Adds ability to optionally inject ssh and x509 data.

Adds the `enabled` flag to these secrets sections to allow the user to optionally disable injection of these certs and keys. Addresses smallstep#52
estenrye · Jul 19, 2021 · 24d42aa · 24d42aa
1 parent beee137
commit 24d42aa
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/step-certificates/templates/configmaps.yaml b/step-certificates/templates/configmaps.yaml
@@ -33,12 +33,16 @@ metadata:
     {{- include "step-certificates.labels" . | nindent 4 }}
 {{- if .Values.inject.enabled }}
 data:
+  {{- if .Values.inject.secrets.x509.enabled }}
   intermediate_ca.crt: |-
     {{- .Values.inject.certificates.intermediate_ca | nindent 4 }}
   root_ca.crt: |-
     {{- .Values.inject.certificates.root_ca | nindent 4 }}
+  {{- end }}
+  {{- if .Values.inject.secrets.ssh.enabled }}
   ssh_host_ca_key.pub: {{ .Values.inject.certificates.ssh_host_ca }}
   ssh_user_ca_key.pub:  {{ .Values.inject.certificates.ssh_user_ca }}
+  {{- end }}
 {{- end }}
 {{- end }}
 ---

diff --git a/step-certificates/templates/secrets.yaml b/step-certificates/templates/secrets.yaml
@@ -40,12 +40,16 @@ metadata:
   name: {{ include "step-certificates.fullname" . }}-secrets
   namespace: {{ .Release.Namespace }}
 stringData:
+  {{- if .Values.inject.secrets.x509.enabled }}
   intermediate_ca_key: |-
     {{- .Values.inject.secrets.x509.intermediate_ca_key  | nindent 4 }}
   root_ca_key: |-
     {{- .Values.inject.secrets.x509.root_ca_key | nindent 4 }}
+  {{- end }}
+  {{- if .Values.inject.secrets.ssh.enabled }}
   ssh_host_ca_key: |-
     {{- .Values.inject.secrets.ssh.host_ca_key | nindent 4 }}
   ssh_user_ca_key: |-
     {{- .Values.inject.secrets.ssh.user_ca_key | nindent 4 }}
+  {{- end}}
 {{- end }}
diff --git a/step-certificates/values.yaml b/step-certificates/values.yaml
@@ -134,6 +134,8 @@ inject:
     provisioner_password: Cg==
 
     x509:
+      # enabled disables injection of x509 certificates and keys when set to false.
+      enabled: true
       # intermediate_ca_key contains the contents of your encrypted intermediate CA key
       intermediate_ca_key: ""
       # intermediate_ca_key: |
@@ -152,6 +154,8 @@ inject:
       #   -----END EC PRIVATE KEY-----
 
     ssh:
+      # enabled disables injection of ssh certificates and keys when set to false.
+      enabled: true
       # ssh_host_ca_key contains the contents of your encrypted SSH Host CA key
       host_ca_key: ""
       # host_ca_key: |