Enable username retrival from secret

This change allows the username to be fetched from a secret for both self-hosted or external databases This approach is copied from how the database password is configured DEVEXP-605
pact-foundation · Jul 17, 2024 · 79b23ef · 79b23ef
1 parent 3aba144
commit 79b23ef
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 13 deletions.
diff --git a/charts/pact-broker/templates/_helpers.tpl b/charts/pact-broker/templates/_helpers.tpl
@@ -75,14 +75,6 @@ Return the database name
 {{- ternary .Values.postgresql.auth.database .Values.externalDatabase.config.databaseName .Values.postgresql.enabled | quote -}}
 {{- end -}}
 
-{{/*
-Return the Database username
-*/}}
-{{- define "broker.databaseUser" -}}
-{{- ternary .Values.postgresql.auth.username .Values.externalDatabase.config.auth.username .Values.postgresql.enabled | quote -}}
-{{- end -}}
-
-
 {{/*
 Return the Database Secret Name
 */}}
@@ -100,10 +92,29 @@ Return the Database Secret Name
 {{- end -}}
 {{- end -}}
 
+{{/*
+Return the databaseSecret key to retrieve the username for database
+*/}}
+{{- define "broker.databaseSecretUsernameKey" -}}
+{{- if .Values.postgresql.enabled -}}
+    {{- if .Values.postgresql.auth.existingSecret -}}
+        {{- .Values.postgresql.auth.secretKeys.userUsernameKey  -}}
+    {{- else -}}
+        {{- print "username" -}}
+    {{- end -}}
+{{- else -}}
+    {{- if .Values.externalDatabase.enabled }}
+        {{- if .Values.externalDatabase.config.auth.existingSecret -}}
+            {{- .Values.externalDatabase.config.auth.existingSecretUsernameKey -}}
+        {{- end -}}
+    {{- end -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Return the databaseSecret key to retrieve credentials for database
 */}}
-{{- define "broker.databaseSecretKey" -}}
+{{- define "broker.databaseSecretPasswordKey" -}}
 {{- if .Values.postgresql.enabled -}}
     {{- if .Values.postgresql.auth.existingSecret -}}
         {{- .Values.postgresql.auth.secretKeys.userPasswordKey  -}}
@@ -158,7 +169,16 @@ Database ENV Vars
 - name: PACT_BROKER_DATABASE_NAME
   value: {{ include "broker.databaseName" . }}
 - name: PACT_BROKER_DATABASE_USERNAME
-  value: {{ include "broker.databaseUser" . }}
+  {{- if and .Values.postgresql.enabled .Values.postgresql.auth.username }}
+  value: {{ .Values.postgresql.auth.username | quote }}
+  {{- else if and .Values.externalDatabase.enabled .Values.externalDatabase.config.auth.username }}
+  value: {{ .Values.externalDatabase.config.auth.username | quote }}
+  {{- else }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "broker.databaseSecretName" . }}
+      key: {{ include "broker.databaseSecretUsernameKey" . }}
+  {{- end }}
 - name: PACT_BROKER_DATABASE_PASSWORD
   {{- if and .Values.postgresql.enabled .Values.postgresql.auth.password }}
   value: {{ .Values.postgresql.auth.password | quote }}
@@ -168,8 +188,7 @@ Database ENV Vars
   valueFrom:
     secretKeyRef:
       name: {{ include "broker.databaseSecretName" . }}
-      key: {{ include "broker.databaseSecretKey" . }}
-  {{- end }}
+      key: {{ include "broker.databaseSecretPasswordKey" . }}
 - name: PACT_BROKER_DATABASE_SSLMODE
   value: {{ .Values.broker.config.databaseSslmode | quote }}
 - name: PACT_BROKER_SQL_LOG_LEVEL
@@ -210,4 +229,4 @@ Database Cleanup ENV Vars
   value: {{ .Values.broker.config.databaseClean.keepVersionSelectors | quote }}
 - name: PACT_BROKER_DATABASE_CLEAN_DRY_RUN
   value: {{ .Values.broker.config.databaseClean.dryRun | quote }}
-{{- end -}}
+{{- end -}}
diff --git a/charts/pact-broker/values.yaml b/charts/pact-broker/values.yaml
@@ -454,6 +454,9 @@ postgresql:
       # -- The key in which Postgres well look for, for the admin password, in the existing Secret
       adminPasswordKey: admin-password
 
+      # -- The key in which Postgres well look for, for the user username, in the existing Secret
+      userUsernameKey: user-username
+
       # -- The key in which Postgres well look for, for the user password, in the existing Secret
       userPasswordKey: user-password
 
@@ -497,6 +500,9 @@ externalDatabase:
       # -- Name of an existing Kubernetes secret containing the database credentials
       existingSecret: ""
 
+      # -- The key to which the username will be stored under within existing secret.
+      existingSecretUsernameKey: "user-username"
+
       # -- The key to which the password will be stored under within existing secret.
       existingSecretPasswordKey: "user-password"