Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: keys are not idempotent #10

Merged
merged 1 commit into from
Dec 30, 2024
Merged

fix: keys are not idempotent #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,7 @@ repos:
rev: v0.1.17
hooks:
- id: kubeconform-helm
args: [--strict]
args:
- --summary
- --strict
- --values-dir postal/ci
2 changes: 2 additions & 0 deletions postal/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@ A Helm chart for Kubernetes
| global.existingSecretName | string | `""` | |
| global.maximumDeliveryAttempts | int | `18` | |
| global.maximumHoldExpiryDays | int | `7` | |
| global.railsSecretKey | string | `""` | the secret key used to sign and encrypt cookies and session data in the application. Generate it using openssl rand -hex 64 |
| global.secretName | string | `"postal"` | |
| global.signingKey | string | `""` | key used to sign emails. Generate it using openssl genrsa -out path/to/signing.key 2048 |
| global.smtpHostname | string | `"localhost"` | |
| global.smtpRelays | string | `""` | |
| global.spamFailureThreshold | int | `20` | |
Expand Down
32 changes: 32 additions & 0 deletions postal/ci/base-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,34 @@
global:
railsSecretKey: 61a476b314ca633b67734951b4565f1f27489195e3ba0be5b569e4385d776cd126c3000df6c046de338719c14d36c8a7867140a741e76b6ea3d4a15b11c6af94
signingKey: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7FSCnvzdKiA7d
+q47EXn4gXx96+maosDtg49W+AF6owNilF/ptAIE8Cm+NLIOZ/bQnIL1n1yP72iN
rPtJylDNfoYJMyzCBmQib/8RqBVCDXnR0KbrMoogeofAVbUY75iw+B+S2ZbGv97I
A+5k5r5feZWvzoRHSNk5Bn11/Eg1DhnIvqtvPtKmaHetJAVBO299cB+mALUzQE5X
KLU8EVEAPF6AGaEtDuHGdvkn3gNGlaiEQ46/MsEWoLSSJxCaxyImZTtYFuTK0lQM
bS3a8lL/Wl0RuMX0XLCNJim3QYQPxmghieK/khXCKKaslHIIMEkCiPBkmot/Mipw
iu9ih531AgMBAAECggEAU6puMTbdxlI0u+dJFheJwa4++52Oml5hA5eLeixtlOfk
MqkCf+TF5ml1cZ/lZXXvNnpYQvqjDafWzU1oECcPnecQkHq3cIolLBWEL+RIpYKb
UU8L5zFx/nZt0YFC/UTht3svu5/dw0K5oh/H9I4Q42ffnoEwPSUCKHOTljleHYNN
WQSlxo+j1XETmVcJBASJ977aXFDOyxL+/4qFLGRq7J9ru9VWYK2VZ5mXx22tdnXu
NIu11FD3SnFduKSpS1T0ZX51b680w+i4cy5mjwC1H0u4yYYSvVpMxOjxWqrqInr2
hnmzGKKwFQX/tlZlJ3Fsi234NvAbd0ZCUUTOaZ33fQKBgQDvCaUTEGAkb9TlPcN3
L9KvQvxVCtK0Fg537vDZtQMxAdyVZDR8zFeytat4XldXKf7/7XIwt1RSVny04wPn
4jWaEcYlw4H+UHDPDq8sawp3/k3vonorh1eM4ZIlzOWyMUBEMDn5X3XEe+n+K89d
R16Lv8oGCF9zc+BHpn0vVwRCjwKBgQDIW6qQVT/f8mMIsCWVyfJ+j0rRHuLTTXIs
5ECn2tuTV2J2xnHV/EBgTyjPhR0DBNg7Q4R5XF5PNOXeY1g2jDraQnzWPIX6UmYX
3ye9PkPdIqJWWNm3nOcBEirpGFxsmQgDj1gFYBhUCXpepBdfl4ssWPzzfRiUj2fZ
GRvXfBbJOwKBgQCp5A36HbJnU0BZ6erp5Ah23kIfY0DcE60W2rE92mQ5SZxwZTbU
2BsgffQv6cVjwwpk9WsqarI4jxW1LoARJ/p21Vkib/ENQjjbQRGJnU5keE8GGVGB
bIDyNUQ9L4K1gkGt9STPM2StUHC/YH3SSy5MXvSEEyFcGih2ZEMnCU6SywKBgGUt
XTGryyjFF1vA0AoXRBzDMa3u4e6AsoKW9UuOismaHEAMsFm2G7BG6T36Y48tuCAd
VV2P1pQ7C0XFdzt8jw+++ZmaULH7QFEXwNKhCdY28jGWhsNhOYph6UdypOG2WcSq
c3GreD2f16rJRIBiX8aSXZJ7/piu3mtUcancoQkXAoGAceHeeqfkgzBIaQ/eyp1/
1Ri30uMr2VAEr8SRqPHk940cZVSoPjqdvDph4NpDb2h0Sch1A93K2QH5fKeoTwWb
MtOHJv8UieLT+5AtJp9/1VDI7bTnpj8y9GzYcKKPkiDMa6FOJdBj/qyHATIGyHA8
wwoL2dTdesL4u1/nRHp19lU=
-----END PRIVATE KEY-----

image:
registry: fake.registry
Empty file removed postal/ci/empty-values.yaml
View file
Open in desktop
Empty file.
32 changes: 32 additions & 0 deletions postal/ci/ingress-values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,35 @@
global:
railsSecretKey: 61a476b314ca633b67734951b4565f1f27489195e3ba0be5b569e4385d776cd126c3000df6c046de338719c14d36c8a7867140a741e76b6ea3d4a15b11c6af94
signingKey: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7FSCnvzdKiA7d
+q47EXn4gXx96+maosDtg49W+AF6owNilF/ptAIE8Cm+NLIOZ/bQnIL1n1yP72iN
rPtJylDNfoYJMyzCBmQib/8RqBVCDXnR0KbrMoogeofAVbUY75iw+B+S2ZbGv97I
A+5k5r5feZWvzoRHSNk5Bn11/Eg1DhnIvqtvPtKmaHetJAVBO299cB+mALUzQE5X
KLU8EVEAPF6AGaEtDuHGdvkn3gNGlaiEQ46/MsEWoLSSJxCaxyImZTtYFuTK0lQM
bS3a8lL/Wl0RuMX0XLCNJim3QYQPxmghieK/khXCKKaslHIIMEkCiPBkmot/Mipw
iu9ih531AgMBAAECggEAU6puMTbdxlI0u+dJFheJwa4++52Oml5hA5eLeixtlOfk
MqkCf+TF5ml1cZ/lZXXvNnpYQvqjDafWzU1oECcPnecQkHq3cIolLBWEL+RIpYKb
UU8L5zFx/nZt0YFC/UTht3svu5/dw0K5oh/H9I4Q42ffnoEwPSUCKHOTljleHYNN
WQSlxo+j1XETmVcJBASJ977aXFDOyxL+/4qFLGRq7J9ru9VWYK2VZ5mXx22tdnXu
NIu11FD3SnFduKSpS1T0ZX51b680w+i4cy5mjwC1H0u4yYYSvVpMxOjxWqrqInr2
hnmzGKKwFQX/tlZlJ3Fsi234NvAbd0ZCUUTOaZ33fQKBgQDvCaUTEGAkb9TlPcN3
L9KvQvxVCtK0Fg537vDZtQMxAdyVZDR8zFeytat4XldXKf7/7XIwt1RSVny04wPn
4jWaEcYlw4H+UHDPDq8sawp3/k3vonorh1eM4ZIlzOWyMUBEMDn5X3XEe+n+K89d
R16Lv8oGCF9zc+BHpn0vVwRCjwKBgQDIW6qQVT/f8mMIsCWVyfJ+j0rRHuLTTXIs
5ECn2tuTV2J2xnHV/EBgTyjPhR0DBNg7Q4R5XF5PNOXeY1g2jDraQnzWPIX6UmYX
3ye9PkPdIqJWWNm3nOcBEirpGFxsmQgDj1gFYBhUCXpepBdfl4ssWPzzfRiUj2fZ
GRvXfBbJOwKBgQCp5A36HbJnU0BZ6erp5Ah23kIfY0DcE60W2rE92mQ5SZxwZTbU
2BsgffQv6cVjwwpk9WsqarI4jxW1LoARJ/p21Vkib/ENQjjbQRGJnU5keE8GGVGB
bIDyNUQ9L4K1gkGt9STPM2StUHC/YH3SSy5MXvSEEyFcGih2ZEMnCU6SywKBgGUt
XTGryyjFF1vA0AoXRBzDMa3u4e6AsoKW9UuOismaHEAMsFm2G7BG6T36Y48tuCAd
VV2P1pQ7C0XFdzt8jw+++ZmaULH7QFEXwNKhCdY28jGWhsNhOYph6UdypOG2WcSq
c3GreD2f16rJRIBiX8aSXZJ7/piu3mtUcancoQkXAoGAceHeeqfkgzBIaQ/eyp1/
1Ri30uMr2VAEr8SRqPHk940cZVSoPjqdvDph4NpDb2h0Sch1A93K2QH5fKeoTwWb
MtOHJv8UieLT+5AtJp9/1VDI7bTnpj8y9GzYcKKPkiDMa6FOJdBj/qyHATIGyHA8
wwoL2dTdesL4u1/nRHp19lU=
-----END PRIVATE KEY-----

ingress:
enabled: true
className: "nginx"
Expand Down
4 changes: 2 additions & 2 deletions postal/templates/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ metadata:
{{- end }}
data:
mariadb-password: {{ .Values.mariadb.auth.password | b64enc | quote }}
signing-key: {{ $key | b64enc | quote }}
rails-secret-key: {{ $key | b64enc | quote }}
signing-key: {{ .Values.global.signingKey | required "You must provide a global.signingKey value" | b64enc | quote }}
rails-secret-key: {{ .Values.global.railsSecretKey | required "You must provide a global.railsSecretKey value" | b64enc | quote }}
{{- end }}
6 changes: 6 additions & 0 deletions postal/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ commonsAnnotations: {}
global:
# use an existing secret instead of the automaticaly generated one
existingSecretName: ""
# -- key used to sign emails.
# Generate it using openssl genrsa -out path/to/signing.key 2048
signingKey: ""
# -- the secret key used to sign and encrypt cookies and session data in the application.
# Generate it using openssl rand -hex 64
railsSecretKey: ""
# The hostname that the Postal web interface runs on
webHostname: localhost
# The HTTP protocol to use for the Postal web interface
Expand Down