223 introduced a breaking change - before, when the vault backend was set to approle, we'd set CONCOURSE_VAULT_AUTH_PARAM. now, it's only set if useAuthParam is explicitly set to true, since it defaults to false. this means that upgrading from 15.0.x -> 15.1.x unset that param, unless you knew to enable useAuthParam (which wasn't documented in the release notes).
it seems more sane to set the auth param if either you explicitly opt-in (by enabling useAuthParam) OR if you set the vault auth param in the secret, and didn't explicitly opt-out by setting useAuthParam to false
Changes proposed in this pull request
No default for .Values.concourse.web.vault.useAuthParam - distinguish between unset and false
Set CONCOURSE_VAULT_AUTH_PARAM from secret if Values.concourse.web.vault.useAuthParam is set to true or if .Values.secrets.vaultAuthParam is set
Note: we still want useAuthParam, since the secret may be created external to helm, and we still need some way of indicating we want that secret
Contributor Checklist
[ ] Variables are documented in the README.md
[ ] Which branch are you merging into?
master is for changes related to the current release of the concourse/concourse:latest image and should be good to publish immediately
dev is for changes related to the next release of Concourse (aka unpublished code on master in concourse/concourse)
Reviewer Checklist
This section is intended for the core maintainers only, to track review progress. Please do not
fill out this section.
[ ] Code reviewed
[ ] Topgun tests run
[ ] Back-port if needed
[ ] Is the correct branch targeted? (master or dev)
Why do we need this PR?
223 introduced a breaking change - before, when the vault backend was set to approle, we'd set
CONCOURSE_VAULT_AUTH_PARAM
. now, it's only set ifuseAuthParam
is explicitly set to true, since it defaults to false. this means that upgrading from 15.0.x -> 15.1.x unset that param, unless you knew to enableuseAuthParam
(which wasn't documented in the release notes).it seems more sane to set the auth param if either you explicitly opt-in (by enabling
useAuthParam
) OR if you set the vault auth param in the secret, and didn't explicitly opt-out by settinguseAuthParam
to falseChanges proposed in this pull request
.Values.concourse.web.vault.useAuthParam
- distinguish between unset andfalse
CONCOURSE_VAULT_AUTH_PARAM
from secret ifValues.concourse.web.vault.useAuthParam
is set to true or if.Values.secrets.vaultAuthParam
is setuseAuthParam
, since the secret may be created external to helm, and we still need some way of indicating we want that secretContributor Checklist
README.md
master
is for changes related to the current release of theconcourse/concourse:latest
image and should be good to publish immediatelydev
is for changes related to the next release of Concourse (aka unpublished code onmaster
in concourse/concourse)Reviewer Checklist