-
Notifications
You must be signed in to change notification settings - Fork 217
/
nginx-auth.yaml
47 lines (47 loc) · 1.52 KB
/
nginx-auth.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Copyright (c) 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License 2.0 which is available at
# http://www.eclipse.org/legal/epl-2.0
#
# SPDX-License-Identifier: EPL-2.0
{{- if .Values.nginx.enabled -}}
{{- $releaseName := .Release.Name -}}
{{- $name := include "ditto.name" . -}}
{{- $labels := include "ditto.labels" . -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $releaseName }}-nginx-config-nginx-htpasswd
labels:
app.kubernetes.io/name: {{ $name }}-nginx-config
{{ $labels | indent 4 }}
type: Opaque
stringData:
nginx.htpasswd: |-
{{- if .Values.global.hashedBasicAuthUsers }}
{{ range .Values.global.hashedBasicAuthUsers }}
{{- . | indent 4 }}
{{ end }}
{{- else }}
{{- if (quote .Values.global.existingSecret | empty) }}
{{ range $key, $value := .Values.global.basicAuthUsers }}
{{- (htpasswd $value.user $value.password) | indent 4 }}
{{ end }}
{{- else }}
{{- $secret := lookup "v1" "Secret" $.Release.Namespace .Values.global.existingSecret }}
{{- if $secret }}
{{- range $user, $password := $secret.data }}
{{ htpasswd $user ($password | b64dec) | indent 4 }}
{{- end }}
{{- else}}
{{- fail (printf "Missing provided existingSecret for basicAuthUsers: %s" .Values.global.existingSecret) }}
{{- end }}
{{ end }}
{{ end }}
---
{{- end }}