From 68bd8046ae3338de447ce8b3ade18e0b095a9a9e Mon Sep 17 00:00:00 2001
From: Philip Gough <philip.p.gough@gmail.com>
Date: Thu, 10 Aug 2023 10:20:40 +0100
Subject: [PATCH] operations: Support secret key as param for inspect tool
 (#575)

---
 resources/operations/bucket-inspect/cron-job-template.yaml  | 4 +++-
 resources/operations/bucket-inspect/job-template.yaml       | 4 +++-
 resources/operations/bucket-inspect/s3-secret-template.yaml | 4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/resources/operations/bucket-inspect/cron-job-template.yaml b/resources/operations/bucket-inspect/cron-job-template.yaml
index f070c2e7f1..af9476e687 100644
--- a/resources/operations/bucket-inspect/cron-job-template.yaml
+++ b/resources/operations/bucket-inspect/cron-job-template.yaml
@@ -16,6 +16,8 @@ parameters:
     value: 'observatorium-operations'
   - name: OBJ_STORE_CONFIG_SECRET_NAME
     value: 'thanos-bucket-inspect-config'
+  - name: K8S_SECRET_KEY
+    value: config.yaml
   - name: SCHEDULE
     description: The schedule for the Job to run. Defaults to every 12 hours.
     value: '0 */12 * * *'
@@ -52,7 +54,7 @@ objects:
                     - 'bucket'
                     - 'inspect'
                     - '--log.level=${LOG_LEVEL}'
-                    - '--objstore.config-file=/var/lib/thanos/bucket-inspect-config/config.yaml'
+                    - '--objstore.config-file=/var/lib/thanos/bucket-inspect-config/${K8S_SECRET_KEY}'
                     - '--selector=tenant_id="${TENANT_ID}"'
               restartPolicy: Never
               volumes:
diff --git a/resources/operations/bucket-inspect/job-template.yaml b/resources/operations/bucket-inspect/job-template.yaml
index 363cd13112..34fb04cad2 100644
--- a/resources/operations/bucket-inspect/job-template.yaml
+++ b/resources/operations/bucket-inspect/job-template.yaml
@@ -18,6 +18,8 @@ parameters:
     value: 'thanos-bucket-inspect-config'
   - name: TENANT_ID
     value: 'rhobs'
+  - name: K8S_SECRET_KEY
+    value: config.yaml
   - name: IMAGE_TAG
     value: 'v0.31.0'
   - name: LOG_LEVEL
@@ -47,7 +49,7 @@ objects:
                 - 'bucket'
                 - 'inspect'
                 - '--log.level=${LOG_LEVEL}'
-                - '--objstore.config-file=/var/lib/thanos/bucket-inspect-config/config.yaml'
+                - '--objstore.config-file=/var/lib/thanos/bucket-inspect-config/${K8S_SECRET_KEY}'
                 - '--selector=tenant_id="${TENANT_ID}"'
           restartPolicy: Never
           volumes:
diff --git a/resources/operations/bucket-inspect/s3-secret-template.yaml b/resources/operations/bucket-inspect/s3-secret-template.yaml
index 74d7ec5205..e8ce19539a 100644
--- a/resources/operations/bucket-inspect/s3-secret-template.yaml
+++ b/resources/operations/bucket-inspect/s3-secret-template.yaml
@@ -20,6 +20,8 @@ parameters:
     value: s3.us-east-1.amazonaws.com
   - name: S3_BUCKET_REGION
     value: us-east-1
+  - name: K8S_SECRET_KEY
+    value: config.yaml
 objects:
   - apiVersion: v1
     kind: Secret
@@ -31,7 +33,7 @@ objects:
         app.kubernetes.io/part-of: observatorium
     type: Opaque
     stringData:
-      config.yaml: |
+      ${K8S_SECRET_KEY}: |
         type: S3
         config:
           bucket: ${S3_BUCKET_NAME}