[bitnami/redis-cluster] Fix service binding password mismatch (#15626)

[leomichalski]

Description of the change

Ensure password is generated only once and reused across templates.

Currently, the Helm chart calls:

{{ include "redis-cluster.password" (...) }}

in multiple places.

Since include re-runs the template each time, two different random passwords are generated when rendering separate files. This breaks components that expect to share the same credentials.

So the proposed solution is to update the redis-cluster.password helper so that it generates the password once and stores it in .Values.password (only if .Values.password is empty). Subsequent calls reuse this stored value, ensuring consistency across all templates.

Benefits

Be able to use service binding.

Applicable issues

• fixes [bitnami/redis] Service binding gives wrong password #15626

Checklist

• Chart version bumped in Chart.yaml according to semver. This is not necessary when the changes only affect README.md files.
• Variables are documented in the values.yaml and added to the README.md using readme-generator-for-helm
• Title of the pull request follows this pattern [bitnami/<name_of_the_chart>] Descriptive title
• All commits signed off and in agreement of Developer Certificate of Origin (DCO)

Test

git clone https://github.com/bitnami/charts

helm dependency build charts/bitnami/redis

helm template redis-cluster charts/bitnami/redis-cluster/ --output-dir build-redis-cluster --set serviceBindings.enabled=true

[javsalgar]

Hi!

Thank you so much for the PR! Could you bump the chart version?

[leomichalski]

Hi!

Thank you so much for the PR! Could you bump the chart version?

Hi! Sure, done it

[migruiz4]

Thank you for your contribution @leomichalski, but I'm afraid that the code block you added is redundant to the previous conditional.

This is how the helper would be after this changes:

{{- define "redis-cluster.password" -}}
{{- if not (empty .Values.global.redis.password) }}
    {{- .Values.global.redis.password -}}
{{- else if not (empty .Values.password) -}}
    {{- .Values.password -}}
{{- else -}}
    {{- $password_tmp := default .Values.password (randAlphaNum 10) -}}
    {{- $_ := set .Values "password" $password_tmp -}}
    {{- .Values.password -}}
{{- end -}}
{{- end -}}

As you can see, the if/else conditionals prioritize these scenarios:

1. .Values.global.redis.password is set
2. .Values.password is set
3. If none of the above, then set a random password.

This statement in your contribution default .Values.password (randAlphaNum 10) would not make sense, because for this code to be executed .Values.password must always be empty.

[leomichalski]

Hi @migruiz4 , thanks for the review.

Indeed, that line was redundant. Now there's just the code that actually fixes the issue.

    {{- $password_tmp := randAlphaNum 10 -}}
    {{- $_ := set .Values "password" $password_tmp -}}
    {{- .Values.password -}}

What will happen now:

In the first execution of the {{ include "redis-cluster.password" }}, helm will do "3. If none of the above, then set a random password". In the second one, just "2. .Values.password is set".

What happened before:

In the first execution of the {{ include "redis-cluster.password" }}, helm will do "3. If none of the above, then set a random password". In the second one, it would also "3. If none of the above, then set a random password".

[leomichalski]

BTW, after installing the updated chart with

helm install --create-namespace redis-cluster bitnami/redis-cluster --namespace test-redis-cluster --set serviceBindings.enabled=true

Then, retrieving its values

helm get values redis-cluster -n test-redis-cluster --all

The password field was still empty. So it seems like helm only sets .Values.password temporarily.

[github-actions]

This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.