From 73a77df489b89f0bfcac5edadb1a81d63ff052f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristhian=20Fern=C3=A1ndez?= <CristhianF7@gmail.com>
Date: Wed, 14 Feb 2024 16:29:02 -0500
Subject: [PATCH] feat: secret store ref (#297)

---
 internal/services/services.go     | 5 +++--
 pkg/providerConfigs/detokenize.go | 6 ++++--
 pkg/providerConfigs/types.go      | 1 +
 pkg/utils/tokens.go               | 3 ++-
 4 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/internal/services/services.go b/internal/services/services.go
index 2862a45b..355d9214 100644
--- a/internal/services/services.go
+++ b/internal/services/services.go
@@ -77,9 +77,11 @@ func CreateService(cl *pkgtypes.Cluster, serviceName string, appDef *pkgtypes.Gi
 	gitopsRepo, _ := git.PlainOpen(tmpGitopsDir)
 
 	clusterName := cl.ClusterName
+	secretStoreRef := "vault-kv-secret"
 
 	if req.WorkloadClusterName != "" {
 		clusterName = req.WorkloadClusterName
+		secretStoreRef = fmt.Sprintf("%s-vault-kv-secret", req.WorkloadClusterName)
 	}
 
 	registryPath := getRegistryPath(clusterName, cl.CloudProvider, req.IsTemplate)
@@ -160,7 +162,7 @@ func CreateService(cl *pkgtypes.Cluster, serviceName string, appDef *pkgtypes.Gi
 
 	if !req.IsTemplate {
 		//Create Tokens
-		gitopsKubefirstTokens := utils.CreateTokensFromDatabaseRecord(cl, registryPath)
+		gitopsKubefirstTokens := utils.CreateTokensFromDatabaseRecord(cl, registryPath, secretStoreRef)
 
 		//Detokenize App Template
 		err = providerConfigs.DetokenizeGitGitops(catalogServiceFolder, gitopsKubefirstTokens, cl.GitProtocol, cl.CloudflareAuth.OriginCaIssuerKey != "")
@@ -498,5 +500,4 @@ func getRegistryPath(clusterName string, cloudProvider string, isTemplate bool)
 	} else {
 		return fmt.Sprintf("registry/clusters/%s", clusterName)
 	}
-
 }
diff --git a/pkg/providerConfigs/detokenize.go b/pkg/providerConfigs/detokenize.go
index f258b07e..c905ddd5 100644
--- a/pkg/providerConfigs/detokenize.go
+++ b/pkg/providerConfigs/detokenize.go
@@ -82,8 +82,6 @@ func detokenizeGitops(path string, tokens *GitopsDirectoryValues, gitProtocol st
 				newContents = strings.Replace(newContents, "<KUBEFIRST_STATE_STORE_BUCKET_HOSTNAME>", tokens.StateStoreBucketHostname, -1)
 				newContents = strings.Replace(newContents, "<WORKLOAD_CLUSTER_TERRAFORM_MODULE_URL>", tokens.WorkloadClusterTerraformModuleURL, -1)
 				newContents = strings.Replace(newContents, "<WORKLOAD_CLUSTER_BOOTSTRAP_TERRAFORM_MODULE_URL>", tokens.WorkloadClusterBootstrapTerraformModuleURL, -1)
-				newContents = strings.Replace(newContents, "<REGISTRY_PATH>", tokens.RegistryPath, -1)
-
 				newContents = strings.Replace(newContents, "<NODE_TYPE>", tokens.NodeType, -1)
 				newContents = strings.Replace(newContents, "<NODE_COUNT>", fmt.Sprint(tokens.NodeCount), -1)
 
@@ -143,6 +141,10 @@ func detokenizeGitops(path string, tokens *GitopsDirectoryValues, gitProtocol st
 				newContents = strings.Replace(newContents, "<EXTERNAL_DNS_PROVIDER_SECRET_KEY>", tokens.ExternalDNSProviderSecretKey, -1)
 				newContents = strings.Replace(newContents, "<EXTERNAL_DNS_DOMAIN_NAME>", tokens.DomainName, -1)
 
+				// Catalog
+				newContents = strings.Replace(newContents, "<REGISTRY_PATH>", tokens.RegistryPath, -1)
+				newContents = strings.Replace(newContents, "<SECRET_STORE_REF>", tokens.SecretStoreRef, -1)
+
 				//origin issuer defines which annotations should be on ingresses
 				if useCloudflareOriginIssuer {
 					newContents = strings.Replace(newContents, "<CERT_MANAGER_ISSUER_ANNOTATION_1>", "cert-manager.io/issuer: cloudflare-origin-issuer", -1)
diff --git a/pkg/providerConfigs/types.go b/pkg/providerConfigs/types.go
index 1a5ea5dd..b6f7e3db 100644
--- a/pkg/providerConfigs/types.go
+++ b/pkg/providerConfigs/types.go
@@ -41,6 +41,7 @@ type GitopsDirectoryValues struct {
 	VaultDataBucketName            string
 	VouchIngressURL                string
 	RegistryPath                   string
+	SecretStoreRef                 string
 
 	AwsIamArnAccountRoot string
 	AwsKmsKeyId          string
diff --git a/pkg/utils/tokens.go b/pkg/utils/tokens.go
index 1f1b0a22..3e015481 100644
--- a/pkg/utils/tokens.go
+++ b/pkg/utils/tokens.go
@@ -18,7 +18,7 @@ import (
 	"github.com/thanhpk/randstr"
 )
 
-func CreateTokensFromDatabaseRecord(cl *pkgtypes.Cluster, registryPath string) *providerConfigs.GitopsDirectoryValues {
+func CreateTokensFromDatabaseRecord(cl *pkgtypes.Cluster, registryPath string, secretStoreRef string) *providerConfigs.GitopsDirectoryValues {
 	env, _ := env.GetEnv(constants.SilenceGetEnv)
 
 	fullDomainName := ""
@@ -90,6 +90,7 @@ func CreateTokensFromDatabaseRecord(cl *pkgtypes.Cluster, registryPath string) *
 		VaultIngressNoHTTPSURL:         fmt.Sprintf("vault.%s", fullDomainName),
 		VouchIngressURL:                fmt.Sprintf("https://vouch.%s", fullDomainName),
 		RegistryPath:                   registryPath,
+		SecretStoreRef:                 secretStoreRef,
 
 		GitDescription:       fmt.Sprintf("%s hosted git", cl.GitProvider),
 		GitNamespace:         "N/A",