secret cleanup

zarf-dev · Feb 8, 2022 · 9d5c28a · 9d5c28a
1 parent 78bc1a1
commit 9d5c28a
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 27 deletions.
diff --git a/assets/charts/pgl-values.yaml b/assets/charts/pgl-values.yaml
@@ -5,7 +5,7 @@ loki:
 grafana:
   enabled: true
   adminUser: "zarf-admin"
-  adminPassword: "###ZARF_SECRET###"
+  adminPassword: "###ZARF_LOGGING_AUTH###"
   image:
     pullSecrets:
       - "zarf-registry"

diff --git a/cli/internal/template/template.go b/cli/internal/template/template.go
@@ -10,15 +10,18 @@ import (
 )
 
 type Values struct {
-	state          types.ZarfState
-	htpasswd       string
-	seedRegistry   string
-	registry       string
-	registryPush   string
-	registryPull   string
-	registrySecret string
-	gitPush        string
-	gitPull        string
+	state        types.ZarfState
+	registry     string
+	seedRegistry string
+	secret       struct {
+		htpasswd       string
+		registryPush   string
+		registryPull   string
+		registrySecret string
+		gitPush        string
+		gitPull        string
+		logging        string
+	}
 }
 
 func Generate() Values {
@@ -33,24 +36,26 @@ func Generate() Values {
 		message.Debug(errPush, errPull)
 		message.Fatal(nil, "Unable to define `htpasswd` string for the Zarf user")
 	}
-	generated.htpasswd = fmt.Sprintf("%s\\n%s", pushUser, pullUser)
+	generated.secret.htpasswd = fmt.Sprintf("%s\\n%s", pushUser, pullUser)
 
 	generated.registry = config.GetRegistry()
 	generated.seedRegistry = config.GetSeedRegistry()
 
-	generated.registryPush = config.GetSecret(config.StateRegistryPush)
-	generated.registryPull = config.GetSecret(config.StateRegistryPull)
-	generated.registrySecret = config.GetSecret(config.StateRegistrySecret)
+	generated.secret.registryPush = config.GetSecret(config.StateRegistryPush)
+	generated.secret.registryPull = config.GetSecret(config.StateRegistryPull)
+	generated.secret.registrySecret = config.GetSecret(config.StateRegistrySecret)
+
+	generated.secret.gitPush = config.GetSecret(config.StateGitPush)
+	generated.secret.gitPull = config.GetSecret(config.StateGitPull)
 
-	generated.gitPush = config.GetSecret(config.StateGitPush)
-	generated.gitPull = config.GetSecret(config.StateGitPull)
+	generated.secret.logging = config.GetSecret(config.StateLogging)
 
 	message.Debugf("Template values: %v", generated)
 	return generated
 }
 
 func (values Values) Ready() bool {
-	return values.htpasswd != ""
+	return values.secret.htpasswd != ""
 }
 
 func (values Values) GetRegistry() string {
@@ -63,20 +68,21 @@ func (values Values) Apply(path string) {
 
 	if !values.Ready() {
 		// This should only occur if the state couldn't be pulled or on init if a template is attempted before the pre-seed stage
-		message.Fatalf(nil, "template.Apply() called bofore template.Generate()")
+		message.Fatalf(nil, "template.Apply() called before template.Generate()")
 	}
 
 	mappings := map[string]string{
 		"STORAGE_CLASS":      values.state.StorageClass,
 		"SEED_REGISTRY":      values.seedRegistry,
 		"REGISTRY":           values.registry,
 		"REGISTRY_NODEPORT":  values.state.Registry.NodePort,
-		"REGISTRY_SECRET":    values.registrySecret,
-		"REGISTRY_AUTH_PUSH": values.registryPush,
-		"REGISTRY_AUTH_PULL": values.registryPull,
-		"GIT_AUTH_PUSH":      values.gitPush,
-		"GIT_AUTH_PULL":      values.gitPull,
-		"HTPASSWD":           values.htpasswd,
+		"REGISTRY_SECRET":    values.secret.registrySecret,
+		"REGISTRY_AUTH_PUSH": values.secret.registryPush,
+		"REGISTRY_AUTH_PULL": values.secret.registryPull,
+		"GIT_AUTH_PUSH":      values.secret.gitPush,
+		"GIT_AUTH_PULL":      values.secret.gitPull,
+		"LOGGING_AUTH":       values.secret.logging,
+		"HTPASSWD":           values.secret.htpasswd,
 	}
 
 	message.Debug(mappings)

diff --git a/cli/types/types.go b/cli/types/types.go
@@ -31,6 +31,17 @@ type ZarfComponent struct {
 	Images      []string             `yaml:"images,omitempty"`
 	Repos       []string             `yaml:"repos,omitempty"`
 	Scripts     ZarfComponentScripts `yaml:"scripts,omitempty"`
+	Connect     []ZarfConnect        `yaml:"connect,omitempty"`
+}
+
+// ZarfConnect defines tunnel parameters a component can use with zarf connect to expose a service or pod
+type ZarfConnect struct {
+	Identifier string `yaml:"identifier"`
+	Namespace  string `yaml:"namespace"`
+	Name       string `yaml:"name"`
+	Type       string `yaml:"type"`
+	RemotePort int    `yaml:"remotePort"`
+	LocalPort  int    `yaml:"localPort,omitempty"`
 }
 
 // ZarfManifest defines raw manifests Zarf will deploy as a helm chart

diff --git a/examples/big-bang/manifests/big-bang/manifests.yaml b/examples/big-bang/manifests/big-bang/manifests.yaml
@@ -13,7 +13,7 @@ metadata:
   namespace: bigbang
 stringData:
   username: "zarf-git-user"
-  password: "###ZARF_SECRET###"
+  password: "###ZARF_GIT_AUTH_PUSH###"
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
@@ -98,4 +98,4 @@ spec:
   timeout: 60m
   postBuild:
     substitute:
-      zarf_secret: "###ZARF_SECRET###"
+      zarf_secret: "###ZARF_REGISTRY_AUTH_PULL###"
diff --git a/examples/big-bang/manifests/flux/regcred-secret.yaml b/examples/big-bang/manifests/flux/regcred-secret.yaml
@@ -6,4 +6,4 @@ metadata:
   namespace: bigbang
 stringData:
   username: "zarf-git-user"
-  password: "###ZARF_SECRET###"
+  password: "###ZARF_GIT_AUTH_PULL###"