From 473c8d182d615275dce91dde7874e4c8572f6073 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Thu, 5 Jan 2023 19:00:26 +0000
Subject: [PATCH] fix(mastodon): Move some secrets to Kubernetes secrets

This patch replaces removes various variables from the configmap and
moves them to Kubernetes secrets to keep things organised.
---
 charts/mastodon/templates/configmap-env.yaml        | 10 ----------
 charts/mastodon/templates/deployment-streaming.yaml |  2 ++
 charts/mastodon/templates/secrets.yaml              | 13 +++++++++++++
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/charts/mastodon/templates/configmap-env.yaml b/charts/mastodon/templates/configmap-env.yaml
index b38e3fe68..7c94bb93a 100644
--- a/charts/mastodon/templates/configmap-env.yaml
+++ b/charts/mastodon/templates/configmap-env.yaml
@@ -78,9 +78,6 @@ data:
   {{- with .Values.mastodon.smtp.openssl_verify_mode }}
   SMTP_OPENSSL_VERIFY_MODE: {{ . }}
   {{- end }}
-  {{- with .Values.mastodon.smtp.password }}
-  SMTP_PASSWORD: {{ . }}
-  {{- end }}
   {{- with .Values.mastodon.smtp.port }}
   SMTP_PORT: {{ . | quote }}
   {{- end }}
@@ -105,7 +102,6 @@ data:
   OIDC_SCOPE: {{ .Values.externalAuth.oidc.scope | quote }}
   OIDC_UID_FIELD: {{ .Values.externalAuth.oidc.uid_field }}
   OIDC_CLIENT_ID: {{ .Values.externalAuth.oidc.client_id }}
-  OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
   OIDC_REDIRECT_URI: {{ .Values.externalAuth.oidc.redirect_uri }}
   OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED: {{ .Values.externalAuth.oidc.assume_email_is_verified | quote }}
   {{- with .Values.externalAuth.oidc.client_auth_method }}
@@ -172,9 +168,6 @@ data:
   {{- with .Values.externalAuth.saml.cert }}
   SAML_CERT: {{ . | quote }}
   {{- end }}
-  {{- with .Values.externalAuth.saml.private_key }}
-  SAML_PRIVATE_KEY: {{ . | quote }}
-  {{- end }}
   {{- with .Values.externalAuth.saml.want_assertion_signed }}
   SAML_SECURITY_WANT_ASSERTION_SIGNED: {{ . | quote }}
   {{- end }}
@@ -293,9 +286,6 @@ data:
   {{- with .Values.externalAuth.ldap.bind_on }}
   LDAP_BIND_ON: {{ . }}
   {{- end }}
-  {{- with .Values.externalAuth.ldap.password }}
-  LDAP_PASSWORD: {{ . }}
-  {{- end }}
   {{- with .Values.externalAuth.ldap.uid }}
   LDAP_UID: {{ . }}
   {{- end }}
diff --git a/charts/mastodon/templates/deployment-streaming.yaml b/charts/mastodon/templates/deployment-streaming.yaml
index dd804044c..bec303cf9 100644
--- a/charts/mastodon/templates/deployment-streaming.yaml
+++ b/charts/mastodon/templates/deployment-streaming.yaml
@@ -45,6 +45,8 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "mastodon.fullname" . }}-env
+            - secretRef:
+                name: {{ template "mastodon.secretName" . }}
           env:
             - name: "DB_PASS"
               valueFrom:
diff --git a/charts/mastodon/templates/secrets.yaml b/charts/mastodon/templates/secrets.yaml
index d1776ac59..0daf1b62d 100644
--- a/charts/mastodon/templates/secrets.yaml
+++ b/charts/mastodon/templates/secrets.yaml
@@ -40,4 +40,17 @@ data:
   password: "{{ .Values.postgresql.auth.password | b64enc }}"
   {{- end }}
   {{- end }}
+  {{- if .Values.externalAuth.oidc.enabled }}
+  OIDC_CLIENT_SECRET: {{ .Values.externalAuth.oidc.client_secret }}
+  {{- end }}
+  {{- if .Values.externalAuth.saml.enabled }}
+  {{- with .Values.externalAuth.saml.private_key }}
+  SAML_PRIVATE_KEY: {{ . | quote }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.externalAuth.ldap.enabled }}
+  {{- with .Values.externalAuth.ldap.password }}
+  LDAP_PASSWORD: {{ . }}
+  {{- end }}
+  {{- end }}
 {{- end }}
-- 
GitLab