diff --git a/apis/common/v1/resource.go b/apis/common/v1/resource.go index d3d9621..7a4b31c 100644 --- a/apis/common/v1/resource.go +++ b/apis/common/v1/resource.go @@ -161,25 +161,6 @@ type ResourceStatus struct { ConditionedStatus `json:",inline"` } -// A ProviderSpec defines the common way to get to the necessary objects to -// connect to the provider. -// Deprecated: Please use ProviderConfigSpec. -type ProviderSpec struct { - // CredentialsSecretRef references a specific secret's key that contains - // the credentials that are used to connect to the provider. - // +optional - CredentialsSecretRef *SecretKeySelector `json:"credentialsSecretRef,omitempty"` -} - -// A ProviderConfigSpec defines the desired state of a provider config. A -// provider config may embed this type in its spec in order to support standard -// fields. Provider configs may choose to avoid embedding this type as -// appropriate, but are encouraged to follow its conventions. -type ProviderConfigSpec struct { - // Credentials required to authenticate to this provider. - Credentials ProviderCredentials `json:"credentials"` -} - // A CredentialsSource is a source from which provider credentials may be // acquired. type CredentialsSource string @@ -198,20 +179,47 @@ const ( // Workload Identity for GCP, Pod Identity for Azure, or in-cluster // authentication for the Kubernetes API. CredentialsSourceInjectedIdentity CredentialsSource = "InjectedIdentity" + + // CredentialsSourceEnvironment indicates that a provider should acquire + // credentials from an environment variable. + CredentialsSourceEnvironment CredentialsSource = "Environment" + + // CredentialsSourceFilesystem indicates that a provider should acquire + // credentials from the filesystem. + CredentialsSourceFilesystem CredentialsSource = "Filesystem" ) -// ProviderCredentials required to authenticate. -type ProviderCredentials struct { - // Source of the provider credentials. - // +kubebuilder:validation:Enum=None;Secret;InjectedIdentity - Source CredentialsSource `json:"source"` +// CommonCredentialSelectors provides common selectors for extracting +// credentials. +type CommonCredentialSelectors struct { + // Fs is a reference to a filesystem location that contains credentials that + // must be used to connect to the provider. + // +optional + Fs *FsSelector `json:"fs,omitempty"` - // A CredentialsSecretRef is a reference to a secret key that contains the - // credentials that must be used to connect to the provider. + // Env is a reference to an environment variable that contains credentials + // that must be used to connect to the provider. + // +optional + Env *EnvSelector `json:"env,omitempty"` + + // A SecretRef is a reference to a secret key that contains the credentials + // that must be used to connect to the provider. // +optional SecretRef *SecretKeySelector `json:"secretRef,omitempty"` } +// EnvSelector selects an environment variable. +type EnvSelector struct { + // Name is the name of an environment variable. + Name string `json:"name"` +} + +// FsSelector selects a filesystem location. +type FsSelector struct { + // Path is a filesystem path. + Path string `json:"path"` +} + // A ProviderConfigStatus defines the observed status of a ProviderConfig. type ProviderConfigStatus struct { ConditionedStatus `json:",inline"` diff --git a/apis/common/v1/zz_generated.deepcopy.go b/apis/common/v1/zz_generated.deepcopy.go index 6bd879c..27c1e4d 100644 --- a/apis/common/v1/zz_generated.deepcopy.go +++ b/apis/common/v1/zz_generated.deepcopy.go @@ -24,6 +24,36 @@ import ( corev1 "k8s.io/api/core/v1" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CommonCredentialSelectors) DeepCopyInto(out *CommonCredentialSelectors) { + *out = *in + if in.Fs != nil { + in, out := &in.Fs, &out.Fs + *out = new(FsSelector) + **out = **in + } + if in.Env != nil { + in, out := &in.Env, &out.Env + *out = new(EnvSelector) + **out = **in + } + if in.SecretRef != nil { + in, out := &in.SecretRef, &out.SecretRef + *out = new(SecretKeySelector) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonCredentialSelectors. +func (in *CommonCredentialSelectors) DeepCopy() *CommonCredentialSelectors { + if in == nil { + return nil + } + out := new(CommonCredentialSelectors) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Condition) DeepCopyInto(out *Condition) { *out = *in @@ -62,6 +92,36 @@ func (in *ConditionedStatus) DeepCopy() *ConditionedStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EnvSelector) DeepCopyInto(out *EnvSelector) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvSelector. +func (in *EnvSelector) DeepCopy() *EnvSelector { + if in == nil { + return nil + } + out := new(EnvSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FsSelector) DeepCopyInto(out *FsSelector) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FsSelector. +func (in *FsSelector) DeepCopy() *FsSelector { + if in == nil { + return nil + } + out := new(FsSelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LocalSecretReference) DeepCopyInto(out *LocalSecretReference) { *out = *in @@ -77,22 +137,6 @@ func (in *LocalSecretReference) DeepCopy() *LocalSecretReference { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProviderConfigSpec) DeepCopyInto(out *ProviderConfigSpec) { - *out = *in - in.Credentials.DeepCopyInto(&out.Credentials) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigSpec. -func (in *ProviderConfigSpec) DeepCopy() *ProviderConfigSpec { - if in == nil { - return nil - } - out := new(ProviderConfigSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProviderConfigStatus) DeepCopyInto(out *ProviderConfigStatus) { *out = *in @@ -126,46 +170,6 @@ func (in *ProviderConfigUsage) DeepCopy() *ProviderConfigUsage { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProviderCredentials) DeepCopyInto(out *ProviderCredentials) { - *out = *in - if in.SecretRef != nil { - in, out := &in.SecretRef, &out.SecretRef - *out = new(SecretKeySelector) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderCredentials. -func (in *ProviderCredentials) DeepCopy() *ProviderCredentials { - if in == nil { - return nil - } - out := new(ProviderCredentials) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec) { - *out = *in - if in.CredentialsSecretRef != nil { - in, out := &in.CredentialsSecretRef, &out.CredentialsSecretRef - *out = new(SecretKeySelector) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec. -func (in *ProviderSpec) DeepCopy() *ProviderSpec { - if in == nil { - return nil - } - out := new(ProviderSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Reference) DeepCopyInto(out *Reference) { *out = *in