From bc44f73794956e26eb4b80b47fd91a84e86d51f7 Mon Sep 17 00:00:00 2001 From: Antoine Arlaud Date: Wed, 13 Nov 2024 14:39:19 +0100 Subject: [PATCH] feat: add apprisk type --- charts/snyk-broker/templates/_scmConfig.tpl | 65 +++++++ .../templates/broker_deployment.yaml | 1 + charts/snyk-broker/templates/secrets.yaml | 10 ++ .../broker_deployment_apprisk_type_test.yaml | 163 ++++++++++++++++++ charts/snyk-broker/values.schema.json | 1 + charts/snyk-broker/values.yaml | 7 + 6 files changed, 247 insertions(+) create mode 100644 charts/snyk-broker/tests/broker_deployment_apprisk_type_test.yaml diff --git a/charts/snyk-broker/templates/_scmConfig.tpl b/charts/snyk-broker/templates/_scmConfig.tpl index 249076c..a17f9f3 100644 --- a/charts/snyk-broker/templates/_scmConfig.tpl +++ b/charts/snyk-broker/templates/_scmConfig.tpl @@ -172,6 +172,44 @@ Return the Nexus URL secret name and key key: {{ include "snyk-broker.nexusUrlSecretKey" . }} {{- end }} + +{{/* +Return Sonarqube url +*/}} +{{- define "snyk-broker.sonarqubeHostUrl" }} +- name: SONARQUBE_HOST_URL + value: {{ .Values.sonarqubeHostUrl }} +{{- end }} +{{/* +Return the Sonarqube API Token secret name and key +*/}} +{{- define "snyk-broker.sonarqubeApiTokenSecretName" -}} +{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }} +{{- .Values.sonarqubeApiTokenSecret.name | default (printf "apprisk-sonarqube-api-token%s" $suffix) }} +{{- end }} + +{{- define "snyk-broker.sonarqubeApiTokenSecretKey" -}} +{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }} +{{- .Values.sonarqubeApiTokenSecret.key | default "apprisk-sonarqube-api-token" }} +{{- end }} + +{{- define "snyk-broker.sonarqubeApiToken" }} +{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }} +- name: SONARQUBE_API_TOKEN + valueFrom: + secretKeyRef: + name: {{ include "snyk-broker.sonarqubeApiTokenSecretName" . }} + key: {{ include "snyk-broker.sonarqubeApiTokenSecretKey" . }} +{{- end }} + +{{/* +Return checkmarx host +*/}} +{{- define "snyk-broker.checkmarx" }} +- name: CHECKMARX + value: {{ .Values.checkmarx }} +{{- end }} + {{/* Return the Broker Client Validation URL secret name and key */}} @@ -239,6 +277,33 @@ GITLAB_TOKEN (gitlab) {{- include "snyk-broker.scmTokenPool" . }} {{- end }} +{{/* +Return sonarqube config for apprisk +*/}} +{{- define "snyk-broker.sonarqube" }} +{{- if or (and .Values.sonarqubeHostUrl (ne .Values.sonarqubeHostUrl "")) (and .Values.checkmarx (ne .Values.checkmarx "")) }} +{{- if and .Values.sonarqubeHostUrl (ne .Values.sonarqubeHostUrl "") }} +{{- include "snyk-broker.sonarqubeHostUrl" . }} +{{- include "snyk-broker.sonarqubeApiToken" . }} +{{- end}} +{{- if and .Values.checkmarx (ne .Values.checkmarx "") }} +{{- include "snyk-broker.checkmarx" . }} +{{- end}} +{{- else}} +{{- fail "Error: Either or both .Values.sonarqubeHostUrl or .Values.checkmarx must be defined and not empty." }} +{{- end }} +{{- end }} + + +{{/* + Define apprisk values + */}} + {{- define "snyk-broker.appRisk" -}} + {{- if eq .Values.scmType "apprisk" }} + {{- include "snyk-broker.sonarqube" . }} + {{- end }} + {{- end }} + {{/* Define github-com values */}} diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml index 2925658..858d9fd 100644 --- a/charts/snyk-broker/templates/broker_deployment.yaml +++ b/charts/snyk-broker/templates/broker_deployment.yaml @@ -107,6 +107,7 @@ spec: value: {{ .Values.healthCheckPath }} - name: BROKER_SYSTEMCHECK_PATH value: {{ .Values.systemCheckPath }} +{{- include "snyk-broker.appRisk" . | indent 12 }} {{- include "snyk-broker.githubCom" . | indent 12 }} {{- include "snyk-broker.githubEnterprise" . | indent 12 }} {{- include "snyk-broker.gitlab" . | indent 12 }} diff --git a/charts/snyk-broker/templates/secrets.yaml b/charts/snyk-broker/templates/secrets.yaml index 1fa08e1..b113af6 100644 --- a/charts/snyk-broker/templates/secrets.yaml +++ b/charts/snyk-broker/templates/secrets.yaml @@ -79,6 +79,16 @@ data: {{ include "snyk-broker.nexusUrlSecretKey" . }} : {{ .Values.nexusUrl | b64enc | quote }} --- {{- end}} +{{- if .Values.sonarqubeApiToken }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "snyk-broker.sonarqubeApiTokenSecretName" . }} +type: Opaque +data: + {{ include "snyk-broker.sonarqubeApiTokenSecretKey" . }} : {{ .Values.sonarqubeApiToken | b64enc | quote }} +--- +{{- end}} {{- if and (.Values.httpsCert) (.Values.httpsKey) }} apiVersion: v1 kind: Secret diff --git a/charts/snyk-broker/tests/broker_deployment_apprisk_type_test.yaml b/charts/snyk-broker/tests/broker_deployment_apprisk_type_test.yaml new file mode 100644 index 0000000..06df9cf --- /dev/null +++ b/charts/snyk-broker/tests/broker_deployment_apprisk_type_test.yaml @@ -0,0 +1,163 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: broker deployment (apprisk type) +chart: + version: 0.0.0 +values: + - ./fixtures/default_values.yaml +templates: + - secrets.yaml + - broker_deployment.yaml +set: + scmType: apprisk + +tests: + - it: should create secrets if sonarqubeHostUrl is defined + template: secrets.yaml + set: + sonarqubeHostUrl: https://mysonarqube + sonarqubeApiToken: abc123 + disableSuffixes: true + asserts: + + - isKind: + of: Secret + documentSelector: + path: metadata.name + value: apprisk-sonarqube-api-token-release-name + - equal: + path: data + value: YWJjMTIz + documentSelector: + path: metadata.name + value: apprisk-sonarqube-api-token-release-name + + + # - it: should create secrets if brokerClientValidationUrl and nexusUrl are defined + # template: secrets.yaml + + # set: + # nexusUrl: https://username:password@your-domain.com/repository + # brokerClientValidationUrl: https://username:password@your-domain.com/service/rest/v1/status/check + # disableSuffixes: true + + # asserts: + + # - isKind: + # of: Secret + # documentSelector: + # path: metadata.name + # value: nexus-broker-client-validation-url + # - equal: + # path: data.nexus-broker-client-validation-url + # value: aHR0cHM6Ly91c2VybmFtZTpwYXNzd29yZEB5b3VyLWRvbWFpbi5jb20vc2VydmljZS9yZXN0L3YxL3N0YXR1cy9jaGVjaw== + # documentSelector: + # path: metadata.name + # value: nexus-broker-client-validation-url + + # - isKind: + # of: Secret + # documentSelector: + # path: metadata.name + # value: nexus-nexus-url + # - equal: + # path: data.nexus-nexus-url + # value: aHR0cHM6Ly91c2VybmFtZTpwYXNzd29yZEB5b3VyLWRvbWFpbi5jb20vcmVwb3NpdG9yeQ== + # documentSelector: + # path: metadata.name + # value: nexus-nexus-url + + # - containsDocument: + # kind: Secret + # apiVersion: v1 + # name: nexus-nexus-base-url + # not: true + + # - it: should create secrets if brokerClientValidationUrl and baseNexusUrl are defined + # template: secrets.yaml + + # set: + # baseNexusUrl: https://username:password@your-domain.com + # brokerClientValidationUrl: https://username:password@your-domain.com/service/rest/v1/status/check + # disableSuffixes: true + + # asserts: + + # - isKind: + # of: Secret + # documentSelector: + # path: metadata.name + # value: nexus-broker-client-validation-url + # - equal: + # path: data.nexus-broker-client-validation-url + # value: aHR0cHM6Ly91c2VybmFtZTpwYXNzd29yZEB5b3VyLWRvbWFpbi5jb20vc2VydmljZS9yZXN0L3YxL3N0YXR1cy9jaGVjaw== + # documentSelector: + # path: metadata.name + # value: nexus-broker-client-validation-url + + # - isKind: + # of: Secret + # documentSelector: + # path: metadata.name + # value: nexus-base-nexus-url + # - equal: + # path: data.nexus-base-nexus-url + # value: aHR0cHM6Ly91c2VybmFtZTpwYXNzd29yZEB5b3VyLWRvbWFpbi5jb20= + # documentSelector: + # path: metadata.name + # value: nexus-base-nexus-url + + # - containsDocument: + # kind: Secret + # apiVersion: v1 + # name: nexus-nexus-url + # not: true + + # - it: should not create secret for brokerClientValidationUrl if value is empty + # template: secrets.yaml + + # set: + # nexusUrl: https://username:password@your-domain.com/repository + # baseNexusUrl: https://username:password@your-domain.com + # disableSuffixes: true + + # asserts: + # - containsDocument: + # kind: Secret + # apiVersion: v1 + # name: nexus-broker-client-validation-url + # not: true + + # - it: references secrets in deployment + # release: + # name: unittest + # template: broker_deployment.yaml + # set: + # baseNexusUrl: https://username:password@your-domain.com + # nexusUrl: https://username:password@your-domain.com/repository + # brokerClientValidationUrl: https://username:password@your-domain.com/service/rest/v1/status/check + + # asserts: + # - contains: + # path: spec.template.spec.containers[0].env + # content: + # name: BASE_NEXUS_URL + # valueFrom: + # secretKeyRef: + # name: nexus-base-nexus-url-unittest + # key: "nexus-base-nexus-url" + # - contains: + # path: spec.template.spec.containers[0].env + # content: + # name: NEXUS_URL + # valueFrom: + # secretKeyRef: + # name: nexus-nexus-url-unittest + # key: "nexus-nexus-url" + # - contains: + # path: spec.template.spec.containers[0].env + # content: + # name: BROKER_CLIENT_VALIDATION_URL + # valueFrom: + # secretKeyRef: + # name: nexus-broker-client-validation-url-unittest + # key: "nexus-broker-client-validation-url" diff --git a/charts/snyk-broker/values.schema.json b/charts/snyk-broker/values.schema.json index 9eee86e..963674a 100644 --- a/charts/snyk-broker/values.schema.json +++ b/charts/snyk-broker/values.schema.json @@ -87,6 +87,7 @@ "scmType": { "type": "string", "enum": [ + "apprisk", "github-com", "github-enterprise", "bitbucket-server", diff --git a/charts/snyk-broker/values.yaml b/charts/snyk-broker/values.yaml index 4283502..40ef066 100644 --- a/charts/snyk-broker/values.yaml +++ b/charts/snyk-broker/values.yaml @@ -221,6 +221,13 @@ crImage: "latest" # Set to 'true' to enable AppRisk enableAppRisk: "" +checkmarx: "" +sonarqubeHostUrl: "" +sonarqubeApiToken: "" +sonarqubeApiTokenSecret: + name: "" + key: "" + ##### Code Agent ##### # Set to 'true' to enable Code Agent