Changed fernetkey-secret, redis-broker-url, redis-password to lookup function

chart/templates/secrets/fernetkey-secret.yaml

@@ -21,7 +21,7 @@
 ## Airflow Fernet Key Secret
 #################################
 {{- if not .Values.fernetKeySecretName }}
-{{- $generated_fernet_key := (randAlphaNum 32 | b64enc) }}
+{{- $fernetSecretName := printf "%s-%s" .Release.Name "fernet-key" }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -34,11 +34,15 @@ metadata:
     {{- with .Values.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
-  annotations:
-    "helm.sh/hook": "pre-install"
-    "helm.sh/hook-delete-policy": "before-hook-creation"
-    "helm.sh/hook-weight": "0"
 type: Opaque
 data:
-  fernet-key: {{ (default $generated_fernet_key .Values.fernetKey) | b64enc | quote }}
+  {{- $previousSecretData := lookup "v1" "Secret" .Release.Namespace $fernetSecretName }}
+  {{- if $previousSecretData }}
+  {{- $previousSecret := index $previousSecretData.data "fernet-key"}}
+  "fernet-key": {{  $previousSecret }}
+  {{- else if .Values.fernetKey }}
+  "fernet-key": {{ .Values.fernetKey | b64enc | quote }}
+  {{- else }}
+  "fernet-key": {{ randAlphaNum 32 | b64enc | quote }}
+  {{- end }}
 {{- end }}

chart/templates/secrets/redis-secrets.yaml

@@ -29,6 +29,7 @@
 #################################
 {{- $random_redis_password := randAlphaNum 10 }}
 {{- if and .Values.redis.enabled (not .Values.redis.passwordSecretName) }}
+{{- $redisPasswordSecret := printf "%s-%s" .Release.Name "redis-password" }}
 # If passwordSecretName is not set, we will either use the set password, or use the generated one
 apiVersion: v1
 kind: Secret
@@ -43,16 +44,19 @@ metadata:
     {{- with .Values.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
-  annotations:
-    "helm.sh/hook": "pre-install"
-    "helm.sh/hook-delete-policy": "before-hook-creation"
-    "helm.sh/hook-weight": "0"
 type: Opaque
 data:
-  password: {{ (default $random_redis_password .Values.redis.password) | b64enc | quote }}
+  {{- $previousSecretData := lookup "v1" "Secret" .Release.Namespace $redisPasswordSecret }}
+  {{- if $previousSecretData }}
+  {{- $previousSecret := index $previousSecretData.data "password"}}
+  "password": {{  $previousSecret }}
+  {{- else }}
+  "password": {{ (default $random_redis_password .Values.redis.password) | b64enc | quote  }}
+  {{- end }}
 ---
 {{- end }}
 {{- if not .Values.data.brokerUrlSecretName }}
+{{- $redisBrokerSecret := printf "%s-%s" .Release.Name "broker-url" }}
 ##################################
 ## Airflow Redis Connection Secret
 ##################################
@@ -69,15 +73,15 @@ metadata:
     {{- with .Values.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}
-  annotations:
-    "helm.sh/hook": "pre-install"
-    "helm.sh/hook-delete-policy": "before-hook-creation"
-    "helm.sh/hook-weight": "0"
 type: Opaque
 data:
-  {{- if .Values.redis.enabled }}
-  connection: {{ urlJoin (dict "scheme" "redis" "userinfo" (printf ":%s" ((default $random_redis_password .Values.redis.password) | urlquery)) "host" (printf "%s-redis:6379" (include "airflow.fullname" .) ) "path" "/0") | b64enc | quote }}
+  {{- $previousSecretData := lookup "v1" "Secret" .Release.Namespace $redisBrokerSecret }}
+  {{- if and ($previousSecretData) (.Values.redis.enabled) }}
+  {{- $previousSecret := index $previousSecretData.data "connection"}}
+  "connection": {{  $previousSecret }}
+  {{- else if .Values.redis.enabled }}
+  "connection": {{ urlJoin (dict "scheme" "redis" "userinfo" (printf ":%s" ((default $random_redis_password .Values.redis.password) | urlquery)) "host" (printf "%s-redis:6379" (include "airflow.fullname" .) ) "path" "/0") | b64enc | quote }}
   {{- else }}
-  connection: {{ (printf "%s" .Values.data.brokerUrl) | b64enc | quote }}
+  "connection": {{ (printf "%s" .Values.data.brokerUrl) | b64enc | quote  }}
   {{- end }}
 {{- end }}

helm_tests/airflow_aux/test_airflow_common.py

@@ -304,13 +304,6 @@ def test_should_use_correct_default_image(self, expected_image, tag, digest):
         for doc in docs:
             assert expected_image == jmespath.search("spec.template.spec.initContainers[0].image", doc)
 
-    def test_should_set_correct_helm_hooks_weight(self):
-        docs = render_chart(
-            show_only=["templates/secrets/fernetkey-secret.yaml"],
-        )
-        annotations = jmespath.search("metadata.annotations", docs[0])
-        assert annotations["helm.sh/hook-weight"] == "0"
-
     def test_should_disable_some_variables(self):
         docs = render_chart(
             values={

helm_tests/other/test_redis.py

@@ -349,16 +349,6 @@ def test_redis_resources_are_not_added_by_default(self):
         )
         assert jmespath.search("spec.template.spec.containers[0].resources", docs[0]) == {}
 
-    def test_should_set_correct_helm_hooks_weight(self):
-        docs = render_chart(
-            values={
-                "executor": "CeleryExecutor",
-            },
-            show_only=["templates/secrets/redis-secrets.yaml"],
-        )
-        annotations = jmespath.search("metadata.annotations", docs[0])
-        assert annotations["helm.sh/hook-weight"] == "0"
-
     def test_persistence_volume_annotations(self):
         docs = render_chart(
             values={"redis": {"persistence": {"annotations": {"foo": "bar"}}}},