[bitnami/mariadb] Don't overwrite existing secrets (#9268)

* [bitnami/mariadb] Don't overwrite existing secrets Don't overwrite already generated secret values on chart upgrade Issue #7403 (#7403) Signed-off-by: Paul Miu <miu.manu@gmx.de> * Update bitnami/mariadb/templates/secrets.yaml Co-authored-by: Miguel Ruiz <miruiz@vmware.com> Signed-off-by: Paul Miu <miu.manu@gmx.de> * Update bitnami/mariadb/templates/secrets.yaml Co-authored-by: Miguel Ruiz <miruiz@vmware.com> Signed-off-by: Paul Miu <miu.manu@gmx.de> * Update bitnami/mariadb/templates/secrets.yaml Signed-off-by: Paul Miu <miu.manu@gmx.de> Co-authored-by: Miguel Ruiz <miruiz@vmware.com> Signed-off-by: Paul Miu <miu.manu@gmx.de> Co-authored-by: Miguel Ruiz <miruiz@vmware.com> Signed-off-by: alukic <alukic@vmware.com>
bitnami · Mar 9, 2022 · 8c915e6 · 8c915e6
1 parent 5c58144
commit 8c915e6
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 19 deletions.
diff --git a/bitnami/mariadb/Chart.yaml b/bitnami/mariadb/Chart.yaml
@@ -26,4 +26,4 @@ sources:
   - https://github.com/bitnami/bitnami-docker-mariadb
   - https://github.com/prometheus/mysqld_exporter
   - https://mariadb.org
-version: 10.3.7
+version: 10.4.0
diff --git a/bitnami/mariadb/templates/_helpers.tpl b/bitnami/mariadb/templates/_helpers.tpl
@@ -120,9 +120,8 @@ Return the secret with MariaDB credentials
 Return true if a secret object should be created for MariaDB
 */}}
 {{- define "mariadb.createSecret" -}}
-{{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) }}
+{{- if not (or .Values.auth.existingSecret .Values.auth.customPasswordFiles) }}
     {{- true -}}
-{{- else -}}
 {{- end -}}
 {{- end -}}
 

diff --git a/bitnami/mariadb/templates/secrets.yaml b/bitnami/mariadb/templates/secrets.yaml
@@ -13,27 +13,23 @@ metadata:
   {{- end }}
 type: Opaque
 data:
-  {{- if not (empty .Values.auth.rootPassword) }}
-  mariadb-root-password: {{ .Values.auth.rootPassword | b64enc | quote }}
-  {{- else if (not .Values.auth.forcePassword) }}
-  mariadb-root-password: {{ randAlphaNum 10 | b64enc | quote }}
+  {{- if (not .Values.auth.forcePassword) }}
+  mariadb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-root-password" "providedValues" (list "auth.rootPassword") "context" $) }}
   {{- else }}
-  mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.auth.rootPassword }}
+  mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.auth.rootPassword | b64enc | quote }}
   {{- end }}
-  {{- if and (not (empty .Values.auth.username)) (not (empty .Values.auth.password)) }}
-  mariadb-password: {{ .Values.auth.password | b64enc | quote }}
-  {{- else if (not .Values.auth.forcePassword) }}
-  mariadb-password: {{ randAlphaNum 10 | b64enc | quote }}
+  {{- if (not (empty .Values.auth.username)) }}
+  {{- if (not .Values.auth.forcePassword) }}
+  mariadb-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-password" "providedValues" (list "auth.password") "context" $) }}
   {{- else }}
-  mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.auth.password }}
+  mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.auth.password | b64enc | quote }}
+  {{- end }}
   {{- end }}
   {{- if eq .Values.architecture "replication" }}
-  {{- if not (empty .Values.auth.replicationPassword) }}
-  mariadb-replication-password: {{ .Values.auth.replicationPassword | b64enc | quote }}
-  {{- else if (not .Values.auth.forcePassword) }}
-  mariadb-replication-password: {{ randAlphaNum 10 | b64enc | quote }}
+  {{- if (not .Values.auth.forcePassword) }}
+  mariadb-replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mariadb-replication-password" "providedValues" (list "auth.replicationPassword") "context" $) }}
   {{- else }}
-  mariadb-replication-password: {{ required "A MariaDB Replication Password is required!" .Values.auth.replicationPassword }}
+  mariadb-replication-password: {{ required "A MariaDB Replication Password is required!" .Values.auth.replicationPassword | b64enc | quote }}
   {{- end }}
   {{- end }}
 {{- end }}
diff --git a/bitnami/mariadb/values.yaml b/bitnami/mariadb/values.yaml
@@ -125,7 +125,7 @@ auth:
   ## @param auth.forcePassword Force users to specify required passwords
   ##
   forcePassword: false
-  ## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable
+  ## @param auth.usePasswordFiles Mount credentials as files instead of using environment variables
   ##
   usePasswordFiles: false
   ## @param auth.customPasswordFiles Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication`