Skip to content

Commit

Permalink
Merge pull request #281 from FraunhoferISST/fix/helm-upgrade
Browse files Browse the repository at this point in the history
fix(helm): added default password and replaced decoding in backend secrets
  • Loading branch information
tom-rm-meyer-ISST authored Feb 28, 2024
2 parents 330376a + 1460ccf commit 61d70d3
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 5 deletions.
7 changes: 6 additions & 1 deletion .github/workflows/helm-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,11 @@ jobs:
ct install --charts charts/puris --helm-extra-set-args "--set backend.image.repository=${{ env.REGISTRY }}/${{ env.APP_BACKEND_NAME}} --set backend.image.tag=${{ env.TAG }} --set frontend.image.repository=${{ env.REGISTRY }}/${{ env.APP_FRONTEND_NAME }} --set frontend.image.tag=${{ env.TAG }}"
if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'

- name: Generate random password (This password is only a placeholder for the next step and will not used). The postgresPassword/password will be set via postgres-init.yaml.
id: generate-password
run: |
echo "PASSWORD=PLACEHOLDER_PW" >> $GITHUB_ENV
# Upgrade the released chart version with the locally available chart
# default value for event_name != workflow_dispatch
- name: Run helm upgrade
Expand All @@ -120,5 +125,5 @@ jobs:
helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
helm install puris tractusx-dev/puris --version ${{ github.event.inputs.upgrade_from || '1.0.0' }}
helm dependency update charts/puris
helm upgrade puris charts/puris
helm upgrade puris charts/puris --set backend.puris.datasource.password=$PASSWORD
if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
8 changes: 4 additions & 4 deletions charts/puris/templates/backend-secrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ data:
# if secret exists, use value provided from values file (to cover update scenario) or existing value from secret
# use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret
# use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too
puris-api-key: {{ (.Values.backend.puris.api.key | b64dec) | default (index $secret.data "puris-api-key") | quote }}
puris-datasource-password: {{ (.Values.backend.puris.datasource.password | b64dec) | default (index $secret.data "puris-datasource-password") | quote }}
puris-edc-controlplane-key: {{ (.Values.backend.puris.edc.controlplane.key | b64dec) | default (index $secret.data "puris-edc-controlplane-key") | quote }}
puris-api-key: {{ (.Values.backend.puris.api.key | b64enc) | default (index $secret.data "puris-api-key") | quote }}
puris-datasource-password: {{ (.Values.backend.puris.datasource.password | b64enc) | default (index $secret.data "puris-datasource-password") | quote }}
puris-edc-controlplane-key: {{ (.Values.backend.puris.edc.controlplane.key | b64enc) | default (index $secret.data "puris-edc-controlplane-key") | quote }}
{{ else -}}
stringData:
# if secret doesn't exist, use provided value from values file or generate a random one
# if secret doesn't exist, use provided value from values file or generate a random one
puris-api-key: {{ .Values.backend.puris.api.key | default ( randAlphaNum 32 ) | quote }}
puris-datasource-password: {{ .Values.backend.puris.datasource.password | default ( randAlphaNum 32 ) | quote }}
puris-edc-controlplane-key: {{ .Values.backend.puris.edc.controlplane.key | default ( randAlphaNum 32 ) | quote }}
Expand Down

0 comments on commit 61d70d3

Please sign in to comment.