From fc46d79887625ba3780c78b04245b85ae03f08ee Mon Sep 17 00:00:00 2001
From: Stephan Feurer <stephan.feurer@vshn.net>
Date: Fri, 20 Sep 2024 14:55:57 +0200
Subject: [PATCH] Support creating secrets in component

---
 class/defaults.yml                                    |  2 ++
 component/main.jsonnet                                |  3 +++
 docs/modules/ROOT/pages/references/parameters.adoc    | 11 +++++++++++
 .../openshift4-logging/99_secrets.yaml                | 11 +++++++++++
 tests/master.yml                                      |  5 +++++
 5 files changed, 32 insertions(+)
 create mode 100644 tests/golden/master/openshift4-logging/openshift4-logging/99_secrets.yaml

diff --git a/class/defaults.yml b/class/defaults.yml
index e7f48e6..82e6027 100644
--- a/class/defaults.yml
+++ b/class/defaults.yml
@@ -76,6 +76,8 @@ parameters:
     namespaceLogForwarderEnabled: false
     namespaceLogForwarder: {}
 
+    secrets: {}
+
     operatorResources:
       clusterLogging:
         requests:
diff --git a/component/main.jsonnet b/component/main.jsonnet
index bed6382..84edfa1 100644
--- a/component/main.jsonnet
+++ b/component/main.jsonnet
@@ -84,11 +84,14 @@ local subscriptions = std.filter(function(it) it != null, [
   elasticsearch,
 ]);
 
+local secrets = com.generateResources(params.secrets, kube.Secret);
+
 // Define outputs below
 {
   '00_namespace': namespace,
   '10_operator_group': operatorGroup,
   '20_subscriptions': subscriptions,
+  [if std.length(params.secrets) > 0 then '99_secrets']: secrets,
 }
 + (import 'config_logging.libsonnet')
 + (import 'config_forwarding.libsonnet')
diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
index 568d1ee..177b50c 100644
--- a/docs/modules/ROOT/pages/references/parameters.adoc
+++ b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -388,6 +388,17 @@ A dictionary holding the `.spec` for namespaced log forwarding.
 See in examples below for configuration.
 
 
+== `secrets`
+
+[horizontal]
+type:: dict
+default:: `{}`
+
+A dict of secrets to create in the namespace.
+The key is the name of the secret, the value is the content of the secret.
+The value must be a dict with a key `stringData` which is a dict of key/value pairs to add to the secret.
+
+
 == Examples
 
 [source,yaml]
diff --git a/tests/golden/master/openshift4-logging/openshift4-logging/99_secrets.yaml b/tests/golden/master/openshift4-logging/openshift4-logging/99_secrets.yaml
new file mode 100644
index 0000000..aef57e2
--- /dev/null
+++ b/tests/golden/master/openshift4-logging/openshift4-logging/99_secrets.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+data: {}
+kind: Secret
+metadata:
+  annotations: {}
+  labels:
+    name: my-secret
+  name: my-secret
+stringData:
+  secret-key: t-silent-test-1234/c-green-test-1234/secret-value
+type: Opaque
diff --git a/tests/master.yml b/tests/master.yml
index b46f792..d0afa9c 100644
--- a/tests/master.yml
+++ b/tests/master.yml
@@ -82,3 +82,8 @@ parameters:
               - my-apps
             outputRefs:
               - custom-forwarder
+
+    secrets:
+      my-secret:
+        stringData:
+          secret-key: '?{vaultkv:${cluster:tenant}/${cluster:name}/secret-value}'