From 1207e688ba11e072bde0a651a0e42e8afdf5468b Mon Sep 17 00:00:00 2001
From: Hakan Kaya <hakan.kaya.ex@siedle.de>
Date: Tue, 22 Jul 2025 19:14:16 +0200
Subject: [PATCH] fix: conditionally set OPENFGA_DATASTORE_URI based on
 externalSecret configuration in openfga-deployment.yaml

Previously, the `ENV` parameter `OPENFGA_DATASTORE_URI ` would be set, regardless of the `externalSecret.enabled` value, which would override the secret reference and prevent successful db authentication.
The fix makes sure that the `ENV` parameter will only be set, if `externalSecret.enabled` is set to `false`.
---
 charts/openobserve/templates/openfga-deployment.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/charts/openobserve/templates/openfga-deployment.yaml b/charts/openobserve/templates/openfga-deployment.yaml
index 78255f5..f378e0d 100644
--- a/charts/openobserve/templates/openfga-deployment.yaml
+++ b/charts/openobserve/templates/openfga-deployment.yaml
@@ -22,6 +22,7 @@ spec:
           env:
             - name: OPENFGA_DATASTORE_ENGINE
               value: postgres
+            {{- if not .Values.externalSecret.enabled }}
             {{- if .Values.postgres.enabled }}
             - name: OPENFGA_DATASTORE_URI
               value: "postgres://openobserve:{{ .Values.postgres.spec.password }}@{{ include "openobserve.fullname" . }}-postgres-rw.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5432/app?sslmode=disable"
@@ -32,6 +33,7 @@ spec:
             - name: OPENFGA_DATASTORE_URI
               value: "{{ .Values.config.ZO_META_POSTGRES_DSN }}"
             {{- end }}
+            {{- end }}
           envFrom:
             - secretRef:  # postgres detail can be picked up from secret if not found anywhere else
                 name: {{ if .Values.externalSecret.enabled }}{{ .Values.externalSecret.name }}{{ else }}{{ include "openobserve.fullname" . }}{{ end }}
@@ -47,6 +49,7 @@ spec:
           env:
             - name: OPENFGA_DATASTORE_ENGINE
               value: postgres
+            {{- if not .Values.externalSecret.enabled }}
             {{- if .Values.postgres.enabled }}
             - name: OPENFGA_DATASTORE_URI
               value: "postgres://openobserve:{{ .Values.postgres.spec.password }}@{{ include "openobserve.fullname" . }}-postgres-rw.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5432/app?sslmode=disable"
@@ -57,6 +60,7 @@ spec:
             - name: OPENFGA_DATASTORE_URI
               value: "{{ .Values.config.ZO_META_POSTGRES_DSN }}"
             {{- end }}
+            {{- end }}
             - name: OPENFGA_LOG_FORMAT
               value: json
           envFrom: