add hashedBasicAuthUsers section where already hashed username/password combinations can be configured;

first use hashedBasicAuthUsers if configured;

Signed-off-by: Stefan <[email protected]>

Author: Stefan

.gitignore

@@ -9,3 +9,4 @@
 Chart.lock
 # dependencies of charts get downloaded to chart/<chartname>/carts - so exclude those:
 charts/*/charts
+/charts/ditto/requirements.lock

charts/ditto/templates/nginx-auth.yaml

@@ -23,8 +23,14 @@ metadata:
 {{ $labels | indent 4 }}
 data:
   "nginx.htpasswd": |-
+{{- if .Values.global.hashedBasicAuthUsers }}
+{{ range $key, $value := .Values.global.hashedBasicAuthUsers }}
+{{- $value.hashedUserPassword | indent 4 }}
+{{ end }}
+{{- else }}
 {{ range $key, $value := .Values.global.basicAuthUsers }}
 {{- (htpasswd $value.user $value.password) | indent 4 }}
 {{ end }}
+{{ end }}
 ---
 {{- end }}

charts/ditto/values.yaml

@@ -86,12 +86,20 @@ openshift:
 ## ----------------------------------------------------------------------------
 ## global configuration shared by all components
 global:
+  # Nginx Basic Auth config
+  # either configure one or more basic auth user in the basicAuthUsers section
+  # where you can specify username and password in clear text
+  # or use the hashedBasicAuthUsers section where you can add already hashed username/password combinations
   # default basic auth user used for authentication in nginx is ditto with password ditto
   # add more users to the basicAuthUsers array or replace the default user
   basicAuthUsers:
     ditto:
       user: ditto
       password: ditto
+  # alternative: add already hashed username and password combinations
+  hashedBasicAuthUsers: []
+  #  ditto:
+  #    hashedUserPassword: ditto:A6BgmB8IEtPTs
   ## jwtOnly controls whether only OpenID-Connect authentication is supported
   ## if false, basicAuth is used
   ## ref: https://www.eclipse.org/ditto/installation-operating.html#openid-connect