feat: expose username and password environment variables

openfga · Jun 12, 2024 · 8f60577 · 8f60577
1 parent eed5562
commit 8f60577
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 2 deletions.
diff --git a/charts/openfga/templates/deployment.yaml b/charts/openfga/templates/deployment.yaml
@@ -96,6 +96,28 @@ spec:
                   key: "uri"
             {{- end }}
 
+            {{- if .Values.datastore.username }}
+            - name: OPENFGA_DATASTORE_USERNAME
+              value: "{{ .Values.datastore.username }}"
+            {{- else if .Values.datastore.credentialsSecret }}
+            - name: OPENFGA_DATASTORE_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.datastore.credentialsSecret }}"
+                  key: "{{ .Values.datastore.credentialsSecretUsernameKey }}"
+            {{- end }}
+
+            {{- if .Values.datastore.password }}
+            - name: OPENFGA_DATASTORE_PASSWORD
+              value: "{{ .Values.datastore.password }}"
+            {{- else if .Values.datastore.credentialsSecret }}
+            - name: OPENFGA_DATASTORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.datastore.credentialsSecret }}"
+                  key: "{{ .Values.datastore.credentialsSecretPasswordKey }}"
+            {{- end }}
+
             {{- if .Values.datastore.maxCacheSize }}
             - name: OPENFGA_DATASTORE_MAX_CACHE_SIZE
               value: "{{ .Values.datastore.maxCacheSize }}"

diff --git a/charts/openfga/templates/job.yaml b/charts/openfga/templates/job.yaml
@@ -52,6 +52,28 @@ spec:
                   key: "uri"
             {{- end }}
 
+            {{- if .Values.datastore.username }}
+            - name: OPENFGA_DATASTORE_USERNAME
+              value: "{{ .Values.datastore.username }}"
+            {{- else if .Values.datastore.credentialsSecret }}
+            - name: OPENFGA_DATASTORE_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.datastore.credentialsSecret }}"
+                  key: "{{ .Values.datastore.credentialsSecretUsernameKey }}"
+            {{- end }}
+
+            {{- if .Values.datastore.password }}
+            - name: OPENFGA_DATASTORE_PASSWORD
+              value: "{{ .Values.datastore.password }}"
+            {{- else if .Values.datastore.credentialsSecret }}
+            - name: OPENFGA_DATASTORE_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.datastore.credentialsSecret }}"
+                  key: "{{ .Values.datastore.credentialsSecretPasswordKey }}"
+            {{- end }}
+
             {{- if .Values.migrate.timeout }}
             - name: OPENFGA_TIMEOUT
               value: "{{ .Values.migrate.timeout }}"

diff --git a/charts/openfga/values.schema.json b/charts/openfga/values.schema.json
@@ -189,7 +189,7 @@
 			        },
 			        "additionalLabels": {
 			            "type": "object",
-			            "description": "additional labels to be added to the serivceMonitor resource",
+			            "description": "additional labels to be added to the serviceMonitor resource",
 			            "default": {}
 			        },
 			        "annotations": {
@@ -280,6 +280,41 @@
                     ],
                     "description": "the secret name where to get the datastore URI, it expects a key named uri to exist in the secret"
                 },
+                "username": {
+                    "type": [
+                        "string",
+                        "null"
+                    ],
+                    "description": "the connection username to connect to the datastore (overwrites any username provided in the connection uri)"
+                },
+                "password": {
+                    "type": [
+                        "string",
+                        "null"
+                    ],
+                    "description": "the connection password to connect to the datastore (overwrites any password provided in the connection uri)"
+                },
+                "credentialsSecret": {
+                    "type": [
+                        "string",
+                        "null"
+                    ],
+                    "description": "the secret name where to get the username and password for the datastore database"
+                },
+                "credentialsSecretUsernameKey": {
+                    "type": [
+                        "string"
+                    ],
+                    "description": "the key for the username in the credentialsSecret",
+                    "default": "username"
+                },
+                "credentialsSecretPasswordKey": {
+                    "type": [
+                        "string"
+                    ],
+                    "description": "the key for the password in the credentialsSecret",
+                    "default": "password"
+                },
                 "maxCacheSize": {
                     "type": [
                         "integer",

diff --git a/charts/openfga/values.yaml b/charts/openfga/values.yaml
@@ -129,7 +129,7 @@ telemetry:
       ##
       enabled: false
 
-      ## @param telemetry.metrics.serviceMonitor.additionalLabels additional labels to be added to the serivceMonitor resource
+      ## @param telemetry.metrics.serviceMonitor.additionalLabels additional labels to be added to the serviceMonitor resource
       ##
       additionalLabels: {}
 
@@ -190,6 +190,11 @@ datastore:
   engine: memory
   uri:
   uriSecret:
+  username:
+  password:
+  credentialsSecret:
+  credentialsSecretUsernameKey: username
+  credentialsSecretPasswordKey: password
   maxCacheSize:
   maxOpenConns:
   maxIdleConns: