From 562c4c37eb616ee5bd52ca3f4286250850fc6ebd Mon Sep 17 00:00:00 2001 From: Matthew Rogers Date: Thu, 5 Sep 2024 17:01:50 +0100 Subject: [PATCH 1/3] fix: allow nexus url and base url to share secret, force unique keys --- charts/snyk-broker/templates/_scmConfig.tpl | 10 ++-- ...broker_deployment_rename_secrets_test.yaml | 53 +++++++++++++++++-- 2 files changed, 53 insertions(+), 10 deletions(-) diff --git a/charts/snyk-broker/templates/_scmConfig.tpl b/charts/snyk-broker/templates/_scmConfig.tpl index 3cc8cd0..249076c 100644 --- a/charts/snyk-broker/templates/_scmConfig.tpl +++ b/charts/snyk-broker/templates/_scmConfig.tpl @@ -343,7 +343,7 @@ Define artifactory values {{- include "snyk-broker.brokerClientPort" . }} {{- include "snyk-broker.brokerClientUrl" . }} {{- include "snyk-broker.artifactoryUrl" . }} -{{- if .Values.brokerClientValidationUrl }} +{{- if or .Values.brokerClientValidationUrl .Values.brokerClientValidationUrlSecret.key .Values.brokerClientValidationUrlSecret.name }} {{- include "snyk-broker.brokerClientValidationUrl" . }} {{- end }} {{- end }} @@ -354,16 +354,16 @@ Define Nexus 3/2 values */}} {{- define "snyk-broker.nexus" -}} {{- if contains "nexus" .Values.scmType }} -{{- if and .Values.nexusUrlSecret.name .Values.baseNexusUrlSecret.name -}} -{{- if eq .Values.nexusUrlSecret.name .Values.baseNexusUrlSecret.name -}} -{{- fail "Secret names for nexusUrlSecret and baseNexusUrlSecret must be unique" -}} +{{- if and .Values.nexusUrlSecret.key .Values.baseNexusUrlSecret.key -}} +{{- if eq .Values.nexusUrlSecret.key .Values.baseNexusUrlSecret.key -}} +{{- fail "Secret keys for nexusUrlSecret and baseNexusUrlSecret must be unique" -}} {{- end }} {{- end }} {{- include "snyk-broker.brokerToken" . }} {{- include "snyk-broker.brokerClientPort" . }} {{- include "snyk-broker.baseNexusUrl" . }} {{- include "snyk-broker.nexusUrl" . }} -{{- if .Values.brokerClientValidationUrl }} +{{- if or .Values.brokerClientValidationUrl .Values.brokerClientValidationUrlSecret.key .Values.brokerClientValidationUrlSecret.name }} {{- include "snyk-broker.brokerClientValidationUrl" . }} {{- end }} {{- end }} diff --git a/charts/snyk-broker/tests/broker_deployment_rename_secrets_test.yaml b/charts/snyk-broker/tests/broker_deployment_rename_secrets_test.yaml index 32e56ae..232956f 100644 --- a/charts/snyk-broker/tests/broker_deployment_rename_secrets_test.yaml +++ b/charts/snyk-broker/tests/broker_deployment_rename_secrets_test.yaml @@ -273,18 +273,18 @@ tests: value: artifactory-url-for-validation template: secrets.yaml - - it: Rejects duplicative names for nexus secrets + - it: Rejects duplicative keys for nexus secrets set: scmType: nexus nexusUrl: https://user:@nexus.corp.io/repository baseNexusUrl: https://user:@nexus.corp.io brokerClientValidationUrl: https://nexus.corp.io/service/rest/v1/status/check - nexusUrlSecret.name: private-nexus - baseNexusUrlSecret.name: private-nexus + nexusUrlSecret.key: private-nexus + baseNexusUrlSecret.key: private-nexus asserts: - failedTemplate: - errorMessage: Secret names for nexusUrlSecret and baseNexusUrlSecret must be unique - template: broker_deployment.yaml + errorMessage: Secret keys for nexusUrlSecret and baseNexusUrlSecret must be unique + template: broker_deployment.yaml - it: Sets names for nexus secrets, retaining default keys set: @@ -352,3 +352,46 @@ tests: secret: secretName: my-ca template: broker_deployment.yaml + + - it: handles all required secrets in one kubernetes secret + set: + scmType: nexus + useExternalSecrets: true + nexusUrlSecret.name: my-big-broker-secret + baseNexusUrlSecret.name: my-big-broker-secret + brokerTokenSecret.name: my-big-broker-secret + brokerClientValidationUrlSecret.name: my-big-broker-secret + template: broker_deployment.yaml + asserts: + - contains: + path: spec.template.spec.containers[0].env + content: + name: NEXUS_URL + valueFrom: + secretKeyRef: + name: my-big-broker-secret + key: nexus-nexus-url + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_TOKEN + valueFrom: + secretKeyRef: + name: my-big-broker-secret + key: nexus-broker-token-key + - contains: + path: spec.template.spec.containers[0].env + content: + name: BASE_NEXUS_URL + valueFrom: + secretKeyRef: + name: my-big-broker-secret + key: nexus-base-nexus-url + - contains: + path: spec.template.spec.containers[0].env + content: + name: BROKER_CLIENT_VALIDATION_URL + valueFrom: + secretKeyRef: + name: my-big-broker-secret + key: nexus-broker-client-validation-url From 7ceff33854d6a175eb19f79aefefe3fffddd253f Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Thu, 5 Sep 2024 17:42:40 +0100 Subject: [PATCH 2/3] fix: add broker token secret format to notes output --- charts/snyk-broker/templates/_notes.tpl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/snyk-broker/templates/_notes.tpl b/charts/snyk-broker/templates/_notes.tpl index d8000a0..15d4afc 100644 --- a/charts/snyk-broker/templates/_notes.tpl +++ b/charts/snyk-broker/templates/_notes.tpl @@ -7,6 +7,9 @@ {{- $containerRegistryAgentTemplates := (list "scmToken" )}} {{- $templatesPerType := (dict "github-com" $scmTemplates "github-enterprise" $scmTemplates "gitlab" $scmTemplates "bitbucket-server" $scmTemplates "bitbucket-server-bearer-auth" $scmTemplates "azure-repos" $scmTemplates "artifactory" $artifactoryTemplates "nexus" $nexusTemplates "jira" $scmTemplates "jira-bearer-auth" $scmTemplates "container-registry-agent" $containerRegistryAgentTemplates ) }} {{- if not .Values.useExternalSecrets -}} +{{- if not .Values.brokerToken }} +{{ printf "-> %s:%s " (include "snyk-broker.brokerTokenSecretName" . ) (include "snyk-broker.brokerTokenSecretKey" . ) }} +{{- end }} {{- range (get $templatesPerType .Values.scmType ) }} {{- $secretObject := (first (fromYamlArray (include (printf "snyk-broker.%s" . ) $ ))) }} {{- $envName := $secretObject.name }} From 5de96f6fce96131f992a7cfe06196d0496c09e1f Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Thu, 12 Sep 2024 17:03:50 +0100 Subject: [PATCH 3/3] fix: bump chart version --- charts/snyk-broker/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/snyk-broker/Chart.yaml b/charts/snyk-broker/Chart.yaml index d390c19..2d43167 100644 --- a/charts/snyk-broker/Chart.yaml +++ b/charts/snyk-broker/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 name: snyk-broker -version: 2.8.0 +version: 2.8.1 description: A Helm chart for Kubernetes type: application