Updated plugin.yaml file after replacing deprecated configurations

Author: ritwik-g

docs/ADRs/001-helm-values-manager.md

@@ -26,32 +26,107 @@ We have decided to implement the **Helm Values Manager** as a **Helm plugin writ
 
 ## YAML Structure
 
+The configuration follows this structure:
+
 ```yaml
+version: "1.0"  # Schema version
 release: my-release
 
 deployments:
   dev:
     secrets_backend: aws_secrets_manager
+    secrets_config:
+      region: us-west-2
+      secret_prefix: "/dev/myapp/"
+      auth:
+        type: env  # Use AWS environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
+        # Alternative: type: file, path: "~/.aws/credentials"
+        # Alternative: type: direct
+        #             access_key_id: "AKIA..."
+        #             secret_access_key: "xyz..."
+
+  staging:
+    secrets_backend: google_secret_manager
+    secrets_config:
+      project_id: "my-gcp-project"
+      secret_prefix: "myapp-staging-"
+      auth:
+        type: file
+        path: "/path/to/gcp-service-account.json"
+        # Alternative: type: env, credential_env: "GOOGLE_APPLICATION_CREDENTIALS"
+        # Alternative: type: direct
+        #             credentials_json: "{...}"
+
   prod:
     secrets_backend: azure_key_vault
+    secrets_config:
+      vault_url: "https://my-prod-vault.vault.azure.net"
+      auth:
+        type: managed_identity  # Use Azure Managed Identity
+        # Alternative: type: service_principal
+        #             tenant_id: "${AZURE_TENANT_ID}"
+        #             client_id: "${AZURE_CLIENT_ID}"
+        #             client_secret: "${AZURE_CLIENT_SECRET}"
+
+  local:
+    secrets_backend: git_secret
+    secrets_config:
+      gpg_key: "${GPG_KEY}"  # GPG key for decryption
+      secret_files_path: "./.gitsecret"  # Path to git-secret files
+      auth:
+        type: file
+        path: "~/.gnupg/secring.gpg"
+        # Alternative: type: env
+        #             passphrase_env: "GIT_SECRET_PASSPHRASE"
+        # Alternative: type: direct
+        #             passphrase: "your-passphrase"
 
 config:
   - key: DATABASE_URL
     path: global.database.url
+    description: "Database connection string for the application"
     required: true
     sensitive: true
     values:
       dev: "mydb://dev-connection"
+      staging: "mydb://staging-connection"
       prod: "mydb://prod-connection"
+      local: "mydb://localhost"
+
   - key: LOG_LEVEL
     path: global.logging.level
+    description: "Application logging verbosity level"
     required: false
     sensitive: false
     values:
       dev: "debug"
+      staging: "info"
       prod: "warn"
+      local: "debug"
 ```
 
+### Secret Backend Configuration
+
+The configuration supports multiple secret backend types with flexible authentication methods:
+
+1. **Authentication Methods**:
+   - `env`: Use environment variables
+   - `file`: Use credential files
+   - `direct`: Direct credential specification (not recommended for production)
+   - `managed_identity`: For cloud-native authentication (Azure)
+
+2. **Supported Secret Backends**:
+   - AWS Secrets Manager
+   - Google Secret Manager
+   - Azure Key Vault
+   - git-secret (for local development)
+
+3. **Authentication Patterns**:
+   - Environment variables for cloud credentials
+   - Credential files for service accounts
+   - Direct credentials (development only)
+   - Managed identities for cloud services
+
 ## Consequences
 - The project will be built as a Helm plugin with Python as the core language.
 - Secret backends must be configured separately for security compliance.

plugin.yaml

@@ -5,70 +5,19 @@ description: |-
   This plugin helps you manage Helm values and secrets across different environments
   while supporting multiple secret backends like AWS Secrets Manager, Azure Key Vault,
   and HashiCorp Vault.
-command: "$HELM_PLUGIN_DIR/bin/wrapper.sh"
+platformCommand:
+  - os: linux
+    arch: amd64
+    command: "$HELM_PLUGIN_DIR/bin/wrapper.sh"
+  - os: darwin
+    arch: amd64
+    command: "$HELM_PLUGIN_DIR/bin/wrapper.sh"
+  - os: darwin
+    arch: arm64
+    command: "$HELM_PLUGIN_DIR/bin/wrapper.sh"
+  - os: windows
+    arch: amd64
+    command: "$HELM_PLUGIN_DIR/bin/wrapper.bat"
 hooks:
-  install: |
-    #!/bin/bash
-
-    # Check if Python 3.8 or higher is available
-    python_version=$(python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))')
-    required_version="3.8"
-
-    if [ "$(printf '%s\n' "$required_version" "$python_version" | sort -V | head -n1)" = "$required_version" ]; then
-      # Python version is >= 3.8, proceed with installation
-      python3 -m pip install -e .
-    else
-      echo "Error: Python 3.8 or higher is required (found $python_version)"
-      exit 1
-    fi
-
-    mkdir -p $HELM_PLUGIN_DIR/bin
-
-    # Create Python script with error handling
-    cat > $HELM_PLUGIN_DIR/bin/helm_values_manager.py << 'EOF'
-    #!/usr/bin/env python3
-    import sys
-    import os
-
-    try:
-        sys.path.insert(0, os.path.join(os.environ["HELM_PLUGIN_DIR"], "lib"))
-        from helm_values_manager import helm_values_manager
-    except ImportError as e:
-        print(f"Error: Failed to import helm_values_manager: {e}", file=sys.stderr)
-        print("This might be due to missing dependencies or incorrect installation.", file=sys.stderr)
-        sys.exit(1)
-    except Exception as e:
-        print(f"Error: {e}", file=sys.stderr)
-        sys.exit(1)
-
-    if __name__ == '__main__':
-        sys.exit(helm_values_manager())
-    EOF
-
-    # Create wrapper script with error handling
-    cat > $HELM_PLUGIN_DIR/bin/wrapper.sh << 'EOF'
-    #!/bin/sh
-
-    # Ensure HELM_PLUGIN_DIR is set
-    if [ -z "$HELM_PLUGIN_DIR" ]; then
-        echo "Error: HELM_PLUGIN_DIR environment variable is not set"
-        exit 1
-    fi
-
-    # Ensure the Python script exists
-    if [ ! -f "$HELM_PLUGIN_DIR/bin/helm_values_manager.py" ]; then
-        echo "Error: helm_values_manager.py not found"
-        exit 1
-    fi
-
-    # Run the Python script with proper error handling
-    python3 "$HELM_PLUGIN_DIR/bin/helm_values_manager.py" "$@"
-    EOF
-
-    chmod +x $HELM_PLUGIN_DIR/bin/helm_values_manager.py
-    chmod +x $HELM_PLUGIN_DIR/bin/wrapper.sh
-
-    echo "helm-values-manager plugin installed successfully"
-  update: |
-    #!/bin/sh
-    pip install --target $HELM_PLUGIN_DIR/lib --upgrade .
+  install: "scripts/install.sh"
+  update: "scripts/update.sh"

pyproject.toml

@@ -38,9 +38,6 @@ dev = [
     "pre-commit>=3.6.0",
 ]
 
-[project.scripts]
-helm-values-manager = "helm_values_manager:helm_values_manager"
-
 [tool.black]
 line-length = 100
 target-version = ['py38']

scripts/install.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# Check if Python 3.8 or higher is available
+python_version=$(python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))')
+required_version="3.8"
+
+if [ "$(printf '%s\n' "$required_version" "$python_version" | sort -V | head -n1)" = "$required_version" ]; then
+  # Python version is >= 3.8, proceed with installation
+  python3 -m pip install -e .
+else
+  echo "Error: Python 3.8 or higher is required (found $python_version)"
+  exit 1
+fi
+
+mkdir -p $HELM_PLUGIN_DIR/bin
+
+# Create Python script with error handling
+cat > $HELM_PLUGIN_DIR/bin/helm_values_manager.py << 'EOF'
+#!/usr/bin/env python3
+import sys
+import os
+
+try:
+    sys.path.insert(0, os.path.join(os.environ["HELM_PLUGIN_DIR"], "lib"))
+    from helm_values_manager import helm_values_manager
+except ImportError as e:
+    print(f"Error: Failed to import helm_values_manager: {e}", file=sys.stderr)
+    print("This might be due to missing dependencies or incorrect installation.", file=sys.stderr)
+    sys.exit(1)
+except Exception as e:
+    print(f"Error: {e}", file=sys.stderr)
+    sys.exit(1)
+
+if __name__ == '__main__':
+    sys.exit(helm_values_manager())
+EOF
+
+# Create wrapper script with error handling
+cat > $HELM_PLUGIN_DIR/bin/wrapper.sh << 'EOF'
+#!/bin/sh
+
+# Ensure HELM_PLUGIN_DIR is set
+if [ -z "$HELM_PLUGIN_DIR" ]; then
+    echo "Error: HELM_PLUGIN_DIR environment variable is not set"
+    exit 1
+fi
+
+# Ensure the Python script exists
+if [ ! -f "$HELM_PLUGIN_DIR/bin/helm_values_manager.py" ]; then
+    echo "Error: helm_values_manager.py not found"
+    exit 1
+fi
+
+# Run the Python script with proper error handling
+python3 "$HELM_PLUGIN_DIR/bin/helm_values_manager.py" "$@"
+EOF
+
+# Create Windows wrapper script
+cat > $HELM_PLUGIN_DIR/bin/wrapper.bat << 'EOF'
+@echo off
+setlocal
+
+if "%HELM_PLUGIN_DIR%"=="" (
+    echo Error: HELM_PLUGIN_DIR environment variable is not set
+    exit /b 1
+)
+
+if not exist "%HELM_PLUGIN_DIR%\bin\helm_values_manager.py" (
+    echo Error: helm_values_manager.py not found
+    exit /b 1
+)
+
+python "%HELM_PLUGIN_DIR%\bin\helm_values_manager.py" %*
+EOF
+
+chmod +x $HELM_PLUGIN_DIR/bin/helm_values_manager.py
+chmod +x $HELM_PLUGIN_DIR/bin/wrapper.sh
+
+echo "helm-values-manager plugin installed successfully"

scripts/update.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Update the plugin using pip
+pip install --target $HELM_PLUGIN_DIR/lib --upgrade .
+
+# Re-run the install script to ensure all files are properly set up
+$HELM_PLUGIN_DIR/scripts/install.sh