[bitnami/common] Allows tpl in provided passwords "common.secrets.passwords.manage"#33196
[bitnami/common] Allows tpl in provided passwords "common.secrets.passwords.manage"#33196juan131 merged 4 commits intobitnami:mainfrom
Conversation
Signed-off-by: Koren Peretz <62677694+KorenP1@users.noreply.github.com>
Signed-off-by: Koren Peretz <62677694+KorenP1@users.noreply.github.com>
Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
|
@juan131 Mentioning you because you have experience with the common chart. Thanks. |
javsalgar
added
verify
Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
|
@juan131 The keycloak chart uses this function to generate the password/Use an existing one. |
|
Hi @KorenP1 I don't think I understand how this can help to resolve your use case. What the helper expects isn't a chat value but a chart key, check the parameter below: So you'd have to use sth like this: |
|
@juan131 Hi :) If we want to allow tpl for the external db password we should change either the function in the common chart or either the implementation in the URL i have sent. EDIT: The usage will be '{{ .Values.global.postgresql.auth.password }}' |
|
Hi @KorenP1
Using a values for Keycloak chart with this change? diff --git a/bitnami/keycloak/values.yaml b/bitnami/keycloak/values.yaml
index bddc5db02c..2c1cf8f88f 100644
--- a/bitnami/keycloak/values.yaml
+++ b/bitnami/keycloak/values.yaml
@@ -1336,7 +1336,7 @@ keycloakConfigCli:
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
##
postgresql:
- enabled: true
+ enabled: false
auth:
postgresPassword: ""
username: bn_keycloak
@@ -1366,7 +1366,7 @@ externalDatabase:
port: 5432
user: bn_keycloak
database: bitnami_keycloak
- password: ""
+ password: "{{ .Values.global.postgresql.auth.password }}"
existingSecret: ""
existingSecretHostKey: ""
existingSecretPortKey: ""I don't think that would work, could you give it a try? |
|
Hi @juan131 Yep, this are the values i wanna be using in my use case. maybe you forgot adding global.postgresql.auth.password, Ill add my values file that is working. Make sure you have the tpl change in the common chart. global:
postgresql:
auth:
password: mySecretPassword
postgresql:
enabled: false
externalDatabase:
password: '{{ .Values.global.postgresql.auth.password }}'Then i executed this command: |
|
@KorenP1 thanks so much for sharing the values you were using. I was able to successfully get what you were trying to achieve using them: $ echo $(helm template keycloak bitnami/keycloak -f values.yaml -s templates/secret-external-db.yaml | yq .data.db-password | base64 --decode)
mySecretPasswordIt fails though if Error: template: keycloak/templates/secret-external-db.yaml:18:18: executing "keycloak/templates/secret-external-db.yaml" at <include "common.secrets.passwords.manage" (dict "secret" (printf "%s-externaldb" (include "common.names.fullname" .)) "key" "db-password" "length" 10 "providedValues" (list "externalDatabase.password") "context" $)>: error calling include: template: keycloak/charts/common/templates/_secrets.tpl:118:20: executing "common.secrets.passwords.manage" at <tpl ($providedPasswordValue | toString) .context>: error calling tpl: error during tpl function execution for "{{ .Values.global.postgresql.auth.password }}": template: gotpl:1:10: executing "gotpl" at <.Values.global.postgresql.auth.password>: nil pointer evaluating interface {}.authIt's true that we can get the same results by introducing the changes below in Keycloak: diff --git a/bitnami/keycloak/templates/_helpers.tpl b/bitnami/keycloak/templates/_helpers.tpl
index fba3e50830..5e9773b115 100644
--- a/bitnami/keycloak/templates/_helpers.tpl
+++ b/bitnami/keycloak/templates/_helpers.tpl
@@ -318,7 +318,7 @@ Compile all warnings into a single message.
{{/* Validate values of Keycloak - database */}}
{{- define "keycloak.validateValues.database" -}}
-{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.host) (and (not .Values.externalDatabase.password) (not .Values.externalDatabase.existingSecret)) -}}
+{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.host) (and (not .Values.global.postgresql.auth.password) (not .Values.externalDatabase.password) (not .Values.externalDatabase.existingSecret)) -}}
keycloak: database
You disabled the PostgreSQL sub-chart but did not specify an external PostgreSQL host.
Either deploy the PostgreSQL sub-chart (--set postgresql.enabled=true),
diff --git a/bitnami/keycloak/templates/secret-external-db.yaml b/bitnami/keycloak/templates/secret-external-db.yaml
index ca61a5ab61..2fd9b986a0 100644
--- a/bitnami/keycloak/templates/secret-external-db.yaml
+++ b/bitnami/keycloak/templates/secret-external-db.yaml
@@ -15,5 +15,5 @@ metadata:
{{- end }}
type: Opaque
data:
- db-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-externaldb" (include "common.names.fullname" .)) "key" "db-password" "length" 10 "providedValues" (list "externalDatabase.password") "context" $) }}
+ db-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-externaldb" (include "common.names.fullname" .)) "key" "db-password" "length" 10 "providedValues" (list "global.postgresql.auth.password" "externalDatabase.password") "context" $) }}
{{- end }}And using these values: global:
postgresql:
auth:
password: mySecretPassword
postgresql:
enabled: falseIt might be a better solution.. But, given the changes in this PR doesn't introduce any breaking change technically speaking, I'll accept it. |
…swords.manage" (bitnami#33196) Signed-off-by: Pablo Fernandez <pablo.fernandez@qustodio.com>
5 participants
Title