From 2f2a8e5b4fe42c13e0d05071cd089d8ebaf93d25 Mon Sep 17 00:00:00 2001 From: Sverre Boschman <1142569+sboschman@users.noreply.github.com> Date: Tue, 12 Jul 2022 14:51:02 +0200 Subject: [PATCH] Use Rancher Cloud Credential ID for GKE Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> --- apis/rancher2/v1alpha1/zz_cluster_types.go | 4 ++-- .../v1alpha1/zz_generated.deepcopy.go | 6 ++++- .../v1alpha1/zz_generated_terraformed.go | 2 +- config/cluster/config.go | 18 +++++++++++++++ config/provider.go | 3 +++ ...r2.rancher.jet.crossplane.io_clusters.yaml | 22 ++++--------------- 6 files changed, 33 insertions(+), 22 deletions(-) create mode 100644 config/cluster/config.go diff --git a/apis/rancher2/v1alpha1/zz_cluster_types.go b/apis/rancher2/v1alpha1/zz_cluster_types.go index f44a53f..59eaf6c 100755 --- a/apis/rancher2/v1alpha1/zz_cluster_types.go +++ b/apis/rancher2/v1alpha1/zz_cluster_types.go @@ -1516,9 +1516,9 @@ type GkeConfigV2Parameters struct { // +kubebuilder:validation:Optional EnableKubernetesAlpha *bool `json:"enableKubernetesAlpha,omitempty" tf:"enable_kubernetes_alpha,omitempty"` - // Google credential secret + // The GKE Cloud Credential ID to use // +kubebuilder:validation:Required - GoogleCredentialSecretSecretRef v1.SecretKeySelector `json:"googleCredentialSecretSecretRef" tf:"-"` + GoogleCredentialSecret *string `json:"googleCredentialSecret" tf:"google_credential_secret,omitempty"` // The GKE ip allocation policy // +kubebuilder:validation:Optional diff --git a/apis/rancher2/v1alpha1/zz_generated.deepcopy.go b/apis/rancher2/v1alpha1/zz_generated.deepcopy.go index 6d59c48..91b1e5a 100644 --- a/apis/rancher2/v1alpha1/zz_generated.deepcopy.go +++ b/apis/rancher2/v1alpha1/zz_generated.deepcopy.go @@ -4407,7 +4407,11 @@ func (in *GkeConfigV2Parameters) DeepCopyInto(out *GkeConfigV2Parameters) { *out = new(bool) **out = **in } - out.GoogleCredentialSecretSecretRef = in.GoogleCredentialSecretSecretRef + if in.GoogleCredentialSecret != nil { + in, out := &in.GoogleCredentialSecret, &out.GoogleCredentialSecret + *out = new(string) + **out = **in + } if in.IPAllocationPolicy != nil { in, out := &in.IPAllocationPolicy, &out.IPAllocationPolicy *out = make([]IPAllocationPolicyParameters, len(*in)) diff --git a/apis/rancher2/v1alpha1/zz_generated_terraformed.go b/apis/rancher2/v1alpha1/zz_generated_terraformed.go index 65cee65..98d4260 100755 --- a/apis/rancher2/v1alpha1/zz_generated_terraformed.go +++ b/apis/rancher2/v1alpha1/zz_generated_terraformed.go @@ -328,7 +328,7 @@ func (mg *Cluster) GetTerraformResourceType() string { // GetConnectionDetailsMapping for this Cluster func (tr *Cluster) GetConnectionDetailsMapping() map[string]string { - return map[string]string{"aks_config[*].aad_server_app_secret": "spec.forProvider.aksConfig[*].aadServerAppSecretSecretRef", "aks_config[*].aad_tenant_id": "spec.forProvider.aksConfig[*].aadTenantIdSecretRef", "aks_config[*].add_client_app_id": "spec.forProvider.aksConfig[*].addClientAppIdSecretRef", "aks_config[*].add_server_app_id": "spec.forProvider.aksConfig[*].addServerAppIdSecretRef", "aks_config[*].client_id": "spec.forProvider.aksConfig[*].clientIdSecretRef", "aks_config[*].client_secret": "spec.forProvider.aksConfig[*].clientSecretSecretRef", "ca_cert": "status.atProvider.caCert", "eks_config[*].access_key": "spec.forProvider.eksConfig[*].accessKeySecretRef", "eks_config[*].secret_key": "spec.forProvider.eksConfig[*].secretKeySecretRef", "eks_config[*].session_token": "spec.forProvider.eksConfig[*].sessionTokenSecretRef", "gke_config[*].credential": "spec.forProvider.gkeConfig[*].credentialSecretRef", "gke_config_v2[*].google_credential_secret": "spec.forProvider.gkeConfigV2[*].googleCredentialSecretSecretRef", "kube_config": "status.atProvider.kubeConfig", "oke_config[*].kms_key_id": "spec.forProvider.okeConfig[*].kmsKeyIdSecretRef", "oke_config[*].private_key_contents": "spec.forProvider.okeConfig[*].privateKeyContentsSecretRef", "oke_config[*].private_key_passphrase": "spec.forProvider.okeConfig[*].privateKeyPassphraseSecretRef", "rke_config[*].bastion_host[*].ssh_key": "spec.forProvider.rkeConfig[*].bastionHost[*].sshKeySecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].aad_client_cert_password": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].aadClientCertPasswordSecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].aad_client_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].aadClientIdSecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].aad_client_secret": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].aadClientSecretSecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].subscription_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].subscriptionIdSecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].tenant_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].tenantIdSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].domain_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].domainIdSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].password": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].passwordSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].tenant_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].tenantIdSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].trust_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].trustIdSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].username": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].usernameSecretRef", "rke_config[*].cloud_provider[*].vsphere_cloud_provider[*].global[*].password": "spec.forProvider.rkeConfig[*].cloudProvider[*].vsphereCloudProvider[*].global[*].passwordSecretRef", "rke_config[*].cloud_provider[*].vsphere_cloud_provider[*].global[*].user": "spec.forProvider.rkeConfig[*].cloudProvider[*].vsphereCloudProvider[*].global[*].userSecretRef", "rke_config[*].cloud_provider[*].vsphere_cloud_provider[*].virtual_center[*].password": "spec.forProvider.rkeConfig[*].cloudProvider[*].vsphereCloudProvider[*].virtualCenter[*].passwordSecretRef", "rke_config[*].cloud_provider[*].vsphere_cloud_provider[*].virtual_center[*].user": "spec.forProvider.rkeConfig[*].cloudProvider[*].vsphereCloudProvider[*].virtualCenter[*].userSecretRef", "rke_config[*].nodes[*].ssh_key": "spec.forProvider.rkeConfig[*].nodes[*].sshKeySecretRef", "rke_config[*].nodes[*].user": "spec.forProvider.rkeConfig[*].nodes[*].userSecretRef", "rke_config[*].private_registries[*].ecr_credential_plugin[*].aws_secret_access_key": "spec.forProvider.rkeConfig[*].privateRegistries[*].ecrCredentialPlugin[*].awsSecretAccessKeySecretRef", "rke_config[*].private_registries[*].ecr_credential_plugin[*].aws_session_token": "spec.forProvider.rkeConfig[*].privateRegistries[*].ecrCredentialPlugin[*].awsSessionTokenSecretRef", "rke_config[*].private_registries[*].password": "spec.forProvider.rkeConfig[*].privateRegistries[*].passwordSecretRef", "rke_config[*].private_registries[*].user": "spec.forProvider.rkeConfig[*].privateRegistries[*].userSecretRef", "rke_config[*].services[*].etcd[*].backup_config[*].s3_backup_config[*].access_key": "spec.forProvider.rkeConfig[*].services[*].etcd[*].backupConfig[*].s3BackupConfig[*].accessKeySecretRef", "rke_config[*].services[*].etcd[*].backup_config[*].s3_backup_config[*].secret_key": "spec.forProvider.rkeConfig[*].services[*].etcd[*].backupConfig[*].s3BackupConfig[*].secretKeySecretRef", "rke_config[*].services[*].etcd[*].cert": "spec.forProvider.rkeConfig[*].services[*].etcd[*].certSecretRef", "rke_config[*].services[*].etcd[*].key": "spec.forProvider.rkeConfig[*].services[*].etcd[*].keySecretRef"} + return map[string]string{"aks_config[*].aad_server_app_secret": "spec.forProvider.aksConfig[*].aadServerAppSecretSecretRef", "aks_config[*].aad_tenant_id": "spec.forProvider.aksConfig[*].aadTenantIdSecretRef", "aks_config[*].add_client_app_id": "spec.forProvider.aksConfig[*].addClientAppIdSecretRef", "aks_config[*].add_server_app_id": "spec.forProvider.aksConfig[*].addServerAppIdSecretRef", "aks_config[*].client_id": "spec.forProvider.aksConfig[*].clientIdSecretRef", "aks_config[*].client_secret": "spec.forProvider.aksConfig[*].clientSecretSecretRef", "ca_cert": "status.atProvider.caCert", "eks_config[*].access_key": "spec.forProvider.eksConfig[*].accessKeySecretRef", "eks_config[*].secret_key": "spec.forProvider.eksConfig[*].secretKeySecretRef", "eks_config[*].session_token": "spec.forProvider.eksConfig[*].sessionTokenSecretRef", "gke_config[*].credential": "spec.forProvider.gkeConfig[*].credentialSecretRef", "kube_config": "status.atProvider.kubeConfig", "oke_config[*].kms_key_id": "spec.forProvider.okeConfig[*].kmsKeyIdSecretRef", "oke_config[*].private_key_contents": "spec.forProvider.okeConfig[*].privateKeyContentsSecretRef", "oke_config[*].private_key_passphrase": "spec.forProvider.okeConfig[*].privateKeyPassphraseSecretRef", "rke_config[*].bastion_host[*].ssh_key": "spec.forProvider.rkeConfig[*].bastionHost[*].sshKeySecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].aad_client_cert_password": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].aadClientCertPasswordSecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].aad_client_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].aadClientIdSecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].aad_client_secret": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].aadClientSecretSecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].subscription_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].subscriptionIdSecretRef", "rke_config[*].cloud_provider[*].azure_cloud_provider[*].tenant_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].azureCloudProvider[*].tenantIdSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].domain_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].domainIdSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].password": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].passwordSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].tenant_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].tenantIdSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].trust_id": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].trustIdSecretRef", "rke_config[*].cloud_provider[*].openstack_cloud_provider[*].global[*].username": "spec.forProvider.rkeConfig[*].cloudProvider[*].openstackCloudProvider[*].global[*].usernameSecretRef", "rke_config[*].cloud_provider[*].vsphere_cloud_provider[*].global[*].password": "spec.forProvider.rkeConfig[*].cloudProvider[*].vsphereCloudProvider[*].global[*].passwordSecretRef", "rke_config[*].cloud_provider[*].vsphere_cloud_provider[*].global[*].user": "spec.forProvider.rkeConfig[*].cloudProvider[*].vsphereCloudProvider[*].global[*].userSecretRef", "rke_config[*].cloud_provider[*].vsphere_cloud_provider[*].virtual_center[*].password": "spec.forProvider.rkeConfig[*].cloudProvider[*].vsphereCloudProvider[*].virtualCenter[*].passwordSecretRef", "rke_config[*].cloud_provider[*].vsphere_cloud_provider[*].virtual_center[*].user": "spec.forProvider.rkeConfig[*].cloudProvider[*].vsphereCloudProvider[*].virtualCenter[*].userSecretRef", "rke_config[*].nodes[*].ssh_key": "spec.forProvider.rkeConfig[*].nodes[*].sshKeySecretRef", "rke_config[*].nodes[*].user": "spec.forProvider.rkeConfig[*].nodes[*].userSecretRef", "rke_config[*].private_registries[*].ecr_credential_plugin[*].aws_secret_access_key": "spec.forProvider.rkeConfig[*].privateRegistries[*].ecrCredentialPlugin[*].awsSecretAccessKeySecretRef", "rke_config[*].private_registries[*].ecr_credential_plugin[*].aws_session_token": "spec.forProvider.rkeConfig[*].privateRegistries[*].ecrCredentialPlugin[*].awsSessionTokenSecretRef", "rke_config[*].private_registries[*].password": "spec.forProvider.rkeConfig[*].privateRegistries[*].passwordSecretRef", "rke_config[*].private_registries[*].user": "spec.forProvider.rkeConfig[*].privateRegistries[*].userSecretRef", "rke_config[*].services[*].etcd[*].backup_config[*].s3_backup_config[*].access_key": "spec.forProvider.rkeConfig[*].services[*].etcd[*].backupConfig[*].s3BackupConfig[*].accessKeySecretRef", "rke_config[*].services[*].etcd[*].backup_config[*].s3_backup_config[*].secret_key": "spec.forProvider.rkeConfig[*].services[*].etcd[*].backupConfig[*].s3BackupConfig[*].secretKeySecretRef", "rke_config[*].services[*].etcd[*].cert": "spec.forProvider.rkeConfig[*].services[*].etcd[*].certSecretRef", "rke_config[*].services[*].etcd[*].key": "spec.forProvider.rkeConfig[*].services[*].etcd[*].keySecretRef"} } // GetObservation of this Cluster diff --git a/config/cluster/config.go b/config/cluster/config.go new file mode 100644 index 0000000..541cd48 --- /dev/null +++ b/config/cluster/config.go @@ -0,0 +1,18 @@ +package cluster + +import ( + tjconfig "github.com/crossplane/terrajet/pkg/config" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func Configure(p *tjconfig.Provider) { + p.AddResourceConfigurator("rancher2_cluster", func(r *tjconfig.Resource) { + if block, ok := r.TerraformResource.Schema["gke_config_v2"]; ok { + if attr, ok := block.Elem.(*schema.Resource).Schema["google_credential_secret"]; ok { + attr.Description = "The GKE Cloud Credential ID to use" + attr.Sensitive = false + } + } + }) +} diff --git a/config/provider.go b/config/provider.go index 6b6ff71..ba78b63 100644 --- a/config/provider.go +++ b/config/provider.go @@ -19,6 +19,8 @@ import ( tjconfig "github.com/crossplane/terrajet/pkg/config" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/crossplane-contrib/provider-jet-rancher/config/cluster" ) const ( @@ -46,6 +48,7 @@ func GetProvider() *tjconfig.Provider { for _, configure := range []func(provider *tjconfig.Provider){ // add custom config functions + cluster.Configure, } { configure(pc) } diff --git a/package/crds/rancher2.rancher.jet.crossplane.io_clusters.yaml b/package/crds/rancher2.rancher.jet.crossplane.io_clusters.yaml index 254170d..cd9edbb 100644 --- a/package/crds/rancher2.rancher.jet.crossplane.io_clusters.yaml +++ b/package/crds/rancher2.rancher.jet.crossplane.io_clusters.yaml @@ -1117,23 +1117,9 @@ spec: enableKubernetesAlpha: description: Enable Kubernetes alpha type: boolean - googleCredentialSecretSecretRef: - description: Google credential secret - properties: - key: - description: The key to select. - type: string - name: - description: Name of the secret. - type: string - namespace: - description: Namespace of the secret. - type: string - required: - - key - - name - - namespace - type: object + googleCredentialSecret: + description: The GKE Cloud Credential ID to use + type: string imported: description: Is GKE cluster imported? type: boolean @@ -1374,7 +1360,7 @@ spec: is empty type: string required: - - googleCredentialSecretSecretRef + - googleCredentialSecret - name - projectId type: object