Only do the acm hub ca policy when vault is the backend

mbaldessari · mbaldessari · commit f6734917fc90 · 2024-05-17T18:40:46.000+02:00
The acm hub ca is needed for ESO on spokes to connect to the vault on
the hub, there is no need for this when vault is not used, so let's
drop it in that case
diff --git a/acm/templates/policies/acm-hub-ca-policy.yaml b/acm/templates/policies/acm-hub-ca-policy.yaml
@@ -1,5 +1,6 @@
 # This pushes out the HUB's Certificate Authorities on to the imported clusters
-{{ if .Values.clusterGroup.isHubCluster }}
+{{- if .Values.clusterGroup.isHubCluster }}
+{{- if (eq (((.Values.global).secretStore).backend) "vault") }}
 ---
 apiVersion: policy.open-cluster-management.io/v1
 kind: Policy
@@ -67,5 +68,5 @@ spec:
         operator: NotIn
         values:
           - 'true'
-{{ end }}
-
+{{- end }}
+{{- end }}
diff --git a/acm/values.yaml b/acm/values.yaml
@@ -9,6 +9,8 @@ global:
   targetRevision: main
   options:
     applicationRetryLimit: 20
+  secretStore:
+    backend: "vault"
 
 clusterGroup:
   subscriptions:
