From 0860c93d6c9c1fca1e1c4828e39fc5a4aa147362 Mon Sep 17 00:00:00 2001 From: Wim Henderickx Date: Tue, 28 May 2024 18:15:14 +0200 Subject: [PATCH 1/2] add the ability to specify sensitive data in the schema --- apis/inv/v1alpha1/schema_types.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/apis/inv/v1alpha1/schema_types.go b/apis/inv/v1alpha1/schema_types.go index e3228e5f..08ca414e 100644 --- a/apis/inv/v1alpha1/schema_types.go +++ b/apis/inv/v1alpha1/schema_types.go @@ -57,10 +57,11 @@ type SchemaSpec struct { // Dirs defines the list of directories that identified the provider schema in src/dst pairs // relative within the repository Dirs []SrcDstPath `json:"dirs,omitempty" yaml:"dirs,omitempty"` - // Schema provides the details of which files must be used for the models and which files/directories - // cana be excludes + // can be excludes Schema SchemaSpecSchema `json:"schema" yaml:"schema"` + // SensitivePaths defines the paths in the schema that have sensitive data + SensitivePaths []string `json:"sensitivePaths,omitempty" yaml:"schema,omitempty"` } // SrcDstPath provide a src/dst pair for the loader to download the schema from a specific src From ff3160af44df607808329fca6706269fe16b7bbb Mon Sep 17 00:00:00 2001 From: Wim Henderickx Date: Wed, 29 May 2024 13:58:57 +0200 Subject: [PATCH 2/2] updated sensitivepaths to a list --- apis/config/config_types.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/apis/config/config_types.go b/apis/config/config_types.go index 2c397668..716ec51f 100644 --- a/apis/config/config_types.go +++ b/apis/config/config_types.go @@ -17,6 +17,7 @@ limitations under the License. package config import ( + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" ) @@ -36,8 +37,19 @@ type ConfigSpec struct { type ConfigBlob struct { // Path defines the path relative to which the value is applicable Path string `json:"path,omitempty" protobuf:"bytes,1,opt,name=config"` + // Value defines the value used within the path, which is the YANG data + // for the particular path //+kubebuilder:pruning:PreserveUnknownFields Value runtime.RawExtension `json:"value" protobuf:"bytes,2,opt,name=value"` + // SensitivePaths define the paths for which sensitive value, like passwords, keys are referenced + SensitivePaths []*ConfigBlobSensitiveData `json:"sensitivePaths" protobuf:"bytes,3,opt,name=sensitivePaths"` +} + +type ConfigBlobSensitiveData struct { + // Path defines the path to the sensitive data leaf + Path string `json:"path,omitempty" protobuf:"bytes,1,opt,name=config"` + // Selects a key of a secret in the pod's namespace + SecretKeyRef corev1.SecretKeySelector `json:"secretKeyRef" protobuf:"bytes,2,opt,name=secretKeyRef"` } // ConfigStatus defines the observed state of Config