1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

cleanup: add lint and editorconfig

This commit is contained in:
Kellin McAvoy 2020-12-21 14:31:28 -05:00
parent d10ce31973
commit 987d499241
24 changed files with 289 additions and 135 deletions

29
.editorconfig Normal file
View file

@ -0,0 +1,29 @@
root = true
[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
# Go
# https://golang.org/cmd/gofmt/
[{go.mod,*.go}]
indent_style = tab
# Shell
# https://google.github.io/styleguide/shell.xml#Indentation
[*.{bash,sh,zsh}]
indent_size = 2
indent_style = space
# GNU make
# https://www.gnu.org/software/make/manual/html_node/Recipe-Syntax.html
[Makefile]
indent_style = tab
# YAML
# http://yaml.org/spec/1.2/2009-07-21/spec.html#id2576668
[*.{yaml,yml}]
indent_size = 2
indent_style = space

View file

@ -25,9 +25,10 @@ jobs:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Get dependencies - name: Set up Go
run: | uses: actions/setup-go@v2
go get -v -t -d ./... with:
go-version: '~1.15'
- name: Add kubebuilder - name: Add kubebuilder
run: | run: |
@ -35,8 +36,13 @@ jobs:
tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder
- name: Vet and Build - name: Lint
run: make manager run: |
make lint-install
make lint
- name: Build
run: make build
test: test:
name: Test name: Test
@ -48,9 +54,10 @@ jobs:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Get dependencies - name: Set up Go
run: | uses: actions/setup-go@v2
go get -v -t -d ./... with:
go-version: '~1.15'
- name: Add kubebuilder - name: Add kubebuilder
run: | run: |

View file

@ -23,9 +23,10 @@ jobs:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Get dependencies - name: Set up Go
run: | uses: actions/setup-go@v2
go get -v -t -d ./... with:
go-version: '~1.15'
- name: Add kubebuilder - name: Add kubebuilder
run: | run: |
@ -33,8 +34,13 @@ jobs:
tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder
- name: Vet and Build - name: Lint
run: make manager run: |
make lint-install
make lint
- name: Build
run: make build
test: test:
name: Test name: Test
@ -46,9 +52,10 @@ jobs:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Get dependencies - name: Set up Go
run: | uses: actions/setup-go@v2
go get -v -t -d ./... with:
go-version: '~1.15'
- name: Add kubebuilder - name: Add kubebuilder
run: | run: |

89
.golangci.yaml Normal file
View file

@ -0,0 +1,89 @@
run:
timeout: 5m
linters-settings:
gci:
local-prefixes: github.com/external-secrets/external-secrets
goconst:
min-len: 3
min-occurrences: 3
gocritic:
enabled-tags:
- diagnostic
- experimental
- opinionated
- performance
- style
disabled-checks:
- dupImport
- ifElseChain
- octalLiteral
- whyNoLint
- wrapperFunc
- importShadow
- unnamedResult
- unnecessaryBlock
settings:
rangeValCopy:
sizeThreshold: 512
hugeParam:
sizeThreshold: 512
gocyclo:
min-complexity: 16
golint:
min-confidence: 0
govet:
check-shadowing: false
lll:
line-length: 300
maligned:
suggest-new: true
misspell:
locale: US
linters:
disable-all: true
enable:
- asciicheck
- bodyclose
- deadcode
- depguard
- dogsled
- dupl
- errcheck
- errorlint
- exhaustive
- exportloopref
- gci
- goconst
- gocritic
- godot
- gofmt
- golint
- goprintffuncname
- gosec
- gosimple
- govet
- ineffassign
- interfacer
- lll
- maligned
- misspell
- nakedret
- nolintlint
- prealloc
- rowserrcheck
- scopelint
- sqlclosecheck
- staticcheck
- structcheck
- stylecheck
- typecheck
- unconvert
- unparam
- unused
- varcheck
- whitespace
service:
golangci-lint-version: 1.33.x

View file

@ -1,3 +1,7 @@
MAKEFLAGS += --warn-undefined-variables
SHELL := /bin/bash
.SHELLFLAGS := -euo pipefail -c
.DEFAULT_GOAL := all
# Image URL to use all building/pushing image targets # Image URL to use all building/pushing image targets
IMG ?= controller:latest IMG ?= controller:latest
@ -11,18 +15,18 @@ else
GOBIN=$(shell go env GOBIN) GOBIN=$(shell go env GOBIN)
endif endif
all: manager all: build
# Run tests .PHONY: test
test: generate fmt vet manifests test: generate manifests ## Run tests
go test ./... -coverprofile cover.out go test ./... -coverprofile cover.out
# Build manager binary .PHONY: build
manager: generate fmt vet build: generate fmt ## Build binary
go build -o bin/manager main.go go build -o bin/manager main.go
# Run against the configured Kubernetes cluster in ~/.kube/config # Run against the configured Kubernetes cluster in ~/.kube/config
run: generate fmt vet manifests run: generate fmt manifests
go run ./main.go go run ./main.go
# Install CRDs into a cluster # Install CRDs into a cluster
@ -33,33 +37,44 @@ install: manifests
uninstall: manifests uninstall: manifests
kustomize build config/crd | kubectl delete -f - kustomize build config/crd | kubectl delete -f -
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config .PHONY: deploy
deploy: manifests deploy: manifests ## Deploy controller in the Kubernetes cluster of current context
cd config/manager && kustomize edit set image controller=${IMG} cd config/manager && kustomize edit set image controller=${IMG}
kustomize build config/default | kubectl apply -f - kustomize build config/default | kubectl apply -f -
# Generate manifests e.g. CRD, RBAC etc. manifests: controller-gen ## Generate manifests e.g. CRD, RBAC etc.
manifests: controller-gen
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
# Run go fmt against code lint/check: # Check install of golanci-lint
fmt: @if ! golangci-lint --version > /dev/null 2>&1; then \
echo -e "\033[0;33mgolangci-lint is not installed: run \`\033[0;32mmake lint-install\033[0m\033[0;33m\` or install it from https://golangci-lint.run\033[0m"; \
exit 1; \
fi
lint-install: # installs golangci-lint to the go bin dir
@if ! golangci-lint --version > /dev/null 2>&1; then \
echo "Installing golangci-lint"; \
curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOBIN) v1.33.0; \
fi
lint: lint/check ## run golangci-lint
@if ! golangci-lint run; then \
echo -e "\033[0;33mgolangci-lint failed: some checks can be fixed with \`\033[0;32mmake fmt\033[0m\033[0;33m\`\033[0m"; \
exit 1; \
fi
fmt: lint/check ## ensure consistent code style
go mod tidy
go fmt ./... go fmt ./...
golangci-lint run --fix > /dev/null 2>&1 || true
# Run go vet against code generate: controller-gen ## Generate code
vet:
go vet ./...
# Generate code
generate: controller-gen
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
# Build the docker image docker-build: test ## Build the docker image
docker-build: test
docker build . -t ${IMG} docker build . -t ${IMG}
# Push the docker image docker-push: ## Push the docker image
docker-push:
docker push ${IMG} docker push ${IMG}
# find or download controller-gen # find or download controller-gen
@ -78,3 +93,8 @@ CONTROLLER_GEN=$(GOBIN)/controller-gen
else else
CONTROLLER_GEN=$(shell which controller-gen) CONTROLLER_GEN=$(shell which controller-gen)
endif endif
help: ## displays this help message
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_\/-]+:.*?## / {printf "\033[34m%-18s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
sort | \
grep -v '#'

View file

@ -19,7 +19,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
) )
// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data // SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
type SecretStoreRef struct { type SecretStoreRef struct {
// Name of the SecretStore resource // Name of the SecretStore resource
Name string `json:"name"` Name string `json:"name"`
@ -30,21 +30,21 @@ type SecretStoreRef struct {
Kind string `json:"kind,omitempty"` Kind string `json:"kind,omitempty"`
} }
// ExternalSecretCreationPolicy defines rules on how to create the resulting Secret // ExternalSecretCreationPolicy defines rules on how to create the resulting Secret.
type ExternalSecretCreationPolicy string type ExternalSecretCreationPolicy string
const ( const (
// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource // Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.
Owner ExternalSecretCreationPolicy = "Owner" Owner ExternalSecretCreationPolicy = "Owner"
// Merge does not create the Secret, but merges the data fields to the Secret // Merge does not create the Secret, but merges the data fields to the Secret.
Merge ExternalSecretCreationPolicy = "Merge" Merge ExternalSecretCreationPolicy = "Merge"
// None does not create a Secret (future use with injector) // None does not create a Secret (future use with injector).
None ExternalSecretCreationPolicy = "None" None ExternalSecretCreationPolicy = "None"
) )
// ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint // ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
type ExternalSecretTemplateMetadata struct { type ExternalSecretTemplateMetadata struct {
// +optional // +optional
Annotations map[string]string `json:"annotations,omitempty"` Annotations map[string]string `json:"annotations,omitempty"`
@ -53,7 +53,7 @@ type ExternalSecretTemplateMetadata struct {
Labels map[string]string `json:"labels,omitempty"` Labels map[string]string `json:"labels,omitempty"`
} }
// ExternalSecretTemplate defines a blueprint for the created Secret resource // ExternalSecretTemplate defines a blueprint for the created Secret resource.
type ExternalSecretTemplate struct { type ExternalSecretTemplate struct {
// +optional // +optional
Type corev1.SecretType `json:"type,omitempty"` Type corev1.SecretType `json:"type,omitempty"`
@ -63,7 +63,7 @@ type ExternalSecretTemplate struct {
} }
// ExternalSecretTarget defines the Kubernetes Secret to be created // ExternalSecretTarget defines the Kubernetes Secret to be created
// There can be only one target per ExternalSecret // There can be only one target per ExternalSecret.
type ExternalSecretTarget struct { type ExternalSecretTarget struct {
// Name defines the name of the Secret resource to be managed // Name defines the name of the Secret resource to be managed
// This field is immutable // This field is immutable
@ -77,14 +77,14 @@ type ExternalSecretTarget struct {
CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
} }
// ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data // ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
type ExternalSecretData struct { type ExternalSecretData struct {
SecretKey string `json:"secretKey"` SecretKey string `json:"secretKey"`
RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
} }
// ExternalSecretDataRemoteRef defines Provider data location // ExternalSecretDataRemoteRef defines Provider data location.
type ExternalSecretDataRemoteRef struct { type ExternalSecretDataRemoteRef struct {
// Key is the key used in the Provider, mandatory // Key is the key used in the Provider, mandatory
Key string `json:"key"` Key string `json:"key"`
@ -98,7 +98,7 @@ type ExternalSecretDataRemoteRef struct {
Property string `json:"property,omitempty"` Property string `json:"property,omitempty"`
} }
// ExternalSecretSpec defines the desired state of ExternalSecret // ExternalSecretSpec defines the desired state of ExternalSecret.
type ExternalSecretSpec struct { type ExternalSecretSpec struct {
SecretStoreRef SecretStoreRef `json:"secretStoreRef"` SecretStoreRef SecretStoreRef `json:"secretStoreRef"`
@ -121,23 +121,23 @@ type ExternalSecretSpec struct {
DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"` DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"`
} }
// ExternalSecretStatusPhase represents the current phase of the Secret sync // ExternalSecretStatusPhase represents the current phase of the Secret sync.
type ExternalSecretStatusPhase string type ExternalSecretStatusPhase string
const ( const (
// ExternalSecret created, controller did not yet sync the ExternalSecret or other dependencies are missing (e.g. secret store or configmap template) // ExternalSecret created, controller did not yet sync the ExternalSecret or other dependencies are missing (e.g. secret store or configmap template).
ExternalSecretPending ExternalSecretStatusPhase = "Pending" ExternalSecretPending ExternalSecretStatusPhase = "Pending"
// ExternalSecret is being actively synced according to spec // ExternalSecret is being actively synced according to spec.
ExternalSecretSyncing ExternalSecretStatusPhase = "Syncing" ExternalSecretSyncing ExternalSecretStatusPhase = "Syncing"
// ExternalSecret can not be synced, this might require user intervention // ExternalSecret can not be synced, this might require user intervention.
ExternalSecretFailing ExternalSecretStatusPhase = "Failing" ExternalSecretFailing ExternalSecretStatusPhase = "Failing"
// ExternalSecret can not be synced right now and will not able to // ExternalSecret can not be synced right now and will not able to.
ExternalSecretFailed ExternalSecretStatusPhase = "Failed" ExternalSecretFailed ExternalSecretStatusPhase = "Failed"
// ExternalSecret was synced successfully (one-time use only) // ExternalSecret was synced successfully (one-time use only).
ExternalSecretCompleted ExternalSecretStatusPhase = "Completed" ExternalSecretCompleted ExternalSecretStatusPhase = "Completed"
) )
@ -174,7 +174,7 @@ type ExternalSecretStatus struct {
// +kubebuilder:object:root=true // +kubebuilder:object:root=true
// ExternalSecret is the Schema for the externalsecrets API // ExternalSecret is the Schema for the externalsecrets API.
type ExternalSecret struct { type ExternalSecret struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty"`
@ -185,7 +185,7 @@ type ExternalSecret struct {
// +kubebuilder:object:root=true // +kubebuilder:object:root=true
// ExternalSecretList contains a list of ExternalSecret // ExternalSecretList contains a list of ExternalSecret.
type ExternalSecretList struct { type ExternalSecretList struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"` metav1.ListMeta `json:"metadata,omitempty"`

View file

@ -25,7 +25,7 @@ import (
// +k8s:deepcopy-gen=nil // +k8s:deepcopy-gen=nil
// GenericStore is a common interface for interacting with ClusterSecretStore // GenericStore is a common interface for interacting with ClusterSecretStore
// or a namespaced SecretStore // or a namespaced SecretStore.
type GenericStore interface { type GenericStore interface {
runtime.Object runtime.Object
metav1.Object metav1.Object
@ -36,12 +36,12 @@ type GenericStore interface {
// +kubebuilder:object:generate:false // +kubebuilder:object:generate:false
var _ GenericStore = &SecretStore{} var _ GenericStore = &SecretStore{}
// GetProvider returns the underlying provider // GetProvider returns the underlying provider.
func (c *SecretStore) GetProvider() *SecretStoreProvider { func (c *SecretStore) GetProvider() *SecretStoreProvider {
return c.Spec.Provider return c.Spec.Provider
} }
// Copy returns a DeepCopy of the Store // Copy returns a DeepCopy of the Store.
func (c *SecretStore) Copy() GenericStore { func (c *SecretStore) Copy() GenericStore {
return c.DeepCopy() return c.DeepCopy()
} }

View file

@ -25,10 +25,10 @@ import (
) )
var ( var (
// GroupVersion is group version used to register these objects // GroupVersion is group version used to register these objects.
GroupVersion = schema.GroupVersion{Group: "external-secrets.io", Version: "v1alpha1"} GroupVersion = schema.GroupVersion{Group: "external-secrets.io", Version: "v1alpha1"}
// SchemeBuilder is used to add go types to the GroupVersionKind scheme // SchemeBuilder is used to add go types to the GroupVersionKind scheme.
SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
// AddToScheme adds the types in this group-version to the given scheme. // AddToScheme adds the types in this group-version to the given scheme.

View file

@ -14,7 +14,7 @@ limitations under the License.
package v1alpha1 package v1alpha1
// Refers to a Secret in Kubernetes // Refers to a Secret in Kubernetes.
type SecretKeySelector struct { type SecretKeySelector struct {
Name string `json:"name"` Name string `json:"name"`
Key string `json:"key"` Key string `json:"key"`

View file

@ -28,7 +28,7 @@ type AWSSMAuthSecretRef struct {
SecretAccessKey SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"` SecretAccessKey SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
} }
// Configures a store to sync secrets using the AWS Secret Manager provider // Configures a store to sync secrets using the AWS Secret Manager provider.
type AWSSMProvider struct { type AWSSMProvider struct {
// Auth defines the information necessary to authenticate against AWS // Auth defines the information necessary to authenticate against AWS
Auth AWSSMAuth `json:"auth"` Auth AWSSMAuth `json:"auth"`

View file

@ -27,7 +27,7 @@ const (
Vault StoreProvider = "VAULT" Vault StoreProvider = "VAULT"
) )
// SecretStoreSpec defines the desired state of SecretStore // SecretStoreSpec defines the desired state of SecretStore.
type SecretStoreSpec struct { type SecretStoreSpec struct {
// Used to select the correct KES controller (think: ingress.ingressClassName) // Used to select the correct KES controller (think: ingress.ingressClassName)
// The KES controller is instantiated with a specific controller name and filters ES based on this property // The KES controller is instantiated with a specific controller name and filters ES based on this property
@ -38,7 +38,7 @@ type SecretStoreSpec struct {
Provider *SecretStoreProvider `json:"provider"` Provider *SecretStoreProvider `json:"provider"`
} }
// SecretStoreProvider contains the provider-specific configration // SecretStoreProvider contains the provider-specific configration.
// +kubebuilder:validation:MinProperties=1 // +kubebuilder:validation:MinProperties=1
// +kubebuilder:validation:MaxProperties=1 // +kubebuilder:validation:MaxProperties=1
type SecretStoreProvider struct { type SecretStoreProvider struct {
@ -50,10 +50,10 @@ type SecretStoreProvider struct {
type SecretStoreStatusPhase string type SecretStoreStatusPhase string
const ( const (
// E.g. referenced Secret containing credentials is missing // E.g. referenced Secret containing credentials is missing.
SecretStorePending SecretStoreStatusPhase = "Pending" SecretStorePending SecretStoreStatusPhase = "Pending"
// All dependencies are met, sync // All dependencies are met, sync.
SecretStoreRunning SecretStoreStatusPhase = "Running" SecretStoreRunning SecretStoreStatusPhase = "Running"
) )
@ -77,7 +77,7 @@ type SecretStoreStatusCondition struct {
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
} }
// SecretStoreStatus defines the observed state of the SecretStore // SecretStoreStatus defines the observed state of the SecretStore.
type SecretStoreStatus struct { type SecretStoreStatus struct {
// +optional // +optional
Phase SecretStoreStatusPhase `json:"phase"` Phase SecretStoreStatusPhase `json:"phase"`
@ -88,7 +88,7 @@ type SecretStoreStatus struct {
// +kubebuilder:object:root=true // +kubebuilder:object:root=true
// SecretStore is the Schema for the secretstores API // SecretStore is the Schema for the secretstores API.
type SecretStore struct { type SecretStore struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"` metav1.ObjectMeta `json:"metadata,omitempty"`
@ -99,7 +99,7 @@ type SecretStore struct {
// +kubebuilder:object:root=true // +kubebuilder:object:root=true
// SecretStoreList contains a list of SecretStore // SecretStoreList contains a list of SecretStore.
type SecretStoreList struct { type SecretStoreList struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"` metav1.ListMeta `json:"metadata,omitempty"`

View file

@ -19,7 +19,7 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: ExternalSecret is the Schema for the externalsecrets API description: ExternalSecret is the Schema for the externalsecrets API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -34,18 +34,18 @@ spec:
metadata: metadata:
type: object type: object
spec: spec:
description: ExternalSecretSpec defines the desired state of ExternalSecret description: ExternalSecretSpec defines the desired state of ExternalSecret.
properties: properties:
data: data:
description: Data defines the connection between the Kubernetes Secret description: Data defines the connection between the Kubernetes Secret
keys and the Provider data keys and the Provider data
items: items:
description: ExternalSecretData defines the connection between the description: ExternalSecretData defines the connection between the
Kubernetes Secret key (spec.data.<key>) and the Provider data Kubernetes Secret key (spec.data.<key>) and the Provider data.
properties: properties:
remoteRef: remoteRef:
description: ExternalSecretDataRemoteRef defines Provider data description: ExternalSecretDataRemoteRef defines Provider data
location location.
properties: properties:
key: key:
description: Key is the key used in the Provider, mandatory description: Key is the key used in the Provider, mandatory
@ -73,7 +73,7 @@ spec:
Provider data If multiple entries are specified, the Secret keys Provider data If multiple entries are specified, the Secret keys
are merged in the specified order are merged in the specified order
items: items:
description: ExternalSecretDataRemoteRef defines Provider data location description: ExternalSecretDataRemoteRef defines Provider data location.
properties: properties:
key: key:
description: Key is the key used in the Provider, mandatory description: Key is the key used in the Provider, mandatory
@ -99,7 +99,7 @@ spec:
type: string type: string
secretStoreRef: secretStoreRef:
description: SecretStoreRef defines which SecretStore to fetch the description: SecretStoreRef defines which SecretStore to fetch the
ExternalSecret data ExternalSecret data.
properties: properties:
kind: kind:
description: Kind of the SecretStore resource (SecretStore or description: Kind of the SecretStore resource (SecretStore or
@ -113,7 +113,7 @@ spec:
type: object type: object
target: target:
description: ExternalSecretTarget defines the Kubernetes Secret to description: ExternalSecretTarget defines the Kubernetes Secret to
be created There can be only one target per ExternalSecret be created There can be only one target per ExternalSecret.
properties: properties:
creationPolicy: creationPolicy:
description: CreationPolicy defines rules on how to create the description: CreationPolicy defines rules on how to create the
@ -155,7 +155,7 @@ spec:
type: array type: array
phase: phase:
description: ExternalSecretStatusPhase represents the current phase description: ExternalSecretStatusPhase represents the current phase
of the Secret sync of the Secret sync.
type: string type: string
type: object type: object
type: object type: object

View file

@ -19,7 +19,7 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: SecretStore is the Schema for the secretstores API description: SecretStore is the Schema for the secretstores API.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@ -34,7 +34,7 @@ spec:
metadata: metadata:
type: object type: object
spec: spec:
description: SecretStoreSpec defines the desired state of SecretStore description: SecretStoreSpec defines the desired state of SecretStore.
properties: properties:
controller: controller:
description: 'Used to select the correct KES controller (think: ingress.ingressClassName) description: 'Used to select the correct KES controller (think: ingress.ingressClassName)
@ -103,7 +103,7 @@ spec:
- provider - provider
type: object type: object
status: status:
description: SecretStoreStatus defines the observed state of the SecretStore description: SecretStoreStatus defines the observed state of the SecretStore.
properties: properties:
conditions: conditions:
items: items:

View file

@ -25,7 +25,7 @@ import (
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
) )
// ExternalSecretReconciler reconciles a ExternalSecret object // ExternalSecretReconciler reconciles a ExternalSecret object.
type ExternalSecretReconciler struct { type ExternalSecretReconciler struct {
client.Client client.Client
Log logr.Logger Log logr.Logger

View file

@ -25,7 +25,7 @@ import (
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
) )
// SecretStoreReconciler reconciles a SecretStore object // SecretStoreReconciler reconciles a SecretStore object.
type SecretStoreReconciler struct { type SecretStoreReconciler struct {
client.Client client.Client
Log logr.Logger Log logr.Logger

View file

@ -29,7 +29,6 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/log/zap"
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
// +kubebuilder:scaffold:imports
) )
// These tests use Ginkgo (BDD-style Go testing framework). Refer to // These tests use Ginkgo (BDD-style Go testing framework). Refer to

View file

@ -24,9 +24,9 @@ import (
ctrl "sigs.k8s.io/controller-runtime" ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/log/zap"
// +kubebuilder:scaffold:imports
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/controllers" "github.com/external-secrets/external-secrets/controllers"
// +kubebuilder:scaffold:imports
) )
var ( var (

View file

@ -16,26 +16,27 @@ package secretsmanager
import ( import (
"context" "context"
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider" "github.com/external-secrets/external-secrets/pkg/provider"
"github.com/external-secrets/external-secrets/pkg/provider/schema" "github.com/external-secrets/external-secrets/pkg/provider/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
) )
// SecretsManager is a provider for AWS SecretsManager // SecretsManager is a provider for AWS SecretsManager.
type SecretsManager struct{} type SecretsManager struct{}
// New constructs a SecretsManager Provider // New constructs a SecretsManager Provider.
func (sm *SecretsManager) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) { func (sm *SecretsManager) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
return sm, nil // stub return sm, nil // stub
} }
// GetSecret returns a single secret from the provider // GetSecret returns a single secret from the provider.
func (sm *SecretsManager) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { func (sm *SecretsManager) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
return []byte("NOOP"), nil return []byte("NOOP"), nil
} }
// GetSecretMap returns multiple k/v pairs from the provider // GetSecretMap returns multiple k/v pairs from the provider.
func (sm *SecretsManager) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { func (sm *SecretsManager) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
return map[string][]byte{ return map[string][]byte{
"noop": []byte("NOOP"), "noop": []byte("NOOP"),

View file

@ -17,16 +17,16 @@ package fake
import ( import (
"context" "context"
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1" esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider" "github.com/external-secrets/external-secrets/pkg/provider"
"github.com/external-secrets/external-secrets/pkg/provider/schema" "github.com/external-secrets/external-secrets/pkg/provider/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
) )
var _ provider.Provider = &Client{} var _ provider.Provider = &Client{}
// Client is a fake client for testing // Client is a fake client for testing.
type Client struct { type Client struct {
NewFn func(context.Context, esv1alpha1.SecretStoreProvider, client.Client, NewFn func(context.Context, esv1alpha1.SecretStoreProvider, client.Client,
string) (provider.Provider, error) string) (provider.Provider, error)
@ -34,7 +34,7 @@ type Client struct {
GetSecretMapFn func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) GetSecretMapFn func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error)
} }
// New returns a fake client // New returns a fake client.
func New() *Client { func New() *Client {
v := &Client{ v := &Client{
GetSecretFn: func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { GetSecretFn: func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
@ -52,17 +52,17 @@ func New() *Client {
return v return v
} }
// RegisterAs registers the fake client in the schema // RegisterAs registers the fake client in the schema.
func (v *Client) RegisterAs(provider *esv1alpha1.SecretStoreProvider) { func (v *Client) RegisterAs(provider *esv1alpha1.SecretStoreProvider) {
schema.ForceRegister(v, provider) schema.ForceRegister(v, provider)
} }
// GetSecret implements the provider.Provider interface // GetSecret implements the provider.Provider interface.
func (v *Client) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { func (v *Client) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
return v.GetSecretFn(ctx, ref) return v.GetSecretFn(ctx, ref)
} }
// WithGetSecret wraps secret data returned by this provider // WithGetSecret wraps secret data returned by this provider.
func (v *Client) WithGetSecret(secData []byte, err error) *Client { func (v *Client) WithGetSecret(secData []byte, err error) *Client {
v.GetSecretFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { v.GetSecretFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
return secData, err return secData, err
@ -70,12 +70,12 @@ func (v *Client) WithGetSecret(secData []byte, err error) *Client {
return v return v
} }
// GetSecretMap imeplements the provider.Provider interface // GetSecretMap imeplements the provider.Provider interface.
func (v *Client) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { func (v *Client) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
return v.GetSecretMapFn(ctx, ref) return v.GetSecretMapFn(ctx, ref)
} }
// WithGetSecretMap wraps the secret data map returned by this fake provider // WithGetSecretMap wraps the secret data map returned by this fake provider.
func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client { func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client {
v.GetSecretMapFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { v.GetSecretMapFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
return secData, err return secData, err
@ -83,14 +83,14 @@ func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client
return v return v
} }
// WithNew wraps the fake provider factory function // WithNew wraps the fake provider factory function.
func (v *Client) WithNew(f func(context.Context, esv1alpha1.SecretStoreProvider, client.Client, func (v *Client) WithNew(f func(context.Context, esv1alpha1.SecretStoreProvider, client.Client,
string) (provider.Provider, error)) *Client { string) (provider.Provider, error)) *Client {
v.NewFn = f v.NewFn = f
return v return v
} }
// New returns a new fake provider // New returns a new fake provider.
func (v *Client) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) { func (v *Client) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
client, err := v.NewFn(ctx, store, kube, namespace) client, err := v.NewFn(ctx, store, kube, namespace)
if err != nil { if err != nil {

View file

@ -17,12 +17,12 @@ package provider
import ( import (
"context" "context"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
) )
// Provider is a common interface for interacting with secret backends // Provider is a common interface for interacting with secret backends.
type Provider interface { type Provider interface {
// New constructs a SecretsManager Provider // New constructs a SecretsManager Provider
New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (Provider, error) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (Provider, error)

View file

@ -14,8 +14,9 @@ limitations under the License.
package register package register
// packages imported here are registered to the controller schema // packages imported here are registered to the controller schema.
import ( import (
// register awssm provider
// register awssm provider.
_ "github.com/external-secrets/external-secrets/pkg/provider/aws/secretsmanager" _ "github.com/external-secrets/external-secrets/pkg/provider/aws/secretsmanager"
) )

View file

@ -31,7 +31,7 @@ func init() {
} }
// Register a store backend type. Register panics if a // Register a store backend type. Register panics if a
// backend with the same store is already registered // backend with the same store is already registered.
func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) { func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
storeName, err := getProviderName(storeSpec) storeName, err := getProviderName(storeSpec)
if err != nil { if err != nil {
@ -49,7 +49,7 @@ func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
} }
// ForceRegister adds to store schema, overwriting a store if // ForceRegister adds to store schema, overwriting a store if
// already registered. Should only be used for testing // already registered. Should only be used for testing.
func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) { func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
storeName, err := getProviderName(storeSpec) storeName, err := getProviderName(storeSpec)
if err != nil { if err != nil {
@ -61,7 +61,7 @@ func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvide
buildlock.Unlock() buildlock.Unlock()
} }
// GetProviderByName returns the provider implementation by name // GetProviderByName returns the provider implementation by name.
func GetProviderByName(name string) (provider.Provider, bool) { func GetProviderByName(name string) (provider.Provider, bool) {
buildlock.RLock() buildlock.RLock()
f, ok := builder[name] f, ok := builder[name]
@ -69,7 +69,7 @@ func GetProviderByName(name string) (provider.Provider, bool) {
return f, ok return f, ok
} }
// GetProvider returns the provider from the generic store // GetProvider returns the provider from the generic store.
func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) { func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) {
provider := s.GetProvider() provider := s.GetProvider()
storeName, err := getProviderName(provider) storeName, err := getProviderName(provider)
@ -89,7 +89,7 @@ func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) {
} }
// getProviderName returns the name of the configured provider // getProviderName returns the name of the configured provider
// or an error if the provider is not configured // or an error if the provider is not configured.
func getProviderName(storeSpec *esv1alpha1.SecretStoreProvider) (string, error) { func getProviderName(storeSpec *esv1alpha1.SecretStoreProvider) (string, error) {
storeBytes, err := json.Marshal(storeSpec) storeBytes, err := json.Marshal(storeSpec)
if err != nil { if err != nil {

View file

@ -17,25 +17,26 @@ import (
"context" "context"
"testing" "testing"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
) )
type PP struct{} type PP struct{}
// New constructs a SecretsManager Provider // New constructs a SecretsManager Provider.
func (p *PP) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) { func (p *PP) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
return p, nil return p, nil
} }
// GetSecret returns a single secret from the provider // GetSecret returns a single secret from the provider.
func (p *PP) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) { func (p *PP) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
return []byte("NOOP"), nil return []byte("NOOP"), nil
} }
// GetSecretMap returns multiple k/v pairs from the provider // GetSecretMap returns multiple k/v pairs from the provider.
func (p *PP) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { func (p *PP) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
return map[string][]byte{}, nil return map[string][]byte{}, nil
} }