[bitnami/rabbitmq] Use common password manager to handle credentials

Signed-off-by: Léo Colombaro <[email protected]>
bitnami · Sep 25, 2024 · 1cfeea5 · 1cfeea5
1 parent 4d4155e
commit 1cfeea5
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 53 deletions.
diff --git a/bitnami/rabbitmq/Chart.yaml b/bitnami/rabbitmq/Chart.yaml
@@ -30,4 +30,4 @@ maintainers:
 name: rabbitmq
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
-version: 15.0.0
+version: 15.0.1
diff --git a/bitnami/rabbitmq/templates/_helpers.tpl b/bitnami/rabbitmq/templates/_helpers.tpl
@@ -59,17 +59,6 @@ Get the password key to be retrieved from RabbitMQ secret.
     {{- end -}}
 {{- end -}}
 
-{{/*
-Return RabbitMQ password
-*/}}
-{{- define "rabbitmq.password" -}}
-    {{- if not (empty .Values.auth.password) -}}
-        {{- .Values.auth.password -}}
-    {{- else -}}
-        {{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (include "rabbitmq.secretPasswordName" .) "Length" 16 "Key" (include "rabbitmq.secretPasswordKey" .))  -}}
-    {{- end -}}
-{{- end }}
-
 {{/*
 Get the erlang secret.
 */}}
@@ -92,17 +81,6 @@ Get the erlang cookie key to be retrieved from RabbitMQ secret.
     {{- end -}}
 {{- end -}}
 
-{{/*
-Return RabbitMQ erlang cookie secret
-*/}}
-{{- define "rabbitmq.erlangCookie" -}}
-    {{- if not (empty .Values.auth.erlangCookie) -}}
-        {{- .Values.auth.erlangCookie -}}
-    {{- else -}}
-        {{- include "getValueFromSecret" (dict "Namespace" (include "common.names.namespace" .) "Name" (include "rabbitmq.secretErlangName" .) "Length" 32 "Key" (include "rabbitmq.secretErlangKey" .))  -}}
-    {{- end -}}
-{{- end }}
-
 {{/*
 Get the TLS secret.
 */}}
@@ -282,38 +260,13 @@ Get the initialization scripts volume name.
 {{- printf "%s-init-scripts" (include "common.names.fullname" .) -}}
 {{- end -}}
 
-{{/*
-Returns the available value for certain key in an existing secret (if it exists),
-otherwise it generates a random value.
-*/}}
-{{- define "getValueFromSecret" }}
-    {{- $len := (default 16 .Length) | int -}}
-    {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
-    {{- if $obj }}
-        {{- index $obj .Key | trimAll "\"" | b64dec -}}
-    {{- else -}}
-        {{- randAlphaNum $len -}}
-    {{- end -}}
-{{- end }}
-
 {{/*
 Get the extraConfigurationExistingSecret secret.
 */}}
 {{- define "rabbitmq.extraConfiguration" -}}
 {{- if not (empty .Values.extraConfigurationExistingSecret) -}}
-    {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" .Values.extraConfigurationExistingSecret "Length" 10 "Key" "extraConfiguration")  -}}
+    {{- include "common.secrets.lookup" (dict "secret" .Values.extraConfigurationExistingSecret "key" "extraConfiguration" "context" $) | b64dec -}}
 {{- else -}}
     {{- tpl .Values.extraConfiguration . -}}
 {{- end -}}
 {{- end -}}
-
-{{/*
-Get the TLS.sslOptions.Password secret.
-*/}}
-{{- define "rabbitmq.tlsSslOptionsPassword" -}}
-{{- if not (empty .Values.auth.tls.sslOptionsPassword.password) -}}
-    {{- .Values.auth.tls.sslOptionsPassword.password -}}
-{{- else -}}
-    {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" .Values.auth.tls.sslOptionsPassword.existingSecret "Length" 10 "Key" .Values.auth.tls.sslOptionsPassword.key)  -}}
-{{- end -}}
-{{- end -}}
diff --git a/bitnami/rabbitmq/templates/secrets.yaml b/bitnami/rabbitmq/templates/secrets.yaml
@@ -6,8 +6,8 @@ SPDX-License-Identifier: APACHE-2.0
 {{- $host := printf "%s.%s.svc.%s" (include "common.names.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
 {{- $port := print .Values.service.ports.amqp }}
 {{- $user := print .Values.auth.username }}
-{{- $password := include "rabbitmq.password" . }}
-{{- $erlangCookie := include "rabbitmq.erlangCookie" . }}
+{{- $password := include "common.secrets.passwords.manage" (dict "secret" (include "rabbitmq.secretPasswordName" .) "key" (include "rabbitmq.secretPasswordKey" .) "length" 16 "providedValues" (list "auth.password") "skipB64enc" true "skipQuote" false "context" $) }}
+{{- $erlangCookie := include "common.secrets.passwords.manage" (dict "secret" (include "rabbitmq.secretErlangName" .) "key" (include "rabbitmq.secretErlangKey" .) "length" 32 "failOnNew" false "providedValues" (list "auth.erlangCookie") "context" $) }}
 {{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) }}
 apiVersion: v1
 kind: Secret
@@ -24,7 +24,7 @@ data:
   rabbitmq-password: {{ print $password | b64enc | quote }}
   {{- end }}
   {{- if (not .Values.auth.existingErlangSecret ) }}
-  rabbitmq-erlang-cookie: {{ print $erlangCookie | b64enc | quote }}
+  rabbitmq-erlang-cookie: {{ print $erlangCookie }}
   {{- end }}
 {{- end }}
 {{- range $key, $value := .Values.extraSecrets }}

diff --git a/bitnami/rabbitmq/values.yaml b/bitnami/rabbitmq/values.yaml
@@ -438,7 +438,7 @@ configuration: |-
   ssl_options.certfile = /opt/bitnami/rabbitmq/certs/server_certificate.pem
   ssl_options.keyfile = /opt/bitnami/rabbitmq/certs/server_key.pem
   {{- if .Values.auth.tls.sslOptionsPassword.enabled }}
-  ssl_options.password = {{ template "rabbitmq.tlsSslOptionsPassword" . }}
+  ssl_options.password = {{ include "common.secrets.passwords.manage" (dict "secret" .Values.auth.tls.sslOptionsPassword.existingSecret "key" .Values.auth.tls.sslOptionsPassword.key "providedValues" (list "auth.tls.sslOptionsPassword.password") "failOnNew" false "context" $) }}
   {{- end }}
   {{- end }}
   {{- if .Values.ldap.enabled }}