From 85521276e8ffbac0895808375aebbe81374dfeaa Mon Sep 17 00:00:00 2001
From: Adrien Thebo <adrien@lagrange-automation.io>
Date: Mon, 3 Oct 2022 11:23:18 -0700
Subject: [PATCH] [installer] Support enabling protected secrets (#13545)

Co-authored-by: Christian Weichel <chris@gitpod.io>
---
 install/installer/pkg/components/server/configmap.go   | 10 +++++++++-
 install/installer/pkg/components/server/types.go       |  1 +
 .../pkg/config/v1/experimental/experimental.go         |  2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/install/installer/pkg/components/server/configmap.go b/install/installer/pkg/components/server/configmap.go
index c972e051827983..df4f74a4389913 100644
--- a/install/installer/pkg/components/server/configmap.go
+++ b/install/installer/pkg/components/server/configmap.go
@@ -162,6 +162,14 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 		return nil
 	})
 
+	defaultFeatureFlags := []NamedWorkspaceFeatureFlag{}
+	_ = ctx.WithExperimental(func(cfg *experimental.Config) error {
+		if cfg.Workspace != nil && cfg.Workspace.EnableProtectedSecrets {
+			defaultFeatureFlags = append(defaultFeatureFlags, NamedWorkspaceFeatureProtectedSecrets)
+		}
+		return nil
+	})
+
 	// todo(sje): all these values are configurable
 	scfg := ConfigSerialized{
 		Version:               ctx.VersionManifest.Version,
@@ -175,7 +183,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 		WorkspaceDefaults: WorkspaceDefaults{
 			WorkspaceImage:      workspaceImage,
 			PreviewFeatureFlags: []NamedWorkspaceFeatureFlag{},
-			DefaultFeatureFlags: []NamedWorkspaceFeatureFlag{},
+			DefaultFeatureFlags: defaultFeatureFlags,
 			TimeoutDefault:      ctx.Config.Workspace.TimeoutDefault,
 			TimeoutExtended:     ctx.Config.Workspace.TimeoutExtended,
 		},
diff --git a/install/installer/pkg/components/server/types.go b/install/installer/pkg/components/server/types.go
index 97f63aa0cd0f5a..5414b696b30278 100644
--- a/install/installer/pkg/components/server/types.go
+++ b/install/installer/pkg/components/server/types.go
@@ -147,6 +147,7 @@ type NamedWorkspaceFeatureFlag string
 
 const (
 	NamedWorkspaceFeatureFlagFullWorkspaceBackup NamedWorkspaceFeatureFlag = "full_workspace_backup"
+	NamedWorkspaceFeatureProtectedSecrets        NamedWorkspaceFeatureFlag = "protected_secrets"
 )
 
 type WorkspaceClassCategory string
diff --git a/install/installer/pkg/config/v1/experimental/experimental.go b/install/installer/pkg/config/v1/experimental/experimental.go
index 16746da15890ec..f71798d151f888 100644
--- a/install/installer/pkg/config/v1/experimental/experimental.go
+++ b/install/installer/pkg/config/v1/experimental/experimental.go
@@ -119,6 +119,8 @@ type WorkspaceConfig struct {
 		// Deprecated
 		UsageReportBucketName string `json:"usageReportBucketName"`
 	} `json:"contentService"`
+
+	EnableProtectedSecrets bool `json:"enableProtectedSecrets"`
 }
 
 type PersistentVolumeClaim struct {