From 68696ec695ce870e6123a99ecff54256ce1b0017 Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@netgo.de>
Date: Sun, 5 Jun 2022 15:05:42 +0200
Subject: [PATCH] feat: secrets

---
 smardigo/templates/connect/secret.yml | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/smardigo/templates/connect/secret.yml b/smardigo/templates/connect/secret.yml
index 9a2554c..c1d6271 100644
--- a/smardigo/templates/connect/secret.yml
+++ b/smardigo/templates/connect/secret.yml
@@ -1,6 +1,4 @@
-# store the secret-name as var
-# in my case, the name was very long and containing a lot of fields
-# so it helps me a lot
+# store the secret-name as variable
 {{- $secret_name := "connect-secrets" -}}
 ---
 apiVersion: v1
@@ -9,8 +7,14 @@ metadata:
   name: "{{ $secret_name }}"
   annotations:
     "helm.sh/resource-policy": "keep"
-{{- $previous := lookup "v1" "Secret" .Release.Namespace $secret_name }}
 data:
+  # try to get the old secrets
+  # keep in mind, that a dry-run only returns an empty map
+  {{- $previous := lookup "v1" "Secret" .Release.Namespace $secret_name }}
+
+  # check, if a secret is already set
+  {{- if or (not $previous) (not $previous.data) }}
+  # if not set, then generate a new password
   JWT_SECRET: "{{ .Values.connect.jwt.secret | b64enc }}"
   ADMIN_PASSWORD: "{{ .Values.connect.database.password | b64enc }}"
   DATASOURCE_USERNAME: "{{ .Values.connect.database.username | b64enc }}"
@@ -19,4 +23,16 @@ data:
   ELASTIC_PASSWORD: "{{ .Values.connect.database.password | b64enc }}"
   OIDC_CLIENT_SECRET: "{{ .Values.connect.oidc.client_secret | b64enc }}"
   MAIL_USER: "{{ .Values.connect.mail.username | b64enc }}"
-  MAIL_PASSWORD: "{{ .Values.connect.mail.password | b64enc }}"
\ No newline at end of file
+  MAIL_PASSWORD: "{{ .Values.connect.mail.password | b64enc }}"
+  {{ else }}
+  # if set, then use the old value
+  JWT_SECRET: "{{ index $old_sec.data "JWT_SECRET" }}"
+  ADMIN_PASSWORD: "{{ index $old_sec.data "JWT_SECRET" }}"
+  DATASOURCE_USERNAME: "{{ index $old_sec.data "JWT_SECRET" }}"
+  DATASOURCE_PASSWORD: "{{ index $old_sec.data "JWT_SECRET" }}"
+  ELASTIC_USERNAME: "{{ index $old_sec.data "JWT_SECRET" }}"
+  ELASTIC_PASSWORD: "{{ index $old_sec.data "JWT_SECRET" }}"
+  OIDC_CLIENT_SECRET: "{{ index $old_sec.data "JWT_SECRET" }}"
+  MAIL_USER: "{{ index $old_sec.data "JWT_SECRET" }}"
+  MAIL_PASSWORD: "{{ index $old_sec.data "JWT_SECRET" }}"
+  {{ end }}