From 1f78e42e340fc39e8e4dc704d0fbed1011fcf288 Mon Sep 17 00:00:00 2001 From: Milos Backonja <35807060+milosbackonja@users.noreply.github.com> Date: Thu, 14 Dec 2023 09:54:45 +0100 Subject: [PATCH] feat: Consumer restricition parametarization (#814) Signed-off-by: Milos Backonja Signed-off-by: Shota Jolbordi --- infrastructure/charts/agent/templates/_helpers.tpl | 6 +++--- .../charts/agent/templates/apisixconsumer.yaml | 6 +++--- .../charts/agent/templates/deployment.yaml | 4 ---- .../charts/agent/templates/externalsecret.yaml | 6 +++--- .../charts/agent/templates/stringsecret.yaml | 2 +- infrastructure/charts/agent/values.yaml | 14 ++++++-------- 6 files changed, 16 insertions(+), 22 deletions(-) diff --git a/infrastructure/charts/agent/templates/_helpers.tpl b/infrastructure/charts/agent/templates/_helpers.tpl index 265ed21a67..6780bf5fcd 100644 --- a/infrastructure/charts/agent/templates/_helpers.tpl +++ b/infrastructure/charts/agent/templates/_helpers.tpl @@ -10,13 +10,13 @@ {{- end -}} {{- define "consumer-restriction" }} - name: consumer-restriction - enable: true + enable: {{ .Values.ingress.auth.consumer_restriction }} config: whitelist: - {{- range .Values.ingress.consumers }} + {{- range .Values.ingress.auth.consumers }} - {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }} {{- end }} - {{- range .Values.ingress.externalConsumers }} + {{- range .Values.ingress.auth.externalConsumers }} - {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }} {{- end }} {{- end -}} diff --git a/infrastructure/charts/agent/templates/apisixconsumer.yaml b/infrastructure/charts/agent/templates/apisixconsumer.yaml index 6aa2bc65ed..d11c212eef 100644 --- a/infrastructure/charts/agent/templates/apisixconsumer.yaml +++ b/infrastructure/charts/agent/templates/apisixconsumer.yaml @@ -1,6 +1,6 @@ {{- if .Values.ingress.enabled }} {{- $root := . -}} -{{- range $consumer := .Values.ingress.consumers }} +{{- range $consumer := .Values.ingress.auth.consumers }} apiVersion: apisix.apache.org/v2 kind: ApisixConsumer metadata: @@ -18,7 +18,7 @@ spec: {{- end }} {{- $root := . -}} -{{- range $consumer := .Values.ingress.externalConsumers }} +{{- range $consumer := .Values.ingress.auth.externalConsumers }} apiVersion: apisix.apache.org/v2 kind: ApisixConsumer metadata: @@ -30,6 +30,6 @@ spec: authParameter: keyAuth: secretRef: - name: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}" + name: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}" --- {{- end }} diff --git a/infrastructure/charts/agent/templates/deployment.yaml b/infrastructure/charts/agent/templates/deployment.yaml index f6a8888dc3..85a2023818 100644 --- a/infrastructure/charts/agent/templates/deployment.yaml +++ b/infrastructure/charts/agent/templates/deployment.yaml @@ -194,10 +194,6 @@ spec: key: root-token optional: false {{- end }} - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} {{- if .Values.server.keycloak.enabled }} - name: KEYCLOAK_ENABLED value: "true" diff --git a/infrastructure/charts/agent/templates/externalsecret.yaml b/infrastructure/charts/agent/templates/externalsecret.yaml index 1d33c8ba60..53b10f1cbd 100644 --- a/infrastructure/charts/agent/templates/externalsecret.yaml +++ b/infrastructure/charts/agent/templates/externalsecret.yaml @@ -22,11 +22,11 @@ spec: --- {{- $root := . -}} -{{- range $consumer := .Values.ingress.externalConsumers }} +{{- range $consumer := .Values.ingress.auth.externalConsumers }} apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}" + name: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}" labels: {{ template "labels.common" . }} spec: @@ -36,6 +36,6 @@ spec: kind: ClusterSecretStore dataFrom: - extract: - key: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}" + key: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}" --- {{- end }} diff --git a/infrastructure/charts/agent/templates/stringsecret.yaml b/infrastructure/charts/agent/templates/stringsecret.yaml index 4612488629..b1d88d4b05 100644 --- a/infrastructure/charts/agent/templates/stringsecret.yaml +++ b/infrastructure/charts/agent/templates/stringsecret.yaml @@ -1,6 +1,6 @@ {{- if .Values.ingress.enabled }} {{- $root := . -}} -{{- range $consumer := .Values.ingress.consumers }} +{{- range $consumer := .Values.ingress.auth.consumers }} apiVersion: "secretgenerator.mittwald.de/v1alpha1" kind: StringSecret metadata: diff --git a/infrastructure/charts/agent/values.yaml b/infrastructure/charts/agent/values.yaml index 84638ad2b9..2b8a57cad2 100644 --- a/infrastructure/charts/agent/values.yaml +++ b/infrastructure/charts/agent/values.yaml @@ -6,13 +6,14 @@ ingress: cors: enabled: false allow_origins: "" - consumers: [] auth: enable: true - # External Consumers are ones where the secret keys/API tokens - # are pulled in using External Secrets [and therefore aren't generated by helm] - externalConsumerKeyPrefix: chart-base-key-prefix - externalConsumers: [] + consumer_restriction: true + consumers: [] + # External Consumers are ones where the secret keys/API tokens + # are pulled in using External Secrets [and therefore aren't generated by helm] + externalConsumers: [] + externalConsumerKeyPrefix: chart-base-key-prefix secrets: secretStore: chart-base-secretstore @@ -145,9 +146,6 @@ keycloak: mountPath: /opt/bitnami/keycloak/data/import readOnly: true -# Additional environment variables to be added to the server container -env: {} - # It is configured for deployment and postgresql objects of prism-agent affinity: nodeAffinity: {}