From 5a516ea6e3b50dac31d2053bdcbd6e8c7596b0f2 Mon Sep 17 00:00:00 2001
From: Itay Grudev <itay.grudev@essentim.com>
Date: Thu, 28 Mar 2024 02:09:50 +0200
Subject: [PATCH] feat(cluster): allow using existing secret for backup and
 restore

Co-authored-by: Ben Scholzen (DASPRiD) <mail@dasprids.de>
Signed-off-by: Itay Grudev <itay.grudev@essentim.com>
---
 charts/cluster/templates/_barman_object_store.tpl   | 13 ++++++++-----
 charts/cluster/templates/backup-azure-creds.yaml    |  4 ++--
 charts/cluster/templates/backup-google-creds.yaml   |  4 ++--
 charts/cluster/templates/backup-s3-creds.yaml       |  4 ++--
 charts/cluster/templates/recovery-azure-creds.yaml  |  4 ++--
 charts/cluster/templates/recovery-google-creds.yaml |  4 ++--
 charts/cluster/templates/recovery-s3-creds.yaml     |  4 ++--
 charts/cluster/values.yaml                          | 10 ++++++++++
 8 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/charts/cluster/templates/_barman_object_store.tpl b/charts/cluster/templates/_barman_object_store.tpl
index fb267ea07..1f3ae60ba 100644
--- a/charts/cluster/templates/_barman_object_store.tpl
+++ b/charts/cluster/templates/_barman_object_store.tpl
@@ -21,25 +21,27 @@
   {{- if empty .scope.destinationPath -}}
   {{ "  destinationPath: \"s3://" }}{{ required "You need to specify S3 bucket if destinationPath is not specified." .scope.s3.bucket }}{{ .scope.s3.path }}"
   {{- end }}
+  {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-s3-creds" .chartFullname .secretSuffix) -}}
   s3Credentials:
     accessKeyId:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-s3-creds
+      name: {{ $secretName }}
       key: ACCESS_KEY_ID
     secretAccessKey:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-s3-creds
+      name: {{ $secretName }}
       key: ACCESS_SECRET_KEY
 {{- else if eq .scope.provider "azure" }}
   {{- if empty .scope.destinationPath -}}
   {{ "  destinationPath: \"https://" }}{{ required "You need to specify Azure storageAccount if destinationPath is not specified." .scope.azure.storageAccount }}.{{ .scope.azure.serviceName }}.core.windows.net/{{ .scope.azure.containerName }}{{ .scope.azure.path }}"
   {{- end }}
+  {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-azure-creds" .chartFullname .secretSuffix) -}}
   azureCredentials:
   {{- if .scope.azure.connectionString }}
     connectionString:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-azure-creds
+      name: {{ $secretName }}
       key: AZURE_CONNECTION_STRING
   {{- else }}
     storageAccount:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-azure-creds
+      name: {{ $secretName }}
       key: AZURE_STORAGE_ACCOUNT
     {{- if .scope.azure.storageKey }}
     storageKey:
@@ -55,10 +57,11 @@
   {{- if empty .scope.destinationPath -}}
   {{ "  destinationPath: \"gs://" }}{{ required "You need to specify Google storage bucket if destinationPath is not specified." .scope.google.bucket }}{{ .scope.google.path }}"
   {{- end }}
+  {{- $secretName := coalesce .scope.secret.name (printf "%s-%s-google-creds" .chartFullname .secretSuffix) -}}
   googleCredentials:
     gkeEnvironment: {{ .scope.google.gkeEnvironment }}
     applicationCredentials:
-      name: {{ .chartFullname }}-{{ .secretPrefix }}-google-creds
+      name: {{ $secretName }}
       key: APPLICATION_CREDENTIALS
 {{- end -}}
 {{- end -}}
diff --git a/charts/cluster/templates/backup-azure-creds.yaml b/charts/cluster/templates/backup-azure-creds.yaml
index 206947f43..6c84308dd 100644
--- a/charts/cluster/templates/backup-azure-creds.yaml
+++ b/charts/cluster/templates/backup-azure-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "azure") }}
+{{- if and .Values.backups.enabled (eq .Values.backups.provider "azure") .Values.backups.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-backup-azure-creds
+  name: {{ default (printf "%s-backup-azure-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
   AZURE_CONNECTION_STRING: {{ .Values.backups.azure.connectionString | b64enc | quote }}
   AZURE_STORAGE_ACCOUNT: {{ .Values.backups.azure.storageAccount | b64enc | quote }}
diff --git a/charts/cluster/templates/backup-google-creds.yaml b/charts/cluster/templates/backup-google-creds.yaml
index 48b89db02..cc05c4c59 100644
--- a/charts/cluster/templates/backup-google-creds.yaml
+++ b/charts/cluster/templates/backup-google-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "google") }}
+{{- if and .Values.backups.enabled (eq .Values.backups.provider "google") .Values.backups.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-backup-google-creds
+  name: {{ default (printf "%s-backup-google-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
   APPLICATION_CREDENTIALS: {{ .Values.backups.google.applicationCredentials | b64enc | quote }}
 {{- end }}
diff --git a/charts/cluster/templates/backup-s3-creds.yaml b/charts/cluster/templates/backup-s3-creds.yaml
index b906d2453..ddd8e2717 100644
--- a/charts/cluster/templates/backup-s3-creds.yaml
+++ b/charts/cluster/templates/backup-s3-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") }}
+{{- if and .Values.backups.enabled (eq .Values.backups.provider "s3") .Values.backups.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-backup-s3-creds
+  name: {{ default (printf "%s-backup-s3-creds" (include "cluster.fullname" .)) .Values.backups.secret.name }}
 data:
   ACCESS_KEY_ID: {{ required ".Values.backups.s3.accessKey is required, but not specified." .Values.backups.s3.accessKey | b64enc | quote }}
   ACCESS_SECRET_KEY: {{ required ".Values.backups.s3.secretKey is required, but not specified." .Values.backups.s3.secretKey | b64enc | quote }}
diff --git a/charts/cluster/templates/recovery-azure-creds.yaml b/charts/cluster/templates/recovery-azure-creds.yaml
index 3bd629a07..9fb707651 100644
--- a/charts/cluster/templates/recovery-azure-creds.yaml
+++ b/charts/cluster/templates/recovery-azure-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "azure") }}
+{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "azure") .Values.recovery.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-recovery-azure-creds
+  name: {{ default (printf "%s-recovery-azure-creds" (include "cluster.fullname" .)) .Values.recovery.secret.name }}
 data:
   AZURE_CONNECTION_STRING: {{ .Values.recovery.azure.connectionString | b64enc | quote }}
   AZURE_STORAGE_ACCOUNT: {{ .Values.recovery.azure.storageAccount | b64enc | quote }}
diff --git a/charts/cluster/templates/recovery-google-creds.yaml b/charts/cluster/templates/recovery-google-creds.yaml
index 34313c11e..e7366ec4c 100644
--- a/charts/cluster/templates/recovery-google-creds.yaml
+++ b/charts/cluster/templates/recovery-google-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "google") }}
+{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "google") .Values.recovery.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-recovery-google-creds
+  name: {{ default (printf "%s-recovery-google-creds" (include "cluster.fullname" .)) .Values.recovery.secret.name }}
 data:
   APPLICATION_CREDENTIALS: {{ .Values.recovery.google.applicationCredentials | b64enc | quote }}
 {{- end }}
diff --git a/charts/cluster/templates/recovery-s3-creds.yaml b/charts/cluster/templates/recovery-s3-creds.yaml
index c13ebb81c..950c74c4b 100644
--- a/charts/cluster/templates/recovery-s3-creds.yaml
+++ b/charts/cluster/templates/recovery-s3-creds.yaml
@@ -1,8 +1,8 @@
-{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "s3") }}
+{{- if and (eq .Values.mode "recovery" ) (eq .Values.recovery.method "object_store") (eq .Values.recovery.provider "s3") .Values.recovery.secret.create }}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "cluster.fullname" . }}-recovery-s3-creds
+  name: {{ default (printf "%s-recovery-s3-creds" (include "cluster.fullname" .)) .Values.recovery.secret.name }}
 data:
   ACCESS_KEY_ID: {{ required ".Values.recovery.s3.accessKey is required, but not specified." .Values.recovery.s3.accessKey | b64enc | quote }}
   ACCESS_SECRET_KEY: {{ required ".Values.recovery.s3.secretKey is required, but not specified." .Values.recovery.s3.secretKey | b64enc | quote }}
diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml
index bff9d2202..b25202637 100644
--- a/charts/cluster/values.yaml
+++ b/charts/cluster/values.yaml
@@ -75,6 +75,11 @@ recovery:
     bucket: ""
     gkeEnvironment: false
     applicationCredentials: ""
+  secret:
+    # -- Whether to create a secret for the backup credentials
+    create: true
+    # -- Name of the backup credentials secret
+    name: ""
 
 
 cluster:
@@ -229,6 +234,11 @@ backups:
     bucket: ""
     gkeEnvironment: false
     applicationCredentials: ""
+  secret:
+    # -- Whether to create a secret for the backup credentials
+    create: true
+    # -- Name of the backup credentials secret
+    name: ""
 
   wal:
     # -- WAL compression method. One of `` (for no compression), `gzip`, `bzip2` or `snappy`.