From 26da48dbf3514c01be0404286150eebe8e2d7beb Mon Sep 17 00:00:00 2001
From: Imtiaz Uddin <imtiaz@appscode.com>
Date: Mon, 15 Jun 2026 12:50:27 +0600
Subject: [PATCH 1/2] Fix objstore secret field emission and set openfga
 datastore conn limits

Signed-off-by: Imtiaz Uddin <imtiaz@appscode.com>
---
 .../ace/templates/platform/objstore-cred.yaml | 26 ++++++++++++++-----
 charts/ace/values.yaml                        |  3 +++
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/charts/ace/templates/platform/objstore-cred.yaml b/charts/ace/templates/platform/objstore-cred.yaml
index 6a1bb294f..a0d2a38fc 100644
--- a/charts/ace/templates/platform/objstore-cred.yaml
+++ b/charts/ace/templates/platform/objstore-cred.yaml
@@ -12,21 +12,33 @@ metadata:
 type: Opaque
 stringData:
 {{- with $objstore.s3 }}
-  AWS_ACCESS_KEY_ID: '{{ .AWS_ACCESS_KEY_ID }}'
-  AWS_SECRET_ACCESS_KEY: '{{ .AWS_SECRET_ACCESS_KEY }}'
-  ca.crt: {{ .CA_CERT_DATA | default "" | quote }}
+  {{- with .AWS_ACCESS_KEY_ID }}
+  AWS_ACCESS_KEY_ID: {{ . | quote }}
+  {{- end }}
+  {{- with .AWS_SECRET_ACCESS_KEY }}
+  AWS_SECRET_ACCESS_KEY: {{ . | quote }}
+  {{- end }}
+  {{- with .CA_CERT_DATA }}
+  ca.crt: {{ . | quote }}
+  {{- end }}
   {{- with .AWS_REGION }}
-  AWS_REGION: '{{ . }}'
+  AWS_REGION: {{ . | quote }}
   {{- end }}
 {{- end }}
 
 {{- with $objstore.azure }}
-  AZURE_ACCOUNT_NAME: '{{ .AZURE_ACCOUNT_NAME }}'
-  AZURE_ACCOUNT_KEY: '{{ .AZURE_ACCOUNT_KEY }}'
+  {{- with .AZURE_ACCOUNT_NAME }}
+  AZURE_ACCOUNT_NAME: {{ . | quote }}
+  {{- end }}
+  {{- with .AZURE_ACCOUNT_KEY }}
+  AZURE_ACCOUNT_KEY: {{ . | quote }}
+  {{- end }}
 {{- end }}
 
 {{- with $objstore.gcs }}
-  sa.json: {{ .GOOGLE_SERVICE_ACCOUNT_JSON_KEY | default "" | quote }}
+  {{- with .GOOGLE_SERVICE_ACCOUNT_JSON_KEY }}
+  sa.json: {{ . | quote }}
+  {{- end }}
 {{- end }}
 
 {{- end }}
diff --git a/charts/ace/values.yaml b/charts/ace/values.yaml
index c7d6b9ca4..91495c5dd 100644
--- a/charts/ace/values.yaml
+++ b/charts/ace/values.yaml
@@ -76,6 +76,9 @@ s3proxy:
 openfga:
   enabled: false
   datastoreURI: ""
+  datastore:
+    maxOpenConns: 20
+    connMaxIdleTime: "10m"
   ## configured in lib-selfhost
   # securityContext: # +doc-gen:break
   #   allowPrivilegeEscalation: false

From 7d6e9ec49fee36d3c25a0c6960bdb6bd481eee6d Mon Sep 17 00:00:00 2001
From: Imtiaz Uddin <imtiaz@appscode.com>
Date: Mon, 15 Jun 2026 16:00:43 +0600
Subject: [PATCH 2/2] make gen fmt

Signed-off-by: Imtiaz Uddin <imtiaz@appscode.com>
---
 charts/ace/README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/charts/ace/README.md b/charts/ace/README.md
index 8c105a335..4ea6d8b7c 100644
--- a/charts/ace/README.md
+++ b/charts/ace/README.md
@@ -64,6 +64,8 @@ The following table lists the configurable parameters of the `ace` chart and the
 | s3proxy.enabled                                      |                                                                                                                                                                                                                                                | <code>false</code>                                                                                                                                                                             |
 | openfga.enabled                                      |                                                                                                                                                                                                                                                | <code>false</code>                                                                                                                                                                             |
 | openfga.datastoreURI                                 |                                                                                                                                                                                                                                                | <code>""</code>                                                                                                                                                                                |
+| openfga.datastore.maxOpenConns                       |                                                                                                                                                                                                                                                | <code>20</code>                                                                                                                                                                                |
+| openfga.datastore.connMaxIdleTime                    |                                                                                                                                                                                                                                                | <code>"10m"</code>                                                                                                                                                                             |
 | pgoutbox.enabled                                     |                                                                                                                                                                                                                                                | <code>false</code>                                                                                                                                                                             |
 | outbox-syncer.enabled                                |                                                                                                                                                                                                                                                | <code>false</code>                                                                                                                                                                             |
 | global.nameOverride                                  |                                                                                                                                                                                                                                                | <code>"ace"</code>                                                                                                                                                                             |