Skip to content

Hotfix/add versions external secrets #222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gyoza wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Hotfix/add versions external secrets #222

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a64b016
Adds version support for external secrets
gyoza May 20, 2026
c7b056f
Add ESO ExternalSecret tests for remoteRef.version
gyoza May 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# Changelog

## [1.7.3] - 2026-05-20

### Added
- **ESO ExternalSecret `version` support**: `harnesscommon.secrets.generateExternalSecret` now emits `remoteRef.version` when a `version` field is provided on a `remoteKeys` entry. The value is rendered with quotes preserved (e.g. `version: "1"`) so numeric-looking versions stay as strings. When `version` is absent or empty, no `version` field is emitted, preserving prior behavior.

## [1.7.2] - 2026-05-18

### Fixed
Expand Down
6 changes: 3 additions & 3 deletions ci/test-chart/Chart.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: harness-common
repository: file://../../src/common
version: 1.7.2
digest: sha256:0ed6cadfefa49ca3a981733b86861bd32d129c9d8111838dfba28ebb6f48a930
generated: "2026-05-18T10:51:34.093756-06:00"
version: 1.7.3
digest: sha256:33b2acacca658f391cb53f5801f4078a4450151823b40fb1a25c703011aeede1
generated: "2026-05-20T13:43:52.087403-06:00"
16 changes: 16 additions & 0 deletions ci/test-chart/ci-values/eso-secret-no-version.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
secrets:
secretManagement:
externalSecretsOperator:
- secretStore:
name: "shared"
kind: "ClusterSecretStore"
remoteKeys:
APP_SECRET_A:
name: "REMOTE_SECRET_A"
property: "REMOTE_PROPERTY_A"
APP_TOKEN_A:
name: "REMOTE_TOKEN_A"
property: ""
APP_WEBHOOK:
name: "REMOTE_WEBHOOK"
property: ""
11 changes: 11 additions & 0 deletions ci/test-chart/ci-values/eso-secret-version-int.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
secrets:
secretManagement:
externalSecretsOperator:
- secretStore:
name: "shared"
kind: "ClusterSecretStore"
remoteKeys:
APP_CERT:
name: "REMOTE_CERT"
version: 1
property: ""
11 changes: 11 additions & 0 deletions ci/test-chart/ci-values/eso-secret-version-string.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
secrets:
secretManagement:
externalSecretsOperator:
- secretStore:
name: "shared"
kind: "ClusterSecretStore"
remoteKeys:
APP_CERT:
name: "REMOTE_CERT"
version: latest
property: ""
30 changes: 30 additions & 0 deletions ci/test-chart/ci-values/eso-secret-version.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
secrets:
secretManagement:
externalSecretsOperator:
- secretStore:
name: "shared"
kind: "ClusterSecretStore"
remoteKeys:
APP_SECRET_A:
name: "REMOTE_SECRET_A"
property: "REMOTE_PROPERTY_A"
APP_CERT:
name: "REMOTE_CERT"
version: "1"
property: ""
APP_KEY:
name: "REMOTE_KEY"
version: "1"
property: ""
APP_TOKEN_A:
name: "REMOTE_TOKEN_A"
property: ""
APP_WEBHOOK:
name: "REMOTE_WEBHOOK"
property: ""
APP_TOKEN_B:
name: "REMOTE_TOKEN_B"
property: ""
APP_ACCOUNT_ID:
name: "REMOTE_ACCOUNT_ID"
property: ""
3 changes: 3 additions & 0 deletions ci/test-chart/templates/eso-secret-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{{- if dig "secretManagement" "externalSecretsOperator" false (.Values.secrets | default dict) }}
{{ include "harnesscommon.secrets.generateExternalSecret" (dict "ctx" . "secretsCtx" .Values.secrets "secretNamePrefix" "eso-secret-test") }}
{{- end }}
92 changes: 92 additions & 0 deletions ci/test-chart/tests/eso_secret_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
suite: ESO ExternalSecret (harnesscommon.secrets.generateExternalSecret)
templates:
- eso-secret-test.yaml
release:
name: harness-common-test
namespace: default
tests:
- it: should render version (quoted) when remoteKey has version
values:
- ../values.yaml
- ../ci-values/eso-secret-version.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ExternalSecret
- contains:
path: spec.data
content:
secretKey: app_cert
remoteRef:
key: REMOTE_CERT
version: "1"
- contains:
path: spec.data
content:
secretKey: app_key
remoteRef:
key: REMOTE_KEY
version: "1"
- contains:
path: spec.data
content:
secretKey: app_secret_a
remoteRef:
key: REMOTE_SECRET_A
property: REMOTE_PROPERTY_A
- contains:
path: spec.data
content:
secretKey: app_token_a
remoteRef:
key: REMOTE_TOKEN_A

- it: should quote unquoted string version (e.g. latest)
values:
- ../values.yaml
- ../ci-values/eso-secret-version-string.yaml
asserts:
- equal:
path: spec.data
value:
- secretKey: app_cert
remoteRef:
key: REMOTE_CERT
version: "latest"

- it: should quote bare integer version
values:
- ../values.yaml
- ../ci-values/eso-secret-version-int.yaml
asserts:
- equal:
path: spec.data
value:
- secretKey: app_cert
remoteRef:
key: REMOTE_CERT
version: "1"

- it: should not render version when remoteKey has no version
values:
- ../values.yaml
- ../ci-values/eso-secret-no-version.yaml
asserts:
- hasDocuments:
count: 1
- isKind:
of: ExternalSecret
- equal:
path: spec.data
value:
- secretKey: app_secret_a
remoteRef:
key: REMOTE_SECRET_A
property: REMOTE_PROPERTY_A
- secretKey: app_token_a
remoteRef:
key: REMOTE_TOKEN_A
- secretKey: app_webhook
remoteRef:
key: REMOTE_WEBHOOK
2 changes: 1 addition & 1 deletion src/common/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: library
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.7.2
version: 1.7.3


# This is the version number of the application being deployed. This version number should be
Expand Down
3 changes: 3 additions & 0 deletions src/common/templates/_eso-secrets-helper.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,9 @@ spec:
- secretKey: {{ lower $remoteKeyName | replace "-" "_" }}
remoteRef:
key: {{ $remoteKey.name }}
{{- if not (empty $remoteKey.version) }}
version: {{ $remoteKey.version | quote }}
{{- end }}
{{- if not (empty $remoteKey.property) }}
property: {{ $remoteKey.property }}
{{- end }}
Expand Down
Loading