feat: add apprisk type

snyk · Nov 13, 2024 · a5ff0ea · a5ff0ea
1 parent 3ba03fe
commit a5ff0ea
Show file tree

Hide file tree

Showing 6 changed files with 200 additions and 0 deletions.
diff --git a/charts/snyk-broker/templates/_scmConfig.tpl b/charts/snyk-broker/templates/_scmConfig.tpl
@@ -172,6 +172,44 @@ Return the Nexus URL secret name and key
       key: {{ include "snyk-broker.nexusUrlSecretKey" . }}
 {{- end }}
 
+
+{{/*
+Return Sonarqube url
+*/}}
+{{- define "snyk-broker.sonarqubeHostUrl" }}
+- name: SONARQUBE_HOST_URL
+  value: {{ .Values.sonarqubeHostUrl }}
+{{- end }}
+{{/*
+Return the Sonarqube API Token secret name and key
+*/}}
+{{- define "snyk-broker.sonarqubeApiTokenSecretName" -}}
+{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }}
+{{- .Values.sonarqubeApiTokenSecret.name | default (printf "apprisk-sonarqube-api-token%s" $suffix) }}
+{{- end }}
+
+{{- define "snyk-broker.sonarqubeApiTokenSecretKey" -}}
+{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }}
+{{- .Values.sonarqubeApiTokenSecret.key | default "apprisk-sonarqube-api-token" }}
+{{- end }}
+
+{{- define "snyk-broker.sonarqubeApiToken" }}
+{{- $suffix := ( .Values.disableSuffixes | default false ) | ternary "" ( printf "-%s" .Release.Name ) }}
+- name: SONARQUBE_API_TOKEN
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "snyk-broker.sonarqubeApiTokenSecretName" . }}
+      key: {{ include "snyk-broker.sonarqubeApiTokenSecretKey" . }}
+{{- end }}
+
+{{/*
+Return checkmarx host
+*/}}
+{{- define "snyk-broker.checkmarx" }}
+- name: CHECKMARX
+  value: {{ .Values.checkmarx }}
+{{- end }}
+
 {{/*
 Return the Broker Client Validation URL secret name and key
 */}}
@@ -239,6 +277,33 @@ GITLAB_TOKEN (gitlab)
 {{- include "snyk-broker.scmTokenPool" . }}
 {{- end }}
 
+{{/*
+Return sonarqube config for apprisk
+*/}}
+{{- define "snyk-broker.apprisktype" }}
+{{- if or (and .Values.sonarqubeHostUrl (ne .Values.sonarqubeHostUrl "")) (and .Values.checkmarx (ne .Values.checkmarx "")) }}
+{{- if and .Values.sonarqubeHostUrl (ne .Values.sonarqubeHostUrl "") }}
+{{- include "snyk-broker.sonarqubeHostUrl" . }}
+{{- include "snyk-broker.sonarqubeApiToken" . }}
+{{- end}}
+{{- if and .Values.checkmarx (ne .Values.checkmarx "") }}
+{{- include "snyk-broker.checkmarx" . }}
+{{- end}}
+{{- else}}
+{{- fail "Error: Either or both .Values.sonarqubeHostUrl or .Values.checkmarx must be defined and not empty." }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+  Define apprisk values
+  */}}
+  {{- define "snyk-broker.apprisk" -}}
+  {{- if eq .Values.scmType "apprisk" }}
+  {{- include "snyk-broker.apprisktype" . }}
+  {{- end }}
+  {{- end }}
+
 {{/*
 Define github-com values
 */}}

diff --git a/charts/snyk-broker/templates/broker_deployment.yaml b/charts/snyk-broker/templates/broker_deployment.yaml
@@ -107,6 +107,7 @@ spec:
               value: {{ .Values.healthCheckPath }}
             - name: BROKER_SYSTEMCHECK_PATH
               value: {{ .Values.systemCheckPath }}
+{{- include "snyk-broker.apprisk" . | indent 12 }}
 {{- include "snyk-broker.githubCom" . | indent 12 }}
 {{- include "snyk-broker.githubEnterprise" . | indent 12 }}
 {{- include "snyk-broker.gitlab" . | indent 12 }}

diff --git a/charts/snyk-broker/templates/secrets.yaml b/charts/snyk-broker/templates/secrets.yaml
@@ -79,6 +79,16 @@ data:
   {{ include "snyk-broker.nexusUrlSecretKey" . }} : {{ .Values.nexusUrl | b64enc | quote }}
 ---
 {{- end}}
+{{- if .Values.sonarqubeApiToken }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "snyk-broker.sonarqubeApiTokenSecretName" . }}
+type: Opaque
+data:
+  {{ include "snyk-broker.sonarqubeApiTokenSecretKey" . }} : {{ .Values.sonarqubeApiToken | b64enc | quote }}
+---
+{{- end}}
 {{- if and (.Values.httpsCert) (.Values.httpsKey) }}
 apiVersion: v1
 kind: Secret

diff --git a/charts/snyk-broker/tests/broker_deployment_apprisk_type_test.yaml b/charts/snyk-broker/tests/broker_deployment_apprisk_type_test.yaml
@@ -0,0 +1,116 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: broker deployment (apprisk type)
+chart:
+  version: 0.0.0
+values:
+  - ./fixtures/default_values.yaml
+templates:
+  - secrets.yaml
+  - broker_deployment.yaml
+
+tests:
+  - it: should create secrets if sonarqubeHostUrl is defined
+    template: secrets.yaml
+    set:
+      sonarqubeHostUrl: https://mysonarqube
+      sonarqubeApiToken: abc123
+      disableSuffixes: true
+      scmType: apprisk
+    asserts:
+
+      - isKind:
+          of: Secret
+        documentSelector:
+          path: metadata.name
+          value: apprisk-sonarqube-api-token-release-name
+      - equal:
+          path: data.apprisk-sonarqube-api-token
+          value: YWJjMTIz
+        documentIndex: 2
+        documentSelector:
+          path: metadata.name
+          value: apprisk-sonarqube-api-token-release-name
+      - hasDocuments:
+          count: 3
+
+  - it: should not create secrets if checkmarx only is defined
+    template: secrets.yaml
+    set:
+      checkmarx: https://checkmarx
+      scmType: apprisk
+      disableSuffixes: true
+    asserts:
+      - hasDocuments:
+          count: 2
+      - notEqual:
+          path: metadata.name
+          value: apprisk-sonarqube-api-token-release-name
+        documentIndex: 0
+      - notEqual:
+          path: metadata.name
+          value: apprisk-sonarqube-api-token-release-name
+        documentIndex: 1
+
+  - it: should create secrets if sonarqubeHostUrl is defined and checkmarx is set
+    template: secrets.yaml
+    set:
+      sonarqubeHostUrl: https://mysonarqube
+      sonarqubeApiToken: abc123
+      checkmarx: https://checkmarx
+      disableSuffixes: true
+      scmType: apprisk
+    asserts:
+
+      - isKind:
+          of: Secret
+        documentSelector:
+          path: metadata.name
+          value: apprisk-sonarqube-api-token-release-name
+      - equal:
+          path: data.apprisk-sonarqube-api-token
+          value: YWJjMTIz
+        documentIndex: 2
+        documentSelector:
+          path: metadata.name
+          value: apprisk-sonarqube-api-token-release-name
+      - hasDocuments:
+          count: 3
+
+
+  - it: references secrets in deployment and correct image
+    release:
+      name: unittest
+    template: broker_deployment.yaml
+    set:
+      sonarqubeHostUrl: https://mysonarqube
+      sonarqubeApiToken: abc123
+      checkmarx: https://checkmarx
+      disableSuffixes: true
+      scmType: apprisk
+
+    asserts:
+      - equal:
+          path: metadata.name
+          value: apprisk-broker
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: CHECKMARX
+            value: https://checkmarx
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: SONARQUBE_HOST_URL
+            value: https://mysonarqube
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: SONARQUBE_API_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: apprisk-sonarqube-api-token
+                key: "apprisk-sonarqube-api-token"
+      - equal:
+          path: spec.template.spec.containers[0].image
+          value: snyk/broker:apprisk
+
diff --git a/charts/snyk-broker/values.schema.json b/charts/snyk-broker/values.schema.json
@@ -87,6 +87,7 @@
     "scmType": {
       "type": "string",
       "enum": [
+        "apprisk",
         "github-com",
         "github-enterprise",
         "bitbucket-server",

diff --git a/charts/snyk-broker/values.yaml b/charts/snyk-broker/values.yaml
@@ -221,6 +221,13 @@ crImage: "latest"
 # Set to 'true' to enable AppRisk
 enableAppRisk: ""
 
+checkmarx: ""
+sonarqubeHostUrl: ""
+sonarqubeApiToken: ""
+sonarqubeApiTokenSecret:
+  name: ""
+  key: ""
+
 ##### Code Agent #####
 
 # Set to 'true' to enable Code Agent