From 21d9e490dc685308b048cfe6b7a68329da4e5142 Mon Sep 17 00:00:00 2001
From: Guilhem Lavaux <guilhem.lavaux@iap.fr>
Date: Sun, 8 Dec 2024 10:56:23 +0100
Subject: [PATCH] Preserve secrets

---
 templates/secrets.yaml | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/templates/secrets.yaml b/templates/secrets.yaml
index d629915..af0fb30 100644
--- a/templates/secrets.yaml
+++ b/templates/secrets.yaml
@@ -1,25 +1,34 @@
 {{- $webhook_secret := .Values.updater.webhook_secret }}
 {{- $apiUsername := .Values.updater.apiUsername }}
 {{- $apiPassword := .Values.updater.apiPassword }}
+{{- $secretName := printf "%s-webhook-secret" .Release.Namespace }}
+{{- $secretData := (lookup "v1" "Secret" .Release.Namespace $secretName).data }}
 
-{{- if not $webhook_secret }}
-{{- $webhook_secret = randAlphaNum 10 }}
-{{- end }}
-{{- if not $apiUsername}}
-{{- $apiUsername = randAlphaNum 10 }}
-{{- end }}
-{{- if not $apiPassword}}
-{{- $apiPassword = randAlphaNum 10 }}
-{{- end }}
+
+{{- if $secretData }}
+  {{- $webhook_secret = index $secretData "WEBHOOK_SECRET" | b64dec }}
+  {{- $apiUsername = index $secretData "API_USERNAME" | b64dec }}
+  {{- $apiPassword = index $secretData "API_PASSWORD" | b64dec }}
+{{- else }}
+  {{- if not $webhook_secret }}
+  {{- $webhook_secret = randAlphaNum 10 }}
+  {{- end }}
+  {{- if not $apiUsername}}
+  {{- $apiUsername = randAlphaNum 10 }}
+  {{- end }}
+  {{- if not $apiPassword}}
+  {{- $apiPassword = randAlphaNum 10 }}
+  {{- end }}
+{{- end}}
 
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Release.Name }}-webhook-secret
+  name: {{ $secretName }}
   namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
   WEBHOOK_SECRET: {{ $webhook_secret | b64enc }}
   API_USERNAME: {{ $apiUsername | b64enc }}
   API_PASSWORD: {{ $apiPassword | b64enc }}
-  SCRIPT_NAME: {{ "/.webhook" | b64enc }}
\ No newline at end of file
+  SCRIPT_NAME: {{ "/.webhook" | b64enc }}