From 698374d367f50aafa9910d8a4568d5bb8670aa5d Mon Sep 17 00:00:00 2001
From: Antoine Arlaud <antoine@snyk.io>
Date: Tue, 7 May 2024 15:55:01 +0200
Subject: [PATCH 1/3] fix: add bitbucket-server bearer auth flavor

---
 charts/snyk-broker/Chart.yaml                 |  2 +-
 .../templates/broker_deployment.yaml          | 23 ++++++++++++++++++-
 charts/snyk-broker/templates/secrets.yaml     | 10 ++++++++
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/charts/snyk-broker/Chart.yaml b/charts/snyk-broker/Chart.yaml
index 08d0201..4e59cd6 100644
--- a/charts/snyk-broker/Chart.yaml
+++ b/charts/snyk-broker/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
 name: snyk-broker
-version: 2.6.6
+version: 2.6.7
 description: A Helm chart for Kubernetes
 type: application
diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml
index 58a3931..73810c2 100644
--- a/charts/snyk-broker/templates/broker_deployment.yaml
+++ b/charts/snyk-broker/templates/broker_deployment.yaml
@@ -188,6 +188,27 @@ spec:
             - name: BROKER_CLIENT_URL
               value: {{ .Values.brokerClientUrl }}
           {{- end }}
+          {{- if eq .Values.scmType "bitbucket-server-bearer-auth" }}
+          # Bitbucket Bearer Auth
+            - name: BROKER_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.scmType}}-broker-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
+                  key: "{{ .Values.scmType}}-broker-token-key"
+            - name: BITBUCKET_PAT
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
+                  key: "{{ .Values.scmType}}-token-key"
+            - name: BITBUCKET
+              value: {{ .Values.bitbucket }}
+            - name: BITBUCKET_API
+              value: {{ .Values.bitbucketApi }}
+            - name: PORT
+              value: {{ .Values.deployment.container.containerPort | squote }}
+            - name: BROKER_CLIENT_URL
+              value: {{ .Values.brokerClientUrl }}
+          {{- end }}
           {{- if eq .Values.scmType "gitlab" }}
           # GitLab
             - name: BROKER_TOKEN
@@ -441,7 +462,7 @@ spec:
             - name: ACCEPT
               value: /home/node/private/accept.json
          {{ else }}
-          {{- if or (eq .Values.scmType "github-com") (eq .Values.scmType "github-enterprise") (eq .Values.scmType "bitbucket-server") (eq .Values.scmType "gitlab") (eq .Values.scmType "azure-repos") }}
+          {{- if or (eq .Values.scmType "github-com") (eq .Values.scmType "github-enterprise") (eq .Values.scmType "bitbucket-server") (eq .Values.scmType "bitbucket-server-bearer-auth") (eq .Values.scmType "gitlab") (eq .Values.scmType "azure-repos") }}
           {{- if not .Values.disableAutoAcceptRules  }}
           # Default Values to allow Snyk Code Snippets and Snyk IaC
             {{- if not .Values.enableSnykCodeLocalEngine }}
diff --git a/charts/snyk-broker/templates/secrets.yaml b/charts/snyk-broker/templates/secrets.yaml
index 3602a1a..cfed643 100644
--- a/charts/snyk-broker/templates/secrets.yaml
+++ b/charts/snyk-broker/templates/secrets.yaml
@@ -38,6 +38,16 @@ data:
   "{{ .Values.scmType}}-token-key": {{ .Values.bitbucketPassword | b64enc | quote }}
 ---
 {{- end }}
+{{- if .Values.bitbucketPat }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
+type: Opaque
+data:
+  "{{ .Values.scmType}}-token-key": {{ .Values.bitbucketPat | b64enc | quote }}
+---
+{{- end }}
 {{- if .Values.azureReposToken }}
 apiVersion: v1
 kind: Secret

From 4d8be8792779870d05add47cec587bdcbebad49c Mon Sep 17 00:00:00 2001
From: aarlaud <antoine@snyk.io>
Date: Tue, 7 May 2024 17:01:36 +0200
Subject: [PATCH 2/3] fix: use stringdata instead of data in secret

Co-authored-by: Pavel Sorokin <60606414+pavel-snyk@users.noreply.github.com>
---
 charts/snyk-broker/templates/secrets.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/snyk-broker/templates/secrets.yaml b/charts/snyk-broker/templates/secrets.yaml
index cfed643..4d74128 100644
--- a/charts/snyk-broker/templates/secrets.yaml
+++ b/charts/snyk-broker/templates/secrets.yaml
@@ -44,8 +44,8 @@ kind: Secret
 metadata:
   name: {{ .Values.scmType}}-token{{if not .Values.disableSuffixes }}-{{ .Release.Name }}{{ end }}
 type: Opaque
-data:
-  "{{ .Values.scmType}}-token-key": {{ .Values.bitbucketPat | b64enc | quote }}
+stringData:
+  "{{ .Values.scmType}}-token-key": {{ .Values.bitbucketPat | quote }}
 ---
 {{- end }}
 {{- if .Values.azureReposToken }}

From 324f7aec48b706d1bc497beadf425cfa775db617 Mon Sep 17 00:00:00 2001
From: aarlaud <antoine@snyk.io>
Date: Tue, 7 May 2024 17:02:07 +0200
Subject: [PATCH 3/3] fix: simplify scmType matching for accept rules

Co-authored-by: Matthew Rogers <matt.rogers@snyk.io>
---
 charts/snyk-broker/templates/broker_deployment.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml
index 73810c2..cabbf48 100644
--- a/charts/snyk-broker/templates/broker_deployment.yaml
+++ b/charts/snyk-broker/templates/broker_deployment.yaml
@@ -462,7 +462,7 @@ spec:
             - name: ACCEPT
               value: /home/node/private/accept.json
          {{ else }}
-          {{- if or (eq .Values.scmType "github-com") (eq .Values.scmType "github-enterprise") (eq .Values.scmType "bitbucket-server") (eq .Values.scmType "bitbucket-server-bearer-auth") (eq .Values.scmType "gitlab") (eq .Values.scmType "azure-repos") }}
+          {{- if has .Values.scmType ( list "github-com" "github-enterprise" "bitbucket-server" "bitbucket-server-bearer-auth" "gitlab" "azure-repos") }}
           {{- if not .Values.disableAutoAcceptRules  }}
           # Default Values to allow Snyk Code Snippets and Snyk IaC
             {{- if not .Values.enableSnykCodeLocalEngine }}