Closed kevensen closed 4 years ago
Currently, when the server.config.contents are passed in, the Helm charts manipulate the value of the rules_path in the configuration to point to GCS. This is regardless of if the value already points to GCS or to a path on the file system.
server.config.contents
rules_path
https://github.com/forseti-security/helm-charts/blob/5562e95d753803f3709e31740ec26d5a6aac4c9b/charts/forseti-security/templates/server/config-maps/configmap-conf.yaml#L24-L32
With the merge of https://github.com/forseti-security/terraform-google-forseti/pull/319 the rules path will be set via the Terraform module before Helm is invoked. Replace the above lines with:
And replace with
{{ if .Values.production }} {{- .Values.server.config.contents | b64dec | nindent 4 }} {{ else }} {{- (.Files.Get "files/forseti_conf_server.yaml.sample") | replace "ROOT_RESOURCE_ID" "organizations/12345677890" | replace "output_path: OUTPUT_PATH" "output_path: /home/forseti" | replace "DOMAIN_SUPER_ADMIN_EMAIL" "test@example.com" | nindent 4 }} {{ end }}
GIVEN Forsti on-GKE WHEN deployed via Terraform THEN Forseti on-GKE successfully deploys
Closed by #62
kevensen
commented
4 years ago
Story
Currently, when the
server.config.contentsare passed in, the Helm charts manipulate the value of therules_pathin the configuration to point to GCS. This is regardless of if the value already points to GCS or to a path on the file system.https://github.com/forseti-security/helm-charts/blob/5562e95d753803f3709e31740ec26d5a6aac4c9b/charts/forseti-security/templates/server/config-maps/configmap-conf.yaml#L24-L32
Proposal
With the merge of https://github.com/forseti-security/terraform-google-forseti/pull/319 the rules path will be set via the Terraform module before Helm is invoked. Replace the above lines with:
And replace with
Validation
GIVEN Forsti on-GKE WHEN deployed via Terraform THEN Forseti on-GKE successfully deploys