From aa1c0fd1c21d8beff7f2f2845a26c3fa7a417c60 Mon Sep 17 00:00:00 2001
From: unglaublicherdude <github@matthias-simonis.de>
Date: Wed, 26 Jun 2024 15:50:53 +0200
Subject: [PATCH] fixes the secret handling

you either have to configure a dockerjsonconfig or a global.imagepullsecrets

but when you configure both, both are added to the imagepullsecrets in the deployments and stateful-sets
---
 .gitignore                                 |  3 ++-
 charts/vaas/Chart.yaml                     |  2 +-
 charts/vaas/templates/gateway/_helpers.tpl | 11 +++++++----
 charts/vaas/templates/gateway/secret.yaml  | 16 ++++++++++++++--
 charts/vaas/templates/gdscan/_helpers.tpl  | 18 +++++++++++-------
 charts/vaas/templates/gdscan/secret.yaml   | 16 ++++++++++++++--
 charts/vaas/values.yaml                    |  1 +
 7 files changed, 50 insertions(+), 17 deletions(-)

diff --git a/.gitignore b/.gitignore
index cfdd1fc..6ee74cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,5 @@
 *.tgz
 .fleet/
 .output/
-Chart.lock
\ No newline at end of file
+Chart.lock
+tmp/
\ No newline at end of file
diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml
index 9376dd2..66eaefc 100644
--- a/charts/vaas/Chart.yaml
+++ b/charts/vaas/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vaas
-version: 1.8.0
+version: 1.9.0
 description: Deployment of a Verdict-as-a-Service on-premise instance
 maintainers:
   - name: G DATA CyberDefense AG
diff --git a/charts/vaas/templates/gateway/_helpers.tpl b/charts/vaas/templates/gateway/_helpers.tpl
index ed1de22..d226a27 100644
--- a/charts/vaas/templates/gateway/_helpers.tpl
+++ b/charts/vaas/templates/gateway/_helpers.tpl
@@ -24,14 +24,17 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 
 {{- define "gateway.imagePullSecrets" -}}
+{{- if or (gt (len .Values.global.imagePullSecrets) 0) (.Values.global.secret.dockerconfigjson) -}}
 imagePullSecrets:
   {{- range .Values.global.imagePullSecrets }}
   - name: {{ . }}
-  {{- end }}
-  {{- if .Values.imagePullSecret }}
-  - name: {{ .Release.Name }}-registry-secret
-  {{- end }}
+  {{- end -}}
+  {{- if (.Values.global.secret).dockerconfigjson }}
+  - name: registry
+  {{- end -}}
 {{- end -}}
+{{ end -}}
+
 
 {{/*
 Create chart name and version as used by the chart label.
diff --git a/charts/vaas/templates/gateway/secret.yaml b/charts/vaas/templates/gateway/secret.yaml
index 0495eef..edf4b73 100644
--- a/charts/vaas/templates/gateway/secret.yaml
+++ b/charts/vaas/templates/gateway/secret.yaml
@@ -1,10 +1,22 @@
-{{- if .Values.global.imagePullSecrets }}
+{{- if and (not .Values.global.imagePullSecrets) (not .Values.global.imagePullSecret)}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: registry
   namespace: {{ .Release.Namespace }}
 data:
-  .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" .Values.global.secret.dockerconfigjson }}
+  .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" (.Values.global.secret).dockerconfigjson }}
 type: kubernetes.io/dockerconfigjson
+{{- end -}}
+{{- if or (.Values.global.imagePullSecrets) (.Values.global.imagePullSecret)}}
+{{- if (.Values.global.secret).dockerconfigjson }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: registry
+  namespace: {{ .Release.Namespace }}
+data:
+  .dockerconfigjson: {{ .Values.global.secret.dockerconfigjson }}
+type: kubernetes.io/dockerconfigjson
+{{- end -}}
 {{- end -}}
\ No newline at end of file
diff --git a/charts/vaas/templates/gdscan/_helpers.tpl b/charts/vaas/templates/gdscan/_helpers.tpl
index f980da0..196a61b 100644
--- a/charts/vaas/templates/gdscan/_helpers.tpl
+++ b/charts/vaas/templates/gdscan/_helpers.tpl
@@ -43,15 +43,19 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 
 {{- define "gdscan.imagePullSecrets" -}}
-
-{{- $imagePullSecrets := concat (((.Values.global | default dict).imagePullSecrets)| default list) (.Values.gdscan.imagePullSecrets | default list) -}}
-{{- if gt (len $imagePullSecrets) 0 -}}
+{{- if or (gt (len .Values.global.imagePullSecrets) 0) (gt (len .Values.gdscan.imagePullSecrets) 0) ((.Values.global.secret).dockerconfigjson)  -}}
 imagePullSecrets:
-  {{- range $imagePullSecrets }}
+  {{- range .Values.global.imagePullSecrets }}
   - name: {{ . }}
-  {{- end }}
-{{- end }}
-{{- end }}
+  {{- end -}}
+  {{- range .Values.gdscan.imagePullSecrets }}
+  - name: {{ . }}
+  {{- end -}}
+  {{- if (.Values.global.secret).dockerconfigjson }}
+  - name: gdscanregistry
+  {{- end -}}
+{{- end -}}
+{{ end -}}
 
 {{/*
 Selector labels
diff --git a/charts/vaas/templates/gdscan/secret.yaml b/charts/vaas/templates/gdscan/secret.yaml
index 03d7f30..5d6413f 100644
--- a/charts/vaas/templates/gdscan/secret.yaml
+++ b/charts/vaas/templates/gdscan/secret.yaml
@@ -1,10 +1,22 @@
-{{- if .Values.global.imagePullSecrets }}
+{{- if and (not .Values.global.imagePullSecrets) (not .Values.global.imagePullSecret) (not .Values.gdscan.imagePullSecret)}}
 apiVersion: v1
 kind: Secret
 metadata:
   name: gdscanregistry
   namespace: {{ .Release.Namespace }}
 data:
-  .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" .Values.global.secret.dockerconfigjson }}
+  .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" (.Values.global.secret).dockerconfigjson }}
 type: kubernetes.io/dockerconfigjson
+{{- end -}}
+{{- if or (.Values.global.imagePullSecrets) (.Values.global.imagePullSecret)}}
+{{- if (.Values.global.secret).dockerconfigjson }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gdscanregistry
+  namespace: {{ .Release.Namespace }}
+data:
+  .dockerconfigjson: {{ .Values.global.secret.dockerconfigjson }}
+type: kubernetes.io/dockerconfigjson
+{{- end -}}
 {{- end -}}
\ No newline at end of file
diff --git a/charts/vaas/values.yaml b/charts/vaas/values.yaml
index 64119e6..724f606 100644
--- a/charts/vaas/values.yaml
+++ b/charts/vaas/values.yaml
@@ -147,6 +147,7 @@ gateway:
   gdscanUrl: "http://gdscan:8080/scan/body"
 
 gdscan:
+  imagePullSecrets: []
   replicaCount: 1
   deploymentStrategy: "RollingUpdate"
   client: