Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add staticSecretRenderInterval to injector (#621)

Browse source 
* make staticSecretRenderInterval default to empty string

* update values schema to add staticSecretRenderInterval

* add test for default value

* adding changelog entry

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
This commit is contained in:
Kaito Ii 2021-11-06 11:07:25 +09:00 committed by GitHub
parent 4db9e831ad
commit c47ff33551
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 38 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -1,5 +1,8 @@
## Unreleased ## Unreleased
Improvements:
* Added templateConfig.staticSecretRenderInterval annotation for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
## 0.17.1 (October 25th, 2021) ## 0.17.1 (October 25th, 2021)
Improvements: Improvements:

4
templates/injector-deployment.yaml
View file

@ -109,6 +109,10 @@ spec:
value: "{{ .Values.injector.agentDefaults.template }}" value: "{{ .Values.injector.agentDefaults.template }}"
- name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}" value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
{{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
- name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
{{- end }}
{{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }} {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
- name: POD_NAME - name: POD_NAME
valueFrom: valueFrom:

25
test/unit/injector-deployment.bats
View file

@ -696,3 +696,28 @@ load _helpers
yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE")) | .[] .value' | tee /dev/stderr) yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE")) | .[] .value' | tee /dev/stderr)
[ "${value}" = "false" ] [ "${value}" = "false" ]
} }
@test "injector/deployment: agent default template_config.static_secret_render_interval" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $object |
yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
[ "${value}" = "" ]
}
@test "injector/deployment: can set agent template_config.static_secret_render_interval" {
cd `chart_dir`
local object=$(helm template \
--show-only templates/injector-deployment.yaml \
--set='injector.agentDefaults.templateConfig.staticSecretRenderInterval=1m' \
. | tee /dev/stderr |
yq -r '.spec.template.spec.containers[0].env' | tee /dev/stderr)
local value=$(echo $object |
yq -r 'map(select(.name=="AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL")) | .[] .value' | tee /dev/stderr)
[ "${value}" = "1m" ]
}

3
values.schema.json
View file

@ -205,6 +205,9 @@
"properties": { "properties": {
"exitOnRetryFailure": { "exitOnRetryFailure": {
"type": "boolean" "type": "boolean"
},
"staticSecretRenderInterval": {
"type": "string"
} }
} }
} }

1
values.yaml
View file

@ -85,6 +85,7 @@ injector:
# Default values within Agent's template_config stanza. # Default values within Agent's template_config stanza.
templateConfig: templateConfig:
exitOnRetryFailure: true exitOnRetryFailure: true
staticSecretRenderInterval: ""
# Mount Path of the Vault Kubernetes Auth Method. # Mount Path of the Vault Kubernetes Auth Method.
authPath: "auth/kubernetes" authPath: "auth/kubernetes"