Merge pull request #482 from kubefirst/fix-deploy-token-logic

fix: no more named deploy tokens by project
konstructio · Apr 14, 2023 · e21b02f · e21b02f
2 parents 0a3b838 + 39e50d0
commit e21b02f
Show file tree

Hide file tree

Showing 23 changed files with 62 additions and 62 deletions.
diff --git a/aws-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/aws-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts:

diff --git a/aws-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml b/aws-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml
@@ -16,12 +16,12 @@ spec:
     - extract:
         key: /ci-secrets
 ---
-apiVersion: "external-secrets.io/v1beta1"
+apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
   name: argo-secrets
   annotations:
-    argocd.argoproj.io/sync-wave: "0"
+    argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
     name: argo-secrets
@@ -42,12 +42,12 @@ spec:
 apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
-  name: metaphor-deploy-token
+  name: container-registry-auth
   annotations:
     argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
-    name: metaphor-deploy-token
+    name: container-registry-auth
   secretStoreRef:
     kind: ClusterSecretStore
     name: vault-kv-secret

diff --git a/aws-gitlab/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/aws-gitlab/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts:

diff --git a/civo-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/civo-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts:

diff --git a/civo-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml b/civo-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml
@@ -16,12 +16,12 @@ spec:
     - extract:
         key: /ci-secrets
 ---
-apiVersion: "external-secrets.io/v1beta1"
+apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
   name: argo-secrets
   annotations:
-    argocd.argoproj.io/sync-wave: "0"
+    argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
     name: argo-secrets
@@ -42,12 +42,12 @@ spec:
 apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
-  name: metaphor-deploy-token
+  name: container-registry-auth
   annotations:
     argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
-    name: metaphor-deploy-token
+    name: container-registry-auth
   secretStoreRef:
     kind: ClusterSecretStore
     name: vault-kv-secret

diff --git a/civo-gitlab/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/civo-gitlab/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts:

diff --git a/civo-gitlab/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml b/civo-gitlab/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml
@@ -1,9 +1,9 @@
-apiVersion: "external-secrets.io/v1beta1"
+apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
   name: ci-secrets
   annotations:
-    argocd.argoproj.io/sync-wave: "0"
+    argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
     name: ci-secrets
@@ -33,12 +33,12 @@ spec:
         property: SSH_PRIVATE_KEY
       secretKey: SSH_PRIVATE_KEY
 ---
-apiVersion: "external-secrets.io/v1beta1"
+apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
   name: argo-secrets
   annotations:
-    argocd.argoproj.io/sync-wave: "0"
+    argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
     name: argo-secrets
@@ -59,18 +59,18 @@ spec:
 apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
-  name: metaphor-deploy-token
+  name: container-registry-auth
   annotations:
     argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
-    name: metaphor-deploy-token
+    name: container-registry-auth
   secretStoreRef:
     kind: ClusterSecretStore
     name: vault-kv-secret
   refreshInterval: 10s
   data:
     - remoteRef:
-        key: deploy-tokens/metaphor
+        key: deploy-tokens/container-registry-auth
         property: auth
       secretKey: config.json
diff --git a/civo-gitlab/terraform/vault/secrets.tf b/civo-gitlab/terraform/vault/secrets.tf
@@ -32,12 +32,12 @@ resource "vault_generic_secret" "external_dns_secrets" {
   depends_on = [vault_mount.secret]
 }
 
-resource "vault_generic_secret" "metaphor_deploy_token" {
-  path = "secret/deploy-tokens/metaphor"
+resource "vault_generic_secret" "container_registry_auth" {
+  path = "secret/deploy-tokens/container-registry-auth"
 
   data_json = jsonencode(
     {
-      auth = jsonencode({ "auths" : { "registry.gitlab.com" : { "username" : "metaphor-deploy-token", "password" : "${var.metaphor_deploy_token}", "email" : "[email protected]", "auth" : "${var.b64_docker_auth}" } } }),
+      auth = jsonencode({ "auths" : { "registry.gitlab.com" : { "username" : "container-registry-auth", "password" : "${var.container_registry_auth}", "email" : "[email protected]", "auth" : "${var.b64_docker_auth}" } } }),
     }
   )
 
@@ -62,7 +62,7 @@ resource "vault_generic_secret" "docker_config" {
 
   data_json = jsonencode(
     {
-      dockerconfig = jsonencode({ "auths" : { "registry.gitlab.com" : { "username" : "metaphor-deploy-token", "password" : "${var.metaphor_deploy_token}", "email" : "[email protected]", "auth" : "${var.b64_docker_auth}" } } }),
+      dockerconfig = jsonencode({ "auths" : { "registry.gitlab.com" : { "username" : "container-registry-auth", "password" : "${var.container_registry_auth}", "email" : "[email protected]", "auth" : "${var.b64_docker_auth}" } } }),
     }
   )
   depends_on = [vault_mount.secret]
@@ -162,7 +162,7 @@ resource "vault_generic_secret" "atlantis_secrets" {
       GITLAB_OWNER                        = "<GITLAB_OWNER>",
       GITLAB_TOKEN                        = var.gitlab_token,
       TF_VAR_gitlab_token                 = var.gitlab_token,
-      TF_VAR_metaphor_deploy_token        = var.metaphor_deploy_token,
+      TF_VAR_container_registry_auth      = var.container_registry_auth,
       TF_VAR_owner_group_id               = var.owner_group_id,
       TF_VAR_kbot_ssh_public_key          = var.kbot_ssh_public_key,
       TF_VAR_kbot_ssh_private_key         = var.kbot_ssh_private_key,

diff --git a/civo-gitlab/terraform/vault/variables.tf b/civo-gitlab/terraform/vault/variables.tf
@@ -44,7 +44,7 @@ variable "aws_secret_access_key" {
   type    = string
 }
 
-variable "metaphor_deploy_token" {
+variable "container_registry_auth" {
   type = string
 }
 

diff --git a/digitalocean-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/digitalocean-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts:

diff --git a/digitalocean-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml b/digitalocean-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml
@@ -16,12 +16,12 @@ spec:
     - extract:
         key: /ci-secrets
 ---
-apiVersion: "external-secrets.io/v1beta1"
+apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
   name: argo-secrets
   annotations:
-    argocd.argoproj.io/sync-wave: "0"
+    argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
     name: argo-secrets
@@ -42,12 +42,12 @@ spec:
 apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
-  name: metaphor-deploy-token
+  name: container-registry-auth
   annotations:
     argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
-    name: metaphor-deploy-token
+    name: container-registry-auth
   secretStoreRef:
     kind: ClusterSecretStore
     name: vault-kv-secret

diff --git a/k3d-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/k3d-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts:

diff --git a/k3d-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml b/k3d-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml
@@ -37,12 +37,12 @@ spec:
 apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
-  name: metaphor-deploy-token
+  name: container-registry-auth
   annotations:
     argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
-    name: metaphor-deploy-token
+    name: container-registry-auth
   secretStoreRef:
     kind: ClusterSecretStore
     name: vault-kv-secret

diff --git a/k3d-gitlab/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/k3d-gitlab/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts:

diff --git a/k3d-gitlab/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml b/k3d-gitlab/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml
@@ -37,18 +37,18 @@ spec:
 apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
-  name: metaphor-deploy-token
+  name: container-registry-auth
   annotations:
     argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
-    name: metaphor-deploy-token
+    name: container-registry-auth
   secretStoreRef:
     kind: ClusterSecretStore
     name: vault-kv-secret
   refreshInterval: 10s
   data:
     - remoteRef:
-        key: deploy-tokens/metaphor
+        key: deploy-tokens/container-registry-auth
         property: auth
       secretKey: config.json
diff --git a/k3d-gitlab/terraform/vault/secrets.tf b/k3d-gitlab/terraform/vault/secrets.tf
@@ -39,19 +39,19 @@ resource "vault_generic_secret" "docker_config" {
 
   data_json = jsonencode(
     {
-      dockerconfig = jsonencode({ "auths" : { "registry.gitlab.com" : { "username" : "metaphor-deploy-token", "password" : "${var.metaphor_deploy_token}", "email" : "[email protected]", "auth" : "${var.b64_docker_auth}" } } }),
+      dockerconfig = jsonencode({ "auths" : { "registry.gitlab.com" : { "username" : "container-registry-auth", "password" : "${var.container_registry_auth}", "email" : "[email protected]", "auth" : "${var.b64_docker_auth}" } } }),
     }
   )
 
   depends_on = [vault_mount.secret]
 }
 
-resource "vault_generic_secret" "metaphor_deploy_token" {
-  path = "secret/deploy-tokens/metaphor"
+resource "vault_generic_secret" "container_registry_auth" {
+  path = "secret/deploy-tokens/container-registry-auth"
 
   data_json = jsonencode(
     {
-      auth = jsonencode({ "auths" : { "registry.gitlab.com" : { "username" : "metaphor-deploy-token", "password" : "${var.metaphor_deploy_token}", "email" : "[email protected]", "auth" : "${var.b64_docker_auth}" } } }),
+      auth = jsonencode({ "auths" : { "registry.gitlab.com" : { "username" : "container-registry-auth", "password" : "${var.container_registry_auth}", "email" : "[email protected]", "auth" : "${var.b64_docker_auth}" } } }),
     }
   )
 
@@ -177,7 +177,7 @@ resource "vault_generic_secret" "atlantis_secrets" {
       TF_VAR_aws_secret_access_key        = var.aws_secret_access_key,
       TF_VAR_b64_docker_auth              = var.b64_docker_auth,
       TF_VAR_gitlab_token                 = var.gitlab_token,
-      TF_VAR_metaphor_deploy_token        = var.metaphor_deploy_token,
+      TF_VAR_container_registry_auth      = var.container_registry_auth,
       TF_VAR_kbot_ssh_public_key          = var.kbot_ssh_public_key,
       TF_VAR_kbot_ssh_private_key         = var.kbot_ssh_private_key,
       TF_VAR_kubernetes_api_endpoint      = var.kubernetes_api_endpoint,

diff --git a/k3d-gitlab/terraform/vault/variables.tf b/k3d-gitlab/terraform/vault/variables.tf
@@ -12,7 +12,7 @@ variable "b64_docker_auth" {
   type = string
 }
 
-variable "metaphor_deploy_token" {
+variable "container_registry_auth" {
   type = string
 }
 

diff --git a/vultr-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/vultr-github/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts:

diff --git a/vultr-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml b/vultr-github/cluster-types/mgmt/components/argo-workflows/externalsecret.yaml
@@ -16,12 +16,12 @@ spec:
     - extract:
         key: /ci-secrets
 ---
-apiVersion: "external-secrets.io/v1beta1"
+apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
   name: argo-secrets
   annotations:
-    argocd.argoproj.io/sync-wave: "0"
+    argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
     name: argo-secrets
@@ -42,12 +42,12 @@ spec:
 apiVersion: 'external-secrets.io/v1beta1'
 kind: ExternalSecret
 metadata:
-  name: metaphor-deploy-token
+  name: container-registry-auth
   annotations:
     argocd.argoproj.io/sync-wave: '0'
 spec:
   target:
-    name: metaphor-deploy-token
+    name: container-registry-auth
   secretStoreRef:
     kind: ClusterSecretStore
     name: vault-kv-secret

diff --git a/vultr-gitlab/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml b/vultr-gitlab/cluster-types/mgmt/components/argo-workflows/cwfts/cwft-kaniko.yaml
@@ -26,7 +26,7 @@ spec:
       volumes:
         - name: docker-config
           secret:
-            secretName: '{{inputs.parameters.appName}}-deploy-token'
+            secretName: 'container-registry-auth'
       container:
         image: gcr.io/kaniko-project/executor:latest
         volumeMounts: