Skip to content

add the ability to specify sensitive data in the schema #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
henderiw wants to merge 2 commits into
base: main
Choose a base branch
from
+15 −2
Open

add the ability to specify sensitive data in the schema #192

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0860c93
add the ability to specify sensitive data in the schema
henderiw May 28, 2024
ff3160a
updated sensitivepaths to a list
henderiw May 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions apis/config/config_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package config

import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
Expand All @@ -36,8 +37,19 @@ type ConfigSpec struct {
type ConfigBlob struct {
// Path defines the path relative to which the value is applicable
Path string `json:"path,omitempty" protobuf:"bytes,1,opt,name=config"`
// Value defines the value used within the path, which is the YANG data
// for the particular path
//+kubebuilder:pruning:PreserveUnknownFields
Value runtime.RawExtension `json:"value" protobuf:"bytes,2,opt,name=value"`
// SensitivePaths define the paths for which sensitive value, like passwords, keys are referenced
SensitivePaths []*ConfigBlobSensitiveData `json:"sensitivePaths" protobuf:"bytes,3,opt,name=sensitivePaths"`
}

type ConfigBlobSensitiveData struct {
// Path defines the path to the sensitive data leaf
Path string `json:"path,omitempty" protobuf:"bytes,1,opt,name=config"`
// Selects a key of a secret in the pod's namespace
Copy link
Contributor

@alexandernorth alexandernorth May 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should probably search the target/config resource namespace, or use the SecretReference with a key selector so that the namespace can also be defined

SecretKeyRef corev1.SecretKeySelector `json:"secretKeyRef" protobuf:"bytes,2,opt,name=secretKeyRef"`
}

// ConfigStatus defines the observed state of Config
Expand Down
5 changes: 3 additions & 2 deletions apis/inv/v1alpha1/schema_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,11 @@ type SchemaSpec struct {
// Dirs defines the list of directories that identified the provider schema in src/dst pairs
// relative within the repository
Dirs []SrcDstPath `json:"dirs,omitempty" yaml:"dirs,omitempty"`

// Schema provides the details of which files must be used for the models and which files/directories
// cana be excludes
// can be excludes
Schema SchemaSpecSchema `json:"schema" yaml:"schema"`
// SensitivePaths defines the paths in the schema that have sensitive data
SensitivePaths []string `json:"sensitivePaths,omitempty" yaml:"schema,omitempty"`
Copy link
Contributor

@alexandernorth alexandernorth May 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be auto-filled by the config paths too? I would assume so, and extra ones can be defined here

}

// SrcDstPath provide a src/dst pair for the loader to download the schema from a specific src
Expand Down