Página inicial Explorar Ajuda
Registrar Entrar
sxwl_DL
/
aihub-dag-helmbe
0
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: b7d342798a
Branches Tags
aihub-dag-he...
/
aihub-dag-jupyter
/
charts
/
common
/
templates
/
_secrets.tpl

_secrets.tpl 6.0 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. {{/* vim: set filetype=mustache: */}}
    2. 

  2. {{/*
    3. 

  3. Generate secret name.
    4. 

  4. 

  5. Usage:
    6. 

  6. {{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
    7. 

  7. 

  8. Params:
    9. 

  9.   - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
    10. 

  10.     to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
    11. 

  11.     +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
    12. 

  12.   - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
    13. 

  13.   - context - Dict - Required. The context for the template evaluation.
    14. 

  14. */}}
    15. 

  15. {{- define "common.secrets.name" -}}
    16. 

  16. {{- $name := (include "common.names.fullname" .context) -}}
    17. 

  17. 

  18. {{- if .defaultNameSuffix -}}
    19. 

  19. {{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
    20. 

  20. {{- end -}}
    21. 

  21. 

  22. {{- with .existingSecret -}}
    23. 

  23. {{- if not (typeIs "string" .) -}}
    24. 

  24. {{- with .name -}}
    25. 

  25. {{- $name = . -}}
    26. 

  26. {{- end -}}
    27. 

  27. {{- else -}}
    28. 

  28. {{- $name = . -}}
    29. 

  29. {{- end -}}
    30. 

  30. {{- end -}}
    31. 

  31. 

  32. {{- printf "%s" $name -}}
    33. 

  33. {{- end -}}
    34. 

  34. 

  35. {{/*
    36. 

  36. Generate secret key.
    37. 

  37. 

  38. Usage:
    39. 

  39. {{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
    40. 

  40. 

  41. Params:
    42. 

  42.   - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
    43. 

  43.     to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
    44. 

  44.     +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret
    45. 

  45.   - key - String - Required. Name of the key in the secret.
    46. 

  46. */}}
    47. 

  47. {{- define "common.secrets.key" -}}
    48. 

  48. {{- $key := .key -}}
    49. 

  49. 

  50. {{- if .existingSecret -}}
    51. 

  51.   {{- if not (typeIs "string" .existingSecret) -}}
    52. 

  52.     {{- if .existingSecret.keyMapping -}}
    53. 

  53.       {{- $key = index .existingSecret.keyMapping $.key -}}
    54. 

  54.     {{- end -}}
    55. 

  55.   {{- end }}
    56. 

  56. {{- end -}}
    57. 

  57. 

  58. {{- printf "%s" $key -}}
    59. 

  59. {{- end -}}
    60. 

  60. 

  61. {{/*
    62. 

  62. Generate secret password or retrieve one if already created.
    63. 

  63. 

  64. Usage:
    65. 

  65. {{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
    66. 

  66. 

  67. Params:
    68. 

  68.   - secret - String - Required - Name of the 'Secret' resource where the password is stored.
    69. 

  69.   - key - String - Required - Name of the key in the secret.
    70. 

  70.   - providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
    71. 

  71.   - length - int - Optional - Length of the generated random password.
    72. 

  72.   - strong - Boolean - Optional - Whether to add symbols to the generated random password.
    73. 

  73.   - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
    74. 

  74.   - context - Context - Required - Parent context.
    75. 

  75. 

  76. The order in which this function returns a secret password:
    77. 

  77.   1. Already existing 'Secret' resource
    78. 

  78.      (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
    79. 

  79.   2. Password provided via the values.yaml
    80. 

  80.      (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
    81. 

  81.   3. Randomly generated secret password
    82. 

  82.      (A new random secret password with the length specified in the 'length' parameter will be generated and returned)
    83. 

  83. 

  84. */}}
    85. 

  85. {{- define "common.secrets.passwords.manage" -}}
    86. 

  86. 

  87. {{- $password := "" }}
    88. 

  88. {{- $subchart := "" }}
    89. 

  89. {{- $chartName := default "" .chartName }}
    90. 

  90. {{- $passwordLength := default 10 .length }}
    91. 

  91. {{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
    92. 

  92. {{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
    93. 

  93. {{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }}
    94. 

  94. {{- if $secretData }}
    95. 

  95.   {{- if hasKey $secretData .key }}
    96. 

  96.     {{- $password = index $secretData .key }}
    97. 

  97.   {{- else }}
    98. 

  98.     {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
    99. 

  99.   {{- end -}}
    100. 

  100. {{- else if $providedPasswordValue }}
    101. 

  101.   {{- $password = $providedPasswordValue | toString | b64enc | quote }}
    102. 

  102. {{- else }}
    103. 

  103. 

  104.   {{- if .context.Values.enabled }}
    105. 

  105.     {{- $subchart = $chartName }}
    106. 

  106.   {{- end -}}
    107. 

  107. 

  108.   {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
    109. 

  109.   {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
    110. 

  110.   {{- $passwordValidationErrors := list $requiredPasswordError -}}
    111. 

  111.   {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
    112. 

  112. 

  113.   {{- if .strong }}
    114. 

  114.     {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
    115. 

  115.     {{- $password = randAscii $passwordLength }}
    116. 

  116.     {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
    117. 

  117.     {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
    118. 

  118.   {{- else }}
    119. 

  119.     {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
    120. 

  120.   {{- end }}
    121. 

  121. {{- end -}}
    122. 

  122. {{- printf "%s" $password -}}
    123. 

  123. {{- end -}}
    124. 

  124. 

  125. {{/*
    126. 

  126. Returns whether a previous generated secret already exists
    127. 

  127. 

  128. Usage:
    129. 

  129. {{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
    130. 

  130. 

  131. Params:
    132. 

  132.   - secret - String - Required - Name of the 'Secret' resource where the password is stored.
    133. 

  133.   - context - Context - Required - Parent context.
    134. 

  134. */}}
    135. 

  135. {{- define "common.secrets.exists" -}}
    136. 

  136. {{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }}
    137. 

  137. {{- if $secret }}
    138. 

  138.   {{- true -}}
    139. 

  139. {{- end -}}
    140. 

  140. {{- end -}}
    141.