fix: Azure aks scanner (#14)

adityachoudhari26 · web-flow · commit 0c3a7849ee59 · 2025-01-17T10:36:56.000-08:00
diff --git a/charts/ctrlplane/Chart.yaml b/charts/ctrlplane/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: ctrlplane
 description: Ctrlplane Helm chart for Kubernetes
 type: application
-version: 0.3.6
+version: 0.3.7
 appVersion: "1.16.0"
 
 maintainers:
diff --git a/charts/ctrlplane/charts/event-worker/templates/deployment.yaml b/charts/ctrlplane/charts/event-worker/templates/deployment.yaml
@@ -78,6 +78,16 @@ spec:
             - name: GITHUB_BOT_NAME
               value: {{ .name }}
             {{- end }}
+            {{- with (include "ctrlplane.azureApp" . | fromYaml) }}
+            - name: AZURE_APP_CLIENT_ID
+              value: {{ .clientId | quote }}
+            - name: AZURE_APP_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .secretRef }}
+                  key: AZURE_APP_CLIENT_SECRET
+                  optional: true
+            {{- end }}
             {{- include "ctrlplane.extraEnv" . | nindent 12 }}
             {{- include "ctrlplane.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }}
           resources:
diff --git a/charts/ctrlplane/charts/webservice/templates/deployment.yaml b/charts/ctrlplane/charts/webservice/templates/deployment.yaml
@@ -115,6 +115,10 @@ spec:
             # - name: OTEL_EXPORTER_OTLP_ENDPOINT
               # value: http://{{ $.Release.Name }}-otel:4318
             {{- end }}
+            {{- with (include "ctrlplane.azureApp" . | fromYaml) }}
+            - name: AZURE_APP_CLIENT_ID
+              value: {{ .clientId | quote }}
+            {{- end }}
             {{- include "ctrlplane.extraEnv" . | nindent 12 }}
             {{- include "ctrlplane.extraEnvFrom" (dict "root" $ "local" .) | nindent 12 }}
           livenessProbe:
diff --git a/charts/ctrlplane/templates/_azure.tpl b/charts/ctrlplane/templates/_azure.tpl
@@ -0,0 +1,9 @@
+{{/*
+  Azure app configuration
+*/}}
+{{- define "ctrlplane.azureApp" -}}
+{{- if .Values.global.integrations.azure }}
+clientId: {{ .Values.global.integrations.azure.appClientId }}
+secretRef: {{ .Release.Name }}-connections
+{{- end -}}
+{{- end -}}
diff --git a/charts/ctrlplane/templates/secrets.yaml b/charts/ctrlplane/templates/secrets.yaml
@@ -18,6 +18,9 @@ data:
   {{- if .Values.global.integrations.github.bot.webhookSecret }}
   GITHUB_WEBHOOK_SECRET: {{ .Values.global.integrations.github.bot.webhookSecret | b64enc }}
   {{- end }}
+  {{- if .Values.global.integrations.azure.appClientSecret }}
+  AZURE_APP_CLIENT_SECRET: {{ .Values.global.integrations.azure.appClientSecret | b64enc }}
+  {{- end }}
 ---
 {{- $secretName := (printf "%s-encryption-key" .Release.Name) }}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
diff --git a/charts/ctrlplane/values.yaml b/charts/ctrlplane/values.yaml
@@ -39,6 +39,9 @@ global:
         clientSecret: ""
         privateKey: ""
         webhookSecret: ""
+    azure:
+      appClientId: ""
+      appClientSecret: ""
 
 webservice:
   install: true
