Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: import the secrets register pkg in appconfig generator to regist supported secret providers #1142

Merged
merged 1 commit into from
Jun 5, 2024
Merged

fix: import the secrets register pkg in appconfig generator to regist supported secret providers #1142

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 3 additions & 3 deletions pkg/apis/api.kusion.io/v1/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ type Workspace struct {
Modules ModuleConfigs `yaml:"modules,omitempty" json:"modules,omitempty"`

// SecretStore represents a secure external location for storing secrets.
SecretStore *SecretStoreSpec `yaml:"secretStore,omitempty" json:"secretStore,omitempty"`
SecretStore *SecretStore `yaml:"secretStore,omitempty" json:"secretStore,omitempty"`

// Context contains workspace-level configurations, such as topologies, server endpoints, metadata, etc.
Context GenericConfig `yaml:"context,omitempty" json:"context,omitempty"`
Expand Down Expand Up @@ -700,8 +700,8 @@ type ExternalSecretRef struct {
Property string `yaml:"property,omitempty" json:"property,omitempty"`
}

// SecretStoreSpec contains configuration to describe target secret store.
type SecretStoreSpec struct {
// SecretStore contains configuration to describe target secret store.
type SecretStore struct {
Provider *ProviderSpec `yaml:"provider" json:"provider"`
}

Expand Down
3 changes: 3 additions & 0 deletions pkg/modules/generators/app_configurations_generator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ import (
"kusionstack.io/kusion/pkg/modules"
"kusionstack.io/kusion/pkg/modules/generators/workload"
"kusionstack.io/kusion/pkg/modules/proto"
// import the secrets register pkg to register supported secret providers
_ "kusionstack.io/kusion/pkg/secrets/providers/register"
jsonutil "kusionstack.io/kusion/pkg/util/json"
"kusionstack.io/kusion/pkg/workspace"
)
Expand Down Expand Up @@ -125,6 +127,7 @@ func (g *appConfigurationGenerator) Generate(spec *v1.Spec) error {
Namespace: namespace,
Workload: g.app.Workload,
PlatformConfigs: projectModuleConfigs,
SecretStoreSpec: g.ws.SecretStore,
}),
}
if err = modules.CallGenerators(spec, gfs...); err != nil {
Expand Down
26 changes: 13 additions & 13 deletions pkg/modules/generators/workload/secret/secret_generator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ import (
)

type secretGenerator struct {
project string
namespace string
secrets map[string]v1.Secret
secretStoreSpec *v1.SecretStoreSpec
project string
namespace string
secrets map[string]v1.Secret
secretStore *v1.SecretStore
}

type GeneratorRequest struct {
Expand All @@ -31,8 +31,8 @@ type GeneratorRequest struct {
Namespace string
// Workload represents the Workload configuration
Workload *v1.Workload
// SecretStoreSpec contains configuration to describe target secret store.
SecretStoreSpec *v1.SecretStoreSpec
// SecretStore contains configuration to describe target secret store.
SecretStore *v1.SecretStore
}

func NewSecretGenerator(request *GeneratorRequest) (modules.Generator, error) {
Expand All @@ -48,10 +48,10 @@ func NewSecretGenerator(request *GeneratorRequest) (modules.Generator, error) {
}

return &secretGenerator{
project: request.Project,
secrets: secretMap,
namespace: request.Namespace,
secretStoreSpec: request.SecretStoreSpec,
project: request.Project,
secrets: secretMap,
namespace: request.Namespace,
secretStore: request.SecretStore,
}, nil
}

Expand Down Expand Up @@ -156,7 +156,7 @@ func (g *secretGenerator) generateCertificate(secretName string, secretRef v1.Se
// generateSecretWithExternalProvider retrieves target sensitive information from external secret provider and
// generates corresponding Kubernetes Secret object.
func (g *secretGenerator) generateSecretWithExternalProvider(secretName string, secretRef v1.Secret) (*corev1.Secret, error) {
if g.secretStoreSpec == nil {
if g.secretStore == nil {
return nil, errors.New("secret store is missing, please add valid secret store spec in workspace")
}

Expand All @@ -170,12 +170,12 @@ func (g *secretGenerator) generateSecretWithExternalProvider(secretName string,
allErrs = append(allErrs, err)
continue
}
provider, exist := secrets.GetProvider(g.secretStoreSpec.Provider)
provider, exist := secrets.GetProvider(g.secretStore.Provider)
if !exist {
allErrs = append(allErrs, errors.New("no matched secret store found, please check workspace yaml"))
continue
}
secretStore, err := provider.NewSecretStore(*g.secretStoreSpec)
secretStore, err := provider.NewSecretStore(*g.secretStore)
if err != nil {
allErrs = append(allErrs, err)
continue
Expand Down
10 changes: 5 additions & 5 deletions pkg/modules/generators/workload/secret/secret_generator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ var testProject = "helloworld"
func initGeneratorRequest(
project string,
secrets map[string]v1.Secret,
secretStoreSpec *v1.SecretStoreSpec,
secretStoreSpec *v1.SecretStore,
) *GeneratorRequest {
return &GeneratorRequest{
Project: project,
Expand All @@ -27,13 +27,13 @@ func initGeneratorRequest(
},
},
},
Namespace: project,
SecretStoreSpec: secretStoreSpec,
Namespace: project,
SecretStore: secretStoreSpec,
}
}

func initSecretStoreSpec(data []v1.FakeProviderData) *v1.SecretStoreSpec {
return &v1.SecretStoreSpec{
func initSecretStoreSpec(data []v1.FakeProviderData) *v1.SecretStore {
return &v1.SecretStore{
Provider: &v1.ProviderSpec{
Fake: &v1.FakeProvider{
Data: data,
Expand Down
18 changes: 9 additions & 9 deletions pkg/modules/generators/workload/workload_generator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ type Generator struct {
// PlatformConfigs represents the module platform configurations
PlatformConfigs map[string]v1.GenericConfig
// SecretStoreSpec contains configuration to describe target secret store.
SecretStoreSpec *v1.SecretStoreSpec
SecretStoreSpec *v1.SecretStore
}

func NewWorkloadGeneratorFunc(g *Generator) modules.NewGeneratorFunc {
Expand Down Expand Up @@ -67,17 +67,17 @@ func (g *Generator) Generate(spec *v1.Spec) error {
switch g.Workload.Header.Type {
case v1.TypeService:
gfs = append(gfs, NewWorkloadServiceGeneratorFunc(g), secret.NewSecretGeneratorFunc(&secret.GeneratorRequest{
Project: g.Project,
Namespace: g.Namespace,
Workload: g.Workload,
SecretStoreSpec: g.SecretStoreSpec,
Project: g.Project,
Namespace: g.Namespace,
Workload: g.Workload,
SecretStore: g.SecretStoreSpec,
}))
case v1.TypeJob:
gfs = append(gfs, NewJobGeneratorFunc(g), secret.NewSecretGeneratorFunc(&secret.GeneratorRequest{
Project: g.Project,
Namespace: g.Namespace,
Workload: g.Workload,
SecretStoreSpec: g.SecretStoreSpec,
Project: g.Project,
Namespace: g.Namespace,
Workload: g.Workload,
SecretStore: g.SecretStoreSpec,
}))
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/secrets/interfaces.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type SecretStore interface {
// SecretStoreProvider is a factory type for secret store.
type SecretStoreProvider interface {
// NewSecretStore constructs a usable secret store with specific provider spec.
NewSecretStore(spec v1.SecretStoreSpec) (SecretStore, error)
NewSecretStore(spec v1.SecretStore) (SecretStore, error)
}

var NoSecretErr = NoSecretError{}
Expand Down
2 changes: 1 addition & 1 deletion pkg/secrets/providers/alicloud/secretsmanager/secretsmanager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ type smSecretStore struct {
}

// NewSecretStore constructs a Vault based secret store with specific secret store spec.
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStoreSpec) (secrets.SecretStore, error) {
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStore) (secrets.SecretStore, error) {
providerSpec := spec.Provider
if providerSpec == nil {
return nil, fmt.Errorf(errMissingProviderSpec)
Expand Down
8 changes: 4 additions & 4 deletions pkg/secrets/providers/alicloud/secretsmanager/secretsmanager_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,21 +114,21 @@ func TestGetSecret(t *testing.T) {

func TestNewSecretStore(t *testing.T) {
testCases := map[string]struct {
spec v1.SecretStoreSpec
spec v1.SecretStore
expectedErr error
}{
"InvalidSecretStoreSpec": {
spec: v1.SecretStoreSpec{},
spec: v1.SecretStore{},
expectedErr: errors.New(errMissingProviderSpec),
},
"InvalidProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{},
},
expectedErr: errors.New(errMissingAlicloudProvider),
},
"ValidVaultProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{
Alicloud: &v1.AlicloudProvider{
Region: "cn-beijing",
Expand Down
4 changes: 3 additions & 1 deletion pkg/secrets/providers/aws/secretsmanager/secretsmanager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ var _ secrets.SecretStore = &smSecretStore{}
type DefaultSecretStoreProvider struct{}

// NewSecretStore constructs a Vault based secret store with specific secret store spec.
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStoreSpec) (secrets.SecretStore, error) {
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStore) (secrets.SecretStore, error) {
providerSpec := spec.Provider
if providerSpec == nil {
return nil, fmt.Errorf(errMissingProviderSpec)
Expand Down Expand Up @@ -126,6 +126,8 @@ func (s *smSecretStore) convertSecretToGjson(secretValueOutput *secretsmanager.G
}

func init() {
fmt.Printf("init aws secret")

secrets.Register(&DefaultSecretStoreProvider{}, &v1.ProviderSpec{
AWS: &v1.AWSProvider{},
})
Expand Down
8 changes: 4 additions & 4 deletions pkg/secrets/providers/aws/secretsmanager/secretsmanager_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,21 +134,21 @@ func TestGetSecret(t *testing.T) {

func TestNewSecretStore(t *testing.T) {
testCases := map[string]struct {
spec v1.SecretStoreSpec
spec v1.SecretStore
expectedErr error
}{
"InvalidSecretStoreSpec": {
spec: v1.SecretStoreSpec{},
spec: v1.SecretStore{},
expectedErr: errors.New(errMissingProviderSpec),
},
"InvalidProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{},
},
expectedErr: errors.New(errMissingAWSProvider),
},
"ValidVaultProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{
AWS: &v1.AWSProvider{
Region: "us-east-1",
Expand Down
2 changes: 1 addition & 1 deletion pkg/secrets/providers/azure/keyvault/keyvault.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ var _ secrets.SecretStore = &kvSecretStore{}
type DefaultSecretStoreProvider struct{}

// NewSecretStore constructs an Azure KeyVault based secret store with specific secret store spec.
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStoreSpec) (secrets.SecretStore, error) {
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStore) (secrets.SecretStore, error) {
providerSpec := spec.Provider
if providerSpec == nil {
return nil, fmt.Errorf(errMissingProviderSpec)
Expand Down
12 changes: 6 additions & 6 deletions pkg/secrets/providers/azure/keyvault/keyvault_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,22 +100,22 @@ func TestGetSecret(t *testing.T) {

func TestNewSecretStore(t *testing.T) {
testCases := map[string]struct {
spec v1.SecretStoreSpec
spec v1.SecretStore
initEnv bool
expectedErr error
}{
"InvalidSecretStoreSpec": {
spec: v1.SecretStoreSpec{},
spec: v1.SecretStore{},
expectedErr: errors.New(errMissingProviderSpec),
},
"InvalidProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{},
},
expectedErr: errors.New(errMissingAzureProvider),
},
"InvalidAzureKVProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{
Azure: &v1.AzureKVProvider{
VaultURL: &fakeVaultURL,
Expand All @@ -125,7 +125,7 @@ func TestNewSecretStore(t *testing.T) {
expectedErr: errors.New(errMissingTenant),
},
"NoClientIDSecretEnvFound": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{
Azure: &v1.AzureKVProvider{
VaultURL: &fakeVaultURL,
Expand All @@ -136,7 +136,7 @@ func TestNewSecretStore(t *testing.T) {
expectedErr: errors.New(errMissingClientIDSecret),
},
"ValidVaultProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{
Azure: &v1.AzureKVProvider{
VaultURL: &fakeVaultURL,
Expand Down
2 changes: 1 addition & 1 deletion pkg/secrets/providers/fake/fake.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ var _ secrets.SecretStore = &fakeSecretStore{}
type DefaultSecretStoreProvider struct{}

// NewSecretStore constructs a fake secret store instance.
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStoreSpec) (secrets.SecretStore, error) {
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStore) (secrets.SecretStore, error) {
providerSpec := spec.Provider
if providerSpec == nil {
return nil, fmt.Errorf(errMissingProviderSpec)
Expand Down
12 changes: 6 additions & 6 deletions pkg/secrets/providers/fake/fake_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ func TestGetSecret(t *testing.T) {
}
for _, tt := range testCases {
t.Run(tt.name, func(t *testing.T) {
ss, _ := p.NewSecretStore(v1.SecretStoreSpec{
ss, _ := p.NewSecretStore(v1.SecretStore{
Provider: &v1.ProviderSpec{
Fake: &v1.FakeProvider{
Data: tt.input,
Expand All @@ -98,29 +98,29 @@ func TestGetSecret(t *testing.T) {

func TestNewSecretStore(t *testing.T) {
testCases := map[string]struct {
spec v1.SecretStoreSpec
spec v1.SecretStore
expectedErr error
}{
"InvalidSecretStoreSpec": {
spec: v1.SecretStoreSpec{},
spec: v1.SecretStore{},
expectedErr: errors.New(errMissingProviderSpec),
},
"InvalidProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{},
},
expectedErr: errors.New(errMissingFakeProvider),
},
"ValidFakeProviderSpec": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{
Fake: &v1.FakeProvider{},
},
},
expectedErr: nil,
},
"ValidFakeProviderSpec_WithData": {
spec: v1.SecretStoreSpec{
spec: v1.SecretStore{
Provider: &v1.ProviderSpec{
Fake: &v1.FakeProvider{
Data: []v1.FakeProviderData{
Expand Down
2 changes: 1 addition & 1 deletion pkg/secrets/providers/hashivault/vault.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ var _ secrets.SecretStore = &vaultSecretStore{}
type DefaultSecretStoreProvider struct{}

// NewSecretStore constructs a Vault based secret store with specific secret store spec.
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStoreSpec) (secrets.SecretStore, error) {
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStore) (secrets.SecretStore, error) {
providerSpec := spec.Provider
if providerSpec == nil || providerSpec.Vault == nil {
return nil, errors.New(errInvalidVaultSecretStore)
Expand Down