From d25eef20d08c9b0f042cdd87c0a3292d6590a18c Mon Sep 17 00:00:00 2001
From: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
Date: Thu, 3 Aug 2023 17:59:48 +0200
Subject: [PATCH 1/2] fix(cnpg): use superuser secret

---
 charts/cnpg-cluster/templates/backup-cron.yaml     | 14 +++++++++++++-
 .../tests/__snapshot__/cnpg-cluster_test.yaml.snap | 14 +++++++++++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/charts/cnpg-cluster/templates/backup-cron.yaml b/charts/cnpg-cluster/templates/backup-cron.yaml
index 256bd8b..6d7017e 100644
--- a/charts/cnpg-cluster/templates/backup-cron.yaml
+++ b/charts/cnpg-cluster/templates/backup-cron.yaml
@@ -47,7 +47,19 @@ spec:
                 - name: AWS_ENDPOINT_URL
                   value: {{ .Values.backup.barmanObjectStore.endpointURL }}
                 - name: DESTINATION_PATH
-                  value: {{ trimSuffix "/" .Values.backup.barmanObjectStore.destinationPath }}/dumps
+                  value: {{ trimSuffix "/" .Values.backup.barmanObjectStore.destinationPath }}/{{ include "cnpg-cluster.fullname" . }}/dumps
+                - name: PGPASSWORD
+                  valueFrom:
+                    secretKeyRef:
+                      name: {{ include "cnpg-cluster.fullname" $ }}-superuser
+                      key: password
+                - name: PGUSER
+                  valueFrom:
+                    secretKeyRef:
+                      name: {{ include "cnpg-cluster.fullname" $ }}-superuser
+                      key: username
+                - name: PGHOST
+                  value: {{ include "cnpg-cluster.fullname" $ }}-r
               envFrom:
                 - secretRef:
                     name: {{ .Values.backup.sqlDumpPgSecret }}
diff --git a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap
index 6fb1f2b..f107bc6 100644
--- a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap
+++ b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap
@@ -35,7 +35,19 @@ cluster with enabled backup and recovery:
                   - name: AWS_ENDPOINT_URL
                     value: http://minio:9000
                   - name: DESTINATION_PATH
-                    value: s3://backups/dumps
+                    value: s3://backups/RELEASE-NAME-cnpg-cluster/dumps
+                  - name: PGPASSWORD
+                    valueFrom:
+                      secretKeyRef:
+                        key: password
+                        name: RELEASE-NAME-cnpg-cluster-superuser
+                  - name: PGUSER
+                    valueFrom:
+                      secretKeyRef:
+                        key: username
+                        name: RELEASE-NAME-cnpg-cluster-superuser
+                  - name: PGHOST
+                    value: RELEASE-NAME-cnpg-cluster-r
                 envFrom:
                   - secretRef:
                       name: pg-user-app

From c1d2eaf7faf0c18ff1342a4696d5eb419deb35b2 Mon Sep 17 00:00:00 2001
From: Julien Bouquillon <julien.bouquillon@sg.social.gouv.fr>
Date: Thu, 3 Aug 2023 18:07:01 +0200
Subject: [PATCH 2/2] fix

---
 charts/cnpg-cluster/templates/backup-cron.yaml              | 6 +++---
 .../tests/__snapshot__/cnpg-cluster_test.yaml.snap          | 5 ++---
 charts/cnpg-cluster/values.yaml                             | 3 ---
 3 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/charts/cnpg-cluster/templates/backup-cron.yaml b/charts/cnpg-cluster/templates/backup-cron.yaml
index 6d7017e..ef23a2a 100644
--- a/charts/cnpg-cluster/templates/backup-cron.yaml
+++ b/charts/cnpg-cluster/templates/backup-cron.yaml
@@ -58,9 +58,9 @@ spec:
                     secretKeyRef:
                       name: {{ include "cnpg-cluster.fullname" $ }}-superuser
                       key: username
+                - name: PGDATABASE
+                  value: {{ .Values.dbName }}
                 - name: PGHOST
                   value: {{ include "cnpg-cluster.fullname" $ }}-r
-              envFrom:
-                - secretRef:
-                    name: {{ .Values.backup.sqlDumpPgSecret }}
+
 {{- end}}
diff --git a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap
index f107bc6..2bbd706 100644
--- a/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap
+++ b/charts/cnpg-cluster/tests/__snapshot__/cnpg-cluster_test.yaml.snap
@@ -46,11 +46,10 @@ cluster with enabled backup and recovery:
                       secretKeyRef:
                         key: username
                         name: RELEASE-NAME-cnpg-cluster-superuser
+                  - name: PGDATABASE
+                    value: app
                   - name: PGHOST
                     value: RELEASE-NAME-cnpg-cluster-r
-                envFrom:
-                  - secretRef:
-                      name: pg-user-app
                 image: ghcr.io/socialgouv/docker/s3-client:1
                 imagePullPolicy: IfNotPresent
                 name: s3-client
diff --git a/charts/cnpg-cluster/values.yaml b/charts/cnpg-cluster/values.yaml
index bfd66cc..fdd94bb 100644
--- a/charts/cnpg-cluster/values.yaml
+++ b/charts/cnpg-cluster/values.yaml
@@ -78,9 +78,6 @@ backup:
   # -- Schedule the SQL dump backups, for instance every Sunday
   sqlDumpSchedule: "0 0 * * 0"
 
-  # -- Secret where pg_dump will look for DB credentials
-  sqlDumpPgSecret:
-
   # -- RetentionPolicy is the retention policy to be used for backups and WALs (i.e. '60d').
   # The retention policy is expressed in the form of XXu where XX is a positive integer and
   # u is in [dwm] - days, weeks, months.