Integrate CKEditor 4 LTS

With CKEditor 4 reaching EOL, we will update all websites to CKEditor 4 LTS.

---

Validations

• Make sure previous behavior is kept
• Extensions work as expected on clones
• Were the extensions enabled by default on new instances?

---

Actions:

The LTS version comes with a license key that must be set to all instances.

The license should be kept secret, and as such the path /admin/config/ckeditor-lts/settings should be inaccessible to users, and key injection should be done outside the image code-base to avoid exposing it.

---

Relevant MRs:

Cern-Drupal-Distribution MR: !251 (merged)

added In progress label

assigned to @fborgesa

Website with LTS version installed.

changed the description

changed the description

added In review label and removed In progress label

assigned to @cpetala

unassigned @fborgesa

added In progress label and removed In review label

mentioned in merge request !251 (merged)

added to epic &5

changed title from Integrate CKEditor 4 LTS to Investigation: Integrate CKEditor 4 LTS

changed iteration to Sprints Jul 22, 2024 - Aug 4, 2024

added time estimate of 2w

changed time estimate to 1w from 2w

Investigation details for the task in drupalsite-operator!217 (merged).

After aligning with @fborgesa, we have decided to keep the majority of the work done in the code but take a little different direction on the implementation part. We agreed to set the license key as an environment variable to the php-fpm container but pass it as an input (similar to the multiple input points), so as to keep the standard used with other input values given to the operator. So as a first step, the input part was tested here drupalsite-operator@67b2e896, my dev-cluster was reconfigured to point to the latest targetRevision of the operator's image and a test drupalsite was created in my dev-cluster. Result:

• Pods created successfully / Running
• Parameter passed as expected:
• Environmental variable CKEDITOR_LICENSE_KEY with dummy value passed to the php-fpm container:

[root@drupal-dev ~]# oc exec -it test-77859f8645-spl2s -c php-fpm -- sh
/app $ echo $CKEDITOR_LICENSE_KEY
DUMMY_LICENSE_KEY_FOR_TESTING

Hello @fborgesa,

As we discussed last week and if my understanding is correct, next step would be to add the license key value in VAULT and then use the path to set this secret to the values.yaml of the okd4-install repo (drupal-ckeditor4-lts branch: https://gitlab.cern.ch/paas-tools/okd4-install/-/tree/drupal-ckeditor4-lts?ref_type=heads). I found the relevant documentation and I believe the way to go is:

1. Use this already created MR (https://gitlab.cern.ch/paas-tools/okd4-install/-/merge_requests/1618) to notify someone from the openshift-admins group to create the secret in VAULT (provide them the key-value pair).

• Question here is… do we ask to do it first only for the dev environment and if all goes well we add more environments or we do it for all the environment from the beginning?
• Also do we have to share more info apart from the key-value pair we want to add as a secret or this would be enough?

2. Afterwards I believe we should take the path and add it to the chart/values.yaml file. I imagine it to be something like that: ckeditorLicenseKey: <path:/okd-secrets/data/ckeditor/credentials#license_key#1>

3. From the operator side, the dummy value that was placed for testing purposes will be removed and we will leave it as an empty string.

4. Then it should be verified if other code changes are needed for the environmental variable to be passed to the php-fpm container as it did before (with the dummy value).

Do you believe I am missing anything or is there another/better/preferred way to do the above?

Thank you