From 78366f19532053af44089af26b4e9050e825075f Mon Sep 17 00:00:00 2001
From: klinch0 <68821526+klinch0@users.noreply.github.com>
Date: Thu, 21 Nov 2024 03:11:48 +0300
Subject: [PATCH] add password for nats (#477)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Introduced username and password parameters for NATS authentication,
enhancing security options.
- Added a new configuration for specifying the Kubernetes cluster domain
for routing.
- Implemented a new Role in Kubernetes RBAC for managing secrets related
to the NATS dashboard.

- **Bug Fixes**
- Updated versioning information for the NATS application to reflect the
latest changes.

- **Documentation**
- Enhanced the README with details on new authentication parameters and
configuration options.
- Updated the JSON schema to include new properties for user
configuration.

- **Chores**
	- Incremented the NATS application version from 0.2.0 to 0.3.0.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---
 packages/apps/nats/Chart.yaml                 |  2 +-
 packages/apps/nats/README.md                  |  5 +++
 packages/apps/nats/templates/nats.yaml        | 32 ++++++++++++++
 packages/apps/nats/templates/resourcemap.yaml | 12 +++++
 packages/apps/nats/values.schema.json         | 44 ++++++++++++-------
 packages/apps/nats/values.yaml                |  7 +++
 packages/apps/versions_map                    |  3 +-
 packages/system/nats/values.yaml              |  4 ++
 8 files changed, 92 insertions(+), 17 deletions(-)
 create mode 100644 packages/apps/nats/templates/resourcemap.yaml

diff --git a/packages/apps/nats/Chart.yaml b/packages/apps/nats/Chart.yaml
index 94aecd6a..b64b6dde 100644
--- a/packages/apps/nats/Chart.yaml
+++ b/packages/apps/nats/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/packages/apps/nats/README.md b/packages/apps/nats/README.md
index 11d4b575..19ed3ae0 100644
--- a/packages/apps/nats/README.md
+++ b/packages/apps/nats/README.md
@@ -10,3 +10,8 @@
 | `replicas`     | Persistent Volume size for NATS                 | `2`     |
 | `storageClass` | StorageClass used to store the data             | `""`    |
 
+### Configuration parameters
+
+| Name        | Description             | Value |
+| ----------- | ----------------------- | ----- |
+| `users`     | Users configuration     | `{}`  |
diff --git a/packages/apps/nats/templates/nats.yaml b/packages/apps/nats/templates/nats.yaml
index 1872bfce..24731cc0 100644
--- a/packages/apps/nats/templates/nats.yaml
+++ b/packages/apps/nats/templates/nats.yaml
@@ -1,3 +1,25 @@
+{{- $passwords := dict }}
+{{- range $user, $u := .Values.users }}
+  {{- if $u.password }}
+    {{- $_ := set $passwords $user $u.password }}
+  {{- else if not (index $passwords $user) }}
+    {{- $_ := set $passwords $user (randAlphaNum 16) }}
+  {{- end }}
+{{- end }}
+
+{{- if .Values.users }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-credentials
+stringData:
+  {{- range $user, $u := .Values.users }}
+  {{ quote $user }}: {{ quote (index $passwords $user) }}
+  {{- end }}
+{{- end }}
+
+---
+
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@@ -18,6 +40,16 @@ spec:
     nats:
       fullnameOverride: {{ .Release.Name }}
       config:
+        {{- if gt (len .Values.passwords) 0 }}
+        merge:
+          accounts:
+            A:
+              users:
+                {{- range $username, $password := $passwords }}
+                - user: "{{ $username }}"
+                  password: "{{ $password }}"
+                {{- end }}
+        {{- end }}
         cluster:
           enabled: true
           replicas: {{ .Values.replicas }}
diff --git a/packages/apps/nats/templates/resourcemap.yaml b/packages/apps/nats/templates/resourcemap.yaml
new file mode 100644
index 00000000..c7c86d81
--- /dev/null
+++ b/packages/apps/nats/templates/resourcemap.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - {{ .Release.Name }}-credentials
+  verbs: ["get", "list", "watch"]
diff --git a/packages/apps/nats/values.schema.json b/packages/apps/nats/values.schema.json
index df176502..d8ff291e 100644
--- a/packages/apps/nats/values.schema.json
+++ b/packages/apps/nats/values.schema.json
@@ -2,20 +2,34 @@
     "title": "Chart Values",
     "type": "object",
     "properties": {
-        "external": {
-            "type": "boolean",
-            "description": "Enable external access from outside the cluster",
-            "default": false
+      "external": {
+        "type": "boolean",
+        "description": "Enable external access from outside the cluster",
+        "default": false
+      },
+      "replicas": {
+        "type": "number",
+        "description": "Persistent Volume size for NATS",
+        "default": 2
+      },
+      "storageClass": {
+        "type": "string",
+        "description": "StorageClass used to store the data",
+        "default": ""
+      },
+      "users": {
+        "type": "object",
+        "description": "Users configuration",
+        "additionalProperties": {
+          "type": "object",
+          "properties": {
+            "password": {
+              "type": "string",
+              "description": "Password for the user"
+            }
+          }
         },
-        "replicas": {
-            "type": "number",
-            "description": "Persistent Volume size for NATS",
-            "default": 2
-        },
-        "storageClass": {
-            "type": "string",
-            "description": "StorageClass used to store the data",
-            "default": ""
-        }
+        "default": {}
+      }
     }
-}
\ No newline at end of file
+  }
diff --git a/packages/apps/nats/values.yaml b/packages/apps/nats/values.yaml
index 7044641c..6b2205be 100644
--- a/packages/apps/nats/values.yaml
+++ b/packages/apps/nats/values.yaml
@@ -8,3 +8,10 @@
 external: false
 replicas: 2
 storageClass: ""
+## @param users [object] Users configuration
+## Example:
+## users:
+##   user1:
+##     password: strongpassword
+##   user2: {}
+users: {}
diff --git a/packages/apps/versions_map b/packages/apps/versions_map
index bf10e95c..e64027d1 100644
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -48,7 +48,8 @@ mysql 0.5.0 4b84798
 mysql 0.5.1 fab5940b
 mysql 0.5.2 HEAD
 nats 0.1.0 5ca8823
-nats 0.2.0 HEAD
+nats 0.2.0 c07c4bbd
+nats 0.3.0 HEAD
 postgres 0.1.0 f642698
 postgres 0.2.0 7cd7de73
 postgres 0.2.1 4a97e297
diff --git a/packages/system/nats/values.yaml b/packages/system/nats/values.yaml
index 239b91c4..a28cadbe 100644
--- a/packages/system/nats/values.yaml
+++ b/packages/system/nats/values.yaml
@@ -5,3 +5,7 @@ nats:
         persistentVolumeClaimRetentionPolicy:
           whenDeleted: Delete
           whenScaled: Delete
+  config:
+    cluster:
+      routeURLs:
+        k8sClusterDomain: cozy.local