github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/kafka/charts/common/templates/_secrets.tpl

github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/kafka/charts/common/templates/_secrets.tpl (about)

     1  {{/* vim: set filetype=mustache: */}}
     2  {{/*
     3  Generate secret name.
     4  
     5  Usage:
     6  {{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
     7  
     8  Params:
     9    - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
    10      to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
    11      +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
    12    - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
    13    - context - Dict - Required. The context for the template evaluation.
    14  */}}
    15  {{- define "common.secrets.name" -}}
    16  {{- $name := (include "common.names.fullname" .context) -}}
    17  
    18  {{- if .defaultNameSuffix -}}
    19  {{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
    20  {{- end -}}
    21  
    22  {{- with .existingSecret -}}
    23  {{- if not (typeIs "string" .) -}}
    24  {{- with .name -}}
    25  {{- $name = . -}}
    26  {{- end -}}
    27  {{- else -}}
    28  {{- $name = . -}}
    29  {{- end -}}
    30  {{- end -}}
    31  
    32  {{- printf "%s" $name -}}
    33  {{- end -}}
    34  
    35  {{/*
    36  Generate secret key.
    37  
    38  Usage:
    39  {{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
    40  
    41  Params:
    42    - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
    43      to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
    44      +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
    45    - key - String - Required. Name of the key in the secret.
    46  */}}
    47  {{- define "common.secrets.key" -}}
    48  {{- $key := .key -}}
    49  
    50  {{- if .existingSecret -}}
    51    {{- if not (typeIs "string" .existingSecret) -}}
    52      {{- if .existingSecret.keyMapping -}}
    53        {{- $key = index .existingSecret.keyMapping $.key -}}
    54      {{- end -}}
    55    {{- end }}
    56  {{- end -}}
    57  
    58  {{- printf "%s" $key -}}
    59  {{- end -}}
    60  
    61  {{/*
    62  Generate secret password or retrieve one if already created.
    63  
    64  Usage:
    65  {{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
    66  
    67  Params:
    68    - secret - String - Required - Name of the 'Secret' resource where the password is stored.
    69    - key - String - Required - Name of the key in the secret.
    70    - providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
    71    - length - int - Optional - Length of the generated random password.
    72    - strong - Boolean - Optional - Whether to add symbols to the generated random password.
    73    - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
    74    - context - Context - Required - Parent context.
    75  
    76  The order in which this function returns a secret password:
    77    1. Already existing 'Secret' resource
    78       (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
    79    2. Password provided via the values.yaml
    80       (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
    81    3. Randomly generated secret password
    82       (A new random secret password with the length specified in the 'length' parameter will be generated and returned)
    83  
    84  */}}
    85  {{- define "common.secrets.passwords.manage" -}}
    86  
    87  {{- $password := "" }}
    88  {{- $subchart := "" }}
    89  {{- $chartName := default "" .chartName }}
    90  {{- $passwordLength := default 10 .length }}
    91  {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
    92  {{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
    93  {{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }}
    94  {{- if $secretData }}
    95    {{- if hasKey $secretData .key }}
    96      {{- $password = index $secretData .key | quote }}
    97    {{- else }}
    98      {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
    99    {{- end -}}
   100  {{- else if $providedPasswordValue }}
   101    {{- $password = $providedPasswordValue | toString | b64enc | quote }}
   102  {{- else }}
   103  
   104    {{- if .context.Values.enabled }}
   105      {{- $subchart = $chartName }}
   106    {{- end -}}
   107  
   108    {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
   109    {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
   110    {{- $passwordValidationErrors := list $requiredPasswordError -}}
   111    {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
   112  
   113    {{- if .strong }}
   114      {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
   115      {{- $password = randAscii $passwordLength }}
   116      {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
   117      {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
   118    {{- else }}
   119      {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
   120    {{- end }}
   121  {{- end -}}
   122  {{- printf "%s" $password -}}
   123  {{- end -}}
   124  
   125  {{/*
   126  Returns whether a previous generated secret already exists
   127  
   128  Usage:
   129  {{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
   130  
   131  Params:
   132    - secret - String - Required - Name of the 'Secret' resource where the password is stored.
   133    - context - Context - Required - Parent context.
   134  */}}
   135  {{- define "common.secrets.exists" -}}
   136  {{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
   137  {{- if $secret }}
   138    {{- true -}}
   139  {{- end -}}
   140  {{- end -}}