forked from suse-edge/Factory
63 lines
3.0 KiB
YAML
63 lines
3.0 KiB
YAML
{{- if .Values.global.enable_basicAuth }}
|
|
|
|
{{- $ironicUsername := "" -}}
|
|
{{- $ironicPassword := "" -}}
|
|
{{- $ironicSecretName := "ironic-basic-auth" -}}
|
|
|
|
# Check if the secret is deployed and has a password
|
|
{{- $oldIronicSecret := lookup "v1" "Secret" .Release.Namespace $ironicSecretName }}
|
|
{{- if and $oldIronicSecret (index $oldIronicSecret.data "username") (index $oldIronicSecret.data "password") }}
|
|
{{- $ironicUsername = b64dec (index $oldIronicSecret.data "username" | toString) -}}
|
|
{{- $ironicPassword = b64dec (index $oldIronicSecret.data "password" | toString) -}}
|
|
# If not, check if a username and password are provided in values.yaml
|
|
{{- else if and (.Values.global.auth.ironicUsername) (.Values.global.auth.ironicPassword) }}
|
|
{{- $ironicUsername = .Values.global.auth.ironicUsername -}}
|
|
{{- $ironicPassword = .Values.global.auth.ironicPassword -}}
|
|
{{- else }}
|
|
# If no username and password are provided in values.yaml, generate new ones
|
|
{{- $ironicUsername = "ironic" -}}
|
|
{{- $ironicPassword = (randAlphaNum 20) -}}
|
|
{{- end }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ $ironicSecretName }}
|
|
type: Opaque
|
|
data:
|
|
username: {{ $ironicUsername | b64enc }}
|
|
password: {{ $ironicPassword | b64enc }}
|
|
htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
|
|
auth-config: |
|
|
{{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
|
|
---
|
|
{{- $ironicInspectorUsername := "" -}}
|
|
{{- $ironicInspectorPassword := "" -}}
|
|
{{- $inspectorSecretName := "ironic-inspector-basic-auth" -}}
|
|
|
|
# Check if the secret is deployed and has a password
|
|
{{- $oldInspectorSecret := lookup "v1" "Secret" .Release.Namespace $inspectorSecretName }}
|
|
{{- if and $oldInspectorSecret (index $oldInspectorSecret.data "username") (index $oldInspectorSecret.data "password") }}
|
|
{{- $ironicInspectorUsername = b64dec (index $oldInspectorSecret.data "username" | toString) -}}
|
|
{{- $ironicInspectorPassword = b64dec (index $oldInspectorSecret.data "password" | toString) -}}
|
|
# If not, check if a username and password are provided in values.yaml
|
|
{{- else if and (.Values.global.auth.ironicInspectorUsername) (.Values.global.auth.ironicInspectorPassword) }}
|
|
{{- $ironicInspectorUsername = .Values.global.auth.ironicInspectorUsername -}}
|
|
{{- $ironicInspectorPassword = .Values.global.auth.ironicInspectorPassword -}}
|
|
{{- else }}
|
|
# If no username and password are provided in values.yaml, generate new ones
|
|
{{- $ironicInspectorUsername = "ironic" -}}
|
|
{{- $ironicInspectorPassword = (randAlphaNum 20) -}}
|
|
{{- end }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ $inspectorSecretName }}
|
|
type: Opaque
|
|
data:
|
|
username: {{ $ironicInspectorUsername | b64enc }}
|
|
password: {{ $ironicInspectorPassword | b64enc }}
|
|
htpasswd: {{ b64enc (htpasswd $ironicInspectorUsername $ironicInspectorPassword) }}
|
|
auth-config: |
|
|
{{- printf "[inspector]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicInspectorUsername $ironicInspectorPassword | b64enc | nindent 4 }}
|
|
{{- end }}
|