From 4ed3a804123b655ce2ad8df6591c08bd69a6ca0c Mon Sep 17 00:00:00 2001
From: Siraj Yasin <sirajudeen.yasin@gmail.com>
Date: Tue, 30 Nov 2021 22:51:46 +0000
Subject: [PATCH] Skip secret generation for production env

Retales-To: #654
Change-Id: I984cfbc0e67ec32ae70ae3646bd59f5911494afb
---
 .../airship-in-a-pod/examples/airshipctl/replacements.yaml | 7 +++++++
 tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml | 2 ++
 tools/airship-in-a-pod/runner/assets/entrypoint.sh         | 5 ++++-
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml b/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml
index 4f76be008..de3b871d2 100644
--- a/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml
+++ b/tools/airship-in-a-pod/examples/airshipctl/replacements.yaml
@@ -43,6 +43,13 @@
   path: "/spec/containers/6/env/10/value"
   value: none
 
+# The following relate to secret regeneration
+# Set this to "true" in production environment to prevent secret generation
+# and secret show
+- op: replace
+  path: "/spec/containers/6/env/11/value"
+  value: "false"
+
 # The following relate to authorization for pulling the airshipctl repository
 # This is the type of authorization to use. Currently supported types are
 # [none http-basic ssh-key]
diff --git a/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml b/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
index 525e7d3a6..c1e3ae0c2 100644
--- a/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
+++ b/tools/airship-in-a-pod/examples/base/airship-in-a-pod.yaml
@@ -332,6 +332,8 @@ spec:
         value:
       - name: AIRSHIP_CONFIG_MANIFEST_REPO_AUTH_TYPE
         value: "none"
+      - name: SKIP_REGENERATE
+        value:
 
     volumeMounts:
       - name: cache
diff --git a/tools/airship-in-a-pod/runner/assets/entrypoint.sh b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
index 435fb7dbf..3afb7469b 100755
--- a/tools/airship-in-a-pod/runner/assets/entrypoint.sh
+++ b/tools/airship-in-a-pod/runner/assets/entrypoint.sh
@@ -76,7 +76,10 @@ else
   export NO_CHECKOUT="true"
 fi
 ./tools/deployment/23_pull_documents.sh
-./tools/deployment/23_generate_secrets.sh
+
+if [[ "$SKIP_REGENERATE" = "false"  ]]; then
+  ./tools/deployment/23_generate_secrets.sh
+fi
 
 repo_url=$(yq -r .manifests.dummy_manifest.repositories.primary.url /root/.airship/config)
 repo_name=$(basename ${repo_url})