Added default fedramp endpoint for FedRamp scenarios

wiz-sec · Nov 6, 2024 · 134b1e3 · 134b1e3
1 parent 038f676
commit 134b1e3
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 5 deletions.
diff --git a/wiz-admission-controller/templates/_helpers.tpl b/wiz-admission-controller/templates/_helpers.tpl
@@ -348,7 +348,7 @@ Clean the list of deployments for the auto-update flag, removing quotes and brac
       optional: false
 {{- end }}
 - name: WIZ_ENV
-  value: {{ coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote }}
+  value: {{ include "wiz-admission-controller.clientEndpoint" . }}
 {{- if or .Values.global.httpProxyConfiguration.enabled .Values.httpProxyConfiguration.enabled }}
 - name: HTTP_PROXY
   valueFrom:
@@ -414,3 +414,12 @@ publicregistryfedrampwizio.azurecr.us/wiz-app/wiz-admission-controller-fips:{{ .
 {{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.repository .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
 {{- end -}}
 {{- end -}}
+
+{{- define "wiz-admission-controller.clientEndpoint" -}}
+{{- $clientEndpoint := coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote -}}
+{{- if and (empty $clientEndpoint) .Values.global.isFedRamp -}}
+  "fedramp"
+{{- else -}}
+  {{ $clientEndpoint }}
+{{- end -}}
+{{- end -}}
diff --git a/wiz-broker/templates/_helpers.tpl b/wiz-broker/templates/_helpers.tpl
@@ -111,3 +111,12 @@ publicregistryfedrampwizio.azurecr.us/wiz-app/wiz-broker-fips:{{ .Values.image.t
 {{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.repository .Values.image.repository }}:{{ coalesce .Values.global.image.tag .Values.image.tag | default .Chart.AppVersion }}
 {{- end -}}
 {{- end -}}
+
+{{- define "wiz-broker.clientEndpoint" -}}
+{{- $clientEndpoint := coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote -}}
+{{- if and (empty $clientEndpoint) .Values.global.isFedRamp -}}
+  "fedramp"
+{{- else -}}
+  {{ $clientEndpoint }}
+{{- end -}}
+{{- end -}}
diff --git a/wiz-broker/templates/wiz-broker-deployment.yaml b/wiz-broker/templates/wiz-broker-deployment.yaml
@@ -105,7 +105,7 @@ spec:
             value: {{ .Values.global.logLevel }}
           {{- end }}
           - name: WIZ_ENV
-            value: {{ coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote }}
+            value: {{ include "wiz-broker.clientEndpoint" . }}
           {{- if not .Values.wizApiToken.usePodCustomEnvironmentVariablesFile }}
           - name: WIZ_CLIENT_ID
             valueFrom:

diff --git a/wiz-kubernetes-connector/Chart.yaml b/wiz-kubernetes-connector/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.2.1
+version: 3.2.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/wiz-kubernetes-connector/templates/_helpers.tpl b/wiz-kubernetes-connector/templates/_helpers.tpl
@@ -233,3 +233,12 @@ publicregistryfedrampwizio.azurecr.us/wiz-app/wiz-broker-fips:{{ .Values.image.t
 {{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.repository .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
 {{- end -}}
 {{- end -}}
+
+{{- define "wiz-broker.clientEndpoint" -}}
+{{- $clientEndpoint := coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote -}}
+{{- if and (empty $clientEndpoint) .Values.global.isFedRamp -}}
+  "fedramp"
+{{- else -}}
+  {{ $clientEndpoint }}
+{{- end -}}
+{{- end -}}
diff --git a/wiz-kubernetes-connector/templates/job-create-connector.yaml b/wiz-kubernetes-connector/templates/job-create-connector.yaml
@@ -115,7 +115,7 @@ spec:
                 optional: false
           {{- end }}
           - name: WIZ_ENV
-            value: {{ coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote }}
+            value: {{ include "wiz-broker.clientEndpoint" . }}
           {{- if (or .Values.global.httpProxyConfiguration.enabled .Values.httpProxyConfiguration.enabled) }}
           - name: HTTP_PROXY
             valueFrom:

diff --git a/wiz-kubernetes-connector/templates/job-delete-connector.yaml b/wiz-kubernetes-connector/templates/job-delete-connector.yaml
@@ -100,7 +100,7 @@ spec:
                 optional: false
           {{- end }}
           - name: WIZ_ENV
-            value: {{ .Values.wizApiToken.clientEndpoint | quote }}
+            value: {{ include "wiz-broker.clientEndpoint" . }}
           {{- if (or .Values.global.httpProxyConfiguration.enabled .Values.httpProxyConfiguration.enabled) }}
           - name: HTTP_PROXY
             valueFrom: