feat(platform-namespace-core): add validation for clusterSecretStore provider and refactor name generation

Signed-off-by: Arthur Le Roux <[email protected]>

Author: arthlr

charts/platform-namespace-core/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: platform-namespace-core
 description: A Helm chart that defines core Kubernetes platform namespaced resources
 type: application
-version: 0.3.1
+version: 0.3.2
 appVersion: "0.1.0"
 icon: https://avatars.githubusercontent.com/u/9391624?s=200&v=4
 home: https://github.com/wiremind/wiremind-helm-charts/tree/main/charts/platform-namespace-core

charts/platform-namespace-core/templates/_helpers.tpl

@@ -87,9 +87,19 @@ Validate the platform-namespace-core chart.
 ClusterSecretStore name definition.
 */}}
 {{- define "platform-namespace-core.cluster-secret-store.name" -}}
+{{- $providerName := index (keys .Values.clusterSecretStore.provider) 0 -}}
 {{- if eq .Values.namespace.labels.project "platform" -}}
-{{- printf "%s-platform-%s" .Values.clusterSecretStore.provider.name .Release.Name -}}
+{{- printf "%s-platform-%s" $providerName .Release.Name -}}
 {{- else -}}
-{{- printf "%s-%s" .Values.clusterSecretStore.provider.name .Release.Name -}}
+{{- printf "%s-%s" $providerName .Release.Name -}}
 {{- end -}}
 {{- end -}}
+
+# templates/_helpers.tpl
+{{- define "platform-namespace-core.cluster-secret-store.validate" -}}
+  {{- $prov := .Values.clusterSecretStore.provider -}}
+  {{- $count := len (keys $prov) -}}
+  {{- if ne $count 1 -}}
+    {{- fail (printf "clusterSecretStore.provider must contain exactly one provider, but found %d keys" $count) -}}
+  {{- end -}}
+{{- end -}}

charts/platform-namespace-core/templates/external-secrets/clustersecretstore.yaml

@@ -1,4 +1,5 @@
 {{- if .Values.clusterSecretStore.enabled -}}
+{{ include "platform-namespace-core.cluster-secret-store.validate" $ }}
 
 apiVersion: external-secrets.io/v1
 kind: ClusterSecretStore
@@ -8,7 +9,7 @@ metadata:
     {{- include "platform-namespace-core.labels" $ | nindent 4 }}
 spec:
   provider:
-    {{- tpl (toYaml .Values.clusterSecretStore.provider) . | nindent 4 }}
+    {{ tpl (toYaml .Values.clusterSecretStore.provider) $ | nindent 4 }}
   conditions:
     {{- if eq $.Values.namespace.labels.project "platform" }}
     - namespaces:

charts/platform-namespace-core/values.yaml

@@ -10,27 +10,8 @@ certManager:
 
 clusterSecretStore:
   enabled: false
-  provider:
-    # Example configuration for AWS Provider
-    # Full documentation for all providers: https://external-secrets.io/latest/provider
-    aws:
-      service: SecretsManager
-      role: iam-role
-      region: eu-central-1
-      auth:
-        secretRef:
-          accessKeyIDSecretRef:
-            namespace: external-secrets
-            name: awssm-secret
-            key: access-key
-          secretAccessKeySecretRef:
-            namespace: external-secrets
-            name: awssm-secret
-            key: secret-access-key
-        jwt:
-          serviceAccountRef:
-            name: my-serviceaccount
-            namespace: sa-namespace
+  # Full documentation for all providers: https://external-secrets.io/latest/provider
+  provider: {}
 
 gitlabRunnersConfig:
   enabled: false