From df55e2efbb8c764a6f952599d35ad3d392a2746c Mon Sep 17 00:00:00 2001
From: Richard Chen <58443436+rchenzheng@users.noreply.github.com>
Date: Fri, 20 Feb 2026 01:24:28 -0500
Subject: [PATCH] Simplify templating

---
 .../seaweedfs/templates/s3/s3-secret.yaml     | 21 ++++++++-----------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml b/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml
index dd5778e25..f41bce606 100644
--- a/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml
+++ b/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml
@@ -10,21 +10,18 @@
 {{- if and .Values.s3.reuseLegacySecret $existingSecret }}
 {{- $reuse = true }}
 {{- end }}
-{{- $access_key_admin := "" -}}
-{{- $secret_key_admin := "" -}}
-{{- if and (dig "credentials" "admin" "accessKey" "" .Values.s3) (dig "credentials" "admin" "secretKey" "" .Values.s3) -}}
-  {{- $access_key_admin = .Values.s3.credentials.admin.accessKey -}}
-  {{- $secret_key_admin = .Values.s3.credentials.admin.secretKey -}}
-{{- else -}}
+{{- $creds := .Values.s3.credentials | default dict -}}
+{{- $adminCreds := $creds.admin | default dict -}}
+{{- $access_key_admin := $adminCreds.accessKey -}}
+{{- $secret_key_admin := $adminCreds.secretKey -}}
+{{- if not (and $access_key_admin $secret_key_admin) -}}
   {{- $access_key_admin = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
   {{- $secret_key_admin = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
 {{- end -}}
-{{- $access_key_read := "" -}}
-{{- $secret_key_read := "" -}}
-{{- if and (dig "credentials" "read" "accessKey" "" .Values.s3) (dig "credentials" "read" "secretKey" "" .Values.s3) -}}
-  {{- $access_key_read = .Values.s3.credentials.read.accessKey -}}
-  {{- $secret_key_read = .Values.s3.credentials.read.secretKey -}}
-{{- else -}}
+{{- $readCreds := $creds.read | default dict -}}
+{{- $access_key_read := $readCreds.accessKey -}}
+{{- $secret_key_read := $readCreds.secretKey -}}
+{{- if not (and $access_key_read $secret_key_read) -}}
   {{- $access_key_read = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
   {{- $secret_key_read = include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
 {{- end -}}