fix: updating flag name and adding snapshot

charts/snyk-broker/templates/broker_deployment.yaml

@@ -58,7 +58,7 @@ spec:
             httpGet:
               port: {{ .Values.deployment.container.containerPort }}
               path: {{ .Values.brokerLivenessProbe.path }}
-              {{- if .Values.enableBrokerServerOverHttps }}
+              {{- if or ( and (.Values.httpsCert) (.Values.httpsKey) ) ( .Values.enableBrokerLocalWebserverOverHttps ) }}
               scheme: HTTPS
               {{- else }}
               scheme: HTTP
@@ -70,7 +70,7 @@ spec:
             httpGet:
               port: {{ .Values.deployment.container.containerPort }}
               path: {{ .Values.brokerReadinessProbe.path }}
-              {{- if .Values.enableBrokerServerOverHttps }}
+              {{- if or ( and (.Values.httpsCert) (.Values.httpsKey) ) ( .Values.enableBrokerLocalWebserverOverHttps ) }}
               scheme: HTTPS
               {{- else }}
               scheme: HTTP

charts/snyk-broker/tests/__snapshot__/broker_deployment_test.yaml.snap

@@ -276,6 +276,162 @@ HA mode on with 4 replicas:
         helm.sh/chart: snyk-broker-2.6.2
       name: snyk-broker-RELEASE-NAME
       namespace: NAMESPACE
+HTTPS enabled:
+  1: |
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+        helm.sh/chart: snyk-broker-2.6.2
+      name: github-com-broker-RELEASE-NAME
+      namespace: NAMESPACE
+    spec:
+      replicas: 1
+      selector:
+        matchLabels:
+          app.kubernetes.io/instance: RELEASE-NAME
+          app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/instance: RELEASE-NAME
+            app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+        spec:
+          containers:
+            - env:
+                - name: BROKER_SERVER_URL
+                  value: https://broker.test.snyk.io
+                - name: BROKER_HEALTHCHECK_PATH
+                  value: /healthcheck
+                - name: BROKER_SYSTEMCHECK_PATH
+                  value: /systemcheck
+                - name: BROKER_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      key: github-com-broker-token-key
+                      name: github-com-broker-token-RELEASE-NAME
+                - name: GITHUB_TOKEN
+                  valueFrom:
+                    secretKeyRef:
+                      key: github-com-token-key
+                      name: github-com-token-RELEASE-NAME
+                - name: PORT
+                  value: "8000"
+                - name: BROKER_CLIENT_URL
+                  value: http://brokerclient
+                - name: LOG_LEVEL
+                  value: info
+                - name: LOG_ENABLE_BODY
+                  value: "false"
+                - name: HTTPS_CERT
+                  value: /home/node/tls-cert/tls.crt
+                - name: HTTPS_KEY
+                  value: /home/node/tls-cert/tls.key
+                - name: ACCEPT_CODE
+                  value: "true"
+                - name: ACCEPT_IAC
+                  value: tf,yaml,yml,json,tpl
+                - name: BROKER_DISPATCHER_BASE_URL
+                  value: https://api.test.snyk.io
+              image: snyk/broker:github-com
+              imagePullPolicy: Always
+              livenessProbe:
+                failureThreshold: 3
+                httpGet:
+                  path: /healthcheck
+                  port: 8000
+                  scheme: HTTPS
+                initialDelaySeconds: 3
+                periodSeconds: 10
+                timeoutSeconds: 1
+              name: github-com-broker-RELEASE-NAME
+              ports:
+                - containerPort: 8000
+                  name: http
+              readinessProbe:
+                failureThreshold: 3
+                httpGet:
+                  path: /healthcheck
+                  port: 8000
+                  scheme: HTTPS
+                initialDelaySeconds: 3
+                periodSeconds: 10
+                timeoutSeconds: 1
+              resources:
+                limits:
+                  cpu: 1
+                  memory: 256Mi
+                requests:
+                  cpu: 1
+                  memory: 256Mi
+              securityContext:
+                allowPrivilegeEscalation: false
+                capabilities:
+                  drop:
+                    - ALL
+                readOnlyRootFilesystem: true
+                runAsNonRoot: true
+                runAsUser: 1000
+              volumeMounts:
+                - mountPath: /home/node/tls-cert/
+                  name: RELEASE-NAME-snyk-broker-tls-secret-volume
+                  readOnly: true
+          securityContext: {}
+          serviceAccountName: snyk-broker-RELEASE-NAME
+          volumes:
+            - name: RELEASE-NAME-snyk-broker-tls-secret-volume
+              secret:
+                secretName: RELEASE-NAME-snyk-broker-tls-secret
+  2: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+        helm.sh/chart: snyk-broker-2.6.2
+      name: github-com-broker-service-RELEASE-NAME
+      namespace: NAMESPACE
+    spec:
+      ports:
+        - port: 8000
+          targetPort: 8000
+      selector:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+      type: ClusterIP
+  3: |
+    apiVersion: v1
+    data:
+      github-com-broker-token-key: MTIz
+    kind: Secret
+    metadata:
+      name: github-com-broker-token-RELEASE-NAME
+    type: Opaque
+  4: |
+    apiVersion: v1
+    data:
+      tls.crt: ""
+      tls.key: ""
+    kind: Secret
+    metadata:
+      name: RELEASE-NAME-snyk-broker-tls-secret
+    type: kubernetes.io/tls
+  5: |
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      labels:
+        app.kubernetes.io/instance: RELEASE-NAME
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: snyk-broker-RELEASE-NAME
+        helm.sh/chart: snyk-broker-2.6.2
+      name: snyk-broker-RELEASE-NAME
+      namespace: NAMESPACE
 default values:
   1: |
     apiVersion: apps/v1

charts/snyk-broker/tests/broker_deployment_test.yaml

@@ -11,6 +11,11 @@ tests:
       - ./fixtures/default_values.yaml
     asserts:
       - matchSnapshot: {}
+  - it: HTTPS enabled
+    values:
+      - ./fixtures/default_values_https_enabled.yaml
+    asserts:
+      - matchSnapshot: {}
   - it: preflight checks off
     values:
       - ./fixtures/default_values_preflight_off.yaml

charts/snyk-broker/tests/dummy_tls_cert.crt

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIUXsVXn57owX5UJCSgmpiUCDscyuUwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDAzMTMxNDQzMjlaFw0yNTAz
+MTMxNDQzMjlaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDkefnSLZV/5MXPQ17xCnYY8q4drlL0qDcY3GaXsWd1
+wvc6ACjl5/nOzsxVG6d0iXYXYJY7ORrfJB/EzI/tZddgw45ONtgpdAKBxSLuUK4+
+isAa8N1BCy3/GTrFYi6jiXfwuG1/m1x+GeUUsLY2QV6z8jykSCtqgRf5Uj0Rt1Hl
+N1Termrd1Nebpe0xrWuUC5o/1H49kysRQvTT4a8CEqN5dctRITOZfZrSGjjZEEZj
+eBnzv/5J73nTGBThiar8Ii3iPeH4pbnefQR0oRFpwEmeI3Tptm/3qZeZjtWTf4lU
+BopkgrdszlQBdPbV/hqse9NgxtLq6xS5f0R+0oImk7TCNHHNkA4UkJ70JFWATGZK
+aK6+gDNJ+ATLP5SaCMtZcFDyVCWuSi+kHn58keOT7qU1cC+8GdW6A48NIL5KhA8O
+TCZE4tyMQMBCuqP27tQAoAGw+LssJD1AtmknR7SckfoX2D2xuAT74/RclZpRe+Q2
+YrccNqTa5g2TIWduQW1yZ1ZhZGq7iQKIoH4R9Is8v6hbfxbul6jeW0zW5qUMYBoW
+1CfmC3Zfba9i63RKlY6WHoH9UWqSHVcpJeZgV91e0imzl8Xu0Wg74aXqbA55H70+
+3pr/pvGK1tsmlV7uelJ5C8sVoh1zSG5SGeCa216mbF4wYzOZXzzqzE7hWIzL2F/p
+nQIDAQABo1MwUTAdBgNVHQ4EFgQULOSPdDfPDfBlmXVGYgmlQDWA3GcwHwYDVR0j
+BBgwFoAULOSPdDfPDfBlmXVGYgmlQDWA3GcwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAoArXK/8jPEjGOjq/Ek3KppWAYZpZzE4TkfT+F+AsisXU
+oRCRDlecSkWeK5er9xpKM66kEjmADIinHO+CsBzSt+oxuU8z1sVNmOBBZLI+B7an
+++0eLg0pyNNS2gHydJskdbEFK4xNNGLn847bawlDf3bq30OQ3KGW5EBCZklc9GEf
+UA/GoX/RNhLe7e0RJy08J9Dfe8/rvBHIArmKIcM+MzDkR+6JhUYXXdIAFY4jpMxd
+5Fieqj+NUF2UUFdjbtKEOjXzaNA2RRkesHaOqGAxV9FxVFRuggH3DJxiSwjzBH2z
+Nvjq5VVgh6/vRbcKUYu73H5JNAdLFFruuo9lTCuNdkrzEBS3zjyx2qrAuVVWOcPc
+pKm7cPgQ41H33+zWxEbotug14WoklFyDFfTVK/RCXLuFVnYIR4dL/Bsjbr23UsKU
+Th+tVL+T6uKr8UoMe0ODINsX8xguywo7j4Xa09/FHlnZ9VYVOX3U3CkRs5v17uiB
+oByUzTpMODcsFjJiE7TDZMAxVwazzwA12OO4ieOXlB3wiHR/uVo94MDNIVL/cQVG
+d6Oj6Vz9+MmyhEaHJsXJQv0c3UrpURI7Rn1UN1oUa4vb2HX58GnQC5vJ6GP5NBvG
+VQQ3xdXU2kQDPvbzHW4cF8nbIzbErXdRkqinZIEosNMhCdEtjdCeLg/Hn0K3LPk=
+-----END CERTIFICATE-----

charts/snyk-broker/tests/dummy_tls_key.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDkefnSLZV/5MXP
+Q17xCnYY8q4drlL0qDcY3GaXsWd1wvc6ACjl5/nOzsxVG6d0iXYXYJY7ORrfJB/E
+zI/tZddgw45ONtgpdAKBxSLuUK4+isAa8N1BCy3/GTrFYi6jiXfwuG1/m1x+GeUU
+sLY2QV6z8jykSCtqgRf5Uj0Rt1HlN1Termrd1Nebpe0xrWuUC5o/1H49kysRQvTT
+4a8CEqN5dctRITOZfZrSGjjZEEZjeBnzv/5J73nTGBThiar8Ii3iPeH4pbnefQR0
+oRFpwEmeI3Tptm/3qZeZjtWTf4lUBopkgrdszlQBdPbV/hqse9NgxtLq6xS5f0R+
+0oImk7TCNHHNkA4UkJ70JFWATGZKaK6+gDNJ+ATLP5SaCMtZcFDyVCWuSi+kHn58
+keOT7qU1cC+8GdW6A48NIL5KhA8OTCZE4tyMQMBCuqP27tQAoAGw+LssJD1Atmkn
+R7SckfoX2D2xuAT74/RclZpRe+Q2YrccNqTa5g2TIWduQW1yZ1ZhZGq7iQKIoH4R
+9Is8v6hbfxbul6jeW0zW5qUMYBoW1CfmC3Zfba9i63RKlY6WHoH9UWqSHVcpJeZg
+V91e0imzl8Xu0Wg74aXqbA55H70+3pr/pvGK1tsmlV7uelJ5C8sVoh1zSG5SGeCa
+216mbF4wYzOZXzzqzE7hWIzL2F/pnQIDAQABAoICAD+6Zhxh6plJzoMJX6oMKPS8
+fCR7Q1hKs1OT5mnZaepG/36GHOJD2kH9HLGAjSzMSswqfLz4KK6k/Nd/14V4KqMq
+6L6YPaMSYMChpCSlDHUVbpAVLyG9ZI8LEoGL6UZkSbgzORem1h22S1eCEtD/WtMG
+djO8jZ+fcnhwn+gZIha1YE7ch6Jog9s+ZPK+VItu0Q+MzcmPCyw9aNzQzmfdmwt9
+98AhaqsdhdmkxsaE651DGroKi3tD+M8QoIJoS/EX94RrjmQ0lauhY2TEqH6+y8n4
+SdwGryR9gXOri5cgs8VkLaXrcA5BXt0pKtB1mCsUPtl3m8061QUIoqpdPUBVYs1h
+tFix8C6rC1aQ2pXRWfOP7UjE5DO8WosIvd+OEdOmpbh3A4GKokxLTDQeKPCYv/jh
+avZ8cD9+RmQZzPJN1gMqrAU//k/CpSt3iLfP3g7pbia9OpwH/KQTfnVJUXnD5hgc
+Olg5rBy+z7EZpPV0LPd9iR1+24gtOwj07yntQjevbtPYflrjv7LLDkzveH2LNHPI
+yDROhWSnSMhpj8tsBbqgRDeZD5cpCz3HKRPTNOcYuF+eAlxcD2DxhnCgtCC8hvan
+qEHiOSfgAVxKMe+VvjJvxOBTSwXMQrf2LtQOaNxv31K46iDXT4swYNQkRIvSDeoZ
+spBg1SqAVomKsZxJSYthAoIBAQD1uOSDwEtjnaabLlox8P832L74i/WntAN2+Gnc
+qju5w2WHjYz0GwXyDO0nonBENfIIeXBACw/r/Miq80ThfPLCmi0lqZcUZJMhE79S
+70VQ0UBkGbtoBtq4sL/cxtK9KBDl6gztoNaJ159XO9wmqZ1Zo1101NzRv0igOQkK
+0nl4lELmFgGim9TdpJ3RABlBZNChE0Z9JU0WgHflMpnwFu4uBmH9gdWL99I1lcSK
+ZXVHwqtrhXvFp9AmjQvwj8IRI4mXAxBDqmqlle8YlorYN+cNckRiLGs4oJnween9
+lAceYfvUWv8/OM/BDaeq5S9IZ/EHg1lZgzK+hBMv9vS9Lv6LAoIBAQDuCGvt0Wsi
+HA6DbEsFEA6qYc7gUNRcqdtYAJFAY2qsrLVKIUDYGXNMQStVrmQP7i0XN5YGvETV
+Rrj5Tre7U3dIzWkFMAxZ4ymm8u3huJti8tFxi3a/rRk+xvUlJfyetaBKPWX+pprV
+9fnyqRYWV+ZN+F28MkK/AJBqNl2lIDmNwbyySM2WtUJX1zaNASdAKyIKjGFQtw8h
+bmDD79s/tYmWWaW0AKKh73y8DBR9/IGO8Lj+LcPLeg+aE/MrTD9rbvv51IyfEHhD
+NyJDskat87Hr8fHweQlVSWQTJ2xFN700Y1nFvLcDRAnpEaBS+Lxl0G76fSIPuyD0
+HyQvJrc/aKV3AoIBAGPWj+KISxlagMskdjk8djY2tsE9/L37Aj1giYLDGClOHv6I
+oPC92hiS7/jeo0bTtFeFH/qlg/6aYt4yoZYMsoYnJpja4yvCAZW69E26Miu4GbWS
+TvbhchUAm7QUhKOel98SzdXvN7wiA/fptnVvDSPSoLJLmr0OP2/6PJZNFlXLx7K8
+1kU/k6nKrOSyaZCMachIkKdgdIXkBNL3UFygtH220jGygxWvx5VGGOkyeAiELCov
+vi59FLHVNTi08GEOU2UsNXuIznQhC1iuMhPQAu0PtIE/EwGbH3D51/zUHGBX535M
+ytDhQGhsJ+fj3uZIdUJcN/2KtR97gmBGswH7CikCggEAK57reHeKNIQDvN3ZmaHp
+rhuid8UYRarzAVuJQs11PROhXWZepbt0P6Mpt9fvimPRa5HKMo3J53PAbh+Y2AFh
+uLu75TF68fYJKgkWwui7wRRSgYZXSqUEHVcEkbw2YTdTmodJ67LIaTFcjrWh0JJn
+KB69vsFPLgWCcZRo8NvI8EtysxFYa6fn8oUEAC8X7FB7OoejRdFmOnAp135bJX+1
+KRJgpW4AX8CtkSB9mODvNSy0GhB08xL5TPke9O5SKPP7xTrIUlYIU/kElHdVMIea
+MWzzM2ha54A9kK0G0GB4keMrDmuY9kY/srCCOvJORDJARDMuTMe0MEiMrv9fUYVx
+3QKCAQB8w0ZhF7xMS5Tjzdetyurj2K/XtrfSc8jhitCGNoz8Gnc8kSP0trrhGydo
+/u5PIDmuzu2y6h9/K+pFt7aZ8TkHaoqVrG5YRuMpSaqUgWdtpHQ5pxoG1sb86Xh4
+lgQ4X6x9yu9bvUMfFVexfkLdXZOb0W7m/j/xXTLGueRABzMYYSwp9JnyldpoiR0e
+GzLH3RVE1pMM9cRxEFaD0fGy9yFSsDsb+Jm/A17Wq7/I8oGS4Co/QPmNBK7U8fpk
+yMtvaRgS1WKADj38X+8srg6uszO3teGAUbwP/pNq+TD9yhYJ9FOdPs0qi6rdpfUn
+ZFhsRfQR6YPsCdgBxShm4loyyGHe
+-----END PRIVATE KEY-----

charts/snyk-broker/tests/fixtures/default_values_https_enabled.yaml

@@ -0,0 +1,31 @@
+# Default values for snyk-broker.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+##### Snyk Specific Values #####
+
+# Broker Token is a value from Snyk. Get this from the integration settings page or your Snyk Representative
+brokerToken: "123"
+
+# brokerClientUrl is the address of the broker. This needs to be the address of itself. In the case of Kubernetes, you need to ensure that you are pointing to the cluster ingress you have setup.
+# Ex: http://kubernetes-ingress.domain.com:8000/broker
+brokerClientUrl: "http://brokerclient"
+
+# Do not touch unless directed by a Snyk Representative
+brokerServerUrl: "https://broker.test.snyk.io"
+
+preflightChecks:
+  enabled: true
+
+highAvailabilityMode:
+  enabled: false
+brokerDispatcherUrl: "https://api.test.snyk.io"
+
+# To enable broker client to run a HTTPS server enable enableBrokerLocalWebserverOverHttps flag and also provide location of HTTPS_CERT and HTTPS_KEY
+enableBrokerLocalWebserverOverHttps: true
+
+# Location of mounted cert
+httpsCert: "dummy_tls_cert.crt"
+
+# Location of mounted HTTPS key
+httpsKey: "dummy_tls_key.key"

charts/snyk-broker/values.yaml

@@ -192,8 +192,8 @@ logEnableBody: "false"
 
 ##### Enable HTTPS #####
 
-# To enable broker client to run a HTTPS server enable enableBrokerServerOverHttps flag and also provide location of HTTPS_CERT and HTTPS_KEY
-enableBrokerServerOverHttps: false
+# To enable broker client to run a HTTPS server enable enableBrokerLocalWebserverOverHttps flag and also provide location of HTTPS_CERT and HTTPS_KEY
+enableBrokerLocalWebserverOverHttps: false
 
 # Location of mounted cert
 httpsCert: ""