From 62f5ca22b0a6819bac2c3269243a070441b0a215 Mon Sep 17 00:00:00 2001
From: Christopher O'Connell <coconnell@bridgephase.com>
Date: Fri, 26 Jul 2024 22:10:33 +0000
Subject: [PATCH] fix clusterWideHardened enabled logic

---
 chart/templates/authservice/values.yaml | 29 +++++++++++--------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/chart/templates/authservice/values.yaml b/chart/templates/authservice/values.yaml
index 568ca1b3d2..48230e388d 100644
--- a/chart/templates/authservice/values.yaml
+++ b/chart/templates/authservice/values.yaml
@@ -5,20 +5,21 @@
 {{- define "bigbang.defaults.authservice" -}}
 # hostname is deprecated and replaced with domain. But if hostname exists then use it.
 {{- $domainName := default .Values.domain .Values.hostname }}
-{{- $authServiceHardened := or (dig "istio" "hardened" "enabled" false .Values.monitoring.values) (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values) (dig "hardened" "enabled" false .Values.istio.values) (dig "istio" "hardened" "enabled" false .Values.grafana.values) }}
+{{- $authServiceHardened := or 
+    (default false (dig "istio" "hardened" "enabled" .Values.monitoring.values)) 
+    (default false (dig "istio" "hardened" "enabled" .Values.addons.authservice.values)) 
+    (default false (dig "hardened" "enabled" .Values.istio.values)) 
+    (default false (dig "istio" "hardened" "enabled" .Values.grafana.values)) 
+}}
 
 istio:
-  enabled: {{ .Values.istio.enabled }}
+  enabled: {{ .Values.istio.enabled | default false }}
   hardened:
-    {{- if $authServiceHardened }}
-    enabled: true
-    {{- else}}
-    enabled: false
-    {{- end }}
-  clusterWideHardenedEnabled: {{ or .Values.istio.values.hardened.enabled .Values.addons.authservice.values.istio.clusterWideEnabled }}
+    enabled: {{ $authServiceHardened }}
+  clusterWideHardenedEnabled: {{ default false (dig "hardened" "enabled" .Values.istio.values) }}
 
 image: 
-  pullPolicy: {{ .Values.imagePullPolicy }}
+  pullPolicy: {{ .Values.imagePullPolicy | default "IfNotPresent" }}
   
 imagePullSecrets:
   - name: private-registry
@@ -26,13 +27,13 @@ imagePullSecrets:
 podAnnotations:
   {{ include "istioAnnotation" . }}
 
-openshift: {{ .Values.openshift }}
+openshift: {{ .Values.openshift | default false }}
 
 monitoring:
-  enabled: {{ .Values.monitoring.enabled }}
+  enabled: {{ .Values.monitoring.enabled | default false }}
 
 networkPolicies:
-  enabled: {{ .Values.networkPolicies.enabled }}
+  enabled: {{ .Values.networkPolicies.enabled | default false }}
   ingressLabels:
     {{- $gateway := default "public" .Values.addons.haproxy.ingress.gateway }}
     {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
@@ -58,10 +59,6 @@ redis-bb:
       selector: 
         app.kubernetes.io/name: redis-bb
         app.kubernetes.io/instance: authservice-authservice
-      # conditional passes only if all conditionals are true:
-      # - istio: enabled
-      # - mTLS: SCRICT
-      # - istio injection: enabled (for logging ns)
       {{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.addons.authservice.values) "STRICT") }}
       scheme: https
       tlsConfig:
-- 
GitLab