Add secret generation to main helm chart.

This creates a generic secret template that can be used to generate secrets for all services. The secret template takes a dict of the scope, the name of the secret, and the data to be stored in the secret. This will be used to prefill any non-predefined secrets that are set in the secretRefs. Fixes #50
owncloud · May 23, 2023 · 19d0b0e · 19d0b0e
1 parent c37e17f
commit 19d0b0e
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/charts/ocis/templates/_common/_tplvalues.tpl b/charts/ocis/templates/_common/_tplvalues.tpl
@@ -249,3 +249,24 @@ oCIS serviceAccount settings
 {{- define "ocis.serviceAccount" -}}
 automountServiceAccountToken: true
 {{- end -}}
+
+{{/*
+oCIS secret wrapper
+
+@param .name          The name of the secret.
+@param .params          Dict containing data keys/values (plaintext).
+@para
+*/}}
+{{- define "ocis.secret" -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+data:
+  {{- $secretObj := (lookup "v1" "Secret" .scope.Release.Namespace .name) | default dict }}
+  {{- $secretData := (get $secretObj "data") | default dict }}
+  {{- range $key, $value := .params }}
+  {{- $secretValue := (get $secretData $key) | default ($value | b64enc | quote)}}
+  {{ $key }}: {{ $secretValue }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/ocis/templates/idm/secret.yaml b/charts/ocis/templates/idm/secret.yaml
@@ -0,0 +1,6 @@
+{{- if ne .Values.externalUserManagement "enabled" }}
+{{- $params := (dict)}}
+{{- $_ := set $params "user-id" uuidv4 }}
+{{- $_ := set $params "password" (randAlphaNum 10) }}
+{{- include "ocis.secret" (dict "scope" . "name" .Values.secretRefs.adminUserSecretRef "params" $params)}}
+{{- end }}