From 97ec7f1bfa0e67967e0e69c5eb7a424ba6135561 Mon Sep 17 00:00:00 2001 From: Michael Derynck Date: Wed, 19 Jun 2024 15:18:19 -0600 Subject: [PATCH] Only generate random OnCall secrets value when it is not provided (#4563) # What this PR does New secret values were being generated for OnCall secrets `secretKey` and `mirageSecretKey` even when a fixed value was provided in the `values.yaml` file. This causes encryption of tokens to break in the DB through inconsistency when things are redeployed. This PR fixes it so that the value will only be generated if it is not set and the values in `values.yaml` are used. ## Which issue(s) this PR closes Closes [issue link here] ## Checklist - [ ] Unit, integration, and e2e (if applicable) tests updated - [ ] Documentation added (or `pr:no public docs` PR label added if not required) - [ ] Added the relevant release notes label (see labels prefixed w/ `release:`). These labels dictate how your PR will show up in the autogenerated release notes. --- helm/oncall/templates/secrets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/oncall/templates/secrets.yaml b/helm/oncall/templates/secrets.yaml index 40a02694..a4c32845 100644 --- a/helm/oncall/templates/secrets.yaml +++ b/helm/oncall/templates/secrets.yaml @@ -12,8 +12,8 @@ metadata: {{- end }} type: Opaque data: - {{ include "snippet.oncall.secret.secretKey" . }}: {{ randAlphaNum 40 | b64enc | quote }} - {{ include "snippet.oncall.secret.mirageSecretKey" . }}: {{ randAlphaNum 40 | b64enc | quote }} + {{ include "snippet.oncall.secret.secretKey" . }}: {{ (.Values.oncall.secrets.secretKey | default (randAlphaNum 40)) | b64enc | quote }} + {{ include "snippet.oncall.secret.mirageSecretKey" . }}: {{ (.Values.oncall.secrets.mirageSecretKey | default (randAlphaNum 40)) | b64enc | quote }} --- {{- end }} {{- if and (eq .Values.database.type "mysql") (not .Values.mariadb.enabled) (not .Values.externalMysql.existingSecret) }}