From d0ca610a96783ec14ff67f2935faa64b6086ac4d Mon Sep 17 00:00:00 2001
From: cebidhem <cebidhem@pm.me>
Date: Sun, 31 Jul 2022 08:56:14 +0200
Subject: [PATCH] feat(helm): allows users to define an existing secret for
 tokens (#2587)

Signed-off-by: cebidhem <cebidhem@pm.me>
---
 helm/trivy/Chart.yaml                 | 4 ++--
 helm/trivy/README.md                  | 1 +
 helm/trivy/templates/secret.yaml      | 2 ++
 helm/trivy/templates/statefulset.yaml | 4 ++++
 helm/trivy/values.yaml                | 3 +++
 5 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/helm/trivy/Chart.yaml b/helm/trivy/Chart.yaml
index 362d2eb5f77c..882f7f1914a3 100644
--- a/helm/trivy/Chart.yaml
+++ b/helm/trivy/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trivy
-version: 0.4.16
-appVersion: 0.29.2
+version: 0.4.17
+appVersion: 0.30.4
 description: Trivy helm chart
 keywords:
   - scanner
diff --git a/helm/trivy/README.md b/helm/trivy/README.md
index e10c8a4398f6..68ad40f5bba2 100644
--- a/helm/trivy/README.md
+++ b/helm/trivy/README.md
@@ -73,6 +73,7 @@ The following table lists the configurable parameters of the Trivy chart and the
 | `trivy.cache.redis.enabled`           | Enable Redis as caching backend                                         | `false` |
 | `trivy.cache.redis.url`               | Specify redis connection url, e.g. redis://redis.redis.svc:6379         | `` |
 | `trivy.serverToken`                   | The token to authenticate Trivy client with Trivy server                | `` |
+| `trivy.existingSecret`                | existingSecret if an existing secret has been created outside the chart. Overrides gitHubToken, registryUsername, registryPassword, serverToken | `` |
 | `trivy.podAnnotations`                | Annotations for pods created by statefulset                             | `{}` |
 | `service.name`                        | If specified, the name used for the Trivy service                       |     |
 | `service.type`                        | Kubernetes service type                                                 | `ClusterIP` |
diff --git a/helm/trivy/templates/secret.yaml b/helm/trivy/templates/secret.yaml
index 42f845a1cb63..0aa79c8a7b71 100644
--- a/helm/trivy/templates/secret.yaml
+++ b/helm/trivy/templates/secret.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.trivy.existingSecret }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -12,3 +13,4 @@ data:
   TRIVY_USERNAME: {{ .Values.trivy.registryUsername | default "" | b64enc | quote }}
   TRIVY_PASSWORD: {{ .Values.trivy.registryPassword | default "" | b64enc | quote }}
 {{- end -}}
+{{- end }}
diff --git a/helm/trivy/templates/statefulset.yaml b/helm/trivy/templates/statefulset.yaml
index 4bf7115d5d75..efb90274fe2c 100644
--- a/helm/trivy/templates/statefulset.yaml
+++ b/helm/trivy/templates/statefulset.yaml
@@ -90,7 +90,11 @@ spec:
             - configMapRef:
                 name: {{ include "trivy.fullname" . }}
             - secretRef:
+                {{- if not .Values.trivy.existingSecret }}
                 name: {{ include "trivy.fullname" . }}
+                {{- else }}
+                name: {{ .Values.trivy.existingSecret }}
+                {{- end }}
           ports:
             - name: trivy-http
               containerPort: {{ .Values.service.port }}
diff --git a/helm/trivy/values.yaml b/helm/trivy/values.yaml
index cd2b4110d8bb..f4063666226e 100644
--- a/helm/trivy/values.yaml
+++ b/helm/trivy/values.yaml
@@ -120,6 +120,9 @@ trivy:
   labels: {}
   # serverToken is the token to authenticate Trivy client with Trivy server.
   serverToken: ""
+  # existingSecret if an existing secret has been created outside the chart.
+  # Overrides gitHubToken, registryUsername, registryPassword, serverToken
+  existingSecret: ""
 
 service:
   # If specified, the name used for the Trivy service.