fix(helm): generate sqlConnectionSuperuser secret for external databases

[jezekra1]

Summary

• When using an external database with adminUser/adminPassword configured, the sqlConnectionSuperuser key was not being added to the agentstack-secret. This caused the createVectorDbExtension init container to fail with couldn't find key sqlConnectionSuperuser in Secret.
• The condition in helm/templates/config/secret.yaml now also generates the superuser connection string when using an external database with admin credentials provided.

Test plan

• Deploy with external database and adminUser/adminPassword set, verify sqlConnectionSuperuser key exists in the secret

• Deploy with internal PostgreSQL, verify behavior unchanged

• Deploy with external database without admin credentials, verify sqlConnectionSuperuser is not generated

• No Docs Needed

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request fixes a bug in the Helm chart that prevented the sqlConnectionSuperuser secret from being generated when using an external database with admin credentials. The change ensures that the secret is correctly generated in both internal and external database scenarios, resolving a deployment failure issue.

Highlights

• Bug Fix: Addresses an issue where the sqlConnectionSuperuser key was missing in the agentstack-secret when using an external database with admin credentials, causing the createVectorDbExtension init container to fail.
• Conditional Secret Generation: Modifies the Helm chart to generate the sqlConnectionSuperuser secret when using either an internal PostgreSQL database with admin user enabled or an external database with admin credentials provided.
• Testing: Includes a test plan to verify the fix by deploying with different database configurations and checking for the presence of the sqlConnectionSuperuser key in the secret.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• helm/templates/config/secret.yaml
  • Modified conditional logic to generate sqlConnectionSuperuser secret for external databases with admin credentials.

Activity

• The pull request includes a detailed summary of the issue and the proposed solution.
• A test plan is provided to validate the fix in different deployment scenarios.
• The pull request indicates that no documentation updates are needed.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request addresses an issue where the sqlConnectionSuperuser key was not being generated in the agentstack-secret when using an external database with adminUser and adminPassword configured. The changes modify the condition in helm/templates/config/secret.yaml to include the generation of the superuser connection string in such cases. I have added a review comment to address a potential issue.

[gemini-code-assist]

The current condition uses or which might lead to unexpected behavior. If postgresql.enabled is true but postgresql.auth.enablePostgresUser is false, and the external database credentials are also provided, the sqlConnectionSuperuser will still be generated, which might not be the intended behavior. Consider using nested and conditions to ensure that the superuser connection string is generated only when either internal PostgreSQL with admin user is enabled, or external database with admin credentials is provided, and internal PostgreSQL is not enabled.

Here's the updated condition:

{{- if or (and .Values.postgresql.enabled .Values.postgresql.auth.enablePostgresUser) (and (not .Values.postgresql.enabled) .Values.externalDatabase.adminUser .Values.externalDatabase.adminPassword) }}

This can be refactored to:

{{- if and (or .Values.postgresql.enabled (and .Values.externalDatabase.adminUser .Values.externalDatabase.adminPassword)) (or .Values.postgresql.auth.enablePostgresUser (not .Values.postgresql.enabled)) }}

{{- if and (or .Values.postgresql.enabled (and .Values.externalDatabase.adminUser .Values.externalDatabase.adminPassword)) (or .Values.postgresql.auth.enablePostgresUser (not .Values.postgresql.enabled)) }}