From ebc962d0f92977ea532273e3a3ad05c818c9d0eb Mon Sep 17 00:00:00 2001
From: bhearn7 <blakeeh723@gmail.com>
Date: Tue, 24 Aug 2021 12:18:15 -0400
Subject: [PATCH] update flow

---
 chart/templates/engine_configmap.yaml           |  4 +---
 chart/templates/engine_secret.yaml              |  6 ++++--
 chart/templates/enterprise_configmap.yaml       |  4 +---
 chart/templates/enterprise_feeds_configmap.yaml |  4 +---
 chart/templates/enterprise_feeds_secret.yaml    |  6 ++++--
 docs/BBCHANGES.md                               | 16 +++++++---------
 6 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/chart/templates/engine_configmap.yaml b/chart/templates/engine_configmap.yaml
index be0232e..517331d 100644
--- a/chart/templates/engine_configmap.yaml
+++ b/chart/templates/engine_configmap.yaml
@@ -59,9 +59,7 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      {{- $anchorefullname := include "anchore-engine.fullname" . -}}
-      {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
+      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
       secret: ${ANCHORE_SAML_SECRET}
       {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
diff --git a/chart/templates/engine_secret.yaml b/chart/templates/engine_secret.yaml
index 230d20f..e151447 100644
--- a/chart/templates/engine_secret.yaml
+++ b/chart/templates/engine_secret.yaml
@@ -16,8 +16,10 @@ stringData:
   ANCHORE_DB_PASSWORD: {{ index .Values "postgresql" "postgresPassword" | quote }}
   {{- $anchorefullname := include "anchore-engine.fullname" . -}}
   {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-  {{- if or (not $old_secret) (not $old_secret.data) }}
-  ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }}
+  {{- if .Values.anchoreGlobal.saml.secret }}
+  ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
+  {{- else if or (not $old_secret) (not $old_secret.data) }}
+  ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
   {{ else }}
   ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
   {{- end }}
diff --git a/chart/templates/enterprise_configmap.yaml b/chart/templates/enterprise_configmap.yaml
index c793738..4743622 100644
--- a/chart/templates/enterprise_configmap.yaml
+++ b/chart/templates/enterprise_configmap.yaml
@@ -41,9 +41,7 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      {{- $anchorefullname := include "anchore-engine.fullname" . -}}
-      {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
+      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
       secret: ${ANCHORE_SAML_SECRET}
       {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
diff --git a/chart/templates/enterprise_feeds_configmap.yaml b/chart/templates/enterprise_feeds_configmap.yaml
index 130beff..b5e652f 100644
--- a/chart/templates/enterprise_feeds_configmap.yaml
+++ b/chart/templates/enterprise_feeds_configmap.yaml
@@ -35,9 +35,7 @@ data:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
     keys:
-      {{- $anchorefullname := include "anchore-engine.fullname" . -}}
-      {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
+      {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
       secret: ${ANCHORE_SAML_SECRET}
       {{- end }}
       {{- with .Values.anchoreGlobal.saml.publicKeyName }}
diff --git a/chart/templates/enterprise_feeds_secret.yaml b/chart/templates/enterprise_feeds_secret.yaml
index d1c2e29..24990f6 100644
--- a/chart/templates/enterprise_feeds_secret.yaml
+++ b/chart/templates/enterprise_feeds_secret.yaml
@@ -17,8 +17,10 @@ stringData:
   ANCHORE_FEEDS_DB_PASSWORD: {{ index .Values "anchore-feeds-db" "postgresPassword" | quote }}
   {{- $anchorefullname := include "anchore-engine.fullname" . -}}
   {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-  {{- if or (not $old_secret) (not $old_secret.data) }}
-  ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }}
+  {{- if .Values.anchoreGlobal.saml.secret }}
+  ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
+  {{- else if or (not $old_secret) (not $old_secret.data) }}
+  ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
   {{ else }}
   ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
   {{- end }}
diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md
index 6cc7316..8cc3c77 100644
--- a/docs/BBCHANGES.md
+++ b/docs/BBCHANGES.md
@@ -225,10 +225,12 @@ To resolve an issue where Anchore would redeploy after every update, `./chart/te
 ```yaml
 {{- $anchorefullname := include "anchore-engine.fullname" . -}}
 {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-{{- if or (not $old_secret) (not $old_secret.data) }}
-ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }}
+{{- if .Values.anchoreGlobal.saml.secret }}
+ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret }}
+{{- else if or (not $old_secret) (not $old_secret.data) }}
+ANCHORE_SAML_SECRET: {{ (randAlphaNum 12) | quote }}
 {{ else }}
-ANCHORE_SAML_SECRET: {{ index $old_secret.data "ANCHORE_SAML_SECRET" }}
+ANCHORE_SAML_SECRET: {{ b64dec (index $old_secret.data "ANCHORE_SAML_SECRET") }}
 {{- end }}
 ```
 
@@ -236,11 +238,7 @@ Additionally, `./chart/templates/engine_configmap.yaml`, `./chart/templates/ente
 
 ```yaml
 keys:
-  {{- $anchorefullname := include "anchore-engine.fullname" . -}}
-  {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
-  {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled $old_secret }}
+  {{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret .Values.anchoreGlobal.oauthEnabled }}
   secret: ${ANCHORE_SAML_SECRET}
   {{- end }}
-```
-
-If you want to change your `ANCHORE_SAML_SECRET` value, remember to delete the previous 2 secrets so the value is not reused.
\ No newline at end of file
+```
\ No newline at end of file
-- 
GitLab