Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Helm]: Generalize Password Lookup #832

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

pseudomuto
Copy link

@Speissi @drdrsh for review

Generalizing the secret lookup functionality that was added in #753 to work for admin_password, auth_query_password, server_password, and really any other one.

It works by creating a pgcat.password template which expects an object containing values for the password and secret keys. password is a literal value normally supplied via .Values.xyz value. secret is an object with a key and name property that effectively functions like a secretKeyRef.

When the literal value is not blank, that is used. Otherwise an attempt is made to lookup to supplied key from the named secret and use that. This is exactly how the current implementation of user_password works, which avoids any breaking changes. See the function definition for more details.

Note: it seems like user_passwordSecret was added (camelCase name)
while all the other ones are snake_case. I elected to use snake case for the new values, but left user_passwordSecret as is to avoid any breaking changes.

Generalizing the secret lookup functionality that was added in postgresml#753 to
work for `admin_password`, `auth_query_password`, `server_password`, and
really any other one.

It works by creating a `pgcat.password` template which expects an object
containing values for the `password` and `secret` keys. `password` is a
literal value normally supplied via `.Values.xyz` value. `secret` is an
object with a key and name property that effectively functions like a
_secretKeyRef_.

When the literal value is not blank, that is used. Otherwise an attempt
is made to lookup to supplied key from the named secret and use that.
This is exactly how the current implementation of `user_password` works,
which avoids any breaking changes. See the function definition for more
details.

> Note: it seems like `user_passwordSecret` was added (camelCase name)
while all the other ones are _snake_case_. I elected to use snake case for
the new values, but left `user_passwordSecret` as is to avoid any
breaking changes.
@@ -5,4 +5,4 @@ maintainers:
- name: Wildcard
email: support@w6d.io
appVersion: "1.2.0"
version: 0.2.1
version: 0.3.0
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if semver is strict here, but bumped to 0.3.0 since new, non-breaking functionality is added. Happy to make this 0.2.2 if that's preferred.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant