From 2781e02988759b2bfbc41659f524e50eecee7d74 Mon Sep 17 00:00:00 2001
From: Philipp Schirmer <philipp.schirmer@bakdata.com>
Date: Thu, 19 Dec 2024 09:11:37 +0100
Subject: [PATCH] Add flag to control config storage as secret

---
 charts/rclone-copy/templates/rclone-cron.yaml | 12 +++++++++++-
 charts/rclone-copy/values.yaml                |  5 +++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/charts/rclone-copy/templates/rclone-cron.yaml b/charts/rclone-copy/templates/rclone-cron.yaml
index b2ebe7d..4de860c 100644
--- a/charts/rclone-copy/templates/rclone-cron.yaml
+++ b/charts/rclone-copy/templates/rclone-cron.yaml
@@ -65,6 +65,9 @@ spec:
               - -c
               # copy as workaround for rclone.conf read only (see https://github.com/rclone/rclone/issues/3655)
               - >-
+                {{- range $key, $value := .Values.passwordSecrets }}
+                {{ printf "%s=$(rclone obscure UNOBSCURED_%s) &&" $key $key }}
+                {{- end }}
                 cp /root/.config/rclone/rclone_ro.conf /root/.config/rclone/rclone.conf &&
                 rclone {{ .Values.command }} -v {{ .Values.arguments | join " " }} --include-from /root/include-pattern.conf "{{ include "rclone-copy.getSourceOrUrl" . }}" "{{ .Values.sync.dest.name }}:{{ .Values.sync.dest.path }}"
 
@@ -80,7 +83,7 @@ spec:
             resources:
 {{ toYaml .Values.resources | indent 14 }}
 
-            {{- if or .Values.configPassword .Values.secretRefs }}
+            {{- if or .Values.configPassword .Values.secretRefs .Values.passwordSecrets }}
             env:
             {{- if .Values.configPassword }}
               - name: RCLONE_CONFIG_PASS
@@ -96,6 +99,13 @@ spec:
                     name: {{ $value.name }}
                     key: "{{ $value.key }}"
             {{- end }}
+            {{- range $key, $value := .Values.passwordSecrets }}
+              - name: {{ printf "UNOBSCURED_%s" $key | quote }}
+                valueFrom:
+                  secretKeyRef:
+                    name: {{ $value.name }}
+                    key: "{{ $value.key }}"
+            {{- end }}
             {{- end }}
 
           restartPolicy: {{ .Values.restartPolicy }}
diff --git a/charts/rclone-copy/values.yaml b/charts/rclone-copy/values.yaml
index 1251608..119ce90 100644
--- a/charts/rclone-copy/values.yaml
+++ b/charts/rclone-copy/values.yaml
@@ -92,3 +92,8 @@ secretRefs: {}
 #    key: secretKey
 
 secretConfig: true
+
+passwordSecrets: {}
+#  RCLONE_FTP_PASS: # will be obscured using rclone obscure
+#    name: secretName
+#    key: secretKey