update secret validation to allow stringData and remove manual generation of postgres user credentials

This commit is contained in:
Kjeld Schouten-Lebbing
2023-03-01 22:11:28 +01:00
parent 001bd213b7
commit 7a97e38b22
5 changed files with 9 additions and 38 deletions

View File

@@ -28,9 +28,6 @@ metadata:
spec:
instances: {{ $values.instances | default 2 }}
superuserSecret:
name: {{ $cnpgClusterName }}-superuser
{{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}}
{{- $fetchname := printf "%s-dbcreds" $basename -}}
{{- $olddbprevious1 := lookup "v1" "Secret" .Release.Namespace $fetchname }}

View File

@@ -1,8 +0,0 @@
{{- define "tc.v1.common.lib.cnpg.secret.superuser" -}}
{{- $pgPass := .pgPass }}
enabled: true
stringData:
username: {{ "postgres" }}
password: {{ $pgPass }}
type: kubernetes.io/basic-auth
{{- end -}}

View File

@@ -3,7 +3,7 @@
{{- $values := .values -}}
enabled: true
type: kubernetes.io/basic-auth
stringData:
data:
username: {{ $values.user }}
password: {{ $dbPass }}
{{- end -}}

View File

@@ -10,11 +10,11 @@ objectData:
{{- define "tc.v1.common.lib.secret.validation" -}}
{{- $objectData := .objectData -}}
{{- if not $objectData.data -}}
{{- fail "Secret - Expected non-empty <data>" -}}
{{- if and ( not $objectData.data ) ( not $objectData.stringData ) -}}
{{- fail "Secret - Expected non-empty <data> or <stringData>" -}}
{{- end -}}
{{- if not (kindIs "map" $objectData.data) -}}
{{- if and $objectData.data (not (kindIs "map" $objectData.data)) -}}
{{- fail (printf "Secret - Expected <data> to be a dictionary, but got [%v]" (kindOf $objectData.data)) -}}
{{- end -}}

View File

@@ -45,28 +45,11 @@
{{- $dbPass = $cnpgValues.password | default ( randAlphaNum 62 ) }}
{{- end }}
{{- $pgPass := "" }}
{{- $pgprevious := lookup "v1" "Secret" $.Release.Namespace ( printf "%s-superuser" $cnpgValues.name ) }}
{{- if $pgprevious }}
{{- $pgPass = ( index $pgprevious.data "password" ) }}
{{- else if and $.Values.postgresql.enabled $olddbprevious1 $.Release.IsUpgrade }}
{{- $pgPass = ( index $olddbprevious1.data "postgresql-postgres-password" ) | b64dec }}
{{- else if and $.Values.postgresql.enabled $olddbprevious2 $.Release.IsUpgrade }}
{{- $pgPass = ( index $olddbprevious2.data "postgresql-postgres-password" ) | b64dec }}
{{- else }}
{{- $pgPass = $cnpgValues.superUserPassword | default ( randAlphaNum 62 ) }}
{{- end }}
{{- $std := ( ( printf "postgresql://%v:%v@%v-rw:5432/%v" $cnpgValues.user $dbPass $cnpgValues.name $cnpgValues.database ) | b64enc | quote ) }}
{{- $nossl := ( ( printf "postgresql://%v:%v@%v-rw:5432/%v?sslmode=disable" $cnpgValues.user $dbPass $cnpgValues.name $cnpgValues.database ) | b64enc | quote ) }}
{{- $porthost := ( ( printf "%s-rw:5432" $cnpgValues.name ) | b64enc | quote ) }}
{{- $host := ( ( printf "%s-rw" $cnpgValues.name ) | b64enc | quote ) }}
{{- $jdbc := ( ( printf "jdbc:postgresql://%v-rw:5432/%v" $cnpgValues.name $cnpgValues.database ) | b64enc | quote ) }}
{{- $superuserSecret := include "tc.v1.common.lib.cnpg.secret.superuser" (dict "pgPass" $pgPass ) | fromYaml }}
{{- if $superuserSecret }}
{{- $_ := set $.Values.secret ( printf "cnpg-%s-superuser" $cnpgValues.shortName ) $superuserSecret }}
{{- end }}
{{- $std := ( ( printf "postgresql://%v:%v@%v-rw:5432/%v" $cnpgValues.user $dbPass $cnpgValues.name $cnpgValues.database ) | quote ) }}
{{- $nossl := ( ( printf "postgresql://%v:%v@%v-rw:5432/%v?sslmode=disable" $cnpgValues.user $dbPass $cnpgValues.name $cnpgValues.database ) | quote ) }}
{{- $porthost := ( ( printf "%s-rw:5432" $cnpgValues.name ) | quote ) }}
{{- $host := ( ( printf "%s-rw" $cnpgValues.name ) | quote ) }}
{{- $jdbc := ( ( printf "jdbc:postgresql://%v-rw:5432/%v" $cnpgValues.name $cnpgValues.database ) | quote ) }}
{{- $userSecret := include "tc.v1.common.lib.cnpg.secret.user" (dict "values" $cnpgValues "dbPass" $dbPass ) | fromYaml }}
{{- if $userSecret }}
@@ -79,7 +62,6 @@
{{- end }}
{{- $_ := set $cnpgValues.creds "password" ( $dbPass | quote ) }}
{{- $_ := set $cnpgValues.creds "superUserPassword" ( $pgPass | quote ) }}
{{- $_ := set $cnpgValues.creds "std" $std }}
{{- $_ := set $cnpgValues.creds "nossl" $nossl }}
{{- $_ := set $cnpgValues.creds "porthost" $porthost }}