Skip to content

Commit

Permalink
Management of mysql secret (#8)
Browse files Browse the repository at this point in the history
* Management of mysql secret

Signed-off-by: Andrew Block <[email protected]>

* Changed password generation to use randAlphaNum function

Signed-off-by: Andrew Block <[email protected]>
  • Loading branch information
sabre1041 authored Aug 4, 2021
1 parent f34f48f commit c99c5fd
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 5 deletions.
2 changes: 1 addition & 1 deletion charts/rekor/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: Rekor is an API based server for validation and a transparency log

type: application

version: 0.2.0
version: 0.2.1

appVersion: 0.3.0

Expand Down
19 changes: 18 additions & 1 deletion charts/rekor/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -460,4 +460,21 @@ Return the location for file based Attestation storage.
*/}}
{{- define "rekor.server.fileAttestationStorage.path" -}}
{{- print (substr 7 -1 .Values.server.attestation_storage.bucket) -}}
{{- end -}}
{{- end -}}

{{/*
Return a random Secret value or the value of an exising Secret key value
*/}}
{{- define "rekor.randomSecret" -}}
{{- $randomSecret := (randAlphaNum 10) }}
{{- $secret := (lookup "v1" "Secret" .context.Release.Namespace .secretName) }}
{{- if $secret }}
{{- if hasKey $secret.data .key }}
{{- print (index $secret.data .key) | b64dec }}
{{- else }}
{{- print $randomSecret }}
{{- end }}
{{- else }}
{{- print $randomSecret }}
{{- end }}
{{- end -}}
6 changes: 3 additions & 3 deletions charts/rekor/templates/mysql/secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,14 @@ type: Opaque
data:
{{- if .Values.mysql.enabled -}}
{{- if not (empty .Values.mysql.auth.rootPassword) }}
mysql-root-password: {{ .Values.auth.rootPassword | b64enc | quote }}
mysql-root-password: {{ .Values.mysql.auth.rootPassword | b64enc | quote }}
{{- else }}
mysql-root-password: {{ randAlphaNum 10 | b64enc | quote }}
mysql-root-password: {{ (include "rekor.randomSecret" (dict "secretName" (include "rekor.mysql.fullname" .) "key" "mysql-root-password" "context" $)) | b64enc | quote }}
{{- end }}
{{- end }}
{{- if not (empty .Values.mysql.auth.password) }}
mysql-password: {{ .Values.mysql.auth.password | b64enc | quote }}
{{- else }}
mysql-password: {{ randAlphaNum 10 | b64enc | quote }}
mysql-password: {{ (include "rekor.randomSecret" (dict "secretName" (include "rekor.mysql.fullname" .) "key" "mysql-password" "context" $)) | b64enc | quote }}
{{- end }}
{{- end }}

0 comments on commit c99c5fd

Please sign in to comment.