From 21e458f852dac7a3c2e69d0477abc74b6e323d78 Mon Sep 17 00:00:00 2001
From: Johannes Malsam <60240743+johannes94@users.noreply.github.com>
Date: Tue, 18 Jun 2024 15:54:02 +0200
Subject: [PATCH] ROX-23260: add external secret for emailsender db config
 (#1882)

* add external secret for emailsender db config

* call secret fields like expected by emailsender
---
 .../templates/emailsender-secret.yaml         | 33 +++++++++++++++++++
 .../templates/emailsender.yaml                |  8 ++++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 dp-terraform/helm/rhacs-terraform/templates/emailsender-secret.yaml

diff --git a/dp-terraform/helm/rhacs-terraform/templates/emailsender-secret.yaml b/dp-terraform/helm/rhacs-terraform/templates/emailsender-secret.yaml
new file mode 100644
index 0000000000..d71f84259e
--- /dev/null
+++ b/dp-terraform/helm/rhacs-terraform/templates/emailsender-secret.yaml
@@ -0,0 +1,33 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: emailsender-db-secret
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretStoreRef:
+    name: {{ .Values.global.secretStore.aws.secretsManagerSecretStoreName }}
+    kind: ClusterSecretStore
+  target:
+    name: emailsender-db
+    creationPolicy: Owner
+  data:
+    - secretKey: db.user # pragma: allowlist secret
+      remoteRef:
+        key: "cluster-{{ .Values.emailsender.clusterName }}-emailsender-db"
+        property: "username"
+    - secretKey: db.name # pragma: allowlist secret
+      remoteRef:
+        key: "cluster-{{ .Values.emailsender.clusterName }}-emailsender-db"
+        property: "databaseName"
+    - secretKey: db.host # pragma: allowlist secret
+      remoteRef:
+        key: "cluster-{{ .Values.emailsender.clusterName }}-emailsender-db"
+        property: "host"
+    - secretKey: db.password # pragma: allowlist secret
+      remoteRef:
+        key: "cluster-{{ .Values.emailsender.clusterName }}-emailsender-db"
+        property: "password" # pragma: allowlist secret
+    - secretKey: db.port # pragma: allowlist secret
+      remoteRef:
+        key: "cluster-{{ .Values.emailsender.clusterName }}-emailsender-db"
+        property: "port"
diff --git a/dp-terraform/helm/rhacs-terraform/templates/emailsender.yaml b/dp-terraform/helm/rhacs-terraform/templates/emailsender.yaml
index c614465ee3..c9e29e1a2b 100644
--- a/dp-terraform/helm/rhacs-terraform/templates/emailsender.yaml
+++ b/dp-terraform/helm/rhacs-terraform/templates/emailsender.yaml
@@ -55,8 +55,11 @@ spec:
             requests:
               cpu: {{ .Values.emailsender.resources.requests.cpu | quote }}
               memory: {{ .Values.emailsender.resources.requests.memory | quote }}
-        {{- if .Values.emailsender.enableHTTPS }}
           volumeMounts:
+          - name: emailsender-db
+            mountPath: /secrets
+            readOnly: true
+        {{- if .Values.emailsender.enableHTTPS }}
           - name: emailsender-tls
             mountPath: /var/run/certs
             readOnly: true
@@ -66,6 +69,9 @@ spec:
         - name: emailsender-tls
           secret:
             secretName: emailsender-tls # pragma: allowlist secret
+        - name: emailsender-db
+          secret:
+            secretName: emailsender-db # pragma: allowlist secret
     {{- end }}
 ---
 apiVersion: v1