🐛 Allow external redis/rabbitmq secret creation even if the broke… (#3903)

# What this PR does
This PR allows the chart to create the secret of your redis / rabbitmq
even if it's not the broker.
Actually, this is blocking if we want to have a redis as cache and a
rabbitmq as broker for example

## Which issue(s) this PR fixes
Closes https://github.com/grafana/oncall/issues/2979

## Checklist

- [x] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)

---------

Co-authored-by: Joey Orlando <joey.orlando@grafana.com>
Co-authored-by: Joey Orlando <joseph.t.orlando@gmail.com>

CHANGELOG.md

@@ -20,6 +20,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Unblock slack install by skipping check chatops gateway link in OSS deployment @mderynck ([#3893](https://github.com/grafana/oncall/pull/3893))
 - Fix multiple issues of alert groups table ([#3894](https://github.com/grafana/oncall/issues/3894))
 - Improvements for dragging the add rotation form in Schedules ([#3904](https://github.com/grafana/oncall/pull/3904))
+- Allow external-redis secret creation when the broker is rabbitmq ([#3903](https://github.com/grafana/oncall/pull/3903))
 
 ### Changed
 

helm/oncall/templates/secrets.yaml

@@ -46,7 +46,7 @@ data:
   postgres-password: {{ required "externalPostgresql.password is required if not postgresql.enabled and not externalPostgresql.existingSecret" .Values.externalPostgresql.password | b64enc | quote }}
 ---
 {{- end }}
-{{- if and (eq .Values.broker.type "rabbitmq") (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingSecret) }}
+{{- if and (eq .Values.broker.type "rabbitmq") (.Values.externalRabbitmq.password) (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingSecret) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -61,7 +61,7 @@ data:
   rabbitmq-password: {{ required "externalRabbitmq.password is required if not rabbitmq.enabled and not externalRabbitmq.existingSecret" .Values.externalRabbitmq.password | b64enc | quote }}
 ---
 {{- end }}
-{{- if and (eq .Values.broker.type "redis") (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) }}
+{{- if and (.Values.externalRedis.host) (not .Values.redis.enabled) (not .Values.externalRedis.existingSecret) }}
 apiVersion: v1
 kind: Secret
 metadata:

helm/oncall/tests/broker_secret_test.yaml

@@ -0,0 +1,113 @@
+suite: test broker secrets creation
+release:
+  name: oncall
+templates:
+  - engine/deployment.yaml
+  - celery/deployment.yaml
+  - secrets.yaml
+tests:
+  - it: externalRedis.password and broker.type="rabbitmq" -> should create secret -redis-external
+    templates:
+      - engine/deployment.yaml
+      - celery/deployment.yaml
+    set:
+      telegramPolling.enabled: true
+      rabbitmq.enabled: true
+      redis.enabled: false
+      broker.type: rabbitmq
+      externalRedis:
+        host: redis.example.com
+        username: user123
+        password: abcd123
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: REDIS_USERNAME
+            value: user123
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: oncall-redis-external
+                key: redis-password
+      - containsDocument:
+          kind: Secret
+          apiVersion: v1
+          metadata.name: oncall-redis-external
+        template: secrets.yaml
+      - equal:
+          path: data.redis-password
+          value: abcd123
+          decodeBase64: true
+        documentIndex: 1
+        template: secrets.yaml
+  - it: |
+      externalRedis.password and externalRabbitmq.password -> should create secret
+      -redis-external and -rabbitmq-external
+    templates:
+      - engine/deployment.yaml
+      - celery/deployment.yaml
+    set:
+      rabbitmq.enabled: false
+      redis.enabled: false
+      broker.type: rabbitmq
+      externalRedis:
+        host: redis.example.com
+        username: user123
+        password: abcd123
+      externalRabbitmq:
+        host: custom-host
+        user: custom-user
+        password: custom-password
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: RABBITMQ_USERNAME
+            value: custom-user
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: RABBITMQ_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: rabbitmq-password
+                name: oncall-rabbitmq-external
+      - containsDocument:
+          kind: Secret
+          apiVersion: v1
+          metadata.name: oncall-rabbitmq-external
+        template: secrets.yaml
+      - equal:
+          path: data.rabbitmq-password
+          value: custom-password
+          decodeBase64: true
+        documentIndex: 1
+        template: secrets.yaml
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: REDIS_USERNAME
+            value: user123
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: oncall-redis-external
+                key: redis-password
+      - containsDocument:
+          kind: Secret
+          apiVersion: v1
+          metadata.name: oncall-redis-external
+        template: secrets.yaml
+      - equal:
+          path: data.redis-password
+          value: abcd123
+          decodeBase64: true
+        documentIndex: 2
+        template: secrets.yaml