Description
Name and Version
bitnami/postgres 16.5.6
What architecture are you using?
arm64
What steps will reproduce the bug?
Deployed the postgres chart using:
helm install --set auth.existingSecret=postgres-credentials
This results in a WARNING:
WARNING: PostgreSQL has been configured without authentication, this is not recommended for production environments.
Even though credentials have been established. Looking at https://github.com/bitnami/charts/blob/main/bitnami/postgresql/templates/NOTES.txt it appears the logic for determining whether or not auth is enabled is incorrect:
{{- $authEnabled := and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret)) (or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres"))) }}
The first or there evaluates to true because auth.existingSecret is set. The not then inverts that to a false value, which makes the and false. As a result, if auth.existingSecret or global.postgres.auth.existingSecret is set, then authEnabled becomes false instead of true.
Are you using any custom parameters or values?
--set auth.existingSecret=postgres-credentials
What is the expected behavior?
No warning about authentication being disabled
What do you see instead?
The warning about auth being disabled
Additional information
Looking at https://github.com/bitnami/charts/blob/main/bitnami/postgresql/templates/NOTES.txt it appears the logic for determining whether or not auth is enabled is incorrect:
{{- $authEnabled := and (not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret)) (or $postgresPassword .Values.auth.enablePostgresUser (and (not (empty $customUser)) (ne $customUser "postgres"))) }}
The first or there evaluates to true because auth.existingSecret is set. The not then inverts that to a false value, which makes the and false. As a result, if auth.existingSecret or global.postgres.auth.existingSecret is set, then authEnabled becomes false instead of true.