support service connector

Author: bfoley13

pkg/config/draftconfig.go

@@ -124,6 +124,24 @@ func (d *DraftConfig) GetVariableValue(name string) (any, error) {
 	return "", fmt.Errorf("variable %s not found", name)
 }
 
+func (d *DraftConfig) IsVariableValid(name string) bool {
+	for _, variable := range d.Variables {
+		if variable.Name == name {
+			if variable.Value == "" {
+				return false
+			}
+
+			if err := d.GetVariableValidator(variable.Kind)(variable.Value); err != nil {
+				return false
+			}
+
+			return true
+		}
+	}
+
+	return false
+}
+
 func (d *DraftConfig) SetVariable(name, value string) {
 	if variable, err := d.GetVariable(name); err != nil {
 		d.Variables = append(d.Variables, &BuilderVar{

pkg/fixtures/deployments/helm/charts/templates/deployment.yaml

@@ -49,6 +49,9 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ include "testapp.fullname" . }}-config
+            - secretRef:
+                name: secret-ref
+                optional: true
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

pkg/fixtures/deployments/kustomize/base/deployment.yaml

@@ -32,6 +32,9 @@ spec:
           envFrom:
             - configMapRef:
                 name: testapp-config
+            - secretRef:
+                name: secret-ref
+                optional: true
           livenessProbe:
             tcpSocket:
               port: 80

pkg/fixtures/deployments/manifest/manifests/deployment.yaml

@@ -32,6 +32,9 @@ spec:
           envFrom:
             - configMapRef:
                 name: testapp-config
+            - secretRef:
+                name: secret-ref
+                optional: true
           livenessProbe:
             tcpSocket:
               port: 80

template/deployments/helm/charts/templates/deployment.yaml

@@ -26,13 +26,21 @@ spec:
       ` -}}
       labels:
         {{ .Config.GetVariableValue "APPNAME" | printf "{{- include \"%s.selectorLabels\" . | nindent 8 }}" }}
+        {{- if eq (.Config.GetVariableValue "ENABLEWORKLOADIDENTITY") "true" }}
+        azure.workload.identity/use: "true"
+        {{- end}}
       namespace: {{ print "{{ .Values.namespace }}" }}
     spec: 
     {{- `
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+    ` -}}
+      {{- if eq (.Config.GetVariableValue "ENABLEWORKLOADIDENTITY") "true" }}
+      serviceAccountName: {{ .Config.GetVariableValue "SERVICEACCOUNT" }}
+      {{- end}}
+    {{- `
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
@@ -57,6 +65,9 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ .Config.GetVariableValue "APPNAME" | printf "{{ include \"%s.fullname\" . }}-config" }}
+            - secretRef:
+                name: {{ .Config.GetVariableValue "ENVSECRETREF" }}
+                optional: true
           {{- `
       {{- with .Values.nodeSelector }}
       nodeSelector:

template/deployments/helm/charts/values.yaml

@@ -25,6 +25,10 @@ service:
   type: LoadBalancer
   port: {{ .Config.GetVariableValue "SERVICEPORT" }}
 
+{{- if eq (.Config.GetVariableValue "ENABLEWORKLOADIDENTITY") "true" }}
+serviceAccountName: {{ .Config.GetVariableValue "SERVICEACCOUNT" }}
+{{- end}}
+
 resources:
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little

template/deployments/helm/draft.yaml

@@ -206,4 +206,31 @@ variables:
       disablePrompt: true
       value: "{}"
     description: "a map of key/value environment variables to be set in the deployment"
+    versions: ">=0.0.1"
+  - name: "ENABLEWORKLOADIDENTITY"
+    type: "bool"
+    kind: "flag"
+    default:
+      disablePrompt: true
+      value: false
+    description: "flag to enable workload identity"
+    versions: ">=0.0.1"
+  - name: "SERVICEACCOUNT"
+    type: "string"
+    kind: "kubernetesResourceName"
+    conditionalReference:
+      variable: "ENABLEWORKLOADIDENTITY"
+      conditionValue: true
+    default:
+      disablePrompt: true
+      value: "service-account"
+    description: "the name of the service account to use with workload identity"
+    versions: ">=0.0.1"
+  - name: "ENVSECRETREF"
+    type: "string"
+    kind: "kubernetesResourceName"
+    default:
+      disablePrompt: true
+      value: "secret-ref"
+    description: "the name of the configmap reference"
     versions: ">=0.0.1"

template/deployments/kustomize/base/deployment.yaml

@@ -5,6 +5,9 @@ metadata:
   labels:
     app.kubernetes.io/name: {{ .Config.GetVariableValue "APPNAME" }}
     kubernetes.azure.com/generator: {{ .Config.GetVariableValue "GENERATORLABEL" }}
+    {{- if eq (.Config.GetVariableValue "ENABLEWORKLOADIDENTITY") "true" }}
+    azure.workload.identity/use: "true"
+    {{- end}}
   namespace: {{ .Config.GetVariableValue "NAMESPACE" }}
 spec:
   replicas: 1
@@ -16,6 +19,9 @@ spec:
       labels:
         app.kubernetes.io/name: {{ .Config.GetVariableValue "APPNAME" }}
     spec:
+      {{- if eq (.Config.GetVariableValue "ENABLEWORKLOADIDENTITY") "true" }}
+      serviceAccountName: {{ .Config.GetVariableValue "SERVICEACCOUNT" }}
+      {{- end}}
       containers:
         - name: {{ .Config.GetVariableValue "APPNAME" }}
           image: {{ .Config.GetVariableValue "IMAGENAME" }}:{{ .Config.GetVariableValue "IMAGETAG" }}
@@ -32,6 +38,9 @@ spec:
           envFrom:
             - configMapRef:
                 name: {{ .Config.GetVariableValue "APPNAME" | printf "%s-config" }}
+            - secretRef:
+                name: {{ .Config.GetVariableValue "ENVSECRETREF" }}
+                optional: true
           livenessProbe:
           {{- if eq (.Config.GetVariableValue "PROBETYPE") "httpGet" }}
             httpGet:

template/deployments/kustomize/draft.yaml

@@ -206,4 +206,31 @@ variables:
       disablePrompt: true
       value: "{}"
     description: "a map of key/value environment variables to be set in the deployment"
+    versions: ">=0.0.1"
+  - name: "ENVSECRETREF"
+    type: "string"
+    kind: "kubernetesResourceName"
+    default:
+      disablePrompt: true
+      value: "secret-ref"
+    description: "the name of the configmap reference"
+    versions: ">=0.0.1"
+  - name: "ENABLEWORKLOADIDENTITY"
+    type: "bool"
+    kind: "flag"
+    default:
+      disablePrompt: true
+      value: false
+    description: "flag to enable workload identity"
+    versions: ">=0.0.1"
+  - name: "SERVICEACCOUNT"
+    type: "string"
+    kind: "kubernetesResourceName"
+    conditionalReference:
+      variable: "ENABLEWORKLOADIDENTITY"
+      conditionValue: true
+    default:
+      disablePrompt: true
+      value: "service-account"
+    description: "the name of the service account to use with workload identity"
     versions: ">=0.0.1"

template/deployments/manifests/draft.yaml

@@ -206,4 +206,31 @@ variables:
       disablePrompt: true
       value: "{}"
     description: "a json map of string -> string key/value environment variables to be set in the deployment"
+    versions: ">=0.0.1"
+  - name: "ENABLEWORKLOADIDENTITY"
+    type: "bool"
+    kind: "flag"
+    default:
+      disablePrompt: true
+      value: false
+    description: "flag to enable workload identity"
+    versions: ">=0.0.1"
+  - name: "SERVICEACCOUNT"
+    type: "string"
+    kind: "kubernetesResourceName"
+    conditionalReference:
+      variable: "ENABLEWORKLOADIDENTITY"
+      conditionValue: true
+    default:
+      disablePrompt: true
+      value: "service-account"
+    description: "the name of the service account to use with workload identity"
+    versions: ">=0.0.1"
+  - name: "ENVSECRETREF"
+    type: "string"
+    kind: "kubernetesResourceName"
+    default:
+      disablePrompt: true
+      value: "secret-ref"
+    description: "the name of the configmap reference"
     versions: ">=0.0.1"