diff --git a/CHANGELOG.md b/CHANGELOG.md index 8349712..b284f0d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## [1.7.3] - 2026-05-20 + +### Added +- **ESO ExternalSecret `version` support**: `harnesscommon.secrets.generateExternalSecret` now emits `remoteRef.version` when a `version` field is provided on a `remoteKeys` entry. The value is rendered with quotes preserved (e.g. `version: "1"`) so numeric-looking versions stay as strings. When `version` is absent or empty, no `version` field is emitted, preserving prior behavior. + ## [1.7.2] - 2026-05-18 ### Fixed diff --git a/ci/test-chart/Chart.lock b/ci/test-chart/Chart.lock index bb3b9b6..e24684f 100644 --- a/ci/test-chart/Chart.lock +++ b/ci/test-chart/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: harness-common repository: file://../../src/common - version: 1.7.2 -digest: sha256:0ed6cadfefa49ca3a981733b86861bd32d129c9d8111838dfba28ebb6f48a930 -generated: "2026-05-18T10:51:34.093756-06:00" + version: 1.7.3 +digest: sha256:33b2acacca658f391cb53f5801f4078a4450151823b40fb1a25c703011aeede1 +generated: "2026-05-20T13:43:52.087403-06:00" diff --git a/ci/test-chart/ci-values/eso-secret-no-version.yaml b/ci/test-chart/ci-values/eso-secret-no-version.yaml new file mode 100644 index 0000000..4d39d17 --- /dev/null +++ b/ci/test-chart/ci-values/eso-secret-no-version.yaml @@ -0,0 +1,16 @@ +secrets: + secretManagement: + externalSecretsOperator: + - secretStore: + name: "shared" + kind: "ClusterSecretStore" + remoteKeys: + APP_SECRET_A: + name: "REMOTE_SECRET_A" + property: "REMOTE_PROPERTY_A" + APP_TOKEN_A: + name: "REMOTE_TOKEN_A" + property: "" + APP_WEBHOOK: + name: "REMOTE_WEBHOOK" + property: "" diff --git a/ci/test-chart/ci-values/eso-secret-version-int.yaml b/ci/test-chart/ci-values/eso-secret-version-int.yaml new file mode 100644 index 0000000..b170fc7 --- /dev/null +++ b/ci/test-chart/ci-values/eso-secret-version-int.yaml @@ -0,0 +1,11 @@ +secrets: + secretManagement: + externalSecretsOperator: + - secretStore: + name: "shared" + kind: "ClusterSecretStore" + remoteKeys: + APP_CERT: + name: "REMOTE_CERT" + version: 1 + property: "" diff --git a/ci/test-chart/ci-values/eso-secret-version-string.yaml b/ci/test-chart/ci-values/eso-secret-version-string.yaml new file mode 100644 index 0000000..09d3af7 --- /dev/null +++ b/ci/test-chart/ci-values/eso-secret-version-string.yaml @@ -0,0 +1,11 @@ +secrets: + secretManagement: + externalSecretsOperator: + - secretStore: + name: "shared" + kind: "ClusterSecretStore" + remoteKeys: + APP_CERT: + name: "REMOTE_CERT" + version: latest + property: "" diff --git a/ci/test-chart/ci-values/eso-secret-version.yaml b/ci/test-chart/ci-values/eso-secret-version.yaml new file mode 100644 index 0000000..98b0bd6 --- /dev/null +++ b/ci/test-chart/ci-values/eso-secret-version.yaml @@ -0,0 +1,30 @@ +secrets: + secretManagement: + externalSecretsOperator: + - secretStore: + name: "shared" + kind: "ClusterSecretStore" + remoteKeys: + APP_SECRET_A: + name: "REMOTE_SECRET_A" + property: "REMOTE_PROPERTY_A" + APP_CERT: + name: "REMOTE_CERT" + version: "1" + property: "" + APP_KEY: + name: "REMOTE_KEY" + version: "1" + property: "" + APP_TOKEN_A: + name: "REMOTE_TOKEN_A" + property: "" + APP_WEBHOOK: + name: "REMOTE_WEBHOOK" + property: "" + APP_TOKEN_B: + name: "REMOTE_TOKEN_B" + property: "" + APP_ACCOUNT_ID: + name: "REMOTE_ACCOUNT_ID" + property: "" diff --git a/ci/test-chart/templates/eso-secret-test.yaml b/ci/test-chart/templates/eso-secret-test.yaml new file mode 100644 index 0000000..0657cae --- /dev/null +++ b/ci/test-chart/templates/eso-secret-test.yaml @@ -0,0 +1,3 @@ +{{- if dig "secretManagement" "externalSecretsOperator" false (.Values.secrets | default dict) }} +{{ include "harnesscommon.secrets.generateExternalSecret" (dict "ctx" . "secretsCtx" .Values.secrets "secretNamePrefix" "eso-secret-test") }} +{{- end }} diff --git a/ci/test-chart/tests/eso_secret_test.yaml b/ci/test-chart/tests/eso_secret_test.yaml new file mode 100644 index 0000000..aa07164 --- /dev/null +++ b/ci/test-chart/tests/eso_secret_test.yaml @@ -0,0 +1,92 @@ +suite: ESO ExternalSecret (harnesscommon.secrets.generateExternalSecret) +templates: + - eso-secret-test.yaml +release: + name: harness-common-test + namespace: default +tests: + - it: should render version (quoted) when remoteKey has version + values: + - ../values.yaml + - ../ci-values/eso-secret-version.yaml + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ExternalSecret + - contains: + path: spec.data + content: + secretKey: app_cert + remoteRef: + key: REMOTE_CERT + version: "1" + - contains: + path: spec.data + content: + secretKey: app_key + remoteRef: + key: REMOTE_KEY + version: "1" + - contains: + path: spec.data + content: + secretKey: app_secret_a + remoteRef: + key: REMOTE_SECRET_A + property: REMOTE_PROPERTY_A + - contains: + path: spec.data + content: + secretKey: app_token_a + remoteRef: + key: REMOTE_TOKEN_A + + - it: should quote unquoted string version (e.g. latest) + values: + - ../values.yaml + - ../ci-values/eso-secret-version-string.yaml + asserts: + - equal: + path: spec.data + value: + - secretKey: app_cert + remoteRef: + key: REMOTE_CERT + version: "latest" + + - it: should quote bare integer version + values: + - ../values.yaml + - ../ci-values/eso-secret-version-int.yaml + asserts: + - equal: + path: spec.data + value: + - secretKey: app_cert + remoteRef: + key: REMOTE_CERT + version: "1" + + - it: should not render version when remoteKey has no version + values: + - ../values.yaml + - ../ci-values/eso-secret-no-version.yaml + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ExternalSecret + - equal: + path: spec.data + value: + - secretKey: app_secret_a + remoteRef: + key: REMOTE_SECRET_A + property: REMOTE_PROPERTY_A + - secretKey: app_token_a + remoteRef: + key: REMOTE_TOKEN_A + - secretKey: app_webhook + remoteRef: + key: REMOTE_WEBHOOK diff --git a/src/common/Chart.yaml b/src/common/Chart.yaml index 1b62569..55c770e 100644 --- a/src/common/Chart.yaml +++ b/src/common/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.7.2 +version: 1.7.3 # This is the version number of the application being deployed. This version number should be diff --git a/src/common/templates/_eso-secrets-helper.tpl b/src/common/templates/_eso-secrets-helper.tpl index f3495e3..6b45903 100644 --- a/src/common/templates/_eso-secrets-helper.tpl +++ b/src/common/templates/_eso-secrets-helper.tpl @@ -229,6 +229,9 @@ spec: - secretKey: {{ lower $remoteKeyName | replace "-" "_" }} remoteRef: key: {{ $remoteKey.name }} + {{- if not (empty $remoteKey.version) }} + version: {{ $remoteKey.version | quote }} + {{- end }} {{- if not (empty $remoteKey.property) }} property: {{ $remoteKey.property }} {{- end }}