add staticSecretRenderInterval to injector (#621)

* make staticSecretRenderInterval default to empty string * update values schema to add staticSecretRenderInterval * add test for default value * adding changelog entry Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-11-06 11:07:25 +09:00 · 2021-11-06 11:07:25 +09:00 · c47ff33551
commit c47ff33551
parent 4db9e831ad
5 changed files with 38 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,8 @@
 ## Unreleased

+Improvements:
+* Added templateConfig.staticSecretRenderInterval annotation for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
 ## 0.17.1 (October 25th, 2021)

 Improvements:
--- a/templates/injector-deployment.yaml
+++ b/templates/injector-deployment.yaml
@ -109,6 +109,10 @@ spec:
              value: "{{ .Values.injector.agentDefaults.template }}"
            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
            - name: POD_NAME
              valueFrom:
--- a/test/unit/injector-deployment.bats
+++ b/test/unit/injector-deployment.bats
@ -168,7 +168,7 @@ load _helpers
  [ "${value}" = "RELEASE-NAME-vault-agent-injector-svc,RELEASE-NAME-vault-agent-injector-svc.${namespace:-default},RELEASE-NAME-vault-agent-injector-svc.${namespace:-default}.svc" ]
 }

-@test "injector/deployment: manual TLS adds volume mount" { 
+@test "injector/deployment: manual TLS adds volume mount" {
   cd `chart_dir`
   local object=$(helm template \
       --show-only templates/injector-deployment.yaml  \
@ -695,4 +695,29 @@ load _helpers
  local value=$(echo $object |
      yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE")) | .[] .value' | tee /dev/stderr)
  [ "${value}" = "false" ]
-}
+}
+
+@test "injector/deployment: agent default template_config.static_secret_render_interval" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/injector-deployment.yaml  \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
+  [ "${value}" = "" ]
+}
+
+@test "injector/deployment: can set agent template_config.static_secret_render_interval" {
+  cd `chart_dir`
+  local object=$(helm template \
+      --show-only templates/injector-deployment.yaml  \
+      --set='injector.agentDefaults.templateConfig.staticSecretRenderInterval=1m' \
+      . | tee /dev/stderr |
+      yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
+
+  local value=$(echo $object |
+      yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
+  [ "${value}" = "1m" ]
+}
--- a/values.schema.json
+++ b/values.schema.json
@ -205,6 +205,9 @@
                            "properties": {
                                "exitOnRetryFailure": {
                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
                                }
                            }
                        }
--- a/values.yaml
+++ b/values.yaml
@ -85,6 +85,7 @@ injector:
    # Default values within Agent's template_config stanza.
    templateConfig:
      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""

  # Mount Path of the Vault Kubernetes Auth Method.
  authPath: "auth/kubernetes"