CH-170 fix secrets upgrade

filippomc · filippomc · commit 6e1dee33f4a8 · 2025-01-14T18:23:48.000+01:00
diff --git a/deployment-configuration/helm/templates/auto-secrets.yaml b/deployment-configuration/helm/templates/auto-secrets.yaml
@@ -14,11 +14,76 @@ type: Opaque
 stringData:
 {{- if $secret }}
   {{- range $k, $v := .app.harness.secrets }}
+    {{- define "deploy_utils.secret" }}
+{{- $secret_name := printf "%s" .app.harness.deployment.name }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secret_name }}
+  namespace: {{ .root.Values.namespace }}
+  labels:
+    app: {{ .app.harness.deployment.name }}
+type: Opaque
+{{- $secret := (lookup "v1" "Secret" .root.Values.namespace $secret_name) }}
+{{/*- $secret := dict "data" (dict "test" "test") */}}
+stringData:
+{{- if $secret }}
+  {{- range $k, $v := .app.harness.secrets }}
+    {{- if $v  }}
+      {{- if eq (typeOf $v) "string" }}
+        {{- if ne $v "?" }}
+        # Update/set value to value in values.yaml if specified
+  {{ $k }}: {{ $v  | quote }}
+#  {{ $k }}-updated: "it's a non empty string"
+        {{- else }}
+        # Refresh at any deployment for ? (pure random) value
+#  {{ $k }}-random: "set to a random string"
+  {{ $k }}: {{ randAlphaNum 20 | quote }}
+        {{- end }}
+      {{- else }}
+      # Type not recognized: setting to a empty string"
+    {{ $k }}: "" 
+    # {{ $k }}-formatnotrecognized: {{ typeOf $v }}
+      {{- end }}  
+    {{- else if eq (typeOf $secret.data) (typeOf dict) }}
+    # Value empty or null in the values.yaml
+      {{- if not (hasKey $secret.data $k) }}
+      # Create a random secret value if not specified in values.yaml if it is not set and it is not already in the deployed secret (static random secret) */}}
+#  {{ $k }}-random-empty: new-random
+  {{ $k }}: {{ randAlphaNum 20 | quote }} 
+      {{- else }}
+      # confirm previous value from the secret (static random secret already set, do nothing)
+#  {{ $k }}-confirm: {{ index $secret.data $k | quote }}  
+      {{- end}}
+    {{- end }}
+  {{- end }} # range end
+{{- else }}
+# New secret
+  {{- range $k, $v := .app.harness.secrets }}
+  {{ $k }}-new: {{ $v | default (randAlphaNum 20) | quote }}
+  {{ $k }}: {{ $v | default (randAlphaNum 20) | quote }}
+  {{- end }}
+{{- end }}
+---
+{{- end }}
+{{- range $app := .Values.apps }}
+  {{- if $app.harness.secrets }}{{- if ne (len $app.harness.secrets) 0 }}
+  {{- include "deploy_utils.secret" (dict "root" $ "app" $app) }}
+  {{- end }}{{- end }}
+  {{- range $subapp := $app }}
+  {{- if contains "map" (typeOf $subapp)  }}
+    {{- if hasKey $subapp "harness" }}{{- if $app.harness.secrets }}{{- if ne (len $app.harness.secrets) 0 }}
+      {{- include "deploy_utils.secret" (dict "root" $ "app" $subapp) }}
+    {{- end }}{{- end }}{{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
     {{- if $v  }}
       {{- if eq (typeOf $v) "string" }}
         {{- if ne $v "?" }}
   # Set secret value to value in values.yaml if specified
   {{ $k }}: {{ $v  | quote }}
+{{ $k }}-new: {{ "updated" }}
         {{- else }}
   # Refresh at any deployment for ? (pure random) value
   {{ $k }}: {{ randAlphaNum 20 | quote }}
