From f5a757b1065d26593bdf6fca55ed70772d5ff722 Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Wed, 21 Oct 2020 16:12:56 -0400
Subject: [PATCH] [keystone] Fix fernet secret reset

This patch makes the fernet and credential secret something that gets
created only once when the deployment is first done, as when using Helm,
it's possible that it overrides it's values with an empty secret in the
runs afterwards.

By making it a hook, it will instead create it and leave an owner
reference in Helm 3 to delete it later if the release is deleted.  It
will not manage it afterwards as well.

Change-Id: I7c1c97f38877e0e54bea7fc09b37dd6f77c9dc8a
---
 keystone/Chart.yaml                            | 2 +-
 keystone/templates/secret-credential-keys.yaml | 2 ++
 keystone/templates/secret-fernet-keys.yaml     | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
index e0f8f42e6b..616da07f8c 100644
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.1.2
+version: 0.1.3
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
diff --git a/keystone/templates/secret-credential-keys.yaml b/keystone/templates/secret-credential-keys.yaml
index fc8913f601..4fbd1ae589 100644
--- a/keystone/templates/secret-credential-keys.yaml
+++ b/keystone/templates/secret-credential-keys.yaml
@@ -19,6 +19,8 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: keystone-credential-keys
+  annotations:
+    "helm.sh/hook": pre-install
 type: Opaque
 data:
 {{- end }}
diff --git a/keystone/templates/secret-fernet-keys.yaml b/keystone/templates/secret-fernet-keys.yaml
index e9ca8b208f..8979b47a27 100644
--- a/keystone/templates/secret-fernet-keys.yaml
+++ b/keystone/templates/secret-fernet-keys.yaml
@@ -20,6 +20,8 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: keystone-fernet-keys
+  annotations:
+    "helm.sh/hook": pre-install
 type: Opaque
 data:
 {{- end }}