Conflicting secrets when specifying both passwordAuthSecret and authentication groups + using ExternalSecret operator

[robertpikmets]

I've run into a problem when trying to implement combination of the following:
– managing the password.db file via an ExternalSecret (populated from Vault), which creates the secret that I pass as passwordAuthSecret in values.yaml
– implementing user groups

Without specifying auth: groups, everything is fine as the helm chart does not create a Secret on its own. In this case, we can use the Secret managed by ExternalSecret as passwordAuthSecret.

However, if there is a value for auth: groups, Helm attempts to create an additional secret of the same name, creating a conflict. A volume called file-authentication-volume is created from the secret, which expects both password.db and group.db to exist in it. However, as the secret managed by the ExternalSecret operator takes precedent, only password.db is found.

As it doesn't make a lot of sense to manage user groups via Vault in the same way we manage passwords, I believe the best approach would be to split password.db and group.db into separate secrets, volumes and volumemounts. file.group-file and file.password-file would have to be adjusted accordingly as well in the coordinator's configmap.

Let me know if that sounds reasonable and if yes, I will create a PR. Thanks.

[nineinchnick]

If groups can be managed without passwords, then it makes sense to have separate secrets. A PR would be great, thank you!