feat(helm): database password is now always generated

DominikPinsel commented 6 months ago

Description

This PR adds a init container to the miw deployment. The idea is to generate a new database user password with each deployment, so that the usage of a pre-configured one becomes obsolete.

The deployment will always generate a fresh secret with the database password, that is used by the MIW. The init container will then do these steps:

Wait until the database is up
If user exists
- alter existing user -> set the password from the secret
If user does not exist
- create a new user with the password
if the database exists
- alter existing database -> set the user as owner
if the database does not exist
- create a database with the user as owner

Additionally: Added "helm.sh/resource-policy": "keep" to the existing MIW secret, as its re-creation would be fatal for existing persisted data.

Pre-review checks

[x] DEPENDENCIES are up-to-date. Dash license tool. Committers can open IP issues for restricted libs.
[x] Copyright and license header are present on all affected files

borisrizov-zf commented 5 months ago

@DominikPinsel please, change the merge branch to develop

sonarcloud[bot] commented 5 months ago

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

DominikPinsel commented 5 months ago

I will put this feature on hold. Using a non-postgres user with a newly generated database password is a breaking change in comparison to how it is done now. We cannot update from a bitnami-postgres-password-secret to a custom-non-postgres-password-secret.

eclipse-tractusx / managed-identity-wallet