From 470f70461a77dc41d01f0ac17a4d7c6a46b0e1a0 Mon Sep 17 00:00:00 2001 From: bogdan Date: Thu, 20 Feb 2025 16:28:38 +0100 Subject: [PATCH] feat: allow usage of existing secret for preshared keys --- charts/openfga/templates/deployment.yaml | 6 ++++++ charts/openfga/values.schema.json | 7 +++++++ charts/openfga/values.yaml | 4 ++++ 3 files changed, 17 insertions(+) diff --git a/charts/openfga/templates/deployment.yaml b/charts/openfga/templates/deployment.yaml index ef18b1b..9248102 100644 --- a/charts/openfga/templates/deployment.yaml +++ b/charts/openfga/templates/deployment.yaml @@ -246,6 +246,12 @@ spec: {{- if .Values.authn.preshared.keys }} - name: OPENFGA_AUTHN_PRESHARED_KEYS value: "{{ join "," .Values.authn.preshared.keys }}" + {{- else if .Values.authn.preshared.keysSecret }} + - name: OPENFGA_AUTHN_PRESHARED_KEYS + valueFrom: + secretKeyRef: + name: "{{ .Values.authn.preshared.keysSecret }}" + key: "presharedKeys" {{- end }} {{- if .Values.authn.oidc.audience }} diff --git a/charts/openfga/values.schema.json b/charts/openfga/values.schema.json index c6b2b44..6aea733 100644 --- a/charts/openfga/values.schema.json +++ b/charts/openfga/values.schema.json @@ -506,6 +506,13 @@ "type": "string", "minItems": 1 } + }, + "keysSecret": { + "type": [ + "string", + "null" + ], + "description": "the secret name where to get the preshared keys, it expects a key named 'presharedKeys' to exist in the secret containing a comma-separated list of keys" } } }, diff --git a/charts/openfga/values.yaml b/charts/openfga/values.yaml index abe324a..c96fc45 100644 --- a/charts/openfga/values.yaml +++ b/charts/openfga/values.yaml @@ -242,7 +242,11 @@ http: authn: method: preshared: + # Specify a list of preshared keys directly: keys: [] + # Or reference a secret that contains a list of preshared keys: + # Secret should have a "presharedKeys" key + # keysSecret: "my-preshared-keys-secret" oidc: audience: issuer: