From fd58c598348069900f1337d4fe765dfd8e60efae Mon Sep 17 00:00:00 2001 From: Nicolas Ochem Date: Sun, 5 Nov 2023 20:48:55 -0800 Subject: [PATCH] validate in helm that authroized keys exist --- charts/tezos/templates/_helpers.tpl | 28 ++++++++++++++++++++++++++++ charts/tezos/templates/configs.yaml | 1 + 2 files changed, 29 insertions(+) diff --git a/charts/tezos/templates/_helpers.tpl b/charts/tezos/templates/_helpers.tpl index f24b0c556..eae8cd4f5 100644 --- a/charts/tezos/templates/_helpers.tpl +++ b/charts/tezos/templates/_helpers.tpl @@ -207,3 +207,31 @@ metadata: {{- end }} {{- "true" }} {{- end }} + +{{/* + Get list of authorized keys. Fails if any of the keys is not defined in the accounts. +*/}} +{{- define "tezos.getAuthorizedKeys" }} + {{- $allAuthorizedKeys := list }} + {{- /* Gather keys from nodes */}} + {{- range $node := .Values.nodes }} + {{- range $instance := $node.instances }} + {{- if .authorized_keys }} + {{- $allAuthorizedKeys = concat $allAuthorizedKeys .authorized_keys }} + {{- end }} + {{- end }} + {{- end }} + {{- /* Gather keys from octezSigners */}} + {{- range $signer := .Values.octezSigners }} + {{- if $signer.authorized_keys }} + {{- $allAuthorizedKeys = concat $allAuthorizedKeys $signer.authorized_keys }} + {{- end }} + {{- end }} + {{- /* Ensure all keys are defined in accounts and fail otherwise */}} + {{- $allAuthorizedKeys = uniq $allAuthorizedKeys }} + {{- range $key := $allAuthorizedKeys }} + {{- if not (index $.Values.accounts $key) }} + {{- fail (printf "Authorized key '%s' is not defined in accounts." $key) }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/tezos/templates/configs.yaml b/charts/tezos/templates/configs.yaml index 6b028dac7..aeb9f9589 100644 --- a/charts/tezos/templates/configs.yaml +++ b/charts/tezos/templates/configs.yaml @@ -114,3 +114,4 @@ metadata: namespace: {{ .Release.Namespace }} --- {{- end }} +{{- include "tezos.getAuthorizedKeys" . }}