Skip to content

Commit

Permalink
Merge pull request #134 from snyk/feat/external-secrets
Browse files Browse the repository at this point in the history
feat: support external secrets [HYB-597]
  • Loading branch information
soniqua authored Sep 2, 2024
2 parents df30110 + f097f39 commit 4e117cc
Show file tree
Hide file tree
Showing 17 changed files with 1,090 additions and 473 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/helm-validation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,5 @@ jobs:

- name: Run helm unittest
run: |
helm plugin install https://github.com/helm-unittest/helm-unittest
helm unittest charts/snyk-broker
helm plugin install https://github.com/helm-unittest/helm-unittest --version 0.6.1
helm unittest charts/snyk-broker
2 changes: 1 addition & 1 deletion charts/snyk-broker/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
name: snyk-broker
version: 2.7.6
version: 2.8.0
description: A Helm chart for Kubernetes
type: application
14 changes: 13 additions & 1 deletion charts/snyk-broker/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,15 @@
Thank you for installing the Snyk Broker

{{- if eq .Values.brokerServerUrl "https://broker.snyk.io" }}
Login to the Snyk UI to start onboarding projects: https://app.snyk.io
{{ else }}
{{ $tenant := regexFind "[a-z]+.snyk.io" .Values.brokerServerUrl }}
{{ printf "Login to the Snyk UI to start onboarding projects: https://app.%s" $tenant }}
{{ end }}
{{- if not .Values.useExternalSecrets}}
### Secret Creation Disabled ###

Ensure secrets are present on your cluster in the {{.Release.Namespace}} namespace:

-> NAME:KEY <VALUE>
{{- include "snyk-broker.requiredSecrets" . }}
{{- end }}
4 changes: 2 additions & 2 deletions charts/snyk-broker/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -133,11 +133,11 @@ include "snyk-broker.genericSecretName" (dict "Context" $ "secretName" "secret-n
{{- end -}}

{{- define "snyk-broker.tlsSecretName" -}}
{{- include "snyk-broker.genericSecretName" (dict "Context" . "secretName" "tls-secret" ) -}}
{{- .Values.httpsSecret.name | default ( include "snyk-broker.genericSecretName" (dict "Context" . "secretName" "tls-secret" ) ) -}}
{{- end }}

{{- define "snyk-broker.caCertSecretName" -}}
{{- include "snyk-broker.genericSecretName" (dict "Context" . "secretName" "cacert-secret" ) -}}
{{- .Values.caCertFileSecret.name | default ( include "snyk-broker.genericSecretName" (dict "Context" . "secretName" "cacert-secret" ) ) -}}
{{- end }}

{{/*
Expand Down
25 changes: 25 additions & 0 deletions charts/snyk-broker/templates/_notes.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{{/*
*/}}
{{- define "snyk-broker.requiredSecrets" -}}
{{- $scmTemplates := (list "scmTokenOrPool") }}
{{- $artifactoryTemplates := (list "artifactoryUrl" "brokerClientValidationUrl" ) }}
{{- $nexusTemplates := (list "baseNexusUrl" "nexusUrl" "brokerClientValidationUrl" )}}
{{- $containerRegistryAgentTemplates := (list "scmToken" )}}
{{- $templatesPerType := (dict "github.com" $scmTemplates "github-enterprise" $scmTemplates "gitlab" $scmTemplates "bitbucket-server" $scmTemplates "bitbucket-server-bearer-auth" $scmTemplates "azure-repos" $scmTemplates "artifactory" $artifactoryTemplates "nexus" $nexusTemplates "jira" $scmTemplates "jira-bearer-auth" $scmTemplates "container-registry-agent" $containerRegistryAgentTemplates ) }}
{{- if not .Values.useExternalSecrets -}}
{{- range (get $templatesPerType .Values.scmType ) }}
{{- $secretObject := (first (fromYamlArray (include (printf "snyk-broker.%s" . ) $ ))) }}
{{- $envName := $secretObject.name }}
{{- $name := $secretObject.valueFrom.secretKeyRef.name }}
{{- $key := $secretObject.valueFrom.secretKeyRef.key }}
{{ printf "-> %s:%s <%s>" $name $key $envName }}
{{- end }}
{{- if .Values.httpsSecret.name }}
{{ printf "-> %s:%s <your-certificate>" .Values.httpsSecret.name "tls.crt" }}
{{ printf "-> %s:%s <your-certificate-key>" .Values.httpsSecret.name "tls.key" }}
{{- end }}
{{- if (and .Values.caCertFileSecret.name .Values.caCertFileSecret.key ) }}
{{ printf "-> %s:%s <your-pem-certificate-material>" .Values.caCertFileSecret.name .Values.caCertFileSecret.key }}
{{- end }}
{{- end }}
{{- end }}
Loading

0 comments on commit 4e117cc

Please sign in to comment.