From bf464dfd8094592265b52d03bda7e3e2f9020a68 Mon Sep 17 00:00:00 2001
From: Ryan Dyer <ryan.dyer@favordelivery.com>
Date: Wed, 23 Oct 2024 08:45:57 -0500
Subject: [PATCH] Set aws file secrets as individual files
Signed-off-by: Ryan Dyer <ryan.dyer@favordelivery.com>
---
charts/atlantis/Chart.yaml | 2 +-
charts/atlantis/README.md | 2 +-
charts/atlantis/templates/statefulset.yaml | 14 +++++++++++++-
charts/atlantis/values.yaml | 2 +-
4 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml
index 81316299..f51924ac 100644
--- a/charts/atlantis/Chart.yaml
+++ b/charts/atlantis/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
appVersion: v0.30.0
description: A Helm chart for Atlantis https://www.runatlantis.io
name: atlantis
-version: 5.7.0
+version: 5.7.1
keywords:
- terraform
home: https://www.runatlantis.io
diff --git a/charts/atlantis/README.md b/charts/atlantis/README.md
index 36667512..8ddeddca 100644
--- a/charts/atlantis/README.md
+++ b/charts/atlantis/README.md
@@ -79,7 +79,7 @@ extraManifests:
| atlantisDataDirectory | string | `"/atlantis-data"` | Path to the data directory for the volumeMount. |
| atlantisUrl | string | `""` | An option to override the atlantis url, if not using an ingress, set it to the external IP. Check values.yaml for examples. |
| aws | object | `{}` | To specify AWS credentials to be mapped to ~/.aws or to aws.directory. Check values.yaml for examples. |
-| awsSecretName | string | `""` | To reference an already existing Secret object with AWS credentials |
+| awsSecretName | string | `""` | To reference an already existing Secret object with AWS credentials. This has priority over the aws.config and aws.credential fields. |
| azuredevops | object | `{}` | If using Azure DevOps, please enter your values as follows. The chart will perform the base64 encoding for you for values that are stored in secrets. Check values.yaml for examples. |
| basicAuth | object | `{"password":"","username":""}` | Optionally specify an username and a password for basic authentication. |
| basicAuthSecretName | string | `""` | If managing secrets outside the chart for the Basic Auth secret, use this variable to reference the secret name. |
diff --git a/charts/atlantis/templates/statefulset.yaml b/charts/atlantis/templates/statefulset.yaml
index 342b3b63..17ae4cdd 100644
--- a/charts/atlantis/templates/statefulset.yaml
+++ b/charts/atlantis/templates/statefulset.yaml
@@ -565,10 +565,22 @@ spec:
mountPath: /home/atlantis/.netrc
subPath: netrc
{{- end }}
- {{- if or .Values.aws.credentials .Values.aws.config .Values.awsSecretName }}
+ {{- if .Values.awsSecretName }}
- name: aws-volume
readOnly: true
mountPath: {{ .Values.aws.directory | default "/home/atlantis/.aws" }}
+ {{- else }}
+ {{- range $filename, $_ := .Values.aws }}
+ {{- if has $filename (list "credentials" "config") }}
+ - name: aws-volume
+ readOnly: true
+ mountPath: {{ $.Values.aws.directory | default "/home/atlantis/.aws" }}/{{ $filename }}
+ subPath: {{ $filename }}
+ {{- else if has $filename (list "awsSecretName") }}
+ - name: aws-volume
+ readOnly: true
+ mountPath: {{ $.Values.aws.directory | default "/home/atlantis/.aws" }}
+ {{- end }}
{{- end }}
{{- if .Values.tlsSecretName }}
- name: tls
diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml
index df2c9308..5e5d581c 100644
--- a/charts/atlantis/values.yaml
+++ b/charts/atlantis/values.yaml
@@ -145,7 +145,7 @@ aws: {}
# source_profile = default
# directory: "/home/atlantis/.aws"
-# -- To reference an already existing Secret object with AWS credentials
+# -- To reference an already existing Secret object with AWS credentials. This has priority over the aws.config and aws.credential fields.
awsSecretName: ""
# -- To keep backwards compatibility only.