chore(shield): add ssl config mapping for windows host-shield (#2286)

Author: francesco-furlan

charts/shield/Chart.yaml

@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: [email protected]
 type: application
-version: 1.8.2
+version: 1.8.3
 appVersion: "1.0.0"

charts/shield/templates/host/_windows_configmap_helpers.tpl

@@ -65,6 +65,14 @@
 {{- end -}}
 {{- $_ := set $config "cluster_config" $clusterConfig -}}
 
+{{- $sslConfig := dict "verify" .Values.ssl.verify -}}
+{{- if (include "common.custom_ca.enabled" .) }}
+  {{- $path := (include "common.custom_ca.path" (merge (dict) . (dict "CACertsPath" "certificates/"))) }}
+  {{- $_ := set $sslConfig "ca" (dict "cert_path" $path) }}
+{{- end -}}
+
+{{- $_ := set $config "ssl" $sslConfig -}}
+
 {{- $config := merge $config (dict "proxy" (include "host.proxy_config" . | fromYaml)) }}
 
 {{- if and (include "common.semver.is_valid" .Values.host_windows.image.tag) (semverCompare ">= 0.8.0" .Values.host_windows.image.tag) }}

charts/shield/tests/host/configmap-windows-host-shield-config_test.yaml

@@ -437,3 +437,22 @@ tests:
                 additional_settings:
                   connection_timeout: 1000
                   k8s_cluster_name: test-cluster
+
+  - it: Test ssl custom ca settings
+    set:
+      ssl:
+        verify: true
+        ca:
+          certs:
+            - "-----BEGIN CERTIFICATE-----\nMIID...==\n-----END CERTIFICATE-----"
+          key_name: "rootCA.crt"
+    asserts:
+      - notExists:
+          path: data['dragent.yaml']
+      - matchRegex:
+          path: data['host-shield.yaml']
+          pattern: |
+            ssl:
+              ca:
+                cert_path: certificates/rootCA.crt
+              verify: true