From 8f605777f93ac41eb2df1411866036f286f5acf0 Mon Sep 17 00:00:00 2001 From: Adrien Ballet Date: Wed, 12 Jun 2024 17:23:50 +0200 Subject: [PATCH] feat: expose username and password environment variables --- charts/openfga/templates/deployment.yaml | 22 ++++++++++++++ charts/openfga/templates/job.yaml | 22 ++++++++++++++ charts/openfga/values.schema.json | 37 +++++++++++++++++++++++- charts/openfga/values.yaml | 7 ++++- 4 files changed, 86 insertions(+), 2 deletions(-) diff --git a/charts/openfga/templates/deployment.yaml b/charts/openfga/templates/deployment.yaml index d3d9aec..498c0d3 100644 --- a/charts/openfga/templates/deployment.yaml +++ b/charts/openfga/templates/deployment.yaml @@ -96,6 +96,28 @@ spec: key: "uri" {{- end }} + {{- if .Values.datastore.username }} + - name: OPENFGA_DATASTORE_USERNAME + value: "{{ .Values.datastore.username }}" + {{- else if .Values.datastore.credentialsSecret }} + - name: OPENFGA_DATASTORE_USERNAME + valueFrom: + secretKeyRef: + name: "{{ .Values.datastore.credentialsSecret }}" + key: "{{ .Values.datastore.credentialsSecretUsernameKey }}" + {{- end }} + + {{- if .Values.datastore.password }} + - name: OPENFGA_DATASTORE_PASSWORD + value: "{{ .Values.datastore.password }}" + {{- else if .Values.datastore.credentialsSecret }} + - name: OPENFGA_DATASTORE_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.datastore.credentialsSecret }}" + key: "{{ .Values.datastore.credentialsSecretPasswordKey }}" + {{- end }} + {{- if .Values.datastore.maxCacheSize }} - name: OPENFGA_DATASTORE_MAX_CACHE_SIZE value: "{{ .Values.datastore.maxCacheSize }}" diff --git a/charts/openfga/templates/job.yaml b/charts/openfga/templates/job.yaml index 8a1acdc..ec55ec3 100644 --- a/charts/openfga/templates/job.yaml +++ b/charts/openfga/templates/job.yaml @@ -52,6 +52,28 @@ spec: key: "uri" {{- end }} + {{- if .Values.datastore.username }} + - name: OPENFGA_DATASTORE_USERNAME + value: "{{ .Values.datastore.username }}" + {{- else if .Values.datastore.credentialsSecret }} + - name: OPENFGA_DATASTORE_USERNAME + valueFrom: + secretKeyRef: + name: "{{ .Values.datastore.credentialsSecret }}" + key: "{{ .Values.datastore.credentialsSecretUsernameKey }}" + {{- end }} + + {{- if .Values.datastore.password }} + - name: OPENFGA_DATASTORE_PASSWORD + value: "{{ .Values.datastore.password }}" + {{- else if .Values.datastore.credentialsSecret }} + - name: OPENFGA_DATASTORE_PASSWORD + valueFrom: + secretKeyRef: + name: "{{ .Values.datastore.credentialsSecret }}" + key: "{{ .Values.datastore.credentialsSecretPasswordKey }}" + {{- end }} + {{- if .Values.migrate.timeout }} - name: OPENFGA_TIMEOUT value: "{{ .Values.migrate.timeout }}" diff --git a/charts/openfga/values.schema.json b/charts/openfga/values.schema.json index 19f5c9b..aa132f3 100644 --- a/charts/openfga/values.schema.json +++ b/charts/openfga/values.schema.json @@ -189,7 +189,7 @@ }, "additionalLabels": { "type": "object", - "description": "additional labels to be added to the serivceMonitor resource", + "description": "additional labels to be added to the serviceMonitor resource", "default": {} }, "annotations": { @@ -280,6 +280,41 @@ ], "description": "the secret name where to get the datastore URI, it expects a key named uri to exist in the secret" }, + "username": { + "type": [ + "string", + "null" + ], + "description": "the connection username to connect to the datastore (overwrites any username provided in the connection uri)" + }, + "password": { + "type": [ + "string", + "null" + ], + "description": "the connection password to connect to the datastore (overwrites any password provided in the connection uri)" + }, + "credentialsSecret": { + "type": [ + "string", + "null" + ], + "description": "the secret name where to get the username and password for the datastore database" + }, + "credentialsSecretUsernameKey": { + "type": [ + "string" + ], + "description": "the key for the username in the credentialsSecret", + "default": "username" + }, + "credentialsSecretPasswordKey": { + "type": [ + "string" + ], + "description": "the key for the password in the credentialsSecret", + "default": "password" + }, "maxCacheSize": { "type": [ "integer", diff --git a/charts/openfga/values.yaml b/charts/openfga/values.yaml index 5222fe7..298b41e 100644 --- a/charts/openfga/values.yaml +++ b/charts/openfga/values.yaml @@ -129,7 +129,7 @@ telemetry: ## enabled: false - ## @param telemetry.metrics.serviceMonitor.additionalLabels additional labels to be added to the serivceMonitor resource + ## @param telemetry.metrics.serviceMonitor.additionalLabels additional labels to be added to the serviceMonitor resource ## additionalLabels: {} @@ -190,6 +190,11 @@ datastore: engine: memory uri: uriSecret: + username: + password: + credentialsSecret: + credentialsSecretUsernameKey: username + credentialsSecretPasswordKey: password maxCacheSize: maxOpenConns: maxIdleConns: