update trillian chart for iamUsername (sigstore#912)

Signed-off-by: Bob Callaway <[email protected]>
falcorocks · Feb 14, 2025 · 3fa65dc · 3fa65dc
1 parent dceb782
commit 3fa65dc
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 2 deletions.
diff --git a/charts/trillian/Chart.yaml b/charts/trillian/Chart.yaml
@@ -5,7 +5,7 @@ description: |
 
 type: application
 
-version: 0.3.0
+version: 0.3.1
 appVersion: 1.7.0
 
 keywords:

diff --git a/charts/trillian/README.md b/charts/trillian/README.md
@@ -2,7 +2,7 @@
 
 <!-- This README.md is generated. Please edit README.md.gotmpl -->
 
-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square)
+![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square)
 
 Trillian is a log that stores an accurate, immutable and verifiable history of activity.
 

diff --git a/charts/trillian/templates/_helpers.tpl b/charts/trillian/templates/_helpers.tpl
@@ -191,7 +191,11 @@ Log Server Arguments
 - {{ printf "--quota_system=%s" (include "trillian.quotaSystem" .) | quote }}
 {{- if eq (include "trillian.storageSystem" .) "mysql" }}
 {{- if and (.Values.mysql.gcp.enabled) (.Values.mysql.gcp.cloudsql.unixDomainSocket.enabled) }}
+{{- if .Values.mysql.gcp.cloudsql.iamUsername }}
+- {{ printf "--mysql_uri=%s@unix(%s/%s)/$(MYSQL_DATABASE)?parseTime=true" .Values.mysql.gcp.cloudsql.iamUsername .Values.mysql.gcp.cloudsql.unixDomainSocket.path .Values.mysql.gcp.instance | quote }}
+{{- else }}
 - {{ printf "--mysql_uri=$(MYSQL_USER):$(MYSQL_PASSWORD)@unix(%s/%s)/$(MYSQL_DATABASE)?parseTime=true" .Values.mysql.gcp.cloudsql.unixDomainSocket.path .Values.mysql.gcp.instance | quote }}
+{{- end }}
 {{- else }}
 - "--mysql_uri=$(MYSQL_USER):$(MYSQL_PASSWORD)@tcp($(MYSQL_HOSTNAME):$(MYSQL_PORT))/$(MYSQL_DATABASE)"
 {{- end }}
@@ -212,7 +216,11 @@ Log Signer Arguments
 - {{ printf "--quota_system=%s" (include "trillian.quotaSystem" .) | quote }}
 {{- if eq (include "trillian.storageSystem" .) "mysql" }}
 {{- if and (.Values.mysql.gcp.enabled) (.Values.mysql.gcp.cloudsql.unixDomainSocket.enabled) }}
+{{- if .Values.mysql.gcp.cloudsql.iamUsername }}
+- {{ printf "--mysql_uri=%s@unix(%s/%s)/$(MYSQL_DATABASE)?parseTime=true" .Values.mysql.gcp.cloudsql.iamUsername .Values.mysql.gcp.cloudsql.unixDomainSocket.path .Values.mysql.gcp.instance | quote }}
+{{- else }}
 - {{ printf "--mysql_uri=$(MYSQL_USER):$(MYSQL_PASSWORD)@unix(%s/%s)/$(MYSQL_DATABASE)?parseTime=true" .Values.mysql.gcp.cloudsql.unixDomainSocket.path .Values.mysql.gcp.instance | quote }}
+{{- end }}
 {{- else }}
 - "--mysql_uri=$(MYSQL_USER):$(MYSQL_PASSWORD)@tcp($(MYSQL_HOSTNAME):$(MYSQL_PORT))/$(MYSQL_DATABASE)"
 {{- end }}

diff --git a/charts/trillian/templates/createdb/createdb-job.yaml b/charts/trillian/templates/createdb/createdb-job.yaml
@@ -28,6 +28,9 @@ spec:
         - name: cloud-sql-proxy
           image: "{{ template "trillian.image" .Values.mysql.gcp.scaffoldSQLProxy }}"
           args: [
+            {{- if .Values.mysql.gcp.scaffoldSQLProxy.iamUsername }}
+            "--auto-iam-authn",
+            {{- end }}
             {{- range .Values.mysql.gcp.scaffoldSQLProxy.extraArgs | default list }}
             {{ . | quote }},
             {{- end }}
@@ -77,7 +80,11 @@ spec:
               value: "/var/exitdir"
           args: [
             "--db_name=$(MYSQL_DATABASE)",
+            {{- if .Values.mysql.gcp.scaffoldSQLProxy.iamUsername }}
+            {{ printf "--mysql_uri=%s@tcp($(MYSQL_HOSTNAME):$(MYSQL_PORT))/" .Values.mysql.gcp.scaffoldSQLProxy.iamUsername | quote }}
+            {{- else }}
             "--mysql_uri=$(MYSQL_USER):$(MYSQL_PASSWORD)@tcp($(MYSQL_HOSTNAME):$(MYSQL_PORT))/"
+            {{- end }}
           ]
           volumeMounts:
             - name: exit-dir

diff --git a/charts/trillian/templates/trillian-log-server/deployment.yaml b/charts/trillian/templates/trillian-log-server/deployment.yaml
@@ -62,6 +62,9 @@ spec:
           image: "{{ template "trillian.image" .Values.mysql.gcp.cloudsql }}"
           command:
             - "/cloud-sql-proxy"
+            {{- if (((.Values.mysql).gcp).cloudsql).iamUsername }}
+            - "--auto-iam-authn"
+            {{- end }}
             {{- if .Values.mysql.gcp.cloudsql.unixDomainSocket.enabled }}
             - "--unix-socket"
             - {{ .Values.mysql.gcp.cloudsql.unixDomainSocket.path | quote }}

diff --git a/charts/trillian/templates/trillian-log-signer/deployment.yaml b/charts/trillian/templates/trillian-log-signer/deployment.yaml
@@ -62,6 +62,9 @@ spec:
           image: "{{ template "trillian.image" .Values.mysql.gcp.cloudsql }}"
           command:
             - "/cloud-sql-proxy"
+            {{- if (((.Values.mysql).gcp).cloudsql).iamUsername }}
+            - "--auto-iam-authn"
+            {{- end }}
             {{- if .Values.mysql.gcp.cloudsql.unixDomainSocket.enabled }}
             - "--unix-socket"
             - {{ .Values.mysql.gcp.cloudsql.unixDomainSocket.path | quote }}