diff --git a/charts/argocd-appset-secret-plugin/README.md b/charts/argocd-appset-secret-plugin/README.md index 40d6525..7debffd 100644 --- a/charts/argocd-appset-secret-plugin/README.md +++ b/charts/argocd-appset-secret-plugin/README.md @@ -30,7 +30,7 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | podSecurityContext | object | `{}` | securityContext for the pod: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | replicaCount | int | `1` | number of replica pods to create | | resources | object | `{}` | | -| secretVars.secretName | string | `"argocd-secret-vars"` | the name of the secret to use for your applicationSet parameters | +| secretVars.existingSecret | string | `""` | the name of an existing secret to use for the secret keys to provide to applicationSets via the plugin generator | | securityContext | object | `{}` | securityContext for the container: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | | service.port | int | `80` | service port to expose on the cluster | | service.targetPort | int | `4355` | service target port on the container | @@ -38,6 +38,7 @@ A Helm chart for adding a K8s Secret Plugin Generator to ApplicationSets | serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| token.existingSecret | string | `""` | the name of an existing secret to use for the token that argoCD and the plugin will use for communication | | tolerations | list | `[]` | | ---------------------------------------------- diff --git a/charts/argocd-appset-secret-plugin/templates/_helpers.tpl b/charts/argocd-appset-secret-plugin/templates/_helpers.tpl index 11ca070..4df22ee 100644 --- a/charts/argocd-appset-secret-plugin/templates/_helpers.tpl +++ b/charts/argocd-appset-secret-plugin/templates/_helpers.tpl @@ -56,7 +56,39 @@ Create the name of the service account to use {{- define "argocd-appset-secret-plugin.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} {{- default (include "argocd-appset-secret-plugin.fullname" .) .Values.serviceAccount.name }} +{{- end }} +{{- end }} + + +{{/* + +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $PLUGIN_TOKEN" -d \ +'{ + "applicationSetName": "fake-appset", + "input": { + "parameters": { + "secret_vars": ["param1"]} + } +}' + +http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H \"Content-type:application/json\" -H \"Authorization: Bearer $TOKEN\" --data-urlencode \"{\"applicationSetName\": \"fake-appset\", \"input\": {\"parameters\": {\"secret_vars\": [\"app_name\"]}}}\" +*/}} +{{- define "argocd-appset-secret-plugin.testCommand" -}} +http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H \"Authorization: Bearer $TOKEN\" -d \"{\"applicationSetName\": \"fake-appset\"}\" +{{- end }} + +{{- define "argocd-appset-secret-plugin.tokenSecret" -}} +{{- if not .Values.token.existingSecret }} +{{- printf "%s-token" (include "argocd-appset-secret-plugin.fullname" .) }} +{{- else }} +{{ .Values.token.existingSecret }} +{{- end }} +{{- end }} + +{{- define "argocd-appset-secret-plugin.varSecret" -}} +{{- if not .Values.secretVars.existingSecret }} +{{- printf "%s-secret-vars" (include "argocd-appset-secret-plugin.fullname" .) }} {{- else }} -{{- default "default" .Values.serviceAccount.name }} +{{ .Values.secretVars.existingSecret }} {{- end }} {{- end }} diff --git a/charts/argocd-appset-secret-plugin/templates/deployment.yaml b/charts/argocd-appset-secret-plugin/templates/deployment.yaml index 660d25e..4a65054 100644 --- a/charts/argocd-appset-secret-plugin/templates/deployment.yaml +++ b/charts/argocd-appset-secret-plugin/templates/deployment.yaml @@ -39,20 +39,22 @@ spec: protocol: TCP volumeMounts: - name: token - mountPath: "/var/run/argocd" + mountPath: "/var/run/argocd/token" + subPath: "token" readOnly: true - name: secret-vars - mountPath: "/var/run/secret-plugin" + mountPath: "/var/run/secret-plugin/secret_vars.yaml" + subPath: "secret_vars.yaml" readOnly: true resources: {{- toYaml .Values.resources | nindent 12 }} volumes: - name: token secret: - secretName: {{ include "argocd-appset-secret-plugin.fullname" . }}-token + secretName: "{{ include "argocd-appset-secret-plugin.tokenSecret" . }}" - name: secret-vars secret: - secretName: {{ .Values.secretVars.secretName }} + secretName: "{{ include "argocd-appset-secret-plugin.varSecret" . }}" {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/argocd-appset-secret-plugin/templates/secret-token.yaml b/charts/argocd-appset-secret-plugin/templates/secret-token.yaml index 7e657da..b48431f 100644 --- a/charts/argocd-appset-secret-plugin/templates/secret-token.yaml +++ b/charts/argocd-appset-secret-plugin/templates/secret-token.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.token.existingSecret }} apiVersion: v1 kind: Secret metadata: @@ -7,3 +8,5 @@ metadata: type: Opaque data: token: {{ randAlphaNum 32 | b64enc | quote }} + +{{- end }} diff --git a/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml b/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml index 34bf0f4..cc5ce00 100644 --- a/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml +++ b/charts/argocd-appset-secret-plugin/templates/test_ci_secret.yaml @@ -1,9 +1,9 @@ -{{- if eq .Values.secretVars.secretName "argocd-secret-vars-ci-test" }} +{{- if not .Values.secretVars.existingSecret }} --- apiVersion: v1 kind: Secret metadata: - name: argocd-secret-vars-ci-test + name: {{ include "argocd-appset-secret-plugin.fullname" . }}-secret-vars labels: app.kubernetes.io/part-of: argocd stringData: diff --git a/charts/argocd-appset-secret-plugin/templates/tests/test-configmap.yaml b/charts/argocd-appset-secret-plugin/templates/tests/test-configmap.yaml new file mode 100644 index 0000000..86e2c6f --- /dev/null +++ b/charts/argocd-appset-secret-plugin/templates/tests/test-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: test-connection +data: + curl_script.sh: | + curl http://{{ include "argocd-appset-secret-plugin.fullname" . }}/api/v1/getparams.execute -H "Content-type:application/json" -H "Authorization: Bearer $TOKEN" -d '{"applicationSetName": "fake-appset", "input": {"parameters": {"secret_vars": ["app_name"]}}}' diff --git a/charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml b/charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml index b4784b0..576a9f0 100644 --- a/charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml +++ b/charts/argocd-appset-secret-plugin/templates/tests/test-connection.yaml @@ -8,8 +8,26 @@ metadata: "helm.sh/hook": test spec: containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "argocd-appset-secret-plugin.fullname" . }}:{{ .Values.service.port }}'] + - name: curl + image: curlimages/curl + command: ['/bin/sh'] + args: + - "-c" + - "/testing/curl_script.sh" + env: + - name: "TOKEN" + valueFrom: + secretKeyRef: + name: '{{ include "argocd-appset-secret-plugin.tokenSecret" . }}' + key: token + volumeMounts: + - name: curl-script + mountPath: "/testing" + readOnly: false + volumes: + - name: curl-script + configMap: + name: test-connection + defaultMode: 0777 + restartPolicy: Never diff --git a/charts/argocd-appset-secret-plugin/values.yaml b/charts/argocd-appset-secret-plugin/values.yaml index 405bf97..d916a86 100644 --- a/charts/argocd-appset-secret-plugin/values.yaml +++ b/charts/argocd-appset-secret-plugin/values.yaml @@ -19,8 +19,12 @@ nameOverride: "" fullnameOverride: "" secretVars: - # -- the name of the secret to use for your applicationSet parameters - secretName: argocd-secret-vars + # -- the name of an existing secret to use for the secret keys to provide to applicationSets via the plugin generator + existingSecret: "" + +token: + # -- the name of an existing secret to use for the token that argoCD and the plugin will use for communication + existingSecret: "" serviceAccount: # -- Specifies whether a service account should be created diff --git a/docker/README.md b/docker/README.md index 7ab9362..a7d7e40 100644 --- a/docker/README.md +++ b/docker/README.md @@ -12,7 +12,7 @@ docker build . -t jessebot/argocd-appset-secret-plugin:dev Generate a fake token ```bash -openssl rand -base64 12 > token && export PLUGIN_TOKEN=`/bin/cat token` +openssl rand -base64 12 > token && export TOKEN=`/bin/cat token` ``` Create some test values you'd like to get in your fake ApplicationSet: @@ -25,7 +25,7 @@ Run the docker container: ```bash docker run \ - -v ./secret_vars.yaml:/var/run/argocd/secret_vars.yaml \ + -v ./secret_vars.yaml:/var/run/secret-plugin/secret_vars.yaml \ -v ./token:/var/run/argocd/token \ -p 4355:4355 \ jessebot/argocd-appset-secret-plugin:dev @@ -34,7 +34,7 @@ docker run \ Send a request for a vairable in your secret_vars.yaml: ```bash -curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $PLUGIN_TOKEN" -d \ +curl http://localhost:4355/api/v1/getparams.execute -H "Authorization: Bearer $TOKEN" -d \ '{ "applicationSetName": "fake-appset", "input": {