From e750de78b2fea6be1fc94723957ab0b6ccf70c85 Mon Sep 17 00:00:00 2001
From: ekneg54 <ekneg54@pm.me>
Date: Fri, 12 Jul 2024 11:48:45 +0200
Subject: [PATCH] add ability to use secret values in environment variables

---
 charts/logprep/templates/deployment.yaml |  5 ++---
 charts/logprep/values.yaml               | 13 +++++++++---
 tests/unit/charts/test_deployment.py     | 27 +++++++++++++++++++++++-
 3 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/charts/logprep/templates/deployment.yaml b/charts/logprep/templates/deployment.yaml
index 7ad1430a3..2547d49e5 100644
--- a/charts/logprep/templates/deployment.yaml
+++ b/charts/logprep/templates/deployment.yaml
@@ -68,9 +68,8 @@ spec:
             - name: REQUESTS_CA_BUNDLE
               value: /home/logprep/certificates/{{ .Values.secrets.certificates.name }}
             {{- end }}
-            {{- range $key, $value := .Values.environment }}
-            - name: {{ $key }}
-              value: {{ $value }}
+            {{- if .Values.environment }}
+            {{- toYaml .Values.environment  | nindent 12 }}
             {{- end }}
           volumeMounts:
             - name: logprep-temp
diff --git a/charts/logprep/values.yaml b/charts/logprep/values.yaml
index fa918c80b..1e455f886 100644
--- a/charts/logprep/values.yaml
+++ b/charts/logprep/values.yaml
@@ -44,10 +44,17 @@ secrets: {}
 # Example:
 #
 # environment:
-#   MY_ENV_VAR: "my value"
-#   MY_OTHER_ENV_VAR: "my other value"
+#   - name: MY_VAR
+#     value: "my value"
+#   - name: MY_OTHER_VAR
+#     value: "my other value"
+#   - name: SECRET_USERNAME
+#     valueFrom:
+#       secretKeyRef:
+#         name: backend-user
+#         key: backend-username
 #
-environment: {}
+environment: []
 
 # Boolean to signal to use affinity to avoid deploying multiple instances of the
 # pod on the same node
diff --git a/tests/unit/charts/test_deployment.py b/tests/unit/charts/test_deployment.py
index f861ff47e..3ea3e01e3 100644
--- a/tests/unit/charts/test_deployment.py
+++ b/tests/unit/charts/test_deployment.py
@@ -358,10 +358,35 @@ def test_extra_secrets_are_mounted(self):
         assert mount
 
     def test_environment_variables_are_populated(self):
-        logprep_values = {"environment": {"MY_VAR": "my_value", "MY_OTHER_VAR": "my_other_value"}}
+        logprep_values = {
+            "environment": [
+                {"name": "MY_VAR", "value": "my_value"},
+                {"name": "MY_OTHER_VAR", "value": "my_other_value"},
+            ]
+        }
         self.manifests = self.render_chart("logprep", logprep_values)
         env = self.deployment["spec.template.spec.containers.0.env"]
         my_var = [variable for variable in env if variable["name"] == "MY_VAR"].pop()
         assert my_var["value"] == "my_value"
         my_var = [variable for variable in env if variable["name"] == "MY_OTHER_VAR"].pop()
         assert my_var["value"] == "my_other_value"
+
+    def test_environment_variables_populated_from_secrets(self):
+        logprep_values = {
+            "environment": [
+                {
+                    "name": "MY_VAR",
+                    "value": "my_value",
+                },
+                {
+                    "name": "MY_OTHER_VAR",
+                    "valueFrom": {"secretKeyRef": {"name": "my-secret", "key": "my-key"}},
+                },
+            ]
+        }
+        self.manifests = self.render_chart("logprep", logprep_values)
+        env = self.deployment["spec.template.spec.containers.0.env"]
+        my_var = [variable for variable in env if variable["name"] == "MY_VAR"].pop()
+        assert my_var["value"] == "my_value"
+        my_var = [variable for variable in env if variable["name"] == "MY_OTHER_VAR"].pop()
+        assert my_var["valueFrom"]["secretKeyRef"]["name"] == "my-secret"