Merge pull request #76 from ExB-Group/fix-partial-external-secrets

[charts/metabase] Allow specifying db credentials only partially via existingSecret
pmint93 · Aug 24, 2023 · c9dbb2e · c9dbb2e
2 parents 0d86224 + cdbf3fe
commit c9dbb2e
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 14 deletions.
diff --git a/charts/metabase/Chart.yaml b/charts/metabase/Chart.yaml
@@ -3,7 +3,7 @@ description:
   The easy, open source way for everyone in your company to ask questions
   and learn from data.
 name: metabase
-version: 2.7.7
+version: 2.8.0
 appVersion: v0.46.6.4
 maintainers:
   - name: pmint93

diff --git a/charts/metabase/templates/database-secret.yaml b/charts/metabase/templates/database-secret.yaml
@@ -1,4 +1,4 @@
-{{- if not .Values.database.existingSecret }}
+{{- if or .Values.database.encryptionKey .Values.database.connectionURI .Values.database.username .Values.database.password }}
 apiVersion: v1
 kind: Secret
 metadata:

diff --git a/charts/metabase/templates/deployment.yaml b/charts/metabase/templates/deployment.yaml
@@ -93,20 +93,32 @@ spec:
           - name: MB_DB_FILE
             value: {{ .Values.database.file }}
           {{- end }}
-          {{- if or .Values.database.existingSecretEncryptionKeyKey .Values.database.encryptionKey }}
+          {{- if and .Values.database.existingSecret .Values.database.existingSecretEncryptionKeyKey }}
           - name: MB_ENCRYPTION_SECRET_KEY
             valueFrom:
               secretKeyRef:
-                name: {{ or .Values.database.existingSecret (printf "%s-database" (include "metabase.fullname" .))}}
-                key: {{ or .Values.database.existingSecretEncryptionKeyKey "encryptionKey" }}
+                name: {{ .Values.database.existingSecret }}
+                key: {{ .Values.database.existingSecretEncryptionKeyKey }}
+          {{- else if .Values.database.encryptionKey }}
+          - name: MB_ENCRYPTION_SECRET_KEY
+            valueFrom:
+              secretKeyRef:
+                name: {{ printf "%s-database" (include "metabase.fullname" .)}}
+                key: encryptionKey"
           {{- end }}
           {{- if ne (.Values.database.type | lower) "h2" }}
-            {{- if or .Values.database.existingSecretConnectionURIKey .Values.database.connectionURI }}
+            {{- if and .Values.database.existingSecret .Values.database.existingSecretConnectionURIKey }}
           - name: MB_DB_CONNECTION_URI
             valueFrom:
               secretKeyRef:
-                name: {{ or .Values.database.existingSecret (printf "%s-database" (include "metabase.fullname" .)) }}
-                key: {{ or .Values.database.existingSecretConnectionURIKey "connectionURI" }}
+                name: {{ .Values.database.existingSecret }}
+                key: {{ .Values.database.existingSecretConnectionURIKey }}
+            {{- else if .Values.database.connectionURI }}
+          - name: MB_DB_CONNECTION_URI
+            valueFrom:
+              secretKeyRef:
+                name: {{ (printf "%s-database" (include "metabase.fullname" .)) }}
+                key: connectionURI
             {{- else }}
           - name: MB_DB_HOST
             value: {{ .Values.database.host | quote }}
@@ -115,19 +127,31 @@ spec:
           - name: MB_DB_DBNAME
             value: {{ .Values.database.dbname | quote }}
             {{- end }}
-            {{- if or .Values.database.existingSecretUsernameKey .Values.database.username }}
+            {{- if and .Values.database.existingSecret .Values.database.existingSecretUsernameKey }}
           - name: MB_DB_USER
             valueFrom:
               secretKeyRef:
-                name: {{ or .Values.database.existingSecret (printf "%s-database" (include "metabase.fullname" .)) }}
-                key: {{ or .Values.database.existingSecretUsernameKey "username" }}
+                name: {{ .Values.database.existingSecret }}
+                key: {{ .Values.database.existingSecretUsernameKey }}
+            {{- else if .Values.database.username }}
+          - name: MB_DB_USER
+            valueFrom:
+              secretKeyRef:
+                name: {{ printf "%s-database" (include "metabase.fullname" .) }}
+                key: username
             {{- end }}
-            {{- if or .Values.database.existingSecretPasswordKey .Values.database.password }}
+            {{- if and .Values.database.existingSecret .Values.database.existingSecretPasswordKey }}
+          - name: MB_DB_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ .Values.database.existingSecret }}
+                key: {{ .Values.database.existingSecretPasswordKey }}
+            {{- else if .Values.database.password }}
           - name: MB_DB_PASS
             valueFrom:
               secretKeyRef:
-                name: {{ or .Values.database.existingSecret (printf "%s-database" (include "metabase.fullname" .)) }}
-                key: {{ or .Values.database.existingSecretPasswordKey "password" }}
+                name: {{ (printf "%s-database" (include "metabase.fullname" .)) }}
+                key: password
             {{- end }}
           {{- end }}
           - name: MB_PASSWORD_COMPLEXITY