From 9cd2903d16719d0fb447bb0692bc44daa092e0c2 Mon Sep 17 00:00:00 2001
From: Angelo Sleebos <angelo.sleebos@alliander.com>
Date: Mon, 16 Sep 2024 21:13:49 +0200
Subject: [PATCH 1/5] Allow keystore secret to be overwritten by sealedsecret.

Signed-off-by: Angelo Sleebos <angelo.sleebos@alliander.com>
---
 charts/gxf/templates/certificate-keystore-secret.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/charts/gxf/templates/certificate-keystore-secret.yaml b/charts/gxf/templates/certificate-keystore-secret.yaml
index 693231f..32b7a37 100644
--- a/charts/gxf/templates/certificate-keystore-secret.yaml
+++ b/charts/gxf/templates/certificate-keystore-secret.yaml
@@ -2,6 +2,8 @@ apiVersion: v1
 kind: Secret 
 metadata:
   name: {{ .Release.Name }}-keystore-password
+  annotations:
+    sealedsecrets.bitnami.com/managed: "true"
 type: Opaque
 data:
   keystore-password: {{ $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-keystore-password" .Release.Name) }}

From abe99858f2afee015b465738eac9f1c46025f3e7 Mon Sep 17 00:00:00 2001
From: Angelo Sleebos <angelo.sleebos@alliander.com>
Date: Mon, 16 Sep 2024 21:16:07 +0200
Subject: [PATCH 2/5] update gxf chart

Signed-off-by: Angelo Sleebos <angelo.sleebos@alliander.com>
---
 charts/gxf/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/gxf/Chart.yaml b/charts/gxf/Chart.yaml
index 9cab780..d4795b5 100644
--- a/charts/gxf/Chart.yaml
+++ b/charts/gxf/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: gxf
 description: Generic GXF Helm chart
-version: '1.8.1'
+version: '1.8.2'
 icon: https://artwork.lfenergy.org/projects/grid-exchange-fabric/abbrev/color/grid-exchange-fabric-abbrev-color.png
 maintainers:
   - name: OSGP

From 3b7c16d3583d4a254d6feef5f7bb22baced5637e Mon Sep 17 00:00:00 2001
From: Angelo Sleebos <angelo.sleebos@alliander.com>
Date: Tue, 17 Sep 2024 09:31:06 +0200
Subject: [PATCH 3/5] Add conditional support for annotation and optional
 existing keystore secret reference

Signed-off-by: Angelo Sleebos <angelo.sleebos@alliander.com>
---
 charts/gxf/templates/certificate-keystore-secret.yaml | 6 +++++-
 charts/gxf/templates/certificate.yaml                 | 2 +-
 charts/gxf/values.yaml                                | 3 +++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/charts/gxf/templates/certificate-keystore-secret.yaml b/charts/gxf/templates/certificate-keystore-secret.yaml
index 32b7a37..209f16b 100644
--- a/charts/gxf/templates/certificate-keystore-secret.yaml
+++ b/charts/gxf/templates/certificate-keystore-secret.yaml
@@ -1,9 +1,12 @@
+{{- if .Values.generateSecret -}}
 apiVersion: v1
-kind: Secret 
+kind: Secret
 metadata:
   name: {{ .Release.Name }}-keystore-password
   annotations:
+    {{- if .Values.sealedSecretsManaged }}
     sealedsecrets.bitnami.com/managed: "true"
+    {{- end }}
 type: Opaque
 data:
   keystore-password: {{ $secret := lookup "v1" "Secret" .Release.Namespace (printf "%s-keystore-password" .Release.Name) }}
@@ -12,3 +15,4 @@ data:
     {{- else -}}
       {{- randAlphaNum 32 | b64enc | quote -}}
     {{- end -}}
+{{- end }}
diff --git a/charts/gxf/templates/certificate.yaml b/charts/gxf/templates/certificate.yaml
index 53ae544..d69f8d0 100644
--- a/charts/gxf/templates/certificate.yaml
+++ b/charts/gxf/templates/certificate.yaml
@@ -33,7 +33,7 @@ spec:
     pkcs12:
       create: true
       passwordSecretRef:
-        name: {{ $.Release.Name }}-keystore-password
+        name: {{ $.Values.keystoreSecretName | default (printf "%s-keystore-password" $.Release.Name) }}
         key: keystore-password
 ---
 {{- end }}
diff --git a/charts/gxf/values.yaml b/charts/gxf/values.yaml
index eadb185..d1a38cb 100644
--- a/charts/gxf/values.yaml
+++ b/charts/gxf/values.yaml
@@ -114,3 +114,6 @@ certificates: []
   #   commonName: example.com
   #   dnsNames:
   #     - example.com
+generateSecret: true # Set to true if you want to generate a new secret  
+sealedSecretsManaged: false # Set to false if the annotation should not be added 
+keystoreSecretName: ""

From ae0a8a926d1d4ae888de30b674f1df46756b0760 Mon Sep 17 00:00:00 2001
From: Angelo Sleebos <angelo.sleebos@alliander.com>
Date: Tue, 17 Sep 2024 09:36:35 +0200
Subject: [PATCH 4/5] add keystore layer

Signed-off-by: Angelo Sleebos <angelo.sleebos@alliander.com>
---
 charts/gxf/templates/certificate-keystore-secret.yaml | 4 ++--
 charts/gxf/templates/certificate.yaml                 | 2 +-
 charts/gxf/values.yaml                                | 7 ++++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/charts/gxf/templates/certificate-keystore-secret.yaml b/charts/gxf/templates/certificate-keystore-secret.yaml
index 209f16b..867ff00 100644
--- a/charts/gxf/templates/certificate-keystore-secret.yaml
+++ b/charts/gxf/templates/certificate-keystore-secret.yaml
@@ -1,10 +1,10 @@
-{{- if .Values.generateSecret -}}
+{{- if .Values.keystore.generateSecret -}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: {{ .Release.Name }}-keystore-password
   annotations:
-    {{- if .Values.sealedSecretsManaged }}
+    {{- if .Values.keystore.managedBySealedSecrets }}
     sealedsecrets.bitnami.com/managed: "true"
     {{- end }}
 type: Opaque
diff --git a/charts/gxf/templates/certificate.yaml b/charts/gxf/templates/certificate.yaml
index d69f8d0..368d7ad 100644
--- a/charts/gxf/templates/certificate.yaml
+++ b/charts/gxf/templates/certificate.yaml
@@ -33,7 +33,7 @@ spec:
     pkcs12:
       create: true
       passwordSecretRef:
-        name: {{ $.Values.keystoreSecretName | default (printf "%s-keystore-password" $.Release.Name) }}
+        name: {{ $.Values.keystore.secretName | default (printf "%s-keystore-password" $.Release.Name) }}
         key: keystore-password
 ---
 {{- end }}
diff --git a/charts/gxf/values.yaml b/charts/gxf/values.yaml
index d1a38cb..30146fa 100644
--- a/charts/gxf/values.yaml
+++ b/charts/gxf/values.yaml
@@ -114,6 +114,7 @@ certificates: []
   #   commonName: example.com
   #   dnsNames:
   #     - example.com
-generateSecret: true # Set to true if you want to generate a new secret  
-sealedSecretsManaged: false # Set to false if the annotation should not be added 
-keystoreSecretName: ""
+keystore:
+  generateSecret: false # Set to true if you want to generate a new secret  
+  sealedSecretsManaged: false # Set to false if the annotation should not be added 
+  keystoreSecretName: ""

From 077a512bb74778064c9d466cfe3aceca2352fd1c Mon Sep 17 00:00:00 2001
From: Angelo Sleebos <angelo.sleebos@alliander.com>
Date: Tue, 17 Sep 2024 09:39:26 +0200
Subject: [PATCH 5/5] fix lint

Signed-off-by: Angelo Sleebos <angelo.sleebos@alliander.com>
---
 charts/gxf/values.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/gxf/values.yaml b/charts/gxf/values.yaml
index 30146fa..171d83f 100644
--- a/charts/gxf/values.yaml
+++ b/charts/gxf/values.yaml
@@ -115,6 +115,6 @@ certificates: []
   #   dnsNames:
   #     - example.com
 keystore:
-  generateSecret: false # Set to true if you want to generate a new secret  
-  sealedSecretsManaged: false # Set to false if the annotation should not be added 
+  generateSecret: false  # Set to true if you want to generate a new secret
+  sealedSecretsManaged: false  # Set to false if the annotation should not be added
   keystoreSecretName: ""