netbox: not possible to omit externalDatabase password

[norman-zon]

Using the netbox chart 5.0.7 it is not possible to omit existingSecretPasswordKey.

I use Google CloudSQL with IAM based auth (via CloudSQL proxy), which does not need a password.

When setting the connection info like this, everything works:

externalDatabase:
    host: localhost
    port: 5432
    database: netbox
    username: "serviceaccount@project.iam"
    password: ""

But when I try to use an existing secret with an empty password like so:

externalDatabase:
    existingSecretName: cloudsql-proxy-iam
    existingSecretHostKey: PGHOST
    existingSecretPortKey: PGPORT
    existingSecretUserKey: PGUSER
    existingSecretDatabaseKey: PGDATABASE
    existingSecretPasswordKey: PGPASSWORD

I get:

django.db.utils.OperationalError: connection failed: fe_sendauth: no password supplied

If I remove existingSecretPasswordKey completely, the chart fails with:

MountVolume.SetUp failed for volume "secrets" : references non-existent secret key: db-password

I think my usecase is not super common, but viable. Could you please change the handling of existingSecretPasswordKey, so it can be omited?

[firmansyahn]

This is because I arrogantly assume that any external database should have password already.
Even as far as to do auto generate if it empty.

Btw, netbox.databaseSecretPasswordKey cannot omited. Because netbox image itself expected it always exist. Either use default db-password or custom at existingSecretPasswordKey.

Will fix on next release.

external-db.yaml

data:
  db-password: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-%s" (include "netbox.fullname" .) "external-db") "key" "db-password" "length" 32 "providedValues" (list "externalDatabase.password") "context" $) }}