-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TransformOptions Configuration Block to SecretProviderClass #963
Changes from all commits
2599999
5021a7d
ed2fcbe
0f94d4c
70f8e3e
28f2fc0
06e579f
f10e694
0b53f7c
d302f22
3d42b90
a4c59fe
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -46,13 +46,32 @@ type SecretObject struct { | |
Data []*SecretObjectData `json:"data,omitempty"` | ||
} | ||
|
||
type Secret struct { | ||
// name of the object to sync | ||
ObjectName string `json:"objectName,omitempty"` | ||
// expected format of the secret received from the provider (e.g. plaintext, json) | ||
Format string `json:"format,omitempty"` | ||
// JSON path to target for a secret received in JSON format | ||
JsonPath string `json:"jsonPath,omitempty"` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. JSONPath instead of JsonPath per https://github.com/golang/go/wiki/CodeReviewComments#initialisms |
||
} | ||
|
||
type TransformOptions struct { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we actually want the |
||
// expected format of the secret received from the provider (e.g. plaintext, json) | ||
Format string `json:"format,omitempty"` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we can actually omit this just determine behavior based on whether |
||
// JSON path to target for a secret received in JSON format | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I notice from the implementation that it expects the Additionally I think it might be nice to support extracting a single value if the path resolves to a string instead of a json object. It may be a bit more verbose but I think more explicit to support resolving to a json value and adding an You could then write an SPC like:
Later we could add a transform like the this to resolve #948
Where we could generate a file based just on SPC data for non-secret static value |
||
JsonPath string `json:"jsonPath,omitempty"` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. JSONPath |
||
Secrets []Secret `json:"secrets,omitempty"` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't really understand what this represents and it doesn't seem like the test cases cover where I see the example in #963 (comment) but I'm not clear why the |
||
} | ||
|
||
// SecretProviderClassSpec defines the desired state of SecretProviderClass | ||
type SecretProviderClassSpec struct { | ||
// Configuration for provider name | ||
Provider Provider `json:"provider,omitempty"` | ||
// Configuration for specific provider | ||
Parameters map[string]string `json:"parameters,omitempty"` | ||
SecretObjects []*SecretObject `json:"secretObjects,omitempty"` | ||
// Configuration for secret transformation | ||
TransformOptions TransformOptions `json:"transformOptions,omitempty"` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we want this to be a list like |
||
} | ||
|
||
// ByPodStatus defines the state of SecretProviderClass as seen by | ||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't follow this very well in a lot of the code but per https://github.com/golang/go/wiki/CodeReviewComments#comment-sentences comments should be full sentences. Don't try to fix the other stuff in this PR but would be good to try to apply to the comments added here.