From df7118b48d9a410f38a6b66328a2fdf4ce1e5d04 Mon Sep 17 00:00:00 2001
From: Michael Russell <michael.russell@elastic.co>
Date: Mon, 22 Jul 2019 17:02:34 +0200
Subject: [PATCH] [kibana] Add subPath support to secretMounts

Fixes: #229

This is needed in situation where you need to mount a specific secret as
a file in a directory that contains other files. This was added for the
Elasticsearch chart to make it possible to mount the keystore, the same
option is needed for Kibana too as seen in in #229.
---
 kibana/templates/deployment.yaml |  3 +++
 kibana/tests/kibana_test.py      | 30 ++++++++++++++++++++++++++++++
 kibana/values.yaml               |  7 ++++---
 3 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml
index 95616ec0a..a0310b959 100644
--- a/kibana/templates/deployment.yaml
+++ b/kibana/templates/deployment.yaml
@@ -112,6 +112,9 @@ spec:
           {{- range .Values.secretMounts }}
           - name: {{ .name }}
             mountPath: {{ .path }}
+            {{- if .subPath }}
+            subPath: {{ .subPath }}
+            {{- end }}
           {{- end }}
           {{- range $path, $config := .Values.kibanaConfig }}
           - name: kibanaconfig
diff --git a/kibana/tests/kibana_test.py b/kibana/tests/kibana_test.py
index e3453b615..9b57f4c53 100644
--- a/kibana/tests/kibana_test.py
+++ b/kibana/tests/kibana_test.py
@@ -364,3 +364,33 @@ def test_adding_pod_labels():
 '''
      r = helm_template(config)
      assert r['deployment'][name]['metadata']['labels']['app.kubernetes.io/name'] == 'kibana'
+
+def test_adding_a_secret_mount_with_subpath():
+    config = '''
+secretMounts:
+  - name: elastic-certificates
+    secretName: elastic-certs
+    path: /usr/share/elasticsearch/config/certs
+    subPath: cert.crt
+'''
+    r = helm_template(config)
+    d = r['deployment'][name]['spec']['template']['spec']
+    assert d['containers'][0]['volumeMounts'][-1] == {
+        'mountPath': '/usr/share/elasticsearch/config/certs',
+        'subPath': 'cert.crt',
+        'name': 'elastic-certificates'
+    }
+
+def test_adding_a_secret_mount_without_subpath():
+    config = '''
+secretMounts:
+  - name: elastic-certificates
+    secretName: elastic-certs
+    path: /usr/share/elasticsearch/config/certs
+'''
+    r = helm_template(config)
+    d = r['deployment'][name]['spec']['template']['spec']
+    assert d['containers'][0]['volumeMounts'][-1] == {
+        'mountPath': '/usr/share/elasticsearch/config/certs',
+        'name': 'elastic-certificates'
+    }
diff --git a/kibana/values.yaml b/kibana/values.yaml
index cf08ef6f8..e253b3e66 100755
--- a/kibana/values.yaml
+++ b/kibana/values.yaml
@@ -16,9 +16,10 @@ extraEnvs: []
 # This is useful for mounting certificates for security and for mounting
 # the X-Pack license
 secretMounts: []
-#  - name: elastic-certificates
-#    secretName: elastic-certificates
-#    path: /usr/share/elasticsearch/config/certs
+#  - name: kibana-keystore
+#    secretName: kibana-keystore
+#    path: /usr/share/kibana/data/kibana.keystore
+#    subPath: kibana.keystore # optional
 
 image: "docker.elastic.co/kibana/kibana"
 imageTag: "7.2.0"