From 134b1e36d00c5196305a4f349edeab54c817f3d6 Mon Sep 17 00:00:00 2001
From: Ofir Cohen <ofir.cohen@wiz.io>
Date: Wed, 6 Nov 2024 23:55:26 +0200
Subject: [PATCH] Added default fedramp endpoint for FedRamp scenarios

---
 wiz-admission-controller/templates/_helpers.tpl       | 11 ++++++++++-
 wiz-broker/templates/_helpers.tpl                     |  9 +++++++++
 wiz-broker/templates/wiz-broker-deployment.yaml       |  2 +-
 wiz-kubernetes-connector/Chart.yaml                   |  2 +-
 wiz-kubernetes-connector/templates/_helpers.tpl       |  9 +++++++++
 .../templates/job-create-connector.yaml               |  2 +-
 .../templates/job-delete-connector.yaml               |  2 +-
 7 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/wiz-admission-controller/templates/_helpers.tpl b/wiz-admission-controller/templates/_helpers.tpl
index 58367dd2..4574608e 100644
--- a/wiz-admission-controller/templates/_helpers.tpl
+++ b/wiz-admission-controller/templates/_helpers.tpl
@@ -348,7 +348,7 @@ Clean the list of deployments for the auto-update flag, removing quotes and brac
       optional: false
 {{- end }}
 - name: WIZ_ENV
-  value: {{ coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote }}
+  value: {{ include "wiz-admission-controller.clientEndpoint" . }}
 {{- if or .Values.global.httpProxyConfiguration.enabled .Values.httpProxyConfiguration.enabled }}
 - name: HTTP_PROXY
   valueFrom:
@@ -414,3 +414,12 @@ publicregistryfedrampwizio.azurecr.us/wiz-app/wiz-admission-controller-fips:{{ .
 {{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.repository .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
 {{- end -}}
 {{- end -}}
+
+{{- define "wiz-admission-controller.clientEndpoint" -}}
+{{- $clientEndpoint := coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote -}}
+{{- if and (empty $clientEndpoint) .Values.global.isFedRamp -}}
+  "fedramp"
+{{- else -}}
+  {{ $clientEndpoint }}
+{{- end -}}
+{{- end -}}
diff --git a/wiz-broker/templates/_helpers.tpl b/wiz-broker/templates/_helpers.tpl
index abd85d97..4ab180b2 100644
--- a/wiz-broker/templates/_helpers.tpl
+++ b/wiz-broker/templates/_helpers.tpl
@@ -111,3 +111,12 @@ publicregistryfedrampwizio.azurecr.us/wiz-app/wiz-broker-fips:{{ .Values.image.t
 {{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.repository .Values.image.repository }}:{{ coalesce .Values.global.image.tag .Values.image.tag | default .Chart.AppVersion }}
 {{- end -}}
 {{- end -}}
+
+{{- define "wiz-broker.clientEndpoint" -}}
+{{- $clientEndpoint := coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote -}}
+{{- if and (empty $clientEndpoint) .Values.global.isFedRamp -}}
+  "fedramp"
+{{- else -}}
+  {{ $clientEndpoint }}
+{{- end -}}
+{{- end -}}
diff --git a/wiz-broker/templates/wiz-broker-deployment.yaml b/wiz-broker/templates/wiz-broker-deployment.yaml
index b9de1019..538cb0ef 100644
--- a/wiz-broker/templates/wiz-broker-deployment.yaml
+++ b/wiz-broker/templates/wiz-broker-deployment.yaml
@@ -105,7 +105,7 @@ spec:
             value: {{ .Values.global.logLevel }}
           {{- end }}
           - name: WIZ_ENV
-            value: {{ coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote }}
+            value: {{ include "wiz-broker.clientEndpoint" . }}
           {{- if not .Values.wizApiToken.usePodCustomEnvironmentVariablesFile }}
           - name: WIZ_CLIENT_ID
             valueFrom:
diff --git a/wiz-kubernetes-connector/Chart.yaml b/wiz-kubernetes-connector/Chart.yaml
index 65da6011..d90a7e5f 100644
--- a/wiz-kubernetes-connector/Chart.yaml
+++ b/wiz-kubernetes-connector/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.2.1
+version: 3.2.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/wiz-kubernetes-connector/templates/_helpers.tpl b/wiz-kubernetes-connector/templates/_helpers.tpl
index 91b40041..9d2af0e8 100644
--- a/wiz-kubernetes-connector/templates/_helpers.tpl
+++ b/wiz-kubernetes-connector/templates/_helpers.tpl
@@ -233,3 +233,12 @@ publicregistryfedrampwizio.azurecr.us/wiz-app/wiz-broker-fips:{{ .Values.image.t
 {{ coalesce .Values.global.image.registry .Values.image.registry }}/{{ coalesce .Values.global.image.repository .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
 {{- end -}}
 {{- end -}}
+
+{{- define "wiz-broker.clientEndpoint" -}}
+{{- $clientEndpoint := coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote -}}
+{{- if and (empty $clientEndpoint) .Values.global.isFedRamp -}}
+  "fedramp"
+{{- else -}}
+  {{ $clientEndpoint }}
+{{- end -}}
+{{- end -}}
diff --git a/wiz-kubernetes-connector/templates/job-create-connector.yaml b/wiz-kubernetes-connector/templates/job-create-connector.yaml
index 010cd116..3083138b 100644
--- a/wiz-kubernetes-connector/templates/job-create-connector.yaml
+++ b/wiz-kubernetes-connector/templates/job-create-connector.yaml
@@ -115,7 +115,7 @@ spec:
                 optional: false
           {{- end }}
           - name: WIZ_ENV
-            value: {{ coalesce .Values.global.wizApiToken.clientEndpoint .Values.wizApiToken.clientEndpoint | quote }}
+            value: {{ include "wiz-broker.clientEndpoint" . }}
           {{- if (or .Values.global.httpProxyConfiguration.enabled .Values.httpProxyConfiguration.enabled) }}
           - name: HTTP_PROXY
             valueFrom:
diff --git a/wiz-kubernetes-connector/templates/job-delete-connector.yaml b/wiz-kubernetes-connector/templates/job-delete-connector.yaml
index 6ea63a89..79f77551 100644
--- a/wiz-kubernetes-connector/templates/job-delete-connector.yaml
+++ b/wiz-kubernetes-connector/templates/job-delete-connector.yaml
@@ -100,7 +100,7 @@ spec:
                 optional: false
           {{- end }}
           - name: WIZ_ENV
-            value: {{ .Values.wizApiToken.clientEndpoint | quote }}
+            value: {{ include "wiz-broker.clientEndpoint" . }}
           {{- if (or .Values.global.httpProxyConfiguration.enabled .Values.httpProxyConfiguration.enabled) }}
           - name: HTTP_PROXY
             valueFrom: