From 432e9013ccc293f59b04869d6a40b4d9d10389fd Mon Sep 17 00:00:00 2001
From: Akash LM <akashnihas@gmail.com>
Date: Tue, 19 Sep 2023 19:34:36 +0530
Subject: [PATCH] Add secret reference for NATS token

---
 charts/nats/Chart.yaml                 |  2 +-
 charts/nats/templates/configmap.yaml   | 14 +++++++-------
 charts/nats/templates/statefulset.yaml |  8 +++++++-
 charts/nats/values.yaml                |  9 +++++++--
 4 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/charts/nats/Chart.yaml b/charts/nats/Chart.yaml
index 2ceaa087..ae0e67fa 100644
--- a/charts/nats/Chart.yaml
+++ b/charts/nats/Chart.yaml
@@ -19,4 +19,4 @@ maintainers:
   name: Jaime Piña
   url: https://github.com/variadico
 name: nats
-version: 0.13.4
+version: 0.13.5
diff --git a/charts/nats/templates/configmap.yaml b/charts/nats/templates/configmap.yaml
index ceb891ae..27c0ac37 100644
--- a/charts/nats/templates/configmap.yaml
+++ b/charts/nats/templates/configmap.yaml
@@ -482,11 +482,13 @@ data:
     system_account: {{ . }}
     {{- end }}
 
-    {{- with .Values.auth.token }}
     authorization {
-      token: "{{ . }}"
-
-
+      {{- if .Values.auth.token }}
+      token: "{{ .Values.auth.token }}"
+      {{- else if .Values.auth.secret }}
+      token: $AUTH_TOKEN
+      {{- end }}
+           
       {{- if $.Values.auth.timeout }}
       timeout: {{ $.Values.auth.timeout }}
       {{- end }}
@@ -539,6 +541,4 @@ data:
     accounts: {{- toRawJson . }}
     {{- end }}
 
-    {{- end }}
-
-    {{- end }}
+    {{- end }}
\ No newline at end of file
diff --git a/charts/nats/templates/statefulset.yaml b/charts/nats/templates/statefulset.yaml
index 9533e499..2c90e60d 100644
--- a/charts/nats/templates/statefulset.yaml
+++ b/charts/nats/templates/statefulset.yaml
@@ -318,7 +318,6 @@ spec:
               fieldPath: metadata.namespace
         - name: CLUSTER_ADVERTISE
           value: {{ include "nats.clusterAdvertise" . }}
-
         {{- if .Values.nats.jetstream.enabled }}
         {{- with .Values.nats.jetstream.encryption }}
         {{- with .secret }}
@@ -330,6 +329,13 @@ spec:
         {{- end }}
         {{- end }}
         {{- end }}
+        {{- if and .Values.auth.enabled .Values.auth.secret }}
+        - name: AUTH_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.auth.secret.name }}
+              key: {{ .Values.auth.secret.key }}
+        {{- end }}
         volumeMounts:
           - name: config-volume
             mountPath: /etc/nats-config
diff --git a/charts/nats/values.yaml b/charts/nats/values.yaml
index b59003fd..e2839093 100644
--- a/charts/nats/values.yaml
+++ b/charts/nats/values.yaml
@@ -531,8 +531,13 @@ auth:
   #     name: operator-jwt
   #     key: KO.jwt
 
-  # Token authentication
-  # token:
+  # Use key if you want to provide the token via Helm Values
+  # token: 
+
+  # Use a secret reference if you want to get a token from a secret
+  # secret:
+  #   name: "nats-token"
+  #   key: "key"
 
   # NKey authentication
   # nkeys: