From fef64e266e8761aa9920035c6b277c8d067395f3 Mon Sep 17 00:00:00 2001
From: "Gupta, Sangeet (sg774j)" <sg774j@att.com>
Date: Tue, 9 Jun 2020 21:14:03 +0000
Subject: [PATCH] HTK: Change formatting of TLS Secret

Changed TLS secret to include CA in tls.crt if present

Change-Id: Ieb3e182f48823e6b25ec427900b372b72f9a3b1e
---
 .../templates/manifests/_secret-tls.yaml.tpl  | 95 ++++++++++++-------
 1 file changed, 63 insertions(+), 32 deletions(-)

diff --git a/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
index 8f9bdb7f6..24a70450c 100644
--- a/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
@@ -15,36 +15,66 @@ limitations under the License.
 {{/*
 abstract: |
   Creates a manifest for a services public tls secret
-values: |
-  secrets:
-    tls:
-      key_manager:
-        api:
-          public: barbican-tls-public
-  endpoints:
-    key_manager:
-      host_fqdn_override:
-        public:
-          tls:
-            crt: |
-              FOO-CRT
-            key: |
-              FOO-KEY
-            ca: |
-              FOO-CA_CRT
-usage: |
-  {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
-return: |
-  ---
-  apiVersion: v1
-  kind: Secret
-  metadata:
-    name: barbican-tls-public
-  type: kubernetes.io/tls
-  data:
-    tls.crt: Rk9PLUNSVAo=
-    tls.key: Rk9PLUtFWQo=
-    ca.crt: Rk9PLUNBX0NSVAo=
+examples:
+  - values: |
+      secrets:
+        tls:
+          key_manager:
+            api:
+              public: barbican-tls-public
+      endpoints:
+        key_manager:
+          host_fqdn_override:
+            public:
+              tls:
+                crt: |
+                  FOO-CRT
+                key: |
+                  FOO-KEY
+                ca: |
+                  FOO-CA_CRT
+  usage: |
+    {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
+  return: |
+    ---
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: barbican-tls-public
+    type: kubernetes.io/tls
+    data:
+      tls.key: Rk9PLUtFWQo=
+      tls.crt: Rk9PLUNSVAoKRk9PLUNBX0NSVAo=
+
+  - values: |
+      secrets:
+        tls:
+          key_manager:
+            api:
+              public: barbican-tls-public
+      endpoints:
+        key_manager:
+          host_fqdn_override:
+            public:
+              tls:
+                crt: |
+                  FOO-CRT
+                  FOO-INTERMEDIATE_CRT
+                  FOO-CA_CRT
+                key: |
+                  FOO-KEY
+  usage: |
+    {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
+  return: |
+    ---
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: barbican-tls-public
+    type: kubernetes.io/tls
+    data:
+      tls.key: Rk9PLUtFWQo=
+      tls.crt: Rk9PLUNSVApGT08tSU5URVJNRURJQVRFX0NSVApGT08tQ0FfQ1JUCg==
 */}}
 
 {{- define "helm-toolkit.manifests.secret_ingress_tls" }}
@@ -65,10 +95,11 @@ metadata:
   name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
 type: kubernetes.io/tls
 data:
-  tls.crt: {{ $endpointHost.tls.crt | b64enc }}
   tls.key: {{ $endpointHost.tls.key | b64enc }}
 {{- if $endpointHost.tls.ca }}
-  ca.crt: {{ $endpointHost.tls.ca | b64enc }}
+  tls.crt: {{ list $endpointHost.tls.crt $endpointHost.tls.ca | join "\n" | b64enc }}
+{{- else }}
+  tls.crt: {{ $endpointHost.tls.crt | b64enc }}
 {{- end }}
 {{- end }}
 {{- end }}