grafana · petewall · Nov 8, 2024 · Nov 7, 2024 · Nov 8, 2024 · Nov 8, 2024
@@ -8,6 +8,7 @@ ignore:
   - .git
   - data-alloy
   - node_modules
+  - charts/k8s-monitoring/vendir.lock.yml
   - charts/k8s-monitoring/docs/examples/**/output.yaml
   - charts/k8s-monitoring-v1/docs/examples/**/output.yaml
   - charts/**/templates

@@ -9,6 +9,12 @@ INTEGRATION_VALUES_FILES = $(shell find integrations -name "*-values.yaml" | sor
 INTEGRATION_DOCS_FILES = $(INTEGRATION_VALUES_FILES:integrations/%-values.yaml=./docs/integrations/%.md)
 INTEGRATION_SCHEMA_FILES = $(INTEGRATION_VALUES_FILES:integrations/%-values.yaml=./schema-mods/definitions/%-integration.schema.json)
 
+templates/secrets/_helpers.tpl: ../k8s-monitoring/templates/secrets/_helpers.tpl
+	cp $< $@
+
+templates/secrets/_secret.alloy.tpl: ../k8s-monitoring/templates/secrets/_secret.alloy.tpl
+	cp $< $@
+
 Chart.lock: Chart.yaml
 	helm dependency update .
 	touch Chart.lock # Ensure the timestamp is updated
@@ -67,13 +73,13 @@ endif
 
 .PHONY: clean
 clean:
-	rm -f README.md values.schema.json schema-mods/integration-list.json templates/_integration_types.tpl
+	rm -f README.md values.schema.json schema-mods/integration-list.json templates/_integration_types.tpl templates/secrets/_helpers.tpl templates/secrets/_secret.alloy.tpl
 	rm -f $(UPDATECLI_FILES)
 	rm -f $(INTEGRATION_SCHEMA_FILES)
 	rm -f $(INTEGRATION_DOCS_FILES)
 
 .PHONY: build
-build: README.md $(INTEGRATION_DOCS_FILES) Chart.lock values.schema.json templates/_integration_types.tpl $(UPDATECLI_FILES)
+build: README.md $(INTEGRATION_DOCS_FILES) Chart.lock values.schema.json templates/_integration_types.tpl templates/secrets/_helpers.tpl templates/secrets/_secret.alloy.tpl $(UPDATECLI_FILES)
 
 .PHONY: test
 test: build

@@ -8,8 +8,9 @@
 {{/* Inputs: . (user of the secret, needs name, secret, auth) */}}
 {{- define "secrets.secretType" }}
 {{- if hasKey . "secret" }}
-  {{- if .secret.embed -}}embedded
+  {{- if eq .secret.embed true -}}embedded
   {{- else if eq .secret.create false -}}external
+  {{- else }}create
   {{- end }}
 {{- else -}}
 create
@@ -31,7 +32,7 @@ create
 {{- $value -}}
 {{- end -}}
 
-{{/*Determine the key to access a secret value within a secret component*/}}
+{{/* Determine the key to access a secret value within a secret component */}}
 {{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
 {{- define "secrets.getSecretKey" -}}
 {{- $value := .object -}}
@@ -47,6 +48,22 @@ create
 {{- $value -}}
 {{- end -}}
 
+{{/* Determine if a key was defined by the user */}}
+{{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
+{{- define "secrets.isSecretKeyDefined" -}}
+{{- $found := true}}
+{{- $value := .object -}}
+{{- range $pathPart := (regexSplit "\\." (printf "%sKey" .key) -1) -}}  {{/* "path.to.auth.password" --> ["path", "to", "auth" "passwordKey"] */}}
+{{- if hasKey $value $pathPart -}}
+  {{- $value = (index $value $pathPart) -}}
+{{- else -}}
+  {{- $found = false -}}
+  {{- break -}}
+{{- end -}}
+{{- end -}}
+{{- $found -}}
+{{- end -}}
+
 {{/*Determine the path to the secret value*/}}
 {{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value) */}}
 {{- define "secrets.getSecretValue" }}
@@ -83,7 +100,13 @@ remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{
 {{/* Determines if the object will reference a secret value */}}
 {{/* Inputs: object (user of the secret, needs name, secret, auth), key (path to secret value), nonsensitive */}}
 {{- define "secrets.usesSecret" -}}
-{{- if eq (include "secrets.read" .) "" }}false{{- else -}}true{{- end -}}
+{{- $secretType := (include "secrets.secretType" .object) }}
+{{- $ref := include "secrets.getSecretFromRef" . -}}
+{{- $value := include "secrets.getSecretValue" . -}}
+{{- if (not (eq $ref "")) }}true
+{{- else if (eq $secretType "external") }}true
+{{- else if (eq $value "") }}false
+{{- else -}}true{{- end -}}
 {{- end -}}
 
 {{/* Determines if the object will reference a Kubernetes secret */}}
@@ -95,10 +118,12 @@ remote.kubernetes.secret.{{ include "helper.alloy_name" .object.name }}.data[{{
   {{- $usesK8sSecret := false }}
   {{- range $secret := include (printf "secrets.list.%s" .type) . | fromYamlArray }}
     {{- $ref := include "secrets.getSecretFromRef" (dict "object" $ "key" $secret) -}}
-    {{- $key := include "secrets.getSecretKey" (dict "object" $ "key" $secret) -}}
+    {{- $keyDefined := include "secrets.isSecretKeyDefined" (dict "object" $ "key" $secret) -}}
     {{- $value := include "secrets.getSecretValue" (dict "object" $ "key" $secret) -}}
-    {{- if or (and (eq $secretType "external") $key) (and $value (not $ref)) }}
-      {{- $usesK8sSecret = true }}
+    {{- if (eq $secretType "external") }}
+      {{- if eq $keyDefined "true" }}{{- $usesK8sSecret = true }}{{ break }}{{- end }}
+    {{- else }}
+      {{- if and $value (not $ref) }}{{- $usesK8sSecret = true }}{{ break }}{{- end }}
     {{- end }}
   {{- end }}
 {{- $usesK8sSecret -}}

@@ -204,7 +204,7 @@ tests:
               dataSource:
                 host: test-database-mysql.mysql.svc
                 auth:
-                  usernameFrom: "\"root\""
+                  usernameFrom: env(MYSQL_ROOT_USER)
                   passwordKey: mysql-root-password
             secret:
               create: false
@@ -231,7 +231,7 @@ tests:
 
               prometheus.exporter.mysql "test_database" {
                 data_source_name = string.format("%s:%s@(%s:%d)/",
-                  "root",
+                  env(MYSQL_ROOT_USER),
                   remote.kubernetes.secret.test_database.data["mysql-root-password"],
                   "test-database-mysql.mysql.svc",
                   3306,

@@ -39,4 +39,4 @@ dependencies:
   repository: https://grafana.github.io/helm-charts
   version: 0.9.2
 digest: sha256:f5738b270a715d0fd122f5db19a928aceb4470a21314366cd91b8535fbcdbbee
-generated: "2024-11-07T09:59:57.476552-06:00"
+generated: "2024-11-08T08:16:51.073548-06:00"