Skip to content

Commit

Permalink
Allow generating connectionSecretKeys for XRDs
Browse files Browse the repository at this point in the history 
See https://docs.crossplane.io/latest/concepts/connection-details/

To expose connection details from a Composition, users must specify
`spec.connectionSecretKeys` in XRD. This commit adds support for this.

I also fixed an error in `examples/xrd-gen/apis/generate.go` -
controller-gen would fail, complaining that `xrd` generator is specified
twice.
  • Loading branch information
@take-five
take-five committed Jun 17, 2024
1 parent 57ccdc6 commit 90af2ac
Show file tree
Hide file tree
Showing 5 changed files with 199 additions and 12 deletions.
2 changes: 1 addition & 1 deletion examples/xrd-gen/apis/generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ package apis

//go:generate rm -rf ../package/crds

//go:generate go run -tags generate ../../../cmd/xrd-gen xrd paths=./... xrd:allowDangerousTypes=true,crdVersions=v1 object:headerFile=../../../hack/boilerplate.go.txt,year=2022 output:artifacts:config=../package/xrds
//go:generate go run -tags generate ../../../cmd/xrd-gen paths=./... xrd:allowDangerousTypes=true,crdVersions=v1 object:headerFile=../../../hack/boilerplate.go.txt,year=2022 output:artifacts:config=../package/xrds
1 change: 1 addition & 0 deletions examples/xrd-gen/apis/v1alpha1/example_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ type XExampleStatus struct {
// +crossbuilder:generate:xrd:claimNames:kind=Example,plural=examples
// +crossbuilder:generate:xrd:defaultCompositionRef:name=example-composition
// +crossbuilder:generate:xrd:enforcedCompositionRef:name=example-composition-2
// +crossbuilder:generate:xrd:connectionSecretKeys={username,password}
type XExample struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Expand Down
1 change: 0 additions & 1 deletion examples/xrd-gen/apis/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

198 changes: 188 additions & 10 deletions examples/xrd-gen/package/xrds/test.example.com_xexamples.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
---
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
Expand All @@ -8,6 +10,9 @@ spec:
claimNames:
kind: Example
plural: examples
connectionSecretKeys:
- username
- password
defaultCompositionRef:
name: example-composition
enforcedCompositionRef:
Expand All @@ -21,23 +26,51 @@ spec:
plural: xexamples
singular: xexample
versions:
- deprecated: false
name: v1alpha1
referenceable: false
- name: v1alpha1
referenceable: true
schema:
openAPIV3Schema:
properties:
spec:
properties:
deletionPolicy:
default: Delete
description: DeletionPolicy specifies what will happen to the underlying
description: 'DeletionPolicy specifies what will happen to the underlying
external when this managed resource is deleted - either "Delete"
or "Orphan" the external resource.
or "Orphan" the external resource. This field is planned to be deprecated
in favor of the ManagementPolicies field in a future release. Currently,
both could be set independently and non-default values would be
honored if the feature flag is enabled. See the design doc for more
information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223'
enum:
- Orphan
- Delete
type: string
managementPolicies:
default:
- '*'
description: 'THIS IS A BETA FIELD. It is on by default but can be
opted out through a Crossplane feature flag. ManagementPolicies
specify the array of actions Crossplane is allowed to take on the
managed and external resources. This field is planned to replace
the DeletionPolicy field in a future release. Currently, both could
be set independently and non-default values would be honored if
the feature flag is enabled. If both are custom, the DeletionPolicy
field will be ignored. See the design doc for more information:
https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223
and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md'
items:
description: A ManagementAction represents an action that the Crossplane
controllers can take on an external resource.
enum:
- Observe
- Create
- Update
- Delete
- LateInitialize
- '*'
type: string
type: array
parameters:
properties:
exampleField:
Expand All @@ -55,24 +88,169 @@ spec:
name:
description: Name of the referenced object.
type: string
policy:
description: Policies for referencing.
properties:
resolution:
default: Required
description: Resolution specifies whether resolution of this
reference is required. The default is 'Required', which
means the reconcile will fail if the reference cannot be
resolved. 'Optional' means this reference will be a no-op
if it cannot be resolved.
enum:
- Required
- Optional
type: string
resolve:
description: Resolve specifies when this reference should
be resolved. The default is 'IfNotPresent', which will attempt
to resolve the reference only when the corresponding field
is not present. Use 'Always' to resolve the reference on
every reconcile.
enum:
- Always
- IfNotPresent
type: string
type: object
required:
- name
type: object
providerRef:
description: 'ProviderReference specifies the provider that will be
used to create, observe, update, and delete this managed resource.
Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`'
publishConnectionDetailsTo:
description: PublishConnectionDetailsTo specifies the connection secret
config which contains a name, metadata and a reference to secret
store config to which any connection details for this managed resource
should be written. Connection details frequently include the endpoint,
username, and password required to connect to the managed resource.
properties:
configRef:
default:
name: default
description: SecretStoreConfigRef specifies which secret store
config should be used for this ConnectionSecret.
properties:
name:
description: Name of the referenced object.
type: string
policy:
description: Policies for referencing.
properties:
resolution:
default: Required
description: Resolution specifies whether resolution of
this reference is required. The default is 'Required',
which means the reconcile will fail if the reference
cannot be resolved. 'Optional' means this reference
will be a no-op if it cannot be resolved.
enum:
- Required
- Optional
type: string
resolve:
description: Resolve specifies when this reference should
be resolved. The default is 'IfNotPresent', which will
attempt to resolve the reference only when the corresponding
field is not present. Use 'Always' to resolve the reference
on every reconcile.
enum:
- Always
- IfNotPresent
type: string
type: object
required:
- name
type: object
metadata:
description: Metadata is the metadata for connection secret.
properties:
annotations:
additionalProperties:
type: string
description: Annotations are the annotations to be added to
connection secret. - For Kubernetes secrets, this will be
used as "metadata.annotations". - It is up to Secret Store
implementation for others store types.
type: object
labels:
additionalProperties:
type: string
description: Labels are the labels/tags to be added to connection
secret. - For Kubernetes secrets, this will be used as "metadata.labels".
- It is up to Secret Store implementation for others store
types.
type: object
type:
description: Type is the SecretType for the connection secret.
- Only valid for Kubernetes Secret Stores.
type: string
type: object
name:
description: Name of the referenced object.
description: Name is the name of the connection secret.
type: string
required:
- name
type: object
writeConnectionSecretToRef:
description: WriteConnectionSecretToReference specifies the namespace
and name of a Secret to which any connection details for this managed
resource should be written. Connection details frequently include
the endpoint, username, and password required to connect to the
managed resource. This field is planned to be replaced in a future
release in favor of PublishConnectionDetailsTo. Currently, both
could be set independently and connection details would be published
to both without affecting each other.
properties:
name:
description: Name of the secret.
type: string
namespace:
description: Namespace of the secret.
type: string
required:
- name
- namespace
type: object
required:
- parameters
type: object
status:
properties:
conditions:
description: Conditions of the resource.
items:
description: A Condition that may apply to a resource.
properties:
lastTransitionTime:
description: LastTransitionTime is the last time this condition
transitioned from one status to another.
format: date-time
type: string
message:
description: A Message containing details about this condition's
last transition from one status to another, if any.
type: string
reason:
description: A Reason for this condition's last transition from
one status to another.
type: string
status:
description: Status of this condition; is it currently True,
False, or Unknown?
type: string
type:
description: Type of this condition. At most one of each condition
type may apply to a resource at any point in time.
type: string
required:
- lastTransitionTime
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
required:
- spec
Expand Down
9 changes: 9 additions & 0 deletions pkg/generate/xrd/markers/markers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ var XRDMarkers = []*definitionWithHelp{
must(markers.MakeDefinition("crossbuilder:generate:xrd:defaultCompositionRef", markers.DescribesType, DefaultCompositionRef{})),
must(markers.MakeDefinition("crossbuilder:generate:xrd:enforcedCompositionRef", markers.DescribesType, EnforcedCompositionRef{})),
must(markers.MakeDefinition("crossbuilder:generate:xrd:defaultCompositeDeletePolicy", markers.DescribesType, DefaultCompositeDeletePolicy{})),
must(markers.MakeDefinition("crossbuilder:generate:xrd:connectionSecretKeys", markers.DescribesType, ConnectionSecretKeys(nil))),
}

func init() {
Expand Down Expand Up @@ -94,3 +95,11 @@ func (c DefaultCompositeDeletePolicy) ApplyToXRD(xrd *xapiext.CompositeResourceD
// test(c)
return nil
}

// ConnectionSecretKeys is a marker to specify connection secret keys of an XRD
type ConnectionSecretKeys []string

func (c ConnectionSecretKeys) ApplyToXRD(xrd *xapiext.CompositeResourceDefinition, version string) error {
xrd.Spec.ConnectionSecretKeys = c
return nil
}

0 comments on commit 90af2ac

Please sign in to comment.