Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom secret key selector #730

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Custom secret key selector #730

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ec251a7
Added custom SecretKeySelector
SirSam21 Jan 21, 2025
8e2c4e1
Made TemplateAuthRule name property required
SirSam21 Jan 21, 2025
05e596f
make crd's
SirSam21 Jan 21, 2025
92ec951
fixed template auth rule test
SirSam21 Jan 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions cyclops-ctrl/api/v1alpha1/template_auth_rule_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ limitations under the License.
package v1alpha1

import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

Expand All @@ -31,8 +30,19 @@ type TemplateAuthRuleSpec struct {

Repo string `json:"repo"`

Username v1.SecretKeySelector `json:"username"`
Password v1.SecretKeySelector `json:"password"`
Username SecretKeySelector `json:"username"`
Password SecretKeySelector `json:"password"`
}

type SecretKeySelector struct {

// Name of the Secret
Name string `json:"name"`
// Key to extract from the Secret
Key string `json:"key"`
// Specify whether the Secret or its key must be defined
// +optional
Optional *bool `json:"optional,omitempty"`
}

//+kubebuilder:object:root=true
Expand Down
20 changes: 20 additions & 0 deletions cyclops-ctrl/api/v1alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

32 changes: 6 additions & 26 deletions cyclops-ctrl/config/crd/bases/cyclops-ui.com_templateauthrules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,57 +40,37 @@ spec:
description: TemplateAuthRuleSpec defines the desired state of TemplateAuthRule
properties:
password:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
description: Key to extract from the Secret
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
description: Name of the Secret
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
repo:
type: string
username:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
description: Key to extract from the Secret
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
description: Name of the Secret
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
required:
- password
- repo
Expand Down
40 changes: 20 additions & 20 deletions cyclops-ctrl/internal/auth/templates_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
package auth

import (
"testing"

"github.com/cyclops-ui/cyclops/cyclops-ctrl/api/v1alpha1"
"github.com/cyclops-ui/cyclops/cyclops-ctrl/pkg/mocks"
"github.com/pkg/errors"
apiv1 "k8s.io/api/core/v1"
"testing"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
Expand Down Expand Up @@ -45,39 +45,39 @@ var _ = Describe("Templates resolver", func() {
{
Spec: v1alpha1.TemplateAuthRuleSpec{
Repo: "https://github.com/my-org/some-other-team",
Username: apiv1.SecretKeySelector{
LocalObjectReference: apiv1.LocalObjectReference{Name: "wrong-secret"},
Key: "username",
Username: v1alpha1.SecretKeySelector{
Name: "wrong-secret",
Key: "username",
},
Password: apiv1.SecretKeySelector{
LocalObjectReference: apiv1.LocalObjectReference{Name: "wrong-secret"},
Key: "token",
Password: v1alpha1.SecretKeySelector{
Name: "wrong-secret",
Key: "token",
},
},
},
{
Spec: v1alpha1.TemplateAuthRuleSpec{
Repo: "https://github.com/invalid-org/some))-other-team", // invalid regex should not break resolver
Username: apiv1.SecretKeySelector{
LocalObjectReference: apiv1.LocalObjectReference{Name: "wrong-secret"},
Key: "username",
Username: v1alpha1.SecretKeySelector{
Name: "wrong-secret",
Key: "username",
},
Password: apiv1.SecretKeySelector{
LocalObjectReference: apiv1.LocalObjectReference{Name: "wrong-secret"},
Key: "token",
Password: v1alpha1.SecretKeySelector{
Name: "wrong-secret",
Key: "token",
},
},
},
{
Spec: v1alpha1.TemplateAuthRuleSpec{
Repo: "https://github.com/my-org/my-team",
Username: apiv1.SecretKeySelector{
LocalObjectReference: apiv1.LocalObjectReference{Name: "secret-name"},
Key: "username",
Username: v1alpha1.SecretKeySelector{
Name: "secret-name",
Key: "username",
},
Password: apiv1.SecretKeySelector{
LocalObjectReference: apiv1.LocalObjectReference{Name: "secret-name"},
Key: "token",
Password: v1alpha1.SecretKeySelector{
Name: "secret-name",
Key: "token",
},
},
},
Expand Down
25 changes: 6 additions & 19 deletions cyctl/internal/create/template_auth_rules.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"github.com/cyclops-ui/cycops-cyctl/internal/kubeconfig"
"github.com/manifoldco/promptui"
"github.com/spf13/cobra"
v1Spec "k8s.io/api/core/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/yaml"
)
Expand Down Expand Up @@ -143,18 +142,6 @@ func createTemplateAuthRule(clientset *client.CyclopsV1Alpha1Client, templateAut
}
}

var localObjectNameRef, localObjectPasswordRef v1Spec.LocalObjectReference
if usernameName != "" {
localObjectNameRef = v1Spec.LocalObjectReference{
Name: usernameName,
}
}
if passwordName != "" {
localObjectPasswordRef = v1Spec.LocalObjectReference{
Name: passwordName,
}
}

newTemplateAuthRule := v1alpha1.TemplateAuthRule{
TypeMeta: v1.TypeMeta{
APIVersion: "cyclops-ui.com/v1alpha1",
Expand All @@ -166,13 +153,13 @@ func createTemplateAuthRule(clientset *client.CyclopsV1Alpha1Client, templateAut
},
Spec: v1alpha1.TemplateAuthRuleSpec{
Repo: repo,
Username: v1Spec.SecretKeySelector{
Key: usernameKey,
LocalObjectReference: localObjectNameRef,
Username: v1alpha1.SecretKeySelector{
Name: usernameName,
Key: usernameKey,
},
Password: v1Spec.SecretKeySelector{
Key: passwordKey,
LocalObjectReference: localObjectPasswordRef,
Password: v1alpha1.SecretKeySelector{
Name: usernameName,
Key: passwordKey,
},
},
}
Expand Down
10 changes: 2 additions & 8 deletions install/chart/crds/template-auth-rule.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,8 @@ spec:
valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
Expand All @@ -61,6 +57,7 @@ spec:
type: boolean
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
repo:
Expand All @@ -73,12 +70,8 @@ spec:
valid secret key.
type: string
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
TODO: Add other useful fields. apiVersion, kind, uid?
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
Expand All @@ -87,6 +80,7 @@ spec:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- name
- key
type: object
x-kubernetes-map-type: atomic
Expand Down