add st2.resetPassword to force changing the password on upgrade

cognifloyd · cognifloyd · commit 25aceff4543a · 2021-06-28T10:25:20.000-05:00
diff --git a/templates/secrets_st2auth.yaml b/templates/secrets_st2auth.yaml
@@ -24,7 +24,7 @@ data:
   # Username, used to login to StackStorm system (default: st2admin)
   username: {{ required "A valid secret 'st2.username' is required for StackStorm auth!" .Values.st2.username | b64enc | quote }}
   # Password, used to login to StackStorm system (default: auto-generated)
-{{- if .Release.IsUpgrade }}
+{{- if and .Release.IsUpgrade (not .Values.st2.resetPassword) }}
   password: {{ index (lookup "v1" "Secret" .Release.Namespace $name).data "password" }}
 {{ else }}
   password: {{ default (randAlphaNum 12) .Values.st2.password | b64enc | quote }}
diff --git a/values.yaml b/values.yaml
@@ -43,9 +43,12 @@ serviceAccount:
 st2:
   # Username, used to login to StackStorm system
   username: st2admin
-  # Password, used to login to StackStorm system
-  # (auto-generated by default, preserved across upgrades)
+  # Password, used to login to StackStorm system (auto-generated by default)
+  # The password (set here or auto-generated) is preserved across upgrades.
   #password: Ch@ngeMe
+  # To force the password to reset (using st2.password, or a newly generated one),
+  # you can use `helm upgrade --set st2.resetPassword=true`.
+  resetPassword: false
   # ST2 crypto key for the  K/V datastore.
   # See https://docs.stackstorm.com/datastore.html#securing-secrets-admin-only for more info.
   # Warning! Replace with your own generated key!
