At last, randomly generated password which persist accross upgrades

Signed-off-by: Marcio Silva <[email protected]>
keylime · Aug 2, 2023 · c8e0f32 · c8e0f32
1 parent dccd665
commit c8e0f32
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/build/helm/keylime/templates/_helpers.tpl b/build/helm/keylime/templates/_helpers.tpl
@@ -88,7 +88,6 @@ Always expands to the name of the secret used for the CA certificate when the in
 {{- end }}
 {{- $key := printf "%s_%s" .Release.Name "password" -}}
 {{- if not (index .Release.tmp_vars $key) -}}
-{{- /* ... store random password under the $key */ -}}
 {{-   $_ := set .Release.tmp_vars $key (randAlphaNum 32) -}}
 {{- end -}}
 {{- /* Retrieve previously generated value. */ -}}
@@ -104,7 +103,7 @@ Generate a random password if one is not defined
 {{- if $existingSecret -}}
 {{- index $existingSecret.data "KEYLIME_CA_PASSWORD" -}}
 {{- else -}}
-{{- (include "generate_static_password" .) -}}
+{{- default (include "generate_static_password" .) .Values.global.ca.password | b64enc | quote -}}
 {{- end -}}
 {{- end -}}
 
@@ -124,7 +123,7 @@ Generate a random password if one is not defined
 {{- if $existingSecret -}}
 {{- index $existingSecret.data "mysql-root-password" -}}
 {{- else -}}
-{{- default (randAlphaNum 64) .Values.global.database.mysql.password | b64enc | quote -}}
+{{- default (include "generate_static_password" .) .Values.global.database.mysql.password | b64enc | quote -}}
 {{- end -}}
 {{- end -}}