feat: update secrets related types and interfaces (#624)

KusionStack · Nov 27, 2023 · 8108a56 · 8108a56
1 parent a7d78ca
commit 8108a56
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 22 deletions.
diff --git a/pkg/apis/secrets/types.go b/pkg/apis/secrets/types.go
@@ -1,5 +1,17 @@
 package secrets
 
+// ExternalSecretRef contains information that points to the secret store data location.
+type ExternalSecretRef struct {
+	// Specifies the path of the secret to read.
+	Path string `yaml:"path" json:"path"`
+
+	// Used to select a specific property of the secret data (if a map), if supported.
+	Property string `yaml:"property,omitempty" json:"property,omitempty"`
+
+	// Specifies the version of the secret to return, if supported.
+	Version string `yaml:"version,omitempty" json:"version,omitempty"`
+}
+
 // SecretStoreSpec contains configuration to describe target secret store.
 type SecretStoreSpec struct {
 	Provider *ProviderSpec `yaml:"provider" json:"provider"`

diff --git a/pkg/secrets/interfaces.go b/pkg/secrets/interfaces.go
@@ -9,13 +9,11 @@ import (
 // SecretStore provides the interface to interact with various cloud secret manager.
 type SecretStore interface {
 	// GetSecret retrieves ref secret from various cloud secret manager.
-	GetSecret(ctx context.Context, ref string) ([]byte, error)
+	GetSecret(ctx context.Context, ref secretsapi.ExternalSecretRef) ([]byte, error)
 }
 
-// SecretStoreProvider is a factory type for secret store.
-type SecretStoreProvider interface {
-	// Type returns a string that reflects the type of this provider.
-	Type() string
+// SecretStoreFactory is a factory type for secret store.
+type SecretStoreFactory interface {
 	// NewSecretStore constructs a usable secret store with specific provider spec.
-	NewSecretStore(spec *secretsapi.SecretStoreSpec) (SecretStore, error)
+	NewSecretStore(spec secretsapi.SecretStoreSpec) (SecretStore, error)
 }
diff --git a/pkg/secrets/providers.go b/pkg/secrets/providers.go
@@ -13,7 +13,7 @@ import (
 
 type Providers struct {
 	lock     sync.RWMutex
-	registry map[string]SecretStoreProvider
+	registry map[string]SecretStoreFactory
 }
 
 func NewProviders() *Providers {
@@ -22,7 +22,7 @@ func NewProviders() *Providers {
 
 // Register registers a provider with associated spec. This
 // is expected to happen during app startup.
-func (ps *Providers) Register(sp SecretStoreProvider, spec *secrets.ProviderSpec) {
+func (ps *Providers) Register(ssf SecretStoreFactory, spec *secrets.ProviderSpec) {
 	providerName, err := getProviderName(spec)
 	if err != nil {
 		panic(fmt.Sprintf("provider registery failed to parse spec: %s", err.Error()))
@@ -36,15 +36,15 @@ func (ps *Providers) Register(sp SecretStoreProvider, spec *secrets.ProviderSpec
 			log.Warnf("Provider %s was registered twice", providerName)
 		}
 	} else {
-		ps.registry = map[string]SecretStoreProvider{}
+		ps.registry = map[string]SecretStoreFactory{}
 	}
 
 	log.Infof("Registered secret store provider %s", providerName)
-	ps.registry[providerName] = sp
+	ps.registry[providerName] = ssf
 }
 
 // GetProviderByName returns registered provider by name.
-func (ps *Providers) GetProviderByName(providerName string) (SecretStoreProvider, bool) {
+func (ps *Providers) GetProviderByName(providerName string) (SecretStoreFactory, bool) {
 	ps.lock.RLock()
 	defer ps.lock.RUnlock()
 	provider, found := ps.registry[providerName]

diff --git a/pkg/secrets/providers_test.go b/pkg/secrets/providers_test.go
@@ -13,20 +13,15 @@ import (
 type FakeSecretStore struct{}
 
 // Fake implementation of SecretStore.GetSecret.
-func (fss *FakeSecretStore) GetSecret(_ context.Context, _ string) ([]byte, error) {
+func (fss *FakeSecretStore) GetSecret(_ context.Context, _ secrets.ExternalSecretRef) ([]byte, error) {
 	return []byte("NOOP"), nil
 }
 
-// FakeSecretStoreProvider is the fake implementation of SecretStoreProvider.
-type FakeSecretStoreProvider struct{}
+// FakeSecretStoreFactory is the fake implementation of SecretStoreFactory.
+type FakeSecretStoreFactory struct{}
 
-// Fake implementation of SecretStoreProvider.Type.
-func (fsp *FakeSecretStoreProvider) Type() string {
-	return "fake"
-}
-
-// Fake implementation of SecretStoreProvider.NewSecretStore.
-func (fsp *FakeSecretStoreProvider) NewSecretStore(_ *secrets.SecretStoreSpec) (SecretStore, error) {
+// Fake implementation of SecretStoreFactory.NewSecretStore.
+func (fsf *FakeSecretStoreFactory) NewSecretStore(_ secrets.SecretStoreSpec) (SecretStore, error) {
 	return &FakeSecretStore{}, nil
 }
 
@@ -55,7 +50,7 @@ func TestRegister(t *testing.T) {
 	}
 
 	providers := NewProviders()
-	fsp := &FakeSecretStoreProvider{}
+	fsp := &FakeSecretStoreFactory{}
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
 			if tc.shouldPanic {