Have the integrations secret template code copy from the parent chart.

Signed-off-by: Pete Wall <pete.wall@grafana.com>
grafana · Nov 8, 2024 · 5bea4e1 · 5bea4e1
1 parent 08c5a2f
commit 5bea4e1
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 8 deletions.
diff --git a/charts/feature-integrations/Makefile b/charts/feature-integrations/Makefile
@@ -9,6 +9,12 @@ INTEGRATION_VALUES_FILES = $(shell find integrations -name "*-values.yaml" | sor
 INTEGRATION_DOCS_FILES = $(INTEGRATION_VALUES_FILES:integrations/%-values.yaml=./docs/integrations/%.md)
 INTEGRATION_SCHEMA_FILES = $(INTEGRATION_VALUES_FILES:integrations/%-values.yaml=./schema-mods/definitions/%-integration.schema.json)
 
+templates/secrets/_helpers.tpl: ../k8s-monitoring/templates/secrets/_helpers.tpl
+	cp $< $@
+
+templates/secrets/_secret.alloy.tpl: ../k8s-monitoring/templates/secrets/_secret.alloy.tpl
+	cp $< $@
+
 Chart.lock: Chart.yaml
 	helm dependency update .
 	touch Chart.lock # Ensure the timestamp is updated
@@ -67,13 +73,13 @@ endif
 
 .PHONY: clean
 clean:
-	rm -f README.md values.schema.json schema-mods/integration-list.json templates/_integration_types.tpl
+	rm -f README.md values.schema.json schema-mods/integration-list.json templates/_integration_types.tpl templates/secrets/_helpers.tpl templates/secrets/_secret.alloy.tpl
 	rm -f $(UPDATECLI_FILES)
 	rm -f $(INTEGRATION_SCHEMA_FILES)
 	rm -f $(INTEGRATION_DOCS_FILES)
 
 .PHONY: build
-build: README.md $(INTEGRATION_DOCS_FILES) Chart.lock values.schema.json templates/_integration_types.tpl $(UPDATECLI_FILES)
+build: README.md $(INTEGRATION_DOCS_FILES) Chart.lock values.schema.json templates/_integration_types.tpl templates/secrets/_helpers.tpl templates/secrets/_secret.alloy.tpl $(UPDATECLI_FILES)
 
 .PHONY: test
 test: build

diff --git a/charts/feature-integrations/templates/secrets/_helpers.tpl b/charts/feature-integrations/templates/secrets/_helpers.tpl
@@ -8,8 +8,9 @@
 {{/* Inputs: . (user of the secret, needs name, secret, auth) */}}
 {{- define "secrets.secretType" }}
 {{- if hasKey . "secret" }}
-  {{- if .secret.embed -}}embedded
+  {{- if eq .secret.embed true -}}embedded
   {{- else if eq .secret.create false -}}external
+  {{- else }}create
   {{- end }}
 {{- else -}}
 create
@@ -31,7 +32,7 @@ create
 {{- $value -}}
 {{- end -}}
 
-{{/*Determine the key to access a secret value within a secret component*/}}
+{{/* Determine the key to access a secret value within a secret component */}}
 {{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
 {{- define "secrets.getSecretKey" -}}
 {{- $value := .object -}}
@@ -47,6 +48,22 @@ create
 {{- $value -}}
 {{- end -}}
 
+{{/* Determine if a key was defined by the user */}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
+{{- define "secrets.isSecretKeyDefined" -}}
+{{- $found := true}}
+{{- $value := .object -}}
+{{- range $pathPart := (regexSplit "\\." (printf "%sKey" .key) -1) -}}  {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordKey"] */}}
+{{- if hasKey $value $pathPart -}}
+  {{- $value = (index $value $pathPart) -}}
+{{- else -}}
+  {{- $found = false -}}
+  {{- break -}}
+{{- end -}}
+{{- end -}}
+{{- $found -}}
+{{- end -}}
+
 {{/*Determine the path to the secret value*/}}
 {{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
 {{- define "secrets.getSecretValue" }}
@@ -83,7 +100,13 @@ remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{
 {{/* Determines if the object will reference a secret value */}}
 {{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value), nonsensitive */}}
 {{- define "secrets.usesSecret" -}}
-{{- if eq (include "secrets.read" .) "" }}false{{- else -}}true{{- end -}}
+{{- $secretType := (include "secrets.secretType" .) }}
+{{- $ref := include "secrets.getSecretFromRef" . -}}
+{{- $value := include "secrets.getSecretValue" . -}}
+{{- if (not (eq $ref "")) }}false
+{{- else if eq $secretType "external" }}true
+{{- else if (eq $value "") }}false
+{{- else -}}true{{- end -}}
 {{- end -}}
 
 {{/* Determines if the object will reference a Kubernetes secret */}}
@@ -95,10 +118,12 @@ remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{
   {{- $usesK8sSecret := false }}
   {{- range $secret := include (printf "secrets.list.%s" .type) . | fromYamlArray }}
     {{- $ref := include "secrets.getSecretFromRef" (dict "object" $ "key" $secret) -}}
-    {{- $key := include "secrets.getSecretKey" (dict "object" $ "key" $secret) -}}
+    {{- $keyDefined := include "secrets.isSecretKeyDefined" (dict "object" $ "key" $secret) -}}
     {{- $value := include "secrets.getSecretValue" (dict "object" $ "key" $secret) -}}
-    {{- if or (and (eq $secretType "external") $key) (and $value (not $ref)) }}
-      {{- $usesK8sSecret = true }}
+    {{- if (eq $secretType "external") }}
+      {{- if eq $keyDefined "true" }}{{- $usesK8sSecret = true }}{{ break }}{{- end }}
+    {{- else }}
+      {{- if and $value (not $ref) }}{{- $usesK8sSecret = true }}{{ break }}{{- end }}
     {{- end }}
   {{- end }}
 {{- $usesK8sSecret -}}