chore: add prometheus auth vars

[hassimnaseef]

Summary by CodeRabbit

• New Features
  • Added configuration options for Prometheus metrics authentication, including a username and password.
• Chores
  • Updated the Helm chart and application version to 0.99.0.

[linear]

INFRA-2574

[coderabbitai]

📝 Walkthrough

Walkthrough

The Helm chart was bumped to 0.99.0. New multiwovenConfig fields were added for Prometheus metrics username and password, and the ConfigMap template now renders them into PROMETHEUS_METRICS_USERNAME and PROMETHEUS_METRICS_PASSWORD.

Changes

Helm chart release and metrics config

Layer / File(s)	Summary
Chart metadata bump charts/multiwoven/Chart.yaml	version and appVersion were updated from 0.98.0 to 0.99.0.
Prometheus metrics config charts/multiwoven/values.yaml, charts/multiwoven/templates/multiwoven-config.yaml	multiwovenConfig gained prometheusMetricsUsername and prometheusMetricsPassword, and the ConfigMap template now emits both as PROMETHEUS_METRICS_USERNAME and PROMETHEUS_METRICS_PASSWORD.

Sequence Diagram(s)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 I hopped through charts with a nibble and grin,
New metrics keys now tuck secrets within.
A tiny version bump, neat as can be,
Prometheus carrots for you and for me.
0.99.0 twinkles in the springtime air,
Hop-hop, the config is ready to share.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly reflects the main change: adding Prometheus authentication variables to the Helm chart.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch hassimnaseef/infra-2574-add-env-variables-for-prometheus-metrics-auth

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@charts/multiwoven/templates/multiwoven-config.yaml`:
- Around line 84-85: Move the Prometheus credentials out of the ConfigMap in
multiwoven-config.yaml: the PROMETHEUS_METRICS_USERNAME and
PROMETHEUS_METRICS_PASSWORD entries should be sourced through the same secret
path used for other sensitive values. Update the template around the ConfigMap
generation to gate these keys behind secretsStore.enabled (or equivalent
Secret-backed rendering) and remove direct .Values.multiwovenConfig references
from ConfigMap.data.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b1f96eac-871e-46cd-91ce-f66fa2c92028

📥 Commits

Reviewing files that changed from the base of the PR and between 3c33748 and 084d6eb.

📒 Files selected for processing (3)

• charts/multiwoven/Chart.yaml
• charts/multiwoven/templates/multiwoven-config.yaml
• charts/multiwoven/values.yaml

[coderabbitai]

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Avoid exposing Prometheus credentials in ConfigMap.

Line 84 and Line 85 place auth credentials in ConfigMap.data, which is not a secret store and is often broadly readable. These keys should follow the same secret-handling path as other sensitive values (e.g., gated by secretsStore.enabled and sourced from Secret).

Suggested minimal hardening

-  PROMETHEUS_METRICS_PASSWORD: {{ .Values.multiwovenConfig.prometheusMetricsPassword | quote }}
-  PROMETHEUS_METRICS_USERNAME: {{ .Values.multiwovenConfig.prometheusMetricsUsername | quote }}
+  {{ if not .Values.secretsStore.enabled }}
+  PROMETHEUS_METRICS_PASSWORD: {{ .Values.multiwovenConfig.prometheusMetricsPassword | quote }}
+  PROMETHEUS_METRICS_USERNAME: {{ .Values.multiwovenConfig.prometheusMetricsUsername | quote }}
+  {{ end }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	PROMETHEUS_METRICS_PASSWORD: {{ .Values.multiwovenConfig.prometheusMetricsPassword | quote }}
	PROMETHEUS_METRICS_USERNAME: {{ .Values.multiwovenConfig.prometheusMetricsUsername | quote }}
	{{ if not .Values.secretsStore.enabled }}
	PROMETHEUS_METRICS_PASSWORD: {{ .Values.multiwovenConfig.prometheusMetricsPassword | quote }}
	PROMETHEUS_METRICS_USERNAME: {{ .Values.multiwovenConfig.prometheusMetricsUsername | quote }}
	{{ end }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@charts/multiwoven/templates/multiwoven-config.yaml` around lines 84 - 85,
Move the Prometheus credentials out of the ConfigMap in multiwoven-config.yaml:
the PROMETHEUS_METRICS_USERNAME and PROMETHEUS_METRICS_PASSWORD entries should
be sourced through the same secret path used for other sensitive values. Update
the template around the ConfigMap generation to gate these keys behind
secretsStore.enabled (or equivalent Secret-backed rendering) and remove direct
.Values.multiwovenConfig references from ConfigMap.data.