refactor secrets values: move username,password to st2.*

cognifloyd · cognifloyd · commit d35a8682903a · 2021-06-26T14:18:47.000-05:00
diff --git a/templates/NOTES.txt b/templates/NOTES.txt
@@ -40,8 +40,8 @@ Ingress is enabled. You may access following endpoints:
 {{- end }}
 
 2. Login with the following credentials:
-username: {{ .Values.secrets.st2.username }}
-password: {{ .Values.secrets.st2.password }}
+username: {{ .Values.st2.username }}
+password: {{ .Values.st2.password }}
 
 3. Use st2 CLI:
 export ST2CLIENT=$(kubectl get --namespace {{ .Release.Namespace }} pod -l app=st2client,release={{ .Release.Name }} -o jsonpath="{.items[0].metadata.name}")
diff --git a/templates/secrets_st2auth.yaml b/templates/secrets_st2auth.yaml
@@ -1,3 +1,9 @@
+# Notify users about breaking change regarding secrets, to not destroy current installations
+{{- $deprecated_username := (default (dict) (default (dict) .Values.secrets).st2).username }}
+{{- $deprecated_password := (default (dict) (default (dict) .Values.secrets).st2).pasword }}
+{{- if or $deprecated_username $deprecated_password }}
+{{- fail "Please update your values! Values for username and password moved from secrets.st2.* to st2.*" }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Secret
@@ -15,6 +21,6 @@ metadata:
 type: Opaque
 data:
   # Username, used to login to StackStorm system (default: st2admin)
-  username: {{ required "A valid secret 'st2.username' is required for StackStorm auth!" .Values.secrets.st2.username | b64enc | quote }}
+  username: {{ required "A valid secret 'st2.username' is required for StackStorm auth!" .Values.st2.username | b64enc | quote }}
   # Password, used to login to StackStorm system (default: Ch@ngeMe)
-  password: {{ required "A valid secret 'st2.password' is required for StackStorm auth!" .Values.secrets.st2.password | b64enc | quote }}
+  password: {{ required "A valid secret 'st2.password' is required for StackStorm auth!" .Values.st2.password | b64enc | quote }}
diff --git a/values.yaml b/values.yaml
@@ -41,6 +41,13 @@ serviceAccount:
 ## StackStorm shared variables
 ##
 st2:
+  # NB! It's highly recommended to change ALL default secrets:
+  #     username, password, ssh_key, datastore_crypto_key
+  # Username, used to login to StackStorm system
+  username: st2admin
+  # Password, used to login to StackStorm system
+  password: Ch@ngeMe
+
   # Custom StackStorm config (st2.user.conf) which will apply settings on top of default st2.conf
   config: |
     [api]
@@ -187,10 +194,6 @@ ingress:
 # TODO: Alternatively as part of reorganizing Helm values, consider moving values to existing `st2` and `st2web` sections ? (#14)
 secrets:
   st2:
-    # Username, used to login to StackStorm system
-    username: st2admin
-    # Password, used to login to StackStorm system
-    password: Ch@ngeMe
     # SSH private key for the 'stanley' system user ('system_user.ssh_key_file' in st2.conf)
     # Warning! Replace with your own SSH key!
     # TODO: For prod/stable consider auto-generating if no key provided (#15)
