Update Audittrail with Nakadi write permissions

zaklawrencea · zaklawrencea · commit 95111c7a7634 · 2024-01-09T13:40:32.000+01:00
diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
@@ -667,6 +667,7 @@ audittrail_url: "https://audittrail.cloud.zalando.com"
 {{else}}
 audittrail_url: ""
 {{end}}
+audittrail_nakadi_url: ""
 audittrail_root_account_role: ""
 
 audittrail_adapter_cpu: "50m"
diff --git a/cluster/manifests/audittrail-adapter/credentials.yaml b/cluster/manifests/audittrail-adapter/credentials.yaml
@@ -1,4 +1,4 @@
-{{- if .Cluster.ConfigItems.audittrail_url }}
+{{- if or (ne .Cluster.ConfigItems.audittrail_url "") (ne .Cluster.ConfigItems.audittrail_nakadi_url "") }}
 apiVersion: "zalando.org/v1"
 kind: PlatformCredentialsSet
 metadata:
@@ -8,7 +8,15 @@ metadata:
      application: "audittrail-adapter"
 spec:
    application: "audittrail-adapter"
+   token_version: v2
    tokens:
+{{- end }}
+{{- if ne .Cluster.ConfigItems.audittrail_url "" }}
      audittrail:
        privileges: []
 {{- end }}
+{{- if ne .Cluster.ConfigItems.audittrail_nakadi_url "" }}
+     nakadi:
+       privileges:
+       - com.zalando::nakadi.event_stream.write
+{{- end }}
