mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

Merge pull request #16 from mcavoyk/feat/cluster-store

Browse source 
Add ClusterSecretStore resource
This commit is contained in:
Jonatas Baldin 2021-01-08 09:58:58 +01:00 committed by GitHub
commit 2c7a46fb3c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 634 additions and 132 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Dockerfile
View file

@ -11,8 +11,8 @@ RUN go mod download
# Copy the go source
COPY main.go main.go
COPY api/ api/
COPY controllers/ controllers/
COPY apis/ apis/
COPY pkg/ pkg/
# Build
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go

1
PROJECT
View file

@ -1,4 +1,5 @@
domain: io
multigroup: true
repo: github.com/external-secrets/external-secrets
resources:
- group: external-secrets

42
api/v1alpha1/groupversion_info.go
View file

@ -1,42 +0,0 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1alpha1 contains API Schema definitions for the external-secrets v1alpha1 API group
// +kubebuilder:object:generate=true
// +groupName=external-secrets.io
package v1alpha1
import (
"reflect"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/scheme"
)
var (
// GroupVersion is group version used to register these objects.
GroupVersion = schema.GroupVersion{Group: "external-secrets.io", Version: "v1alpha1"}
// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
// AddToScheme adds the types in this group-version to the given scheme.
AddToScheme = SchemeBuilder.AddToScheme
)
// SecretStore type metadata.
var (
SecretStoreKind = reflect.TypeOf(SecretStore{}).Name()
SecretStoreKindAPIVersion = SecretStoreKind + "." + GroupVersion.String()
)

18
apis/doc.go Normal file
View file

@ -0,0 +1,18 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
//
// +domain=external-secrets.io
package apis

17
apis/externalsecrets/doc.go Normal file
View file

@ -0,0 +1,17 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +groupName=external-secrets.io
package externalsecrets

13
api/v1alpha1/meta_types.go → apis/externalsecrets/v1alpha1/doc.go
View file

@ -12,13 +12,8 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
// Package v1alpha1 contains resources for external-secrets
// +kubebuilder:object:generate=true
// +groupName=external-secrets.io
// +versionName=v1alpha1
package v1alpha1
// Refers to a Secret in Kubernetes.
type SecretKeySelector struct {
Name string `json:"name"`
Key string `json:"key"`
// +optional
Namespace *string `json:"namespace,omitempty"`
}

8
api/v1alpha1/externalsecret_types.go → apis/externalsecrets/v1alpha1/externalsecret_types.go
View file

@ -174,7 +174,7 @@ type ExternalSecretStatus struct {
// +kubebuilder:object:root=true
// ExternalSecret is the Schema for the externalsecrets API.
// ExternalSecret is the Schema for the external-secrets API.
type ExternalSecret struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
@ -185,13 +185,9 @@ type ExternalSecret struct {
// +kubebuilder:object:root=true
// ExternalSecretList contains a list of ExternalSecret.
// ExternalSecretList contains a list of ExternalSecret resources.
type ExternalSecretList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ExternalSecret `json:"items"`
}
func init() {
SchemeBuilder.Register(&ExternalSecret{}, &ExternalSecretList{})
}

30
api/v1alpha1/generic_store.go → apis/externalsecrets/v1alpha1/generic_store.go
View file

@ -29,19 +29,39 @@ import (
type GenericStore interface {
runtime.Object
metav1.Object
GetProvider() *SecretStoreProvider
GetObjectMeta() *metav1.ObjectMeta
GetSpec() *SecretStoreSpec
}
// +kubebuilder:object:root:false
// +kubebuilder:object:generate:false
var _ GenericStore = &SecretStore{}
// GetProvider returns the underlying provider.
func (c *SecretStore) GetProvider() *SecretStoreProvider {
return c.Spec.Provider
func (c *SecretStore) GetObjectMeta() *metav1.ObjectMeta {
return &c.ObjectMeta
}
func (c *SecretStore) GetSpec() *SecretStoreSpec {
return &c.Spec
}
// Copy returns a DeepCopy of the Store.
func (c *SecretStore) Copy() GenericStore {
return c.DeepCopy()
}
// +kubebuilder:object:root:false
// +kubebuilder:object:generate:false
var _ GenericStore = &ClusterSecretStore{}
func (c *ClusterSecretStore) GetObjectMeta() *metav1.ObjectMeta {
return &c.ObjectMeta
}
func (c *ClusterSecretStore) GetSpec() *SecretStoreSpec {
return &c.Spec
}
func (c *ClusterSecretStore) Copy() GenericStore {
return c.DeepCopy()
}

67
apis/externalsecrets/v1alpha1/register.go Normal file
View file

@ -0,0 +1,67 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
"reflect"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/scheme"
)
// Package type metadata.
const (
Group = "external-secrets.io"
Version = "v1alpha1"
)
var (
// SchemeGroupVersion is group version used to register these objects.
SchemeGroupVersion = schema.GroupVersion{Group: Group, Version: Version}
// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
AddToScheme = SchemeBuilder.AddToScheme
)
// ExternalSecret type metadata.
var (
ExtSecretKind = reflect.TypeOf(ExternalSecret{}).Name()
ExtSecretGroupKind = schema.GroupKind{Group: Group, Kind: ExtSecretKind}.String()
ExtSecretKindAPIVersion = ExtSecretKind + "." + SchemeGroupVersion.String()
ExtSecretGroupVersionKind = SchemeGroupVersion.WithKind(ExtSecretKind)
)
// SecretStore type metadata.
var (
SecretStoreKind = reflect.TypeOf(SecretStore{}).Name()
SecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: SecretStoreKind}.String()
SecretStoreKindAPIVersion = SecretStoreKind + "." + SchemeGroupVersion.String()
SecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(SecretStoreKind)
)
// ClusterSecretStore type metadata.
var (
ClusterSecretStoreKind = reflect.TypeOf(ClusterSecretStore{}).Name()
ClusterSecretStoreGroupKind = schema.GroupKind{Group: Group, Kind: ClusterSecretStoreKind}.String()
ClusterSecretStoreKindAPIVersion = ClusterSecretStoreKind + "." + SchemeGroupVersion.String()
ClusterSecretStoreGroupVersionKind = SchemeGroupVersion.WithKind(ClusterSecretStoreKind)
)
func init() {
SchemeBuilder.Register(&ExternalSecret{}, &ExternalSecretList{})
SchemeBuilder.Register(&SecretStore{}, &SecretStoreList{})
SchemeBuilder.Register(&ClusterSecretStore{}, &ClusterSecretStoreList{})
}

8
api/v1alpha1/secretstore_awssm_types.go → apis/externalsecrets/v1alpha1/secretstore_awssm_types.go
View file

@ -14,6 +14,10 @@ limitations under the License.
package v1alpha1
import (
esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
)
type AWSSMAuth struct {
SecretRef AWSSMAuthSecretRef `json:"secretRef"`
}
@ -21,11 +25,11 @@ type AWSSMAuth struct {
type AWSSMAuthSecretRef struct {
// The AccessKeyID is used for authentication
// +optional
AccessKeyID SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`
AccessKeyID esmeta.SecretKeySelector `json:"accessKeyIDSecretRef,omitempty"`
// The SecretAccessKey is used for authentication
// +optional
SecretAccessKey SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
SecretAccessKey esmeta.SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}
// Configures a store to sync secrets using the AWS Secret Manager provider.

29
api/v1alpha1/secretstore_types.go → apis/externalsecrets/v1alpha1/secretstore_types.go
View file

@ -88,7 +88,10 @@ type SecretStoreStatus struct {
// +kubebuilder:object:root=true
// SecretStore is the Schema for the secretstores API.
// SecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss
type SecretStore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
@ -99,13 +102,31 @@ type SecretStore struct {
// +kubebuilder:object:root=true
// SecretStoreList contains a list of SecretStore.
// SecretStoreList contains a list of SecretStore resources.
type SecretStoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []SecretStore `json:"items"`
}
func init() {
SchemeBuilder.Register(&SecretStore{}, &SecretStoreList{})
// +kubebuilder:object:root=true
// ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css
type ClusterSecretStore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec SecretStoreSpec `json:"spec,omitempty"`
}
// +kubebuilder:object:root=true
// ClusterSecretStoreList contains a list of ClusterSecretStore resources.
type ClusterSecretStoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ClusterSecretStore `json:"items"`
}

78
api/v1alpha1/zz_generated.deepcopy.go → apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go
View file

@ -71,6 +71,64 @@ func (in *AWSSMProvider) DeepCopy() *AWSSMProvider {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterSecretStore) DeepCopyInto(out *ClusterSecretStore) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStore.
func (in *ClusterSecretStore) DeepCopy() *ClusterSecretStore {
if in == nil {
return nil
}
out := new(ClusterSecretStore)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterSecretStore) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ClusterSecretStoreList) DeepCopyInto(out *ClusterSecretStoreList) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ListMeta.DeepCopyInto(&out.ListMeta)
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]ClusterSecretStore, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreList.
func (in *ClusterSecretStoreList) DeepCopy() *ClusterSecretStoreList {
if in == nil {
return nil
}
out := new(ClusterSecretStoreList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ClusterSecretStoreList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ExternalSecret) DeepCopyInto(out *ExternalSecret) {
*out = *in
@ -287,26 +345,6 @@ func (in *ExternalSecretTemplateMetadata) DeepCopy() *ExternalSecretTemplateMeta
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) {
*out = *in
if in.Namespace != nil {
in, out := &in.Namespace, &out.Namespace
*out = new(string)
**out = **in
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.
func (in *SecretKeySelector) DeepCopy() *SecretKeySelector {
if in == nil {
return nil
}
out := new(SecretKeySelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SecretStore) DeepCopyInto(out *SecretStore) {
*out = *in

16
apis/meta/doc.go Normal file
View file

@ -0,0 +1,16 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package meta contains meta types for external-secret APIs.
package meta

17
apis/meta/v1/doc.go Normal file
View file

@ -0,0 +1,17 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package meta contains meta types for external-secrets APIs
// +kubebuilder:object:generate=true
package v1

30
apis/meta/v1/types.go Normal file
View file

@ -0,0 +1,30 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
// A reference to a specific 'key' within a Secret resource,
// In some instances, `key` is a required field.
type SecretKeySelector struct {
// The name of the Secret resource being referred to.
Name string `json:"name"`
// Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
// to the namespace of the referent.
// +optional
Namespace *string `json:"namespace,omitempty"`
// The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
// defaulted, in others it may be required.
// +optional
Key string `json:"key,omitempty"`
}

41
apis/meta/v1/zz_generated.deepcopy.go Normal file
View file

@ -0,0 +1,41 @@
// +build !ignore_autogenerated
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by controller-gen. DO NOT EDIT.
package v1
import ()
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) {
*out = *in
if in.Namespace != nil {
in, out := &in.Namespace, &out.Namespace
*out = new(string)
**out = **in
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector.
func (in *SecretKeySelector) DeepCopy() *SecretKeySelector {
if in == nil {
return nil
}
out := new(SecretKeySelector)
in.DeepCopyInto(out)
return out
}

140
config/crd/bases/external-secrets.io_clustersecretstores.yaml Normal file
View file

@ -0,0 +1,140 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: clustersecretstores.external-secrets.io
spec:
group: external-secrets.io
names:
categories:
- externalsecrets
kind: ClusterSecretStore
listKind: ClusterSecretStoreList
plural: clustersecretstores
shortNames:
- css
singular: clustersecretstore
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterSecretStore represents a secure external location for
storing secrets, which can be referenced as part of `storeRef` fields.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: SecretStoreSpec defines the desired state of SecretStore.
properties:
controller:
description: 'Used to select the correct KES controller (think: ingress.ingressClassName)
The KES controller is instantiated with a specific controller name
and filters ES based on this property'
type: string
provider:
description: Used to configure the provider. Only one provider may
be set
maxProperties: 1
minProperties: 1
properties:
awssm:
description: AWSSM configures this store to sync secrets using
AWS Secret Manager provider
properties:
auth:
description: Auth defines the information necessary to authenticate
against AWS
properties:
secretRef:
properties:
accessKeyIDSecretRef:
description: The AccessKeyID is used for authentication
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others it
may be required.
type: string
name:
description: The name of the Secret resource being
referred to.
type: string
namespace:
description: Namespace of the resource being referred
to. Ignored if referent is not cluster-scoped.
cluster-scoped defaults to the namespace of
the referent.
type: string
required:
- name
type: object
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others it
may be required.
type: string
name:
description: The name of the Secret resource being
referred to.
type: string
namespace:
description: Namespace of the resource being referred
to. Ignored if referent is not cluster-scoped.
cluster-scoped defaults to the namespace of
the referent.
type: string
required:
- name
type: object
type: object
required:
- secretRef
type: object
region:
description: AWS Region to be used for the provider
type: string
role:
description: Role is a Role ARN which the SecretManager provider
will assume
type: string
required:
- auth
- region
type: object
type: object
required:
- provider
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

2
config/crd/bases/external-secrets.io_externalsecrets.yaml
View file

@ -17,7 +17,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ExternalSecret is the Schema for the externalsecrets API.
description: ExternalSecret is the Schema for the external-secrets API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation

37
config/crd/bases/external-secrets.io_secretstores.yaml
View file

@ -8,16 +8,25 @@ metadata:
spec:
group: external-secrets.io
names:
categories:
- externalsecrets
kind: SecretStore
listKind: SecretStoreList
plural: secretstores
shortNames:
- ss
singular: secretstore
scope: Namespaced
versions:
- name: v1alpha1
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: AGE
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: SecretStore is the Schema for the secretstores API.
description: SecretStore represents a secure external location for storing
secrets, which can be referenced as part of `storeRef` fields.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@ -59,26 +68,44 @@ spec:
description: The AccessKeyID is used for authentication
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others it
may be required.
type: string
name:
description: The name of the Secret resource being
referred to.
type: string
namespace:
description: Namespace of the resource being referred
to. Ignored if referent is not cluster-scoped.
cluster-scoped defaults to the namespace of
the referent.
type: string
required:
- key
- name
type: object
secretAccessKeySecretRef:
description: The SecretAccessKey is used for authentication
properties:
key:
description: The key of the entry in the Secret
resource's `data` field to be used. Some instances
of this field may be defaulted, in others it
may be required.
type: string
name:
description: The name of the Secret resource being
referred to.
type: string
namespace:
description: Namespace of the resource being referred
to. Ignored if referent is not cluster-scoped.
cluster-scoped defaults to the namespace of
the referent.
type: string
required:
- key
- name
type: object
type: object
@ -128,6 +155,8 @@ spec:
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""

11
main.go
View file

@ -25,8 +25,9 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log/zap"
// +kubebuilder:scaffold:imports
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/controllers"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/controllers/externalsecret"
"github.com/external-secrets/external-secrets/pkg/controllers/secretstore"
)
var (
@ -37,7 +38,7 @@ var (
func init() {
_ = clientgoscheme.AddToScheme(scheme)
_ = externalsecretsv1alpha1.AddToScheme(scheme)
_ = esv1alpha1.AddToScheme(scheme)
// +kubebuilder:scaffold:scheme
}
@ -64,7 +65,7 @@ func main() {
os.Exit(1)
}
if err = (&controllers.SecretStoreReconciler{
if err = (&secretstore.Reconciler{
Client: mgr.GetClient(),
Log: ctrl.Log.WithName("controllers").WithName("SecretStore"),
Scheme: mgr.GetScheme(),
@ -72,7 +73,7 @@ func main() {
setupLog.Error(err, "unable to create controller", "controller", "SecretStore")
os.Exit(1)
}
if err = (&controllers.ExternalSecretReconciler{
if err = (&externalsecret.Reconciler{
Client: mgr.GetClient(),
Log: ctrl.Log.WithName("controllers").WithName("ExternalSecret"),
Scheme: mgr.GetScheme(),

14
controllers/externalsecret_controller.go → pkg/controllers/externalsecret/externalsecret_controller.go
View file

@ -12,7 +12,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
package controllers
package externalsecret
import (
"context"
@ -22,11 +22,11 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
)
// ExternalSecretReconciler reconciles a ExternalSecret object.
type ExternalSecretReconciler struct {
// Reconciler reconciles a ExternalSecret object.
type Reconciler struct {
client.Client
Log logr.Logger
Scheme *runtime.Scheme
@ -35,7 +35,7 @@ type ExternalSecretReconciler struct {
// +kubebuilder:rbac:groups=external-secrets.io,resources=externalsecrets,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=external-secrets.io,resources=externalsecrets/status,verbs=get;update;patch
func (r *ExternalSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
func (r *Reconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
_ = context.Background()
_ = r.Log.WithValues("externalsecret", req.NamespacedName)
@ -44,8 +44,8 @@ func (r *ExternalSecretReconciler) Reconcile(req ctrl.Request) (ctrl.Result, err
return ctrl.Result{}, nil
}
func (r *ExternalSecretReconciler) SetupWithManager(mgr ctrl.Manager) error {
func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&externalsecretsv1alpha1.ExternalSecret{}).
For(&esv1alpha1.ExternalSecret{}).
Complete(r)
}

8
controllers/suite_test.go → pkg/controllers/externalsecret/suite_test.go
View file

@ -12,7 +12,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
package controllers
package externalsecret
import (
"path/filepath"
@ -28,7 +28,7 @@ import (
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
)
// These tests use Ginkgo (BDD-style Go testing framework). Refer to
@ -59,10 +59,10 @@ var _ = BeforeSuite(func(done Done) {
Expect(err).ToNot(HaveOccurred())
Expect(cfg).ToNot(BeNil())
err = externalsecretsv1alpha1.AddToScheme(scheme.Scheme)
err = esv1alpha1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
err = externalsecretsv1alpha1.AddToScheme(scheme.Scheme)
err = esv1alpha1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
// +kubebuilder:scaffold:scheme

14
controllers/secretstore_controller.go → pkg/controllers/secretstore/secretstore_controller.go
View file

@ -12,7 +12,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
package controllers
package secretstore
import (
"context"
@ -22,11 +22,11 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
)
// SecretStoreReconciler reconciles a SecretStore object.
type SecretStoreReconciler struct {
// Reconciler reconciles a SecretStore object.
type Reconciler struct {
client.Client
Log logr.Logger
Scheme *runtime.Scheme
@ -35,7 +35,7 @@ type SecretStoreReconciler struct {
// +kubebuilder:rbac:groups=external-secrets.io,resources=secretstores,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=external-secrets.io,resources=secretstores/status,verbs=get;update;patch
func (r *SecretStoreReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
func (r *Reconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
_ = context.Background()
_ = r.Log.WithValues("secretstore", req.NamespacedName)
@ -44,8 +44,8 @@ func (r *SecretStoreReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
return ctrl.Result{}, nil
}
func (r *SecretStoreReconciler) SetupWithManager(mgr ctrl.Manager) error {
func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&externalsecretsv1alpha1.SecretStore{}).
For(&esv1alpha1.SecretStore{}).
Complete(r)
}

81
pkg/controllers/secretstore/suite_test.go Normal file
View file

@ -0,0 +1,81 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package secretstore
import (
"path/filepath"
"testing"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/envtest"
"sigs.k8s.io/controller-runtime/pkg/envtest/printer"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
)
// These tests use Ginkgo (BDD-style Go testing framework). Refer to
// http://onsi.github.io/ginkgo/ to learn more about Ginkgo.
var cfg *rest.Config
var k8sClient client.Client
var testEnv *envtest.Environment
func TestAPIs(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecsWithDefaultAndCustomReporters(t,
"Controller Suite",
[]Reporter{printer.NewlineReporter{}})
}
var _ = BeforeSuite(func(done Done) {
logf.SetLogger(zap.LoggerTo(GinkgoWriter, true))
By("bootstrapping test environment")
testEnv = &envtest.Environment{
CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")},
}
var err error
cfg, err = testEnv.Start()
Expect(err).ToNot(HaveOccurred())
Expect(cfg).ToNot(BeNil())
err = esv1alpha1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
err = esv1alpha1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
// +kubebuilder:scaffold:scheme
k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
Expect(err).ToNot(HaveOccurred())
Expect(k8sClient).ToNot(BeNil())
close(done)
}, 60)
var _ = AfterSuite(func() {
By("tearing down the test environment")
err := testEnv.Stop()
Expect(err).ToNot(HaveOccurred())
})

2
pkg/provider/aws/secretsmanager/secretsmanager.go
View file

@ -18,7 +18,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
"github.com/external-secrets/external-secrets/pkg/provider/schema"
)

2
pkg/provider/fake/fake.go
View file

@ -19,7 +19,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
"github.com/external-secrets/external-secrets/pkg/provider/schema"
)

2
pkg/provider/provider.go
View file

@ -19,7 +19,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
)
// Provider is a common interface for interacting with secret backends.

6
pkg/provider/schema/schema.go
View file

@ -19,7 +19,7 @@ import (
"fmt"
"sync"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
)
@ -71,8 +71,8 @@ func GetProviderByName(name string) (provider.Provider, bool) {
// GetProvider returns the provider from the generic store.
func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) {
provider := s.GetProvider()
storeName, err := getProviderName(provider)
spec := s.GetSpec()
storeName, err := getProviderName(spec.Provider)
if err != nil {
return nil, fmt.Errorf("store error for %s: %w", s.GetName(), err)
}

28
pkg/provider/schema/schema_test.go
View file

@ -20,7 +20,7 @@ import (
"github.com/stretchr/testify/assert"
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
)
@ -44,11 +44,23 @@ func (p *PP) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretData
func TestRegister(t *testing.T) {
p, ok := GetProviderByName("awssm")
assert.Nil(t, p)
assert.False(t, ok)
ForceRegister(&PP{}, &esv1alpha1.SecretStoreProvider{
AWSSM: &esv1alpha1.AWSSMProvider{},
})
p, ok = GetProviderByName("awssm")
assert.NotNil(t, p)
assert.True(t, ok)
assert.False(t, ok, "provider should not be registered")
testProvider := &PP{}
secretStore := &esv1alpha1.SecretStore{
Spec: esv1alpha1.SecretStoreSpec{
Provider: &esv1alpha1.SecretStoreProvider{
AWSSM: &esv1alpha1.AWSSMProvider{},
},
},
}
ForceRegister(testProvider, secretStore.Spec.Provider)
p1, ok := GetProviderByName("awssm")
assert.True(t, ok, "provider should be registered")
assert.Equal(t, testProvider, p1)
p2, err := GetProvider(secretStore)
assert.Nil(t, err)
assert.Equal(t, testProvider, p2)
}