From 728199127b5081a0b10be49404b626b82e4c9d41 Mon Sep 17 00:00:00 2001 From: Katie Date: Fri, 6 Dec 2024 11:20:36 -0600 Subject: [PATCH] External secret for email password (#426) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Léo Colombaro --- charts/netbox/Chart.yaml | 2 +- charts/netbox/templates/_helpers.tpl | 11 +++++++++++ charts/netbox/templates/cronjob.yaml | 7 +++++-- charts/netbox/templates/deployment.yaml | 7 +++++-- charts/netbox/templates/secret.yaml | 2 ++ charts/netbox/templates/worker/deployment.yaml | 7 +++++-- charts/netbox/values.yaml | 2 ++ 7 files changed, 31 insertions(+), 7 deletions(-) diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml index 2abb9305..d9732103 100644 --- a/charts/netbox/Chart.yaml +++ b/charts/netbox/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: netbox -version: 5.0.0-beta.157 +version: 5.0.0-beta.158 appVersion: "v4.1.7" type: application kubeVersion: ^1.25.0-0 diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index 97dc64cb..fa90f9f9 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -25,6 +25,17 @@ Create the name of the service account to use {{- end }} {{- end }} +{{/* +Name of the key in Secret that contains the email password +*/}} +{{- define "netbox.email.secretKey" -}} + {{- if .Values.email.existingSecretName -}} + {{- .Values.email.existingSecretKey -}} + {{- else -}} + email_password + {{- end -}} +{{- end }} + {{/* Name of the Secret that contains the PostgreSQL password */}} diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml index 7fdb8875..6db4c33e 100644 --- a/charts/netbox/templates/cronjob.yaml +++ b/charts/netbox/templates/cronjob.yaml @@ -128,14 +128,17 @@ spec: - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} items: - - key: email_password - path: email_password - key: secret_key path: secret_key {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - key: ldap_bind_password path: ldap_bind_password {{- end }} + - secret: + name: {{ include "common.secrets.name" (dict "existingSecret" (default .Values.email.existingSecretName .Values.existingSecret) "defaultNameSuffix" "config" "context" $) }} + items: + - key: {{ include "netbox.email.secretKey" . | quote }} + path: email_password - secret: name: {{ include "netbox.postgresql.secret" . | quote }} items: diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml index 43fd09a3..28c40d58 100644 --- a/charts/netbox/templates/deployment.yaml +++ b/charts/netbox/templates/deployment.yaml @@ -224,14 +224,17 @@ spec: - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} items: - - key: email_password - path: email_password - key: secret_key path: secret_key {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - key: ldap_bind_password path: ldap_bind_password {{- end }} + - secret: + name: {{ include "common.secrets.name" (dict "existingSecret" (default .Values.email.existingSecretName .Values.existingSecret) "defaultNameSuffix" "config" "context" $) }} + items: + - key: {{ include "netbox.email.secretKey" . | quote }} + path: email_password - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.superuser.existingSecret "defaultNameSuffix" "superuser" "context" $) }} items: diff --git a/charts/netbox/templates/secret.yaml b/charts/netbox/templates/secret.yaml index 75f32441..5b361fd0 100644 --- a/charts/netbox/templates/secret.yaml +++ b/charts/netbox/templates/secret.yaml @@ -11,7 +11,9 @@ metadata: {{- end }} type: Opaque data: + {{- if not .Values.email.existingSecretName }} email_password: {{ .Values.email.password | b64enc | quote }} + {{- end }} secret_key: {{ .Values.secretKey | default (randAscii 60) | b64enc | quote }} {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} ldap_bind_password: {{ .Values.remoteAuth.ldap.bindPassword | b64enc | quote }} diff --git a/charts/netbox/templates/worker/deployment.yaml b/charts/netbox/templates/worker/deployment.yaml index 5f6886a2..3dcf1f19 100644 --- a/charts/netbox/templates/worker/deployment.yaml +++ b/charts/netbox/templates/worker/deployment.yaml @@ -132,14 +132,17 @@ spec: - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "defaultNameSuffix" "config" "context" $) }} items: - - key: email_password - path: email_password - key: secret_key path: secret_key {{- if has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends }} - key: ldap_bind_password path: ldap_bind_password {{- end }} + - secret: + name: {{ include "common.secrets.name" (dict "existingSecret" (default .Values.email.existingSecretName .Values.existingSecret) "defaultNameSuffix" "config" "context" $) }} + items: + - key: {{ include "netbox.email.secretKey" . | quote }} + path: email_password - secret: name: {{ include "common.secrets.name" (dict "existingSecret" .Values.superuser.existingSecret "defaultNameSuffix" "superuser" "context" $) }} items: diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index b4e1e091..7e18f43f 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -222,6 +222,8 @@ email: # Timeout in seconds timeout: 10 from: "" + existingSecretName: "" + existingSecretKey: email-password # Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce # unique IP space within the global table (all prefixes and IP addresses not