search

projectsveltos / addon-controller

Sveltos Kubernetes add-on controller programmatically deploys add-ons and applications in tens of clusters. Support for ClusterAPI powered clusters, Helm charts, kustomize ,YAMLs. Sveltos has built-in support for multi-tenancy.
https://projectsveltos.github.io/sveltos/
Apache License 2.0
273 stars 20 forks source link

Allow base64 encoding/decoding in templates #518

Closed thecodeassassin closed 6 months ago

thecodeassassin commented 6 months ago

Is your feature request related to a problem? Please describe.

Some charts don't allow you to provide a secret name to reference actual secrets (such as NATS)

 config:
        merge:
          no_auth_user: public
          accounts:
            public:
              users:
              - {user: public, permissions: {subscribe: ["user.notifications.*", "public.>"], publish: ["public.>"]}}
            private:
              jetstream: enabled
              users:
              - {user: admin, password: "{{ (index .MgmtResources "NatsSecret").data.token }}", permissions: {subscribe: [">"], publish: [">"]}}

so one can use secret refs to reference the secret in the template. But these values are base64 encoded. Right now this is not an issue since NATS supports bcrypt values that are safe to be put in a configmap as they aren't plaintext.

But it would be great if secrets could be templated like this by allowing base64 encoding and decoding.

1 worker.go:238] "added to result with err template: mgmt-mgmt-nats/nats:11: function \"base64\" not defined" logger="deployer" worker="9" key="mgmt:::mgmt:::Sveltos:::nats-sveltos-mgmt:::Helm:::false"

Describe the solution you'd like Allow base64 encoding and decoding of values in templates

gianlucam76 commented 6 months ago

Thank you @thecodeassassin

Your feedbacks are helping improving Sveltos. Will look into this after #516

gianlucam76 commented 6 months ago

Not sure I got this correctly (apologies in case). I get you want in the template a function to base64 encode and decode.

Sveltos supports Sprig functions. So this should take care of it

Sprig has the following encoding and decoding functions:

b64enc/b64dec: Encode or decode with Base64 b32enc/b32dec: Encode or decode with Base32

gianlucam76 commented 6 months ago

Verified this works.

With bWdpYW5sdWMK which is "mgianluc" base64 encoded

In the management cluster, created this ConfigMap

apiVersion: v1
data:
  name: bWdpYW5sdWMK
kind: ConfigMap
metadata:
  name: name
  namespace: default

Then this ClusterProfile

apiVersion: config.projectsveltos.io/v1alpha1
kind: ClusterProfile
metadata:
  name: deploy-resources
spec:
  clusterSelector: env=fv
  templateResourceRefs:
  - resource:
      kind: ConfigMap
      name: name
      namespace: default
    identifier: UserData
  policyRefs:
  - kind: ConfigMap
    name: username
    namespace: default

which uses ConfigMap default/name to instantiate the content of the ConfigMap default/username

with 

apiVersion: v1
kind: ConfigMap
metadata:
  name: username
  namespace: default
  annotations:
    projectsveltos.io/template: "true"  # add annotation to indicate Sveltos content is a template
data:
  name.yaml: |
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: user-info
      namespace: {{ $data:=(index .MgmtResources "UserData").data }} {{ (index $data "name") | b64dec }}

And I verified Sveltos created in the managed cluster a ConfigMap named user-info in the namespace mgianluc so correctly processed this 

{{ $data:=(index .MgmtResources "UserData").data }} {{ (index $data "name") | b64dec }}