Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support for external secrets #133

Closed
wants to merge 3 commits into from
Closed

feat: support for external secrets #133

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a2f0481
feat: added support for external secrets
DrackThor Aug 30, 2024
2ddcf73
fix: added new vars to schema.json
DrackThor Aug 30, 2024
a8970b9
fix: fixed typo in snyTokenSecret
DrackThor Aug 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,8 @@ bin/*
Session.vim
.netrwhist



# Snyk stuff
.history

temp

accept.json
Expand Down
54 changes: 53 additions & 1 deletion charts/snyk-broker/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ Create the name of the broker service to use
{{- $serviceLength := len $service -}}
{{- $releaseNameLength := len .Release.Name -}}
{{- $truncatedLength := int (sub 63 (add $serviceLength $releaseNameLength)) -}}
{{- .Values.scmType | trunc $truncatedLength }}{{ $service }}{{ .Release.Name }}
{{- .Values.scmType | trunc $truncatedLength }}{{ $service }}{{ .Release.Name }}
{{- else }}
{{- .Values.scmType | trunc 47 }}-broker-service
{{- end -}}
Expand Down Expand Up @@ -178,3 +178,55 @@ Validate against RFC 1123
{{- end }}
{{- $sanitisedProxyUrls | trimPrefix "," -}}
{{- end }}

{{/*
Secret Handling Configuration
*/}}

{{- define "brokerTokenSecret" -}}
{{- if .Values.brokerToken }}
{{- printf "%s-%s-%s" .Values.scmType "broker-token" .Release.Name }}
{{- else if .Values.brokerTokenSecret }}
{{- .Values.brokerTokenSecret }}
{{- end}}
{{- end}}

{{- define "brokerTokenSecretKey" -}}
{{- if .Values.brokerToken }}
{{- printf "%s-%s" .Values.scmType "broker-token-key" }}
{{- else if .Values.brokerTokenSecret }}
{{- .Values.brokerTokenSecretKey }}
{{- end}}
{{- end}}

{{- define "targetTokenSecret" -}}
{{- if .Values.scmToken }}
{{- printf "%s-%s-%s" .Values.scmType "token" .Release.Name }}
{{- else if .Values.targetTokenSecret }}
{{- .Values.targetTokenSecret }}
{{- end}}
{{- end}}

{{- define "targetTokenSecretKey" -}}
{{- if .Values.scmToken }}
{{- printf "%s-%s" .Values.scmType "token-key" }}
{{- else if .Values.targetTokenSecretKey }}
{{- .Values.targetTokenSecretKey }}
{{- end}}
{{- end}}

{{- define "snykTokenSecret" -}}
{{- if .Values.snykToken }}
{{- printf "%s-%s" "snyk-token" ".Release.Name" }}
{{- else if .Values.snykTokenSecret }}
{{- .Values.snykTokenSecret }}
{{- end}}
{{- end}}

{{- define "snykTokenSecretKey" -}}
{{- if .Values.snykToken }}
{{- "snyk-token-key" }}
{{- else if .Values.snykTokenSecretKey }}
{{- .Values.snykTokenSecretKey }}
{{- end}}
{{- end}}
84 changes: 42 additions & 42 deletions charts/snyk-broker/templates/broker_deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,14 +112,14 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
{{- if not .Values.useExternalSecretScmTokenPool }}
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
{{- end }}
{{- if or (.Values.scmTokenPool) (.Values.useExternalSecretScmTokenPool) }}
- name: GITHUB_TOKEN_POOL
Expand All @@ -138,14 +138,14 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
{{- if not .Values.useExternalSecretScmTokenPool }}
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
{{- end }}
{{- if or (.Values.scmTokenPool) (.Values.useExternalSecretScmTokenPool) }}
- name: GITHUB_TOKEN_POOL
Expand All @@ -171,15 +171,15 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
- name: BITBUCKET_USERNAME
value: {{ .Values.bitbucketUsername }}
- name: BITBUCKET_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
- name: BITBUCKET
value: {{ .Values.bitbucket }}
- name: BITBUCKET_API
Expand All @@ -194,13 +194,13 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
- name: BITBUCKET_PAT
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
- name: BITBUCKET
value: {{ .Values.bitbucket }}
- name: BITBUCKET_API
Expand All @@ -215,14 +215,14 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
{{- if not .Values.useExternalSecretScmTokenPool }}
- name: GITLAB_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
{{- end }}
{{- if or (.Values.scmTokenPool) (.Values.useExternalSecretScmTokenPool) }}
- name: GITLAB_TOKEN_POOL
Expand All @@ -243,13 +243,13 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
- name: AZURE_REPOS_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
- name: AZURE_REPOS_ORG
value: {{ .Values.azureReposOrg }}
- name: AZURE_REPOS_HOST
Expand All @@ -264,8 +264,8 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
- name: ARTIFACTORY_URL
valueFrom:
secretKeyRef:
Expand All @@ -288,8 +288,8 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType }}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
- name: BASE_NEXUS_URL
valueFrom:
secretKeyRef:
Expand All @@ -313,15 +313,15 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
- name: JIRA_USERNAME
value: {{ .Values.jiraUsername }}
- name: JIRA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
- name: JIRA_HOSTNAME
value: {{ .Values.jiraHostname }}
- name: PORT
Expand All @@ -334,13 +334,13 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
- name: JIRA_PAT
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
- name: JIRA_HOSTNAME
value: {{ .Values.jiraHostname }}
- name: PORT
Expand All @@ -353,8 +353,8 @@ spec:
- name: BROKER_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-broker-token-key"
name: {{ include "brokerTokenSecret" . }}
key: {{ include "brokerTokenSecretKey" . }}
- name: CR_AGENT_URL
value: http://cra-service{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}:{{ .Values.deployment.container.crSnykPort | toString }}
- name: CR_TYPE
Expand All @@ -369,15 +369,15 @@ spec:
- name: CR_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
{{- end }}
{{- if has .Values.crType (list "digitalocean-cr") }}
- name: CR_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: "{{ .Values.scmType}}-token-key"
name: {{ include "targetTokenSecret" . }}
key: {{ include "targetTokenSecretKey" . }}
{{- end }}
{{- if has .Values.crType (list "ecr") }}
- name: CR_ROLE_ARN
Expand Down
4 changes: 2 additions & 2 deletions charts/snyk-broker/templates/code_agent_deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ spec:
- name: SNYK_TOKEN
valueFrom:
secretKeyRef:
name: snyk-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
key: snyk-token-key
name: {{ include "snykTokenSecret" . }}
key: {{ include "snykTokenSecretKey" . }}
{{- if $setTlsRejectUnauthorized }}
# Troubleshooting - Set to 0 for SSL inspection testing
- name: NODE_TLS_REJECT_UNAUTHORIZED
Expand Down
4 changes: 2 additions & 2 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_apprisk_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ apprisk enabled:
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token-RELEASE-NAME
key: token-key
name: null
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
Expand Down
6 changes: 3 additions & 3 deletions ...k-broker/tests/__snapshot__/broker_deployment_customaccept_disablesuffixes_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,12 +47,12 @@ customaccept values:
valueFrom:
secretKeyRef:
key: github-com-broker-token-key
name: github-com-broker-token
name: github-com-broker-token-RELEASE-NAME
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token
key: token-key
name: null
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
Expand Down
4 changes: 2 additions & 2 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_customaccept_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,8 @@ customaccept values:
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token-RELEASE-NAME
key: token-key
name: null
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
Expand Down
24 changes: 12 additions & 12 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_disablesuffixes_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ HA mode on:
valueFrom:
secretKeyRef:
key: github-com-broker-token-key
name: github-com-broker-token
name: github-com-broker-token-RELEASE-NAME
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token
key: token-key
name: null
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
Expand Down Expand Up @@ -181,12 +181,12 @@ HA mode on with 4 replicas:
valueFrom:
secretKeyRef:
key: github-com-broker-token-key
name: github-com-broker-token
name: github-com-broker-token-RELEASE-NAME
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token
key: token-key
name: null
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
Expand Down Expand Up @@ -328,12 +328,12 @@ default values:
valueFrom:
secretKeyRef:
key: github-com-broker-token-key
name: github-com-broker-token
name: github-com-broker-token-RELEASE-NAME
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token
key: token-key
name: null
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
Expand Down Expand Up @@ -473,12 +473,12 @@ preflight checks off:
valueFrom:
secretKeyRef:
key: github-com-broker-token-key
name: github-com-broker-token
name: github-com-broker-token-RELEASE-NAME
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
key: github-com-token-key
name: github-com-token
key: token-key
name: null
- name: PORT
value: "8000"
- name: BROKER_CLIENT_URL
Expand Down
1 change: 1 addition & 0 deletions charts/snyk-broker/tests/__snapshot__/broker_deployment_external_secret_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{}
Loading