From d42ea6d982ccacbce710a7a74d10335964f4059d Mon Sep 17 00:00:00 2001 From: jessebot Date: Sat, 2 Dec 2023 12:29:58 +0100 Subject: [PATCH] add APP_ID to default credentials secret and allow it to be passed in as plain text in the values.yaml; fix ci ci: add the app ID to the default tests for ci also update docs via helm-docs --- .github/workflows/ci-helm-lint-test.yml | 3 ++- charts/bitwarden-eso-provider/README.md | 1 + charts/bitwarden-eso-provider/templates/credentials.yaml | 1 + charts/bitwarden-eso-provider/values.yaml | 2 ++ 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-helm-lint-test.yml b/.github/workflows/ci-helm-lint-test.yml index 63c923d..b86fc93 100644 --- a/.github/workflows/ci-helm-lint-test.yml +++ b/.github/workflows/ci-helm-lint-test.yml @@ -55,6 +55,7 @@ jobs: run: | ct install --target-branch ${{ github.event.repository.default_branch }} \ --helm-extra-set-args="--set=bitwarden_eso_provider.create_cluster_secret_store=false \ + --set=bitwarden_eso_provider.auth.appID=${{ secrets.BOT_APP_ID }} \ --set=bitwarden_eso_provider.auth.password=${{ secrets.BOT_PASSWORD }} \ --set=bitwarden_eso_provider.auth.clientID=${{ secrets.BOT_CLIENT_ID }} \ - --set=bitwarden_eso_provider.auth.clientSecret=${{ secrets.BOT_CLIENT_SECRET }}" \ No newline at end of file + --set=bitwarden_eso_provider.auth.clientSecret=${{ secrets.BOT_CLIENT_SECRET }}" diff --git a/charts/bitwarden-eso-provider/README.md b/charts/bitwarden-eso-provider/README.md index ba9ed1e..ebb1ef3 100644 --- a/charts/bitwarden-eso-provider/README.md +++ b/charts/bitwarden-eso-provider/README.md @@ -20,6 +20,7 @@ Helm chart to use Bitwarden as a Provider for External Secrets Operator | autoscaling.maxReplicas | int | `100` | max number of pods to spin up | | autoscaling.minReplicas | int | `1` | minimum number of pods to keep | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| bitwarden_eso_provider.auth.appID | string | `""` | optional bitwarden app ID to identify your pod to the Bitwarden server so that you don't receieve infinite email notifications every login | | bitwarden_eso_provider.auth.clientID | string | `""` | bitwarden client ID to use to grabs secrets in the pod, ignored if existingSecret is set | | bitwarden_eso_provider.auth.clientSecret | string | `""` | bitwarden client Secret to use to grabs secrets in the pod, ignored if existingSecret is set | | bitwarden_eso_provider.auth.existingSecret | string | `""` | use an existing secret for bitwarden credentials, ignores above credentials if this is set | diff --git a/charts/bitwarden-eso-provider/templates/credentials.yaml b/charts/bitwarden-eso-provider/templates/credentials.yaml index c877021..1eb9f9c 100644 --- a/charts/bitwarden-eso-provider/templates/credentials.yaml +++ b/charts/bitwarden-eso-provider/templates/credentials.yaml @@ -10,4 +10,5 @@ data: BW_PASSWORD: {{ .Values.bitwarden_eso_provider.auth.password | b64enc | quote}} BW_CLIENTID: {{ .Values.bitwarden_eso_provider.auth.clientID | b64enc | quote}} BW_CLIENTSECRET: {{ .Values.bitwarden_eso_provider.auth.clientSecret | b64enc | quote}} + BW_APPID: {{ .Values.bitwarden_eso_provider.auth.appID | b64enc | quote }} {{- end }} diff --git a/charts/bitwarden-eso-provider/values.yaml b/charts/bitwarden-eso-provider/values.yaml index 267ecc3..ba5adae 100644 --- a/charts/bitwarden-eso-provider/values.yaml +++ b/charts/bitwarden-eso-provider/values.yaml @@ -29,6 +29,8 @@ bitwarden_eso_provider: clientSecret: "" # -- bitwarden client ID to use to grabs secrets in the pod, ignored if existingSecret is set clientID: "" + # -- optional bitwarden app ID to identify your pod to the Bitwarden server so that you don't receieve infinite email notifications every login + appID: "" # -- bitwarden hostname to use to grab secrets in the pod, ignored if existingSecret is set host: "https://bitwarden.com" # -- use an existing secret for bitwarden credentials, ignores above credentials if this is set