Update charts with latest changes

Author: circleci-wiz

wiz-admission-controller/Chart.yaml

@@ -1,22 +1,18 @@
 apiVersion: v2
 name: wiz-admission-controller
 description: Wiz admission controller
-
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.9.1
-
+version: 3.9.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "2.8"
-
 dependencies:
   - name: wiz-common
-    version: "0.1.6"
+    version: "0.1.7"
     repository: https://wiz-sec.github.io/charts
 #    repository: "file://../wiz-common" # Use this line to test the chart locally

wiz-admission-controller/templates/_helpers.tpl

@@ -319,15 +319,24 @@ Clean the list of deployments for the auto-update flag, removing quotes and brac
 {{- end -}}
 
 {{- define "wiz-admission-controller.isWizApiTokenSecretEnabled" -}}
-  {{- if and (.Values.wizApiToken.secret.create) (eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true") }}
+  {{- if and (.Values.wizApiToken.secret.create) (eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount .Values.global.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true") }}
     true
   {{- else }}
     false
   {{- end }}
 {{- end }}
 
+{{- define "wiz-admission-controller.isWizApiClientVolumeMountEnabled" -}}
+{{- if eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount .Values.global.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true" -}}
+true
+{{- else -}}
+false
+{{- end }}
+{{- end }}
+
+
 {{- define "wiz-admission-controller.spec.common.volumeMounts" -}}
-{{- if eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true" -}}
+{{- if eq (include "wiz-admission-controller.isWizApiClientVolumeMountEnabled" . | trim | lower) "true" }}
 - name: {{ include "wiz-common.volumes.apiClientName" . }}
   mountPath: /var/{{ include "wiz-common.volumes.apiClientName" . }}
   readOnly: true
@@ -338,7 +347,7 @@ Clean the list of deployments for the auto-update flag, removing quotes and brac
 {{- end -}}
 
 {{- define "wiz-admission-controller.spec.common.volumes" -}}
-{{- if eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true" -}}
+{{- if eq (include "wiz-admission-controller.isWizApiClientVolumeMountEnabled" . | trim | lower) "true" }}
 - name: {{ include "wiz-common.volumes.apiClientName" . | trim }}
   secret:
     secretName: {{ include "wiz-admission-controller.secretApiTokenName" . | trim }}
@@ -353,8 +362,8 @@ Clean the list of deployments for the auto-update flag, removing quotes and brac
 {{- if not .Values.wizApiToken.usePodCustomEnvironmentVariablesFile }}
 - name: CLI_FILES_AS_ARGS
 {{- $wizApiTokensPath := "" -}}
-{{- if .Values.wizApiToken.wizApiTokensVolumeMount }}
-  {{- $wizApiTokensPath = .Values.wizApiToken.wizApiTokensVolumeMount -}}
+{{- if coalesce .Values.wizApiToken.wizApiTokensVolumeMount .Values.global.wizApiToken.wizApiTokensVolumeMount }}
+  {{- $wizApiTokensPath = coalesce .Values.wizApiToken.wizApiTokensVolumeMount .Values.global.wizApiToken.wizApiTokensVolumeMount -}}
 {{- else }}
   {{- $wizApiTokensPath = printf "/var/%s" (include "wiz-common.volumes.apiClientName" .) -}}
 {{- end }}

wiz-admission-controller/values.yaml

@@ -510,6 +510,21 @@ global:
     secret:
       # The name of the Wiz Service Account Secret.
       name: ""
+    # Set the `wizApiTokensVolumeMount` below to a non-empty string if you are passing the Wiz service account
+    # token (client id and client token) via mounts, e.g. when using the Vault operator to inject secrets to Pods.
+    # In this case you are responsible for creating the mounts.
+    # You must also set `.Values.customVolumes` and `.Values.customVolumeMounts`.
+    # The mounts must have at least these 2 files:
+    # clientId - with this content: <wiz service account id>
+    # clientToken - with this content: <wiz service account token>
+    #
+    # e.g. wizApiTokensVolumeMount: "/var/api-client/"
+    #      and this is how the mount looks like on the file system:
+    #      /var/api-client/clientId
+    #      /var/api-client/clientToken
+    #
+    # Implies `secret.enabled: false`.
+    wizApiTokensVolumeMount: ""
 
   # Redirect HTTP and/or HTTPS traffic through a proxy.
   httpProxyConfiguration:

wiz-broker/Chart.yaml

@@ -1,14 +1,11 @@
 apiVersion: v2
 name: "wiz-broker"
 description: Wiz Broker for tunneling http traffic to Wiz backend
-
 type: application
-
-version: 2.3.7
+version: 2.3.8
 appVersion: "2.7"
-
 dependencies:
   - name: wiz-common
-    version: "0.1.6"
+    version: "0.1.7"
     repository: https://wiz-sec.github.io/charts
     #    repository: "file://../wiz-common" # Use this line to test the chart locally

wiz-broker/templates/_helpers.tpl

@@ -109,15 +109,24 @@ Secrets names
 {{- end -}}
 
 {{- define "wiz-broker.isWizApiTokenSecretEnabled" -}}
-  {{- if and (.Values.wizApiToken.secret.create) (eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true") }}
+  {{- if and (.Values.wizApiToken.secret.create) (eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount .Values.global.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true") }}
     true
   {{- else }}
     false
   {{- end }}
 {{- end }}
 
+{{- define "wiz-broker.isWizApiClientVolumeMountEnabled" -}}
+{{- if eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount .Values.global.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true" -}}
+true
+{{- else -}}
+false
+{{- end }}
+{{- end }}
+
+
 {{- define "wiz-broker.spec.common.volumeMounts" -}}
-{{- if eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true" -}}
+{{- if eq (include "wiz-broker.isWizApiClientVolumeMountEnabled" . | trim | lower) "true" }}
 - name: {{ include "wiz-common.volumes.apiClientName" . }}
   mountPath: /var/{{ include "wiz-common.volumes.apiClientName" . }}
   readOnly: true
@@ -128,7 +137,7 @@ Secrets names
 {{- end -}}
 
 {{- define "wiz-broker.spec.common.volumes" -}}
-{{- if eq (include "wiz-common.isWizApiClientVolumeMountEnabled" (list .Values.wizApiToken.usePodCustomEnvironmentVariablesFile .Values.wizApiToken.wizApiTokensVolumeMount) | trim | lower) "true" -}}
+{{- if eq (include "wiz-broker.isWizApiClientVolumeMountEnabled" . | trim | lower) "true" }}
 - name: {{ include "wiz-common.volumes.apiClientName" . | trim }}
   secret:
     secretName: {{ include "wiz-broker.apiTokenSecretName" . | trim }}

wiz-broker/templates/wiz-broker-deployment.yaml

@@ -127,8 +127,8 @@ spec:
           {{- if not .Values.wizApiToken.usePodCustomEnvironmentVariablesFile }}
           - name: CLI_FILES_AS_ARGS
           {{- $wizApiTokensPath := "" -}}
-          {{- if .Values.wizApiToken.wizApiTokensVolumeMount }}
-          {{- $wizApiTokensPath = .Values.wizApiToken.wizApiTokensVolumeMount -}}
+          {{- if coalesce .Values.global.wizApiToken.wizApiTokensVolumeMount .Values.wizApiToken.wizApiTokensVolumeMount }}
+          {{- $wizApiTokensPath = coalesce .Values.global.wizApiToken.wizApiTokensVolumeMount .Values.wizApiToken.wizApiTokensVolumeMount -}}
           {{- else }}
           {{- $wizApiTokensPath = printf "/var/%s" (include "wiz-common.volumes.apiClientName" .) -}}
           {{- end }}

wiz-broker/values.yaml

@@ -196,6 +196,21 @@ global:
     clientEndpoint: "" # Defaults to commercial.
     secret:
       name: "" # Override with parent secret name
+    # Set the `wizApiTokensVolumeMount` below to a non-empty string if you are passing the Wiz service account
+    # token (client id and client token) via mounts, e.g. when using the Vault operator to inject secrets to Pods.
+    # In this case you are responsible for creating the mounts.
+    # You must also set `.Values.customVolumes` and `.Values.customVolumeMounts`.
+    # The mounts must have at least these 2 files:
+    # clientId - with this content: <wiz service account id>
+    # clientToken - with this content: <wiz service account token>
+    #
+    # e.g. wizApiTokensVolumeMount: "/var/api-client/"
+    #      and this is how the mount looks like on the file system:
+    #      /var/api-client/clientId
+    #      /var/api-client/clientToken
+    #
+    # Implies `secret.enabled: false`.
+    wizApiTokensVolumeMount: ""
 
   httpProxyConfiguration:
     enabled: false # Should the components use a proxy.

wiz-common/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v2
 name: wiz-common
 description: Common library chart for shared templates
 type: library
-version: 0.1.6
+version: 0.1.7

wiz-common/templates/_wizApiClientVolumeMounts.tpl

@@ -5,7 +5,8 @@ api-client
 {{- define "wiz-common.isWizApiClientVolumeMountEnabled" -}}
   {{- $usePodCustomEnvironmentVariablesFile := index . 0 -}}
   {{- $wizApiTokensVolumeMount := index . 1 -}}
-  {{- if or $usePodCustomEnvironmentVariablesFile $wizApiTokensVolumeMount }}
+  {{- $globalWizApiTokensVolumeMount := index . 2 -}}
+  {{- if or $usePodCustomEnvironmentVariablesFile (coalesce $wizApiTokensVolumeMount $globalWizApiTokensVolumeMount "") }}
     false
   {{- else }}
     true

wiz-kubernetes-connector/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.3.10
+version: 3.3.11
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -27,9 +27,9 @@ dependencies:
   - name: wiz-broker
     repository: https://wiz-sec.github.io/charts
 #    repository: "file://../wiz-broker" # Use this line to test the chart locally
-    version: "2.3.7"
+    version: "2.3.8"
     condition: wiz-broker.enabled
   - name: wiz-common
-    version: "0.1.6"
+    version: "0.1.7"
     repository: https://wiz-sec.github.io/charts
     #    repository: "file://../wiz-common" # Use this line to test the chart locally