From fa552169bca8eceeebf1740c8249c75b43f7ca36 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@oceanbox.io>
Date: Wed, 1 Jan 2025 12:05:54 +0100
Subject: [PATCH] fix: update openfga secret policy

---
 policies/oceanbox/kyverno/add-openfga-secret.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/policies/oceanbox/kyverno/add-openfga-secret.yaml b/policies/oceanbox/kyverno/add-openfga-secret.yaml
index 2f1d58a4..14965eec 100644
--- a/policies/oceanbox/kyverno/add-openfga-secret.yaml
+++ b/policies/oceanbox/kyverno/add-openfga-secret.yaml
@@ -16,8 +16,8 @@ spec:
           kinds:
           - Secret
           names:
-          - prod-openfga-superuser
-          - staging-openfga-superuser
+          - prod-openfga-db-superuser
+          - staging-openfga-db-superuser
     mutate:
       targets:
         - apiVersion: v1
@@ -25,8 +25,8 @@ spec:
           name: "{{ request.object.metadata.name }}"
       patchStrategicMerge:
         stringData:
-          postgres-password: '{{ request.object.data."password" | base64_decode(@) }}'
-          uri: postgres://postgres:{{ request.object.data."password" | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}
+          postgres-password: '{{ request.object.data.password | base64_decode(@) }}'
+          uri: 'postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable'
     skipBackgroundRequests: true
   validationFailureAction: Audit