From f1624353efe8f34a1fc1498332a545e34896e0bc Mon Sep 17 00:00:00 2001
From: Timofei Larkin <lllamnyp@gmail.com>
Date: Thu, 17 Apr 2025 14:28:11 +0300
Subject: [PATCH] Hash tenant config and store in configmap

Every tenant now creates a configmap in its __tenant__ namespace with a
sha256 of its values. Tenants (and eventually all other apps), watch the
configmap in their __release__ namespace, by referencing it in the
valuesFrom part of the HelmRelease. `tenant-root` is an exception, since
it is the only tenant where the release namespace is the same as the
tenant namespace. It references a different configmap in its valesFrom,
created and reconciled by the cozystack installer script. Part of #802.

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
---
 .../apps/tenant/templates/configuration-hash.yaml  |  7 +++++++
 packages/core/platform/templates/apps.yaml         |  6 ++++++
 .../platform/templates/configuration-hash.yaml     | 14 ++++++++++++++
 pkg/apis/apps/v1alpha1/types.go                    |  6 ++++++
 pkg/registry/apps/application/rest.go              | 12 ++++++++++++
 5 files changed, 45 insertions(+)
 create mode 100644 packages/apps/tenant/templates/configuration-hash.yaml
 create mode 100644 packages/core/platform/templates/configuration-hash.yaml

diff --git a/packages/apps/tenant/templates/configuration-hash.yaml b/packages/apps/tenant/templates/configuration-hash.yaml
new file mode 100644
index 00000000..d918e3e6
--- /dev/null
+++ b/packages/apps/tenant/templates/configuration-hash.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cozy-tenant-configuration-hash
+  namespace: {{ include "tenant.name" . }}
+data:
+  cozyTenantConfigurationHash: {{ sha256sum (toJson .Values) | quote }}
diff --git a/packages/core/platform/templates/apps.yaml b/packages/core/platform/templates/apps.yaml
index f1872870..bdc3322f 100644
--- a/packages/core/platform/templates/apps.yaml
+++ b/packages/core/platform/templates/apps.yaml
@@ -54,6 +54,12 @@ spec:
         namespace: cozy-public
   values:
     host: "{{ $host }}"
+  valuesFrom:
+  - kind: ConfigMap
+    name: "cozy-system-configuration-hash"
+    valuesKey: "cozyTenantConfigurationHash"
+    targetPath: "cozyTenantConfigurationHash"
+    optional: true
   dependsOn:
   {{- range $x := $bundle.releases }}
   {{- if has $x.name (list "cilium" "kubeovn") }}
diff --git a/packages/core/platform/templates/configuration-hash.yaml b/packages/core/platform/templates/configuration-hash.yaml
new file mode 100644
index 00000000..8865a36c
--- /dev/null
+++ b/packages/core/platform/templates/configuration-hash.yaml
@@ -0,0 +1,14 @@
+{{- $rootTenantConfiguration := dict "values" .Values }}
+{{- $cozyConfig     := index (lookup "v1" "ConfigMap" "cozy-system" "cozystack"           ) "data" }}
+{{- $cozyScheduling := index (lookup "v1" "ConfigMap" "cozy-system" "cozystack-scheduling") "data" }}
+{{- $cozyBranding   := index (lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding"  ) "data" }}
+{{- $_ := set $rootTenantConfiguration "config" $cozyConfig }}
+{{- $_ := set $rootTenantConfiguration "scheduling" $cozyScheduling }}
+{{- $_ := set $rootTenantConfiguration "branding" $cozyBranding }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cozy-system-configuration-hash
+  namespace: tenant-root
+data:
+  cozyTenantConfigurationHash: {{ sha256sum (toJson $rootTenantConfiguration) | quote }}
diff --git a/pkg/apis/apps/v1alpha1/types.go b/pkg/apis/apps/v1alpha1/types.go
index 5a21d270..29d3d41e 100644
--- a/pkg/apis/apps/v1alpha1/types.go
+++ b/pkg/apis/apps/v1alpha1/types.go
@@ -21,6 +21,12 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+const (
+	CozySystemConfigurationHashConfigMapName = "cozy-system-configuration-hash"
+	CozyTenantConfigurationHashConfigMapName = "cozy-tenant-configuration-hash"
+	CozyTenantConfigurationHashKey           = "cozyTenantConfigurationHash"
+)
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ApplicationList is a list of Application objects.
diff --git a/pkg/registry/apps/application/rest.go b/pkg/registry/apps/application/rest.go
index 9a3eb32d..8688c94d 100644
--- a/pkg/registry/apps/application/rest.go
+++ b/pkg/registry/apps/application/rest.go
@@ -988,6 +988,18 @@ func (r *REST) convertApplicationToHelmRelease(app *appsv1alpha1.Application) (*
 		},
 	}
 
+	valuesFromConfigMap := appsv1alpha1.CozyTenantConfigurationHashConfigMapName
+	if helmRelease.Name == "tenant-root" && helmRelease.Namespace == "tenant-root" {
+		valuesFromConfigMap = appsv1alpha1.CozySystemConfigurationHashConfigMapName
+	}
+	helmRelease.Spec.ValuesFrom = []helmv2.ValuesReference{{
+		Kind:       "ConfigMap",
+		Name:       valuesFromConfigMap,
+		ValuesKey:  appsv1alpha1.CozyTenantConfigurationHashKey,
+		TargetPath: appsv1alpha1.CozyTenantConfigurationHashKey,
+		Optional:   true,
+	}}
+
 	return helmRelease, nil
 }