223 introduced a breaking change - before, when the vault backend was set to approle, we'd set CONCOURSE_VAULT_AUTH_PARAM. now, it's only set if useAuthParam is explicitly set to true, since it defaults to false. this means that upgrading from 15.0.x -> 15.1.x unset that param, unless you knew to enable useAuthParam (which wasn't documented in the release notes).
it seems more sane to set the auth param if either you explicitly opt-in (by enabling useAuthParam) OR if you set the vault auth param in the secret, and didn't explicitly opt-out by setting useAuthParam to false
Changes proposed in this pull request
No default for .Values.concourse.web.vault.useAuthParam - distinguish between unset and false
Set CONCOURSE_VAULT_AUTH_PARAM from secret if Values.concourse.web.vault.useAuthParam is set to true or if .Values.secrets.vaultAuthParam is set
Note: we still want useAuthParam, since the secret may be created external to helm, and we still need some way of indicating we want that secret
Contributor Checklist
[ ] Variables are documented in the README.md
[ ] Which branch are you merging into?
master is for changes related to the current release of the concourse/concourse:latest image and should be good to publish immediately
dev is for changes related to the next release of Concourse (aka unpublished code on master in concourse/concourse)
Reviewer Checklist
This section is intended for the core maintainers only, to track review progress. Please do not
fill out this section.
[ ] Code reviewed
[ ] Topgun tests run
[ ] Back-port if needed
[ ] Is the correct branch targeted? (master or dev)
Why do we need this PR?
223 introduced a breaking change - before, when the vault backend was set to approle, we'd set
CONCOURSE_VAULT_AUTH_PARAM. now, it's only set ifuseAuthParamis explicitly set to true, since it defaults to false. this means that upgrading from 15.0.x -> 15.1.x unset that param, unless you knew to enableuseAuthParam(which wasn't documented in the release notes).it seems more sane to set the auth param if either you explicitly opt-in (by enabling
useAuthParam) OR if you set the vault auth param in the secret, and didn't explicitly opt-out by settinguseAuthParamto falseChanges proposed in this pull request
.Values.concourse.web.vault.useAuthParam- distinguish between unset andfalseCONCOURSE_VAULT_AUTH_PARAMfrom secret ifValues.concourse.web.vault.useAuthParamis set to true or if.Values.secrets.vaultAuthParamis setuseAuthParam, since the secret may be created external to helm, and we still need some way of indicating we want that secretContributor Checklist
README.mdmasteris for changes related to the current release of theconcourse/concourse:latestimage and should be good to publish immediatelydevis for changes related to the next release of Concourse (aka unpublished code onmasterin concourse/concourse)Reviewer Checklist