fix: move ca to secret, tests

snyk · Jul 15, 2024 · 92a98a4 · 92a98a4
1 parent 99aa6f9
commit 92a98a4
Show file tree

Hide file tree

Showing 10 changed files with 218 additions and 795 deletions.
diff --git a/charts/snyk-broker/templates/_helpers.tpl b/charts/snyk-broker/templates/_helpers.tpl
@@ -116,12 +116,22 @@ Create the name of the broker service to use
 {{- end -}}
 
 {{/*
-Create TLS secret name
+Create a secret name.
+Pass a dict of Context ($) and secretName:
+include "snyk-broker.genericSecretName" (dict "Context" $ "secretName" "secret-name")
 */}}
-{{- define "tls-secret-name" -}}
-{{- if not .Values.disableSuffixes -}}
-{{ include "snyk-broker.fullname" .}}-tls-secret
+{{- define "snyk-broker.genericSecretName" -}}
+{{- if not .Context.Values.disableSuffixes -}}
+{{ printf "%s-%s" ( include "snyk-broker.fullname" .Context ) .secretName }}
 {{- else -}}
-tls-secret
+{{- printf "snyk-broker-%s" .secretName }}
 {{- end -}}
 {{- end -}}
+
+{{- define "snyk-broker.tlsSecretName" -}}
+{{- include "snyk-broker.genericSecretName" (dict "Context" . "secretName" "tls-secret" ) -}}
+{{- end }}
+
+{{- define "snyk-broker.caCertSecretName" -}}
+{{- include "snyk-broker.genericSecretName" (dict "Context" . "secretName" "cacert-secret" ) -}}
+{{- end }}
diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml
@@ -497,13 +497,13 @@ spec:
       {{- end }}
       {{- if or (.Values.caCert) (.Values.caCertFile) }}
       - name: {{ include "snyk-broker.fullname" . }}-cacert-volume
-        configMap:
-          name: {{ include "snyk-broker.fullname" . }}-cacert-configmap{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
+        secret:
+          name: {{ include "snyk-broker.caCertSecretName" . }}
       {{- end }}
       {{- if and (.Values.httpsCert) (.Values.httpsKey) }}
       - name: {{ include "snyk-broker.fullname" . }}-tls-secret-volume
         secret:
-          secretName: {{ include "tls-secret-name" . }}
+          secretName: {{ include "snyk-broker.tlsSecretName" . }}
       {{- end }}
 {{- if .Values.extraVolumes }}
 {{ tpl (toYaml .Values.extraVolumes | indent 6) . }}

diff --git a/charts/snyk-broker/templates/cacert_configmap.yaml b/charts/snyk-broker/templates/cacert_configmap.yaml
diff --git a/charts/snyk-broker/templates/secrets.yaml b/charts/snyk-broker/templates/secrets.yaml
@@ -165,10 +165,26 @@ stringData:
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ include "tls-secret-name" . }}
+  name: {{ include "snyk-broker.tlsSecretName" . }}
 type: kubernetes.io/tls
 data:
   tls.crt: {{ (.Files.Get .Values.httpsCert) | b64enc | quote }}
   tls.key: {{ (.Files.Get .Values.httpsKey) | b64enc | quote }}
 ---
 {{- end }}
+{{- if or .Values.caCert .Values.caCertFile }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "snyk-broker.caCertSecretName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "snyk-broker.labels" . | nindent 4 }}
+data:
+{{- if and .Values.caCert (not .Values.caCertFile) }}
+{{ (.Files.Glob .Values.caCert).AsSecrets | nindent 2 }}
+{{- else if and .Values.caCertFile (not .Values.caCert) }}
+  cacert: {{ .Values.caCertFile | b64enc | nindent 4}}
+{{- end }}
+---
+{{- end }}