defenseunicorns · ericwyles · Apr 30, 2024 · Mar 29, 2024 · Apr 4, 2024 · Apr 5, 2024
diff --git a/chart/templates/sonarqube-sso-secret.yaml b/chart/templates/sonarqube-sso-secret.yaml
@@ -0,0 +1,16 @@
+# This secret will be used if sso is disabled, instead of the templated one in uds-package.yaml. 
+# Sonarqube needs to mount the secret and creating it this way avoids creating an unnecessary 
+# client in the keycloak realm and unnecessary secret data in the cluster.
+{{- if not .Values.sso.enabled }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.sso.secretName }}
+  namespace:  {{ .Release.Namespace }}
+type: "Opaque"
+stringData:
+  secret.properties: |
+    sonar.auth.saml.enabled: {{ .Values.sso.enabled }}
+
+{{- end }}
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
@@ -4,6 +4,7 @@ metadata:
   name: sonarqube
   namespace: {{ .Release.Namespace }}
 spec:
+  {{- if .Values.sso.enabled }}
   sso:
     - name: SonarQube Login
       clientId: uds-swf-sonarqube
@@ -18,7 +19,7 @@ spec:
       attributes:
         saml.client.signature: "false"
 
-      secretName: sonarqube-sso
+      secretName: {{ .Values.sso.secretName }}
       # This secret template configures the sonarqube saml support documented here: https://docs.sonarsource.com/sonarqube/latest/instance-administration/authentication/saml/overview/
       secretTemplate:
         secret.properties: |
@@ -32,6 +33,7 @@ spec:
             sonar.auth.saml.user.name: name
             sonar.auth.saml.user.email: email
             sonar.auth.saml.certificate.secured: clientField(samlIdpCertificate)
+  {{- end }}
   network:
     expose:
       - service: sonarqube-sonarqube

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -1,5 +1,6 @@
 domain: "###ZARF_VAR_DOMAIN###"
 sso:
   enabled: true
+  secretName: "###ZARF_VAR_SONARQUBE_SSO_SECRET_NAME###"
   saml:
     providerName: Keycloak # This is displayed on the SonarQube landing screen ("Log in with <providerName>")
diff --git a/values/common-values.yaml b/values/common-values.yaml
@@ -5,7 +5,7 @@ edition: "community"
 
 # Name of the secret from which to load additional properties: https://community.sonarsource.com/t/additional-sonar-properties-to-load-from-a-secret/73748
 # This secret will be created by the uds operator based on the sso spec defined in chart/templates/uds-package.yaml
-sonarSecretProperties: sonarqube-sso
+sonarSecretProperties: "###ZARF_VAR_SONARQUBE_SSO_SECRET_NAME###"
 
 monitoring:
   enabled: true

@@ -20,6 +20,8 @@ variables:
     default: "sonarqube"
   - name: SONARQUBE_DB_ENDPOINT
     default: "postgres"
+  - name: SONARQUBE_SSO_SECRET_NAME
+    default: "sonarqube-sso"
 
 components:
   - name: sonarqube