Enhance Gitlab sso CA Value Support 1170

Package Merge Request

Package Changes

Added the ability to overlay CA certs to gitlab SSO.

Package MR

NA

For Issue

Closes https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/1170

BB Processes

Add labels for affected packages so that they are deployed in CI as well as a status label:

Be sure to assign to yourself:

Once it is ready for review switch the status and assign reviewers:

chart/templates/gitlab/secret-ca.yaml

 {{- if and  (or .Values.addons.gitlab.enabled .Values.addons.gitlabRunner.enabled) .Values.addons.gitlab.sso.enabled .Values.sso.certificate_authority}}
+
+{{- include "values-secret" (dict "root" $ "package" (dict "values" (fromYaml (include "global.certificates.customCAs" .))) "name" "gitlab" "defaults" (include "bigbang.defaults.gitlab" .)) }}
+
+
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,4 +11,38 @@ metadata:
 type: Opaque
 data:
   ca.pem: {{ .Values.sso.certificate_authority | b64enc }}
+  global:
+    certificates:
+      customCAs:
+        - secret: global.certificates.customCAs 
 {{- end }}
+
+
+
+{{- /* This function merges defaults in lists from above into overlays */ -}}
+{{- /* The end user will not have to replicate exclusions/repos from above when providing an overlay */ -}}
+{{- /* There is a hidden flag `skipOverlayMerge` that can be added to any constraint to ignore the defaults */ -}}
+{{- define "global.certificates.customCAs" }}
+  {{- $defaults := fromYaml (include "bigbang.defaults.gitlab" .) }}
+  {{- $overlays := dig "values" dict .Values.gitlab }}
+  {{- range $constraint, $default := $defaults.violations }}
+    {{- $overlay := (dig "violations" $constraint dict $overlays) }}
+    # Only continue if an overlay matches a default constriant and hidden "skipOverlayMerge" is not set
+    {{- if and $overlay (not $overlay.skipOverlayMerge) }}
+      # Add any default excludedNamespaces to overlay
+      {{- if and (dig "match" "excludedNamespaces" list $default) (dig "match" "excludedNamespaces" list $overlay) }}
+         {{ $_ := set $overlay.match "excludedNamespaces" (concat $default.match.excludedNamespaces $overlay.match.excludedNamespaces) }}
+      {{- end }}
+      # Add any default excludedResources to overlay
+      {{- if and (dig "parameters" "excludedResources" list $default) (dig "parameters" "excludedResources" list $overlay) }}
+         {{ $_ := set $overlay.parameters "excludedResources" (concat $default.parameters.excludedResources $overlay.parameters.excludedResources) }}
+      {{- end }}
+      # Special case to add registries for allowed registries to overlay
+      {{- if and (dig "parameters" "repos" list $default) (dig "parameters" "repos" list $overlay) }}
+         {{ $_ := set $overlay.parameters "repos" (concat $default.parameters.repos $overlay.parameters.repos) }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+{{ toYaml $overlays }}
+{{- end }}
+