From a13cf630242343dc8f759cfeb423ff626480b086 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= <thorsten.rossner.extern@zendis.de>
Date: Fri, 27 Dec 2024 15:45:52 +0100
Subject: [PATCH] fix(helmfile): Remove duplicate entries from
 `secrets.yaml.gotmpl`

---
 .gitlab/lint/lint-kyverno.yml                     |  1 +
 .kyverno/{policies => }/_overwrite.yaml           |  0
 helmfile/environments/default/secrets.yaml.gotmpl | 14 +++++---------
 3 files changed, 6 insertions(+), 9 deletions(-)
 rename .kyverno/{policies => }/_overwrite.yaml (100%)

diff --git a/.gitlab/lint/lint-kyverno.yml b/.gitlab/lint/lint-kyverno.yml
index c918786c..3ce6de2a 100644
--- a/.gitlab/lint/lint-kyverno.yml
+++ b/.gitlab/lint/lint-kyverno.yml
@@ -31,6 +31,7 @@ lint-kyverno:
     - >
       node /app/opendesk-ci-cli/src/index.js generate-kyverno-env
       -d ${CI_PROJECT_DIR}/helmfile/environments
+      -x ${CI_PROJECT_DIR}/.kyverno/_overwrite.yaml
     - "helmfile template -e test --include-needs --skip-tests > ${CI_PROJECT_DIR}/.kyverno/opendesk.yaml"
     - "cd ${CI_PROJECT_DIR}/.kyverno"
     # Test optional
diff --git a/.kyverno/policies/_overwrite.yaml b/.kyverno/_overwrite.yaml
similarity index 100%
rename from .kyverno/policies/_overwrite.yaml
rename to .kyverno/_overwrite.yaml
diff --git a/helmfile/environments/default/secrets.yaml.gotmpl b/helmfile/environments/default/secrets.yaml.gotmpl
index 8dbe6935..a9116432 100644
--- a/helmfile/environments/default/secrets.yaml.gotmpl
+++ b/helmfile/environments/default/secrets.yaml.gotmpl
@@ -7,18 +7,15 @@ SPDX-License-Identifier: Apache-2.0
 secrets:
   oxAppSuite:
     adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
-    migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }}
+    basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
     cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
-    sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }}
-    shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}
+    hzGroupPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "hz_group_password" | sha1sum | quote }}
+    jolokiaPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "jolokia_password" | sha1sum | quote }}
+    migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }}
     oxguardMC: {{ printf "MC%s" (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "oxguardMC" | sha1sum | trunc 20 | b64enc) | quote }}
     oxguardRC: {{ printf "RC%s" (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "oxguardRC" | sha1sum | trunc 20 | b64enc) | quote }}
-    hzGroupPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "hz_group_password" | sha1sum | quote }}
-    basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
-    jolokiaPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "jolokia_password" | sha1sum | quote }}
-    cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
-    shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_crypt_key" | sha1sum | quote }}
     sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryption_key" | sha1sum | quote }}
+    shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_crypt_key" | sha1sum | quote }}
     synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "as_token" | sha1sum | quote }}
   oxConnector:
     provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ox-connector" | sha1sum | quote }}
@@ -82,7 +79,6 @@ secrets:
       dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "dovecot_client_secret" | sha1sum | quote }}
       intercom: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "intercom_client_secret" | sha1sum | quote }}
       matrix: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "matrix_client_secret" | sha1sum | quote }}
-      notes: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "notes_client_secret" | sha1sum | quote }}
       jitsi: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "jitsi_plain_client_secret" | sha1sum | quote }}
       ncoidc: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "ncoidc_client_secret" | sha1sum | quote }}
       openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "openproject_client_secret" | sha1sum | quote }}