{{- /*
      This is a Kubernetes secret that holds the token for the Machine user used to poll the Drone API
      This pattern was taken from:
      https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918

      This secret provides two values:
      * `DRONE_USER_CREATE`, an environment variable which will prompt Drone to create a user with the given configuration
      * `token`, the bare token of the created user, that other services can use in order to act as the user
  */}}
{{- if empty .Values.primaryDroneMachineUserSecret }}
apiVersion: v1
kind: Secret
metadata:
  name: "primary-drone-machine-user-secret"
  annotations:
    "helm.sh/resource-policy": "keep"
type: Opaque
data:
  # retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result
    {{- $existing_secret := (lookup "v1" "Secret" .Release.Namespace "primary-drone-machine-user-secret") | default dict }}
    {{- $secretData := (get $existing_secret "data") | default dict }}
    # set $secret to existing secret data or generate a random one (32 chars long) when not exists
    {{- $secret := (get $secretData "token") | default (randAlphaNum 32) }}
    token: {{ $secret | b64enc | quote }}
    DRONE_USER_CREATE: {{ printf "%s%s" "username:root,admin:true,machine:true,token:" $secret | b64enc | quote }}
{{- end }}