From e48d9a003774e5064d73a024e6b7d2641a4f63bb Mon Sep 17 00:00:00 2001
From: Kautilya Tripathi <ktripathi@microsoft.com>
Date: Mon, 3 Jun 2024 16:09:19 +0200
Subject: [PATCH] charts: fix oidc external secret loading

There was a wrong k8s config written for envFrom for external secret.

Fixes: #2022
Signed-off-by: Kautilya Tripathi <ktripathi@microsoft.com>
---
 charts/headlamp/templates/deployment.yaml            | 12 +++++++-----
 .../expected_templates/oidc-external-secret.yaml     |  9 ++++-----
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/charts/headlamp/templates/deployment.yaml b/charts/headlamp/templates/deployment.yaml
index b3e51ef37f..dd18ea15a6 100644
--- a/charts/headlamp/templates/deployment.yaml
+++ b/charts/headlamp/templates/deployment.yaml
@@ -61,6 +61,12 @@ spec:
           image: "{{ .Values.image.registry}}/{{ .Values.image.repository }}:{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{ if or $oidc .Values.env }}
+          {{- if $oidc.externalSecret.enabled }}
+          # Check if externalSecret is enabled
+          envFrom:
+          - secretRef:
+              name: {{ $oidc.externalSecret.name }}
+          {{- else }}
           env:
             {{- if $oidc.secret.create }}
             {{- if $oidc.clientID }}
@@ -91,11 +97,6 @@ spec:
                   name: {{ $oidc.secret.name }}
                   key: scopes
             {{- end }}
-            {{- else if $oidc.externalSecret.enabled }}
-            # Check if externalSecret is enabled
-            envFrom:
-            - secretRef:
-                name: {{ $oidc.externalSecret.name }}
             {{- else }}
             {{- if $oidc.clientID }}
             - name: OIDC_CLIENT_ID
@@ -118,6 +119,7 @@ spec:
             {{- toYaml .Values.env | nindent 12 }}
             {{- end }}
           {{- end }}
+          {{- end }}
           args:
             - "-in-cluster"
             {{- with .Values.config.pluginsDir}}
diff --git a/charts/headlamp/tests/expected_templates/oidc-external-secret.yaml b/charts/headlamp/tests/expected_templates/oidc-external-secret.yaml
index 88ac3fec0f..c5d73da04e 100644
--- a/charts/headlamp/tests/expected_templates/oidc-external-secret.yaml
+++ b/charts/headlamp/tests/expected_templates/oidc-external-secret.yaml
@@ -92,11 +92,10 @@ spec:
           image: "ghcr.io/headlamp-k8s/headlamp:v0.24.0"
           imagePullPolicy: IfNotPresent
           
-          env:
-            # Check if externalSecret is enabled
-            envFrom:
-            - secretRef:
-                name: oidc
+          # Check if externalSecret is enabled
+          envFrom:
+          - secretRef:
+              name: oidc
           args:
             - "-in-cluster"
             - "-plugins-dir=/headlamp/plugins"