Question: Why do we have to define the input parameters ? #49

New issue

Open

opened 2024-11-07 08:18:34 +00:00 by cmoulliard · 2 comments

cmoulliard commented

2024-11-07 08:18:34 +00:00

(Migrated from github.com)

Question

Why do we have to define the input parameters instead of getting all the k=v pairs from the secret loaded ?

# Dummy example

  generators:
    - plugin:
        configMapRef:
          name: secret-var-plugin-generator
    # No input parameters is defined here as we would like to get all of them 
  template:
    metadata:
      name: github-app-secrets
    spec:
      destination:
        server: "https://kubernetes.default.svc"
        namespace: jobs
      source:
        repoURL: cnoe://manifests
        path: "."
        kustomize:
          patches:
            - target:
                kind: Job
                name: github-app-secrets
              patch: |-
                - op: add
                  path: /spec/template/spec/containers/0/env/-
                  value:
                    name: GITHUB_APP_ID 
                    value: '{{ .github_app_id | b64dec | trim }}'
                
                - op: add
                  path: /spec/template/spec/containers/0/env/-
                  value:
                    name: GITHUB_WEBHOOK_SECRET
                    value: '{{ .github_webhook_secret | b64dec | trim }}'

## Question Why do we have to define the input parameters instead of getting all the k=v pairs from the secret loaded ? ```yaml # Dummy example generators: - plugin: configMapRef: name: secret-var-plugin-generator # No input parameters is defined here as we would like to get all of them template: metadata: name: github-app-secrets spec: destination: server: "https://kubernetes.default.svc" namespace: jobs source: repoURL: cnoe://manifests path: "." kustomize: patches: - target: kind: Job name: github-app-secrets patch: |- - op: add path: /spec/template/spec/containers/0/env/- value: name: GITHUB_APP_ID value: '{{ .github_app_id | b64dec | trim }}' - op: add path: /spec/template/spec/containers/0/env/- value: name: GITHUB_WEBHOOK_SECRET value: '{{ .github_webhook_secret | b64dec | trim }}' ```

jessebot commented

2024-11-08 06:37:05 +00:00

(Migrated from github.com)

This was to allow you to do a bit of namespacing on which parameters you get, even if you're using one instance of appset-secret-plugin for your whole cluster. In this repo, small-hack/argocd-apps you can see in my example of home-assistant I am grabbing only the parameters related to home assistant.

I'm quickly replying for heading out to work today, but what kind of solution would you be open to? Can you give me an example? (also thanks for all your other helpful Issues you've opened!)

This was to allow you to do a bit of namespacing on which parameters you get, even if you're using one instance of appset-secret-plugin for your whole cluster. In this repo, [small-hack/argocd-apps](https://github.com/small-hack/argocd-apps) you can see in my example of [home-assistant](https://github.com/small-hack/argocd-apps/blob/main/home-assistant/app_of_apps/home_assistant_argocd_appset.yaml) I am grabbing only the parameters related to home assistant. I'm quickly replying for heading out to work today, but what kind of solution would you be open to? Can you give me an example? (also thanks for all your other helpful Issues you've opened!)

cmoulliard commented

2024-11-08 09:41:10 +00:00

(Migrated from github.com)

I'm quickly replying for heading out to work today, but what kind of solution would you be open to?

After playing a bit with the Argocd Secret Plugin successfully (see an example here), I'm inclined to think that we should keep the code as such as declaring the parameters par tof the YAML generator section better document what we want to do ;-)

Note: Instead of passing all the parameters (aka this ticket), we could perhaps think about to improve what we have and to pass as parameter the name of the secret from where such k=v are stored. Why ? To be able to create several secrets containing k=v used for different ApplicationSet

> I'm quickly replying for heading out to work today, but what kind of solution would you be open to? After playing a bit with the Argocd Secret Plugin successfully (see an example [here](https://github.com/ch007m/fork-konflux-ci/blob/idpbuilder/idp/github-app-secrets/github-app-secrets.yaml#L11-L20)), I'm inclined to think that we should keep the code as such as declaring the `parameters` par tof the YAML generator section better document what we want to do ;-) **Note**: Instead of passing all the parameters (aka this ticket), we could perhaps think about to improve what we have and to pass as parameter the name of the secret from where such k=v are stored. Why ? To be able to create several secrets containing k=v used for different ApplicationSet