From 9972692dac3d2b654dc004220f1fdda214ee28d4 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Mon, 13 Jan 2025 12:20:35 +0100
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F(helm)=20refactor=20clusterSe?=
 =?UTF-8?q?cretStore=20and=20ExternalSecret=20deployments?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Refactored ClusterSecretStore and ExternalSecret deployment to support
VaultWarden custom fields beyond login/password, including multi-line
values via file input. Also made the secret template name configurable
for added flexibility.

ClusterSecretStore are supposed to be cluster-wide objects, it's useless
to precise any namespace.
---
 bin/install-external-secrets.sh               |  2 +-
 src/helm/env.d/dev/values.meet.yaml.gotmpl    |  4 +--
 .../extra/templates/clustersecretstore.yaml   | 26 ++++++++++++++++---
 .../templates/external_secret_deployment.yaml | 10 +++----
 4 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/bin/install-external-secrets.sh b/bin/install-external-secrets.sh
index b782e518..620523b7 100755
--- a/bin/install-external-secrets.sh
+++ b/bin/install-external-secrets.sh
@@ -3,7 +3,7 @@ set -o errexit
 
 CURRENT_DIR=$(pwd)
 NAMESPACE=${1:-meet}
-SECRET_NAME=${2:-bitwarden-cli-visio}
+SECRET_NAME=${2:-bitwarden-cli-meet}
 TEMP_SECRET_FILE=$(mktemp)
 
 
diff --git a/src/helm/env.d/dev/values.meet.yaml.gotmpl b/src/helm/env.d/dev/values.meet.yaml.gotmpl
index ea6d28ef..3c1f1998 100644
--- a/src/helm/env.d/dev/values.meet.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.meet.yaml.gotmpl
@@ -3,12 +3,12 @@ secrets:
     itemId: a25effec-eaea-4ce1-9ed8-3a3cc1c734db
     field: username
     podVariable: OIDC_RP_CLIENT_ID
-    clusterSecretStore: bitwarden-login-visio
+    clusterSecretStore: bitwarden-login-meet
   - name: oidcPass
     itemId: a25effec-eaea-4ce1-9ed8-3a3cc1c734db
     field: password
     podVariable: OIDC_RP_CLIENT_SECRET
-    clusterSecretStore: bitwarden-login-visio
+    clusterSecretStore: bitwarden-login-meet
 image:
   repository: localhost:5001/meet-backend
   pullPolicy: Always
diff --git a/src/helm/extra/templates/clustersecretstore.yaml b/src/helm/extra/templates/clustersecretstore.yaml
index a4b978af..09c41ef4 100644
--- a/src/helm/extra/templates/clustersecretstore.yaml
+++ b/src/helm/extra/templates/clustersecretstore.yaml
@@ -1,13 +1,33 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ClusterSecretStore
 metadata:
-  name: bitwarden-login-visio
-  namespace: {{ $.Release.Namespace | quote }}
+  name: bitwarden-login-{{ $.Release.Namespace }}
 spec:
   provider:
     webhook:
-      url: "http://bitwarden-cli-visio.meet.svc.cluster.local:8087/object/item/{{`{{ .remoteRef.key }}`}}"
+      url: "http://bitwarden-cli-{{ $.Release.Namespace }}.{{ $.Release.Namespace }}.svc.cluster.local:8087/object/item/{{`{{ .remoteRef.key }}`}}"
       headers:
         Content-Type: application/json
       result:
         jsonPath: "$.data.login.{{`{{ .remoteRef.property }}`}}"
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: bitwarden-fields-{{ $.Release.Namespace }}
+spec:
+  provider:
+    webhook:
+      url: "http://bitwarden-cli-{{ $.Release.Namespace }}.{{ $.Release.Namespace }}.svc.cluster.local:8087/object/item/{{`{{ .remoteRef.key }}`}}"
+      result:
+        jsonPath: "$.data.fields[?@.name==\"{{`{{ .remoteRef.property }}`}}\"].value"
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ClusterSecretStore
+metadata:
+  name: bitwarden-attachments-{{ $.Release.Namespace }}
+spec:
+  provider:
+    webhook:
+      url: "http://bitwarden-cli-{{ $.Release.Namespace }}.{{ $.Release.Namespace }}.svc.cluster.local:8087/object/attachment/{{`{{ .remoteRef.property }}`}}?itemid={{`{{ .remoteRef.key }}`}}"
+      result: {}
diff --git a/src/helm/extra/templates/external_secret_deployment.yaml b/src/helm/extra/templates/external_secret_deployment.yaml
index 7620abaa..bd5dc23a 100644
--- a/src/helm/extra/templates/external_secret_deployment.yaml
+++ b/src/helm/extra/templates/external_secret_deployment.yaml
@@ -2,7 +2,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: bitwarden-cli-visio
+  name: bitwarden-cli-{{ $.Release.Namespace }}
   namespace: {{ $.Release.Namespace | quote }}
   labels:
     app.kubernetes.io/instance: bitwarden-cli
@@ -29,17 +29,17 @@ spec:
             - name: BW_HOST
               valueFrom:
                 secretKeyRef:
-                  name: bitwarden-cli-visio
+                  name: bitwarden-cli-{{ $.Release.Namespace }}
                   key: BW_HOST
             - name: BW_USER
               valueFrom:
                 secretKeyRef:
-                  name: bitwarden-cli-visio
+                  name: bitwarden-cli-{{ $.Release.Namespace }}
                   key: BW_USERNAME
             - name: BW_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: bitwarden-cli-visio
+                  name: bitwarden-cli-{{ $.Release.Namespace }}
                   key: BW_PASSWORD
           ports:
             - name: http
@@ -74,7 +74,7 @@ spec:
 apiVersion: v1
 kind: Service
 metadata:
-  name: bitwarden-cli-visio
+  name: bitwarden-cli-{{ $.Release.Namespace }}
   namespace: {{ $.Release.Namespace | quote }}
   labels:
     app.kubernetes.io/instance: bitwarden-cli