fix: allow nexus url and base url to share secret, force unique keys

snyk · Sep 5, 2024 · 562c4c3 · 562c4c3
1 parent 4e117cc
commit 562c4c3
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 10 deletions.
diff --git a/charts/snyk-broker/templates/_scmConfig.tpl b/charts/snyk-broker/templates/_scmConfig.tpl
@@ -343,7 +343,7 @@ Define artifactory values
 {{- include "snyk-broker.brokerClientPort" . }}
 {{- include "snyk-broker.brokerClientUrl" . }}
 {{- include "snyk-broker.artifactoryUrl" . }}
-{{- if .Values.brokerClientValidationUrl }}
+{{- if or .Values.brokerClientValidationUrl .Values.brokerClientValidationUrlSecret.key .Values.brokerClientValidationUrlSecret.name }}
 {{- include "snyk-broker.brokerClientValidationUrl" . }}
 {{- end }}
 {{- end }}
@@ -354,16 +354,16 @@ Define Nexus 3/2 values
 */}}
 {{- define "snyk-broker.nexus" -}}
 {{- if contains "nexus" .Values.scmType }}
-{{- if and .Values.nexusUrlSecret.name .Values.baseNexusUrlSecret.name -}}
-{{- if eq .Values.nexusUrlSecret.name .Values.baseNexusUrlSecret.name -}}
-{{- fail "Secret names for nexusUrlSecret and baseNexusUrlSecret must be unique" -}}
+{{- if and .Values.nexusUrlSecret.key .Values.baseNexusUrlSecret.key -}}
+{{- if eq .Values.nexusUrlSecret.key .Values.baseNexusUrlSecret.key -}}
+{{- fail "Secret keys for nexusUrlSecret and baseNexusUrlSecret must be unique" -}}
 {{- end }}
 {{- end }}
 {{- include "snyk-broker.brokerToken" . }}
 {{- include "snyk-broker.brokerClientPort" . }}
 {{- include "snyk-broker.baseNexusUrl" . }}
 {{- include "snyk-broker.nexusUrl" . }}
-{{- if .Values.brokerClientValidationUrl }}
+{{- if or .Values.brokerClientValidationUrl .Values.brokerClientValidationUrlSecret.key .Values.brokerClientValidationUrlSecret.name }}
 {{- include "snyk-broker.brokerClientValidationUrl" . }}
 {{- end }}
 {{- end }}

diff --git a/charts/snyk-broker/tests/broker_deployment_rename_secrets_test.yaml b/charts/snyk-broker/tests/broker_deployment_rename_secrets_test.yaml
@@ -273,18 +273,18 @@ tests:
           value: artifactory-url-for-validation
         template: secrets.yaml
 
-  - it: Rejects duplicative names for nexus secrets
+  - it: Rejects duplicative keys for nexus secrets
     set:
       scmType: nexus
       nexusUrl: https://user:@nexus.corp.io/repository
       baseNexusUrl: https://user:@nexus.corp.io
       brokerClientValidationUrl: https://nexus.corp.io/service/rest/v1/status/check
-      nexusUrlSecret.name: private-nexus
-      baseNexusUrlSecret.name: private-nexus
+      nexusUrlSecret.key: private-nexus
+      baseNexusUrlSecret.key: private-nexus
     asserts:
       - failedTemplate:
-          errorMessage: Secret names for nexusUrlSecret and baseNexusUrlSecret must be unique
-        template: broker_deployment.yaml
+          errorMessage: Secret keys for nexusUrlSecret and baseNexusUrlSecret must be unique
+    template: broker_deployment.yaml
 
   - it: Sets names for nexus secrets, retaining default keys
     set:
@@ -352,3 +352,46 @@ tests:
             secret:
               secretName: my-ca
         template: broker_deployment.yaml
+
+  - it: handles all required secrets in one kubernetes secret
+    set:
+      scmType: nexus
+      useExternalSecrets: true
+      nexusUrlSecret.name: my-big-broker-secret
+      baseNexusUrlSecret.name: my-big-broker-secret
+      brokerTokenSecret.name: my-big-broker-secret
+      brokerClientValidationUrlSecret.name: my-big-broker-secret
+    template: broker_deployment.yaml
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: NEXUS_URL
+            valueFrom:
+              secretKeyRef:
+                name: my-big-broker-secret
+                key:  nexus-nexus-url
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BROKER_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: my-big-broker-secret
+                key:  nexus-broker-token-key
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BASE_NEXUS_URL
+            valueFrom:
+              secretKeyRef:
+                name: my-big-broker-secret
+                key:  nexus-base-nexus-url
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BROKER_CLIENT_VALIDATION_URL
+            valueFrom:
+              secretKeyRef:
+                name: my-big-broker-secret
+                key:  nexus-broker-client-validation-url