Skip to content

Commit

Permalink
Support mongo server url path
Browse files Browse the repository at this point in the history 
Previously when `storage.docdb.mongo-server-url-dir` was set, then value
was read from the path specified in the field plus `MONGO_SERVER_URL`
i.e. (for e.g. /mnt/mongo-creds-secret/MONGO_SERVER_URL) so user had to
create the secret with the key `MONGO_SERVER_URL`

Hence, with this patch user can specify the path now and the tokwn will
be read from the path specified

Signed-off-by: PuneetPunamiya <[email protected]>
  • Loading branch information
@PuneetPunamiya
PuneetPunamiya committed Sep 26, 2024
1 parent 48647a1 commit 713cf03
Show file tree
Hide file tree
Showing 3 changed files with 146 additions and 61 deletions.
51 changes: 32 additions & 19 deletions docs/config.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,16 +62,17 @@ Supported keys include:

### Storage Configuration

| Key | Description | Supported Values | Default |
|:------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|
| `storage.gcs.bucket` | The GCS bucket for storage | | |
| `storage.oci.repository` | The OCI repo to store OCI signatures and attestation in | If left undefined _and_ one of `artifacts.{oci,taskrun}.storage` includes `oci` storage, attestations will be stored alongside the stored OCI artifact itself. ([example on GCP](../images/attestations-in-artifact-registry.png)) Defining this value results in the OCI bundle stored in the designated location _instead of_ alongside the image. See [cosign documentation](https://github.com/sigstore/cosign#specifying-registry) for additional information. | |
| `storage.docdb.url` | The go-cloud URI reference to a docstore collection | `firestore://projects/[PROJECT]/databases/(default)/documents/[COLLECTION]?name_field=name` | |
| `storage.docdb.mongo-server-url` (optional) | The value of MONGO_SERVER_URL env var with the MongoDB connection URI | Example: `mongodb://[USER]:[PASSWORD]@[HOST]:[PORT]/[DATABASE]` | |
| `storage.docdb.mongo-server-url-dir` (optional) | The path of the directory that contains the file named MONGO_SERVER_URL that stores the value of MONGO_SERVER_URL env var | If the file `/mnt/mongo-creds-secret/MONGO_SERVER_URL` has the value of MONGO_SERVER_URL, then set `storage.docdb.mongo-server-url-dir: /mnt/mongo-creds-secret` | |
| `storage.grafeas.projectid` | The project of where grafeas server is located for storing occurrences | | |
| `storage.grafeas.noteid` (optional) | This field will be used as the prefix part of the note name that will be created. The value of this field must be a string without spaces. (See more details [below](#grafeas).) | | |
| `storage.grafeas.notehint` (optional) | This field is used to set the [human_readable_name](https://github.com/grafeas/grafeas/blob/cd23d4dc1bef740d6d6d90d5007db5c9a2431c41/proto/v1/attestation.proto#L49) field in the Grafeas ATTESTATION note. If it is not provided, the default `This attestation note was generated by Tekton Chains` will be used. | | |
| Key | Description | Supported Values | Default |
|:-------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|
| `storage.gcs.bucket` | The GCS bucket for storage | | |
| `storage.oci.repository` | The OCI repo to store OCI signatures and attestation in | If left undefined _and_ one of `artifacts.{oci,taskrun}.storage` includes `oci` storage, attestations will be stored alongside the stored OCI artifact itself. ([example on GCP](../images/attestations-in-artifact-registry.png)) Defining this value results in the OCI bundle stored in the designated location _instead of_ alongside the image. See [cosign documentation](https://github.com/sigstore/cosign#specifying-registry) for additional information. | |
| `storage.docdb.url` | The go-cloud URI reference to a docstore collection | `firestore://projects/[PROJECT]/databases/(default)/documents/[COLLECTION]?name_field=name` | |
| `storage.docdb.mongo-server-url` (optional) | The value of MONGO_SERVER_URL env var with the MongoDB connection URI | Example: `mongodb://[USER]:[PASSWORD]@[HOST]:[PORT]/[DATABASE]` | |
| `storage.docdb.mongo-server-url-dir` (optional) | The path of the directory that contains the file named MONGO_SERVER_URL that stores the value of MONGO_SERVER_URL env var | If the file `/mnt/mongo-creds-secret/MONGO_SERVER_URL` has the value of MONGO_SERVER_URL, then set `storage.docdb.mongo-server-url-dir: /mnt/mongo-creds-secret` | |
| `storage.docdb.mongo-server-url-path` (optional) | The path of the file that contains that stores the value of mongo server url | If the file `/mnt/mongo-creds-secret/mongo-server-url` has the value, then set `storage.docdb.mongo-server-url-path: /mnt/mongo-creds-secret/mongo-server-url` | |
| `storage.grafeas.projectid` | The project of where grafeas server is located for storing occurrences | | |
| `storage.grafeas.noteid` (optional) | This field will be used as the prefix part of the note name that will be created. The value of this field must be a string without spaces. (See more details [below](#grafeas).) | | |
| `storage.grafeas.notehint` (optional) | This field is used to set the [human_readable_name](https://github.com/grafeas/grafeas/blob/cd23d4dc1bef740d6d6d90d5007db5c9a2431c41/proto/v1/attestation.proto#L49) field in the Grafeas ATTESTATION note. If it is not provided, the default `This attestation note was generated by Tekton Chains` will be used. | | |

#### docstore

Expand All @@ -84,15 +85,27 @@ You can read about the go-cloud docstore URI format [here](https://gocloud.dev/h
#### MongoDB

With MongoDB you will need to supply the value of `MONGO_SERVER_URL` env var with the MongoDB connection URI to the Tekton Chains, the go-cloud URI is just to point at the db and collection.
This can be achieved in a few ways:

- Setting the `MONGO_SERVER_URL` env var in the `tekton-chains-controller` deployment.
- Setting the value of `storage.docdb.mongo-server-url` field.
- This field takes precedence over the `MONGO_SERVER_URL` env var.
- Setting the value of `storage.docdb.mongo-server-url-dir` field.
- This field takes precedence over `storage.docdb.mongo-server-url` and `MONGO_SERVER_URL` env var.
- The value should point to a directory that has a file named `MONGO_SERVER_URL` that contains the env var. Each time the file is updated, the new value will be read.
- One common use case is to store the value of `MONGO_SERVER_URL` in a secret with the key `MONGO_SERVER_URL` and mount the secret at the path specified in this field. When the secret is updated, the new value will be fetched by Tekton Chains.

You can provide MongoDB connection through different options

* Using MONGO_SERVER_URL Environment Variable
* User can set the MongoDB connection URL in the MONGO_SERVER_URL env var in the Chains deployment

* Using `storage.docdb.mongo-server-url` field in the chains-config configmap
* Alternatively, you can set the connection URL using the `storage.docdb.mongo-server-url` field in the chains-config configmap
* This field overrides the MONGO_SERVER_URL env var

* Using `storage.docdb.mongo-server-url-dir` field
* Another option is to set `storage.docdb.mongo-server-url-dir`, which points to a directory containing a file named `MONGO_SERVER_URL`
* The directory path setting takes precedence over both `storage.docdb.mongo-server-url` and the `MONGO_SERVER_URL` env var
* For instance, if `/mnt/mongo-creds-secret/MONGO_SERVER_URL` contains the MongoDB URL, set `storage.docdb.mongo-server-url-dir`: `/mnt/mongo-creds-secret`

* Using `storage.docdb.mongo-server-url-path` field
* You can use `storage.docdb.mongo-server-url-path` field in chains-config configmap to directly reference the file containing the MongoDB URL
* This field overrides all others (`mongo-server-url-dir, mongo-server-url, and MONGO_SERVER_URL env var`)
* For instance, if `/mnt/mongo-creds-secret/mongo-server-url` contains the MongoDB URL, then set `storage.docdb.mongo-server-url-path`: `/mnt/mongo-creds-secret/mongo-server-url`

**NOTE** :- When using `storage.docdb.mongo-server-url-dir` or `storage.docdb.mongo-server-url-path` field, store the value of mongo server url in a secret and mount the secret. When the secret is updated, the new value will be fetched by Tekton Chains controller

#### Grafeas

Expand Down
Loading

0 comments on commit 713cf03

Please sign in to comment.