From afdf9ab241eaee6b5891e68e015ca6d04ad36371 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20Franke?= <df@ponc.tech>
Date: Tue, 23 May 2023 12:08:40 +0200
Subject: [PATCH] Add secret generation to main helm chart.

This creates a generic secret template that can be used to generate
secrets for all services. The secret template takes a dict of the scope,
the name of the secret, and the data to be stored in the secret.

This will be used to prefill any non-predefined secrets that are set in
the secretRefs.

Fixes #50
---
 charts/ocis/templates/_common/_tplvalues.tpl | 21 ++++++++++++++++++++
 charts/ocis/templates/idm/secret.yaml        |  6 ++++++
 2 files changed, 27 insertions(+)
 create mode 100644 charts/ocis/templates/idm/secret.yaml

diff --git a/charts/ocis/templates/_common/_tplvalues.tpl b/charts/ocis/templates/_common/_tplvalues.tpl
index 10dc4b24b..55b7ff0ea 100644
--- a/charts/ocis/templates/_common/_tplvalues.tpl
+++ b/charts/ocis/templates/_common/_tplvalues.tpl
@@ -287,3 +287,24 @@ oCIS persistence dataVolume
   emptyDir: {}
   {{- end }}
 {{- end -}}
+
+{{/*
+oCIS secret wrapper
+
+@param .name          The name of the secret.
+@param .params          Dict containing data keys/values (plaintext).
+@para
+*/}}
+{{- define "ocis.secret" -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+data:
+  {{- $secretObj := (lookup "v1" "Secret" .scope.Release.Namespace .name) | default dict }}
+  {{- $secretData := (get $secretObj "data") | default dict }}
+  {{- range $key, $value := .params }}
+  {{- $secretValue := (get $secretData $key) | default ($value | b64enc | quote)}}
+  {{ $key }}: {{ $secretValue }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/ocis/templates/idm/secret.yaml b/charts/ocis/templates/idm/secret.yaml
new file mode 100644
index 000000000..f764ca7bd
--- /dev/null
+++ b/charts/ocis/templates/idm/secret.yaml
@@ -0,0 +1,6 @@
+{{- if ne .Values.externalUserManagement "enabled" }}
+{{- $params := (dict)}}
+{{- $_ := set $params "user-id" uuidv4 }}
+{{- $_ := set $params "password" (randAlphaNum 10) }}
+{{- include "ocis.secret" (dict "scope" . "name" .Values.secretRefs.adminUserSecretRef "params" $params)}}
+{{- end }}