From c99c5fdb4b3f39dd9132c01e98378892174eb1f9 Mon Sep 17 00:00:00 2001 From: Andrew Block Date: Wed, 4 Aug 2021 09:55:20 -0500 Subject: [PATCH] Management of mysql secret (#8) * Management of mysql secret Signed-off-by: Andrew Block * Changed password generation to use randAlphaNum function Signed-off-by: Andrew Block --- charts/rekor/Chart.yaml | 2 +- charts/rekor/templates/_helpers.tpl | 19 ++++++++++++++++++- charts/rekor/templates/mysql/secret.yaml | 6 +++--- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/charts/rekor/Chart.yaml b/charts/rekor/Chart.yaml index edf75c00..7676ebfa 100644 --- a/charts/rekor/Chart.yaml +++ b/charts/rekor/Chart.yaml @@ -4,7 +4,7 @@ description: Rekor is an API based server for validation and a transparency log type: application -version: 0.2.0 +version: 0.2.1 appVersion: 0.3.0 diff --git a/charts/rekor/templates/_helpers.tpl b/charts/rekor/templates/_helpers.tpl index d8777fe1..9240d06c 100644 --- a/charts/rekor/templates/_helpers.tpl +++ b/charts/rekor/templates/_helpers.tpl @@ -460,4 +460,21 @@ Return the location for file based Attestation storage. */}} {{- define "rekor.server.fileAttestationStorage.path" -}} {{- print (substr 7 -1 .Values.server.attestation_storage.bucket) -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Return a random Secret value or the value of an exising Secret key value +*/}} +{{- define "rekor.randomSecret" -}} +{{- $randomSecret := (randAlphaNum 10) }} +{{- $secret := (lookup "v1" "Secret" .context.Release.Namespace .secretName) }} +{{- if $secret }} +{{- if hasKey $secret.data .key }} +{{- print (index $secret.data .key) | b64dec }} +{{- else }} +{{- print $randomSecret }} +{{- end }} +{{- else }} +{{- print $randomSecret }} +{{- end }} +{{- end -}} diff --git a/charts/rekor/templates/mysql/secret.yaml b/charts/rekor/templates/mysql/secret.yaml index ab861285..462f8a00 100644 --- a/charts/rekor/templates/mysql/secret.yaml +++ b/charts/rekor/templates/mysql/secret.yaml @@ -17,14 +17,14 @@ type: Opaque data: {{- if .Values.mysql.enabled -}} {{- if not (empty .Values.mysql.auth.rootPassword) }} - mysql-root-password: {{ .Values.auth.rootPassword | b64enc | quote }} + mysql-root-password: {{ .Values.mysql.auth.rootPassword | b64enc | quote }} {{- else }} - mysql-root-password: {{ randAlphaNum 10 | b64enc | quote }} + mysql-root-password: {{ (include "rekor.randomSecret" (dict "secretName" (include "rekor.mysql.fullname" .) "key" "mysql-root-password" "context" $)) | b64enc | quote }} {{- end }} {{- end }} {{- if not (empty .Values.mysql.auth.password) }} mysql-password: {{ .Values.mysql.auth.password | b64enc | quote }} {{- else }} - mysql-password: {{ randAlphaNum 10 | b64enc | quote }} + mysql-password: {{ (include "rekor.randomSecret" (dict "secretName" (include "rekor.mysql.fullname" .) "key" "mysql-password" "context" $)) | b64enc | quote }} {{- end }} {{- end }} \ No newline at end of file