From 5ff248f7f97414294bef7ebaa4e1935ab3ae6729 Mon Sep 17 00:00:00 2001 From: Daniel Ward Date: Fri, 23 Oct 2020 15:44:25 -0400 Subject: [PATCH 1/4] feat: enable secret types --- api/v1/syncedsecret_types.go | 3 +++ pkg/k8ssecret/secret.go | 8 +++++- pkg/k8ssecret/secret_test.go | 52 ++++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/api/v1/syncedsecret_types.go b/api/v1/syncedsecret_types.go index 8073ca5..06863b0 100644 --- a/api/v1/syncedsecret_types.go +++ b/api/v1/syncedsecret_types.go @@ -17,6 +17,7 @@ package v1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" ) // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! @@ -104,6 +105,8 @@ type SyncedSecret struct { Spec SyncedSecretSpec `json:"spec,omitempty"` Status SyncedSecretStatus `json:"status,omitempty"` + + Type corev1.SecretType `json:"type,omitempty"` } // +kubebuilder:object:root=true diff --git a/pkg/k8ssecret/secret.go b/pkg/k8ssecret/secret.go index 9814def..6dcbd3d 100644 --- a/pkg/k8ssecret/secret.go +++ b/pkg/k8ssecret/secret.go @@ -153,13 +153,19 @@ func GenerateK8SSecret( } } + + secretType := corev1.SecretTypeOpaque + if cs.Type != "" { + secretType = cs.Type + } + secret := &corev1.Secret{ TypeMeta: metav1.TypeMeta{ APIVersion: "v1", Kind: "Secret", }, ObjectMeta: secretMeta, - Type: "Opaque", + Type: secretType, Data: data, } diff --git a/pkg/k8ssecret/secret_test.go b/pkg/k8ssecret/secret_test.go index 55e11a2..06901f3 100644 --- a/pkg/k8ssecret/secret_test.go +++ b/pkg/k8ssecret/secret_test.go @@ -160,6 +160,58 @@ func TestGenerateSecret(t *testing.T) { "field2": []byte("value2"), }, }, + },{ + name: "it should support fields with a hardcoded value for Secret Type", + have: have{ + SyncedSecret: secretsv1.SyncedSecret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "secret-name", + Namespace: "secret-namespace", + }, + Spec: secretsv1.SyncedSecretSpec{ + SecretMetadata: metav1.ObjectMeta{ + Name: "secret-name", + Namespace: "secret-namespace", + Annotations: map[string]string{ + "randomkey": "random/string", + }, + }, + Data: []*secretsv1.SecretField{ + { + Name: _s("foo"), + Value: _s("bar"), + }, + { + Name: _s("field2"), + Value: _s("value2"), + }, + }, + IAMRole: _s("iam_role"), + }, + Type: "kubernetes.io/dockerconfigjson", + }, + err: nil, + cachedSecrets: secretsmanager.Secrets{"cachedSecret1": {}, "cachedSecret2": {}}, + secretValueGetter: mockgetSecretValue, + }, + want: &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "secret-name", + Namespace: "secret-namespace", + Annotations: map[string]string{ + "randomkey": "random/string", + }, + }, + Type: "kubernetes.io/dockerconfigjson", + Data: map[string][]byte{ + "foo": []byte("bar"), + "field2": []byte("value2"), + }, + }, }, { name: "it should support references to a single field in an AWS Secret", From 0276179e452860591735a568467331d8a4d85927 Mon Sep 17 00:00:00 2001 From: Daniel Ward Date: Sat, 24 Oct 2020 08:04:20 -0400 Subject: [PATCH 2/4] add sample and ran make --- api/v1/syncedsecret_types.go | 2 +- .../secrets_v1_syncedsecret_specified_type.yaml | 16 ++++++++++++++++ pkg/k8ssecret/secret.go | 1 - pkg/k8ssecret/secret_test.go | 2 +- 4 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 config/samples/secrets_v1_syncedsecret_specified_type.yaml diff --git a/api/v1/syncedsecret_types.go b/api/v1/syncedsecret_types.go index 06863b0..01a7a3d 100644 --- a/api/v1/syncedsecret_types.go +++ b/api/v1/syncedsecret_types.go @@ -16,8 +16,8 @@ limitations under the License. package v1 import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! diff --git a/config/samples/secrets_v1_syncedsecret_specified_type.yaml b/config/samples/secrets_v1_syncedsecret_specified_type.yaml new file mode 100644 index 0000000..87c9cec --- /dev/null +++ b/config/samples/secrets_v1_syncedsecret_specified_type.yaml @@ -0,0 +1,16 @@ +apiVersion: secrets.contentful.com/v1 +kind: SyncedSecret +type: kubernetes.io/dockerconfigjson +metadata: + name: syncedsecret-sample-ks + namespace: kube-secret-syncer +spec: + secretMetadata: + name: demo-service-secret + namespace: kube-secret-syncer + annotations: + randomkey: randomval + data: + DB_NAME: database_name + DB_PASS: database_pass + secretid: secretsyncer/secret/sample diff --git a/pkg/k8ssecret/secret.go b/pkg/k8ssecret/secret.go index 6dcbd3d..3a4008d 100644 --- a/pkg/k8ssecret/secret.go +++ b/pkg/k8ssecret/secret.go @@ -153,7 +153,6 @@ func GenerateK8SSecret( } } - secretType := corev1.SecretTypeOpaque if cs.Type != "" { secretType = cs.Type diff --git a/pkg/k8ssecret/secret_test.go b/pkg/k8ssecret/secret_test.go index 06901f3..106a925 100644 --- a/pkg/k8ssecret/secret_test.go +++ b/pkg/k8ssecret/secret_test.go @@ -160,7 +160,7 @@ func TestGenerateSecret(t *testing.T) { "field2": []byte("value2"), }, }, - },{ + }, { name: "it should support fields with a hardcoded value for Secret Type", have: have{ SyncedSecret: secretsv1.SyncedSecret{ From c71583394aa436433bbb930198b82665cfcd2438 Mon Sep 17 00:00:00 2001 From: Daniel Ward Date: Sat, 24 Oct 2020 15:22:24 -0400 Subject: [PATCH 3/4] genereate crd manifests --- config/crd/bases/secrets.contentful.com_syncedsecrets.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml b/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml index 4b046af..a9b674b 100644 --- a/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml +++ b/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml @@ -107,6 +107,8 @@ spec: required: - currentVersionID type: object + type: + type: string type: object version: v1 versions: From 64a7cfc29dab96376e084927e82a0262f9aa2a25 Mon Sep 17 00:00:00 2001 From: Daniel Ward Date: Mon, 26 Oct 2020 14:19:00 -0400 Subject: [PATCH 4/4] fixed type scope as requested --- api/v1/syncedsecret_types.go | 6 ++++-- config/crd/bases/secrets.contentful.com_syncedsecrets.yaml | 5 +++-- config/samples/secrets_v1_syncedsecret_specified_type.yaml | 2 +- pkg/k8ssecret/secret.go | 4 ++-- pkg/k8ssecret/secret_test.go | 5 +++-- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/api/v1/syncedsecret_types.go b/api/v1/syncedsecret_types.go index 01a7a3d..dc0fcc3 100644 --- a/api/v1/syncedsecret_types.go +++ b/api/v1/syncedsecret_types.go @@ -81,6 +81,10 @@ type SyncedSecretSpec struct { // DataFrom // +optional DataFrom *DataFrom `json:"dataFrom,omitempty"` + + // Type + // +optional + Type corev1.SecretType `json:"type,omitempty"` } // SyncedSecretStatus defines the observed state of SyncedSecret @@ -105,8 +109,6 @@ type SyncedSecret struct { Spec SyncedSecretSpec `json:"spec,omitempty"` Status SyncedSecretStatus `json:"status,omitempty"` - - Type corev1.SecretType `json:"type,omitempty"` } // +kubebuilder:object:root=true diff --git a/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml b/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml index a9b674b..c3b7f4c 100644 --- a/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml +++ b/config/crd/bases/secrets.contentful.com_syncedsecrets.yaml @@ -92,6 +92,9 @@ spec: secretMetadata: description: Secret Metadata type: object + type: + description: Type + type: string type: object status: description: SyncedSecretStatus defines the observed state of SyncedSecret @@ -107,8 +110,6 @@ spec: required: - currentVersionID type: object - type: - type: string type: object version: v1 versions: diff --git a/config/samples/secrets_v1_syncedsecret_specified_type.yaml b/config/samples/secrets_v1_syncedsecret_specified_type.yaml index 87c9cec..17484f2 100644 --- a/config/samples/secrets_v1_syncedsecret_specified_type.yaml +++ b/config/samples/secrets_v1_syncedsecret_specified_type.yaml @@ -1,10 +1,10 @@ apiVersion: secrets.contentful.com/v1 kind: SyncedSecret -type: kubernetes.io/dockerconfigjson metadata: name: syncedsecret-sample-ks namespace: kube-secret-syncer spec: + type: kubernetes.io/dockerconfigjson secretMetadata: name: demo-service-secret namespace: kube-secret-syncer diff --git a/pkg/k8ssecret/secret.go b/pkg/k8ssecret/secret.go index 3a4008d..5df43b1 100644 --- a/pkg/k8ssecret/secret.go +++ b/pkg/k8ssecret/secret.go @@ -154,8 +154,8 @@ func GenerateK8SSecret( } secretType := corev1.SecretTypeOpaque - if cs.Type != "" { - secretType = cs.Type + if cs.Spec.Type != "" { + secretType = cs.Spec.Type } secret := &corev1.Secret{ diff --git a/pkg/k8ssecret/secret_test.go b/pkg/k8ssecret/secret_test.go index 106a925..0094077 100644 --- a/pkg/k8ssecret/secret_test.go +++ b/pkg/k8ssecret/secret_test.go @@ -160,7 +160,8 @@ func TestGenerateSecret(t *testing.T) { "field2": []byte("value2"), }, }, - }, { + }, + { name: "it should support fields with a hardcoded value for Secret Type", have: have{ SyncedSecret: secretsv1.SyncedSecret{ @@ -187,8 +188,8 @@ func TestGenerateSecret(t *testing.T) { }, }, IAMRole: _s("iam_role"), + Type: "kubernetes.io/dockerconfigjson", }, - Type: "kubernetes.io/dockerconfigjson", }, err: nil, cachedSecrets: secretsmanager.Secrets{"cachedSecret1": {}, "cachedSecret2": {}},