From ded88fa82e346ad80ccadb49c95bfcedb3e9d4bb Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@netgo.de>
Date: Fri, 3 Jun 2022 14:11:29 +0200
Subject: [PATCH] feat: secrets

---
 smardigo/templates/connect/secret.yml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/smardigo/templates/connect/secret.yml b/smardigo/templates/connect/secret.yml
index 578a6aa..44125ad 100644
--- a/smardigo/templates/connect/secret.yml
+++ b/smardigo/templates/connect/secret.yml
@@ -1,10 +1,26 @@
 ---
+# store the secret-name as var
+# in my case, the name was very long and containing a lot of fields
+# so it helps me a lot
+{{- $secret_name := "your-secret-name" -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: connect-secrets
+  name: "{{ $secret_name }}"
 data:
-  JWT_SECRET: "{{ .Values.connect.jwt.secret | b64enc }}"
+  # try to get the old secret
+  # keep in mind, that a dry-run only returns an empty map 
+  {{- $old_sec := lookup "v1" "Secret" .Release.Namespace $secret_name }}
+
+ # check, if a secret is already set
+  {{- if or (not $old_sec) (not $old_sec.data) (not index $old_sec.data "JWT_SECRET") }}
+  # if not set, then generate a new password
+  JWT_SECRET: {{ # 20 | b64enc }}
+  {{ else }}
+  # if set, then use the old value
+  JWT_SECRET: {{ index $old_sec.data "JWT_SECRET" }}
+  {{ end }}
+
   ADMIN_PASSWORD: "{{ .Values.connect.database.password | b64enc}}"
   DATASOURCE_USERNAME: "{{ .Values.connect.database.username | b64enc }}"
   DATASOURCE_PASSWORD: "{{ .Values.connect.database.password | b64enc }}"