Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Added support for templates in external secrets #5874

Merged
merged 10 commits into from
Sep 27, 2024

Conversation

Ash-exp
Copy link
Contributor

@Ash-exp Ash-exp commented Sep 20, 2024

Description

Add support for templates in external secrets

Fixes https://github.com/devtron-labs/sprint-tasks/issues/934, #5861, #5321

New ESO support from future reference charts
deployment.yaml

{{if (or (eq .externalType "ESO_GoogleSecretsManager") (eq .externalType "ESO_AWSSecretsManager") (eq .externalType "ESO_HashiCorpVault") (eq .externalType "ESO_AzureSecretsManager"))}}
          {{- if and (.esoSubPath) (ne (len .esoSubPath) 0) }}
          {{- range .esoSubPath }}
            - name: {{ $cmName | replace "." "-"}}-vol
              mountPath: {{ $cmMountPath}}/{{ . }}
              subPath: {{ . }}  
          {{- end }}
          {{- else }}
          {{- range .esoSecretData.esoData }}
            - name: {{ $cmName | replace "." "-"}}-vol
              mountPath: {{ $cmMountPath}}/{{ .secretKey }}
              subPath: {{ .secretKey }}  
          {{- end }}
          {{- end }}
          {{- else }}             
          {{- range $k, $v := .data }}
            - name: {{ $cmName | replace "." "-"}}-vol
              mountPath: {{ $cmMountPath}}/{{ $k}}
              subPath: {{ $k}}
          {{- end }}
          {{- end }}

externalsecrets.yaml

  target:
    name: {{ .name}}
    creationPolicy: Owner
    {{- if .esoSecretData.template }}
    template:
      {{- toYaml .esoSecretData.template | nindent 6 }}
    {{- end }}
  {{- if .esoSecretData.esoDataFrom }}
  dataFrom:
    {{- toYaml .esoSecretData.esoDataFrom | nindent 4 }}
  {{- else }}
  data:
  {{- range .esoSecretData.esoData }}
  - secretKey: {{ .secretKey }}
    remoteRef:
        key: {{ .key }}
        {{- if .property }}
        property: {{ .property }}
        {{- end }}
  {{- end}}
  {{- end}}

Checklist:

  • The title of the PR states what changed and the related issues number (used for the release note).
  • Does this PR requires documentation updates?
  • I've updated documentation as required by this PR.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have tested it for all user roles.
  • I have added all the required unit/api test cases.

Does this PR introduce a user-facing change?


@Ash-exp Ash-exp self-assigned this Sep 20, 2024
@Ash-exp Ash-exp changed the title Feat eso secret v2 feat: Added support for templates in external secrets Sep 20, 2024
Copy link

gitguardian bot commented Sep 26, 2024

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
10220829 Triggered Generic High Entropy Secret fb7b4fa charts/devtron/devtron-bom.yaml View secret
10220829 Triggered Generic High Entropy Secret fb7b4fa charts/devtron/values.yaml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider


🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Copy link

sonarcloud bot commented Sep 26, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

@Ash-exp Ash-exp changed the base branch from main to develop September 26, 2024 13:59
@Ash-exp Ash-exp merged commit c54fc03 into develop Sep 27, 2024
9 of 11 checks passed
@Ash-exp Ash-exp deleted the feat-eso-secret-v2 branch September 27, 2024 11:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request PR:Ready-to-Review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Bug: Deployment History of External Secret Not Displaying in UI
2 participants