Add missing secret templates.

owncloud · Jun 6, 2023 · b6d13ed · b6d13ed
1 parent 7b0be2f
commit b6d13ed
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 8 deletions.
diff --git a/charts/ocis/templates/_common/_configvalues.tpl b/charts/ocis/templates/_common/_configvalues.tpl
@@ -60,6 +60,10 @@ All take the scope as the first and only parameter.
 {{ .Values.secretRefs.transferSecretSecretRef | default "transfer-secret" | quote }}
 {{- end -}}
 
+{{- define "secrets.s3CredentialsSecret" -}}
+{{ .Values.secretRefs.s3CredentialsSecretRef | default "s3-credentials-secret" | quote }}
+{{- end -}}
+
 {{- define "config.storageUsers" -}}
 {{ .Values.configRefs.storageusersConfigRef | default "storage-users" | quote }}
 {{- end -}}

diff --git a/charts/ocis/templates/storageusers/deployment.yaml b/charts/ocis/templates/storageusers/deployment.yaml
@@ -94,12 +94,12 @@ spec:
             - name: STORAGE_USERS_S3NG_ACCESS_KEY
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.secretRefs.s3CredentialsSecretRef }}
+                  name: {{ include "secrets.s3CredentialsSecret" . }}
                   key: accessKey
             - name: STORAGE_USERS_S3NG_SECRET_KEY
               valueFrom:
                 secretKeyRef:
-                  name: {{ .Values.secretRefs.s3CredentialsSecretRef }}
+                  name: {{ include "secrets.s3CredentialsSecret" . }}
                   key: secretKey
             - name: STORAGE_USERS_S3NG_BUCKET
               value: {{ .Values.services.storageusers.storageBackend.driverConfig.s3ng.bucket | quote }}

diff --git a/charts/ocis/templates/storageusers/jobs.yaml b/charts/ocis/templates/storageusers/jobs.yaml
@@ -66,12 +66,12 @@ spec:
                 - name: STORAGE_USERS_S3NG_ACCESS_KEY
                   valueFrom:
                     secretKeyRef:
-                      name: {{ .Values.secretRefs.s3CredentialsSecretRef }}
+                      name: {{ include "secrets.s3CredentialsSecret" . }}
                       key: accessKey
                 - name: STORAGE_USERS_S3NG_SECRET_KEY
                   valueFrom:
                     secretKeyRef:
-                      name: {{ .Values.secretRefs.s3CredentialsSecretRef }}
+                      name: {{ include "secrets.s3CredentialsSecret" . }}
                       key: secretKey
                 - name: STORAGE_USERS_S3NG_BUCKET
                   value: {{ .Values.services.storageusers.storageBackend.driverConfig.s3ng.bucket | quote }}

diff --git a/charts/ocis/templates/storageusers/secret.yaml b/charts/ocis/templates/storageusers/secret.yaml
@@ -1,4 +1,4 @@
-{{ if eq .Values.services.storageusers.storageBackend.driver "s3ng" -}}
+{{ if and (eq .Values.services.storageusers.storageBackend.driver "s3ng") (not .Values.secretRefs.s3CredentialsSecretRef) -}}
 {{ if and (.Values.services.storageusers.storageBackend.driverConfig.s3ng.accessKey) (.Values.services.storageusers.storageBackend.driverConfig.s3ng.secretKey) -}}
 apiVersion: v1
 kind: Secret

diff --git a/charts/ocis/values.yaml b/charts/ocis/values.yaml
@@ -508,9 +508,8 @@ secretRefs:
   # -- Reference to an existing transfer secret (see ref:Secrets#secrets)
   transferSecretSecretRef: ""
   # -- Reference to an existing s3 secret (see ref:Secrets#secrets)
-  # This secret needs to remain filled in, as the s3 credentials secret can be filled in via the settings
-  # for backwards compatibility reasons.
-  s3CredentialsSecretRef: "s3-credentials-secret"
+  # If not filled in, will attempt to to use values in `.storageusers.storageBackend.s3.driverConfig.s3ng` instead.
+  s3CredentialsSecretRef: ""
 
 # Security context options.
 securityContext: