[scalardl-auditor] Support HMAC authentication method (#300)

kota2and3kan · kota2and3kan · commit b886f0463148 · 2025-06-18T14:17:35.000+09:00
diff --git a/charts/scalardl-audit/README.md b/charts/scalardl-audit/README.md
@@ -15,6 +15,7 @@ Current chart version is `2.9.2`
 |-----|------|---------|-------------|
 | auditor.affinity | object | `{}` | the affinity/anti-affinity feature, greatly expands the types of constraints you can express |
 | auditor.auditorProperties | string | The default minimum necessary values of auditor.properties are set. You can overwrite it with your own auditor.properties. | The auditor.properties is created based on the values of auditor.scalarAuditorConfiguration by default. If you want to customize auditor.properties, you can override this value with your auditor.properties. |
+| auditor.authentication.method | string | `"digital-signature"` | Specify the authentication method of ScalarDL. Available value is "digital-signature" or "hmac". |
 | auditor.existingSecret | string | `""` | Name of existing secret to use for storing database username and password |
 | auditor.extraVolumeMounts | list | `[]` | Defines additional volume mounts. |
 | auditor.extraVolumes | list | `[]` | Defines additional volumes. |
diff --git a/charts/scalardl-audit/templates/auditor/deployment.yaml b/charts/scalardl-audit/templates/auditor/deployment.yaml
@@ -36,7 +36,7 @@ spec:
         {{- toYaml . | nindent 8 }}
     {{- end }}
       volumes:
-      {{- if not .Values.auditor.extraVolumes }}
+      {{- if and (not .Values.auditor.extraVolumes) (not (eq .Values.auditor.authentication.method "hmac")) }}
         - name: "{{ .Values.auditor.scalarAuditorConfiguration.secretName }}"
           secret:
             secretName: "{{ .Values.auditor.scalarAuditorConfiguration.secretName }}"
@@ -85,7 +85,7 @@ spec:
           {{- end }}
           imagePullPolicy: {{ .Values.auditor.image.pullPolicy }}
           volumeMounts:
-          {{- if not .Values.auditor.extraVolumeMounts }}
+          {{- if and (not .Values.auditor.extraVolumeMounts) (not (eq .Values.auditor.authentication.method "hmac")) }}
             - name: "{{ .Values.auditor.scalarAuditorConfiguration.secretName }}"
               mountPath: "/keys"
               readOnly: true
diff --git a/charts/scalardl-audit/values.schema.json b/charts/scalardl-audit/values.schema.json
@@ -11,6 +11,14 @@
                 "auditorProperties": {
                     "type": "string"
                 },
+                "authentication": {
+                    "type": "object",
+                    "properties": {
+                        "method": {
+                            "type": "string"
+                        }
+                    }
+                },
                 "existingSecret": {
                     "type": "string"
                 },
diff --git a/charts/scalardl-audit/values.yaml b/charts/scalardl-audit/values.yaml
@@ -329,3 +329,7 @@ auditor:
         - localhost
       # -- Issuer references of cert-manager.
       issuerRef: {}
+
+  authentication:
+    # -- Specify the authentication method of ScalarDL. Available value is "digital-signature" or "hmac".
+    method: "digital-signature"
