feat(infisical): add service token rendering as secret

flipt-io · Feb 19, 2024 · c4c4a55 · c4c4a55
1 parent ce7d2aa
commit c4c4a55
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/infisical-secrets-operator/templates/config.cue b/infisical-secrets-operator/templates/config.cue
@@ -81,6 +81,13 @@ import (
 	affinity?: corev1.#Affinity
 	topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint]
 
+	infisical: {
+		serviceToken?: {
+			name:  *"infisicalservicetoken" | string
+			token: string
+		}
+	}
+
 	initSecrets?: [Name=string]: {
 		metadata: name: Name
 		...
@@ -109,6 +116,10 @@ import (
 			"\(k)": v
 		}
 
+		if config.infisical.serviceToken != _|_ {
+			infisicalservicetoken: #Secret & {#config: config}
+		}
+
 		if config.initSecrets != _|_ {
 			for k, v in (config.initSecrets) {
 				"\(k)": v & #InfisicalSecret & {#config: config}

diff --git a/infisical-secrets-operator/templates/secrets.cue b/infisical-secrets-operator/templates/secrets.cue
@@ -1,9 +1,21 @@
 package templates
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	infisicalsecretv1alpha1 "secrets.infisical.com/infisicalsecret/v1alpha1"
 )
 
+#Secret: corev1.#Secret & {
+	#config:    #Config
+	apiVersion: "v1"
+	kind:       "Secret"
+	metadata: {
+		name:      #config.infisical.serviceToken.name
+		namespace: #config.metadata.namespace
+	}
+	stringData: serviceToken: #config.infisical.serviceToken.token
+}
+
 #InfisicalSecret: infisicalsecretv1alpha1.#InfisicalSecret & {
 	#config: #Config
 	metadata: {