crossplane
/
crossplane-runtime
mirror of https://github.com/crossplane/crossplane-runtime.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Replace ProviderConfigSpec with embeddable CredentialsSelectors 

To allow for more flexible credential methods, we provide common
selectors but do not enforce source enum or restrict from adding
additional selectors. The CredentialsSelectors are meant to be embedded
inline in a ProviderConfig's spec.credentials object.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
This commit is contained in:
hasheddan 2021-02-01 16:01:54 -06:00
parent c674db318c
commit 10b4720142
No known key found for this signature in database
GPG Key ID: BD68BC686A14C271
2 changed files with 94 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
apis/common/v1/resource.go
View File

@ -161,25 +161,6 @@ type ResourceStatus struct {
ConditionedStatus `json:",inline"` ConditionedStatus `json:",inline"`
} }
// A ProviderSpec defines the common way to get to the necessary objects to
// connect to the provider.
// Deprecated: Please use ProviderConfigSpec.
type ProviderSpec struct {
// CredentialsSecretRef references a specific secret's key that contains
// the credentials that are used to connect to the provider.
// +optional
CredentialsSecretRef *SecretKeySelector `json:"credentialsSecretRef,omitempty"`
}
// A ProviderConfigSpec defines the desired state of a provider config. A
// provider config may embed this type in its spec in order to support standard
// fields. Provider configs may choose to avoid embedding this type as
// appropriate, but are encouraged to follow its conventions.
type ProviderConfigSpec struct {
// Credentials required to authenticate to this provider.
Credentials ProviderCredentials `json:"credentials"`
}
// A CredentialsSource is a source from which provider credentials may be // A CredentialsSource is a source from which provider credentials may be
// acquired. // acquired.
type CredentialsSource string type CredentialsSource string
@ -198,20 +179,47 @@ const (
// Workload Identity for GCP, Pod Identity for Azure, or in-cluster // Workload Identity for GCP, Pod Identity for Azure, or in-cluster
// authentication for the Kubernetes API. // authentication for the Kubernetes API.
CredentialsSourceInjectedIdentity CredentialsSource = "InjectedIdentity" CredentialsSourceInjectedIdentity CredentialsSource = "InjectedIdentity"
// CredentialsSourceEnvironment indicates that a provider should acquire
// credentials from an environment variable.
CredentialsSourceEnvironment CredentialsSource = "Environment"
// CredentialsSourceFilesystem indicates that a provider should acquire
// credentials from the filesystem.
CredentialsSourceFilesystem CredentialsSource = "Filesystem"
) )
// ProviderCredentials required to authenticate. // CommonCredentialSelectors provides common selectors for extracting
type ProviderCredentials struct { // credentials.
// Source of the provider credentials. type CommonCredentialSelectors struct {
// +kubebuilder:validation:Enum=None;Secret;InjectedIdentity // Fs is a reference to a filesystem location that contains credentials that
Source CredentialsSource `json:"source"` // must be used to connect to the provider.
// +optional
Fs *FsSelector `json:"fs,omitempty"`
// A CredentialsSecretRef is a reference to a secret key that contains the // Env is a reference to an environment variable that contains credentials
// credentials that must be used to connect to the provider. // that must be used to connect to the provider.
// +optional
Env *EnvSelector `json:"env,omitempty"`
// A SecretRef is a reference to a secret key that contains the credentials
// that must be used to connect to the provider.
// +optional // +optional
SecretRef *SecretKeySelector `json:"secretRef,omitempty"` SecretRef *SecretKeySelector `json:"secretRef,omitempty"`
} }
// EnvSelector selects an environment variable.
type EnvSelector struct {
// Name is the name of an environment variable.
Name string `json:"name"`
}
// FsSelector selects a filesystem location.
type FsSelector struct {
// Path is a filesystem path.
Path string `json:"path"`
}
// A ProviderConfigStatus defines the observed status of a ProviderConfig. // A ProviderConfigStatus defines the observed status of a ProviderConfig.
type ProviderConfigStatus struct { type ProviderConfigStatus struct {
ConditionedStatus `json:",inline"` ConditionedStatus `json:",inline"`

116
apis/common/v1/zz_generated.deepcopy.go
View File

@ -24,6 +24,36 @@ import (
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
) )
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CommonCredentialSelectors) DeepCopyInto(out *CommonCredentialSelectors) {
*out = *in
if in.Fs != nil {
in, out := &in.Fs, &out.Fs
*out = new(FsSelector)
**out = **in
}
if in.Env != nil {
in, out := &in.Env, &out.Env
*out = new(EnvSelector)
**out = **in
}
if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef
*out = new(SecretKeySelector)
**out = **in
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonCredentialSelectors.
func (in *CommonCredentialSelectors) DeepCopy() *CommonCredentialSelectors {
if in == nil {
return nil
}
out := new(CommonCredentialSelectors)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Condition) DeepCopyInto(out *Condition) { func (in *Condition) DeepCopyInto(out *Condition) {
*out = *in *out = *in
@ -62,6 +92,36 @@ func (in *ConditionedStatus) DeepCopy() *ConditionedStatus {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *EnvSelector) DeepCopyInto(out *EnvSelector) {
*out = *in
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvSelector.
func (in *EnvSelector) DeepCopy() *EnvSelector {
if in == nil {
return nil
}
out := new(EnvSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *FsSelector) DeepCopyInto(out *FsSelector) {
*out = *in
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FsSelector.
func (in *FsSelector) DeepCopy() *FsSelector {
if in == nil {
return nil
}
out := new(FsSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LocalSecretReference) DeepCopyInto(out *LocalSecretReference) { func (in *LocalSecretReference) DeepCopyInto(out *LocalSecretReference) {
*out = *in *out = *in
@ -77,22 +137,6 @@ func (in *LocalSecretReference) DeepCopy() *LocalSecretReference {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ProviderConfigSpec) DeepCopyInto(out *ProviderConfigSpec) {
*out = *in
in.Credentials.DeepCopyInto(&out.Credentials)
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigSpec.
func (in *ProviderConfigSpec) DeepCopy() *ProviderConfigSpec {
if in == nil {
return nil
}
out := new(ProviderConfigSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ProviderConfigStatus) DeepCopyInto(out *ProviderConfigStatus) { func (in *ProviderConfigStatus) DeepCopyInto(out *ProviderConfigStatus) {
*out = *in *out = *in
@ -126,46 +170,6 @@ func (in *ProviderConfigUsage) DeepCopy() *ProviderConfigUsage {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ProviderCredentials) DeepCopyInto(out *ProviderCredentials) {
*out = *in
if in.SecretRef != nil {
in, out := &in.SecretRef, &out.SecretRef
*out = new(SecretKeySelector)
**out = **in
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderCredentials.
func (in *ProviderCredentials) DeepCopy() *ProviderCredentials {
if in == nil {
return nil
}
out := new(ProviderCredentials)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec) {
*out = *in
if in.CredentialsSecretRef != nil {
in, out := &in.CredentialsSecretRef, &out.CredentialsSecretRef
*out = new(SecretKeySelector)
**out = **in
}
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec.
func (in *ProviderSpec) DeepCopy() *ProviderSpec {
if in == nil {
return nil
}
out := new(ProviderSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Reference) DeepCopyInto(out *Reference) { func (in *Reference) DeepCopyInto(out *Reference) {
*out = *in *out = *in