feat: Update helm chart to include ExternalSecret CRDs for env-level …

…and stack level (#19)

Co-authored-by: Hayden Spitzley <hspitzley@chanzuckerberg.com>
Co-authored-by: Hayden Spitzley <105455169+hspitzley-czi@users.noreply.github.com>

stack/templates/_helpers.tpl

@@ -93,26 +93,26 @@ env:
 {{- end }}
 {{- end }}
 
-{{- if or (or (or (ne (trim .Values.appConfig.envSecretName) "") (ne (trim .Values.appConfig.envSecretName) "")) (ne (trim .Values.appConfig.envContextConfigMapName) "")) (ne (trim .Values.appConfig.stackContextConfigMapName) "") -}}
+{{- if or (or (or (ne (trim .Values.appSecrets.envSecret.secretName) "") (ne (trim .Values.appSecrets.envSecret.secretName) "")) (ne (trim .Values.appContext.envContextConfigMapName) "")) (ne (trim .Values.appContext.stackContextConfigMapName) "") -}}
 envFrom:
-{{- if ne (trim .Values.appConfig.envSecretName) "" }}
+{{- if ne (trim .Values.appSecrets.envSecret.secretName) "" }}
 - secretRef:
-    name: {{ .Values.appConfig.envSecretName }}
+    name: {{ .Values.appSecrets.envSecret.secretName }}
     optional: true
 {{- end }}
-{{- if ne (trim .Values.appConfig.stackSecretName) "" }}
+{{- if ne (trim .Values.appSecrets.stackSecret.secretName) "" }}
 - secretRef:
-    name: {{ .Values.appConfig.stackSecretName }}
+    name: {{ .Values.appSecrets.stackSecret.secretName }}
     optional: true
 {{- end }}
-{{- if ne (trim .Values.appConfig.envContextConfigMapName) "" }}
+{{- if ne (trim .Values.appContext.envContextConfigMapName) "" }}
 - configMapRef:
-    name: {{ .Values.appConfig.envContextConfigMapName }}
+    name: {{ .Values.appContext.envContextConfigMapName }}
     optional: true
 {{- end }}
-{{- if ne (trim .Values.appConfig.stackContextConfigMapName) "" }}
+{{- if ne (trim .Values.appContext.stackContextConfigMapName) "" }}
 - configMapRef:
-    name: {{ .Values.appConfig.stackContextConfigMapName }}
+    name: {{ .Values.appContext.stackContextConfigMapName }}
     optional: true
 {{- end }}
 {{- end }}

stack/templates/external_secrets_env.yaml

@@ -0,0 +1,35 @@
+{{ $global := . }}
+{{ range $serviceName, $serviceValues := .Values.services }}
+  {{- $globalValuesDict := $global.Values.global | toYaml -}}
+  {{- $values := fromYaml $globalValuesDict -}}
+  {{- $values = set $values "name" $serviceName -}}
+  {{- $values := mergeOverwrite $values $serviceValues -}}
+  {{- $service := dict "Chart" $global.Chart "Release" $global.Release "Capabilities" $global.Capabilities "Values" $values -}}
+
+{{- with $service -}}
+{{ range $secretsKey, $secretValue := .Values.appSecrets }}
+--- 
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: {{ $secretValue.secretName }}
+spec:
+  secretStoreRef:
+    name: aws-secretsmanager
+    kind: ClusterSecretStore
+  refreshInterval: "10m"
+  target:
+    deletionPolicy: Delete
+    template:
+      engineVersion: v2
+      mergePolicy: Replace
+      templateFrom:
+        - target: Data
+          literal: "{{ `{{ range $key, $value := . }}\n{{ range $name, $val := $value | fromJson }}\n{{$name | upper}}: {{$val}}\n{{ end }}\n{{ end }}\n` }}"
+  data:
+    - secretKey: {{ $secretValue.secretName }}
+      remoteRef:
+        key: {{ $secretValue.secretKey }}
+{{end}}
+{{end}}
+{{end}}

stack/values.yaml

@@ -66,11 +66,17 @@ global:
   initContainers: []
   sidecars: []
 
-  appConfig:
+  appContext:
     envContextConfigMapName: "" # App environment level configuration configmap name
     stackContextConfigMapName: "" # Stack level configuration configmap name
-    envSecretName: "" # App environment level configuration secret name
-    stackSecretName: "" # Stack level configuration secret name
+
+  appSecrets:
+    envSecret: # App environment level configuration secret
+      secretName: ""
+      secretKey: ""
+    stackSecret: # Stack level configuration secret
+      secretName: ""
+      secretKey: ""
 
   # Global annotations to add to all resources
   annotations: {}