From 977fbbf3389077728243e48770b0b606c466f1c8 Mon Sep 17 00:00:00 2001
From: Ofir Shtrull <ofirs@tikalk.com>
Date: Thu, 7 Sep 2023 09:35:16 +0300
Subject: [PATCH] Add support for extra manifests such as externalsecrets

---
 .../templates/extra-manifests.yaml            |  8 ++++++
 wiz-kubernetes-integration/values.yaml        | 26 ++++++++++++++++---
 2 files changed, 30 insertions(+), 4 deletions(-)
 create mode 100644 wiz-kubernetes-integration/templates/extra-manifests.yaml

diff --git a/wiz-kubernetes-integration/templates/extra-manifests.yaml b/wiz-kubernetes-integration/templates/extra-manifests.yaml
new file mode 100644
index 00000000..614ca40c
--- /dev/null
+++ b/wiz-kubernetes-integration/templates/extra-manifests.yaml
@@ -0,0 +1,8 @@
+{{ range .Values.global.extraObjects }}
+---
+{{ if typeIs "string" . }}
+    {{- tpl . $ }}
+{{- else }}
+    {{- tpl (toYaml .) $ }}
+{{- end }}
+{{ end }}
diff --git a/wiz-kubernetes-integration/values.yaml b/wiz-kubernetes-integration/values.yaml
index e1c2ea75..35527406 100644
--- a/wiz-kubernetes-integration/values.yaml
+++ b/wiz-kubernetes-integration/values.yaml
@@ -11,7 +11,7 @@ global:
     clientId: "" # Client ID of the Wiz Service Account.
     clientToken: "" # Client secret of the Wiz Service Account.
     clientEndpoint: "" # Wiz endpoint to connect to (required for gov tenants).
-    
+
     secret:
       # Should a Secret be created by the chart or not.
       # Set this to false if you wish to create the Secret yourself or using another tool.
@@ -32,11 +32,11 @@ global:
     create: true
     secretName: "wiz-proxy" # The name of the proxy Secret.
     annotations: {} # Annotations to be set on the secret
-    
+
     httpProxy: "" # URL to use as a proxy for outbound HTTP traffic.
     httpsProxy: "" # URL to use as a proxy for outbound HTTPS traffic.
     noProxyAddress: # Comma or space-separated list of machine or domain names. Note: This does not affect the Sensor.
-    
+
     # Proxy CA certificate in PEM format. This is required for TLS intercept proxies
     # This value is currently only used by the wiz sensor.
     caCertificate: ""
@@ -52,6 +52,24 @@ global:
   customVolumes: [] # Additional volumes to add to the components Pods
   customVolumeMounts: [] # Additional volume mounts to add to the components Pods
 
+  # -- Array of extra K8s manifests to deploy
+  ## Note: Supports use of custom Helm templates
+  extraObjects: []
+    # - apiVersion: external-secrets.io/v1beta1
+    #   kind: ExternalSecret
+    #   metadata:
+    #     name: wiz-sensor-api-token
+    #     namespace: wiz
+    #   spec:
+    #     secretStoreRef:
+    #       kind: ClusterSecretStore
+    #       name: cluster-secret-store
+    #     target:
+    #       name: wiz-api-token
+    #     dataFrom:
+    #     - extract:
+    #       key: wiz-sensor-api-token
+
 # Wiz Kubernetes Connector
 # Configuration values for the wiz-kubernetes-connector dependency
 # ref: https://github.com/wiz-sec/charts/blob/master/wiz-kubernetes-connector/values.yaml
@@ -99,4 +117,4 @@ wiz-sensor:
     # In case you want use an existing value (perhaps created via "kubectl create secret docker-registry ...")
     # please mark "create" above as false
     username: ""
-    password: ""
\ No newline at end of file
+    password: ""