Merge pull request #232 from 1Password/vzt/support-upgrade-using-existing-secret

volodymyrZotov · web-flow · commit 183b6463df5b · 2025-07-07T15:09:02.000-05:00
Make it possible to upgrade connect chart to v2.0.x without providing token value
diff --git a/charts/connect/templates/NOTES.txt b/charts/connect/templates/NOTES.txt
@@ -3,7 +3,7 @@
 {{- $tokenName := .Values.operator.token.name -}}
 {{- $serviceAccountTokenName := .Values.operator.serviceAccountToken.name -}}
 
-{{- if (and (not (.Values.operator.serviceAccountToken.value)) (not (or (lookup "v1" "Secret" $namespace $credentialsName) (.Values.connect.credentials) ))) }}
+{{- if (and (.Values.connect.create) (not (or (lookup "v1" "Secret" $namespace $credentialsName) (.Values.connect.credentials) ))) }}
 ---------------------------------------------------------------------------------------------
  WARNING
 
diff --git a/charts/connect/templates/operator-deployment.yaml b/charts/connect/templates/operator-deployment.yaml
@@ -72,14 +72,14 @@ spec:
               value: "{{ .Values.operator.pollingInterval }}"
             - name: AUTO_RESTART
               value: "{{ .Values.operator.autoRestart }}"
-            {{- if .Values.operator.serviceAccountToken.value }}
+            {{- if eq .Values.operator.authMethod "service-account" }}
             - name: OP_SERVICE_ACCOUNT_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: {{ .Values.operator.serviceAccountToken.name }}
                   key: {{ .Values.operator.serviceAccountToken.key }}
             {{- end }}
-            {{- if .Values.operator.token.value }}
+            {{- if eq .Values.operator.authMethod "connect" }}
             - name: OP_CONNECT_HOST
               value: "{{- include "onepassword-connect.url" . }}"
             - name: OP_CONNECT_TOKEN
diff --git a/charts/connect/values.schema.json b/charts/connect/values.schema.json
@@ -0,0 +1,16 @@
+{
+  "$schema": "https://json-schema.org/draft-07/schema#",
+  "type": "object",
+  "properties": {
+    "operator": {
+      "type": "object",
+      "properties": {
+        "authMethod": {
+          "type": "string",
+          "enum": ["connect", "service-account"],
+          "description": "Denotes authentication method that 1Password Operator will use to access 1Password secrets."
+        }
+      }
+    }
+  }
+}
diff --git a/charts/connect/values.yaml b/charts/connect/values.yaml
@@ -241,6 +241,12 @@ operator:
   # Denotes whether the 1Password Operator will be deployed
   create: false
 
+  # Denotes authentication method that 1Password Operator will use to access 1Password secrets
+  # Valid values:
+  # - connect: sets OP_CONNECT_HOST and OP_CONNECT_TOKEN
+  # - service-account: sets OP_SERVICE_ACCOUNT_TOKEN
+  authMethod: connect
+
   # The number of replicas to run the 1Password Connect Operator deployment
   replicas: 1
 
