add ability to use secret values in environment variables

fkie-cad · Jul 12, 2024 · e750de7 · e750de7
1 parent db9fec2
commit e750de7
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 7 deletions.
diff --git a/charts/logprep/templates/deployment.yaml b/charts/logprep/templates/deployment.yaml
@@ -68,9 +68,8 @@ spec:
             - name: REQUESTS_CA_BUNDLE
               value: /home/logprep/certificates/{{ .Values.secrets.certificates.name }}
             {{- end }}
-            {{- range $key, $value := .Values.environment }}
-            - name: {{ $key }}
-              value: {{ $value }}
+            {{- if .Values.environment }}
+            {{- toYaml .Values.environment  | nindent 12 }}
             {{- end }}
           volumeMounts:
             - name: logprep-temp

diff --git a/charts/logprep/values.yaml b/charts/logprep/values.yaml
@@ -44,10 +44,17 @@ secrets: {}
 # Example:
 #
 # environment:
-#   MY_ENV_VAR: "my value"
-#   MY_OTHER_ENV_VAR: "my other value"
+#   - name: MY_VAR
+#     value: "my value"
+#   - name: MY_OTHER_VAR
+#     value: "my other value"
+#   - name: SECRET_USERNAME
+#     valueFrom:
+#       secretKeyRef:
+#         name: backend-user
+#         key: backend-username
 #
-environment: {}
+environment: []
 
 # Boolean to signal to use affinity to avoid deploying multiple instances of the
 # pod on the same node

diff --git a/tests/unit/charts/test_deployment.py b/tests/unit/charts/test_deployment.py
@@ -358,10 +358,35 @@ def test_extra_secrets_are_mounted(self):
         assert mount
 
     def test_environment_variables_are_populated(self):
-        logprep_values = {"environment": {"MY_VAR": "my_value", "MY_OTHER_VAR": "my_other_value"}}
+        logprep_values = {
+            "environment": [
+                {"name": "MY_VAR", "value": "my_value"},
+                {"name": "MY_OTHER_VAR", "value": "my_other_value"},
+            ]
+        }
         self.manifests = self.render_chart("logprep", logprep_values)
         env = self.deployment["spec.template.spec.containers.0.env"]
         my_var = [variable for variable in env if variable["name"] == "MY_VAR"].pop()
         assert my_var["value"] == "my_value"
         my_var = [variable for variable in env if variable["name"] == "MY_OTHER_VAR"].pop()
         assert my_var["value"] == "my_other_value"
+
+    def test_environment_variables_populated_from_secrets(self):
+        logprep_values = {
+            "environment": [
+                {
+                    "name": "MY_VAR",
+                    "value": "my_value",
+                },
+                {
+                    "name": "MY_OTHER_VAR",
+                    "valueFrom": {"secretKeyRef": {"name": "my-secret", "key": "my-key"}},
+                },
+            ]
+        }
+        self.manifests = self.render_chart("logprep", logprep_values)
+        env = self.deployment["spec.template.spec.containers.0.env"]
+        my_var = [variable for variable in env if variable["name"] == "MY_VAR"].pop()
+        assert my_var["value"] == "my_value"
+        my_var = [variable for variable in env if variable["name"] == "MY_OTHER_VAR"].pop()
+        assert my_var["valueFrom"]["secretKeyRef"]["name"] == "my-secret"