From bcf6d5b5820944ac54f239a3426a1142141c218b Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@oceanbox.io>
Date: Fri, 4 Oct 2024 12:48:40 +0200
Subject: [PATCH] feat: add policy to sync atlantis devel secrets

---
 .../host-manifests/sync-atlantis-secrets.yaml | 73 +++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 resources/atlantis/host-manifests/sync-atlantis-secrets.yaml

diff --git a/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml b/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml
new file mode 100644
index 00000000..54c3217c
--- /dev/null
+++ b/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml
@@ -0,0 +1,73 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: sync-dev-atlantis-secrets
+spec:
+  background: true
+  generateExisting: false
+  rules:
+  - name: sync-rabbitmq-secret
+    generate:
+      apiVersion: v1
+      kind: Secret
+      name: '{{ request.object.metadata.name }}'
+      namespace: '{{ request.object.metadata.namespace }}'
+      synchronize: true
+      clone:
+        name: staging-rabbitmq
+        namespace: rabbitmq
+    match:
+     any:
+     - resources:
+         kinds:
+         - Secret
+         names:
+         - "*-rabbitmq"
+         annotations:
+           kyverno/clone: "true"
+  - name: sync-redis-secret
+    generate:
+      apiVersion: v1
+      kind: Secret
+      name: '{{ request.object.metadata.name }}'
+      namespace: '{{ request.object.metadata.namespace }}'
+      synchronize: true
+      clone:
+        name: staging-redis
+        namespace: redis
+    match:
+     any:
+     - resources:
+         kinds:
+         - Secret
+         names:
+         - "*-redis"
+         annotations:
+           kyverno/clone: "true"
+  - name: sync-archmaester-secret
+    generate:
+      apiVersion: v1
+      kind: Secret
+      name: '{{ request.object.metadata.name }}'
+      namespace: '{{ request.object.metadata.namespace }}'
+      synchronize: true
+      clone:
+        name: staging-archmeister-superuser
+        namespace: staging-vcluster
+    match:
+     any:
+     - resources:
+         kinds:
+         - Secret
+         names:
+         - "*-db-app"
+         annotations:
+           kyverno/clone: "true"
+    # exclude:
+    #  any:
+    #  - resources:
+    #      kinds:
+    #      - Secret
+    #      selector:
+    #        matchLabels:
+    #          generate.kyverno.io/clone-source: ""