ci: let helm diff show secrets

jupyterhub · Jan 21, 2021 · fc3f27e · fc3f27e
1 parent 78b6d75
commit fc3f27e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 18 deletions.
diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml
@@ -196,6 +196,7 @@ jobs:
           echo
 
           helm diff upgrade --install jupyterhub ./jupyterhub --values dev-config.yaml \
+              --show-secrets \
               --context=3 \
               --post-renderer=ci/string-replacer.sh
 

diff --git a/jupyterhub/templates/hub/_helpers-passwords.tpl b/jupyterhub/templates/hub/_helpers-passwords.tpl
@@ -10,11 +10,9 @@
     {{- if .Values.proxy.secretToken }}
         {{- .Values.proxy.secretToken }}
     {{- else }}
-        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace "hub-secret" }}
-        {{- if $k8s_state }}
-            {{- with index $k8s_state "JupyterHub.proxy_auth_token" }}
-                {{- . }}
-            {{- end }}
+        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub-secret.fullname" .) | default dict }}
+        {{- if and $k8s_state (hasKey $k8s_state "JupyterHub.proxy_auth_token") }}
+            {{- index $k8s_state "JupyterHub.proxy_auth_token" }}
         {{- else }}
             {{- randNumeric 32 }}
         {{- end }}
@@ -25,11 +23,9 @@
     {{- if .Values.hub.cookieSecret }}
         {{- .Values.hub.cookieSecret }}
     {{- else }}
-        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace "hub-secret" }}
-        {{- if $k8s_state }}
-            {{- with index $k8s_state "JupyterHub.cookie_secret" }}
-                {{- . }}
-            {{- end }}
+        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub-secret.fullname" .) | default dict }}
+        {{- if and $k8s_state (hasKey $k8s_state "JupyterHub.cookie_secret") }}
+            {{- index $k8s_state "JupyterHub.cookie_secret" }}
         {{- else }}
             {{- randNumeric 32 }}
         {{- end }}
@@ -40,11 +36,9 @@
     {{- if .Values.hub.config.CryptKeeper }}
         {{- .Values.hub.config.CryptKeeper.keys | join ";" }}
     {{- else }}
-        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace "hub-secret" }}
-        {{- if $k8s_state }}
-            {{- with index $k8s_state "CryptKeeper.keys" }}
-                {{- . }}
-            {{- end }}
+        {{- $k8s_state := lookup "v1" "Secret" .Release.Namespace (include "jupyterhub.hub-secret.fullname" .) | default dict }}
+        {{- if and $k8s_state (hasKey $k8s_state "CryptKeeper.keys") }}
+            {{- index $k8s_state "CryptKeeper.keys" }}
         {{- else }}
             {{- randNumeric 32 }}
         {{- end }}

diff --git a/jupyterhub/templates/hub/secret.yaml b/jupyterhub/templates/hub/secret.yaml
@@ -16,9 +16,9 @@ data:
   values.yaml: {{ $values | toYaml | b64enc | quote }}
 
   # Used to mount CONFIGPROXY_AUTH_TOKEN on hub/proxy pods for mutual trust
-  JupyterHub.proxy_auth_token: {{ include "jupyterhub.config.JupyterHub.proxy_auth_token" . | required "assert hack" | b64enc | quote }}
-  JupyterHub.cookie_secret: {{ include "jupyterhub.config.JupyterHub.cookie_secret" . | required "assert hack" | b64enc | quote }}
-  CryptKeeper.keys: {{ include "jupyterhub.config.CryptKeeper.keys" . | required "assert hack" | b64enc | quote }}
+  JupyterHub.proxy_auth_token: {{ include "jupyterhub.config.JupyterHub.proxy_auth_token" . | required "assert hack 1" | b64enc | quote }}
+  JupyterHub.cookie_secret: {{ include "jupyterhub.config.JupyterHub.cookie_secret" . | required "assert hack 2" | b64enc | quote }}
+  CryptKeeper.keys: {{ include "jupyterhub.config.CryptKeeper.keys" . | required "assert hack 3" | b64enc | quote }}
 
   {{- with .Values.hub.db.password }}
   # Used to mount MYSQL_PWD or PGPASSWORD on hub pod