SONAR-24068 Fix SSF-681

SonarSource · Dec 20, 2024 · b929207 · b929207
1 parent 73b9094
commit b929207
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 4 deletions.
diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md
@@ -5,6 +5,7 @@ All changes to this chart will be documented in this file.
 * Update Chart's version to 2025.1.0
 * Update ingress-nginx subchart to 4.11.3
 * Support Kubernetes v1.32
+* Remove the default passcode provided with `monitoringPasscode`
 
 ## [10.8.1]
 * Update Chart's version to 10.8.1

diff --git a/charts/sonarqube-dce/Chart.yaml b/charts/sonarqube-dce/Chart.yaml
@@ -31,6 +31,8 @@ annotations:
       description: "Update ingress-nginx subchart to 4.11.3"
     - kind: changed
       description: "Support Kubernetes v1.32"
+    - kind: changed
+      description: "Remove the default passcode provided with 'monitoringPasscode'"
   artifacthub.io/links: |
     - name: support
       url: https://community.sonarsource.com/

diff --git a/charts/sonarqube-dce/README.md b/charts/sonarqube-dce/README.md
@@ -535,7 +535,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | Parameter                      | Description                                                                                                                              | Default          |
 | ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
 | `sonarqubeFolder`              | (DEPRECATED) Directory name of SonarQube, Due to 1-1 mapping between helm version and docker version, there is no need for configuration | `/opt/sonarqube` |
-| `monitoringPasscode`           | Value for sonar.web.systemPasscode needed for LivenessProbes (encoded to Base64 format)                                                  | `define_it`      |
+| `monitoringPasscode`           | Value for sonar.web.systemPasscode needed for LivenessProbes (encoded to Base64 format).                                                 | `None`           |
 | `monitoringPasscodeSecretName` | Name of the secret where to load `monitoringPasscode`                                                                                    | `None`           |
 | `monitoringPasscodeSecretKey`  | Key of an existing secret containing `monitoringPasscode`                                                                                | `None`           |
 | `extraContainers`              | Array of extra containers to run alongside the `sonarqube` container (aka. Sidecars)                                                     | `[]`             |

diff --git a/charts/sonarqube-dce/templates/validation.yaml b/charts/sonarqube-dce/templates/validation.yaml
@@ -0,0 +1,3 @@
+{{- if or (and (not .Values.monitoringPasscode) (not .Values.monitoringPasscodeSecretName) (not .Values.monitoringPasscodeSecretKey)) (and (not .Values.monitoringPasscodeSecretName) .Values.monitoringPasscodeSecretKey) (and .Values.monitoringPasscodeSecretName (not .Values.monitoringPasscodeSecretKey)) -}}
+{{- fail "\n ** The values.yaml file is not valid. ** \n Please provide a passcode either setting \"monitoringPasscode\" or \"monitoringPasscodeSecretName\" and \"monitoringPasscodeSecretKey\"" -}}
+{{- end -}}
diff --git a/charts/sonarqube-dce/values.yaml b/charts/sonarqube-dce/values.yaml
@@ -643,7 +643,7 @@ initFs:
 
 # a monitoring passcode needs to be defined in order to get reasonable probe results
 # not setting the monitoring passcode will result in a deployment that will never be ready
-monitoringPasscode: "define_it"
+# monitoringPasscode: "define_it"
 # Alternatively, you can define the passcode loading it from an existing secret specifying the right key
 # monitoringPasscodeSecretName: "pass-secret-name"
 # monitoringPasscodeSecretKey: "pass-key"

diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md
@@ -5,6 +5,7 @@ All changes to this chart will be documented in this file.
 * Update Chart's version to 2025.1.0
 * Update ingress-nginx subchart to 4.11.3
 * Support Kubernetes v1.32
+* Remove the default passcode provided with `monitoringPasscode`
 
 ## [10.8.1]
 * Update Chart's version to 10.8.1

diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml
@@ -36,6 +36,8 @@ annotations:
       description: "Update ingress-nginx subchart to 4.11.3"
     - kind: changed
       description: "Support Kubernetes v1.32"
+    - kind: changed
+      description: "Remove the default passcode provided with 'monitoringPasscode'"
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: sonarqube

diff --git a/charts/sonarqube/README.md b/charts/sonarqube/README.md
@@ -450,7 +450,7 @@ The following table lists the configurable parameters of the SonarQube chart and
 | `sonarProperties`              | Custom `sonar.properties` key-value pairs (e.g., "sonarProperties.sonar.forceAuthentication=true")                                       | `None`           |
 | `sonarSecretProperties`        | Additional `sonar.properties` key-value pairs to load from a secret                                                                      | `None`           |
 | `sonarSecretKey`               | Name of existing secret used for settings encryption                                                                                     | `None`           |
-| `monitoringPasscode`           | Value for sonar.web.systemPasscode needed for LivenessProbes (encoded to Base64 format)                                                  | `define_it`      |
+| `monitoringPasscode`           | Value for sonar.web.systemPasscode needed for LivenessProbes (encoded to Base64 format)                                                  | `None`           |
 | `monitoringPasscodeSecretName` | Name of the secret where to load `monitoringPasscode`                                                                                    | `None`           |
 | `monitoringPasscodeSecretKey`  | Key of an existing secret containing `monitoringPasscode`                                                                                | `None`           |
 | `extraContainers`              | Array of extra containers to run alongside the `sonarqube` container (aka. Sidecars)                                                     | `[]`             |

diff --git a/charts/sonarqube/templates/validation.yaml b/charts/sonarqube/templates/validation.yaml
@@ -0,0 +1,3 @@
+{{- if or (and (not .Values.monitoringPasscode) (not .Values.monitoringPasscodeSecretName) (not .Values.monitoringPasscodeSecretKey)) (and (not .Values.monitoringPasscodeSecretName) .Values.monitoringPasscodeSecretKey) (and .Values.monitoringPasscodeSecretName (not .Values.monitoringPasscodeSecretKey)) -}}
+{{- fail "\n ** The values.yaml file is not valid. ** \n Please provide a passcode either setting \"monitoringPasscode\" or \"monitoringPasscodeSecretName\" and \"monitoringPasscodeSecretKey\"" -}}
+{{- end -}}
diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml
@@ -432,7 +432,7 @@ jvmCeOpts: ""
 
 ## a monitoring passcode needs to be defined in order to get reasonable probe results
 # not setting the monitoring passcode will result in a deployment that will never be ready
-monitoringPasscode: "define_it"
+# monitoringPasscode: "define_it"
 # Alternatively, you can define the passcode loading it from an existing secret specifying the right key
 # monitoringPasscodeSecretName: "pass-secret-name"
 # monitoringPasscodeSecretKey: "pass-key"