From 8bcff6aa8d0eb15860c03bed4c69e4d8ab816ce2 Mon Sep 17 00:00:00 2001
From: John <john@johnlahr.me>
Date: Sun, 3 Nov 2024 18:09:30 -0600
Subject: [PATCH] Redis Secret Password Key (#434)

* Redis Secret Password Key

- Added `redisSecretPasswordKey` value

Added a new `redisSecretPasswordKey` value that allows users to override
the default `password` key used when specifying an existing `Secret` for
Redis. This makes for a more seamless integration with popular
third-party Redis Helm charts.

Signed-off-by: John Lahr <john@johnlahr.me>

* Update charts/atlantis/values.yaml

Co-authored-by: Gabriel Martinez <19713226+GMartinez-Sisti@users.noreply.github.com>
Signed-off-by: John <john@johnlahr.me>

* added unit tests for Redis variables
Signed-off-by: John Lahr <john@johnlahr.me>

* fixed incorrect default value in README
Signed-off-by: John Lahr <john@johnlahr.me>

* fixed incorrect test value
Signed-off-by: John Lahr <john@johnlahr.me>

---------

Signed-off-by: John Lahr <john@johnlahr.me>
Signed-off-by: John <john@johnlahr.me>
Co-authored-by: Gabriel Martinez <19713226+GMartinez-Sisti@users.noreply.github.com>
---
 charts/atlantis/Chart.yaml                  |  2 +-
 charts/atlantis/README.md                   |  1 +
 charts/atlantis/templates/statefulset.yaml  |  2 +-
 charts/atlantis/tests/statefulset_test.yaml | 90 +++++++++++++++++++++
 charts/atlantis/values.schema.json          |  6 +-
 charts/atlantis/values.yaml                 |  3 +
 6 files changed, 101 insertions(+), 3 deletions(-)

diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
index 96a2bd71..cb5f1e1c 100644
--- a/charts/atlantis/Chart.yaml
+++ b/charts/atlantis/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: v0.30.0
 description: A Helm chart for Atlantis https://www.runatlantis.io
 name: atlantis
-version: 5.8.0
+version: 5.9.0
 keywords:
   - terraform
 home: https://www.runatlantis.io
diff --git a/charts/atlantis/README.md b/charts/atlantis/README.md
index 932ef379..b42656e1 100644
--- a/charts/atlantis/README.md
+++ b/charts/atlantis/README.md
@@ -176,6 +176,7 @@ extraManifests:
 | readinessProbe.timeoutSeconds | int | `5` |  |
 | redis | object | `{}` | Configure Redis Locking DB. lockingDbType value must be redis for the config to take effect. Check values.yaml for examples. |
 | redisSecretName | string | `""` | When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name. |
+| redisSecretPasswordKey | string | `"password"` | Key within the existing Redis secret that contains the password value. |
 | replicaCount | int | `1` | Replica count for Atlantis pods. |
 | repoConfig | string | `""` | Use Server Side Repo Config, ref: https://www.runatlantis.io/docs/server-side-repo-config.html. Check values.yaml for examples. |
 | resources | object | `{}` | Resources for Atlantis. Check values.yaml for examples. |
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index 342b3b63..bef7e729 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -477,7 +477,7 @@ spec:
             valueFrom:
               secretKeyRef:
                 name: {{ template "atlantis.redisSecretName" . }}
-                key: password
+                key: {{ .Values.redisSecretPasswordKey | quote }}
           {{- end }}
           {{- if .Values.redis.port }}
           - name: ATLANTIS_REDIS_PORT
diff --git a/charts/atlantis/tests/statefulset_test.yaml b/charts/atlantis/tests/statefulset_test.yaml
index c59f215d..defc53c8 100644
--- a/charts/atlantis/tests/statefulset_test.yaml
+++ b/charts/atlantis/tests/statefulset_test.yaml
@@ -825,6 +825,96 @@ tests:
               secretKeyRef:
                 key: apisecret
                 name: atlantis-api
+  - it: redisHost
+    template: statefulset.yaml
+    set:
+      redis.host: my-redis
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ATLANTIS_REDIS_HOST
+            value: my-redis
+  - it: redisPassword
+    template: statefulset.yaml
+    set:
+      redis.password: SuperSecretPassword
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ATLANTIS_REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: my-release-atlantis-redis
+                key: password
+  - it: redisSecretName
+    template: statefulset.yaml
+    set:
+      redisSecretName: existing-secret
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ATLANTIS_REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: existing-secret
+                key: password
+  - it: redisSecretPasswordKey
+    template: statefulset.yaml
+    set:
+      redisSecretName: my-secret
+      redisSecretPasswordKey: my-password-key
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ATLANTIS_REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: my-secret
+                key: my-password-key
+  - it: redisPort
+    template: statefulset.yaml
+    set:
+      redis.port: 1234
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ATLANTIS_REDIS_PORT
+            value: "1234"
+  - it: redisDb
+    template: statefulset.yaml
+    set:
+      redis.db: 1
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ATLANTIS_REDIS_DB
+            value: "1"
+  - it: redisTlsEnabled
+    template: statefulset.yaml
+    set:
+      redis.tlsEnabled: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ATLANTIS_REDIS_TLS_ENABLED
+            value: "true"
+  - it: redisInsecureSkipVerify
+    template: statefulset.yaml
+    set:
+      redis.insecureSkipVerify: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: ATLANTIS_REDIS_INSECURE_SKIP_VERIFY
+            value: "true"
   - it: command
     template: statefulset.yaml
     set:
diff --git a/charts/atlantis/values.schema.json b/charts/atlantis/values.schema.json
index af8ef852..57400398 100644
--- a/charts/atlantis/values.schema.json
+++ b/charts/atlantis/values.schema.json
@@ -1283,7 +1283,11 @@
     },
     "redisSecretName": {
       "type": "string",
-      "description": "Name of a pre-existing Kubernetes `Secret` containing a `password` key. Use this instead of `redis.password`."
+      "description": "Name of a pre-existing Kubernetes `Secret` containing the password for Redis. Use this instead of `redis.password`."
+    },
+    "redisSecretPasswordKey": {
+      "type": "string",
+      "description": "Key within the existing Redis `Secret` that contains the password value."
     },
     "lifecycle": {
       "type": "object",
diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
index b3c9b67c..74cd7660 100644
--- a/charts/atlantis/values.yaml
+++ b/charts/atlantis/values.yaml
@@ -731,6 +731,9 @@ redis: {}
 # -- When managing secrets outside the chart for the Redis secret, use this variable to reference the secret name.
 redisSecretName: ""
 
+# -- Key within the existing Redis secret that contains the password value.
+redisSecretPasswordKey: password
+
 # -- Set lifecycle hooks.
 # https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/.
 lifecycle: {}