diff --git a/stable/feeds/Chart.yaml b/stable/feeds/Chart.yaml index f94900d8..4d90eed5 100644 --- a/stable/feeds/Chart.yaml +++ b/stable/feeds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: feeds type: application -version: "2.2.0" +version: "2.2.1" appVersion: "5.2.0" kubeVersion: 1.23.x - 1.27.x || 1.23.x-x - 1.28.x-x description: Anchore feeds service diff --git a/stable/feeds/templates/envvars_configmap.yaml b/stable/feeds/templates/envvars_configmap.yaml index 60a6e3a5..568a328c 100644 --- a/stable/feeds/templates/envvars_configmap.yaml +++ b/stable/feeds/templates/envvars_configmap.yaml @@ -63,7 +63,7 @@ data: ANCHORE_FEEDS_PACKAGES_ENABLED: "false" ANCHORE_FEEDS_TMP_DIR: "{{ .Values.scratchVolume.mountPath }}" ANCHORE_FEEDS_WORKSPACE_PRELOAD: "true" - ANCHORE_GITHUB_TOKEN: "null" + ANCHORE_GITHUB_TOKEN: "default-unset" ANCHORE_GLOBAL_CLIENT_CONNECT_TIMEOUT: "0" ANCHORE_GLOBAL_CLIENT_READ_TIMEOUT: "0" ANCHORE_GLOBAL_SERVER_REQUEST_TIMEOUT_SEC: "180" diff --git a/stable/feeds/templates/secret.yaml b/stable/feeds/templates/secret.yaml index dc7ace82..158c3ccd 100644 --- a/stable/feeds/templates/secret.yaml +++ b/stable/feeds/templates/secret.yaml @@ -16,9 +16,11 @@ stringData: {{- with .Values.anchoreConfig.keys.secret }} ANCHORE_SAML_SECRET: {{ . | quote }} {{- end }} +{{- if .Values.anchoreConfig.feeds.drivers.github.enabled }} {{- with .Values.anchoreConfig.feeds.drivers.github.token }} ANCHORE_GITHUB_TOKEN: {{ . | quote }} {{- end }} +{{- end }} {{- with .Values.anchoreConfig.feeds.drivers.nvdv2.api_key }} ANCHORE_NVD_API_KEY: {{ . | quote }} {{- end }} diff --git a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap index a7552431..3a3ff1ce 100644 --- a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap @@ -182,7 +182,7 @@ should render the configmaps: ANCHORE_FEEDS_PACKAGES_ENABLED: "false" ANCHORE_FEEDS_TMP_DIR: /anchore_scratch ANCHORE_FEEDS_WORKSPACE_PRELOAD: "true" - ANCHORE_GITHUB_TOKEN: "null" + ANCHORE_GITHUB_TOKEN: default-unset ANCHORE_GLOBAL_CLIENT_CONNECT_TIMEOUT: "0" ANCHORE_GLOBAL_CLIENT_READ_TIMEOUT: "0" ANCHORE_GLOBAL_SERVER_REQUEST_TIMEOUT_SEC: "180" diff --git a/stable/feeds/tests/configmap_test.yaml b/stable/feeds/tests/configmap_test.yaml index 6a15362c..2b904064 100644 --- a/stable/feeds/tests/configmap_test.yaml +++ b/stable/feeds/tests/configmap_test.yaml @@ -32,3 +32,20 @@ tests: - matchRegex: path: data["ANCHORE_FEEDS_EXTERNAL_URL"] pattern: https://something/v2/$ + + - it: should render the default-unset string for the ANCHORE_GITHUB_TOKEN rather than "null" + template: envvars_configmap.yaml + asserts: + - equal: + path: data.ANCHORE_GITHUB_TOKEN + value: "default-unset" + + - it: should render the default-unset string in envvar even if GH token is set, since that is covered by the secrets + template: envvars_configmap.yaml + set: + feeds.drivers.github.enabled: true + feeds.drivers.github.token: foobar + asserts: + - equal: + path: data.ANCHORE_GITHUB_TOKEN + value: "default-unset" \ No newline at end of file diff --git a/stable/feeds/tests/secret_test.yaml b/stable/feeds/tests/secret_test.yaml new file mode 100644 index 00000000..d0684bf8 --- /dev/null +++ b/stable/feeds/tests/secret_test.yaml @@ -0,0 +1,26 @@ +suite: Secret Tests +templates: + - secret.yaml +release: + name: test-release + namespace: test-namespace +chart: + version: 9.9.9 + appVersion: 9.9.9 +tests: + - it: should not render github driver token in the secret when github driver is not enabled + template: secret.yaml + values: + - values.yaml + asserts: + - notExists: + path: stringData.ANCHORE_GITHUB_TOKEN + - it: should render github driver token in the secret correctly when driver is enabled & token is set + template: secret.yaml + set: + anchoreConfig.feeds.drivers.github.token: foobar + anchoreConfig.feeds.drivers.github.enabled: true + asserts: + - equal: + path: stringData.ANCHORE_GITHUB_TOKEN + value: "foobar"