mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

cleanup: add lint and editorconfig

Browse source
This commit is contained in:
Kellin McAvoy 2020-12-21 14:31:28 -05:00
parent d10ce31973
commit 987d499241
24 changed files with 289 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
.editorconfig Normal file
View file

@ -0,0 +1,29 @@
root = true
[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
# Go
# https://golang.org/cmd/gofmt/
[{go.mod,*.go}]
indent_style = tab
# Shell
# https://google.github.io/styleguide/shell.xml#Indentation
[*.{bash,sh,zsh}]
indent_size = 2
indent_style = space
# GNU make
# https://www.gnu.org/software/make/manual/html_node/Recipe-Syntax.html
[Makefile]
indent_style = tab
# YAML
# http://yaml.org/spec/1.2/2009-07-21/spec.html#id2576668
[*.{yaml,yml}]
indent_size = 2
indent_style = space

23
.github/workflows/all.yml vendored
View file

@ -25,9 +25,10 @@ jobs:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: '~1.15'
- name: Add kubebuilder
run: |
@ -35,8 +36,13 @@ jobs:
tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder
- name: Vet and Build
run: make manager
- name: Lint
run: |
make lint-install
make lint
- name: Build
run: make build
test:
name: Test
@ -48,9 +54,10 @@ jobs:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: '~1.15'
- name: Add kubebuilder
run: |

23
.github/workflows/main.yml vendored
View file

@ -23,9 +23,10 @@ jobs:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: '~1.15'
- name: Add kubebuilder
run: |
@ -33,8 +34,13 @@ jobs:
tar -xvf kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64.tar.gz
mv kubebuilder_${{env.KUBEBUILDER_VERSION}}_linux_amd64 /usr/local/kubebuilder
- name: Vet and Build
run: make manager
- name: Lint
run: |
make lint-install
make lint
- name: Build
run: make build
test:
name: Test
@ -46,9 +52,10 @@ jobs:
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Get dependencies
run: |
go get -v -t -d ./...
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: '~1.15'
- name: Add kubebuilder
run: |

89
.golangci.yaml Normal file
View file

@ -0,0 +1,89 @@
run:
timeout: 5m
linters-settings:
gci:
local-prefixes: github.com/external-secrets/external-secrets
goconst:
min-len: 3
min-occurrences: 3
gocritic:
enabled-tags:
- diagnostic
- experimental
- opinionated
- performance
- style
disabled-checks:
- dupImport
- ifElseChain
- octalLiteral
- whyNoLint
- wrapperFunc
- importShadow
- unnamedResult
- unnecessaryBlock
settings:
rangeValCopy:
sizeThreshold: 512
hugeParam:
sizeThreshold: 512
gocyclo:
min-complexity: 16
golint:
min-confidence: 0
govet:
check-shadowing: false
lll:
line-length: 300
maligned:
suggest-new: true
misspell:
locale: US
linters:
disable-all: true
enable:
- asciicheck
- bodyclose
- deadcode
- depguard
- dogsled
- dupl
- errcheck
- errorlint
- exhaustive
- exportloopref
- gci
- goconst
- gocritic
- godot
- gofmt
- golint
- goprintffuncname
- gosec
- gosimple
- govet
- ineffassign
- interfacer
- lll
- maligned
- misspell
- nakedret
- nolintlint
- prealloc
- rowserrcheck
- scopelint
- sqlclosecheck
- staticcheck
- structcheck
- stylecheck
- typecheck
- unconvert
- unparam
- unused
- varcheck
- whitespace
service:
golangci-lint-version: 1.33.x

64
Makefile
View file

@ -1,3 +1,7 @@
MAKEFLAGS += --warn-undefined-variables
SHELL := /bin/bash
.SHELLFLAGS := -euo pipefail -c
.DEFAULT_GOAL := all
# Image URL to use all building/pushing image targets
IMG ?= controller:latest
@ -11,18 +15,18 @@ else
GOBIN=$(shell go env GOBIN)
endif
all: manager
all: build
# Run tests
test: generate fmt vet manifests
.PHONY: test
test: generate manifests ## Run tests
go test ./... -coverprofile cover.out
# Build manager binary
manager: generate fmt vet
.PHONY: build
build: generate fmt ## Build binary
go build -o bin/manager main.go
# Run against the configured Kubernetes cluster in ~/.kube/config
run: generate fmt vet manifests
run: generate fmt manifests
go run ./main.go
# Install CRDs into a cluster
@ -33,33 +37,44 @@ install: manifests
uninstall: manifests
kustomize build config/crd | kubectl delete -f -
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
deploy: manifests
.PHONY: deploy
deploy: manifests ## Deploy controller in the Kubernetes cluster of current context
cd config/manager && kustomize edit set image controller=${IMG}
kustomize build config/default | kubectl apply -f -
# Generate manifests e.g. CRD, RBAC etc.
manifests: controller-gen
manifests: controller-gen ## Generate manifests e.g. CRD, RBAC etc.
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
# Run go fmt against code
fmt:
lint/check: # Check install of golanci-lint
@if ! golangci-lint --version > /dev/null 2>&1; then \
echo -e "\033[0;33mgolangci-lint is not installed: run \`\033[0;32mmake lint-install\033[0m\033[0;33m\` or install it from https://golangci-lint.run\033[0m"; \
exit 1; \
fi
lint-install: # installs golangci-lint to the go bin dir
@if ! golangci-lint --version > /dev/null 2>&1; then \
echo "Installing golangci-lint"; \
curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOBIN) v1.33.0; \
fi
lint: lint/check ## run golangci-lint
@if ! golangci-lint run; then \
echo -e "\033[0;33mgolangci-lint failed: some checks can be fixed with \`\033[0;32mmake fmt\033[0m\033[0;33m\`\033[0m"; \
exit 1; \
fi
fmt: lint/check ## ensure consistent code style
go mod tidy
go fmt ./...
golangci-lint run --fix > /dev/null 2>&1 || true
# Run go vet against code
vet:
go vet ./...
# Generate code
generate: controller-gen
generate: controller-gen ## Generate code
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
# Build the docker image
docker-build: test
docker-build: test ## Build the docker image
docker build . -t ${IMG}
# Push the docker image
docker-push:
docker-push: ## Push the docker image
docker push ${IMG}
# find or download controller-gen
@ -78,3 +93,8 @@ CONTROLLER_GEN=$(GOBIN)/controller-gen
else
CONTROLLER_GEN=$(shell which controller-gen)
endif
help: ## displays this help message
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_\/-]+:.*?## / {printf "\033[34m%-18s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) | \
sort | \
grep -v '#'

38
api/v1alpha1/externalsecret_types.go
View file

@ -19,7 +19,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data
// SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.
type SecretStoreRef struct {
// Name of the SecretStore resource
Name string `json:"name"`
@ -30,21 +30,21 @@ type SecretStoreRef struct {
Kind string `json:"kind,omitempty"`
}
// ExternalSecretCreationPolicy defines rules on how to create the resulting Secret
// ExternalSecretCreationPolicy defines rules on how to create the resulting Secret.
type ExternalSecretCreationPolicy string
const (
// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource
// Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.
Owner ExternalSecretCreationPolicy = "Owner"
// Merge does not create the Secret, but merges the data fields to the Secret
// Merge does not create the Secret, but merges the data fields to the Secret.
Merge ExternalSecretCreationPolicy = "Merge"
// None does not create a Secret (future use with injector)
// None does not create a Secret (future use with injector).
None ExternalSecretCreationPolicy = "None"
)
// ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint
// ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.
type ExternalSecretTemplateMetadata struct {
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
@ -53,7 +53,7 @@ type ExternalSecretTemplateMetadata struct {
Labels map[string]string `json:"labels,omitempty"`
}
// ExternalSecretTemplate defines a blueprint for the created Secret resource
// ExternalSecretTemplate defines a blueprint for the created Secret resource.
type ExternalSecretTemplate struct {
// +optional
Type corev1.SecretType `json:"type,omitempty"`
@ -63,7 +63,7 @@ type ExternalSecretTemplate struct {
}
// ExternalSecretTarget defines the Kubernetes Secret to be created
// There can be only one target per ExternalSecret
// There can be only one target per ExternalSecret.
type ExternalSecretTarget struct {
// Name defines the name of the Secret resource to be managed
// This field is immutable
@ -77,14 +77,14 @@ type ExternalSecretTarget struct {
CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"`
}
// ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data
// ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.<key>) and the Provider data.
type ExternalSecretData struct {
SecretKey string `json:"secretKey"`
RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"`
}
// ExternalSecretDataRemoteRef defines Provider data location
// ExternalSecretDataRemoteRef defines Provider data location.
type ExternalSecretDataRemoteRef struct {
// Key is the key used in the Provider, mandatory
Key string `json:"key"`
@ -98,7 +98,7 @@ type ExternalSecretDataRemoteRef struct {
Property string `json:"property,omitempty"`
}
// ExternalSecretSpec defines the desired state of ExternalSecret
// ExternalSecretSpec defines the desired state of ExternalSecret.
type ExternalSecretSpec struct {
SecretStoreRef SecretStoreRef `json:"secretStoreRef"`
@ -121,23 +121,23 @@ type ExternalSecretSpec struct {
DataFrom []ExternalSecretDataRemoteRef `json:"dataFrom,omitempty"`
}
// ExternalSecretStatusPhase represents the current phase of the Secret sync
// ExternalSecretStatusPhase represents the current phase of the Secret sync.
type ExternalSecretStatusPhase string
const (
// ExternalSecret created, controller did not yet sync the ExternalSecret or other dependencies are missing (e.g. secret store or configmap template)
// ExternalSecret created, controller did not yet sync the ExternalSecret or other dependencies are missing (e.g. secret store or configmap template).
ExternalSecretPending ExternalSecretStatusPhase = "Pending"
// ExternalSecret is being actively synced according to spec
// ExternalSecret is being actively synced according to spec.
ExternalSecretSyncing ExternalSecretStatusPhase = "Syncing"
// ExternalSecret can not be synced, this might require user intervention
// ExternalSecret can not be synced, this might require user intervention.
ExternalSecretFailing ExternalSecretStatusPhase = "Failing"
// ExternalSecret can not be synced right now and will not able to
// ExternalSecret can not be synced right now and will not able to.
ExternalSecretFailed ExternalSecretStatusPhase = "Failed"
// ExternalSecret was synced successfully (one-time use only)
// ExternalSecret was synced successfully (one-time use only).
ExternalSecretCompleted ExternalSecretStatusPhase = "Completed"
)
@ -174,7 +174,7 @@ type ExternalSecretStatus struct {
// +kubebuilder:object:root=true
// ExternalSecret is the Schema for the externalsecrets API
// ExternalSecret is the Schema for the externalsecrets API.
type ExternalSecret struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
@ -185,7 +185,7 @@ type ExternalSecret struct {
// +kubebuilder:object:root=true
// ExternalSecretList contains a list of ExternalSecret
// ExternalSecretList contains a list of ExternalSecret.
type ExternalSecretList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`

6
api/v1alpha1/generic_store.go
View file

@ -25,7 +25,7 @@ import (
// +k8s:deepcopy-gen=nil
// GenericStore is a common interface for interacting with ClusterSecretStore
// or a namespaced SecretStore
// or a namespaced SecretStore.
type GenericStore interface {
runtime.Object
metav1.Object
@ -36,12 +36,12 @@ type GenericStore interface {
// +kubebuilder:object:generate:false
var _ GenericStore = &SecretStore{}
// GetProvider returns the underlying provider
// GetProvider returns the underlying provider.
func (c *SecretStore) GetProvider() *SecretStoreProvider {
return c.Spec.Provider
}
// Copy returns a DeepCopy of the Store
// Copy returns a DeepCopy of the Store.
func (c *SecretStore) Copy() GenericStore {
return c.DeepCopy()
}

4
api/v1alpha1/groupversion_info.go
View file

@ -25,10 +25,10 @@ import (
)
var (
// GroupVersion is group version used to register these objects
// GroupVersion is group version used to register these objects.
GroupVersion = schema.GroupVersion{Group: "external-secrets.io", Version: "v1alpha1"}
// SchemeBuilder is used to add go types to the GroupVersionKind scheme
// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
// AddToScheme adds the types in this group-version to the given scheme.

2
api/v1alpha1/meta_types.go
View file

@ -14,7 +14,7 @@ limitations under the License.
package v1alpha1
// Refers to a Secret in Kubernetes
// Refers to a Secret in Kubernetes.
type SecretKeySelector struct {
Name string `json:"name"`
Key string `json:"key"`

2
api/v1alpha1/secretstore_awssm_types.go
View file

@ -28,7 +28,7 @@ type AWSSMAuthSecretRef struct {
SecretAccessKey SecretKeySelector `json:"secretAccessKeySecretRef,omitempty"`
}
// Configures a store to sync secrets using the AWS Secret Manager provider
// Configures a store to sync secrets using the AWS Secret Manager provider.
type AWSSMProvider struct {
// Auth defines the information necessary to authenticate against AWS
Auth AWSSMAuth `json:"auth"`

14
api/v1alpha1/secretstore_types.go
View file

@ -27,7 +27,7 @@ const (
Vault StoreProvider = "VAULT"
)
// SecretStoreSpec defines the desired state of SecretStore
// SecretStoreSpec defines the desired state of SecretStore.
type SecretStoreSpec struct {
// Used to select the correct KES controller (think: ingress.ingressClassName)
// The KES controller is instantiated with a specific controller name and filters ES based on this property
@ -38,7 +38,7 @@ type SecretStoreSpec struct {
Provider *SecretStoreProvider `json:"provider"`
}
// SecretStoreProvider contains the provider-specific configration
// SecretStoreProvider contains the provider-specific configration.
// +kubebuilder:validation:MinProperties=1
// +kubebuilder:validation:MaxProperties=1
type SecretStoreProvider struct {
@ -50,10 +50,10 @@ type SecretStoreProvider struct {
type SecretStoreStatusPhase string
const (
// E.g. referenced Secret containing credentials is missing
// E.g. referenced Secret containing credentials is missing.
SecretStorePending SecretStoreStatusPhase = "Pending"
// All dependencies are met, sync
// All dependencies are met, sync.
SecretStoreRunning SecretStoreStatusPhase = "Running"
)
@ -77,7 +77,7 @@ type SecretStoreStatusCondition struct {
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
}
// SecretStoreStatus defines the observed state of the SecretStore
// SecretStoreStatus defines the observed state of the SecretStore.
type SecretStoreStatus struct {
// +optional
Phase SecretStoreStatusPhase `json:"phase"`
@ -88,7 +88,7 @@ type SecretStoreStatus struct {
// +kubebuilder:object:root=true
// SecretStore is the Schema for the secretstores API
// SecretStore is the Schema for the secretstores API.
type SecretStore struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
@ -99,7 +99,7 @@ type SecretStore struct {
// +kubebuilder:object:root=true
// SecretStoreList contains a list of SecretStore
// SecretStoreList contains a list of SecretStore.
type SecretStoreList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`

16
config/crd/bases/external-secrets.io_externalsecrets.yaml
View file

@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ExternalSecret is the Schema for the externalsecrets API
description: ExternalSecret is the Schema for the externalsecrets API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@ -34,18 +34,18 @@ spec:
metadata:
type: object
spec:
description: ExternalSecretSpec defines the desired state of ExternalSecret
description: ExternalSecretSpec defines the desired state of ExternalSecret.
properties:
data:
description: Data defines the connection between the Kubernetes Secret
keys and the Provider data
items:
description: ExternalSecretData defines the connection between the
Kubernetes Secret key (spec.data.<key>) and the Provider data
Kubernetes Secret key (spec.data.<key>) and the Provider data.
properties:
remoteRef:
description: ExternalSecretDataRemoteRef defines Provider data
location
location.
properties:
key:
description: Key is the key used in the Provider, mandatory
@ -73,7 +73,7 @@ spec:
Provider data If multiple entries are specified, the Secret keys
are merged in the specified order
items:
description: ExternalSecretDataRemoteRef defines Provider data location
description: ExternalSecretDataRemoteRef defines Provider data location.
properties:
key:
description: Key is the key used in the Provider, mandatory
@ -99,7 +99,7 @@ spec:
type: string
secretStoreRef:
description: SecretStoreRef defines which SecretStore to fetch the
ExternalSecret data
ExternalSecret data.
properties:
kind:
description: Kind of the SecretStore resource (SecretStore or
@ -113,7 +113,7 @@ spec:
type: object
target:
description: ExternalSecretTarget defines the Kubernetes Secret to
be created There can be only one target per ExternalSecret
be created There can be only one target per ExternalSecret.
properties:
creationPolicy:
description: CreationPolicy defines rules on how to create the
@ -155,7 +155,7 @@ spec:
type: array
phase:
description: ExternalSecretStatusPhase represents the current phase
of the Secret sync
of the Secret sync.
type: string
type: object
type: object

6
config/crd/bases/external-secrets.io_secretstores.yaml
View file

@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: SecretStore is the Schema for the secretstores API
description: SecretStore is the Schema for the secretstores API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@ -34,7 +34,7 @@ spec:
metadata:
type: object
spec:
description: SecretStoreSpec defines the desired state of SecretStore
description: SecretStoreSpec defines the desired state of SecretStore.
properties:
controller:
description: 'Used to select the correct KES controller (think: ingress.ingressClassName)
@ -103,7 +103,7 @@ spec:
- provider
type: object
status:
description: SecretStoreStatus defines the observed state of the SecretStore
description: SecretStoreStatus defines the observed state of the SecretStore.
properties:
conditions:
items:

2
controllers/externalsecret_controller.go
View file

@ -25,7 +25,7 @@ import (
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
)
// ExternalSecretReconciler reconciles a ExternalSecret object
// ExternalSecretReconciler reconciles a ExternalSecret object.
type ExternalSecretReconciler struct {
client.Client
Log logr.Logger

2
controllers/secretstore_controller.go
View file

@ -25,7 +25,7 @@ import (
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
)
// SecretStoreReconciler reconciles a SecretStore object
// SecretStoreReconciler reconciles a SecretStore object.
type SecretStoreReconciler struct {
client.Client
Log logr.Logger

1
controllers/suite_test.go
View file

@ -29,7 +29,6 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log/zap"
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
// +kubebuilder:scaffold:imports
)
// These tests use Ginkgo (BDD-style Go testing framework). Refer to

2
main.go
View file

@ -24,9 +24,9 @@ import (
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
// +kubebuilder:scaffold:imports
externalsecretsv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/controllers"
// +kubebuilder:scaffold:imports
)
var (

11
pkg/provider/aws/secretsmanager/secretsmanager.go
View file

@ -16,26 +16,27 @@ package secretsmanager
import (
"context"
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
"github.com/external-secrets/external-secrets/pkg/provider/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
)
// SecretsManager is a provider for AWS SecretsManager
// SecretsManager is a provider for AWS SecretsManager.
type SecretsManager struct{}
// New constructs a SecretsManager Provider
// New constructs a SecretsManager Provider.
func (sm *SecretsManager) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
return sm, nil // stub
}
// GetSecret returns a single secret from the provider
// GetSecret returns a single secret from the provider.
func (sm *SecretsManager) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
return []byte("NOOP"), nil
}
// GetSecretMap returns multiple k/v pairs from the provider
// GetSecretMap returns multiple k/v pairs from the provider.
func (sm *SecretsManager) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
return map[string][]byte{
"noop": []byte("NOOP"),

22
pkg/provider/fake/fake.go
View file

@ -17,16 +17,16 @@ package fake
import (
"context"
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
"github.com/external-secrets/external-secrets/pkg/provider/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
)
var _ provider.Provider = &Client{}
// Client is a fake client for testing
// Client is a fake client for testing.
type Client struct {
NewFn func(context.Context, esv1alpha1.SecretStoreProvider, client.Client,
string) (provider.Provider, error)
@ -34,7 +34,7 @@ type Client struct {
GetSecretMapFn func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error)
}
// New returns a fake client
// New returns a fake client.
func New() *Client {
v := &Client{
GetSecretFn: func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
@ -52,17 +52,17 @@ func New() *Client {
return v
}
// RegisterAs registers the fake client in the schema
// RegisterAs registers the fake client in the schema.
func (v *Client) RegisterAs(provider *esv1alpha1.SecretStoreProvider) {
schema.ForceRegister(v, provider)
}
// GetSecret implements the provider.Provider interface
// GetSecret implements the provider.Provider interface.
func (v *Client) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
return v.GetSecretFn(ctx, ref)
}
// WithGetSecret wraps secret data returned by this provider
// WithGetSecret wraps secret data returned by this provider.
func (v *Client) WithGetSecret(secData []byte, err error) *Client {
v.GetSecretFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
return secData, err
@ -70,12 +70,12 @@ func (v *Client) WithGetSecret(secData []byte, err error) *Client {
return v
}
// GetSecretMap imeplements the provider.Provider interface
// GetSecretMap imeplements the provider.Provider interface.
func (v *Client) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
return v.GetSecretMapFn(ctx, ref)
}
// WithGetSecretMap wraps the secret data map returned by this fake provider
// WithGetSecretMap wraps the secret data map returned by this fake provider.
func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client {
v.GetSecretMapFn = func(context.Context, esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
return secData, err
@ -83,14 +83,14 @@ func (v *Client) WithGetSecretMap(secData map[string][]byte, err error) *Client
return v
}
// WithNew wraps the fake provider factory function
// WithNew wraps the fake provider factory function.
func (v *Client) WithNew(f func(context.Context, esv1alpha1.SecretStoreProvider, client.Client,
string) (provider.Provider, error)) *Client {
v.NewFn = f
return v
}
// New returns a new fake provider
// New returns a new fake provider.
func (v *Client) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
client, err := v.NewFn(ctx, store, kube, namespace)
if err != nil {

6
pkg/provider/provider.go
View file

@ -17,12 +17,12 @@ package provider
import (
"context"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
)
// Provider is a common interface for interacting with secret backends
// Provider is a common interface for interacting with secret backends.
type Provider interface {
// New constructs a SecretsManager Provider
New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (Provider, error)

5
pkg/provider/register/register.go
View file

@ -14,8 +14,9 @@ limitations under the License.
package register
// packages imported here are registered to the controller schema
// packages imported here are registered to the controller schema.
import (
// register awssm provider
// register awssm provider.
_ "github.com/external-secrets/external-secrets/pkg/provider/aws/secretsmanager"
)

10
pkg/provider/schema/schema.go
View file

@ -31,7 +31,7 @@ func init() {
}
// Register a store backend type. Register panics if a
// backend with the same store is already registered
// backend with the same store is already registered.
func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
storeName, err := getProviderName(storeSpec)
if err != nil {
@ -49,7 +49,7 @@ func Register(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
}
// ForceRegister adds to store schema, overwriting a store if
// already registered. Should only be used for testing
// already registered. Should only be used for testing.
func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvider) {
storeName, err := getProviderName(storeSpec)
if err != nil {
@ -61,7 +61,7 @@ func ForceRegister(s provider.Provider, storeSpec *esv1alpha1.SecretStoreProvide
buildlock.Unlock()
}
// GetProviderByName returns the provider implementation by name
// GetProviderByName returns the provider implementation by name.
func GetProviderByName(name string) (provider.Provider, bool) {
buildlock.RLock()
f, ok := builder[name]
@ -69,7 +69,7 @@ func GetProviderByName(name string) (provider.Provider, bool) {
return f, ok
}
// GetProvider returns the provider from the generic store
// GetProvider returns the provider from the generic store.
func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) {
provider := s.GetProvider()
storeName, err := getProviderName(provider)
@ -89,7 +89,7 @@ func GetProvider(s esv1alpha1.GenericStore) (provider.Provider, error) {
}
// getProviderName returns the name of the configured provider
// or an error if the provider is not configured
// or an error if the provider is not configured.
func getProviderName(storeSpec *esv1alpha1.SecretStoreProvider) (string, error) {
storeBytes, err := json.Marshal(storeSpec)
if err != nil {

11
pkg/provider/schema/schema_test.go
View file

@ -17,25 +17,26 @@ import (
"context"
"testing"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
"github.com/stretchr/testify/assert"
"sigs.k8s.io/controller-runtime/pkg/client"
esv1alpha1 "github.com/external-secrets/external-secrets/api/v1alpha1"
"github.com/external-secrets/external-secrets/pkg/provider"
)
type PP struct{}
// New constructs a SecretsManager Provider
// New constructs a SecretsManager Provider.
func (p *PP) New(ctx context.Context, store esv1alpha1.SecretStoreProvider, kube client.Client, namespace string) (provider.Provider, error) {
return p, nil
}
// GetSecret returns a single secret from the provider
// GetSecret returns a single secret from the provider.
func (p *PP) GetSecret(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) ([]byte, error) {
return []byte("NOOP"), nil
}
// GetSecretMap returns multiple k/v pairs from the provider
// GetSecretMap returns multiple k/v pairs from the provider.
func (p *PP) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
return map[string][]byte{}, nil
}