From faa68bfe835b7d2a7247c0b8131d7e34573bccd3 Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Fri, 27 Jun 2025 01:01:33 +0300
Subject: [PATCH] service: Support setting type and target for db password
 secret

---
 roles/service/defaults/main.yaml       |  2 ++
 roles/service/meta/argument_specs.yaml | 15 ++++++++++++++-
 roles/service/vars/main.yaml           |  8 +++++++-
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/roles/service/defaults/main.yaml b/roles/service/defaults/main.yaml
index 970d4a0..8a8a80d 100644
--- a/roles/service/defaults/main.yaml
+++ b/roles/service/defaults/main.yaml
@@ -11,6 +11,8 @@ service_container_secrets: []
 service_container_env: {}
 
 service_database_type: none
+service_database_secret_type: mount
+service_database_secret_target: "{{ service_database_type }}"
 service_postgres_image: docker.io/library/postgres
 service_redis: false
 
diff --git a/roles/service/meta/argument_specs.yaml b/roles/service/meta/argument_specs.yaml
index c3bbba9..1922c42 100644
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -177,11 +177,24 @@ argument_specs:
             The password will also be available as the
             service_podman_secrets['{{ service_name }}-{{ service_database_type }}'] variable.
         type: str
-        required: false
         choices:
           - postgres
           - none
+        required: false
         default: none
+      service_database_secret_type:
+        description: Secret type for database secret for service container
+        type: str
+        choices:
+          - mount
+          - env
+        required: false
+        default: mount
+      service_database_secret_target:
+        description: Secret target for database secret for service container.
+        type: str
+        required: false
+        default: "{{ service_database_type }}"
       service_postgres_image:
         description: Postgresql image to use.
         type: str
diff --git a/roles/service/vars/main.yaml b/roles/service/vars/main.yaml
index 51af328..66cc2f3 100644
--- a/roles/service/vars/main.yaml
+++ b/roles/service/vars/main.yaml
@@ -20,7 +20,13 @@ _service_container_secrets: >-
           | map('community.general.dict_kv', 'name')
         )
       | map('combine')
-      + ([{'name': _service_database_name, 'target': service_database_type }] if _service_setup_database else [])
+      + (
+        [{
+          'name': _service_database_name,
+          'type': service_database_secret_type,
+          'target': service_database_secret_target
+        }] if _service_setup_database else []
+      )
   }}
 
 _service_additional_containers: >-