feat: add apprisk type

snyk · Nov 13, 2024 · bc44f73 · bc44f73
1 parent 3ba03fe
commit bc44f73
Show file tree

Hide file tree

Showing 6 changed files with 247 additions and 0 deletions.
diff --git a/charts/snyk-broker/templates/_scmConfig.tpl b/charts/snyk-broker/templates/_scmConfig.tpl
@@ -172,6 +172,44 @@ Return the Nexus URL secret name and key
       key: {{ include "snyk-broker.nexusUrlSecretKey" . }}
 {{- end }}
 
+
+{{/*
+Return Sonarqube url
+*/}}
+{{- define "snyk-broker.sonarqubeHostUrl" }}
+- name: SONARQUBE_HOST_URL
+  value: {{ .Values.sonarqubeHostUrl }}
+{{- end }}
+{{/*
+Return the Sonarqube API Token secret name and key
+*/}}
+{{- define "snyk-broker.sonarqubeApiTokenSecretName" -}}
+{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }}
+{{- .Values.sonarqubeApiTokenSecret.name | default (printf "apprisk-sonarqube-api-token%s" $suffix) }}
+{{- end }}
+
+{{- define "snyk-broker.sonarqubeApiTokenSecretKey" -}}
+{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }}
+{{- .Values.sonarqubeApiTokenSecret.key | default "apprisk-sonarqube-api-token" }}
+{{- end }}
+
+{{- define "snyk-broker.sonarqubeApiToken" }}
+{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }}
+- name: SONARQUBE_API_TOKEN
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "snyk-broker.sonarqubeApiTokenSecretName" . }}
+      key: {{ include "snyk-broker.sonarqubeApiTokenSecretKey" . }}
+{{- end }}
+
+{{/*
+Return checkmarx host
+*/}}
+{{- define "snyk-broker.checkmarx" }}
+- name: CHECKMARX
+  value: {{ .Values.checkmarx }}
+{{- end }}
+
 {{/*
 Return the Broker Client Validation URL secret name and key
 */}}
@@ -239,6 +277,33 @@ GITLAB_TOKEN (gitlab)
 {{- include "snyk-broker.scmTokenPool" . }}
 {{- end }}
 
+{{/*
+Return sonarqube config for apprisk
+*/}}
+{{- define "snyk-broker.sonarqube" }}
+{{- if or (and .Values.sonarqubeHostUrl (ne .Values.sonarqubeHostUrl "")) (and .Values.checkmarx (ne .Values.checkmarx "")) }}
+{{- if and .Values.sonarqubeHostUrl (ne .Values.sonarqubeHostUrl "") }}
+{{- include "snyk-broker.sonarqubeHostUrl" . }}
+{{- include "snyk-broker.sonarqubeApiToken" . }}
+{{- end}}
+{{- if and .Values.checkmarx (ne .Values.checkmarx "") }}
+{{- include "snyk-broker.checkmarx" . }}
+{{- end}}
+{{- else}}
+{{- fail "Error: Either or both .Values.sonarqubeHostUrl or .Values.checkmarx must be defined and not empty." }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+  Define apprisk values
+  */}}
+  {{- define "snyk-broker.appRisk" -}}
+  {{- if eq .Values.scmType "apprisk" }}
+  {{- include "snyk-broker.sonarqube" . }}
+  {{- end }}
+  {{- end }}
+
 {{/*
 Define github-com values
 */}}

diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml
@@ -107,6 +107,7 @@ spec:
               value: {{ .Values.healthCheckPath }}
             - name: BROKER_SYSTEMCHECK_PATH
               value: {{ .Values.systemCheckPath }}
+{{- include "snyk-broker.appRisk" . | indent 12 }}
 {{- include "snyk-broker.githubCom" . | indent 12 }}
 {{- include "snyk-broker.githubEnterprise" . | indent 12 }}
 {{- include "snyk-broker.gitlab" . | indent 12 }}

diff --git a/charts/snyk-broker/templates/secrets.yaml b/charts/snyk-broker/templates/secrets.yaml
@@ -79,6 +79,16 @@ data:
   {{ include "snyk-broker.nexusUrlSecretKey" . }} : {{ .Values.nexusUrl | b64enc | quote }}
 ---
 {{- end}}
+{{- if .Values.sonarqubeApiToken }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "snyk-broker.sonarqubeApiTokenSecretName" . }}
+type: Opaque
+data:
+  {{ include "snyk-broker.sonarqubeApiTokenSecretKey" . }} : {{ .Values.sonarqubeApiToken | b64enc | quote }}
+---
+{{- end}}
 {{- if and (.Values.httpsCert) (.Values.httpsKey) }}
 apiVersion: v1
 kind: Secret

diff --git a/charts/snyk-broker/tests/broker_deployment_apprisk_type_test.yaml b/charts/snyk-broker/tests/broker_deployment_apprisk_type_test.yaml
@@ -0,0 +1,163 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: broker deployment (apprisk type)
+chart:
+  version: 0.0.0
+values:
+  - ./fixtures/default_values.yaml
+templates:
+  - secrets.yaml
+  - broker_deployment.yaml
+set:
+  scmType: apprisk
+
+tests:
+  - it: should create secrets if sonarqubeHostUrl is defined
+    template: secrets.yaml
+    set:
+      sonarqubeHostUrl: https://mysonarqube
+      sonarqubeApiToken: abc123
+      disableSuffixes: true
+    asserts:
+
+      - isKind:
+          of: Secret
+        documentSelector:
+          path: metadata.name
+          value: apprisk-sonarqube-api-token-release-name
+      - equal:
+          path: data
+          value: YWJjMTIz
+        documentSelector:
+          path: metadata.name
+          value: apprisk-sonarqube-api-token-release-name
+
+
+  # - it: should create secrets if brokerClientValidationUrl and nexusUrl are defined
+  #   template: secrets.yaml
+
+  #   set:
+  #     nexusUrl: https://username:[email protected]/repository
+  #     brokerClientValidationUrl: https://username:[email protected]/service/rest/v1/status/check
+  #     disableSuffixes: true
+
+  #   asserts:
+
+  #     - isKind:
+  #         of: Secret
+  #       documentSelector:
+  #         path: metadata.name
+  #         value: nexus-broker-client-validation-url
+  #     - equal:
+  #         path: data.nexus-broker-client-validation-url
+  #         value: aHR0cHM6Ly91c2VybmFtZTpwYXNzd29yZEB5b3VyLWRvbWFpbi5jb20vc2VydmljZS9yZXN0L3YxL3N0YXR1cy9jaGVjaw==
+  #       documentSelector:
+  #         path: metadata.name
+  #         value: nexus-broker-client-validation-url
+
+  #     - isKind:
+  #         of: Secret
+  #       documentSelector:
+  #         path: metadata.name
+  #         value: nexus-nexus-url
+  #     - equal:
+  #         path: data.nexus-nexus-url
+  #         value: aHR0cHM6Ly91c2VybmFtZTpwYXNzd29yZEB5b3VyLWRvbWFpbi5jb20vcmVwb3NpdG9yeQ==
+  #       documentSelector:
+  #         path: metadata.name
+  #         value: nexus-nexus-url
+
+  #     - containsDocument:
+  #         kind: Secret
+  #         apiVersion: v1
+  #         name: nexus-nexus-base-url
+  #       not: true
+
+  # - it: should create secrets if brokerClientValidationUrl and baseNexusUrl are defined
+  #   template: secrets.yaml
+
+  #   set:
+  #     baseNexusUrl: https://username:[email protected]
+  #     brokerClientValidationUrl: https://username:[email protected]/service/rest/v1/status/check
+  #     disableSuffixes: true
+
+  #   asserts:
+
+  #     - isKind:
+  #         of: Secret
+  #       documentSelector:
+  #         path: metadata.name
+  #         value: nexus-broker-client-validation-url
+  #     - equal:
+  #         path: data.nexus-broker-client-validation-url
+  #         value: aHR0cHM6Ly91c2VybmFtZTpwYXNzd29yZEB5b3VyLWRvbWFpbi5jb20vc2VydmljZS9yZXN0L3YxL3N0YXR1cy9jaGVjaw==
+  #       documentSelector:
+  #         path: metadata.name
+  #         value: nexus-broker-client-validation-url
+
+  #     - isKind:
+  #         of: Secret
+  #       documentSelector:
+  #         path: metadata.name
+  #         value: nexus-base-nexus-url
+  #     - equal:
+  #         path: data.nexus-base-nexus-url
+  #         value: aHR0cHM6Ly91c2VybmFtZTpwYXNzd29yZEB5b3VyLWRvbWFpbi5jb20=
+  #       documentSelector:
+  #         path: metadata.name
+  #         value: nexus-base-nexus-url
+
+  #     - containsDocument:
+  #         kind: Secret
+  #         apiVersion: v1
+  #         name: nexus-nexus-url
+  #       not: true
+
+  # - it: should not create secret for brokerClientValidationUrl if value is empty
+  #   template: secrets.yaml
+
+  #   set:
+  #     nexusUrl: https://username:[email protected]/repository
+  #     baseNexusUrl: https://username:[email protected]
+  #     disableSuffixes: true
+
+  #   asserts:
+  #     - containsDocument:
+  #         kind: Secret
+  #         apiVersion: v1
+  #         name: nexus-broker-client-validation-url
+  #       not: true
+
+  # - it: references secrets in deployment
+  #   release:
+  #     name: unittest
+  #   template: broker_deployment.yaml
+  #   set:
+  #     baseNexusUrl: https://username:[email protected]
+  #     nexusUrl: https://username:[email protected]/repository
+  #     brokerClientValidationUrl: https://username:[email protected]/service/rest/v1/status/check
+
+  #   asserts:
+  #     - contains:
+  #         path: spec.template.spec.containers[0].env
+  #         content:
+  #           name: BASE_NEXUS_URL
+  #           valueFrom:
+  #             secretKeyRef:
+  #               name: nexus-base-nexus-url-unittest
+  #               key: "nexus-base-nexus-url"
+  #     - contains:
+  #         path: spec.template.spec.containers[0].env
+  #         content:
+  #           name: NEXUS_URL
+  #           valueFrom:
+  #             secretKeyRef:
+  #               name: nexus-nexus-url-unittest
+  #               key: "nexus-nexus-url"
+  #     - contains:
+  #         path: spec.template.spec.containers[0].env
+  #         content:
+  #           name: BROKER_CLIENT_VALIDATION_URL
+  #           valueFrom:
+  #             secretKeyRef:
+  #               name: nexus-broker-client-validation-url-unittest
+  #               key: "nexus-broker-client-validation-url"
diff --git a/charts/snyk-broker/values.schema.json b/charts/snyk-broker/values.schema.json
@@ -87,6 +87,7 @@
     "scmType": {
       "type": "string",
       "enum": [
+        "apprisk",
         "github-com",
         "github-enterprise",
         "bitbucket-server",

diff --git a/charts/snyk-broker/values.yaml b/charts/snyk-broker/values.yaml
@@ -221,6 +221,13 @@ crImage: "latest"
 # Set to 'true' to enable AppRisk
 enableAppRisk: ""
 
+checkmarx: ""
+sonarqubeHostUrl: ""
+sonarqubeApiToken: ""
+sonarqubeApiTokenSecret:
+  name: ""
+  key: ""
+
 ##### Code Agent #####
 
 # Set to 'true' to enable Code Agent