feat: secret store ref (#297)

internal/services/services.go

@@ -77,9 +77,11 @@ func CreateService(cl *pkgtypes.Cluster, serviceName string, appDef *pkgtypes.Gi
 	gitopsRepo, _ := git.PlainOpen(tmpGitopsDir)
 
 	clusterName := cl.ClusterName
+	secretStoreRef := "vault-kv-secret"
 
 	if req.WorkloadClusterName != "" {
 		clusterName = req.WorkloadClusterName
+		secretStoreRef = fmt.Sprintf("%s-vault-kv-secret", req.WorkloadClusterName)
 	}
 
 	registryPath := getRegistryPath(clusterName, cl.CloudProvider, req.IsTemplate)
@@ -160,7 +162,7 @@ func CreateService(cl *pkgtypes.Cluster, serviceName string, appDef *pkgtypes.Gi
 
 	if !req.IsTemplate {
 		//Create Tokens
-		gitopsKubefirstTokens := utils.CreateTokensFromDatabaseRecord(cl, registryPath)
+		gitopsKubefirstTokens := utils.CreateTokensFromDatabaseRecord(cl, registryPath, secretStoreRef)
 
 		//Detokenize App Template
 		err = providerConfigs.DetokenizeGitGitops(catalogServiceFolder, gitopsKubefirstTokens, cl.GitProtocol, cl.CloudflareAuth.OriginCaIssuerKey != "")
@@ -498,5 +500,4 @@ func getRegistryPath(clusterName string, cloudProvider string, isTemplate bool)
 	} else {
 		return fmt.Sprintf("registry/clusters/%s", clusterName)
 	}
-
 }

pkg/providerConfigs/detokenize.go

@@ -82,8 +82,6 @@ func detokenizeGitops(path string, tokens *GitopsDirectoryValues, gitProtocol st
 				newContents = strings.Replace(newContents, "<KUBEFIRST_STATE_STORE_BUCKET_HOSTNAME>", tokens.StateStoreBucketHostname, -1)
 				newContents = strings.Replace(newContents, "<WORKLOAD_CLUSTER_TERRAFORM_MODULE_URL>", tokens.WorkloadClusterTerraformModuleURL, -1)
 				newContents = strings.Replace(newContents, "<WORKLOAD_CLUSTER_BOOTSTRAP_TERRAFORM_MODULE_URL>", tokens.WorkloadClusterBootstrapTerraformModuleURL, -1)
-				newContents = strings.Replace(newContents, "<REGISTRY_PATH>", tokens.RegistryPath, -1)
-
 				newContents = strings.Replace(newContents, "<NODE_TYPE>", tokens.NodeType, -1)
 				newContents = strings.Replace(newContents, "<NODE_COUNT>", fmt.Sprint(tokens.NodeCount), -1)
 
@@ -143,6 +141,10 @@ func detokenizeGitops(path string, tokens *GitopsDirectoryValues, gitProtocol st
 				newContents = strings.Replace(newContents, "<EXTERNAL_DNS_PROVIDER_SECRET_KEY>", tokens.ExternalDNSProviderSecretKey, -1)
 				newContents = strings.Replace(newContents, "<EXTERNAL_DNS_DOMAIN_NAME>", tokens.DomainName, -1)
 
+				// Catalog
+				newContents = strings.Replace(newContents, "<REGISTRY_PATH>", tokens.RegistryPath, -1)
+				newContents = strings.Replace(newContents, "<SECRET_STORE_REF>", tokens.SecretStoreRef, -1)
+
 				//origin issuer defines which annotations should be on ingresses
 				if useCloudflareOriginIssuer {
 					newContents = strings.Replace(newContents, "<CERT_MANAGER_ISSUER_ANNOTATION_1>", "cert-manager.io/issuer: cloudflare-origin-issuer", -1)

pkg/providerConfigs/types.go

@@ -41,6 +41,7 @@ type GitopsDirectoryValues struct {
 	VaultDataBucketName            string
 	VouchIngressURL                string
 	RegistryPath                   string
+	SecretStoreRef                 string
 
 	AwsIamArnAccountRoot string
 	AwsKmsKeyId          string

pkg/utils/tokens.go

@@ -18,7 +18,7 @@ import (
 	"github.com/thanhpk/randstr"
 )
 
-func CreateTokensFromDatabaseRecord(cl *pkgtypes.Cluster, registryPath string) *providerConfigs.GitopsDirectoryValues {
+func CreateTokensFromDatabaseRecord(cl *pkgtypes.Cluster, registryPath string, secretStoreRef string) *providerConfigs.GitopsDirectoryValues {
 	env, _ := env.GetEnv(constants.SilenceGetEnv)
 
 	fullDomainName := ""
@@ -90,6 +90,7 @@ func CreateTokensFromDatabaseRecord(cl *pkgtypes.Cluster, registryPath string) *
 		VaultIngressNoHTTPSURL:         fmt.Sprintf("vault.%s", fullDomainName),
 		VouchIngressURL:                fmt.Sprintf("https://vouch.%s", fullDomainName),
 		RegistryPath:                   registryPath,
+		SecretStoreRef:                 secretStoreRef,
 
 		GitDescription:       fmt.Sprintf("%s hosted git", cl.GitProvider),
 		GitNamespace:         "N/A",