tag:XXPYeu1swbhSRlCes9S0YQ==,type:str] sops: kms: [] gcp_kms: [] @@ -13,59 +13,50 @@ sops: - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOGdBRHB1L1RaVVBBb20z - anpzTS9BNHVYYXhISFNKSGRTTHlGWCtWdDNvCk9pdnIwWW9XTG9iWnAySXB6M3Rm - NDFZV3VCVTh2N1poL2RQeUtiU3VIcWcKLS0tIDdyKzRWYmp4WjZGMlg4eGNkdnNQ - NzdGQWtUaWtlS2xneDVUa21ucUJ3SnMKenloUQTumKE0Q8Zp8hLiFwZiGF+78HtB - lt6aEaOgIu2vc4KC1/9iUK+uPhjQC3ajOQ6G2jcRaoR+BFVlxv1Mug== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuWndXczh0REFpS3Jobk9I + R2xHZkViZWlpdTlhdVN5OHBtdVZ3QlZkblZvCnFnTnllTGlnaW0zL05wcjhoUXhP + Ym1Kcm00N2FJY1pIdk9SNzMyOU9YSTAKLS0tIHZYVUMxcGMxYzJ2TmdqblhiUnNF + WU1IZCtLc0Y1ZEI4Vkw4eGZwVkZzS3cKuoSKnLlcSMAoakDHqYPnXrQFMQ1Qrn6C + ywIBZN6E/OIATQ1IVYsmnLl9j7LS6wpUcfebY6mYKQbx+OfjG2X/DA== -----END AGE ENCRYPTED FILE----- - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TlZuVTEyVzVHb1djandk - K2FxZGNlZG9vNllMTnVNZ2pZampnd25pOGxVCkJDUi9YcFVrcVcyOEhKWjBob09M - d0hRc0pkUXhPbTNrS0RSN3NJa2dwbkUKLS0tIG5OSUU4R2s3REV5TWd4Ym5zdWln - ZVcySnhYY2JydmVwOCtEZVhOcTNkQlUKhhZK7CE5bPKbqzmQp7mIL3Lmb8+X+8js - PS55Dv9ivffm+XYKh2tjh3At9+FLNfOECwZBC+KrAQQs0W+vBaXWxQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WVdhc090V29TTmJhWDE2 + d2hEQlpMb21wekFiYTUrR1hFaHN4NUtFWVYwCkUxOGdVUmFGdnlSVmNHcDJ6NmtF + NklCUStTbFVVQlpzYmVhbHJhREx2ajgKLS0tIDdTbFBmNi9FR1pXTFBaZHRMWnRO + eDdydlVTeVBNRmM0dUN4TnUyRjZzZU0KjoQkiFluQ7C5eiKfoQ5tDrE526y7OWKf + VrNAeVPkb0gTxGLUWWVGPgNfEJz4aScoJQ+QSYdqF6WusxRL1Xcxlg== -----END AGE ENCRYPTED FILE----- - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqOWlUazJpNmhOQ0xYQ0pM - aVRia3B6anErRHNDSTFKT1hWZnZ2blZEeGhZCjNkSm5BZ2hEMVA0dGlSTGo5cWd3 - U1FZWnNwSkJhSHNRRDc3QVUrakxad2cKLS0tIEV3ZzVVZ0ZJVytKdzFHSEREcHVq - SUtrZXh6TktaUHZqZTdzL3dZbVdiblkKiJliMwXPs/EJVFuEnegqWKvO3axHJEw7 - /Y5qgNPN8MDJrcMtDdcFAKkdrUUUhPgzd1jHeNWlw9tPkqgmoNe1/w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXTUxHdnZZMnJTSmRRS3di + dVdLSXpsT2VxSVI0eFk2cEJzNVJDNGJQSlVBClNtMXJTcjYyM0k4bnpxMGtIMUdD + Nkp3ZHpPUGlNWGZ3K016d3FzZ3pRWHMKLS0tIEliL0VMM28rc3g0SExveWMvQkxN + a2ViS1B2L1lRRkZOWHFIdFJJRWZhSzgK/g5qqDU9+fdFMaCuSX9kBuDtCzk9qc7J + DsROLDZlQ1bOY6oWoNTtZtZzUwbJTOlBj3ys8FhHecKB0P+SgF6ecQ== -----END AGE ENCRYPTED FILE----- - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWS3YzWjVlazVDRC9iNTM2 - K0VYQ2dQclIvVlFFRmlnbXFhUHVneWl0WHdZCnR1Y2RzMGxzWWRxL2ppYXJVUGhO - TGdld0tLaURiYlMwR3ByL1phZTNnN1UKLS0tIFZ3QVUyVlBpNGZjdHBKL3JHNnFU - YklMbW15Mm9EdnVJbkRLb3drekp3Zm8KrzAAV2EKHHkJzpCBerHkqlI122OUNM/o - 3gIX838hJgatKKOO1FipeuzOTwlWEVOwP/iBnHnMe/QdJdsk6issqQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUzU4UUYyazAwY01URGhr + THpZRjBrb0M5VEpYbmVQeSt3dU0ycFJmNFRNCmhIVG9wdmNjcEZML29MQ0JaMlMy + cU1xZmNybDRsWnJaUS9mRDFEb3BGOWMKLS0tIGdhdFpBMGZLUHZhQmk3M0xJWUlz + bktQaUVjNlQ0K0cxVWlsNE0wclBIM28KMjoLelJGgocMiVBDUDvETMh9otZBAu3x + DcakJwCOMTiw9QhicMPxdA43jPz/g3/T7Qn2GzNQVa1rcYwNgkFRkg== -----END AGE ENCRYPTED FILE----- - - recipient: age1tl80n23wq6zxegupwn70ew0yp225ua5v4dk800x7g2w6pvlxz46qk592pa + - recipient: age1hnhuzj96ktkhpyygvmz0x9h8mfvssz7ss6emmukags644mdhf4msajk93r enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhemxEZWcwTWQrM0lOd2ky - MVNtcGs3UGphSlZleGhtTFh3andSa00xdmhjCml4cGd1bHVYVzk4djA5QndpQ291 - Y0tOSlpoMytvRE41WXliMitEUVZ2ZkkKLS0tIGNoK2xCc3FKNXhhbkErbStyQ0lC - VWpzS04rdkJ3M3BqTTY1T2RyTGd6OTgK0sDGDG3R7fDFwhgn6gdYGDUC9kWFk11e - hn69zBqKXvT7jcQoEWASmbRJ0kYTF/Rg9stWASYfCT+dyEkDfVewPw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTG1NVUtLVjE2WU15MUd0 + SkVzMytQUW8ybkhGaG4rdEFPcjhieWNIa1YwClBhQzFlc1d3cTkxZk80R2ZyQnEv + OEM5R2VMZ3hwODFvSjJzcHZqQk0rVkkKLS0tIGhKVE1keWFXUWlrdFhCekhYRjVh + QXV5a3lVZE9zeDVzMjM3NkJ2cFY3bTAKDWNYDkX1gm+cIlYYj+H0zepRVrWvauhw + I3/L9daSyzY5wmVFyTYHpdQ+jxaKvQbCvwtGcGInZA/gSJFCclBoow== -----END AGE ENCRYPTED FILE----- - - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyelo4b05STnFVVGNPNUdH - bDdiQjQ4WkNlY1dacTZRU3ZObEU3WkFyRUFjClRmOFAyeHRoT2U5Rzc1OTRmRjho - bUo5WjljZzNtNVQ5RlhrdmVpYjhuOE0KLS0tIE8zWEUwL3dyWDZvamdKQk1qcDVR - b2g2SFNDMHZvSTNOYUQ0Rms1RlVBem8KacFpoySUpdGChbGU9PHkefzE5WTw5X9g - du7vbHxqE8M3sjH3TvbB7psj9ISQ/mJ15yvFrIvQUaZ1nQf91b2nHg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-09T14:51:07Z" - mac: ENC[AES256_GCM,data:oeKZ/36KMIEV6jtn+lcsu26MiV2ECE5KhWCeeoH2xj8tVBHL1t56PXblxxPnzI5hLs/S+AN3f/s/2uM4rQUA8i2HTLMb8P4dUAaNhQa+rY2llBdSQZSGXnxHoJUbaP9b4S+KTA4O98BJOsRCcDduLue+QklA+e0o/P7KbhLGWMU=,iv:ye9FtQIUEubpoYeNpduI1gYzQBD3e7z35myKAQ6nIDE=,tag:/vB32dzRqmyGkDYTFn+t4g==,type:str] + lastmodified: "2024-09-10T14:37:55Z" + mac: ENC[AES256_GCM,data:c4OGHDJTe9WipJcn6WwDF5GL6npgrQxbb6vCEu7k+QAT+/+zRJVtE2Mih7mnerlabGXv+gqt0UA2BwblmCsA5G3sIRKgwXUpEEPqK973w6V61HSBRkVOKwUCdv1wx82ciaU3F2BBDizRc4nrlpaT4WoXpbmBhFHZ2iHg0ky+NGM=,iv:nEqhM8TCU+1I8jiAKbCgSgizEaeUbPbaSrBEUwS+TNE=,tag:Zc4l4z3Ol0kXtFfUp/9GOg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/src/helm/env.d/dev/values.desk.yaml.gotmpl b/src/helm/env.d/dev/values.desk.yaml.gotmpl index 85b000d..ce08c01 100644 --- a/src/helm/env.d/dev/values.desk.yaml.gotmpl +++ b/src/helm/env.d/dev/values.desk.yaml.gotmpl @@ -51,6 +51,10 @@ backend: POSTGRES_PASSWORD: pass REDIS_URL: redis://default:pass@redis-master:6379/1 MAIL_PROVISIONING_API_URL: "http://host.docker.internal:8000" + MAIL_PROVISIONING_API_CREDENTIALS: + secretKeyRef: + name: backend + key: MAIL_PROVISIONING_API_CREDENTIALS SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171" command: - "gunicorn" diff --git a/src/helm/env.d/preprod/values.desk.yaml.gotmpl b/src/helm/env.d/preprod/values.desk.yaml.gotmpl index f2b8ea2..3c417ea 100644 --- a/src/helm/env.d/preprod/values.desk.yaml.gotmpl +++ b/src/helm/env.d/preprod/values.desk.yaml.gotmpl @@ -85,6 +85,10 @@ backend: name: redis.redis.libre.sh key: url MAIL_PROVISIONING_API_URL: "https://api.dev.ox.numerique.gouv.fr" + MAIL_PROVISIONING_API_CREDENTIALS: + secretKeyRef: + name: backend + key: MAIL_PROVISIONING_API_CREDENTIALS FEATURE_TEAMS: False SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171" diff --git a/src/helm/env.d/production/values.desk.yaml.gotmpl b/src/helm/env.d/production/values.desk.yaml.gotmpl index 7d0f9b7..b9e6581 100644 --- a/src/helm/env.d/production/values.desk.yaml.gotmpl +++ b/src/helm/env.d/production/values.desk.yaml.gotmpl @@ -85,6 +85,10 @@ backend: name: redis.redis.libre.sh key: url MAIL_PROVISIONING_API_URL: "https://api.dev.ox.numerique.gouv.fr" + MAIL_PROVISIONING_API_CREDENTIALS: + secretKeyRef: + name: backend + key: MAIL_PROVISIONING_API_CREDENTIALS FEATURE_TEAMS: False SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171" diff --git a/src/helm/env.d/staging/values.desk.yaml.gotmpl b/src/helm/env.d/staging/values.desk.yaml.gotmpl index 2f7d392..b181fef 100644 --- a/src/helm/env.d/staging/values.desk.yaml.gotmpl +++ b/src/helm/env.d/staging/values.desk.yaml.gotmpl @@ -99,6 +99,10 @@ backend: name: redis.redis.libre.sh key: url MAIL_PROVISIONING_API_URL: "https://api.dev.ox.numerique.gouv.fr" + MAIL_PROVISIONING_API_CREDENTIALS: + secretKeyRef: + name: backend + key: MAIL_PROVISIONING_API_CREDENTIALS SENTRY_DSN: "https://b72746c73d669421e7a8ccd3fab0fad2@sentry.incubateur.net/171" createsuperuser: