-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add password for nats #477
Conversation
WalkthroughThis pull request includes several updates to the NATS application configuration files. The Changes
Possibly related PRs
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (6)
packages/apps/nats/values.yaml (2)
7-8
: Enhance authentication parameter documentationThe documentation should be more explicit about security implications. Consider adding:
- Minimum password requirements
- Warning about storing credentials in plaintext
- Recommendation to use secrets management in production
-## @param nats username, if empty no auth -## @param nats password, if empty no auth +## @param username NATS authentication username. If empty, authentication is disabled (not recommended for production) +## @param password NATS authentication password. If empty, authentication is disabled. Should be stored securely using +## Kubernetes secrets in production environments. Ensure password meets minimum security requirements.
13-14
: Consider adding validation for authentication parametersWhen authentication is enabled (either username or password is set), both parameters should be required to prevent misconfiguration.
Consider implementing validation in the Helm chart to ensure both username and password are provided when authentication is enabled. This could be done through the values schema or in the templates.
Would you like me to provide an example of how to implement this validation?
packages/apps/nats/README.md (1)
12-13
: Consider adding security best practices to the documentation.While the basic parameter documentation is good, consider adding:
- A security note recommending the use of authentication in production
- Guidelines for secure credential management (e.g., using Kubernetes secrets)
- Warning about storing credentials in plain text values files
Example addition:
| `username` | Nats username, if empty no auth | `""` | | `password` | Nats password, if empty no auth | `""` | + +### Security Considerations + +- It's recommended to enable authentication in production environments +- Store credentials using Kubernetes secrets rather than plain text +- Avoid committing credentials to version control +- Consider using external secret management solutionspackages/apps/nats/values.schema.json (2)
20-28
: Consider enhancing security-related documentation and handling.The schema structure for authentication fields is correct, but consider the following security recommendations:
- Add a note in the description that these values should be provided via secrets management
- Consider marking these fields with additional metadata to indicate they contain sensitive information
25-28
: Add password validation rules.Consider adding JSON schema validation rules for the password field to enforce security best practices:
- Minimum length requirement
- Character complexity requirements (special chars, numbers, etc.)
Example enhancement:
"password": { "type": "string", - "description": "Nats password, if empty no auth", + "description": "Nats password, if empty no auth. Should be at least 8 characters with mixed case, numbers and special characters", + "pattern": "^$|^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[@$!%*?&])[A-Za-z\\d@$!%*?&]{8,}$", "default": "" }packages/apps/nats/templates/nats.yaml (1)
23-25
: Consider supporting multiple user accountsThe current implementation only supports a single user under account "A". For better scalability and access control, consider:
- Supporting multiple users
- Allowing different permission levels
- Supporting multiple accounts
Example structure:
accounts: $ACCOUNT_NAME: users: - user: $USERNAME password: $PASSWORD permissions: $PERMISSIONS
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (8)
.pre-commit-config.yaml
(0 hunks)packages/apps/nats/Chart.yaml
(1 hunks)packages/apps/nats/README.md
(1 hunks)packages/apps/nats/templates/nats.yaml
(1 hunks)packages/apps/nats/values.schema.json
(1 hunks)packages/apps/nats/values.yaml
(1 hunks)packages/apps/versions_map
(1 hunks)packages/system/nats/values.yaml
(1 hunks)
💤 Files with no reviewable changes (1)
- .pre-commit-config.yaml
🧰 Additional context used
🪛 yamllint
packages/apps/nats/templates/nats.yaml
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
🔇 Additional comments (7)
packages/system/nats/values.yaml (1)
8-11
: Verify cluster domain configuration for NATS routing
The cluster domain is set to cozy.local
. Please ensure this matches your Kubernetes cluster's domain configuration.
✅ Verification successful
Domain configuration cozy.local
is consistently used across the system
The cluster domain cozy.local
is consistently used across multiple system components:
- MariaDB Operator (
clusterName
) - NATS (
k8sClusterDomain
) - Kafka Operator (
kubernetesServiceDnsDomain
) - FluxCD (
domain
) - ClickHouse (
namespaceDomainPattern
)
However, let me verify the original concern about missing password configuration.
Let me check the other NATS configuration files to see if authentication is configured elsewhere.
Authentication support has been properly implemented
The PR correctly implements NATS authentication as shown in the git diff:
- Authentication parameters (username/password) are added to the schema and documentation
- Template logic in
packages/apps/nats/templates/nats.yaml
handles the auth configuration - The implementation is optional (activated only when both username and password are provided)
- Values are properly templated:
user: "{{ .Values.username }}", password: "{{ .Values.password }}"
The cluster domain configuration (cozy.local
) is also consistent with other system components.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for any other references to cluster domain in the codebase
# to ensure consistency and verify if this is the standard domain used.
echo "Searching for other cluster domain configurations..."
rg -g '*.yaml' -g '*.yml' 'cozy.local'
Length of output: 579
Script:
#!/bin/bash
# Check for any auth/password configurations in NATS
echo "Checking NATS values for auth configurations..."
cat packages/system/nats/values.yaml
echo -e "\nChecking for any other NATS configuration files..."
fd -e yaml -e yml nats
Length of output: 622
Script:
#!/bin/bash
# Check other NATS configuration files for auth settings
echo "Content of NATS template:"
cat packages/apps/nats/templates/nats.yaml
echo -e "\nContent of NATS container config:"
cat packages/system/nats/charts/nats/files/stateful-set/nats-container.yaml
echo -e "\nChecking for any auth-related changes in git diff:"
git diff HEAD^1 -- '**/nats/**'
Length of output: 7771
packages/apps/nats/values.yaml (1)
13-14
: Verify secure credential handling in templates
The credentials appear to be defined as plain values. Let's verify how they're handled in the templates and if there's proper integration with Kubernetes secrets.
packages/apps/nats/README.md (1)
12-13
: LGTM! Documentation clearly describes the new authentication parameters.
The table formatting is consistent, and the parameter descriptions accurately reflect their optional nature.
packages/apps/nats/Chart.yaml (1)
19-19
: LGTM! Version increment is appropriate.
The version bump from 0.2.0 to 0.3.0 follows semantic versioning as adding authentication is a backwards-compatible feature addition.
Let's verify the authentication-related changes mentioned in the PR objective:
✅ Verification successful
Let me gather more specific information about the authentication implementation:
Version bump is appropriate and authentication is properly implemented
The version increment from 0.2.0 to 0.3.0 is justified as the PR successfully implements NATS authentication:
- Authentication parameters are properly defined in
values.yaml
with appropriate documentation - Schema validation is in place for both username and password
- The template correctly implements conditional authentication in
nats.yaml
using the provided credentials - Changes are well-documented in the README
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify the implementation of NATS authentication
# Expected: Find username/password configurations in values.yaml and related files
# Check for authentication-related changes in NATS configuration
echo "Checking for authentication configurations..."
rg -l "username|password" "packages/apps/nats/"
# Check for any remaining TODO/FIXME comments related to authentication
echo "Checking for pending authentication tasks..."
rg -i "todo.*auth|fixme.*auth" "packages/apps/nats/"
# Verify if authentication is documented
echo "Checking documentation updates..."
rg -i "auth|username|password" "packages/apps/nats/README.md"
Length of output: 734
Script:
#!/bin/bash
# Check the actual authentication configuration in values.yaml
echo "=== Values.yaml configuration ==="
rg -A 2 -B 2 "username|password" "packages/apps/nats/values.yaml"
# Check how authentication is implemented in templates
echo -e "\n=== Template implementation ==="
rg -A 2 -B 2 "username|password" "packages/apps/nats/templates/nats.yaml"
# Check schema validation for authentication
echo -e "\n=== Schema validation ==="
rg -A 2 -B 2 "username|password" "packages/apps/nats/values.schema.json"
Length of output: 1341
packages/apps/nats/templates/nats.yaml (2)
23-26
: Verify input validation for credentials
The template directly injects values without any validation. This could lead to:
- Invalid NATS configuration if special characters are used
- Potential template injection vulnerabilities
#!/bin/bash
# Check if there's any input validation in values.schema.json
rg -A 5 '"username"|"password"' packages/apps/nats/values.schema.json
# Look for any existing validation patterns in other NATS configs
fd -e yaml -e json . packages/apps/nats/ --exec grep -l 'pattern.*username\|pattern.*password' {} \;
21-27
: Verify the impact on existing connections
Adding authentication could impact existing NATS clients. Ensure that:
- All clients are updated to use credentials
- There's a migration plan for existing deployments
🧰 Tools
🪛 yamllint
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
packages/apps/versions_map (1)
51-52
: LGTM! Version bump aligns with the authentication changes.
The version increment from 0.2.0 to 0.3.0 appropriately reflects the addition of authentication features (username/password) as a new backward-compatible functionality.
{{- if and .Values.username .Values.password }} | ||
merge: | ||
accounts: | ||
A: | ||
users: | ||
- {user: "{{ .Values.username }}", password: "{{ .Values.password }}"} | ||
{{- end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Consider using Kubernetes Secrets for credentials
While the implementation works, storing credentials directly in Helm values is not the most secure approach. Consider using Kubernetes Secrets instead.
Example approach:
- Create a Kubernetes Secret containing the credentials
- Reference the Secret in the NATS configuration
- {{- if and .Values.username .Values.password }}
- merge:
- accounts:
- A:
- users:
- - {user: "{{ .Values.username }}", password: "{{ .Values.password }}"}
- {{- end }}
+ {{- if .Values.existingSecret }}
+ merge:
+ accounts:
+ A:
+ users:
+ - {user: "{{ .Values.existingSecret.userKey }}", password: "{{ .Values.existingSecret.passwordKey }}"}
+ {{- end }}
Committable suggestion skipped: line range outside the PR's diff.
🧰 Tools
🪛 yamllint
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
packages/apps/nats/values.yaml
Outdated
## @param nats username, if empty no auth | ||
## @param nats password, if empty no auth | ||
## | ||
external: false | ||
replicas: 2 | ||
storageClass: "" | ||
username: | ||
password: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's keep the format we're using in other apps like postgres, mysql, rabbitmq, vpn and so on:
cozystack/packages/apps/postgres/values.yaml
Lines 28 to 36 in 47bd46c
## @param users [object] Users configuration | |
## Example: | |
## users: | |
## user1: | |
## password: strongpassword | |
## user2: | |
## password: hackme | |
## airflow: | |
## password: qwerty123 |
.pre-commit-config.yaml
Outdated
- repo: https://github.com/pre-commit/pre-commit-hooks | ||
rev: v4.5.0 | ||
hooks: | ||
- id: end-of-file-fixer | ||
- id: trailing-whitespace | ||
- id: mixed-line-ending | ||
args: [--fix=lf] | ||
- id: check-yaml | ||
exclude: '^.*templates/.*\.yaml$' | ||
args: [--unsafe] | ||
- repo: https://github.com/igorshubovych/markdownlint-cli | ||
rev: v0.42.0 | ||
hooks: | ||
- id: markdownlint | ||
args: [--fix, --disable, MD013, MD041, --] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please rebase, after #476 got merged, this is not needed anymore
46a519d
to
af21d76
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (7)
packages/apps/nats/Chart.yaml
(1 hunks)packages/apps/nats/README.md
(1 hunks)packages/apps/nats/templates/nats.yaml
(1 hunks)packages/apps/nats/values.schema.json
(1 hunks)packages/apps/nats/values.yaml
(1 hunks)packages/apps/versions_map
(1 hunks)packages/system/nats/values.yaml
(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (6)
- packages/apps/nats/Chart.yaml
- packages/apps/nats/README.md
- packages/apps/nats/values.schema.json
- packages/apps/nats/values.yaml
- packages/apps/versions_map
- packages/system/nats/values.yaml
🧰 Additional context used
🪛 yamllint
packages/apps/nats/templates/nats.yaml
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
🔇 Additional comments (1)
packages/apps/nats/templates/nats.yaml (1)
21-27
:
Previous security recommendation still applies
The previous review comment about using Kubernetes Secrets for credential management remains valid. Storing credentials directly in Helm values is less secure than using Kubernetes Secrets.
🧰 Tools
🪛 yamllint
[warning] 22-22: wrong indentation: expected 6 but found 8
(indentation)
e6ba027
to
d6cf58d
Compare
d6cf58d
to
c4f15e6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
🧹 Outside diff range and nitpick comments (2)
packages/apps/nats/templates/nats.yaml (2)
1-8
: Consider enhancing password security measuresWhile the password management logic is well-structured, consider implementing:
- Increased length for auto-generated passwords (e.g., 32 characters)
- Password complexity validation for user-provided passwords
- {{- $_ := set $passwords $user (randAlphaNum 16) }} + {{- $_ := set $passwords $user (randAlphaNum 32) }}🧰 Tools
🪛 yamllint
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 4-4: wrong indentation: expected 0 but found 4
(indentation)
[warning] 5-5: wrong indentation: expected 0 but found 2
(indentation)
[warning] 6-6: wrong indentation: expected 0 but found 4
(indentation)
[warning] 7-7: wrong indentation: expected 0 but found 2
(indentation)
10-19
: Enhance Secret resource management capabilitiesConsider adding metadata to improve secret management:
metadata: name: {{ .Release.Name }}-credentials + labels: + app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/component: nats + annotations: + cozystack.io/rotation-date: {{ now | date "2006-01-02" }}🧰 Tools
🪛 yamllint
[warning] 17-17: wrong indentation: expected 0 but found 2
(indentation)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (8)
packages/apps/nats/Chart.yaml
(1 hunks)packages/apps/nats/README.md
(1 hunks)packages/apps/nats/templates/nats.yaml
(2 hunks)packages/apps/nats/templates/resourcemap.yaml
(1 hunks)packages/apps/nats/values.schema.json
(1 hunks)packages/apps/nats/values.yaml
(1 hunks)packages/apps/versions_map
(1 hunks)packages/system/nats/values.yaml
(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (6)
- packages/apps/nats/Chart.yaml
- packages/apps/nats/README.md
- packages/apps/nats/values.schema.json
- packages/apps/nats/values.yaml
- packages/apps/versions_map
- packages/system/nats/values.yaml
🧰 Additional context used
🪛 yamllint
packages/apps/nats/templates/nats.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 4-4: wrong indentation: expected 0 but found 4
(indentation)
[warning] 5-5: wrong indentation: expected 0 but found 2
(indentation)
[warning] 6-6: wrong indentation: expected 0 but found 4
(indentation)
[warning] 7-7: wrong indentation: expected 0 but found 2
(indentation)
[warning] 17-17: wrong indentation: expected 0 but found 2
(indentation)
packages/apps/nats/templates/resourcemap.yaml
[error] 4-4: syntax error: expected , but found ''
(syntax)
🔇 Additional comments (2)
packages/apps/nats/templates/resourcemap.yaml (1)
1-12
: LGTM! Well-scoped RBAC configuration.
The Role follows security best practices by:
- Granting minimal required permissions (read-only)
- Limiting access to a specific secret
- Using clear naming conventions
🧰 Tools
🪛 yamllint
[error] 4-4: syntax error: expected , but found ''
(syntax)
packages/apps/nats/templates/nats.yaml (1)
Line range hint 1-54
: Verify security implications across the codebase
Let's ensure this authentication pattern aligns with other services in the codebase.
✅ Verification successful
Authentication pattern is consistent and secure across services
The verification reveals that:
- The same secure pattern of using
randAlphaNum 16
for password generation is consistently implemented across multiple services (NATS, VPN, Postgres, MySQL, Clickhouse, FerretDB, RabbitMQ) - All services properly store credentials in Kubernetes Secrets
- No hardcoded credentials were found in the templates
- The authentication implementation in NATS aligns with other messaging services like RabbitMQ
The current implementation follows security best practices by:
- Using cryptographically secure random password generation
- Storing sensitive data in Kubernetes Secrets
- Maintaining consistency across different services in the stack
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check for similar authentication patterns in other services
echo "Checking for similar authentication patterns..."
fd -e yaml -e yml . packages/apps/*/templates/ -x rg -l "kind: Secret.*stringData"
echo "Checking for potential security configurations..."
fd -e yaml -e yml . packages/apps/*/templates/ -x rg -l "password|credential|secret"
Length of output: 3931
Script:
#!/bin/bash
# Let's examine the secret handling patterns in other messaging services (RabbitMQ, Kafka) for comparison
echo "Checking RabbitMQ authentication pattern..."
rg -A 10 "kind: Secret" packages/apps/rabbitmq/templates/rabbitmq.yaml || true
echo "Checking Kafka authentication pattern..."
rg -A 10 "kind: Secret" packages/apps/kafka/templates/ || true
# Let's also check the specific password generation patterns
echo "Checking password generation patterns..."
rg "randAlphaNum|password.*generate" packages/apps/*/templates/ || true
# Check for any potential hardcoded credentials
echo "Checking for potential hardcoded credentials..."
rg -i "password:.*['\"](?!\\$|{{)" packages/apps/*/templates/
Length of output: 2902
🧰 Tools
🪛 yamllint
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 4-4: wrong indentation: expected 0 but found 4
(indentation)
[warning] 5-5: wrong indentation: expected 0 but found 2
(indentation)
[warning] 6-6: wrong indentation: expected 0 but found 4
(indentation)
[warning] 7-7: wrong indentation: expected 0 but found 2
(indentation)
[warning] 17-17: wrong indentation: expected 0 but found 2
(indentation)
@@ -18,6 +40,18 @@ spec: | |||
nats: | |||
fullnameOverride: {{ .Release.Name }} | |||
config: | |||
{{- if .Values.users }} | |||
{{- if gt (len .Values.users) 0 }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you meant to check $passwords
? Because these two checks will have the same effect
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add the service shown to the user into this file please
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (1)
packages/apps/nats/templates/nats.yaml (1)
1-8
: Consider adding password validationWhile the password management logic is sound, consider adding validation for user-provided passwords to ensure they meet security requirements:
- Minimum length
- Complexity requirements (special characters, numbers, etc.)
{{- range $user, $u := .Values.users }} {{- if $u.password }} + {{- if and (ge (len $u.password) 8) (regexMatch "^[A-Za-z0-9@#$%^&+=!*()_\\-]+$" $u.password) }} {{- $_ := set $passwords $user $u.password }} + {{- else }} + {{- fail (printf "Password for user %s does not meet security requirements" $user) }} + {{- end }} {{- else if not (index $passwords $user) }} {{- $_ := set $passwords $user (randAlphaNum 16) }} {{- end }} {{- end }}🧰 Tools
🪛 yamllint
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 4-4: wrong indentation: expected 0 but found 4
(indentation)
[warning] 5-5: wrong indentation: expected 0 but found 2
(indentation)
[warning] 6-6: wrong indentation: expected 0 but found 4
(indentation)
[warning] 7-7: wrong indentation: expected 0 but found 2
(indentation)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
packages/apps/nats/templates/nats.yaml
(2 hunks)
🧰 Additional context used
🪛 yamllint
packages/apps/nats/templates/nats.yaml
[error] 1-1: syntax error: expected the node content, but found '-'
(syntax)
[warning] 4-4: wrong indentation: expected 0 but found 4
(indentation)
[warning] 5-5: wrong indentation: expected 0 but found 2
(indentation)
[warning] 6-6: wrong indentation: expected 0 but found 4
(indentation)
[warning] 7-7: wrong indentation: expected 0 but found 2
(indentation)
[warning] 17-17: wrong indentation: expected 0 but found 2
(indentation)
🔇 Additional comments (1)
packages/apps/nats/templates/nats.yaml (1)
10-19
: LGTM! Verify secret uniqueness
The Secret implementation follows best practices. The use of stringData
and proper quoting ensures secure credential storage.
✅ Verification successful
Secret name follows Helm best practices for uniqueness
The secret name {{ .Release.Name }}-credentials
follows Helm's best practices for ensuring uniqueness:
- It uses the release name as a prefix, which is unique per Helm release
- The pattern is consistently used across other charts in the repository
- Each chart's secret is scoped to its own namespace by default in Kubernetes
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify that the secret name is unique in the cluster
# and doesn't conflict with other releases
# Search for similar secret names in templates
rg -g '*.yaml' -g '*.yml' "name:.*credentials"
Length of output: 1577
🧰 Tools
🪛 yamllint
[warning] 17-17: wrong indentation: expected 0 but found 2
(indentation)
{{- if gt (len .Values.passwords) 0 }} | ||
merge: | ||
accounts: | ||
A: | ||
users: | ||
{{- range $username, $password := $passwords }} | ||
- user: "{{ $username }}" | ||
password: "{{ $password }}" | ||
{{- end }} | ||
{{- end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fix condition and indentation issues
There are two issues in this section:
- The condition checks
.Values.passwords
but should check$passwords
- The
merge
block indentation is incorrect
Apply this fix:
- {{- if gt (len .Values.passwords) 0 }}
- merge:
+ {{- if gt (len $passwords) 0 }}
+ merge:
accounts:
A:
users:
{{- range $username, $password := $passwords }}
- user: "{{ $username }}"
password: "{{ $password }}"
{{- end }}
{{- end }}
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
{{- if gt (len .Values.passwords) 0 }} | |
merge: | |
accounts: | |
A: | |
users: | |
{{- range $username, $password := $passwords }} | |
- user: "{{ $username }}" | |
password: "{{ $password }}" | |
{{- end }} | |
{{- end }} | |
{{- if gt (len $passwords) 0 }} | |
merge: | |
accounts: | |
A: | |
users: | |
{{- range $username, $password := $passwords }} | |
- user: "{{ $username }}" | |
password: "{{ $password }}" | |
{{- end }} | |
{{- end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you!
Summary by CodeRabbit
New Features
Bug Fixes
Documentation
Chores