fix(deployment): properly expose service account key for secret manager

We need to mount the service account key as a file into the controlplane container when using GCP secret manager.

Signed-off-by: Christophe de Carvalho <christophe@archipelo.co>

Author: zaibon

deployment/chainloop/templates/_helpers.tpl

@@ -82,7 +82,7 @@ awsSecretManager:
 gcpSecretManager:
   secretPrefix: {{ required "secret prefix required" .secretPrefix | quote }}
   projectId: {{ required "project id required" .gcpSecretManager.projectId | quote }}
-  authKey: {{ required "auth key required" .gcpSecretManager.authKey | quote }}
+  authKey: "/gcp-secrets/authKey.json"
 
 {{- end }}
 {{- end }}

deployment/chainloop/templates/controlplane/deployment.yaml

@@ -85,6 +85,10 @@ spec:
               mountPath: /tmp
             - name: jwt-cas-private-key
               mountPath: /secrets
+            {{- if eq "gcpSecretManager" .Values.secretsBackend.backend  }}
+            - name: gcp-secretmanager-authkey
+              mountPath: /gcp-secrets
+            {{- end }}
       volumes:
         - name: config
           projected:
@@ -99,3 +103,8 @@ spec:
         - name: jwt-cas-private-key
           secret:
             secretName: {{ include "chainloop.controlplane.fullname" . }}-jwt-cas
+        {{- if eq "gcpSecretManager" .Values.secretsBackend.backend  }}
+        - name: gcp-secretmanager-authkey
+          secret:
+            secretName: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-authkey
+        {{- end }}

deployment/chainloop/templates/controlplane/gcp_secret_manager.secret.yaml

@@ -0,0 +1,11 @@
+{{- if eq "gcpSecretManager" .Values.secretsBackend.backend  }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "chainloop.controlplane.fullname" . }}-gcp-secretmanager-authkey
+  labels:
+    {{- include "chainloop.controlplane.labels" . | nindent 4 }}
+type: Opaque
+data:
+  authKey.json: {{ .Values.secretsBackend.gcpSecretManager.authKey | b64enc | quote  }}
+{{- end }}