From 24d42aa42caa8834fd8d1f9830a6337e3f6a66a4 Mon Sep 17 00:00:00 2001
From: Esten Rye <esten.rye@ryezone.com>
Date: Mon, 19 Jul 2021 17:36:51 -0500
Subject: [PATCH] Adds ability to optionally inject ssh and x509 data.

Adds the `enabled` flag to these secrets sections to allow
the user to optionally disable injection of these certs and keys.

Addresses #52
---
 step-certificates/templates/configmaps.yaml | 4 ++++
 step-certificates/templates/secrets.yaml    | 4 ++++
 step-certificates/values.yaml               | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/step-certificates/templates/configmaps.yaml b/step-certificates/templates/configmaps.yaml
index ef87367..f62d2ff 100644
--- a/step-certificates/templates/configmaps.yaml
+++ b/step-certificates/templates/configmaps.yaml
@@ -33,12 +33,16 @@ metadata:
     {{- include "step-certificates.labels" . | nindent 4 }}
 {{- if .Values.inject.enabled }}
 data:
+  {{- if .Values.inject.secrets.x509.enabled }}
   intermediate_ca.crt: |-
     {{- .Values.inject.certificates.intermediate_ca | nindent 4 }}
   root_ca.crt: |-
     {{- .Values.inject.certificates.root_ca | nindent 4 }}
+  {{- end }}
+  {{- if .Values.inject.secrets.ssh.enabled }}
   ssh_host_ca_key.pub: {{ .Values.inject.certificates.ssh_host_ca }}
   ssh_user_ca_key.pub:  {{ .Values.inject.certificates.ssh_user_ca }}
+  {{- end }}
 {{- end }}
 {{- end }}
 ---
diff --git a/step-certificates/templates/secrets.yaml b/step-certificates/templates/secrets.yaml
index 209600d..e698ede 100644
--- a/step-certificates/templates/secrets.yaml
+++ b/step-certificates/templates/secrets.yaml
@@ -40,12 +40,16 @@ metadata:
   name: {{ include "step-certificates.fullname" . }}-secrets
   namespace: {{ .Release.Namespace }}
 stringData:
+  {{- if .Values.inject.secrets.x509.enabled }}
   intermediate_ca_key: |-
     {{- .Values.inject.secrets.x509.intermediate_ca_key  | nindent 4 }}
   root_ca_key: |-
     {{- .Values.inject.secrets.x509.root_ca_key | nindent 4 }}
+  {{- end }}
+  {{- if .Values.inject.secrets.ssh.enabled }}
   ssh_host_ca_key: |-
     {{- .Values.inject.secrets.ssh.host_ca_key | nindent 4 }}
   ssh_user_ca_key: |-
     {{- .Values.inject.secrets.ssh.user_ca_key | nindent 4 }}
+  {{- end}}
 {{- end }}
diff --git a/step-certificates/values.yaml b/step-certificates/values.yaml
index 15333d0..8ff7703 100644
--- a/step-certificates/values.yaml
+++ b/step-certificates/values.yaml
@@ -134,6 +134,8 @@ inject:
     provisioner_password: Cg==
 
     x509:
+      # enabled disables injection of x509 certificates and keys when set to false.
+      enabled: true
       # intermediate_ca_key contains the contents of your encrypted intermediate CA key
       intermediate_ca_key: ""
       # intermediate_ca_key: |
@@ -152,6 +154,8 @@ inject:
       #   -----END EC PRIVATE KEY-----
 
     ssh:
+      # enabled disables injection of ssh certificates and keys when set to false.
+      enabled: true
       # ssh_host_ca_key contains the contents of your encrypted SSH Host CA key
       host_ca_key: ""
       # host_ca_key: |