Merge pull request #793 from MetaCell/release/2.4.4

filippomc · web-flow · commit 737d59c2b7da · 2025-01-20T19:08:51.000+01:00
CH-170 fix secrets upgrade
diff --git a/deployment-configuration/helm/templates/auto-secrets.yaml b/deployment-configuration/helm/templates/auto-secrets.yaml
@@ -1,5 +1,4 @@
 {{- define "deploy_utils.secret" }}
-{{- if .app.harness.secrets }}
 {{- $secret_name := printf "%s" .app.harness.deployment.name }}
 apiVersion: v1
 kind: Secret
@@ -9,42 +8,53 @@ metadata:
   labels:
     app: {{ .app.harness.deployment.name }}
 type: Opaque
-  {{- $secret := (lookup "v1" "Secret" .root.Values.namespace $secret_name) }}
-  {{- if $secret }}
-# secret already exists
-    {{- if not (compact (values .app.harness.secrets)) }}
-# secret values are null, copy from the existing secret
-data:
-      {{- range $k, $v := $secret.data }}
-  {{ $k }}: {{ $v }}
-      {{- end }}
-    {{- else }}
-# there are non default values in values.yaml, use these
+{{- $secret := (lookup "v1" "Secret" .root.Values.namespace $secret_name) }}
+{{/*- $secret := dict "data" (dict "test" "test") */}}
 stringData:
-      {{- range $k, $v := .app.harness.secrets }}
-  {{ $k }}: {{ $v | default (randAlphaNum 20) }}
-      {{- end }}
-    {{- end }}
-  {{- else }}
-# secret doesn't exist
-stringData:
-    {{- range $k, $v := .app.harness.secrets }}
-  {{ $k }}: {{ $v | default (randAlphaNum 20) }}
+  updated: {{ now | quote }} # Added because in case of update, if no field is updated, alla data is erased
+{{- if $secret }}
+  {{- range $k, $v := .app.harness.secrets }}
+    {{- if $v  }}
+      {{- if eq (typeOf $v) "string" }}
+        {{- if ne $v "?" }}
+        # Update/set value to value in values.yaml if specified
+  {{ $k }}: {{ $v  | quote }}
+        {{- else }}
+        # Refresh at any deployment for ? (pure random) value
+  {{ $k }}: {{ randAlphaNum 20 | quote }}
+        {{- end }}
+      {{- else }}
+      # Type not recognized: setting to a empty string"
+  {{ $k }}-formatnotrecognized: {{ $v }}
+  {{ $k }}: "" 
+      {{- end }}  
+    {{- else if eq (typeOf $secret.data) (typeOf dict) }}
+    # Value empty or null in the values.yaml
+      {{- if not (hasKey $secret.data $k) }}
+      # Create a random secret value if not specified in values.yaml if it is not set and it is not already in the deployed secret (static random secret) */}}
+  {{ $k }}: {{ randAlphaNum 20 | quote }} 
+      {{- else }}
+      # confirm previous value from the secret (static random secret already set, do nothing)}  
+      {{- end}}
     {{- end }}
+  {{- end }} # range end
+{{- else }}
+# New secret
+  {{- range $k, $v := .app.harness.secrets }}
+  {{ $k }}: {{ $v | default (randAlphaNum 20) | quote }}
   {{- end }}
 {{- end }}
 ---
 {{- end }}
----
 {{- range $app := .Values.apps }}
----
+  {{- if $app.harness.secrets }}{{- if ne (len $app.harness.secrets) 0 }}
   {{- include "deploy_utils.secret" (dict "root" $ "app" $app) }}
+  {{- end }}{{- end }}
   {{- range $subapp := $app }}
   {{- if contains "map" (typeOf $subapp)  }}
-    {{- if hasKey $subapp "harness" }}
----
+    {{- if hasKey $subapp "harness" }}{{- if $app.harness.secrets }}{{- if ne (len $app.harness.secrets) 0 }}
       {{- include "deploy_utils.secret" (dict "root" $ "app" $subapp) }}
-    {{- end }}
+    {{- end }}{{- end }}{{- end }}
   {{- end }}
   {{- end }}
 {{- end }}
