-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: implement owner reference for secrets (#43)
Signed-off-by: Ariel Septon <[email protected]> Co-authored-by: Ariel Septon <[email protected]>
- Loading branch information
1 parent
0cc8127
commit 0aa30d5
Showing
24 changed files
with
365 additions
and
124 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,28 @@ | ||
apiVersion: http.crossplane.io/v1alpha2 | ||
kind: DisposableRequest | ||
metadata: | ||
name: health-check | ||
name: send-notification | ||
spec: | ||
deletionPolicy: Orphan | ||
forProvider: | ||
# Injecting data from secrets is possible, simply use the following syntax: {{ name:namespace:key }} (supported for body and headers only) | ||
url: http://todo.default.svc.cluster.local/health-check | ||
url: http://flask-api.default.svc.cluster.local/v1/notify | ||
method: POST | ||
body: | | ||
{ | ||
"check_type": "simple", | ||
"additional_info": "optional", | ||
"password": "secretdata {{ password:crossplane-system:secretKey }}" | ||
"recipient": "[email protected]", | ||
"subject": "Alert", | ||
"message": "Your action is required immediately." | ||
} | ||
headers: | ||
User-Agent: | ||
- "Crossplane Health Checker" | ||
Content-Type: | ||
- application/json | ||
Authorization: | ||
- "Bearer {{ auth:default:token }}" | ||
insecureSkipTLSVerify: true | ||
|
||
# The 'expectedResponse' field is optional. If used, also set 'rollbackRetriesLimit', which determines the number of HTTP requests to be sent until the jq query returns true. | ||
# expectedResponse: '.body.job_status == "success"' | ||
expectedResponse: '.body.status == "sent"' | ||
rollbackRetriesLimit: 5 | ||
waitTimeout: 5m | ||
|
||
|
@@ -35,15 +35,19 @@ spec: | |
# Secrets receiving patches from response data | ||
secretInjectionConfigs: | ||
- secretRef: | ||
name: response-secret | ||
name: notification-response | ||
namespace: default | ||
secretKey: extracted-data | ||
responsePath: .body.reminder | ||
secretKey: notification-status | ||
responsePath: .body.status | ||
# setOwnerReference determines if the secret should be deleted when the associated resource is deleted. | ||
# When injecting multiple keys into the same secret, ensure this field is set consistently for all keys. | ||
setOwnerReference: true | ||
- secretRef: | ||
name: response-secret | ||
name: notification-response | ||
namespace: default | ||
secretKey: extracted-data-headers | ||
responsePath: .headers.Try[0] | ||
secretKey: notification-id | ||
responsePath: .body.id | ||
setOwnerReference: true | ||
providerConfigRef: | ||
name: http-conf | ||
# TODO: check if it's possible to modify the deletionPolicy to be orphan by default. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
apiVersion: http.crossplane.io/v1alpha2 | ||
kind: DisposableRequest | ||
metadata: | ||
name: obtain-jwt-token | ||
spec: | ||
deletionPolicy: Orphan | ||
forProvider: | ||
insecureSkipTLSVerify: true | ||
|
||
# Injecting data from secrets is possible, simply use the following syntax: {{ name:namespace:key }} (supported for body and headers only) | ||
headers: | ||
Authorization: | ||
- "Basic {{ basic-auth:crossplane-system:token }}" | ||
url: http://flask-api.default.svc.cluster.local/v1/login | ||
method: POST | ||
|
||
shouldLoopInfinitely: true | ||
nextReconcile: 72h # 3 days | ||
|
||
# waitTimeout: 5m | ||
|
||
# Indicates whether the reconciliation should loop indefinitely. If `rollbackRetriesLimit` is set and the request returns an error, it will stop reconciliation once the limit is reached. | ||
# shouldLoopInfinitely: true | ||
|
||
# Specifies the duration after which the next reconcile should occur. | ||
# nextReconcile: 3m | ||
|
||
# Secrets receiving patches from response data | ||
secretInjectionConfigs: | ||
- secretRef: | ||
name: obtained-token | ||
namespace: crossplane-system | ||
secretKey: token | ||
responsePath: .body.token | ||
# setOwnerReference determines if the secret should be deleted when the associated resource is deleted. | ||
# When injecting multiple keys into the same secret, ensure this field is set consistently for all keys. | ||
setOwnerReference: true | ||
providerConfigRef: | ||
name: http-conf | ||
# TODO: check if it's possible to modify the deletionPolicy to be orphan by default. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
apiVersion: http.crossplane.io/v1alpha2 | ||
kind: Request | ||
metadata: | ||
name: laundry | ||
name: manage-user | ||
spec: | ||
forProvider: | ||
# Injecting data from secrets is possible, simply use the following syntax: {{ name:namespace:key }} (supported for body and headers only) | ||
|
@@ -13,21 +13,22 @@ spec: | |
Authorization: | ||
- ("Bearer {{ auth:default:token }}") | ||
payload: | ||
baseUrl: http://todo.default.svc.cluster.local/todos | ||
baseUrl: http://flask-api.default.svc.cluster.local/v1/users | ||
body: | | ||
{ | ||
"name": "Do Laundry", | ||
"reminder": "Every 1 hour", | ||
"responsible": "Dan", | ||
"password": "secretdata {{ password:crossplane-system:secretKey }}" | ||
"username": "mock_user", | ||
"password": "secretdata {{ user-password:crossplane-system:password }}", | ||
"email": "[email protected]", | ||
"age": 30 | ||
} | ||
mappings: | ||
- method: "POST" | ||
body: | | ||
{ | ||
todo_name: .payload.body.name, | ||
reminder: .payload.body.reminder, | ||
responsible: .payload.body.responsible, | ||
username: .payload.body.username, | ||
email: .payload.body.email, | ||
age: .payload.body.age, | ||
password: .payload.body.password | ||
} | ||
url: .payload.baseUrl | ||
headers: | ||
|
@@ -42,9 +43,8 @@ spec: | |
- method: "PUT" | ||
body: | | ||
{ | ||
todo_name: .payload.body.name, | ||
reminder: .payload.body.reminder, | ||
responsible: .payload.body.responsible | ||
email: .payload.body.email, | ||
age: .payload.body.age | ||
} | ||
url: (.payload.baseUrl + "/" + (.response.body.id|tostring)) | ||
- method: "DELETE" | ||
|
@@ -55,12 +55,21 @@ spec: | |
- secretRef: | ||
name: response-secret | ||
namespace: default | ||
secretKey: extracted-data | ||
responsePath: .body.reminder | ||
secretKey: extracted-user-email | ||
responsePath: .body.email | ||
# setOwnerReference determines if the secret should be deleted when the associated resource is deleted. | ||
# When injecting multiple keys into the same secret, ensure this field is set consistently for all keys. | ||
setOwnerReference: true | ||
- secretRef: | ||
name: response-secret | ||
namespace: default | ||
secretKey: extracted-data-headers | ||
responsePath: .headers.Try[0] | ||
secretKey: extracted-header-data | ||
responsePath: .headers."X-Secret-Header"[0] | ||
setOwnerReference: true | ||
- secretRef: | ||
name: response-user-password | ||
namespace: default | ||
secretKey: extracted-user-password | ||
responsePath: .body.password | ||
providerConfigRef: | ||
name: http-conf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.