diff --git a/cyclops-ctrl/api/v1alpha1/template_auth_rule_types.go b/cyclops-ctrl/api/v1alpha1/template_auth_rule_types.go index 61b48f5ca..7e709048f 100644 --- a/cyclops-ctrl/api/v1alpha1/template_auth_rule_types.go +++ b/cyclops-ctrl/api/v1alpha1/template_auth_rule_types.go @@ -17,7 +17,6 @@ limitations under the License. package v1alpha1 import ( - v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -31,8 +30,19 @@ type TemplateAuthRuleSpec struct { Repo string `json:"repo"` - Username v1.SecretKeySelector `json:"username"` - Password v1.SecretKeySelector `json:"password"` + Username SecretKeySelector `json:"username"` + Password SecretKeySelector `json:"password"` +} + +type SecretKeySelector struct { + + // Name of the Secret + Name string `json:"name"` + // Key to extract from the Secret + Key string `json:"key"` + // Specify whether the Secret or its key must be defined + // +optional + Optional *bool `json:"optional,omitempty"` } //+kubebuilder:object:root=true diff --git a/cyclops-ctrl/api/v1alpha1/zz_generated.deepcopy.go b/cyclops-ctrl/api/v1alpha1/zz_generated.deepcopy.go index 0bce7172a..abc60f902 100644 --- a/cyclops-ctrl/api/v1alpha1/zz_generated.deepcopy.go +++ b/cyclops-ctrl/api/v1alpha1/zz_generated.deepcopy.go @@ -210,6 +210,26 @@ func (in *ReconciliationStatus) DeepCopy() *ReconciliationStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in + if in.Optional != nil { + in, out := &in.Optional, &out.Optional + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TemplateAuthRule) DeepCopyInto(out *TemplateAuthRule) { *out = *in diff --git a/cyclops-ctrl/config/crd/bases/cyclops-ui.com_templateauthrules.yaml b/cyclops-ctrl/config/crd/bases/cyclops-ui.com_templateauthrules.yaml index 293e73e79..e148ecd02 100644 --- a/cyclops-ctrl/config/crd/bases/cyclops-ui.com_templateauthrules.yaml +++ b/cyclops-ctrl/config/crd/bases/cyclops-ui.com_templateauthrules.yaml @@ -40,57 +40,37 @@ spec: description: TemplateAuthRuleSpec defines the desired state of TemplateAuthRule properties: password: - description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: Key to extract from the Secret type: string name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + description: Name of the Secret type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key + - name type: object - x-kubernetes-map-type: atomic repo: type: string username: - description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. + description: Key to extract from the Secret type: string name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + description: Name of the Secret type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key + - name type: object - x-kubernetes-map-type: atomic required: - password - repo diff --git a/cyclops-ctrl/internal/auth/templates_test.go b/cyclops-ctrl/internal/auth/templates_test.go index 4a71138cd..39d7c6f40 100644 --- a/cyclops-ctrl/internal/auth/templates_test.go +++ b/cyclops-ctrl/internal/auth/templates_test.go @@ -1,11 +1,11 @@ package auth import ( + "testing" + "github.com/cyclops-ui/cyclops/cyclops-ctrl/api/v1alpha1" "github.com/cyclops-ui/cyclops/cyclops-ctrl/pkg/mocks" "github.com/pkg/errors" - apiv1 "k8s.io/api/core/v1" - "testing" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -45,39 +45,39 @@ var _ = Describe("Templates resolver", func() { { Spec: v1alpha1.TemplateAuthRuleSpec{ Repo: "https://github.com/my-org/some-other-team", - Username: apiv1.SecretKeySelector{ - LocalObjectReference: apiv1.LocalObjectReference{Name: "wrong-secret"}, - Key: "username", + Username: v1alpha1.SecretKeySelector{ + Name: "wrong-secret", + Key: "username", }, - Password: apiv1.SecretKeySelector{ - LocalObjectReference: apiv1.LocalObjectReference{Name: "wrong-secret"}, - Key: "token", + Password: v1alpha1.SecretKeySelector{ + Name: "wrong-secret", + Key: "token", }, }, }, { Spec: v1alpha1.TemplateAuthRuleSpec{ Repo: "https://github.com/invalid-org/some))-other-team", // invalid regex should not break resolver - Username: apiv1.SecretKeySelector{ - LocalObjectReference: apiv1.LocalObjectReference{Name: "wrong-secret"}, - Key: "username", + Username: v1alpha1.SecretKeySelector{ + Name: "wrong-secret", + Key: "username", }, - Password: apiv1.SecretKeySelector{ - LocalObjectReference: apiv1.LocalObjectReference{Name: "wrong-secret"}, - Key: "token", + Password: v1alpha1.SecretKeySelector{ + Name: "wrong-secret", + Key: "token", }, }, }, { Spec: v1alpha1.TemplateAuthRuleSpec{ Repo: "https://github.com/my-org/my-team", - Username: apiv1.SecretKeySelector{ - LocalObjectReference: apiv1.LocalObjectReference{Name: "secret-name"}, - Key: "username", + Username: v1alpha1.SecretKeySelector{ + Name: "secret-name", + Key: "username", }, - Password: apiv1.SecretKeySelector{ - LocalObjectReference: apiv1.LocalObjectReference{Name: "secret-name"}, - Key: "token", + Password: v1alpha1.SecretKeySelector{ + Name: "secret-name", + Key: "token", }, }, }, diff --git a/cyctl/internal/create/template_auth_rules.go b/cyctl/internal/create/template_auth_rules.go index 377a3c6c3..67b8bef76 100644 --- a/cyctl/internal/create/template_auth_rules.go +++ b/cyctl/internal/create/template_auth_rules.go @@ -12,7 +12,6 @@ import ( "github.com/cyclops-ui/cycops-cyctl/internal/kubeconfig" "github.com/manifoldco/promptui" "github.com/spf13/cobra" - v1Spec "k8s.io/api/core/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/yaml" ) @@ -143,18 +142,6 @@ func createTemplateAuthRule(clientset *client.CyclopsV1Alpha1Client, templateAut } } - var localObjectNameRef, localObjectPasswordRef v1Spec.LocalObjectReference - if usernameName != "" { - localObjectNameRef = v1Spec.LocalObjectReference{ - Name: usernameName, - } - } - if passwordName != "" { - localObjectPasswordRef = v1Spec.LocalObjectReference{ - Name: passwordName, - } - } - newTemplateAuthRule := v1alpha1.TemplateAuthRule{ TypeMeta: v1.TypeMeta{ APIVersion: "cyclops-ui.com/v1alpha1", @@ -166,13 +153,13 @@ func createTemplateAuthRule(clientset *client.CyclopsV1Alpha1Client, templateAut }, Spec: v1alpha1.TemplateAuthRuleSpec{ Repo: repo, - Username: v1Spec.SecretKeySelector{ - Key: usernameKey, - LocalObjectReference: localObjectNameRef, + Username: v1alpha1.SecretKeySelector{ + Name: usernameName, + Key: usernameKey, }, - Password: v1Spec.SecretKeySelector{ - Key: passwordKey, - LocalObjectReference: localObjectPasswordRef, + Password: v1alpha1.SecretKeySelector{ + Name: usernameName, + Key: passwordKey, }, }, } diff --git a/install/chart/crds/template-auth-rule.yaml b/install/chart/crds/template-auth-rule.yaml index e1ff2e9e0..e79243f65 100644 --- a/install/chart/crds/template-auth-rule.yaml +++ b/install/chart/crds/template-auth-rule.yaml @@ -46,12 +46,8 @@ spec: valid secret key. type: string name: - default: "" description: |- Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -61,6 +57,7 @@ spec: type: boolean required: - key + - name type: object x-kubernetes-map-type: atomic repo: @@ -73,12 +70,8 @@ spec: valid secret key. type: string name: - default: "" description: |- Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. @@ -87,6 +80,7 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: + - name - key type: object x-kubernetes-map-type: atomic