Skip to content

Commit f4d0c2e

Browse files
committed
[VC-48429] helm chart updates
Enables secret sending by default when ToS is accepted. Also adds acceptTerms validation, which causes the chart to error out if the value is not set. The error looks like this: ```console $ helm template foo ./deploy/charts/disco-agent Error: execution error at (disco-agent/templates/deployment.yaml:2:6): ================================================================= Terms & Conditions Notice ================================================================= Before installing this application, you must review and accept the terms and conditions available at: https://www.cyberark.com/contract-terms/ To proceed with installation, you must indicate acceptance by setting: - In your values file: acceptTerms: true or - Via the Helm flag: --set acceptTerms=true By continuing with the next command, you confirm that you have reviewed and accepted these terms and conditions. ================================================================= ``` Signed-off-by: Ashley Davis <ashley.davis@cyberark.com>
1 parent eec603e commit f4d0c2e

File tree

6 files changed

+31
-10
lines changed

6 files changed

+31
-10
lines changed

deploy/charts/disco-agent/README.md

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,13 @@ kubectl logs deployments/disco-agent --namespace "${NAMESPACE}" --follow
9191
> ```
9292
9393
This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
94+
#### **acceptTerms** ~ `bool`
95+
> Default value:
96+
> ```yaml
97+
> false
98+
> ```
99+
100+
Must be set to indicate that you have read and accepted the CyberArk Terms of Service. If false, the helm chart will fail to install and will print a message with instructions on how to accept the TOS.
94101
#### **image.repository** ~ `string`
95102
> Default value:
96103
> ```yaml
@@ -298,10 +305,11 @@ This description will be associated with the data that the agent uploads to the
298305
#### **config.sendSecretValues** ~ `bool`
299306
> Default value:
300307
> ```yaml
301-
> false
308+
> true
302309
> ```
303310
304-
Enable sending of Secret values to CyberArk in addition to metadata. Metadata is always sent, but the actual values of Secrets are not sent by default. When enabled, Secret data is encrypted using envelope encryption using a key managed by CyberArk. Default: false (but default will change to true for a future release)
311+
Enable sending of Secret values to CyberArk in addition to metadata. Metadata is always sent, but the actual values of Secrets are not sent by default. When enabled, Secret data is encrypted using envelope encryption using a key managed by CyberArk, fetched from the Discovery and Context service.
312+
Default: true
305313
#### **authentication.secretName** ~ `string`
306314
> Default value:
307315
> ```yaml

deploy/charts/disco-agent/templates/deployment.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
{{- if not .Values.acceptTerms }}
2+
{{- fail "\n\n=================================================================\n Terms & Conditions Notice\n=================================================================\n\nBefore installing this application, you must review and accept\nthe terms and conditions available at:\nhttps://www.cyberark.com/contract-terms/\n\nTo proceed with installation, you must indicate acceptance by\nsetting:\n\n - In your values file: acceptTerms: true\n or\n - Via the Helm flag: --set acceptTerms=true\n\nBy continuing with the next command, you confirm that you have\nreviewed and accepted these terms and conditions.\n\n=================================================================\n" }}
3+
{{- end }}
14
apiVersion: apps/v1
25
kind: Deployment
36
metadata:

deploy/charts/disco-agent/values.schema.json

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@
33
"helm-values": {
44
"additionalProperties": false,
55
"properties": {
6+
"acceptTerms": {
7+
"$ref": "#/$defs/helm-values.acceptTerms"
8+
},
69
"affinity": {
710
"$ref": "#/$defs/helm-values.affinity"
811
},
@@ -84,6 +87,11 @@
8487
},
8588
"type": "object"
8689
},
90+
"helm-values.acceptTerms": {
91+
"default": false,
92+
"description": "Must be set to indicate that you have read and accepted the CyberArk Terms of Service. If false, the helm chart will fail to install and will print a message with instructions on how to accept the TOS.",
93+
"type": "boolean"
94+
},
8795
"helm-values.affinity": {
8896
"default": {},
8997
"type": "object"
@@ -152,8 +160,8 @@
152160
"type": "string"
153161
},
154162
"helm-values.config.sendSecretValues": {
155-
"default": false,
156-
"description": "Enable sending of Secret values to CyberArk in addition to metadata. Metadata is always sent, but the actual values of Secrets are not sent by default. When enabled, Secret data is encrypted using envelope encryption using a key managed by CyberArk. Default: false (but default will change to true for a future release)",
163+
"default": true,
164+
"description": "Enable sending of Secret values to CyberArk in addition to metadata. Metadata is always sent, but the actual values of Secrets are not sent by default. When enabled, Secret data is encrypted using envelope encryption using a key managed by CyberArk, fetched from the Discovery and Context service.\nDefault: true",
157165
"type": "boolean"
158166
},
159167
"helm-values.extraArgs": {

deploy/charts/disco-agent/values.yaml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@
55
# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
66
replicaCount: 1
77

8+
# Must be set to indicate that you have read and accepted the CyberArk Terms of Service. If false, the helm chart will fail to install and will print a message with instructions on how to accept the TOS.
9+
acceptTerms: false
10+
811
# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
912
image:
1013
repository: ""
@@ -157,9 +160,9 @@ config:
157160
# Enable sending of Secret values to CyberArk in addition to metadata.
158161
# Metadata is always sent, but the actual values of Secrets are not sent by default.
159162
# When enabled, Secret data is encrypted using envelope encryption using
160-
# a key managed by CyberArk.
161-
# Default: false (but default will change to true for a future release)
162-
sendSecretValues: false
163+
# a key managed by CyberArk, fetched from the Discovery and Context service.
164+
# Default: true
165+
sendSecretValues: true
163166

164167
authentication:
165168
secretName: agent-credentials

hack/ark/test-e2e.sh

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,6 @@ kubectl apply -f "${root_dir}/hack/ark/cluster-external-secret.yaml"
101101

102102
# We use a non-existent tag and omit the `--version` flag, to work around a Helm
103103
# v4 bug. See: https://github.com/helm/helm/issues/31600
104-
# TODO: shouldn't need to set config.sendSecretValues because it will default to true in future
105104
helm upgrade agent "oci://${ARK_CHART}:NON_EXISTENT_TAG@${ARK_CHART_DIGEST}" \
106105
--install \
107106
--wait \
@@ -114,7 +113,7 @@ helm upgrade agent "oci://${ARK_CHART}:NON_EXISTENT_TAG@${ARK_CHART_DIGEST}" \
114113
--set config.clusterName="e2e-test-cluster" \
115114
--set config.clusterDescription="A temporary cluster for E2E testing. Contact @wallrj-cyberark." \
116115
--set config.period=60s \
117-
--set config.sendSecretValues=true \
116+
--set acceptTerms=true \
118117
--set-json "podLabels={\"disco-agent.cyberark.cloud/test-id\": \"${RANDOM}\"}"
119118

120119
kubectl rollout status deployments/disco-agent --namespace "${NAMESPACE}"

make/ark/02_mod.mk

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ ark-test-e2e: $(NEEDS_KIND) $(NEEDS_KUBECTL) $(NEEDS_HELM)
4747
## Verify the Helm chart
4848
## @category CyberArk Discovery and Context
4949
ark-verify:
50-
$(MAKE) verify-helm-lint verify-helm-values verify-pod-security-standards verify-helm-kubeconform \
50+
INSTALL_OPTIONS="--set acceptTerms=true" $(MAKE) verify-helm-lint verify-helm-values verify-pod-security-standards verify-helm-kubeconform \
5151
helm_chart_source_dir=deploy/charts/disco-agent \
5252
helm_chart_image_name=$(ARK_CHART)
5353

0 commit comments

Comments
 (0)