Replace ProviderConfigSpec with embeddable CredentialsSelectors
To allow for more flexible credential methods, we provide common selectors but do not enforce source enum or restrict from adding additional selectors. The CredentialsSelectors are meant to be embedded inline in a ProviderConfig's spec.credentials object. Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
This commit is contained in:
hasheddan
parent
c674db318c
commit
10b4720142
|
|
@ -161,25 +161,6 @@ type ResourceStatus struct {
|
|||
ConditionedStatus `json:",inline"`
|
||||
}
|
||||
|
||||
// A ProviderSpec defines the common way to get to the necessary objects to
|
||||
// connect to the provider.
|
||||
// Deprecated: Please use ProviderConfigSpec.
|
||||
type ProviderSpec struct {
|
||||
// CredentialsSecretRef references a specific secret's key that contains
|
||||
// the credentials that are used to connect to the provider.
|
||||
// +optional
|
||||
CredentialsSecretRef *SecretKeySelector `json:"credentialsSecretRef,omitempty"`
|
||||
}
|
||||
|
||||
// A ProviderConfigSpec defines the desired state of a provider config. A
|
||||
// provider config may embed this type in its spec in order to support standard
|
||||
// fields. Provider configs may choose to avoid embedding this type as
|
||||
// appropriate, but are encouraged to follow its conventions.
|
||||
type ProviderConfigSpec struct {
|
||||
// Credentials required to authenticate to this provider.
|
||||
Credentials ProviderCredentials `json:"credentials"`
|
||||
}
|
||||
|
||||
// A CredentialsSource is a source from which provider credentials may be
|
||||
// acquired.
|
||||
type CredentialsSource string
|
||||
|
|
@ -198,20 +179,47 @@ const (
|
|||
// Workload Identity for GCP, Pod Identity for Azure, or in-cluster
|
||||
// authentication for the Kubernetes API.
|
||||
CredentialsSourceInjectedIdentity CredentialsSource = "InjectedIdentity"
|
||||
|
||||
// CredentialsSourceEnvironment indicates that a provider should acquire
|
||||
// credentials from an environment variable.
|
||||
CredentialsSourceEnvironment CredentialsSource = "Environment"
|
||||
|
||||
// CredentialsSourceFilesystem indicates that a provider should acquire
|
||||
// credentials from the filesystem.
|
||||
CredentialsSourceFilesystem CredentialsSource = "Filesystem"
|
||||
)
|
||||
|
||||
// ProviderCredentials required to authenticate.
|
||||
type ProviderCredentials struct {
|
||||
// Source of the provider credentials.
|
||||
// +kubebuilder:validation:Enum=None;Secret;InjectedIdentity
|
||||
Source CredentialsSource `json:"source"`
|
||||
// CommonCredentialSelectors provides common selectors for extracting
|
||||
// credentials.
|
||||
type CommonCredentialSelectors struct {
|
||||
// Fs is a reference to a filesystem location that contains credentials that
|
||||
// must be used to connect to the provider.
|
||||
// +optional
|
||||
Fs *FsSelector `json:"fs,omitempty"`
|
||||
|
||||
// A CredentialsSecretRef is a reference to a secret key that contains the
|
||||
// credentials that must be used to connect to the provider.
|
||||
// Env is a reference to an environment variable that contains credentials
|
||||
// that must be used to connect to the provider.
|
||||
// +optional
|
||||
Env *EnvSelector `json:"env,omitempty"`
|
||||
|
||||
// A SecretRef is a reference to a secret key that contains the credentials
|
||||
// that must be used to connect to the provider.
|
||||
// +optional
|
||||
SecretRef *SecretKeySelector `json:"secretRef,omitempty"`
|
||||
}
|
||||
|
||||
// EnvSelector selects an environment variable.
|
||||
type EnvSelector struct {
|
||||
// Name is the name of an environment variable.
|
||||
Name string `json:"name"`
|
||||
}
|
||||
|
||||
// FsSelector selects a filesystem location.
|
||||
type FsSelector struct {
|
||||
// Path is a filesystem path.
|
||||
Path string `json:"path"`
|
||||
}
|
||||
|
||||
// A ProviderConfigStatus defines the observed status of a ProviderConfig.
|
||||
type ProviderConfigStatus struct {
|
||||
ConditionedStatus `json:",inline"`
|
||||
|
|
|
|||
|
|
@ -24,6 +24,36 @@ import (
|
|||
corev1 "k8s.io/api/core/v1"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *CommonCredentialSelectors) DeepCopyInto(out *CommonCredentialSelectors) {
|
||||
*out = *in
|
||||
if in.Fs != nil {
|
||||
in, out := &in.Fs, &out.Fs
|
||||
*out = new(FsSelector)
|
||||
**out = **in
|
||||
}
|
||||
if in.Env != nil {
|
||||
in, out := &in.Env, &out.Env
|
||||
*out = new(EnvSelector)
|
||||
**out = **in
|
||||
}
|
||||
if in.SecretRef != nil {
|
||||
in, out := &in.SecretRef, &out.SecretRef
|
||||
*out = new(SecretKeySelector)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CommonCredentialSelectors.
|
||||
func (in *CommonCredentialSelectors) DeepCopy() *CommonCredentialSelectors {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(CommonCredentialSelectors)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *Condition) DeepCopyInto(out *Condition) {
|
||||
*out = *in
|
||||
|
|
@ -62,6 +92,36 @@ func (in *ConditionedStatus) DeepCopy() *ConditionedStatus {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *EnvSelector) DeepCopyInto(out *EnvSelector) {
|
||||
*out = *in
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvSelector.
|
||||
func (in *EnvSelector) DeepCopy() *EnvSelector {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(EnvSelector)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *FsSelector) DeepCopyInto(out *FsSelector) {
|
||||
*out = *in
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FsSelector.
|
||||
func (in *FsSelector) DeepCopy() *FsSelector {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(FsSelector)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *LocalSecretReference) DeepCopyInto(out *LocalSecretReference) {
|
||||
*out = *in
|
||||
|
|
@ -77,22 +137,6 @@ func (in *LocalSecretReference) DeepCopy() *LocalSecretReference {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ProviderConfigSpec) DeepCopyInto(out *ProviderConfigSpec) {
|
||||
*out = *in
|
||||
in.Credentials.DeepCopyInto(&out.Credentials)
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigSpec.
|
||||
func (in *ProviderConfigSpec) DeepCopy() *ProviderConfigSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(ProviderConfigSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ProviderConfigStatus) DeepCopyInto(out *ProviderConfigStatus) {
|
||||
*out = *in
|
||||
|
|
@ -126,46 +170,6 @@ func (in *ProviderConfigUsage) DeepCopy() *ProviderConfigUsage {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ProviderCredentials) DeepCopyInto(out *ProviderCredentials) {
|
||||
*out = *in
|
||||
if in.SecretRef != nil {
|
||||
in, out := &in.SecretRef, &out.SecretRef
|
||||
*out = new(SecretKeySelector)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderCredentials.
|
||||
func (in *ProviderCredentials) DeepCopy() *ProviderCredentials {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(ProviderCredentials)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec) {
|
||||
*out = *in
|
||||
if in.CredentialsSecretRef != nil {
|
||||
in, out := &in.CredentialsSecretRef, &out.CredentialsSecretRef
|
||||
*out = new(SecretKeySelector)
|
||||
**out = **in
|
||||
}
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec.
|
||||
func (in *ProviderSpec) DeepCopy() *ProviderSpec {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(ProviderSpec)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *Reference) DeepCopyInto(out *Reference) {
|
||||
*out = *in
|
||||
|
|
|
|||
Loading…
Reference in New Issue