fix(secret): enforce basic auth credentials

This patch remove generation of a random string for the username and password of the basic auth credentials. The problem with the random generated basic auth credentials is, that this leads to a new shasum of the secret. GitOps tools like ArgoCD detects a drift trigger a rolling update. To avoid this must now the basic auth credentials be defined to enable prometheus metrics.
2025-10-22 17:14:53 +02:00
parent d2c329e1be
commit d790cd3ec4
6 changed files with 39 additions and 15 deletions
--- a/unittests/secrets/basicAuth.yaml
+++ b/unittests/secrets/basicAuth.yaml
@@ -13,9 +13,29 @@ tests:
  - hasDocuments:
      count: 0

+- it: Throw error for missing basic auth password
+  set:
+    prometheus.metrics.enabled: true
+    # prometheus.metrics.secret.new.basicAuthPassword: "my-password"
+    prometheus.metrics.secret.new.basicAuthUsername: "my-username"
+  asserts:
+    - failedTemplate:
+        errorMessage: "Password for basic auth is required!"
+
+- it: Throw error for missing basic auth username
+  set:
+    prometheus.metrics.enabled: true
+    prometheus.metrics.secret.new.basicAuthPassword: "my-password"
+    # prometheus.metrics.secret.new.basicAuthUsername: "my-username"
+  asserts:
+    - failedTemplate:
+        errorMessage: "Username for basic auth is required!"
+
 - it: Rendering secret with default values.
  set:
    prometheus.metrics.enabled: true
+    prometheus.metrics.secret.new.basicAuthPassword: "my-password"
+    prometheus.metrics.secret.new.basicAuthUsername: "my-username"
  asserts:
  - hasDocuments:
      count: 1
@@ -51,13 +71,13 @@ tests:
  asserts:
  - hasDocuments:
      count: 1
-  - exists:
+  - isSubset:
      path: metadata.annotations
-      value:
+      content:
        foo: bar
-  - exists:
+  - isSubset:
      path: metadata.labels
-      value:
+      content:
        bar: foo
  - equal:
      path: metadata.name