From db08f68c1b39bb5cad3175ca99d9629c8d257541 Mon Sep 17 00:00:00 2001
From: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
Date: Wed, 3 Mar 2021 12:24:44 +0100
Subject: [PATCH] [bitnami/postgresql] Don't put postgresql-postgres-password
 in secret when not needed (#5635)

* Don't put postgresql-postgres-password in secret when not needed

When only using the "postgres" user, the secret gets updated every helm upgrade with a
random string. When using with argocd (and maybe other gitops tools) there are always
changes until you put a dummy value into postgresqlPostgresPassword.

Use the same conditional as in statefulset.yaml:
~~~
{{- if not (eq (include "postgresql.username" .) "postgres")  }}
  # (..)
- name: POSTGRES_POSTGRES_PASSWORD
  valueFrom:
    secretKeyRef:
      name: {{ template "postgresql.secretName" . }}
      key: postgresql-postgres-password
{{- end }}
{{- end }}
~~~

* Use same conditional for readreplicas

In PR #4380 we forgot to also change the 2nd statefulset for the readreplicas
---
 bitnami/postgresql/Chart.yaml                              | 2 +-
 bitnami/postgresql/templates/secrets.yaml                  | 2 ++
 bitnami/postgresql/templates/statefulset-readreplicas.yaml | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/bitnami/postgresql/Chart.yaml b/bitnami/postgresql/Chart.yaml
index 5c9f42573c..8f8d3205d9 100644
--- a/bitnami/postgresql/Chart.yaml
+++ b/bitnami/postgresql/Chart.yaml
@@ -26,4 +26,4 @@ name: postgresql
 sources:
   - https://github.com/bitnami/bitnami-docker-postgresql
   - https://www.postgresql.org/
-version: 10.3.7
+version: 10.3.8
diff --git a/bitnami/postgresql/templates/secrets.yaml b/bitnami/postgresql/templates/secrets.yaml
index dc301daba8..d492cd593b 100644
--- a/bitnami/postgresql/templates/secrets.yaml
+++ b/bitnami/postgresql/templates/secrets.yaml
@@ -11,7 +11,9 @@ metadata:
   namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
+  {{- if not (eq (include "postgresql.username" .) "postgres")  }}
   postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }}
+  {{- end }}
   postgresql-password: {{ include "postgresql.password" . | b64enc | quote }}
   {{- if .Values.replication.enabled }}
   postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }}
diff --git a/bitnami/postgresql/templates/statefulset-readreplicas.yaml b/bitnami/postgresql/templates/statefulset-readreplicas.yaml
index 7e93d65683..b038299bf6 100644
--- a/bitnami/postgresql/templates/statefulset-readreplicas.yaml
+++ b/bitnami/postgresql/templates/statefulset-readreplicas.yaml
@@ -176,7 +176,7 @@ spec:
               value: {{ template "common.names.fullname" . }}
             - name: POSTGRES_MASTER_PORT_NUMBER
               value: {{ include "postgresql.port" . | quote }}
-            {{- if and (not (eq .Values.postgresqlUsername "postgres")) (or .Values.postgresqlPostgresPassword (include "postgresql.useExistingSecret" .)) }}
+            {{- if not (eq (include "postgresql.username" .) "postgres")  }}
             {{- if .Values.usePasswordFile }}
             - name: POSTGRES_POSTGRES_PASSWORD_FILE
               value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password"