fix(secret): enforce basic auth credentials

This patch remove generation of a random string for the username and password of
the basic auth credentials.

The problem with the random generated basic auth credentials is, that this leads
to a new shasum of the secret. GitOps tools like ArgoCD detects a drift trigger
a rolling update.

To avoid this must now the basic auth credentials be defined to enable
prometheus metrics.

templates/secretPrometheusBasicAuth.yaml

@@ -14,6 +14,6 @@ metadata:
   name: {{ include "reposilite.secrets.prometheusBasicAuth.name" . }}
   namespace: {{ .Release.Namespace }}
 stringData:
-  password: {{ default (randAlphaNum 16) .Values.prometheus.metrics.secret.new.basicAuthPassword }}
+  password: {{ required "Password for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthPassword }}
-  username: {{ default (randAlphaNum 16) .Values.prometheus.metrics.secret.new.basicAuthUsername }}
+  username: {{ required "Username for basic auth is required!" .Values.prometheus.metrics.secret.new.basicAuthUsername }}
 {{- end }}

unittests/deployment/prometheusPodMonitor.yaml

@@ -13,6 +13,8 @@ tests:
   set:
     prometheus.metrics.enabled: true
     prometheus.metrics.podMonitor.enabled: true
+    prometheus.metrics.secret.new.basicAuthPassword: "my-password"
+    prometheus.metrics.secret.new.basicAuthUsername: "my-username"
   asserts:
   - exists:
       path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials

unittests/deployment/prometheusServiceMonitor.yaml

@@ -13,6 +13,8 @@ tests:
   set:
     prometheus.metrics.enabled: true
     prometheus.metrics.serviceMonitor.enabled: true
+    prometheus.metrics.secret.new.basicAuthPassword: "my-password"
+    prometheus.metrics.secret.new.basicAuthUsername: "my-username"
   asserts:
   - exists:
       path: spec.template.metadata.annotations.checksum/secret-reposilite-unittest-basic-auth-credentials

unittests/secrets/basicAuth.yaml

@@ -13,9 +13,29 @@ tests:
   - hasDocuments:
       count: 0
 
+- it: Throw error for missing basic auth password
+  set:
+    prometheus.metrics.enabled: true
+    # prometheus.metrics.secret.new.basicAuthPassword: "my-password"
+    prometheus.metrics.secret.new.basicAuthUsername: "my-username"
+  asserts:
+    - failedTemplate:
+        errorMessage: "Password for basic auth is required!"
+
+- it: Throw error for missing basic auth username
+  set:
+    prometheus.metrics.enabled: true
+    prometheus.metrics.secret.new.basicAuthPassword: "my-password"
+    # prometheus.metrics.secret.new.basicAuthUsername: "my-username"
+  asserts:
+    - failedTemplate:
+        errorMessage: "Username for basic auth is required!"
+
 - it: Rendering secret with default values.
   set:
     prometheus.metrics.enabled: true
+    prometheus.metrics.secret.new.basicAuthPassword: "my-password"
+    prometheus.metrics.secret.new.basicAuthUsername: "my-username"
   asserts:
   - hasDocuments:
       count: 1
@@ -51,13 +71,13 @@ tests:
   asserts:
   - hasDocuments:
       count: 1
-  - exists:
+  - isSubset:
       path: metadata.annotations
-      value:
+      content:
         foo: bar
-  - exists:
+  - isSubset:
       path: metadata.labels
-      value:
+      content:
         bar: foo
   - equal:
       path: metadata.name

unittests/serviceAccount/serviceAccount.yaml

@@ -53,13 +53,13 @@ tests:
   asserts:
   - hasDocuments:
       count: 1
-  - exists:
+  - isSubset:
       path: metadata.annotations
-      value:
+      content:
         foo: bar
-  - exists:
+  - isSubset:
       path: metadata.labels
-      value:
+      content:
         bar: foo
   - equal:
       path: metadata.name

unittests/services/service.yaml

@@ -78,35 +78,35 @@ tests:
     service.internalTrafficPolicy: ""
   asserts:
   - failedTemplate:
-    errorMessage: No internal traffic policy defined!
+      errorMessage: No internal traffic policy defined!
 
 - it: Require port.
   set:
     service.port: ""
   asserts:
   - failedTemplate:
-    errorMessage: No service port defined!
+      errorMessage: No service port defined!
 
 - it: Require scheme.
   set:
     service.scheme: ""
   asserts:
   - failedTemplate:
-    errorMessage: No service scheme defined!
+      errorMessage: The scheme of the serviceMonitor is not defined!
 
 - it: Require sessionAffinity.
   set:
     service.sessionAffinity: ""
   asserts:
   - failedTemplate:
-    errorMessage: No session affinity defined!
+      errorMessage: No session affinity defined!
 
 - it: Require service type.
   set:
     service.type: ""
   asserts:
   - failedTemplate:
-    errorMessage: No service type defined!
+      errorMessage: No service type defined!
 
 - it: Render service with custom annotations and labels.
   set: